aboutsummaryrefslogtreecommitdiff
path: root/src/feature/hs
AgeCommit message (Collapse)Author
2020-03-17Merge branch 'maint-0.4.2' into maint-0.4.3Nick Mathewson
2020-03-17Merge branch 'maint-0.4.1' into maint-0.4.2Nick Mathewson
2020-03-17Merge branch 'maint-0.3.5' into maint-0.4.1Nick Mathewson
2020-03-17Fix TROVE-2020-003.George Kadianakis
Given that ed25519 public key validity checks are usually not needed and (so far) they are only necessary for onion addesses in the Tor protocol, we decided to fix this specific bug instance without modifying the rest of the codebase (see below for other fix approaches). In our minimal fix we check that the pubkey in hs_service_add_ephemeral() is valid and error out otherwise.
2020-03-17Trivial bugfixes found during TROVE investigation.George Kadianakis
2020-03-11hs-v3: Log reasons why service can't upload descriptorDavid Goulet
When a service can not upload its descriptor(s), we have no logs on why. This adds logging for each possible reason for each descriptors. That logging is emitted every second so it is rate limited for each reason and per descriptor. Closes #33400 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-03-05Merge branch 'clang_format_prep_3'Nick Mathewson
2020-02-26Run "make autostyle"Nick Mathewson
2020-02-24Merge remote-tracking branch 'tor-github/pr/1685/head'Nick Mathewson
2020-02-24Final touches to #32709 based on Nick's feedback.George Kadianakis
- Fix a bug and add unittest. - Add changes file. - Add man page entry.
2020-02-18Fix issues pointed out by Nick.George Kadianakis
- Loose the asserts on num_pkeys. - Straighten some dangling &. - Fix some unpredictable memcpys.
2020-02-12Merge remote-tracking branch 'tor-github/pr/1725' into maint-0.4.3teor
2020-02-12hs-v3: Remove BUG() that can occur normallyDavid Goulet
Fixes #28992 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11Merge branch 'tor-github/pr/1707'George Kadianakis
2020-02-11hs-v3: Remove BUG() that can occur normallyDavid Goulet
Fixes #28992 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11Make n_subcredentials a size_t .George Kadianakis
Based on David's review.
2020-02-10Use semicolons after HT_PROTOTYPE and HT_GENERATE.Nick Mathewson
2020-02-06hs-v3: Remove descriptor when we remove client authorizationDavid Goulet
When the ONION_CLIENT_AUTH_REMOVE command is given to tor, now also remove the descriptor associated with the client authorization credentials. Fixes #33148 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-03hs-v3: Purge ephemeral client auth on NEWNYMDavid Goulet
Fixes #33139. Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-28Write unittest that covers cases of INTRODUCE1 handling.George Kadianakis
Also fix some memleaks of other OB unittests.
2020-01-28Introduce an hs_ob_free_all() function.George Kadianakis
2020-01-28Allow clients to connect to the instance even with OB enabled.George Kadianakis
We do this by including the instance's subcredentials to the list of subcredentials that are used during INTRO2 decryption.
2020-01-28Unify INTRO2 handling codepaths in OB and normal cases.George Kadianakis
Now we use the exact same INTRO2 decrypt logic regardless of whether the service is an OB instance or not. The new get_subcredential_for_handling_intro2_cell() function is responsible for loading the right subcredentials in either case.
2020-01-28Refresh OB keys when we build a new descriptor.George Kadianakis
We now assign OB subcredentials to the service instead of computing them on the spot. See hs_ob_refresh_keys() for more details.
2020-01-21Use time-invariant conditional memcpy to make onionbalance loop saferNick Mathewson
2020-01-21Pass multiple subcredentials all the way down to hs_ntor.Nick Mathewson
This approach saves us a pair of curve25519 operations for every subcredential but the first. It is not yet constant-time. I've noted a few places where IMO we should refactor the code so that the complete list of subcredentials is passed in earlier.
2020-01-21Remove a dead BUG() check.Nick Mathewson
2020-01-21Turn hs_subcredential_t into a proper struct.Nick Mathewson
2020-01-21hs-v3: Implement hs_ob_service_is_instance()David Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21hs-v3: Code improvement for INTRO2 MAC validationDavid Goulet
Pointed by nickm during the review of #32709. Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21hs-v3: Validate INTRO2 cells for onion balanceDavid Goulet
Closes #32709 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21hs-v3: Add the Onion Balance config file optionDavid Goulet
At this commit, the service reads the config file and parse it to finally set the service config object with the options. Part of #32709 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21hs-v3: Extract INTRO2 key computation to its own function.George Kadianakis
Part of #32709 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21hs-v3: Implement hs_parse_address_no_log()David Goulet
The hs_parse_address() can not be used without an options_t object existing since on error it uses the escaped_safe_str() that looks at the options. This new function won't log and returns an error message in case of failure that can then be used to log. Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-13Split core/include.am into per-subdirectory include.am filesNick Mathewson
Closes ticket 32137.
2020-01-09Merge branch 'pre_formatter_cleanups_squashed'Nick Mathewson
2020-01-09Include ht.h in all headers that use HT_ENTRY()Nick Mathewson
Without this change, compilation success depends on include order in several tricky ways.
2020-01-09hs_circuitmap.h: use a struct declarationNick Mathewson
This fixes a case where our compilation would depend on include order.
2020-01-09hs_circuit: use struct declaration.Nick Mathewson
This frees us from a dependency on include order.
2020-01-08It's 2020. Update the copyright dates with "make update-copyright"Nick Mathewson
2019-12-20Code Style: Delete headers that are included twiceteor
These changes were created using the "make autostyle" from 32522, and then split into commits.
2019-12-20Code Style: Delete PRIVATE defines that are never usedteor
Some ".c" files define *_PRIVATE macros, but those macros are not used in any header file. Delete them. These changes were created using the "make autostyle" from 32522, and then split into commits.
2019-12-18Merge branch 'tor-github/pr/1587'George Kadianakis
2019-12-10In cancel_descriptor_fetches(), use connection_list_by_type_purpose() ↵Neel Chauhan
instead of connection_list_by_type_state()
2019-12-10Merge branch 'tor-github/pr/1581'George Kadianakis
2019-12-10hs-v3: Handle client rendezvous circuit timeoutDavid Goulet
With v3, the "pending_final_cpath" of a circuit is always NULL which means that for v3, established client rendezvous circuit waiting for the intro point to ACK, will always end up timing out quickly. This can increase the delays to which you connect to a service since in order to succeed, the rendezvous circuit needs to fully established (CIRCUIT_PURPOSE_C_REND_JOINED) within the cutoff of the introduction circuit as well which is these days around 2-3 seconds. Fixes #32021 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-12-04Merge branch 'ticket32609_squashed'Nick Mathewson
2019-12-04practracker: Add missing .may_include filesteor
All of these files contain "*.h", except for: * src/app/config/.may_include * src/test/.may_include which also contain "*.inc". This change prevents includes of "*.c" files, and other unusually named files. Part of 32609.
2019-12-03hs-v3: Fix NULL deref. in hs_circ_service_get_established_intro_circ()David Goulet
Found by Stem regression tests. Reported by atagar. Fixes #32664 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-12-03Merge branch 'tor-github/pr/1563'David Goulet
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion