Commit Graph

426 Commits

Author SHA1 Message Date
Nick Mathewson
1416f54d1e Split dir_connection_t into its own header 2018-06-15 10:31:21 -04:00
Nick Mathewson
5d5c442e6a Split entry and edge_connection_t into their own headers. 2018-06-15 10:10:24 -04:00
Isis Lovecruft
e32fc0806d
refactor: Alphabetise some includes in /src/or/*. 2018-04-06 22:49:17 +00:00
Isis Lovecruft
fe3aca1491
crypto: Refactor (P)RNG functionality into new crypto_rand module.
* ADD new /src/common/crypto_rand.[ch] module.
 * ADD new /src/common/crypto_util.[ch] module (contains the memwipe()
   function, since all crypto_* modules need this).
 * FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 21:45:28 +00:00
Nick Mathewson
3d7bf98d13 Merge remote-tracking branch 'valentecaio/t-24714' 2018-02-15 20:19:53 -05:00
Deepesh Pathak
ca6682f3f8 Fix spelling mistakes corresponding to ticket #23650 2018-02-07 10:41:57 -05:00
Caio Valente
7884ce76e1 refactor: rename connection_t struct fields.
connection_t.timestamp_lastwritten renamed to
connection_t.timestamp_last_write_allowed

connection_t.timestamp_lastread renamed to
connection_t.timestamp_last_read_allowed

Closes ticket 24714.
2018-02-01 03:12:38 +01:00
Nick Mathewson
5ee0cccd49 Merge branch 'macro_free_v2_squashed' 2017-12-08 14:58:43 -05:00
Nick Mathewson
fa0d24286b Convert remaining function (mostly static) to new free style 2017-12-08 14:47:19 -05:00
David Goulet
743d0b9d91 hs-v3: Implement HS_DESC REQUESTED event
This changes the control_event_hs_descriptor_requested() call to add the hsdir
index optional value. v2 passes NULL all the time.

This commit creates hs_control.{c|h} that contains wrappers for the HS
subsystem to interact with the control port subsystem.

The descriptor REQUESTED event is implemented following proposal 284 extension
for v3.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
e7d606900e control: Rename two HS v2 specific functions
Make control_event_hs_descriptor_received() and
control_event_hs_descriptor_failed() v2 specific because they take a
rend_data_t object and v3 will need to pass a different object.

No behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
242ddc85c8 control: Refactor HS_DESC events functions to not be v2 specific
This is a naming refactor mostly _except_ for a the events' function that take
a rend_data_t which will require much more refactoring.

No behavior change at this commit, cleanup and renaming stuff to not be only
v2 specific.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
Nick Mathewson
c1deabd3b0 Run our #else/#endif annotator on our source code. 2017-09-15 16:24:44 -04:00
Nick Mathewson
b91dce9454 Merge branch 'maint-0.3.1' 2017-08-25 11:39:38 -04:00
Nick Mathewson
6069c829f9 Merge branch 'bug19418_029' into maint-0.3.1 2017-08-25 11:38:24 -04:00
David Goulet
98efb646fc hs: Remove unused rend_client_rendezvous_acked()
This function has been replaced by hs_client_receive_rendezvous_acked(() doing
the same exact thing for both v2 and v3 service.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
88b843608a prop224: Move and refactor rend_client_reextend_intro_circuit()
This moves it to hs_client.c so it can be used by both system (legacy and
prop224). For now, only the legacy system uses it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
9af3116306 prop224: Handle RENDEZVOUS2 cell
The client can now handle RENDEZVOUS2 cell when they arrive. This consolidate
both hidden service version in one function.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
fca2f64e2f prop224: Handle INTRODUCE_ACK cell
The client is now able to handle an INTRODUCE_ACK cell and do the appropriate
actions.

An intro point failure cache is missing and a way to close all intro point
that were launched in parallel. Some notes are in the comment for that.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
0f6633abb2 prop224: Refactor pick_hsdir() to be used by both v2 and v3.
Also refactor rendclient.c to use the new hs_pick_hdsir() func.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
5c9cd912ee prop224: Refactor rendclient.c to use the new hsdir_req code.
- Also add tests for the hidserv_req subsystem.
- Introduce purge_v2_hidserv_req() wrapper to simplify v2 code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
15c9b7e891 prop224: Fix hidserv request code to work for both v2 and v3.
See documentation of `last_hid_serv_requests_` for how it works. strmaps are
cool!

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
912c11761c prop224: Move some rendclient.c code to hs_common.c
Specifically move the pick_hsdir() function and all the HSDir request tracking
code. We plan to use all that code both for v2 and v3.

This commit only moves code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:27 -04:00
George Kadianakis
bce18a7642 prop224: Refactor parse_extended_hostname() to parse v3 addrs.
We need this func so that we recognize SOCKS conns to v3 addresses.

- Also rename rend_valid_service_id() to rend_valid_v2_service_id()

- Also move parse_extended_hostname() tests to their own unittest, and
  add a v3 address to the test as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-19 16:42:26 +03:00
Nick Mathewson
418f3d6298 Make sure we always wind up checking i2d_*'s output.
The biggest offender here was sometimes not checking the output of
crypto_pk_get_digest.

Fixes bug 19418.  Reported by Guido Vranken.
2017-08-09 09:24:16 -04:00
Nick Mathewson
6c8c973191 Rename the hybrid_encrypt/decrypt functions; label them as dangerous
We need to keep these around for TAP and old-style hidden services,
but they're obsolete, and we shouldn't encourage anyone to use them.
So I've added "obsolete" to their names, and a comment explaining
what the problem is.

Closes ticket 23026.
2017-07-24 14:34:53 -04:00
Isis Lovecruft
c59ba01550
rephist: Remove unused crypto_pk statistics.
These statistics were largely ununsed, and kept track of statistical information
on things like how many time we had done TLS or how many signatures we had
verified.  This information is largely not useful, and would only be logged
after receiving a SIGUSR1 signal (but only if the logging severity level was
less than LOG_INFO).

 * FIXES #19871.
 * REMOVES note_crypto_pk_op(), dump_pk_op(), and pk_op_counts from
   src/or/rephist.c.
 * REMOVES every external call to these functions.
2017-07-13 20:24:48 +00:00
David Goulet
0cb66fc900 prop224: Introduce e2e rendezvous circuit code.
This commit adds most of the work of #21859. It introduces hs_circuit.c
functions that can handle the setup of e2e circuits for prop224 hidden
services, and also for legacy hidden service clients. Entry points are:

		prop224 circuits: hs_circuit_setup_e2e_rend_circ()
		legacy client-side circuits: hs_circuit_setup_e2e_rend_circ_legacy_client()

This commit swaps the old rendclient code to use the new API.

I didn't try to accomodate the legacy service-side code in this API, since
that's too tangled up and it would mess up the new API considerably IMO (all
this service_pending_final_cpath_ref stuff is complicated and I didn't want to
change it).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
George Kadianakis
83249015c2 Refactor circuit_init_cpath_crypto() to do prop224 rend circuits.
circuit_init_cpath_crypto() is responsible for creating the cpath of legacy
SHA1/AES128 circuits currently. We want to use it for prop224 circuits, so we
refactor it to create circuits with SHA3-256 and AES256 as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
Nick Mathewson
465448e659 Merge branch 'dgoulet_bug22042_031_01_squashed' 2017-05-01 16:08:23 -04:00
David Goulet
90562fc23a hs: Trigger control event when client can't pick HSDir
Inform the control port with an HS_DESC failed event when the client is unable
to pick an HSDir. It's followed by an empty HS_DESC_CONTENT event. In order to
achieve that, some control port code had to be modified to accept a NULL HSDir
identity digest.

This commit also adds a trigger of a failed event when we are unable to
base64-decode the descriptor cookie.

Fixes #22042

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-01 15:50:38 -04:00
Nick Mathewson
8aadd60eac Replace remaining directory_initiate_command_* instances 2017-04-21 15:08:28 -04:00
Nick Mathewson
7505f452c8 Run the copyright update script. 2017-03-15 16:13:17 -04:00
Nick Mathewson
dbbaa51518 Use the new guard notification/selection APIs throughout Tor
This patch doesn't cover every case; omitted cases are marked with
"XXXX prop271", as usual.  It leaves both the old interface and the
new interface for guard status notification, since they don't
actually work in the same way: the new API wants to be told when a
circuit has failed or succeeded, whereas the old API wants to know
when a channel has failed or succeeded.

I ran into some trouble with directory guard stuff, since when we
pick the directory guard, we don't actually have a circuit to
associate it with.  I solved that by allowing guard states to be
associated with directory connections, not just circuits.
2016-11-30 14:42:53 -05:00
Nick Mathewson
c35c43d7d9 Merge branch 'ticket17238_029_02-resquash'
Conflicts:
	src/or/rendclient.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/test/test_dir.c
	src/trunnel/ed25519_cert.h
2016-11-04 13:26:37 -04:00
George Kadianakis
d795ed5871 Make check-spaces happy :)
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
David Goulet
8293356ad9 hs: Refactor rend_data_t for multi version support
In order to implement proposal 224, we need the data structure rend_data_t to
be able to accomodate versionning that is the current version of hidden
service (2) and the new version (3) and future version.

For that, we implement a series of accessors and a downcast function to get
the v2 data structure. rend_data_t becomes a top level generic place holder.

The entire rend_data_t API has been moved to hs_common.{c|h} in order to
seperate code that is shared from between HS versions and unshared code (in
rendcommon.c).

Closes #19024

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
teor
0a3009bb85
Stop inadvertently upgrading client intro connections to ntor
Also stop logging the intro point details on error by default.

Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha.
2016-08-31 15:10:58 +10:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
teor (Tim Wilson-Brown)
10aa913acc
Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntor
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.

Check and log if handshakes only support TAP when they should support
ntor.
2016-08-24 11:02:00 +10:00
Nick Mathewson
9fe6fea1cc Fix a huge pile of -Wshadow warnings.
These appeared on some of the Jenkins platforms. Apparently some
GCCs care when you shadow globals, and some don't.
2016-07-28 10:22:10 -04:00
teor (Tim Wilson-Brown)
d8cd994ef6
Allow clients to retry HSDirs much faster in test networks 2016-07-18 13:25:15 +10:00
David Goulet
c7f1b46a10 Perform cache lookup when FetchHidServDescriptors is set
The FetchHidServDescriptors check was placed before the descriptor cache
lookup which made the option not working because it was never using the
cache in the first place.

Fixes #18704

Patched-by: twim
Signef-off-by: David Goulet <dgoulet@torproject.org>
2016-06-15 10:04:07 -04:00
Nick Mathewson
4f1a04ff9c Replace nearly all XXX0vv comments with smarter ones
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
had better revisit this comment and fix it!"

But we have a huge pile of such comments accumulated for a large
number of released versions!  Not cool.

So, here's what I tried to do:

  * 0.2.9 and 0.2.8 are retained, since those are not yet released.

  * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
    quite important!"

  * The others, after one-by-one examination, are downgraded to
    plain old XXX.  Which doesn't mean they aren't a problem -- just
    that they cannot possibly be a release-blocking problem.
2016-05-30 16:18:16 -04:00
Nick Mathewson
33d3572a1d Merge branch 'feature15588_squashed' 2016-05-09 14:41:36 -04:00
John Brooks
d5a23ce115 Move rend auth cookie en-/decoding to a function
Tor stores client authorization cookies in two slightly different forms.
The service's client_keys file has the standard base64-encoded cookie,
including two chars of padding. The hostname file and the client remove
the two padding chars, and store an auth type flag in the unused bits.

The distinction makes no sense. Refactor all decoding to use the same
function, which will accept either form, and use a helper function for
encoding the truncated format.
2016-05-09 14:28:08 -04:00
David Goulet
d8b93b31a0 hs: Do not close desc fetch conn. if we can't pick an HSDir
Launching 7 descriptor fetches makes a connection to each HSDir that is 6
and the seventh one fails to pick an HSDir because they are all being used
already so it was killing all pending connections at once.

Fixes #15937

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-14 11:00:46 -04:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00