Self-scrubbing replay cache for rendservice.c. More...
Functions | |
| void | replaycache_free_ (replaycache_t *r) |
| replaycache_t * | replaycache_new (time_t horizon, time_t interval) |
| STATIC int | replaycache_add_and_test_internal (time_t present, replaycache_t *r, const void *data, size_t len, time_t *elapsed) |
| STATIC void | replaycache_scrub_if_needed_internal (time_t present, replaycache_t *r) |
| int | replaycache_add_and_test (replaycache_t *r, const void *data, size_t len) |
| int | replaycache_add_test_and_elapsed (replaycache_t *r, const void *data, size_t len, time_t *elapsed) |
| void | replaycache_scrub_if_needed (replaycache_t *r) |
Detailed Description
Self-scrubbing replay cache for rendservice.c.
To prevent replay attacks, hidden services need to recognize INTRODUCE2 cells that they've already seen, and drop them. If they didn't, then sending the same INTRODUCE2 cell over and over would force the hidden service to make a huge number of circuits to the same rendezvous point, aiding traffic analysis.
(It's not that simple, actually. We only check for replays in the RSA-encrypted portion of the handshake, since the rest of the handshake is malleable.)
This module is used from rendservice.c.
Function Documentation
◆ replaycache_add_and_test()
| int replaycache_add_and_test | ( | replaycache_t * | r, |
| const void * | data, | ||
| size_t | len | ||
| ) |
Test the buffer of length len point to by data against the replay cache r; the digest of the buffer will be added to the cache at the current time, and the function will return 1 if it was already seen within the cache's horizon, or 0 otherwise.
◆ replaycache_add_and_test_internal()
| STATIC int replaycache_add_and_test_internal | ( | time_t | present, |
| replaycache_t * | r, | ||
| const void * | data, | ||
| size_t | len, | ||
| time_t * | elapsed | ||
| ) |
◆ replaycache_add_test_and_elapsed()
| int replaycache_add_test_and_elapsed | ( | replaycache_t * | r, |
| const void * | data, | ||
| size_t | len, | ||
| time_t * | elapsed | ||
| ) |
Like replaycache_add_and_test(), but if it's a hit also return the time elapsed since this digest was last seen.
◆ replaycache_free_()
| void replaycache_free_ | ( | replaycache_t * | r | ) |
Free the replaycache r and all of its entries.
◆ replaycache_new()
| replaycache_t* replaycache_new | ( | time_t | horizon, |
| time_t | interval | ||
| ) |
Allocate a new, empty replay detection cache, where horizon is the time for entries to age out and interval is the time after which the cache should be scrubbed for old entries.
◆ replaycache_scrub_if_needed()
| void replaycache_scrub_if_needed | ( | replaycache_t * | r | ) |
Scrub aged entries out of r if sufficiently long has elapsed since r was last scrubbed.
◆ replaycache_scrub_if_needed_internal()
| STATIC void replaycache_scrub_if_needed_internal | ( | time_t | present, |
| replaycache_t * | r | ||
| ) |
