tor  0.4.0.1-alpha
rendclient.c
Go to the documentation of this file.
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2  * Copyright (c) 2007-2019, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4 
10 #include "core/or/or.h"
11 #include "app/config/config.h"
13 #include "core/mainloop/mainloop.h"
14 #include "core/or/circuitbuild.h"
15 #include "core/or/circuitlist.h"
16 #include "core/or/circuituse.h"
18 #include "core/or/relay.h"
19 #include "feature/client/circpathbias.h"
23 #include "feature/hs/hs_circuit.h"
24 #include "feature/hs/hs_client.h"
25 #include "feature/hs/hs_common.h"
30 #include "feature/nodelist/routerset.h"
33 #include "feature/stats/rephist.h"
37 #include "lib/encoding/confline.h"
38 
39 #include "core/or/cpath_build_state_st.h"
40 #include "core/or/crypt_path_st.h"
41 #include "feature/dircommon/dir_connection_st.h"
42 #include "core/or/entry_connection_st.h"
43 #include "core/or/extend_info_st.h"
44 #include "core/or/origin_circuit_st.h"
45 #include "feature/rend/rend_intro_point_st.h"
46 #include "feature/rend/rend_service_descriptor_st.h"
47 #include "feature/nodelist/routerstatus_st.h"
48 
50  const rend_cache_entry_t *rend_query,
51  const int strict, const int warnings);
52 
55 void
57 {
62 }
63 
66 void
68 {
70  tor_assert(circ->cpath);
71 
72  log_info(LD_REND,"introcirc is open");
74 }
75 
79 static int
81 {
83  tor_assert(circ->rend_data);
84  log_info(LD_REND, "Sending an ESTABLISH_RENDEZVOUS cell");
85 
86  crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN);
87 
88  /* Set timestamp_dirty, because circuit_expire_building expects it,
89  * and the rend cookie also means we've used the circ. */
90  circ->base_.timestamp_dirty = time(NULL);
91 
92  /* We've attempted to use this circuit. Probe it if we fail */
94 
95  if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
96  RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
97  circ->rend_data->rend_cookie,
99  circ->cpath->prev)<0) {
100  /* circ is already marked for close */
101  log_warn(LD_GENERAL, "Couldn't send ESTABLISH_RENDEZVOUS cell");
102  return -1;
103  }
104 
105  return 0;
106 }
107 
111 int
113  origin_circuit_t *rendcirc)
114 {
115  const or_options_t *options = get_options();
116  size_t payload_len;
117  int r, v3_shift = 0;
118  char payload[RELAY_PAYLOAD_SIZE];
119  char tmp[RELAY_PAYLOAD_SIZE];
120  rend_cache_entry_t *entry = NULL;
121  crypt_path_t *cpath;
122  off_t dh_offset;
123  crypto_pk_t *intro_key = NULL;
124  int status = 0;
125  const char *onion_address;
126 
127  tor_assert(introcirc->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
128  tor_assert(rendcirc->base_.purpose == CIRCUIT_PURPOSE_C_REND_READY);
129  tor_assert(introcirc->rend_data);
130  tor_assert(rendcirc->rend_data);
131  tor_assert(!rend_cmp_service_ids(rend_data_get_address(introcirc->rend_data),
132  rend_data_get_address(rendcirc->rend_data)));
133  assert_circ_anonymity_ok(introcirc, options);
134  assert_circ_anonymity_ok(rendcirc, options);
135  onion_address = rend_data_get_address(introcirc->rend_data);
136 
137  r = rend_cache_lookup_entry(onion_address, -1, &entry);
138  /* An invalid onion address is not possible else we have a big issue. */
139  tor_assert(r != -EINVAL);
140  if (r < 0 || !rend_client_any_intro_points_usable(entry)) {
141  /* If the descriptor is not found or the intro points are not usable
142  * anymore, trigger a fetch. */
143  log_info(LD_REND,
144  "query %s didn't have valid rend desc in cache. "
145  "Refetching descriptor.",
146  safe_str_client(onion_address));
148  {
149  connection_t *conn;
150 
152  AP_CONN_STATE_CIRCUIT_WAIT, onion_address))) {
153  connection_ap_mark_as_waiting_for_renddesc(TO_ENTRY_CONN(conn));
154  }
155  }
156 
157  status = -1;
158  goto cleanup;
159  }
160 
161  /* first 20 bytes of payload are the hash of the service's pk */
162  intro_key = NULL;
164  intro, {
165  if (tor_memeq(introcirc->build_state->chosen_exit->identity_digest,
166  intro->extend_info->identity_digest, DIGEST_LEN)) {
167  intro_key = intro->intro_key;
168  break;
169  }
170  });
171  if (!intro_key) {
172  log_info(LD_REND, "Could not find intro key for %s at %s; we "
173  "have a v2 rend desc with %d intro points. "
174  "Trying a different intro point...",
175  safe_str_client(onion_address),
177  introcirc->build_state->chosen_exit)),
178  smartlist_len(entry->parsed->intro_nodes));
179 
180  if (hs_client_reextend_intro_circuit(introcirc)) {
181  status = -2;
182  goto perm_err;
183  } else {
184  status = -1;
185  goto cleanup;
186  }
187  }
188  if (crypto_pk_get_digest(intro_key, payload)<0) {
189  log_warn(LD_BUG, "Internal error: couldn't hash public key.");
190  status = -2;
191  goto perm_err;
192  }
193 
194  /* Initialize the pending_final_cpath and start the DH handshake. */
195  cpath = rendcirc->build_state->pending_final_cpath;
196  if (!cpath) {
197  cpath = rendcirc->build_state->pending_final_cpath =
198  tor_malloc_zero(sizeof(crypt_path_t));
199  cpath->magic = CRYPT_PATH_MAGIC;
200  if (!(cpath->rend_dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) {
201  log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
202  status = -2;
203  goto perm_err;
204  }
205  if (crypto_dh_generate_public(cpath->rend_dh_handshake_state)<0) {
206  log_warn(LD_BUG, "Internal error: couldn't generate g^x.");
207  status = -2;
208  goto perm_err;
209  }
210  }
211 
212  /* If version is 3, write (optional) auth data and timestamp. */
213  if (entry->parsed->protocols & (1<<3)) {
214  tmp[0] = 3; /* version 3 of the cell format */
215  /* auth type, if any */
216  tmp[1] = (uint8_t) TO_REND_DATA_V2(introcirc->rend_data)->auth_type;
217  v3_shift = 1;
218  if (tmp[1] != REND_NO_AUTH) {
219  set_uint16(tmp+2, htons(REND_DESC_COOKIE_LEN));
220  memcpy(tmp+4, TO_REND_DATA_V2(introcirc->rend_data)->descriptor_cookie,
222  v3_shift += 2+REND_DESC_COOKIE_LEN;
223  }
224  /* Once this held a timestamp. */
225  set_uint32(tmp+v3_shift+1, 0);
226  v3_shift += 4;
227  } /* if version 2 only write version number */
228  else if (entry->parsed->protocols & (1<<2)) {
229  tmp[0] = 2; /* version 2 of the cell format */
230  }
231 
232  /* write the remaining items into tmp */
233  if (entry->parsed->protocols & (1<<3) || entry->parsed->protocols & (1<<2)) {
234  /* version 2 format */
235  extend_info_t *extend_info = rendcirc->build_state->chosen_exit;
236  int klen;
237  /* nul pads */
238  set_uint32(tmp+v3_shift+1, tor_addr_to_ipv4n(&extend_info->addr));
239  set_uint16(tmp+v3_shift+5, htons(extend_info->port));
240  memcpy(tmp+v3_shift+7, extend_info->identity_digest, DIGEST_LEN);
241  klen = crypto_pk_asn1_encode(extend_info->onion_key,
242  tmp+v3_shift+7+DIGEST_LEN+2,
243  sizeof(tmp)-(v3_shift+7+DIGEST_LEN+2));
244  if (klen < 0) {
245  log_warn(LD_BUG,"Internal error: can't encode public key.");
246  status = -2;
247  goto perm_err;
248  }
249  set_uint16(tmp+v3_shift+7+DIGEST_LEN, htons(klen));
250  memcpy(tmp+v3_shift+7+DIGEST_LEN+2+klen, rendcirc->rend_data->rend_cookie,
252  dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN;
253  } else {
254  /* Version 0. */
255 
256  /* Some compilers are smart enough to work out that nickname can be more
257  * than 19 characters, when it's a hexdigest. They warn that strncpy()
258  * will truncate hexdigests without NUL-terminating them. But we only put
259  * hexdigests in HSDir and general circuit exits. */
260  if (BUG(strlen(rendcirc->build_state->chosen_exit->nickname)
261  > MAX_NICKNAME_LEN)) {
262  goto perm_err;
263  }
264  strncpy(tmp, rendcirc->build_state->chosen_exit->nickname,
265  (MAX_NICKNAME_LEN+1)); /* nul pads */
266  memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie,
268  dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN;
269  }
270 
271  if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset,
272  DH1024_KEY_LEN)<0) {
273  log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
274  status = -2;
275  goto perm_err;
276  }
277 
278  /*XXX maybe give crypto_pk_obsolete_public_hybrid_encrypt a max_len arg,
279  * to avoid buffer overflows? */
281  sizeof(payload)-DIGEST_LEN,
282  tmp,
283  (int)(dh_offset+DH1024_KEY_LEN),
285  if (r<0) {
286  log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
287  status = -2;
288  goto perm_err;
289  }
290 
291  payload_len = DIGEST_LEN + r;
292  tor_assert(payload_len <= RELAY_PAYLOAD_SIZE); /* we overran something */
293 
294  /* Copy the rendezvous cookie from rendcirc to introcirc, so that
295  * when introcirc gets an ack, we can change the state of the right
296  * rendezvous circuit. */
297  memcpy(introcirc->rend_data->rend_cookie, rendcirc->rend_data->rend_cookie,
299 
300  log_info(LD_REND, "Sending an INTRODUCE1 cell");
301  if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc),
302  RELAY_COMMAND_INTRODUCE1,
303  payload, payload_len,
304  introcirc->cpath->prev)<0) {
305  /* introcirc is already marked for close. leave rendcirc alone. */
306  log_warn(LD_BUG, "Couldn't send INTRODUCE1 cell");
307  status = -2;
308  goto cleanup;
309  }
310 
311  /* Now, we wait for an ACK or NAK on this circuit. */
314  /* Set timestamp_dirty, because circuit_expire_building expects it
315  * to specify when a circuit entered the _C_INTRODUCE_ACK_WAIT
316  * state. */
317  introcirc->base_.timestamp_dirty = time(NULL);
318 
319  pathbias_count_use_attempt(introcirc);
320 
321  goto cleanup;
322 
323  perm_err:
324  if (!introcirc->base_.marked_for_close)
325  circuit_mark_for_close(TO_CIRCUIT(introcirc), END_CIRC_REASON_INTERNAL);
326  circuit_mark_for_close(TO_CIRCUIT(rendcirc), END_CIRC_REASON_INTERNAL);
327  cleanup:
328  memwipe(payload, 0, sizeof(payload));
329  memwipe(tmp, 0, sizeof(tmp));
330 
331  return status;
332 }
333 
336 void
338 {
340 
341  log_info(LD_REND,"rendcirc is open");
342 
343  /* generate a rendezvous cookie, store it in circ */
345  return;
346  }
347 }
348 
352 static void
353 rend_client_close_other_intros(const uint8_t *rend_pk_digest)
354 {
355  /* abort parallel intro circs, if any */
356  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c) {
357  if ((c->purpose == CIRCUIT_PURPOSE_C_INTRODUCING ||
358  c->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) &&
359  !c->marked_for_close && CIRCUIT_IS_ORIGIN(c)) {
361  if (oc->rend_data &&
362  rend_circuit_pk_digest_eq(oc, rend_pk_digest)) {
363  log_info(LD_REND|LD_CIRC, "Closing introduction circuit %d that we "
364  "built in parallel (Purpose %d).", oc->global_identifier,
365  c->purpose);
366  circuit_mark_for_close(c, END_CIRC_REASON_IP_NOW_REDUNDANT);
367  }
368  }
369  }
370  SMARTLIST_FOREACH_END(c);
371 }
372 
375 int
377  const uint8_t *request, size_t request_len)
378 {
379  const or_options_t *options = get_options();
380  origin_circuit_t *rendcirc;
381  (void) request; // XXXX Use this.
382 
383  tor_assert(circ->build_state);
385  assert_circ_anonymity_ok(circ, options);
386  tor_assert(circ->rend_data);
387 
388  if (request_len == 0) {
389  /* It's an ACK; the introduction point relayed our introduction request. */
390  /* Locate the rend circ which is waiting to hear about this ack,
391  * and tell it.
392  */
393  log_info(LD_REND,"Received ack. Telling rend circ...");
395  if (rendcirc) { /* remember the ack */
396  assert_circ_anonymity_ok(rendcirc, options);
399  /* Set timestamp_dirty, because circuit_expire_building expects
400  * it to specify when a circuit entered the
401  * _C_REND_READY_INTRO_ACKED state. */
402  rendcirc->base_.timestamp_dirty = time(NULL);
403  } else {
404  log_info(LD_REND,"...Found no rend circ. Dropping on the floor.");
405  }
406  /* close the circuit: we won't need it anymore. */
409  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
410 
411  /* close any other intros launched in parallel */
412  rend_client_close_other_intros(rend_data_get_pk_digest(circ->rend_data,
413  NULL));
414  } else {
415  /* It's a NAK; the introduction point didn't relay our request. */
417  /* Remove this intro point from the set of viable introduction
418  * points. If any remain, extend to a new one and try again.
419  * If none remain, refetch the service descriptor.
420  */
421  log_info(LD_REND, "Got nack for %s from %s...",
422  safe_str_client(rend_data_get_address(circ->rend_data)),
425  circ->rend_data,
426  INTRO_POINT_FAILURE_GENERIC)>0) {
427  /* There are introduction points left. Re-extend the circuit to
428  * another intro point and try again. */
429  int result = hs_client_reextend_intro_circuit(circ);
430  /* XXXX If that call failed, should we close the rend circuit,
431  * too? */
432  return result;
433  } else {
434  /* Close circuit because no more intro points are usable thus not
435  * useful anymore. Change it's purpose before so we don't report an
436  * intro point failure again triggering an extra descriptor fetch. */
439  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
440  }
441  }
442  return 0;
443 }
444 
451 static int
452 directory_get_from_hs_dir(const char *desc_id,
453  const rend_data_t *rend_query,
454  routerstatus_t *rs_hsdir)
455 {
456  routerstatus_t *hs_dir = rs_hsdir;
457  char *hsdir_fp;
458  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
459  char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
460  const rend_data_v2_t *rend_data;
461  const int how_to_fetch = DIRIND_ANONYMOUS;
462 
463  tor_assert(desc_id);
464  tor_assert(rend_query);
465  rend_data = TO_REND_DATA_V2(rend_query);
466 
467  base32_encode(desc_id_base32, sizeof(desc_id_base32),
468  desc_id, DIGEST_LEN);
469 
470  /* Automatically pick an hs dir if none given. */
471  if (!rs_hsdir) {
472  /* Determine responsible dirs. Even if we can't get all we want, work with
473  * the ones we have. If it's empty, we'll notice in hs_pick_hsdir(). */
474  smartlist_t *responsible_dirs = smartlist_new();
475  hid_serv_get_responsible_directories(responsible_dirs, desc_id);
476 
477  hs_dir = hs_pick_hsdir(responsible_dirs, desc_id_base32);
478  if (!hs_dir) {
479  /* No suitable hs dir can be found, stop right now. */
480  control_event_hsv2_descriptor_failed(rend_query, NULL,
481  "QUERY_NO_HSDIR");
482  control_event_hs_descriptor_content(rend_data_get_address(rend_query),
483  desc_id_base32, NULL, NULL);
484  return 0;
485  }
486  }
487 
488  /* Add a copy of the HSDir identity digest to the query so we can track it
489  * on the control port. */
490  hsdir_fp = tor_memdup(hs_dir->identity_digest,
491  sizeof(hs_dir->identity_digest));
492  smartlist_add(rend_query->hsdirs_fp, hsdir_fp);
493 
494  /* Encode descriptor cookie for logging purposes. Also, if the cookie is
495  * malformed, no fetch is triggered thus this needs to be done before the
496  * fetch request. */
497  if (rend_data->auth_type != REND_NO_AUTH) {
498  if (base64_encode(descriptor_cookie_base64,
499  sizeof(descriptor_cookie_base64),
500  rend_data->descriptor_cookie,
502  0)<0) {
503  log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
504  control_event_hsv2_descriptor_failed(rend_query, hsdir_fp, "BAD_DESC");
505  control_event_hs_descriptor_content(rend_data_get_address(rend_query),
506  desc_id_base32, hsdir_fp, NULL);
507  return 0;
508  }
509  /* Remove == signs. */
510  descriptor_cookie_base64[strlen(descriptor_cookie_base64)-2] = '\0';
511  } else {
512  strlcpy(descriptor_cookie_base64, "(none)",
513  sizeof(descriptor_cookie_base64));
514  }
515 
516  /* Send fetch request. (Pass query and possibly descriptor cookie so that
517  * they can be written to the directory connection and be referred to when
518  * the response arrives. */
519  directory_request_t *req =
522  directory_request_set_indirection(req, how_to_fetch);
523  directory_request_set_resource(req, desc_id_base32);
524  directory_request_set_rend_query(req, rend_query);
525  directory_initiate_request(req);
526  directory_request_free(req);
527 
528  log_info(LD_REND, "Sending fetch request for v2 descriptor for "
529  "service '%s' with descriptor ID '%s', auth type %d, "
530  "and descriptor cookie '%s' to hidden service "
531  "directory %s",
532  rend_data->onion_address, desc_id_base32,
533  rend_data->auth_type,
534  (rend_data->auth_type == REND_NO_AUTH ? "[none]" :
535  escaped_safe_str_client(descriptor_cookie_base64)),
536  routerstatus_describe(hs_dir));
538  rend_data->auth_type,
539  hs_dir->identity_digest,
540  desc_id_base32, NULL);
541  return 1;
542 }
543 
546 static void
547 purge_v2_hidserv_req(const char *desc_id)
548 {
549  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
550 
551  /* The hsdir request tracker stores v2 keys using the base32 encoded
552  desc_id. Do it: */
553  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
554  DIGEST_LEN);
556 }
557 
563 static int
564 fetch_v2_desc_by_descid(const char *desc_id,
565  const rend_data_t *rend_query, smartlist_t *hsdirs)
566 {
567  int ret;
568 
569  tor_assert(rend_query);
570 
571  if (!hsdirs) {
572  ret = directory_get_from_hs_dir(desc_id, rend_query, NULL);
573  goto end; /* either success or failure, but we're done */
574  }
575 
576  /* Using the given hsdir list, trigger a fetch on each of them. */
577  SMARTLIST_FOREACH_BEGIN(hsdirs, routerstatus_t *, hs_dir) {
578  /* This should always be a success. */
579  ret = directory_get_from_hs_dir(desc_id, rend_query, hs_dir);
580  tor_assert(ret);
581  } SMARTLIST_FOREACH_END(hs_dir);
582 
583  /* Everything went well. */
584  ret = 0;
585 
586  end:
587  return ret;
588 }
589 
597 static int
599 {
600  char descriptor_id[DIGEST_LEN];
601  int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
602  int i, tries_left, ret;
603  rend_data_v2_t *rend_data = TO_REND_DATA_V2(rend_query);
604 
605  /* Randomly iterate over the replicas until a descriptor can be fetched
606  * from one of the consecutive nodes, or no options are left. */
607  for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++) {
608  replicas_left_to_try[i] = i;
609  }
610 
612  while (tries_left > 0) {
613  int rand_val = crypto_rand_int(tries_left);
614  int chosen_replica = replicas_left_to_try[rand_val];
615  replicas_left_to_try[rand_val] = replicas_left_to_try[--tries_left];
616 
617  ret = rend_compute_v2_desc_id(descriptor_id,
618  rend_data->onion_address,
619  rend_data->auth_type == REND_STEALTH_AUTH ?
620  rend_data->descriptor_cookie : NULL,
621  time(NULL), chosen_replica);
622  if (ret < 0) {
623  /* Normally, on failure the descriptor_id is untouched but let's be
624  * safe in general in case the function changes at some point. */
625  goto end;
626  }
627 
628  if (tor_memcmp(descriptor_id, rend_data->descriptor_id[chosen_replica],
629  sizeof(descriptor_id)) != 0) {
630  /* Not equal from what we currently have so purge the last hid serv
631  * request cache and update the descriptor ID with the new value. */
632  purge_v2_hidserv_req(rend_data->descriptor_id[chosen_replica]);
633  memcpy(rend_data->descriptor_id[chosen_replica], descriptor_id,
634  sizeof(rend_data->descriptor_id[chosen_replica]));
635  }
636 
637  /* Trigger the fetch with the computed descriptor ID. */
638  ret = fetch_v2_desc_by_descid(descriptor_id, rend_query, hsdirs);
639  if (ret != 0) {
640  /* Either on success or failure, as long as we tried a fetch we are
641  * done here. */
642  goto end;
643  }
644  }
645 
646  /* If we come here, there are no hidden service directories left. */
647  log_info(LD_REND, "Could not pick one of the responsible hidden "
648  "service directories to fetch descriptors, because "
649  "we already tried them all unsuccessfully.");
650  ret = 0;
651 
652  end:
653  memwipe(descriptor_id, 0, sizeof(descriptor_id));
654  return ret;
655 }
656 
662 int
664 {
665  int ret;
666  rend_data_v2_t *rend_data;
667  const char *onion_address;
668 
669  tor_assert(query);
670 
671  /* Get the version 2 data structure of the query. */
672  rend_data = TO_REND_DATA_V2(query);
673  onion_address = rend_data_get_address(query);
674 
675  /* Depending on what's available in the rend data query object, we will
676  * trigger a fetch by HS address or using a descriptor ID. */
677 
678  if (onion_address[0] != '\0') {
679  ret = fetch_v2_desc_by_addr(query, hsdirs);
680  } else if (!tor_digest_is_zero(rend_data->desc_id_fetch)) {
681  ret = fetch_v2_desc_by_descid(rend_data->desc_id_fetch, query,
682  hsdirs);
683  } else {
684  /* Query data is invalid. */
685  ret = -1;
686  goto error;
687  }
688 
689  error:
690  return ret;
691 }
692 
696 void
698 {
699  rend_cache_entry_t *e = NULL;
700  const char *onion_address = rend_data_get_address(rend_query);
701 
702  tor_assert(rend_query);
703  /* Before fetching, check if we already have a usable descriptor here. */
704  if (rend_cache_lookup_entry(onion_address, -1, &e) == 0 &&
706  log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we "
707  "already have a usable descriptor here. Not fetching.");
708  return;
709  }
710  /* Are we configured to fetch descriptors? */
711  if (!get_options()->FetchHidServDescriptors) {
712  log_warn(LD_REND, "We received an onion address for a v2 rendezvous "
713  "service descriptor, but are not fetching service descriptors.");
714  return;
715  }
716  log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",
717  safe_str_client(onion_address));
718 
719  rend_client_fetch_v2_desc(rend_query, NULL);
720  /* We don't need to look the error code because either on failure or
721  * success, the necessary steps to continue the HS connection will be
722  * triggered once the descriptor arrives or if all fetch failed. */
723  return;
724 }
725 
728 void
730 {
731  smartlist_t *connection_array = get_connection_array();
732 
734  if (conn->type == CONN_TYPE_DIR &&
735  conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2) {
736  /* It's a rendezvous descriptor fetch in progress -- cancel it
737  * by marking the connection for close.
738  *
739  * Even if this connection has already reached EOF, this is
740  * enough to make sure that if the descriptor hasn't been
741  * processed yet, it won't be. See the end of
742  * connection_handle_read; connection_reached_eof (indirectly)
743  * processes whatever response the connection received. */
744 
745  const rend_data_t *rd = (TO_DIR_CONN(conn))->rend_data;
746  if (!rd) {
747  log_warn(LD_BUG | LD_REND,
748  "Marking for close dir conn fetching rendezvous "
749  "descriptor for unknown service!");
750  } else {
751  log_debug(LD_REND, "Marking for close dir conn fetching "
752  "rendezvous descriptor for service %s",
753  safe_str(rend_data_get_address(rd)));
754  }
755  connection_mark_for_close(conn);
756  }
757  } SMARTLIST_FOREACH_END(conn);
758 }
759 
781 int
783  rend_data_t *rend_data,
784  unsigned int failure_type)
785 {
786  int i, r;
787  rend_cache_entry_t *ent;
788  connection_t *conn;
789  const char *onion_address = rend_data_get_address(rend_data);
790 
791  r = rend_cache_lookup_entry(onion_address, -1, &ent);
792  if (r < 0) {
793  /* Either invalid onion address or cache entry not found. */
794  switch (-r) {
795  case EINVAL:
796  log_warn(LD_BUG, "Malformed service ID %s.",
797  escaped_safe_str_client(onion_address));
798  return -1;
799  case ENOENT:
800  log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
801  escaped_safe_str_client(onion_address));
803  return 0;
804  default:
805  log_warn(LD_BUG, "Unknown cache lookup returned code: %d", r);
806  return -1;
807  }
808  }
809  /* The intro points are not checked here if they are usable or not because
810  * this is called when an intro point circuit is closed thus there must be
811  * at least one intro point that is usable and is about to be flagged. */
812 
813  for (i = 0; i < smartlist_len(ent->parsed->intro_nodes); i++) {
814  rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i);
815  if (tor_memeq(failed_intro->identity_digest,
817  switch (failure_type) {
818  default:
819  log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.",
820  failure_type);
822  /* fall through */
823  case INTRO_POINT_FAILURE_GENERIC:
824  rend_cache_intro_failure_note(failure_type,
825  (uint8_t *)failed_intro->identity_digest,
826  onion_address);
827  rend_intro_point_free(intro);
828  smartlist_del(ent->parsed->intro_nodes, i);
829  break;
830  case INTRO_POINT_FAILURE_TIMEOUT:
831  intro->timed_out = 1;
832  break;
833  case INTRO_POINT_FAILURE_UNREACHABLE:
834  ++(intro->unreachable_count);
835  {
836  int zap_intro_point =
838  log_info(LD_REND, "Failed to reach this intro point %u times.%s",
839  intro->unreachable_count,
840  zap_intro_point ? " Removing from descriptor.": "");
841  if (zap_intro_point) {
843  failure_type,
844  (uint8_t *) failed_intro->identity_digest, onion_address);
845  rend_intro_point_free(intro);
846  smartlist_del(ent->parsed->intro_nodes, i);
847  }
848  }
849  break;
850  }
851  break;
852  }
853  }
854 
856  log_info(LD_REND,
857  "No more intro points remain for %s. Re-fetching descriptor.",
858  escaped_safe_str_client(onion_address));
860 
861  /* move all pending streams back to renddesc_wait */
862  /* NOTE: We can now do this faster, if we use pending_entry_connections */
865  onion_address))) {
866  connection_ap_mark_as_waiting_for_renddesc(TO_ENTRY_CONN(conn));
867  }
868 
869  return 0;
870  }
871  log_info(LD_REND,"%d options left for %s.",
872  smartlist_len(ent->parsed->intro_nodes),
873  escaped_safe_str_client(onion_address));
874  return 1;
875 }
876 
878 int
879 rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
880  size_t request_len)
881 {
882  if (request_len != DH1024_KEY_LEN+DIGEST_LEN) {
883  log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
884  (int)request_len);
885  goto err;
886  }
887 
888  if (hs_circuit_setup_e2e_rend_circ_legacy_client(circ, request) < 0) {
889  log_warn(LD_GENERAL, "Failed to setup circ");
890  goto err;
891  }
892  return 0;
893 
894  err:
895  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
896  return -1;
897 }
898 
902 void
903 rend_client_desc_trynow(const char *query)
904 {
905  entry_connection_t *conn;
906  rend_cache_entry_t *entry;
907  const rend_data_t *rend_data;
908  time_t now = time(NULL);
909 
910  smartlist_t *conns = get_connection_array();
911  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
912  if (base_conn->type != CONN_TYPE_AP ||
913  base_conn->state != AP_CONN_STATE_RENDDESC_WAIT ||
914  base_conn->marked_for_close)
915  continue;
916  conn = TO_ENTRY_CONN(base_conn);
917  rend_data = ENTRY_TO_EDGE_CONN(conn)->rend_data;
918  if (!rend_data)
919  continue;
920  const char *onion_address = rend_data_get_address(rend_data);
921  if (rend_cmp_service_ids(query, onion_address))
922  continue;
923  assert_connection_ok(base_conn, now);
924  if (rend_cache_lookup_entry(onion_address, -1,
925  &entry) == 0 &&
927  /* either this fetch worked, or it failed but there was a
928  * valid entry from before which we should reuse */
929  log_info(LD_REND,"Rend desc is usable. Launching circuits.");
930  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
931 
932  /* restart their timeout values, so they get a fair shake at
933  * connecting to the hidden service. */
934  base_conn->timestamp_created = now;
935  base_conn->timestamp_last_read_allowed = now;
936  base_conn->timestamp_last_write_allowed = now;
937 
938  connection_ap_mark_as_pending_circuit(conn);
939  } else { /* 404, or fetch didn't get that far */
940  log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
941  "unavailable (try again later).",
942  safe_str_client(query));
943  connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
945  }
946  } SMARTLIST_FOREACH_END(base_conn);
947 }
948 
954 void
956 {
957  unsigned int have_onion = 0;
958  rend_cache_entry_t *cache_entry = NULL;
959  const char *onion_address = rend_data_get_address(rend_data);
960  rend_data_v2_t *rend_data_v2 = TO_REND_DATA_V2(rend_data);
961 
962  if (onion_address[0] != '\0') {
963  /* Ignore return value; we find an entry, or we don't. */
964  (void) rend_cache_lookup_entry(onion_address, -1, &cache_entry);
965  have_onion = 1;
966  }
967 
968  /* Clear the timed_out flag on all remaining intro points for this HS. */
969  if (cache_entry != NULL) {
970  SMARTLIST_FOREACH(cache_entry->parsed->intro_nodes,
971  rend_intro_point_t *, ip,
972  ip->timed_out = 0; );
973  }
974 
975  /* Remove the HS's entries in last_hid_serv_requests. */
976  if (have_onion) {
977  unsigned int replica;
978  for (replica = 0; replica < ARRAY_LENGTH(rend_data_v2->descriptor_id);
979  replica++) {
980  const char *desc_id = rend_data_v2->descriptor_id[replica];
981  purge_v2_hidserv_req(desc_id);
982  }
983  log_info(LD_REND, "Connection attempt for %s has ended; "
984  "cleaning up temporary state.",
985  safe_str_client(onion_address));
986  } else {
987  /* We only have an ID for a fetch. Probably used by HSFETCH. */
988  purge_v2_hidserv_req(rend_data_v2->desc_id_fetch);
989  }
990 }
991 
998 {
999  int ret;
1000  extend_info_t *result;
1001  rend_cache_entry_t *entry;
1002  const char *onion_address = rend_data_get_address(rend_query);
1003 
1004  ret = rend_cache_lookup_entry(onion_address, -1, &entry);
1005  if (ret < 0 || !rend_client_any_intro_points_usable(entry)) {
1006  log_warn(LD_REND,
1007  "Query '%s' didn't have valid rend desc in cache. Failing.",
1008  safe_str_client(onion_address));
1009  /* XXX: Should we refetch the descriptor here if the IPs are not usable
1010  * anymore ?. */
1011  return NULL;
1012  }
1013 
1014  /* See if we can get a node that complies with ExcludeNodes */
1015  if ((result = rend_client_get_random_intro_impl(entry, 1, 1)))
1016  return result;
1017  /* If not, and StrictNodes is not set, see if we can return any old node
1018  */
1019  if (!get_options()->StrictNodes)
1020  return rend_client_get_random_intro_impl(entry, 0, 1);
1021  return NULL;
1022 }
1023 
1028 static extend_info_t *
1030  const int strict,
1031  const int warnings)
1032 {
1033  int i;
1034 
1035  rend_intro_point_t *intro;
1036  const or_options_t *options = get_options();
1037  smartlist_t *usable_nodes;
1038  int n_excluded = 0;
1039 
1040  /* We'll keep a separate list of the usable nodes. If this becomes empty,
1041  * no nodes are usable. */
1042  usable_nodes = smartlist_new();
1043  smartlist_add_all(usable_nodes, entry->parsed->intro_nodes);
1044 
1045  /* Remove the intro points that have timed out during this HS
1046  * connection attempt from our list of usable nodes. */
1047  SMARTLIST_FOREACH(usable_nodes, rend_intro_point_t *, ip,
1048  if (ip->timed_out) {
1049  SMARTLIST_DEL_CURRENT(usable_nodes, ip);
1050  });
1051 
1052  again:
1053  if (smartlist_len(usable_nodes) == 0) {
1054  if (n_excluded && get_options()->StrictNodes && warnings) {
1055  /* We only want to warn if StrictNodes is really set. Otherwise
1056  * we're just about to retry anyways.
1057  */
1058  log_warn(LD_REND, "All introduction points for hidden service are "
1059  "at excluded relays, and StrictNodes is set. Skipping.");
1060  }
1061  smartlist_free(usable_nodes);
1062  return NULL;
1063  }
1064 
1065  i = crypto_rand_int(smartlist_len(usable_nodes));
1066  intro = smartlist_get(usable_nodes, i);
1067  if (BUG(!intro->extend_info)) {
1068  /* This should never happen, but it isn't fatal, just try another */
1069  smartlist_del(usable_nodes, i);
1070  goto again;
1071  }
1072  /* All version 2 HS descriptors come with a TAP onion key.
1073  * Clients used to try to get the TAP onion key from the consensus, but this
1074  * meant that hidden services could discover which consensus clients have. */
1075  if (!extend_info_supports_tap(intro->extend_info)) {
1076  log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the "
1077  "intro-point relay '%s'; trying another.",
1079  smartlist_del(usable_nodes, i);
1080  goto again;
1081  }
1082  /* Check if we should refuse to talk to this router. */
1083  if (strict &&
1085  intro->extend_info)) {
1086  n_excluded++;
1087  smartlist_del(usable_nodes, i);
1088  goto again;
1089  }
1090 
1091  smartlist_free(usable_nodes);
1092  return extend_info_dup(intro->extend_info);
1093 }
1094 
1097 int
1099 {
1100  extend_info_t *extend_info =
1101  rend_client_get_random_intro_impl(entry, get_options()->StrictNodes, 0);
1102 
1103  int rv = (extend_info != NULL);
1104 
1105  extend_info_free(extend_info);
1106  return rv;
1107 }
1108 
1111 static strmap_t *auth_hid_servs = NULL;
1112 
1118 {
1119  tor_assert(onion_address);
1120  if (!auth_hid_servs) return NULL;
1121  return strmap_get(auth_hid_servs, onion_address);
1122 }
1123 
1124 #define rend_service_authorization_free(val) \
1125  FREE_AND_NULL(rend_service_authorization_t, \
1126  rend_service_authorization_free_, (val))
1127 
1129 static void
1131 {
1132  tor_free(auth);
1133 }
1134 
1136 static void
1138 {
1139  rend_service_authorization_free_(service_auth);
1140 }
1141 
1144 void
1146 {
1147  if (!auth_hid_servs) {
1148  return;
1149  }
1151  auth_hid_servs = NULL;
1152 }
1153 
1157 int
1159  int validate_only)
1160 {
1161  config_line_t *line;
1162  int res = -1;
1163  strmap_t *parsed = strmap_new();
1164  smartlist_t *sl = smartlist_new();
1165  rend_service_authorization_t *auth = NULL;
1166  char *err_msg = NULL;
1167 
1168  for (line = options->HidServAuth; line; line = line->next) {
1169  char *onion_address, *descriptor_cookie;
1170  auth = NULL;
1171  SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
1172  smartlist_clear(sl);
1173  smartlist_split_string(sl, line->value, " ",
1174  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
1175  if (smartlist_len(sl) < 2) {
1176  log_warn(LD_CONFIG, "Configuration line does not consist of "
1177  "\"onion-address authorization-cookie [service-name]\": "
1178  "'%s'", line->value);
1179  goto err;
1180  }
1181  auth = tor_malloc_zero(sizeof(rend_service_authorization_t));
1182  /* Parse onion address. */
1183  onion_address = smartlist_get(sl, 0);
1184  if (strlen(onion_address) != REND_SERVICE_ADDRESS_LEN ||
1185  strcmpend(onion_address, ".onion")) {
1186  log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
1187  onion_address);
1188  goto err;
1189  }
1190  strlcpy(auth->onion_address, onion_address, REND_SERVICE_ID_LEN_BASE32+1);
1191  if (!rend_valid_v2_service_id(auth->onion_address)) {
1192  log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
1193  onion_address);
1194  goto err;
1195  }
1196  /* Parse descriptor cookie. */
1197  descriptor_cookie = smartlist_get(sl, 1);
1198  if (rend_auth_decode_cookie(descriptor_cookie, auth->descriptor_cookie,
1199  &auth->auth_type, &err_msg) < 0) {
1200  tor_assert(err_msg);
1201  log_warn(LD_CONFIG, "%s", err_msg);
1202  tor_free(err_msg);
1203  goto err;
1204  }
1205  if (strmap_get(parsed, auth->onion_address)) {
1206  log_warn(LD_CONFIG, "Duplicate authorization for the same hidden "
1207  "service.");
1208  goto err;
1209  }
1210  strmap_set(parsed, auth->onion_address, auth);
1211  auth = NULL;
1212  }
1213  res = 0;
1214  goto done;
1215  err:
1216  res = -1;
1217  done:
1218  rend_service_authorization_free(auth);
1219  SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
1220  smartlist_free(sl);
1221  if (!validate_only && res == 0) {
1223  auth_hid_servs = parsed;
1224  } else {
1225  strmap_free(parsed, rend_service_authorization_free_void);
1226  }
1227  return res;
1228 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
#define CIRCUIT_PURPOSE_C_INTRODUCING
Definition: circuitlist.h:74
void control_event_hs_descriptor_content(const char *onion_address, const char *desc_id, const char *hsdir_id_digest, const char *content)
Definition: control.c:7485
Header file for rendcommon.c.
rend_data_t * rend_data
char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN]
Definition: or.h:443
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *rs)
Definition: dirclient.c:1160
int rend_client_introduction_acked(origin_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: rendclient.c:376
Header file for dirclient.c.
Header for confline.c.
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
Definition: routerset.c:289
Header file containing common data for the whole HS subsytem.
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
Definition: circuitlist.h:87
int rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out, rend_auth_type_t *auth_type_out, char **err_msg_out)
Definition: rendcommon.c:923
Common functions for using (pseudo-)random number generators.
int rend_client_report_intro_point_failure(extend_info_t *failed_intro, rend_data_t *rend_data, unsigned int failure_type)
Definition: rendclient.c:782
Headers for crypto_dh.c.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
rend_service_descriptor_t * parsed
Definition: rendcache.h:34
Header file containing client data for the HS subsytem.
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:154
Header file for connection.c.
static int directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query, routerstatus_t *rs_hsdir)
Definition: rendclient.c:452
int rend_client_send_introduction(origin_circuit_t *introcirc, origin_circuit_t *rendcirc)
Definition: rendclient.c:112
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:73
connection_t * connection_get_by_type_state_rendquery(int type, int state, const char *rendquery)
Definition: connection.c:4473
#define LD_GENERAL
Definition: log.h:58
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:143
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:48
char descriptor_cookie[REND_DESC_COOKIE_LEN]
Definition: or.h:446
void rend_cache_intro_failure_note(rend_intro_point_failure_t failure, const uint8_t *identity, const char *service_id)
Definition: rendcache.c:452
char identity_digest[DIGEST_LEN]
Header file for describe.c.
void rend_cache_purge(void)
Definition: rendcache.c:307
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:145
Header file for nodelist.c.
void rend_cache_failure_purge(void)
Definition: rendcache.c:319
void rend_client_note_connection_attempt_ended(const rend_data_t *rend_data)
Definition: rendclient.c:955
crypt_path_t * cpath
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:245
#define REND_DESC_COOKIE_LEN_BASE64
Definition: or.h:370
rend_service_authorization_t * rend_client_lookup_service_authorization(const char *onion_address)
Definition: rendclient.c:1117
int crypto_dh_get_public(crypto_dh_t *dh, char *pubkey_out, size_t pubkey_out_len)
static int rend_client_send_establish_rendezvous(origin_circuit_t *circ)
Definition: rendclient.c:80
#define AP_CONN_STATE_RENDDESC_WAIT
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:153
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:354
#define MAX_NICKNAME_LEN
Definition: or.h:113
const char * safe_str_client(const char *address)
Definition: config.c:1059
struct directory_request_t directory_request_t
Definition: dirclient.h:52
#define TO_CIRCUIT(x)
Definition: or.h:947
#define CIRCUIT_PURPOSE_C_REND_READY
Definition: circuitlist.h:84
Header file for config.c.
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
static void rend_client_close_other_intros(const uint8_t *rend_pk_digest)
Definition: rendclient.c:353
smartlist_t * hsdirs_fp
Definition: or.h:424
static extend_info_t * rend_client_get_random_intro_impl(const rend_cache_entry_t *rend_query, const int strict, const int warnings)
Definition: rendclient.c:1029
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
#define tor_free(p)
Definition: malloc.h:52
#define tor_fragile_assert()
Definition: util_bug.h:221
int crypto_rand_int(unsigned int max)
Definition: crypto_rand.c:548
int rend_client_fetch_v2_desc(rend_data_t *query, smartlist_t *hsdirs)
Definition: rendclient.c:663
Header file for mainloop.c.
uint8_t purpose
Definition: circuit_st.h:102
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
void control_event_hs_descriptor_requested(const char *onion_address, rend_auth_type_t auth_type, const char *id_digest, const char *desc_id, const char *hsdir_index)
Definition: control.c:7143
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1589
static void set_uint32(void *cp, uint32_t v)
Definition: bytes.h:82
void rend_service_authorization_free_all(void)
Definition: rendclient.c:1145
crypto_pk_t * onion_key
void connection_ap_attach_pending(int retry)
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
static void rend_service_authorization_free_void(void *service_auth)
Definition: rendclient.c:1137
Definition: rendcache.h:29
int crypto_dh_generate_public(crypto_dh_t *dh)
extend_info_t * extend_info
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1030
Common functions for cryptographic routines.
tor_assert(buffer)
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:946
origin_circuit_t * circuit_get_ready_rend_circ_by_rend_data(const rend_data_t *rend_data)
Definition: circuitlist.c:1685
void rend_client_desc_trynow(const char *query)
Definition: rendclient.c:903
time_t timestamp_dirty
Definition: circuit_st.h:152
void rend_client_cancel_descriptor_fetches(void)
Definition: rendclient.c:729
#define LD_CIRC
Definition: log.h:78
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int force)
Definition: crypto_rsa.c:89
static void rend_service_authorization_free_(rend_service_authorization_t *auth)
Definition: rendclient.c:1130
routerset_t * ExcludeNodes
Definition: or_options_st.h:84
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:77
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
Definition: circuitlist.h:80
#define PK_PKCS1_OAEP_PADDING
Definition: crypto_rsa.h:27
Master header file for Tor-specific functionality.
static void purge_v2_hidserv_req(const char *desc_id)
Definition: rendclient.c:547
Header file for circuitbuild.c.
#define AP_CONN_STATE_CIRCUIT_WAIT
Header file for rephist.c.
int rend_valid_v2_service_id(const char *query)
Definition: rendcommon.c:718
extend_info_t * extend_info_dup(extend_info_t *info)
const char * routerstatus_describe(const routerstatus_t *rs)
Definition: describe.c:134
Header file for circuituse.c.
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
Definition: circuitlist.h:82
void smartlist_del(smartlist_t *sl, int idx)
#define LD_REND
Definition: log.h:80
Header file for circuitlist.c.
int rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
Definition: rendcache.c:509
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:348
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
#define DH1024_KEY_LEN
Definition: dh_sizes.h:20
Header file containing circuit data for the whole HS subsytem.
struct crypt_path_t * prev
Definition: crypt_path_st.h:61
cpath_build_state_t * build_state
Header file for connection_edge.c.
#define REND_SERVICE_ID_LEN_BASE32
Definition: or.h:331
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5218
rend_auth_type_t auth_type
Definition: or.h:449
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:163
static int fetch_v2_desc_by_descid(const char *desc_id, const rend_data_t *rend_query, smartlist_t *hsdirs)
Definition: rendclient.c:564
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:351
char rend_cookie[REND_COOKIE_LEN]
Definition: or.h:427
crypto_dh_t * crypto_dh_new(int dh_type)
Definition: crypto_dh_nss.c:73
unsigned int unreachable_count
Header file for relay.c.
char identity_digest[DIGEST_LEN]
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1548
STATIC smartlist_t * connection_array
Definition: mainloop.c:167
static int fetch_v2_desc_by_addr(rend_data_t *rend_query, smartlist_t *hsdirs)
Definition: rendclient.c:598
#define MAX_INTRO_POINT_REACHABILITY_FAILURES
Definition: or.h:1061
char desc_id_fetch[DIGEST_LEN]
Definition: or.h:454
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
Definition: circuitlist.h:77
void directory_request_set_rend_query(directory_request_t *req, const rend_data_t *query)
Definition: dirclient.c:1094
#define ARRAY_LENGTH(x)
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str)
Definition: hs_common.c:1616
int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs, const char *id)
Definition: rendcommon.c:841
Header file for control.c.
struct config_line_t * HidServAuth
void rend_client_purge_state(void)
Definition: rendclient.c:56
static strmap_t * auth_hid_servs
Definition: rendclient.c:1111
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:596
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3048
void rend_client_rendcirc_has_opened(origin_circuit_t *circ)
Definition: rendclient.c:337
int rend_client_any_intro_points_usable(const rend_cache_entry_t *entry)
Definition: rendclient.c:1098
#define CONN_TYPE_DIR
Definition: connection.h:35
char onion_address[REND_SERVICE_ID_LEN_BASE32+1]
Definition: or.h:438
#define REND_COOKIE_LEN
Definition: or.h:399
extend_info_t * chosen_exit
#define REND_SERVICE_ADDRESS_LEN
Definition: or.h:334
int rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: rendclient.c:879
tor_addr_t addr
int crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len)
extend_info_t * rend_client_get_random_intro(const rend_data_t *rend_query)
Definition: rendclient.c:997
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1043
#define CONN_TYPE_AP
Definition: connection.h:31
Header file for rendclient.c.
void smartlist_clear(smartlist_t *sl)
#define LD_PROTOCOL
Definition: log.h:68
#define REND_DESC_COOKIE_LEN
Definition: or.h:366
void rend_client_refetch_v2_renddesc(rend_data_t *rend_query)
Definition: rendclient.c:697
#define DIR_PURPOSE_FETCH_RENDDESC_V2
Definition: directory.h:68
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:82
const char * safe_str(const char *address)
Definition: config.c:1076
#define LD_CONFIG
Definition: log.h:64
int rend_parse_service_authorization(const or_options_t *options, int validate_only)
Definition: rendclient.c:1158
Header file for routerlist.c.
void control_event_hsv2_descriptor_failed(const rend_data_t *rend_data, const char *hsdir_id_digest, const char *reason)
Definition: control.c:7425
const char * escaped_safe_str_client(const char *address)
Definition: config.c:1089
void rend_client_introcirc_has_opened(origin_circuit_t *circ)
Definition: rendclient.c:67
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)