9#define HS_CLIENT_PRIVATE
24#include "feature/client/circpathbias.h"
52#include "trunnel/hs/cell_introduce1.h"
83 return "Internal error";
85 return "Descriptor fetch launched";
87 return "Already have descriptor";
89 return "No more HSDir available to query";
91 return "Fetching descriptors is not allowed";
93 return "Missing directory information";
95 return "Pending descriptor fetch";
97 return "(Unknown client fetch status code)";
137 time_t now = time(NULL);
150 if (!edge_conn->hs_ident ||
151 (service_identity_pk &&
160 } SMARTLIST_FOREACH_END(base_conn);
163 smartlist_free(conns);
169cancel_descriptor_fetches(
void)
175 if (BUG(ident == NULL)) {
180 log_debug(
LD_REND,
"Marking for close a directory connection fetching "
181 "a hidden service descriptor for service %s.",
183 connection_mark_for_close(conn);
184 } SMARTLIST_FOREACH_END(conn);
187 smartlist_free(conns);
188 log_info(
LD_REND,
"Hidden service client descriptor fetches cancelled.");
208 if (edge_conn->hs_ident &&
210 service_identity_pk)) {
213 } SMARTLIST_FOREACH_END(conn);
215 smartlist_free(conns);
250 if (BUG(ident == NULL)) {
260 } SMARTLIST_FOREACH_END(conn);
263 smartlist_free(conns);
296 unsigned int count = 0;
297 smartlist_t *entry_conns = find_entry_conns(identity_pk);
301 connection_mark_unattached_ap(entry_conn, reason);
303 } SMARTLIST_FOREACH_END(entry_conn);
308 log_notice(
LD_REND,
"Closed %u streams for service %s.onion "
309 "for reason %s. Fetch status: %s.",
310 count, safe_str_client(onion_address),
316 smartlist_free(entry_conns);
332 if (edge_conn->hs_ident == NULL) {
369 } SMARTLIST_FOREACH_END(entry_conn);
372 smartlist_free(entry_conns);
404 current_time_period, &blinded_pubkey);
420 directory_request_free(req);
422 log_info(
LD_REND,
"Descriptor fetch request for service %s with blinded "
423 "key %s to directory %s",
425 safe_str_client(base64_blinded_pubkey),
433 memwipe(&blinded_pubkey, 0,
sizeof(blinded_pubkey));
434 memwipe(base64_blinded_pubkey, 0,
sizeof(base64_blinded_pubkey));
435 memwipe(&hs_conn_dir_ident, 0,
sizeof(hs_conn_dir_ident));
455 current_time_period, &blinded_pubkey);
463 0, 1, responsible_hsdirs);
465 log_debug(
LD_REND,
"Found %d responsible HSDirs and about to pick one.",
466 smartlist_len(responsible_hsdirs));
470 hsdir_rs =
hs_pick_hsdir(responsible_hsdirs, base64_blinded_pubkey, NULL);
488 log_info(
LD_REND,
"Couldn't pick a v3 hsdir.");
504 if (hsdirs != NULL) {
507 } SMARTLIST_FOREACH_END(hsdir);
557 &ip->auth_key_cert->signed_key)) {
561 } SMARTLIST_FOREACH_END(ip);
583 const link_specifier_t *, lspec) {
586 if (link_specifier_get_ls_type(lspec) != LS_LEGACY_ID) {
590 link_specifier_getconstarray_un_legacy_id(lspec),
597 } SMARTLIST_FOREACH_END(lspec);
598 } SMARTLIST_FOREACH_END(ip);
621 if (
TO_CIRCUIT(intro_circ)->marked_for_close) {
630 INTRO_POINT_FAILURE_GENERIC);
644 TO_CIRCUIT(intro_circ)->timestamp_dirty = time(NULL);
652#define CLIENT_MAX_POW_EFFORT 10000
656#define CLIENT_MIN_RETRY_POW_EFFORT 8
659#define CLIENT_POW_EFFORT_DOUBLE_UNTIL 1000
663#define CLIENT_POW_RETRY_MULTIPLIER (1.5f)
689 log_info(
LD_REND,
"Considering sending INTRODUCE1 cell to service %s "
691 safe_str_client(onion_address),
TO_CIRCUIT(intro_circ)->n_circ_id);
703 log_info(
LD_REND,
"Request to %s %s. Trying to fetch a new descriptor.",
704 safe_str_client(onion_address),
705 (desc) ?
"didn't have usable intro points" :
706 "didn't have a descriptor");
721 circuit_mark_for_close(
TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
733 log_info(
LD_REND,
"Unable to find introduction point for service %s "
734 "while trying to send an INTRODUCE1 cell.",
735 safe_str_client(onion_address));
759 sizeof pow_inputs.
seed);
760 log_debug(
LD_REND,
"PoW params present in descriptor, suggested_effort=%u",
764 log_notice(
LD_REND,
"Onion service suggested effort %d which is "
765 "higher than we want to solve. Solving at %d instead.",
775 log_debug(
LD_REND,
"hs_cache state during PoW consideration, "
776 "error=%d timed_out=%d unreachable_count=%u",
779 uint64_t new_effort = pow_inputs.
effort;
780 for (
unsigned n_retry = 0; n_retry < unreachable_count; n_retry++) {
792 if (pow_inputs.
effort != (uint32_t)new_effort) {
793 log_info(
LD_REND,
"Increasing PoW effort from %d to %d after intro "
794 "point unreachable_count=%d",
795 pow_inputs.
effort, (
int)new_effort, unreachable_count);
796 pow_inputs.
effort = (uint32_t)new_effort;
799 if (pow_inputs.
effort > 0) {
805 log_warn(
LD_REND,
"Failed to enqueue PoW request");
826 if (!
TO_CIRCUIT(intro_circ)->marked_for_close) {
827 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_INTERNAL);
829 circuit_mark_for_close(
TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
837 memwipe(onion_address, 0,
sizeof(onion_address));
870 log_info(
LD_REND,
"Could not match opened intro circuit with intro point.");
880 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
890 log_info(
LD_REND,
"Introduction circuit %u has opened. Attaching streams.",
955 log_info(
LD_REND,
"Rendezvous node %s did not support v3 after circuit "
961 log_info(
LD_REND,
"Rendezvous circuit has opened to %s.",
1015 if (state == NULL) {
1020 log_info(
LD_REND,
"Intro point with auth key %s had an error. Not usable",
1025 log_info(
LD_REND,
"Intro point with auth key %s timed out. Not usable",
1030 log_info(
LD_REND,
"Intro point with auth key %s unreachable. Not usable",
1065 log_info(
LD_REND,
"Unable to randomly select an introduction point "
1066 "for service %s because descriptor %s. We can't connect.",
1067 safe_str_client(onion_address),
1068 (desc) ?
"doesn't have any usable intro points"
1069 :
"is missing (assuming v3 onion address)");
1076 while (smartlist_len(usable_ips) != 0) {
1083 ip = smartlist_get(usable_ips, idx);
1097 log_info(
LD_REND,
"Unable to select introduction point with auth key %s "
1098 "for service %s, because we could not extend to it.",
1100 safe_str_client(onion_address));
1113 extend_info_free(ei_excluded);
1129 log_warn(
LD_REND,
"Every introduction point for service %s is in the "
1130 "ExcludeNodes set and StrictNodes is set. We can't connect.",
1131 safe_str_client(onion_address));
1132 extend_info_free(ei);
1135 log_fn(LOG_PROTOCOL_WARN,
LD_REND,
"Every introduction point for service "
1136 "%s is unusable or we can't extend to it. We can't connect.",
1137 safe_str_client(onion_address));
1141 smartlist_free(usable_ips);
1142 memwipe(onion_address, 0,
sizeof(onion_address));
1166 &ip->auth_key_cert->signed_key);
1172 } SMARTLIST_FOREACH_END(ip);
1199 SOCKS5_HS_REND_FAILED;
1222 code = SOCKS5_HS_INTRO_TIMEDOUT;
1268 if (!
TO_CIRCUIT(intro_circ)->marked_for_close) {
1271 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1279 circuit_mark_for_close(
TO_CIRCUIT(rend_circ), END_CIRC_REASON_FINISHED);
1295 log_info(
LD_REND,
"Received INTRODUCE_ACK ack! Informing rendezvous");
1301 if (rend_circ == NULL) {
1302 log_info(
LD_REND,
"Can't find any rendezvous circuit. Stopping");
1306 assert_circ_anonymity_ok(rend_circ,
get_options());
1320 TO_CIRCUIT(rend_circ)->timestamp_dirty = time(NULL);
1326 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1340 log_info(
LD_REND,
"Received INTRODUCE_ACK nack by %s. Reason: %u",
1351 INTRO_POINT_FAILURE_GENERIC);
1362 int status, ret = -1;
1372 case TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS:
1376 case TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID:
1377 case TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT:
1415 sizeof(handshake_info)) < 0) {
1423 if (hs_ntor_client_get_rendezvous1_keys(&ident->
intro_auth_pk,
1427 log_info(
LD_REND,
"Unable to compute the rendezvous keys.");
1434 log_info(
LD_REND,
"Invalid MAC in RENDEZVOUS2. Rejecting cell.");
1440 sizeof(keys.ntor_key_seed), 0) < 0) {
1441 log_info(
LD_REND,
"Unable to setup the e2e encryption.");
1449 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
1451 memwipe(&keys, 0,
sizeof(keys));
1469 log_warn(
LD_REND,
"We received an onion address for a hidden service "
1470 "descriptor but we are configured to not fetch.");
1479 log_info(
LD_REND,
"Can't fetch descriptor for service %s because we "
1480 "are missing a live consensus. Stalling connection.",
1487 log_info(
LD_REND,
"Can't fetch descriptor for service %s because we "
1488 "dont have enough descriptors. Stalling connection.",
1497 int has_usable_intro =
false;
1498 int has_expired_hs_pow =
false;
1505 has_expired_hs_pow =
1510 if (has_usable_intro && !has_expired_hs_pow) {
1511 log_info(
LD_GENERAL,
"We would fetch a v3 hidden service descriptor "
1512 "but we already have a usable descriptor.");
1520 log_info(
LD_REND,
"Already a pending directory request. Waiting on it.");
1529 *status_out = status;
1546 client_service_authorization_free(auth);
1550 log_info(
LD_REND,
"Client onion service ephemeral authorization "
1551 "cache has been purged.");
1564 return digest256map_get(
client_auths, service_identity_pk->pubkey);
1573 time_t now = time(NULL);
1586 if (BUG(desc == NULL)) {
1591 log_info(
LD_REND,
"Hidden service descriptor is unusable. "
1592 "Closing streams.");
1597 connection_mark_unattached_ap(entry_conn,
1598 END_STREAM_REASON_RESOLVEFAILED);
1605 log_info(
LD_REND,
"Descriptor has arrived. Launching circuits.");
1610 } SMARTLIST_FOREACH_END(entry_conn);
1626 if (status == HS_DESC_DECODE_BAD_CLIENT_AUTH) {
1627 code = SOCKS5_HS_BAD_CLIENT_AUTH;
1628 }
else if (status == HS_DESC_DECODE_NEED_CLIENT_AUTH) {
1629 code = SOCKS5_HS_MISSING_CLIENT_AUTH;
1634 code = SOCKS5_GENERAL_ERROR;
1637 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_MISC);
1638 } SMARTLIST_FOREACH_END(entry_conn);
1655 switch (decode_status) {
1656 case HS_DESC_DECODE_OK:
1657 case HS_DESC_DECODE_NEED_CLIENT_AUTH:
1658 case HS_DESC_DECODE_BAD_CLIENT_AUTH:
1659 log_info(
LD_REND,
"Stored hidden service descriptor successfully.");
1661 if (decode_status == HS_DESC_DECODE_OK) {
1666 log_info(
LD_REND,
"Stored hidden service descriptor requires "
1667 "%s client authorization.",
1668 decode_status == HS_DESC_DECODE_NEED_CLIENT_AUTH ?
"missing"
1677 case HS_DESC_DECODE_ENCRYPTED_ERROR:
1678 case HS_DESC_DECODE_SUPERENC_ERROR:
1679 case HS_DESC_DECODE_PLAINTEXT_ERROR:
1680 case HS_DESC_DECODE_GENERIC_ERROR:
1682 log_info(
LD_REND,
"Failed to store hidden service descriptor. "
1683 "Descriptor decoding status: %d", decode_status);
1702 log_info(
LD_REND,
"Fetching hidden service v3 descriptor not found: "
1703 "Retrying at another directory.");
1713 SOCKS5_HS_NOT_FOUND;
1714 } SMARTLIST_FOREACH_END(entry_conn);
1723 log_warn(
LD_REND,
"Fetching v3 hidden service descriptor failed: "
1724 "http status 400 (%s). Dirserver didn't like our "
1725 "query? Retrying at another directory.",
1738 const int status_code)
1742 log_warn(
LD_REND,
"Fetching v3 hidden service descriptor failed: "
1743 "http status %d (%s) response unexpected from HSDir "
1744 "server %s'. Retrying at another directory.",
1761 char *full_fname = NULL;
1764 tor_asprintf(&fname,
"%s.auth_private", onion_address);
1781 char *full_fname = NULL;
1782 char *file_contents = NULL;
1790 log_warn(
LD_GENERAL,
"Can't register permanent client auth credentials "
1791 "for %s without ClientOnionAuthDir option. Discarding.",
1811 tor_asprintf(&file_contents,
"%s:descriptor:x25519:%s",
1814 log_warn(
LD_GENERAL,
"Failed to write client auth creds file for %s!",
1832hs_client_register_auth_status_t
1837 hs_client_register_auth_status_t retval = REGISTER_SUCCESS;
1847 client_service_authorization_free(creds);
1848 return REGISTER_FAIL_BAD_ADDRESS;
1855 client_service_authorization_free(creds);
1856 return REGISTER_FAIL_PERMANENT_STORAGE;
1860 old_creds = digest256map_get(
client_auths, service_identity_pk.pubkey);
1862 digest256map_remove(
client_auths, service_identity_pk.pubkey);
1863 client_service_authorization_free(old_creds);
1864 retval = REGISTER_SUCCESS_ALREADY_EXISTS;
1867 digest256map_set(
client_auths, service_identity_pk.pubkey, creds);
1871 if (hs_cache_client_new_auth_parse(&service_identity_pk)) {
1872 retval = REGISTER_SUCCESS_AND_DECRYPTED;
1887 char *client_key_file_path = NULL;
1888 char *client_key_str = NULL;
1890 log_info(
LD_REND,
"Loading a client authorization key file %s...",
1894 log_notice(
LD_REND,
"Client authorization unrecognized filename %s. "
1895 "File must end in .auth_private. Ignoring.",
1904 client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1905 if (!client_key_str) {
1906 log_warn(
LD_REND,
"The file %s cannot be read.", filename);
1927remove_client_auth_creds_file(
const char *filename)
1929 char *creds_file_path = NULL;
1935 log_warn(
LD_REND,
"Failed to remove client auth file (%s).",
1940 log_warn(
LD_REND,
"Successfully removed client auth file (%s).",
1961 log_warn(
LD_REND,
"Found permanent credential but no ClientOnionAuthDir "
1962 "configured. There is no file to be removed.");
1967 if (file_list == NULL) {
1968 log_warn(
LD_REND,
"Client authorization key directory %s can't be listed.",
1984 remove_client_auth_creds_file(filename);
1986 client_service_authorization_free(tmp_cred);
1990 client_service_authorization_free(tmp_cred);
1991 } SMARTLIST_FOREACH_END(filename);
1996 smartlist_free(file_list);
2001hs_client_removal_auth_status_t
2007 return REMOVAL_SUCCESS_NOT_FOUND;
2011 return REMOVAL_BAD_ADDRESS;
2015 cred = digest256map_remove(
client_auths, service_identity_pk.pubkey);
2027 client_service_authorization_free(cred);
2028 return REMOVAL_SUCCESS;
2031 return REMOVAL_SUCCESS_NOT_FOUND;
2067 if (has_timed_out) {
2082 rend_intro_point_failure_t failure = INTRO_POINT_FAILURE_UNREACHABLE;
2088 orig_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
2094 if (has_timed_out) {
2095 failure = INTRO_POINT_FAILURE_TIMEOUT;
2100 log_info(
LD_REND,
"Failed v3 intro circ for service %s to intro point %s "
2101 "(awaiting ACK). Failure code: %d",
2114 failure = INTRO_POINT_FAILURE_UNREACHABLE;
2115 log_info(
LD_REND,
"Failed v3 intro circ for service %s to intro point %s "
2116 "(while building circuit). Marking as unreachable.",
2134 if (conn->hs_ident) {
2178 client_auth_sk, desc);
2179 memwipe(&subcredential, 0,
sizeof(subcredential));
2180 if (ret != HS_DESC_DECODE_OK) {
2187 tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
2190 log_warn(
LD_GENERAL,
"Descriptor signing key certificate signature "
2191 "doesn't validate with computed blinded key: %s",
2193 ret = HS_DESC_DECODE_GENERIC_ERROR;
2197 return HS_DESC_DECODE_OK;
2216 } SMARTLIST_FOREACH_END(ip);
2243 END_STREAM_REASON_RESOLVEFAILED);
2294 const uint8_t *payload,
size_t payload_len)
2302 log_warn(
LD_PROTOCOL,
"Got a RENDEZVOUS_ESTABLISHED but we were not "
2303 "expecting one. Closing circuit.");
2307 log_info(
LD_REND,
"Received an RENDEZVOUS_ESTABLISHED. This circuit is "
2308 "now ready for rendezvous.");
2313 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2327 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2340 memwipe(auth, 0,
sizeof(*auth));
2348 client_service_authorization_free_(auth);
2352client_service_authorization_free_all(
void)
2366 const char *valid_extension =
".auth_private";
2372 if (!
strcmpend(filename, valid_extension) &&
2373 strlen(filename) != strlen(valid_extension)) {
2392 char *onion_address = NULL;
2393 char *auth_type = NULL;
2394 char *key_type = NULL;
2395 char *seckey_b32 = NULL;
2402 SPLIT_SKIP_SPACE, 0);
2404 if (smartlist_len(fields) != 4) {
2408 onion_address = smartlist_get(fields, 0);
2409 auth_type = smartlist_get(fields, 1);
2410 key_type = smartlist_get(fields, 2);
2411 seckey_b32 = smartlist_get(fields, 3);
2415 if (strcmp(auth_type,
"descriptor") || strcmp(key_type,
"x25519")) {
2420 log_warn(
LD_REND,
"Client authorization encoded base32 private key "
2421 "length is invalid: %s", seckey_b32);
2428 seckey_b32, strlen(seckey_b32)) !=
2430 log_warn(
LD_REND,
"Client authorization encoded base32 private key "
2431 "can't be decoded: %s", seckey_b32);
2437 log_warn(
LD_REND,
"Client authorization private key can't be all-zeroes");
2450 client_service_authorization_free(auth);
2454 memwipe(seckey_b32, 0, strlen(seckey_b32));
2458 smartlist_free(fields);
2471 digest256map_t *auths = digest256map_new();
2489 if (file_list == NULL) {
2490 log_warn(
LD_REND,
"Client authorization key directory %s can't be listed.",
2508 log_warn(
LD_REND,
"The onion address \"%s\" is invalid in "
2510 client_service_authorization_free(auth);
2514 if (digest256map_get(auths, identity_pk.pubkey)) {
2515 log_warn(
LD_REND,
"Duplicate authorization for the same hidden "
2516 "service address %s.",
2518 client_service_authorization_free(auth);
2522 digest256map_set(auths, identity_pk.pubkey, auth);
2523 log_info(
LD_REND,
"Loaded a client authorization key file %s.",
2525 } SMARTLIST_FOREACH_END(filename);
2533 smartlist_free(file_list);
2536 if (!validate_only && ret == 0) {
2537 client_service_authorization_free_all();
2558 const char *body,
const int status_code)
2566 entry_conns = find_entry_conns(&dir_conn->hs_ident->
identity_pk);
2568 switch (status_code) {
2584 smartlist_free(entry_conns);
2603 const uint8_t *payload,
size_t payload_len)
2611 log_warn(
LD_PROTOCOL,
"Unexpected INTRODUCE_ACK on circuit %u.",
2613 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2630 const uint8_t *payload,
size_t payload_len)
2641 log_warn(
LD_PROTOCOL,
"Unexpected RENDEZVOUS2 cell on circuit %u. "
2644 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2648 log_info(
LD_REND,
"Got RENDEZVOUS2 cell from hidden service on circuit %u.",
2675 log_warn(
LD_REND,
"No usable introduction points left. Closing.");
2676 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
2681 log_info(
LD_REND,
"Re-extending circ %u, this time to %s.",
2690 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2693 log_info(
LD_REND,
"Closing intro circ %u (out of RELAY_EARLY cells).",
2695 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
2701 extend_info_free(ei);
2733 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2743 client_service_authorization_free_all();
2756 cancel_descriptor_fetches();
2766 log_info(
LD_REND,
"Hidden service client state has been purged.");
2792#ifdef TOR_UNIT_TESTS
2795set_hs_client_auths_map(digest256map_t *map)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void pathbias_count_use_attempt(origin_circuit_t *circ)
void pathbias_mark_use_success(origin_circuit_t *circ)
int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
const char * build_state_get_exit_nickname(cpath_build_state_t *state)
Header file for circuitbuild.c.
origin_circuit_t * circuit_get_next_intro_circ(const origin_circuit_t *start, bool want_client_circ)
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_C_REND_JOINED
#define CIRCUIT_IS_ORIGIN(c)
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
#define CIRCUIT_PURPOSE_C_REND_READY
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
#define CIRCUIT_PURPOSE_C_INTRODUCING
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Header file for circuituse.c.
bool tor_libevent_is_initialized(void)
mainloop_event_t * mainloop_event_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
void mainloop_event_activate(mainloop_event_t *event)
Header for compat_libevent.c.
const char * safe_str_client_opts(const or_options_t *options, const char *address)
const or_options_t * get_options(void)
Header file for config.c.
bool congestion_control_enabled(void)
Public APIs for congestion control.
void assert_connection_ok(connection_t *conn, time_t now)
const char * connection_describe_peer(const connection_t *conn)
Header file for connection.c.
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_attach_pending(int retry)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
Header file for connection_edge.c.
#define AP_CONN_STATE_CIRCUIT_WAIT
#define AP_CONN_STATE_RENDDESC_WAIT
Circuit-build-stse structure.
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Common functions for using (pseudo-)random number generators.
int crypto_rand_int(unsigned int max)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
const char * routerstatus_describe(const routerstatus_t *rs)
Header file for describe.c.
#define fast_memneq(a, b, c)
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
smartlist_t * tor_listdir(const char *dirname)
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
void directory_initiate_request(directory_request_t *request)
directory_request_t * directory_request_new(uint8_t dir_purpose)
void directory_request_fetch_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Header file for dirclient.c.
struct directory_request_t directory_request_t
dir_connection_t * TO_DIR_CONN(connection_t *c)
Header file for directory.c.
#define DIR_PURPOSE_HAS_FETCHED_HSDESC
#define DIR_PURPOSE_FETCH_HSDESC
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
const char * escaped(const char *s)
Header for core/or/extendinfo.c.
int write_str_to_file(const char *fname, const char *str, int bin)
int tor_unlink(const char *pathname)
void hs_cache_client_intro_state_purge(void)
hs_desc_decode_status_t hs_cache_store_as_client(const char *desc_str, const ed25519_public_key_t *identity_pk)
void hs_cache_remove_as_client(const ed25519_public_key_t *key)
const hs_cache_intro_state_t * hs_cache_client_intro_state_find(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key)
void hs_cache_client_intro_state_note(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key, rend_intro_point_failure_t failure)
void hs_cache_purge_as_client(void)
const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key)
Header file for hs_cache.c.
int hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len)
int hs_cell_parse_rendezvous2(const uint8_t *payload, size_t payload_len, uint8_t *handshake_info, size_t handshake_info_len)
Header file containing cell data for the whole HS subsystem.
int hs_circ_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ, const hs_desc_intro_point_t *ip, const hs_subcredential_t *subcredential, const hs_pow_solution_t *pow_solution)
void hs_circ_setup_congestion_control(origin_circuit_t *origin_circ, uint8_t sendme_inc, bool is_single_onion)
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Header file containing circuit data for the whole HS subsystem.
origin_circuit_t * hs_circuitmap_get_rend_circ_client_side(const uint8_t *cookie)
void hs_circuitmap_register_rend_circ_client_side(origin_circuit_t *or_circ, const uint8_t *cookie)
origin_circuit_t * hs_circuitmap_get_established_rend_circ_client_side(const uint8_t *cookie)
Header file for hs_circuitmap.c.
static void client_desc_has_arrived(const smartlist_t *entry_conns)
const hs_desc_intro_point_t * find_desc_intro_point_by_ident(const hs_ident_circuit_t *ident, const hs_descriptor_t *desc)
int hs_client_receive_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static hs_client_fetch_status_t directory_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const routerstatus_t *hsdir)
#define CLIENT_POW_RETRY_MULTIPLIER
int hs_client_receive_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void client_service_authorization_free_void(void *auth)
STATIC extend_info_t * client_get_random_intro(const ed25519_public_key_t *service_pk)
static bool intro_points_all_timed_out(const ed25519_public_key_t *service_pk)
STATIC routerstatus_t * pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk)
static int consider_sending_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
static void socks_mark_introduction_failed(entry_connection_t *conn, const ed25519_public_key_t *identity_pk)
static void client_dir_fetch_400(dir_connection_t *dir_conn, const char *reason)
int hs_config_client_authorization(const or_options_t *options, int validate_only)
hs_client_register_auth_status_t hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
void hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn)
static void note_connection_attempt_succeeded(const hs_ident_edge_conn_t *hs_conn_ident)
STATIC void purge_ephemeral_client_auth(void)
static void client_rendezvous_circ_has_opened(origin_circuit_t *circ)
static digest256map_t * client_auths
STATIC extend_info_t * desc_intro_point_to_extend_info(const hs_desc_intro_point_t *ip)
static const char * fetch_status_to_string(hs_client_fetch_status_t status)
static void handle_introduce_ack_success(origin_circuit_t *intro_circ)
void hs_client_circuit_cleanup_on_close(const circuit_t *circ)
static int handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
STATIC int handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void dir_info_changed_callback(mainloop_event_t *event, void *arg)
static int directory_request_is_pending(const ed25519_public_key_t *identity_pk)
int hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk, const hs_descriptor_t *desc)
#define CLIENT_POW_EFFORT_DOUBLE_UNTIL
STATIC int auth_key_filename_is_valid(const char *filename)
static int store_permanent_client_auth_credentials(const hs_client_service_authorization_t *creds)
hs_client_removal_auth_status_t hs_client_remove_auth_credentials(const char *hsaddress)
static void setup_rendezvous_circ_congestion_control(origin_circuit_t *circ)
void hs_client_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const smartlist_t *hsdirs)
static hs_client_service_authorization_t * get_creds_from_client_auth_filename(const char *filename, const or_options_t *options)
STATIC hs_client_service_authorization_t * parse_auth_file_content(const char *client_key_str)
static void client_dir_fetch_404(dir_connection_t *dir_conn, const smartlist_t *entry_conns)
digest256map_t * get_hs_client_auths_map(void)
#define CLIENT_MIN_RETRY_POW_EFFORT
void hs_client_circuit_cleanup_on_free(const circuit_t *circ)
void hs_client_dir_info_changed(void)
static hs_desc_intro_point_t * find_desc_intro_point_by_legacy_id(const char *legacy_id, const hs_descriptor_t *desc)
STATIC hs_client_fetch_status_t fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
int hs_client_reextend_intro_circuit(origin_circuit_t *circ)
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
void hs_client_free_all(void)
static void client_intro_circ_has_opened(origin_circuit_t *circ)
static void find_and_remove_client_auth_creds_file(const hs_client_service_authorization_t *cred)
static void mark_conn_as_waiting_for_circuit(connection_t *conn, time_t now)
static void close_all_socks_conns_waiting_for_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t status, int reason)
static int close_or_reextend_intro_circ(origin_circuit_t *intro_circ)
int send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ, const hs_descriptor_t *desc, hs_pow_solution_t *pow_solution, const hs_desc_intro_point_t *ip)
static void client_dir_fetch_200(dir_connection_t *dir_conn, const smartlist_t *entry_conns, const char *body)
void hs_client_purge_state(void)
STATIC void retry_all_socks_conn_waiting_for_desc(void)
static hs_client_service_authorization_t * find_client_auth(const ed25519_public_key_t *service_identity_pk)
#define CLIENT_MAX_POW_EFFORT
static char * get_client_auth_creds_filename(const char *onion_address, const char *dir)
void hs_client_close_intro_circuits_from_desc(const hs_descriptor_t *desc)
int hs_client_receive_rendezvous_acked(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
int hs_client_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
hs_desc_decode_status_t hs_client_decode_descriptor(const char *desc_str, const ed25519_public_key_t *service_identity_pk, hs_descriptor_t **desc)
static void client_desc_missing_bad_client_auth(const smartlist_t *entry_conns, hs_desc_decode_status_t status)
static void handle_introduce_ack_bad(origin_circuit_t *circ, int status)
void hs_client_circuit_has_opened(origin_circuit_t *circ)
static void client_dir_fetch_unexpected(dir_connection_t *dir_conn, const char *reason, const int status_code)
void hs_client_dir_fetch_done(dir_connection_t *dir_conn, const char *reason, const char *body, const int status_code)
extend_info_t * hs_client_get_random_intro_from_edge(const edge_connection_t *edge_conn)
static int intro_circ_is_ok(const origin_circuit_t *circ)
static unsigned int can_client_refetch_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t *status_out)
int hs_client_setup_intro_circ_auth_key(origin_circuit_t *circ)
static int fetch_status_should_close_socks(hs_client_fetch_status_t status)
static struct mainloop_event_t * dir_info_changed_ev
static void socks_mark_rend_circuit_timed_out(const origin_circuit_t *rend_circ)
static void flag_all_conn_wait_desc(const ed25519_public_key_t *service_identity_pk)
static void purge_hid_serv_request(const ed25519_public_key_t *identity_pk)
static int intro_point_is_usable(const ed25519_public_key_t *service_pk, const hs_desc_intro_point_t *ip)
Header file containing client data for the HS subsystem.
@ HS_CLIENT_FETCH_PENDING
@ HS_CLIENT_FETCH_MISSING_INFO
@ HS_CLIENT_FETCH_NO_HSDIRS
@ HS_CLIENT_FETCH_HAVE_DESC
@ HS_CLIENT_FETCH_NOT_ALLOWED
@ HS_CLIENT_FETCH_LAUNCHED
#define CLIENT_AUTH_FLAG_IS_PERMANENT
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
uint64_t hs_get_time_period_num(time_t now)
void hs_purge_last_hid_serv_requests(void)
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
char * hs_path_from_filename(const char *directory, const char *filename)
#define HS_SERVICE_ADDR_LEN_BASE32
void hs_control_desc_event_requested(const ed25519_public_key_t *onion_pk, const char *base64_blinded_pk, const routerstatus_t *hsdir_rs)
void hs_control_desc_event_received(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest)
void hs_control_desc_event_failed(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *reason)
void hs_control_desc_event_content(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *body)
Header file containing control port event related code.
bool hs_desc_supports_congestion_control(const hs_descriptor_t *desc)
hs_desc_decode_status_t hs_desc_decode_descriptor(const char *encoded, const hs_subcredential_t *subcredential, const curve25519_secret_key_t *client_auth_sk, hs_descriptor_t **desc_out)
Header file for hs_descriptor.c.
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
Header file containing circuit and connection identifier data for the whole HS subsystem.
int hs_ntor_client_rendezvous2_mac_is_good(const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys, const uint8_t *rcvd_mac)
int hs_pow_queue_work(uint32_t intro_circ_identifier, const uint8_t *rend_circ_cookie, const hs_pow_solver_inputs_t *pow_inputs)
#define log_fn(severity, domain, args,...)
#define MAP_DEL_CURRENT(keyvar)
#define DIGESTMAP_FOREACH_END
int usable_consensus_flavor(void)
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
Header file for networkstatus.c.
const node_t * node_get_by_id(const char *identity_digest)
bool node_supports_v3_rendezvous_point(const node_t *node)
int router_have_minimum_dir_info(void)
Header file for nodelist.c.
Header file for onion_crypto.c.
Master header file for Tor-specific functionality.
#define MAX_INTRO_POINT_REACHABILITY_FAILURES
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
Headers and type declarations for protover.c.
const char * stream_end_reason_to_string(int reason)
Header file for reasons.c.
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
Header file for routerset.c.
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_del(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Client request structure.
int marked_for_close_orig_reason
time_t timestamp_last_read_allowed
uint16_t marked_for_close
time_t timestamp_last_write_allowed
extend_info_t * chosen_exit
char identity_digest[DIGEST_LEN]
struct edge_connection_t * next_stream
socks_request_t * socks_request
char identity_digest[DIGEST_LEN]
uint32_t unreachable_count
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
curve25519_secret_key_t enc_seckey
hs_pow_desc_params_t * pow_params
unsigned int single_onion_service
smartlist_t * intro_points
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * auth_key_cert
smartlist_t * link_specifiers
ed25519_public_key_t blinded_pubkey
hs_desc_encrypted_data_t encrypted_data
hs_subcredential_t subcredential
hs_desc_plaintext_data_t plaintext_data
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
ed25519_public_key_t intro_auth_pk
curve25519_keypair_t rendezvous_client_kp
curve25519_public_key_t intro_enc_pk
ed25519_public_key_t identity_pk
ed25519_public_key_t identity_pk
ed25519_public_key_t identity_pk
uint8_t seed[HS_POW_SEED_LEN]
uint32_t suggested_effort
char * ClientOnionAuthDir
struct routerset_t * ExcludeNodes
int CompiledProofOfWorkHash
uint32_t global_identifier
struct hs_ident_circuit_t * hs_ident
edge_connection_t * p_streams
unsigned int remaining_relay_early_cells
unsigned int hs_currently_solving_pow
cpath_build_state_t * build_state
socks5_reply_status_t socks_extended_error_code
ed25519_public_key_t signed_key
#define MOCK_IMPL(rv, funcname, arglist)
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
#define tor_assert_nonfatal_unreached()
int strcmpend(const char *s1, const char *s2)
int fast_mem_is_zero(const char *mem, size_t len)
#define ED25519_BASE64_LEN
#define CURVE25519_PUBKEY_LEN
#define CURVE25519_SECKEY_LEN