Line data Source code
1 : /* Copyright (c) 2017-2021, The Tor Project, Inc. */
2 : /* See LICENSE for licensing information */
3 :
4 : /**
5 : * \file hs_control.c
6 : * \brief Contains control port event related code.
7 : **/
8 :
9 : #include "core/or/or.h"
10 : #include "feature/control/control_events.h"
11 : #include "lib/crypt_ops/crypto_format.h"
12 : #include "lib/crypt_ops/crypto_util.h"
13 : #include "feature/hs/hs_client.h"
14 : #include "feature/hs/hs_common.h"
15 : #include "feature/hs/hs_control.h"
16 : #include "feature/hs/hs_descriptor.h"
17 : #include "feature/hs/hs_service.h"
18 : #include "feature/nodelist/nodelist.h"
19 :
20 : #include "feature/nodelist/node_st.h"
21 : #include "feature/nodelist/routerstatus_st.h"
22 :
23 : /** Send on the control port the "HS_DESC REQUESTEDÂ [...]" event.
24 : *
25 : * The onion_pk is the onion service public key, base64_blinded_pk is the
26 : * base64 encoded blinded key for the service and hsdir_rs is the routerstatus
27 : * object of the HSDir that this request is for. */
28 : void
29 1 : hs_control_desc_event_requested(const ed25519_public_key_t *onion_pk,
30 : const char *base64_blinded_pk,
31 : const routerstatus_t *hsdir_rs)
32 : {
33 1 : char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
34 1 : const uint8_t *hsdir_index;
35 1 : const node_t *hsdir_node;
36 :
37 1 : tor_assert(onion_pk);
38 1 : tor_assert(base64_blinded_pk);
39 1 : tor_assert(hsdir_rs);
40 :
41 1 : hs_build_address(onion_pk, HS_VERSION_THREE, onion_address);
42 :
43 : /* Get the node from the routerstatus object to get the HSDir index used for
44 : * this request. We can't have a routerstatus entry without a node and we
45 : * can't pick a node without an hsdir_index. */
46 1 : hsdir_node = node_get_by_id(hsdir_rs->identity_digest);
47 1 : tor_assert(hsdir_node);
48 : /* This is a fetch event. */
49 1 : hsdir_index = hsdir_node->hsdir_index.fetch;
50 :
51 : /* Trigger the event. */
52 1 : control_event_hs_descriptor_requested(onion_address, REND_NO_AUTH,
53 : hsdir_rs->identity_digest,
54 : base64_blinded_pk,
55 : hex_str((const char *) hsdir_index,
56 : DIGEST256_LEN));
57 1 : memwipe(onion_address, 0, sizeof(onion_address));
58 1 : }
59 :
60 : /** Send on the control port the "HS_DESC FAILED [...]" event.
61 : *
62 : * Using a directory connection identifier, the HSDir identity digest and a
63 : * reason for the failure. None can be NULL. */
64 : void
65 1 : hs_control_desc_event_failed(const hs_ident_dir_conn_t *ident,
66 : const char *hsdir_id_digest,
67 : const char *reason)
68 : {
69 1 : char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
70 1 : char base64_blinded_pk[ED25519_BASE64_LEN + 1];
71 :
72 1 : tor_assert(ident);
73 1 : tor_assert(hsdir_id_digest);
74 1 : tor_assert(reason);
75 :
76 : /* Build onion address and encoded blinded key. */
77 1 : ed25519_public_to_base64(base64_blinded_pk, &ident->blinded_pk);
78 1 : hs_build_address(&ident->identity_pk, HS_VERSION_THREE, onion_address);
79 :
80 1 : control_event_hsv3_descriptor_failed(onion_address, base64_blinded_pk,
81 : hsdir_id_digest, reason);
82 1 : }
83 :
84 : /** Send on the control port the "HS_DESC RECEIVED [...]" event.
85 : *
86 : * Using a directory connection identifier and the HSDir identity digest.
87 : * None can be NULL. */
88 : void
89 7 : hs_control_desc_event_received(const hs_ident_dir_conn_t *ident,
90 : const char *hsdir_id_digest)
91 : {
92 7 : char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
93 7 : char base64_blinded_pk[ED25519_BASE64_LEN + 1];
94 :
95 7 : tor_assert(ident);
96 7 : tor_assert(hsdir_id_digest);
97 :
98 : /* Build onion address and encoded blinded key. */
99 7 : ed25519_public_to_base64(base64_blinded_pk, &ident->blinded_pk);
100 7 : hs_build_address(&ident->identity_pk, HS_VERSION_THREE, onion_address);
101 :
102 7 : control_event_hsv3_descriptor_received(onion_address, base64_blinded_pk,
103 : hsdir_id_digest);
104 7 : }
105 :
106 : /** Send on the control port the "HS_DESC CREATED [...]" event.
107 : *
108 : * Using the onion address of the descriptor's service and the blinded public
109 : * key of the descriptor as a descriptor ID. None can be NULL. */
110 : void
111 45 : hs_control_desc_event_created(const char *onion_address,
112 : const ed25519_public_key_t *blinded_pk)
113 : {
114 45 : char base64_blinded_pk[ED25519_BASE64_LEN + 1];
115 :
116 45 : tor_assert(onion_address);
117 45 : tor_assert(blinded_pk);
118 :
119 : /* Build base64 encoded blinded key. */
120 45 : ed25519_public_to_base64(base64_blinded_pk, blinded_pk);
121 :
122 : /* Version 3 doesn't use the replica number in its descriptor ID computation
123 : * so we pass negative value so the control port subsystem can ignore it. */
124 45 : control_event_hs_descriptor_created(onion_address, base64_blinded_pk, -1);
125 45 : }
126 :
127 : /** Send on the control port the "HS_DESC UPLOAD [...]" event.
128 : *
129 : * Using the onion address of the descriptor's service, the HSDir identity
130 : * digest, the blinded public key of the descriptor as a descriptor ID and the
131 : * HSDir index for this particular request. None can be NULL. */
132 : void
133 67 : hs_control_desc_event_upload(const char *onion_address,
134 : const char *hsdir_id_digest,
135 : const ed25519_public_key_t *blinded_pk,
136 : const uint8_t *hsdir_index)
137 : {
138 67 : char base64_blinded_pk[ED25519_BASE64_LEN + 1];
139 :
140 67 : tor_assert(onion_address);
141 67 : tor_assert(hsdir_id_digest);
142 67 : tor_assert(blinded_pk);
143 67 : tor_assert(hsdir_index);
144 :
145 : /* Build base64 encoded blinded key. */
146 67 : ed25519_public_to_base64(base64_blinded_pk, blinded_pk);
147 :
148 67 : control_event_hs_descriptor_upload(onion_address, hsdir_id_digest,
149 : base64_blinded_pk,
150 : hex_str((const char *) hsdir_index,
151 : DIGEST256_LEN));
152 67 : }
153 :
154 : /** Send on the control port the "HS_DESC UPLOADED [...]" event.
155 : *
156 : * Using the directory connection identifier and the HSDir identity digest.
157 : * None can be NULL. */
158 : void
159 1 : hs_control_desc_event_uploaded(const hs_ident_dir_conn_t *ident,
160 : const char *hsdir_id_digest)
161 : {
162 1 : char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
163 :
164 1 : tor_assert(ident);
165 1 : tor_assert(hsdir_id_digest);
166 :
167 1 : hs_build_address(&ident->identity_pk, HS_VERSION_THREE, onion_address);
168 :
169 1 : control_event_hs_descriptor_uploaded(hsdir_id_digest, onion_address);
170 1 : }
171 :
172 : /** Send on the control port the "HS_DESC_CONTENT [...]" event.
173 : *
174 : * Using the directory connection identifier, the HSDir identity digest and
175 : * the body of the descriptor (as it was received from the directory). None
176 : * can be NULL. */
177 : void
178 6 : hs_control_desc_event_content(const hs_ident_dir_conn_t *ident,
179 : const char *hsdir_id_digest,
180 : const char *body)
181 : {
182 6 : char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
183 6 : char base64_blinded_pk[ED25519_BASE64_LEN + 1];
184 :
185 6 : tor_assert(ident);
186 6 : tor_assert(hsdir_id_digest);
187 :
188 : /* Build onion address and encoded blinded key. */
189 6 : ed25519_public_to_base64(base64_blinded_pk, &ident->blinded_pk);
190 6 : hs_build_address(&ident->identity_pk, HS_VERSION_THREE, onion_address);
191 :
192 6 : control_event_hs_descriptor_content(onion_address, base64_blinded_pk,
193 : hsdir_id_digest, body);
194 6 : }
195 :
196 : /** Handle the "HSPOST [...]" command. The body is an encoded descriptor for
197 : * the given onion_address. The descriptor will be uploaded to each directory
198 : * in hsdirs_rs. If NULL, the responsible directories for the current time
199 : * period will be selected.
200 : *
201 : * Return -1 on if the descriptor plaintext section is not decodable. Else, 0
202 : * on success. */
203 : int
204 0 : hs_control_hspost_command(const char *body, const char *onion_address,
205 : const smartlist_t *hsdirs_rs)
206 : {
207 0 : int ret = -1;
208 0 : ed25519_public_key_t identity_pk;
209 0 : hs_desc_plaintext_data_t plaintext;
210 0 : smartlist_t *hsdirs = NULL;
211 :
212 0 : tor_assert(body);
213 0 : tor_assert(onion_address);
214 :
215 : /* This can't fail because we require the caller to pass us a valid onion
216 : * address that has passed hs_address_is_valid(). */
217 0 : if (BUG(hs_parse_address(onion_address, &identity_pk, NULL, NULL) < 0)) {
218 : goto done; // LCOV_EXCL_LINE
219 : }
220 :
221 : /* Only decode the plaintext part which is what the directory will do to
222 : * validate before caching. */
223 0 : if (hs_desc_decode_plaintext(body, &plaintext) < 0) {
224 0 : goto done;
225 : }
226 :
227 : /* No HSDir(s) given, we'll compute what the current ones should be. */
228 0 : if (hsdirs_rs == NULL) {
229 0 : hsdirs = smartlist_new();
230 0 : hs_get_responsible_hsdirs(&plaintext.blinded_pubkey,
231 : hs_get_time_period_num(0),
232 : 0, /* Always the current descriptor which uses
233 : * the first hsdir index. */
234 : 0, /* It is for storing on a directory. */
235 : hsdirs);
236 0 : hsdirs_rs = hsdirs;
237 : }
238 :
239 0 : SMARTLIST_FOREACH_BEGIN(hsdirs_rs, const routerstatus_t *, rs) {
240 0 : hs_service_upload_desc_to_dir(body, plaintext.version, &identity_pk,
241 : &plaintext.blinded_pubkey, rs);
242 0 : } SMARTLIST_FOREACH_END(rs);
243 : ret = 0;
244 :
245 0 : done:
246 : /* We don't have ownership of the objects in this list. */
247 0 : smartlist_free(hsdirs);
248 0 : return ret;
249 : }
250 :
251 : /** With a given <b>onion_identity_pk</b>, fetch its descriptor, optionally
252 : * using the list of directory servers given in <b>hsdirs</b>, or a random
253 : * server if it is NULL. This function calls hs_client_launch_v3_desc_fetch().
254 : */
255 : void
256 0 : hs_control_hsfetch_command(const ed25519_public_key_t *onion_identity_pk,
257 : const smartlist_t *hsdirs)
258 : {
259 0 : tor_assert(onion_identity_pk);
260 :
261 0 : hs_client_launch_v3_desc_fetch(onion_identity_pk, hsdirs);
262 0 : }
|
