Tor  0.4.7.0-alpha-dev
hs_service.h
Go to the documentation of this file.
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_service.h
6  * \brief Header file containing service data for the HS subsystem.
7  **/
8 
9 #ifndef TOR_HS_SERVICE_H
10 #define TOR_HS_SERVICE_H
11 
15 
16 #include "feature/hs/hs_common.h"
18 #include "feature/hs/hs_ident.h"
21 
22 /* Trunnel */
23 #include "trunnel/hs/cell_establish_intro.h"
24 
25 #include "ext/ht.h"
26 
27 /** When loading and configuring a service, this is the default version it will
28  * be configured for as it is possible that no HiddenServiceVersion is
29  * present. */
30 #define HS_SERVICE_DEFAULT_VERSION HS_VERSION_THREE
31 
32 /** As described in the specification, service publishes their next descriptor
33  * at a random time between those two values (in seconds). */
34 #define HS_SERVICE_NEXT_UPLOAD_TIME_MIN (60 * 60)
35 /** Maximum interval for uploading next descriptor (in seconds). */
36 #define HS_SERVICE_NEXT_UPLOAD_TIME_MAX (120 * 60)
37 
38 /** Collected metrics for a specific service. */
39 typedef struct hs_service_metrics_t {
40  /** Store containing the metrics values. */
43 
44 /** Service side introduction point. */
45 typedef struct hs_service_intro_point_t {
46  /** Top level intropoint "shared" data between client/service. */
48 
49  /** Onion key of the introduction point used to extend to it for the ntor
50  * handshake. */
52 
53  /** Authentication keypair used to create the authentication certificate
54  * which is published in the descriptor. */
56 
57  /** Encryption keypair for the "ntor" type. */
59 
60  /** Legacy key if that intro point doesn't support v3. This should be used if
61  * the base object legacy flag is set. */
63  /** Legacy key SHA1 public key digest. This should be used only if the base
64  * object legacy flag is set. */
66 
67  /** Amount of INTRODUCE2 cell accepted from this intro point. */
68  uint64_t introduce2_count;
69 
70  /** Maximum number of INTRODUCE2 cell this intro point should accept. */
71  uint64_t introduce2_max;
72 
73  /** The time at which this intro point should expire and stop being used. */
75 
76  /** The amount of circuit creation we've made to this intro point. This is
77  * incremented every time we do a circuit relaunch on this intro point which
78  * is triggered when the circuit dies but the node is still in the
79  * consensus. After MAX_INTRO_POINT_CIRCUIT_RETRIES, we give up on it. */
80  uint32_t circuit_retries;
81 
82  /** Replay cache recording the encrypted part of an INTRODUCE2 cell that the
83  * circuit associated with this intro point has received. This is used to
84  * prevent replay attacks. */
85  replaycache_t *replay_cache;
86 
87  /** Support the INTRO2 DoS defense. If set, the DoS extension described by
88  * proposal 305 is sent. */
89  unsigned int support_intro2_dos_defense : 1;
91 
92 /** Object handling introduction points of a service. */
93 typedef struct hs_service_intropoints_t {
94  /** The time at which we've started our retry period to build circuits. We
95  * don't want to stress circuit creation so we can only retry for a certain
96  * time and then after we stop and wait. */
98 
99  /** Number of circuit we've launched during a single retry period. */
100  unsigned int num_circuits_launched;
101 
102  /** Contains the current hs_service_intro_point_t objects indexed by
103  * authentication public key. */
104  digest256map_t *map;
105 
106  /** Contains node's identity key digest that were introduction point for this
107  * descriptor but were retried to many times. We keep those so we avoid
108  * re-picking them over and over for a circuit retry period.
109  * XXX: Once we have #22173, change this to only use ed25519 identity. */
110  digestmap_t *failed_id;
112 
113 /** Representation of a service descriptor.
114  *
115  * Some elements of the descriptor are mutable whereas others are immutable:
116  *
117  * Immutable elements are initialized once when the descriptor is built (when
118  * service descriptors gets rotated). This means that these elements are
119  * initialized once and then they don't change for the lifetime of the
120  * descriptor. See build_service_descriptor().
121  *
122  * Mutable elements are initialized when we build the descriptor but they are
123  * also altered during the lifetime of the descriptor. They could be
124  * _refreshed_ every time we upload the descriptor (which happens multiple
125  * times over the lifetime of the descriptor), or through periodic events. We
126  * do this for elements like the descriptor revision counter and various
127  * certificates. See refresh_service_descriptor() and
128  * update_service_descriptor_intro_points().
129  */
130 typedef struct hs_service_descriptor_t {
131  /** Immutable: Client authorization ephemeral keypair. */
133 
134  /** Immutable: Descriptor cookie used to encrypt the descriptor, when the
135  * client authorization is enabled */
136  uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
137 
138  /** Immutable: Descriptor signing keypair. */
140 
141  /** Immutable: Blinded keypair derived from the master identity public
142  * key. */
144 
145  /** Immutable: The time period number this descriptor has been created
146  * for. */
147  uint64_t time_period_num;
148 
149  /** Immutable: The OPE cipher for encrypting revision counters for this
150  * descriptor. Tied to the descriptor blinded key. */
152 
153  /** Mutable: Decoded descriptor. This object is used for encoding when the
154  * service publishes the descriptor. */
156 
157  /** Mutable: When is the next time when we should upload the descriptor. */
159 
160  /** Mutable: Introduction points assign to this descriptor which contains
161  * hs_service_intropoints_t object indexed by authentication key (the RSA key
162  * if the node is legacy). */
164 
165  /** Mutable: True iff we have missing intro points for this descriptor
166  * because we couldn't pick any nodes. */
167  unsigned int missing_intro_points : 1;
168 
169  /** Mutable: List of the responsible HSDirs (their b64ed identity digest)
170  * last time we uploaded this descriptor. If the set of responsible HSDirs
171  * is different from this list, this means we received new dirinfo and we
172  * need to reupload our descriptor. */
175 
176 /** Service key material. */
177 typedef struct hs_service_keys_t {
178  /** Master identify public key. */
180  /** Master identity private key. */
182  /** True iff the key is kept offline which means the identity_sk MUST not be
183  * used in that case. */
184  unsigned int is_identify_key_offline : 1;
186 
187 /** Service side configuration of client authorization. */
189  /** The client auth public key used to encrypt the descriptor cookie. */
192 
193 /** Which protocol to use for exporting HS client circuit ID. */
194 typedef enum {
195  /** Don't expose the circuit id. */
197 
198  /** Use the HAProxy proxy protocol. */
201 
202 /** Service configuration. The following are set from the torrc options either
203  * set by the configuration file or by the control port. Nothing else should
204  * change those values. */
205 typedef struct hs_service_config_t {
206  /** Protocol version of the service. Specified by HiddenServiceVersion
207  * option. */
208  uint32_t version;
209 
210  /** Have we explicitly set HiddenServiceVersion? */
211  unsigned int hs_version_explicitly_set : 1;
212 
213  /** List of hs_port_config_t */
215 
216  /** Path on the filesystem where the service persistent data is stored. NULL
217  * if the service is ephemeral. Specified by HiddenServiceDir option. */
219 
220  /** The maximum number of simultaneous streams per rendezvous circuit that
221  * are allowed to be created. No limit if 0. Specified by
222  * HiddenServiceMaxStreams option. */
224 
225  /** If true, we close circuits that exceed the max_streams_per_rdv_circuit
226  * limit. Specified by HiddenServiceMaxStreamsCloseCircuit option. */
227  unsigned int max_streams_close_circuit : 1;
228 
229  /** How many introduction points this service has. Specified by
230  * HiddenServiceNumIntroductionPoints option. */
231  unsigned int num_intro_points;
232 
233  /** List of hs_service_authorized_client_t's of clients that may access this
234  * service. Specified by HiddenServiceAuthorizeClient option. */
236 
237  /** True iff we allow request made on unknown ports. Specified by
238  * HiddenServiceAllowUnknownPorts option. */
239  unsigned int allow_unknown_ports : 1;
240 
241  /** If true, this service is a Single Onion Service. Specified by
242  * HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode options. */
243  unsigned int is_single_onion : 1;
244 
245  /** If true, allow group read permissions on the directory_path. Specified by
246  * HiddenServiceDirGroupReadable option. */
247  unsigned int dir_group_readable : 1;
248 
249  /** Is this service ephemeral? */
250  unsigned int is_ephemeral : 1;
251 
252  /** Does this service export the circuit ID of its clients? */
254 
255  /** DoS defenses. For the ESTABLISH_INTRO cell extension. */
256  unsigned int has_dos_defense_enabled : 1;
257  uint32_t intro_dos_rate_per_sec;
258  uint32_t intro_dos_burst_per_sec;
259 
260  /** If set, contains the Onion Balance master ed25519 public key (taken from
261  * an .onion addresses) that this tor instance serves as backend. */
264 
265 /** Service state. */
266 typedef struct hs_service_state_t {
267  /** The time at which we've started our retry period to build circuits. We
268  * don't want to stress circuit creation so we can only retry for a certain
269  * time and then after we stop and wait. */
271 
272  /** Number of circuit we've launched during a single retry period. This
273  * should never go over MAX_INTRO_CIRCS_PER_PERIOD. */
275 
276  /** Replay cache tracking the REND_COOKIE found in INTRODUCE2 cell to detect
277  * repeats. Clients may send INTRODUCE1 cells for the same rendezvous point
278  * through two or more different introduction points; when they do, this
279  * keeps us from launching multiple simultaneous attempts to connect to the
280  * same rend point. */
281  replaycache_t *replay_cache_rend_cookie;
282 
283  /** When is the next time we should rotate our descriptors. This is has to be
284  * done at the start time of the next SRV protocol run. */
286 
287  /* If this is an onionbalance instance, this is an array of subcredentials
288  * that should be used when decrypting an INTRO2 cell. If this is not an
289  * onionbalance instance, this is NULL.
290  * See [ONIONBALANCE] section in rend-spec-v3.txt for more details . */
291  hs_subcredential_t *ob_subcreds;
292  /* Number of OB subcredentials */
293  size_t n_ob_subcreds;
295 
296 /** Representation of a service running on this tor instance. */
297 typedef struct hs_service_t {
298  /** Onion address base32 encoded and NUL terminated. We keep it for logging
299  * purposes so we don't have to build it every time. */
301 
302  /** Hashtable node: use to look up the service by its master public identity
303  * key in the service global map. */
304  HT_ENTRY(hs_service_t) hs_service_node;
305 
306  /** Service state which contains various flags and counters. */
308 
309  /** Key material of the service. */
311 
312  /** Configuration of the service. */
314 
315  /** Current descriptor. */
317  /** Next descriptor. */
319 
320  /** Metrics. */
322 } hs_service_t;
323 
324 /** For the service global hash map, we define a specific type for it which
325  * will make it safe to use and specific to some controlled parameters such as
326  * the hashing function and how to compare services. */
327 typedef HT_HEAD(hs_service_ht, hs_service_t) hs_service_ht;
328 
329 /* API */
330 
331 /* Global initializer and cleanup function. */
332 void hs_service_init(void);
333 void hs_service_free_all(void);
334 
335 /* Service new/free functions. */
336 hs_service_t *hs_service_new(const or_options_t *options);
337 void hs_service_free_(hs_service_t *service);
338 /**
339  * @copydoc hs_service_free_
340  *
341  * Additionally, set the pointer <b>s</b> to NULL.
342  **/
343 #define hs_service_free(s) FREE_AND_NULL(hs_service_t, hs_service_free_, (s))
344 
346 MOCK_DECL(unsigned int, hs_service_get_num_services,(void));
347 void hs_service_stage_services(const smartlist_t *service_list);
348 int hs_service_load_all_keys(void);
351  smartlist_t *dir_list);
353  edge_connection_t *conn);
355 
356 void hs_service_map_has_changed(void);
357 void hs_service_dir_info_changed(void);
358 void hs_service_run_scheduled_events(time_t now);
361  const uint8_t *payload,
362  size_t payload_len);
364  const uint8_t *payload,
365  size_t payload_len);
366 
368 
371  int max_streams_per_rdv_circuit,
372  int max_streams_close_circuit,
373  smartlist_t *auth_clients_v3, char **address_out);
374 int hs_service_del_ephemeral(const char *address);
375 
376 /* Used outside of the HS subsystem by the control port command HSPOST. */
377 void hs_service_upload_desc_to_dir(const char *encoded_desc,
378  const uint8_t version,
379  const ed25519_public_key_t *identity_pk,
380  const ed25519_public_key_t *blinded_pk,
381  const routerstatus_t *hsdir_rs);
382 
385 
386 void hs_service_dump_stats(int severity);
388 
390 parse_authorized_client_key(const char *key_str, int severity);
391 
392 void
394 #define service_authorized_client_free(c) \
395  FREE_AND_NULL(hs_service_authorized_client_t, \
396  service_authorized_client_free_, (c))
397 
398 /* Config options. */
399 int hs_service_allow_non_anonymous_connection(const or_options_t *options);
400 int hs_service_non_anonymous_mode_enabled(const or_options_t *options);
401 int hs_service_reveal_startup_time(const or_options_t *options);
402 
403 #ifdef HS_SERVICE_PRIVATE
404 
405 #ifdef TOR_UNIT_TESTS
406 /* Useful getters for unit tests. */
407 STATIC unsigned int get_hs_service_map_size(void);
408 STATIC int get_hs_service_staging_list_size(void);
409 STATIC hs_service_ht *get_hs_service_map(void);
410 STATIC hs_service_t *get_first_service(void);
411 STATIC hs_service_intro_point_t *service_intro_point_find_by_ident(
412  const hs_service_t *service,
413  const hs_ident_circuit_t *ident);
414 
416  (const hs_service_descriptor_t *desc));
417 #endif /* defined(TOR_UNIT_TESTS) */
418 
419 /* Service accessors. */
420 STATIC hs_service_t *find_service(hs_service_ht *map,
421  const ed25519_public_key_t *pk);
422 STATIC void remove_service(hs_service_ht *map, hs_service_t *service);
423 STATIC int register_service(hs_service_ht *map, hs_service_t *service);
424 /* Service introduction point functions. */
427 #define service_intro_point_free(ip) \
428  FREE_AND_NULL(hs_service_intro_point_t, \
429  service_intro_point_free_, (ip))
430 STATIC void service_intro_point_add(digest256map_t *map,
433  const hs_service_intro_point_t *ip);
435  const hs_service_t *service,
436  const ed25519_public_key_t *auth_key);
437 /* Service descriptor functions. */
440  const hs_service_t *service,
441  const hs_service_intro_point_t *ip);
442 /* Helper functions. */
443 STATIC int client_filename_is_valid(const char *filename);
445 parse_authorized_client(const char *client_key_str);
447  hs_service_t **service,
449  hs_service_descriptor_t **desc);
450 STATIC const node_t *
453  time_t now);
455  time_t now);
456 STATIC void run_housekeeping_event(time_t now);
457 STATIC void rotate_all_descriptors(time_t now);
458 STATIC void build_all_descriptors(time_t now);
460 STATIC void run_upload_descriptor_event(time_t now);
461 
463 #define service_descriptor_free(d) \
464  FREE_AND_NULL(hs_service_descriptor_t, \
465  service_descriptor_free_, (d))
466 
467 STATIC int
468 write_address_to_file(const hs_service_t *service, const char *fname_);
469 
470 STATIC void upload_descriptor_to_all(const hs_service_t *service,
472 
474  time_t now,
475  int descriptor_changed);
476 
478  const hs_service_descriptor_t *desc);
479 
481  const hs_service_config_t *config1,
482  const hs_service_config_t *config2);
483 
485 
486 #endif /* defined(HS_SERVICE_PRIVATE) */
487 
488 #endif /* !defined(TOR_HS_SERVICE_H) */
Header for crypto_curve25519.c.
Header for crypto_ed25519.c.
#define DIGEST_LEN
Definition: digest_sizes.h:20
Header file containing common data for the whole HS subsystem.
hs_service_add_ephemeral_status_t
Definition: hs_common.h:139
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:80
Header file for hs_descriptor.c.
Header file containing circuit and connection identifier data for the whole HS subsystem.
Header file for hs_intropoint.c.
STATIC void service_clear_config(hs_service_config_t *config)
Definition: hs_service.c:270
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:3003
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
Definition: hs_service.c:1421
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:679
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
Definition: hs_service.c:2299
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:551
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
Definition: hs_service.c:177
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:191
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
Definition: hs_service.c:569
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
Definition: hs_service.c:463
STATIC void run_upload_descriptor_event(time_t now)
Definition: hs_service.c:3279
STATIC void build_all_descriptors(time_t now)
Definition: hs_service.c:2098
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
Definition: hs_service.c:626
STATIC int client_filename_is_valid(const char *filename)
Definition: hs_service.c:1110
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
Definition: hs_service.c:433
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:600
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
Definition: hs_service.c:726
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2372
STATIC void rotate_all_descriptors(time_t now)
Definition: hs_service.c:2607
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
Definition: hs_service.c:2792
STATIC void update_all_descriptors_intro_points(time_t now)
Definition: hs_service.c:2358
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Definition: hs_service.c:1364
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
Definition: hs_service.c:1176
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:219
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
Definition: hs_service.c:1343
STATIC void run_housekeeping_event(time_t now)
Definition: hs_service.c:2637
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
Definition: hs_service.c:536
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
Definition: hs_service.c:993
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:3060
smartlist_t * hs_service_get_metrics_stores(void)
Definition: hs_service.c:4264
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, smartlist_t *auth_clients_v3, char **address_out)
Definition: hs_service.c:3752
void hs_service_stage_services(const smartlist_t *service_list)
Definition: hs_service.c:4249
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_service.c:3660
void hs_service_init(void)
Definition: hs_service.c:4370
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:4066
hs_service_t * hs_service_find(const ed25519_public_key_t *ident_pk)
Definition: hs_service.c:4280
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
Definition: hs_service.c:3894
hs_service_authorized_client_t * parse_authorized_client_key(const char *key_str, int severity)
Definition: hs_service.c:1133
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
Definition: hs_service.c:4028
void hs_service_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:4127
unsigned int hs_service_get_num_services(void)
Definition: hs_service.c:3918
void service_authorized_client_free_(hs_service_authorized_client_t *client)
Definition: hs_service.c:1332
hs_circuit_id_protocol_t
Definition: hs_service.h:194
@ HS_CIRCUIT_ID_PROTOCOL_NONE
Definition: hs_service.h:196
@ HS_CIRCUIT_ID_PROTOCOL_HAPROXY
Definition: hs_service.h:199
typedef HT_HEAD(hs_service_ht, hs_service_t) hs_service_ht
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:4014
void hs_service_free_all(void)
Definition: hs_service.c:4384
hs_service_t * hs_service_new(const or_options_t *options)
Definition: hs_service.c:4294
void hs_service_dir_info_changed(void)
Definition: hs_service.c:4051
void hs_service_free_(hs_service_t *service)
Definition: hs_service.c:4312
int hs_service_del_ephemeral(const char *address)
Definition: hs_service.c:3843
int hs_service_get_version_from_key(const hs_service_t *service)
Definition: hs_service.c:4151
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:4095
void hs_service_run_scheduled_events(time_t now)
Definition: hs_service.c:4349
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
Definition: hs_service.c:3703
void hs_service_map_has_changed(void)
Definition: hs_service.c:3686
void hs_service_dump_stats(int severity)
Definition: hs_service.c:4205
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
Definition: hs_service.c:3934
int hs_service_load_all_keys(void)
Definition: hs_service.c:4175
Header for lib/metrics/metrics_store.c.
Header file for replaycache.c.
curve25519_public_key_t client_pk
Definition: hs_service.h:190
smartlist_t * ob_master_pubkeys
Definition: hs_service.h:262
hs_circuit_id_protocol_t circuit_id_protocol
Definition: hs_service.h:253
uint64_t max_streams_per_rdv_circuit
Definition: hs_service.h:223
unsigned int is_single_onion
Definition: hs_service.h:243
smartlist_t * ports
Definition: hs_service.h:214
unsigned int dir_group_readable
Definition: hs_service.h:247
unsigned int hs_version_explicitly_set
Definition: hs_service.h:211
smartlist_t * clients
Definition: hs_service.h:235
unsigned int max_streams_close_circuit
Definition: hs_service.h:227
unsigned int is_ephemeral
Definition: hs_service.h:250
unsigned int has_dos_defense_enabled
Definition: hs_service.h:256
unsigned int num_intro_points
Definition: hs_service.h:231
unsigned int allow_unknown_ports
Definition: hs_service.h:239
curve25519_keypair_t auth_ephemeral_kp
Definition: hs_service.h:132
smartlist_t * previous_hsdirs
Definition: hs_service.h:173
unsigned int missing_intro_points
Definition: hs_service.h:167
ed25519_keypair_t signing_kp
Definition: hs_service.h:139
struct crypto_ope_t * ope_cipher
Definition: hs_service.h:151
hs_descriptor_t * desc
Definition: hs_service.h:155
ed25519_keypair_t blinded_kp
Definition: hs_service.h:143
uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN]
Definition: hs_service.h:136
hs_service_intropoints_t intro_points
Definition: hs_service.h:163
unsigned int support_intro2_dos_defense
Definition: hs_service.h:89
ed25519_keypair_t auth_key_kp
Definition: hs_service.h:55
hs_intropoint_t base
Definition: hs_service.h:47
replaycache_t * replay_cache
Definition: hs_service.h:85
curve25519_public_key_t onion_key
Definition: hs_service.h:51
curve25519_keypair_t enc_key_kp
Definition: hs_service.h:58
uint8_t legacy_key_digest[DIGEST_LEN]
Definition: hs_service.h:65
crypto_pk_t * legacy_key
Definition: hs_service.h:62
unsigned int num_circuits_launched
Definition: hs_service.h:100
digest256map_t * map
Definition: hs_service.h:104
digestmap_t * failed_id
Definition: hs_service.h:110
unsigned int is_identify_key_offline
Definition: hs_service.h:184
ed25519_secret_key_t identity_sk
Definition: hs_service.h:181
ed25519_public_key_t identity_pk
Definition: hs_service.h:179
metrics_store_t * store
Definition: hs_service.h:41
time_t next_rotation_time
Definition: hs_service.h:285
replaycache_t * replay_cache_rend_cookie
Definition: hs_service.h:281
time_t intro_circ_retry_started_time
Definition: hs_service.h:270
unsigned int num_intro_circ_launched
Definition: hs_service.h:274
hs_service_descriptor_t * desc_current
Definition: hs_service.h:316
hs_service_state_t state
Definition: hs_service.h:307
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_service.h:300
hs_service_config_t config
Definition: hs_service.h:313
HT_ENTRY(hs_service_t) hs_service_node
hs_service_descriptor_t * desc_next
Definition: hs_service.h:318
hs_service_keys_t keys
Definition: hs_service.h:310
hs_service_metrics_t metrics
Definition: hs_service.h:321
Definition: node_st.h:34
#define STATIC
Definition: testsupport.h:32
#define MOCK_DECL(rv, funcname, arglist)
Definition: testsupport.h:127