fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

Change relay_send_command_from_edge_() to handle loose_or_circuit_t.

 * CHANGE relay_send_command_from_edge_() to check circuit magic
   before casting to an origin_circuit_t when a cell is outgoing.

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

Make functions for keeping state on whether we think we can create
loose circuits be STATIC.

Fix a couple docstrings/comments.

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

Use circuit_pick_create_handshake() to pick the same type of CREATE
cell as clients would pick in loose_circuit_make_create_cell().

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

Remove loose_circuit_list_cpath_impl().

 * RENAME circuit_should_use_create_fast_for_circuit() →
 * CHANGE circuit_should_use_create_fast_for_circuit_cpath() to
   operate on a crypt_path_t, rather than an origin_circuit_t.  This
   allows us to use this function with other types of circuits which
   have a `cpath` member (i.e. loose_or_circuit_t).

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

 * REVERT to making circuit_free() STATIC as it originally was.
 * CHANGE logic in circuit_free() to count reputation history for
   loose circuits, and use the same logic as or_circuits for
   determining if the circuit should actually be freed (based on
   whether the circuit currently has a cpuworker).

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

Rewrite code for making/sending create cells.

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

 * FIXES about a zillion whitespace issues.

 * FIXES a mistake where the first relay_early cell on a loose circuit was
   stored (and unconditionally sent outwards later) without checking the
   cell_direction.  Unclear if this would have had serious consequences, but
   it would be incorrect behaviour nonetheless.

 * CHANGES several functions in loose.c from static to STATIC, for
   unittesting.

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

OCD aesthetic rearrangement of loose.h.

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

loose_circuit_extend() can be STATIC.

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

Cleanup and simplify loose_circuit_send_next_onion_skin().

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

Remove unnecessary extra int used for a return code.  We only need one int
here.

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Bridge Guards (prop188).

These log messages aren't really information that a bridge operator needs to
hear about.

Speed optimisations.

Documentation fixes.

 * RENAME loose_circuit_create() → loose_circuit_send_create_cell().
 * ChANGE loose_circuit_send_create_cell() to be STATIC.

We don't really need to be passing the cell_direction to
loose_circuit_relay_cell_{incoming,outgoing}.

 * CHANGE loose_circuit_list_cpath() from STATIC to static, since it isn't
   called anywhere else.

We'll never hit this code.  It's not possible to receive a create cell twice
for the same (circ_id, chan).

 * CHANGE loose_or_circuit_t to store the OP's first relay_early cell,
   rather than the create cell.

 * REMOVE redundant debug log message in loose_circuit_create().

 * CHANGE loose_circuit_log_path() to be STATIC so that we can test it.

Bridges will now use Tor's loose-source routing feature to inject the
Bridge's chosen Guard node into client circuits, before the client's
chosen second hop.

 * ADDS a new type of circuit, `loose_or_circuit_t`.
   A `loose_or_circuit_t` is a subtype of `or_circuit_t` (the latter
   being a subtype of `circuit_t`).  However, it shares some properties
   of an `origin_circuit_t`, namely that it has both `crypt_path_t` and
   `cpath_build_state_t` members.  This new circuit type can be used by
   ORs to utilise tor's loose-source routing feature in order to inject
   additional hops into an OP's circuit.  The circuit implementation is
   generalised, but is only currently used by Bridges to inject their
   chosen Guard node into client circuits.

 * IMPLEMENTS Tor proposal #188:
   https://gitweb.torproject.org/torspec.git/tree/proposals/188-bridge-guards.txt

 * FIXES #7144 https://bugs.torproject.org/7144

Previously, we were using `CIRCUIT_PURPOSE_IS_ORIGIN` to define this, which
means that, if `circ->purpose > CIRCUIT_PURPOSE_OR_MAX_` (currently 4), then
the circuit is determined to be an `origin_circuit_t`.  This is increasingly
dangerous when we add new circuit types (e.g. `loose_or_circuit_t`), as memory
corruption problems could easily cause `circ->purpose` to be interpreted as
higher than 4, which would then likely trigger further memory issues due to
the circuit being downcast to the wrong type.

To avoid these problems, `CIRCUIT_IS_ORIGIN` is rewritten to check that:

    ((circuit_t *)(c))->magic == ORIGIN_CIRCUIT_MAGIC

just like `CIRCUIT_IS_ORCIRC` and `CIRCUIT_IS_LOOSE`.

 * CHANGE `CIRCUIT_IS_ORIGIN` to check `ORIGIN_CIRCUIT_MAGIC`.

This allows us to reuse the logic for other types of `circuit_t`s, not
just `origin_circuit_t`.

 * ADD new function, `cpath_get_hop()`, which contains most of the
   original logic from `circuit_get_cpath_hop()`.

 * CHANGE `circuit_get_cpath_hop()` to call `cpath_get_hop()`.

 * ADD a new function `cpath_get_len()`, which operates on a
   `crypt_path_t` to determine it's length.  This permits us to reuse
   this logic for other types of circuits, not just `origin_circuit_t`s.

 * CHANGE `circuit_get_cpath_len()` to call `cpath_get_len()` with
   `origin_circuit_t->cpath`.

This allows us to determine whether some `circuit_t` can support ntor,
solely based upon that `circuit_t`'s cpath.  This will permit us to
reuse this logic in the future for both `origin_circuit_t`s and
`loose_or_circuit_t`s.

 * ADD new function, `cpath_supports_ntor`, which determines whether the
   hops in a cpath support the ntor handshake. It includes logic which
   once lived in `circuit_cpath_supports_ntor`.

 * REFACTOR `circuit_cpath_supports_ntor` to use `cpath_supports_ntor`.

This refactors `circuit_list_path_impl()` to move the loop over the
`hops` in a `circ->cpath` to a separate function.  This is necessary
because retrieving router nicknames/fingerprints from a chosen cpath
requires the same process — regardless of what type of `circuit_t` the
`cpath` is an attribute of.  With these changes, other types of
`circuit_t`s — not solely `origin_circuit_t` — can reuse this giant code
block for logging their chosen paths.  In the future, this will be used
for logging `loose_or_circuit_t`s for prop#188.

 * ADDS a new function, `circuit_list_cpath_impl()`, which takes
   `crypt_path_t *cpath` and a `smartlist_t *elements`, iterates over
   the `cpath` to retrieve information regarding the hops within, and
   adds this information to the list of `elements`.

 * ADD a wrapper function `circuit_list_cpath()`, which wraps
   `circuit_list_cpath_impl()`.

 * REFACTORS `circuit_list_path_impl()` to call `circuit_list_cpath()`,
   giving it the former's pre-allocated `smartlist_t` in order to gather
   router info.  It then uses to build a string suitable for logging the
   circuit's path (just as it did before).

The base64 and base32 functions used to be in crypto.c;
crypto_format.h had no header; some general-purpose functions were in
crypto_curve25519.c.

This patch makes a {crypto,util}_format.[ch], and puts more functions
there.  Small modules are beautiful!

The control port was using set_max_file_descriptors() with a limit set to 0
to query the number of maximum socket Tor can use. With the recent changes
to that function, a check was introduced to make sure a user can not set a
value below the amount we reserved for non socket.

This commit adds get_max_sockets() that returns the value of max_sockets so
we can stop using that "setter" function to get the current value.

Finally, the dead code is removed that is the code that checked for limit
equal to 0. From now on, set_max_file_descriptors() should never be used
with a limit set to 0 for a valid use case.

Fixes #16697

Signed-off-by: David Goulet <dgoulet@ev0ke.net>