Tor  0.4.8.0-alpha-dev
hs_client.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_client.c
6  * \brief Implement next generation hidden service client functionality
7  **/
8 
9 #define HS_CLIENT_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "core/crypto/hs_ntor.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
21 #include "core/or/extendinfo.h"
22 #include "core/or/protover.h"
23 #include "core/or/reasons.h"
24 #include "feature/client/circpathbias.h"
27 #include "feature/hs/hs_cache.h"
28 #include "feature/hs/hs_cell.h"
29 #include "feature/hs/hs_circuit.h"
31 #include "feature/hs/hs_client.h"
32 #include "feature/hs/hs_control.h"
34 #include "feature/hs/hs_ident.h"
44 
48 #include "core/or/extend_info_st.h"
51 
52 #include "trunnel/hs/cell_introduce1.h"
53 
54 /** This event is activated when we are notified that directory information has
55  * changed. It must be done asynchronous from the call due to possible
56  * recursion from the caller of that notification. See #40579. */
57 static struct mainloop_event_t *dir_info_changed_ev = NULL;
58 
59 /** Client-side authorizations for hidden services; map of service identity
60  * public key to hs_client_service_authorization_t *. */
61 static digest256map_t *client_auths = NULL;
62 
63 /** Mainloop callback. Scheduled to run when we are notified of a directory
64  * info change. See hs_client_dir_info_changed(). */
65 static void
67 {
68  (void) event;
69  (void) arg;
70 
71  /* We have possibly reached the minimum directory information or new
72  * consensus so retry all pending SOCKS connection in
73  * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
75 }
76 
77 /** Return a human-readable string for the client fetch status code. */
78 static const char *
80 {
81  switch (status) {
83  return "Internal error";
85  return "Descriptor fetch launched";
87  return "Already have descriptor";
89  return "No more HSDir available to query";
91  return "Fetching descriptors is not allowed";
93  return "Missing directory information";
95  return "Pending descriptor fetch";
96  default:
97  return "(Unknown client fetch status code)";
98  }
99 }
100 
101 /** Return true iff tor should close the SOCKS request(s) for the descriptor
102  * fetch that ended up with this given status code. */
103 static int
105 {
106  switch (status) {
108  /* No more HSDir to query, we can't complete the SOCKS request(s). */
110  /* The fetch triggered an internal error. */
112  /* Client is not allowed to fetch (FetchHidServDescriptors 0). */
113  goto close;
118  /* The rest doesn't require tor to close the SOCKS request(s). */
119  goto no_close;
120  }
121 
122  no_close:
123  return 0;
124  close:
125  return 1;
126 }
127 
128 /* Return a newly allocated list of all the entry connections that matches the
129  * given service identity pk. If service_identity_pk is NULL, all entry
130  * connections with an hs_ident are returned.
131  *
132  * Caller must free the returned list but does NOT have ownership of the
133  * object inside thus they have to remain untouched. */
134 static smartlist_t *
135 find_entry_conns(const ed25519_public_key_t *service_identity_pk)
136 {
137  time_t now = time(NULL);
138  smartlist_t *conns = NULL, *entry_conns = NULL;
139 
140  entry_conns = smartlist_new();
141 
142  conns = connection_list_by_type_state(CONN_TYPE_AP,
144  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
145  entry_connection_t *entry_conn = TO_ENTRY_CONN(base_conn);
146  const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
147 
148  /* Only consider the entry connections that matches the service for which
149  * we just fetched its descriptor. */
150  if (!edge_conn->hs_ident ||
151  (service_identity_pk &&
152  !ed25519_pubkey_eq(service_identity_pk,
153  &edge_conn->hs_ident->identity_pk))) {
154  continue;
155  }
156  assert_connection_ok(base_conn, now);
157 
158  /* Validated! Add the entry connection to the list. */
159  smartlist_add(entry_conns, entry_conn);
160  } SMARTLIST_FOREACH_END(base_conn);
161 
162  /* We don't have ownership of the objects in this list. */
163  smartlist_free(conns);
164  return entry_conns;
165 }
166 
167 /* Cancel all descriptor fetches currently in progress. */
168 static void
169 cancel_descriptor_fetches(void)
170 {
171  smartlist_t *conns =
172  connection_list_by_type_purpose(CONN_TYPE_DIR, DIR_PURPOSE_FETCH_HSDESC);
173  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
174  const hs_ident_dir_conn_t *ident = TO_DIR_CONN(conn)->hs_ident;
175  if (BUG(ident == NULL)) {
176  /* A directory connection fetching a service descriptor can't have an
177  * empty hidden service identifier. */
178  continue;
179  }
180  log_debug(LD_REND, "Marking for close a directory connection fetching "
181  "a hidden service descriptor for service %s.",
182  safe_str_client(ed25519_fmt(&ident->identity_pk)));
183  connection_mark_for_close(conn);
184  } SMARTLIST_FOREACH_END(conn);
185 
186  /* No ownership of the objects in this list. */
187  smartlist_free(conns);
188  log_info(LD_REND, "Hidden service client descriptor fetches cancelled.");
189 }
190 
191 /** Get all connections that are waiting on a circuit and flag them back to
192  * waiting for a hidden service descriptor for the given service key
193  * service_identity_pk. */
194 static void
196 {
197  tor_assert(service_identity_pk);
198 
199  smartlist_t *conns =
200  connection_list_by_type_state(CONN_TYPE_AP, AP_CONN_STATE_CIRCUIT_WAIT);
201 
202  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
203  edge_connection_t *edge_conn;
204  if (BUG(!CONN_IS_EDGE(conn))) {
205  continue;
206  }
207  edge_conn = TO_EDGE_CONN(conn);
208  if (edge_conn->hs_ident &&
209  ed25519_pubkey_eq(&edge_conn->hs_ident->identity_pk,
210  service_identity_pk)) {
212  }
213  } SMARTLIST_FOREACH_END(conn);
214 
215  smartlist_free(conns);
216 }
217 
218 /** Remove tracked HSDir requests from our history for this hidden service
219  * identity public key. */
220 static void
222 {
223  char base64_blinded_pk[ED25519_BASE64_LEN + 1];
224  ed25519_public_key_t blinded_pk;
225 
226  tor_assert(identity_pk);
227 
228  /* Get blinded pubkey of hidden service. It is possible that we just moved
229  * to a new time period meaning that we won't be able to purge the request
230  * from the previous time period. That is fine because they will expire at
231  * some point and we don't care about those anymore. */
232  hs_build_blinded_pubkey(identity_pk, NULL, 0,
233  hs_get_time_period_num(0), &blinded_pk);
234  ed25519_public_to_base64(base64_blinded_pk, &blinded_pk);
235  /* Purge last hidden service request from cache for this blinded key. */
237 }
238 
239 /** Return true iff there is at least one pending directory descriptor request
240  * for the service identity_pk. */
241 static int
243 {
244  int ret = 0;
245  smartlist_t *conns =
246  connection_list_by_type_purpose(CONN_TYPE_DIR, DIR_PURPOSE_FETCH_HSDESC);
247 
248  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
249  const hs_ident_dir_conn_t *ident = TO_DIR_CONN(conn)->hs_ident;
250  if (BUG(ident == NULL)) {
251  /* A directory connection fetching a service descriptor can't have an
252  * empty hidden service identifier. */
253  continue;
254  }
255  if (!ed25519_pubkey_eq(identity_pk, &ident->identity_pk)) {
256  continue;
257  }
258  ret = 1;
259  break;
260  } SMARTLIST_FOREACH_END(conn);
261 
262  /* No ownership of the objects in this list. */
263  smartlist_free(conns);
264  return ret;
265 }
266 
267 /** Helper function that changes the state of an entry connection to waiting
268  * for a circuit. For this to work properly, the connection timestamps are set
269  * to now and the connection is then marked as pending for a circuit. */
270 static void
272 {
273  tor_assert(conn);
274 
275  /* Because the connection can now proceed to opening circuit and ultimately
276  * connect to the service, reset those timestamp so the connection is
277  * considered "fresh" and can continue without being closed too early. */
278  conn->timestamp_created = now;
279  conn->timestamp_last_read_allowed = now;
280  conn->timestamp_last_write_allowed = now;
281  /* Change connection's state into waiting for a circuit. */
283 
284  connection_ap_mark_as_pending_circuit(TO_ENTRY_CONN(conn));
285 }
286 
287 /** We failed to fetch a descriptor for the service with <b>identity_pk</b>
288  * because of <b>status</b>. Find all pending SOCKS connections for this
289  * service that are waiting on the descriptor and close them with
290  * <b>reason</b>. */
291 static void
294  int reason)
295 {
296  unsigned int count = 0;
297  smartlist_t *entry_conns = find_entry_conns(identity_pk);
298 
299  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
300  /* Unattach the entry connection which will close for the reason. */
301  connection_mark_unattached_ap(entry_conn, reason);
302  count++;
303  } SMARTLIST_FOREACH_END(entry_conn);
304 
305  if (count > 0) {
306  char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
307  hs_build_address(identity_pk, HS_VERSION_THREE, onion_address);
308  log_notice(LD_REND, "Closed %u streams for service %s.onion "
309  "for reason %s. Fetch status: %s.",
310  count, safe_str_client(onion_address),
312  fetch_status_to_string(status));
313  }
314 
315  /* No ownership of the object(s) in this list. */
316  smartlist_free(entry_conns);
317 }
318 
319 /** Find all pending SOCKS connection waiting for a descriptor and retry them
320  * all. This is called when the directory information changed. */
321 STATIC void
323 {
324  smartlist_t *entry_conns = find_entry_conns(NULL);
325 
326  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
328  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
329  connection_t *base_conn = &edge_conn->base_;
330 
331  /* Ignore non HS or non v3 connection. */
332  if (edge_conn->hs_ident == NULL) {
333  continue;
334  }
335 
336  /* In this loop, we will possibly try to fetch a descriptor for the
337  * pending connections because we just got more directory information.
338  * However, the refetch process can cleanup all SOCKS request to the same
339  * service if an internal error happens. Thus, we can end up with closed
340  * connections in our list. */
341  if (base_conn->marked_for_close) {
342  continue;
343  }
344 
345  /* XXX: There is an optimization we could do which is that for a service
346  * key, we could check if we can fetch and remember that decision. */
347 
348  /* Order a refetch in case it works this time. */
349  status = hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk);
350  if (status == HS_CLIENT_FETCH_HAVE_DESC) {
351  /* This is a rare case where a SOCKS connection is in state waiting for
352  * a descriptor but we do have it in the cache.
353  *
354  * This can happen is tor comes back from suspend where it previously
355  * had the descriptor but the intro points were not usable. Once it
356  * came back to life, the intro point failure cache was cleaned up and
357  * thus the descriptor became usable again leaving us in this code path.
358  *
359  * We'll mark the connection as waiting for a circuit so the descriptor
360  * can be retried. This is safe because a connection in state waiting
361  * for a descriptor can not be in the entry connection pending list. */
363  continue;
364  }
365  /* In the case of an error, either all SOCKS connections have been
366  * closed or we are still missing directory information. Leave the
367  * connection in renddesc wait state so when we get more info, we'll be
368  * able to try it again. */
369  } SMARTLIST_FOREACH_END(entry_conn);
370 
371  /* We don't have ownership of those objects. */
372  smartlist_free(entry_conns);
373 }
374 
375 /** A v3 HS circuit successfully connected to the hidden service. Update the
376  * stream state at <b>hs_conn_ident</b> appropriately. */
377 static void
379 {
380  tor_assert(hs_conn_ident);
381 
382  /* Remove from the hid serv cache all requests for that service so we can
383  * query the HSDir again later on for various reasons. */
384  purge_hid_serv_request(&hs_conn_ident->identity_pk);
385 }
386 
387 /** Given the pubkey of a hidden service in <b>onion_identity_pk</b>, fetch its
388  * descriptor by launching a dir connection to <b>hsdir</b>. Return a
389  * hs_client_fetch_status_t status code depending on how it went. */
392  const routerstatus_t *hsdir)
393 {
394  uint64_t current_time_period = hs_get_time_period_num(0);
395  ed25519_public_key_t blinded_pubkey;
396  char base64_blinded_pubkey[ED25519_BASE64_LEN + 1];
397  hs_ident_dir_conn_t hs_conn_dir_ident;
398 
399  tor_assert(hsdir);
400  tor_assert(onion_identity_pk);
401 
402  /* Get blinded pubkey */
403  hs_build_blinded_pubkey(onion_identity_pk, NULL, 0,
404  current_time_period, &blinded_pubkey);
405  /* ...and base64 it. */
406  ed25519_public_to_base64(base64_blinded_pubkey, &blinded_pubkey);
407 
408  /* Copy onion pk to a dir_ident so that we attach it to the dir conn */
409  hs_ident_dir_conn_init(onion_identity_pk, &blinded_pubkey,
410  &hs_conn_dir_ident);
411 
412  /* Setup directory request */
413  directory_request_t *req =
417  directory_request_set_resource(req, base64_blinded_pubkey);
418  directory_request_fetch_set_hs_ident(req, &hs_conn_dir_ident);
420  directory_request_free(req);
421 
422  log_info(LD_REND, "Descriptor fetch request for service %s with blinded "
423  "key %s to directory %s",
424  safe_str_client(ed25519_fmt(onion_identity_pk)),
425  safe_str_client(base64_blinded_pubkey),
426  safe_str_client(routerstatus_describe(hsdir)));
427 
428  /* Fire a REQUESTED event on the control port. */
429  hs_control_desc_event_requested(onion_identity_pk, base64_blinded_pubkey,
430  hsdir);
431 
432  /* Cleanup memory. */
433  memwipe(&blinded_pubkey, 0, sizeof(blinded_pubkey));
434  memwipe(base64_blinded_pubkey, 0, sizeof(base64_blinded_pubkey));
435  memwipe(&hs_conn_dir_ident, 0, sizeof(hs_conn_dir_ident));
436 
438 }
439 
440 /** Return the HSDir we should use to fetch the descriptor of the hidden
441  * service with identity key <b>onion_identity_pk</b>. */
443 pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk)
444 {
445  char base64_blinded_pubkey[ED25519_BASE64_LEN + 1];
446  uint64_t current_time_period = hs_get_time_period_num(0);
447  smartlist_t *responsible_hsdirs = NULL;
448  ed25519_public_key_t blinded_pubkey;
449  routerstatus_t *hsdir_rs = NULL;
450 
451  tor_assert(onion_identity_pk);
452 
453  /* Get blinded pubkey of hidden service */
454  hs_build_blinded_pubkey(onion_identity_pk, NULL, 0,
455  current_time_period, &blinded_pubkey);
456  /* ...and base64 it. */
457  ed25519_public_to_base64(base64_blinded_pubkey, &blinded_pubkey);
458 
459  /* Get responsible hsdirs of service for this time period */
460  responsible_hsdirs = smartlist_new();
461 
462  hs_get_responsible_hsdirs(&blinded_pubkey, current_time_period,
463  0, 1, responsible_hsdirs);
464 
465  log_debug(LD_REND, "Found %d responsible HSDirs and about to pick one.",
466  smartlist_len(responsible_hsdirs));
467 
468  /* Pick an HSDir from the responsible ones. The ownership of
469  * responsible_hsdirs is given to this function so no need to free it. */
470  hsdir_rs = hs_pick_hsdir(responsible_hsdirs, base64_blinded_pubkey, NULL);
471 
472  return hsdir_rs;
473 }
474 
475 /** Fetch a v3 descriptor using the given <b>onion_identity_pk</b>.
476  *
477  * On success, HS_CLIENT_FETCH_LAUNCHED is returned. Otherwise, an error from
478  * hs_client_fetch_status_t is returned. */
480 fetch_v3_desc, (const ed25519_public_key_t *onion_identity_pk))
481 {
482  routerstatus_t *hsdir_rs =NULL;
483 
484  tor_assert(onion_identity_pk);
485 
486  hsdir_rs = pick_hsdir_v3(onion_identity_pk);
487  if (!hsdir_rs) {
488  log_info(LD_REND, "Couldn't pick a v3 hsdir.");
490  }
491 
492  return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs);
493 }
494 
495 /** With a given <b>onion_identity_pk</b>, fetch its descriptor. If
496  * <b>hsdirs</b> is specified, use the directory servers specified in the list.
497  * Else, use a random server. */
498 void
500  const smartlist_t *hsdirs)
501 {
502  tor_assert(onion_identity_pk);
503 
504  if (hsdirs != NULL) {
505  SMARTLIST_FOREACH_BEGIN(hsdirs, const routerstatus_t *, hsdir) {
506  directory_launch_v3_desc_fetch(onion_identity_pk, hsdir);
507  } SMARTLIST_FOREACH_END(hsdir);
508  } else {
509  fetch_v3_desc(onion_identity_pk);
510  }
511 }
512 
513 /** Make sure that the given v3 origin circuit circ is a valid correct
514  * introduction circuit. This will BUG() on any problems and hard assert if
515  * the anonymity of the circuit is not ok. Return 0 on success else -1 where
516  * the circuit should be mark for closed immediately. */
517 static int
519 {
520  int ret = 0;
521 
522  tor_assert(circ);
523 
524  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCING &&
526  TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACKED)) {
527  ret = -1;
528  }
529  if (BUG(circ->hs_ident == NULL)) {
530  ret = -1;
531  }
532  if (BUG(!hs_ident_intro_circ_is_valid(circ->hs_ident))) {
533  ret = -1;
534  }
535 
536  /* This can stop the tor daemon but we want that since if we don't have
537  * anonymity on this circuit, something went really wrong. */
538  assert_circ_anonymity_ok(circ, get_options());
539  return ret;
540 }
541 
542 /** Find a descriptor intro point object that matches the given ident in the
543  * given descriptor desc. Return NULL if not found. */
544 static const hs_desc_intro_point_t *
546  const hs_descriptor_t *desc)
547 {
548  const hs_desc_intro_point_t *intro_point = NULL;
549 
550  tor_assert(ident);
551  tor_assert(desc);
552 
554  const hs_desc_intro_point_t *, ip) {
555  if (ed25519_pubkey_eq(&ident->intro_auth_pk,
556  &ip->auth_key_cert->signed_key)) {
557  intro_point = ip;
558  break;
559  }
560  } SMARTLIST_FOREACH_END(ip);
561 
562  return intro_point;
563 }
564 
565 /** Find a descriptor intro point object from the descriptor object desc that
566  * matches the given legacy identity digest in legacy_id. Return NULL if not
567  * found. */
568 static hs_desc_intro_point_t *
570  const hs_descriptor_t *desc)
571 {
572  hs_desc_intro_point_t *ret_ip = NULL;
573 
574  tor_assert(legacy_id);
575  tor_assert(desc);
576 
577  /* We will go over every intro point and try to find which one is linked to
578  * that circuit. Those lists are small so it's not that expensive. */
580  hs_desc_intro_point_t *, ip) {
581  SMARTLIST_FOREACH_BEGIN(ip->link_specifiers,
582  const link_specifier_t *, lspec) {
583  /* Not all tor node have an ed25519 identity key so we still rely on the
584  * legacy identity digest. */
585  if (link_specifier_get_ls_type(lspec) != LS_LEGACY_ID) {
586  continue;
587  }
588  if (fast_memneq(legacy_id,
589  link_specifier_getconstarray_un_legacy_id(lspec),
590  DIGEST_LEN)) {
591  break;
592  }
593  /* Found it. */
594  ret_ip = ip;
595  goto end;
596  } SMARTLIST_FOREACH_END(lspec);
597  } SMARTLIST_FOREACH_END(ip);
598 
599  end:
600  return ret_ip;
601 }
602 
603 /** Send an INTRODUCE1 cell along the intro circuit and populate the rend
604  * circuit identifier with the needed key material for the e2e encryption.
605  * Return 0 on success, -1 if there is a transient error such that an action
606  * has been taken to recover and -2 if there is a permanent error indicating
607  * that both circuits were closed. */
608 static int
610  origin_circuit_t *rend_circ)
611 {
612  int status;
613  char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
614  const ed25519_public_key_t *service_identity_pk = NULL;
615  const hs_desc_intro_point_t *ip;
616 
617  tor_assert(rend_circ);
618  if (intro_circ_is_ok(intro_circ) < 0) {
619  goto perm_err;
620  }
621 
622  service_identity_pk = &intro_circ->hs_ident->identity_pk;
623  /* For logging purposes. There will be a time where the hs_ident will have a
624  * version number but for now there is none because it's all v3. */
625  hs_build_address(service_identity_pk, HS_VERSION_THREE, onion_address);
626 
627  log_info(LD_REND, "Sending INTRODUCE1 cell to service %s on circuit %u",
628  safe_str_client(onion_address), TO_CIRCUIT(intro_circ)->n_circ_id);
629 
630  /* 1) Get descriptor from our cache. */
631  const hs_descriptor_t *desc =
632  hs_cache_lookup_as_client(service_identity_pk);
633  if (desc == NULL || !hs_client_any_intro_points_usable(service_identity_pk,
634  desc)) {
635  log_info(LD_REND, "Request to %s %s. Trying to fetch a new descriptor.",
636  safe_str_client(onion_address),
637  (desc) ? "didn't have usable intro points" :
638  "didn't have a descriptor");
639  hs_client_refetch_hsdesc(service_identity_pk);
640  /* We just triggered a refetch, make sure every connections are back
641  * waiting for that descriptor. */
642  flag_all_conn_wait_desc(service_identity_pk);
643  /* We just asked for a refetch so this is a transient error. */
644  goto tran_err;
645  }
646 
647  /* Check if the rendezvous circuit was setup WITHOUT congestion control,
648  * but if it is enabled and the service supports it. This can happen, see
649  * setup_rendezvous_circ_congestion_control() and so close rendezvous circuit
650  * so another one can be created. */
651  if (TO_CIRCUIT(rend_circ)->ccontrol == NULL && congestion_control_enabled()
653  circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
654  goto tran_err;
655  }
656 
657  /* We need to find which intro point in the descriptor we are connected to
658  * on intro_circ. */
659  ip = find_desc_intro_point_by_ident(intro_circ->hs_ident, desc);
660  if (ip == NULL) {
661  /* The following is possible if the descriptor was changed while we had
662  * this introduction circuit open and waiting for the rendezvous circuit to
663  * be ready. Which results in this situation where we can't find the
664  * corresponding intro point within the descriptor of the service. */
665  log_info(LD_REND, "Unable to find introduction point for service %s "
666  "while trying to send an INTRODUCE1 cell.",
667  safe_str_client(onion_address));
668  goto perm_err;
669  }
670 
671  /* Send the INTRODUCE1 cell. */
672  if (hs_circ_send_introduce1(intro_circ, rend_circ, ip,
673  &desc->subcredential) < 0) {
674  if (TO_CIRCUIT(intro_circ)->marked_for_close) {
675  /* If the introduction circuit was closed, we were unable to send the
676  * cell for some reasons. In any case, the intro circuit has to be
677  * closed by the above function. We'll return a transient error so tor
678  * can recover and pick a new intro point. To avoid picking that same
679  * intro point, we'll note down the intro point failure so it doesn't
680  * get reused. */
681  hs_cache_client_intro_state_note(service_identity_pk,
682  &intro_circ->hs_ident->intro_auth_pk,
683  INTRO_POINT_FAILURE_GENERIC);
684  }
685  /* It is also possible that the rendezvous circuit was closed due to being
686  * unable to use the rendezvous point node_t so in that case, we also want
687  * to recover and let tor pick a new one. */
688  goto tran_err;
689  }
690 
691  /* Cell has been sent successfully. Copy the introduction point
692  * authentication and encryption key in the rendezvous circuit identifier so
693  * we can compute the ntor keys when we receive the RENDEZVOUS2 cell. */
694  memcpy(&rend_circ->hs_ident->intro_enc_pk, &ip->enc_key,
695  sizeof(rend_circ->hs_ident->intro_enc_pk));
697  &intro_circ->hs_ident->intro_auth_pk);
698 
699  /* Now, we wait for an ACK or NAK on this circuit. */
702  /* Set timestamp_dirty, because circuit_expire_building expects it to
703  * specify when a circuit entered the _C_INTRODUCE_ACK_WAIT state. */
704  TO_CIRCUIT(intro_circ)->timestamp_dirty = time(NULL);
705  pathbias_count_use_attempt(intro_circ);
706 
707  /* Success. */
708  status = 0;
709  goto end;
710 
711  perm_err:
712  /* Permanent error: it is possible that the intro circuit was closed prior
713  * because we weren't able to send the cell. Make sure we don't double close
714  * it which would result in a warning. */
715  if (!TO_CIRCUIT(intro_circ)->marked_for_close) {
716  circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_INTERNAL);
717  }
718  circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
719  status = -2;
720  goto end;
721 
722  tran_err:
723  status = -1;
724 
725  end:
726  memwipe(onion_address, 0, sizeof(onion_address));
727  return status;
728 }
729 
730 /** Using the introduction circuit circ, setup the authentication key of the
731  * intro point this circuit has extended to.
732  *
733  * Return 0 if everything went well, otherwise return -1 in the case of errors.
734  */
735 static int
737 {
738  const hs_descriptor_t *desc;
739  const hs_desc_intro_point_t *ip;
740 
741  tor_assert(circ);
742 
744  if (desc == NULL) {
745  /* There is a very small race window between the opening of this circuit
746  * and the client descriptor cache that gets purged (NEWNYM) or the
747  * cleaned up because it expired. Mark the circuit for close so a new
748  * descriptor fetch can occur. */
749  goto err;
750  }
751 
752  /* We will go over every intro point and try to find which one is linked to
753  * that circuit. Those lists are small so it's not that expensive. */
755  circ->build_state->chosen_exit->identity_digest, desc);
756  if (!ip) {
757  /* Reaching this point means we didn't find any intro point for this
758  * circuit which is not supposed to happen. */
759  log_info(LD_REND,"Could not match opened intro circuit with intro point.");
760  goto err;
761  }
762 
763  /* We got it, copy its authentication key to the identifier. */
765  &ip->auth_key_cert->signed_key);
766  return 0;
767 
768  err:
769  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
770  return -1;
771 }
772 
773 /** Called when an introduction circuit has opened. */
774 static void
776 {
777  tor_assert(circ);
779  log_info(LD_REND, "Introduction circuit %u has opened. Attaching streams.",
780  (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
781 
782  /* This is an introduction circuit so we'll attach the correct
783  * authentication key to the circuit identifier so it can be identified
784  * properly later on. */
785  if (setup_intro_circ_auth_key(circ) < 0) {
786  return;
787  }
788 
790 }
791 
792 /** Setup the congestion control parameters on the given rendezvous circuit.
793  * This looks at the service descriptor flow control line (if any).
794  *
795  * It is possible that we are unable to set congestion control on the circuit
796  * if the descriptor can't be found. In that case, the introduction circuit
797  * can't be opened without it so a fetch will be triggered.
798  *
799  * However, if the descriptor asks for congestion control but the RP circuit
800  * doesn't have it, it will be closed and a new circuit will be opened. */
801 static void
803 {
804  tor_assert(circ);
805 
806  /* Setup congestion control parameters on the circuit. */
807  const hs_descriptor_t *desc =
809  if (desc == NULL) {
810  /* This is possible because between launching the circuit and the circuit
811  * ending in opened state, the descriptor could have been removed from the
812  * cache. In this case, we just can't setup congestion control. */
813  return;
814  }
815 
816  /* Check if the service lists support for congestion control in its
817  * descriptor. If not, we don't setup congestion control. */
819  return;
820  }
821 
822  /* If network doesn't enable it, do not setup. */
824  return;
825  }
826 
827  hs_circ_setup_congestion_control(circ, desc->encrypted_data.sendme_inc,
829 }
830 
831 /** Called when a rendezvous circuit has opened. */
832 static void
834 {
835  tor_assert(circ);
837 
838  const extend_info_t *rp_ei = circ->build_state->chosen_exit;
839 
840  /* Check that we didn't accidentally choose a node that does not understand
841  * the v3 rendezvous protocol */
842  if (rp_ei) {
843  const node_t *rp_node = node_get_by_id(rp_ei->identity_digest);
844  if (rp_node && !node_supports_v3_rendezvous_point(rp_node)) {
845  /* Even tho we checked that this node supported v3 when we created the
846  rendezvous circuit, there is a chance that we might think it does
847  not support v3 anymore. This might happen if we got a new consensus
848  in the meanwhile, where the relay is still listed but its listed
849  descriptor digest has changed and hence we can't access its 'ri' or
850  'md'. */
851  log_info(LD_REND, "Rendezvous node %s did not support v3 after circuit "
852  "has opened.", safe_str_client(extend_info_describe(rp_ei)));
853  return;
854  }
855  }
856 
857  log_info(LD_REND, "Rendezvous circuit has opened to %s.",
858  safe_str_client(extend_info_describe(rp_ei)));
859 
860  /* Setup congestion control parameters on the circuit. */
862 
863  /* Ignore returned value, nothing we can really do. On failure, the circuit
864  * will be marked for close. */
866 
867  /* Register rend circuit in circuitmap if it's still alive. */
868  if (!TO_CIRCUIT(circ)->marked_for_close) {
870  circ->hs_ident->rendezvous_cookie);
871  }
872 }
873 
874 /** This is an helper function that convert a descriptor intro point object ip
875  * to a newly allocated extend_info_t object fully initialized. Return NULL if
876  * we can't convert it for which chances are that we are missing or malformed
877  * link specifiers. */
880 {
881  extend_info_t *ei;
882 
883  tor_assert(ip);
884 
885  /* Explicitly put the direct connection option to 0 because this is client
886  * side and there is no such thing as a non anonymous client. */
888 
889  return ei;
890 }
891 
892 /** Return true iff the intro point ip for the service service_pk is usable.
893  * This function checks if the intro point is in the client intro state cache
894  * and checks at the failures. It is considered usable if:
895  * - No error happened (INTRO_POINT_FAILURE_GENERIC)
896  * - It is not flagged as timed out (INTRO_POINT_FAILURE_TIMEOUT)
897  * - The unreachable count is lower than
898  * MAX_INTRO_POINT_REACHABILITY_FAILURES (INTRO_POINT_FAILURE_UNREACHABLE)
899  */
900 static int
902  const hs_desc_intro_point_t *ip)
903 {
904  const hs_cache_intro_state_t *state;
905 
906  tor_assert(service_pk);
907  tor_assert(ip);
908 
909  state = hs_cache_client_intro_state_find(service_pk,
910  &ip->auth_key_cert->signed_key);
911  if (state == NULL) {
912  /* This means we've never encountered any problem thus usable. */
913  goto usable;
914  }
915  if (state->error) {
916  log_info(LD_REND, "Intro point with auth key %s had an error. Not usable",
917  safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
918  goto not_usable;
919  }
920  if (state->timed_out) {
921  log_info(LD_REND, "Intro point with auth key %s timed out. Not usable",
922  safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
923  goto not_usable;
924  }
926  log_info(LD_REND, "Intro point with auth key %s unreachable. Not usable",
927  safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
928  goto not_usable;
929  }
930 
931  usable:
932  return 1;
933  not_usable:
934  return 0;
935 }
936 
937 /** Using a descriptor desc, return a newly allocated extend_info_t object of a
938  * randomly picked introduction point from its list. Return NULL if none are
939  * usable. */
942 {
943  extend_info_t *ei = NULL, *ei_excluded = NULL;
944  smartlist_t *usable_ips = NULL;
945  const hs_descriptor_t *desc;
946  const hs_desc_encrypted_data_t *enc_data;
947  const or_options_t *options = get_options();
948  /* Calculate the onion address for logging purposes */
949  char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
950 
951  tor_assert(service_pk);
952 
953  desc = hs_cache_lookup_as_client(service_pk);
954  /* Assume the service is v3 if the descriptor is missing. This is ok,
955  * because we only use the address in log messages */
956  hs_build_address(service_pk,
957  desc ? desc->plaintext_data.version : HS_VERSION_THREE,
958  onion_address);
959  if (desc == NULL || !hs_client_any_intro_points_usable(service_pk,
960  desc)) {
961  log_info(LD_REND, "Unable to randomly select an introduction point "
962  "for service %s because descriptor %s. We can't connect.",
963  safe_str_client(onion_address),
964  (desc) ? "doesn't have any usable intro points"
965  : "is missing (assuming v3 onion address)");
966  goto end;
967  }
968 
969  enc_data = &desc->encrypted_data;
970  usable_ips = smartlist_new();
971  smartlist_add_all(usable_ips, enc_data->intro_points);
972  while (smartlist_len(usable_ips) != 0) {
973  int idx;
974  const hs_desc_intro_point_t *ip;
975 
976  /* Pick a random intro point and immediately remove it from the usable
977  * list so we don't pick it again if we have to iterate more. */
978  idx = crypto_rand_int(smartlist_len(usable_ips));
979  ip = smartlist_get(usable_ips, idx);
980  smartlist_del(usable_ips, idx);
981 
982  /* We need to make sure we have a usable intro points which is in a good
983  * state in our cache. */
984  if (!intro_point_is_usable(service_pk, ip)) {
985  continue;
986  }
987 
988  /* Generate an extend info object from the intro point object. */
990  if (ei == NULL) {
991  /* We can get here for instance if the intro point is a private address
992  * and we aren't allowed to extend to those. */
993  log_info(LD_REND, "Unable to select introduction point with auth key %s "
994  "for service %s, because we could not extend to it.",
995  safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)),
996  safe_str_client(onion_address));
997  continue;
998  }
999 
1000  /* Test the pick against ExcludeNodes. */
1001  if (routerset_contains_extendinfo(options->ExcludeNodes, ei)) {
1002  /* If this pick is in the ExcludeNodes list, we keep its reference so if
1003  * we ever end up not being able to pick anything else and StrictNodes is
1004  * unset, we'll use it. */
1005  if (ei_excluded) {
1006  /* If something was already here free it. After the loop is gone we
1007  * will examine the last excluded intro point, and that's fine since
1008  * that's random anyway */
1009  extend_info_free(ei_excluded);
1010  }
1011  ei_excluded = ei;
1012  continue;
1013  }
1014 
1015  /* Good pick! Let's go with this. */
1016  goto end;
1017  }
1018 
1019  /* Reaching this point means a couple of things. Either we can't use any of
1020  * the intro point listed because the IP address can't be extended to or it
1021  * is listed in the ExcludeNodes list. In the later case, if StrictNodes is
1022  * set, we are forced to not use anything. */
1023  ei = ei_excluded;
1024  if (options->StrictNodes) {
1025  log_warn(LD_REND, "Every introduction point for service %s is in the "
1026  "ExcludeNodes set and StrictNodes is set. We can't connect.",
1027  safe_str_client(onion_address));
1028  extend_info_free(ei);
1029  ei = NULL;
1030  } else {
1031  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Every introduction point for service "
1032  "%s is unusable or we can't extend to it. We can't connect.",
1033  safe_str_client(onion_address));
1034  }
1035 
1036  end:
1037  smartlist_free(usable_ips);
1038  memwipe(onion_address, 0, sizeof(onion_address));
1039  return ei;
1040 }
1041 
1042 /** Return true iff all intro points for the given service have timed out. */
1043 static bool
1045 {
1046  bool ret = false;
1047 
1048  tor_assert(service_pk);
1049 
1050  const hs_descriptor_t *desc = hs_cache_lookup_as_client(service_pk);
1051  if (BUG(!desc)) {
1052  /* We can't introduce without a descriptor so ending up here means somehow
1053  * between the introduction failure and this, the cache entry was removed
1054  * which shouldn't be possible in theory. */
1055  goto end;
1056  }
1057 
1059  const hs_desc_intro_point_t *, ip) {
1060  const hs_cache_intro_state_t *state =
1062  &ip->auth_key_cert->signed_key);
1063  if (!state || !state->timed_out) {
1064  /* No state or if this intro point has not timed out, we are done since
1065  * clearly not all of them have timed out. */
1066  goto end;
1067  }
1068  } SMARTLIST_FOREACH_END(ip);
1069 
1070  /* Exiting the loop here means that all intro points we've looked at have
1071  * timed out. Note that we can _not_ have a descriptor without intro points
1072  * in the client cache. */
1073  ret = true;
1074 
1075  end:
1076  return ret;
1077 }
1078 
1079 /** Called when a rendezvous circuit has timed out. Every stream attached to
1080  * the circuit will get set with the SOCKS5_HS_REND_FAILED (0xF3) extended
1081  * error code so if the connection to the rendezvous point ends up not
1082  * working, this code could be sent back as a reason. */
1083 static void
1085 {
1086  tor_assert(rend_circ);
1087 
1088  /* For each entry connection attached to this rendezvous circuit, report
1089  * the error. */
1090  for (edge_connection_t *edge = rend_circ->p_streams; edge;
1091  edge = edge->next_stream) {
1092  entry_connection_t *entry = EDGE_TO_ENTRY_CONN(edge);
1093  if (entry->socks_request) {
1095  SOCKS5_HS_REND_FAILED;
1096  }
1097  }
1098 }
1099 
1100 /** Called when introduction has failed meaning there is no more usable
1101  * introduction points to be used (either NACKed or failed) for the given
1102  * entry connection.
1103  *
1104  * This function only reports back the SOCKS5_HS_INTRO_FAILED (0xF2) code or
1105  * SOCKS5_HS_INTRO_TIMEDOUT (0xF7) if all intros have timed out. The caller
1106  * has to make sure to close the entry connections. */
1107 static void
1109  const ed25519_public_key_t *identity_pk)
1110 {
1111  socks5_reply_status_t code = SOCKS5_HS_INTRO_FAILED;
1112 
1113  tor_assert(conn);
1114  tor_assert(conn->socks_request);
1115  tor_assert(identity_pk);
1116 
1117  if (intro_points_all_timed_out(identity_pk)) {
1118  code = SOCKS5_HS_INTRO_TIMEDOUT;
1119  }
1121 }
1122 
1123 /** For this introduction circuit, we'll look at if we have any usable
1124  * introduction point left for this service. If so, we'll use the circuit to
1125  * re-extend to a new intro point. Else, we'll close the circuit and its
1126  * corresponding rendezvous circuit. Return 0 if we are re-extending else -1
1127  * if we are closing the circuits.
1128  *
1129  * This is called when getting an INTRODUCE_ACK cell with a NACK. */
1130 static int
1132 {
1133  int ret = -1;
1134  const hs_descriptor_t *desc;
1135  origin_circuit_t *rend_circ;
1136 
1137  tor_assert(intro_circ);
1138 
1139  desc = hs_cache_lookup_as_client(&intro_circ->hs_ident->identity_pk);
1140  if (desc == NULL) {
1141  /* We can't continue without a descriptor. This is possible if the cache
1142  * was cleaned up between the intro point established and the reception of
1143  * the introduce ack. */
1144  goto close;
1145  }
1146  /* We still have the descriptor, great! Let's try to see if we can
1147  * re-extend by looking up if there are any usable intro points. */
1149  desc)) {
1150  goto close;
1151  }
1152  /* Try to re-extend now. */
1153  if (hs_client_reextend_intro_circuit(intro_circ) < 0) {
1154  goto close;
1155  }
1156  /* Success on re-extending. Don't return an error. */
1157  ret = 0;
1158  goto end;
1159 
1160  close:
1161  /* Change the intro circuit purpose before so we don't report an intro point
1162  * failure again triggering an extra descriptor fetch. The circuit can
1163  * already be closed on failure to re-extend. */
1164  if (!TO_CIRCUIT(intro_circ)->marked_for_close) {
1165  circuit_change_purpose(TO_CIRCUIT(intro_circ),
1167  circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1168  }
1169  /* Close the related rendezvous circuit. */
1171  intro_circ->hs_ident->rendezvous_cookie);
1172  /* The rendezvous circuit might have collapsed while the INTRODUCE_ACK was
1173  * inflight so we can't expect one every time. */
1174  if (rend_circ) {
1175  circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_FINISHED);
1176  }
1177 
1178  end:
1179  return ret;
1180 }
1181 
1182 /** Called when we get an INTRODUCE_ACK success status code. Do the appropriate
1183  * actions for the rendezvous point and finally close intro_circ. */
1184 static void
1186 {
1187  origin_circuit_t *rend_circ = NULL;
1188 
1189  tor_assert(intro_circ);
1190 
1191  log_info(LD_REND, "Received INTRODUCE_ACK ack! Informing rendezvous");
1192 
1193  /* Get the rendezvous circuit for this rendezvous cookie. */
1194  uint8_t *rendezvous_cookie = intro_circ->hs_ident->rendezvous_cookie;
1195  rend_circ =
1197  if (rend_circ == NULL) {
1198  log_info(LD_REND, "Can't find any rendezvous circuit. Stopping");
1199  goto end;
1200  }
1201 
1202  assert_circ_anonymity_ok(rend_circ, get_options());
1203 
1204  /* It is possible to get a RENDEZVOUS2 cell before the INTRODUCE_ACK which
1205  * means that the circuit will be joined and already transmitting data. In
1206  * that case, simply skip the purpose change and close the intro circuit
1207  * like it should be. */
1208  if (TO_CIRCUIT(rend_circ)->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
1209  goto end;
1210  }
1213  /* Set timestamp_dirty, because circuit_expire_building expects it to
1214  * specify when a circuit entered the
1215  * CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED state. */
1216  TO_CIRCUIT(rend_circ)->timestamp_dirty = time(NULL);
1217 
1218  end:
1219  /* We don't need the intro circuit anymore. It did what it had to do! */
1220  circuit_change_purpose(TO_CIRCUIT(intro_circ),
1222  circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1223 
1224  /* XXX: Close pending intro circuits we might have in parallel. */
1225  return;
1226 }
1227 
1228 /** Called when we get an INTRODUCE_ACK failure status code. Depending on our
1229  * failure cache status, either close the circuit or re-extend to a new
1230  * introduction point. */
1231 static void
1233 {
1234  tor_assert(circ);
1235 
1236  log_info(LD_REND, "Received INTRODUCE_ACK nack by %s. Reason: %u",
1237  safe_str_client(extend_info_describe(circ->build_state->chosen_exit)),
1238  status);
1239 
1240  /* It's a NAK. The introduction point didn't relay our request. */
1242 
1243  /* Note down this failure in the intro point failure cache. Depending on how
1244  * many times we've tried this intro point, close it or reextend. */
1246  &circ->hs_ident->intro_auth_pk,
1247  INTRO_POINT_FAILURE_GENERIC);
1248 }
1249 
1250 /** Called when we get an INTRODUCE_ACK on the intro circuit circ. The encoded
1251  * cell is in payload of length payload_len. Return 0 on success else a
1252  * negative value. The circuit is either close or reuse to re-extend to a new
1253  * introduction point. */
1254 static int
1255 handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload,
1256  size_t payload_len)
1257 {
1258  int status, ret = -1;
1259 
1260  tor_assert(circ);
1261  tor_assert(circ->build_state);
1263  assert_circ_anonymity_ok(circ, get_options());
1264  tor_assert(payload);
1265 
1266  status = hs_cell_parse_introduce_ack(payload, payload_len);
1267  switch (status) {
1268  case TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS:
1269  ret = 0;
1271  goto end;
1272  case TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID:
1273  case TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT:
1274  /* It is possible that the intro point can send us an unknown status code
1275  * for the NACK that we do not know about like a new code for instance.
1276  * Just fallthrough so we can note down the NACK and re-extend. */
1277  default:
1278  handle_introduce_ack_bad(circ, status);
1279  /* We are going to see if we have to close the circuits (IP and RP) or we
1280  * can re-extend to a new intro point. */
1281  ret = close_or_reextend_intro_circ(circ);
1282  break;
1283  }
1284 
1285  end:
1286  return ret;
1287 }
1288 
1289 /** Called when we get a RENDEZVOUS2 cell on the rendezvous circuit circ. The
1290  * encoded cell is in payload of length payload_len. Return 0 on success or a
1291  * negative value on error. On error, the circuit is marked for close. */
1292 STATIC int
1293 handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload,
1294  size_t payload_len)
1295 {
1296  int ret = -1;
1297  curve25519_public_key_t server_pk;
1298  uint8_t auth_mac[DIGEST256_LEN] = {0};
1299  uint8_t handshake_info[CURVE25519_PUBKEY_LEN + sizeof(auth_mac)] = {0};
1301  const hs_ident_circuit_t *ident;
1302 
1303  tor_assert(circ);
1304  tor_assert(payload);
1305 
1306  /* Make things easier. */
1307  ident = circ->hs_ident;
1308  tor_assert(ident);
1309 
1310  if (hs_cell_parse_rendezvous2(payload, payload_len, handshake_info,
1311  sizeof(handshake_info)) < 0) {
1312  goto err;
1313  }
1314  /* Get from the handshake info the SERVER_PK and AUTH_MAC. */
1315  memcpy(&server_pk, handshake_info, CURVE25519_PUBKEY_LEN);
1316  memcpy(auth_mac, handshake_info + CURVE25519_PUBKEY_LEN, sizeof(auth_mac));
1317 
1318  /* Generate the handshake info. */
1319  if (hs_ntor_client_get_rendezvous1_keys(&ident->intro_auth_pk,
1320  &ident->rendezvous_client_kp,
1321  &ident->intro_enc_pk, &server_pk,
1322  &keys) < 0) {
1323  log_info(LD_REND, "Unable to compute the rendezvous keys.");
1324  goto err;
1325  }
1326 
1327  /* Critical check, make sure that the MAC matches what we got with what we
1328  * computed just above. */
1329  if (!hs_ntor_client_rendezvous2_mac_is_good(&keys, auth_mac)) {
1330  log_info(LD_REND, "Invalid MAC in RENDEZVOUS2. Rejecting cell.");
1331  goto err;
1332  }
1333 
1334  /* Setup the e2e encryption on the circuit and finalize its state. */
1335  if (hs_circuit_setup_e2e_rend_circ(circ, keys.ntor_key_seed,
1336  sizeof(keys.ntor_key_seed), 0) < 0) {
1337  log_info(LD_REND, "Unable to setup the e2e encryption.");
1338  goto err;
1339  }
1340  /* Success. Hidden service connection finalized! */
1341  ret = 0;
1342  goto end;
1343 
1344  err:
1345  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
1346  end:
1347  memwipe(&keys, 0, sizeof(keys));
1348  return ret;
1349 }
1350 
1351 /** Return true iff the client can fetch a descriptor for this service public
1352  * identity key and status_out if not NULL is untouched. If the client can
1353  * _not_ fetch the descriptor and if status_out is not NULL, it is set with
1354  * the fetch status code. */
1355 static unsigned int
1357  hs_client_fetch_status_t *status_out)
1358 {
1359  hs_client_fetch_status_t status;
1360 
1361  tor_assert(identity_pk);
1362 
1363  /* Are we configured to fetch descriptors? */
1364  if (!get_options()->FetchHidServDescriptors) {
1365  log_warn(LD_REND, "We received an onion address for a hidden service "
1366  "descriptor but we are configured to not fetch.");
1367  status = HS_CLIENT_FETCH_NOT_ALLOWED;
1368  goto cannot;
1369  }
1370 
1371  /* Without a usable consensus we can't do any client actions. It is needed
1372  * to compute the hashring for a service. */
1375  log_info(LD_REND, "Can't fetch descriptor for service %s because we "
1376  "are missing a live consensus. Stalling connection.",
1377  safe_str_client(ed25519_fmt(identity_pk)));
1379  goto cannot;
1380  }
1381 
1383  log_info(LD_REND, "Can't fetch descriptor for service %s because we "
1384  "dont have enough descriptors. Stalling connection.",
1385  safe_str_client(ed25519_fmt(identity_pk)));
1387  goto cannot;
1388  }
1389 
1390  /* Check if fetching a desc for this HS is useful to us right now */
1391  {
1392  const hs_descriptor_t *cached_desc = NULL;
1393  cached_desc = hs_cache_lookup_as_client(identity_pk);
1394  if (cached_desc && hs_client_any_intro_points_usable(identity_pk,
1395  cached_desc)) {
1396  log_info(LD_GENERAL, "We would fetch a v3 hidden service descriptor "
1397  "but we already have a usable descriptor.");
1398  status = HS_CLIENT_FETCH_HAVE_DESC;
1399  goto cannot;
1400  }
1401  }
1402 
1403  /* Don't try to refetch while we have a pending request for it. */
1404  if (directory_request_is_pending(identity_pk)) {
1405  log_info(LD_REND, "Already a pending directory request. Waiting on it.");
1406  status = HS_CLIENT_FETCH_PENDING;
1407  goto cannot;
1408  }
1409 
1410  /* Yes, client can fetch! */
1411  return 1;
1412  cannot:
1413  if (status_out) {
1414  *status_out = status;
1415  }
1416  return 0;
1417 }
1418 
1419 /** Purge the client authorization cache of all ephemeral entries that is the
1420  * entries that are not flagged with CLIENT_AUTH_FLAG_IS_PERMANENT.
1421  *
1422  * This is called from the hs_client_purge_state() used by a SIGNEWNYM. */
1423 STATIC void
1425 {
1426  DIGEST256MAP_FOREACH_MODIFY(client_auths, key,
1428  /* Cleanup every entry that are _NOT_ permanent that is ephemeral. */
1429  if (!(auth->flags & CLIENT_AUTH_FLAG_IS_PERMANENT)) {
1430  MAP_DEL_CURRENT(key);
1431  client_service_authorization_free(auth);
1432  }
1434 
1435  log_info(LD_REND, "Client onion service ephemeral authorization "
1436  "cache has been purged.");
1437 }
1438 
1439 /** Return the client auth in the map using the service identity public key.
1440  * Return NULL if it does not exist in the map. */
1442 find_client_auth(const ed25519_public_key_t *service_identity_pk)
1443 {
1444  /* If the map is not allocated, we can assume that we do not have any client
1445  * auth information. */
1446  if (!client_auths) {
1447  return NULL;
1448  }
1449  return digest256map_get(client_auths, service_identity_pk->pubkey);
1450 }
1451 
1452 /** This is called when a descriptor has arrived following a fetch request and
1453  * has been stored in the client cache. The given entry connections, matching
1454  * the service identity key, will get attached to the service circuit. */
1455 static void
1457 {
1458  time_t now = time(NULL);
1459 
1460  tor_assert(entry_conns);
1461 
1462  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
1463  const hs_descriptor_t *desc;
1464  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
1465  const ed25519_public_key_t *identity_pk =
1466  &edge_conn->hs_ident->identity_pk;
1467 
1468  /* We were just called because we stored the descriptor for this service
1469  * so not finding a descriptor means we have a bigger problem. */
1470  desc = hs_cache_lookup_as_client(identity_pk);
1471  if (BUG(desc == NULL)) {
1472  goto end;
1473  }
1474 
1475  if (!hs_client_any_intro_points_usable(identity_pk, desc)) {
1476  log_info(LD_REND, "Hidden service descriptor is unusable. "
1477  "Closing streams.");
1478  /* Report the extended socks error code that we were unable to introduce
1479  * to the service. */
1480  socks_mark_introduction_failed(entry_conn, identity_pk);
1481 
1482  connection_mark_unattached_ap(entry_conn,
1483  END_STREAM_REASON_RESOLVEFAILED);
1484  /* We are unable to use the descriptor so remove the directory request
1485  * from the cache so the next connection can try again. */
1486  note_connection_attempt_succeeded(edge_conn->hs_ident);
1487  continue;
1488  }
1489 
1490  log_info(LD_REND, "Descriptor has arrived. Launching circuits.");
1491 
1492  /* Mark connection as waiting for a circuit since we do have a usable
1493  * descriptor now. */
1494  mark_conn_as_waiting_for_circuit(&edge_conn->base_, now);
1495  } SMARTLIST_FOREACH_END(entry_conn);
1496 
1497  end:
1498  return;
1499 }
1500 
1501 /** This is called when a descriptor fetch was successful but the descriptor
1502  * couldn't be decrypted due to missing or bad client authorization. */
1503 static void
1505  hs_desc_decode_status_t status)
1506 {
1507  tor_assert(entry_conns);
1508 
1509  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
1510  socks5_reply_status_t code;
1511  if (status == HS_DESC_DECODE_BAD_CLIENT_AUTH) {
1512  code = SOCKS5_HS_BAD_CLIENT_AUTH;
1513  } else if (status == HS_DESC_DECODE_NEED_CLIENT_AUTH) {
1514  code = SOCKS5_HS_MISSING_CLIENT_AUTH;
1515  } else {
1516  /* We should not be called with another type of status. Recover by
1517  * sending a generic error. */
1519  code = SOCKS5_GENERAL_ERROR;
1520  }
1521  entry_conn->socks_request->socks_extended_error_code = code;
1522  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_MISC);
1523  } SMARTLIST_FOREACH_END(entry_conn);
1524 }
1525 
1526 /** Called when we get a 200 directory fetch status code. */
1527 static void
1529  const smartlist_t *entry_conns, const char *body)
1530 {
1531  hs_desc_decode_status_t decode_status;
1532 
1533  tor_assert(dir_conn);
1534  tor_assert(entry_conns);
1535  tor_assert(body);
1536 
1537  /* We got something: Try storing it in the cache. */
1538  decode_status = hs_cache_store_as_client(body,
1539  &dir_conn->hs_ident->identity_pk);
1540  switch (decode_status) {
1541  case HS_DESC_DECODE_OK:
1542  case HS_DESC_DECODE_NEED_CLIENT_AUTH:
1543  case HS_DESC_DECODE_BAD_CLIENT_AUTH:
1544  log_info(LD_REND, "Stored hidden service descriptor successfully.");
1545  TO_CONN(dir_conn)->purpose = DIR_PURPOSE_HAS_FETCHED_HSDESC;
1546  if (decode_status == HS_DESC_DECODE_OK) {
1547  client_desc_has_arrived(entry_conns);
1548  } else {
1549  /* This handles both client auth decode status. */
1550  client_desc_missing_bad_client_auth(entry_conns, decode_status);
1551  log_info(LD_REND, "Stored hidden service descriptor requires "
1552  "%s client authorization.",
1553  decode_status == HS_DESC_DECODE_NEED_CLIENT_AUTH ? "missing"
1554  : "new");
1555  }
1556  /* Fire control port RECEIVED event. */
1557  hs_control_desc_event_received(dir_conn->hs_ident,
1558  dir_conn->identity_digest);
1559  hs_control_desc_event_content(dir_conn->hs_ident,
1560  dir_conn->identity_digest, body);
1561  break;
1562  case HS_DESC_DECODE_ENCRYPTED_ERROR:
1563  case HS_DESC_DECODE_SUPERENC_ERROR:
1564  case HS_DESC_DECODE_PLAINTEXT_ERROR:
1565  case HS_DESC_DECODE_GENERIC_ERROR:
1566  default:
1567  log_info(LD_REND, "Failed to store hidden service descriptor. "
1568  "Descriptor decoding status: %d", decode_status);
1569  /* Fire control port FAILED event. */
1570  hs_control_desc_event_failed(dir_conn->hs_ident,
1571  dir_conn->identity_digest, "BAD_DESC");
1572  hs_control_desc_event_content(dir_conn->hs_ident,
1573  dir_conn->identity_digest, NULL);
1574  break;
1575  }
1576 }
1577 
1578 /** Called when we get a 404 directory fetch status code. */
1579 static void
1581  const smartlist_t *entry_conns)
1582 {
1583  tor_assert(entry_conns);
1584 
1585  /* Not there. We'll retry when connection_about_to_close_connection() tries
1586  * to clean this conn up. */
1587  log_info(LD_REND, "Fetching hidden service v3 descriptor not found: "
1588  "Retrying at another directory.");
1589  /* Fire control port FAILED event. */
1590  hs_control_desc_event_failed(dir_conn->hs_ident, dir_conn->identity_digest,
1591  "NOT_FOUND");
1592  hs_control_desc_event_content(dir_conn->hs_ident, dir_conn->identity_digest,
1593  NULL);
1594 
1595  /* Flag every entry connections that the descriptor was not found. */
1596  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
1598  SOCKS5_HS_NOT_FOUND;
1599  } SMARTLIST_FOREACH_END(entry_conn);
1600 }
1601 
1602 /** Called when we get a 400 directory fetch status code. */
1603 static void
1604 client_dir_fetch_400(dir_connection_t *dir_conn, const char *reason)
1605 {
1606  tor_assert(dir_conn);
1607 
1608  log_warn(LD_REND, "Fetching v3 hidden service descriptor failed: "
1609  "http status 400 (%s). Dirserver didn't like our "
1610  "query? Retrying at another directory.",
1611  escaped(reason));
1612 
1613  /* Fire control port FAILED event. */
1614  hs_control_desc_event_failed(dir_conn->hs_ident, dir_conn->identity_digest,
1615  "QUERY_REJECTED");
1616  hs_control_desc_event_content(dir_conn->hs_ident, dir_conn->identity_digest,
1617  NULL);
1618 }
1619 
1620 /** Called when we get an unexpected directory fetch status code. */
1621 static void
1622 client_dir_fetch_unexpected(dir_connection_t *dir_conn, const char *reason,
1623  const int status_code)
1624 {
1625  tor_assert(dir_conn);
1626 
1627  log_warn(LD_REND, "Fetching v3 hidden service descriptor failed: "
1628  "http status %d (%s) response unexpected from HSDir "
1629  "server %s'. Retrying at another directory.",
1630  status_code, escaped(reason),
1631  connection_describe_peer(TO_CONN(dir_conn)));
1632  /* Fire control port FAILED event. */
1633  hs_control_desc_event_failed(dir_conn->hs_ident, dir_conn->identity_digest,
1634  "UNEXPECTED");
1635  hs_control_desc_event_content(dir_conn->hs_ident, dir_conn->identity_digest,
1636  NULL);
1637 }
1638 
1639 /** Get the full filename for storing the client auth credentials for the
1640  * service in <b>onion_address</b>. The base directory is <b>dir</b>.
1641  * This function never returns NULL. */
1642 static char *
1643 get_client_auth_creds_filename(const char *onion_address,
1644  const char *dir)
1645 {
1646  char *full_fname = NULL;
1647  char *fname;
1648 
1649  tor_asprintf(&fname, "%s.auth_private", onion_address);
1650  full_fname = hs_path_from_filename(dir, fname);
1651  tor_free(fname);
1652 
1653  return full_fname;
1654 }
1655 
1656 /** Permanently store the credentials in <b>creds</b> to disk.
1657  *
1658  * Return -1 if there was an error while storing the credentials, otherwise
1659  * return 0.
1660  */
1661 static int
1663  const hs_client_service_authorization_t *creds)
1664 {
1665  const or_options_t *options = get_options();
1666  char *full_fname = NULL;
1667  char *file_contents = NULL;
1668  char priv_key_b32[BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)+1];
1669  int retval = -1;
1670 
1671  tor_assert(creds->flags & CLIENT_AUTH_FLAG_IS_PERMANENT);
1672 
1673  /* We need ClientOnionAuthDir to be set, otherwise we can't proceed */
1674  if (!options->ClientOnionAuthDir) {
1675  log_warn(LD_GENERAL, "Can't register permanent client auth credentials "
1676  "for %s without ClientOnionAuthDir option. Discarding.",
1677  creds->onion_address);
1678  goto err;
1679  }
1680 
1681  /* Make sure the directory exists and is private enough. */
1682  if (check_private_dir(options->ClientOnionAuthDir, 0, options->User) < 0) {
1683  goto err;
1684  }
1685 
1686  /* Get filename that we should store the credentials */
1687  full_fname = get_client_auth_creds_filename(creds->onion_address,
1688  options->ClientOnionAuthDir);
1689 
1690  /* Encode client private key */
1691  base32_encode(priv_key_b32, sizeof(priv_key_b32),
1692  (char*)creds->enc_seckey.secret_key,
1693  sizeof(creds->enc_seckey.secret_key));
1694 
1695  /* Get the full file contents and write it to disk! */
1696  tor_asprintf(&file_contents, "%s:descriptor:x25519:%s",
1697  creds->onion_address, priv_key_b32);
1698  if (write_str_to_file(full_fname, file_contents, 0) < 0) {
1699  log_warn(LD_GENERAL, "Failed to write client auth creds file for %s!",
1700  creds->onion_address);
1701  goto err;
1702  }
1703 
1704  retval = 0;
1705 
1706  err:
1707  tor_free(file_contents);
1708  tor_free(full_fname);
1709 
1710  return retval;
1711 }
1712 
1713 /** Register the credential <b>creds</b> as part of the client auth subsystem.
1714  *
1715  * Takes ownership of <b>creds</b>.
1716  **/
1717 hs_client_register_auth_status_t
1719 {
1720  ed25519_public_key_t service_identity_pk;
1721  hs_client_service_authorization_t *old_creds = NULL;
1722  hs_client_register_auth_status_t retval = REGISTER_SUCCESS;
1723 
1724  tor_assert(creds);
1725 
1726  if (!client_auths) {
1727  client_auths = digest256map_new();
1728  }
1729 
1730  if (hs_parse_address(creds->onion_address, &service_identity_pk,
1731  NULL, NULL) < 0) {
1732  client_service_authorization_free(creds);
1733  return REGISTER_FAIL_BAD_ADDRESS;
1734  }
1735 
1736  /* If we reach this point, the credentials will be stored one way or another:
1737  * Make them permanent if the user asked us to. */
1738  if (creds->flags & CLIENT_AUTH_FLAG_IS_PERMANENT) {
1739  if (store_permanent_client_auth_credentials(creds) < 0) {
1740  client_service_authorization_free(creds);
1741  return REGISTER_FAIL_PERMANENT_STORAGE;
1742  }
1743  }
1744 
1745  old_creds = digest256map_get(client_auths, service_identity_pk.pubkey);
1746  if (old_creds) {
1747  digest256map_remove(client_auths, service_identity_pk.pubkey);
1748  client_service_authorization_free(old_creds);
1749  retval = REGISTER_SUCCESS_ALREADY_EXISTS;
1750  }
1751 
1752  digest256map_set(client_auths, service_identity_pk.pubkey, creds);
1753 
1754  /** Now that we set the new credentials, also try to decrypt any cached
1755  * descriptors. */
1756  if (hs_cache_client_new_auth_parse(&service_identity_pk)) {
1757  retval = REGISTER_SUCCESS_AND_DECRYPTED;
1758  }
1759 
1760  return retval;
1761 }
1762 
1763 /** Load a client authorization file with <b>filename</b> that is stored under
1764  * the global client auth directory, and return a newly-allocated credentials
1765  * object if it parsed well. Otherwise, return NULL.
1766  */
1769  const or_options_t *options)
1770 {
1771  hs_client_service_authorization_t *auth = NULL;
1772  char *client_key_file_path = NULL;
1773  char *client_key_str = NULL;
1774 
1775  log_info(LD_REND, "Loading a client authorization key file %s...",
1776  filename);
1777 
1778  if (!auth_key_filename_is_valid(filename)) {
1779  log_notice(LD_REND, "Client authorization unrecognized filename %s. "
1780  "File must end in .auth_private. Ignoring.",
1781  filename);
1782  goto err;
1783  }
1784 
1785  /* Create a full path for a file. */
1786  client_key_file_path = hs_path_from_filename(options->ClientOnionAuthDir,
1787  filename);
1788 
1789  client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1790  if (!client_key_str) {
1791  log_warn(LD_REND, "The file %s cannot be read.", filename);
1792  goto err;
1793  }
1794 
1795  auth = parse_auth_file_content(client_key_str);
1796  if (!auth) {
1797  goto err;
1798  }
1799 
1800  err:
1801  tor_free(client_key_str);
1802  tor_free(client_key_file_path);
1803 
1804  return auth;
1805 }
1806 
1807 /*
1808  * Remove the file in <b>filename</b> under the global client auth credential
1809  * storage.
1810  */
1811 static void
1812 remove_client_auth_creds_file(const char *filename)
1813 {
1814  char *creds_file_path = NULL;
1815  const or_options_t *options = get_options();
1816 
1817  creds_file_path = hs_path_from_filename(options->ClientOnionAuthDir,
1818  filename);
1819  if (tor_unlink(creds_file_path) != 0) {
1820  log_warn(LD_REND, "Failed to remove client auth file (%s).",
1821  creds_file_path);
1822  goto end;
1823  }
1824 
1825  log_warn(LD_REND, "Successfully removed client auth file (%s).",
1826  creds_file_path);
1827 
1828  end:
1829  tor_free(creds_file_path);
1830 }
1831 
1832 /**
1833  * Find the filesystem file corresponding to the permanent client auth
1834  * credentials in <b>cred</b> and remove it.
1835  */
1836 static void
1839 {
1840  smartlist_t *file_list = NULL;
1841  const or_options_t *options = get_options();
1842 
1844 
1845  if (!options->ClientOnionAuthDir) {
1846  log_warn(LD_REND, "Found permanent credential but no ClientOnionAuthDir "
1847  "configured. There is no file to be removed.");
1848  goto end;
1849  }
1850 
1851  file_list = tor_listdir(options->ClientOnionAuthDir);
1852  if (file_list == NULL) {
1853  log_warn(LD_REND, "Client authorization key directory %s can't be listed.",
1854  options->ClientOnionAuthDir);
1855  goto end;
1856  }
1857 
1858  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1859  hs_client_service_authorization_t *tmp_cred = NULL;
1860 
1861  tmp_cred = get_creds_from_client_auth_filename(filename, options);
1862  if (!tmp_cred) {
1863  continue;
1864  }
1865 
1866  /* Find the right file for this credential */
1867  if (!strcmp(tmp_cred->onion_address, cred->onion_address)) {
1868  /* Found it! Remove the file! */
1869  remove_client_auth_creds_file(filename);
1870  /* cleanup and get out of here */
1871  client_service_authorization_free(tmp_cred);
1872  break;
1873  }
1874 
1875  client_service_authorization_free(tmp_cred);
1876  } SMARTLIST_FOREACH_END(filename);
1877 
1878  end:
1879  if (file_list) {
1880  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1881  smartlist_free(file_list);
1882  }
1883 }
1884 
1885 /** Remove client auth credentials for the service <b>hs_address</b>. */
1886 hs_client_removal_auth_status_t
1888 {
1889  ed25519_public_key_t service_identity_pk;
1890 
1891  if (!client_auths) {
1892  return REMOVAL_SUCCESS_NOT_FOUND;
1893  }
1894 
1895  if (hs_parse_address(hsaddress, &service_identity_pk, NULL, NULL) < 0) {
1896  return REMOVAL_BAD_ADDRESS;
1897  }
1898 
1899  hs_client_service_authorization_t *cred = NULL;
1900  cred = digest256map_remove(client_auths, service_identity_pk.pubkey);
1901 
1902  /* digestmap_remove() returns the previously stored data if there were any */
1903  if (cred) {
1904  if (cred->flags & CLIENT_AUTH_FLAG_IS_PERMANENT) {
1905  /* These creds are stored on disk: remove the corresponding file. */
1907  }
1908 
1909  /* Remove associated descriptor if any. */
1910  hs_cache_remove_as_client(&service_identity_pk);
1911 
1912  client_service_authorization_free(cred);
1913  return REMOVAL_SUCCESS;
1914  }
1915 
1916  return REMOVAL_SUCCESS_NOT_FOUND;
1917 }
1918 
1919 /** Get the HS client auth map. */
1920 digest256map_t *
1922 {
1923  return client_auths;
1924 }
1925 
1926 /* ========== */
1927 /* Public API */
1928 /* ========== */
1929 
1930 /** Called when a circuit was just cleaned up. This is done right before the
1931  * circuit is marked for close. */
1932 void
1934 {
1935  bool has_timed_out;
1936 
1937  tor_assert(circ);
1939 
1940  has_timed_out =
1941  (circ->marked_for_close_orig_reason == END_CIRC_REASON_TIMEOUT);
1942 
1943  switch (circ->purpose) {
1948  /* Report extended SOCKS error code when a rendezvous circuit times out.
1949  * This MUST be done on_close() because it is possible the entry
1950  * connection would get closed before the circuit is freed and thus
1951  * would fail to report the error code. */
1952  if (has_timed_out) {
1953  socks_mark_rend_circuit_timed_out(CONST_TO_ORIGIN_CIRCUIT(circ));
1954  }
1955  break;
1956  default:
1957  break;
1958  }
1959 }
1960 
1961 /** Called when a circuit was just cleaned up. This is done right before the
1962  * circuit is freed. */
1963 void
1965 {
1966  bool has_timed_out;
1967  rend_intro_point_failure_t failure = INTRO_POINT_FAILURE_UNREACHABLE;
1968  const origin_circuit_t *orig_circ = NULL;
1969 
1970  tor_assert(circ);
1972 
1973  orig_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
1974  tor_assert(orig_circ->hs_ident);
1975 
1976  has_timed_out =
1977  (circ->marked_for_close_orig_reason == END_CIRC_REASON_TIMEOUT);
1978  if (has_timed_out) {
1979  failure = INTRO_POINT_FAILURE_TIMEOUT;
1980  }
1981 
1982  switch (circ->purpose) {
1984  log_info(LD_REND, "Failed v3 intro circ for service %s to intro point %s "
1985  "(awaiting ACK). Failure code: %d",
1986  safe_str_client(ed25519_fmt(&orig_circ->hs_ident->identity_pk)),
1987  safe_str_client(build_state_get_exit_nickname(orig_circ->build_state)),
1988  failure);
1990  &orig_circ->hs_ident->intro_auth_pk,
1991  failure);
1992  break;
1994  if (has_timed_out || !orig_circ->build_state) {
1995  break;
1996  }
1997  failure = INTRO_POINT_FAILURE_UNREACHABLE;
1998  log_info(LD_REND, "Failed v3 intro circ for service %s to intro point %s "
1999  "(while building circuit). Marking as unreachable.",
2000  safe_str_client(ed25519_fmt(&orig_circ->hs_ident->identity_pk)),
2001  safe_str_client(build_state_get_exit_nickname(orig_circ->build_state)));
2003  &orig_circ->hs_ident->intro_auth_pk,
2004  failure);
2005  break;
2006  default:
2007  break;
2008  }
2009 }
2010 
2011 /** A circuit just finished connecting to a hidden service that the stream
2012  * <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
2013 void
2015 {
2017 
2018  if (conn->hs_ident) { /* It's v3: pass it to the prop224 handler */
2019  note_connection_attempt_succeeded(conn->hs_ident);
2020  return;
2021  }
2022 }
2023 
2024 /** With the given encoded descriptor in desc_str and the service key in
2025  * service_identity_pk, decode the descriptor and set the desc pointer with a
2026  * newly allocated descriptor object.
2027  *
2028  * On success, HS_DESC_DECODE_OK is returned and desc is set to the decoded
2029  * descriptor. On error, desc is set to NULL and a decoding error status is
2030  * returned depending on what was the issue. */
2032 hs_client_decode_descriptor(const char *desc_str,
2033  const ed25519_public_key_t *service_identity_pk,
2034  hs_descriptor_t **desc)
2035 {
2037  hs_subcredential_t subcredential;
2038  ed25519_public_key_t blinded_pubkey;
2039  hs_client_service_authorization_t *client_auth = NULL;
2040  curve25519_secret_key_t *client_auth_sk = NULL;
2041 
2042  tor_assert(desc_str);
2043  tor_assert(service_identity_pk);
2044  tor_assert(desc);
2045 
2046  /* Check if we have a client authorization for this service in the map. */
2047  client_auth = find_client_auth(service_identity_pk);
2048  if (client_auth) {
2049  client_auth_sk = &client_auth->enc_seckey;
2050  }
2051 
2052  /* Create subcredential for this HS so that we can decrypt */
2053  {
2054  uint64_t current_time_period = hs_get_time_period_num(0);
2055  hs_build_blinded_pubkey(service_identity_pk, NULL, 0, current_time_period,
2056  &blinded_pubkey);
2057  hs_get_subcredential(service_identity_pk, &blinded_pubkey, &subcredential);
2058  }
2059 
2060  /* Parse descriptor */
2061  ret = hs_desc_decode_descriptor(desc_str, &subcredential,
2062  client_auth_sk, desc);
2063  memwipe(&subcredential, 0, sizeof(subcredential));
2064  if (ret != HS_DESC_DECODE_OK) {
2065  goto err;
2066  }
2067 
2068  /* Make sure the descriptor signing key cross certifies with the computed
2069  * blinded key. Without this validation, anyone knowing the subcredential
2070  * and onion address can forge a descriptor. */
2071  tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
2072  if (tor_cert_checksig(cert,
2073  &blinded_pubkey, approx_time()) < 0) {
2074  log_warn(LD_GENERAL, "Descriptor signing key certificate signature "
2075  "doesn't validate with computed blinded key: %s",
2077  ret = HS_DESC_DECODE_GENERIC_ERROR;
2078  goto err;
2079  }
2080 
2081  return HS_DESC_DECODE_OK;
2082  err:
2083  return ret;
2084 }
2085 
2086 /** Return true iff there are at least one usable intro point in the service
2087  * descriptor desc. */
2088 int
2090  const hs_descriptor_t *desc)
2091 {
2092  tor_assert(service_pk);
2093  tor_assert(desc);
2094 
2096  const hs_desc_intro_point_t *, ip) {
2097  if (intro_point_is_usable(service_pk, ip)) {
2098  goto usable;
2099  }
2100  } SMARTLIST_FOREACH_END(ip);
2101 
2102  return 0;
2103  usable:
2104  return 1;
2105 }
2106 
2107 /** Launch a connection to a hidden service directory to fetch a hidden
2108  * service descriptor using <b>identity_pk</b> to get the necessary keys.
2109  *
2110  * A hs_client_fetch_status_t code is returned. */
2111 int
2113 {
2114  hs_client_fetch_status_t status;
2115 
2116  tor_assert(identity_pk);
2117 
2118  if (!can_client_refetch_desc(identity_pk, &status)) {
2119  return status;
2120  }
2121 
2122  /* Try to fetch the desc and if we encounter an unrecoverable error, mark
2123  * the desc as unavailable for now. */
2124  status = fetch_v3_desc(identity_pk);
2125  if (fetch_status_should_close_socks(status)) {
2126  close_all_socks_conns_waiting_for_desc(identity_pk, status,
2127  END_STREAM_REASON_RESOLVEFAILED);
2128  /* Remove HSDir fetch attempts so that we can retry later if the user
2129  * wants us to regardless of if we closed any connections. */
2130  purge_hid_serv_request(identity_pk);
2131  }
2132  return status;
2133 }
2134 
2135 /** This is called when we are trying to attach an AP connection to these
2136  * hidden service circuits from connection_ap_handshake_attach_circuit().
2137  * Return 0 on success, -1 for a transient error that is actions were
2138  * triggered to recover or -2 for a permenent error where both circuits will
2139  * marked for close.
2140  *
2141  * The following supports every hidden service version. */
2142 int
2144  origin_circuit_t *rend_circ)
2145 {
2146  return send_introduce1(intro_circ, rend_circ);
2147 }
2148 
2149 /** Called when the client circuit circ has been established. It can be either
2150  * an introduction or rendezvous circuit. This function handles all hidden
2151  * service versions. */
2152 void
2154 {
2155  tor_assert(circ);
2156 
2157  switch (TO_CIRCUIT(circ)->purpose) {
2159  if (circ->hs_ident) {
2161  }
2162  break;
2164  if (circ->hs_ident) {
2166  }
2167  break;
2168  default:
2170  }
2171 }
2172 
2173 /** Called when we receive a RENDEZVOUS_ESTABLISHED cell. Change the state of
2174  * the circuit to CIRCUIT_PURPOSE_C_REND_READY. Return 0 on success else a
2175  * negative value and the circuit marked for close. */
2176 int
2178  const uint8_t *payload, size_t payload_len)
2179 {
2180  tor_assert(circ);
2181  tor_assert(payload);
2182 
2183  (void) payload_len;
2184 
2185  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
2186  log_warn(LD_PROTOCOL, "Got a RENDEZVOUS_ESTABLISHED but we were not "
2187  "expecting one. Closing circuit.");
2188  goto err;
2189  }
2190 
2191  log_info(LD_REND, "Received an RENDEZVOUS_ESTABLISHED. This circuit is "
2192  "now ready for rendezvous.");
2194 
2195  /* Set timestamp_dirty, because circuit_expire_building expects it to
2196  * specify when a circuit entered the _C_REND_READY state. */
2197  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2198 
2199  /* From a path bias point of view, this circuit is now successfully used.
2200  * Waiting any longer opens us up to attacks from malicious hidden services.
2201  * They could induce the client to attempt to connect to their hidden
2202  * service and never reply to the client's rend requests */
2204 
2205  /* If we already have the introduction circuit built, make sure we send
2206  * the INTRODUCE cell _now_ */
2208 
2209  return 0;
2210  err:
2211  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2212  return -1;
2213 }
2214 
2215 void
2216 client_service_authorization_free_(hs_client_service_authorization_t *auth)
2217 {
2218  if (!auth) {
2219  return;
2220  }
2221 
2222  tor_free(auth->client_name);
2223 
2224  memwipe(auth, 0, sizeof(*auth));
2225  tor_free(auth);
2226 }
2227 
2228 /** Helper for digest256map_free. */
2229 static void
2231 {
2232  client_service_authorization_free_(auth);
2233 }
2234 
2235 static void
2236 client_service_authorization_free_all(void)
2237 {
2238  if (!client_auths) {
2239  return;
2240  }
2242 }
2243 
2244 /** Check if the auth key file name is valid or not. Return 1 if valid,
2245  * otherwise return 0. */
2246 STATIC int
2247 auth_key_filename_is_valid(const char *filename)
2248 {
2249  int ret = 1;
2250  const char *valid_extension = ".auth_private";
2251 
2252  tor_assert(filename);
2253 
2254  /* The length of the filename must be greater than the length of the
2255  * extension and the valid extension must be at the end of filename. */
2256  if (!strcmpend(filename, valid_extension) &&
2257  strlen(filename) != strlen(valid_extension)) {
2258  ret = 1;
2259  } else {
2260  ret = 0;
2261  }
2262 
2263  return ret;
2264 }
2265 
2266 /** Parse the client auth credentials off a string in <b>client_key_str</b>
2267  * based on the file format documented in the "Client side configuration"
2268  * section of rend-spec-v3.txt.
2269  *
2270  * Return NULL if there was an error, otherwise return a newly allocated
2271  * hs_client_service_authorization_t structure.
2272  */
2274 parse_auth_file_content(const char *client_key_str)
2275 {
2276  char *onion_address = NULL;
2277  char *auth_type = NULL;
2278  char *key_type = NULL;
2279  char *seckey_b32 = NULL;
2280  hs_client_service_authorization_t *auth = NULL;
2281  smartlist_t *fields = smartlist_new();
2282 
2283  tor_assert(client_key_str);
2284 
2285  smartlist_split_string(fields, client_key_str, ":",
2286  SPLIT_SKIP_SPACE, 0);
2287  /* Wrong number of fields. */
2288  if (smartlist_len(fields) != 4) {
2289  goto err;
2290  }
2291 
2292  onion_address = smartlist_get(fields, 0);
2293  auth_type = smartlist_get(fields, 1);
2294  key_type = smartlist_get(fields, 2);
2295  seckey_b32 = smartlist_get(fields, 3);
2296 
2297  /* Currently, the only supported auth type is "descriptor" and the only
2298  * supported key type is "x25519". */
2299  if (strcmp(auth_type, "descriptor") || strcmp(key_type, "x25519")) {
2300  goto err;
2301  }
2302 
2303  if (strlen(seckey_b32) != BASE32_NOPAD_LEN(CURVE25519_SECKEY_LEN)) {
2304  log_warn(LD_REND, "Client authorization encoded base32 private key "
2305  "length is invalid: %s", seckey_b32);
2306  goto err;
2307  }
2308 
2309  auth = tor_malloc_zero(sizeof(hs_client_service_authorization_t));
2310  if (base32_decode((char *) auth->enc_seckey.secret_key,
2311  sizeof(auth->enc_seckey.secret_key),
2312  seckey_b32, strlen(seckey_b32)) !=
2313  sizeof(auth->enc_seckey.secret_key)) {
2314  log_warn(LD_REND, "Client authorization encoded base32 private key "
2315  "can't be decoded: %s", seckey_b32);
2316  goto err;
2317  }
2318 
2319  if (fast_mem_is_zero((const char*)auth->enc_seckey.secret_key,
2320  sizeof(auth->enc_seckey.secret_key))) {
2321  log_warn(LD_REND, "Client authorization private key can't be all-zeroes");
2322  goto err;
2323  }
2324 
2325  strncpy(auth->onion_address, onion_address, HS_SERVICE_ADDR_LEN_BASE32);
2326 
2327  /* We are reading this from the disk, so set the permanent flag anyway. */
2328  auth->flags |= CLIENT_AUTH_FLAG_IS_PERMANENT;
2329 
2330  /* Success. */
2331  goto done;
2332 
2333  err:
2334  client_service_authorization_free(auth);
2335  done:
2336  /* It is also a good idea to wipe the private key. */
2337  if (seckey_b32) {
2338  memwipe(seckey_b32, 0, strlen(seckey_b32));
2339  }
2340  tor_assert(fields);
2341  SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
2342  smartlist_free(fields);
2343  return auth;
2344 }
2345 
2346 /** From a set of <b>options</b>, setup every client authorization detail
2347  * found. Return 0 on success or -1 on failure. If <b>validate_only</b>
2348  * is set, parse, warn and return as normal, but don't actually change
2349  * the configuration. */
2350 int
2352  int validate_only)
2353 {
2354  int ret = -1;
2355  digest256map_t *auths = digest256map_new();
2356  smartlist_t *file_list = NULL;
2357 
2358  tor_assert(options);
2359 
2360  /* There is no client auth configured. We can just silently ignore this
2361  * function. */
2362  if (!options->ClientOnionAuthDir) {
2363  ret = 0;
2364  goto end;
2365  }
2366 
2367  /* Make sure the directory exists and is private enough. */
2368  if (check_private_dir(options->ClientOnionAuthDir, 0, options->User) < 0) {
2369  goto end;
2370  }
2371 
2372  file_list = tor_listdir(options->ClientOnionAuthDir);
2373  if (file_list == NULL) {
2374  log_warn(LD_REND, "Client authorization key directory %s can't be listed.",
2375  options->ClientOnionAuthDir);
2376  goto end;
2377  }
2378 
2379  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
2380  hs_client_service_authorization_t *auth = NULL;
2381  ed25519_public_key_t identity_pk;
2382 
2383  auth = get_creds_from_client_auth_filename(filename, options);
2384  if (!auth) {
2385  continue;
2386  }
2387 
2388  /* Parse the onion address to get an identity public key and use it
2389  * as a key of global map in the future. */
2390  if (hs_parse_address(auth->onion_address, &identity_pk,
2391  NULL, NULL) < 0) {
2392  log_warn(LD_REND, "The onion address \"%s\" is invalid in "
2393  "file %s", filename, auth->onion_address);
2394  client_service_authorization_free(auth);
2395  continue;
2396  }
2397 
2398  if (digest256map_get(auths, identity_pk.pubkey)) {
2399  log_warn(LD_REND, "Duplicate authorization for the same hidden "
2400  "service address %s.",
2401  safe_str_client_opts(options, auth->onion_address));
2402  client_service_authorization_free(auth);
2403  goto end;
2404  }
2405 
2406  digest256map_set(auths, identity_pk.pubkey, auth);
2407  log_info(LD_REND, "Loaded a client authorization key file %s.",
2408  filename);
2409  } SMARTLIST_FOREACH_END(filename);
2410 
2411  /* Success. */
2412  ret = 0;
2413 
2414  end:
2415  if (file_list) {
2416  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
2417  smartlist_free(file_list);
2418  }
2419 
2420  if (!validate_only && ret == 0) {
2421  client_service_authorization_free_all();
2422  client_auths = auths;
2423  } else {
2424  digest256map_free(auths, client_service_authorization_free_void);
2425  }
2426 
2427  return ret;
2428 }
2429 
2430 /** Called when a descriptor directory fetch is done.
2431  *
2432  * Act accordingly on all entry connections depending on the HTTP status code
2433  * we got. In case of an error, the SOCKS error is set (if ExtendedErrors is
2434  * set).
2435  *
2436  * The reason is a human readable string returned by the directory server
2437  * which can describe the status of the request. The body is the response
2438  * content, on 200 code it is the descriptor itself. Finally, the status_code
2439  * is the HTTP code returned by the directory server. */
2440 void
2441 hs_client_dir_fetch_done(dir_connection_t *dir_conn, const char *reason,
2442  const char *body, const int status_code)
2443 {
2444  smartlist_t *entry_conns;
2445 
2446  tor_assert(dir_conn);
2447  tor_assert(body);
2448 
2449  /* Get all related entry connections. */
2450  entry_conns = find_entry_conns(&dir_conn->hs_ident->identity_pk);
2451 
2452  switch (status_code) {
2453  case 200:
2454  client_dir_fetch_200(dir_conn, entry_conns, body);
2455  break;
2456  case 404:
2457  client_dir_fetch_404(dir_conn, entry_conns);
2458  break;
2459  case 400:
2460  client_dir_fetch_400(dir_conn, reason);
2461  break;
2462  default:
2463  client_dir_fetch_unexpected(dir_conn, reason, status_code);
2464  break;
2465  }
2466 
2467  /* We don't have ownership of the objects in this list. */
2468  smartlist_free(entry_conns);
2469 }
2470 
2471 /** Return a newly allocated extend_info_t for a randomly chosen introduction
2472  * point for the given edge connection identifier ident. Return NULL if we
2473  * can't pick any usable introduction points. */
2474 extend_info_t *
2476 {
2477  tor_assert(edge_conn);
2478 
2479  return client_get_random_intro(&edge_conn->hs_ident->identity_pk);
2480 }
2481 
2482 /** Called when get an INTRODUCE_ACK cell on the introduction circuit circ.
2483  * Return 0 on success else a negative value is returned. The circuit will be
2484  * closed or reuse to extend again to another intro point. */
2485 int
2487  const uint8_t *payload, size_t payload_len)
2488 {
2489  int ret = -1;
2490 
2491  tor_assert(circ);
2492  tor_assert(payload);
2493 
2494  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
2495  log_warn(LD_PROTOCOL, "Unexpected INTRODUCE_ACK on circuit %u.",
2496  (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
2497  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2498  goto end;
2499  }
2500 
2501  ret = handle_introduce_ack(circ, payload, payload_len);
2502  /* For path bias: This circuit was used successfully. NACK or ACK counts. */
2504 
2505  end:
2506  return ret;
2507 }
2508 
2509 /** Called when get a RENDEZVOUS2 cell on the rendezvous circuit circ. Return
2510  * 0 on success else a negative value is returned. The circuit will be closed
2511  * on error. */
2512 int
2514  const uint8_t *payload, size_t payload_len)
2515 {
2516  int ret = -1;
2517 
2518  tor_assert(circ);
2519  tor_assert(payload);
2520 
2521  /* Circuit can possibly be in both state because we could receive a
2522  * RENDEZVOUS2 cell before the INTRODUCE_ACK has been received. */
2523  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_REND_READY &&
2525  log_warn(LD_PROTOCOL, "Unexpected RENDEZVOUS2 cell on circuit %u. "
2526  "Closing circuit.",
2527  (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
2528  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2529  goto end;
2530  }
2531 
2532  log_info(LD_REND, "Got RENDEZVOUS2 cell from hidden service on circuit %u.",
2533  TO_CIRCUIT(circ)->n_circ_id);
2534 
2535  ret = handle_rendezvous2(circ, payload, payload_len);
2536 
2537  end:
2538  return ret;
2539 }
2540 
2541 /** Extend the introduction circuit circ to another valid introduction point
2542  * for the hidden service it is trying to connect to, or mark it and launch a
2543  * new circuit if we can't extend it. Return 0 on success or possible
2544  * success. Return -1 and mark the introduction circuit for close on permanent
2545  * failure.
2546  *
2547  * On failure, the caller is responsible for marking the associated rendezvous
2548  * circuit for close. */
2549 int
2551 {
2552  int ret = -1;
2553  extend_info_t *ei;
2554 
2555  tor_assert(circ);
2556 
2558  if (ei == NULL) {
2559  log_warn(LD_REND, "No usable introduction points left. Closing.");
2560  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
2561  goto end;
2562  }
2563 
2564  if (circ->remaining_relay_early_cells) {
2565  log_info(LD_REND, "Re-extending circ %u, this time to %s.",
2566  (unsigned int) TO_CIRCUIT(circ)->n_circ_id,
2567  safe_str_client(extend_info_describe(ei)));
2568  ret = circuit_extend_to_new_exit(circ, ei);
2569  if (ret == 0) {
2570  /* We were able to extend so update the timestamp so we avoid expiring
2571  * this circuit too early. The intro circuit is short live so the
2572  * linkability issue is minimized, we just need the circuit to hold a
2573  * bit longer so we can introduce. */
2574  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2575  }
2576  } else {
2577  log_info(LD_REND, "Closing intro circ %u (out of RELAY_EARLY cells).",
2578  (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
2579  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
2580  /* connection_ap_handshake_attach_circuit will launch a new intro circ. */
2581  ret = 0;
2582  }
2583 
2584  end:
2585  extend_info_free(ei);
2586  return ret;
2587 }
2588 
2589 /** Close all client introduction circuits related to the given descriptor.
2590  * This is called with a descriptor that is about to get replaced in the
2591  * client cache.
2592  *
2593  * Even though the introduction point might be exactly the same, we'll rebuild
2594  * them if needed but the odds are very low that an existing matching
2595  * introduction circuit exists at that stage. */
2596 void
2598 {
2599  origin_circuit_t *ocirc = NULL;
2600 
2601  tor_assert(desc);
2602 
2603  /* We iterate over all client intro circuits because they aren't kept in the
2604  * HS circuitmap. That is probably something we want to do one day. */
2605  while ((ocirc = circuit_get_next_intro_circ(ocirc, true))) {
2606  if (ocirc->hs_ident == NULL) {
2607  /* Not a v3 circuit, ignore it. */
2608  continue;
2609  }
2610 
2611  /* Does it match any IP in the given descriptor? If not, ignore. */
2612  if (find_desc_intro_point_by_ident(ocirc->hs_ident, desc) == NULL) {
2613  continue;
2614  }
2615 
2616  /* We have a match. Close the circuit as consider it expired. */
2617  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2618  }
2619 }
2620 
2621 /** Release all the storage held by the client subsystem. */
2622 void
2624 {
2625  /* Purge the hidden service request cache. */
2627  client_service_authorization_free_all();
2628 
2629  /* This is NULL safe. */
2630  mainloop_event_free(dir_info_changed_ev);
2631 }
2632 
2633 /** Purge all potentially remotely-detectable state held in the hidden
2634  * service client code. Called on SIGNAL NEWNYM. */
2635 void
2637 {
2638  /* Cancel all descriptor fetches. Do this first so once done we are sure
2639  * that our descriptor cache won't modified. */
2640  cancel_descriptor_fetches();
2641  /* Purge the introduction point state cache. */
2643  /* Purge the descriptor cache. */
2645  /* Purge the last hidden service request cache. */
2647  /* Purge ephemeral client authorization. */
2649 
2650  log_info(LD_REND, "Hidden service client state has been purged.");
2651 }
2652 
2653 /** Called when our directory information has changed.
2654  *
2655  * The work done in that function has to either be kept within the HS subsystem
2656  * or else scheduled as a mainloop event. In other words, this function can't
2657  * call outside to another subsystem to avoid risking recursion problems. */
2658 void
2660 {
2661  /* Make sure the mainloop has been initialized. Code path exist that reaches
2662  * this before it is. */
2663  if (!tor_libevent_is_initialized()) {
2664  return;
2665  }
2666 
2667  /* Lazily create the event. HS Client subsystem doesn't have an init function
2668  * and so we do it here before activating it. */
2669  if (!dir_info_changed_ev) {
2671  }
2672  /* Activate it to run immediately. */
2674 }
2675 
2676 #ifdef TOR_UNIT_TESTS
2677 
2678 STATIC void
2679 set_hs_client_auths_map(digest256map_t *map)
2680 {
2681  client_auths = map;
2682 }
2683 
2684 #endif /* defined(TOR_UNIT_TESTS) */
time_t approx_time(void)
Definition: approx_time.c:32
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:615
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:672
const char * build_state_get_exit_nickname(cpath_build_state_t *state)
int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
Header file for circuitbuild.c.
origin_circuit_t * circuit_get_next_intro_circ(const origin_circuit_t *start, bool want_client_circ)
Definition: circuitlist.c:1699
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:88
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:147
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
Definition: circuitlist.h:86
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
Definition: circuitlist.h:76
#define CIRCUIT_PURPOSE_C_REND_READY
Definition: circuitlist.h:83
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
Definition: circuitlist.h:79
#define CIRCUIT_PURPOSE_C_INTRODUCING
Definition: circuitlist.h:73
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
Definition: circuitlist.h:81
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3028
Header file for circuituse.c.
bool tor_libevent_is_initialized(void)
mainloop_event_t * mainloop_event_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
void mainloop_event_activate(mainloop_event_t *event)
Header for compat_libevent.c.
const or_options_t * get_options(void)
Definition: config.c:926
const char * safe_str_client_opts(const or_options_t *options, const char *address)
Definition: config.c:1079
Header file for config.c.
bool congestion_control_enabled(void)
Public APIs for congestion control.
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5660
const char * connection_describe_peer(const connection_t *conn)
Definition: connection.c:531
Header file for connection.c.
#define CONN_TYPE_AP
Definition: connection.h:51
#define CONN_TYPE_DIR
Definition: connection.h:55
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_attach_pending(int retry)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
Header file for connection_edge.c.
#define AP_CONN_STATE_CIRCUIT_WAIT
#define AP_CONN_STATE_RENDDESC_WAIT
#define CONN_IS_EDGE(x)
Circuit-build-stse structure.
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
void ed25519_public_to_base64(char *output, const ed25519_public_key_t *pkey)
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
Header for crypto_format.c.
Common functions for using (pseudo-)random number generators.
int crypto_rand_int(unsigned int max)
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:224
const char * routerstatus_describe(const routerstatus_t *rs)
Definition: describe.c:203
Header file for describe.c.
#define fast_memneq(a, b, c)
Definition: di_ops.h:42
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define DIGEST256_LEN
Definition: digest_sizes.h:23
smartlist_t * tor_listdir(const char *dirname)
Definition: dir.c:307
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1041
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1028
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
Definition: dirclient.c:1143
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:945
void directory_initiate_request(directory_request_t *request)
Definition: dirclient.c:1248
void directory_request_fetch_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Definition: dirclient.c:1106
Header file for dirclient.c.
@ DIRIND_ANONYMOUS
Definition: dirclient.h:39
struct directory_request_t directory_request_t
Definition: dirclient.h:52
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:88
Header file for directory.c.
#define DIR_PURPOSE_HAS_FETCHED_HSDESC
Definition: directory.h:72
#define DIR_PURPOSE_FETCH_HSDESC
Definition: directory.h:69
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
const char * escaped(const char *s)
Definition: escape.c:126
Extend-info structure.
Header for core/or/extendinfo.c.
int write_str_to_file(const char *fname, const char *str, int bin)
Definition: files.c:274
int tor_unlink(const char *pathname)
Definition: files.c:154
void hs_cache_client_intro_state_purge(void)
Definition: hs_cache.c:1021
hs_desc_decode_status_t hs_cache_store_as_client(const char *desc_str, const ed25519_public_key_t *identity_pk)
Definition: hs_cache.c:874
void hs_cache_remove_as_client(const ed25519_public_key_t *key)
Definition: hs_cache.c:910
const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key)
Definition: hs_cache.c:843
void hs_cache_client_intro_state_note(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key, rend_intro_point_failure_t failure)
Definition: hs_cache.c:969
const hs_cache_intro_state_t * hs_cache_client_intro_state_find(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key)
Definition: hs_cache.c:991
void hs_cache_purge_as_client(void)
Definition: hs_cache.c:951
Header file for hs_cache.c.
int hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len)
Definition: hs_cell.c:1069
int hs_cell_parse_rendezvous2(const uint8_t *payload, size_t payload_len, uint8_t *handshake_info, size_t handshake_info_len)
Definition: hs_cell.c:1092
Header file containing cell data for the whole HS subsystem.
void hs_circ_setup_congestion_control(origin_circuit_t *origin_circ, uint8_t sendme_inc, bool is_single_onion)
Definition: hs_circuit.c:610
int hs_circ_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ, const hs_desc_intro_point_t *ip, const hs_subcredential_t *subcredential)
Definition: hs_circuit.c:1095
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
Definition: hs_circuit.c:1180
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Definition: hs_circuit.c:1064
Header file containing circuit data for the whole HS subsystem.
void hs_circuitmap_register_rend_circ_client_side(origin_circuit_t *or_circ, const uint8_t *cookie)
origin_circuit_t * hs_circuitmap_get_established_rend_circ_client_side(const uint8_t *cookie)
origin_circuit_t * hs_circuitmap_get_rend_circ_client_side(const uint8_t *cookie)
Header file for hs_circuitmap.c.
static void client_desc_has_arrived(const smartlist_t *entry_conns)
Definition: hs_client.c:1456
int hs_client_receive_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2486
static hs_client_fetch_status_t directory_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const routerstatus_t *hsdir)
Definition: hs_client.c:391
int hs_client_receive_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2513
static void client_service_authorization_free_void(void *auth)
Definition: hs_client.c:2230
static bool intro_points_all_timed_out(const ed25519_public_key_t *service_pk)
Definition: hs_client.c:1044
static char * get_client_auth_creds_filename(const char *onion_address, const char *dir)
Definition: hs_client.c:1643
static void socks_mark_introduction_failed(entry_connection_t *conn, const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:1108
static void client_dir_fetch_400(dir_connection_t *dir_conn, const char *reason)
Definition: hs_client.c:1604
int hs_config_client_authorization(const or_options_t *options, int validate_only)
Definition: hs_client.c:2351
digest256map_t * get_hs_client_auths_map(void)
Definition: hs_client.c:1921
hs_client_register_auth_status_t hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
Definition: hs_client.c:1718
void hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn)
Definition: hs_client.c:2014
static void note_connection_attempt_succeeded(const hs_ident_edge_conn_t *hs_conn_ident)
Definition: hs_client.c:378
STATIC void purge_ephemeral_client_auth(void)
Definition: hs_client.c:1424
static const hs_desc_intro_point_t * find_desc_intro_point_by_ident(const hs_ident_circuit_t *ident, const hs_descriptor_t *desc)
Definition: hs_client.c:545
static void client_rendezvous_circ_has_opened(origin_circuit_t *circ)
Definition: hs_client.c:833
static int send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
Definition: hs_client.c:609
STATIC hs_client_service_authorization_t * parse_auth_file_content(const char *client_key_str)
Definition: hs_client.c:2274
static const char * fetch_status_to_string(hs_client_fetch_status_t status)
Definition: hs_client.c:79
static digest256map_t * client_auths
Definition: hs_client.c:61
STATIC extend_info_t * desc_intro_point_to_extend_info(const hs_desc_intro_point_t *ip)
Definition: hs_client.c:879
static void handle_introduce_ack_success(origin_circuit_t *intro_circ)
Definition: hs_client.c:1185
void hs_client_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_client.c:1933
STATIC extend_info_t * client_get_random_intro(const ed25519_public_key_t *service_pk)
Definition: hs_client.c:941
static int handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:1255
STATIC int handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:1293
static void dir_info_changed_callback(mainloop_event_t *event, void *arg)
Definition: hs_client.c:66
static int setup_intro_circ_auth_key(origin_circuit_t *circ)
Definition: hs_client.c:736
static int directory_request_is_pending(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:242
int hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk, const hs_descriptor_t *desc)
Definition: hs_client.c:2089
STATIC routerstatus_t * pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk)
Definition: hs_client.c:443
STATIC int auth_key_filename_is_valid(const char *filename)
Definition: hs_client.c:2247
static int store_permanent_client_auth_credentials(const hs_client_service_authorization_t *creds)
Definition: hs_client.c:1662
hs_client_removal_auth_status_t hs_client_remove_auth_credentials(const char *hsaddress)
Definition: hs_client.c:1887
static hs_client_service_authorization_t * find_client_auth(const ed25519_public_key_t *service_identity_pk)
Definition: hs_client.c:1442
static void setup_rendezvous_circ_congestion_control(origin_circuit_t *circ)
Definition: hs_client.c:802
void hs_client_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const smartlist_t *hsdirs)
Definition: hs_client.c:499
static void client_dir_fetch_404(dir_connection_t *dir_conn, const smartlist_t *entry_conns)
Definition: hs_client.c:1580
static hs_desc_intro_point_t * find_desc_intro_point_by_legacy_id(const char *legacy_id, const hs_descriptor_t *desc)
Definition: hs_client.c:569
void hs_client_circuit_cleanup_on_free(const circuit_t *circ)
Definition: hs_client.c:1964
void hs_client_dir_info_changed(void)
Definition: hs_client.c:2659
STATIC hs_client_fetch_status_t fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
Definition: hs_client.c:480
int hs_client_reextend_intro_circuit(origin_circuit_t *circ)
Definition: hs_client.c:2550
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:2112
void hs_client_free_all(void)
Definition: hs_client.c:2623
static void client_intro_circ_has_opened(origin_circuit_t *circ)
Definition: hs_client.c:775
static void find_and_remove_client_auth_creds_file(const hs_client_service_authorization_t *cred)
Definition: hs_client.c:1837
static void mark_conn_as_waiting_for_circuit(connection_t *conn, time_t now)
Definition: hs_client.c:271
static hs_client_service_authorization_t * get_creds_from_client_auth_filename(const char *filename, const or_options_t *options)
Definition: hs_client.c:1768
static void close_all_socks_conns_waiting_for_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t status, int reason)
Definition: hs_client.c:292
static int close_or_reextend_intro_circ(origin_circuit_t *intro_circ)
Definition: hs_client.c:1131
static void client_dir_fetch_200(dir_connection_t *dir_conn, const smartlist_t *entry_conns, const char *body)
Definition: hs_client.c:1528
void hs_client_purge_state(void)
Definition: hs_client.c:2636
STATIC void retry_all_socks_conn_waiting_for_desc(void)
Definition: hs_client.c:322
void hs_client_close_intro_circuits_from_desc(const hs_descriptor_t *desc)
Definition: hs_client.c:2597
int hs_client_receive_rendezvous_acked(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2177
int hs_client_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
Definition: hs_client.c:2143
hs_desc_decode_status_t hs_client_decode_descriptor(const char *desc_str, const ed25519_public_key_t *service_identity_pk, hs_descriptor_t **desc)
Definition: hs_client.c:2032
static void client_desc_missing_bad_client_auth(const smartlist_t *entry_conns, hs_desc_decode_status_t status)
Definition: hs_client.c:1504
static void handle_introduce_ack_bad(origin_circuit_t *circ, int status)
Definition: hs_client.c:1232
void hs_client_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_client.c:2153
static void client_dir_fetch_unexpected(dir_connection_t *dir_conn, const char *reason, const int status_code)
Definition: hs_client.c:1622
void hs_client_dir_fetch_done(dir_connection_t *dir_conn, const char *reason, const char *body, const int status_code)
Definition: hs_client.c:2441
extend_info_t * hs_client_get_random_intro_from_edge(const edge_connection_t *edge_conn)
Definition: hs_client.c:2475
static int intro_circ_is_ok(const origin_circuit_t *circ)
Definition: hs_client.c:518
static unsigned int can_client_refetch_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t *status_out)
Definition: hs_client.c:1356
static int fetch_status_should_close_socks(hs_client_fetch_status_t status)
Definition: hs_client.c:104
static struct mainloop_event_t * dir_info_changed_ev
Definition: hs_client.c:57
static void socks_mark_rend_circuit_timed_out(const origin_circuit_t *rend_circ)
Definition: hs_client.c:1084
static void flag_all_conn_wait_desc(const ed25519_public_key_t *service_identity_pk)
Definition: hs_client.c:195
static void purge_hid_serv_request(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:221
static int intro_point_is_usable(const ed25519_public_key_t *service_pk, const hs_desc_intro_point_t *ip)
Definition: hs_client.c:901
Header file containing client data for the HS subsystem.
hs_client_fetch_status_t
Definition: hs_client.h:19
@ HS_CLIENT_FETCH_PENDING
Definition: hs_client.h:33
@ HS_CLIENT_FETCH_MISSING_INFO
Definition: hs_client.h:31
@ HS_CLIENT_FETCH_NO_HSDIRS
Definition: hs_client.h:27
@ HS_CLIENT_FETCH_HAVE_DESC
Definition: hs_client.h:25
@ HS_CLIENT_FETCH_NOT_ALLOWED
Definition: hs_client.h:29
@ HS_CLIENT_FETCH_ERROR
Definition: hs_client.h:21
@ HS_CLIENT_FETCH_LAUNCHED
Definition: hs_client.h:23
#define CLIENT_AUTH_FLAG_IS_PERMANENT
Definition: hs_client.h:63
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1224
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:565
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:269
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1481
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
Definition: hs_common.c:927
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1441
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:901
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:840
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:178
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
Definition: hs_common.c:1509
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
Definition: hs_common.c:1596
#define HS_VERSION_THREE
Definition: hs_common.h:23
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:80
void hs_control_desc_event_requested(const ed25519_public_key_t *onion_pk, const char *base64_blinded_pk, const routerstatus_t *hsdir_rs)
Definition: hs_control.c:29
void hs_control_desc_event_received(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest)
Definition: hs_control.c:89
void hs_control_desc_event_failed(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *reason)
Definition: hs_control.c:65
void hs_control_desc_event_content(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *body)
Definition: hs_control.c:178
Header file containing control port event related code.
bool hs_desc_supports_congestion_control(const hs_descriptor_t *desc)
hs_desc_decode_status_t hs_desc_decode_descriptor(const char *encoded, const hs_subcredential_t *subcredential, const curve25519_secret_key_t *client_auth_sk, hs_descriptor_t **desc_out)
Header file for hs_descriptor.c.
hs_desc_decode_status_t
Definition: hs_descriptor.h:74
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Definition: hs_ident.c:69
int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
Definition: hs_ident.c:104
Header file containing circuit and connection identifier data for the whole HS subsystem.
int hs_ntor_client_rendezvous2_mac_is_good(const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys, const uint8_t *rcvd_mac)
Definition: hs_ntor.c:594
Header for hs_ntor.c.
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define LD_PROTOCOL
Definition: log.h:72
#define LD_GENERAL
Definition: log.h:62
#define tor_free(p)
Definition: malloc.h:56
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:140
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
int usable_consensus_flavor(void)
Definition: microdesc.c:1086
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
Header file for networkstatus.c.
bool node_supports_v3_rendezvous_point(const node_t *node)
Definition: nodelist.c:1271
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2427
Header file for nodelist.c.
Header file for onion_crypto.c.
Master header file for Tor-specific functionality.
#define TO_CIRCUIT(x)
Definition: or.h:836
#define TO_CONN(c)
Definition: or.h:603
#define MAX_INTRO_POINT_REACHABILITY_FAILURES
Definition: or.h:942
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
Headers and type declarations for protover.c.
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
Header file for reasons.c.
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
Definition: routerset.c:308
Header file for routerset.c.
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_del(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
socks5_reply_status_t
Definition: socks5_status.h:20
Client request structure.
int marked_for_close_orig_reason
Definition: circuit_st.h:202
uint8_t purpose
Definition: circuit_st.h:112
time_t timestamp_last_read_allowed
uint8_t state
Definition: connection_st.h:49
uint16_t marked_for_close
time_t timestamp_created
time_t timestamp_last_write_allowed
extend_info_t * chosen_exit
char identity_digest[DIGEST_LEN]
struct edge_connection_t * next_stream
socks_request_t * socks_request
char identity_digest[DIGEST_LEN]
unsigned int error
Definition: hs_cache.h:39
unsigned int timed_out
Definition: hs_cache.h:42
uint32_t unreachable_count
Definition: hs_cache.h:45
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_client.h:72
curve25519_secret_key_t enc_seckey
Definition: hs_client.h:69
unsigned int single_onion_service
smartlist_t * intro_points
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * auth_key_cert
smartlist_t * link_specifiers
hs_desc_encrypted_data_t encrypted_data
hs_subcredential_t subcredential
hs_desc_plaintext_data_t plaintext_data
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
curve25519_keypair_t rendezvous_client_kp
Definition: hs_ident.h:72
curve25519_public_key_t intro_enc_pk
Definition: hs_ident.h:55
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
ed25519_public_key_t identity_pk
Definition: hs_ident.h:90
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
Definition: node_st.h:34
char * ClientOnionAuthDir
struct routerset_t * ExcludeNodes
struct hs_ident_circuit_t * hs_ident
edge_connection_t * p_streams
unsigned int remaining_relay_early_cells
cpath_build_state_t * build_state
socks5_reply_status_t socks_extended_error_code
ed25519_public_key_t signed_key
Definition: torcert.h:32
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
Definition: torcert.c:244
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
Definition: torcert.c:279
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
#define tor_assert(expr)
Definition: util_bug.h:102
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:251
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define ED25519_BASE64_LEN
Definition: x25519_sizes.h:43
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
#define CURVE25519_SECKEY_LEN
Definition: x25519_sizes.h:22