hs: Client now solve PoW if present

At this commit, the tor main loop solves it. We might consider moving
this to the CPU pool at some point.

Signed-off-by: David Goulet <dgoulet@torproject.org>

src/core/or/origin_circuit_st.h

@@ -212,6 +212,12 @@ struct origin_circuit_t {
    * (in host byte order) for response comparison. */
   uint32_t pathbias_probe_nonce;
 
+  /** Set iff this is a hidden-service circuit for a HS with PoW defenses
+   * enabled, so that we know to be more lenient with timing out the
+   * circuit-build to allow the service time to work through the queue of
+   * requests. */
+  unsigned int hs_with_pow_circ : 1;
+
   /** Set iff this circuit has been given a relaxed timeout because
    * no circuits have opened. Used to prevent spamming logs. */
   unsigned int relaxed_timeout : 1;

src/feature/hs/hs_circuit.c

@@ -1095,7 +1095,8 @@ int
 hs_circ_send_introduce1(origin_circuit_t *intro_circ,
                         origin_circuit_t *rend_circ,
                         const hs_desc_intro_point_t *ip,
-                        const hs_subcredential_t *subcredential)
+                        const hs_subcredential_t *subcredential,
+                        const hs_pow_solution_t *pow_solution)
 {
   int ret = -1;
   ssize_t payload_len;
@@ -1129,6 +1130,9 @@ hs_circ_send_introduce1(origin_circuit_t *intro_circ,
     goto close;
   }
 
+  /* Set the PoW solution if any. */
+  intro1_data.pow_solution = pow_solution;
+
   /* If the rend circ was set up for congestion control, add that to the
    * intro data, to signal it in an extension */
   if (TO_CIRCUIT(rend_circ)->ccontrol) {

src/feature/hs/hs_circuit.h

@@ -55,7 +55,8 @@ int hs_circ_handle_introduce2(const hs_service_t *service,
 int hs_circ_send_introduce1(origin_circuit_t *intro_circ,
                             origin_circuit_t *rend_circ,
                             const hs_desc_intro_point_t *ip,
-                            const struct hs_subcredential_t *subcredential);
+                            const struct hs_subcredential_t *subcredential,
+                            const hs_pow_solution_t *pow_solution);
 int hs_circ_send_establish_rendezvous(origin_circuit_t *circ);
 
 /* e2e circuit API. */

src/feature/hs/hs_client.c

@@ -613,6 +613,7 @@ send_introduce1(origin_circuit_t *intro_circ,
   char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
   const ed25519_public_key_t *service_identity_pk = NULL;
   const hs_desc_intro_point_t *ip;
+  hs_pow_solution_t *pow_solution = NULL;
 
   tor_assert(rend_circ);
   if (intro_circ_is_ok(intro_circ) < 0) {
@@ -668,9 +669,24 @@ send_introduce1(origin_circuit_t *intro_circ,
     goto perm_err;
   }
 
+  /* If the descriptor contains PoW parameters then the service is
+   * expecting a PoW solution in the INTRODUCE cell, which we solve here. */
+  if (desc->encrypted_data.pow_params) {
+    log_debug(LD_REND, "PoW params present in descriptor.");
+    pow_solution = tor_malloc_zero(sizeof(hs_pow_solution_t));
+    if (hs_pow_solve(desc->encrypted_data.pow_params, pow_solution)) {
+      log_warn(LD_REND, "Haven't solved the PoW yet.");
+      goto tran_err;
+    }
+    /* Set flag to reflect that the HS we are attempting to rendezvous has PoW
+     * defenses enabled, and as such we will need to be more lenient with
+     * timing out while waiting for the circuit to be built. */
+    rend_circ->hs_with_pow_circ = 1;
+  }
+
   /* Send the INTRODUCE1 cell. */
   if (hs_circ_send_introduce1(intro_circ, rend_circ, ip,
-                              &desc->subcredential) < 0) {
+                              &desc->subcredential, pow_solution) < 0) {
     if (TO_CIRCUIT(intro_circ)->marked_for_close) {
       /* If the introduction circuit was closed, we were unable to send the
        * cell for some reasons. In any case, the intro circuit has to be
@@ -724,6 +740,7 @@ send_introduce1(origin_circuit_t *intro_circ,
 
  end:
   memwipe(onion_address, 0, sizeof(onion_address));
+  tor_free(pow_solution);
   return status;
 }
 

src/test/test_hs_service.c

@@ -2406,7 +2406,7 @@ test_intro2_handling(void *arg)
   /* Create INTRODUCE1 */
   tt_assert(fast_mem_is_zero(relay_payload, sizeof(relay_payload)));
   retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
-                                   alice_ip, &x_subcred);
+                                   alice_ip, &x_subcred, NULL);
 
   /* Check that the payload was written successfully */
   tt_int_op(retval, OP_EQ, 0);
@@ -2447,7 +2447,7 @@ test_intro2_handling(void *arg)
   /* Create INTRODUCE1 from Alice to X through Z */
   memset(relay_payload, 0, sizeof(relay_payload));
   retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
-                                   alice_ip, &z_subcred);
+                                   alice_ip, &z_subcred, NULL);
 
   /* Check that the payload was written successfully */
   tt_int_op(retval, OP_EQ, 0);
@@ -2484,7 +2484,7 @@ test_intro2_handling(void *arg)
   /* Create INTRODUCE1 from Alice to X using X's subcred. */
   memset(relay_payload, 0, sizeof(relay_payload));
   retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
-                                   alice_ip, &x_subcred);
+                                   alice_ip, &x_subcred, NULL);
 
   /* Check that the payload was written successfully */
   tt_int_op(retval, OP_EQ, 0);
@@ -2577,7 +2577,7 @@ test_intro2_handling(void *arg)
    * service!) */
   memset(relay_payload, 0, sizeof(relay_payload));
   retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
-                                   alice_ip, &y_subcred);
+                                   alice_ip, &y_subcred, NULL);
   tt_int_op(retval, OP_EQ, 0);
 
   /* Check that the payload was written successfully */