|
Tor 0.4.9.0-alpha-dev
|
#include "core/or/or.h"#include "app/config/config.h"#include "core/crypto/hs_ntor.h"#include "core/or/circuitbuild.h"#include "core/or/circuitlist.h"#include "core/or/circuituse.h"#include "core/or/policies.h"#include "core/or/relay.h"#include "core/or/crypt_path.h"#include "core/or/extendinfo.h"#include "core/or/congestion_control_common.h"#include "core/crypto/onion_crypto.h"#include "feature/client/circpathbias.h"#include "feature/hs/hs_cell.h"#include "feature/hs/hs_circuit.h"#include "feature/hs/hs_common.h"#include "feature/hs/hs_ob.h"#include "feature/hs/hs_circuitmap.h"#include "feature/hs/hs_client.h"#include "feature/hs/hs_ident.h"#include "feature/hs/hs_metrics.h"#include "feature/hs/hs_service.h"#include "feature/nodelist/describe.h"#include "feature/nodelist/nodelist.h"#include "feature/stats/rephist.h"#include "lib/crypt_ops/crypto_dh.h"#include "lib/crypt_ops/crypto_rand.h"#include "lib/crypt_ops/crypto_util.h"#include "lib/time/compat_time.h"#include "trunnel/ed25519_cert.h"#include "trunnel/hs/cell_establish_intro.h"#include "core/or/congestion_control_st.h"#include "core/or/cpath_build_state_st.h"#include "core/or/crypt_path_st.h"#include "feature/nodelist/node_st.h"#include "core/or/origin_circuit_st.h"Go to the source code of this file.
Macros | |
| #define | HS_CIRCUIT_PRIVATE |
| #define | MAX_CHEAP_REND_CIRCUITS_IN_PROGRESS 16 |
| #define HS_CIRCUIT_PRIVATE |
Definition at line 8 of file hs_circuit.c.
| #define MAX_CHEAP_REND_CIRCUITS_IN_PROGRESS 16 |
What is the threshold of in-progress (CIRCUIT_PURPOSE_S_CONNECT_REND) rendezvous responses above which we won't launch new low-effort rendezvous responses? (Intro2 cells with suitable PoW effort are not affected by this threshold.)
Definition at line 761 of file hs_circuit.c.
|
static |
Return true iff the given service rendezvous circuit circ is allowed for a relaunch to the rendezvous point.
Definition at line 453 of file hs_circuit.c.
Referenced by hs_circ_retry_service_rendezvous_point().
|
static |
A circuit is about to become an e2e rendezvous circuit. Check circ_purpose and ensure that it's properly set. Return true iff circuit purpose is properly set, otherwise return false.
Definition at line 66 of file hs_circuit.c.
|
static |
Helper: cleanup function for client circuit. This is for every HS version. It is called from hs_circ_cleanup_on_close() entry point.
Definition at line 602 of file hs_circuit.c.
Referenced by hs_circ_cleanup_on_close().
|
static |
Helper: cleanup function for client circuit. This is for every HS version. It is called from hs_circ_cleanup_on_free() entry point.
Definition at line 616 of file hs_circuit.c.
Referenced by hs_circ_cleanup_on_free().
|
static |
Return less than 0 if a precedes b, 0 if a equals b and greater than 0 if b precedes a. Note that higher effort is earlier in the pqueue.
Definition at line 630 of file hs_circuit.c.
|
static |
Return the number of opened introduction circuit for the given circuit that is matching its identity key.
Definition at line 174 of file hs_circuit.c.
Referenced by hs_circ_service_intro_has_opened().
|
static |
Count up how many pending outgoing (CIRCUIT_PURPOSE_S_CONNECT_REND) circuits there are for this service. Used in the PoW rate limiting world to decide whether it's time to launch any new ones.
Definition at line 711 of file hs_circuit.c.
|
static |
From a given service and service intro point, create an introduction point circuit identifier. This can't fail.
Definition at line 245 of file hs_circuit.c.
|
static |
Create and return a crypt path for the final hop of a v3 prop224 rendezvous circuit. Initialize the crypt path crypto using the output material from the ntor key exchange at ntor_key_seed.
If is_service_side is set, we are the hidden service and the final hop of the rendezvous circuit is the client on the other side.
Definition at line 96 of file hs_circuit.c.
| STATIC hs_ident_circuit_t * create_rp_circuit_identifier | ( | const hs_service_t * | service, |
| const uint8_t * | rendezvous_cookie, | ||
| const curve25519_public_key_t * | server_pk, | ||
| const hs_ntor_rend_cell_keys_t * | keys | ||
| ) |
From a given service, rendezvous cookie and handshake info, create a rendezvous point circuit identifier. This can't fail.
Definition at line 206 of file hs_circuit.c.
|
static |
Given the information needed to launch a rendezvous circuit and an effort value, enqueue the rendezvous request in the service's PoW priority queue with the effort being the priority.
Return 0 if we successfully enqueued the request else -1.
Definition at line 861 of file hs_circuit.c.
|
static |
Append the final hop to the cpath of the rend circ, and mark circ ready for use to transfer HS relay cells.
Definition at line 126 of file hs_circuit.c.
|
inlinestatic |
Helper: Free a pending rend object.
Definition at line 52 of file hs_circuit.c.
|
static |
Return a string constant describing the anonymity of service.
Definition at line 312 of file hs_circuit.c.
|
static |
Go into data and add the right subcredential to be able to handle this incoming cell.
desc_subcred is the subcredential of the descriptor that corresponds to the intro point that received this intro request. This subcredential should be used if we are not an onionbalance instance.
Return 0 if everything went well, or -1 in case of internal error.
Definition at line 1272 of file hs_circuit.c.
Referenced by hs_circ_handle_introduce2().
|
static |
Definition at line 764 of file hs_circuit.c.
| void hs_circ_cleanup_on_close | ( | circuit_t * | circ | ) |
Circuit cleanup strategy:
What follows is a series of functions that notifies the HS subsystem of 3 different circuit cleanup phase: close, free and repurpose.
Tor can call any of those in any orders so they have to be safe between each other. In other words, the free should never depend on close to be called before.
The "on_close()" is called from circuit_mark_for_close() which is considered the tor fast path and thus as little work as possible should done in that function. Currently, we only remove the circuit from the HS circuit map and move on.
The "on_free()" is called from circuit circuit_free_() and it is very important that at the end of the function, no state or objects related to this circuit remains alive.
The "on_repurpose()" is called from circuit_change_purpose() for which we simply remove it from the HS circuit map. We do not have other cleanup requirements after that.
NOTE: The onion service code, specifically the service code, cleans up lingering objects or state if any of its circuit disappear which is why our cleanup strategy doesn't involve any service specific actions. As long as the circuit is removed from the HS circuit map, it won't be used. We are about to close this circ. Clean it up from any related HS data structures. This function can be called multiple times safely for the same circuit.
Definition at line 1605 of file hs_circuit.c.
| void hs_circ_cleanup_on_free | ( | circuit_t * | circ | ) |
We are about to free this circ. Clean it up from any related HS data structures. This function can be called multiple times safely for the same circuit.
Definition at line 1631 of file hs_circuit.c.
Referenced by circuit_free_().
| void hs_circ_cleanup_on_repurpose | ( | circuit_t * | circ | ) |
We are about to repurpose this circ. Clean it up from any related HS data structures. This function can be called multiple times safely for the same circuit.
Definition at line 1652 of file hs_circuit.c.
| int hs_circ_handle_intro_established | ( | const hs_service_t * | service, |
| const hs_service_intro_point_t * | ip, | ||
| origin_circuit_t * | circ, | ||
| const uint8_t * | payload, | ||
| size_t | payload_len | ||
| ) |
Circ has been expecting an INTRO_ESTABLISHED cell that just arrived. Handle the INTRO_ESTABLISHED cell payload of length payload_len arriving on the given introduction circuit circ. The service is only used for logging purposes. Return 0 on success else a negative value.
Definition at line 1223 of file hs_circuit.c.
| int hs_circ_handle_introduce2 | ( | const hs_service_t * | service, |
| const origin_circuit_t * | circ, | ||
| hs_service_intro_point_t * | ip, | ||
| const hs_subcredential_t * | subcredential, | ||
| const uint8_t * | payload, | ||
| size_t | payload_len | ||
| ) |
We just received an INTRODUCE2 cell on the established introduction circuit circ. Handle the INTRODUCE2 payload of size payload_len for the given circuit and service. This cell is associated with the intro point object ip and the subcredential. Return 0 on success else a negative value.
Definition at line 1302 of file hs_circuit.c.
| bool hs_circ_is_rend_sent_in_intro1 | ( | const origin_circuit_t * | circ | ) |
Return true iff the given established client rendezvous circuit was sent into the INTRODUCE1 cell. This is called so we can take a decision on expiring or not the circuit.
The caller MUST make sure the circuit is an established client rendezvous circuit (purpose: CIRCUIT_PURPOSE_C_REND_READY).
This function supports all onion service versions.
Definition at line 1685 of file hs_circuit.c.
| int hs_circ_launch_intro_point | ( | hs_service_t * | service, |
| const hs_service_intro_point_t * | ip, | ||
| extend_info_t * | ei, | ||
| bool | direct_conn | ||
| ) |
For a given service and a service intro point, launch a circuit to the extend info ei. If the service is a single onion, and direct_conn is true, a one-hop circuit will be requested.
Return 0 if the circuit was successfully launched and tagged with the correct identifier. On error, a negative value is returned.
Definition at line 1025 of file hs_circuit.c.
| void hs_circ_retry_service_rendezvous_point | ( | const origin_circuit_t * | circ | ) |
Called when we fail building a rendezvous circuit at some point other than the last hop: launches a new circuit to the same rendezvous point.
We currently relaunch connections to rendezvous points if:
We avoid relaunching a connection to this rendezvous point if:
Definition at line 999 of file hs_circuit.c.
Referenced by hs_circ_cleanup_on_repurpose().
| int hs_circ_send_establish_rendezvous | ( | origin_circuit_t * | circ | ) |
Send an ESTABLISH_RENDEZVOUS cell along the rendezvous circuit circ. On success, 0 is returned else -1 and the circuit is marked for close.
Definition at line 1525 of file hs_circuit.c.
| int hs_circ_send_introduce1 | ( | origin_circuit_t * | intro_circ, |
| origin_circuit_t * | rend_circ, | ||
| const hs_desc_intro_point_t * | ip, | ||
| const hs_subcredential_t * | subcredential, | ||
| const hs_pow_solution_t * | pow_solution | ||
| ) |
Given the introduction circuit intro_circ, the rendezvous circuit rend_circ, a descriptor intro point object ip and the service's subcredential, send an INTRODUCE1 cell on intro_circ.
This will also setup the circuit identifier on rend_circ containing the key material for the handshake and e2e encryption. Return 0 on success else negative value. Because relay_send_command_from_edge() closes the circuit on error, it is possible that intro_circ is closed on error.
Definition at line 1436 of file hs_circuit.c.
Referenced by send_introduce1().
| origin_circuit_t * hs_circ_service_get_established_intro_circ | ( | const hs_service_intro_point_t * | ip | ) |
Return an introduction point established circuit matching the given intro point object. The circuit purpose has to be CIRCUIT_PURPOSE_S_INTRO. NULL is returned is no such circuit can be found.
Definition at line 972 of file hs_circuit.c.
| origin_circuit_t * hs_circ_service_get_intro_circ | ( | const hs_service_intro_point_t * | ip | ) |
Return an introduction point circuit matching the given intro point object. NULL is returned is no such circuit can be found.
Definition at line 961 of file hs_circuit.c.
Referenced by should_remove_intro_point().
| int hs_circ_service_intro_has_opened | ( | hs_service_t * | service, |
| hs_service_intro_point_t * | ip, | ||
| const hs_service_descriptor_t * | desc, | ||
| origin_circuit_t * | circ | ||
| ) |
Called when a service introduction point circuit is done building. Given the service and intro point object, this function will send the ESTABLISH_INTRO cell on the circuit. Return 0 on success. Return 1 if the circuit has been repurposed to General because we already have too many opened.
Definition at line 1083 of file hs_circuit.c.
| void hs_circ_service_rp_has_opened | ( | const hs_service_t * | service, |
| origin_circuit_t * | circ | ||
| ) |
Called when a service rendezvous point circuit is done building. Given the service and the circuit, this function will send a RENDEZVOUS1 cell on the circuit using the information in the circuit identifier. If the cell can't be sent, the circuit is closed.
Definition at line 1151 of file hs_circuit.c.
| void hs_circ_setup_congestion_control | ( | origin_circuit_t * | origin_circ, |
| uint8_t | sendme_inc, | ||
| bool | is_single_onion | ||
| ) |
Setup on the given circuit congestion control with the given parameters.
This function assumes that congestion control is enabled on the network and so it is the caller responsability to make sure of it.
Definition at line 928 of file hs_circuit.c.
Referenced by setup_rendezvous_circ_congestion_control().
| int hs_circuit_setup_e2e_rend_circ | ( | origin_circuit_t * | circ, |
| const uint8_t * | ntor_key_seed, | ||
| size_t | seed_len, | ||
| int | is_service_side | ||
| ) |
Circuit circ just finished the rend ntor key exchange. Use the key exchange output material at ntor_key_seed and setup circ to serve as a rendezvous end-to-end circuit between the client and the service. If is_service_side is set, then we are the hidden service and the other side is the client.
Return 0 if the operation went well; in case of error return -1.
Definition at line 1405 of file hs_circuit.c.
| STATIC void launch_rendezvous_point_circuit | ( | const hs_service_t * | service, |
| const ed25519_public_key_t * | ip_auth_pubkey, | ||
| const curve25519_keypair_t * | ip_enc_key_kp, | ||
| const hs_cell_intro_rdv_data_t * | rdv_data, | ||
| time_t | now | ||
| ) |
For a given service, the ntor onion key and a rendezvous cookie, launch a circuit to the rendezvous point specified by the link specifiers. On success, a circuit identifier is attached to the circuit with the needed data. This function will try to open a circuit for a maximum value of MAX_REND_FAILURES then it will give up.
Definition at line 331 of file hs_circuit.c.
|
static |
Return 1 if a request waiting in our service-side pqueue is old enough that we should just discard it rather than trying to respond, or 0 if we still like it. As a heuristic, choose half of the total permitted time interval (so we don't approve trying to respond to requests when we will then give up on them a moment later).
Definition at line 654 of file hs_circuit.c.
|
static |
For a given circuit and a service introduction point object, register the intro circuit to the circuitmap.
Definition at line 161 of file hs_circuit.c.
| void rend_pqueue_clear | ( | hs_pow_service_state_t * | pow_state | ) |
Abandon and free all pending rend requests, leaving the pqueue empty.
Definition at line 748 of file hs_circuit.c.
Referenced by hs_pow_free_service_state().
|
static |
Retry the rendezvous point of circ by launching a new circuit to it.
Definition at line 489 of file hs_circuit.c.
Referenced by hs_circ_retry_service_rendezvous_point().
|
static |
For a given introduction point and an introduction circuit, send the ESTABLISH_INTRO cell. The service object is used for logging. This can fail and if so, the circuit is closed and the intro point object is flagged that the circuit is not established anymore which is important for the retry mechanism.
Definition at line 266 of file hs_circuit.c.
|
static |
Using the given descriptor intro point ip, the node of the rendezvous point rp_node and the service's subcredential, populate the already allocated intro1_data object with the needed key material and link specifiers.
Return 0 on success or a negative value if we couldn't properly filled the introduce1 data from the RP node. In other word, it means the RP node is unusable to use in the introduction.
Definition at line 558 of file hs_circuit.c.
| int top_of_rend_pqueue_is_worthwhile | ( | hs_pow_service_state_t * | pow_state | ) |
Peek at the top entry on the pending rend pqueue, which must not be empty. If its level of effort is at least what we're suggesting for that service right now, return 1, else return 0.
Definition at line 732 of file hs_circuit.c.
|
static |
Our rendezvous request priority queue is too full; keep the first pqueue_high_level/2 entries and discard the rest.
Definition at line 665 of file hs_circuit.c.
1.9.4