| blob | 5fded92fe380b92245ac70bc3e034f8f18f34479 |
1 /* Copyright (c) 2016-2018, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file hs_client.c
6 * \brief Implement next generation hidden service client functionality
7 **/
9 #define HS_CLIENT_PRIVATE
46 /* Client-side authorizations for hidden services; map of service identity
47 * public key to hs_client_service_authorization_t *. */
50 /* Return a human-readable string for the client fetch status code. */
53 {
71 }
72 }
74 /* Return true iff tor should close the SOCKS request(s) for the descriptor
75 * fetch that ended up with this given status code. */
76 static int
78 {
81 /* No more HSDir to query, we can't complete the SOCKS request(s). */
83 /* The fetch triggered an internal error. */
85 /* Client is not allowed to fetch (FetchHidServDescriptors 0). */
91 /* The rest doesn't require tor to close the SOCKS request(s). */
93 }
95 no_close:
97 close:
99 }
101 /* Cancel all descriptor fetches currently in progress. */
102 static void
104 {
110 /* A directory connection fetching a service descriptor can't have an
111 * empty hidden service identifier. */
113 }
120 /* No ownership of the objects in this list. */
123 }
125 /* Get all connections that are waiting on a circuit and flag them back to
126 * waiting for a hidden service descriptor for the given service key
127 * service_identity_pk. */
128 static void
130 {
140 }
144 service_identity_pk)) {
146 }
150 }
152 /* Remove tracked HSDir requests from our history for this hidden service
153 * identity public key. */
154 static void
156 {
158 ed25519_public_key_t blinded_pk;
162 /* Get blinded pubkey of hidden service. It is possible that we just moved
163 * to a new time period meaning that we won't be able to purge the request
164 * from the previous time period. That is fine because they will expire at
165 * some point and we don't care about those anymore. */
170 }
171 /* Purge last hidden service request from cache for this blinded key. */
173 }
175 /* Return true iff there is at least one pending directory descriptor request
176 * for the service identity_pk. */
177 static int
179 {
187 /* A directory connection fetching a service descriptor can't have an
188 * empty hidden service identifier. */
190 }
193 }
198 /* No ownership of the objects in this list. */
201 }
203 /* Helper function that changes the state of an entry connection to waiting
204 * for a circuit. For this to work properly, the connection timestamps are set
205 * to now and the connection is then marked as pending for a circuit. */
206 static void
208 {
211 /* Because the connection can now proceed to opening circuit and ultimately
212 * connect to the service, reset those timestamp so the connection is
213 * considered "fresh" and can continue without being closed too early. */
217 /* Change connection's state into waiting for a circuit. */
221 }
223 /* We failed to fetch a descriptor for the service with <b>identity_pk</b>
224 * because of <b>status</b>. Find all pending SOCKS connections for this
225 * service that are waiting on the descriptor and close them with
226 * <b>reason</b>. */
227 static void
229 hs_client_fetch_status_t status,
231 {
241 /* Only consider the entry connections that matches the service for which
242 * we tried to get the descriptor */
247 }
249 /* Unattach the entry connection which will close for the reason. */
251 count++;
262 }
264 /* No ownership of the object(s) in this list. */
266 }
268 /* Find all pending SOCKS connection waiting for a descriptor and retry them
269 * all. This is called when the directory information changed. */
270 STATIC void
272 {
277 hs_client_fetch_status_t status;
281 /* Ignore non HS or non v3 connection. */
284 }
285 /* In this loop, we will possibly try to fetch a descriptor for the
286 * pending connections because we just got more directory information.
287 * However, the refetch process can cleanup all SOCKS request to the same
288 * service if an internal error happens. Thus, we can end up with closed
289 * connections in our list. */
292 }
294 /* XXX: There is an optimization we could do which is that for a service
295 * key, we could check if we can fetch and remember that decision. */
297 /* Order a refetch in case it works this time. */
300 /* This is a rare case where a SOCKS connection is in state waiting for
301 * a descriptor but we do have it in the cache.
302 *
303 * This can happen is tor comes back from suspend where it previously
304 * had the descriptor but the intro points were not usuable. Once it
305 * came back to life, the intro point failure cache was cleaned up and
306 * thus the descriptor became usable again leaving us in this code path.
307 *
308 * We'll mark the connection as waiting for a circuit so the descriptor
309 * can be retried. This is safe because a connection in state waiting
310 * for a descriptor can not be in the entry connection pending list. */
313 }
314 /* In the case of an error, either all SOCKS connections have been
315 * closed or we are still missing directory information. Leave the
316 * connection in renddesc wait state so when we get more info, we'll be
317 * able to try it again. */
320 /* We don't have ownership of those objects. */
322 }
324 /* A v3 HS circuit successfully connected to the hidden service. Update the
325 * stream state at <b>hs_conn_ident</b> appropriately. */
326 static void
328 {
331 /* Remove from the hid serv cache all requests for that service so we can
332 * query the HSDir again later on for various reasons. */
335 /* The v2 subsystem cleans up the intro point time out flag at this stage.
336 * We don't try to do it here because we still need to keep intact the intro
337 * point state for future connections. Even though we are able to connect to
338 * the service, doesn't mean we should reset the timed out intro points.
339 *
340 * It is not possible to have successfully connected to an intro point
341 * present in our cache that was on error or timed out. Every entry in that
342 * cache have a 2 minutes lifetime so ultimately the intro point(s) state
343 * will be reset and thus possible to be retried. */
344 }
346 /* Given the pubkey of a hidden service in <b>onion_identity_pk</b>, fetch its
347 * descriptor by launching a dir connection to <b>hsdir</b>. Return a
348 * hs_client_fetch_status_t status code depending on how it went. */
349 static hs_client_fetch_status_t
352 {
354 ed25519_public_key_t blinded_pubkey;
356 hs_ident_dir_conn_t hs_conn_dir_ident;
362 /* Get blinded pubkey */
365 /* ...and base64 it. */
369 }
371 /* Copy onion pk to a dir_ident so that we attach it to the dir conn */
375 /* Setup directory request */
391 /* Fire a REQUESTED event on the control port. */
393 hsdir);
395 /* Cleanup memory. */
401 }
403 /** Return the HSDir we should use to fetch the descriptor of the hidden
404 * service with identity key <b>onion_identity_pk</b>. */
405 STATIC routerstatus_t *
407 {
412 ed25519_public_key_t blinded_pubkey;
417 /* Get blinded pubkey of hidden service */
420 /* ...and base64 it. */
424 }
426 /* Get responsible hsdirs of service for this time period */
435 /* Pick an HSDir from the responsible ones. The ownership of
436 * responsible_hsdirs is given to this function so no need to free it. */
440 }
442 /** Fetch a v3 descriptor using the given <b>onion_identity_pk</b>.
443 *
444 * On success, HS_CLIENT_FETCH_LAUNCHED is returned. Otherwise, an error from
445 * hs_client_fetch_status_t is returned. */
448 {
457 }
460 }
462 /* Make sure that the given v3 origin circuit circ is a valid correct
463 * introduction circuit. This will BUG() on any problems and hard assert if
464 * the anonymity of the circuit is not ok. Return 0 on success else -1 where
465 * the circuit should be mark for closed immediately. */
466 static int
468 {
477 }
480 }
483 }
485 /* This can stop the tor daemon but we want that since if we don't have
486 * anonymity on this circuit, something went really wrong. */
489 }
491 /* Find a descriptor intro point object that matches the given ident in the
492 * given descriptor desc. Return NULL if not found. */
496 {
508 }
512 }
514 /* Find a descriptor intro point object from the descriptor object desc that
515 * matches the given legacy identity digest in legacy_id. Return NULL if not
516 * found. */
520 {
526 /* We will go over every intro point and try to find which one is linked to
527 * that circuit. Those lists are small so it's not that expensive. */
532 /* Not all tor node have an ed25519 identity key so we still rely on the
533 * legacy identity digest. */
536 }
539 }
540 /* Found it. */
546 end:
548 }
550 /* Send an INTRODUCE1 cell along the intro circuit and populate the rend
551 * circuit identifier with the needed key material for the e2e encryption.
552 * Return 0 on success, -1 if there is a transient error such that an action
553 * has been taken to recover and -2 if there is a permanent error indicating
554 * that both circuits were closed. */
555 static int
558 {
567 }
570 /* For logging purposes. There will be a time where the hs_ident will have a
571 * version number but for now there is none because it's all v3. */
577 /* 1) Get descriptor from our cache. */
581 desc)) {
587 /* We just triggered a refetch, make sure every connections are back
588 * waiting for that descriptor. */
590 /* We just asked for a refetch so this is a transient error. */
592 }
594 /* We need to find which intro point in the descriptor we are connected to
595 * on intro_circ. */
598 /* If we can find a descriptor from this introduction circuit ident, we
599 * must have a valid intro point object. Permanent error. */
601 }
603 /* Send the INTRODUCE1 cell. */
607 /* If the introduction circuit was closed, we were unable to send the
608 * cell for some reasons. In any case, the intro circuit has to be
609 * closed by the above function. We'll return a transient error so tor
610 * can recover and pick a new intro point. To avoid picking that same
611 * intro point, we'll note down the intro point failure so it doesn't
612 * get reused. */
615 INTRO_POINT_FAILURE_GENERIC);
616 }
617 /* It is also possible that the rendezvous circuit was closed due to being
618 * unable to use the rendezvous point node_t so in that case, we also want
619 * to recover and let tor pick a new one. */
621 }
623 /* Cell has been sent successfully. Copy the introduction point
624 * authentication and encryption key in the rendezvous circuit identifier so
625 * we can compute the ntor keys when we receive the RENDEZVOUS2 cell. */
631 /* Now, we wait for an ACK or NAK on this circuit. */
633 CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT);
634 /* Set timestamp_dirty, because circuit_expire_building expects it to
635 * specify when a circuit entered the _C_INTRODUCE_ACK_WAIT state. */
639 /* Success. */
643 perm_err:
644 /* Permanent error: it is possible that the intro circuit was closed prior
645 * because we weren't able to send the cell. Make sure we don't double close
646 * it which would result in a warning. */
649 }
654 tran_err:
657 end:
660 }
662 /* Using the introduction circuit circ, setup the authentication key of the
663 * intro point this circuit has extended to. */
664 static void
666 {
674 /* Opening intro circuit without the descriptor is no good... */
676 }
678 /* We will go over every intro point and try to find which one is linked to
679 * that circuit. Those lists are small so it's not that expensive. */
683 /* We got it, copy its authentication key to the identifier. */
687 }
689 /* Reaching this point means we didn't find any intro point for this circuit
690 * which is not suppose to happen. */
693 end:
695 }
697 /* Called when an introduction circuit has opened. */
698 static void
700 {
706 /* This is an introduction circuit so we'll attach the correct
707 * authentication key to the circuit identifier so it can be identified
708 * properly later on. */
712 }
714 /* Called when a rendezvous circuit has opened. */
715 static void
717 {
723 /* Check that we didn't accidentally choose a node that does not understand
724 * the v3 rendezvous protocol */
730 }
731 }
732 }
737 /* Ignore returned value, nothing we can really do. On failure, the circuit
738 * will be marked for close. */
741 /* Register rend circuit in circuitmap if it's still alive. */
745 }
746 }
748 /* This is an helper function that convert a descriptor intro point object ip
749 * to a newly allocated extend_info_t object fully initialized. Return NULL if
750 * we can't convert it for which chances are that we are missing or malformed
751 * link specifiers. */
752 STATIC extend_info_t *
754 {
760 /* We first encode the descriptor link specifiers into the binary
761 * representation which is a trunnel object. */
768 /* Explicitly put the direct connection option to 0 because this is client
769 * side and there is no such thing as a non anonymous client. */
775 }
777 /* Return true iff the intro point ip for the service service_pk is usable.
778 * This function checks if the intro point is in the client intro state cache
779 * and checks at the failures. It is considered usable if:
780 * - No error happened (INTRO_POINT_FAILURE_GENERIC)
781 * - It is not flagged as timed out (INTRO_POINT_FAILURE_TIMEOUT)
782 * - The unreachable count is lower than
783 * MAX_INTRO_POINT_REACHABILITY_FAILURES (INTRO_POINT_FAILURE_UNREACHABLE)
784 */
785 static int
788 {
797 /* This means we've never encountered any problem thus usable. */
799 }
804 }
809 }
814 }
816 usable:
818 not_usable:
820 }
822 /* Using a descriptor desc, return a newly allocated extend_info_t object of a
823 * randomly picked introduction point from its list. Return NULL if none are
824 * usable. */
825 STATIC extend_info_t *
827 {
833 /* Calculate the onion address for logging purposes */
839 /* Assume the service is v3 if the descriptor is missing. This is ok,
840 * because we only use the address in log messages */
843 onion_address);
845 desc)) {
852 }
861 /* Pick a random intro point and immediately remove it from the usable
862 * list so we don't pick it again if we have to iterate more. */
867 /* We need to make sure we have a usable intro points which is in a good
868 * state in our cache. */
871 }
873 /* Generate an extend info object from the intro point object. */
876 /* We can get here for instance if the intro point is a private address
877 * and we aren't allowed to extend to those. */
883 }
885 /* Test the pick against ExcludeNodes. */
887 /* If this pick is in the ExcludeNodes list, we keep its reference so if
888 * we ever end up not being able to pick anything else and StrictNodes is
889 * unset, we'll use it. */
891 /* If something was already here free it. After the loop is gone we
892 * will examine the last excluded intro point, and that's fine since
893 * that's random anyway */
895 }
898 }
900 /* Good pick! Let's go with this. */
902 }
904 /* Reaching this point means a couple of things. Either we can't use any of
905 * the intro point listed because the IP address can't be extended to or it
906 * is listed in the ExcludeNodes list. In the later case, if StrictNodes is
907 * set, we are forced to not use anything. */
919 }
921 end:
925 }
927 /* For this introduction circuit, we'll look at if we have any usable
928 * introduction point left for this service. If so, we'll use the circuit to
929 * re-extend to a new intro point. Else, we'll close the circuit and its
930 * corresponding rendezvous circuit. Return 0 if we are re-extending else -1
931 * if we are closing the circuits.
932 *
933 * This is called when getting an INTRODUCE_ACK cell with a NACK. */
934 static int
936 {
945 /* We can't continue without a descriptor. */
947 }
948 /* We still have the descriptor, great! Let's try to see if we can
949 * re-extend by looking up if there are any usable intro points. */
951 desc)) {
953 }
954 /* Try to re-extend now. */
957 }
958 /* Success on re-extending. Don't return an error. */
962 close:
963 /* Change the intro circuit purpose before so we don't report an intro point
964 * failure again triggering an extra descriptor fetch. The circuit can
965 * already be closed on failure to re-extend. */
968 CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
970 }
971 /* Close the related rendezvous circuit. */
974 /* The rendezvous circuit might have collapsed while the INTRODUCE_ACK was
975 * inflight so we can't expect one every time. */
978 }
980 end:
982 }
984 /* Called when we get an INTRODUCE_ACK success status code. Do the appropriate
985 * actions for the rendezvous point and finally close intro_circ. */
986 static void
988 {
995 /* Get the rendezvous circuit for this rendezvous cookie. */
997 rend_circ =
1002 }
1006 /* It is possible to get a RENDEZVOUS2 cell before the INTRODUCE_ACK which
1007 * means that the circuit will be joined and already transmitting data. In
1008 * that case, simply skip the purpose change and close the intro circuit
1009 * like it should be. */
1012 }
1014 CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED);
1015 /* Set timestamp_dirty, because circuit_expire_building expects it to
1016 * specify when a circuit entered the
1017 * CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED state. */
1020 end:
1021 /* We don't need the intro circuit anymore. It did what it had to do! */
1023 CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
1026 /* XXX: Close pending intro circuits we might have in parallel. */
1028 }
1030 /* Called when we get an INTRODUCE_ACK failure status code. Depending on our
1031 * failure cache status, either close the circuit or re-extend to a new
1032 * introduction point. */
1033 static void
1035 {
1040 status);
1042 /* It's a NAK. The introduction point didn't relay our request. */
1045 /* Note down this failure in the intro point failure cache. Depending on how
1046 * many times we've tried this intro point, close it or reextend. */
1049 INTRO_POINT_FAILURE_GENERIC);
1050 }
1052 /* Called when we get an INTRODUCE_ACK on the intro circuit circ. The encoded
1053 * cell is in payload of length payload_len. Return 0 on success else a
1054 * negative value. The circuit is either close or reuse to re-extend to a new
1055 * introduction point. */
1056 static int
1059 {
1078 /* We are going to see if we have to close the circuits (IP and RP) or we
1079 * can re-extend to a new intro point. */
1084 status,
1087 }
1089 end:
1091 }
1093 /* Called when we get a RENDEZVOUS2 cell on the rendezvous circuit circ. The
1094 * encoded cell is in payload of length payload_len. Return 0 on success or a
1095 * negative value on error. On error, the circuit is marked for close. */
1096 STATIC int
1099 {
1101 curve25519_public_key_t server_pk;
1104 hs_ntor_rend_cell_keys_t keys;
1110 /* Make things easier. */
1117 }
1118 /* Get from the handshake info the SERVER_PK and AUTH_MAC. */
1122 /* Generate the handshake info. */
1129 }
1131 /* Critical check, make sure that the MAC matches what we got with what we
1132 * computed just above. */
1136 }
1138 /* Setup the e2e encryption on the circuit and finalize its state. */
1143 }
1144 /* Success. Hidden service connection finalized! */
1148 err:
1150 end:
1153 }
1155 /* Return true iff the client can fetch a descriptor for this service public
1156 * identity key and status_out if not NULL is untouched. If the client can
1157 * _not_ fetch the descriptor and if status_out is not NULL, it is set with
1158 * the fetch status code. */
1159 static unsigned int
1162 {
1163 hs_client_fetch_status_t status;
1167 /* Are we configured to fetch descriptors? */
1173 }
1175 /* Without a live consensus we can't do any client actions. It is needed to
1176 * compute the hashring for a service. */
1183 }
1191 }
1193 /* Check if fetching a desc for this HS is useful to us right now */
1194 {
1198 cached_desc)) {
1203 }
1204 }
1206 /* Don't try to refetch while we have a pending request for it. */
1211 }
1213 /* Yes, client can fetch! */
1215 cannot:
1218 }
1220 }
1222 /* Return the client auth in the map using the service identity public key.
1223 * Return NULL if it does not exist in the map. */
1226 {
1227 /* If the map is not allocated, we can assume that we do not have any client
1228 * auth information. */
1231 }
1233 }
1235 /* ========== */
1236 /* Public API */
1237 /* ========== */
1239 /** A circuit just finished connecting to a hidden service that the stream
1240 * <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
1241 void
1243 {
1249 }
1257 }
1258 }
1260 /* With the given encoded descriptor in desc_str and the service key in
1261 * service_identity_pk, decode the descriptor and set the desc pointer with a
1262 * newly allocated descriptor object.
1263 *
1264 * Return 0 on success else a negative value and desc is set to NULL. */
1265 int
1269 {
1272 ed25519_public_key_t blinded_pubkey;
1280 /* Check if we have a client authorization for this service in the map. */
1284 }
1286 /* Create subcredential for this HS so that we can decrypt */
1287 {
1292 }
1294 /* Parse descriptor */
1300 }
1302 /* Make sure the descriptor signing key cross certifies with the computed
1303 * blinded key. Without this validation, anyone knowing the subcredential
1304 * and onion address can forge a descriptor. */
1312 }
1315 err:
1317 }
1319 /* Return true iff there are at least one usable intro point in the service
1320 * descriptor desc. */
1321 int
1324 {
1332 }
1336 usable:
1338 }
1340 /** Launch a connection to a hidden service directory to fetch a hidden
1341 * service descriptor using <b>identity_pk</b> to get the necessary keys.
1342 *
1343 * A hs_client_fetch_status_t code is returned. */
1344 int
1346 {
1347 hs_client_fetch_status_t status;
1353 }
1355 /* Try to fetch the desc and if we encounter an unrecoverable error, mark
1356 * the desc as unavailable for now. */
1360 END_STREAM_REASON_RESOLVEFAILED);
1361 /* Remove HSDir fetch attempts so that we can retry later if the user
1362 * wants us to regardless of if we closed any connections. */
1364 }
1366 }
1368 /* This is called when we are trying to attach an AP connection to these
1369 * hidden service circuits from connection_ap_handshake_attach_circuit().
1370 * Return 0 on success, -1 for a transient error that is actions were
1371 * triggered to recover or -2 for a permenent error where both circuits will
1372 * marked for close.
1373 *
1374 * The following supports every hidden service version. */
1375 int
1378 {
1381 rend_circ);
1382 }
1384 /* Called when the client circuit circ has been established. It can be either
1385 * an introduction or rendezvous circuit. This function handles all hidden
1386 * service versions. */
1387 void
1389 {
1392 /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
1393 * identifier hs_ident. Can't be both. */
1400 }
1407 }
1411 }
1412 }
1414 /* Called when we receive a RENDEZVOUS_ESTABLISHED cell. Change the state of
1415 * the circuit to CIRCUIT_PURPOSE_C_REND_READY. Return 0 on success else a
1416 * negative value and the circuit marked for close. */
1417 int
1420 {
1430 }
1436 /* Set timestamp_dirty, because circuit_expire_building expects it to
1437 * specify when a circuit entered the _C_REND_READY state. */
1440 /* From a path bias point of view, this circuit is now successfully used.
1441 * Waiting any longer opens us up to attacks from malicious hidden services.
1442 * They could induce the client to attempt to connect to their hidden
1443 * service and never reply to the client's rend requests */
1446 /* If we already have the introduction circuit built, make sure we send
1447 * the INTRODUCE cell _now_ */
1451 err:
1454 }
1456 #define client_service_authorization_free(auth) \
1457 FREE_AND_NULL(hs_client_service_authorization_t, \
1458 client_service_authorization_free_, (auth))
1460 static void
1462 {
1465 }
1467 }
1469 /** Helper for digest256map_free. */
1470 static void
1472 {
1474 }
1476 static void
1478 {
1481 }
1483 }
1485 /* Check if the auth key file name is valid or not. Return 1 if valid,
1486 * otherwise return 0. */
1487 STATIC int
1489 {
1495 /* The length of the filename must be greater than the length of the
1496 * extension and the valid extension must be at the end of filename. */
1502 }
1505 }
1507 STATIC hs_client_service_authorization_t *
1509 {
1521 /* Wrong number of fields. */
1524 }
1531 /* Currently, the only supported auth type is "descriptor" and the only
1532 * supported key type is "x25519". */
1535 }
1541 }
1548 }
1551 /* Success. */
1554 err:
1556 done:
1557 /* It is also a good idea to wipe the private key. */
1560 }
1565 }
1567 /* From a set of <b>options</b>, setup every client authorization detail
1568 * found. Return 0 on success or -1 on failure. If <b>validate_only</b>
1569 * is set, parse, warn and return as normal, but don't actually change
1570 * the configuration. */
1571 int
1574 {
1584 /* There is no client auth configured. We can just silently ignore this
1585 * function. */
1589 }
1593 /* Make sure the directory exists and is private enough. */
1596 }
1601 key_dir);
1603 }
1608 ed25519_public_key_t identity_pk;
1610 filename);
1615 filename);
1617 }
1619 /* Create a full path for a file. */
1622 /* Free the file path immediately after using it. */
1625 /* If we cannot read the file, continue with the next file. */
1629 }
1632 /* Free immediately after using it. */
1636 /* Parse the onion address to get an identity public key and use it
1637 * as a key of global map in the future. */
1644 }
1652 }
1656 filename);
1657 }
1660 /* Success. */
1663 end:
1670 }
1677 }
1680 }
1682 /* This is called when a descriptor has arrived following a fetch request and
1683 * has been stored in the client cache. Every entry connection that matches
1684 * the service identity key in the ident will get attached to the hidden
1685 * service circuit. */
1686 void
1688 {
1695 AP_CONN_STATE_RENDDESC_WAIT);
1701 /* Only consider the entry connections that matches the service for which
1702 * we just fetched its descriptor. */
1707 }
1710 /* We were just called because we stored the descriptor for this service
1711 * so not finding a descriptor means we have a bigger problem. */
1715 }
1721 END_STREAM_REASON_RESOLVEFAILED);
1722 /* We are unable to use the descriptor so remove the directory request
1723 * from the cache so the next connection can try again. */
1726 }
1730 /* Mark connection as waiting for a circuit since we do have a usable
1731 * descriptor now. */
1735 end:
1736 /* We don't have ownership of the objects in this list. */
1738 }
1740 /* Return a newly allocated extend_info_t for a randomly chosen introduction
1741 * point for the given edge connection identifier ident. Return NULL if we
1742 * can't pick any usable introduction points. */
1743 extend_info_t *
1745 {
1751 }
1753 /* Called when get an INTRODUCE_ACK cell on the introduction circuit circ.
1754 * Return 0 on success else a negative value is returned. The circuit will be
1755 * closed or reuse to extend again to another intro point. */
1756 int
1759 {
1770 }
1774 payload_len);
1775 /* For path bias: This circuit was used successfully. NACK or ACK counts. */
1778 end:
1780 }
1782 /* Called when get a RENDEZVOUS2 cell on the rendezvous circuit circ. Return
1783 * 0 on success else a negative value is returned. The circuit will be closed
1784 * on error. */
1785 int
1788 {
1794 /* Circuit can possibly be in both state because we could receive a
1795 * RENDEZVOUS2 cell before the INTRODUCE_ACK has been received. */
1803 }
1810 payload_len);
1811 end:
1813 }
1815 /* Extend the introduction circuit circ to another valid introduction point
1816 * for the hidden service it is trying to connect to, or mark it and launch a
1817 * new circuit if we can't extend it. Return 0 on success or possible
1818 * success. Return -1 and mark the introduction circuit for close on permanent
1819 * failure.
1820 *
1821 * On failure, the caller is responsible for marking the associated rendezvous
1822 * circuit for close. */
1823 int
1825 {
1838 }
1846 /* We were able to extend so update the timestamp so we avoid expiring
1847 * this circuit too early. The intro circuit is short live so the
1848 * linkability issue is minimized, we just need the circuit to hold a
1849 * bit longer so we can introduce. */
1851 }
1856 /* connection_ap_handshake_attach_circuit will launch a new intro circ. */
1858 }
1860 end:
1863 }
1865 /* Close all client introduction circuits related to the given descriptor.
1866 * This is called with a descriptor that is about to get replaced in the
1867 * client cache.
1868 *
1869 * Even though the introduction point might be exactly the same, we'll rebuild
1870 * them if needed but the odds are very low that an existing matching
1871 * introduction circuit exists at that stage. */
1872 void
1874 {
1879 /* We iterate over all client intro circuits because they aren't kept in the
1880 * HS circuitmap. That is probably something we want to do one day. */
1883 /* Not a v3 circuit, ignore it. */
1885 }
1887 /* Does it match any IP in the given descriptor? If not, ignore. */
1890 }
1892 /* We have a match. Close the circuit as consider it expired. */
1894 }
1895 }
1897 /* Release all the storage held by the client subsystem. */
1898 void
1900 {
1901 /* Purge the hidden service request cache. */
1904 }
1906 /* Purge all potentially remotely-detectable state held in the hidden
1907 * service client code. Called on SIGNAL NEWNYM. */
1908 void
1910 {
1911 /* v2 subsystem. */
1914 /* Cancel all descriptor fetches. Do this first so once done we are sure
1915 * that our descriptor cache won't modified. */
1917 /* Purge the introduction point state cache. */
1919 /* Purge the descriptor cache. */
1921 /* Purge the last hidden service request cache. */
1925 }
1927 /* Called when our directory information has changed. */
1928 void
1930 {
1931 /* We have possibly reached the minimum directory information or new
1932 * consensus so retry all pending SOCKS connection in
1933 * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
1935 }
1937 #ifdef TOR_UNIT_TESTS
1939 STATIC digest256map_t *
1941 {
1943 }