[tor-commits] [tor/master] prop224: Client has opened circuit logic
nickm at torproject.org
nickm at torproject.org
Thu Aug 24 19:13:51 UTC 2017
commit 6eb125d14bf69e9dad427fe4b1005477177acc04
Author: David Goulet <dgoulet at torproject.org>
Date: Fri Jul 21 13:56:10 2017 -0400
prop224: Client has opened circuit logic
Make a single entry point for the entire HS subsystem when a client circuit
opens (every HS version).
Signed-off-by: David Goulet <dgoulet at torproject.org>
---
src/or/circuituse.c | 4 +-
src/or/hs_client.c | 106 ++++++++++++++++++++++++++++++++++++++++++++++++++++
src/or/hs_client.h | 2 +
3 files changed, 110 insertions(+), 2 deletions(-)
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 21cc9c540..5b35155ee 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1636,7 +1636,7 @@ circuit_has_opened(origin_circuit_t *circ)
switch (TO_CIRCUIT(circ)->purpose) {
case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
- rend_client_rendcirc_has_opened(circ);
+ hs_client_circuit_has_opened(circ);
/* Start building an intro circ if we don't have one yet. */
connection_ap_attach_pending(1);
/* This isn't a call to circuit_try_attaching_streams because a
@@ -1648,7 +1648,7 @@ circuit_has_opened(origin_circuit_t *circ)
* state. */
break;
case CIRCUIT_PURPOSE_C_INTRODUCING:
- rend_client_introcirc_has_opened(circ);
+ hs_client_circuit_has_opened(circ);
break;
case CIRCUIT_PURPOSE_C_GENERAL:
/* Tell any AP connections that have been waiting for a new
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 3f951a21a..b06f3d935 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -308,6 +308,82 @@ send_introduce1(origin_circuit_t *intro_circ,
return status;
}
+/* Using the introduction circuit circ, setup the authentication key of the
+ * intro point this circuit has extended to. */
+static void
+setup_intro_circ_auth_key(origin_circuit_t *circ)
+{
+ const hs_descriptor_t *desc;
+
+ tor_assert(circ);
+
+ desc = hs_cache_lookup_as_client(&circ->hs_ident->identity_pk);
+ if (BUG(desc == NULL)) {
+ /* Opening intro circuit without the descriptor is no good... */
+ goto end;
+ }
+
+ /* We will go over every intro point and try to find which one is linked to
+ * that circuit. Those lists are small so it's not that expensive. */
+ SMARTLIST_FOREACH_BEGIN(desc->encrypted_data.intro_points,
+ const hs_desc_intro_point_t *, ip) {
+ SMARTLIST_FOREACH_BEGIN(ip->link_specifiers,
+ const hs_desc_link_specifier_t *, lspec) {
+ /* Not all tor node have an ed25519 identity key so we still rely on the
+ * legacy identity digest. */
+ if (lspec->type != LS_LEGACY_ID) {
+ continue;
+ }
+ if (fast_memneq(circ->build_state->chosen_exit->identity_digest,
+ lspec->u.legacy_id, DIGEST_LEN)) {
+ break;
+ }
+ /* We got it, copy its authentication key to the identifier. */
+ ed25519_pubkey_copy(&circ->hs_ident->intro_auth_pk,
+ &ip->auth_key_cert->signed_key);
+ goto end;
+ } SMARTLIST_FOREACH_END(lspec);
+ } SMARTLIST_FOREACH_END(ip);
+
+ /* Reaching this point means we didn't find any intro point for this circuit
+ * which is not suppose to happen. */
+ tor_assert_nonfatal_unreached();
+
+ end:
+ return;
+}
+
+/* Called when an introduction circuit has opened. */
+static void
+client_intro_circ_has_opened(origin_circuit_t *circ)
+{
+ tor_assert(circ);
+ tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
+ log_info(LD_REND, "Introduction circuit %u has opened. Attaching streams.",
+ (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
+
+ /* This is an introduction circuit so we'll attach the correct
+ * authentication key to the circuit identifier so it can be identified
+ * properly later on. */
+ setup_intro_circ_auth_key(circ);
+
+ connection_ap_attach_pending(1);
+}
+
+/* Called when a rendezvous circuit has opened. */
+static void
+client_rendezvous_circ_has_opened(origin_circuit_t *circ)
+{
+ tor_assert(circ);
+ tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
+
+ log_info(LD_REND, "Rendezvous circuit has opened to %s.",
+ safe_str_client(
+ extend_info_describe(circ->build_state->chosen_exit)));
+
+ /* XXX Send ESTABLISH REND cell. */
+}
+
/* ========== */
/* Public API */
/* ========== */
@@ -430,3 +506,33 @@ hs_client_send_introduce1(origin_circuit_t *intro_circ,
rend_circ);
}
+/* Called when the client circuit circ has been established. It can be either
+ * an introduction or rendezvous circuit. This function handles all hidden
+ * service versions. */
+void
+hs_client_circuit_has_opened(origin_circuit_t *circ)
+{
+ tor_assert(circ);
+
+ /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
+ * identifier hs_ident. Can't be both. */
+ switch (TO_CIRCUIT(circ)->purpose) {
+ case CIRCUIT_PURPOSE_C_INTRODUCING:
+ if (circ->hs_ident) {
+ client_intro_circ_has_opened(circ);
+ } else {
+ rend_client_introcirc_has_opened(circ);
+ }
+ break;
+ case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
+ if (circ->hs_ident) {
+ client_rendezvous_circ_has_opened(circ);
+ } else {
+ rend_client_rendcirc_has_opened(circ);
+ }
+ break;
+ default:
+ tor_assert_nonfatal_unreached();
+ }
+}
+
diff --git a/src/or/hs_client.h b/src/or/hs_client.h
index d8348ddb3..a716fc02e 100644
--- a/src/or/hs_client.h
+++ b/src/or/hs_client.h
@@ -25,5 +25,7 @@ int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk);
int hs_client_send_introduce1(origin_circuit_t *intro_circ,
origin_circuit_t *rend_circ);
+void hs_client_circuit_has_opened(origin_circuit_t *circ);
+
#endif /* TOR_HS_CLIENT_H */
More information about the tor-commits
mailing list