Tor  0.4.7.0-alpha-dev
hs_intropoint.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_intropoint.c
6  * \brief Implement next generation introductions point functionality
7  **/
8 
9 #define HS_INTROPOINT_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "core/or/channel.h"
14 #include "core/or/circuitlist.h"
15 #include "core/or/circuituse.h"
16 #include "core/or/relay.h"
17 #include "feature/rend/rendmid.h"
18 #include "feature/stats/rephist.h"
20 
21 /* Trunnel */
22 #include "trunnel/ed25519_cert.h"
23 #include "trunnel/hs/cell_common.h"
24 #include "trunnel/hs/cell_establish_intro.h"
25 #include "trunnel/hs/cell_introduce1.h"
26 
28 #include "feature/hs/hs_common.h"
29 #include "feature/hs/hs_config.h"
31 #include "feature/hs/hs_dos.h"
33 
34 #include "core/or/or_circuit_st.h"
35 
36 /** Extract the authentication key from an ESTABLISH_INTRO or INTRODUCE1 using
37  * the given <b>cell_type</b> from <b>cell</b> and place it in
38  * <b>auth_key_out</b>. */
39 STATIC void
41  unsigned int cell_type, const void *cell)
42 {
43  size_t auth_key_len;
44  const uint8_t *key_array;
45 
46  tor_assert(auth_key_out);
47  tor_assert(cell);
48 
49  switch (cell_type) {
50  case RELAY_COMMAND_ESTABLISH_INTRO:
51  {
52  const trn_cell_establish_intro_t *c_cell = cell;
53  key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell);
54  auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell);
55  break;
56  }
57  case RELAY_COMMAND_INTRODUCE1:
58  {
59  const trn_cell_introduce1_t *c_cell = cell;
60  key_array = trn_cell_introduce1_getconstarray_auth_key(cell);
61  auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell);
62  break;
63  }
64  default:
65  /* Getting here is really bad as it means we got a unknown cell type from
66  * this file where every call has an hardcoded value. */
67  tor_assert_unreached(); /* LCOV_EXCL_LINE */
68  }
69  tor_assert(key_array);
70  tor_assert(auth_key_len == sizeof(auth_key_out->pubkey));
71  memcpy(auth_key_out->pubkey, key_array, auth_key_len);
72 }
73 
74 /** We received an ESTABLISH_INTRO <b>cell</b>. Verify its signature and MAC,
75  * given <b>circuit_key_material</b>. Return 0 on success else -1 on error. */
76 STATIC int
77 verify_establish_intro_cell(const trn_cell_establish_intro_t *cell,
78  const uint8_t *circuit_key_material,
79  size_t circuit_key_material_len)
80 {
81  /* We only reach this function if the first byte of the cell is 0x02 which
82  * means that auth_key_type is of ed25519 type, hence this check should
83  * always pass. See hs_intro_received_establish_intro(). */
84  if (BUG(cell->auth_key_type != TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519)) {
85  return -1;
86  }
87 
88  /* Make sure the auth key length is of the right size for this type. For
89  * EXTRA safety, we check both the size of the array and the length which
90  * must be the same. Safety first!*/
91  if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN ||
92  trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) {
93  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
94  "ESTABLISH_INTRO auth key length is invalid");
95  return -1;
96  }
97 
98  const uint8_t *msg = cell->start_cell;
99 
100  /* Verify the sig */
101  {
102  ed25519_signature_t sig_struct;
103  const uint8_t *sig_array =
104  trn_cell_establish_intro_getconstarray_sig(cell);
105 
106  /* Make sure the signature length is of the right size. For EXTRA safety,
107  * we check both the size of the array and the length which must be the
108  * same. Safety first!*/
109  if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) ||
110  trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) {
111  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
112  "ESTABLISH_INTRO sig len is invalid");
113  return -1;
114  }
115  /* We are now sure that sig_len is of the right size. */
116  memcpy(sig_struct.sig, sig_array, cell->sig_len);
117 
118  ed25519_public_key_t auth_key;
119  get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO, cell);
120 
121  const size_t sig_msg_len = cell->end_sig_fields - msg;
122  int sig_mismatch = ed25519_checksig_prefixed(&sig_struct,
123  msg, sig_msg_len,
125  &auth_key);
126  if (sig_mismatch) {
127  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
128  "ESTABLISH_INTRO signature not as expected");
129  return -1;
130  }
131  }
132 
133  /* Verify the MAC */
134  {
135  const size_t auth_msg_len = cell->end_mac_fields - msg;
136  uint8_t mac[DIGEST256_LEN];
137  crypto_mac_sha3_256(mac, sizeof(mac),
138  circuit_key_material, circuit_key_material_len,
139  msg, auth_msg_len);
140  if (tor_memneq(mac, cell->handshake_mac, sizeof(mac))) {
141  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
142  "ESTABLISH_INTRO handshake_auth not as expected");
143  return -1;
144  }
145  }
146 
147  return 0;
148 }
149 
150 /** Send an INTRO_ESTABLISHED cell to <b>circ</b>. */
151 MOCK_IMPL(int,
153 {
154  int ret;
155  uint8_t *encoded_cell = NULL;
156  ssize_t encoded_len, result_len;
157  trn_cell_intro_established_t *cell;
158  trn_cell_extension_t *ext;
159 
160  tor_assert(circ);
161 
162  /* Build the cell payload. */
163  cell = trn_cell_intro_established_new();
164  ext = trn_cell_extension_new();
165  trn_cell_extension_set_num(ext, 0);
166  trn_cell_intro_established_set_extensions(cell, ext);
167  /* Encode the cell to binary format. */
168  encoded_len = trn_cell_intro_established_encoded_len(cell);
169  tor_assert(encoded_len > 0);
170  encoded_cell = tor_malloc_zero(encoded_len);
171  result_len = trn_cell_intro_established_encode(encoded_cell, encoded_len,
172  cell);
173  tor_assert(encoded_len == result_len);
174 
175  ret = relay_send_command_from_edge(0, TO_CIRCUIT(circ),
176  RELAY_COMMAND_INTRO_ESTABLISHED,
177  (char *) encoded_cell, encoded_len,
178  NULL);
179  /* On failure, the above function will close the circuit. */
180  trn_cell_intro_established_free(cell);
181  tor_free(encoded_cell);
182  return ret;
183 }
184 
185 /** Validate the cell DoS extension parameters. Return true iff they've been
186  * bound check and can be used. Else return false. See proposal 305 for
187  * details and reasons about this validation. */
188 STATIC bool
189 cell_dos_extension_parameters_are_valid(uint64_t intro2_rate_per_sec,
190  uint64_t intro2_burst_per_sec)
191 {
192  bool ret = false;
193 
194  /* Check that received value is not below the minimum. Don't check if minimum
195  is set to 0, since the param is a positive value and gcc will complain. */
196 #if HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN > 0
197  if (intro2_rate_per_sec < HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN) {
198  log_fn(LOG_PROTOCOL_WARN, LD_REND,
199  "Intro point DoS defenses rate per second is "
200  "too small. Received value: %" PRIu64, intro2_rate_per_sec);
201  goto end;
202  }
203 #endif /* HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN > 0 */
204 
205  /* Check that received value is not above maximum */
206  if (intro2_rate_per_sec > HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX) {
207  log_fn(LOG_PROTOCOL_WARN, LD_REND,
208  "Intro point DoS defenses rate per second is "
209  "too big. Received value: %" PRIu64, intro2_rate_per_sec);
210  goto end;
211  }
212 
213  /* Check that received value is not below the minimum */
214 #if HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN > 0
215  if (intro2_burst_per_sec < HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN) {
216  log_fn(LOG_PROTOCOL_WARN, LD_REND,
217  "Intro point DoS defenses burst per second is "
218  "too small. Received value: %" PRIu64, intro2_burst_per_sec);
219  goto end;
220  }
221 #endif /* HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN > 0 */
222 
223  /* Check that received value is not above maximum */
224  if (intro2_burst_per_sec > HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX) {
225  log_fn(LOG_PROTOCOL_WARN, LD_REND,
226  "Intro point DoS defenses burst per second is "
227  "too big. Received value: %" PRIu64, intro2_burst_per_sec);
228  goto end;
229  }
230 
231  /* In a rate limiting scenario, burst can never be smaller than the rate. At
232  * best it can be equal. */
233  if (intro2_burst_per_sec < intro2_rate_per_sec) {
234  log_info(LD_REND, "Intro point DoS defenses burst is smaller than rate. "
235  "Rate: %" PRIu64 " vs Burst: %" PRIu64,
236  intro2_rate_per_sec, intro2_burst_per_sec);
237  goto end;
238  }
239 
240  /* Passing validation. */
241  ret = true;
242 
243  end:
244  return ret;
245 }
246 
247 /** Parse the cell DoS extension and apply defenses on the given circuit if
248  * validation passes. If the cell extension is malformed or contains unusable
249  * values, the DoS defenses is disabled on the circuit. */
250 static void
252  const trn_cell_extension_field_t *field,
253  or_circuit_t *circ)
254 {
255  ssize_t ret;
256  uint64_t intro2_rate_per_sec = 0, intro2_burst_per_sec = 0;
257  trn_cell_extension_dos_t *dos = NULL;
258 
259  tor_assert(field);
260  tor_assert(circ);
261 
262  ret = trn_cell_extension_dos_parse(&dos,
263  trn_cell_extension_field_getconstarray_field(field),
264  trn_cell_extension_field_getlen_field(field));
265  if (ret < 0) {
266  goto end;
267  }
268 
269  for (size_t i = 0; i < trn_cell_extension_dos_get_n_params(dos); i++) {
270  const trn_cell_extension_dos_param_t *param =
271  trn_cell_extension_dos_getconst_params(dos, i);
272  if (BUG(param == NULL)) {
273  goto end;
274  }
275 
276  switch (trn_cell_extension_dos_param_get_type(param)) {
277  case TRUNNEL_DOS_PARAM_TYPE_INTRO2_RATE_PER_SEC:
278  intro2_rate_per_sec = trn_cell_extension_dos_param_get_value(param);
279  break;
280  case TRUNNEL_DOS_PARAM_TYPE_INTRO2_BURST_PER_SEC:
281  intro2_burst_per_sec = trn_cell_extension_dos_param_get_value(param);
282  break;
283  default:
284  goto end;
285  }
286  }
287 
288  /* At this point, the extension is valid so any values out of it implies
289  * that it was set explicitly and thus flag the circuit that it should not
290  * look at the consensus for that reason for the defenses' values. */
292 
293  /* A value of 0 is valid in the sense that we accept it but we still disable
294  * the defenses so return false. */
295  if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) {
296  log_info(LD_REND, "Intro point DoS defenses parameter set to 0. "
297  "Disabling INTRO2 DoS defenses on circuit id %u",
298  circ->p_circ_id);
300  goto end;
301  }
302 
303  /* If invalid, we disable the defense on the circuit. */
304  if (!cell_dos_extension_parameters_are_valid(intro2_rate_per_sec,
305  intro2_burst_per_sec)) {
307  log_info(LD_REND, "Disabling INTRO2 DoS defenses on circuit id %u",
308  circ->p_circ_id);
309  goto end;
310  }
311 
312  /* We passed validation, enable defenses and apply rate/burst. */
314 
315  /* Initialize the INTRODUCE2 token bucket for the rate limiting. */
317  (uint32_t) intro2_rate_per_sec,
318  (uint32_t) intro2_burst_per_sec,
319  (uint32_t) approx_time());
320  log_info(LD_REND, "Intro point DoS defenses enabled. Rate is %" PRIu64
321  " and Burst is %" PRIu64,
322  intro2_rate_per_sec, intro2_burst_per_sec);
323 
324  end:
325  trn_cell_extension_dos_free(dos);
326  return;
327 }
328 
329 /** Parse every cell extension in the given ESTABLISH_INTRO cell. */
330 static void
332  const trn_cell_establish_intro_t *parsed_cell,
333  or_circuit_t *circ)
334 {
335  const trn_cell_extension_t *extensions;
336 
337  tor_assert(parsed_cell);
338  tor_assert(circ);
339 
340  extensions = trn_cell_establish_intro_getconst_extensions(parsed_cell);
341  if (extensions == NULL) {
342  goto end;
343  }
344 
345  /* Go over all extensions. */
346  for (size_t idx = 0; idx < trn_cell_extension_get_num(extensions); idx++) {
347  const trn_cell_extension_field_t *field =
348  trn_cell_extension_getconst_fields(extensions, idx);
349  if (BUG(field == NULL)) {
350  /* The number of extensions should match the number of fields. */
351  break;
352  }
353 
354  switch (trn_cell_extension_field_get_field_type(field)) {
355  case TRUNNEL_CELL_EXTENSION_TYPE_DOS:
356  /* After this, the circuit should be set for DoS defenses. */
358  break;
359  default:
360  /* Unknown extension. Skip over. */
361  break;
362  }
363  }
364 
365  end:
366  return;
367 }
368 
369 /** We received an ESTABLISH_INTRO <b>parsed_cell</b> on <b>circ</b>. It's
370  * well-formed and passed our verifications. Perform appropriate actions to
371  * establish an intro point. */
372 static int
374  const trn_cell_establish_intro_t *parsed_cell)
375 {
376  /* Get the auth key of this intro point */
377  ed25519_public_key_t auth_key;
378  get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO,
379  parsed_cell);
380 
381  /* Setup INTRODUCE2 defenses on the circuit. Must be done before parsing the
382  * cell extension that can possibly change the defenses' values. */
384 
385  /* Handle cell extension if any. */
386  handle_establish_intro_cell_extensions(parsed_cell, circ);
387 
388  /* Then notify the hidden service that the intro point is established by
389  sending an INTRO_ESTABLISHED cell */
391  log_warn(LD_PROTOCOL, "Couldn't send INTRO_ESTABLISHED cell.");
392  return -1;
393  }
394 
395  /* Associate intro point auth key with this circuit. */
397  /* Repurpose this circuit into an intro circuit. */
399 
400  return 0;
401 }
402 
403 /** We just received an ESTABLISH_INTRO cell in <b>circ</b> with payload in
404  * <b>request</b>. Handle it by making <b>circ</b> an intro circuit. Return 0
405  * if everything went well, or -1 if there were errors. */
406 static int
407 handle_establish_intro(or_circuit_t *circ, const uint8_t *request,
408  size_t request_len)
409 {
410  int cell_ok, retval = -1;
411  trn_cell_establish_intro_t *parsed_cell = NULL;
412 
413  tor_assert(circ);
414  tor_assert(request);
415 
416  log_info(LD_REND, "Received an ESTABLISH_INTRO request on circuit %" PRIu32,
417  circ->p_circ_id);
418 
419  /* Check that the circuit is in shape to become an intro point */
421  goto err;
422  }
423 
424  /* Parse the cell */
425  ssize_t parsing_result = trn_cell_establish_intro_parse(&parsed_cell,
426  request, request_len);
427  if (parsing_result < 0) {
428  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
429  "Rejecting %s ESTABLISH_INTRO cell.",
430  parsing_result == -1 ? "invalid" : "truncated");
431  goto err;
432  }
433 
434  cell_ok = verify_establish_intro_cell(parsed_cell,
435  (uint8_t *) circ->rend_circ_nonce,
436  sizeof(circ->rend_circ_nonce));
437  if (cell_ok < 0) {
438  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
439  "Failed to verify ESTABLISH_INTRO cell.");
440  goto err;
441  }
442 
443  /* This cell is legit. Take the appropriate actions. */
444  cell_ok = handle_verified_establish_intro_cell(circ, parsed_cell);
445  if (cell_ok < 0) {
446  goto err;
447  }
448 
449  /* We are done! */
450  retval = 0;
451  goto done;
452 
453  err:
454  /* When sending the intro establish ack, on error the circuit can be marked
455  * as closed so avoid a double close. */
456  if (!TO_CIRCUIT(circ)->marked_for_close) {
457  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
458  }
459 
460  done:
461  trn_cell_establish_intro_free(parsed_cell);
462  return retval;
463 }
464 
465 /** Return True if circuit is suitable for being an intro circuit. */
466 static int
468  const char *log_cell_type_str)
469 {
470  tor_assert(circ);
471  tor_assert(log_cell_type_str);
472 
473  /* Basic circuit state sanity checks. */
474  if (circ->base_.purpose != CIRCUIT_PURPOSE_OR) {
475  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
476  "Rejecting %s on non-OR circuit.", log_cell_type_str);
477  return 0;
478  }
479 
480  if (circ->base_.n_chan) {
481  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
482  "Rejecting %s on non-edge circuit.", log_cell_type_str);
483  return 0;
484  }
485 
486  /* Suitable. */
487  return 1;
488 }
489 
490 /** Return True if circuit is suitable for being service-side intro circuit. */
491 int
493 {
494  return circuit_is_suitable_intro_point(circ, "ESTABLISH_INTRO");
495 }
496 
497 /** We just received an ESTABLISH_INTRO cell in <b>circ</b>. Pass it to the
498  * appropriate handler. */
499 int
500 hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request,
501  size_t request_len)
502 {
503  tor_assert(circ);
504  tor_assert(request);
505 
506  if (request_len == 0) {
507  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Empty ESTABLISH_INTRO cell.");
508  goto err;
509  }
510 
511  /* Using the first byte of the cell, figure out the version of
512  * ESTABLISH_INTRO and pass it to the appropriate cell handler */
513  const uint8_t first_byte = request[0];
514  switch (first_byte) {
515  case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0:
516  case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1:
517  /* Likely version 2 onion service which is now obsolete. Avoid a
518  * protocol warning considering they still exists on the network. */
519  goto err;
520  case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519:
521  return handle_establish_intro(circ, request, request_len);
522  default:
523  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
524  "Unrecognized AUTH_KEY_TYPE %u.", first_byte);
525  goto err;
526  }
527 
528  err:
529  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
530  return -1;
531 }
532 
533 /** Send an INTRODUCE_ACK cell onto the circuit <b>circ</b> with the status
534  * value in <b>status</b>. Depending on the status, it can be ACK or a NACK.
535  * Return 0 on success else a negative value on error which will close the
536  * circuit. */
537 static int
538 send_introduce_ack_cell(or_circuit_t *circ, uint16_t status)
539 {
540  int ret = -1;
541  uint8_t *encoded_cell = NULL;
542  ssize_t encoded_len, result_len;
543  trn_cell_introduce_ack_t *cell;
544  trn_cell_extension_t *ext;
545 
546  tor_assert(circ);
547 
548  /* Setup the INTRODUCE_ACK cell. We have no extensions so the N_EXTENSIONS
549  * field is set to 0 by default with a new object. */
550  cell = trn_cell_introduce_ack_new();
551  ret = trn_cell_introduce_ack_set_status(cell, status);
552  /* We have no cell extensions in an INTRODUCE_ACK cell. */
553  ext = trn_cell_extension_new();
554  trn_cell_extension_set_num(ext, 0);
555  trn_cell_introduce_ack_set_extensions(cell, ext);
556  /* A wrong status is a very bad code flow error as this value is controlled
557  * by the code in this file and not an external input. This means we use a
558  * code that is not known by the trunnel ABI. */
559  tor_assert(ret == 0);
560  /* Encode the payload. We should never fail to get the encoded length. */
561  encoded_len = trn_cell_introduce_ack_encoded_len(cell);
562  tor_assert(encoded_len > 0);
563  encoded_cell = tor_malloc_zero(encoded_len);
564  result_len = trn_cell_introduce_ack_encode(encoded_cell, encoded_len, cell);
565  tor_assert(encoded_len == result_len);
566 
567  ret = relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
568  RELAY_COMMAND_INTRODUCE_ACK,
569  (char *) encoded_cell, encoded_len,
570  NULL);
571  /* On failure, the above function will close the circuit. */
572  trn_cell_introduce_ack_free(cell);
573  tor_free(encoded_cell);
574  return ret;
575 }
576 
577 /** Validate a parsed INTRODUCE1 <b>cell</b>. Return 0 if valid or else a
578  * negative value for an invalid cell that should be NACKed. */
579 STATIC int
580 validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell)
581 {
582  size_t legacy_key_id_len;
583  const uint8_t *legacy_key_id;
584 
585  tor_assert(cell);
586 
587  /* This code path SHOULD NEVER be reached if the cell is a legacy type so
588  * safety net here. The legacy ID must be zeroes in this case. */
589  legacy_key_id_len = trn_cell_introduce1_getlen_legacy_key_id(cell);
590  legacy_key_id = trn_cell_introduce1_getconstarray_legacy_key_id(cell);
591  if (BUG(!fast_mem_is_zero((char *) legacy_key_id, legacy_key_id_len))) {
592  goto invalid;
593  }
594 
595  /* The auth key of an INTRODUCE1 should be of type ed25519 thus leading to a
596  * known fixed length as well. */
597  if (trn_cell_introduce1_get_auth_key_type(cell) !=
598  TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519) {
599  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
600  "Rejecting invalid INTRODUCE1 cell auth key type. "
601  "Responding with NACK.");
602  goto invalid;
603  }
604  if (trn_cell_introduce1_get_auth_key_len(cell) != ED25519_PUBKEY_LEN ||
605  trn_cell_introduce1_getlen_auth_key(cell) != ED25519_PUBKEY_LEN) {
606  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
607  "Rejecting invalid INTRODUCE1 cell auth key length. "
608  "Responding with NACK.");
609  goto invalid;
610  }
611  if (trn_cell_introduce1_getlen_encrypted(cell) == 0) {
612  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
613  "Rejecting invalid INTRODUCE1 cell encrypted length. "
614  "Responding with NACK.");
615  goto invalid;
616  }
617 
618  return 0;
619  invalid:
620  return -1;
621 }
622 
623 /** We just received a non legacy INTRODUCE1 cell on <b>client_circ</b> with
624  * the payload in <b>request</b> of size <b>request_len</b>. Return 0 if
625  * everything went well, or -1 if an error occurred. This function is in charge
626  * of sending back an INTRODUCE_ACK cell and will close client_circ on error.
627  */
628 STATIC int
629 handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
630  size_t request_len)
631 {
632  int ret = -1;
633  or_circuit_t *service_circ;
634  trn_cell_introduce1_t *parsed_cell;
635  uint16_t status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS;
636 
637  tor_assert(client_circ);
638  tor_assert(request);
639 
640  /* Parse cell. Note that we can only parse the non encrypted section for
641  * which we'll use the authentication key to find the service introduction
642  * circuit and relay the cell on it. */
643  ssize_t cell_size = trn_cell_introduce1_parse(&parsed_cell, request,
644  request_len);
645  if (cell_size < 0) {
646  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
647  "Rejecting %s INTRODUCE1 cell. Responding with NACK.",
648  cell_size == -1 ? "invalid" : "truncated");
649  /* Inform client that the INTRODUCE1 has a bad format. */
650  status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT;
651  goto send_ack;
652  }
653 
654  /* Once parsed validate the cell format. */
655  if (validate_introduce1_parsed_cell(parsed_cell) < 0) {
656  /* Inform client that the INTRODUCE1 has bad format. */
657  status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT;
658  goto send_ack;
659  }
660 
661  /* Find introduction circuit through our circuit map. */
662  {
663  ed25519_public_key_t auth_key;
664  get_auth_key_from_cell(&auth_key, RELAY_COMMAND_INTRODUCE1, parsed_cell);
665  service_circ = hs_circuitmap_get_intro_circ_v3_relay_side(&auth_key);
666  if (service_circ == NULL) {
667  char b64_key[ED25519_BASE64_LEN + 1];
668  ed25519_public_to_base64(b64_key, &auth_key);
669  log_info(LD_REND, "No intro circuit found for INTRODUCE1 cell "
670  "with auth key %s from circuit %" PRIu32 ". "
671  "Responding with NACK.",
672  safe_str(b64_key), client_circ->p_circ_id);
673  /* Inform the client that we don't know the requested service ID. */
674  status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID;
675  goto send_ack;
676  }
677  }
678 
679  /* Before sending, lets make sure this cell can be sent on the service
680  * circuit asking the DoS defenses. */
681  if (!hs_dos_can_send_intro2(service_circ)) {
682  char *msg;
683  static ratelim_t rlimit = RATELIM_INIT(5 * 60);
684  if ((msg = rate_limit_log(&rlimit, approx_time()))) {
685  log_info(LD_PROTOCOL, "Can't relay INTRODUCE1 v3 cell due to DoS "
686  "limitations. Sending NACK to client.");
687  tor_free(msg);
688  }
689  status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID;
690  goto send_ack;
691  }
692 
693  /* Relay the cell to the service on its intro circuit with an INTRODUCE2
694  * cell which is the same exact payload. */
695  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(service_circ),
696  RELAY_COMMAND_INTRODUCE2,
697  (char *) request, request_len, NULL)) {
698  log_warn(LD_PROTOCOL, "Unable to send INTRODUCE2 cell to the service.");
699  /* Inform the client that we can't relay the cell. Use the unknown ID
700  * status code since it means that we do not know the service. */
701  status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID;
702  goto send_ack;
703  }
704 
705  /* Success! Send an INTRODUCE_ACK success status onto the client circuit. */
706  status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS;
707  ret = 0;
708 
709  send_ack:
710  /* Send INTRODUCE_ACK or INTRODUCE_NACK to client */
711  if (send_introduce_ack_cell(client_circ, status) < 0) {
712  log_warn(LD_PROTOCOL, "Unable to send an INTRODUCE ACK status %d "
713  "to client.", status);
714  /* Circuit has been closed on failure of transmission. */
715  goto done;
716  }
717  done:
718  trn_cell_introduce1_free(parsed_cell);
719  return ret;
720 }
721 
722 /** Return true iff the circuit <b>circ</b> is suitable for receiving an
723  * INTRODUCE1 cell. */
724 STATIC int
726 {
727  tor_assert(circ);
728 
729  /* Is this circuit an intro point circuit? */
730  if (!circuit_is_suitable_intro_point(circ, "INTRODUCE1")) {
731  return 0;
732  }
733 
734  if (circ->already_received_introduce1) {
735  log_fn(LOG_PROTOCOL_WARN, LD_REND,
736  "Blocking multiple introductions on the same circuit. "
737  "Someone might be trying to attack a hidden service through "
738  "this relay.");
739  return 0;
740  }
741 
742  /* Disallow single hop client circuit. */
743  if (circ->p_chan && channel_is_client(circ->p_chan)) {
744  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
745  "Single hop client was rejected while trying to introduce. "
746  "Closing circuit.");
747  return 0;
748  }
749 
750  return 1;
751 }
752 
753 /** We just received an INTRODUCE1 cell on <b>circ</b>. Figure out which type
754  * it is and pass it to the appropriate handler. Return 0 on success else a
755  * negative value and the circuit is closed. */
756 int
757 hs_intro_received_introduce1(or_circuit_t *circ, const uint8_t *request,
758  size_t request_len)
759 {
760  tor_assert(circ);
761  tor_assert(request);
762 
763  /* A cell that can't hold a DIGEST_LEN is invalid. */
764  if (request_len < DIGEST_LEN) {
765  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Invalid INTRODUCE1 cell length.");
766  goto err;
767  }
768 
769  /* Make sure we have a circuit that can have an INTRODUCE1 cell on it. */
771  /* We do not send a NACK because the circuit is not suitable for any kind
772  * of response or transmission as it's a violation of the protocol. */
773  goto err;
774  }
775  /* Mark the circuit that we got this cell. None are allowed after this as a
776  * DoS mitigation since one circuit with one client can hammer a service. */
777  circ->already_received_introduce1 = 1;
778 
779  /* Handle the cell. */
780  return handle_introduce1(circ, request, request_len);
781 
782  err:
783  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
784  return -1;
785 }
786 
787 /** Clear memory allocated by the given intropoint object ip (but don't free
788  * the object itself). */
789 void
791 {
792  if (ip == NULL) {
793  return;
794  }
795  tor_cert_free(ip->auth_key_cert);
796  SMARTLIST_FOREACH(ip->link_specifiers, link_specifier_t *, ls,
797  link_specifier_free(ls));
798  smartlist_free(ip->link_specifiers);
799  memset(ip, 0, sizeof(hs_intropoint_t));
800 }
time_t approx_time(void)
Definition: approx_time.c:32
int channel_is_client(const channel_t *chan)
Definition: channel.c:2893
Header file for channel.c.
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_INTRO_POINT
Definition: circuitlist.h:42
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3074
Header file for circuituse.c.
Header file for config.c.
void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out, const uint8_t *key, size_t key_len, const uint8_t *msg, size_t msg_len)
int ed25519_checksig_prefixed(const ed25519_signature_t *signature, const uint8_t *msg, size_t msg_len, const char *prefix_str, const ed25519_public_key_t *pubkey)
void ed25519_public_to_base64(char *output, const ed25519_public_key_t *pkey)
Header for crypto_format.c.
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define DIGEST256_LEN
Definition: digest_sizes.h:23
or_circuit_t * hs_circuitmap_get_intro_circ_v3_relay_side(const ed25519_public_key_t *auth_key)
void hs_circuitmap_register_intro_circ_v3_relay_side(or_circuit_t *circ, const ed25519_public_key_t *auth_key)
Header file for hs_circuitmap.c.
Header file containing common data for the whole HS subsystem.
#define ESTABLISH_INTRO_SIG_PREFIX
Definition: hs_common.h:50
Header file containing configuration ABI/API for the HS subsystem.
Header file for hs_descriptor.c.
bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
Definition: hs_dos.c:166
void hs_dos_setup_default_intro2_defenses(or_circuit_t *circ)
Definition: hs_dos.c:137
Header file containing denial of service defenses for the HS subsystem for all versions.
STATIC bool cell_dos_extension_parameters_are_valid(uint64_t intro2_rate_per_sec, uint64_t intro2_burst_per_sec)
static int circuit_is_suitable_intro_point(const or_circuit_t *circ, const char *log_cell_type_str)
static int handle_establish_intro(or_circuit_t *circ, const uint8_t *request, size_t request_len)
STATIC int verify_establish_intro_cell(const trn_cell_establish_intro_t *cell, const uint8_t *circuit_key_material, size_t circuit_key_material_len)
Definition: hs_intropoint.c:77
void hs_intropoint_clear(hs_intropoint_t *ip)
int hs_intro_received_introduce1(or_circuit_t *circ, const uint8_t *request, size_t request_len)
STATIC int handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, size_t request_len)
static void handle_establish_intro_cell_extensions(const trn_cell_establish_intro_t *parsed_cell, or_circuit_t *circ)
int hs_intro_send_intro_established_cell(or_circuit_t *circ)
int hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, size_t request_len)
int hs_intro_circuit_is_suitable_for_establish_intro(const or_circuit_t *circ)
static int send_introduce_ack_cell(or_circuit_t *circ, uint16_t status)
STATIC int validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell)
static void handle_establish_intro_cell_dos_extension(const trn_cell_extension_field_t *field, or_circuit_t *circ)
STATIC void get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, unsigned int cell_type, const void *cell)
Definition: hs_intropoint.c:40
STATIC int circuit_is_suitable_for_introduce1(const or_circuit_t *circ)
static int handle_verified_establish_intro_cell(or_circuit_t *circ, const trn_cell_establish_intro_t *parsed_cell)
Header file for hs_intropoint.c.
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define LD_PROTOCOL
Definition: log.h:72
#define tor_free(p)
Definition: malloc.h:52
Master header file for Tor-specific functionality.
#define TO_CIRCUIT(x)
Definition: or.h:845
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
Header file for relay.c.
Header file for rendmid.c.
Header file for rephist.c.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
uint8_t purpose
Definition: circuit_st.h:111
channel_t * n_chan
Definition: circuit_st.h:69
tor_cert_t * auth_key_cert
Definition: hs_intropoint.h:22
smartlist_t * link_specifiers
Definition: hs_intropoint.h:24
channel_t * p_chan
Definition: or_circuit_st.h:37
unsigned int introduce2_dos_defense_enabled
Definition: or_circuit_st.h:83
circid_t p_circ_id
Definition: or_circuit_st.h:33
unsigned int introduce2_dos_defense_explicit
Definition: or_circuit_st.h:87
token_bucket_ctr_t introduce2_bucket
Definition: or_circuit_st.h:92
char rend_circ_nonce[DIGEST_LEN]
Definition: or_circuit_st.h:53
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void token_bucket_ctr_init(token_bucket_ctr_t *bucket, uint32_t rate, uint32_t burst, uint32_t now_ts)
Definition: token_bucket.c:265
#define tor_assert(expr)
Definition: util_bug.h:102
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define ED25519_BASE64_LEN
Definition: x25519_sizes.h:43
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27