This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
commit f0b63ca242a66cb5172e6b11a9f068ed348f601b Author: David Goulet dgoulet@torproject.org AuthorDate: Wed Jun 29 11:05:35 2022 -0400
hs: Move rendezvous circuit data structure
When parsing an INTRODUCE2 cell, we extract data in order to launch the rendezvous circuit. This commit creates a data structure just for that data so it can be used by future commits for prop327 in order to copy that data over a priority queue instead of the whole intro data data structure which contains pointers that could dissapear.
Signed-off-by: David Goulet dgoulet@torproject.org --- src/feature/hs/hs_cell.c | 23 ++++++++++++----------- src/feature/hs/hs_cell.h | 27 +++++++++++++++++---------- src/feature/hs/hs_circuit.c | 25 ++++++++++++++----------- 3 files changed, 43 insertions(+), 32 deletions(-)
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 32da706a63..603d997c42 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -812,7 +812,7 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data, data->n_subcredentials, data->subcredentials, encrypted_section, - &data->client_pk); + &data->rdv_data.client_pk); if (intro_keys == NULL) { log_info(LD_REND, "Invalid INTRODUCE2 encrypted data. Unable to " "compute key material"); @@ -875,9 +875,9 @@ parse_introduce_cell_extension(hs_cell_introduce2_data_t *data, switch (trn_extension_field_get_field_type(field)) { case TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST: /* CC requests, enable it. */ - data->cc_enabled = 1; + data->rdv_data.cc_enabled = 1; data->pv.protocols_known = 1; - data->pv.supports_congestion_control = data->cc_enabled; + data->pv.supports_congestion_control = data->rdv_data.cc_enabled; break; default: break; @@ -944,7 +944,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, * guaranteed to exist because of the length check above). We are gonna use * the client public key to compute the ntor keys and decrypt the payload: */ - memcpy(&data->client_pk.public_key, encrypted_section, + memcpy(&data->rdv_data.client_pk.public_key, encrypted_section, CURVE25519_PUBKEY_LEN);
/* Get the right INTRODUCE2 ntor keys and verify the cell MAC */ @@ -960,12 +960,13 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, { /* The ENCRYPTED_DATA section starts just after the CLIENT_PK. */ const uint8_t *encrypted_data = - encrypted_section + sizeof(data->client_pk); + encrypted_section + sizeof(data->rdv_data.client_pk); /* It's symmetric encryption so it's correct to use the ENCRYPTED length * for decryption. Computes the length of ENCRYPTED_DATA meaning removing * the CLIENT_PK and MAC length. */ size_t encrypted_data_len = - encrypted_section_len - (sizeof(data->client_pk) + DIGEST256_LEN); + encrypted_section_len - + (sizeof(data->rdv_data.client_pk) + DIGEST256_LEN);
/* This decrypts the ENCRYPTED_DATA section of the cell. */ decrypted = decrypt_introduce2(intro_keys->enc_key, @@ -992,12 +993,12 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
/* Extract onion key and rendezvous cookie from the cell used for the * rendezvous point circuit e2e encryption. */ - memcpy(data->onion_pk.public_key, + memcpy(data->rdv_data.onion_pk.public_key, trn_cell_introduce_encrypted_getconstarray_onion_key(enc_cell), CURVE25519_PUBKEY_LEN); - memcpy(data->rendezvous_cookie, + memcpy(data->rdv_data.rendezvous_cookie, trn_cell_introduce_encrypted_getconstarray_rend_cookie(enc_cell), - sizeof(data->rendezvous_cookie)); + sizeof(data->rdv_data.rendezvous_cookie));
/* Extract rendezvous link specifiers. */ for (size_t idx = 0; @@ -1011,7 +1012,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, if (BUG(!lspec_dup)) { goto done; } - smartlist_add(data->link_specifiers, lspec_dup); + smartlist_add(data->rdv_data.link_specifiers, lspec_dup); }
/* Extract any extensions. */ @@ -1031,7 +1032,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
/* If the client asked for congestion control, but we don't support it, * that's a failure. It should not have asked, based on our descriptor. */ - if (data->cc_enabled && !congestion_control_enabled()) { + if (data->rdv_data.cc_enabled && !congestion_control_enabled()) { goto done; }
diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h index 2735401c05..61c0a94b20 100644 --- a/src/feature/hs/hs_cell.h +++ b/src/feature/hs/hs_cell.h @@ -47,6 +47,21 @@ typedef struct hs_cell_introduce1_data_t { const hs_pow_solution_t *pow_solution; } hs_cell_introduce1_data_t;
+/** Introduction data needed to launch a rendezvous circuit. This is set after + * receiving an INTRODUCE2 valid cell. */ +typedef struct hs_cell_intro_rdv_data_t { + /** Onion public key computed using the INTRODUCE2 encrypted section. */ + curve25519_public_key_t onion_pk; + /** Rendezvous cookie taken from the INTRODUCE2 encrypted section. */ + uint8_t rendezvous_cookie[REND_COOKIE_LEN]; + /** Client public key from the INTRODUCE2 encrypted section. */ + curve25519_public_key_t client_pk; + /** Link specifiers of the rendezvous point. Contains link_specifier_t. */ + smartlist_t *link_specifiers; + /** Congestion control parameters. */ + unsigned int cc_enabled : 1; +} hs_cell_intro_rdv_data_t; + /** This data structure contains data that we need to parse an INTRODUCE2 cell * which is used by the INTRODUCE2 cell parsing function. On a successful * parsing, the onion_pk and rendezvous_cookie will be populated with the @@ -77,20 +92,12 @@ typedef struct hs_cell_introduce2_data_t {
/*** Mutable Section: Set upon parsing INTRODUCE2 cell. ***/
- /** Onion public key computed using the INTRODUCE2 encrypted section. */ - curve25519_public_key_t onion_pk; - /** Rendezvous cookie taken from the INTRODUCE2 encrypted section. */ - uint8_t rendezvous_cookie[REND_COOKIE_LEN]; - /** Client public key from the INTRODUCE2 encrypted section. */ - curve25519_public_key_t client_pk; - /** Link specifiers of the rendezvous point. Contains link_specifier_t. */ - smartlist_t *link_specifiers; + /** Data needed to launch a rendezvous circuit. */ + hs_cell_intro_rdv_data_t rdv_data; /** Replay cache of the introduction point. */ replaycache_t *replay_cache; /** Flow control negotiation parameters. */ protover_summary_flags_t pv; - /** Congestion control parameters. */ - unsigned int cc_enabled : 1; } hs_cell_introduce2_data_t;
/* Build cell API. */ diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c index 3f8f16955f..835cd366ad 100644 --- a/src/feature/hs/hs_circuit.c +++ b/src/feature/hs/hs_circuit.c @@ -326,8 +326,8 @@ launch_rendezvous_point_circuit,(const hs_service_t *service,
/* Get the extend info data structure for the chosen rendezvous point * specified by the given link specifiers. */ - info = hs_get_extend_info_from_lspecs(data->link_specifiers, - &data->onion_pk, + info = hs_get_extend_info_from_lspecs(data->rdv_data.link_specifiers, + &data->rdv_data.onion_pk, service->config.is_single_onion); if (info == NULL) { /* We are done here, we can't extend to the rendezvous point. */ @@ -374,7 +374,8 @@ launch_rendezvous_point_circuit,(const hs_service_t *service, log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s " "for %s service %s", safe_str_client(extend_info_describe(info)), - safe_str_client(hex_str((const char *) data->rendezvous_cookie, + safe_str_client(hex_str((const char *) + data->rdv_data.rendezvous_cookie, REND_COOKIE_LEN)), get_service_anonymity_string(service), safe_str_client(service->onion_address)); @@ -393,7 +394,8 @@ launch_rendezvous_point_circuit,(const hs_service_t *service, curve25519_keypair_generate(&ephemeral_kp, 0); if (hs_ntor_service_get_rendezvous1_keys(&ip->auth_key_kp.pubkey, &ip->enc_key_kp, - &ephemeral_kp, &data->client_pk, + &ephemeral_kp, + &data->rdv_data.client_pk, &keys) < 0) { /* This should not really happened but just in case, don't make tor * freak out, close the circuit and move on. */ @@ -404,15 +406,15 @@ launch_rendezvous_point_circuit,(const hs_service_t *service, goto end; } circ->hs_ident = create_rp_circuit_identifier(service, - data->rendezvous_cookie, - &ephemeral_kp.pubkey, &keys); + data->rdv_data.rendezvous_cookie, + &ephemeral_kp.pubkey, &keys); memwipe(&ephemeral_kp, 0, sizeof(ephemeral_kp)); memwipe(&keys, 0, sizeof(keys)); tor_assert(circ->hs_ident); }
/* Setup congestion control if asked by the client from the INTRO cell. */ - if (data->cc_enabled) { + if (data->rdv_data.cc_enabled) { hs_circ_setup_congestion_control(circ, congestion_control_sendme_inc(), service->config.is_single_onion); } @@ -1003,9 +1005,9 @@ hs_circ_handle_introduce2(const hs_service_t *service, data.enc_kp = &ip->enc_key_kp; data.payload = payload; data.payload_len = payload_len; - data.link_specifiers = smartlist_new(); data.replay_cache = ip->replay_cache; - data.cc_enabled = 0; + data.rdv_data.link_specifiers = smartlist_new(); + data.rdv_data.cc_enabled = 0;
if (get_subcredential_for_handling_intro2_cell(service, &data, subcredential)) { @@ -1022,7 +1024,8 @@ hs_circ_handle_introduce2(const hs_service_t *service, /* Check whether we've seen this REND_COOKIE before to detect repeats. */ if (replaycache_add_test_and_elapsed( service->state.replay_cache_rend_cookie, - data.rendezvous_cookie, sizeof(data.rendezvous_cookie), + data.rdv_data.rendezvous_cookie, + sizeof(data.rdv_data.rendezvous_cookie), &elapsed)) { /* A Tor client will send a new INTRODUCE1 cell with the same REND_COOKIE * as its previous one if its intro circ times out while in state @@ -1048,7 +1051,7 @@ hs_circ_handle_introduce2(const hs_service_t *service, ret = 0;
done: - link_specifier_smartlist_free(data.link_specifiers); + link_specifier_smartlist_free(data.rdv_data.link_specifiers); memwipe(&data, 0, sizeof(data)); return ret; }