| blob | 8b633759392b7e861d4259f7f9b226823c9a316b |
1 /* Copyright (c) 2016-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file hs_client.c
6 * \brief Implement next generation hidden service client functionality
7 **/
9 #define HS_CLIENT_PRIVATE
46 /* Client-side authorizations for hidden services; map of service identity
47 * public key to hs_client_service_authorization_t *. */
52 /* Return a human-readable string for the client fetch status code. */
55 {
73 }
74 }
76 /* Return true iff tor should close the SOCKS request(s) for the descriptor
77 * fetch that ended up with this given status code. */
78 static int
80 {
83 /* No more HSDir to query, we can't complete the SOCKS request(s). */
85 /* The fetch triggered an internal error. */
87 /* Client is not allowed to fetch (FetchHidServDescriptors 0). */
93 /* The rest doesn't require tor to close the SOCKS request(s). */
95 }
97 no_close:
99 close:
101 }
103 /* Cancel all descriptor fetches currently in progress. */
104 static void
106 {
112 /* A directory connection fetching a service descriptor can't have an
113 * empty hidden service identifier. */
115 }
122 /* No ownership of the objects in this list. */
125 }
127 /* Get all connections that are waiting on a circuit and flag them back to
128 * waiting for a hidden service descriptor for the given service key
129 * service_identity_pk. */
130 static void
132 {
142 }
146 service_identity_pk)) {
148 }
152 }
154 /* Remove tracked HSDir requests from our history for this hidden service
155 * identity public key. */
156 static void
158 {
160 ed25519_public_key_t blinded_pk;
164 /* Get blinded pubkey of hidden service. It is possible that we just moved
165 * to a new time period meaning that we won't be able to purge the request
166 * from the previous time period. That is fine because they will expire at
167 * some point and we don't care about those anymore. */
171 /* Purge last hidden service request from cache for this blinded key. */
173 }
175 /* Return true iff there is at least one pending directory descriptor request
176 * for the service identity_pk. */
177 static int
179 {
187 /* A directory connection fetching a service descriptor can't have an
188 * empty hidden service identifier. */
190 }
193 }
198 /* No ownership of the objects in this list. */
201 }
203 /* Helper function that changes the state of an entry connection to waiting
204 * for a circuit. For this to work properly, the connection timestamps are set
205 * to now and the connection is then marked as pending for a circuit. */
206 static void
208 {
211 /* Because the connection can now proceed to opening circuit and ultimately
212 * connect to the service, reset those timestamp so the connection is
213 * considered "fresh" and can continue without being closed too early. */
217 /* Change connection's state into waiting for a circuit. */
221 }
223 /* We failed to fetch a descriptor for the service with <b>identity_pk</b>
224 * because of <b>status</b>. Find all pending SOCKS connections for this
225 * service that are waiting on the descriptor and close them with
226 * <b>reason</b>. */
227 static void
229 hs_client_fetch_status_t status,
231 {
241 /* Only consider the entry connections that matches the service for which
242 * we tried to get the descriptor */
247 }
249 /* Unattach the entry connection which will close for the reason. */
251 count++;
262 }
264 /* No ownership of the object(s) in this list. */
266 }
268 /* Find all pending SOCKS connection waiting for a descriptor and retry them
269 * all. This is called when the directory information changed. */
270 STATIC void
272 {
277 hs_client_fetch_status_t status;
281 /* Ignore non HS or non v3 connection. */
284 }
285 /* In this loop, we will possibly try to fetch a descriptor for the
286 * pending connections because we just got more directory information.
287 * However, the refetch process can cleanup all SOCKS request to the same
288 * service if an internal error happens. Thus, we can end up with closed
289 * connections in our list. */
292 }
294 /* XXX: There is an optimization we could do which is that for a service
295 * key, we could check if we can fetch and remember that decision. */
297 /* Order a refetch in case it works this time. */
300 /* This is a rare case where a SOCKS connection is in state waiting for
301 * a descriptor but we do have it in the cache.
302 *
303 * This can happen is tor comes back from suspend where it previously
304 * had the descriptor but the intro points were not usuable. Once it
305 * came back to life, the intro point failure cache was cleaned up and
306 * thus the descriptor became usable again leaving us in this code path.
307 *
308 * We'll mark the connection as waiting for a circuit so the descriptor
309 * can be retried. This is safe because a connection in state waiting
310 * for a descriptor can not be in the entry connection pending list. */
313 }
314 /* In the case of an error, either all SOCKS connections have been
315 * closed or we are still missing directory information. Leave the
316 * connection in renddesc wait state so when we get more info, we'll be
317 * able to try it again. */
320 /* We don't have ownership of those objects. */
322 }
324 /* A v3 HS circuit successfully connected to the hidden service. Update the
325 * stream state at <b>hs_conn_ident</b> appropriately. */
326 static void
328 {
331 /* Remove from the hid serv cache all requests for that service so we can
332 * query the HSDir again later on for various reasons. */
335 /* The v2 subsystem cleans up the intro point time out flag at this stage.
336 * We don't try to do it here because we still need to keep intact the intro
337 * point state for future connections. Even though we are able to connect to
338 * the service, doesn't mean we should reset the timed out intro points.
339 *
340 * It is not possible to have successfully connected to an intro point
341 * present in our cache that was on error or timed out. Every entry in that
342 * cache have a 2 minutes lifetime so ultimately the intro point(s) state
343 * will be reset and thus possible to be retried. */
344 }
346 /* Given the pubkey of a hidden service in <b>onion_identity_pk</b>, fetch its
347 * descriptor by launching a dir connection to <b>hsdir</b>. Return a
348 * hs_client_fetch_status_t status code depending on how it went. */
349 static hs_client_fetch_status_t
352 {
354 ed25519_public_key_t blinded_pubkey;
356 hs_ident_dir_conn_t hs_conn_dir_ident;
361 /* Get blinded pubkey */
364 /* ...and base64 it. */
367 /* Copy onion pk to a dir_ident so that we attach it to the dir conn */
371 /* Setup directory request */
387 /* Fire a REQUESTED event on the control port. */
389 hsdir);
391 /* Cleanup memory. */
397 }
399 /** Return the HSDir we should use to fetch the descriptor of the hidden
400 * service with identity key <b>onion_identity_pk</b>. */
401 STATIC routerstatus_t *
403 {
407 ed25519_public_key_t blinded_pubkey;
412 /* Get blinded pubkey of hidden service */
415 /* ...and base64 it. */
418 /* Get responsible hsdirs of service for this time period */
427 /* Pick an HSDir from the responsible ones. The ownership of
428 * responsible_hsdirs is given to this function so no need to free it. */
432 }
434 /** Fetch a v3 descriptor using the given <b>onion_identity_pk</b>.
435 *
436 * On success, HS_CLIENT_FETCH_LAUNCHED is returned. Otherwise, an error from
437 * hs_client_fetch_status_t is returned. */
440 {
449 }
452 }
454 /* With a given <b>onion_identity_pk</b>, fetch its descriptor. If
455 * <b>hsdirs</b> is specified, use the directory servers specified in the list.
456 * Else, use a random server. */
457 void
460 {
469 }
470 }
472 /* Make sure that the given v3 origin circuit circ is a valid correct
473 * introduction circuit. This will BUG() on any problems and hard assert if
474 * the anonymity of the circuit is not ok. Return 0 on success else -1 where
475 * the circuit should be mark for closed immediately. */
476 static int
478 {
487 }
490 }
493 }
495 /* This can stop the tor daemon but we want that since if we don't have
496 * anonymity on this circuit, something went really wrong. */
499 }
501 /* Find a descriptor intro point object that matches the given ident in the
502 * given descriptor desc. Return NULL if not found. */
506 {
518 }
522 }
524 /* Find a descriptor intro point object from the descriptor object desc that
525 * matches the given legacy identity digest in legacy_id. Return NULL if not
526 * found. */
530 {
536 /* We will go over every intro point and try to find which one is linked to
537 * that circuit. Those lists are small so it's not that expensive. */
542 /* Not all tor node have an ed25519 identity key so we still rely on the
543 * legacy identity digest. */
546 }
549 DIGEST_LEN)) {
551 }
552 /* Found it. */
558 end:
560 }
562 /* Send an INTRODUCE1 cell along the intro circuit and populate the rend
563 * circuit identifier with the needed key material for the e2e encryption.
564 * Return 0 on success, -1 if there is a transient error such that an action
565 * has been taken to recover and -2 if there is a permanent error indicating
566 * that both circuits were closed. */
567 static int
570 {
579 }
582 /* For logging purposes. There will be a time where the hs_ident will have a
583 * version number but for now there is none because it's all v3. */
589 /* 1) Get descriptor from our cache. */
593 desc)) {
599 /* We just triggered a refetch, make sure every connections are back
600 * waiting for that descriptor. */
602 /* We just asked for a refetch so this is a transient error. */
604 }
606 /* We need to find which intro point in the descriptor we are connected to
607 * on intro_circ. */
610 /* The following is possible if the descriptor was changed while we had
611 * this introduction circuit open and waiting for the rendezvous circuit to
612 * be ready. Which results in this situation where we can't find the
613 * corresponding intro point within the descriptor of the service. */
618 }
620 /* Send the INTRODUCE1 cell. */
624 /* If the introduction circuit was closed, we were unable to send the
625 * cell for some reasons. In any case, the intro circuit has to be
626 * closed by the above function. We'll return a transient error so tor
627 * can recover and pick a new intro point. To avoid picking that same
628 * intro point, we'll note down the intro point failure so it doesn't
629 * get reused. */
632 INTRO_POINT_FAILURE_GENERIC);
633 }
634 /* It is also possible that the rendezvous circuit was closed due to being
635 * unable to use the rendezvous point node_t so in that case, we also want
636 * to recover and let tor pick a new one. */
638 }
640 /* Cell has been sent successfully. Copy the introduction point
641 * authentication and encryption key in the rendezvous circuit identifier so
642 * we can compute the ntor keys when we receive the RENDEZVOUS2 cell. */
648 /* Now, we wait for an ACK or NAK on this circuit. */
650 CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT);
651 /* Set timestamp_dirty, because circuit_expire_building expects it to
652 * specify when a circuit entered the _C_INTRODUCE_ACK_WAIT state. */
656 /* Success. */
660 perm_err:
661 /* Permanent error: it is possible that the intro circuit was closed prior
662 * because we weren't able to send the cell. Make sure we don't double close
663 * it which would result in a warning. */
666 }
671 tran_err:
674 end:
677 }
679 /* Using the introduction circuit circ, setup the authentication key of the
680 * intro point this circuit has extended to. */
681 static void
683 {
691 /* There is a very small race window between the opening of this circuit
692 * and the client descriptor cache that gets purged (NEWNYM) or the
693 * cleaned up because it expired. Mark the circuit for close so a new
694 * descriptor fetch can occur. */
697 }
699 /* We will go over every intro point and try to find which one is linked to
700 * that circuit. Those lists are small so it's not that expensive. */
704 /* We got it, copy its authentication key to the identifier. */
708 }
710 /* Reaching this point means we didn't find any intro point for this circuit
711 * which is not supposed to happen. */
714 end:
716 }
718 /* Called when an introduction circuit has opened. */
719 static void
721 {
727 /* This is an introduction circuit so we'll attach the correct
728 * authentication key to the circuit identifier so it can be identified
729 * properly later on. */
733 }
735 /* Called when a rendezvous circuit has opened. */
736 static void
738 {
744 /* Check that we didn't accidentally choose a node that does not understand
745 * the v3 rendezvous protocol */
751 }
752 }
753 }
758 /* Ignore returned value, nothing we can really do. On failure, the circuit
759 * will be marked for close. */
762 /* Register rend circuit in circuitmap if it's still alive. */
766 }
767 }
769 /* This is an helper function that convert a descriptor intro point object ip
770 * to a newly allocated extend_info_t object fully initialized. Return NULL if
771 * we can't convert it for which chances are that we are missing or malformed
772 * link specifiers. */
773 STATIC extend_info_t *
775 {
780 /* Explicitly put the direct connection option to 0 because this is client
781 * side and there is no such thing as a non anonymous client. */
785 }
787 /* Return true iff the intro point ip for the service service_pk is usable.
788 * This function checks if the intro point is in the client intro state cache
789 * and checks at the failures. It is considered usable if:
790 * - No error happened (INTRO_POINT_FAILURE_GENERIC)
791 * - It is not flagged as timed out (INTRO_POINT_FAILURE_TIMEOUT)
792 * - The unreachable count is lower than
793 * MAX_INTRO_POINT_REACHABILITY_FAILURES (INTRO_POINT_FAILURE_UNREACHABLE)
794 */
795 static int
798 {
807 /* This means we've never encountered any problem thus usable. */
809 }
814 }
819 }
824 }
826 usable:
828 not_usable:
830 }
832 /* Using a descriptor desc, return a newly allocated extend_info_t object of a
833 * randomly picked introduction point from its list. Return NULL if none are
834 * usable. */
835 STATIC extend_info_t *
837 {
843 /* Calculate the onion address for logging purposes */
849 /* Assume the service is v3 if the descriptor is missing. This is ok,
850 * because we only use the address in log messages */
853 onion_address);
855 desc)) {
862 }
871 /* Pick a random intro point and immediately remove it from the usable
872 * list so we don't pick it again if we have to iterate more. */
877 /* We need to make sure we have a usable intro points which is in a good
878 * state in our cache. */
881 }
883 /* Generate an extend info object from the intro point object. */
886 /* We can get here for instance if the intro point is a private address
887 * and we aren't allowed to extend to those. */
893 }
895 /* Test the pick against ExcludeNodes. */
897 /* If this pick is in the ExcludeNodes list, we keep its reference so if
898 * we ever end up not being able to pick anything else and StrictNodes is
899 * unset, we'll use it. */
901 /* If something was already here free it. After the loop is gone we
902 * will examine the last excluded intro point, and that's fine since
903 * that's random anyway */
905 }
908 }
910 /* Good pick! Let's go with this. */
912 }
914 /* Reaching this point means a couple of things. Either we can't use any of
915 * the intro point listed because the IP address can't be extended to or it
916 * is listed in the ExcludeNodes list. In the later case, if StrictNodes is
917 * set, we are forced to not use anything. */
929 }
931 end:
935 }
937 /* For this introduction circuit, we'll look at if we have any usable
938 * introduction point left for this service. If so, we'll use the circuit to
939 * re-extend to a new intro point. Else, we'll close the circuit and its
940 * corresponding rendezvous circuit. Return 0 if we are re-extending else -1
941 * if we are closing the circuits.
942 *
943 * This is called when getting an INTRODUCE_ACK cell with a NACK. */
944 static int
946 {
955 /* We can't continue without a descriptor. */
957 }
958 /* We still have the descriptor, great! Let's try to see if we can
959 * re-extend by looking up if there are any usable intro points. */
961 desc)) {
963 }
964 /* Try to re-extend now. */
967 }
968 /* Success on re-extending. Don't return an error. */
972 close:
973 /* Change the intro circuit purpose before so we don't report an intro point
974 * failure again triggering an extra descriptor fetch. The circuit can
975 * already be closed on failure to re-extend. */
978 CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
980 }
981 /* Close the related rendezvous circuit. */
984 /* The rendezvous circuit might have collapsed while the INTRODUCE_ACK was
985 * inflight so we can't expect one every time. */
988 }
990 end:
992 }
994 /* Called when we get an INTRODUCE_ACK success status code. Do the appropriate
995 * actions for the rendezvous point and finally close intro_circ. */
996 static void
998 {
1005 /* Get the rendezvous circuit for this rendezvous cookie. */
1007 rend_circ =
1012 }
1016 /* It is possible to get a RENDEZVOUS2 cell before the INTRODUCE_ACK which
1017 * means that the circuit will be joined and already transmitting data. In
1018 * that case, simply skip the purpose change and close the intro circuit
1019 * like it should be. */
1022 }
1024 CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED);
1025 /* Set timestamp_dirty, because circuit_expire_building expects it to
1026 * specify when a circuit entered the
1027 * CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED state. */
1030 end:
1031 /* We don't need the intro circuit anymore. It did what it had to do! */
1033 CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
1036 /* XXX: Close pending intro circuits we might have in parallel. */
1038 }
1040 /* Called when we get an INTRODUCE_ACK failure status code. Depending on our
1041 * failure cache status, either close the circuit or re-extend to a new
1042 * introduction point. */
1043 static void
1045 {
1050 status);
1052 /* It's a NAK. The introduction point didn't relay our request. */
1055 /* Note down this failure in the intro point failure cache. Depending on how
1056 * many times we've tried this intro point, close it or reextend. */
1059 INTRO_POINT_FAILURE_GENERIC);
1060 }
1062 /* Called when we get an INTRODUCE_ACK on the intro circuit circ. The encoded
1063 * cell is in payload of length payload_len. Return 0 on success else a
1064 * negative value. The circuit is either close or reuse to re-extend to a new
1065 * introduction point. */
1066 static int
1069 {
1086 /* It is possible that the intro point can send us an unknown status code
1087 * for the NACK that we do not know about like a new code for instance.
1088 * Just fallthrough so we can note down the NACK and re-extend. */
1091 /* We are going to see if we have to close the circuits (IP and RP) or we
1092 * can re-extend to a new intro point. */
1095 }
1097 end:
1099 }
1101 /* Called when we get a RENDEZVOUS2 cell on the rendezvous circuit circ. The
1102 * encoded cell is in payload of length payload_len. Return 0 on success or a
1103 * negative value on error. On error, the circuit is marked for close. */
1104 STATIC int
1107 {
1109 curve25519_public_key_t server_pk;
1112 hs_ntor_rend_cell_keys_t keys;
1118 /* Make things easier. */
1125 }
1126 /* Get from the handshake info the SERVER_PK and AUTH_MAC. */
1130 /* Generate the handshake info. */
1137 }
1139 /* Critical check, make sure that the MAC matches what we got with what we
1140 * computed just above. */
1144 }
1146 /* Setup the e2e encryption on the circuit and finalize its state. */
1151 }
1152 /* Success. Hidden service connection finalized! */
1156 err:
1158 end:
1161 }
1163 /* Return true iff the client can fetch a descriptor for this service public
1164 * identity key and status_out if not NULL is untouched. If the client can
1165 * _not_ fetch the descriptor and if status_out is not NULL, it is set with
1166 * the fetch status code. */
1167 static unsigned int
1170 {
1171 hs_client_fetch_status_t status;
1175 /* Are we configured to fetch descriptors? */
1181 }
1183 /* Without a live consensus we can't do any client actions. It is needed to
1184 * compute the hashring for a service. */
1191 }
1199 }
1201 /* Check if fetching a desc for this HS is useful to us right now */
1202 {
1206 cached_desc)) {
1211 }
1212 }
1214 /* Don't try to refetch while we have a pending request for it. */
1219 }
1221 /* Yes, client can fetch! */
1223 cannot:
1226 }
1228 }
1230 /* Return the client auth in the map using the service identity public key.
1231 * Return NULL if it does not exist in the map. */
1234 {
1235 /* If the map is not allocated, we can assume that we do not have any client
1236 * auth information. */
1239 }
1241 }
1243 /* ========== */
1244 /* Public API */
1245 /* ========== */
1247 /** A circuit just finished connecting to a hidden service that the stream
1248 * <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
1249 void
1251 {
1257 }
1265 }
1266 }
1268 /* With the given encoded descriptor in desc_str and the service key in
1269 * service_identity_pk, decode the descriptor and set the desc pointer with a
1270 * newly allocated descriptor object.
1271 *
1272 * Return 0 on success else a negative value and desc is set to NULL. */
1273 int
1277 {
1280 ed25519_public_key_t blinded_pubkey;
1288 /* Check if we have a client authorization for this service in the map. */
1292 }
1294 /* Create subcredential for this HS so that we can decrypt */
1295 {
1300 }
1302 /* Parse descriptor */
1308 }
1310 /* Make sure the descriptor signing key cross certifies with the computed
1311 * blinded key. Without this validation, anyone knowing the subcredential
1312 * and onion address can forge a descriptor. */
1320 }
1323 err:
1325 }
1327 /* Return true iff there are at least one usable intro point in the service
1328 * descriptor desc. */
1329 int
1332 {
1340 }
1344 usable:
1346 }
1348 /** Launch a connection to a hidden service directory to fetch a hidden
1349 * service descriptor using <b>identity_pk</b> to get the necessary keys.
1350 *
1351 * A hs_client_fetch_status_t code is returned. */
1352 int
1354 {
1355 hs_client_fetch_status_t status;
1361 }
1363 /* Try to fetch the desc and if we encounter an unrecoverable error, mark
1364 * the desc as unavailable for now. */
1368 END_STREAM_REASON_RESOLVEFAILED);
1369 /* Remove HSDir fetch attempts so that we can retry later if the user
1370 * wants us to regardless of if we closed any connections. */
1372 }
1374 }
1376 /* This is called when we are trying to attach an AP connection to these
1377 * hidden service circuits from connection_ap_handshake_attach_circuit().
1378 * Return 0 on success, -1 for a transient error that is actions were
1379 * triggered to recover or -2 for a permenent error where both circuits will
1380 * marked for close.
1381 *
1382 * The following supports every hidden service version. */
1383 int
1386 {
1389 rend_circ);
1390 }
1392 /* Called when the client circuit circ has been established. It can be either
1393 * an introduction or rendezvous circuit. This function handles all hidden
1394 * service versions. */
1395 void
1397 {
1400 /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
1401 * identifier hs_ident. Can't be both. */
1408 }
1415 }
1419 }
1420 }
1422 /* Called when we receive a RENDEZVOUS_ESTABLISHED cell. Change the state of
1423 * the circuit to CIRCUIT_PURPOSE_C_REND_READY. Return 0 on success else a
1424 * negative value and the circuit marked for close. */
1425 int
1428 {
1438 }
1444 /* Set timestamp_dirty, because circuit_expire_building expects it to
1445 * specify when a circuit entered the _C_REND_READY state. */
1448 /* From a path bias point of view, this circuit is now successfully used.
1449 * Waiting any longer opens us up to attacks from malicious hidden services.
1450 * They could induce the client to attempt to connect to their hidden
1451 * service and never reply to the client's rend requests */
1454 /* If we already have the introduction circuit built, make sure we send
1455 * the INTRODUCE cell _now_ */
1459 err:
1462 }
1464 #define client_service_authorization_free(auth) \
1465 FREE_AND_NULL(hs_client_service_authorization_t, \
1466 client_service_authorization_free_, (auth))
1468 static void
1470 {
1473 }
1475 }
1477 /** Helper for digest256map_free. */
1478 static void
1480 {
1482 }
1484 static void
1486 {
1489 }
1491 }
1493 /* Check if the auth key file name is valid or not. Return 1 if valid,
1494 * otherwise return 0. */
1495 STATIC int
1497 {
1503 /* The length of the filename must be greater than the length of the
1504 * extension and the valid extension must be at the end of filename. */
1510 }
1513 }
1515 STATIC hs_client_service_authorization_t *
1517 {
1529 /* Wrong number of fields. */
1532 }
1539 /* Currently, the only supported auth type is "descriptor" and the only
1540 * supported key type is "x25519". */
1543 }
1549 }
1559 }
1562 /* Success. */
1565 err:
1567 done:
1568 /* It is also a good idea to wipe the private key. */
1571 }
1576 }
1578 /* From a set of <b>options</b>, setup every client authorization detail
1579 * found. Return 0 on success or -1 on failure. If <b>validate_only</b>
1580 * is set, parse, warn and return as normal, but don't actually change
1581 * the configuration. */
1582 int
1585 {
1595 /* There is no client auth configured. We can just silently ignore this
1596 * function. */
1600 }
1604 /* Make sure the directory exists and is private enough. */
1607 }
1612 key_dir);
1614 }
1619 ed25519_public_key_t identity_pk;
1621 filename);
1626 filename);
1628 }
1630 /* Create a full path for a file. */
1633 /* Free the file path immediately after using it. */
1636 /* If we cannot read the file, continue with the next file. */
1640 }
1643 /* Free immediately after using it. */
1647 /* Parse the onion address to get an identity public key and use it
1648 * as a key of global map in the future. */
1655 }
1663 }
1667 filename);
1668 }
1671 /* Success. */
1674 end:
1681 }
1688 }
1691 }
1693 /* This is called when a descriptor has arrived following a fetch request and
1694 * has been stored in the client cache. Every entry connection that matches
1695 * the service identity key in the ident will get attached to the hidden
1696 * service circuit. */
1697 void
1699 {
1706 AP_CONN_STATE_RENDDESC_WAIT);
1712 /* Only consider the entry connections that matches the service for which
1713 * we just fetched its descriptor. */
1718 }
1721 /* We were just called because we stored the descriptor for this service
1722 * so not finding a descriptor means we have a bigger problem. */
1726 }
1732 END_STREAM_REASON_RESOLVEFAILED);
1733 /* We are unable to use the descriptor so remove the directory request
1734 * from the cache so the next connection can try again. */
1737 }
1741 /* Mark connection as waiting for a circuit since we do have a usable
1742 * descriptor now. */
1746 end:
1747 /* We don't have ownership of the objects in this list. */
1749 }
1751 /* Return a newly allocated extend_info_t for a randomly chosen introduction
1752 * point for the given edge connection identifier ident. Return NULL if we
1753 * can't pick any usable introduction points. */
1754 extend_info_t *
1756 {
1762 }
1764 /* Called when get an INTRODUCE_ACK cell on the introduction circuit circ.
1765 * Return 0 on success else a negative value is returned. The circuit will be
1766 * closed or reuse to extend again to another intro point. */
1767 int
1770 {
1781 }
1785 payload_len);
1786 /* For path bias: This circuit was used successfully. NACK or ACK counts. */
1789 end:
1791 }
1793 /* Called when get a RENDEZVOUS2 cell on the rendezvous circuit circ. Return
1794 * 0 on success else a negative value is returned. The circuit will be closed
1795 * on error. */
1796 int
1799 {
1805 /* Circuit can possibly be in both state because we could receive a
1806 * RENDEZVOUS2 cell before the INTRODUCE_ACK has been received. */
1814 }
1821 payload_len);
1822 end:
1824 }
1826 /* Extend the introduction circuit circ to another valid introduction point
1827 * for the hidden service it is trying to connect to, or mark it and launch a
1828 * new circuit if we can't extend it. Return 0 on success or possible
1829 * success. Return -1 and mark the introduction circuit for close on permanent
1830 * failure.
1831 *
1832 * On failure, the caller is responsible for marking the associated rendezvous
1833 * circuit for close. */
1834 int
1836 {
1849 }
1857 /* We were able to extend so update the timestamp so we avoid expiring
1858 * this circuit too early. The intro circuit is short live so the
1859 * linkability issue is minimized, we just need the circuit to hold a
1860 * bit longer so we can introduce. */
1862 }
1867 /* connection_ap_handshake_attach_circuit will launch a new intro circ. */
1869 }
1871 end:
1874 }
1876 /* Close all client introduction circuits related to the given descriptor.
1877 * This is called with a descriptor that is about to get replaced in the
1878 * client cache.
1879 *
1880 * Even though the introduction point might be exactly the same, we'll rebuild
1881 * them if needed but the odds are very low that an existing matching
1882 * introduction circuit exists at that stage. */
1883 void
1885 {
1890 /* We iterate over all client intro circuits because they aren't kept in the
1891 * HS circuitmap. That is probably something we want to do one day. */
1894 /* Not a v3 circuit, ignore it. */
1896 }
1898 /* Does it match any IP in the given descriptor? If not, ignore. */
1901 }
1903 /* We have a match. Close the circuit as consider it expired. */
1905 }
1906 }
1908 /* Release all the storage held by the client subsystem. */
1909 void
1911 {
1912 /* Purge the hidden service request cache. */
1915 }
1917 /* Purge all potentially remotely-detectable state held in the hidden
1918 * service client code. Called on SIGNAL NEWNYM. */
1919 void
1921 {
1922 /* v2 subsystem. */
1925 /* Cancel all descriptor fetches. Do this first so once done we are sure
1926 * that our descriptor cache won't modified. */
1928 /* Purge the introduction point state cache. */
1930 /* Purge the descriptor cache. */
1932 /* Purge the last hidden service request cache. */
1936 }
1938 /* Called when our directory information has changed. */
1939 void
1941 {
1942 /* We have possibly reached the minimum directory information or new
1943 * consensus so retry all pending SOCKS connection in
1944 * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
1946 }
1948 #ifdef TOR_UNIT_TESTS
1950 STATIC digest256map_t *
1952 {
1954 }