Move the real INTRODUCE2 replay-detection cache into rend_intro_point_t

changes/per-intro-point-replay-cache

@@ -0,0 +1,7 @@
+  o Minor features:
+
+    - Move the replay-detection cache for the RSA-encrypted parts of
+      INTRODUCE2 cells to the introduction point data structures.
+      Previously, we would use one replay-detection cache per hidden
+      service.  Required by fix for bug 3460.
+

src/or/or.h

@@ -3505,9 +3505,12 @@ typedef struct rend_intro_point_t {
    * included in the last HS descriptor we generated. */
   unsigned int listed_in_last_desc : 1;
 
-  /** (Service side only) The number of INTRODUCE2 cells this intro
-   * point's circuit has received. */
-  unsigned int introduction_count : 24;
+  /** (Service side only) A digestmap recording the INTRODUCE2 cells
+   * this intro point's circuit has received.  Each key is the digest
+   * of the RSA-encrypted part of a received INTRODUCE2 cell; each
+   * value is a pointer to the time_t at which the cell was
+   * received. */
+  digestmap_t *accepted_intros;
 
   /** (Service side only) The time at which this intro point was first
    * published, or -1 if this intro point has not yet been

src/or/rendcommon.c

@@ -440,6 +440,11 @@ rend_intro_point_free(rend_intro_point_t *intro)
 
   extend_info_free(intro->extend_info);
   crypto_free_pk_env(intro->intro_key);
+
+  if (intro->accepted_intros != NULL) {
+    digestmap_free(intro->accepted_intros, _tor_free);
+  }
+
   tor_free(intro);
 }
 

src/or/rendservice.c

@@ -1005,14 +1005,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   if (!service->accepted_intros)
     service->accepted_intros = digestmap_new();
 
+  if (!intro_point->accepted_intros)
+    intro_point->accepted_intros = digestmap_new();
+
   {
     char pkpart_digest[DIGEST_LEN];
-    /* Check for replay of PK-encrypted portion.  It is slightly naughty to
-       use the same digestmap to check for this and for g^x replays, but
-       collisions are tremendously unlikely.
-    */
+    /* Check for replay of PK-encrypted portion. */
     crypto_digest(pkpart_digest, (char*)request+DIGEST_LEN, keylen);
-    access_time = digestmap_get(service->accepted_intros, pkpart_digest);
+    access_time = digestmap_get(intro_point->accepted_intros, pkpart_digest);
     if (access_time != NULL) {
       log_warn(LD_REND, "Possible replay detected! We received an "
                "INTRODUCE2 cell with same PK-encrypted part %d seconds ago. "
@@ -1021,14 +1021,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
     }
     access_time = tor_malloc(sizeof(time_t));
     *access_time = now;
-    digestmap_set(service->accepted_intros, pkpart_digest, access_time);
-  }
-
-  /* Record that we've received another INTRODUCE2 cell through this
-   * intro point. */
-  ++(intro_point->introduction_count);
-  if (intro_point->introduction_count == 0) {
-    --(intro_point->introduction_count);
+    digestmap_set(intro_point->accepted_intros, pkpart_digest, access_time);
   }
 
   /* Next N bytes is encrypted with service key */
@@ -1935,7 +1928,8 @@ intro_point_should_expire_now(rend_intro_point_t *intro,
     return 1;
   }
 
-  if (intro->introduction_count >= INTRO_POINT_LIFETIME_INTRODUCTIONS) {
+  if (digestmap_size(intro->accepted_intros) >=
+      INTRO_POINT_LIFETIME_INTRODUCTIONS) {
     /* This intro point has been used too many times.  Expire it now. */
     return 1;
   }