Line data Source code
1 : /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 : /* See LICENSE for licensing information */
3 :
4 : /**
5 : * \file hs_service.c
6 : * \brief Implement next generation hidden service functionality
7 : **/
8 :
9 : #define HS_SERVICE_PRIVATE
10 :
11 : #include "core/or/or.h"
12 : #include "app/config/config.h"
13 : #include "app/config/statefile.h"
14 : #include "core/mainloop/connection.h"
15 : #include "core/mainloop/mainloop.h"
16 : #include "core/or/circuitbuild.h"
17 : #include "core/or/circuitlist.h"
18 : #include "core/or/circuituse.h"
19 : #include "core/or/extendinfo.h"
20 : #include "core/or/relay.h"
21 : #include "feature/client/circpathbias.h"
22 : #include "feature/dirclient/dirclient.h"
23 : #include "feature/dircommon/directory.h"
24 : #include "feature/hs_common/shared_random_client.h"
25 : #include "feature/keymgt/loadkey.h"
26 : #include "feature/nodelist/describe.h"
27 : #include "feature/nodelist/microdesc.h"
28 : #include "feature/nodelist/networkstatus.h"
29 : #include "feature/nodelist/nickname.h"
30 : #include "feature/nodelist/node_select.h"
31 : #include "feature/nodelist/nodelist.h"
32 : #include "lib/crypt_ops/crypto_ope.h"
33 : #include "lib/crypt_ops/crypto_rand.h"
34 : #include "lib/crypt_ops/crypto_util.h"
35 :
36 : #include "feature/hs/hs_circuit.h"
37 : #include "feature/hs/hs_common.h"
38 : #include "feature/hs/hs_config.h"
39 : #include "feature/hs/hs_control.h"
40 : #include "feature/hs/hs_descriptor.h"
41 : #include "feature/hs/hs_ident.h"
42 : #include "feature/hs/hs_intropoint.h"
43 : #include "feature/hs/hs_metrics.h"
44 : #include "feature/hs/hs_service.h"
45 : #include "feature/hs/hs_stats.h"
46 : #include "feature/hs/hs_ob.h"
47 :
48 : #include "feature/dircommon/dir_connection_st.h"
49 : #include "core/or/edge_connection_st.h"
50 : #include "core/or/extend_info_st.h"
51 : #include "feature/nodelist/networkstatus_st.h"
52 : #include "feature/nodelist/node_st.h"
53 : #include "core/or/origin_circuit_st.h"
54 : #include "app/config/or_state_st.h"
55 : #include "feature/nodelist/routerstatus_st.h"
56 :
57 : #include "lib/encoding/confline.h"
58 : #include "lib/crypt_ops/crypto_format.h"
59 :
60 : /* Trunnel */
61 : #include "trunnel/ed25519_cert.h"
62 : #include "trunnel/hs/cell_common.h"
63 : #include "trunnel/hs/cell_establish_intro.h"
64 :
65 : #ifdef HAVE_SYS_STAT_H
66 : #include <sys/stat.h>
67 : #endif
68 : #ifdef HAVE_UNISTD_H
69 : #include <unistd.h>
70 : #endif
71 :
72 : #ifndef COCCI
73 : /** Helper macro. Iterate over every service in the global map. The var is the
74 : * name of the service pointer. */
75 : #define FOR_EACH_SERVICE_BEGIN(var) \
76 : STMT_BEGIN \
77 : hs_service_t **var##_iter, *var; \
78 : HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
79 : var = *var##_iter;
80 : #define FOR_EACH_SERVICE_END } STMT_END ;
81 :
82 : /** Helper macro. Iterate over both current and previous descriptor of a
83 : * service. The var is the name of the descriptor pointer. This macro skips
84 : * any descriptor object of the service that is NULL. */
85 : #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
86 : STMT_BEGIN \
87 : hs_service_descriptor_t *var; \
88 : for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
89 : ++var ## _loop_idx) { \
90 : (var ## _loop_idx == 0) ? (var = service->desc_current) : \
91 : (var = service->desc_next); \
92 : if (var == NULL) continue;
93 : #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
94 : #endif /* !defined(COCCI) */
95 :
96 : /* Onion service directory file names. */
97 : static const char fname_keyfile_prefix[] = "hs_ed25519";
98 : static const char dname_client_pubkeys[] = "authorized_clients";
99 : static const char fname_hostname[] = "hostname";
100 : static const char address_tld[] = "onion";
101 :
102 : /** Staging list of service object. When configuring service, we add them to
103 : * this list considered a staging area and they will get added to our global
104 : * map once the keys have been loaded. These two steps are separated because
105 : * loading keys requires that we are an actual running tor process. */
106 : static smartlist_t *hs_service_staging_list;
107 :
108 : /** True if the list of available router descriptors might have changed which
109 : * might result in an altered hash ring. Check if the hash ring changed and
110 : * reupload if needed */
111 : static int consider_republishing_hs_descriptors = 0;
112 :
113 : /* Static declaration. */
114 : static int load_client_keys(hs_service_t *service);
115 : static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc,
116 : time_t now, bool is_current);
117 : static int build_service_desc_superencrypted(const hs_service_t *service,
118 : hs_service_descriptor_t *desc);
119 : static void move_descriptors(hs_service_t *src, hs_service_t *dst);
120 : static int service_encode_descriptor(const hs_service_t *service,
121 : const hs_service_descriptor_t *desc,
122 : const ed25519_keypair_t *signing_kp,
123 : char **encoded_out);
124 :
125 : /** Helper: Function to compare two objects in the service map. Return 1 if the
126 : * two service have the same master public identity key. */
127 : static inline int
128 36 : hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
129 : {
130 36 : tor_assert(first);
131 36 : tor_assert(second);
132 : /* Simple key compare. */
133 36 : return ed25519_pubkey_eq(&first->keys.identity_pk,
134 : &second->keys.identity_pk);
135 : }
136 :
137 : /** Helper: Function for the service hash table code below. The key used is the
138 : * master public identity key which is ultimately the onion address. */
139 : static inline unsigned int
140 132 : hs_service_ht_hash(const hs_service_t *service)
141 : {
142 132 : tor_assert(service);
143 132 : return (unsigned int) siphash24g(service->keys.identity_pk.pubkey,
144 : sizeof(service->keys.identity_pk.pubkey));
145 : }
146 :
147 : /** This is _the_ global hash map of hidden services which indexed the service
148 : * contained in it by master public identity key which is roughly the onion
149 : * address of the service. */
150 : static struct hs_service_ht *hs_service_map;
151 :
152 : /* Register the service hash table. */
153 5291 : HT_PROTOTYPE(hs_service_ht, /* Name of hashtable. */
154 : hs_service_t, /* Object contained in the map. */
155 : hs_service_node, /* The name of the HT_ENTRY member. */
156 : hs_service_ht_hash, /* Hashing function. */
157 : hs_service_ht_eq); /* Compare function for objects. */
158 :
159 326 : HT_GENERATE2(hs_service_ht, hs_service_t, hs_service_node,
160 : hs_service_ht_hash, hs_service_ht_eq,
161 : 0.6, tor_reallocarray, tor_free_);
162 :
163 : /** Return true iff the given service has client authorization configured that
164 : * is the client list is non empty. */
165 : static inline bool
166 154 : is_client_auth_enabled(const hs_service_t *service)
167 : {
168 154 : return (service->config.clients != NULL &&
169 12 : smartlist_len(service->config.clients) > 0);
170 : }
171 :
172 : /** Query the given service map with a public key and return a service object
173 : * if found else NULL. It is also possible to set a directory path in the
174 : * search query. If pk is NULL, then it will be set to zero indicating the
175 : * hash table to compare the directory path instead. */
176 : STATIC hs_service_t *
177 69 : find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
178 : {
179 69 : hs_service_t dummy_service;
180 69 : tor_assert(map);
181 69 : tor_assert(pk);
182 69 : memset(&dummy_service, 0, sizeof(dummy_service));
183 69 : ed25519_pubkey_copy(&dummy_service.keys.identity_pk, pk);
184 69 : return HT_FIND(hs_service_ht, map, &dummy_service);
185 : }
186 :
187 : /** Register the given service in the given map. If the service already exists
188 : * in the map, -1 is returned. On success, 0 is returned and the service
189 : * ownership has been transferred to the global map. */
190 : STATIC int
191 43 : register_service(hs_service_ht *map, hs_service_t *service)
192 : {
193 43 : tor_assert(map);
194 43 : tor_assert(service);
195 43 : tor_assert(!ed25519_public_key_is_zero(&service->keys.identity_pk));
196 :
197 43 : if (find_service(map, &service->keys.identity_pk)) {
198 : /* Existing service with the same key. Do not register it. */
199 : return -1;
200 : }
201 : /* Taking ownership of the object at this point. */
202 42 : HT_INSERT(hs_service_ht, map, service);
203 :
204 : /* If we just modified the global map, we notify. */
205 42 : if (map == hs_service_map) {
206 38 : hs_service_map_has_changed();
207 : }
208 : /* Setup metrics. This is done here because in order to initialize metrics,
209 : * we require tor to have fully initialized a service so the ports of the
210 : * service can be looked at for instance. */
211 42 : hs_metrics_service_init(service);
212 :
213 42 : return 0;
214 : }
215 :
216 : /** Remove a given service from the given map. If service is NULL or the
217 : * service key is unset, return gracefully. */
218 : STATIC void
219 21 : remove_service(hs_service_ht *map, hs_service_t *service)
220 : {
221 21 : hs_service_t *elm;
222 :
223 21 : tor_assert(map);
224 :
225 : /* Ignore if no service or key is zero. */
226 21 : if (BUG(service == NULL) ||
227 21 : BUG(ed25519_public_key_is_zero(&service->keys.identity_pk))) {
228 0 : return;
229 : }
230 :
231 21 : elm = HT_REMOVE(hs_service_ht, map, service);
232 21 : if (elm) {
233 20 : tor_assert(elm == service);
234 : } else {
235 1 : log_warn(LD_BUG, "Could not find service in the global map "
236 : "while removing service %s",
237 : escaped(service->config.directory_path));
238 : }
239 :
240 : /* If we just modified the global map, we notify. */
241 21 : if (map == hs_service_map) {
242 21 : hs_service_map_has_changed();
243 : }
244 : }
245 :
246 : /** Set the default values for a service configuration object <b>c</b>. */
247 : static void
248 70 : set_service_default_config(hs_service_config_t *c,
249 : const or_options_t *options)
250 : {
251 70 : (void) options;
252 70 : tor_assert(c);
253 70 : c->ports = smartlist_new();
254 70 : c->directory_path = NULL;
255 70 : c->max_streams_per_rdv_circuit = 0;
256 70 : c->max_streams_close_circuit = 0;
257 70 : c->num_intro_points = NUM_INTRO_POINTS_DEFAULT;
258 70 : c->allow_unknown_ports = 0;
259 70 : c->is_single_onion = 0;
260 70 : c->dir_group_readable = 0;
261 70 : c->is_ephemeral = 0;
262 70 : c->has_dos_defense_enabled = HS_CONFIG_V3_DOS_DEFENSE_DEFAULT;
263 70 : c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
264 70 : c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
265 70 : }
266 :
267 : /** From a service configuration object config, clear everything from it
268 : * meaning free allocated pointers and reset the values. */
269 : STATIC void
270 83 : service_clear_config(hs_service_config_t *config)
271 : {
272 83 : if (config == NULL) {
273 : return;
274 : }
275 83 : tor_free(config->directory_path);
276 83 : if (config->ports) {
277 103 : SMARTLIST_FOREACH(config->ports, hs_port_config_t *, p,
278 : hs_port_config_free(p););
279 69 : smartlist_free(config->ports);
280 : }
281 83 : if (config->clients) {
282 89 : SMARTLIST_FOREACH(config->clients, hs_service_authorized_client_t *, p,
283 : service_authorized_client_free(p));
284 19 : smartlist_free(config->clients);
285 : }
286 83 : if (config->ob_master_pubkeys) {
287 3 : SMARTLIST_FOREACH(config->ob_master_pubkeys, ed25519_public_key_t *, k,
288 : tor_free(k));
289 1 : smartlist_free(config->ob_master_pubkeys);
290 : }
291 83 : memset(config, 0, sizeof(*config));
292 : }
293 :
294 : /** Helper function to return a human readable description of the given intro
295 : * point object.
296 : *
297 : * This function is not thread-safe. Each call to this invalidates the
298 : * previous values returned by it. */
299 : static const char *
300 4 : describe_intro_point(const hs_service_intro_point_t *ip)
301 : {
302 : /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
303 : * byte hence the plus two. */
304 4 : static char buf[HEX_DIGEST_LEN + 2];
305 4 : const char *legacy_id = NULL;
306 :
307 8 : SMARTLIST_FOREACH_BEGIN(ip->base.link_specifiers,
308 : const link_specifier_t *, lspec) {
309 8 : if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
310 4 : legacy_id = (const char *)
311 4 : link_specifier_getconstarray_un_legacy_id(lspec);
312 4 : break;
313 : }
314 4 : } SMARTLIST_FOREACH_END(lspec);
315 :
316 : /* For now, we only print the identity digest but we could improve this with
317 : * much more information such as the ed25519 identity has well. */
318 4 : buf[0] = '$';
319 4 : if (legacy_id) {
320 4 : base16_encode(buf + 1, HEX_DIGEST_LEN + 1, legacy_id, DIGEST_LEN);
321 : }
322 :
323 4 : return buf;
324 : }
325 :
326 : /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
327 : * rotate intro point (defined by a consensus parameter or the default
328 : * value). */
329 : static int32_t
330 24 : get_intro_point_min_introduce2(void)
331 : {
332 : /* The [0, 2147483647] range is quite large to accommodate anything we decide
333 : * in the future. */
334 24 : return networkstatus_get_param(NULL, "hs_intro_min_introduce2",
335 : INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS,
336 : 0, INT32_MAX);
337 : }
338 :
339 : /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
340 : * rotate intro point (defined by a consensus parameter or the default
341 : * value). */
342 : static int32_t
343 24 : get_intro_point_max_introduce2(void)
344 : {
345 : /* The [0, 2147483647] range is quite large to accommodate anything we decide
346 : * in the future. */
347 24 : return networkstatus_get_param(NULL, "hs_intro_max_introduce2",
348 : INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
349 : 0, INT32_MAX);
350 : }
351 :
352 : /** Return the minimum lifetime in seconds of an introduction point defined by
353 : * a consensus parameter or the default value. */
354 : static int32_t
355 24 : get_intro_point_min_lifetime(void)
356 : {
357 : #define MIN_INTRO_POINT_LIFETIME_TESTING 10
358 24 : if (get_options()->TestingTorNetwork) {
359 : return MIN_INTRO_POINT_LIFETIME_TESTING;
360 : }
361 :
362 : /* The [0, 2147483647] range is quite large to accommodate anything we decide
363 : * in the future. */
364 24 : return networkstatus_get_param(NULL, "hs_intro_min_lifetime",
365 : INTRO_POINT_LIFETIME_MIN_SECONDS,
366 : 0, INT32_MAX);
367 : }
368 :
369 : /** Return the maximum lifetime in seconds of an introduction point defined by
370 : * a consensus parameter or the default value. */
371 : static int32_t
372 24 : get_intro_point_max_lifetime(void)
373 : {
374 : #define MAX_INTRO_POINT_LIFETIME_TESTING 30
375 24 : if (get_options()->TestingTorNetwork) {
376 : return MAX_INTRO_POINT_LIFETIME_TESTING;
377 : }
378 :
379 : /* The [0, 2147483647] range is quite large to accommodate anything we decide
380 : * in the future. */
381 24 : return networkstatus_get_param(NULL, "hs_intro_max_lifetime",
382 : INTRO_POINT_LIFETIME_MAX_SECONDS,
383 : 0, INT32_MAX);
384 : }
385 :
386 : /** Return the number of extra introduction point defined by a consensus
387 : * parameter or the default value. */
388 : static int32_t
389 7 : get_intro_point_num_extra(void)
390 : {
391 : /* The [0, 128] range bounds the number of extra introduction point allowed.
392 : * Above 128 intro points, it's getting a bit crazy. */
393 7 : return networkstatus_get_param(NULL, "hs_intro_num_extra",
394 : NUM_INTRO_POINTS_EXTRA, 0, 128);
395 : }
396 :
397 : /** Helper: Function that needs to return 1 for the HT for each loop which
398 : * frees every service in an hash map. */
399 : static int
400 19 : ht_free_service_(struct hs_service_t *service, void *data)
401 : {
402 19 : (void) data;
403 19 : hs_service_free(service);
404 : /* This function MUST return 1 so the given object is then removed from the
405 : * service map leading to this free of the object being safe. */
406 19 : return 1;
407 : }
408 :
409 : /** Free every service that can be found in the global map. Once done, clear
410 : * and free the global map. */
411 : static void
412 293 : service_free_all(void)
413 : {
414 293 : if (hs_service_map) {
415 : /* The free helper function returns 1 so this is safe. */
416 290 : hs_service_ht_HT_FOREACH_FN(hs_service_map, ht_free_service_, NULL);
417 290 : HT_CLEAR(hs_service_ht, hs_service_map);
418 290 : tor_free(hs_service_map);
419 290 : hs_service_map = NULL;
420 : }
421 :
422 293 : if (hs_service_staging_list) {
423 : /* Cleanup staging list. */
424 284 : SMARTLIST_FOREACH(hs_service_staging_list, hs_service_t *, s,
425 : hs_service_free(s));
426 282 : smartlist_free(hs_service_staging_list);
427 282 : hs_service_staging_list = NULL;
428 : }
429 293 : }
430 :
431 : /** Free a given service intro point object. */
432 : STATIC void
433 28 : service_intro_point_free_(hs_service_intro_point_t *ip)
434 : {
435 28 : if (!ip) {
436 : return;
437 : }
438 24 : memwipe(&ip->auth_key_kp, 0, sizeof(ip->auth_key_kp));
439 24 : memwipe(&ip->enc_key_kp, 0, sizeof(ip->enc_key_kp));
440 24 : crypto_pk_free(ip->legacy_key);
441 24 : replaycache_free(ip->replay_cache);
442 24 : hs_intropoint_clear(&ip->base);
443 24 : tor_free(ip);
444 : }
445 :
446 : /** Helper: free an hs_service_intro_point_t object. This function is used by
447 : * digest256map_free() which requires a void * pointer. */
448 : static void
449 7 : service_intro_point_free_void(void *obj)
450 : {
451 7 : service_intro_point_free_(obj);
452 7 : }
453 :
454 : /** Return a newly allocated service intro point and fully initialized from the
455 : * given node_t node, if non NULL.
456 : *
457 : * If node is NULL, returns a hs_service_intro_point_t with an empty link
458 : * specifier list and no onion key. (This is used for testing.)
459 : * On any other error, NULL is returned.
460 : *
461 : * node must be an node_t with an IPv4 address. */
462 : STATIC hs_service_intro_point_t *
463 24 : service_intro_point_new(const node_t *node)
464 : {
465 24 : hs_service_intro_point_t *ip;
466 :
467 24 : ip = tor_malloc_zero(sizeof(*ip));
468 : /* We'll create the key material. No need for extra strong, those are short
469 : * term keys. */
470 24 : ed25519_keypair_generate(&ip->auth_key_kp, 0);
471 :
472 : { /* Set introduce2 max cells limit */
473 24 : int32_t min_introduce2_cells = get_intro_point_min_introduce2();
474 24 : int32_t max_introduce2_cells = get_intro_point_max_introduce2();
475 24 : if (BUG(max_introduce2_cells < min_introduce2_cells)) {
476 0 : goto err;
477 : }
478 24 : ip->introduce2_max = crypto_rand_int_range(min_introduce2_cells,
479 : max_introduce2_cells);
480 : }
481 : { /* Set intro point lifetime */
482 24 : int32_t intro_point_min_lifetime = get_intro_point_min_lifetime();
483 24 : int32_t intro_point_max_lifetime = get_intro_point_max_lifetime();
484 24 : if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
485 0 : goto err;
486 : }
487 24 : ip->time_to_expire = approx_time() +
488 24 : crypto_rand_int_range(intro_point_min_lifetime,intro_point_max_lifetime);
489 : }
490 :
491 24 : ip->replay_cache = replaycache_new(0, 0);
492 :
493 : /* Initialize the base object. We don't need the certificate object. */
494 24 : ip->base.link_specifiers = node_get_link_specifier_smartlist(node, 0);
495 :
496 24 : if (node == NULL) {
497 21 : goto done;
498 : }
499 :
500 : /* Generate the encryption key for this intro point. */
501 3 : curve25519_keypair_generate(&ip->enc_key_kp, 0);
502 : /* Figure out if this chosen node supports v3 or is legacy only.
503 : * NULL nodes are used in the unit tests. */
504 3 : if (!node_supports_ed25519_hs_intro(node)) {
505 3 : ip->base.is_only_legacy = 1;
506 : /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
507 3 : ip->legacy_key = crypto_pk_new();
508 3 : if (crypto_pk_generate_key(ip->legacy_key) < 0) {
509 0 : goto err;
510 : }
511 3 : if (crypto_pk_get_digest(ip->legacy_key,
512 3 : (char *) ip->legacy_key_digest) < 0) {
513 0 : goto err;
514 : }
515 : }
516 :
517 : /* Flag if this intro point supports the INTRO2 dos defenses. */
518 6 : ip->support_intro2_dos_defense =
519 3 : node_supports_establish_intro_dos_extension(node);
520 :
521 : /* Finally, copy onion key from the node. */
522 3 : memcpy(&ip->onion_key, node_get_curve25519_onion_key(node),
523 : sizeof(ip->onion_key));
524 :
525 : done:
526 : return ip;
527 0 : err:
528 0 : service_intro_point_free(ip);
529 0 : return NULL;
530 : }
531 :
532 : /** Add the given intro point object to the given intro point map. The intro
533 : * point MUST have its RSA encryption key set if this is a legacy type or the
534 : * authentication key set otherwise. */
535 : STATIC void
536 12 : service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
537 : {
538 12 : hs_service_intro_point_t *old_ip_entry;
539 :
540 12 : tor_assert(map);
541 12 : tor_assert(ip);
542 :
543 12 : old_ip_entry = digest256map_set(map, ip->auth_key_kp.pubkey.pubkey, ip);
544 : /* Make sure we didn't just try to double-add an intro point */
545 12 : tor_assert_nonfatal(!old_ip_entry);
546 12 : }
547 :
548 : /** For a given service, remove the intro point from that service's descriptors
549 : * (check both current and next descriptor) */
550 : STATIC void
551 1 : service_intro_point_remove(const hs_service_t *service,
552 : const hs_service_intro_point_t *ip)
553 : {
554 1 : tor_assert(service);
555 1 : tor_assert(ip);
556 :
557 : /* Trying all descriptors. */
558 3 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
559 : /* We'll try to remove the descriptor on both descriptors which is not
560 : * very expensive to do instead of doing lookup + remove. */
561 1 : digest256map_remove(desc->intro_points.map,
562 1 : ip->auth_key_kp.pubkey.pubkey);
563 1 : } FOR_EACH_DESCRIPTOR_END;
564 1 : }
565 :
566 : /** For a given service and authentication key, return the intro point or NULL
567 : * if not found. This will check both descriptors in the service. */
568 : STATIC hs_service_intro_point_t *
569 12 : service_intro_point_find(const hs_service_t *service,
570 : const ed25519_public_key_t *auth_key)
571 : {
572 12 : hs_service_intro_point_t *ip = NULL;
573 :
574 12 : tor_assert(service);
575 12 : tor_assert(auth_key);
576 :
577 : /* Trying all descriptors to find the right intro point.
578 : *
579 : * Even if we use the same node as intro point in both descriptors, the node
580 : * will have a different intro auth key for each descriptor since we generate
581 : * a new one every time we pick an intro point.
582 : *
583 : * After #22893 gets implemented, intro points will be moved to be
584 : * per-service instead of per-descriptor so this function will need to
585 : * change.
586 : */
587 22 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
588 12 : if ((ip = digest256map_get(desc->intro_points.map,
589 12 : auth_key->pubkey)) != NULL) {
590 : break;
591 : }
592 12 : } FOR_EACH_DESCRIPTOR_END;
593 :
594 12 : return ip;
595 : }
596 :
597 : /** For a given service and intro point, return the descriptor for which the
598 : * intro point is assigned to. NULL is returned if not found. */
599 : STATIC hs_service_descriptor_t *
600 5 : service_desc_find_by_intro(const hs_service_t *service,
601 : const hs_service_intro_point_t *ip)
602 : {
603 5 : hs_service_descriptor_t *descp = NULL;
604 :
605 5 : tor_assert(service);
606 5 : tor_assert(ip);
607 :
608 5 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
609 5 : if (digest256map_get(desc->intro_points.map,
610 5 : ip->auth_key_kp.pubkey.pubkey)) {
611 : descp = desc;
612 : break;
613 : }
614 5 : } FOR_EACH_DESCRIPTOR_END;
615 :
616 5 : return descp;
617 : }
618 :
619 : /** From a circuit identifier, get all the possible objects associated with the
620 : * ident. If not NULL, service, ip or desc are set if the object can be found.
621 : * They are untouched if they can't be found.
622 : *
623 : * This is an helper function because we do those lookups often so it's more
624 : * convenient to simply call this functions to get all the things at once. */
625 : STATIC void
626 14 : get_objects_from_ident(const hs_ident_circuit_t *ident,
627 : hs_service_t **service, hs_service_intro_point_t **ip,
628 : hs_service_descriptor_t **desc)
629 : {
630 14 : hs_service_t *s;
631 :
632 14 : tor_assert(ident);
633 :
634 : /* Get service object from the circuit identifier. */
635 14 : s = find_service(hs_service_map, &ident->identity_pk);
636 14 : if (s && service) {
637 8 : *service = s;
638 : }
639 :
640 : /* From the service object, get the intro point object of that circuit. The
641 : * following will query both descriptors intro points list. */
642 14 : if (s && ip) {
643 8 : *ip = service_intro_point_find(s, &ident->intro_auth_pk);
644 : }
645 :
646 : /* Get the descriptor for this introduction point and service. */
647 14 : if (s && ip && *ip && desc) {
648 4 : *desc = service_desc_find_by_intro(s, *ip);
649 : }
650 14 : }
651 :
652 : /** From a given intro point, return the first link specifier of type
653 : * encountered in the link specifier list. Return NULL if it can't be found.
654 : *
655 : * The caller does NOT have ownership of the object, the intro point does. */
656 : static link_specifier_t *
657 10 : get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
658 : {
659 10 : link_specifier_t *lnk_spec = NULL;
660 :
661 10 : tor_assert(ip);
662 :
663 20 : SMARTLIST_FOREACH_BEGIN(ip->base.link_specifiers,
664 : link_specifier_t *, ls) {
665 20 : if (link_specifier_get_ls_type(ls) == type) {
666 10 : lnk_spec = ls;
667 10 : goto end;
668 : }
669 10 : } SMARTLIST_FOREACH_END(ls);
670 :
671 0 : end:
672 10 : return lnk_spec;
673 : }
674 :
675 : /** Given a service intro point, return the node_t associated to it. This can
676 : * return NULL if the given intro point has no legacy ID or if the node can't
677 : * be found in the consensus. */
678 : STATIC const node_t *
679 8 : get_node_from_intro_point(const hs_service_intro_point_t *ip)
680 : {
681 8 : const link_specifier_t *ls;
682 :
683 8 : tor_assert(ip);
684 :
685 8 : ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
686 8 : if (BUG(!ls)) {
687 0 : return NULL;
688 : }
689 : /* XXX In the future, we want to only use the ed25519 ID (#22173). */
690 8 : return node_get_by_id(
691 8 : (const char *) link_specifier_getconstarray_un_legacy_id(ls));
692 : }
693 :
694 : /** Given a service intro point, return the extend_info_t for it. This can
695 : * return NULL if the node can't be found for the intro point or the extend
696 : * info can't be created for the found node. If direct_conn is set, the extend
697 : * info is validated on if we can connect directly. */
698 : static extend_info_t *
699 0 : get_extend_info_from_intro_point(const hs_service_intro_point_t *ip,
700 : unsigned int direct_conn)
701 : {
702 0 : extend_info_t *info = NULL;
703 0 : const node_t *node;
704 :
705 0 : tor_assert(ip);
706 :
707 0 : node = get_node_from_intro_point(ip);
708 0 : if (node == NULL) {
709 : /* This can happen if the relay serving as intro point has been removed
710 : * from the consensus. In that case, the intro point will be removed from
711 : * the descriptor during the scheduled events. */
712 0 : goto end;
713 : }
714 :
715 : /* In the case of a direct connection (single onion service), it is possible
716 : * our firewall policy won't allow it so this can return a NULL value. */
717 0 : info = extend_info_from_node(node, direct_conn);
718 :
719 0 : end:
720 0 : return info;
721 : }
722 :
723 : /** Return the number of introduction points that are established for the
724 : * given descriptor. */
725 7 : MOCK_IMPL(STATIC unsigned int,
726 : count_desc_circuit_established, (const hs_service_descriptor_t *desc))
727 : {
728 7 : unsigned int count = 0;
729 :
730 7 : tor_assert(desc);
731 :
732 7 : DIGEST256MAP_FOREACH(desc->intro_points.map, key,
733 : const hs_service_intro_point_t *, ip) {
734 0 : count += !!hs_circ_service_get_established_intro_circ(ip);
735 7 : } DIGEST256MAP_FOREACH_END;
736 :
737 7 : return count;
738 : }
739 :
740 : /** For a given service and descriptor of that service, close all active
741 : * directory connections. */
742 : static void
743 9 : close_directory_connections(const hs_service_t *service,
744 : const hs_service_descriptor_t *desc)
745 : {
746 9 : unsigned int count = 0;
747 9 : smartlist_t *dir_conns;
748 :
749 9 : tor_assert(service);
750 9 : tor_assert(desc);
751 :
752 : /* Close pending HS desc upload connections for the blinded key of 'desc'. */
753 9 : dir_conns = connection_list_by_type_purpose(CONN_TYPE_DIR,
754 : DIR_PURPOSE_UPLOAD_HSDESC);
755 9 : SMARTLIST_FOREACH_BEGIN(dir_conns, connection_t *, conn) {
756 0 : dir_connection_t *dir_conn = TO_DIR_CONN(conn);
757 0 : if (ed25519_pubkey_eq(&dir_conn->hs_ident->identity_pk,
758 0 : &service->keys.identity_pk) &&
759 0 : ed25519_pubkey_eq(&dir_conn->hs_ident->blinded_pk,
760 : &desc->blinded_kp.pubkey)) {
761 0 : connection_mark_for_close(conn);
762 0 : count++;
763 0 : continue;
764 : }
765 0 : } SMARTLIST_FOREACH_END(conn);
766 :
767 9 : log_info(LD_REND, "Closed %u active service directory connections for "
768 : "descriptor %s of service %s",
769 : count, safe_str_client(ed25519_fmt(&desc->blinded_kp.pubkey)),
770 : safe_str_client(service->onion_address));
771 : /* We don't have ownership of the objects in this list. */
772 9 : smartlist_free(dir_conns);
773 9 : }
774 :
775 : /** Close all rendezvous circuits for the given service. */
776 : static void
777 0 : close_service_rp_circuits(hs_service_t *service)
778 : {
779 0 : origin_circuit_t *ocirc = NULL;
780 :
781 0 : tor_assert(service);
782 :
783 : /* The reason we go over all circuit instead of using the circuitmap API is
784 : * because most hidden service circuits are rendezvous circuits so there is
785 : * no real improvement at getting all rendezvous circuits from the
786 : * circuitmap and then going over them all to find the right ones.
787 : * Furthermore, another option would have been to keep a list of RP cookies
788 : * for a service but it creates an engineering complexity since we don't
789 : * have a "RP circuit closed" event to clean it up properly so we avoid a
790 : * memory DoS possibility. */
791 :
792 0 : while ((ocirc = circuit_get_next_service_rp_circ(ocirc))) {
793 : /* Only close circuits that are v3 and for this service. */
794 0 : if (ocirc->hs_ident != NULL &&
795 0 : ed25519_pubkey_eq(ô->hs_ident->identity_pk,
796 0 : &service->keys.identity_pk)) {
797 : /* Reason is FINISHED because service has been removed and thus the
798 : * circuit is considered old/unneeded. When freed, it is removed from the
799 : * hs circuitmap. */
800 0 : circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
801 : }
802 : }
803 0 : }
804 :
805 : /** Close the circuit(s) for the given map of introduction points. */
806 : static void
807 1 : close_intro_circuits(hs_service_intropoints_t *intro_points)
808 : {
809 1 : tor_assert(intro_points);
810 :
811 1 : DIGEST256MAP_FOREACH(intro_points->map, key,
812 : const hs_service_intro_point_t *, ip) {
813 0 : origin_circuit_t *ocirc = hs_circ_service_get_intro_circ(ip);
814 0 : if (ocirc) {
815 : /* Reason is FINISHED because service has been removed and thus the
816 : * circuit is considered old/unneeded. When freed, the circuit is removed
817 : * from the HS circuitmap. */
818 0 : circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
819 : }
820 1 : } DIGEST256MAP_FOREACH_END;
821 1 : }
822 :
823 : /** Close all introduction circuits for the given service. */
824 : static void
825 0 : close_service_intro_circuits(hs_service_t *service)
826 : {
827 0 : tor_assert(service);
828 :
829 0 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
830 0 : close_intro_circuits(&desc->intro_points);
831 0 : } FOR_EACH_DESCRIPTOR_END;
832 0 : }
833 :
834 : /** Close any circuits related to the given service. */
835 : static void
836 0 : close_service_circuits(hs_service_t *service)
837 : {
838 0 : tor_assert(service);
839 :
840 : /* Only support for version >= 3. */
841 0 : if (BUG(service->config.version < HS_VERSION_THREE)) {
842 0 : return;
843 : }
844 : /* Close intro points. */
845 0 : close_service_intro_circuits(service);
846 : /* Close rendezvous points. */
847 0 : close_service_rp_circuits(service);
848 : }
849 :
850 : /** Move every ephemeral services from the src service map to the dst service
851 : * map. It is possible that a service can't be register to the dst map which
852 : * won't stop the process of moving them all but will trigger a log warn. */
853 : static void
854 8 : move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
855 : {
856 8 : hs_service_t **iter, **next;
857 :
858 8 : tor_assert(src);
859 8 : tor_assert(dst);
860 :
861 : /* Iterate over the map to find ephemeral service and move them to the other
862 : * map. We loop using this method to have a safe removal process. */
863 8 : for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
864 0 : hs_service_t *s = *iter;
865 0 : if (!s->config.is_ephemeral) {
866 : /* Yeah, we are in a very manual loop :). */
867 0 : next = HT_NEXT(hs_service_ht, src, iter);
868 0 : continue;
869 : }
870 : /* Remove service from map and then register to it to the other map.
871 : * Reminder that "*iter" and "s" are the same thing. */
872 0 : next = HT_NEXT_RMV(hs_service_ht, src, iter);
873 0 : if (register_service(dst, s) < 0) {
874 0 : log_warn(LD_BUG, "Ephemeral service key is already being used. "
875 : "Skipping.");
876 : }
877 : }
878 8 : }
879 :
880 : /** Return a const string of the directory path escaped. If this is an
881 : * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
882 : * the main thread because escaped() uses a static variable. */
883 : static const char *
884 4 : service_escaped_dir(const hs_service_t *s)
885 : {
886 4 : return (s->config.is_ephemeral) ? "[EPHEMERAL]" :
887 4 : escaped(s->config.directory_path);
888 : }
889 :
890 : /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
891 : * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
892 : static void
893 0 : move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
894 : {
895 0 : tor_assert(src_service);
896 0 : tor_assert(dst_service);
897 :
898 0 : hs_service_state_t *src = &src_service->state;
899 0 : hs_service_state_t *dst = &dst_service->state;
900 :
901 : /* Let's do a shallow copy */
902 0 : dst->intro_circ_retry_started_time = src->intro_circ_retry_started_time;
903 0 : dst->num_intro_circ_launched = src->num_intro_circ_launched;
904 : /* Freeing a NULL replaycache triggers an info LD_BUG. */
905 0 : if (dst->replay_cache_rend_cookie != NULL) {
906 0 : replaycache_free(dst->replay_cache_rend_cookie);
907 : }
908 :
909 0 : dst->replay_cache_rend_cookie = src->replay_cache_rend_cookie;
910 0 : src->replay_cache_rend_cookie = NULL; /* steal pointer reference */
911 :
912 0 : dst->next_rotation_time = src->next_rotation_time;
913 :
914 0 : if (src->ob_subcreds) {
915 0 : dst->ob_subcreds = src->ob_subcreds;
916 0 : dst->n_ob_subcreds = src->n_ob_subcreds;
917 :
918 0 : src->ob_subcreds = NULL; /* steal pointer reference */
919 : }
920 0 : }
921 :
922 : /** Register services that are in the staging list. Once this function returns,
923 : * the global service map will be set with the right content and all non
924 : * surviving services will be cleaned up. */
925 : static void
926 8 : register_all_services(void)
927 : {
928 8 : struct hs_service_ht *new_service_map;
929 :
930 8 : tor_assert(hs_service_staging_list);
931 :
932 : /* Allocate a new map that will replace the current one. */
933 8 : new_service_map = tor_malloc_zero(sizeof(*new_service_map));
934 8 : HT_INIT(hs_service_ht, new_service_map);
935 :
936 : /* First step is to transfer all ephemeral services from the current global
937 : * map to the new one we are constructing. We do not prune ephemeral
938 : * services as the only way to kill them is by deleting it from the control
939 : * port or stopping the tor daemon. */
940 8 : move_ephemeral_services(hs_service_map, new_service_map);
941 :
942 12 : SMARTLIST_FOREACH_BEGIN(hs_service_staging_list, hs_service_t *, snew) {
943 4 : hs_service_t *s;
944 :
945 : /* Check if that service is already in our global map and if so, we'll
946 : * transfer the intro points to it. */
947 4 : s = find_service(hs_service_map, &snew->keys.identity_pk);
948 4 : if (s) {
949 : /* Pass ownership of the descriptors from s (the current service) to
950 : * snew (the newly configured one). */
951 0 : move_descriptors(s, snew);
952 0 : move_hs_state(s, snew);
953 : /* Remove the service from the global map because after this, we need to
954 : * go over the remaining service in that map that aren't surviving the
955 : * reload to close their circuits. */
956 0 : remove_service(hs_service_map, s);
957 0 : hs_service_free(s);
958 : }
959 : /* Great, this service is now ready to be added to our new map. */
960 4 : if (BUG(register_service(new_service_map, snew) < 0)) {
961 : /* This should never happen because prior to registration, we validate
962 : * every service against the entire set. Not being able to register a
963 : * service means we failed to validate correctly. In that case, don't
964 : * break tor and ignore the service but tell user. */
965 0 : log_warn(LD_BUG, "Unable to register service with directory %s",
966 : service_escaped_dir(snew));
967 0 : SMARTLIST_DEL_CURRENT(hs_service_staging_list, snew);
968 0 : hs_service_free(snew);
969 : }
970 4 : } SMARTLIST_FOREACH_END(snew);
971 :
972 : /* Close any circuits associated with the non surviving services. Every
973 : * service in the current global map are roaming. */
974 8 : FOR_EACH_SERVICE_BEGIN(service) {
975 0 : close_service_circuits(service);
976 8 : } FOR_EACH_SERVICE_END;
977 :
978 : /* Time to make the switch. We'll clear the staging list because its content
979 : * has now changed ownership to the map. */
980 8 : smartlist_clear(hs_service_staging_list);
981 8 : service_free_all();
982 8 : hs_service_map = new_service_map;
983 : /* We've just register services into the new map and now we've replaced the
984 : * global map with it so we have to notify that the change happened. When
985 : * registering a service, the notify is only triggered if the destination
986 : * map is the global map for which in here it was not. */
987 8 : hs_service_map_has_changed();
988 8 : }
989 :
990 : /** Write the onion address of a given service to the given filename fname_ in
991 : * the service directory. Return 0 on success else -1 on error. */
992 : STATIC int
993 5 : write_address_to_file(const hs_service_t *service, const char *fname_)
994 : {
995 5 : int ret = -1;
996 5 : char *fname = NULL;
997 5 : char *addr_buf = NULL;
998 :
999 5 : tor_assert(service);
1000 5 : tor_assert(fname_);
1001 :
1002 : /* Construct the full address with the onion tld and write the hostname file
1003 : * to disk. */
1004 5 : tor_asprintf(&addr_buf, "%s.%s\n", service->onion_address, address_tld);
1005 : /* Notice here that we use the given "fname_". */
1006 5 : fname = hs_path_from_filename(service->config.directory_path, fname_);
1007 5 : if (write_str_to_file_if_not_equal(fname, addr_buf)) {
1008 0 : log_warn(LD_REND, "Could not write onion address to hostname file %s",
1009 : escaped(fname));
1010 0 : goto end;
1011 : }
1012 :
1013 : #ifndef _WIN32
1014 5 : if (service->config.dir_group_readable) {
1015 : /* Mode to 0640. */
1016 0 : if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1017 0 : log_warn(LD_FS, "Unable to make onion service hostname file %s "
1018 : "group-readable.", escaped(fname));
1019 : }
1020 : }
1021 : #endif /* !defined(_WIN32) */
1022 :
1023 : /* Success. */
1024 : ret = 0;
1025 5 : end:
1026 5 : tor_free(fname);
1027 5 : tor_free(addr_buf);
1028 5 : return ret;
1029 : }
1030 :
1031 : /** Load and/or generate private keys for the given service. On success, the
1032 : * hostname file will be written to disk along with the master private key iff
1033 : * the service is not configured for offline keys. Return 0 on success else -1
1034 : * on failure. */
1035 : static int
1036 4 : load_service_keys(hs_service_t *service)
1037 : {
1038 4 : int ret = -1;
1039 4 : char *fname = NULL;
1040 4 : ed25519_keypair_t *kp;
1041 4 : const hs_service_config_t *config;
1042 :
1043 4 : tor_assert(service);
1044 :
1045 4 : config = &service->config;
1046 :
1047 : /* Create and fix permission on service directory. We are about to write
1048 : * files to that directory so make sure it exists and has the right
1049 : * permissions. We do this here because at this stage we know that Tor is
1050 : * actually running and the service we have has been validated. */
1051 4 : if (hs_check_service_private_dir(get_options()->User,
1052 4 : config->directory_path,
1053 4 : config->dir_group_readable, 1) < 0) {
1054 0 : goto end;
1055 : }
1056 :
1057 : /* Try to load the keys from file or generate it if not found. */
1058 4 : fname = hs_path_from_filename(config->directory_path, fname_keyfile_prefix);
1059 : /* Don't ask for key creation, we want to know if we were able to load it or
1060 : * we had to generate it. Better logging! */
1061 4 : kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT, LOG_INFO, NULL, 0, 0,
1062 : 0, NULL, NULL);
1063 4 : if (!kp) {
1064 2 : log_info(LD_REND, "Unable to load keys from %s. Generating it...", fname);
1065 : /* We'll now try to generate the keys and for it we want the strongest
1066 : * randomness for it. The keypair will be written in different files. */
1067 2 : uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1068 : INIT_ED_KEY_SPLIT;
1069 2 : kp = ed_key_init_from_file(fname, key_flags, LOG_WARN, NULL, 0, 0, 0,
1070 : NULL, NULL);
1071 2 : if (!kp) {
1072 0 : log_warn(LD_REND, "Unable to generate keys and save in %s.", fname);
1073 0 : goto end;
1074 : }
1075 : }
1076 :
1077 : /* Copy loaded or generated keys to service object. */
1078 4 : ed25519_pubkey_copy(&service->keys.identity_pk, &kp->pubkey);
1079 4 : memcpy(&service->keys.identity_sk, &kp->seckey,
1080 : sizeof(service->keys.identity_sk));
1081 : /* This does a proper memory wipe. */
1082 4 : ed25519_keypair_free(kp);
1083 :
1084 : /* Build onion address from the newly loaded keys. */
1085 4 : tor_assert(service->config.version <= UINT8_MAX);
1086 4 : hs_build_address(&service->keys.identity_pk,
1087 : (uint8_t) service->config.version,
1088 4 : service->onion_address);
1089 :
1090 : /* Write onion address to hostname file. */
1091 4 : if (write_address_to_file(service, fname_hostname) < 0) {
1092 0 : goto end;
1093 : }
1094 :
1095 : /* Load all client authorization keys in the service. */
1096 4 : if (load_client_keys(service) < 0) {
1097 0 : goto end;
1098 : }
1099 :
1100 : /* Success. */
1101 : ret = 0;
1102 4 : end:
1103 4 : tor_free(fname);
1104 4 : return ret;
1105 : }
1106 :
1107 : /** Check if the client file name is valid or not. Return 1 if valid,
1108 : * otherwise return 0. */
1109 : STATIC int
1110 7 : client_filename_is_valid(const char *filename)
1111 : {
1112 7 : int ret = 1;
1113 7 : const char *valid_extension = ".auth";
1114 :
1115 7 : tor_assert(filename);
1116 :
1117 : /* The file extension must match and the total filename length can't be the
1118 : * length of the extension else we do not have a filename. */
1119 7 : if (!strcmpend(filename, valid_extension) &&
1120 5 : strlen(filename) != strlen(valid_extension)) {
1121 : ret = 1;
1122 : } else {
1123 3 : ret = 0;
1124 : }
1125 :
1126 7 : return ret;
1127 : }
1128 :
1129 : /** Parse an base32-encoded authorized client from a string.
1130 : *
1131 : * Return the key on success, return NULL, otherwise. */
1132 : hs_service_authorized_client_t *
1133 9 : parse_authorized_client_key(const char *key_str, int severity)
1134 : {
1135 9 : hs_service_authorized_client_t *client = NULL;
1136 :
1137 : /* We expect a specific length of the base64 encoded key so make sure we
1138 : * have that so we don't successfully decode a value with a different length
1139 : * and end up in trouble when copying the decoded key into a fixed length
1140 : * buffer. */
1141 9 : if (strlen(key_str) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) {
1142 4 : log_fn(severity, LD_REND, "Client authorization encoded base32 public key "
1143 : "length is invalid: %s", key_str);
1144 4 : goto err;
1145 : }
1146 :
1147 5 : client = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1148 5 : if (base32_decode((char *) client->client_pk.public_key,
1149 : sizeof(client->client_pk.public_key),
1150 : key_str, strlen(key_str)) !=
1151 : sizeof(client->client_pk.public_key)) {
1152 0 : log_fn(severity, LD_REND, "Client authorization public key cannot be "
1153 : "decoded: %s", key_str);
1154 0 : goto err;
1155 : }
1156 :
1157 : return client;
1158 :
1159 0 : err:
1160 4 : if (client != NULL) {
1161 0 : service_authorized_client_free(client);
1162 : }
1163 : return NULL;
1164 : }
1165 :
1166 : /** Parse an authorized client from a string. The format of a client string
1167 : * looks like (see rend-spec-v3.txt):
1168 : *
1169 : * <auth-type>:<key-type>:<base32-encoded-public-key>
1170 : *
1171 : * The <auth-type> can only be "descriptor".
1172 : * The <key-type> can only be "x25519".
1173 : *
1174 : * Return the key on success, return NULL, otherwise. */
1175 : STATIC hs_service_authorized_client_t *
1176 11 : parse_authorized_client(const char *client_key_str)
1177 : {
1178 11 : char *auth_type = NULL;
1179 11 : char *key_type = NULL;
1180 11 : char *pubkey_b32 = NULL;
1181 11 : hs_service_authorized_client_t *client = NULL;
1182 11 : smartlist_t *fields = smartlist_new();
1183 :
1184 11 : tor_assert(client_key_str);
1185 :
1186 11 : smartlist_split_string(fields, client_key_str, ":",
1187 : SPLIT_SKIP_SPACE, 0);
1188 : /* Wrong number of fields. */
1189 11 : if (smartlist_len(fields) != 3) {
1190 4 : log_warn(LD_REND, "Unknown format of client authorization file.");
1191 4 : goto err;
1192 : }
1193 :
1194 7 : auth_type = smartlist_get(fields, 0);
1195 7 : key_type = smartlist_get(fields, 1);
1196 7 : pubkey_b32 = smartlist_get(fields, 2);
1197 :
1198 : /* Currently, the only supported auth type is "descriptor". */
1199 7 : if (strcmp(auth_type, "descriptor")) {
1200 1 : log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
1201 : auth_type);
1202 1 : goto err;
1203 : }
1204 :
1205 : /* Currently, the only supported key type is "x25519". */
1206 6 : if (strcmp(key_type, "x25519")) {
1207 1 : log_warn(LD_REND, "Client authorization key type '%s' not supported.",
1208 : key_type);
1209 1 : goto err;
1210 : }
1211 :
1212 5 : if ((client = parse_authorized_client_key(pubkey_b32, LOG_WARN)) == NULL) {
1213 2 : goto err;
1214 : }
1215 :
1216 : /* Success. */
1217 3 : goto done;
1218 :
1219 8 : err:
1220 8 : service_authorized_client_free(client);
1221 11 : done:
1222 : /* It is also a good idea to wipe the public key. */
1223 11 : if (pubkey_b32) {
1224 7 : memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1225 : }
1226 11 : tor_assert(fields);
1227 42 : SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
1228 11 : smartlist_free(fields);
1229 11 : return client;
1230 : }
1231 :
1232 : /** Load all the client public keys for the given service. Return 0 on
1233 : * success else -1 on failure. */
1234 : static int
1235 4 : load_client_keys(hs_service_t *service)
1236 : {
1237 4 : int ret = -1;
1238 4 : char *client_key_str = NULL;
1239 4 : char *client_key_file_path = NULL;
1240 4 : char *client_keys_dir_path = NULL;
1241 4 : hs_service_config_t *config;
1242 4 : smartlist_t *file_list = NULL;
1243 :
1244 4 : tor_assert(service);
1245 :
1246 4 : config = &service->config;
1247 :
1248 : /* Before calling this function, we already call load_service_keys to make
1249 : * sure that the directory exists with the right permission. So, if we
1250 : * cannot create a client pubkey key directory, we consider it as a bug. */
1251 4 : client_keys_dir_path = hs_path_from_filename(config->directory_path,
1252 : dname_client_pubkeys);
1253 4 : if (BUG(hs_check_service_private_dir(get_options()->User,
1254 : client_keys_dir_path,
1255 : config->dir_group_readable, 1) < 0)) {
1256 0 : goto end;
1257 : }
1258 :
1259 : /* If the list of clients already exists, we must clear it first. */
1260 4 : if (config->clients) {
1261 0 : SMARTLIST_FOREACH(config->clients, hs_service_authorized_client_t *, p,
1262 : service_authorized_client_free(p));
1263 0 : smartlist_free(config->clients);
1264 : }
1265 :
1266 4 : config->clients = smartlist_new();
1267 :
1268 4 : file_list = tor_listdir(client_keys_dir_path);
1269 4 : if (file_list == NULL) {
1270 0 : log_warn(LD_REND, "Client authorization directory %s can't be listed.",
1271 : client_keys_dir_path);
1272 0 : goto end;
1273 : }
1274 :
1275 7 : SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1276 3 : hs_service_authorized_client_t *client = NULL;
1277 3 : log_info(LD_REND, "Loading a client authorization key file %s...",
1278 : filename);
1279 :
1280 3 : if (!client_filename_is_valid(filename)) {
1281 1 : log_warn(LD_REND, "Client authorization unrecognized filename %s. "
1282 : "File must end in .auth. Ignoring.", filename);
1283 1 : continue;
1284 : }
1285 :
1286 : /* Create a full path for a file. */
1287 2 : client_key_file_path = hs_path_from_filename(client_keys_dir_path,
1288 : filename);
1289 2 : client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1290 :
1291 : /* If we cannot read the file, continue with the next file. */
1292 2 : if (!client_key_str) {
1293 0 : log_warn(LD_REND, "Client authorization file %s can't be read. "
1294 : "Corrupted or verify permission? Ignoring.",
1295 : client_key_file_path);
1296 0 : tor_free(client_key_file_path);
1297 0 : continue;
1298 : }
1299 2 : tor_free(client_key_file_path);
1300 :
1301 2 : client = parse_authorized_client(client_key_str);
1302 : /* Wipe and free immediately after using it. */
1303 2 : memwipe(client_key_str, 0, strlen(client_key_str));
1304 2 : tor_free(client_key_str);
1305 :
1306 2 : if (client) {
1307 2 : smartlist_add(config->clients, client);
1308 2 : log_info(LD_REND, "Loaded a client authorization key file %s.",
1309 : filename);
1310 : }
1311 :
1312 3 : } SMARTLIST_FOREACH_END(filename);
1313 :
1314 : /* Success. */
1315 : ret = 0;
1316 4 : end:
1317 4 : if (client_key_str) {
1318 0 : memwipe(client_key_str, 0, strlen(client_key_str));
1319 : }
1320 4 : if (file_list) {
1321 7 : SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1322 4 : smartlist_free(file_list);
1323 : }
1324 4 : tor_free(client_key_str);
1325 4 : tor_free(client_key_file_path);
1326 4 : tor_free(client_keys_dir_path);
1327 4 : return ret;
1328 : }
1329 :
1330 : /** Release all storage held in <b>client</b>. */
1331 : void
1332 91 : service_authorized_client_free_(hs_service_authorized_client_t *client)
1333 : {
1334 91 : if (!client) {
1335 : return;
1336 : }
1337 83 : memwipe(&client->client_pk, 0, sizeof(client->client_pk));
1338 83 : tor_free(client);
1339 : }
1340 :
1341 : /** Free a given service descriptor object and all key material is wiped. */
1342 : STATIC void
1343 65 : service_descriptor_free_(hs_service_descriptor_t *desc)
1344 : {
1345 65 : if (!desc) {
1346 : return;
1347 : }
1348 65 : hs_descriptor_free(desc->desc);
1349 65 : memwipe(&desc->signing_kp, 0, sizeof(desc->signing_kp));
1350 65 : memwipe(&desc->blinded_kp, 0, sizeof(desc->blinded_kp));
1351 : /* Cleanup all intro points. */
1352 65 : digest256map_free(desc->intro_points.map, service_intro_point_free_void);
1353 65 : digestmap_free(desc->intro_points.failed_id, tor_free_);
1354 65 : if (desc->previous_hsdirs) {
1355 119 : SMARTLIST_FOREACH(desc->previous_hsdirs, char *, s, tor_free(s));
1356 65 : smartlist_free(desc->previous_hsdirs);
1357 : }
1358 65 : crypto_ope_free(desc->ope_cipher);
1359 65 : tor_free(desc);
1360 : }
1361 :
1362 : /** Return a newly allocated service descriptor object. */
1363 : STATIC hs_service_descriptor_t *
1364 65 : service_descriptor_new(void)
1365 : {
1366 65 : hs_service_descriptor_t *sdesc = tor_malloc_zero(sizeof(*sdesc));
1367 65 : sdesc->desc = tor_malloc_zero(sizeof(hs_descriptor_t));
1368 : /* Initialize the intro points map. */
1369 65 : sdesc->intro_points.map = digest256map_new();
1370 65 : sdesc->intro_points.failed_id = digestmap_new();
1371 65 : sdesc->previous_hsdirs = smartlist_new();
1372 65 : return sdesc;
1373 : }
1374 :
1375 : /** Allocate and return a deep copy of client. */
1376 : static hs_service_authorized_client_t *
1377 12 : service_authorized_client_dup(const hs_service_authorized_client_t *client)
1378 : {
1379 12 : hs_service_authorized_client_t *client_dup = NULL;
1380 :
1381 12 : tor_assert(client);
1382 :
1383 12 : client_dup = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1384 : /* Currently, the public key is the only component of
1385 : * hs_service_authorized_client_t. */
1386 12 : memcpy(client_dup->client_pk.public_key,
1387 12 : client->client_pk.public_key,
1388 : CURVE25519_PUBKEY_LEN);
1389 :
1390 12 : return client_dup;
1391 : }
1392 :
1393 : /** If two authorized clients are equal, return 0. If the first one should come
1394 : * before the second, return less than zero. If the first should come after
1395 : * the second, return greater than zero. */
1396 : static int
1397 10 : service_authorized_client_cmp(const hs_service_authorized_client_t *client1,
1398 : const hs_service_authorized_client_t *client2)
1399 : {
1400 10 : tor_assert(client1);
1401 10 : tor_assert(client2);
1402 :
1403 : /* Currently, the public key is the only component of
1404 : * hs_service_authorized_client_t. */
1405 20 : return tor_memcmp(client1->client_pk.public_key,
1406 10 : client2->client_pk.public_key,
1407 : CURVE25519_PUBKEY_LEN);
1408 : }
1409 :
1410 : /** Helper for sorting authorized clients. */
1411 : static int
1412 6 : compare_service_authorzized_client_(const void **_a, const void **_b)
1413 : {
1414 6 : const hs_service_authorized_client_t *a = *_a, *b = *_b;
1415 6 : return service_authorized_client_cmp(a, b);
1416 : }
1417 :
1418 : /** If the list of hs_service_authorized_client_t's is different between
1419 : * src and dst, return 1. Otherwise, return 0. */
1420 : STATIC int
1421 5 : service_authorized_client_config_equal(const hs_service_config_t *config1,
1422 : const hs_service_config_t *config2)
1423 : {
1424 5 : int ret = 0;
1425 5 : int i;
1426 5 : smartlist_t *sl1 = smartlist_new();
1427 5 : smartlist_t *sl2 = smartlist_new();
1428 :
1429 5 : tor_assert(config1);
1430 5 : tor_assert(config2);
1431 5 : tor_assert(config1->clients);
1432 5 : tor_assert(config2->clients);
1433 :
1434 : /* If the number of clients is different, it is obvious that the list
1435 : * changes. */
1436 5 : if (smartlist_len(config1->clients) != smartlist_len(config2->clients)) {
1437 1 : goto done;
1438 : }
1439 :
1440 : /* We do not want to mutate config1 and config2, so we will duplicate both
1441 : * entire client lists here. */
1442 10 : SMARTLIST_FOREACH(config1->clients,
1443 : hs_service_authorized_client_t *, client,
1444 : smartlist_add(sl1, service_authorized_client_dup(client)));
1445 :
1446 10 : SMARTLIST_FOREACH(config2->clients,
1447 : hs_service_authorized_client_t *, client,
1448 : smartlist_add(sl2, service_authorized_client_dup(client)));
1449 :
1450 4 : smartlist_sort(sl1, compare_service_authorzized_client_);
1451 4 : smartlist_sort(sl2, compare_service_authorzized_client_);
1452 :
1453 10 : for (i = 0; i < smartlist_len(sl1); i++) {
1454 : /* If the clients at index i in both lists differ, the whole configs
1455 : * differ. */
1456 4 : if (service_authorized_client_cmp(smartlist_get(sl1, i),
1457 4 : smartlist_get(sl2, i))) {
1458 2 : goto done;
1459 : }
1460 : }
1461 :
1462 : /* Success. */
1463 : ret = 1;
1464 :
1465 5 : done:
1466 5 : if (sl1) {
1467 11 : SMARTLIST_FOREACH(sl1, hs_service_authorized_client_t *, p,
1468 : service_authorized_client_free(p));
1469 5 : smartlist_free(sl1);
1470 : }
1471 5 : if (sl2) {
1472 11 : SMARTLIST_FOREACH(sl2, hs_service_authorized_client_t *, p,
1473 : service_authorized_client_free(p));
1474 5 : smartlist_free(sl2);
1475 : }
1476 5 : return ret;
1477 : }
1478 :
1479 : /** Move descriptor(s) from the src service to the dst service and modify their
1480 : * content if necessary. We do this during SIGHUP when we re-create our
1481 : * hidden services. */
1482 : static void
1483 0 : move_descriptors(hs_service_t *src, hs_service_t *dst)
1484 : {
1485 0 : tor_assert(src);
1486 0 : tor_assert(dst);
1487 :
1488 0 : if (src->desc_current) {
1489 : /* Nothing should be there, but clean it up just in case */
1490 0 : if (BUG(dst->desc_current)) {
1491 0 : service_descriptor_free(dst->desc_current);
1492 : }
1493 0 : dst->desc_current = src->desc_current;
1494 0 : src->desc_current = NULL;
1495 : }
1496 :
1497 0 : if (src->desc_next) {
1498 : /* Nothing should be there, but clean it up just in case */
1499 0 : if (BUG(dst->desc_next)) {
1500 0 : service_descriptor_free(dst->desc_next);
1501 : }
1502 0 : dst->desc_next = src->desc_next;
1503 0 : src->desc_next = NULL;
1504 : }
1505 :
1506 : /* If the client authorization changes, we must rebuild the superencrypted
1507 : * section and republish the descriptors. */
1508 0 : int client_auth_changed =
1509 0 : !service_authorized_client_config_equal(&src->config, &dst->config);
1510 0 : if (client_auth_changed && dst->desc_current) {
1511 : /* We have to clear the superencrypted content first. */
1512 0 : hs_desc_superencrypted_data_free_contents(
1513 0 : &dst->desc_current->desc->superencrypted_data);
1514 0 : if (build_service_desc_superencrypted(dst, dst->desc_current) < 0) {
1515 0 : goto err;
1516 : }
1517 0 : service_desc_schedule_upload(dst->desc_current, time(NULL), 1);
1518 : }
1519 0 : if (client_auth_changed && dst->desc_next) {
1520 : /* We have to clear the superencrypted content first. */
1521 0 : hs_desc_superencrypted_data_free_contents(
1522 0 : &dst->desc_next->desc->superencrypted_data);
1523 0 : if (build_service_desc_superencrypted(dst, dst->desc_next) < 0) {
1524 0 : goto err;
1525 : }
1526 0 : service_desc_schedule_upload(dst->desc_next, time(NULL), 1);
1527 : }
1528 :
1529 : return;
1530 :
1531 0 : err:
1532 : /* If there is an error, free all descriptors to make it clean and generate
1533 : * them later. */
1534 0 : service_descriptor_free(dst->desc_current);
1535 0 : service_descriptor_free(dst->desc_next);
1536 : }
1537 :
1538 : /** From the given service, remove all expired failing intro points for each
1539 : * descriptor. */
1540 : static void
1541 6 : remove_expired_failing_intro(hs_service_t *service, time_t now)
1542 : {
1543 6 : tor_assert(service);
1544 :
1545 : /* For both descriptors, cleanup the failing intro points list. */
1546 18 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
1547 16 : DIGESTMAP_FOREACH_MODIFY(desc->intro_points.failed_id, key, time_t *, t) {
1548 5 : time_t failure_time = *t;
1549 5 : if ((failure_time + INTRO_CIRC_RETRY_PERIOD) <= now) {
1550 0 : MAP_DEL_CURRENT(key);
1551 0 : tor_free(t);
1552 : }
1553 12 : } DIGESTMAP_FOREACH_END;
1554 6 : } FOR_EACH_DESCRIPTOR_END;
1555 6 : }
1556 :
1557 : /** For the given descriptor desc, put all node_t object found from its failing
1558 : * intro point list and put them in the given node_list. */
1559 : static void
1560 4 : setup_intro_point_exclude_list(const hs_service_descriptor_t *desc,
1561 : smartlist_t *node_list)
1562 : {
1563 4 : tor_assert(desc);
1564 4 : tor_assert(node_list);
1565 :
1566 4 : DIGESTMAP_FOREACH(desc->intro_points.failed_id, key, time_t *, t) {
1567 0 : (void) t; /* Make gcc happy. */
1568 0 : const node_t *node = node_get_by_id(key);
1569 0 : if (node) {
1570 0 : smartlist_add(node_list, (void *) node);
1571 : }
1572 4 : } DIGESTMAP_FOREACH_END;
1573 4 : }
1574 :
1575 : /** For the given failing intro point ip, we add its time of failure to the
1576 : * failed map and index it by identity digest (legacy ID) in the descriptor
1577 : * desc failed id map. */
1578 : static void
1579 2 : remember_failing_intro_point(const hs_service_intro_point_t *ip,
1580 : hs_service_descriptor_t *desc, time_t now)
1581 : {
1582 2 : time_t *time_of_failure, *prev_ptr;
1583 2 : const link_specifier_t *legacy_ls;
1584 :
1585 2 : tor_assert(ip);
1586 2 : tor_assert(desc);
1587 :
1588 2 : time_of_failure = tor_malloc_zero(sizeof(time_t));
1589 2 : *time_of_failure = now;
1590 2 : legacy_ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
1591 2 : tor_assert(legacy_ls);
1592 2 : prev_ptr = digestmap_set(
1593 : desc->intro_points.failed_id,
1594 2 : (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1595 : time_of_failure);
1596 2 : tor_free(prev_ptr);
1597 2 : }
1598 :
1599 : /** Using a given descriptor signing keypair signing_kp, a service intro point
1600 : * object ip and the time now, setup the content of an already allocated
1601 : * descriptor intro desc_ip.
1602 : *
1603 : * Return 0 on success else a negative value. */
1604 : static int
1605 0 : setup_desc_intro_point(const ed25519_keypair_t *signing_kp,
1606 : const hs_service_intro_point_t *ip,
1607 : time_t now, hs_desc_intro_point_t *desc_ip)
1608 : {
1609 0 : int ret = -1;
1610 0 : time_t nearest_hour = now - (now % 3600);
1611 :
1612 0 : tor_assert(signing_kp);
1613 0 : tor_assert(ip);
1614 0 : tor_assert(desc_ip);
1615 :
1616 : /* Copy the onion key. */
1617 0 : memcpy(&desc_ip->onion_key, &ip->onion_key, sizeof(desc_ip->onion_key));
1618 :
1619 : /* Key and certificate material. */
1620 0 : desc_ip->auth_key_cert = tor_cert_create_ed25519(signing_kp,
1621 : CERT_TYPE_AUTH_HS_IP_KEY,
1622 : &ip->auth_key_kp.pubkey,
1623 : nearest_hour,
1624 : HS_DESC_CERT_LIFETIME,
1625 : CERT_FLAG_INCLUDE_SIGNING_KEY);
1626 0 : if (desc_ip->auth_key_cert == NULL) {
1627 0 : log_warn(LD_REND, "Unable to create intro point auth-key certificate");
1628 0 : goto done;
1629 : }
1630 :
1631 : /* Copy link specifier(s). */
1632 0 : SMARTLIST_FOREACH_BEGIN(ip->base.link_specifiers,
1633 : const link_specifier_t *, ls) {
1634 0 : if (BUG(!ls)) {
1635 0 : goto done;
1636 : }
1637 0 : link_specifier_t *copy = link_specifier_dup(ls);
1638 0 : if (BUG(!copy)) {
1639 0 : goto done;
1640 : }
1641 0 : smartlist_add(desc_ip->link_specifiers, copy);
1642 0 : } SMARTLIST_FOREACH_END(ls);
1643 :
1644 : /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1645 0 : if (ip->base.is_only_legacy) {
1646 0 : desc_ip->legacy.key = crypto_pk_dup_key(ip->legacy_key);
1647 : /* Create cross certification cert. */
1648 0 : ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
1649 : &signing_kp->pubkey,
1650 : desc_ip->legacy.key,
1651 : nearest_hour + HS_DESC_CERT_LIFETIME,
1652 : &desc_ip->legacy.cert.encoded);
1653 0 : if (cert_len < 0) {
1654 0 : log_warn(LD_REND, "Unable to create enc key legacy cross cert.");
1655 0 : goto done;
1656 : }
1657 0 : desc_ip->legacy.cert.len = cert_len;
1658 : }
1659 :
1660 : /* Encryption key and its cross certificate. */
1661 : {
1662 0 : ed25519_public_key_t ed25519_pubkey;
1663 :
1664 : /* Use the public curve25519 key. */
1665 0 : memcpy(&desc_ip->enc_key, &ip->enc_key_kp.pubkey,
1666 : sizeof(desc_ip->enc_key));
1667 : /* The following can't fail. */
1668 0 : ed25519_public_key_from_curve25519_public_key(&ed25519_pubkey,
1669 : &ip->enc_key_kp.pubkey,
1670 : 0);
1671 0 : desc_ip->enc_key_cert = tor_cert_create_ed25519(signing_kp,
1672 : CERT_TYPE_CROSS_HS_IP_KEYS,
1673 : &ed25519_pubkey, nearest_hour,
1674 : HS_DESC_CERT_LIFETIME,
1675 : CERT_FLAG_INCLUDE_SIGNING_KEY);
1676 0 : if (desc_ip->enc_key_cert == NULL) {
1677 0 : log_warn(LD_REND, "Unable to create enc key curve25519 cross cert.");
1678 0 : goto done;
1679 : }
1680 : }
1681 : /* Success. */
1682 0 : ret = 0;
1683 :
1684 0 : done:
1685 0 : return ret;
1686 : }
1687 :
1688 : /** Using the given descriptor from the given service, build the descriptor
1689 : * intro point list so we can then encode the descriptor for publication. This
1690 : * function does not pick intro points, they have to be in the descriptor
1691 : * current map. Cryptographic material (keys) must be initialized in the
1692 : * descriptor for this function to make sense. */
1693 : static void
1694 0 : build_desc_intro_points(const hs_service_t *service,
1695 : hs_service_descriptor_t *desc, time_t now)
1696 : {
1697 0 : hs_desc_encrypted_data_t *encrypted;
1698 :
1699 0 : tor_assert(service);
1700 0 : tor_assert(desc);
1701 :
1702 : /* Ease our life. */
1703 0 : encrypted = &desc->desc->encrypted_data;
1704 : /* Cleanup intro points, we are about to set them from scratch. */
1705 0 : hs_descriptor_clear_intro_points(desc->desc);
1706 :
1707 0 : DIGEST256MAP_FOREACH(desc->intro_points.map, key,
1708 : const hs_service_intro_point_t *, ip) {
1709 0 : if (!hs_circ_service_get_established_intro_circ(ip)) {
1710 : /* Ignore un-established intro points. They can linger in that list
1711 : * because their circuit has not opened and they haven't been removed
1712 : * yet even though we have enough intro circuits.
1713 : *
1714 : * Due to #31561, it can stay in that list until rotation so this check
1715 : * prevents to publish an intro point without a circuit. */
1716 0 : continue;
1717 : }
1718 0 : hs_desc_intro_point_t *desc_ip = hs_desc_intro_point_new();
1719 0 : if (setup_desc_intro_point(&desc->signing_kp, ip, now, desc_ip) < 0) {
1720 0 : hs_desc_intro_point_free(desc_ip);
1721 0 : continue;
1722 : }
1723 : /* We have a valid descriptor intro point. Add it to the list. */
1724 0 : smartlist_add(encrypted->intro_points, desc_ip);
1725 0 : } DIGEST256MAP_FOREACH_END;
1726 0 : }
1727 :
1728 : /** Build the descriptor signing key certificate. */
1729 : static void
1730 44 : build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
1731 : {
1732 44 : hs_desc_plaintext_data_t *plaintext;
1733 :
1734 44 : tor_assert(desc);
1735 44 : tor_assert(desc->desc);
1736 :
1737 : /* Ease our life a bit. */
1738 44 : plaintext = &desc->desc->plaintext_data;
1739 :
1740 : /* Get rid of what we have right now. */
1741 44 : tor_cert_free(plaintext->signing_key_cert);
1742 :
1743 : /* Fresh certificate for the signing key. */
1744 88 : plaintext->signing_key_cert =
1745 44 : tor_cert_create_ed25519(&desc->blinded_kp, CERT_TYPE_SIGNING_HS_DESC,
1746 44 : &desc->signing_kp.pubkey, now, HS_DESC_CERT_LIFETIME,
1747 : CERT_FLAG_INCLUDE_SIGNING_KEY);
1748 : /* If the cert creation fails, the descriptor encoding will fail and thus
1749 : * ultimately won't be uploaded. We'll get a stack trace to help us learn
1750 : * where the call came from and the tor_cert_create_ed25519() will log the
1751 : * error. */
1752 44 : tor_assert_nonfatal(plaintext->signing_key_cert);
1753 44 : }
1754 :
1755 : /** Populate the descriptor encrypted section from the given service object.
1756 : * This will generate a valid list of introduction points that can be used
1757 : * after for circuit creation. Return 0 on success else -1 on error. */
1758 : static int
1759 44 : build_service_desc_encrypted(const hs_service_t *service,
1760 : hs_service_descriptor_t *desc)
1761 : {
1762 44 : hs_desc_encrypted_data_t *encrypted;
1763 :
1764 44 : tor_assert(service);
1765 44 : tor_assert(desc);
1766 :
1767 44 : encrypted = &desc->desc->encrypted_data;
1768 :
1769 44 : encrypted->create2_ntor = 1;
1770 44 : encrypted->single_onion_service = service->config.is_single_onion;
1771 :
1772 : /* Setup introduction points from what we have in the service. */
1773 44 : if (encrypted->intro_points == NULL) {
1774 44 : encrypted->intro_points = smartlist_new();
1775 : }
1776 : /* We do NOT build introduction point yet, we only do that once the circuit
1777 : * have been opened. Until we have the right number of introduction points,
1778 : * we do not encode anything in the descriptor. */
1779 :
1780 : /* XXX: Support client authorization (#20700). */
1781 44 : encrypted->intro_auth_types = NULL;
1782 44 : return 0;
1783 : }
1784 :
1785 : /** Populate the descriptor superencrypted section from the given service
1786 : * object. This will generate a valid list of hs_desc_authorized_client_t
1787 : * of clients that are authorized to use the service. Return 0 on success
1788 : * else -1 on error. */
1789 : static int
1790 44 : build_service_desc_superencrypted(const hs_service_t *service,
1791 : hs_service_descriptor_t *desc)
1792 : {
1793 44 : const hs_service_config_t *config;
1794 44 : int i;
1795 44 : hs_desc_superencrypted_data_t *superencrypted;
1796 :
1797 44 : tor_assert(service);
1798 44 : tor_assert(desc);
1799 :
1800 44 : superencrypted = &desc->desc->superencrypted_data;
1801 44 : config = &service->config;
1802 :
1803 : /* The ephemeral key pair is already generated, so this should not give
1804 : * an error. */
1805 44 : if (BUG(!curve25519_public_key_is_ok(&desc->auth_ephemeral_kp.pubkey))) {
1806 0 : return -1;
1807 : }
1808 44 : memcpy(&superencrypted->auth_ephemeral_pubkey,
1809 : &desc->auth_ephemeral_kp.pubkey,
1810 : sizeof(curve25519_public_key_t));
1811 :
1812 : /* Test that subcred is not zero because we might use it below */
1813 44 : if (BUG(fast_mem_is_zero((char*)desc->desc->subcredential.subcred,
1814 : DIGEST256_LEN))) {
1815 0 : return -1;
1816 : }
1817 :
1818 : /* Create a smartlist to store clients */
1819 44 : superencrypted->clients = smartlist_new();
1820 :
1821 : /* We do not need to build the desc authorized client if the client
1822 : * authorization is disabled */
1823 44 : if (is_client_auth_enabled(service)) {
1824 108 : SMARTLIST_FOREACH_BEGIN(config->clients,
1825 : hs_service_authorized_client_t *, client) {
1826 104 : hs_desc_authorized_client_t *desc_client;
1827 104 : desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
1828 :
1829 : /* Prepare the client for descriptor and then add to the list in the
1830 : * superencrypted part of the descriptor */
1831 104 : hs_desc_build_authorized_client(&desc->desc->subcredential,
1832 104 : &client->client_pk,
1833 104 : &desc->auth_ephemeral_kp.seckey,
1834 104 : desc->descriptor_cookie, desc_client);
1835 104 : smartlist_add(superencrypted->clients, desc_client);
1836 :
1837 104 : } SMARTLIST_FOREACH_END(client);
1838 : }
1839 :
1840 : /* We cannot let the number of auth-clients to be zero, so we need to
1841 : * make it be 16. If it is already a multiple of 16, we do not need to
1842 : * do anything. Otherwise, add the additional ones to make it a
1843 : * multiple of 16. */
1844 44 : int num_clients = smartlist_len(superencrypted->clients);
1845 44 : int num_clients_to_add;
1846 44 : if (num_clients == 0) {
1847 : num_clients_to_add = HS_DESC_AUTH_CLIENT_MULTIPLE;
1848 4 : } else if (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE == 0) {
1849 : num_clients_to_add = 0;
1850 : } else {
1851 2 : num_clients_to_add =
1852 : HS_DESC_AUTH_CLIENT_MULTIPLE
1853 2 : - (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE);
1854 : }
1855 :
1856 708 : for (i = 0; i < num_clients_to_add; i++) {
1857 664 : hs_desc_authorized_client_t *desc_client =
1858 664 : hs_desc_build_fake_authorized_client();
1859 664 : smartlist_add(superencrypted->clients, desc_client);
1860 : }
1861 :
1862 : /* Shuffle the list to prevent the client know the position in the
1863 : * config. */
1864 44 : smartlist_shuffle(superencrypted->clients);
1865 :
1866 44 : return 0;
1867 : }
1868 :
1869 : /** Populate the descriptor plaintext section from the given service object.
1870 : * The caller must make sure that the keys in the descriptors are valid that
1871 : * is are non-zero. This can't fail. */
1872 : static void
1873 44 : build_service_desc_plaintext(const hs_service_t *service,
1874 : hs_service_descriptor_t *desc)
1875 : {
1876 44 : hs_desc_plaintext_data_t *plaintext;
1877 :
1878 44 : tor_assert(service);
1879 44 : tor_assert(desc);
1880 44 : tor_assert(!fast_mem_is_zero((char *) &desc->blinded_kp,
1881 : sizeof(desc->blinded_kp)));
1882 44 : tor_assert(!fast_mem_is_zero((char *) &desc->signing_kp,
1883 : sizeof(desc->signing_kp)));
1884 :
1885 : /* Set the subcredential. */
1886 44 : hs_get_subcredential(&service->keys.identity_pk, &desc->blinded_kp.pubkey,
1887 44 : &desc->desc->subcredential);
1888 :
1889 44 : plaintext = &desc->desc->plaintext_data;
1890 :
1891 44 : plaintext->version = service->config.version;
1892 44 : plaintext->lifetime_sec = HS_DESC_DEFAULT_LIFETIME;
1893 : /* Copy public key material to go in the descriptor. */
1894 44 : ed25519_pubkey_copy(&plaintext->signing_pubkey, &desc->signing_kp.pubkey);
1895 44 : ed25519_pubkey_copy(&plaintext->blinded_pubkey, &desc->blinded_kp.pubkey);
1896 :
1897 : /* Create the signing key certificate. This will be updated before each
1898 : * upload but we create it here so we don't complexify our unit tests. */
1899 44 : build_desc_signing_key_cert(desc, approx_time());
1900 44 : }
1901 :
1902 : /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1903 : static crypto_ope_t *
1904 44 : generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
1905 : {
1906 : /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1907 44 : uint8_t key[DIGEST256_LEN];
1908 44 : crypto_digest_t *digest = crypto_digest256_new(DIGEST_SHA3_256);
1909 44 : const char ope_key_prefix[] = "rev-counter-generation";
1910 44 : const ed25519_secret_key_t *eph_privkey = &hs_desc->blinded_kp.seckey;
1911 44 : crypto_digest_add_bytes(digest, ope_key_prefix, sizeof(ope_key_prefix));
1912 44 : crypto_digest_add_bytes(digest, (char*)eph_privkey->seckey,
1913 : sizeof(eph_privkey->seckey));
1914 44 : crypto_digest_get_digest(digest, (char *)key, sizeof(key));
1915 44 : crypto_digest_free(digest);
1916 :
1917 44 : return crypto_ope_new(key);
1918 : }
1919 :
1920 : /** For the given service and descriptor object, create the key material which
1921 : * is the blinded keypair, the descriptor signing keypair, the ephemeral
1922 : * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1923 : * where the generated keys MUST be ignored. */
1924 : static int
1925 44 : build_service_desc_keys(const hs_service_t *service,
1926 : hs_service_descriptor_t *desc)
1927 : {
1928 44 : int ret = -1;
1929 44 : ed25519_keypair_t kp;
1930 :
1931 44 : tor_assert(desc);
1932 44 : tor_assert(!fast_mem_is_zero((char *) &service->keys.identity_pk,
1933 : ED25519_PUBKEY_LEN));
1934 :
1935 : /* XXX: Support offline key feature (#18098). */
1936 :
1937 : /* Copy the identity keys to the keypair so we can use it to create the
1938 : * blinded key. */
1939 44 : memcpy(&kp.pubkey, &service->keys.identity_pk, sizeof(kp.pubkey));
1940 44 : memcpy(&kp.seckey, &service->keys.identity_sk, sizeof(kp.seckey));
1941 : /* Build blinded keypair for this time period. */
1942 44 : hs_build_blinded_keypair(&kp, NULL, 0, desc->time_period_num,
1943 44 : &desc->blinded_kp);
1944 : /* Let's not keep too much traces of our keys in memory. */
1945 44 : memwipe(&kp, 0, sizeof(kp));
1946 :
1947 : /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1948 44 : log_info(LD_GENERAL,
1949 : "Getting OPE for TP#%u", (unsigned) desc->time_period_num);
1950 44 : tor_assert_nonfatal(!desc->ope_cipher);
1951 44 : desc->ope_cipher = generate_ope_cipher_for_desc(desc);
1952 :
1953 : /* No need for extra strong, this is a temporary key only for this
1954 : * descriptor. Nothing long term. */
1955 44 : if (ed25519_keypair_generate(&desc->signing_kp, 0) < 0) {
1956 0 : log_warn(LD_REND, "Can't generate descriptor signing keypair for "
1957 : "service %s",
1958 : safe_str_client(service->onion_address));
1959 0 : goto end;
1960 : }
1961 :
1962 : /* No need for extra strong, this is a temporary key only for this
1963 : * descriptor. Nothing long term. */
1964 44 : if (curve25519_keypair_generate(&desc->auth_ephemeral_kp, 0) < 0) {
1965 0 : log_warn(LD_REND, "Can't generate auth ephemeral keypair for "
1966 : "service %s",
1967 : safe_str_client(service->onion_address));
1968 0 : goto end;
1969 : }
1970 :
1971 : /* Random descriptor cookie to be used as a part of a key to encrypt the
1972 : * descriptor, only if the client auth is enabled will it be used. */
1973 44 : crypto_strongest_rand(desc->descriptor_cookie,
1974 : sizeof(desc->descriptor_cookie));
1975 :
1976 : /* Success. */
1977 44 : ret = 0;
1978 44 : end:
1979 44 : return ret;
1980 : }
1981 :
1982 : /** Given a service and the current time, build a descriptor for the service.
1983 : * This function does not pick introduction point, this needs to be done by
1984 : * the update function. On success, desc_out will point to the newly allocated
1985 : * descriptor object.
1986 : *
1987 : * This can error if we are unable to create keys or certificate. */
1988 : static void
1989 44 : build_service_descriptor(hs_service_t *service, uint64_t time_period_num,
1990 : hs_service_descriptor_t **desc_out)
1991 : {
1992 44 : char *encoded_desc;
1993 44 : hs_service_descriptor_t *desc;
1994 :
1995 44 : tor_assert(service);
1996 44 : tor_assert(desc_out);
1997 :
1998 44 : desc = service_descriptor_new();
1999 :
2000 : /* Set current time period */
2001 44 : desc->time_period_num = time_period_num;
2002 :
2003 : /* Create the needed keys so we can setup the descriptor content. */
2004 44 : if (build_service_desc_keys(service, desc) < 0) {
2005 0 : goto err;
2006 : }
2007 : /* Setup plaintext descriptor content. */
2008 44 : build_service_desc_plaintext(service, desc);
2009 :
2010 : /* Setup superencrypted descriptor content. */
2011 44 : if (build_service_desc_superencrypted(service, desc) < 0) {
2012 0 : goto err;
2013 : }
2014 : /* Setup encrypted descriptor content. */
2015 44 : if (build_service_desc_encrypted(service, desc) < 0) {
2016 0 : goto err;
2017 : }
2018 :
2019 : /* Let's make sure that we've created a descriptor that can actually be
2020 : * encoded properly. This function also checks if the encoded output is
2021 : * decodable after. */
2022 44 : if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2023 : &encoded_desc) < 0)) {
2024 0 : goto err;
2025 : }
2026 44 : tor_free(encoded_desc);
2027 :
2028 : /* Assign newly built descriptor to the next slot. */
2029 44 : *desc_out = desc;
2030 :
2031 : /* Fire a CREATED control port event. */
2032 44 : hs_control_desc_event_created(service->onion_address,
2033 44 : &desc->blinded_kp.pubkey);
2034 :
2035 : /* If we are an onionbalance instance, we refresh our keys when we rotate
2036 : * descriptors. */
2037 44 : hs_ob_refresh_keys(service);
2038 :
2039 44 : return;
2040 :
2041 0 : err:
2042 0 : service_descriptor_free(desc);
2043 : }
2044 :
2045 : /** Build both descriptors for the given service that has just booted up.
2046 : * Because it's a special case, it deserves its special function ;). */
2047 : static void
2048 21 : build_descriptors_for_new_service(hs_service_t *service, time_t now)
2049 : {
2050 21 : uint64_t current_desc_tp, next_desc_tp;
2051 :
2052 21 : tor_assert(service);
2053 : /* These are the conditions for a new service. */
2054 21 : tor_assert(!service->desc_current);
2055 21 : tor_assert(!service->desc_next);
2056 :
2057 : /*
2058 : * +------------------------------------------------------------------+
2059 : * | |
2060 : * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2061 : * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2062 : * | |
2063 : * | $==========|-----------$===========|-----------$===========| |
2064 : * | ^ ^ |
2065 : * | A B |
2066 : * +------------------------------------------------------------------+
2067 : *
2068 : * Case A: The service boots up before a new time period, the current time
2069 : * period is thus TP#1 and the next is TP#2 which for both we have access to
2070 : * their SRVs.
2071 : *
2072 : * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2073 : * next descriptor because we don't have the SRV#3 so the current should be
2074 : * TP#1 and next TP#2.
2075 : */
2076 :
2077 21 : if (hs_in_period_between_tp_and_srv(NULL, now)) {
2078 : /* Case B from the above, inside of the new time period. */
2079 7 : current_desc_tp = hs_get_previous_time_period_num(0); /* TP#1 */
2080 7 : next_desc_tp = hs_get_time_period_num(0); /* TP#2 */
2081 : } else {
2082 : /* Case A from the above, outside of the new time period. */
2083 14 : current_desc_tp = hs_get_time_period_num(0); /* TP#1 */
2084 14 : next_desc_tp = hs_get_next_time_period_num(0); /* TP#2 */
2085 : }
2086 :
2087 : /* Build descriptors. */
2088 21 : build_service_descriptor(service, current_desc_tp, &service->desc_current);
2089 21 : build_service_descriptor(service, next_desc_tp, &service->desc_next);
2090 21 : log_info(LD_REND, "Hidden service %s has just started. Both descriptors "
2091 : "built. Now scheduled for upload.",
2092 : safe_str_client(service->onion_address));
2093 21 : }
2094 :
2095 : /** Build descriptors for each service if needed. There are conditions to build
2096 : * a descriptor which are details in the function. */
2097 : STATIC void
2098 23 : build_all_descriptors(time_t now)
2099 : {
2100 48 : FOR_EACH_SERVICE_BEGIN(service) {
2101 :
2102 : /* A service booting up will have both descriptors to NULL. No other cases
2103 : * makes both descriptor non existent. */
2104 25 : if (service->desc_current == NULL && service->desc_next == NULL) {
2105 21 : build_descriptors_for_new_service(service, now);
2106 21 : continue;
2107 : }
2108 :
2109 : /* Reaching this point means we are pass bootup so at runtime. We should
2110 : * *never* have an empty current descriptor. If the next descriptor is
2111 : * empty, we'll try to build it for the next time period. This only
2112 : * happens when we rotate meaning that we are guaranteed to have a new SRV
2113 : * at that point for the next time period. */
2114 4 : if (BUG(service->desc_current == NULL)) {
2115 0 : continue;
2116 : }
2117 :
2118 4 : if (service->desc_next == NULL) {
2119 2 : build_service_descriptor(service, hs_get_next_time_period_num(0),
2120 : &service->desc_next);
2121 2 : log_info(LD_REND, "Hidden service %s next descriptor successfully "
2122 : "built. Now scheduled for upload.",
2123 : safe_str_client(service->onion_address));
2124 : }
2125 23 : } FOR_EACH_DESCRIPTOR_END;
2126 23 : }
2127 :
2128 : /** Randomly pick a node to become an introduction point but not present in the
2129 : * given exclude_nodes list. The chosen node is put in the exclude list
2130 : * regardless of success or not because in case of failure, the node is simply
2131 : * unsusable from that point on.
2132 : *
2133 : * If direct_conn is set, try to pick a node that our local firewall/policy
2134 : * allows us to connect to directly. If we can't find any, return NULL.
2135 : * This function supports selecting dual-stack nodes for direct single onion
2136 : * service IPv6 connections. But it does not send IPv6 addresses in link
2137 : * specifiers. (Current clients don't use IPv6 addresses to extend, and
2138 : * direct client connections to intro points are not supported.)
2139 : *
2140 : * Return a newly allocated service intro point ready to be used for encoding.
2141 : * Return NULL on error. */
2142 : static hs_service_intro_point_t *
2143 6 : pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
2144 : {
2145 6 : const or_options_t *options = get_options();
2146 6 : const node_t *node;
2147 6 : hs_service_intro_point_t *ip = NULL;
2148 : /* Normal 3-hop introduction point flags. */
2149 6 : router_crn_flags_t flags = CRN_NEED_UPTIME | CRN_NEED_DESC;
2150 : /* Single onion flags. */
2151 6 : router_crn_flags_t direct_flags = flags | CRN_PREF_ADDR | CRN_DIRECT_CONN;
2152 :
2153 12 : node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2154 : direct_conn ? direct_flags : flags);
2155 :
2156 : /* If we are in single onion mode, retry node selection for a 3-hop
2157 : * path */
2158 6 : if (direct_conn && !node) {
2159 0 : log_info(LD_REND,
2160 : "Unable to find an intro point that we can connect to "
2161 : "directly, falling back to a 3-hop path.");
2162 0 : node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2163 : flags);
2164 : }
2165 :
2166 6 : if (!node) {
2167 4 : goto err;
2168 : }
2169 :
2170 : /* We have a suitable node, add it to the exclude list. We do this *before*
2171 : * we can validate the extend information because even in case of failure,
2172 : * we don't want to use that node anymore. */
2173 2 : smartlist_add(exclude_nodes, (void *) node);
2174 :
2175 : /* Create our objects and populate them with the node information. */
2176 2 : ip = service_intro_point_new(node);
2177 :
2178 2 : if (ip == NULL) {
2179 0 : goto err;
2180 : }
2181 :
2182 2 : log_info(LD_REND, "Picked intro point: %s", node_describe(node));
2183 2 : return ip;
2184 4 : err:
2185 4 : service_intro_point_free(ip);
2186 4 : return NULL;
2187 : }
2188 :
2189 : /** For a given descriptor from the given service, pick any needed intro points
2190 : * and update the current map with those newly picked intro points. Return the
2191 : * number node that might have been added to the descriptor current map. */
2192 : static unsigned int
2193 4 : pick_needed_intro_points(hs_service_t *service,
2194 : hs_service_descriptor_t *desc)
2195 : {
2196 4 : int i = 0, num_needed_ip;
2197 4 : smartlist_t *exclude_nodes = smartlist_new();
2198 :
2199 4 : tor_assert(service);
2200 4 : tor_assert(desc);
2201 :
2202 : /* Compute how many intro points we actually need to open. */
2203 8 : num_needed_ip = service->config.num_intro_points -
2204 4 : digest256map_size(desc->intro_points.map);
2205 4 : if (BUG(num_needed_ip < 0)) {
2206 : /* Let's not make tor freak out here and just skip this. */
2207 0 : goto done;
2208 : }
2209 :
2210 : /* We want to end up with config.num_intro_points intro points, but if we
2211 : * have no intro points at all (chances are they all cycled or we are
2212 : * starting up), we launch get_intro_point_num_extra() extra circuits and
2213 : * use the first config.num_intro_points that complete. See proposal #155,
2214 : * section 4 for the rationale of this which is purely for performance.
2215 : *
2216 : * The ones after the first config.num_intro_points will be converted to
2217 : * 'General' internal circuits and then we'll drop them from the list of
2218 : * intro points. */
2219 4 : if (digest256map_size(desc->intro_points.map) == 0) {
2220 4 : num_needed_ip += get_intro_point_num_extra();
2221 : }
2222 :
2223 : /* Build an exclude list of nodes of our intro point(s). The expiring intro
2224 : * points are OK to pick again because this is after all a concept of round
2225 : * robin so they are considered valid nodes to pick again. */
2226 4 : DIGEST256MAP_FOREACH(desc->intro_points.map, key,
2227 : hs_service_intro_point_t *, ip) {
2228 0 : const node_t *intro_node = get_node_from_intro_point(ip);
2229 0 : if (intro_node) {
2230 0 : smartlist_add(exclude_nodes, (void*)intro_node);
2231 : }
2232 4 : } DIGEST256MAP_FOREACH_END;
2233 : /* Also, add the failing intro points that our descriptor encounteered in
2234 : * the exclude node list. */
2235 4 : setup_intro_point_exclude_list(desc, exclude_nodes);
2236 :
2237 10 : for (i = 0; i < num_needed_ip; i++) {
2238 6 : hs_service_intro_point_t *ip;
2239 :
2240 : /* This function will add the picked intro point node to the exclude nodes
2241 : * list so we don't pick the same one at the next iteration. */
2242 6 : ip = pick_intro_point(service->config.is_single_onion, exclude_nodes);
2243 6 : if (ip == NULL) {
2244 : /* If we end up unable to pick an introduction point it is because we
2245 : * can't find suitable node and calling this again is highly unlikely to
2246 : * give us a valid node all of the sudden. */
2247 4 : log_info(LD_REND, "Unable to find a suitable node to be an "
2248 : "introduction point for service %s.",
2249 : safe_str_client(service->onion_address));
2250 4 : goto done;
2251 : }
2252 : /* Valid intro point object, add it to the descriptor current map. */
2253 2 : service_intro_point_add(desc->intro_points.map, ip);
2254 : }
2255 : /* We've successfully picked all our needed intro points thus none are
2256 : * missing which will tell our upload process to expect the number of
2257 : * circuits to be the number of configured intro points circuits and not the
2258 : * number of intro points object that we have. */
2259 0 : desc->missing_intro_points = 0;
2260 :
2261 : /* Success. */
2262 4 : done:
2263 : /* We don't have ownership of the node_t object in this list. */
2264 4 : smartlist_free(exclude_nodes);
2265 4 : return i;
2266 : }
2267 :
2268 : /** Clear previous cached HSDirs in <b>desc</b>. */
2269 : static void
2270 12 : service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
2271 : {
2272 12 : if (BUG(!desc->previous_hsdirs)) {
2273 0 : return;
2274 : }
2275 :
2276 24 : SMARTLIST_FOREACH(desc->previous_hsdirs, char*, s, tor_free(s));
2277 12 : smartlist_clear(desc->previous_hsdirs);
2278 : }
2279 :
2280 : /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2281 : static void
2282 66 : service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
2283 : {
2284 66 : char b64_digest[BASE64_DIGEST_LEN+1] = {0};
2285 66 : digest_to_base64(b64_digest, hsdir->identity);
2286 :
2287 66 : if (BUG(!desc->previous_hsdirs)) {
2288 0 : return;
2289 : }
2290 :
2291 66 : if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
2292 66 : smartlist_add_strdup(desc->previous_hsdirs, b64_digest);
2293 : }
2294 : }
2295 :
2296 : /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2297 : * means that this descriptor is dirty. */
2298 : STATIC void
2299 3 : service_desc_schedule_upload(hs_service_descriptor_t *desc,
2300 : time_t now,
2301 : int descriptor_changed)
2302 :
2303 : {
2304 3 : desc->next_upload_time = now;
2305 :
2306 : /* If the descriptor changed, clean up the old HSDirs list. We want to
2307 : * re-upload no matter what. */
2308 3 : if (descriptor_changed) {
2309 3 : service_desc_clear_previous_hsdirs(desc);
2310 : }
2311 3 : }
2312 :
2313 : /** Pick missing intro points for this descriptor if needed. */
2314 : static void
2315 4 : update_service_descriptor_intro_points(hs_service_t *service,
2316 : hs_service_descriptor_t *desc, time_t now)
2317 : {
2318 4 : unsigned int num_intro_points;
2319 :
2320 4 : tor_assert(service);
2321 4 : tor_assert(desc);
2322 4 : tor_assert(desc->desc);
2323 :
2324 4 : num_intro_points = digest256map_size(desc->intro_points.map);
2325 :
2326 : /* Pick any missing introduction point(s). */
2327 4 : if (num_intro_points < service->config.num_intro_points) {
2328 4 : unsigned int num_new_intro_points = pick_needed_intro_points(service,
2329 : desc);
2330 4 : if (num_new_intro_points != 0) {
2331 3 : log_info(LD_REND, "Service %s just picked %u intro points and wanted "
2332 : "%u for %s descriptor. It currently has %d intro "
2333 : "points. Launching ESTABLISH_INTRO circuit shortly.",
2334 : safe_str_client(service->onion_address),
2335 : num_new_intro_points,
2336 : service->config.num_intro_points - num_intro_points,
2337 : (desc == service->desc_current) ? "current" : "next",
2338 : num_intro_points);
2339 : /* We'll build those introduction point into the descriptor once we have
2340 : * confirmation that the circuits are opened and ready. However,
2341 : * indicate that this descriptor should be uploaded from now on. */
2342 2 : service_desc_schedule_upload(desc, now, 1);
2343 : }
2344 : /* Were we able to pick all the intro points we needed? If not, we'll
2345 : * flag the descriptor that it's missing intro points because it
2346 : * couldn't pick enough which will trigger a descriptor upload. */
2347 4 : if ((num_new_intro_points + num_intro_points) <
2348 4 : service->config.num_intro_points) {
2349 4 : desc->missing_intro_points = 1;
2350 : }
2351 : }
2352 4 : }
2353 :
2354 : /** Update descriptor intro points for each service if needed. We do this as
2355 : * part of the periodic event because we need to establish intro point circuits
2356 : * before we publish descriptors. */
2357 : STATIC void
2358 2 : update_all_descriptors_intro_points(time_t now)
2359 : {
2360 4 : FOR_EACH_SERVICE_BEGIN(service) {
2361 : /* We'll try to update each descriptor that is if certain conditions apply
2362 : * in order for the descriptor to be updated. */
2363 6 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2364 4 : update_service_descriptor_intro_points(service, desc, now);
2365 2 : } FOR_EACH_DESCRIPTOR_END;
2366 2 : } FOR_EACH_SERVICE_END;
2367 2 : }
2368 :
2369 : /** Return true iff the given intro point has expired that is it has been used
2370 : * for too long or we've reached our max seen INTRODUCE2 cell. */
2371 : STATIC int
2372 9 : intro_point_should_expire(const hs_service_intro_point_t *ip,
2373 : time_t now)
2374 : {
2375 9 : tor_assert(ip);
2376 :
2377 9 : if (ip->introduce2_count >= ip->introduce2_max) {
2378 1 : goto expired;
2379 : }
2380 :
2381 8 : if (ip->time_to_expire <= now) {
2382 2 : goto expired;
2383 : }
2384 :
2385 : /* Not expiring. */
2386 : return 0;
2387 9 : expired:
2388 : return 1;
2389 : }
2390 :
2391 : /** Return true iff we should remove the intro point ip from its service.
2392 : *
2393 : * We remove an intro point from the service descriptor list if one of
2394 : * these criteria is met:
2395 : * - It has expired (either in INTRO2 count or in time).
2396 : * - No node was found (fell off the consensus).
2397 : * - We are over the maximum amount of retries.
2398 : *
2399 : * If an established or pending circuit is found for the given ip object, this
2400 : * return false indicating it should not be removed. */
2401 : static bool
2402 6 : should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
2403 : {
2404 6 : bool ret = false;
2405 :
2406 6 : tor_assert(ip);
2407 :
2408 : /* Any one of the following needs to be True to fulfill the criteria to
2409 : * remove an intro point. */
2410 6 : bool has_no_retries = (ip->circuit_retries >
2411 : MAX_INTRO_POINT_CIRCUIT_RETRIES);
2412 6 : bool has_no_node = (get_node_from_intro_point(ip) == NULL);
2413 6 : bool has_expired = intro_point_should_expire(ip, now);
2414 :
2415 : /* If the node fell off the consensus or the IP has expired, we have to
2416 : * remove it now. */
2417 6 : if (has_no_node || has_expired) {
2418 2 : ret = true;
2419 2 : goto end;
2420 : }
2421 :
2422 : /* Pass this point, even though we might be over the retry limit, we check
2423 : * if a circuit (established or pending) exists. In that case, we should not
2424 : * remove it because it might simply be valid and opened at the previous
2425 : * scheduled event for the last retry. */
2426 :
2427 : /* Do we simply have an existing circuit regardless of its state? */
2428 4 : if (hs_circ_service_get_intro_circ(ip)) {
2429 1 : goto end;
2430 : }
2431 :
2432 : /* Getting here means we have _no_ circuits so then return if we have any
2433 : * remaining retries. */
2434 : ret = has_no_retries;
2435 :
2436 3 : end:
2437 : /* Meaningful log in case we are about to remove the IP. */
2438 6 : if (ret) {
2439 6 : log_info(LD_REND, "Intro point %s%s (retried: %u times). "
2440 : "Removing it.",
2441 : describe_intro_point(ip),
2442 : has_expired ? " has expired" :
2443 : (has_no_node) ? " fell off the consensus" : "",
2444 : ip->circuit_retries);
2445 : }
2446 6 : return ret;
2447 : }
2448 :
2449 : /** Go over the given set of intro points for each service and remove any
2450 : * invalid ones.
2451 : *
2452 : * If an intro point is removed, the circuit (if any) is immediately close.
2453 : * If a circuit can't be found, the intro point is kept if it hasn't reached
2454 : * its maximum circuit retry value and thus should be retried. */
2455 : static void
2456 6 : cleanup_intro_points(hs_service_t *service, time_t now)
2457 : {
2458 : /* List of intro points to close. We can't mark the intro circuits for close
2459 : * in the modify loop because doing so calls back into the HS subsystem and
2460 : * we need to keep that code path outside of the service/desc loop so those
2461 : * maps don't get modified during the close making us in a possible
2462 : * use-after-free situation. */
2463 6 : smartlist_t *ips_to_free = smartlist_new();
2464 :
2465 6 : tor_assert(service);
2466 :
2467 : /* For both descriptors, cleanup the intro points. */
2468 18 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2469 : /* Go over the current intro points we have, make sure they are still
2470 : * valid and remove any of them that aren't. */
2471 18 : DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2472 : hs_service_intro_point_t *, ip) {
2473 6 : if (should_remove_intro_point(ip, now)) {
2474 : /* We've retried too many times, remember it as a failed intro point
2475 : * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2476 4 : if (ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
2477 2 : remember_failing_intro_point(ip, desc, approx_time());
2478 : }
2479 :
2480 : /* Remove intro point from descriptor map and add it to the list of
2481 : * ips to free for which we'll also try to close the intro circuit. */
2482 4 : MAP_DEL_CURRENT(key);
2483 4 : smartlist_add(ips_to_free, ip);
2484 : }
2485 12 : } DIGEST256MAP_FOREACH_END;
2486 6 : } FOR_EACH_DESCRIPTOR_END;
2487 :
2488 : /* Go over the intro points to free and close their circuit if any. */
2489 10 : SMARTLIST_FOREACH_BEGIN(ips_to_free, hs_service_intro_point_t *, ip) {
2490 : /* See if we need to close the intro point circuit as well */
2491 :
2492 : /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2493 : * open until a new descriptor is uploaded and then closed all expiring
2494 : * intro point circuit. Here, we close immediately and because we just
2495 : * discarded the intro point, a new one will be selected, a new descriptor
2496 : * created and uploaded. There is no difference to an attacker between the
2497 : * timing of a new consensus and intro point rotation (possibly?). */
2498 4 : origin_circuit_t *ocirc = hs_circ_service_get_intro_circ(ip);
2499 4 : if (ocirc && !TO_CIRCUIT(ocirc)->marked_for_close) {
2500 1 : circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2501 : }
2502 :
2503 : /* Cleanup the intro point */
2504 4 : service_intro_point_free(ip);
2505 4 : } SMARTLIST_FOREACH_END(ip);
2506 :
2507 6 : smartlist_free(ips_to_free);
2508 6 : }
2509 :
2510 : /** Set the next rotation time of the descriptors for the given service for the
2511 : * time now. */
2512 : static void
2513 2 : set_rotation_time(hs_service_t *service)
2514 : {
2515 2 : tor_assert(service);
2516 :
2517 4 : service->state.next_rotation_time =
2518 2 : sr_state_get_start_time_of_current_protocol_run() +
2519 2 : sr_state_get_protocol_run_duration();
2520 :
2521 : {
2522 2 : char fmt_time[ISO_TIME_LEN + 1];
2523 2 : format_local_iso_time(fmt_time, service->state.next_rotation_time);
2524 2 : log_info(LD_REND, "Next descriptor rotation time set to %s for %s",
2525 : fmt_time, safe_str_client(service->onion_address));
2526 : }
2527 2 : }
2528 :
2529 : /** Return true iff the service should rotate its descriptor. The time now is
2530 : * only used to fetch the live consensus and if none can be found, this
2531 : * returns false. */
2532 : static unsigned int
2533 3 : should_rotate_descriptors(hs_service_t *service, time_t now)
2534 : {
2535 3 : const networkstatus_t *ns;
2536 :
2537 3 : tor_assert(service);
2538 :
2539 3 : ns = networkstatus_get_reasonably_live_consensus(now,
2540 : usable_consensus_flavor());
2541 3 : if (ns == NULL) {
2542 0 : goto no_rotation;
2543 : }
2544 :
2545 3 : if (ns->valid_after >= service->state.next_rotation_time) {
2546 : /* In theory, we should never get here with no descriptors. We can never
2547 : * have a NULL current descriptor except when tor starts up. The next
2548 : * descriptor can be NULL after a rotation but we build a new one right
2549 : * after.
2550 : *
2551 : * So, when tor starts, the next rotation time is set to the start of the
2552 : * next SRV period using the consensus valid after time so it should
2553 : * always be set to a future time value. This means that we should never
2554 : * reach this point at bootup that is this check safeguards tor in never
2555 : * allowing a rotation if the valid after time is smaller than the next
2556 : * rotation time.
2557 : *
2558 : * This is all good in theory but we've had a NULL descriptor issue here
2559 : * so this is why we BUG() on both with extra logging to try to understand
2560 : * how this can possibly happens. We'll simply ignore and tor should
2561 : * recover from this by skipping rotation and building the missing
2562 : * descriptors just after this. */
2563 1 : if (BUG(service->desc_current == NULL || service->desc_next == NULL)) {
2564 0 : log_warn(LD_BUG, "Service descriptor is NULL (%p/%p). Next rotation "
2565 : "time is %ld (now: %ld). Valid after time from "
2566 : "consensus is %ld",
2567 : service->desc_current, service->desc_next,
2568 : (long)service->state.next_rotation_time,
2569 : (long)now,
2570 : (long)ns->valid_after);
2571 0 : goto no_rotation;
2572 : }
2573 1 : goto rotation;
2574 : }
2575 :
2576 2 : no_rotation:
2577 : return 0;
2578 1 : rotation:
2579 1 : return 1;
2580 : }
2581 :
2582 : /** Rotate the service descriptors of the given service. The current descriptor
2583 : * will be freed, the next one put in as the current and finally the next
2584 : * descriptor pointer is NULLified. */
2585 : static void
2586 1 : rotate_service_descriptors(hs_service_t *service)
2587 : {
2588 1 : if (service->desc_current) {
2589 : /* Close all IP circuits for the descriptor. */
2590 1 : close_intro_circuits(&service->desc_current->intro_points);
2591 : /* We don't need this one anymore, we won't serve any clients coming with
2592 : * this service descriptor. */
2593 1 : service_descriptor_free(service->desc_current);
2594 : }
2595 : /* The next one become the current one and emptying the next will trigger
2596 : * a descriptor creation for it. */
2597 1 : service->desc_current = service->desc_next;
2598 1 : service->desc_next = NULL;
2599 :
2600 : /* We've just rotated, set the next time for the rotation. */
2601 1 : set_rotation_time(service);
2602 1 : }
2603 :
2604 : /** Rotate descriptors for each service if needed. A non existing current
2605 : * descriptor will trigger a descriptor build for the next time period. */
2606 : STATIC void
2607 3 : rotate_all_descriptors(time_t now)
2608 : {
2609 : /* XXX We rotate all our service descriptors at once. In the future it might
2610 : * be wise, to rotate service descriptors independently to hide that all
2611 : * those descriptors are on the same tor instance */
2612 :
2613 6 : FOR_EACH_SERVICE_BEGIN(service) {
2614 :
2615 : /* Note for a service booting up: Both descriptors are NULL in that case
2616 : * so this function might return true if we are in the timeframe for a
2617 : * rotation leading to basically swapping two NULL pointers which is
2618 : * harmless. However, the side effect is that triggering a rotation will
2619 : * update the service state and avoid doing anymore rotations after the
2620 : * two descriptors have been built. */
2621 3 : if (!should_rotate_descriptors(service, now)) {
2622 2 : continue;
2623 : }
2624 :
2625 1 : log_info(LD_REND, "Time to rotate our descriptors (%p / %p) for %s",
2626 : service->desc_current, service->desc_next,
2627 : safe_str_client(service->onion_address));
2628 :
2629 1 : rotate_service_descriptors(service);
2630 3 : } FOR_EACH_SERVICE_END;
2631 3 : }
2632 :
2633 : /** Scheduled event run from the main loop. Make sure all our services are up
2634 : * to date and ready for the other scheduled events. This includes looking at
2635 : * the introduction points status and descriptor rotation time. */
2636 : STATIC void
2637 6 : run_housekeeping_event(time_t now)
2638 : {
2639 : /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2640 : * simply moving things around or removing unneeded elements. */
2641 :
2642 12 : FOR_EACH_SERVICE_BEGIN(service) {
2643 :
2644 : /* If the service is starting off, set the rotation time. We can't do that
2645 : * at configure time because the get_options() needs to be set for setting
2646 : * that time that uses the voting interval. */
2647 6 : if (service->state.next_rotation_time == 0) {
2648 : /* Set the next rotation time of the descriptors. If it's Oct 25th
2649 : * 23:47:00, the next rotation time is when the next SRV is computed
2650 : * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2651 1 : set_rotation_time(service);
2652 : }
2653 :
2654 : /* Cleanup invalid intro points from the service descriptor. */
2655 6 : cleanup_intro_points(service, now);
2656 :
2657 : /* Remove expired failing intro point from the descriptor failed list. We
2658 : * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2659 6 : remove_expired_failing_intro(service, now);
2660 :
2661 : /* At this point, the service is now ready to go through the scheduled
2662 : * events guaranteeing a valid state. Intro points might be missing from
2663 : * the descriptors after the cleanup but the update/build process will
2664 : * make sure we pick those missing ones. */
2665 6 : } FOR_EACH_SERVICE_END;
2666 6 : }
2667 :
2668 : /** Scheduled event run from the main loop. Make sure all descriptors are up to
2669 : * date. Once this returns, each service descriptor needs to be considered for
2670 : * new introduction circuits and then for upload. */
2671 : static void
2672 0 : run_build_descriptor_event(time_t now)
2673 : {
2674 : /* Run v3+ events. */
2675 : /* We start by rotating the descriptors only if needed. */
2676 0 : rotate_all_descriptors(now);
2677 :
2678 : /* Then, we'll try to build new descriptors that we might need. The
2679 : * condition is that the next descriptor is non existing because it has
2680 : * been rotated or we just started up. */
2681 0 : build_all_descriptors(now);
2682 :
2683 : /* Finally, we'll check if we should update the descriptors' intro
2684 : * points. Missing introduction points will be picked in this function which
2685 : * is useful for newly built descriptors. */
2686 0 : update_all_descriptors_intro_points(now);
2687 0 : }
2688 :
2689 : /** For the given service, launch any intro point circuits that could be
2690 : * needed. This considers every descriptor of the service. */
2691 : static void
2692 0 : launch_intro_point_circuits(hs_service_t *service)
2693 : {
2694 0 : tor_assert(service);
2695 :
2696 : /* For both descriptors, try to launch any missing introduction point
2697 : * circuits using the current map. */
2698 0 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2699 : /* Keep a ref on if we need a direct connection. We use this often. */
2700 0 : bool direct_conn = service->config.is_single_onion;
2701 :
2702 0 : DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2703 : hs_service_intro_point_t *, ip) {
2704 0 : extend_info_t *ei;
2705 :
2706 : /* Skip the intro point that already has an existing circuit
2707 : * (established or not). */
2708 0 : if (hs_circ_service_get_intro_circ(ip)) {
2709 0 : continue;
2710 : }
2711 0 : ei = get_extend_info_from_intro_point(ip, direct_conn);
2712 :
2713 : /* If we can't connect directly to the intro point, get an extend_info
2714 : * for a multi-hop path instead. */
2715 0 : if (ei == NULL && direct_conn) {
2716 0 : direct_conn = false;
2717 0 : ei = get_extend_info_from_intro_point(ip, 0);
2718 : }
2719 :
2720 0 : if (ei == NULL) {
2721 : /* This is possible if we can get a node_t but not the extend info out
2722 : * of it. In this case, we remove the intro point and a new one will
2723 : * be picked at the next main loop callback. */
2724 0 : MAP_DEL_CURRENT(key);
2725 0 : service_intro_point_free(ip);
2726 0 : continue;
2727 : }
2728 :
2729 : /* Launch a circuit to the intro point. */
2730 0 : ip->circuit_retries++;
2731 0 : if (hs_circ_launch_intro_point(service, ip, ei, direct_conn) < 0) {
2732 0 : log_info(LD_REND, "Unable to launch intro circuit to node %s "
2733 : "for service %s.",
2734 : safe_str_client(extend_info_describe(ei)),
2735 : safe_str_client(service->onion_address));
2736 : /* Intro point will be retried if possible after this. */
2737 : }
2738 0 : extend_info_free(ei);
2739 0 : } DIGEST256MAP_FOREACH_END;
2740 0 : } FOR_EACH_DESCRIPTOR_END;
2741 0 : }
2742 :
2743 : /** Don't try to build more than this many circuits before giving up for a
2744 : * while. Dynamically calculated based on the configured number of intro
2745 : * points for the given service and how many descriptor exists. The default
2746 : * use case of 3 introduction points and two descriptors will allow 28
2747 : * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2748 : static unsigned int
2749 3 : get_max_intro_circ_per_period(const hs_service_t *service)
2750 : {
2751 3 : unsigned int count = 0;
2752 3 : unsigned int multiplier = 0;
2753 3 : unsigned int num_wanted_ip;
2754 :
2755 3 : tor_assert(service);
2756 3 : tor_assert(service->config.num_intro_points <=
2757 : HS_CONFIG_V3_MAX_INTRO_POINTS);
2758 :
2759 : /** For a testing network, allow to do it for the maximum amount so circuit
2760 : * creation and rotation and so on can actually be tested without limit. */
2761 : #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2762 3 : if (get_options()->TestingTorNetwork) {
2763 : return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
2764 : }
2765 :
2766 3 : num_wanted_ip = service->config.num_intro_points;
2767 :
2768 : /* The calculation is as follow. We have a number of intro points that we
2769 : * want configured as a torrc option (num_intro_points). We then add an
2770 : * extra value so we can launch multiple circuits at once and pick the
2771 : * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2772 : * pick 5 intros and launch 5 circuits. */
2773 3 : count += (num_wanted_ip + get_intro_point_num_extra());
2774 :
2775 : /* Then we add the number of retries that is possible to do for each intro
2776 : * point. If we want 3 intros, we'll allow 3 times the number of possible
2777 : * retry. */
2778 3 : count += (num_wanted_ip * MAX_INTRO_POINT_CIRCUIT_RETRIES);
2779 :
2780 : /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2781 : * have none. */
2782 3 : multiplier += (service->desc_current) ? 1 : 0;
2783 3 : multiplier += (service->desc_next) ? 1 : 0;
2784 :
2785 3 : return (count * multiplier);
2786 : }
2787 :
2788 : /** For the given service, return 1 if the service is allowed to launch more
2789 : * introduction circuits else 0 if the maximum has been reached for the retry
2790 : * period of INTRO_CIRC_RETRY_PERIOD. */
2791 : STATIC int
2792 3 : can_service_launch_intro_circuit(hs_service_t *service, time_t now)
2793 : {
2794 3 : tor_assert(service);
2795 :
2796 : /* Consider the intro circuit retry period of the service. */
2797 3 : if (now > (service->state.intro_circ_retry_started_time +
2798 : INTRO_CIRC_RETRY_PERIOD)) {
2799 1 : service->state.intro_circ_retry_started_time = now;
2800 1 : service->state.num_intro_circ_launched = 0;
2801 1 : goto allow;
2802 : }
2803 : /* Check if we can still launch more circuits in this period. */
2804 2 : if (service->state.num_intro_circ_launched <=
2805 2 : get_max_intro_circ_per_period(service)) {
2806 1 : goto allow;
2807 : }
2808 :
2809 : /* Rate limit log that we've reached our circuit creation limit. */
2810 : {
2811 1 : char *msg;
2812 1 : time_t elapsed_time = now - service->state.intro_circ_retry_started_time;
2813 1 : static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD);
2814 1 : if ((msg = rate_limit_log(&rlimit, now))) {
2815 1 : log_info(LD_REND, "Hidden service %s exceeded its circuit launch limit "
2816 : "of %u per %d seconds. It launched %u circuits in "
2817 : "the last %ld seconds. Will retry in %ld seconds.",
2818 : safe_str_client(service->onion_address),
2819 : get_max_intro_circ_per_period(service),
2820 : INTRO_CIRC_RETRY_PERIOD,
2821 : service->state.num_intro_circ_launched,
2822 : (long int) elapsed_time,
2823 : (long int) (INTRO_CIRC_RETRY_PERIOD - elapsed_time));
2824 1 : tor_free(msg);
2825 : }
2826 : }
2827 :
2828 : /* Not allow. */
2829 : return 0;
2830 : allow:
2831 : return 1;
2832 : }
2833 :
2834 : /** Scheduled event run from the main loop. Make sure we have all the circuits
2835 : * we need for each service. */
2836 : static void
2837 0 : run_build_circuit_event(time_t now)
2838 : {
2839 : /* Make sure we can actually have enough information or able to build
2840 : * internal circuits as required by services. */
2841 0 : if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN ||
2842 0 : !have_completed_a_circuit()) {
2843 0 : return;
2844 : }
2845 :
2846 : /* Run v3+ check. */
2847 0 : FOR_EACH_SERVICE_BEGIN(service) {
2848 : /* For introduction circuit, we need to make sure we don't stress too much
2849 : * circuit creation so make sure this service is respecting that limit. */
2850 0 : if (can_service_launch_intro_circuit(service, now)) {
2851 : /* Launch intro point circuits if needed. */
2852 0 : launch_intro_point_circuits(service);
2853 : /* Once the circuits have opened, we'll make sure to update the
2854 : * descriptor intro point list and cleanup any extraneous. */
2855 : }
2856 0 : } FOR_EACH_SERVICE_END;
2857 : }
2858 :
2859 : /** Encode and sign the service descriptor desc and upload it to the given
2860 : * hidden service directory. This does nothing if PublishHidServDescriptors
2861 : * is false. */
2862 : static void
2863 66 : upload_descriptor_to_hsdir(const hs_service_t *service,
2864 : hs_service_descriptor_t *desc, const node_t *hsdir)
2865 : {
2866 66 : char *encoded_desc = NULL;
2867 :
2868 66 : tor_assert(service);
2869 66 : tor_assert(desc);
2870 66 : tor_assert(hsdir);
2871 :
2872 : /* Let's avoid doing that if tor is configured to not publish. */
2873 66 : if (!get_options()->PublishHidServDescriptors) {
2874 0 : log_info(LD_REND, "Service %s not publishing descriptor. "
2875 : "PublishHidServDescriptors is set to 0.",
2876 : safe_str_client(service->onion_address));
2877 0 : goto end;
2878 : }
2879 :
2880 : /* First of all, we'll encode the descriptor. This should NEVER fail but
2881 : * just in case, let's make sure we have an actual usable descriptor. */
2882 66 : if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2883 : &encoded_desc) < 0)) {
2884 0 : goto end;
2885 : }
2886 :
2887 : /* Time to upload the descriptor to the directory. */
2888 66 : hs_service_upload_desc_to_dir(encoded_desc, service->config.version,
2889 : &service->keys.identity_pk,
2890 66 : &desc->blinded_kp.pubkey, hsdir->rs);
2891 :
2892 : /* Add this node to previous_hsdirs list */
2893 66 : service_desc_note_upload(desc, hsdir);
2894 :
2895 : /* Logging so we know where it was sent. */
2896 : {
2897 66 : int is_next_desc = (service->desc_next == desc);
2898 66 : const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.store_second:
2899 : hsdir->hsdir_index.store_first;
2900 132 : char *blinded_pubkey_log_str =
2901 66 : tor_strdup(hex_str((char*)&desc->blinded_kp.pubkey.pubkey, 32));
2902 : /* This log message is used by Chutney as part of its bootstrap
2903 : * detection mechanism. Please don't change without first checking
2904 : * Chutney. */
2905 108 : log_info(LD_REND, "Service %s %s descriptor of revision %" PRIu64
2906 : " initiated upload request to %s with index %s (%s)",
2907 : safe_str_client(service->onion_address),
2908 : (is_next_desc) ? "next" : "current",
2909 : desc->desc->plaintext_data.revision_counter,
2910 : safe_str_client(node_describe(hsdir)),
2911 : safe_str_client(hex_str((const char *) idx, 32)),
2912 : safe_str_client(blinded_pubkey_log_str));
2913 66 : tor_free(blinded_pubkey_log_str);
2914 :
2915 : /* Fire a UPLOAD control port event. */
2916 66 : hs_control_desc_event_upload(service->onion_address, hsdir->identity,
2917 : &desc->blinded_kp.pubkey, idx);
2918 : }
2919 :
2920 66 : end:
2921 66 : tor_free(encoded_desc);
2922 66 : return;
2923 : }
2924 :
2925 : /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2926 : * timestamp using an OPE scheme and using the ciphertext as our revision
2927 : * counter.
2928 : *
2929 : * If <b>is_current</b> is true, then this is the current HS descriptor,
2930 : * otherwise it's the next one. */
2931 : static void
2932 0 : set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now,
2933 : bool is_current)
2934 : {
2935 0 : uint64_t rev_counter = 0;
2936 :
2937 : /* Get current time */
2938 0 : time_t srv_start = 0;
2939 :
2940 : /* As our revision counter plaintext value, we use the seconds since the
2941 : * start of the SR protocol run that is relevant to this descriptor. This is
2942 : * guaranteed to be a positive value since we need the SRV to start making a
2943 : * descriptor (so that we know where to upload it).
2944 : *
2945 : * Depending on whether we are building the current or the next descriptor,
2946 : * services use a different SRV value. See [SERVICEUPLOAD] in
2947 : * rend-spec-v3.txt:
2948 : *
2949 : * In particular, for the current descriptor (aka first descriptor), Tor
2950 : * always uses the previous SRV for uploading the descriptor, and hence we
2951 : * should use the start time of the previous protocol run here.
2952 : *
2953 : * Whereas for the next descriptor (aka second descriptor), Tor always uses
2954 : * the current SRV for uploading the descriptor. and hence we use the start
2955 : * time of the current protocol run.
2956 : */
2957 0 : if (is_current) {
2958 0 : srv_start = sr_state_get_start_time_of_previous_protocol_run();
2959 : } else {
2960 0 : srv_start = sr_state_get_start_time_of_current_protocol_run();
2961 : }
2962 :
2963 0 : log_info(LD_REND, "Setting rev counter for TP #%u: "
2964 : "SRV started at %d, now %d (%s)",
2965 : (unsigned) hs_desc->time_period_num, (int)srv_start,
2966 : (int)now, is_current ? "current" : "next");
2967 :
2968 0 : tor_assert_nonfatal(now >= srv_start);
2969 :
2970 : /* Compute seconds elapsed since the start of the time period. That's the
2971 : * number of seconds of how long this blinded key has been active. */
2972 0 : time_t seconds_since_start_of_srv = now - srv_start;
2973 :
2974 : /* Increment by one so that we are definitely sure this is strictly
2975 : * positive and not zero. */
2976 0 : seconds_since_start_of_srv++;
2977 :
2978 : /* Check for too big inputs. */
2979 0 : if (BUG(seconds_since_start_of_srv > OPE_INPUT_MAX)) {
2980 : seconds_since_start_of_srv = OPE_INPUT_MAX;
2981 : }
2982 :
2983 : /* Now we compute the final revision counter value by encrypting the
2984 : plaintext using our OPE cipher: */
2985 0 : tor_assert(hs_desc->ope_cipher);
2986 0 : rev_counter = crypto_ope_encrypt(hs_desc->ope_cipher,
2987 : (int) seconds_since_start_of_srv);
2988 :
2989 : /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2990 0 : tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
2991 :
2992 0 : log_info(LD_REND, "Encrypted revision counter %d to %" PRIu64,
2993 : (int) seconds_since_start_of_srv, rev_counter);
2994 :
2995 0 : hs_desc->desc->plaintext_data.revision_counter = rev_counter;
2996 0 : }
2997 :
2998 : /** Encode and sign the service descriptor desc and upload it to the
2999 : * responsible hidden service directories. If for_next_period is true, the set
3000 : * of directories are selected using the next hsdir_index. This does nothing
3001 : * if PublishHidServDescriptors is false. */
3002 : STATIC void
3003 9 : upload_descriptor_to_all(const hs_service_t *service,
3004 : hs_service_descriptor_t *desc)
3005 : {
3006 9 : smartlist_t *responsible_dirs = NULL;
3007 :
3008 9 : tor_assert(service);
3009 9 : tor_assert(desc);
3010 :
3011 : /* We'll first cancel any directory request that are ongoing for this
3012 : * descriptor. It is possible that we can trigger multiple uploads in a
3013 : * short time frame which can lead to a race where the second upload arrives
3014 : * before the first one leading to a 400 malformed descriptor response from
3015 : * the directory. Closing all pending requests avoids that. */
3016 9 : close_directory_connections(service, desc);
3017 :
3018 : /* Get our list of responsible HSDir. */
3019 9 : responsible_dirs = smartlist_new();
3020 : /* The parameter 0 means that we aren't a client so tell the function to use
3021 : * the spread store consensus parameter. */
3022 9 : hs_get_responsible_hsdirs(&desc->blinded_kp.pubkey, desc->time_period_num,
3023 9 : service->desc_next == desc, 0, responsible_dirs);
3024 :
3025 : /** Clear list of previous hsdirs since we are about to upload to a new
3026 : * list. Let's keep it up to date. */
3027 9 : service_desc_clear_previous_hsdirs(desc);
3028 :
3029 : /* For each responsible HSDir we have, initiate an upload command. */
3030 75 : SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *,
3031 : hsdir_rs) {
3032 66 : const node_t *hsdir_node = node_get_by_id(hsdir_rs->identity_digest);
3033 : /* Getting responsible hsdir implies that the node_t object exists for the
3034 : * routerstatus_t found in the consensus else we have a problem. */
3035 66 : tor_assert(hsdir_node);
3036 : /* Upload this descriptor to the chosen directory. */
3037 66 : upload_descriptor_to_hsdir(service, desc, hsdir_node);
3038 66 : } SMARTLIST_FOREACH_END(hsdir_rs);
3039 :
3040 : /* Set the next upload time for this descriptor. Even if we are configured
3041 : * to not upload, we still want to follow the right cycle of life for this
3042 : * descriptor. */
3043 18 : desc->next_upload_time =
3044 9 : (time(NULL) + crypto_rand_int_range(HS_SERVICE_NEXT_UPLOAD_TIME_MIN,
3045 : HS_SERVICE_NEXT_UPLOAD_TIME_MAX));
3046 : {
3047 9 : char fmt_next_time[ISO_TIME_LEN+1];
3048 9 : format_local_iso_time(fmt_next_time, desc->next_upload_time);
3049 9 : log_debug(LD_REND, "Service %s set to upload a descriptor at %s",
3050 : safe_str_client(service->onion_address), fmt_next_time);
3051 : }
3052 :
3053 9 : smartlist_free(responsible_dirs);
3054 9 : return;
3055 : }
3056 :
3057 : /** The set of HSDirs have changed: check if the change affects our descriptor
3058 : * HSDir placement, and if it does, reupload the desc. */
3059 : STATIC int
3060 2 : service_desc_hsdirs_changed(const hs_service_t *service,
3061 : const hs_service_descriptor_t *desc)
3062 : {
3063 2 : int should_reupload = 0;
3064 2 : smartlist_t *responsible_dirs = smartlist_new();
3065 :
3066 : /* No desc upload has happened yet: it will happen eventually */
3067 2 : if (!desc->previous_hsdirs || !smartlist_len(desc->previous_hsdirs)) {
3068 0 : goto done;
3069 : }
3070 :
3071 : /* Get list of responsible hsdirs */
3072 2 : hs_get_responsible_hsdirs(&desc->blinded_kp.pubkey, desc->time_period_num,
3073 2 : service->desc_next == desc, 0, responsible_dirs);
3074 :
3075 : /* Check if any new hsdirs have been added to the responsible hsdirs set:
3076 : * Iterate over the list of new hsdirs, and reupload if any of them is not
3077 : * present in the list of previous hsdirs.
3078 : */
3079 12 : SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *, hsdir_rs) {
3080 12 : char b64_digest[BASE64_DIGEST_LEN+1] = {0};
3081 12 : digest_to_base64(b64_digest, hsdir_rs->identity_digest);
3082 :
3083 12 : if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
3084 2 : should_reupload = 1;
3085 2 : break;
3086 : }
3087 10 : } SMARTLIST_FOREACH_END(hsdir_rs);
3088 :
3089 0 : done:
3090 2 : smartlist_free(responsible_dirs);
3091 :
3092 2 : return should_reupload;
3093 : }
3094 :
3095 : /** These are all the reasons why a descriptor upload can't occur. We use
3096 : * those to log the reason properly with the right rate limiting and for the
3097 : * right descriptor. */
3098 : typedef enum {
3099 : LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3100 : LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3101 : LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3102 : LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3103 : LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3104 : } log_desc_upload_reason_t;
3105 :
3106 : /** Maximum number of reasons. This is used to allocate the static array of
3107 : * all rate limiting objects. */
3108 : #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3109 :
3110 : /** Log the reason why we can't upload the given descriptor for the given
3111 : * service. This takes a message string (allocated by the caller) and a
3112 : * reason.
3113 : *
3114 : * Depending on the reason and descriptor, different rate limit applies. This
3115 : * is done because this function will basically be called every second. Each
3116 : * descriptor for each reason uses its own log rate limit object in order to
3117 : * avoid message suppression for different reasons and descriptors. */
3118 : static void
3119 18 : log_cant_upload_desc(const hs_service_t *service,
3120 : const hs_service_descriptor_t *desc, const char *msg,
3121 : const log_desc_upload_reason_t reason)
3122 : {
3123 : /* Writing the log every minute shouldn't be too annoying for log rate limit
3124 : * since this can be emitted every second for each descriptor.
3125 : *
3126 : * However, for one specific case, we increase it to 10 minutes because it
3127 : * is hit constantly, as an expected behavior, which is the reason
3128 : * indicating that it is not the time to upload. */
3129 18 : static ratelim_t limits[2][LOG_DESC_UPLOAD_REASON_MAX + 1] =
3130 : { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3131 : RATELIM_INIT(60), RATELIM_INIT(60) },
3132 : { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3133 : RATELIM_INIT(60), RATELIM_INIT(60) },
3134 : };
3135 18 : bool is_next_desc = false;
3136 18 : unsigned int rlim_pos = 0;
3137 18 : ratelim_t *rlim = NULL;
3138 :
3139 18 : tor_assert(service);
3140 18 : tor_assert(desc);
3141 18 : tor_assert(msg);
3142 :
3143 : /* Make sure the reason value is valid. It should never happen because we
3144 : * control that value in the code flow but will be apparent during
3145 : * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3146 : * updated. */
3147 18 : if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX)) {
3148 0 : return;
3149 : }
3150 :
3151 : /* Ease our life. Flag that tells us if the descriptor is the next one. */
3152 18 : is_next_desc = (service->desc_next == desc);
3153 :
3154 : /* Current descriptor is the first element in the ratelimit object array.
3155 : * The next descriptor is the second element. */
3156 18 : rlim_pos = (is_next_desc ? 1 : 0);
3157 : /* Get the ratelimit object for the reason _and_ right descriptor. */
3158 18 : rlim = &limits[rlim_pos][reason];
3159 :
3160 27 : log_fn_ratelim(rlim, LOG_INFO, LD_REND,
3161 : "Service %s can't upload its %s descriptor: %s",
3162 : safe_str_client(service->onion_address),
3163 : (is_next_desc) ? "next" : "current", msg);
3164 : }
3165 :
3166 : /** Return 1 if the given descriptor from the given service can be uploaded
3167 : * else return 0 if it can not. */
3168 : static int
3169 18 : should_service_upload_descriptor(const hs_service_t *service,
3170 : const hs_service_descriptor_t *desc, time_t now)
3171 : {
3172 18 : char *msg = NULL;
3173 18 : unsigned int num_intro_points, count_ip_established;
3174 :
3175 18 : tor_assert(service);
3176 18 : tor_assert(desc);
3177 :
3178 : /* If this descriptors has missing intro points that is that it couldn't get
3179 : * them all when it was time to pick them, it means that we should upload
3180 : * instead of waiting an arbitrary amount of time breaking the service.
3181 : * Else, if we have no missing intro points, we use the value taken from the
3182 : * service configuration. */
3183 18 : if (desc->missing_intro_points) {
3184 1 : num_intro_points = digest256map_size(desc->intro_points.map);
3185 : } else {
3186 17 : num_intro_points = service->config.num_intro_points;
3187 : }
3188 :
3189 : /* This means we tried to pick intro points but couldn't get any so do not
3190 : * upload descriptor in this case. We need at least one for the service to
3191 : * be reachable. */
3192 18 : if (desc->missing_intro_points && num_intro_points == 0) {
3193 1 : msg = tor_strdup("Missing intro points");
3194 1 : log_cant_upload_desc(service, desc, msg,
3195 : LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3196 1 : goto cannot;
3197 : }
3198 :
3199 : /* Check if all our introduction circuit have been established for all the
3200 : * intro points we have selected. */
3201 17 : count_ip_established = count_desc_circuit_established(desc);
3202 17 : if (count_ip_established != num_intro_points) {
3203 7 : tor_asprintf(&msg, "Intro circuits aren't yet all established (%d/%d).",
3204 : count_ip_established, num_intro_points);
3205 7 : log_cant_upload_desc(service, desc, msg,
3206 : LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3207 7 : goto cannot;
3208 : }
3209 :
3210 : /* Is it the right time to upload? */
3211 10 : if (desc->next_upload_time > now) {
3212 1 : tor_asprintf(&msg, "Next upload time is %ld, it is now %ld.",
3213 : (long int) desc->next_upload_time, (long int) now);
3214 1 : log_cant_upload_desc(service, desc, msg,
3215 : LOG_DESC_UPLOAD_REASON_NOT_TIME);
3216 1 : goto cannot;
3217 : }
3218 :
3219 : /* Don't upload desc if we don't have a live consensus */
3220 9 : if (!networkstatus_get_reasonably_live_consensus(now,
3221 : usable_consensus_flavor())) {
3222 2 : msg = tor_strdup("No reasonably live consensus");
3223 2 : log_cant_upload_desc(service, desc, msg,
3224 : LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3225 2 : goto cannot;
3226 : }
3227 :
3228 : /* Do we know enough router descriptors to have adequate vision of the HSDir
3229 : hash ring? */
3230 7 : if (!router_have_minimum_dir_info()) {
3231 7 : msg = tor_strdup("Not enough directory information");
3232 7 : log_cant_upload_desc(service, desc, msg,
3233 : LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3234 7 : goto cannot;
3235 : }
3236 :
3237 : /* Can upload! */
3238 : return 1;
3239 :
3240 18 : cannot:
3241 18 : tor_free(msg);
3242 18 : return 0;
3243 : }
3244 :
3245 : /** Refresh the given service descriptor meaning this will update every mutable
3246 : * field that needs to be updated before we upload.
3247 : *
3248 : * This should ONLY be called before uploading a descriptor. It assumes that
3249 : * the descriptor has been built (desc->desc) and that all intro point
3250 : * circuits have been established. */
3251 : static void
3252 0 : refresh_service_descriptor(const hs_service_t *service,
3253 : hs_service_descriptor_t *desc, time_t now)
3254 : {
3255 : /* There are few fields that we consider "mutable" in the descriptor meaning
3256 : * we need to update them regularly over the lifetime for the descriptor.
3257 : * The rest are set once and should not be modified.
3258 : *
3259 : * - Signing key certificate.
3260 : * - Revision counter.
3261 : * - Introduction points which includes many thing. See
3262 : * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3263 : */
3264 :
3265 : /* Create the signing key certificate. */
3266 0 : build_desc_signing_key_cert(desc, now);
3267 :
3268 : /* Build the intro points descriptor section. The refresh step is just
3269 : * before we upload so all circuits have been properly established. */
3270 0 : build_desc_intro_points(service, desc, now);
3271 :
3272 : /* Set the desc revision counter right before uploading */
3273 0 : set_descriptor_revision_counter(desc, now, service->desc_current == desc);
3274 0 : }
3275 :
3276 : /** Scheduled event run from the main loop. Try to upload the descriptor for
3277 : * each service. */
3278 : STATIC void
3279 9 : run_upload_descriptor_event(time_t now)
3280 : {
3281 : /* Run v3+ check. */
3282 18 : FOR_EACH_SERVICE_BEGIN(service) {
3283 27 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
3284 : /* If we were asked to re-examine the hash ring, and it changed, then
3285 : schedule an upload */
3286 18 : if (consider_republishing_hs_descriptors &&
3287 0 : service_desc_hsdirs_changed(service, desc)) {
3288 0 : service_desc_schedule_upload(desc, now, 0);
3289 : }
3290 :
3291 : /* Can this descriptor be uploaded? */
3292 18 : if (!should_service_upload_descriptor(service, desc, now)) {
3293 18 : continue;
3294 : }
3295 :
3296 0 : log_info(LD_REND, "Initiating upload for hidden service %s descriptor "
3297 : "for service %s with %u/%u introduction points%s.",
3298 : (desc == service->desc_current) ? "current" : "next",
3299 : safe_str_client(service->onion_address),
3300 : digest256map_size(desc->intro_points.map),
3301 : service->config.num_intro_points,
3302 : (desc->missing_intro_points) ? " (couldn't pick more)" : "");
3303 :
3304 : /* We are about to upload so we need to do one last step which is to
3305 : * update the service's descriptor mutable fields in order to upload a
3306 : * coherent descriptor. */
3307 0 : refresh_service_descriptor(service, desc, now);
3308 :
3309 : /* Proceed with the upload, the descriptor is ready to be encoded. */
3310 0 : upload_descriptor_to_all(service, desc);
3311 9 : } FOR_EACH_DESCRIPTOR_END;
3312 9 : } FOR_EACH_SERVICE_END;
3313 :
3314 : /* We are done considering whether to republish rend descriptors */
3315 9 : consider_republishing_hs_descriptors = 0;
3316 9 : }
3317 :
3318 : /** Called when the introduction point circuit is done building and ready to be
3319 : * used. */
3320 : static void
3321 3 : service_intro_circ_has_opened(origin_circuit_t *circ)
3322 : {
3323 3 : hs_service_t *service = NULL;
3324 3 : hs_service_intro_point_t *ip = NULL;
3325 3 : hs_service_descriptor_t *desc = NULL;
3326 :
3327 3 : tor_assert(circ);
3328 :
3329 : /* Let's do some basic sanity checking of the circ state */
3330 3 : if (BUG(!circ->cpath)) {
3331 0 : return;
3332 : }
3333 3 : if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
3334 0 : return;
3335 : }
3336 3 : if (BUG(!circ->hs_ident)) {
3337 0 : return;
3338 : }
3339 :
3340 : /* Get the corresponding service and intro point. */
3341 3 : get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3342 :
3343 3 : if (service == NULL) {
3344 1 : log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3345 : "circuit %u. Can't find onion service.",
3346 : safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3347 : TO_CIRCUIT(circ)->n_circ_id);
3348 1 : goto err;
3349 : }
3350 2 : if (ip == NULL) {
3351 1 : log_warn(LD_REND, "Unknown introduction point auth key on circuit %u "
3352 : "for service %s",
3353 : TO_CIRCUIT(circ)->n_circ_id,
3354 : safe_str_client(service->onion_address));
3355 1 : goto err;
3356 : }
3357 : /* We can't have an IP object without a descriptor. */
3358 1 : tor_assert(desc);
3359 :
3360 1 : if (hs_circ_service_intro_has_opened(service, ip, desc, circ)) {
3361 : /* Getting here means that the circuit has been re-purposed because we
3362 : * have enough intro circuit opened. Remove the IP from the service. */
3363 0 : service_intro_point_remove(service, ip);
3364 0 : service_intro_point_free(ip);
3365 : }
3366 :
3367 1 : goto done;
3368 :
3369 2 : err:
3370 : /* Close circuit, we can't use it. */
3371 2 : circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3372 3 : done:
3373 : return;
3374 : }
3375 :
3376 : /** Called when a rendezvous circuit is done building and ready to be used. */
3377 : static void
3378 2 : service_rendezvous_circ_has_opened(origin_circuit_t *circ)
3379 : {
3380 2 : hs_service_t *service = NULL;
3381 :
3382 2 : tor_assert(circ);
3383 2 : tor_assert(circ->cpath);
3384 : /* Getting here means this is a v3 rendezvous circuit. */
3385 2 : tor_assert(circ->hs_ident);
3386 2 : tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
3387 :
3388 : /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3389 : * timestamp regardless of its content because that circuit could have been
3390 : * cannibalized so in any cases, we are about to use that circuit more. */
3391 2 : TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3392 2 : pathbias_count_use_attempt(circ);
3393 :
3394 : /* Get the corresponding service and intro point. */
3395 2 : get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3396 2 : if (service == NULL) {
3397 1 : log_warn(LD_REND, "Unknown service identity key %s on the rendezvous "
3398 : "circuit %u with cookie %s. Can't find onion service.",
3399 : safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3400 : TO_CIRCUIT(circ)->n_circ_id,
3401 : hex_str((const char *) circ->hs_ident->rendezvous_cookie,
3402 : REND_COOKIE_LEN));
3403 1 : goto err;
3404 : }
3405 :
3406 : /* If the cell can't be sent, the circuit will be closed within this
3407 : * function. */
3408 1 : hs_circ_service_rp_has_opened(service, circ);
3409 :
3410 : /* Update metrics that we have an established rendezvous circuit. It is not
3411 : * entirely true until the client receives the RENDEZVOUS2 cell and starts
3412 : * sending but if that circuit collapes, we'll decrement the counter thus it
3413 : * will even out the metric. */
3414 1 : if (TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
3415 1 : hs_metrics_new_established_rdv(service);
3416 : }
3417 :
3418 1 : goto done;
3419 :
3420 1 : err:
3421 1 : circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3422 2 : done:
3423 2 : return;
3424 : }
3425 :
3426 : /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3427 : * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3428 : * introduction circuit. Return 0 on success else a negative value. */
3429 : static int
3430 3 : service_handle_intro_established(origin_circuit_t *circ,
3431 : const uint8_t *payload,
3432 : size_t payload_len)
3433 : {
3434 3 : hs_service_t *service = NULL;
3435 3 : hs_service_intro_point_t *ip = NULL;
3436 :
3437 3 : tor_assert(circ);
3438 3 : tor_assert(payload);
3439 3 : tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
3440 :
3441 : /* We need the service and intro point for this cell. */
3442 3 : get_objects_from_ident(circ->hs_ident, &service, &ip, NULL);
3443 :
3444 : /* Get service object from the circuit identifier. */
3445 3 : if (service == NULL) {
3446 1 : log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3447 : "circuit %u. Can't find onion service.",
3448 : safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3449 : TO_CIRCUIT(circ)->n_circ_id);
3450 1 : goto err;
3451 : }
3452 2 : if (ip == NULL) {
3453 : /* We don't recognize the key. */
3454 1 : log_warn(LD_REND, "Introduction circuit established without an intro "
3455 : "point object on circuit %u for service %s",
3456 : TO_CIRCUIT(circ)->n_circ_id,
3457 : safe_str_client(service->onion_address));
3458 1 : goto err;
3459 : }
3460 :
3461 : /* Try to parse the payload into a cell making sure we do actually have a
3462 : * valid cell. On success, the ip object and circuit purpose is updated to
3463 : * reflect the fact that the introduction circuit is established. */
3464 1 : if (hs_circ_handle_intro_established(service, ip, circ, payload,
3465 : payload_len) < 0) {
3466 0 : goto err;
3467 : }
3468 :
3469 : /* Update metrics. */
3470 1 : hs_metrics_new_established_intro(service);
3471 :
3472 1 : log_info(LD_REND, "Successfully received an INTRO_ESTABLISHED cell "
3473 : "on circuit %u for service %s",
3474 : TO_CIRCUIT(circ)->n_circ_id,
3475 : safe_str_client(service->onion_address));
3476 1 : return 0;
3477 :
3478 : err:
3479 : return -1;
3480 : }
3481 :
3482 : /** We just received an INTRODUCE2 cell on the established introduction circuit
3483 : * circ. Handle the cell and return 0 on success else a negative value. */
3484 : static int
3485 3 : service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3486 : size_t payload_len)
3487 : {
3488 3 : hs_service_t *service = NULL;
3489 3 : hs_service_intro_point_t *ip = NULL;
3490 3 : hs_service_descriptor_t *desc = NULL;
3491 :
3492 3 : tor_assert(circ);
3493 3 : tor_assert(payload);
3494 3 : tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
3495 :
3496 : /* We'll need every object associated with this circuit. */
3497 3 : get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3498 :
3499 : /* Get service object from the circuit identifier. */
3500 3 : if (service == NULL) {
3501 1 : log_warn(LD_BUG, "Unknown service identity key %s when handling "
3502 : "an INTRODUCE2 cell on circuit %u",
3503 : safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3504 : TO_CIRCUIT(circ)->n_circ_id);
3505 1 : goto err;
3506 : }
3507 2 : if (ip == NULL) {
3508 : /* We don't recognize the key. */
3509 1 : log_warn(LD_BUG, "Unknown introduction auth key when handling "
3510 : "an INTRODUCE2 cell on circuit %u for service %s",
3511 : TO_CIRCUIT(circ)->n_circ_id,
3512 : safe_str_client(service->onion_address));
3513 1 : goto err;
3514 : }
3515 : /* If we have an IP object, we MUST have a descriptor object. */
3516 1 : tor_assert(desc);
3517 :
3518 : /* The following will parse, decode and launch the rendezvous point circuit.
3519 : * Both current and legacy cells are handled. */
3520 1 : if (hs_circ_handle_introduce2(service, circ, ip, &desc->desc->subcredential,
3521 : payload, payload_len) < 0) {
3522 1 : goto err;
3523 : }
3524 : /* Update metrics that a new introduction was successful. */
3525 0 : hs_metrics_new_introduction(service);
3526 :
3527 0 : return 0;
3528 : err:
3529 : return -1;
3530 : }
3531 :
3532 : /** Add to list every filename used by service. This is used by the sandbox
3533 : * subsystem. */
3534 : static void
3535 0 : service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
3536 : {
3537 0 : const char *s_dir;
3538 0 : char fname[128] = {0};
3539 :
3540 0 : tor_assert(service);
3541 0 : tor_assert(list);
3542 :
3543 : /* Ease our life. */
3544 0 : s_dir = service->config.directory_path;
3545 : /* The hostname file. */
3546 0 : smartlist_add(list, hs_path_from_filename(s_dir, fname_hostname));
3547 : /* The key files split in two. */
3548 0 : tor_snprintf(fname, sizeof(fname), "%s_secret_key", fname_keyfile_prefix);
3549 0 : smartlist_add(list, hs_path_from_filename(s_dir, fname));
3550 0 : tor_snprintf(fname, sizeof(fname), "%s_public_key", fname_keyfile_prefix);
3551 0 : smartlist_add(list, hs_path_from_filename(s_dir, fname));
3552 0 : }
3553 :
3554 : /** Return true iff the given service identity key is present on disk. */
3555 : static int
3556 11 : service_key_on_disk(const char *directory_path)
3557 : {
3558 11 : int ret = 0;
3559 11 : char *fname;
3560 11 : ed25519_keypair_t *kp = NULL;
3561 :
3562 11 : tor_assert(directory_path);
3563 :
3564 : /* Build the v3 key path name and then try to load it. */
3565 11 : fname = hs_path_from_filename(directory_path, fname_keyfile_prefix);
3566 11 : kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT,
3567 : LOG_DEBUG, NULL, 0, 0, 0, NULL, NULL);
3568 11 : if (kp) {
3569 0 : ret = 1;
3570 : }
3571 :
3572 11 : ed25519_keypair_free(kp);
3573 11 : tor_free(fname);
3574 :
3575 11 : return ret;
3576 : }
3577 :
3578 : /** This is a proxy function before actually calling hs_desc_encode_descriptor
3579 : * because we need some preprocessing here */
3580 : static int
3581 110 : service_encode_descriptor(const hs_service_t *service,
3582 : const hs_service_descriptor_t *desc,
3583 : const ed25519_keypair_t *signing_kp,
3584 : char **encoded_out)
3585 : {
3586 110 : int ret;
3587 110 : const uint8_t *descriptor_cookie = NULL;
3588 :
3589 110 : tor_assert(service);
3590 110 : tor_assert(desc);
3591 110 : tor_assert(encoded_out);
3592 :
3593 : /* If the client authorization is enabled, send the descriptor cookie to
3594 : * hs_desc_encode_descriptor. Otherwise, send NULL */
3595 110 : if (is_client_auth_enabled(service)) {
3596 4 : descriptor_cookie = desc->descriptor_cookie;
3597 : }
3598 :
3599 110 : ret = hs_desc_encode_descriptor(desc->desc, signing_kp,
3600 : descriptor_cookie, encoded_out);
3601 :
3602 110 : return ret;
3603 : }
3604 :
3605 : /* ========== */
3606 : /* Public API */
3607 : /* ========== */
3608 :
3609 : /* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent?
3610 : */
3611 : static int
3612 2186 : hs_service_non_anonymous_mode_consistent(const or_options_t *options)
3613 : {
3614 : /* !! is used to make these options boolean */
3615 2186 : return (!! options->HiddenServiceSingleHopMode ==
3616 2186 : !! options->HiddenServiceNonAnonymousMode);
3617 : }
3618 :
3619 : /* Do the options allow onion services to make direct (non-anonymous)
3620 : * connections to introduction or rendezvous points?
3621 : * Must only be called after options_validate_single_onion() has successfully
3622 : * checked onion service option consistency.
3623 : * Returns true if tor is in HiddenServiceSingleHopMode. */
3624 : int
3625 930 : hs_service_allow_non_anonymous_connection(const or_options_t *options)
3626 : {
3627 930 : tor_assert(hs_service_non_anonymous_mode_consistent(options));
3628 930 : return options->HiddenServiceSingleHopMode ? 1 : 0;
3629 : }
3630 :
3631 : /* Do the options allow us to reveal the exact startup time of the onion
3632 : * service?
3633 : * Single Onion Services prioritise availability over hiding their
3634 : * startup time, as their IP address is publicly discoverable anyway.
3635 : * Must only be called after options_validate_single_onion() has successfully
3636 : * checked onion service option consistency.
3637 : * Returns true if tor is in non-anonymous hidden service mode. */
3638 : int
3639 0 : hs_service_reveal_startup_time(const or_options_t *options)
3640 : {
3641 0 : tor_assert(hs_service_non_anonymous_mode_consistent(options));
3642 0 : return hs_service_non_anonymous_mode_enabled(options);
3643 : }
3644 :
3645 : /* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode
3646 : * config option?
3647 : * Must only be called after options_validate_single_onion() has successfully
3648 : * checked onion service option consistency.
3649 : */
3650 : int
3651 1256 : hs_service_non_anonymous_mode_enabled(const or_options_t *options)
3652 : {
3653 1256 : tor_assert(hs_service_non_anonymous_mode_consistent(options));
3654 1256 : return options->HiddenServiceNonAnonymousMode ? 1 : 0;
3655 : }
3656 :
3657 : /** Called when a circuit was just cleaned up. This is done right before the
3658 : * circuit is marked for close. */
3659 : void
3660 1 : hs_service_circuit_cleanup_on_close(const circuit_t *circ)
3661 : {
3662 1 : tor_assert(circ);
3663 1 : tor_assert(CIRCUIT_IS_ORIGIN(circ));
3664 :
3665 1 : switch (circ->purpose) {
3666 0 : case CIRCUIT_PURPOSE_S_INTRO:
3667 : /* About to close an established introduction circuit. Update the metrics
3668 : * to reflect how many we have at the moment. */
3669 0 : hs_metrics_close_established_intro(
3670 : &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3671 0 : break;
3672 0 : case CIRCUIT_PURPOSE_S_REND_JOINED:
3673 : /* About to close an established rendezvous circuit. Update the metrics to
3674 : * reflect how many we have at the moment. */
3675 0 : hs_metrics_close_established_rdv(
3676 : &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3677 0 : break;
3678 : default:
3679 : break;
3680 : }
3681 1 : }
3682 :
3683 : /** This is called every time the service map changes that is if an
3684 : * element is added or removed. */
3685 : void
3686 67 : hs_service_map_has_changed(void)
3687 : {
3688 : /* If we now have services where previously we had not, we need to enable
3689 : * the HS service main loop event. If we changed to having no services, we
3690 : * need to disable the event. */
3691 67 : rescan_periodic_events(get_options());
3692 67 : }
3693 :
3694 : /** Upload an encoded descriptor in encoded_desc of the given version. This
3695 : * descriptor is for the service identity_pk and blinded_pk used to setup the
3696 : * directory connection identifier. It is uploaded to the directory hsdir_rs
3697 : * routerstatus_t object.
3698 : *
3699 : * NOTE: This function does NOT check for PublishHidServDescriptors because it
3700 : * is only used by the control port command HSPOST outside of this subsystem.
3701 : * Inside this code, upload_descriptor_to_hsdir() should be used. */
3702 : void
3703 66 : hs_service_upload_desc_to_dir(const char *encoded_desc,
3704 : const uint8_t version,
3705 : const ed25519_public_key_t *identity_pk,
3706 : const ed25519_public_key_t *blinded_pk,
3707 : const routerstatus_t *hsdir_rs)
3708 : {
3709 66 : char version_str[4] = {0};
3710 66 : directory_request_t *dir_req;
3711 66 : hs_ident_dir_conn_t ident;
3712 :
3713 66 : tor_assert(encoded_desc);
3714 66 : tor_assert(identity_pk);
3715 66 : tor_assert(blinded_pk);
3716 66 : tor_assert(hsdir_rs);
3717 :
3718 : /* Setup the connection identifier. */
3719 66 : memset(&ident, 0, sizeof(ident));
3720 66 : hs_ident_dir_conn_init(identity_pk, blinded_pk, &ident);
3721 :
3722 : /* This is our resource when uploading which is used to construct the URL
3723 : * with the version number: "/tor/hs/<version>/publish". */
3724 66 : tor_snprintf(version_str, sizeof(version_str), "%u", version);
3725 :
3726 : /* Build the directory request for this HSDir. */
3727 66 : dir_req = directory_request_new(DIR_PURPOSE_UPLOAD_HSDESC);
3728 66 : directory_request_set_routerstatus(dir_req, hsdir_rs);
3729 66 : directory_request_set_indirection(dir_req, DIRIND_ANONYMOUS);
3730 66 : directory_request_set_resource(dir_req, version_str);
3731 66 : directory_request_set_payload(dir_req, encoded_desc,
3732 : strlen(encoded_desc));
3733 : /* The ident object is copied over the directory connection object once
3734 : * the directory request is initiated. */
3735 66 : directory_request_upload_set_hs_ident(dir_req, &ident);
3736 :
3737 : /* Initiate the directory request to the hsdir.*/
3738 66 : directory_initiate_request(dir_req);
3739 66 : directory_request_free(dir_req);
3740 66 : }
3741 :
3742 : /** Add the ephemeral service using the secret key sk and ports. Both max
3743 : * streams parameter will be set in the newly created service.
3744 : *
3745 : * Ownership of sk, ports, and auth_clients_v3 is passed to this routine.
3746 : * Regardless of success/failure, callers should not touch these values
3747 : * after calling this routine, and may assume that correct cleanup has
3748 : * been done on failure.
3749 : *
3750 : * Return an appropriate hs_service_add_ephemeral_status_t. */
3751 : hs_service_add_ephemeral_status_t
3752 4 : hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
3753 : int max_streams_per_rdv_circuit,
3754 : int max_streams_close_circuit,
3755 : smartlist_t *auth_clients_v3, char **address_out)
3756 : {
3757 4 : hs_service_add_ephemeral_status_t ret;
3758 4 : hs_service_t *service = NULL;
3759 :
3760 4 : tor_assert(sk);
3761 4 : tor_assert(ports);
3762 4 : tor_assert(address_out);
3763 :
3764 4 : service = hs_service_new(get_options());
3765 :
3766 : /* Setup the service configuration with specifics. A default service is
3767 : * HS_VERSION_TWO so explicitly set it. */
3768 4 : service->config.version = HS_VERSION_THREE;
3769 4 : service->config.max_streams_per_rdv_circuit = max_streams_per_rdv_circuit;
3770 4 : service->config.max_streams_close_circuit = !!max_streams_close_circuit;
3771 4 : service->config.is_ephemeral = 1;
3772 4 : smartlist_free(service->config.ports);
3773 4 : service->config.ports = ports;
3774 :
3775 : /* Handle the keys. */
3776 4 : memcpy(&service->keys.identity_sk, sk, sizeof(service->keys.identity_sk));
3777 4 : if (ed25519_public_key_generate(&service->keys.identity_pk,
3778 : &service->keys.identity_sk) < 0) {
3779 0 : log_warn(LD_CONFIG, "Unable to generate ed25519 public key"
3780 : "for v3 service.");
3781 0 : ret = RSAE_BADPRIVKEY;
3782 0 : goto err;
3783 : }
3784 :
3785 4 : if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
3786 1 : log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
3787 1 : ret = RSAE_BADPRIVKEY;
3788 1 : goto err;
3789 : }
3790 :
3791 : /* Make sure we have at least one port. */
3792 3 : if (smartlist_len(service->config.ports) == 0) {
3793 0 : log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
3794 : "for v3 service.");
3795 0 : ret = RSAE_BADVIRTPORT;
3796 0 : goto err;
3797 : }
3798 :
3799 3 : if (auth_clients_v3) {
3800 3 : service->config.clients = smartlist_new();
3801 6 : SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, c, {
3802 : if (c != NULL) {
3803 : smartlist_add(service->config.clients, c);
3804 : }
3805 : });
3806 3 : smartlist_free(auth_clients_v3);
3807 : }
3808 :
3809 : /* Build the onion address for logging purposes but also the control port
3810 : * uses it for the HS_DESC event. */
3811 3 : hs_build_address(&service->keys.identity_pk,
3812 3 : (uint8_t) service->config.version,
3813 3 : service->onion_address);
3814 :
3815 : /* The only way the registration can fail is if the service public key
3816 : * already exists. */
3817 3 : if (BUG(register_service(hs_service_map, service) < 0)) {
3818 0 : log_warn(LD_CONFIG, "Onion Service private key collides with an "
3819 : "existing v3 service.");
3820 0 : ret = RSAE_ADDREXISTS;
3821 0 : goto err;
3822 : }
3823 :
3824 3 : log_info(LD_CONFIG, "Added ephemeral v3 onion service: %s",
3825 : safe_str_client(service->onion_address));
3826 :
3827 3 : *address_out = tor_strdup(service->onion_address);
3828 3 : ret = RSAE_OKAY;
3829 3 : goto end;
3830 :
3831 1 : err:
3832 1 : hs_service_free(service);
3833 :
3834 4 : end:
3835 4 : memwipe(sk, 0, sizeof(ed25519_secret_key_t));
3836 4 : tor_free(sk);
3837 4 : return ret;
3838 : }
3839 :
3840 : /** For the given onion address, delete the ephemeral service. Return 0 on
3841 : * success else -1 on error. */
3842 : int
3843 0 : hs_service_del_ephemeral(const char *address)
3844 : {
3845 0 : uint8_t version;
3846 0 : ed25519_public_key_t pk;
3847 0 : hs_service_t *service = NULL;
3848 :
3849 0 : tor_assert(address);
3850 :
3851 0 : if (hs_parse_address(address, &pk, NULL, &version) < 0) {
3852 0 : log_warn(LD_CONFIG, "Requested malformed v3 onion address for removal.");
3853 0 : goto err;
3854 : }
3855 :
3856 0 : if (version != HS_VERSION_THREE) {
3857 0 : log_warn(LD_CONFIG, "Requested version of onion address for removal "
3858 : "is not supported.");
3859 0 : goto err;
3860 : }
3861 :
3862 0 : service = find_service(hs_service_map, &pk);
3863 0 : if (service == NULL) {
3864 0 : log_warn(LD_CONFIG, "Requested non-existent v3 hidden service for "
3865 : "removal.");
3866 0 : goto err;
3867 : }
3868 :
3869 0 : if (!service->config.is_ephemeral) {
3870 0 : log_warn(LD_CONFIG, "Requested non-ephemeral v3 hidden service for "
3871 : "removal.");
3872 0 : goto err;
3873 : }
3874 :
3875 : /* Close introduction circuits, remove from map and finally free. Notice
3876 : * that the rendezvous circuits aren't closed in order for any existing
3877 : * connections to finish. We let the application terminate them. */
3878 0 : close_service_intro_circuits(service);
3879 0 : remove_service(hs_service_map, service);
3880 0 : hs_service_free(service);
3881 :
3882 0 : log_info(LD_CONFIG, "Removed ephemeral v3 hidden service: %s",
3883 : safe_str_client(address));
3884 0 : return 0;
3885 :
3886 : err:
3887 : return -1;
3888 : }
3889 :
3890 : /** Using the ed25519 public key pk, find a service for that key and return the
3891 : * current encoded descriptor as a newly allocated string or NULL if not
3892 : * found. This is used by the control port subsystem. */
3893 : char *
3894 0 : hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
3895 : {
3896 0 : const hs_service_t *service;
3897 :
3898 0 : tor_assert(pk);
3899 :
3900 0 : service = find_service(hs_service_map, pk);
3901 0 : if (service && service->desc_current) {
3902 0 : char *encoded_desc = NULL;
3903 : /* No matter what is the result (which should never be a failure), return
3904 : * the encoded variable, if success it will contain the right thing else
3905 : * it will be NULL. */
3906 0 : service_encode_descriptor(service,
3907 : service->desc_current,
3908 0 : &service->desc_current->signing_kp,
3909 : &encoded_desc);
3910 0 : return encoded_desc;
3911 : }
3912 :
3913 : return NULL;
3914 : }
3915 :
3916 : /** Return the number of service we have configured and usable. */
3917 45493 : MOCK_IMPL(unsigned int,
3918 : hs_service_get_num_services,(void))
3919 : {
3920 45493 : if (hs_service_map == NULL) {
3921 : return 0;
3922 : }
3923 42335 : return HT_SIZE(hs_service_map);
3924 : }
3925 :
3926 : /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3927 : * the hidden service for the circuit circ, and look up the port and address
3928 : * based on the connection port. Assign the actual connection address.
3929 : *
3930 : * Return 0 on success. Return -1 on failure and the caller should NOT close
3931 : * the circuit. Return -2 on failure and the caller MUST close the circuit for
3932 : * security reasons. */
3933 : int
3934 0 : hs_service_set_conn_addr_port(const origin_circuit_t *circ,
3935 : edge_connection_t *conn)
3936 : {
3937 0 : hs_service_t *service = NULL;
3938 :
3939 0 : tor_assert(circ);
3940 0 : tor_assert(conn);
3941 0 : tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_REND_JOINED);
3942 0 : tor_assert(circ->hs_ident);
3943 :
3944 0 : get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3945 :
3946 0 : if (service == NULL) {
3947 0 : log_warn(LD_REND, "Unable to find any hidden service associated "
3948 : "identity key %s on rendezvous circuit %u.",
3949 : ed25519_fmt(&circ->hs_ident->identity_pk),
3950 : TO_CIRCUIT(circ)->n_circ_id);
3951 : /* We want the caller to close the circuit because it's not a valid
3952 : * service so no danger. Attempting to bruteforce the entire key space by
3953 : * opening circuits to learn which service is being hosted here is
3954 : * impractical. */
3955 0 : goto err_close;
3956 : }
3957 :
3958 : /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3959 : * this circuit will exceed the limit. */
3960 0 : if (service->config.max_streams_per_rdv_circuit > 0 &&
3961 0 : (circ->hs_ident->num_rdv_streams >=
3962 : service->config.max_streams_per_rdv_circuit)) {
3963 : #define MAX_STREAM_WARN_INTERVAL 600
3964 0 : static struct ratelim_t stream_ratelim =
3965 : RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
3966 0 : log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
3967 : "Maximum streams per circuit limit reached on "
3968 : "rendezvous circuit %u for service %s. Circuit has "
3969 : "%" PRIu64 " out of %" PRIu64 " streams. %s.",
3970 : TO_CIRCUIT(circ)->n_circ_id,
3971 : service->onion_address,
3972 : circ->hs_ident->num_rdv_streams,
3973 : service->config.max_streams_per_rdv_circuit,
3974 : service->config.max_streams_close_circuit ?
3975 : "Closing circuit" : "Ignoring open stream request");
3976 0 : if (service->config.max_streams_close_circuit) {
3977 : /* Service explicitly configured to close immediately. */
3978 0 : goto err_close;
3979 : }
3980 : /* Exceeding the limit makes tor silently ignore the stream creation
3981 : * request and keep the circuit open. */
3982 0 : goto err_no_close;
3983 : }
3984 :
3985 : /* Find a virtual port of that service matching the one in the connection if
3986 : * successful, set the address in the connection. */
3987 0 : if (hs_set_conn_addr_port(service->config.ports, conn) < 0) {
3988 0 : log_info(LD_REND, "No virtual port mapping exists for port %d for "
3989 : "hidden service %s.",
3990 : TO_CONN(conn)->port, service->onion_address);
3991 0 : if (service->config.allow_unknown_ports) {
3992 : /* Service explicitly allow connection to unknown ports so close right
3993 : * away because we do not care about port mapping. */
3994 0 : goto err_close;
3995 : }
3996 : /* If the service didn't explicitly allow it, we do NOT close the circuit
3997 : * here to raise the bar in terms of performance for port mapping. */
3998 0 : goto err_no_close;
3999 : }
4000 :
4001 : /* Success. */
4002 : return 0;
4003 : err_close:
4004 : /* Indicate the caller that the circuit should be closed. */
4005 : return -2;
4006 : err_no_close:
4007 : /* Indicate the caller to NOT close the circuit. */
4008 : return -1;
4009 : }
4010 :
4011 : /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
4012 : * its clients? */
4013 : hs_circuit_id_protocol_t
4014 2 : hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
4015 : {
4016 2 : hs_service_t *service = find_service(hs_service_map, pk);
4017 2 : if (!service) {
4018 : return HS_CIRCUIT_ID_PROTOCOL_NONE;
4019 : }
4020 :
4021 2 : return service->config.circuit_id_protocol;
4022 : }
4023 :
4024 : /** Add to file_list every filename used by a configured hidden service, and to
4025 : * dir_list every directory path used by a configured hidden service. This is
4026 : * used by the sandbox subsystem to allowlist those. */
4027 : void
4028 0 : hs_service_lists_fnames_for_sandbox(smartlist_t *file_list,
4029 : smartlist_t *dir_list)
4030 : {
4031 0 : tor_assert(file_list);
4032 0 : tor_assert(dir_list);
4033 :
4034 : /* Add files and dirs for v3+. */
4035 0 : FOR_EACH_SERVICE_BEGIN(service) {
4036 : /* Skip ephemeral service, they don't touch the disk. */
4037 0 : if (service->config.is_ephemeral) {
4038 0 : continue;
4039 : }
4040 0 : service_add_fnames_to_list(service, file_list);
4041 0 : smartlist_add_strdup(dir_list, service->config.directory_path);
4042 0 : smartlist_add_strdup(dir_list, dname_client_pubkeys);
4043 0 : } FOR_EACH_DESCRIPTOR_END;
4044 0 : }
4045 :
4046 : /** Called when our internal view of the directory has changed. We might have
4047 : * received a new batch of descriptors which might affect the shape of the
4048 : * HSDir hash ring. Signal that we should reexamine the hash ring and
4049 : * re-upload our HS descriptors if needed. */
4050 : void
4051 45174 : hs_service_dir_info_changed(void)
4052 : {
4053 45174 : if (hs_service_get_num_services() > 0) {
4054 : /* New directory information usually goes every consensus so rate limit
4055 : * every 30 minutes to not be too conservative. */
4056 3 : static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
4057 3 : log_fn_ratelim(&dir_info_changed_ratelim, LOG_INFO, LD_REND,
4058 : "New dirinfo arrived: consider reuploading descriptor");
4059 3 : consider_republishing_hs_descriptors = 1;
4060 : }
4061 45174 : }
4062 :
4063 : /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
4064 : * launch a circuit to the rendezvous point. */
4065 : int
4066 4 : hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload,
4067 : size_t payload_len)
4068 : {
4069 4 : int ret = -1;
4070 :
4071 4 : tor_assert(circ);
4072 4 : tor_assert(payload);
4073 :
4074 : /* Do some initial validation and logging before we parse the cell */
4075 4 : if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_INTRO) {
4076 1 : log_warn(LD_PROTOCOL, "Received an INTRODUCE2 cell on a "
4077 : "non introduction circuit of purpose %d",
4078 : TO_CIRCUIT(circ)->purpose);
4079 1 : goto done;
4080 : }
4081 :
4082 3 : if (circ->hs_ident) {
4083 3 : ret = service_handle_introduce2(circ, payload, payload_len);
4084 3 : hs_stats_note_introduce2_cell();
4085 : }
4086 :
4087 0 : done:
4088 4 : return ret;
4089 : }
4090 :
4091 : /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
4092 : * established introduction point. Return 0 on success else a negative value
4093 : * and the circuit is closed. */
4094 : int
4095 4 : hs_service_receive_intro_established(origin_circuit_t *circ,
4096 : const uint8_t *payload,
4097 : size_t payload_len)
4098 : {
4099 4 : int ret = -1;
4100 :
4101 4 : tor_assert(circ);
4102 4 : tor_assert(payload);
4103 :
4104 4 : if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
4105 1 : log_warn(LD_PROTOCOL, "Received an INTRO_ESTABLISHED cell on a "
4106 : "non introduction circuit of purpose %d",
4107 : TO_CIRCUIT(circ)->purpose);
4108 1 : goto err;
4109 : }
4110 :
4111 3 : if (circ->hs_ident) {
4112 3 : ret = service_handle_intro_established(circ, payload, payload_len);
4113 : }
4114 :
4115 3 : if (ret < 0) {
4116 2 : goto err;
4117 : }
4118 : return 0;
4119 3 : err:
4120 3 : circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4121 3 : return -1;
4122 : }
4123 :
4124 : /** Called when any kind of hidden service circuit is done building thus
4125 : * opened. This is the entry point from the circuit subsystem. */
4126 : void
4127 5 : hs_service_circuit_has_opened(origin_circuit_t *circ)
4128 : {
4129 5 : tor_assert(circ);
4130 :
4131 5 : switch (TO_CIRCUIT(circ)->purpose) {
4132 3 : case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
4133 3 : if (circ->hs_ident) {
4134 3 : service_intro_circ_has_opened(circ);
4135 : }
4136 : break;
4137 2 : case CIRCUIT_PURPOSE_S_CONNECT_REND:
4138 2 : if (circ->hs_ident) {
4139 2 : service_rendezvous_circ_has_opened(circ);
4140 : }
4141 : break;
4142 : default:
4143 0 : tor_assert(0);
4144 : }
4145 5 : }
4146 :
4147 : /** Return the service version by looking at the key in the service directory.
4148 : * If the key is not found or unrecognized, -1 is returned. Else, the service
4149 : * version is returned. */
4150 : int
4151 11 : hs_service_get_version_from_key(const hs_service_t *service)
4152 : {
4153 11 : int version = -1; /* Unknown version. */
4154 11 : const char *directory_path;
4155 :
4156 11 : tor_assert(service);
4157 :
4158 : /* We'll try to load the key for version 3. If not found, we'll try version
4159 : * 2 and if not found, we'll send back an unknown version (-1). */
4160 11 : directory_path = service->config.directory_path;
4161 :
4162 : /* Version 3 check. */
4163 11 : if (service_key_on_disk(directory_path)) {
4164 0 : version = HS_VERSION_THREE;
4165 0 : goto end;
4166 : }
4167 :
4168 11 : end:
4169 11 : return version;
4170 : }
4171 :
4172 : /** Load and/or generate keys for all onion services including the client
4173 : * authorization if any. Return 0 on success, -1 on failure. */
4174 : int
4175 8 : hs_service_load_all_keys(void)
4176 : {
4177 : /* Load or/and generate them for v3+. */
4178 12 : SMARTLIST_FOREACH_BEGIN(hs_service_staging_list, hs_service_t *, service) {
4179 : /* Ignore ephemeral service, they already have their keys set. */
4180 4 : if (service->config.is_ephemeral) {
4181 0 : continue;
4182 : }
4183 4 : log_info(LD_REND, "Loading v3 onion service keys from %s",
4184 : service_escaped_dir(service));
4185 4 : if (load_service_keys(service) < 0) {
4186 0 : goto err;
4187 : }
4188 4 : } SMARTLIST_FOREACH_END(service);
4189 :
4190 : /* Final step, the staging list contains service in a quiescent state that
4191 : * is ready to be used. Register them to the global map. Once this is over,
4192 : * the staging list will be cleaned up. */
4193 8 : register_all_services();
4194 :
4195 : /* All keys have been loaded successfully. */
4196 8 : return 0;
4197 0 : err:
4198 0 : return -1;
4199 : }
4200 :
4201 : /** Log the status of introduction points for all version 3 onion services
4202 : * at log severity <b>severity</b>.
4203 : */
4204 : void
4205 0 : hs_service_dump_stats(int severity)
4206 : {
4207 0 : origin_circuit_t *circ;
4208 :
4209 0 : FOR_EACH_SERVICE_BEGIN(hs) {
4210 :
4211 0 : tor_log(severity, LD_GENERAL, "Service configured in %s:",
4212 : service_escaped_dir(hs));
4213 0 : FOR_EACH_DESCRIPTOR_BEGIN(hs, desc) {
4214 :
4215 0 : DIGEST256MAP_FOREACH(desc->intro_points.map, key,
4216 : hs_service_intro_point_t *, ip) {
4217 0 : const node_t *intro_node;
4218 0 : const char *nickname;
4219 :
4220 0 : intro_node = get_node_from_intro_point(ip);
4221 0 : if (!intro_node) {
4222 0 : tor_log(severity, LD_GENERAL, " Couldn't find intro point, "
4223 : "skipping");
4224 0 : continue;
4225 : }
4226 0 : nickname = node_get_nickname(intro_node);
4227 0 : if (!nickname) {
4228 0 : continue;
4229 : }
4230 :
4231 0 : circ = hs_circ_service_get_intro_circ(ip);
4232 0 : if (!circ) {
4233 0 : tor_log(severity, LD_GENERAL, " Intro point at %s: no circuit",
4234 : nickname);
4235 0 : continue;
4236 : }
4237 0 : tor_log(severity, LD_GENERAL, " Intro point %s: circuit is %s",
4238 0 : nickname, circuit_state_to_string(circ->base_.state));
4239 0 : } DIGEST256MAP_FOREACH_END;
4240 :
4241 0 : } FOR_EACH_DESCRIPTOR_END;
4242 0 : } FOR_EACH_SERVICE_END;
4243 0 : }
4244 :
4245 : /** Put all service object in the given service list. After this, the caller
4246 : * looses ownership of every elements in the list and responsible to free the
4247 : * list pointer. */
4248 : void
4249 10 : hs_service_stage_services(const smartlist_t *service_list)
4250 : {
4251 10 : tor_assert(service_list);
4252 : /* This list is freed at registration time but this function can be called
4253 : * multiple time. */
4254 10 : if (hs_service_staging_list == NULL) {
4255 0 : hs_service_staging_list = smartlist_new();
4256 : }
4257 : /* Add all service object to our staging list. Caller is responsible for
4258 : * freeing the service_list. */
4259 10 : smartlist_add_all(hs_service_staging_list, service_list);
4260 10 : }
4261 :
4262 : /** Return a newly allocated list of all the service's metrics store. */
4263 : smartlist_t *
4264 1 : hs_service_get_metrics_stores(void)
4265 : {
4266 1 : smartlist_t *list = smartlist_new();
4267 :
4268 1 : if (hs_service_map) {
4269 0 : FOR_EACH_SERVICE_BEGIN(service) {
4270 0 : smartlist_add(list, service->metrics.store);
4271 1 : } FOR_EACH_SERVICE_END;
4272 : }
4273 :
4274 1 : return list;
4275 : }
4276 :
4277 : /** Lookup the global service map for the given identitiy public key and
4278 : * return the service object if found, NULL if not. */
4279 : hs_service_t *
4280 1 : hs_service_find(const ed25519_public_key_t *identity_pk)
4281 : {
4282 1 : tor_assert(identity_pk);
4283 :
4284 1 : if (!hs_service_map) {
4285 : return NULL;
4286 : }
4287 1 : return find_service(hs_service_map, identity_pk);
4288 : }
4289 :
4290 : /** Allocate and initialize a service object. The service configuration will
4291 : * contain the default values. Return the newly allocated object pointer. This
4292 : * function can't fail. */
4293 : hs_service_t *
4294 70 : hs_service_new(const or_options_t *options)
4295 : {
4296 70 : hs_service_t *service = tor_malloc_zero(sizeof(hs_service_t));
4297 : /* Set default configuration value. */
4298 70 : set_service_default_config(&service->config, options);
4299 : /* Set the default service version. */
4300 70 : service->config.version = HS_SERVICE_DEFAULT_VERSION;
4301 : /* Allocate the CLIENT_PK replay cache in service state. */
4302 140 : service->state.replay_cache_rend_cookie =
4303 70 : replaycache_new(REND_REPLAY_TIME_INTERVAL, REND_REPLAY_TIME_INTERVAL);
4304 :
4305 70 : return service;
4306 : }
4307 :
4308 : /** Free the given <b>service</b> object and all its content. This function
4309 : * also takes care of wiping service keys from memory. It is safe to pass a
4310 : * NULL pointer. */
4311 : void
4312 74 : hs_service_free_(hs_service_t *service)
4313 : {
4314 74 : if (service == NULL) {
4315 : return;
4316 : }
4317 :
4318 : /* Free descriptors. Go over both descriptor with this loop. */
4319 219 : FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
4320 146 : service_descriptor_free(desc);
4321 73 : } FOR_EACH_DESCRIPTOR_END;
4322 :
4323 : /* Free service configuration. */
4324 73 : service_clear_config(&service->config);
4325 :
4326 : /* Free replay cache from state. */
4327 73 : if (service->state.replay_cache_rend_cookie) {
4328 69 : replaycache_free(service->state.replay_cache_rend_cookie);
4329 : }
4330 :
4331 : /* Free onionbalance subcredentials (if any) */
4332 73 : if (service->state.ob_subcreds) {
4333 0 : tor_free(service->state.ob_subcreds);
4334 : }
4335 :
4336 : /* Free metrics object. */
4337 73 : hs_metrics_service_free(service);
4338 :
4339 : /* Wipe service keys. */
4340 73 : memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk));
4341 :
4342 73 : tor_free(service);
4343 : }
4344 :
4345 : /** Periodic callback. Entry point from the main loop to the HS service
4346 : * subsystem. This is call every second. This is skipped if tor can't build a
4347 : * circuit or the network is disabled. */
4348 : void
4349 0 : hs_service_run_scheduled_events(time_t now)
4350 : {
4351 : /* First thing we'll do here is to make sure our services are in a
4352 : * quiescent state for the scheduled events. */
4353 0 : run_housekeeping_event(now);
4354 :
4355 : /* Order matters here. We first make sure the descriptor object for each
4356 : * service contains the latest data. Once done, we check if we need to open
4357 : * new introduction circuit. Finally, we try to upload the descriptor for
4358 : * each service. */
4359 :
4360 : /* Make sure descriptors are up to date. */
4361 0 : run_build_descriptor_event(now);
4362 : /* Make sure services have enough circuits. */
4363 0 : run_build_circuit_event(now);
4364 : /* Upload the descriptors if needed/possible. */
4365 0 : run_upload_descriptor_event(now);
4366 0 : }
4367 :
4368 : /** Initialize the service HS subsystem. */
4369 : void
4370 291 : hs_service_init(void)
4371 : {
4372 : /* Should never be called twice. */
4373 291 : tor_assert(!hs_service_map);
4374 291 : tor_assert(!hs_service_staging_list);
4375 :
4376 291 : hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht));
4377 291 : HT_INIT(hs_service_ht, hs_service_map);
4378 :
4379 291 : hs_service_staging_list = smartlist_new();
4380 291 : }
4381 :
4382 : /** Release all global storage of the hidden service subsystem. */
4383 : void
4384 285 : hs_service_free_all(void)
4385 : {
4386 285 : service_free_all();
4387 285 : hs_config_free_all();
4388 285 : }
4389 :
4390 : #ifdef TOR_UNIT_TESTS
4391 :
4392 : /** Return the global service map size. Only used by unit test. */
4393 : STATIC unsigned int
4394 7 : get_hs_service_map_size(void)
4395 : {
4396 7 : return HT_SIZE(hs_service_map);
4397 : }
4398 :
4399 : /** Return the staging list size. Only used by unit test. */
4400 : STATIC int
4401 5 : get_hs_service_staging_list_size(void)
4402 : {
4403 5 : return smartlist_len(hs_service_staging_list);
4404 : }
4405 :
4406 : STATIC hs_service_ht *
4407 53 : get_hs_service_map(void)
4408 : {
4409 53 : return hs_service_map;
4410 : }
4411 :
4412 : STATIC hs_service_t *
4413 4 : get_first_service(void)
4414 : {
4415 4 : hs_service_t **obj = HT_START(hs_service_ht, hs_service_map);
4416 4 : if (obj == NULL) {
4417 : return NULL;
4418 : }
4419 4 : return *obj;
4420 : }
4421 :
4422 : #endif /* defined(TOR_UNIT_TESTS) */
|
