Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Introduces hs_init() located in hs_common.c which initialize the entire HS v3
subsystem. This is done _prior_ to the options being loaded because we need to
allocate global data structure before we load the configuration.

The hs_free_all() is added to release everything from tor_free_all().

Note that both functions do NOT handle v2 service subsystem but does handle
the common interface that both v2 and v3 needs such as the cache and
circuitmap.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Add the hs_config.{c|h} files contains everything that the HS subsystem needs
to load and configure services. Ultimately, it should also contain client
functions such as client authorization.

This comes with a big refactoring of rend_config_services() which has now
changed to only configure a single service and it is stripped down of the
common directives which are now part of the generic handler.

This is ground work for prop224 of course but only touches version 2 services
and add XXX note for version 3.

Signed-off-by: David Goulet <dgoulet@torproject.org>

This object is the foundation of proposal 224 service work. It will change
and be adapted as it's being used more and more in the codebase. So, this
version is just a basic skeleton one that *will* change.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Groundwork for more prop224 service and client code. This object contains
common data that both client and service uses.

Signed-off-by: David Goulet <dgoulet@torproject.org>

teor authored 7 years ago and Nick Mathewson committed 7 years ago

There are only so many times you can type "4".

teor authored 7 years ago and Nick Mathewson committed 7 years ago

This guards against future occurrences of 17750.

teor authored 7 years ago and Nick Mathewson committed 7 years ago

Make clients wait for 6 seconds before trying to download their
consensus from an authority.

Fixes bug 17750, bugfix on 0.2.8.1-alpha.

George Kadianakis authored 7 years ago and Nick Mathewson committed 7 years ago

Had to also edit hs_ntor_circuit_key_expansion() to make it happen.

George Kadianakis authored 7 years ago and Nick Mathewson committed 7 years ago

based on Nick's review.

George Kadianakis authored 7 years ago and Nick Mathewson committed 7 years ago

Move code to create connection streams and rend_data structures to
test_helpers so that we can use them from the e2e rendezvous circuit
unittests.

George Kadianakis authored 7 years ago and Nick Mathewson committed 7 years ago

- Move some crypto structures so that they are visible by tests.

- Introduce a func to count number of hops in cpath which will be used
  by the tests.

- Mark a function as mockable.

George Kadianakis authored 7 years ago and Nick Mathewson committed 7 years ago

This commit paves the way for the e2e circuit unittests.

Add a stub for the prop224 equivalent of rend_client_note_connection_attempt_ended().

That function was needed for tests, since the legacy function would get
called when we attach streams and our client-side tests would crash with
assert failures on rend_data.

This also introduces hs_client.[ch] to the codebase.

David Goulet authored 7 years ago and Nick Mathewson committed 7 years ago

This commit adds most of the work of #21859. It introduces hs_circuit.c
functions that can handle the setup of e2e circuits for prop224 hidden
services, and also for legacy hidden service clients. Entry points are:

		prop224 circuits: hs_circuit_setup_e2e_rend_circ()
		legacy client-side circuits: hs_circuit_setup_e2e_rend_circ_legacy_client()

This commit swaps the old rendclient code to use the new API.

I didn't try to accomodate the legacy service-side code in this API, since
that's too tangled up and it would mess up the new API considerably IMO (all
this service_pending_final_cpath_ref stuff is complicated and I didn't want to
change it).

Signed-off-by: David Goulet <dgoulet@torproject.org>

George Kadianakis authored 7 years ago and Nick Mathewson committed 7 years ago

The legacy HS circuit code uses rend_data to match between circuits and
streams. We refactor some of that code so that it understands hs_ident
as well which is used for prop224.

George Kadianakis authored 7 years ago and Nick Mathewson committed 7 years ago

circuit_init_cpath_crypto() is responsible for creating the cpath of legacy
SHA1/AES128 circuits currently. We want to use it for prop224 circuits, so we
refactor it to create circuits with SHA3-256 and AES256 as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>

George Kadianakis authored 7 years ago and Nick Mathewson committed 7 years ago

We want to use the circuit_init_cpath_crypto() function to setup our
cpath, and that function accepts a key array as input. So let's make our
HS ntor key expansion function also return a key array as output,
instead of a struct.

Also, we actually don't need KH from the key expansion, so the key
expansion output can be one DIGEST256_LEN shorter. See here for more
info: https://trac.torproject.org/projects/tor/ticket/22052#comment:3

David Goulet authored 7 years ago and Nick Mathewson committed 7 years ago

Signed-off-by: David Goulet <dgoulet@torproject.org>

Fixes bug 21495.

This is an "ours" commit to avoid taking the fix for 22838,
which we already have here.