mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
hs: Client now solve PoW if present
At this commit, the tor main loop solves it. We might consider moving this to the CPU pool at some point. Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
26957b47ac
commit
8b41e09a77
@ -212,6 +212,12 @@ struct origin_circuit_t {
|
|||||||
* (in host byte order) for response comparison. */
|
* (in host byte order) for response comparison. */
|
||||||
uint32_t pathbias_probe_nonce;
|
uint32_t pathbias_probe_nonce;
|
||||||
|
|
||||||
|
/** Set iff this is a hidden-service circuit for a HS with PoW defenses
|
||||||
|
* enabled, so that we know to be more lenient with timing out the
|
||||||
|
* circuit-build to allow the service time to work through the queue of
|
||||||
|
* requests. */
|
||||||
|
unsigned int hs_with_pow_circ : 1;
|
||||||
|
|
||||||
/** Set iff this circuit has been given a relaxed timeout because
|
/** Set iff this circuit has been given a relaxed timeout because
|
||||||
* no circuits have opened. Used to prevent spamming logs. */
|
* no circuits have opened. Used to prevent spamming logs. */
|
||||||
unsigned int relaxed_timeout : 1;
|
unsigned int relaxed_timeout : 1;
|
||||||
|
@ -1095,7 +1095,8 @@ int
|
|||||||
hs_circ_send_introduce1(origin_circuit_t *intro_circ,
|
hs_circ_send_introduce1(origin_circuit_t *intro_circ,
|
||||||
origin_circuit_t *rend_circ,
|
origin_circuit_t *rend_circ,
|
||||||
const hs_desc_intro_point_t *ip,
|
const hs_desc_intro_point_t *ip,
|
||||||
const hs_subcredential_t *subcredential)
|
const hs_subcredential_t *subcredential,
|
||||||
|
const hs_pow_solution_t *pow_solution)
|
||||||
{
|
{
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
ssize_t payload_len;
|
ssize_t payload_len;
|
||||||
@ -1129,6 +1130,9 @@ hs_circ_send_introduce1(origin_circuit_t *intro_circ,
|
|||||||
goto close;
|
goto close;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Set the PoW solution if any. */
|
||||||
|
intro1_data.pow_solution = pow_solution;
|
||||||
|
|
||||||
/* If the rend circ was set up for congestion control, add that to the
|
/* If the rend circ was set up for congestion control, add that to the
|
||||||
* intro data, to signal it in an extension */
|
* intro data, to signal it in an extension */
|
||||||
if (TO_CIRCUIT(rend_circ)->ccontrol) {
|
if (TO_CIRCUIT(rend_circ)->ccontrol) {
|
||||||
|
@ -55,7 +55,8 @@ int hs_circ_handle_introduce2(const hs_service_t *service,
|
|||||||
int hs_circ_send_introduce1(origin_circuit_t *intro_circ,
|
int hs_circ_send_introduce1(origin_circuit_t *intro_circ,
|
||||||
origin_circuit_t *rend_circ,
|
origin_circuit_t *rend_circ,
|
||||||
const hs_desc_intro_point_t *ip,
|
const hs_desc_intro_point_t *ip,
|
||||||
const struct hs_subcredential_t *subcredential);
|
const struct hs_subcredential_t *subcredential,
|
||||||
|
const hs_pow_solution_t *pow_solution);
|
||||||
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ);
|
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ);
|
||||||
|
|
||||||
/* e2e circuit API. */
|
/* e2e circuit API. */
|
||||||
|
@ -613,6 +613,7 @@ send_introduce1(origin_circuit_t *intro_circ,
|
|||||||
char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
|
char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
|
||||||
const ed25519_public_key_t *service_identity_pk = NULL;
|
const ed25519_public_key_t *service_identity_pk = NULL;
|
||||||
const hs_desc_intro_point_t *ip;
|
const hs_desc_intro_point_t *ip;
|
||||||
|
hs_pow_solution_t *pow_solution = NULL;
|
||||||
|
|
||||||
tor_assert(rend_circ);
|
tor_assert(rend_circ);
|
||||||
if (intro_circ_is_ok(intro_circ) < 0) {
|
if (intro_circ_is_ok(intro_circ) < 0) {
|
||||||
@ -668,9 +669,24 @@ send_introduce1(origin_circuit_t *intro_circ,
|
|||||||
goto perm_err;
|
goto perm_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If the descriptor contains PoW parameters then the service is
|
||||||
|
* expecting a PoW solution in the INTRODUCE cell, which we solve here. */
|
||||||
|
if (desc->encrypted_data.pow_params) {
|
||||||
|
log_debug(LD_REND, "PoW params present in descriptor.");
|
||||||
|
pow_solution = tor_malloc_zero(sizeof(hs_pow_solution_t));
|
||||||
|
if (hs_pow_solve(desc->encrypted_data.pow_params, pow_solution)) {
|
||||||
|
log_warn(LD_REND, "Haven't solved the PoW yet.");
|
||||||
|
goto tran_err;
|
||||||
|
}
|
||||||
|
/* Set flag to reflect that the HS we are attempting to rendezvous has PoW
|
||||||
|
* defenses enabled, and as such we will need to be more lenient with
|
||||||
|
* timing out while waiting for the circuit to be built. */
|
||||||
|
rend_circ->hs_with_pow_circ = 1;
|
||||||
|
}
|
||||||
|
|
||||||
/* Send the INTRODUCE1 cell. */
|
/* Send the INTRODUCE1 cell. */
|
||||||
if (hs_circ_send_introduce1(intro_circ, rend_circ, ip,
|
if (hs_circ_send_introduce1(intro_circ, rend_circ, ip,
|
||||||
&desc->subcredential) < 0) {
|
&desc->subcredential, pow_solution) < 0) {
|
||||||
if (TO_CIRCUIT(intro_circ)->marked_for_close) {
|
if (TO_CIRCUIT(intro_circ)->marked_for_close) {
|
||||||
/* If the introduction circuit was closed, we were unable to send the
|
/* If the introduction circuit was closed, we were unable to send the
|
||||||
* cell for some reasons. In any case, the intro circuit has to be
|
* cell for some reasons. In any case, the intro circuit has to be
|
||||||
@ -724,6 +740,7 @@ send_introduce1(origin_circuit_t *intro_circ,
|
|||||||
|
|
||||||
end:
|
end:
|
||||||
memwipe(onion_address, 0, sizeof(onion_address));
|
memwipe(onion_address, 0, sizeof(onion_address));
|
||||||
|
tor_free(pow_solution);
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2406,7 +2406,7 @@ test_intro2_handling(void *arg)
|
|||||||
/* Create INTRODUCE1 */
|
/* Create INTRODUCE1 */
|
||||||
tt_assert(fast_mem_is_zero(relay_payload, sizeof(relay_payload)));
|
tt_assert(fast_mem_is_zero(relay_payload, sizeof(relay_payload)));
|
||||||
retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
|
retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
|
||||||
alice_ip, &x_subcred);
|
alice_ip, &x_subcred, NULL);
|
||||||
|
|
||||||
/* Check that the payload was written successfully */
|
/* Check that the payload was written successfully */
|
||||||
tt_int_op(retval, OP_EQ, 0);
|
tt_int_op(retval, OP_EQ, 0);
|
||||||
@ -2447,7 +2447,7 @@ test_intro2_handling(void *arg)
|
|||||||
/* Create INTRODUCE1 from Alice to X through Z */
|
/* Create INTRODUCE1 from Alice to X through Z */
|
||||||
memset(relay_payload, 0, sizeof(relay_payload));
|
memset(relay_payload, 0, sizeof(relay_payload));
|
||||||
retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
|
retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
|
||||||
alice_ip, &z_subcred);
|
alice_ip, &z_subcred, NULL);
|
||||||
|
|
||||||
/* Check that the payload was written successfully */
|
/* Check that the payload was written successfully */
|
||||||
tt_int_op(retval, OP_EQ, 0);
|
tt_int_op(retval, OP_EQ, 0);
|
||||||
@ -2484,7 +2484,7 @@ test_intro2_handling(void *arg)
|
|||||||
/* Create INTRODUCE1 from Alice to X using X's subcred. */
|
/* Create INTRODUCE1 from Alice to X using X's subcred. */
|
||||||
memset(relay_payload, 0, sizeof(relay_payload));
|
memset(relay_payload, 0, sizeof(relay_payload));
|
||||||
retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
|
retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
|
||||||
alice_ip, &x_subcred);
|
alice_ip, &x_subcred, NULL);
|
||||||
|
|
||||||
/* Check that the payload was written successfully */
|
/* Check that the payload was written successfully */
|
||||||
tt_int_op(retval, OP_EQ, 0);
|
tt_int_op(retval, OP_EQ, 0);
|
||||||
@ -2577,7 +2577,7 @@ test_intro2_handling(void *arg)
|
|||||||
* service!) */
|
* service!) */
|
||||||
memset(relay_payload, 0, sizeof(relay_payload));
|
memset(relay_payload, 0, sizeof(relay_payload));
|
||||||
retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
|
retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
|
||||||
alice_ip, &y_subcred);
|
alice_ip, &y_subcred, NULL);
|
||||||
tt_int_op(retval, OP_EQ, 0);
|
tt_int_op(retval, OP_EQ, 0);
|
||||||
|
|
||||||
/* Check that the payload was written successfully */
|
/* Check that the payload was written successfully */
|
||||||
|
Loading…
Reference in New Issue
Block a user