9 #define HS_CLIENT_PRIVATE
24 #include "feature/client/circpathbias.h"
52 #include "trunnel/hs/cell_introduce1.h"
83 return "Internal error";
85 return "Descriptor fetch launched";
87 return "Already have descriptor";
89 return "No more HSDir available to query";
91 return "Fetching descriptors is not allowed";
93 return "Missing directory information";
95 return "Pending descriptor fetch";
97 return "(Unknown client fetch status code)";
137 time_t now = time(NULL);
150 if (!edge_conn->hs_ident ||
151 (service_identity_pk &&
160 } SMARTLIST_FOREACH_END(base_conn);
163 smartlist_free(conns);
169 cancel_descriptor_fetches(
void)
175 if (BUG(ident == NULL)) {
180 log_debug(
LD_REND,
"Marking for close a directory connection fetching "
181 "a hidden service descriptor for service %s.",
183 connection_mark_for_close(conn);
184 } SMARTLIST_FOREACH_END(conn);
187 smartlist_free(conns);
188 log_info(
LD_REND,
"Hidden service client descriptor fetches cancelled.");
208 if (edge_conn->hs_ident &&
210 service_identity_pk)) {
213 } SMARTLIST_FOREACH_END(conn);
215 smartlist_free(conns);
250 if (BUG(ident == NULL)) {
260 } SMARTLIST_FOREACH_END(conn);
263 smartlist_free(conns);
296 unsigned int count = 0;
297 smartlist_t *entry_conns = find_entry_conns(identity_pk);
301 connection_mark_unattached_ap(entry_conn, reason);
303 } SMARTLIST_FOREACH_END(entry_conn);
308 log_notice(
LD_REND,
"Closed %u streams for service %s.onion "
309 "for reason %s. Fetch status: %s.",
310 count, safe_str_client(onion_address),
316 smartlist_free(entry_conns);
332 if (edge_conn->hs_ident == NULL) {
369 } SMARTLIST_FOREACH_END(entry_conn);
372 smartlist_free(entry_conns);
404 current_time_period, &blinded_pubkey);
420 directory_request_free(req);
422 log_info(
LD_REND,
"Descriptor fetch request for service %s with blinded "
423 "key %s to directory %s",
425 safe_str_client(base64_blinded_pubkey),
433 memwipe(&blinded_pubkey, 0,
sizeof(blinded_pubkey));
434 memwipe(base64_blinded_pubkey, 0,
sizeof(base64_blinded_pubkey));
435 memwipe(&hs_conn_dir_ident, 0,
sizeof(hs_conn_dir_ident));
455 current_time_period, &blinded_pubkey);
463 0, 1, responsible_hsdirs);
465 log_debug(
LD_REND,
"Found %d responsible HSDirs and about to pick one.",
466 smartlist_len(responsible_hsdirs));
470 hsdir_rs =
hs_pick_hsdir(responsible_hsdirs, base64_blinded_pubkey, NULL);
488 log_info(
LD_REND,
"Couldn't pick a v3 hsdir.");
504 if (hsdirs != NULL) {
507 } SMARTLIST_FOREACH_END(hsdir);
556 &ip->auth_key_cert->signed_key)) {
560 } SMARTLIST_FOREACH_END(ip);
582 const link_specifier_t *, lspec) {
585 if (link_specifier_get_ls_type(lspec) != LS_LEGACY_ID) {
589 link_specifier_getconstarray_un_legacy_id(lspec),
596 } SMARTLIST_FOREACH_END(lspec);
597 } SMARTLIST_FOREACH_END(ip);
627 log_info(
LD_REND,
"Sending INTRODUCE1 cell to service %s on circuit %u",
628 safe_str_client(onion_address),
TO_CIRCUIT(intro_circ)->n_circ_id);
635 log_info(
LD_REND,
"Request to %s %s. Trying to fetch a new descriptor.",
636 safe_str_client(onion_address),
637 (desc) ?
"didn't have usable intro points" :
638 "didn't have a descriptor");
653 circuit_mark_for_close(
TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
665 log_info(
LD_REND,
"Unable to find introduction point for service %s "
666 "while trying to send an INTRODUCE1 cell.",
667 safe_str_client(onion_address));
674 if (
TO_CIRCUIT(intro_circ)->marked_for_close) {
683 INTRO_POINT_FAILURE_GENERIC);
704 TO_CIRCUIT(intro_circ)->timestamp_dirty = time(NULL);
715 if (!
TO_CIRCUIT(intro_circ)->marked_for_close) {
716 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_INTERNAL);
718 circuit_mark_for_close(
TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
726 memwipe(onion_address, 0,
sizeof(onion_address));
759 log_info(
LD_REND,
"Could not match opened intro circuit with intro point.");
769 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
779 log_info(
LD_REND,
"Introduction circuit %u has opened. Attaching streams.",
851 log_info(
LD_REND,
"Rendezvous node %s did not support v3 after circuit "
857 log_info(
LD_REND,
"Rendezvous circuit has opened to %s.",
916 log_info(
LD_REND,
"Intro point with auth key %s had an error. Not usable",
921 log_info(
LD_REND,
"Intro point with auth key %s timed out. Not usable",
926 log_info(
LD_REND,
"Intro point with auth key %s unreachable. Not usable",
961 log_info(
LD_REND,
"Unable to randomly select an introduction point "
962 "for service %s because descriptor %s. We can't connect.",
963 safe_str_client(onion_address),
964 (desc) ?
"doesn't have any usable intro points"
965 :
"is missing (assuming v3 onion address)");
972 while (smartlist_len(usable_ips) != 0) {
979 ip = smartlist_get(usable_ips, idx);
993 log_info(
LD_REND,
"Unable to select introduction point with auth key %s "
994 "for service %s, because we could not extend to it.",
996 safe_str_client(onion_address));
1009 extend_info_free(ei_excluded);
1025 log_warn(
LD_REND,
"Every introduction point for service %s is in the "
1026 "ExcludeNodes set and StrictNodes is set. We can't connect.",
1027 safe_str_client(onion_address));
1028 extend_info_free(ei);
1031 log_fn(LOG_PROTOCOL_WARN,
LD_REND,
"Every introduction point for service "
1032 "%s is unusable or we can't extend to it. We can't connect.",
1033 safe_str_client(onion_address));
1037 smartlist_free(usable_ips);
1038 memwipe(onion_address, 0,
sizeof(onion_address));
1062 &ip->auth_key_cert->signed_key);
1068 } SMARTLIST_FOREACH_END(ip);
1095 SOCKS5_HS_REND_FAILED;
1118 code = SOCKS5_HS_INTRO_TIMEDOUT;
1164 if (!
TO_CIRCUIT(intro_circ)->marked_for_close) {
1167 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1175 circuit_mark_for_close(
TO_CIRCUIT(rend_circ), END_CIRC_REASON_FINISHED);
1191 log_info(
LD_REND,
"Received INTRODUCE_ACK ack! Informing rendezvous");
1197 if (rend_circ == NULL) {
1198 log_info(
LD_REND,
"Can't find any rendezvous circuit. Stopping");
1202 assert_circ_anonymity_ok(rend_circ,
get_options());
1216 TO_CIRCUIT(rend_circ)->timestamp_dirty = time(NULL);
1222 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1236 log_info(
LD_REND,
"Received INTRODUCE_ACK nack by %s. Reason: %u",
1247 INTRO_POINT_FAILURE_GENERIC);
1258 int status, ret = -1;
1268 case TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS:
1272 case TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID:
1273 case TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT:
1311 sizeof(handshake_info)) < 0) {
1319 if (hs_ntor_client_get_rendezvous1_keys(&ident->
intro_auth_pk,
1323 log_info(
LD_REND,
"Unable to compute the rendezvous keys.");
1330 log_info(
LD_REND,
"Invalid MAC in RENDEZVOUS2. Rejecting cell.");
1336 sizeof(keys.ntor_key_seed), 0) < 0) {
1337 log_info(
LD_REND,
"Unable to setup the e2e encryption.");
1345 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
1347 memwipe(&keys, 0,
sizeof(keys));
1365 log_warn(
LD_REND,
"We received an onion address for a hidden service "
1366 "descriptor but we are configured to not fetch.");
1375 log_info(
LD_REND,
"Can't fetch descriptor for service %s because we "
1376 "are missing a live consensus. Stalling connection.",
1383 log_info(
LD_REND,
"Can't fetch descriptor for service %s because we "
1384 "dont have enough descriptors. Stalling connection.",
1396 log_info(
LD_GENERAL,
"We would fetch a v3 hidden service descriptor "
1397 "but we already have a usable descriptor.");
1405 log_info(
LD_REND,
"Already a pending directory request. Waiting on it.");
1414 *status_out = status;
1431 client_service_authorization_free(auth);
1435 log_info(
LD_REND,
"Client onion service ephemeral authorization "
1436 "cache has been purged.");
1449 return digest256map_get(
client_auths, service_identity_pk->pubkey);
1458 time_t now = time(NULL);
1471 if (BUG(desc == NULL)) {
1476 log_info(
LD_REND,
"Hidden service descriptor is unusable. "
1477 "Closing streams.");
1482 connection_mark_unattached_ap(entry_conn,
1483 END_STREAM_REASON_RESOLVEFAILED);
1490 log_info(
LD_REND,
"Descriptor has arrived. Launching circuits.");
1495 } SMARTLIST_FOREACH_END(entry_conn);
1511 if (status == HS_DESC_DECODE_BAD_CLIENT_AUTH) {
1512 code = SOCKS5_HS_BAD_CLIENT_AUTH;
1513 }
else if (status == HS_DESC_DECODE_NEED_CLIENT_AUTH) {
1514 code = SOCKS5_HS_MISSING_CLIENT_AUTH;
1519 code = SOCKS5_GENERAL_ERROR;
1522 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_MISC);
1523 } SMARTLIST_FOREACH_END(entry_conn);
1540 switch (decode_status) {
1541 case HS_DESC_DECODE_OK:
1542 case HS_DESC_DECODE_NEED_CLIENT_AUTH:
1543 case HS_DESC_DECODE_BAD_CLIENT_AUTH:
1544 log_info(
LD_REND,
"Stored hidden service descriptor successfully.");
1546 if (decode_status == HS_DESC_DECODE_OK) {
1551 log_info(
LD_REND,
"Stored hidden service descriptor requires "
1552 "%s client authorization.",
1553 decode_status == HS_DESC_DECODE_NEED_CLIENT_AUTH ?
"missing"
1562 case HS_DESC_DECODE_ENCRYPTED_ERROR:
1563 case HS_DESC_DECODE_SUPERENC_ERROR:
1564 case HS_DESC_DECODE_PLAINTEXT_ERROR:
1565 case HS_DESC_DECODE_GENERIC_ERROR:
1567 log_info(
LD_REND,
"Failed to store hidden service descriptor. "
1568 "Descriptor decoding status: %d", decode_status);
1587 log_info(
LD_REND,
"Fetching hidden service v3 descriptor not found: "
1588 "Retrying at another directory.");
1598 SOCKS5_HS_NOT_FOUND;
1599 } SMARTLIST_FOREACH_END(entry_conn);
1608 log_warn(
LD_REND,
"Fetching v3 hidden service descriptor failed: "
1609 "http status 400 (%s). Dirserver didn't like our "
1610 "query? Retrying at another directory.",
1623 const int status_code)
1627 log_warn(
LD_REND,
"Fetching v3 hidden service descriptor failed: "
1628 "http status %d (%s) response unexpected from HSDir "
1629 "server %s'. Retrying at another directory.",
1646 char *full_fname = NULL;
1649 tor_asprintf(&fname,
"%s.auth_private", onion_address);
1666 char *full_fname = NULL;
1667 char *file_contents = NULL;
1675 log_warn(
LD_GENERAL,
"Can't register permanent client auth credentials "
1676 "for %s without ClientOnionAuthDir option. Discarding.",
1696 tor_asprintf(&file_contents,
"%s:descriptor:x25519:%s",
1699 log_warn(
LD_GENERAL,
"Failed to write client auth creds file for %s!",
1717 hs_client_register_auth_status_t
1722 hs_client_register_auth_status_t retval = REGISTER_SUCCESS;
1732 client_service_authorization_free(creds);
1733 return REGISTER_FAIL_BAD_ADDRESS;
1740 client_service_authorization_free(creds);
1741 return REGISTER_FAIL_PERMANENT_STORAGE;
1745 old_creds = digest256map_get(
client_auths, service_identity_pk.pubkey);
1747 digest256map_remove(
client_auths, service_identity_pk.pubkey);
1748 client_service_authorization_free(old_creds);
1749 retval = REGISTER_SUCCESS_ALREADY_EXISTS;
1752 digest256map_set(
client_auths, service_identity_pk.pubkey, creds);
1756 if (hs_cache_client_new_auth_parse(&service_identity_pk)) {
1757 retval = REGISTER_SUCCESS_AND_DECRYPTED;
1772 char *client_key_file_path = NULL;
1773 char *client_key_str = NULL;
1775 log_info(
LD_REND,
"Loading a client authorization key file %s...",
1779 log_notice(
LD_REND,
"Client authorization unrecognized filename %s. "
1780 "File must end in .auth_private. Ignoring.",
1789 client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1790 if (!client_key_str) {
1791 log_warn(
LD_REND,
"The file %s cannot be read.", filename);
1812 remove_client_auth_creds_file(
const char *filename)
1814 char *creds_file_path = NULL;
1820 log_warn(
LD_REND,
"Failed to remove client auth file (%s).",
1825 log_warn(
LD_REND,
"Successfully removed client auth file (%s).",
1846 log_warn(
LD_REND,
"Found permanent credential but no ClientOnionAuthDir "
1847 "configured. There is no file to be removed.");
1852 if (file_list == NULL) {
1853 log_warn(
LD_REND,
"Client authorization key directory %s can't be listed.",
1869 remove_client_auth_creds_file(filename);
1871 client_service_authorization_free(tmp_cred);
1875 client_service_authorization_free(tmp_cred);
1876 } SMARTLIST_FOREACH_END(filename);
1881 smartlist_free(file_list);
1886 hs_client_removal_auth_status_t
1892 return REMOVAL_SUCCESS_NOT_FOUND;
1896 return REMOVAL_BAD_ADDRESS;
1900 cred = digest256map_remove(
client_auths, service_identity_pk.pubkey);
1912 client_service_authorization_free(cred);
1913 return REMOVAL_SUCCESS;
1916 return REMOVAL_SUCCESS_NOT_FOUND;
1952 if (has_timed_out) {
1967 rend_intro_point_failure_t failure = INTRO_POINT_FAILURE_UNREACHABLE;
1973 orig_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
1978 if (has_timed_out) {
1979 failure = INTRO_POINT_FAILURE_TIMEOUT;
1984 log_info(
LD_REND,
"Failed v3 intro circ for service %s to intro point %s "
1985 "(awaiting ACK). Failure code: %d",
1997 failure = INTRO_POINT_FAILURE_UNREACHABLE;
1998 log_info(
LD_REND,
"Failed v3 intro circ for service %s to intro point %s "
1999 "(while building circuit). Marking as unreachable.",
2018 if (conn->hs_ident) {
2062 client_auth_sk, desc);
2063 memwipe(&subcredential, 0,
sizeof(subcredential));
2064 if (ret != HS_DESC_DECODE_OK) {
2071 tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
2074 log_warn(
LD_GENERAL,
"Descriptor signing key certificate signature "
2075 "doesn't validate with computed blinded key: %s",
2077 ret = HS_DESC_DECODE_GENERIC_ERROR;
2081 return HS_DESC_DECODE_OK;
2100 } SMARTLIST_FOREACH_END(ip);
2127 END_STREAM_REASON_RESOLVEFAILED);
2178 const uint8_t *payload,
size_t payload_len)
2186 log_warn(
LD_PROTOCOL,
"Got a RENDEZVOUS_ESTABLISHED but we were not "
2187 "expecting one. Closing circuit.");
2191 log_info(
LD_REND,
"Received an RENDEZVOUS_ESTABLISHED. This circuit is "
2192 "now ready for rendezvous.");
2197 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2211 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2224 memwipe(auth, 0,
sizeof(*auth));
2232 client_service_authorization_free_(auth);
2236 client_service_authorization_free_all(
void)
2250 const char *valid_extension =
".auth_private";
2256 if (!
strcmpend(filename, valid_extension) &&
2257 strlen(filename) != strlen(valid_extension)) {
2276 char *onion_address = NULL;
2277 char *auth_type = NULL;
2278 char *key_type = NULL;
2279 char *seckey_b32 = NULL;
2286 SPLIT_SKIP_SPACE, 0);
2288 if (smartlist_len(fields) != 4) {
2292 onion_address = smartlist_get(fields, 0);
2293 auth_type = smartlist_get(fields, 1);
2294 key_type = smartlist_get(fields, 2);
2295 seckey_b32 = smartlist_get(fields, 3);
2299 if (strcmp(auth_type,
"descriptor") || strcmp(key_type,
"x25519")) {
2304 log_warn(
LD_REND,
"Client authorization encoded base32 private key "
2305 "length is invalid: %s", seckey_b32);
2312 seckey_b32, strlen(seckey_b32)) !=
2314 log_warn(
LD_REND,
"Client authorization encoded base32 private key "
2315 "can't be decoded: %s", seckey_b32);
2321 log_warn(
LD_REND,
"Client authorization private key can't be all-zeroes");
2334 client_service_authorization_free(auth);
2338 memwipe(seckey_b32, 0, strlen(seckey_b32));
2342 smartlist_free(fields);
2355 digest256map_t *auths = digest256map_new();
2373 if (file_list == NULL) {
2374 log_warn(
LD_REND,
"Client authorization key directory %s can't be listed.",
2392 log_warn(
LD_REND,
"The onion address \"%s\" is invalid in "
2394 client_service_authorization_free(auth);
2398 if (digest256map_get(auths, identity_pk.pubkey)) {
2399 log_warn(
LD_REND,
"Duplicate authorization for the same hidden "
2400 "service address %s.",
2402 client_service_authorization_free(auth);
2406 digest256map_set(auths, identity_pk.pubkey, auth);
2407 log_info(
LD_REND,
"Loaded a client authorization key file %s.",
2409 } SMARTLIST_FOREACH_END(filename);
2417 smartlist_free(file_list);
2420 if (!validate_only && ret == 0) {
2421 client_service_authorization_free_all();
2442 const char *body,
const int status_code)
2450 entry_conns = find_entry_conns(&dir_conn->hs_ident->
identity_pk);
2452 switch (status_code) {
2468 smartlist_free(entry_conns);
2487 const uint8_t *payload,
size_t payload_len)
2495 log_warn(
LD_PROTOCOL,
"Unexpected INTRODUCE_ACK on circuit %u.",
2497 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2514 const uint8_t *payload,
size_t payload_len)
2525 log_warn(
LD_PROTOCOL,
"Unexpected RENDEZVOUS2 cell on circuit %u. "
2528 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2532 log_info(
LD_REND,
"Got RENDEZVOUS2 cell from hidden service on circuit %u.",
2559 log_warn(
LD_REND,
"No usable introduction points left. Closing.");
2560 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
2565 log_info(
LD_REND,
"Re-extending circ %u, this time to %s.",
2574 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2577 log_info(
LD_REND,
"Closing intro circ %u (out of RELAY_EARLY cells).",
2579 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
2585 extend_info_free(ei);
2617 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2627 client_service_authorization_free_all();
2640 cancel_descriptor_fetches();
2650 log_info(
LD_REND,
"Hidden service client state has been purged.");
2676 #ifdef TOR_UNIT_TESTS
2679 set_hs_client_auths_map(digest256map_t *map)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void pathbias_count_use_attempt(origin_circuit_t *circ)
void pathbias_mark_use_success(origin_circuit_t *circ)
const char * build_state_get_exit_nickname(cpath_build_state_t *state)
int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
Header file for circuitbuild.c.
origin_circuit_t * circuit_get_next_intro_circ(const origin_circuit_t *start, bool want_client_circ)
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_C_REND_JOINED
#define CIRCUIT_IS_ORIGIN(c)
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
#define CIRCUIT_PURPOSE_C_REND_READY
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
#define CIRCUIT_PURPOSE_C_INTRODUCING
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Header file for circuituse.c.
bool tor_libevent_is_initialized(void)
mainloop_event_t * mainloop_event_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
void mainloop_event_activate(mainloop_event_t *event)
Header for compat_libevent.c.
const or_options_t * get_options(void)
const char * safe_str_client_opts(const or_options_t *options, const char *address)
Header file for config.c.
bool congestion_control_enabled(void)
Public APIs for congestion control.
void assert_connection_ok(connection_t *conn, time_t now)
const char * connection_describe_peer(const connection_t *conn)
Header file for connection.c.
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_attach_pending(int retry)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
Header file for connection_edge.c.
#define AP_CONN_STATE_CIRCUIT_WAIT
#define AP_CONN_STATE_RENDDESC_WAIT
Circuit-build-stse structure.
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Common functions for using (pseudo-)random number generators.
int crypto_rand_int(unsigned int max)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
const char * routerstatus_describe(const routerstatus_t *rs)
Header file for describe.c.
#define fast_memneq(a, b, c)
smartlist_t * tor_listdir(const char *dirname)
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
directory_request_t * directory_request_new(uint8_t dir_purpose)
void directory_initiate_request(directory_request_t *request)
void directory_request_fetch_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Header file for dirclient.c.
struct directory_request_t directory_request_t
dir_connection_t * TO_DIR_CONN(connection_t *c)
Header file for directory.c.
#define DIR_PURPOSE_HAS_FETCHED_HSDESC
#define DIR_PURPOSE_FETCH_HSDESC
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
const char * escaped(const char *s)
Header for core/or/extendinfo.c.
int write_str_to_file(const char *fname, const char *str, int bin)
int tor_unlink(const char *pathname)
void hs_cache_client_intro_state_purge(void)
hs_desc_decode_status_t hs_cache_store_as_client(const char *desc_str, const ed25519_public_key_t *identity_pk)
void hs_cache_remove_as_client(const ed25519_public_key_t *key)
const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key)
void hs_cache_client_intro_state_note(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key, rend_intro_point_failure_t failure)
const hs_cache_intro_state_t * hs_cache_client_intro_state_find(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key)
void hs_cache_purge_as_client(void)
Header file for hs_cache.c.
int hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len)
int hs_cell_parse_rendezvous2(const uint8_t *payload, size_t payload_len, uint8_t *handshake_info, size_t handshake_info_len)
Header file containing cell data for the whole HS subsystem.
void hs_circ_setup_congestion_control(origin_circuit_t *origin_circ, uint8_t sendme_inc, bool is_single_onion)
int hs_circ_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ, const hs_desc_intro_point_t *ip, const hs_subcredential_t *subcredential)
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Header file containing circuit data for the whole HS subsystem.
void hs_circuitmap_register_rend_circ_client_side(origin_circuit_t *or_circ, const uint8_t *cookie)
origin_circuit_t * hs_circuitmap_get_established_rend_circ_client_side(const uint8_t *cookie)
origin_circuit_t * hs_circuitmap_get_rend_circ_client_side(const uint8_t *cookie)
Header file for hs_circuitmap.c.
static void client_desc_has_arrived(const smartlist_t *entry_conns)
int hs_client_receive_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static hs_client_fetch_status_t directory_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const routerstatus_t *hsdir)
int hs_client_receive_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void client_service_authorization_free_void(void *auth)
static bool intro_points_all_timed_out(const ed25519_public_key_t *service_pk)
static char * get_client_auth_creds_filename(const char *onion_address, const char *dir)
static void socks_mark_introduction_failed(entry_connection_t *conn, const ed25519_public_key_t *identity_pk)
static void client_dir_fetch_400(dir_connection_t *dir_conn, const char *reason)
int hs_config_client_authorization(const or_options_t *options, int validate_only)
digest256map_t * get_hs_client_auths_map(void)
hs_client_register_auth_status_t hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
void hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn)
static void note_connection_attempt_succeeded(const hs_ident_edge_conn_t *hs_conn_ident)
STATIC void purge_ephemeral_client_auth(void)
static const hs_desc_intro_point_t * find_desc_intro_point_by_ident(const hs_ident_circuit_t *ident, const hs_descriptor_t *desc)
static void client_rendezvous_circ_has_opened(origin_circuit_t *circ)
static int send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
STATIC hs_client_service_authorization_t * parse_auth_file_content(const char *client_key_str)
static const char * fetch_status_to_string(hs_client_fetch_status_t status)
static digest256map_t * client_auths
STATIC extend_info_t * desc_intro_point_to_extend_info(const hs_desc_intro_point_t *ip)
static void handle_introduce_ack_success(origin_circuit_t *intro_circ)
void hs_client_circuit_cleanup_on_close(const circuit_t *circ)
STATIC extend_info_t * client_get_random_intro(const ed25519_public_key_t *service_pk)
static int handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
STATIC int handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void dir_info_changed_callback(mainloop_event_t *event, void *arg)
static int setup_intro_circ_auth_key(origin_circuit_t *circ)
static int directory_request_is_pending(const ed25519_public_key_t *identity_pk)
int hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk, const hs_descriptor_t *desc)
STATIC routerstatus_t * pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk)
STATIC int auth_key_filename_is_valid(const char *filename)
static int store_permanent_client_auth_credentials(const hs_client_service_authorization_t *creds)
hs_client_removal_auth_status_t hs_client_remove_auth_credentials(const char *hsaddress)
static hs_client_service_authorization_t * find_client_auth(const ed25519_public_key_t *service_identity_pk)
static void setup_rendezvous_circ_congestion_control(origin_circuit_t *circ)
void hs_client_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const smartlist_t *hsdirs)
static void client_dir_fetch_404(dir_connection_t *dir_conn, const smartlist_t *entry_conns)
static hs_desc_intro_point_t * find_desc_intro_point_by_legacy_id(const char *legacy_id, const hs_descriptor_t *desc)
void hs_client_circuit_cleanup_on_free(const circuit_t *circ)
void hs_client_dir_info_changed(void)
STATIC hs_client_fetch_status_t fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
int hs_client_reextend_intro_circuit(origin_circuit_t *circ)
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
void hs_client_free_all(void)
static void client_intro_circ_has_opened(origin_circuit_t *circ)
static void find_and_remove_client_auth_creds_file(const hs_client_service_authorization_t *cred)
static void mark_conn_as_waiting_for_circuit(connection_t *conn, time_t now)
static hs_client_service_authorization_t * get_creds_from_client_auth_filename(const char *filename, const or_options_t *options)
static void close_all_socks_conns_waiting_for_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t status, int reason)
static int close_or_reextend_intro_circ(origin_circuit_t *intro_circ)
static void client_dir_fetch_200(dir_connection_t *dir_conn, const smartlist_t *entry_conns, const char *body)
void hs_client_purge_state(void)
STATIC void retry_all_socks_conn_waiting_for_desc(void)
void hs_client_close_intro_circuits_from_desc(const hs_descriptor_t *desc)
int hs_client_receive_rendezvous_acked(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
int hs_client_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
hs_desc_decode_status_t hs_client_decode_descriptor(const char *desc_str, const ed25519_public_key_t *service_identity_pk, hs_descriptor_t **desc)
static void client_desc_missing_bad_client_auth(const smartlist_t *entry_conns, hs_desc_decode_status_t status)
static void handle_introduce_ack_bad(origin_circuit_t *circ, int status)
void hs_client_circuit_has_opened(origin_circuit_t *circ)
static void client_dir_fetch_unexpected(dir_connection_t *dir_conn, const char *reason, const int status_code)
void hs_client_dir_fetch_done(dir_connection_t *dir_conn, const char *reason, const char *body, const int status_code)
extend_info_t * hs_client_get_random_intro_from_edge(const edge_connection_t *edge_conn)
static int intro_circ_is_ok(const origin_circuit_t *circ)
static unsigned int can_client_refetch_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t *status_out)
static int fetch_status_should_close_socks(hs_client_fetch_status_t status)
static struct mainloop_event_t * dir_info_changed_ev
static void socks_mark_rend_circuit_timed_out(const origin_circuit_t *rend_circ)
static void flag_all_conn_wait_desc(const ed25519_public_key_t *service_identity_pk)
static void purge_hid_serv_request(const ed25519_public_key_t *identity_pk)
static int intro_point_is_usable(const ed25519_public_key_t *service_pk, const hs_desc_intro_point_t *ip)
Header file containing client data for the HS subsystem.
@ HS_CLIENT_FETCH_PENDING
@ HS_CLIENT_FETCH_MISSING_INFO
@ HS_CLIENT_FETCH_NO_HSDIRS
@ HS_CLIENT_FETCH_HAVE_DESC
@ HS_CLIENT_FETCH_NOT_ALLOWED
@ HS_CLIENT_FETCH_LAUNCHED
#define CLIENT_AUTH_FLAG_IS_PERMANENT
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
uint64_t hs_get_time_period_num(time_t now)
void hs_purge_last_hid_serv_requests(void)
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
char * hs_path_from_filename(const char *directory, const char *filename)
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
#define HS_SERVICE_ADDR_LEN_BASE32
void hs_control_desc_event_requested(const ed25519_public_key_t *onion_pk, const char *base64_blinded_pk, const routerstatus_t *hsdir_rs)
void hs_control_desc_event_received(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest)
void hs_control_desc_event_failed(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *reason)
void hs_control_desc_event_content(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *body)
Header file containing control port event related code.
bool hs_desc_supports_congestion_control(const hs_descriptor_t *desc)
hs_desc_decode_status_t hs_desc_decode_descriptor(const char *encoded, const hs_subcredential_t *subcredential, const curve25519_secret_key_t *client_auth_sk, hs_descriptor_t **desc_out)
Header file for hs_descriptor.c.
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
Header file containing circuit and connection identifier data for the whole HS subsystem.
int hs_ntor_client_rendezvous2_mac_is_good(const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys, const uint8_t *rcvd_mac)
#define log_fn(severity, domain, args,...)
#define MAP_DEL_CURRENT(keyvar)
#define DIGESTMAP_FOREACH_END
int usable_consensus_flavor(void)
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
Header file for networkstatus.c.
bool node_supports_v3_rendezvous_point(const node_t *node)
const node_t * node_get_by_id(const char *identity_digest)
int router_have_minimum_dir_info(void)
Header file for nodelist.c.
Header file for onion_crypto.c.
Master header file for Tor-specific functionality.
#define MAX_INTRO_POINT_REACHABILITY_FAILURES
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
Headers and type declarations for protover.c.
const char * stream_end_reason_to_string(int reason)
Header file for reasons.c.
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
Header file for routerset.c.
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_del(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Client request structure.
int marked_for_close_orig_reason
time_t timestamp_last_read_allowed
uint16_t marked_for_close
time_t timestamp_last_write_allowed
extend_info_t * chosen_exit
char identity_digest[DIGEST_LEN]
struct edge_connection_t * next_stream
socks_request_t * socks_request
char identity_digest[DIGEST_LEN]
uint32_t unreachable_count
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
curve25519_secret_key_t enc_seckey
unsigned int single_onion_service
smartlist_t * intro_points
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * auth_key_cert
smartlist_t * link_specifiers
hs_desc_encrypted_data_t encrypted_data
hs_subcredential_t subcredential
hs_desc_plaintext_data_t plaintext_data
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
ed25519_public_key_t intro_auth_pk
curve25519_keypair_t rendezvous_client_kp
curve25519_public_key_t intro_enc_pk
ed25519_public_key_t identity_pk
ed25519_public_key_t identity_pk
ed25519_public_key_t identity_pk
char * ClientOnionAuthDir
struct routerset_t * ExcludeNodes
struct hs_ident_circuit_t * hs_ident
edge_connection_t * p_streams
unsigned int remaining_relay_early_cells
cpath_build_state_t * build_state
socks5_reply_status_t socks_extended_error_code
ed25519_public_key_t signed_key
#define MOCK_IMPL(rv, funcname, arglist)
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
#define tor_assert_nonfatal_unreached()
int strcmpend(const char *s1, const char *s2)
int fast_mem_is_zero(const char *mem, size_t len)
#define ED25519_BASE64_LEN
#define CURVE25519_PUBKEY_LEN
#define CURVE25519_SECKEY_LEN