Tor  0.4.4.0-alpha-dev
hs_client.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_client.c
6  * \brief Implement next generation hidden service client functionality
7  **/
8 
9 #define HS_CLIENT_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "core/crypto/hs_ntor.h"
15 #include "core/or/circuitbuild.h"
16 #include "core/or/circuitlist.h"
17 #include "core/or/circuituse.h"
19 #include "core/or/reasons.h"
20 #include "feature/client/circpathbias.h"
23 #include "feature/hs/hs_cache.h"
24 #include "feature/hs/hs_cell.h"
25 #include "feature/hs/hs_circuit.h"
27 #include "feature/hs/hs_client.h"
28 #include "feature/hs/hs_control.h"
30 #include "feature/hs/hs_ident.h"
39 
43 #include "core/or/extend_info_st.h"
46 
47 /** Client-side authorizations for hidden services; map of service identity
48  * public key to hs_client_service_authorization_t *. */
49 static digest256map_t *client_auths = NULL;
50 
51 #include "trunnel/hs/cell_introduce1.h"
52 
53 /** Return a human-readable string for the client fetch status code. */
54 static const char *
56 {
57  switch (status) {
59  return "Internal error";
61  return "Descriptor fetch launched";
63  return "Already have descriptor";
65  return "No more HSDir available to query";
67  return "Fetching descriptors is not allowed";
69  return "Missing directory information";
71  return "Pending descriptor fetch";
72  default:
73  return "(Unknown client fetch status code)";
74  }
75 }
76 
77 /** Return true iff tor should close the SOCKS request(s) for the descriptor
78  * fetch that ended up with this given status code. */
79 static int
81 {
82  switch (status) {
84  /* No more HSDir to query, we can't complete the SOCKS request(s). */
86  /* The fetch triggered an internal error. */
88  /* Client is not allowed to fetch (FetchHidServDescriptors 0). */
89  goto close;
94  /* The rest doesn't require tor to close the SOCKS request(s). */
95  goto no_close;
96  }
97 
98  no_close:
99  return 0;
100  close:
101  return 1;
102 }
103 
104 /* Return a newly allocated list of all the entry connections that matches the
105  * given service identity pk. If service_identity_pk is NULL, all entry
106  * connections with an hs_ident are returned.
107  *
108  * Caller must free the returned list but does NOT have ownership of the
109  * object inside thus they have to remain untouched. */
110 static smartlist_t *
111 find_entry_conns(const ed25519_public_key_t *service_identity_pk)
112 {
113  time_t now = time(NULL);
114  smartlist_t *conns = NULL, *entry_conns = NULL;
115 
116  entry_conns = smartlist_new();
117 
118  conns = connection_list_by_type_state(CONN_TYPE_AP,
120  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
121  entry_connection_t *entry_conn = TO_ENTRY_CONN(base_conn);
122  const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
123 
124  /* Only consider the entry connections that matches the service for which
125  * we just fetched its descriptor. */
126  if (!edge_conn->hs_ident ||
127  (service_identity_pk &&
128  !ed25519_pubkey_eq(service_identity_pk,
129  &edge_conn->hs_ident->identity_pk))) {
130  continue;
131  }
132  assert_connection_ok(base_conn, now);
133 
134  /* Validated! Add the entry connection to the list. */
135  smartlist_add(entry_conns, entry_conn);
136  } SMARTLIST_FOREACH_END(base_conn);
137 
138  /* We don't have ownership of the objects in this list. */
139  smartlist_free(conns);
140  return entry_conns;
141 }
142 
143 /* Cancel all descriptor fetches currently in progress. */
144 static void
145 cancel_descriptor_fetches(void)
146 {
147  smartlist_t *conns =
148  connection_list_by_type_purpose(CONN_TYPE_DIR, DIR_PURPOSE_FETCH_HSDESC);
149  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
150  const hs_ident_dir_conn_t *ident = TO_DIR_CONN(conn)->hs_ident;
151  if (BUG(ident == NULL)) {
152  /* A directory connection fetching a service descriptor can't have an
153  * empty hidden service identifier. */
154  continue;
155  }
156  log_debug(LD_REND, "Marking for close a directory connection fetching "
157  "a hidden service descriptor for service %s.",
158  safe_str_client(ed25519_fmt(&ident->identity_pk)));
159  connection_mark_for_close(conn);
160  } SMARTLIST_FOREACH_END(conn);
161 
162  /* No ownership of the objects in this list. */
163  smartlist_free(conns);
164  log_info(LD_REND, "Hidden service client descriptor fetches cancelled.");
165 }
166 
167 /** Get all connections that are waiting on a circuit and flag them back to
168  * waiting for a hidden service descriptor for the given service key
169  * service_identity_pk. */
170 static void
172 {
173  tor_assert(service_identity_pk);
174 
175  smartlist_t *conns =
176  connection_list_by_type_state(CONN_TYPE_AP, AP_CONN_STATE_CIRCUIT_WAIT);
177 
178  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
179  edge_connection_t *edge_conn;
180  if (BUG(!CONN_IS_EDGE(conn))) {
181  continue;
182  }
183  edge_conn = TO_EDGE_CONN(conn);
184  if (edge_conn->hs_ident &&
185  ed25519_pubkey_eq(&edge_conn->hs_ident->identity_pk,
186  service_identity_pk)) {
187  connection_ap_mark_as_waiting_for_renddesc(TO_ENTRY_CONN(conn));
188  }
189  } SMARTLIST_FOREACH_END(conn);
190 
191  smartlist_free(conns);
192 }
193 
194 /** Remove tracked HSDir requests from our history for this hidden service
195  * identity public key. */
196 static void
198 {
199  char base64_blinded_pk[ED25519_BASE64_LEN + 1];
200  ed25519_public_key_t blinded_pk;
201 
202  tor_assert(identity_pk);
203 
204  /* Get blinded pubkey of hidden service. It is possible that we just moved
205  * to a new time period meaning that we won't be able to purge the request
206  * from the previous time period. That is fine because they will expire at
207  * some point and we don't care about those anymore. */
208  hs_build_blinded_pubkey(identity_pk, NULL, 0,
209  hs_get_time_period_num(0), &blinded_pk);
210  ed25519_public_to_base64(base64_blinded_pk, &blinded_pk);
211  /* Purge last hidden service request from cache for this blinded key. */
213 }
214 
215 /** Return true iff there is at least one pending directory descriptor request
216  * for the service identity_pk. */
217 static int
219 {
220  int ret = 0;
221  smartlist_t *conns =
222  connection_list_by_type_purpose(CONN_TYPE_DIR, DIR_PURPOSE_FETCH_HSDESC);
223 
224  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
225  const hs_ident_dir_conn_t *ident = TO_DIR_CONN(conn)->hs_ident;
226  if (BUG(ident == NULL)) {
227  /* A directory connection fetching a service descriptor can't have an
228  * empty hidden service identifier. */
229  continue;
230  }
231  if (!ed25519_pubkey_eq(identity_pk, &ident->identity_pk)) {
232  continue;
233  }
234  ret = 1;
235  break;
236  } SMARTLIST_FOREACH_END(conn);
237 
238  /* No ownership of the objects in this list. */
239  smartlist_free(conns);
240  return ret;
241 }
242 
243 /** Helper function that changes the state of an entry connection to waiting
244  * for a circuit. For this to work properly, the connection timestamps are set
245  * to now and the connection is then marked as pending for a circuit. */
246 static void
248 {
249  tor_assert(conn);
250 
251  /* Because the connection can now proceed to opening circuit and ultimately
252  * connect to the service, reset those timestamp so the connection is
253  * considered "fresh" and can continue without being closed too early. */
254  conn->timestamp_created = now;
255  conn->timestamp_last_read_allowed = now;
256  conn->timestamp_last_write_allowed = now;
257  /* Change connection's state into waiting for a circuit. */
259 
260  connection_ap_mark_as_pending_circuit(TO_ENTRY_CONN(conn));
261 }
262 
263 /** We failed to fetch a descriptor for the service with <b>identity_pk</b>
264  * because of <b>status</b>. Find all pending SOCKS connections for this
265  * service that are waiting on the descriptor and close them with
266  * <b>reason</b>. */
267 static void
270  int reason)
271 {
272  unsigned int count = 0;
273  smartlist_t *entry_conns = find_entry_conns(identity_pk);
274 
275  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
276  /* Unattach the entry connection which will close for the reason. */
277  connection_mark_unattached_ap(entry_conn, reason);
278  count++;
279  } SMARTLIST_FOREACH_END(entry_conn);
280 
281  if (count > 0) {
282  char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
283  hs_build_address(identity_pk, HS_VERSION_THREE, onion_address);
284  log_notice(LD_REND, "Closed %u streams for service %s.onion "
285  "for reason %s. Fetch status: %s.",
286  count, safe_str_client(onion_address),
288  fetch_status_to_string(status));
289  }
290 
291  /* No ownership of the object(s) in this list. */
292  smartlist_free(entry_conns);
293 }
294 
295 /** Find all pending SOCKS connection waiting for a descriptor and retry them
296  * all. This is called when the directory information changed. */
297 STATIC void
299 {
300  smartlist_t *entry_conns = find_entry_conns(NULL);
301 
302  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
304  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
305  connection_t *base_conn = &edge_conn->base_;
306 
307  /* Ignore non HS or non v3 connection. */
308  if (edge_conn->hs_ident == NULL) {
309  continue;
310  }
311 
312  /* In this loop, we will possibly try to fetch a descriptor for the
313  * pending connections because we just got more directory information.
314  * However, the refetch process can cleanup all SOCKS request to the same
315  * service if an internal error happens. Thus, we can end up with closed
316  * connections in our list. */
317  if (base_conn->marked_for_close) {
318  continue;
319  }
320 
321  /* XXX: There is an optimization we could do which is that for a service
322  * key, we could check if we can fetch and remember that decision. */
323 
324  /* Order a refetch in case it works this time. */
325  status = hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk);
326  if (status == HS_CLIENT_FETCH_HAVE_DESC) {
327  /* This is a rare case where a SOCKS connection is in state waiting for
328  * a descriptor but we do have it in the cache.
329  *
330  * This can happen is tor comes back from suspend where it previously
331  * had the descriptor but the intro points were not usuable. Once it
332  * came back to life, the intro point failure cache was cleaned up and
333  * thus the descriptor became usable again leaving us in this code path.
334  *
335  * We'll mark the connection as waiting for a circuit so the descriptor
336  * can be retried. This is safe because a connection in state waiting
337  * for a descriptor can not be in the entry connection pending list. */
339  continue;
340  }
341  /* In the case of an error, either all SOCKS connections have been
342  * closed or we are still missing directory information. Leave the
343  * connection in renddesc wait state so when we get more info, we'll be
344  * able to try it again. */
345  } SMARTLIST_FOREACH_END(entry_conn);
346 
347  /* We don't have ownership of those objects. */
348  smartlist_free(entry_conns);
349 }
350 
351 /** A v3 HS circuit successfully connected to the hidden service. Update the
352  * stream state at <b>hs_conn_ident</b> appropriately. */
353 static void
355 {
356  tor_assert(hs_conn_ident);
357 
358  /* Remove from the hid serv cache all requests for that service so we can
359  * query the HSDir again later on for various reasons. */
360  purge_hid_serv_request(&hs_conn_ident->identity_pk);
361 
362  /* The v2 subsystem cleans up the intro point time out flag at this stage.
363  * We don't try to do it here because we still need to keep intact the intro
364  * point state for future connections. Even though we are able to connect to
365  * the service, doesn't mean we should reset the timed out intro points.
366  *
367  * It is not possible to have successfully connected to an intro point
368  * present in our cache that was on error or timed out. Every entry in that
369  * cache have a 2 minutes lifetime so ultimately the intro point(s) state
370  * will be reset and thus possible to be retried. */
371 }
372 
373 /** Given the pubkey of a hidden service in <b>onion_identity_pk</b>, fetch its
374  * descriptor by launching a dir connection to <b>hsdir</b>. Return a
375  * hs_client_fetch_status_t status code depending on how it went. */
378  const routerstatus_t *hsdir)
379 {
380  uint64_t current_time_period = hs_get_time_period_num(0);
381  ed25519_public_key_t blinded_pubkey;
382  char base64_blinded_pubkey[ED25519_BASE64_LEN + 1];
383  hs_ident_dir_conn_t hs_conn_dir_ident;
384 
385  tor_assert(hsdir);
386  tor_assert(onion_identity_pk);
387 
388  /* Get blinded pubkey */
389  hs_build_blinded_pubkey(onion_identity_pk, NULL, 0,
390  current_time_period, &blinded_pubkey);
391  /* ...and base64 it. */
392  ed25519_public_to_base64(base64_blinded_pubkey, &blinded_pubkey);
393 
394  /* Copy onion pk to a dir_ident so that we attach it to the dir conn */
395  hs_ident_dir_conn_init(onion_identity_pk, &blinded_pubkey,
396  &hs_conn_dir_ident);
397 
398  /* Setup directory request */
399  directory_request_t *req =
403  directory_request_set_resource(req, base64_blinded_pubkey);
404  directory_request_fetch_set_hs_ident(req, &hs_conn_dir_ident);
406  directory_request_free(req);
407 
408  log_info(LD_REND, "Descriptor fetch request for service %s with blinded "
409  "key %s to directory %s",
410  safe_str_client(ed25519_fmt(onion_identity_pk)),
411  safe_str_client(base64_blinded_pubkey),
412  safe_str_client(routerstatus_describe(hsdir)));
413 
414  /* Fire a REQUESTED event on the control port. */
415  hs_control_desc_event_requested(onion_identity_pk, base64_blinded_pubkey,
416  hsdir);
417 
418  /* Cleanup memory. */
419  memwipe(&blinded_pubkey, 0, sizeof(blinded_pubkey));
420  memwipe(base64_blinded_pubkey, 0, sizeof(base64_blinded_pubkey));
421  memwipe(&hs_conn_dir_ident, 0, sizeof(hs_conn_dir_ident));
422 
424 }
425 
426 /** Return the HSDir we should use to fetch the descriptor of the hidden
427  * service with identity key <b>onion_identity_pk</b>. */
429 pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk)
430 {
431  char base64_blinded_pubkey[ED25519_BASE64_LEN + 1];
432  uint64_t current_time_period = hs_get_time_period_num(0);
433  smartlist_t *responsible_hsdirs = NULL;
434  ed25519_public_key_t blinded_pubkey;
435  routerstatus_t *hsdir_rs = NULL;
436 
437  tor_assert(onion_identity_pk);
438 
439  /* Get blinded pubkey of hidden service */
440  hs_build_blinded_pubkey(onion_identity_pk, NULL, 0,
441  current_time_period, &blinded_pubkey);
442  /* ...and base64 it. */
443  ed25519_public_to_base64(base64_blinded_pubkey, &blinded_pubkey);
444 
445  /* Get responsible hsdirs of service for this time period */
446  responsible_hsdirs = smartlist_new();
447 
448  hs_get_responsible_hsdirs(&blinded_pubkey, current_time_period,
449  0, 1, responsible_hsdirs);
450 
451  log_debug(LD_REND, "Found %d responsible HSDirs and about to pick one.",
452  smartlist_len(responsible_hsdirs));
453 
454  /* Pick an HSDir from the responsible ones. The ownership of
455  * responsible_hsdirs is given to this function so no need to free it. */
456  hsdir_rs = hs_pick_hsdir(responsible_hsdirs, base64_blinded_pubkey, NULL);
457 
458  return hsdir_rs;
459 }
460 
461 /** Fetch a v3 descriptor using the given <b>onion_identity_pk</b>.
462  *
463  * On success, HS_CLIENT_FETCH_LAUNCHED is returned. Otherwise, an error from
464  * hs_client_fetch_status_t is returned. */
466 fetch_v3_desc, (const ed25519_public_key_t *onion_identity_pk))
467 {
468  routerstatus_t *hsdir_rs =NULL;
469 
470  tor_assert(onion_identity_pk);
471 
472  hsdir_rs = pick_hsdir_v3(onion_identity_pk);
473  if (!hsdir_rs) {
474  log_info(LD_REND, "Couldn't pick a v3 hsdir.");
476  }
477 
478  return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs);
479 }
480 
481 /** With a given <b>onion_identity_pk</b>, fetch its descriptor. If
482  * <b>hsdirs</b> is specified, use the directory servers specified in the list.
483  * Else, use a random server. */
484 void
486  const smartlist_t *hsdirs)
487 {
488  tor_assert(onion_identity_pk);
489 
490  if (hsdirs != NULL) {
491  SMARTLIST_FOREACH_BEGIN(hsdirs, const routerstatus_t *, hsdir) {
492  directory_launch_v3_desc_fetch(onion_identity_pk, hsdir);
493  } SMARTLIST_FOREACH_END(hsdir);
494  } else {
495  fetch_v3_desc(onion_identity_pk);
496  }
497 }
498 
499 /** Make sure that the given v3 origin circuit circ is a valid correct
500  * introduction circuit. This will BUG() on any problems and hard assert if
501  * the anonymity of the circuit is not ok. Return 0 on success else -1 where
502  * the circuit should be mark for closed immediately. */
503 static int
505 {
506  int ret = 0;
507 
508  tor_assert(circ);
509 
510  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCING &&
512  TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACKED)) {
513  ret = -1;
514  }
515  if (BUG(circ->hs_ident == NULL)) {
516  ret = -1;
517  }
518  if (BUG(!hs_ident_intro_circ_is_valid(circ->hs_ident))) {
519  ret = -1;
520  }
521 
522  /* This can stop the tor daemon but we want that since if we don't have
523  * anonymity on this circuit, something went really wrong. */
524  assert_circ_anonymity_ok(circ, get_options());
525  return ret;
526 }
527 
528 /** Find a descriptor intro point object that matches the given ident in the
529  * given descriptor desc. Return NULL if not found. */
530 static const hs_desc_intro_point_t *
532  const hs_descriptor_t *desc)
533 {
534  const hs_desc_intro_point_t *intro_point = NULL;
535 
536  tor_assert(ident);
537  tor_assert(desc);
538 
540  const hs_desc_intro_point_t *, ip) {
541  if (ed25519_pubkey_eq(&ident->intro_auth_pk,
542  &ip->auth_key_cert->signed_key)) {
543  intro_point = ip;
544  break;
545  }
546  } SMARTLIST_FOREACH_END(ip);
547 
548  return intro_point;
549 }
550 
551 /** Find a descriptor intro point object from the descriptor object desc that
552  * matches the given legacy identity digest in legacy_id. Return NULL if not
553  * found. */
554 static hs_desc_intro_point_t *
556  const hs_descriptor_t *desc)
557 {
558  hs_desc_intro_point_t *ret_ip = NULL;
559 
560  tor_assert(legacy_id);
561  tor_assert(desc);
562 
563  /* We will go over every intro point and try to find which one is linked to
564  * that circuit. Those lists are small so it's not that expensive. */
566  hs_desc_intro_point_t *, ip) {
567  SMARTLIST_FOREACH_BEGIN(ip->link_specifiers,
568  const link_specifier_t *, lspec) {
569  /* Not all tor node have an ed25519 identity key so we still rely on the
570  * legacy identity digest. */
571  if (link_specifier_get_ls_type(lspec) != LS_LEGACY_ID) {
572  continue;
573  }
574  if (fast_memneq(legacy_id,
575  link_specifier_getconstarray_un_legacy_id(lspec),
576  DIGEST_LEN)) {
577  break;
578  }
579  /* Found it. */
580  ret_ip = ip;
581  goto end;
582  } SMARTLIST_FOREACH_END(lspec);
583  } SMARTLIST_FOREACH_END(ip);
584 
585  end:
586  return ret_ip;
587 }
588 
589 /** Send an INTRODUCE1 cell along the intro circuit and populate the rend
590  * circuit identifier with the needed key material for the e2e encryption.
591  * Return 0 on success, -1 if there is a transient error such that an action
592  * has been taken to recover and -2 if there is a permanent error indicating
593  * that both circuits were closed. */
594 static int
596  origin_circuit_t *rend_circ)
597 {
598  int status;
599  char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
600  const ed25519_public_key_t *service_identity_pk = NULL;
601  const hs_desc_intro_point_t *ip;
602 
603  tor_assert(rend_circ);
604  if (intro_circ_is_ok(intro_circ) < 0) {
605  goto perm_err;
606  }
607 
608  service_identity_pk = &intro_circ->hs_ident->identity_pk;
609  /* For logging purposes. There will be a time where the hs_ident will have a
610  * version number but for now there is none because it's all v3. */
611  hs_build_address(service_identity_pk, HS_VERSION_THREE, onion_address);
612 
613  log_info(LD_REND, "Sending INTRODUCE1 cell to service %s on circuit %u",
614  safe_str_client(onion_address), TO_CIRCUIT(intro_circ)->n_circ_id);
615 
616  /* 1) Get descriptor from our cache. */
617  const hs_descriptor_t *desc =
618  hs_cache_lookup_as_client(service_identity_pk);
619  if (desc == NULL || !hs_client_any_intro_points_usable(service_identity_pk,
620  desc)) {
621  log_info(LD_REND, "Request to %s %s. Trying to fetch a new descriptor.",
622  safe_str_client(onion_address),
623  (desc) ? "didn't have usable intro points" :
624  "didn't have a descriptor");
625  hs_client_refetch_hsdesc(service_identity_pk);
626  /* We just triggered a refetch, make sure every connections are back
627  * waiting for that descriptor. */
628  flag_all_conn_wait_desc(service_identity_pk);
629  /* We just asked for a refetch so this is a transient error. */
630  goto tran_err;
631  }
632 
633  /* We need to find which intro point in the descriptor we are connected to
634  * on intro_circ. */
635  ip = find_desc_intro_point_by_ident(intro_circ->hs_ident, desc);
636  if (ip == NULL) {
637  /* The following is possible if the descriptor was changed while we had
638  * this introduction circuit open and waiting for the rendezvous circuit to
639  * be ready. Which results in this situation where we can't find the
640  * corresponding intro point within the descriptor of the service. */
641  log_info(LD_REND, "Unable to find introduction point for service %s "
642  "while trying to send an INTRODUCE1 cell.",
643  safe_str_client(onion_address));
644  goto perm_err;
645  }
646 
647  /* Send the INTRODUCE1 cell. */
648  if (hs_circ_send_introduce1(intro_circ, rend_circ, ip,
649  &desc->subcredential) < 0) {
650  if (TO_CIRCUIT(intro_circ)->marked_for_close) {
651  /* If the introduction circuit was closed, we were unable to send the
652  * cell for some reasons. In any case, the intro circuit has to be
653  * closed by the above function. We'll return a transient error so tor
654  * can recover and pick a new intro point. To avoid picking that same
655  * intro point, we'll note down the intro point failure so it doesn't
656  * get reused. */
657  hs_cache_client_intro_state_note(service_identity_pk,
658  &intro_circ->hs_ident->intro_auth_pk,
659  INTRO_POINT_FAILURE_GENERIC);
660  }
661  /* It is also possible that the rendezvous circuit was closed due to being
662  * unable to use the rendezvous point node_t so in that case, we also want
663  * to recover and let tor pick a new one. */
664  goto tran_err;
665  }
666 
667  /* Cell has been sent successfully. Copy the introduction point
668  * authentication and encryption key in the rendezvous circuit identifier so
669  * we can compute the ntor keys when we receive the RENDEZVOUS2 cell. */
670  memcpy(&rend_circ->hs_ident->intro_enc_pk, &ip->enc_key,
671  sizeof(rend_circ->hs_ident->intro_enc_pk));
673  &intro_circ->hs_ident->intro_auth_pk);
674 
675  /* Now, we wait for an ACK or NAK on this circuit. */
678  /* Set timestamp_dirty, because circuit_expire_building expects it to
679  * specify when a circuit entered the _C_INTRODUCE_ACK_WAIT state. */
680  TO_CIRCUIT(intro_circ)->timestamp_dirty = time(NULL);
681  pathbias_count_use_attempt(intro_circ);
682 
683  /* Success. */
684  status = 0;
685  goto end;
686 
687  perm_err:
688  /* Permanent error: it is possible that the intro circuit was closed prior
689  * because we weren't able to send the cell. Make sure we don't double close
690  * it which would result in a warning. */
691  if (!TO_CIRCUIT(intro_circ)->marked_for_close) {
692  circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_INTERNAL);
693  }
694  circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
695  status = -2;
696  goto end;
697 
698  tran_err:
699  status = -1;
700 
701  end:
702  memwipe(onion_address, 0, sizeof(onion_address));
703  return status;
704 }
705 
706 /** Using the introduction circuit circ, setup the authentication key of the
707  * intro point this circuit has extended to. */
708 static void
710 {
711  const hs_descriptor_t *desc;
712  const hs_desc_intro_point_t *ip;
713 
714  tor_assert(circ);
715 
717  if (desc == NULL) {
718  /* There is a very small race window between the opening of this circuit
719  * and the client descriptor cache that gets purged (NEWNYM) or the
720  * cleaned up because it expired. Mark the circuit for close so a new
721  * descriptor fetch can occur. */
722  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
723  goto end;
724  }
725 
726  /* We will go over every intro point and try to find which one is linked to
727  * that circuit. Those lists are small so it's not that expensive. */
729  circ->build_state->chosen_exit->identity_digest, desc);
730  if (ip) {
731  /* We got it, copy its authentication key to the identifier. */
733  &ip->auth_key_cert->signed_key);
734  goto end;
735  }
736 
737  /* Reaching this point means we didn't find any intro point for this circuit
738  * which is not supposed to happen. */
739  tor_assert_nonfatal_unreached();
740 
741  end:
742  return;
743 }
744 
745 /** Called when an introduction circuit has opened. */
746 static void
748 {
749  tor_assert(circ);
751  log_info(LD_REND, "Introduction circuit %u has opened. Attaching streams.",
752  (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
753 
754  /* This is an introduction circuit so we'll attach the correct
755  * authentication key to the circuit identifier so it can be identified
756  * properly later on. */
758 
760 }
761 
762 /** Called when a rendezvous circuit has opened. */
763 static void
765 {
766  tor_assert(circ);
768 
769  const extend_info_t *rp_ei = circ->build_state->chosen_exit;
770 
771  /* Check that we didn't accidentally choose a node that does not understand
772  * the v3 rendezvous protocol */
773  if (rp_ei) {
774  const node_t *rp_node = node_get_by_id(rp_ei->identity_digest);
775  if (rp_node) {
776  if (BUG(!node_supports_v3_rendezvous_point(rp_node))) {
777  return;
778  }
779  }
780  }
781 
782  log_info(LD_REND, "Rendezvous circuit has opened to %s.",
783  safe_str_client(extend_info_describe(rp_ei)));
784 
785  /* Ignore returned value, nothing we can really do. On failure, the circuit
786  * will be marked for close. */
788 
789  /* Register rend circuit in circuitmap if it's still alive. */
790  if (!TO_CIRCUIT(circ)->marked_for_close) {
792  circ->hs_ident->rendezvous_cookie);
793  }
794 }
795 
796 /** This is an helper function that convert a descriptor intro point object ip
797  * to a newly allocated extend_info_t object fully initialized. Return NULL if
798  * we can't convert it for which chances are that we are missing or malformed
799  * link specifiers. */
802 {
803  extend_info_t *ei;
804 
805  tor_assert(ip);
806 
807  /* Explicitly put the direct connection option to 0 because this is client
808  * side and there is no such thing as a non anonymous client. */
810 
811  return ei;
812 }
813 
814 /** Return true iff the intro point ip for the service service_pk is usable.
815  * This function checks if the intro point is in the client intro state cache
816  * and checks at the failures. It is considered usable if:
817  * - No error happened (INTRO_POINT_FAILURE_GENERIC)
818  * - It is not flagged as timed out (INTRO_POINT_FAILURE_TIMEOUT)
819  * - The unreachable count is lower than
820  * MAX_INTRO_POINT_REACHABILITY_FAILURES (INTRO_POINT_FAILURE_UNREACHABLE)
821  */
822 static int
824  const hs_desc_intro_point_t *ip)
825 {
826  const hs_cache_intro_state_t *state;
827 
828  tor_assert(service_pk);
829  tor_assert(ip);
830 
831  state = hs_cache_client_intro_state_find(service_pk,
832  &ip->auth_key_cert->signed_key);
833  if (state == NULL) {
834  /* This means we've never encountered any problem thus usable. */
835  goto usable;
836  }
837  if (state->error) {
838  log_info(LD_REND, "Intro point with auth key %s had an error. Not usable",
839  safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
840  goto not_usable;
841  }
842  if (state->timed_out) {
843  log_info(LD_REND, "Intro point with auth key %s timed out. Not usable",
844  safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
845  goto not_usable;
846  }
848  log_info(LD_REND, "Intro point with auth key %s unreachable. Not usable",
849  safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
850  goto not_usable;
851  }
852 
853  usable:
854  return 1;
855  not_usable:
856  return 0;
857 }
858 
859 /** Using a descriptor desc, return a newly allocated extend_info_t object of a
860  * randomly picked introduction point from its list. Return NULL if none are
861  * usable. */
864 {
865  extend_info_t *ei = NULL, *ei_excluded = NULL;
866  smartlist_t *usable_ips = NULL;
867  const hs_descriptor_t *desc;
868  const hs_desc_encrypted_data_t *enc_data;
869  const or_options_t *options = get_options();
870  /* Calculate the onion address for logging purposes */
871  char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
872 
873  tor_assert(service_pk);
874 
875  desc = hs_cache_lookup_as_client(service_pk);
876  /* Assume the service is v3 if the descriptor is missing. This is ok,
877  * because we only use the address in log messages */
878  hs_build_address(service_pk,
879  desc ? desc->plaintext_data.version : HS_VERSION_THREE,
880  onion_address);
881  if (desc == NULL || !hs_client_any_intro_points_usable(service_pk,
882  desc)) {
883  log_info(LD_REND, "Unable to randomly select an introduction point "
884  "for service %s because descriptor %s. We can't connect.",
885  safe_str_client(onion_address),
886  (desc) ? "doesn't have any usable intro points"
887  : "is missing (assuming v3 onion address)");
888  goto end;
889  }
890 
891  enc_data = &desc->encrypted_data;
892  usable_ips = smartlist_new();
893  smartlist_add_all(usable_ips, enc_data->intro_points);
894  while (smartlist_len(usable_ips) != 0) {
895  int idx;
896  const hs_desc_intro_point_t *ip;
897 
898  /* Pick a random intro point and immediately remove it from the usable
899  * list so we don't pick it again if we have to iterate more. */
900  idx = crypto_rand_int(smartlist_len(usable_ips));
901  ip = smartlist_get(usable_ips, idx);
902  smartlist_del(usable_ips, idx);
903 
904  /* We need to make sure we have a usable intro points which is in a good
905  * state in our cache. */
906  if (!intro_point_is_usable(service_pk, ip)) {
907  continue;
908  }
909 
910  /* Generate an extend info object from the intro point object. */
912  if (ei == NULL) {
913  /* We can get here for instance if the intro point is a private address
914  * and we aren't allowed to extend to those. */
915  log_info(LD_REND, "Unable to select introduction point with auth key %s "
916  "for service %s, because we could not extend to it.",
917  safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)),
918  safe_str_client(onion_address));
919  continue;
920  }
921 
922  /* Test the pick against ExcludeNodes. */
923  if (routerset_contains_extendinfo(options->ExcludeNodes, ei)) {
924  /* If this pick is in the ExcludeNodes list, we keep its reference so if
925  * we ever end up not being able to pick anything else and StrictNodes is
926  * unset, we'll use it. */
927  if (ei_excluded) {
928  /* If something was already here free it. After the loop is gone we
929  * will examine the last excluded intro point, and that's fine since
930  * that's random anyway */
931  extend_info_free(ei_excluded);
932  }
933  ei_excluded = ei;
934  continue;
935  }
936 
937  /* Good pick! Let's go with this. */
938  goto end;
939  }
940 
941  /* Reaching this point means a couple of things. Either we can't use any of
942  * the intro point listed because the IP address can't be extended to or it
943  * is listed in the ExcludeNodes list. In the later case, if StrictNodes is
944  * set, we are forced to not use anything. */
945  ei = ei_excluded;
946  if (options->StrictNodes) {
947  log_warn(LD_REND, "Every introduction point for service %s is in the "
948  "ExcludeNodes set and StrictNodes is set. We can't connect.",
949  safe_str_client(onion_address));
950  extend_info_free(ei);
951  ei = NULL;
952  } else {
953  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Every introduction point for service "
954  "%s is unusable or we can't extend to it. We can't connect.",
955  safe_str_client(onion_address));
956  }
957 
958  end:
959  smartlist_free(usable_ips);
960  memwipe(onion_address, 0, sizeof(onion_address));
961  return ei;
962 }
963 
964 /** Return true iff all intro points for the given service have timed out. */
965 static bool
967 {
968  bool ret = false;
969 
970  tor_assert(service_pk);
971 
972  const hs_descriptor_t *desc = hs_cache_lookup_as_client(service_pk);
973 
975  const hs_desc_intro_point_t *, ip) {
976  const hs_cache_intro_state_t *state =
978  &ip->auth_key_cert->signed_key);
979  if (!state || !state->timed_out) {
980  /* No state or if this intro point has not timed out, we are done since
981  * clearly not all of them have timed out. */
982  goto end;
983  }
984  } SMARTLIST_FOREACH_END(ip);
985 
986  /* Exiting the loop here means that all intro points we've looked at have
987  * timed out. Note that we can _not_ have a descriptor without intro points
988  * in the client cache. */
989  ret = true;
990 
991  end:
992  return ret;
993 }
994 
995 /** Called when a rendezvous circuit has timed out. Every stream attached to
996  * the circuit will get set with the SOCKS5_HS_REND_FAILED (0xF3) extended
997  * error code so if the connection to the rendezvous point ends up not
998  * working, this code could be sent back as a reason. */
999 static void
1001 {
1002  tor_assert(rend_circ);
1003 
1004  /* For each entry connection attached to this rendezvous circuit, report
1005  * the error. */
1006  for (edge_connection_t *edge = rend_circ->p_streams; edge;
1007  edge = edge->next_stream) {
1008  entry_connection_t *entry = EDGE_TO_ENTRY_CONN(edge);
1009  if (entry->socks_request) {
1011  SOCKS5_HS_REND_FAILED;
1012  }
1013  }
1014 }
1015 
1016 /** Called when introduction has failed meaning there is no more usable
1017  * introduction points to be used (either NACKed or failed) for the given
1018  * entry connection.
1019  *
1020  * This function only reports back the SOCKS5_HS_INTRO_FAILED (0xF2) code or
1021  * SOCKS5_HS_INTRO_TIMEDOUT (0xF7) if all intros have timed out. The caller
1022  * has to make sure to close the entry connections. */
1023 static void
1025  const ed25519_public_key_t *identity_pk)
1026 {
1027  socks5_reply_status_t code = SOCKS5_HS_INTRO_FAILED;
1028 
1029  tor_assert(conn);
1030  tor_assert(conn->socks_request);
1031  tor_assert(identity_pk);
1032 
1033  if (intro_points_all_timed_out(identity_pk)) {
1034  code = SOCKS5_HS_INTRO_TIMEDOUT;
1035  }
1037 }
1038 
1039 /** For this introduction circuit, we'll look at if we have any usable
1040  * introduction point left for this service. If so, we'll use the circuit to
1041  * re-extend to a new intro point. Else, we'll close the circuit and its
1042  * corresponding rendezvous circuit. Return 0 if we are re-extending else -1
1043  * if we are closing the circuits.
1044  *
1045  * This is called when getting an INTRODUCE_ACK cell with a NACK. */
1046 static int
1048 {
1049  int ret = -1;
1050  const hs_descriptor_t *desc;
1051  origin_circuit_t *rend_circ;
1052 
1053  tor_assert(intro_circ);
1054 
1055  desc = hs_cache_lookup_as_client(&intro_circ->hs_ident->identity_pk);
1056  if (BUG(desc == NULL)) {
1057  /* We can't continue without a descriptor. */
1058  goto close;
1059  }
1060  /* We still have the descriptor, great! Let's try to see if we can
1061  * re-extend by looking up if there are any usable intro points. */
1063  desc)) {
1064  goto close;
1065  }
1066  /* Try to re-extend now. */
1067  if (hs_client_reextend_intro_circuit(intro_circ) < 0) {
1068  goto close;
1069  }
1070  /* Success on re-extending. Don't return an error. */
1071  ret = 0;
1072  goto end;
1073 
1074  close:
1075  /* Change the intro circuit purpose before so we don't report an intro point
1076  * failure again triggering an extra descriptor fetch. The circuit can
1077  * already be closed on failure to re-extend. */
1078  if (!TO_CIRCUIT(intro_circ)->marked_for_close) {
1079  circuit_change_purpose(TO_CIRCUIT(intro_circ),
1081  circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1082  }
1083  /* Close the related rendezvous circuit. */
1085  intro_circ->hs_ident->rendezvous_cookie);
1086  /* The rendezvous circuit might have collapsed while the INTRODUCE_ACK was
1087  * inflight so we can't expect one every time. */
1088  if (rend_circ) {
1089  circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_FINISHED);
1090  }
1091 
1092  end:
1093  return ret;
1094 }
1095 
1096 /** Called when we get an INTRODUCE_ACK success status code. Do the appropriate
1097  * actions for the rendezvous point and finally close intro_circ. */
1098 static void
1100 {
1101  origin_circuit_t *rend_circ = NULL;
1102 
1103  tor_assert(intro_circ);
1104 
1105  log_info(LD_REND, "Received INTRODUCE_ACK ack! Informing rendezvous");
1106 
1107  /* Get the rendezvous circuit for this rendezvous cookie. */
1108  uint8_t *rendezvous_cookie = intro_circ->hs_ident->rendezvous_cookie;
1109  rend_circ =
1111  if (rend_circ == NULL) {
1112  log_warn(LD_REND, "Can't find any rendezvous circuit. Stopping");
1113  goto end;
1114  }
1115 
1116  assert_circ_anonymity_ok(rend_circ, get_options());
1117 
1118  /* It is possible to get a RENDEZVOUS2 cell before the INTRODUCE_ACK which
1119  * means that the circuit will be joined and already transmitting data. In
1120  * that case, simply skip the purpose change and close the intro circuit
1121  * like it should be. */
1122  if (TO_CIRCUIT(rend_circ)->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
1123  goto end;
1124  }
1127  /* Set timestamp_dirty, because circuit_expire_building expects it to
1128  * specify when a circuit entered the
1129  * CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED state. */
1130  TO_CIRCUIT(rend_circ)->timestamp_dirty = time(NULL);
1131 
1132  end:
1133  /* We don't need the intro circuit anymore. It did what it had to do! */
1134  circuit_change_purpose(TO_CIRCUIT(intro_circ),
1136  circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1137 
1138  /* XXX: Close pending intro circuits we might have in parallel. */
1139  return;
1140 }
1141 
1142 /** Called when we get an INTRODUCE_ACK failure status code. Depending on our
1143  * failure cache status, either close the circuit or re-extend to a new
1144  * introduction point. */
1145 static void
1147 {
1148  tor_assert(circ);
1149 
1150  log_info(LD_REND, "Received INTRODUCE_ACK nack by %s. Reason: %u",
1151  safe_str_client(extend_info_describe(circ->build_state->chosen_exit)),
1152  status);
1153 
1154  /* It's a NAK. The introduction point didn't relay our request. */
1156 
1157  /* Note down this failure in the intro point failure cache. Depending on how
1158  * many times we've tried this intro point, close it or reextend. */
1160  &circ->hs_ident->intro_auth_pk,
1161  INTRO_POINT_FAILURE_GENERIC);
1162 }
1163 
1164 /** Called when we get an INTRODUCE_ACK on the intro circuit circ. The encoded
1165  * cell is in payload of length payload_len. Return 0 on success else a
1166  * negative value. The circuit is either close or reuse to re-extend to a new
1167  * introduction point. */
1168 static int
1169 handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload,
1170  size_t payload_len)
1171 {
1172  int status, ret = -1;
1173 
1174  tor_assert(circ);
1175  tor_assert(circ->build_state);
1177  assert_circ_anonymity_ok(circ, get_options());
1178  tor_assert(payload);
1179 
1180  status = hs_cell_parse_introduce_ack(payload, payload_len);
1181  switch (status) {
1182  case TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS:
1183  ret = 0;
1185  goto end;
1186  case TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID:
1187  case TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT:
1188  /* It is possible that the intro point can send us an unknown status code
1189  * for the NACK that we do not know about like a new code for instance.
1190  * Just fallthrough so we can note down the NACK and re-extend. */
1191  default:
1192  handle_introduce_ack_bad(circ, status);
1193  /* We are going to see if we have to close the circuits (IP and RP) or we
1194  * can re-extend to a new intro point. */
1195  ret = close_or_reextend_intro_circ(circ);
1196  break;
1197  }
1198 
1199  end:
1200  return ret;
1201 }
1202 
1203 /** Called when we get a RENDEZVOUS2 cell on the rendezvous circuit circ. The
1204  * encoded cell is in payload of length payload_len. Return 0 on success or a
1205  * negative value on error. On error, the circuit is marked for close. */
1206 STATIC int
1207 handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload,
1208  size_t payload_len)
1209 {
1210  int ret = -1;
1211  curve25519_public_key_t server_pk;
1212  uint8_t auth_mac[DIGEST256_LEN] = {0};
1213  uint8_t handshake_info[CURVE25519_PUBKEY_LEN + sizeof(auth_mac)] = {0};
1215  const hs_ident_circuit_t *ident;
1216 
1217  tor_assert(circ);
1218  tor_assert(payload);
1219 
1220  /* Make things easier. */
1221  ident = circ->hs_ident;
1222  tor_assert(ident);
1223 
1224  if (hs_cell_parse_rendezvous2(payload, payload_len, handshake_info,
1225  sizeof(handshake_info)) < 0) {
1226  goto err;
1227  }
1228  /* Get from the handshake info the SERVER_PK and AUTH_MAC. */
1229  memcpy(&server_pk, handshake_info, CURVE25519_PUBKEY_LEN);
1230  memcpy(auth_mac, handshake_info + CURVE25519_PUBKEY_LEN, sizeof(auth_mac));
1231 
1232  /* Generate the handshake info. */
1233  if (hs_ntor_client_get_rendezvous1_keys(&ident->intro_auth_pk,
1234  &ident->rendezvous_client_kp,
1235  &ident->intro_enc_pk, &server_pk,
1236  &keys) < 0) {
1237  log_info(LD_REND, "Unable to compute the rendezvous keys.");
1238  goto err;
1239  }
1240 
1241  /* Critical check, make sure that the MAC matches what we got with what we
1242  * computed just above. */
1243  if (!hs_ntor_client_rendezvous2_mac_is_good(&keys, auth_mac)) {
1244  log_info(LD_REND, "Invalid MAC in RENDEZVOUS2. Rejecting cell.");
1245  goto err;
1246  }
1247 
1248  /* Setup the e2e encryption on the circuit and finalize its state. */
1249  if (hs_circuit_setup_e2e_rend_circ(circ, keys.ntor_key_seed,
1250  sizeof(keys.ntor_key_seed), 0) < 0) {
1251  log_info(LD_REND, "Unable to setup the e2e encryption.");
1252  goto err;
1253  }
1254  /* Success. Hidden service connection finalized! */
1255  ret = 0;
1256  goto end;
1257 
1258  err:
1259  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
1260  end:
1261  memwipe(&keys, 0, sizeof(keys));
1262  return ret;
1263 }
1264 
1265 /** Return true iff the client can fetch a descriptor for this service public
1266  * identity key and status_out if not NULL is untouched. If the client can
1267  * _not_ fetch the descriptor and if status_out is not NULL, it is set with
1268  * the fetch status code. */
1269 static unsigned int
1271  hs_client_fetch_status_t *status_out)
1272 {
1273  hs_client_fetch_status_t status;
1274 
1275  tor_assert(identity_pk);
1276 
1277  /* Are we configured to fetch descriptors? */
1278  if (!get_options()->FetchHidServDescriptors) {
1279  log_warn(LD_REND, "We received an onion address for a hidden service "
1280  "descriptor but we are configured to not fetch.");
1281  status = HS_CLIENT_FETCH_NOT_ALLOWED;
1282  goto cannot;
1283  }
1284 
1285  /* Without a live consensus we can't do any client actions. It is needed to
1286  * compute the hashring for a service. */
1288  log_info(LD_REND, "Can't fetch descriptor for service %s because we "
1289  "are missing a live consensus. Stalling connection.",
1290  safe_str_client(ed25519_fmt(identity_pk)));
1292  goto cannot;
1293  }
1294 
1296  log_info(LD_REND, "Can't fetch descriptor for service %s because we "
1297  "dont have enough descriptors. Stalling connection.",
1298  safe_str_client(ed25519_fmt(identity_pk)));
1300  goto cannot;
1301  }
1302 
1303  /* Check if fetching a desc for this HS is useful to us right now */
1304  {
1305  const hs_descriptor_t *cached_desc = NULL;
1306  cached_desc = hs_cache_lookup_as_client(identity_pk);
1307  if (cached_desc && hs_client_any_intro_points_usable(identity_pk,
1308  cached_desc)) {
1309  log_info(LD_GENERAL, "We would fetch a v3 hidden service descriptor "
1310  "but we already have a usable descriptor.");
1311  status = HS_CLIENT_FETCH_HAVE_DESC;
1312  goto cannot;
1313  }
1314  }
1315 
1316  /* Don't try to refetch while we have a pending request for it. */
1317  if (directory_request_is_pending(identity_pk)) {
1318  log_info(LD_REND, "Already a pending directory request. Waiting on it.");
1319  status = HS_CLIENT_FETCH_PENDING;
1320  goto cannot;
1321  }
1322 
1323  /* Yes, client can fetch! */
1324  return 1;
1325  cannot:
1326  if (status_out) {
1327  *status_out = status;
1328  }
1329  return 0;
1330 }
1331 
1332 /** Purge the client authorization cache of all ephemeral entries that is the
1333  * entries that are not flagged with CLIENT_AUTH_FLAG_IS_PERMANENT.
1334  *
1335  * This is called from the hs_client_purge_state() used by a SIGNEWNYM. */
1336 STATIC void
1338 {
1339  DIGEST256MAP_FOREACH_MODIFY(client_auths, key,
1341  /* Cleanup every entry that are _NOT_ permanent that is ephemeral. */
1342  if (!(auth->flags & CLIENT_AUTH_FLAG_IS_PERMANENT)) {
1343  MAP_DEL_CURRENT(key);
1344  client_service_authorization_free(auth);
1345  }
1347 
1348  log_info(LD_REND, "Client onion service ephemeral authorization "
1349  "cache has been purged.");
1350 }
1351 
1352 /** Return the client auth in the map using the service identity public key.
1353  * Return NULL if it does not exist in the map. */
1355 find_client_auth(const ed25519_public_key_t *service_identity_pk)
1356 {
1357  /* If the map is not allocated, we can assume that we do not have any client
1358  * auth information. */
1359  if (!client_auths) {
1360  return NULL;
1361  }
1362  return digest256map_get(client_auths, service_identity_pk->pubkey);
1363 }
1364 
1365 /** This is called when a descriptor has arrived following a fetch request and
1366  * has been stored in the client cache. The given entry connections, matching
1367  * the service identity key, will get attached to the service circuit. */
1368 static void
1370 {
1371  time_t now = time(NULL);
1372 
1373  tor_assert(entry_conns);
1374 
1375  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
1376  const hs_descriptor_t *desc;
1377  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
1378  const ed25519_public_key_t *identity_pk =
1379  &edge_conn->hs_ident->identity_pk;
1380 
1381  /* We were just called because we stored the descriptor for this service
1382  * so not finding a descriptor means we have a bigger problem. */
1383  desc = hs_cache_lookup_as_client(identity_pk);
1384  if (BUG(desc == NULL)) {
1385  goto end;
1386  }
1387 
1388  if (!hs_client_any_intro_points_usable(identity_pk, desc)) {
1389  log_info(LD_REND, "Hidden service descriptor is unusable. "
1390  "Closing streams.");
1391  /* Report the extended socks error code that we were unable to introduce
1392  * to the service. */
1393  socks_report_introduction_failed(entry_conn, identity_pk);
1394 
1395  connection_mark_unattached_ap(entry_conn,
1396  END_STREAM_REASON_RESOLVEFAILED);
1397  /* We are unable to use the descriptor so remove the directory request
1398  * from the cache so the next connection can try again. */
1399  note_connection_attempt_succeeded(edge_conn->hs_ident);
1400  continue;
1401  }
1402 
1403  log_info(LD_REND, "Descriptor has arrived. Launching circuits.");
1404 
1405  /* Mark connection as waiting for a circuit since we do have a usable
1406  * descriptor now. */
1407  mark_conn_as_waiting_for_circuit(&edge_conn->base_, now);
1408  } SMARTLIST_FOREACH_END(entry_conn);
1409 
1410  end:
1411  return;
1412 }
1413 
1414 /** This is called when a descriptor fetch was successful but the descriptor
1415  * couldn't be decrypted due to missing or bad client authorization. */
1416 static void
1418  hs_desc_decode_status_t status)
1419 {
1420  tor_assert(entry_conns);
1421 
1422  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
1423  socks5_reply_status_t code;
1424  if (status == HS_DESC_DECODE_BAD_CLIENT_AUTH) {
1425  code = SOCKS5_HS_BAD_CLIENT_AUTH;
1426  } else if (status == HS_DESC_DECODE_NEED_CLIENT_AUTH) {
1427  code = SOCKS5_HS_MISSING_CLIENT_AUTH;
1428  } else {
1429  /* We should not be called with another type of status. Recover by
1430  * sending a generic error. */
1431  tor_assert_nonfatal_unreached();
1432  code = HS_DESC_DECODE_GENERIC_ERROR;
1433  }
1434  entry_conn->socks_request->socks_extended_error_code = code;
1435  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_MISC);
1436  } SMARTLIST_FOREACH_END(entry_conn);
1437 }
1438 
1439 /** Called when we get a 200 directory fetch status code. */
1440 static void
1442  const smartlist_t *entry_conns, const char *body)
1443 {
1444  hs_desc_decode_status_t decode_status;
1445 
1446  tor_assert(dir_conn);
1447  tor_assert(entry_conns);
1448  tor_assert(body);
1449 
1450  /* We got something: Try storing it in the cache. */
1451  decode_status = hs_cache_store_as_client(body,
1452  &dir_conn->hs_ident->identity_pk);
1453  switch (decode_status) {
1454  case HS_DESC_DECODE_OK:
1455  case HS_DESC_DECODE_NEED_CLIENT_AUTH:
1456  case HS_DESC_DECODE_BAD_CLIENT_AUTH:
1457  log_info(LD_REND, "Stored hidden service descriptor successfully.");
1458  TO_CONN(dir_conn)->purpose = DIR_PURPOSE_HAS_FETCHED_HSDESC;
1459  if (decode_status == HS_DESC_DECODE_OK) {
1460  client_desc_has_arrived(entry_conns);
1461  } else {
1462  /* This handles both client auth decode status. */
1463  client_desc_missing_bad_client_auth(entry_conns, decode_status);
1464  log_info(LD_REND, "Stored hidden service descriptor requires "
1465  "%s client authorization.",
1466  decode_status == HS_DESC_DECODE_NEED_CLIENT_AUTH ? "missing"
1467  : "new");
1468  }
1469  /* Fire control port RECEIVED event. */
1470  hs_control_desc_event_received(dir_conn->hs_ident,
1471  dir_conn->identity_digest);
1472  hs_control_desc_event_content(dir_conn->hs_ident,
1473  dir_conn->identity_digest, body);
1474  break;
1475  case HS_DESC_DECODE_ENCRYPTED_ERROR:
1476  case HS_DESC_DECODE_SUPERENC_ERROR:
1477  case HS_DESC_DECODE_PLAINTEXT_ERROR:
1478  case HS_DESC_DECODE_GENERIC_ERROR:
1479  default:
1480  log_info(LD_REND, "Failed to store hidden service descriptor. "
1481  "Descriptor decoding status: %d", decode_status);
1482  /* Fire control port FAILED event. */
1483  hs_control_desc_event_failed(dir_conn->hs_ident,
1484  dir_conn->identity_digest, "BAD_DESC");
1485  hs_control_desc_event_content(dir_conn->hs_ident,
1486  dir_conn->identity_digest, NULL);
1487  break;
1488  }
1489 }
1490 
1491 /** Called when we get a 404 directory fetch status code. */
1492 static void
1494  const smartlist_t *entry_conns)
1495 {
1496  tor_assert(entry_conns);
1497 
1498  /* Not there. We'll retry when connection_about_to_close_connection() tries
1499  * to clean this conn up. */
1500  log_info(LD_REND, "Fetching hidden service v3 descriptor not found: "
1501  "Retrying at another directory.");
1502  /* Fire control port FAILED event. */
1503  hs_control_desc_event_failed(dir_conn->hs_ident, dir_conn->identity_digest,
1504  "NOT_FOUND");
1505  hs_control_desc_event_content(dir_conn->hs_ident, dir_conn->identity_digest,
1506  NULL);
1507 
1508  /* Flag every entry connections that the descriptor was not found. */
1509  SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
1511  SOCKS5_HS_NOT_FOUND;
1512  } SMARTLIST_FOREACH_END(entry_conn);
1513 }
1514 
1515 /** Called when we get a 400 directory fetch status code. */
1516 static void
1517 client_dir_fetch_400(dir_connection_t *dir_conn, const char *reason)
1518 {
1519  tor_assert(dir_conn);
1520 
1521  log_warn(LD_REND, "Fetching v3 hidden service descriptor failed: "
1522  "http status 400 (%s). Dirserver didn't like our "
1523  "query? Retrying at another directory.",
1524  escaped(reason));
1525 
1526  /* Fire control port FAILED event. */
1527  hs_control_desc_event_failed(dir_conn->hs_ident, dir_conn->identity_digest,
1528  "QUERY_REJECTED");
1529  hs_control_desc_event_content(dir_conn->hs_ident, dir_conn->identity_digest,
1530  NULL);
1531 }
1532 
1533 /** Called when we get an unexpected directory fetch status code. */
1534 static void
1535 client_dir_fetch_unexpected(dir_connection_t *dir_conn, const char *reason,
1536  const int status_code)
1537 {
1538  tor_assert(dir_conn);
1539 
1540  log_warn(LD_REND, "Fetching v3 hidden service descriptor failed: "
1541  "http status %d (%s) response unexpected from HSDir "
1542  "server '%s:%d'. Retrying at another directory.",
1543  status_code, escaped(reason), TO_CONN(dir_conn)->address,
1544  TO_CONN(dir_conn)->port);
1545  /* Fire control port FAILED event. */
1546  hs_control_desc_event_failed(dir_conn->hs_ident, dir_conn->identity_digest,
1547  "UNEXPECTED");
1548  hs_control_desc_event_content(dir_conn->hs_ident, dir_conn->identity_digest,
1549  NULL);
1550 }
1551 
1552 /** Get the full filename for storing the client auth credentials for the
1553  * service in <b>onion_address</b>. The base directory is <b>dir</b>.
1554  * This function never returns NULL. */
1555 static char *
1556 get_client_auth_creds_filename(const char *onion_address,
1557  const char *dir)
1558 {
1559  char *full_fname = NULL;
1560  char *fname;
1561 
1562  tor_asprintf(&fname, "%s.auth_private", onion_address);
1563  full_fname = hs_path_from_filename(dir, fname);
1564  tor_free(fname);
1565 
1566  return full_fname;
1567 }
1568 
1569 /** Permanently store the credentials in <b>creds</b> to disk.
1570  *
1571  * Return -1 if there was an error while storing the credentials, otherwise
1572  * return 0.
1573  */
1574 static int
1576  const hs_client_service_authorization_t *creds)
1577 {
1578  const or_options_t *options = get_options();
1579  char *full_fname = NULL;
1580  char *file_contents = NULL;
1581  char priv_key_b32[BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)+1];
1582  int retval = -1;
1583 
1584  tor_assert(creds->flags & CLIENT_AUTH_FLAG_IS_PERMANENT);
1585 
1586  /* We need ClientOnionAuthDir to be set, otherwise we can't proceed */
1587  if (!options->ClientOnionAuthDir) {
1588  log_warn(LD_GENERAL, "Can't register permanent client auth credentials "
1589  "for %s without ClientOnionAuthDir option. Discarding.",
1590  creds->onion_address);
1591  goto err;
1592  }
1593 
1594  /* Make sure the directory exists and is private enough. */
1595  if (check_private_dir(options->ClientOnionAuthDir, 0, options->User) < 0) {
1596  goto err;
1597  }
1598 
1599  /* Get filename that we should store the credentials */
1600  full_fname = get_client_auth_creds_filename(creds->onion_address,
1601  options->ClientOnionAuthDir);
1602 
1603  /* Encode client private key */
1604  base32_encode(priv_key_b32, sizeof(priv_key_b32),
1605  (char*)creds->enc_seckey.secret_key,
1606  sizeof(creds->enc_seckey.secret_key));
1607 
1608  /* Get the full file contents and write it to disk! */
1609  tor_asprintf(&file_contents, "%s:descriptor:x25519:%s",
1610  creds->onion_address, priv_key_b32);
1611  if (write_str_to_file(full_fname, file_contents, 0) < 0) {
1612  log_warn(LD_GENERAL, "Failed to write client auth creds file for %s!",
1613  creds->onion_address);
1614  goto err;
1615  }
1616 
1617  retval = 0;
1618 
1619  err:
1620  tor_free(file_contents);
1621  tor_free(full_fname);
1622 
1623  return retval;
1624 }
1625 
1626 /** Register the credential <b>creds</b> as part of the client auth subsystem.
1627  *
1628  * Takes ownership of <b>creds</b>.
1629  **/
1630 hs_client_register_auth_status_t
1632 {
1633  ed25519_public_key_t service_identity_pk;
1634  hs_client_service_authorization_t *old_creds = NULL;
1635  hs_client_register_auth_status_t retval = REGISTER_SUCCESS;
1636 
1637  tor_assert(creds);
1638 
1639  if (!client_auths) {
1640  client_auths = digest256map_new();
1641  }
1642 
1643  if (hs_parse_address(creds->onion_address, &service_identity_pk,
1644  NULL, NULL) < 0) {
1645  client_service_authorization_free(creds);
1646  return REGISTER_FAIL_BAD_ADDRESS;
1647  }
1648 
1649  /* If we reach this point, the credentials will be stored one way or another:
1650  * Make them permanent if the user asked us to. */
1651  if (creds->flags & CLIENT_AUTH_FLAG_IS_PERMANENT) {
1652  if (store_permanent_client_auth_credentials(creds) < 0) {
1653  client_service_authorization_free(creds);
1654  return REGISTER_FAIL_PERMANENT_STORAGE;
1655  }
1656  }
1657 
1658  old_creds = digest256map_get(client_auths, service_identity_pk.pubkey);
1659  if (old_creds) {
1660  digest256map_remove(client_auths, service_identity_pk.pubkey);
1661  client_service_authorization_free(old_creds);
1662  retval = REGISTER_SUCCESS_ALREADY_EXISTS;
1663  }
1664 
1665  digest256map_set(client_auths, service_identity_pk.pubkey, creds);
1666 
1667  /** Now that we set the new credentials, also try to decrypt any cached
1668  * descriptors. */
1669  if (hs_cache_client_new_auth_parse(&service_identity_pk)) {
1670  retval = REGISTER_SUCCESS_AND_DECRYPTED;
1671  }
1672 
1673  return retval;
1674 }
1675 
1676 /** Load a client authorization file with <b>filename</b> that is stored under
1677  * the global client auth directory, and return a newly-allocated credentials
1678  * object if it parsed well. Otherwise, return NULL.
1679  */
1682  const or_options_t *options)
1683 {
1684  hs_client_service_authorization_t *auth = NULL;
1685  char *client_key_file_path = NULL;
1686  char *client_key_str = NULL;
1687 
1688  log_info(LD_REND, "Loading a client authorization key file %s...",
1689  filename);
1690 
1691  if (!auth_key_filename_is_valid(filename)) {
1692  log_notice(LD_REND, "Client authorization unrecognized filename %s. "
1693  "File must end in .auth_private. Ignoring.",
1694  filename);
1695  goto err;
1696  }
1697 
1698  /* Create a full path for a file. */
1699  client_key_file_path = hs_path_from_filename(options->ClientOnionAuthDir,
1700  filename);
1701 
1702  client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1703  if (!client_key_str) {
1704  log_warn(LD_REND, "The file %s cannot be read.", filename);
1705  goto err;
1706  }
1707 
1708  auth = parse_auth_file_content(client_key_str);
1709  if (!auth) {
1710  goto err;
1711  }
1712 
1713  err:
1714  tor_free(client_key_str);
1715  tor_free(client_key_file_path);
1716 
1717  return auth;
1718 }
1719 
1720 /*
1721  * Remove the file in <b>filename</b> under the global client auth credential
1722  * storage.
1723  */
1724 static void
1725 remove_client_auth_creds_file(const char *filename)
1726 {
1727  char *creds_file_path = NULL;
1728  const or_options_t *options = get_options();
1729 
1730  creds_file_path = hs_path_from_filename(options->ClientOnionAuthDir,
1731  filename);
1732  if (tor_unlink(creds_file_path) != 0) {
1733  log_warn(LD_REND, "Failed to remove client auth file (%s).",
1734  creds_file_path);
1735  goto end;
1736  }
1737 
1738  log_warn(LD_REND, "Successfuly removed client auth file (%s).",
1739  creds_file_path);
1740 
1741  end:
1742  tor_free(creds_file_path);
1743 }
1744 
1745 /**
1746  * Find the filesystem file corresponding to the permanent client auth
1747  * credentials in <b>cred</b> and remove it.
1748  */
1749 static void
1752 {
1753  smartlist_t *file_list = NULL;
1754  const or_options_t *options = get_options();
1755 
1757 
1758  if (!options->ClientOnionAuthDir) {
1759  log_warn(LD_REND, "Found permanent credential but no ClientOnionAuthDir "
1760  "configured. There is no file to be removed.");
1761  goto end;
1762  }
1763 
1764  file_list = tor_listdir(options->ClientOnionAuthDir);
1765  if (file_list == NULL) {
1766  log_warn(LD_REND, "Client authorization key directory %s can't be listed.",
1767  options->ClientOnionAuthDir);
1768  goto end;
1769  }
1770 
1771  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1772  hs_client_service_authorization_t *tmp_cred = NULL;
1773 
1774  tmp_cred = get_creds_from_client_auth_filename(filename, options);
1775  if (!tmp_cred) {
1776  continue;
1777  }
1778 
1779  /* Find the right file for this credential */
1780  if (!strcmp(tmp_cred->onion_address, cred->onion_address)) {
1781  /* Found it! Remove the file! */
1782  remove_client_auth_creds_file(filename);
1783  /* cleanup and get out of here */
1784  client_service_authorization_free(tmp_cred);
1785  break;
1786  }
1787 
1788  client_service_authorization_free(tmp_cred);
1789  } SMARTLIST_FOREACH_END(filename);
1790 
1791  end:
1792  if (file_list) {
1793  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1794  smartlist_free(file_list);
1795  }
1796 }
1797 
1798 /** Remove client auth credentials for the service <b>hs_address</b>. */
1799 hs_client_removal_auth_status_t
1801 {
1802  ed25519_public_key_t service_identity_pk;
1803 
1804  if (!client_auths) {
1805  return REMOVAL_SUCCESS_NOT_FOUND;
1806  }
1807 
1808  if (hs_parse_address(hsaddress, &service_identity_pk, NULL, NULL) < 0) {
1809  return REMOVAL_BAD_ADDRESS;
1810  }
1811 
1812  hs_client_service_authorization_t *cred = NULL;
1813  cred = digest256map_remove(client_auths, service_identity_pk.pubkey);
1814 
1815  /* digestmap_remove() returns the previously stored data if there were any */
1816  if (cred) {
1817  if (cred->flags & CLIENT_AUTH_FLAG_IS_PERMANENT) {
1818  /* These creds are stored on disk: remove the corresponding file. */
1820  }
1821 
1822  /* Remove associated descriptor if any. */
1823  hs_cache_remove_as_client(&service_identity_pk);
1824 
1825  client_service_authorization_free(cred);
1826  return REMOVAL_SUCCESS;
1827  }
1828 
1829  return REMOVAL_SUCCESS_NOT_FOUND;
1830 }
1831 
1832 /** Get the HS client auth map. */
1833 digest256map_t *
1835 {
1836  return client_auths;
1837 }
1838 
1839 /* ========== */
1840 /* Public API */
1841 /* ========== */
1842 
1843 /** Called when a circuit was just cleaned up. This is done right before the
1844  * circuit is marked for close. */
1845 void
1847 {
1848  bool has_timed_out;
1849 
1850  tor_assert(circ);
1852 
1853  has_timed_out =
1854  (circ->marked_for_close_orig_reason == END_CIRC_REASON_TIMEOUT);
1855 
1856  switch (circ->purpose) {
1861  /* Report extended SOCKS error code when a rendezvous circuit times out.
1862  * This MUST be done on_close() because it is possible the entry
1863  * connection would get closed before the circuit is freed and thus
1864  * would fail to report the error code. */
1865  if (has_timed_out) {
1866  socks_report_rend_circuit_timed_out(CONST_TO_ORIGIN_CIRCUIT(circ));
1867  }
1868  break;
1869  default:
1870  break;
1871  }
1872 }
1873 
1874 /** Called when a circuit was just cleaned up. This is done right before the
1875  * circuit is freed. */
1876 void
1878 {
1879  bool has_timed_out;
1880  rend_intro_point_failure_t failure = INTRO_POINT_FAILURE_GENERIC;
1881  const origin_circuit_t *orig_circ = NULL;
1882 
1883  tor_assert(circ);
1885 
1886  orig_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
1887  tor_assert(orig_circ->hs_ident);
1888 
1889  has_timed_out =
1890  (circ->marked_for_close_orig_reason == END_CIRC_REASON_TIMEOUT);
1891  if (has_timed_out) {
1892  failure = INTRO_POINT_FAILURE_TIMEOUT;
1893  }
1894 
1895  switch (circ->purpose) {
1897  log_info(LD_REND, "Failed v3 intro circ for service %s to intro point %s "
1898  "(awaiting ACK). Failure code: %d",
1899  safe_str_client(ed25519_fmt(&orig_circ->hs_ident->identity_pk)),
1900  safe_str_client(build_state_get_exit_nickname(orig_circ->build_state)),
1901  failure);
1903  &orig_circ->hs_ident->intro_auth_pk,
1904  failure);
1905  break;
1907  if (has_timed_out || !orig_circ->build_state) {
1908  break;
1909  }
1910  failure = INTRO_POINT_FAILURE_UNREACHABLE;
1911  log_info(LD_REND, "Failed v3 intro circ for service %s to intro point %s "
1912  "(while building circuit). Marking as unreachable.",
1913  safe_str_client(ed25519_fmt(&orig_circ->hs_ident->identity_pk)),
1914  safe_str_client(build_state_get_exit_nickname(orig_circ->build_state)));
1916  &orig_circ->hs_ident->intro_auth_pk,
1917  failure);
1918  break;
1919  default:
1920  break;
1921  }
1922 }
1923 
1924 /** A circuit just finished connecting to a hidden service that the stream
1925  * <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
1926 void
1928 {
1930 
1931  if (BUG(conn->rend_data && conn->hs_ident)) {
1932  log_warn(LD_BUG, "Stream had both rend_data and hs_ident..."
1933  "Prioritizing hs_ident");
1934  }
1935 
1936  if (conn->hs_ident) { /* It's v3: pass it to the prop224 handler */
1937  note_connection_attempt_succeeded(conn->hs_ident);
1938  return;
1939  } else if (conn->rend_data) { /* It's v2: pass it to the legacy handler */
1941  return;
1942  }
1943 }
1944 
1945 /** With the given encoded descriptor in desc_str and the service key in
1946  * service_identity_pk, decode the descriptor and set the desc pointer with a
1947  * newly allocated descriptor object.
1948  *
1949  * On success, HS_DESC_DECODE_OK is returned and desc is set to the decoded
1950  * descriptor. On error, desc is set to NULL and a decoding error status is
1951  * returned depending on what was the issue. */
1953 hs_client_decode_descriptor(const char *desc_str,
1954  const ed25519_public_key_t *service_identity_pk,
1955  hs_descriptor_t **desc)
1956 {
1958  hs_subcredential_t subcredential;
1959  ed25519_public_key_t blinded_pubkey;
1960  hs_client_service_authorization_t *client_auth = NULL;
1961  curve25519_secret_key_t *client_auth_sk = NULL;
1962 
1963  tor_assert(desc_str);
1964  tor_assert(service_identity_pk);
1965  tor_assert(desc);
1966 
1967  /* Check if we have a client authorization for this service in the map. */
1968  client_auth = find_client_auth(service_identity_pk);
1969  if (client_auth) {
1970  client_auth_sk = &client_auth->enc_seckey;
1971  }
1972 
1973  /* Create subcredential for this HS so that we can decrypt */
1974  {
1975  uint64_t current_time_period = hs_get_time_period_num(0);
1976  hs_build_blinded_pubkey(service_identity_pk, NULL, 0, current_time_period,
1977  &blinded_pubkey);
1978  hs_get_subcredential(service_identity_pk, &blinded_pubkey, &subcredential);
1979  }
1980 
1981  /* Parse descriptor */
1982  ret = hs_desc_decode_descriptor(desc_str, &subcredential,
1983  client_auth_sk, desc);
1984  memwipe(&subcredential, 0, sizeof(subcredential));
1985  if (ret != HS_DESC_DECODE_OK) {
1986  goto err;
1987  }
1988 
1989  /* Make sure the descriptor signing key cross certifies with the computed
1990  * blinded key. Without this validation, anyone knowing the subcredential
1991  * and onion address can forge a descriptor. */
1992  tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
1993  if (tor_cert_checksig(cert,
1994  &blinded_pubkey, approx_time()) < 0) {
1995  log_warn(LD_GENERAL, "Descriptor signing key certificate signature "
1996  "doesn't validate with computed blinded key: %s",
1998  ret = HS_DESC_DECODE_GENERIC_ERROR;
1999  goto err;
2000  }
2001 
2002  return HS_DESC_DECODE_OK;
2003  err:
2004  return ret;
2005 }
2006 
2007 /** Return true iff there are at least one usable intro point in the service
2008  * descriptor desc. */
2009 int
2011  const hs_descriptor_t *desc)
2012 {
2013  tor_assert(service_pk);
2014  tor_assert(desc);
2015 
2017  const hs_desc_intro_point_t *, ip) {
2018  if (intro_point_is_usable(service_pk, ip)) {
2019  goto usable;
2020  }
2021  } SMARTLIST_FOREACH_END(ip);
2022 
2023  return 0;
2024  usable:
2025  return 1;
2026 }
2027 
2028 /** Launch a connection to a hidden service directory to fetch a hidden
2029  * service descriptor using <b>identity_pk</b> to get the necessary keys.
2030  *
2031  * A hs_client_fetch_status_t code is returned. */
2032 int
2034 {
2035  hs_client_fetch_status_t status;
2036 
2037  tor_assert(identity_pk);
2038 
2039  if (!can_client_refetch_desc(identity_pk, &status)) {
2040  return status;
2041  }
2042 
2043  /* Try to fetch the desc and if we encounter an unrecoverable error, mark
2044  * the desc as unavailable for now. */
2045  status = fetch_v3_desc(identity_pk);
2046  if (fetch_status_should_close_socks(status)) {
2047  close_all_socks_conns_waiting_for_desc(identity_pk, status,
2048  END_STREAM_REASON_RESOLVEFAILED);
2049  /* Remove HSDir fetch attempts so that we can retry later if the user
2050  * wants us to regardless of if we closed any connections. */
2051  purge_hid_serv_request(identity_pk);
2052  }
2053  return status;
2054 }
2055 
2056 /** This is called when we are trying to attach an AP connection to these
2057  * hidden service circuits from connection_ap_handshake_attach_circuit().
2058  * Return 0 on success, -1 for a transient error that is actions were
2059  * triggered to recover or -2 for a permenent error where both circuits will
2060  * marked for close.
2061  *
2062  * The following supports every hidden service version. */
2063 int
2065  origin_circuit_t *rend_circ)
2066 {
2067  return (intro_circ->hs_ident) ? send_introduce1(intro_circ, rend_circ) :
2068  rend_client_send_introduction(intro_circ,
2069  rend_circ);
2070 }
2071 
2072 /** Called when the client circuit circ has been established. It can be either
2073  * an introduction or rendezvous circuit. This function handles all hidden
2074  * service versions. */
2075 void
2077 {
2078  tor_assert(circ);
2079 
2080  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
2081  * identifier hs_ident. Can't be both. */
2082  switch (TO_CIRCUIT(circ)->purpose) {
2084  if (circ->hs_ident) {
2086  } else {
2088  }
2089  break;
2091  if (circ->hs_ident) {
2093  } else {
2095  }
2096  break;
2097  default:
2098  tor_assert_nonfatal_unreached();
2099  }
2100 }
2101 
2102 /** Called when we receive a RENDEZVOUS_ESTABLISHED cell. Change the state of
2103  * the circuit to CIRCUIT_PURPOSE_C_REND_READY. Return 0 on success else a
2104  * negative value and the circuit marked for close. */
2105 int
2107  const uint8_t *payload, size_t payload_len)
2108 {
2109  tor_assert(circ);
2110  tor_assert(payload);
2111 
2112  (void) payload_len;
2113 
2114  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
2115  log_warn(LD_PROTOCOL, "Got a RENDEZVOUS_ESTABLISHED but we were not "
2116  "expecting one. Closing circuit.");
2117  goto err;
2118  }
2119 
2120  log_info(LD_REND, "Received an RENDEZVOUS_ESTABLISHED. This circuit is "
2121  "now ready for rendezvous.");
2123 
2124  /* Set timestamp_dirty, because circuit_expire_building expects it to
2125  * specify when a circuit entered the _C_REND_READY state. */
2126  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2127 
2128  /* From a path bias point of view, this circuit is now successfully used.
2129  * Waiting any longer opens us up to attacks from malicious hidden services.
2130  * They could induce the client to attempt to connect to their hidden
2131  * service and never reply to the client's rend requests */
2133 
2134  /* If we already have the introduction circuit built, make sure we send
2135  * the INTRODUCE cell _now_ */
2137 
2138  return 0;
2139  err:
2140  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2141  return -1;
2142 }
2143 
2144 void
2145 client_service_authorization_free_(hs_client_service_authorization_t *auth)
2146 {
2147  if (!auth) {
2148  return;
2149  }
2150 
2151  memwipe(auth, 0, sizeof(*auth));
2152  tor_free(auth);
2153 }
2154 
2155 /** Helper for digest256map_free. */
2156 static void
2158 {
2159  client_service_authorization_free_(auth);
2160 }
2161 
2162 static void
2163 client_service_authorization_free_all(void)
2164 {
2165  if (!client_auths) {
2166  return;
2167  }
2169 }
2170 
2171 /** Check if the auth key file name is valid or not. Return 1 if valid,
2172  * otherwise return 0. */
2173 STATIC int
2174 auth_key_filename_is_valid(const char *filename)
2175 {
2176  int ret = 1;
2177  const char *valid_extension = ".auth_private";
2178 
2179  tor_assert(filename);
2180 
2181  /* The length of the filename must be greater than the length of the
2182  * extension and the valid extension must be at the end of filename. */
2183  if (!strcmpend(filename, valid_extension) &&
2184  strlen(filename) != strlen(valid_extension)) {
2185  ret = 1;
2186  } else {
2187  ret = 0;
2188  }
2189 
2190  return ret;
2191 }
2192 
2193 /** Parse the client auth credentials off a string in <b>client_key_str</b>
2194  * based on the file format documented in the "Client side configuration"
2195  * section of rend-spec-v3.txt.
2196  *
2197  * Return NULL if there was an error, otherwise return a newly allocated
2198  * hs_client_service_authorization_t structure.
2199  */
2201 parse_auth_file_content(const char *client_key_str)
2202 {
2203  char *onion_address = NULL;
2204  char *auth_type = NULL;
2205  char *key_type = NULL;
2206  char *seckey_b32 = NULL;
2207  hs_client_service_authorization_t *auth = NULL;
2208  smartlist_t *fields = smartlist_new();
2209 
2210  tor_assert(client_key_str);
2211 
2212  smartlist_split_string(fields, client_key_str, ":",
2213  SPLIT_SKIP_SPACE, 0);
2214  /* Wrong number of fields. */
2215  if (smartlist_len(fields) != 4) {
2216  goto err;
2217  }
2218 
2219  onion_address = smartlist_get(fields, 0);
2220  auth_type = smartlist_get(fields, 1);
2221  key_type = smartlist_get(fields, 2);
2222  seckey_b32 = smartlist_get(fields, 3);
2223 
2224  /* Currently, the only supported auth type is "descriptor" and the only
2225  * supported key type is "x25519". */
2226  if (strcmp(auth_type, "descriptor") || strcmp(key_type, "x25519")) {
2227  goto err;
2228  }
2229 
2230  if (strlen(seckey_b32) != BASE32_NOPAD_LEN(CURVE25519_SECKEY_LEN)) {
2231  log_warn(LD_REND, "Client authorization encoded base32 private key "
2232  "length is invalid: %s", seckey_b32);
2233  goto err;
2234  }
2235 
2236  auth = tor_malloc_zero(sizeof(hs_client_service_authorization_t));
2237  if (base32_decode((char *) auth->enc_seckey.secret_key,
2238  sizeof(auth->enc_seckey.secret_key),
2239  seckey_b32, strlen(seckey_b32)) !=
2240  sizeof(auth->enc_seckey.secret_key)) {
2241  log_warn(LD_REND, "Client authorization encoded base32 private key "
2242  "can't be decoded: %s", seckey_b32);
2243  goto err;
2244  }
2245  strncpy(auth->onion_address, onion_address, HS_SERVICE_ADDR_LEN_BASE32);
2246 
2247  /* We are reading this from the disk, so set the permanent flag anyway. */
2248  auth->flags |= CLIENT_AUTH_FLAG_IS_PERMANENT;
2249 
2250  /* Success. */
2251  goto done;
2252 
2253  err:
2254  client_service_authorization_free(auth);
2255  done:
2256  /* It is also a good idea to wipe the private key. */
2257  if (seckey_b32) {
2258  memwipe(seckey_b32, 0, strlen(seckey_b32));
2259  }
2260  tor_assert(fields);
2261  SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
2262  smartlist_free(fields);
2263  return auth;
2264 }
2265 
2266 /** From a set of <b>options</b>, setup every client authorization detail
2267  * found. Return 0 on success or -1 on failure. If <b>validate_only</b>
2268  * is set, parse, warn and return as normal, but don't actually change
2269  * the configuration. */
2270 int
2272  int validate_only)
2273 {
2274  int ret = -1;
2275  digest256map_t *auths = digest256map_new();
2276  smartlist_t *file_list = NULL;
2277 
2278  tor_assert(options);
2279 
2280  /* There is no client auth configured. We can just silently ignore this
2281  * function. */
2282  if (!options->ClientOnionAuthDir) {
2283  ret = 0;
2284  goto end;
2285  }
2286 
2287  /* Make sure the directory exists and is private enough. */
2288  if (check_private_dir(options->ClientOnionAuthDir, 0, options->User) < 0) {
2289  goto end;
2290  }
2291 
2292  file_list = tor_listdir(options->ClientOnionAuthDir);
2293  if (file_list == NULL) {
2294  log_warn(LD_REND, "Client authorization key directory %s can't be listed.",
2295  options->ClientOnionAuthDir);
2296  goto end;
2297  }
2298 
2299  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
2300  hs_client_service_authorization_t *auth = NULL;
2301  ed25519_public_key_t identity_pk;
2302 
2303  auth = get_creds_from_client_auth_filename(filename, options);
2304  if (!auth) {
2305  continue;
2306  }
2307 
2308  /* Parse the onion address to get an identity public key and use it
2309  * as a key of global map in the future. */
2310  if (hs_parse_address(auth->onion_address, &identity_pk,
2311  NULL, NULL) < 0) {
2312  log_warn(LD_REND, "The onion address \"%s\" is invalid in "
2313  "file %s", filename, auth->onion_address);
2314  client_service_authorization_free(auth);
2315  continue;
2316  }
2317 
2318  if (digest256map_get(auths, identity_pk.pubkey)) {
2319  log_warn(LD_REND, "Duplicate authorization for the same hidden "
2320  "service address %s.",
2321  safe_str_client_opts(options, auth->onion_address));
2322  client_service_authorization_free(auth);
2323  goto end;
2324  }
2325 
2326  digest256map_set(auths, identity_pk.pubkey, auth);
2327  log_info(LD_REND, "Loaded a client authorization key file %s.",
2328  filename);
2329  } SMARTLIST_FOREACH_END(filename);
2330 
2331  /* Success. */
2332  ret = 0;
2333 
2334  end:
2335  if (file_list) {
2336  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
2337  smartlist_free(file_list);
2338  }
2339 
2340  if (!validate_only && ret == 0) {
2341  client_service_authorization_free_all();
2342  client_auths = auths;
2343  } else {
2344  digest256map_free(auths, client_service_authorization_free_void);
2345  }
2346 
2347  return ret;
2348 }
2349 
2350 /** Called when a descriptor directory fetch is done.
2351  *
2352  * Act accordingly on all entry connections depending on the HTTP status code
2353  * we got. In case of an error, the SOCKS error is set (if ExtendedErrors is
2354  * set).
2355  *
2356  * The reason is a human readable string returned by the directory server
2357  * which can describe the status of the request. The body is the response
2358  * content, on 200 code it is the descriptor itself. Finally, the status_code
2359  * is the HTTP code returned by the directory server. */
2360 void
2361 hs_client_dir_fetch_done(dir_connection_t *dir_conn, const char *reason,
2362  const char *body, const int status_code)
2363 {
2364  smartlist_t *entry_conns;
2365 
2366  tor_assert(dir_conn);
2367  tor_assert(body);
2368 
2369  /* Get all related entry connections. */
2370  entry_conns = find_entry_conns(&dir_conn->hs_ident->identity_pk);
2371 
2372  switch (status_code) {
2373  case 200:
2374  client_dir_fetch_200(dir_conn, entry_conns, body);
2375  break;
2376  case 404:
2377  client_dir_fetch_404(dir_conn, entry_conns);
2378  break;
2379  case 400:
2380  client_dir_fetch_400(dir_conn, reason);
2381  break;
2382  default:
2383  client_dir_fetch_unexpected(dir_conn, reason, status_code);
2384  break;
2385  }
2386 
2387  /* We don't have ownership of the objects in this list. */
2388  smartlist_free(entry_conns);
2389 }
2390 
2391 /** Return a newly allocated extend_info_t for a randomly chosen introduction
2392  * point for the given edge connection identifier ident. Return NULL if we
2393  * can't pick any usable introduction points. */
2394 extend_info_t *
2396 {
2397  tor_assert(edge_conn);
2398 
2399  return (edge_conn->hs_ident) ?
2400  client_get_random_intro(&edge_conn->hs_ident->identity_pk) :
2402 }
2403 
2404 /** Called when get an INTRODUCE_ACK cell on the introduction circuit circ.
2405  * Return 0 on success else a negative value is returned. The circuit will be
2406  * closed or reuse to extend again to another intro point. */
2407 int
2409  const uint8_t *payload, size_t payload_len)
2410 {
2411  int ret = -1;
2412 
2413  tor_assert(circ);
2414  tor_assert(payload);
2415 
2416  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
2417  log_warn(LD_PROTOCOL, "Unexpected INTRODUCE_ACK on circuit %u.",
2418  (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
2419  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2420  goto end;
2421  }
2422 
2423  ret = (circ->hs_ident) ? handle_introduce_ack(circ, payload, payload_len) :
2424  rend_client_introduction_acked(circ, payload,
2425  payload_len);
2426  /* For path bias: This circuit was used successfully. NACK or ACK counts. */
2428 
2429  end:
2430  return ret;
2431 }
2432 
2433 /** Called when get a RENDEZVOUS2 cell on the rendezvous circuit circ. Return
2434  * 0 on success else a negative value is returned. The circuit will be closed
2435  * on error. */
2436 int
2438  const uint8_t *payload, size_t payload_len)
2439 {
2440  int ret = -1;
2441 
2442  tor_assert(circ);
2443  tor_assert(payload);
2444 
2445  /* Circuit can possibly be in both state because we could receive a
2446  * RENDEZVOUS2 cell before the INTRODUCE_ACK has been received. */
2447  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_REND_READY &&
2449  log_warn(LD_PROTOCOL, "Unexpected RENDEZVOUS2 cell on circuit %u. "
2450  "Closing circuit.",
2451  (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
2452  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2453  goto end;
2454  }
2455 
2456  log_info(LD_REND, "Got RENDEZVOUS2 cell from hidden service on circuit %u.",
2457  TO_CIRCUIT(circ)->n_circ_id);
2458 
2459  ret = (circ->hs_ident) ? handle_rendezvous2(circ, payload, payload_len) :
2460  rend_client_receive_rendezvous(circ, payload,
2461  payload_len);
2462  end:
2463  return ret;
2464 }
2465 
2466 /** Extend the introduction circuit circ to another valid introduction point
2467  * for the hidden service it is trying to connect to, or mark it and launch a
2468  * new circuit if we can't extend it. Return 0 on success or possible
2469  * success. Return -1 and mark the introduction circuit for close on permanent
2470  * failure.
2471  *
2472  * On failure, the caller is responsible for marking the associated rendezvous
2473  * circuit for close. */
2474 int
2476 {
2477  int ret = -1;
2478  extend_info_t *ei;
2479 
2480  tor_assert(circ);
2481 
2482  ei = (circ->hs_ident) ?
2485  if (ei == NULL) {
2486  log_warn(LD_REND, "No usable introduction points left. Closing.");
2487  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
2488  goto end;
2489  }
2490 
2491  if (circ->remaining_relay_early_cells) {
2492  log_info(LD_REND, "Re-extending circ %u, this time to %s.",
2493  (unsigned int) TO_CIRCUIT(circ)->n_circ_id,
2494  safe_str_client(extend_info_describe(ei)));
2495  ret = circuit_extend_to_new_exit(circ, ei);
2496  if (ret == 0) {
2497  /* We were able to extend so update the timestamp so we avoid expiring
2498  * this circuit too early. The intro circuit is short live so the
2499  * linkability issue is minimized, we just need the circuit to hold a
2500  * bit longer so we can introduce. */
2501  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2502  }
2503  } else {
2504  log_info(LD_REND, "Closing intro circ %u (out of RELAY_EARLY cells).",
2505  (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
2506  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
2507  /* connection_ap_handshake_attach_circuit will launch a new intro circ. */
2508  ret = 0;
2509  }
2510 
2511  end:
2512  extend_info_free(ei);
2513  return ret;
2514 }
2515 
2516 /** Close all client introduction circuits related to the given descriptor.
2517  * This is called with a descriptor that is about to get replaced in the
2518  * client cache.
2519  *
2520  * Even though the introduction point might be exactly the same, we'll rebuild
2521  * them if needed but the odds are very low that an existing matching
2522  * introduction circuit exists at that stage. */
2523 void
2525 {
2526  origin_circuit_t *ocirc = NULL;
2527 
2528  tor_assert(desc);
2529 
2530  /* We iterate over all client intro circuits because they aren't kept in the
2531  * HS circuitmap. That is probably something we want to do one day. */
2532  while ((ocirc = circuit_get_next_intro_circ(ocirc, true))) {
2533  if (ocirc->hs_ident == NULL) {
2534  /* Not a v3 circuit, ignore it. */
2535  continue;
2536  }
2537 
2538  /* Does it match any IP in the given descriptor? If not, ignore. */
2539  if (find_desc_intro_point_by_ident(ocirc->hs_ident, desc) == NULL) {
2540  continue;
2541  }
2542 
2543  /* We have a match. Close the circuit as consider it expired. */
2544  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2545  }
2546 }
2547 
2548 /** Release all the storage held by the client subsystem. */
2549 void
2551 {
2552  /* Purge the hidden service request cache. */
2554  client_service_authorization_free_all();
2555 }
2556 
2557 /** Purge all potentially remotely-detectable state held in the hidden
2558  * service client code. Called on SIGNAL NEWNYM. */
2559 void
2561 {
2562  /* v2 subsystem. */
2564 
2565  /* Cancel all descriptor fetches. Do this first so once done we are sure
2566  * that our descriptor cache won't modified. */
2567  cancel_descriptor_fetches();
2568  /* Purge the introduction point state cache. */
2570  /* Purge the descriptor cache. */
2572  /* Purge the last hidden service request cache. */
2574  /* Purge ephemeral client authorization. */
2576 
2577  log_info(LD_REND, "Hidden service client state has been purged.");
2578 }
2579 
2580 /** Called when our directory information has changed. */
2581 void
2583 {
2584  /* We have possibly reached the minimum directory information or new
2585  * consensus so retry all pending SOCKS connection in
2586  * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
2588 }
2589 
2590 #ifdef TOR_UNIT_TESTS
2591 
2592 STATIC void
2593 set_hs_client_auths_map(digest256map_t *map)
2594 {
2595  client_auths = map;
2596 }
2597 
2598 #endif /* defined(TOR_UNIT_TESTS) */
int hs_circ_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ, const hs_desc_intro_point_t *ip, const hs_subcredential_t *subcredential)
Definition: hs_circuit.c:1147
uint32_t unreachable_count
Definition: hs_cache.h:37
#define CIRCUIT_PURPOSE_C_INTRODUCING
Definition: circuitlist.h:75
void hs_client_purge_state(void)
Definition: hs_client.c:2560
int rend_client_introduction_acked(origin_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: rendclient.c:376
static void close_all_socks_conns_waiting_for_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t status, int reason)
Definition: hs_client.c:268
int hs_cell_parse_rendezvous2(const uint8_t *payload, size_t payload_len, uint8_t *handshake_info, size_t handshake_info_len)
Definition: hs_cell.c:1098
Header file for dirclient.c.
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
Definition: hs_common.c:1713
void hs_client_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const smartlist_t *hsdirs)
Definition: hs_client.c:485
hs_client_register_auth_status_t hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
Definition: hs_client.c:1631
char identity_digest[DIGEST_LEN]
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
Definition: routerset.c:293
static char * get_client_auth_creds_filename(const char *onion_address, const char *dir)
Definition: hs_client.c:1556
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
Definition: circuitlist.h:88
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:34
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:957
#define TO_CONN(c)
Definition: or.h:735
int marked_for_close_orig_reason
Definition: circuit_st.h:201
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
static int directory_request_is_pending(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:218
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
static digest256map_t * client_auths
Definition: hs_client.c:49
static void client_dir_fetch_404(dir_connection_t *dir_conn, const smartlist_t *entry_conns)
Definition: hs_client.c:1493
ed25519_public_key_t signed_key
Definition: torcert.h:30
unsigned int timed_out
Definition: hs_cache.h:34
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
Definition: torcert.c:244
Header file containing client data for the HS subsytem.
extend_info_t * chosen_exit
void hs_control_desc_event_received(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest)
Definition: hs_control.c:89
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:204
static int handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:1169
hs_desc_encrypted_data_t encrypted_data
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Definition: hs_ident.c:69
Header file for connection.c.
int rend_client_send_introduction(origin_circuit_t *introcirc, origin_circuit_t *rendcirc)
Definition: rendclient.c:112
curve25519_keypair_t rendezvous_client_kp
Definition: hs_ident.h:72
int hs_client_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
Definition: hs_client.c:2064
void hs_client_dir_info_changed(void)
Definition: hs_client.c:2582
static void client_desc_has_arrived(const smartlist_t *entry_conns)
Definition: hs_client.c:1369
#define LD_GENERAL
Definition: log.h:62
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:146
static int intro_circ_is_ok(const origin_circuit_t *circ)
Definition: hs_client.c:504
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:815
curve25519_secret_key_t enc_seckey
Definition: hs_client.h:69
Header file for describe.c.
Header file for nodelist.c.
static void socks_report_rend_circuit_timed_out(const origin_circuit_t *rend_circ)
Definition: hs_client.c:1000
void rend_client_note_connection_attempt_ended(const rend_data_t *rend_data)
Definition: rendclient.c:967
struct edge_connection_t * next_stream
uint8_t purpose
Definition: circuit_st.h:111
int hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len)
Definition: hs_cell.c:1063
hs_subcredential_t subcredential
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:242
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:178
static int close_or_reextend_intro_circ(origin_circuit_t *intro_circ)
Definition: hs_client.c:1047
static void client_dir_fetch_400(dir_connection_t *dir_conn, const char *reason)
Definition: hs_client.c:1517
#define ED25519_BASE64_LEN
Definition: x25519_sizes.h:40
#define AP_CONN_STATE_RENDDESC_WAIT
void hs_cache_purge_as_client(void)
Definition: hs_cache.c:939
struct directory_request_t directory_request_t
Definition: dirclient.h:52
int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
Definition: hs_ident.c:104
#define TO_CIRCUIT(x)
Definition: or.h:951
#define CIRCUIT_PURPOSE_C_REND_READY
Definition: circuitlist.h:85
Header file for config.c.
const or_options_t * get_options(void)
Definition: config.c:925
#define tor_assert(expr)
Definition: util_bug.h:102
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
const hs_cache_intro_state_t * hs_cache_client_intro_state_find(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key)
Definition: hs_cache.c:979
static void socks_report_introduction_failed(entry_connection_t *conn, const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:1024
smartlist_t * tor_listdir(const char *dirname)
Definition: dir.c:307
unsigned int error
Definition: hs_cache.h:31
static hs_client_service_authorization_t * get_creds_from_client_auth_filename(const char *filename, const or_options_t *options)
Definition: hs_client.c:1681
void ed25519_public_to_base64(char *output, const ed25519_public_key_t *pkey)
int hs_client_reextend_intro_circuit(origin_circuit_t *circ)
Definition: hs_client.c:2475
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
static int intro_point_is_usable(const ed25519_public_key_t *service_pk, const hs_desc_intro_point_t *ip)
Definition: hs_client.c:823
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:140
#define tor_free(p)
Definition: malloc.h:52
static const hs_desc_intro_point_t * find_desc_intro_point_by_ident(const hs_ident_circuit_t *ident, const hs_descriptor_t *desc)
Definition: hs_client.c:531
static void handle_introduce_ack_success(origin_circuit_t *intro_circ)
Definition: hs_client.c:1099
networkstatus_t * networkstatus_get_live_consensus(time_t now)
int hs_ntor_client_rendezvous2_mac_is_good(const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys, const uint8_t *rcvd_mac)
Definition: hs_ntor.c:594
void hs_client_dir_fetch_done(dir_connection_t *dir_conn, const char *reason, const char *body, const int status_code)
Definition: hs_client.c:2361
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1041
smartlist_t * smartlist_new(void)
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:89
static int store_permanent_client_auth_credentials(const hs_client_service_authorization_t *creds)
Definition: hs_client.c:1575
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1340
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1598
edge_connection_t * TO_EDGE_CONN(connection_t *c)
#define STATIC
Definition: testsupport.h:32
void hs_control_desc_event_failed(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *reason)
Definition: hs_control.c:65
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2324
int write_str_to_file(const char *fname, const char *str, int bin)
Definition: files.c:258
void hs_client_close_intro_circuits_from_desc(const hs_descriptor_t *desc)
Definition: hs_client.c:2524
Circuit-build-stse structure.
static void client_desc_missing_bad_client_auth(const smartlist_t *entry_conns, hs_desc_decode_status_t status)
Definition: hs_client.c:1417
void connection_ap_attach_pending(int retry)
#define HS_VERSION_THREE
Definition: hs_common.h:26
Header file for routerset.c.
static int send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
Definition: hs_client.c:595
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:944
unsigned int remaining_relay_early_cells
void hs_control_desc_event_content(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *body)
Definition: hs_control.c:178
#define DIGEST256_LEN
Definition: digest_sizes.h:23
void hs_client_circuit_cleanup_on_free(const circuit_t *circ)
Definition: hs_client.c:1877
char * ClientOnionAuthDir
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
extend_info_t * hs_client_get_random_intro_from_edge(const edge_connection_t *edge_conn)
Definition: hs_client.c:2395
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
hs_desc_decode_status_t hs_client_decode_descriptor(const char *desc_str, const ed25519_public_key_t *service_identity_pk, hs_descriptor_t **desc)
Definition: hs_client.c:1953
hs_desc_plaintext_data_t plaintext_data
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
Common functions for cryptographic routines.
int hs_client_receive_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2408
Header for hs_ntor.c.
static void client_service_authorization_free_void(void *auth)
Definition: hs_client.c:2157
static void setup_intro_circ_auth_key(origin_circuit_t *circ)
Definition: hs_client.c:709
void hs_client_free_all(void)
Definition: hs_client.c:2550
Header for crypto_format.c.
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
Definition: hs_circuit.c:1226
static void handle_introduce_ack_bad(origin_circuit_t *circ, int status)
Definition: hs_client.c:1146
origin_circuit_t * hs_circuitmap_get_established_rend_circ_client_side(const uint8_t *cookie)
const char * safe_str_client_opts(const or_options_t *options, const char *address)
Definition: config.c:1078
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
curve25519_public_key_t onion_key
origin_circuit_t * circuit_get_next_intro_circ(const origin_circuit_t *start, bool want_client_circ)
Definition: circuitlist.c:1723
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:85
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
Definition: circuitlist.h:81
Origin circuit structure.
static void purge_hid_serv_request(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:197
Header file containing cell data for the whole HS subsytem.
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int hs_client_receive_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2437
static void flag_all_conn_wait_desc(const ed25519_public_key_t *service_identity_pk)
Definition: hs_client.c:171
Master header file for Tor-specific functionality.
#define DIR_PURPOSE_FETCH_HSDESC
Definition: directory.h:74
Header file for circuitbuild.c.
void hs_cache_client_intro_state_note(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key, rend_intro_point_failure_t failure)
Definition: hs_cache.c:957
STATIC extend_info_t * desc_intro_point_to_extend_info(const hs_desc_intro_point_t *ip)
Definition: hs_client.c:801
#define fast_memneq(a, b, c)
Definition: di_ops.h:42
int crypto_rand_int(unsigned int max)
#define AP_CONN_STATE_CIRCUIT_WAIT
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
Header file containing circuit and connection identifier data for the whole HS subsytem.
STATIC routerstatus_t * pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk)
Definition: hs_client.c:429
static void client_dir_fetch_200(dir_connection_t *dir_conn, const smartlist_t *entry_conns, const char *body)
Definition: hs_client.c:1441
Entry connection structure.
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_client.h:72
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
static void client_intro_circ_has_opened(origin_circuit_t *circ)
Definition: hs_client.c:747
const char * routerstatus_describe(const routerstatus_t *rs)
Definition: describe.c:184
static void client_dir_fetch_unexpected(dir_connection_t *dir_conn, const char *reason, const int status_code)
Definition: hs_client.c:1535
Header file for circuituse.c.
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
Header file for hs_descriptor.c.
Extend-info structure.
socks5_reply_status_t
Definition: socks5_status.h:20
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
Definition: circuitlist.h:83
STATIC hs_client_fetch_status_t fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
Definition: hs_client.c:466
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
Definition: hs_common.c:1044
time_t timestamp_created
static unsigned int can_client_refetch_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t *status_out)
Definition: hs_client.c:1270
void smartlist_del(smartlist_t *sl, int idx)
Header file for hs_circuitmap.c.
#define LD_REND
Definition: log.h:84
Header file for circuitlist.c.
uint16_t marked_for_close
static hs_desc_intro_point_t * find_desc_intro_point_by_legacy_id(const char *legacy_id, const hs_descriptor_t *desc)
Definition: hs_client.c:555
STATIC void retry_all_socks_conn_waiting_for_desc(void)
Definition: hs_client.c:298
static void note_connection_attempt_succeeded(const hs_ident_edge_conn_t *hs_conn_ident)
Definition: hs_client.c:354
hs_client_removal_auth_status_t hs_client_remove_auth_credentials(const char *hsaddress)
Definition: hs_client.c:1800
void directory_request_fetch_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Definition: dirclient.c:1121
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
Definition: torcert.c:279
static void find_and_remove_client_auth_creds_file(const hs_client_service_authorization_t *cred)
Definition: hs_client.c:1750
static hs_client_service_authorization_t * find_client_auth(const ed25519_public_key_t *service_identity_pk)
Definition: hs_client.c:1355
curve25519_public_key_t enc_key
Client/server directory connection structure.
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
static const char * fetch_status_to_string(hs_client_fetch_status_t status)
Definition: hs_client.c:55
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:1018
#define CLIENT_AUTH_FLAG_IS_PERMANENT
Definition: hs_client.h:63
int hs_client_receive_rendezvous_acked(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2106
#define ENTRY_TO_EDGE_CONN(c)
Header file containing circuit data for the whole HS subsytem.
Header file for connection_edge.c.
rend_data_t * rend_data
origin_circuit_t * hs_circuitmap_get_rend_circ_client_side(const uint8_t *cookie)
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5355
Header file containing control port event related code.
void hs_control_desc_event_requested(const ed25519_public_key_t *onion_pk, const char *base64_blinded_pk, const routerstatus_t *hsdir_rs)
Definition: hs_control.c:29
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Definition: hs_circuit.c:1091
time_t timestamp_last_read_allowed
hs_desc_decode_status_t hs_desc_decode_descriptor(const char *encoded, const hs_subcredential_t *subcredential, const curve25519_secret_key_t *client_auth_sk, hs_descriptor_t **desc_out)
int node_supports_v3_rendezvous_point(const node_t *node)
Definition: nodelist.c:1210
static void mark_conn_as_waiting_for_circuit(connection_t *conn, time_t now)
Definition: hs_client.c:247
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1557
#define MAX_INTRO_POINT_REACHABILITY_FAILURES
Definition: or.h:1065
const char * escaped(const char *s)
Definition: escape.c:126
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:83
static bool intro_points_all_timed_out(const ed25519_public_key_t *service_pk)
Definition: hs_client.c:966
void hs_client_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_client.c:1846
void hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn)
Definition: hs_client.c:1927
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
Definition: circuitlist.h:78
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
hs_desc_decode_status_t hs_cache_store_as_client(const char *desc_str, const ed25519_public_key_t *identity_pk)
Definition: hs_cache.c:860
cpath_build_state_t * build_state
STATIC void purge_ephemeral_client_auth(void)
Definition: hs_client.c:1337
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:90
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:2033
char identity_digest[DIGEST_LEN]
rend_data_t * rend_data
void hs_client_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_client.c:2076
void directory_initiate_request(directory_request_t *request)
Definition: dirclient.c:1231
#define log_fn(severity, domain, args,...)
Definition: log.h:287
smartlist_t * link_specifiers
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
curve25519_public_key_t intro_enc_pk
Definition: hs_ident.h:55
const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key)
Definition: hs_cache.c:829
void hs_cache_remove_as_client(const ed25519_public_key_t *key)
Definition: hs_cache.c:896
edge_connection_t * p_streams
smartlist_t * intro_points
time_t approx_time(void)
Definition: approx_time.c:32
STATIC int handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:1207
#define DIR_PURPOSE_HAS_FETCHED_HSDESC
Definition: directory.h:77
socks5_reply_status_t socks_extended_error_code
void rend_client_purge_state(void)
Definition: rendclient.c:56
int tor_unlink(const char *pathname)
Definition: files.c:154
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1028
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
Header file for hs_cache.c.
Client request structure.
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3095
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
Definition: hs_common.c:1626
void rend_client_rendcirc_has_opened(origin_circuit_t *circ)
Definition: rendclient.c:337
Header file for reasons.c.
#define CONN_TYPE_DIR
Definition: connection.h:53
STATIC int auth_key_filename_is_valid(const char *filename)
Definition: hs_client.c:2174
void hs_circuitmap_register_rend_circ_client_side(origin_circuit_t *or_circ, const uint8_t *cookie)
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:269
static hs_client_fetch_status_t directory_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const routerstatus_t *hsdir)
Definition: hs_client.c:377
int rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: rendclient.c:891
int hs_config_client_authorization(const or_options_t *options, int validate_only)
Definition: hs_client.c:2271
extend_info_t * rend_client_get_random_intro(const rend_data_t *rend_query)
Definition: rendclient.c:1009
struct hs_ident_circuit_t * hs_ident
#define CONN_TYPE_AP
Definition: connection.h:49
static void client_rendezvous_circ_has_opened(origin_circuit_t *circ)
Definition: hs_client.c:764
Header file for rendclient.c.
#define CONN_IS_EDGE(x)
socks_request_t * socks_request
static int fetch_status_should_close_socks(hs_client_fetch_status_t status)
Definition: hs_client.c:80
#define LD_PROTOCOL
Definition: log.h:72
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
Definition: dirclient.c:1158
const char * build_state_get_exit_nickname(cpath_build_state_t *state)
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:661
ed25519_public_key_t identity_pk
Definition: hs_ident.h:90
void hs_cache_client_intro_state_purge(void)
Definition: hs_cache.c:1009
digest256map_t * get_hs_client_auths_map(void)
Definition: hs_client.c:1834
STATIC extend_info_t * client_get_random_intro(const ed25519_public_key_t *service_pk)
Definition: hs_client.c:863
time_t timestamp_last_write_allowed
uint8_t state
Definition: connection_st.h:49
hs_desc_decode_status_t
Definition: hs_descriptor.h:74
STATIC hs_client_service_authorization_t * parse_auth_file_content(const char *client_key_str)
Definition: hs_client.c:2201
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:86
int hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk, const hs_descriptor_t *desc)
Definition: hs_client.c:2010
#define CURVE25519_SECKEY_LEN
Definition: x25519_sizes.h:22
hs_client_fetch_status_t
Definition: hs_client.h:19
int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
void rend_client_introcirc_has_opened(origin_circuit_t *circ)
Definition: rendclient.c:67
tor_cert_t * auth_key_cert
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)