aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2022-06-29 11:05:35 -0400
committerMicah Elizabeth Scott <beth@torproject.org>2023-05-10 07:37:11 -0700
commitf0b63ca242a66cb5172e6b11a9f068ed348f601b (patch)
tree82405f47a4583ff9279818adea50cdaf96221f95
parentca74530b40aa893196de2f6cdde9bcaeec4d03c2 (diff)
downloadtor-f0b63ca242a66cb5172e6b11a9f068ed348f601b.tar.gz
tor-f0b63ca242a66cb5172e6b11a9f068ed348f601b.zip
hs: Move rendezvous circuit data structure
When parsing an INTRODUCE2 cell, we extract data in order to launch the rendezvous circuit. This commit creates a data structure just for that data so it can be used by future commits for prop327 in order to copy that data over a priority queue instead of the whole intro data data structure which contains pointers that could dissapear. Signed-off-by: David Goulet <dgoulet@torproject.org>
-rw-r--r--src/feature/hs/hs_cell.c23
-rw-r--r--src/feature/hs/hs_cell.h27
-rw-r--r--src/feature/hs/hs_circuit.c25
3 files changed, 43 insertions, 32 deletions
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c
index 32da706a63..603d997c42 100644
--- a/src/feature/hs/hs_cell.c
+++ b/src/feature/hs/hs_cell.c
@@ -812,7 +812,7 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data,
data->n_subcredentials,
data->subcredentials,
encrypted_section,
- &data->client_pk);
+ &data->rdv_data.client_pk);
if (intro_keys == NULL) {
log_info(LD_REND, "Invalid INTRODUCE2 encrypted data. Unable to "
"compute key material");
@@ -875,9 +875,9 @@ parse_introduce_cell_extension(hs_cell_introduce2_data_t *data,
switch (trn_extension_field_get_field_type(field)) {
case TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST:
/* CC requests, enable it. */
- data->cc_enabled = 1;
+ data->rdv_data.cc_enabled = 1;
data->pv.protocols_known = 1;
- data->pv.supports_congestion_control = data->cc_enabled;
+ data->pv.supports_congestion_control = data->rdv_data.cc_enabled;
break;
default:
break;
@@ -944,7 +944,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
* guaranteed to exist because of the length check above). We are gonna use
* the client public key to compute the ntor keys and decrypt the payload:
*/
- memcpy(&data->client_pk.public_key, encrypted_section,
+ memcpy(&data->rdv_data.client_pk.public_key, encrypted_section,
CURVE25519_PUBKEY_LEN);
/* Get the right INTRODUCE2 ntor keys and verify the cell MAC */
@@ -960,12 +960,13 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
{
/* The ENCRYPTED_DATA section starts just after the CLIENT_PK. */
const uint8_t *encrypted_data =
- encrypted_section + sizeof(data->client_pk);
+ encrypted_section + sizeof(data->rdv_data.client_pk);
/* It's symmetric encryption so it's correct to use the ENCRYPTED length
* for decryption. Computes the length of ENCRYPTED_DATA meaning removing
* the CLIENT_PK and MAC length. */
size_t encrypted_data_len =
- encrypted_section_len - (sizeof(data->client_pk) + DIGEST256_LEN);
+ encrypted_section_len -
+ (sizeof(data->rdv_data.client_pk) + DIGEST256_LEN);
/* This decrypts the ENCRYPTED_DATA section of the cell. */
decrypted = decrypt_introduce2(intro_keys->enc_key,
@@ -992,12 +993,12 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
/* Extract onion key and rendezvous cookie from the cell used for the
* rendezvous point circuit e2e encryption. */
- memcpy(data->onion_pk.public_key,
+ memcpy(data->rdv_data.onion_pk.public_key,
trn_cell_introduce_encrypted_getconstarray_onion_key(enc_cell),
CURVE25519_PUBKEY_LEN);
- memcpy(data->rendezvous_cookie,
+ memcpy(data->rdv_data.rendezvous_cookie,
trn_cell_introduce_encrypted_getconstarray_rend_cookie(enc_cell),
- sizeof(data->rendezvous_cookie));
+ sizeof(data->rdv_data.rendezvous_cookie));
/* Extract rendezvous link specifiers. */
for (size_t idx = 0;
@@ -1011,7 +1012,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
if (BUG(!lspec_dup)) {
goto done;
}
- smartlist_add(data->link_specifiers, lspec_dup);
+ smartlist_add(data->rdv_data.link_specifiers, lspec_dup);
}
/* Extract any extensions. */
@@ -1031,7 +1032,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
/* If the client asked for congestion control, but we don't support it,
* that's a failure. It should not have asked, based on our descriptor. */
- if (data->cc_enabled && !congestion_control_enabled()) {
+ if (data->rdv_data.cc_enabled && !congestion_control_enabled()) {
goto done;
}
diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h
index 2735401c05..61c0a94b20 100644
--- a/src/feature/hs/hs_cell.h
+++ b/src/feature/hs/hs_cell.h
@@ -47,6 +47,21 @@ typedef struct hs_cell_introduce1_data_t {
const hs_pow_solution_t *pow_solution;
} hs_cell_introduce1_data_t;
+/** Introduction data needed to launch a rendezvous circuit. This is set after
+ * receiving an INTRODUCE2 valid cell. */
+typedef struct hs_cell_intro_rdv_data_t {
+ /** Onion public key computed using the INTRODUCE2 encrypted section. */
+ curve25519_public_key_t onion_pk;
+ /** Rendezvous cookie taken from the INTRODUCE2 encrypted section. */
+ uint8_t rendezvous_cookie[REND_COOKIE_LEN];
+ /** Client public key from the INTRODUCE2 encrypted section. */
+ curve25519_public_key_t client_pk;
+ /** Link specifiers of the rendezvous point. Contains link_specifier_t. */
+ smartlist_t *link_specifiers;
+ /** Congestion control parameters. */
+ unsigned int cc_enabled : 1;
+} hs_cell_intro_rdv_data_t;
+
/** This data structure contains data that we need to parse an INTRODUCE2 cell
* which is used by the INTRODUCE2 cell parsing function. On a successful
* parsing, the onion_pk and rendezvous_cookie will be populated with the
@@ -77,20 +92,12 @@ typedef struct hs_cell_introduce2_data_t {
/*** Mutable Section: Set upon parsing INTRODUCE2 cell. ***/
- /** Onion public key computed using the INTRODUCE2 encrypted section. */
- curve25519_public_key_t onion_pk;
- /** Rendezvous cookie taken from the INTRODUCE2 encrypted section. */
- uint8_t rendezvous_cookie[REND_COOKIE_LEN];
- /** Client public key from the INTRODUCE2 encrypted section. */
- curve25519_public_key_t client_pk;
- /** Link specifiers of the rendezvous point. Contains link_specifier_t. */
- smartlist_t *link_specifiers;
+ /** Data needed to launch a rendezvous circuit. */
+ hs_cell_intro_rdv_data_t rdv_data;
/** Replay cache of the introduction point. */
replaycache_t *replay_cache;
/** Flow control negotiation parameters. */
protover_summary_flags_t pv;
- /** Congestion control parameters. */
- unsigned int cc_enabled : 1;
} hs_cell_introduce2_data_t;
/* Build cell API. */
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index 3f8f16955f..835cd366ad 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -326,8 +326,8 @@ launch_rendezvous_point_circuit,(const hs_service_t *service,
/* Get the extend info data structure for the chosen rendezvous point
* specified by the given link specifiers. */
- info = hs_get_extend_info_from_lspecs(data->link_specifiers,
- &data->onion_pk,
+ info = hs_get_extend_info_from_lspecs(data->rdv_data.link_specifiers,
+ &data->rdv_data.onion_pk,
service->config.is_single_onion);
if (info == NULL) {
/* We are done here, we can't extend to the rendezvous point. */
@@ -374,7 +374,8 @@ launch_rendezvous_point_circuit,(const hs_service_t *service,
log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s "
"for %s service %s",
safe_str_client(extend_info_describe(info)),
- safe_str_client(hex_str((const char *) data->rendezvous_cookie,
+ safe_str_client(hex_str((const char *)
+ data->rdv_data.rendezvous_cookie,
REND_COOKIE_LEN)),
get_service_anonymity_string(service),
safe_str_client(service->onion_address));
@@ -393,7 +394,8 @@ launch_rendezvous_point_circuit,(const hs_service_t *service,
curve25519_keypair_generate(&ephemeral_kp, 0);
if (hs_ntor_service_get_rendezvous1_keys(&ip->auth_key_kp.pubkey,
&ip->enc_key_kp,
- &ephemeral_kp, &data->client_pk,
+ &ephemeral_kp,
+ &data->rdv_data.client_pk,
&keys) < 0) {
/* This should not really happened but just in case, don't make tor
* freak out, close the circuit and move on. */
@@ -404,15 +406,15 @@ launch_rendezvous_point_circuit,(const hs_service_t *service,
goto end;
}
circ->hs_ident = create_rp_circuit_identifier(service,
- data->rendezvous_cookie,
- &ephemeral_kp.pubkey, &keys);
+ data->rdv_data.rendezvous_cookie,
+ &ephemeral_kp.pubkey, &keys);
memwipe(&ephemeral_kp, 0, sizeof(ephemeral_kp));
memwipe(&keys, 0, sizeof(keys));
tor_assert(circ->hs_ident);
}
/* Setup congestion control if asked by the client from the INTRO cell. */
- if (data->cc_enabled) {
+ if (data->rdv_data.cc_enabled) {
hs_circ_setup_congestion_control(circ, congestion_control_sendme_inc(),
service->config.is_single_onion);
}
@@ -1003,9 +1005,9 @@ hs_circ_handle_introduce2(const hs_service_t *service,
data.enc_kp = &ip->enc_key_kp;
data.payload = payload;
data.payload_len = payload_len;
- data.link_specifiers = smartlist_new();
data.replay_cache = ip->replay_cache;
- data.cc_enabled = 0;
+ data.rdv_data.link_specifiers = smartlist_new();
+ data.rdv_data.cc_enabled = 0;
if (get_subcredential_for_handling_intro2_cell(service, &data,
subcredential)) {
@@ -1022,7 +1024,8 @@ hs_circ_handle_introduce2(const hs_service_t *service,
/* Check whether we've seen this REND_COOKIE before to detect repeats. */
if (replaycache_add_test_and_elapsed(
service->state.replay_cache_rend_cookie,
- data.rendezvous_cookie, sizeof(data.rendezvous_cookie),
+ data.rdv_data.rendezvous_cookie,
+ sizeof(data.rdv_data.rendezvous_cookie),
&elapsed)) {
/* A Tor client will send a new INTRODUCE1 cell with the same REND_COOKIE
* as its previous one if its intro circ times out while in state
@@ -1048,7 +1051,7 @@ hs_circ_handle_introduce2(const hs_service_t *service,
ret = 0;
done:
- link_specifier_smartlist_free(data.link_specifiers);
+ link_specifier_smartlist_free(data.rdv_data.link_specifiers);
memwipe(&data, 0, sizeof(data));
return ret;
}