[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor] 07/77: hs: Client now solve PoW if present

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor] 07/77: hs: Client now solve PoW if present
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 10 May 2023 15:46:51 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 10 May 2023 11:47:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1683733630; bh=PKaqRxZDezED5Ija66lFUT934ts902kJKYdtwqSiTO8=; h=Date:To:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=JvNyILCfEUK9VVRqu7czv30DXv7f3cndcw4YBNTGFzkh+NqwY1VOD8Kunnv+Rp5a9 QrDXdFxvTPl3hKBguvFAw/gg1oMU1LtGOLCf+HKQiakvSdH/9LDnG6Xaw+FA4vSpum puKE953ZBrzS68ZlpW4IsxKx1w56t8SA5PsoDPMITM9/Ry6zKoN8Vr9WmgW9NFcf/T +9t0stmrEB41H6OcI1RYBNvZNZzRnsAYwXpKf0kzJ1rEFz66smr5Tdo/WDZVwcRjSd I0vI842XZ0q08qahGWHj7lhEedb5vtw4XemHCJIEk1MKYBC+/sRxqA+dTxaITS/Ud1 b+7d83QRFDK0A==
In-reply-to: <168373360469.13998.2199490141248939962@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <168373360469.13998.2199490141248939962@cupani.torproject.org>
Reply-to: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRW18IRXHA5SYObXiIb5OXYBQ==

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

commit 8b41e09a775e882096364210317813c830160a5b
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
AuthorDate: Tue Jun 28 11:42:35 2022 -0400

    hs: Client now solve PoW if present
    
    At this commit, the tor main loop solves it. We might consider moving
    this to the CPU pool at some point.
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 src/core/or/origin_circuit_st.h |  6 ++++++
 src/feature/hs/hs_circuit.c     |  6 +++++-
 src/feature/hs/hs_circuit.h     |  3 ++-
 src/feature/hs/hs_client.c      | 19 ++++++++++++++++++-
 src/test/test_hs_service.c      |  8 ++++----
 5 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/src/core/or/origin_circuit_st.h b/src/core/or/origin_circuit_st.h
index c5c255bb49..fd5424c450 100644
--- a/src/core/or/origin_circuit_st.h
+++ b/src/core/or/origin_circuit_st.h
@@ -212,6 +212,12 @@ struct origin_circuit_t {
    * (in host byte order) for response comparison. */
   uint32_t pathbias_probe_nonce;
 
+  /** Set iff this is a hidden-service circuit for a HS with PoW defenses
+   * enabled, so that we know to be more lenient with timing out the
+   * circuit-build to allow the service time to work through the queue of
+   * requests. */
+  unsigned int hs_with_pow_circ : 1;
+
   /** Set iff this circuit has been given a relaxed timeout because
    * no circuits have opened. Used to prevent spamming logs. */
   unsigned int relaxed_timeout : 1;
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index 006ba964fe..3f8f16955f 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -1095,7 +1095,8 @@ int
 hs_circ_send_introduce1(origin_circuit_t *intro_circ,
                         origin_circuit_t *rend_circ,
                         const hs_desc_intro_point_t *ip,
-                        const hs_subcredential_t *subcredential)
+                        const hs_subcredential_t *subcredential,
+                        const hs_pow_solution_t *pow_solution)
 {
   int ret = -1;
   ssize_t payload_len;
@@ -1129,6 +1130,9 @@ hs_circ_send_introduce1(origin_circuit_t *intro_circ,
     goto close;
   }
 
+  /* Set the PoW solution if any. */
+  intro1_data.pow_solution = pow_solution;
+
   /* If the rend circ was set up for congestion control, add that to the
    * intro data, to signal it in an extension */
   if (TO_CIRCUIT(rend_circ)->ccontrol) {
diff --git a/src/feature/hs/hs_circuit.h b/src/feature/hs/hs_circuit.h
index afbff7b894..3c84abaad2 100644
--- a/src/feature/hs/hs_circuit.h
+++ b/src/feature/hs/hs_circuit.h
@@ -55,7 +55,8 @@ int hs_circ_handle_introduce2(const hs_service_t *service,
 int hs_circ_send_introduce1(origin_circuit_t *intro_circ,
                             origin_circuit_t *rend_circ,
                             const hs_desc_intro_point_t *ip,
-                            const struct hs_subcredential_t *subcredential);
+                            const struct hs_subcredential_t *subcredential,
+                            const hs_pow_solution_t *pow_solution);
 int hs_circ_send_establish_rendezvous(origin_circuit_t *circ);
 
 /* e2e circuit API. */
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 7cee3480d5..e241e6218d 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -613,6 +613,7 @@ send_introduce1(origin_circuit_t *intro_circ,
   char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
   const ed25519_public_key_t *service_identity_pk = NULL;
   const hs_desc_intro_point_t *ip;
+  hs_pow_solution_t *pow_solution = NULL;
 
   tor_assert(rend_circ);
   if (intro_circ_is_ok(intro_circ) < 0) {
@@ -668,9 +669,24 @@ send_introduce1(origin_circuit_t *intro_circ,
     goto perm_err;
   }
 
+  /* If the descriptor contains PoW parameters then the service is
+   * expecting a PoW solution in the INTRODUCE cell, which we solve here. */
+  if (desc->encrypted_data.pow_params) {
+    log_debug(LD_REND, "PoW params present in descriptor.");
+    pow_solution = tor_malloc_zero(sizeof(hs_pow_solution_t));
+    if (hs_pow_solve(desc->encrypted_data.pow_params, pow_solution)) {
+      log_warn(LD_REND, "Haven't solved the PoW yet.");
+      goto tran_err;
+    }
+    /* Set flag to reflect that the HS we are attempting to rendezvous has PoW
+     * defenses enabled, and as such we will need to be more lenient with
+     * timing out while waiting for the circuit to be built. */
+    rend_circ->hs_with_pow_circ = 1;
+  }
+
   /* Send the INTRODUCE1 cell. */
   if (hs_circ_send_introduce1(intro_circ, rend_circ, ip,
-                              &desc->subcredential) < 0) {
+                              &desc->subcredential, pow_solution) < 0) {
     if (TO_CIRCUIT(intro_circ)->marked_for_close) {
       /* If the introduction circuit was closed, we were unable to send the
        * cell for some reasons. In any case, the intro circuit has to be
@@ -724,6 +740,7 @@ send_introduce1(origin_circuit_t *intro_circ,
 
  end:
   memwipe(onion_address, 0, sizeof(onion_address));
+  tor_free(pow_solution);
   return status;
 }
 
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index 03a4800f25..4a8a758b3f 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -2406,7 +2406,7 @@ test_intro2_handling(void *arg)
   /* Create INTRODUCE1 */
   tt_assert(fast_mem_is_zero(relay_payload, sizeof(relay_payload)));
   retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
-                                   alice_ip, &x_subcred);
+                                   alice_ip, &x_subcred, NULL);
 
   /* Check that the payload was written successfully */
   tt_int_op(retval, OP_EQ, 0);
@@ -2447,7 +2447,7 @@ test_intro2_handling(void *arg)
   /* Create INTRODUCE1 from Alice to X through Z */
   memset(relay_payload, 0, sizeof(relay_payload));
   retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
-                                   alice_ip, &z_subcred);
+                                   alice_ip, &z_subcred, NULL);
 
   /* Check that the payload was written successfully */
   tt_int_op(retval, OP_EQ, 0);
@@ -2484,7 +2484,7 @@ test_intro2_handling(void *arg)
   /* Create INTRODUCE1 from Alice to X using X's subcred. */
   memset(relay_payload, 0, sizeof(relay_payload));
   retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
-                                   alice_ip, &x_subcred);
+                                   alice_ip, &x_subcred, NULL);
 
   /* Check that the payload was written successfully */
   tt_int_op(retval, OP_EQ, 0);
@@ -2577,7 +2577,7 @@ test_intro2_handling(void *arg)
    * service!) */
   memset(relay_payload, 0, sizeof(relay_payload));
   retval = hs_circ_send_introduce1(intro_circ, &rend_circ,
-                                   alice_ip, &y_subcred);
+                                   alice_ip, &y_subcred, NULL);
   tt_int_op(retval, OP_EQ, 0);
 
   /* Check that the payload was written successfully */

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [tor] branch main updated (9ee71eaf5a -> e643a70879)
  - From: gitolite role via tor-commits

Prev by Author: [tor-commits] [tor] 06/07: Add missing changes file for tor#33669.
Next by Author: [tor-commits] [tor] 01/04: Update CI builds to Debian Bullseye, fix associated compatibility bugs
Previous by thread: [tor-commits] [tor] 09/77: hs: Move rendezvous circuit data structure
Next by thread: [tor-commits] [tor] 14/77: hs: Maximum rend request and trimming of the queue
Index(es):
- Author
- Thread