Tor  0.4.3.0-alpha-dev
hs_service.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_service.c
6  * \brief Implement next generation hidden service functionality
7  **/
8 
9 #define HS_SERVICE_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "app/config/statefile.h"
15 #include "core/mainloop/mainloop.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
19 #include "core/or/relay.h"
20 #include "feature/client/circpathbias.h"
24 #include "feature/keymgt/loadkey.h"
34 
35 #include "feature/hs/hs_circuit.h"
36 #include "feature/hs/hs_common.h"
37 #include "feature/hs/hs_config.h"
38 #include "feature/hs/hs_control.h"
40 #include "feature/hs/hs_ident.h"
42 #include "feature/hs/hs_service.h"
43 #include "feature/hs/hs_stats.h"
44 
47 #include "core/or/extend_info_st.h"
51 #include "app/config/or_state_st.h"
53 
54 #include "lib/encoding/confline.h"
56 
57 /* Trunnel */
58 #include "trunnel/ed25519_cert.h"
59 #include "trunnel/hs/cell_common.h"
60 #include "trunnel/hs/cell_establish_intro.h"
61 
62 #ifdef HAVE_SYS_STAT_H
63 #include <sys/stat.h>
64 #endif
65 #ifdef HAVE_UNISTD_H
66 #include <unistd.h>
67 #endif
68 
69 #ifndef COCCI
70 /** Helper macro. Iterate over every service in the global map. The var is the
71  * name of the service pointer. */
72 #define FOR_EACH_SERVICE_BEGIN(var) \
73  STMT_BEGIN \
74  hs_service_t **var##_iter, *var; \
75  HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
76  var = *var##_iter;
77 #define FOR_EACH_SERVICE_END } STMT_END ;
78 
79 /** Helper macro. Iterate over both current and previous descriptor of a
80  * service. The var is the name of the descriptor pointer. This macro skips
81  * any descriptor object of the service that is NULL. */
82 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
83  STMT_BEGIN \
84  hs_service_descriptor_t *var; \
85  for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
86  ++var ## _loop_idx) { \
87  (var ## _loop_idx == 0) ? (var = service->desc_current) : \
88  (var = service->desc_next); \
89  if (var == NULL) continue;
90 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
91 #endif /* !defined(COCCI) */
92 
93 /* Onion service directory file names. */
94 static const char fname_keyfile_prefix[] = "hs_ed25519";
95 static const char dname_client_pubkeys[] = "authorized_clients";
96 static const char fname_hostname[] = "hostname";
97 static const char address_tld[] = "onion";
98 
99 /** Staging list of service object. When configuring service, we add them to
100  * this list considered a staging area and they will get added to our global
101  * map once the keys have been loaded. These two steps are separated because
102  * loading keys requires that we are an actual running tor process. */
104 
105 /** True if the list of available router descriptors might have changed which
106  * might result in an altered hash ring. Check if the hash ring changed and
107  * reupload if needed */
109 
110 /* Static declaration. */
111 static int load_client_keys(hs_service_t *service);
113  time_t now, bool is_current);
114 static int build_service_desc_superencrypted(const hs_service_t *service,
116 static void move_descriptors(hs_service_t *src, hs_service_t *dst);
117 static int service_encode_descriptor(const hs_service_t *service,
118  const hs_service_descriptor_t *desc,
119  const ed25519_keypair_t *signing_kp,
120  char **encoded_out);
121 
122 /** Helper: Function to compare two objects in the service map. Return 1 if the
123  * two service have the same master public identity key. */
124 static inline int
125 hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
126 {
127  tor_assert(first);
128  tor_assert(second);
129  /* Simple key compare. */
130  return ed25519_pubkey_eq(&first->keys.identity_pk,
131  &second->keys.identity_pk);
132 }
133 
134 /** Helper: Function for the service hash table code below. The key used is the
135  * master public identity key which is ultimately the onion address. */
136 static inline unsigned int
138 {
139  tor_assert(service);
140  return (unsigned int) siphash24g(service->keys.identity_pk.pubkey,
141  sizeof(service->keys.identity_pk.pubkey));
142 }
143 
144 /** This is _the_ global hash map of hidden services which indexed the service
145  * contained in it by master public identity key which is roughly the onion
146  * address of the service. */
147 static struct hs_service_ht *hs_service_map;
148 
149 /* Register the service hash table. */
150 HT_PROTOTYPE(hs_service_ht, /* Name of hashtable. */
151  hs_service_t, /* Object contained in the map. */
152  hs_service_node, /* The name of the HT_ENTRY member. */
153  hs_service_ht_hash, /* Hashing function. */
154  hs_service_ht_eq) /* Compare function for objects. */
155 
156 HT_GENERATE2(hs_service_ht, hs_service_t, hs_service_node,
158  0.6, tor_reallocarray, tor_free_)
159 
160 /** Query the given service map with a public key and return a service object
161  * if found else NULL. It is also possible to set a directory path in the
162  * search query. If pk is NULL, then it will be set to zero indicating the
163  * hash table to compare the directory path instead. */
165 find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
166 {
167  hs_service_t dummy_service;
168  tor_assert(map);
169  tor_assert(pk);
170  memset(&dummy_service, 0, sizeof(dummy_service));
171  ed25519_pubkey_copy(&dummy_service.keys.identity_pk, pk);
172  return HT_FIND(hs_service_ht, map, &dummy_service);
173 }
174 
175 /** Register the given service in the given map. If the service already exists
176  * in the map, -1 is returned. On success, 0 is returned and the service
177  * ownership has been transferred to the global map. */
178 STATIC int
179 register_service(hs_service_ht *map, hs_service_t *service)
180 {
181  tor_assert(map);
182  tor_assert(service);
184 
185  if (find_service(map, &service->keys.identity_pk)) {
186  /* Existing service with the same key. Do not register it. */
187  return -1;
188  }
189  /* Taking ownership of the object at this point. */
190  HT_INSERT(hs_service_ht, map, service);
191 
192  /* If we just modified the global map, we notify. */
193  if (map == hs_service_map) {
195  }
196 
197  return 0;
198 }
199 
200 /** Remove a given service from the given map. If service is NULL or the
201  * service key is unset, return gracefully. */
202 STATIC void
203 remove_service(hs_service_ht *map, hs_service_t *service)
204 {
205  hs_service_t *elm;
206 
207  tor_assert(map);
208 
209  /* Ignore if no service or key is zero. */
210  if (BUG(service == NULL) ||
211  BUG(ed25519_public_key_is_zero(&service->keys.identity_pk))) {
212  return;
213  }
214 
215  elm = HT_REMOVE(hs_service_ht, map, service);
216  if (elm) {
217  tor_assert(elm == service);
218  } else {
219  log_warn(LD_BUG, "Could not find service in the global map "
220  "while removing service %s",
221  escaped(service->config.directory_path));
222  }
223 
224  /* If we just modified the global map, we notify. */
225  if (map == hs_service_map) {
227  }
228 }
229 
230 /** Set the default values for a service configuration object <b>c</b>. */
231 static void
233  const or_options_t *options)
234 {
235  (void) options;
236  tor_assert(c);
237  c->ports = smartlist_new();
238  c->directory_path = NULL;
242  c->allow_unknown_ports = 0;
243  c->is_single_onion = 0;
244  c->dir_group_readable = 0;
245  c->is_ephemeral = 0;
246  c->has_dos_defense_enabled = HS_CONFIG_V3_DOS_DEFENSE_DEFAULT;
247  c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
248  c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
249 }
250 
251 /** From a service configuration object config, clear everything from it
252  * meaning free allocated pointers and reset the values. */
253 STATIC void
255 {
256  if (config == NULL) {
257  return;
258  }
259  tor_free(config->directory_path);
260  if (config->ports) {
262  rend_service_port_config_free(p););
263  smartlist_free(config->ports);
264  }
265  if (config->clients) {
267  service_authorized_client_free(p));
268  smartlist_free(config->clients);
269  }
270  memset(config, 0, sizeof(*config));
271 }
272 
273 /** Helper function to return a human readable description of the given intro
274  * point object.
275  *
276  * This function is not thread-safe. Each call to this invalidates the
277  * previous values returned by it. */
278 static const char *
280 {
281  /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
282  * byte hence the plus two. */
283  static char buf[HEX_DIGEST_LEN + 2];
284  const char *legacy_id = NULL;
285 
287  const link_specifier_t *, lspec) {
288  if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
289  legacy_id = (const char *)
290  link_specifier_getconstarray_un_legacy_id(lspec);
291  break;
292  }
293  } SMARTLIST_FOREACH_END(lspec);
294 
295  /* For now, we only print the identity digest but we could improve this with
296  * much more information such as the ed25519 identity has well. */
297  buf[0] = '$';
298  if (legacy_id) {
299  base16_encode(buf + 1, HEX_DIGEST_LEN + 1, legacy_id, DIGEST_LEN);
300  }
301 
302  return buf;
303 }
304 
305 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
306  * rotate intro point (defined by a consensus parameter or the default
307  * value). */
308 static int32_t
310 {
311  /* The [0, 2147483647] range is quite large to accommodate anything we decide
312  * in the future. */
313  return networkstatus_get_param(NULL, "hs_intro_min_introduce2",
315  0, INT32_MAX);
316 }
317 
318 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
319  * rotate intro point (defined by a consensus parameter or the default
320  * value). */
321 static int32_t
323 {
324  /* The [0, 2147483647] range is quite large to accommodate anything we decide
325  * in the future. */
326  return networkstatus_get_param(NULL, "hs_intro_max_introduce2",
327  INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
328  0, INT32_MAX);
329 }
330 
331 /** Return the minimum lifetime in seconds of an introduction point defined by
332  * a consensus parameter or the default value. */
333 static int32_t
335 {
336 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
337  if (get_options()->TestingTorNetwork) {
338  return MIN_INTRO_POINT_LIFETIME_TESTING;
339  }
340 
341  /* The [0, 2147483647] range is quite large to accommodate anything we decide
342  * in the future. */
343  return networkstatus_get_param(NULL, "hs_intro_min_lifetime",
345  0, INT32_MAX);
346 }
347 
348 /** Return the maximum lifetime in seconds of an introduction point defined by
349  * a consensus parameter or the default value. */
350 static int32_t
352 {
353 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
354  if (get_options()->TestingTorNetwork) {
355  return MAX_INTRO_POINT_LIFETIME_TESTING;
356  }
357 
358  /* The [0, 2147483647] range is quite large to accommodate anything we decide
359  * in the future. */
360  return networkstatus_get_param(NULL, "hs_intro_max_lifetime",
362  0, INT32_MAX);
363 }
364 
365 /** Return the number of extra introduction point defined by a consensus
366  * parameter or the default value. */
367 static int32_t
369 {
370  /* The [0, 128] range bounds the number of extra introduction point allowed.
371  * Above 128 intro points, it's getting a bit crazy. */
372  return networkstatus_get_param(NULL, "hs_intro_num_extra",
373  NUM_INTRO_POINTS_EXTRA, 0, 128);
374 }
375 
376 /** Helper: Function that needs to return 1 for the HT for each loop which
377  * frees every service in an hash map. */
378 static int
379 ht_free_service_(struct hs_service_t *service, void *data)
380 {
381  (void) data;
382  hs_service_free(service);
383  /* This function MUST return 1 so the given object is then removed from the
384  * service map leading to this free of the object being safe. */
385  return 1;
386 }
387 
388 /** Free every service that can be found in the global map. Once done, clear
389  * and free the global map. */
390 static void
392 {
393  if (hs_service_map) {
394  /* The free helper function returns 1 so this is safe. */
395  hs_service_ht_HT_FOREACH_FN(hs_service_map, ht_free_service_, NULL);
396  HT_CLEAR(hs_service_ht, hs_service_map);
398  hs_service_map = NULL;
399  }
400 
402  /* Cleanup staging list. */
404  hs_service_free(s));
405  smartlist_free(hs_service_staging_list);
407  }
408 }
409 
410 /** Free a given service intro point object. */
411 STATIC void
413 {
414  if (!ip) {
415  return;
416  }
417  memwipe(&ip->auth_key_kp, 0, sizeof(ip->auth_key_kp));
418  memwipe(&ip->enc_key_kp, 0, sizeof(ip->enc_key_kp));
419  crypto_pk_free(ip->legacy_key);
422  tor_free(ip);
423 }
424 
425 /** Helper: free an hs_service_intro_point_t object. This function is used by
426  * digest256map_free() which requires a void * pointer. */
427 static void
429 {
431 }
432 
433 /** Return a newly allocated service intro point and fully initialized from the
434  * given node_t node, if non NULL.
435  *
436  * If node is NULL, returns a hs_service_intro_point_t with an empty link
437  * specifier list and no onion key. (This is used for testing.)
438  * On any other error, NULL is returned.
439  *
440  * node must be an node_t with an IPv4 address. */
443 {
445 
446  ip = tor_malloc_zero(sizeof(*ip));
447  /* We'll create the key material. No need for extra strong, those are short
448  * term keys. */
450 
451  { /* Set introduce2 max cells limit */
452  int32_t min_introduce2_cells = get_intro_point_min_introduce2();
453  int32_t max_introduce2_cells = get_intro_point_max_introduce2();
454  if (BUG(max_introduce2_cells < min_introduce2_cells)) {
455  goto err;
456  }
457  ip->introduce2_max = crypto_rand_int_range(min_introduce2_cells,
458  max_introduce2_cells);
459  }
460  { /* Set intro point lifetime */
461  int32_t intro_point_min_lifetime = get_intro_point_min_lifetime();
462  int32_t intro_point_max_lifetime = get_intro_point_max_lifetime();
463  if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
464  goto err;
465  }
466  ip->time_to_expire = approx_time() +
467  crypto_rand_int_range(intro_point_min_lifetime,intro_point_max_lifetime);
468  }
469 
470  ip->replay_cache = replaycache_new(0, 0);
471 
472  /* Initialize the base object. We don't need the certificate object. */
473  ip->base.link_specifiers = node_get_link_specifier_smartlist(node, 0);
474 
475  if (node == NULL) {
476  goto done;
477  }
478 
479  /* Generate the encryption key for this intro point. */
481  /* Figure out if this chosen node supports v3 or is legacy only.
482  * NULL nodes are used in the unit tests. */
483  if (!node_supports_ed25519_hs_intro(node)) {
484  ip->base.is_only_legacy = 1;
485  /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
486  ip->legacy_key = crypto_pk_new();
487  if (crypto_pk_generate_key(ip->legacy_key) < 0) {
488  goto err;
489  }
491  (char *) ip->legacy_key_digest) < 0) {
492  goto err;
493  }
494  }
495 
496  /* Flag if this intro point supports the INTRO2 dos defenses. */
499 
500  /* Finally, copy onion key from the node. */
501  memcpy(&ip->onion_key, node_get_curve25519_onion_key(node),
502  sizeof(ip->onion_key));
503 
504  done:
505  return ip;
506  err:
507  service_intro_point_free(ip);
508  return NULL;
509 }
510 
511 /** Add the given intro point object to the given intro point map. The intro
512  * point MUST have its RSA encryption key set if this is a legacy type or the
513  * authentication key set otherwise. */
514 STATIC void
516 {
517  hs_service_intro_point_t *old_ip_entry;
518 
519  tor_assert(map);
520  tor_assert(ip);
521 
522  old_ip_entry = digest256map_set(map, ip->auth_key_kp.pubkey.pubkey, ip);
523  /* Make sure we didn't just try to double-add an intro point */
524  tor_assert_nonfatal(!old_ip_entry);
525 }
526 
527 /** For a given service, remove the intro point from that service's descriptors
528  * (check both current and next descriptor) */
529 STATIC void
531  const hs_service_intro_point_t *ip)
532 {
533  tor_assert(service);
534  tor_assert(ip);
535 
536  /* Trying all descriptors. */
537  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
538  /* We'll try to remove the descriptor on both descriptors which is not
539  * very expensive to do instead of doing loopup + remove. */
540  digest256map_remove(desc->intro_points.map,
541  ip->auth_key_kp.pubkey.pubkey);
542  } FOR_EACH_DESCRIPTOR_END;
543 }
544 
545 /** For a given service and authentication key, return the intro point or NULL
546  * if not found. This will check both descriptors in the service. */
549  const ed25519_public_key_t *auth_key)
550 {
551  hs_service_intro_point_t *ip = NULL;
552 
553  tor_assert(service);
554  tor_assert(auth_key);
555 
556  /* Trying all descriptors to find the right intro point.
557  *
558  * Even if we use the same node as intro point in both descriptors, the node
559  * will have a different intro auth key for each descriptor since we generate
560  * a new one everytime we pick an intro point.
561  *
562  * After #22893 gets implemented, intro points will be moved to be
563  * per-service instead of per-descriptor so this function will need to
564  * change.
565  */
566  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
567  if ((ip = digest256map_get(desc->intro_points.map,
568  auth_key->pubkey)) != NULL) {
569  break;
570  }
571  } FOR_EACH_DESCRIPTOR_END;
572 
573  return ip;
574 }
575 
576 /** For a given service and intro point, return the descriptor for which the
577  * intro point is assigned to. NULL is returned if not found. */
580  const hs_service_intro_point_t *ip)
581 {
582  hs_service_descriptor_t *descp = NULL;
583 
584  tor_assert(service);
585  tor_assert(ip);
586 
587  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
588  if (digest256map_get(desc->intro_points.map,
589  ip->auth_key_kp.pubkey.pubkey)) {
590  descp = desc;
591  break;
592  }
593  } FOR_EACH_DESCRIPTOR_END;
594 
595  return descp;
596 }
597 
598 /** From a circuit identifier, get all the possible objects associated with the
599  * ident. If not NULL, service, ip or desc are set if the object can be found.
600  * They are untouched if they can't be found.
601  *
602  * This is an helper function because we do those lookups often so it's more
603  * convenient to simply call this functions to get all the things at once. */
604 STATIC void
606  hs_service_t **service, hs_service_intro_point_t **ip,
608 {
609  hs_service_t *s;
610 
611  tor_assert(ident);
612 
613  /* Get service object from the circuit identifier. */
614  s = find_service(hs_service_map, &ident->identity_pk);
615  if (s && service) {
616  *service = s;
617  }
618 
619  /* From the service object, get the intro point object of that circuit. The
620  * following will query both descriptors intro points list. */
621  if (s && ip) {
622  *ip = service_intro_point_find(s, &ident->intro_auth_pk);
623  }
624 
625  /* Get the descriptor for this introduction point and service. */
626  if (s && ip && *ip && desc) {
627  *desc = service_desc_find_by_intro(s, *ip);
628  }
629 }
630 
631 /** From a given intro point, return the first link specifier of type
632  * encountered in the link specifier list. Return NULL if it can't be found.
633  *
634  * The caller does NOT have ownership of the object, the intro point does. */
635 static link_specifier_t *
637 {
638  link_specifier_t *lnk_spec = NULL;
639 
640  tor_assert(ip);
641 
643  link_specifier_t *, ls) {
644  if (link_specifier_get_ls_type(ls) == type) {
645  lnk_spec = ls;
646  goto end;
647  }
648  } SMARTLIST_FOREACH_END(ls);
649 
650  end:
651  return lnk_spec;
652 }
653 
654 /** Given a service intro point, return the node_t associated to it. This can
655  * return NULL if the given intro point has no legacy ID or if the node can't
656  * be found in the consensus. */
657 STATIC const node_t *
659 {
660  const link_specifier_t *ls;
661 
662  tor_assert(ip);
663 
664  ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
665  if (BUG(!ls)) {
666  return NULL;
667  }
668  /* XXX In the future, we want to only use the ed25519 ID (#22173). */
669  return node_get_by_id(
670  (const char *) link_specifier_getconstarray_un_legacy_id(ls));
671 }
672 
673 /** Given a service intro point, return the extend_info_t for it. This can
674  * return NULL if the node can't be found for the intro point or the extend
675  * info can't be created for the found node. If direct_conn is set, the extend
676  * info is validated on if we can connect directly. */
677 static extend_info_t *
679  unsigned int direct_conn)
680 {
681  extend_info_t *info = NULL;
682  const node_t *node;
683 
684  tor_assert(ip);
685 
686  node = get_node_from_intro_point(ip);
687  if (node == NULL) {
688  /* This can happen if the relay serving as intro point has been removed
689  * from the consensus. In that case, the intro point will be removed from
690  * the descriptor during the scheduled events. */
691  goto end;
692  }
693 
694  /* In the case of a direct connection (single onion service), it is possible
695  * our firewall policy won't allow it so this can return a NULL value. */
696  info = extend_info_from_node(node, direct_conn);
697 
698  end:
699  return info;
700 }
701 
702 /** Return the number of introduction points that are established for the
703  * given descriptor. */
704 static unsigned int
706 {
707  unsigned int count = 0;
708 
709  tor_assert(desc);
710 
711  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
712  const hs_service_intro_point_t *, ip) {
714  } DIGEST256MAP_FOREACH_END;
715 
716  return count;
717 }
718 
719 /** For a given service and descriptor of that service, close all active
720  * directory connections. */
721 static void
723  const hs_service_descriptor_t *desc)
724 {
725  unsigned int count = 0;
726  smartlist_t *dir_conns;
727 
728  tor_assert(service);
729  tor_assert(desc);
730 
731  /* Close pending HS desc upload connections for the blinded key of 'desc'. */
732  dir_conns = connection_list_by_type_purpose(CONN_TYPE_DIR,
734  SMARTLIST_FOREACH_BEGIN(dir_conns, connection_t *, conn) {
735  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
736  if (ed25519_pubkey_eq(&dir_conn->hs_ident->identity_pk,
737  &service->keys.identity_pk) &&
738  ed25519_pubkey_eq(&dir_conn->hs_ident->blinded_pk,
739  &desc->blinded_kp.pubkey)) {
740  connection_mark_for_close(conn);
741  count++;
742  continue;
743  }
744  } SMARTLIST_FOREACH_END(conn);
745 
746  log_info(LD_REND, "Closed %u active service directory connections for "
747  "descriptor %s of service %s",
748  count, safe_str_client(ed25519_fmt(&desc->blinded_kp.pubkey)),
749  safe_str_client(service->onion_address));
750  /* We don't have ownership of the objects in this list. */
751  smartlist_free(dir_conns);
752 }
753 
754 /** Close all rendezvous circuits for the given service. */
755 static void
757 {
758  origin_circuit_t *ocirc = NULL;
759 
760  tor_assert(service);
761 
762  /* The reason we go over all circuit instead of using the circuitmap API is
763  * because most hidden service circuits are rendezvous circuits so there is
764  * no real improvement at getting all rendezvous circuits from the
765  * circuitmap and then going over them all to find the right ones.
766  * Furthermore, another option would have been to keep a list of RP cookies
767  * for a service but it creates an engineering complexity since we don't
768  * have a "RP circuit closed" event to clean it up properly so we avoid a
769  * memory DoS possibility. */
770 
771  while ((ocirc = circuit_get_next_service_rp_circ(ocirc))) {
772  /* Only close circuits that are v3 and for this service. */
773  if (ocirc->hs_ident != NULL &&
775  &service->keys.identity_pk)) {
776  /* Reason is FINISHED because service has been removed and thus the
777  * circuit is considered old/uneeded. When freed, it is removed from the
778  * hs circuitmap. */
779  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
780  }
781  }
782 }
783 
784 /** Close the circuit(s) for the given map of introduction points. */
785 static void
787 {
788  tor_assert(intro_points);
789 
790  DIGEST256MAP_FOREACH(intro_points->map, key,
791  const hs_service_intro_point_t *, ip) {
793  if (ocirc) {
794  /* Reason is FINISHED because service has been removed and thus the
795  * circuit is considered old/uneeded. When freed, the circuit is removed
796  * from the HS circuitmap. */
797  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
798  }
799  } DIGEST256MAP_FOREACH_END;
800 }
801 
802 /** Close all introduction circuits for the given service. */
803 static void
805 {
806  tor_assert(service);
807 
808  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
809  close_intro_circuits(&desc->intro_points);
810  } FOR_EACH_DESCRIPTOR_END;
811 }
812 
813 /** Close any circuits related to the given service. */
814 static void
816 {
817  tor_assert(service);
818 
819  /* Only support for version >= 3. */
820  if (BUG(service->config.version < HS_VERSION_THREE)) {
821  return;
822  }
823  /* Close intro points. */
825  /* Close rendezvous points. */
826  close_service_rp_circuits(service);
827 }
828 
829 /** Move every ephemeral services from the src service map to the dst service
830  * map. It is possible that a service can't be register to the dst map which
831  * won't stop the process of moving them all but will trigger a log warn. */
832 static void
833 move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
834 {
835  hs_service_t **iter, **next;
836 
837  tor_assert(src);
838  tor_assert(dst);
839 
840  /* Iterate over the map to find ephemeral service and move them to the other
841  * map. We loop using this method to have a safe removal process. */
842  for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
843  hs_service_t *s = *iter;
844  if (!s->config.is_ephemeral) {
845  /* Yeah, we are in a very manual loop :). */
846  next = HT_NEXT(hs_service_ht, src, iter);
847  continue;
848  }
849  /* Remove service from map and then register to it to the other map.
850  * Reminder that "*iter" and "s" are the same thing. */
851  next = HT_NEXT_RMV(hs_service_ht, src, iter);
852  if (register_service(dst, s) < 0) {
853  log_warn(LD_BUG, "Ephemeral service key is already being used. "
854  "Skipping.");
855  }
856  }
857 }
858 
859 /** Return a const string of the directory path escaped. If this is an
860  * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
861  * the main thread because escaped() uses a static variable. */
862 static const char *
864 {
865  return (s->config.is_ephemeral) ? "[EPHEMERAL]" :
867 }
868 
869 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
870  * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
871 static void
872 move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
873 {
874  tor_assert(src_service);
875  tor_assert(dst_service);
876 
877  hs_service_state_t *src = &src_service->state;
878  hs_service_state_t *dst = &dst_service->state;
879 
880  /* Let's do a shallow copy */
883  /* Freeing a NULL replaycache triggers an info LD_BUG. */
884  if (dst->replay_cache_rend_cookie != NULL) {
886  }
889 
890  src->replay_cache_rend_cookie = NULL; /* steal pointer reference */
891 }
892 
893 /** Register services that are in the staging list. Once this function returns,
894  * the global service map will be set with the right content and all non
895  * surviving services will be cleaned up. */
896 static void
898 {
899  struct hs_service_ht *new_service_map;
900 
902 
903  /* Allocate a new map that will replace the current one. */
904  new_service_map = tor_malloc_zero(sizeof(*new_service_map));
905  HT_INIT(hs_service_ht, new_service_map);
906 
907  /* First step is to transfer all ephemeral services from the current global
908  * map to the new one we are constructing. We do not prune ephemeral
909  * services as the only way to kill them is by deleting it from the control
910  * port or stopping the tor daemon. */
911  move_ephemeral_services(hs_service_map, new_service_map);
912 
914  hs_service_t *s;
915 
916  /* Check if that service is already in our global map and if so, we'll
917  * transfer the intro points to it. */
918  s = find_service(hs_service_map, &snew->keys.identity_pk);
919  if (s) {
920  /* Pass ownership of the descriptors from s (the current service) to
921  * snew (the newly configured one). */
922  move_descriptors(s, snew);
923  move_hs_state(s, snew);
924  /* Remove the service from the global map because after this, we need to
925  * go over the remaining service in that map that aren't surviving the
926  * reload to close their circuits. */
928  hs_service_free(s);
929  }
930  /* Great, this service is now ready to be added to our new map. */
931  if (BUG(register_service(new_service_map, snew) < 0)) {
932  /* This should never happen because prior to registration, we validate
933  * every service against the entire set. Not being able to register a
934  * service means we failed to validate correctly. In that case, don't
935  * break tor and ignore the service but tell user. */
936  log_warn(LD_BUG, "Unable to register service with directory %s",
937  service_escaped_dir(snew));
939  hs_service_free(snew);
940  }
941  } SMARTLIST_FOREACH_END(snew);
942 
943  /* Close any circuits associated with the non surviving services. Every
944  * service in the current global map are roaming. */
945  FOR_EACH_SERVICE_BEGIN(service) {
946  close_service_circuits(service);
947  } FOR_EACH_SERVICE_END;
948 
949  /* Time to make the switch. We'll clear the staging list because its content
950  * has now changed ownership to the map. */
953  hs_service_map = new_service_map;
954  /* We've just register services into the new map and now we've replaced the
955  * global map with it so we have to notify that the change happened. When
956  * registering a service, the notify is only triggered if the destination
957  * map is the global map for which in here it was not. */
959 }
960 
961 /** Write the onion address of a given service to the given filename fname_ in
962  * the service directory. Return 0 on success else -1 on error. */
963 STATIC int
964 write_address_to_file(const hs_service_t *service, const char *fname_)
965 {
966  int ret = -1;
967  char *fname = NULL;
968  char *addr_buf = NULL;
969 
970  tor_assert(service);
971  tor_assert(fname_);
972 
973  /* Construct the full address with the onion tld and write the hostname file
974  * to disk. */
975  tor_asprintf(&addr_buf, "%s.%s\n", service->onion_address, address_tld);
976  /* Notice here that we use the given "fname_". */
977  fname = hs_path_from_filename(service->config.directory_path, fname_);
978  if (write_str_to_file(fname, addr_buf, 0) < 0) {
979  log_warn(LD_REND, "Could not write onion address to hostname file %s",
980  escaped(fname));
981  goto end;
982  }
983 
984 #ifndef _WIN32
985  if (service->config.dir_group_readable) {
986  /* Mode to 0640. */
987  if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
988  log_warn(LD_FS, "Unable to make onion service hostname file %s "
989  "group-readable.", escaped(fname));
990  }
991  }
992 #endif /* !defined(_WIN32) */
993 
994  /* Success. */
995  ret = 0;
996  end:
997  tor_free(fname);
998  tor_free(addr_buf);
999  return ret;
1000 }
1001 
1002 /** Load and/or generate private keys for the given service. On success, the
1003  * hostname file will be written to disk along with the master private key iff
1004  * the service is not configured for offline keys. Return 0 on success else -1
1005  * on failure. */
1006 static int
1008 {
1009  int ret = -1;
1010  char *fname = NULL;
1011  ed25519_keypair_t *kp;
1012  const hs_service_config_t *config;
1013 
1014  tor_assert(service);
1015 
1016  config = &service->config;
1017 
1018  /* Create and fix permission on service directory. We are about to write
1019  * files to that directory so make sure it exists and has the right
1020  * permissions. We do this here because at this stage we know that Tor is
1021  * actually running and the service we have has been validated. */
1023  config->directory_path,
1024  config->dir_group_readable, 1) < 0) {
1025  goto end;
1026  }
1027 
1028  /* Try to load the keys from file or generate it if not found. */
1029  fname = hs_path_from_filename(config->directory_path, fname_keyfile_prefix);
1030  /* Don't ask for key creation, we want to know if we were able to load it or
1031  * we had to generate it. Better logging! */
1032  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT, LOG_INFO, NULL, 0, 0,
1033  0, NULL, NULL);
1034  if (!kp) {
1035  log_info(LD_REND, "Unable to load keys from %s. Generating it...", fname);
1036  /* We'll now try to generate the keys and for it we want the strongest
1037  * randomness for it. The keypair will be written in different files. */
1038  uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1039  INIT_ED_KEY_SPLIT;
1040  kp = ed_key_init_from_file(fname, key_flags, LOG_WARN, NULL, 0, 0, 0,
1041  NULL, NULL);
1042  if (!kp) {
1043  log_warn(LD_REND, "Unable to generate keys and save in %s.", fname);
1044  goto end;
1045  }
1046  }
1047 
1048  /* Copy loaded or generated keys to service object. */
1049  ed25519_pubkey_copy(&service->keys.identity_pk, &kp->pubkey);
1050  memcpy(&service->keys.identity_sk, &kp->seckey,
1051  sizeof(service->keys.identity_sk));
1052  /* This does a proper memory wipe. */
1053  ed25519_keypair_free(kp);
1054 
1055  /* Build onion address from the newly loaded keys. */
1056  tor_assert(service->config.version <= UINT8_MAX);
1057  hs_build_address(&service->keys.identity_pk,
1058  (uint8_t) service->config.version,
1059  service->onion_address);
1060 
1061  /* Write onion address to hostname file. */
1062  if (write_address_to_file(service, fname_hostname) < 0) {
1063  goto end;
1064  }
1065 
1066  /* Load all client authorization keys in the service. */
1067  if (load_client_keys(service) < 0) {
1068  goto end;
1069  }
1070 
1071  /* Succes. */
1072  ret = 0;
1073  end:
1074  tor_free(fname);
1075  return ret;
1076 }
1077 
1078 /** Check if the client file name is valid or not. Return 1 if valid,
1079  * otherwise return 0. */
1080 STATIC int
1081 client_filename_is_valid(const char *filename)
1082 {
1083  int ret = 1;
1084  const char *valid_extension = ".auth";
1085 
1086  tor_assert(filename);
1087 
1088  /* The file extension must match and the total filename length can't be the
1089  * length of the extension else we do not have a filename. */
1090  if (!strcmpend(filename, valid_extension) &&
1091  strlen(filename) != strlen(valid_extension)) {
1092  ret = 1;
1093  } else {
1094  ret = 0;
1095  }
1096 
1097  return ret;
1098 }
1099 
1100 /** Parse an authorized client from a string. The format of a client string
1101  * looks like (see rend-spec-v3.txt):
1102  *
1103  * <auth-type>:<key-type>:<base32-encoded-public-key>
1104  *
1105  * The <auth-type> can only be "descriptor".
1106  * The <key-type> can only be "x25519".
1107  *
1108  * Return the key on success, return NULL, otherwise. */
1110 parse_authorized_client(const char *client_key_str)
1111 {
1112  char *auth_type = NULL;
1113  char *key_type = NULL;
1114  char *pubkey_b32 = NULL;
1115  hs_service_authorized_client_t *client = NULL;
1116  smartlist_t *fields = smartlist_new();
1117 
1118  tor_assert(client_key_str);
1119 
1120  smartlist_split_string(fields, client_key_str, ":",
1121  SPLIT_SKIP_SPACE, 0);
1122  /* Wrong number of fields. */
1123  if (smartlist_len(fields) != 3) {
1124  log_warn(LD_REND, "Unknown format of client authorization file.");
1125  goto err;
1126  }
1127 
1128  auth_type = smartlist_get(fields, 0);
1129  key_type = smartlist_get(fields, 1);
1130  pubkey_b32 = smartlist_get(fields, 2);
1131 
1132  /* Currently, the only supported auth type is "descriptor". */
1133  if (strcmp(auth_type, "descriptor")) {
1134  log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
1135  auth_type);
1136  goto err;
1137  }
1138 
1139  /* Currently, the only supported key type is "x25519". */
1140  if (strcmp(key_type, "x25519")) {
1141  log_warn(LD_REND, "Client authorization key type '%s' not supported.",
1142  key_type);
1143  goto err;
1144  }
1145 
1146  /* We expect a specific length of the base32 encoded key so make sure we
1147  * have that so we don't successfully decode a value with a different length
1148  * and end up in trouble when copying the decoded key into a fixed length
1149  * buffer. */
1150  if (strlen(pubkey_b32) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) {
1151  log_warn(LD_REND, "Client authorization encoded base32 public key "
1152  "length is invalid: %s", pubkey_b32);
1153  goto err;
1154  }
1155 
1156  client = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1157  if (base32_decode((char *) client->client_pk.public_key,
1158  sizeof(client->client_pk.public_key),
1159  pubkey_b32, strlen(pubkey_b32)) !=
1160  sizeof(client->client_pk.public_key)) {
1161  log_warn(LD_REND, "Client authorization public key cannot be decoded: %s",
1162  pubkey_b32);
1163  goto err;
1164  }
1165 
1166  /* Success. */
1167  goto done;
1168 
1169  err:
1170  service_authorized_client_free(client);
1171  done:
1172  /* It is also a good idea to wipe the public key. */
1173  if (pubkey_b32) {
1174  memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1175  }
1176  tor_assert(fields);
1177  SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
1178  smartlist_free(fields);
1179  return client;
1180 }
1181 
1182 /** Load all the client public keys for the given service. Return 0 on
1183  * success else -1 on failure. */
1184 static int
1186 {
1187  int ret = -1;
1188  char *client_key_str = NULL;
1189  char *client_key_file_path = NULL;
1190  char *client_keys_dir_path = NULL;
1191  hs_service_config_t *config;
1192  smartlist_t *file_list = NULL;
1193 
1194  tor_assert(service);
1195 
1196  config = &service->config;
1197 
1198  /* Before calling this function, we already call load_service_keys to make
1199  * sure that the directory exists with the right permission. So, if we
1200  * cannot create a client pubkey key directory, we consider it as a bug. */
1201  client_keys_dir_path = hs_path_from_filename(config->directory_path,
1202  dname_client_pubkeys);
1203  if (BUG(hs_check_service_private_dir(get_options()->User,
1204  client_keys_dir_path,
1205  config->dir_group_readable, 1) < 0)) {
1206  goto end;
1207  }
1208 
1209  /* If the list of clients already exists, we must clear it first. */
1210  if (config->clients) {
1212  service_authorized_client_free(p));
1213  smartlist_free(config->clients);
1214  }
1215 
1216  config->clients = smartlist_new();
1217 
1218  file_list = tor_listdir(client_keys_dir_path);
1219  if (file_list == NULL) {
1220  log_warn(LD_REND, "Client authorization directory %s can't be listed.",
1221  client_keys_dir_path);
1222  goto end;
1223  }
1224 
1225  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1226  hs_service_authorized_client_t *client = NULL;
1227  log_info(LD_REND, "Loading a client authorization key file %s...",
1228  filename);
1229 
1230  if (!client_filename_is_valid(filename)) {
1231  log_warn(LD_REND, "Client authorization unrecognized filename %s. "
1232  "File must end in .auth. Ignoring.", filename);
1233  continue;
1234  }
1235 
1236  /* Create a full path for a file. */
1237  client_key_file_path = hs_path_from_filename(client_keys_dir_path,
1238  filename);
1239  client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1240 
1241  /* If we cannot read the file, continue with the next file. */
1242  if (!client_key_str) {
1243  log_warn(LD_REND, "Client authorization file %s can't be read. "
1244  "Corrupted or verify permission? Ignoring.",
1245  client_key_file_path);
1246  tor_free(client_key_file_path);
1247  continue;
1248  }
1249  tor_free(client_key_file_path);
1250 
1251  client = parse_authorized_client(client_key_str);
1252  /* Wipe and free immediately after using it. */
1253  memwipe(client_key_str, 0, strlen(client_key_str));
1254  tor_free(client_key_str);
1255 
1256  if (client) {
1257  smartlist_add(config->clients, client);
1258  log_info(LD_REND, "Loaded a client authorization key file %s.",
1259  filename);
1260  }
1261 
1262  } SMARTLIST_FOREACH_END(filename);
1263 
1264  /* If the number of clients is greater than zero, set the flag to be true. */
1265  if (smartlist_len(config->clients) > 0) {
1266  config->is_client_auth_enabled = 1;
1267  }
1268 
1269  /* Success. */
1270  ret = 0;
1271  end:
1272  if (client_key_str) {
1273  memwipe(client_key_str, 0, strlen(client_key_str));
1274  }
1275  if (file_list) {
1276  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1277  smartlist_free(file_list);
1278  }
1279  tor_free(client_key_str);
1280  tor_free(client_key_file_path);
1281  tor_free(client_keys_dir_path);
1282  return ret;
1283 }
1284 
1285 /** Release all storage held in <b>client</b>. */
1286 STATIC void
1288 {
1289  if (!client) {
1290  return;
1291  }
1292  memwipe(&client->client_pk, 0, sizeof(client->client_pk));
1293  tor_free(client);
1294 }
1295 
1296 /** Free a given service descriptor object and all key material is wiped. */
1297 STATIC void
1299 {
1300  if (!desc) {
1301  return;
1302  }
1303  hs_descriptor_free(desc->desc);
1304  memwipe(&desc->signing_kp, 0, sizeof(desc->signing_kp));
1305  memwipe(&desc->blinded_kp, 0, sizeof(desc->blinded_kp));
1306  /* Cleanup all intro points. */
1307  digest256map_free(desc->intro_points.map, service_intro_point_free_void);
1308  digestmap_free(desc->intro_points.failed_id, tor_free_);
1309  if (desc->previous_hsdirs) {
1310  SMARTLIST_FOREACH(desc->previous_hsdirs, char *, s, tor_free(s));
1311  smartlist_free(desc->previous_hsdirs);
1312  }
1313  crypto_ope_free(desc->ope_cipher);
1314  tor_free(desc);
1315 }
1316 
1317 /** Return a newly allocated service descriptor object. */
1320 {
1321  hs_service_descriptor_t *sdesc = tor_malloc_zero(sizeof(*sdesc));
1322  sdesc->desc = tor_malloc_zero(sizeof(hs_descriptor_t));
1323  /* Initialize the intro points map. */
1324  sdesc->intro_points.map = digest256map_new();
1325  sdesc->intro_points.failed_id = digestmap_new();
1326  sdesc->previous_hsdirs = smartlist_new();
1327  return sdesc;
1328 }
1329 
1330 /** Allocate and return a deep copy of client. */
1333 {
1334  hs_service_authorized_client_t *client_dup = NULL;
1335 
1336  tor_assert(client);
1337 
1338  client_dup = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1339  /* Currently, the public key is the only component of
1340  * hs_service_authorized_client_t. */
1341  memcpy(client_dup->client_pk.public_key,
1342  client->client_pk.public_key,
1344 
1345  return client_dup;
1346 }
1347 
1348 /** If two authorized clients are equal, return 0. If the first one should come
1349  * before the second, return less than zero. If the first should come after
1350  * the second, return greater than zero. */
1351 static int
1353  const hs_service_authorized_client_t *client2)
1354 {
1355  tor_assert(client1);
1356  tor_assert(client2);
1357 
1358  /* Currently, the public key is the only component of
1359  * hs_service_authorized_client_t. */
1360  return tor_memcmp(client1->client_pk.public_key,
1361  client2->client_pk.public_key,
1363 }
1364 
1365 /** Helper for sorting authorized clients. */
1366 static int
1367 compare_service_authorzized_client_(const void **_a, const void **_b)
1368 {
1369  const hs_service_authorized_client_t *a = *_a, *b = *_b;
1370  return service_authorized_client_cmp(a, b);
1371 }
1372 
1373 /** If the list of hs_service_authorized_client_t's is different between
1374  * src and dst, return 1. Otherwise, return 0. */
1375 STATIC int
1377  const hs_service_config_t *config2)
1378 {
1379  int ret = 0;
1380  int i;
1381  smartlist_t *sl1 = smartlist_new();
1382  smartlist_t *sl2 = smartlist_new();
1383 
1384  tor_assert(config1);
1385  tor_assert(config2);
1386  tor_assert(config1->clients);
1387  tor_assert(config2->clients);
1388 
1389  /* If the number of clients is different, it is obvious that the list
1390  * changes. */
1391  if (smartlist_len(config1->clients) != smartlist_len(config2->clients)) {
1392  goto done;
1393  }
1394 
1395  /* We do not want to mutate config1 and config2, so we will duplicate both
1396  * entire client lists here. */
1397  SMARTLIST_FOREACH(config1->clients,
1400 
1401  SMARTLIST_FOREACH(config2->clients,
1404 
1407 
1408  for (i = 0; i < smartlist_len(sl1); i++) {
1409  /* If the clients at index i in both lists differ, the whole configs
1410  * differ. */
1411  if (service_authorized_client_cmp(smartlist_get(sl1, i),
1412  smartlist_get(sl2, i))) {
1413  goto done;
1414  }
1415  }
1416 
1417  /* Success. */
1418  ret = 1;
1419 
1420  done:
1421  if (sl1) {
1423  service_authorized_client_free(p));
1424  smartlist_free(sl1);
1425  }
1426  if (sl2) {
1428  service_authorized_client_free(p));
1429  smartlist_free(sl2);
1430  }
1431  return ret;
1432 }
1433 
1434 /** Move descriptor(s) from the src service to the dst service and modify their
1435  * content if necessary. We do this during SIGHUP when we re-create our
1436  * hidden services. */
1437 static void
1439 {
1440  tor_assert(src);
1441  tor_assert(dst);
1442 
1443  if (src->desc_current) {
1444  /* Nothing should be there, but clean it up just in case */
1445  if (BUG(dst->desc_current)) {
1446  service_descriptor_free(dst->desc_current);
1447  }
1448  dst->desc_current = src->desc_current;
1449  src->desc_current = NULL;
1450  }
1451 
1452  if (src->desc_next) {
1453  /* Nothing should be there, but clean it up just in case */
1454  if (BUG(dst->desc_next)) {
1455  service_descriptor_free(dst->desc_next);
1456  }
1457  dst->desc_next = src->desc_next;
1458  src->desc_next = NULL;
1459  }
1460 
1461  /* If the client authorization changes, we must rebuild the superencrypted
1462  * section and republish the descriptors. */
1463  int client_auth_changed =
1465  if (client_auth_changed && dst->desc_current) {
1466  /* We have to clear the superencrypted content first. */
1469  if (build_service_desc_superencrypted(dst, dst->desc_current) < 0) {
1470  goto err;
1471  }
1472  service_desc_schedule_upload(dst->desc_current, time(NULL), 1);
1473  }
1474  if (client_auth_changed && dst->desc_next) {
1475  /* We have to clear the superencrypted content first. */
1478  if (build_service_desc_superencrypted(dst, dst->desc_next) < 0) {
1479  goto err;
1480  }
1481  service_desc_schedule_upload(dst->desc_next, time(NULL), 1);
1482  }
1483 
1484  return;
1485 
1486  err:
1487  /* If there is an error, free all descriptors to make it clean and generate
1488  * them later. */
1489  service_descriptor_free(dst->desc_current);
1490  service_descriptor_free(dst->desc_next);
1491 }
1492 
1493 /** From the given service, remove all expired failing intro points for each
1494  * descriptor. */
1495 static void
1497 {
1498  tor_assert(service);
1499 
1500  /* For both descriptors, cleanup the failing intro points list. */
1501  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
1502  DIGESTMAP_FOREACH_MODIFY(desc->intro_points.failed_id, key, time_t *, t) {
1503  time_t failure_time = *t;
1504  if ((failure_time + INTRO_CIRC_RETRY_PERIOD) <= now) {
1505  MAP_DEL_CURRENT(key);
1506  tor_free(t);
1507  }
1509  } FOR_EACH_DESCRIPTOR_END;
1510 }
1511 
1512 /** For the given descriptor desc, put all node_t object found from its failing
1513  * intro point list and put them in the given node_list. */
1514 static void
1516  smartlist_t *node_list)
1517 {
1518  tor_assert(desc);
1519  tor_assert(node_list);
1520 
1521  DIGESTMAP_FOREACH(desc->intro_points.failed_id, key, time_t *, t) {
1522  (void) t; /* Make gcc happy. */
1523  const node_t *node = node_get_by_id(key);
1524  if (node) {
1525  smartlist_add(node_list, (void *) node);
1526  }
1528 }
1529 
1530 /** For the given failing intro point ip, we add its time of failure to the
1531  * failed map and index it by identity digest (legacy ID) in the descriptor
1532  * desc failed id map. */
1533 static void
1535  hs_service_descriptor_t *desc, time_t now)
1536 {
1537  time_t *time_of_failure, *prev_ptr;
1538  const link_specifier_t *legacy_ls;
1539 
1540  tor_assert(ip);
1541  tor_assert(desc);
1542 
1543  time_of_failure = tor_malloc_zero(sizeof(time_t));
1544  *time_of_failure = now;
1545  legacy_ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
1546  tor_assert(legacy_ls);
1547  prev_ptr = digestmap_set(
1548  desc->intro_points.failed_id,
1549  (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1550  time_of_failure);
1551  tor_free(prev_ptr);
1552 }
1553 
1554 /** Using a given descriptor signing keypair signing_kp, a service intro point
1555  * object ip and the time now, setup the content of an already allocated
1556  * descriptor intro desc_ip.
1557  *
1558  * Return 0 on success else a negative value. */
1559 static int
1561  const hs_service_intro_point_t *ip,
1562  time_t now, hs_desc_intro_point_t *desc_ip)
1563 {
1564  int ret = -1;
1565  time_t nearest_hour = now - (now % 3600);
1566 
1567  tor_assert(signing_kp);
1568  tor_assert(ip);
1569  tor_assert(desc_ip);
1570 
1571  /* Copy the onion key. */
1572  memcpy(&desc_ip->onion_key, &ip->onion_key, sizeof(desc_ip->onion_key));
1573 
1574  /* Key and certificate material. */
1575  desc_ip->auth_key_cert = tor_cert_create(signing_kp,
1576  CERT_TYPE_AUTH_HS_IP_KEY,
1577  &ip->auth_key_kp.pubkey,
1578  nearest_hour,
1580  CERT_FLAG_INCLUDE_SIGNING_KEY);
1581  if (desc_ip->auth_key_cert == NULL) {
1582  log_warn(LD_REND, "Unable to create intro point auth-key certificate");
1583  goto done;
1584  }
1585 
1586  /* Copy link specifier(s). */
1588  const link_specifier_t *, ls) {
1589  if (BUG(!ls)) {
1590  goto done;
1591  }
1592  link_specifier_t *copy = link_specifier_dup(ls);
1593  if (BUG(!copy)) {
1594  goto done;
1595  }
1596  smartlist_add(desc_ip->link_specifiers, copy);
1597  } SMARTLIST_FOREACH_END(ls);
1598 
1599  /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1600  if (ip->base.is_only_legacy) {
1601  desc_ip->legacy.key = crypto_pk_dup_key(ip->legacy_key);
1602  /* Create cross certification cert. */
1603  ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
1604  &signing_kp->pubkey,
1605  desc_ip->legacy.key,
1606  nearest_hour + HS_DESC_CERT_LIFETIME,
1607  &desc_ip->legacy.cert.encoded);
1608  if (cert_len < 0) {
1609  log_warn(LD_REND, "Unable to create enc key legacy cross cert.");
1610  goto done;
1611  }
1612  desc_ip->legacy.cert.len = cert_len;
1613  }
1614 
1615  /* Encryption key and its cross certificate. */
1616  {
1617  ed25519_public_key_t ed25519_pubkey;
1618 
1619  /* Use the public curve25519 key. */
1620  memcpy(&desc_ip->enc_key, &ip->enc_key_kp.pubkey,
1621  sizeof(desc_ip->enc_key));
1622  /* The following can't fail. */
1624  &ip->enc_key_kp.pubkey,
1625  0);
1626  desc_ip->enc_key_cert = tor_cert_create(signing_kp,
1627  CERT_TYPE_CROSS_HS_IP_KEYS,
1628  &ed25519_pubkey, nearest_hour,
1630  CERT_FLAG_INCLUDE_SIGNING_KEY);
1631  if (desc_ip->enc_key_cert == NULL) {
1632  log_warn(LD_REND, "Unable to create enc key curve25519 cross cert.");
1633  goto done;
1634  }
1635  }
1636  /* Success. */
1637  ret = 0;
1638 
1639  done:
1640  return ret;
1641 }
1642 
1643 /** Using the given descriptor from the given service, build the descriptor
1644  * intro point list so we can then encode the descriptor for publication. This
1645  * function does not pick intro points, they have to be in the descriptor
1646  * current map. Cryptographic material (keys) must be initialized in the
1647  * descriptor for this function to make sense. */
1648 static void
1650  hs_service_descriptor_t *desc, time_t now)
1651 {
1652  hs_desc_encrypted_data_t *encrypted;
1653 
1654  tor_assert(service);
1655  tor_assert(desc);
1656 
1657  /* Ease our life. */
1658  encrypted = &desc->desc->encrypted_data;
1659  /* Cleanup intro points, we are about to set them from scratch. */
1661 
1662  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
1663  const hs_service_intro_point_t *, ip) {
1665  /* Ignore un-established intro points. They can linger in that list
1666  * because their circuit has not opened and they haven't been removed
1667  * yet even though we have enough intro circuits.
1668  *
1669  * Due to #31561, it can stay in that list until rotation so this check
1670  * prevents to publish an intro point without a circuit. */
1671  continue;
1672  }
1674  if (setup_desc_intro_point(&desc->signing_kp, ip, now, desc_ip) < 0) {
1675  hs_desc_intro_point_free(desc_ip);
1676  continue;
1677  }
1678  /* We have a valid descriptor intro point. Add it to the list. */
1679  smartlist_add(encrypted->intro_points, desc_ip);
1680  } DIGEST256MAP_FOREACH_END;
1681 }
1682 
1683 /** Build the descriptor signing key certificate. */
1684 static void
1686 {
1687  hs_desc_plaintext_data_t *plaintext;
1688 
1689  tor_assert(desc);
1690  tor_assert(desc->desc);
1691 
1692  /* Ease our life a bit. */
1693  plaintext = &desc->desc->plaintext_data;
1694 
1695  /* Get rid of what we have right now. */
1696  tor_cert_free(plaintext->signing_key_cert);
1697 
1698  /* Fresh certificate for the signing key. */
1699  plaintext->signing_key_cert =
1700  tor_cert_create(&desc->blinded_kp, CERT_TYPE_SIGNING_HS_DESC,
1701  &desc->signing_kp.pubkey, now, HS_DESC_CERT_LIFETIME,
1702  CERT_FLAG_INCLUDE_SIGNING_KEY);
1703  /* If the cert creation fails, the descriptor encoding will fail and thus
1704  * ultimately won't be uploaded. We'll get a stack trace to help us learn
1705  * where the call came from and the tor_cert_create() will log the error. */
1706  tor_assert_nonfatal(plaintext->signing_key_cert);
1707 }
1708 
1709 /** Populate the descriptor encrypted section from the given service object.
1710  * This will generate a valid list of introduction points that can be used
1711  * after for circuit creation. Return 0 on success else -1 on error. */
1712 static int
1715 {
1716  hs_desc_encrypted_data_t *encrypted;
1717 
1718  tor_assert(service);
1719  tor_assert(desc);
1720 
1721  encrypted = &desc->desc->encrypted_data;
1722 
1723  encrypted->create2_ntor = 1;
1724  encrypted->single_onion_service = service->config.is_single_onion;
1725 
1726  /* Setup introduction points from what we have in the service. */
1727  if (encrypted->intro_points == NULL) {
1728  encrypted->intro_points = smartlist_new();
1729  }
1730  /* We do NOT build introduction point yet, we only do that once the circuit
1731  * have been opened. Until we have the right number of introduction points,
1732  * we do not encode anything in the descriptor. */
1733 
1734  /* XXX: Support client authorization (#20700). */
1735  encrypted->intro_auth_types = NULL;
1736  return 0;
1737 }
1738 
1739 /** Populate the descriptor superencrypted section from the given service
1740  * object. This will generate a valid list of hs_desc_authorized_client_t
1741  * of clients that are authorized to use the service. Return 0 on success
1742  * else -1 on error. */
1743 static int
1746 {
1747  const hs_service_config_t *config;
1748  int i;
1749  hs_desc_superencrypted_data_t *superencrypted;
1750 
1751  tor_assert(service);
1752  tor_assert(desc);
1753 
1754  superencrypted = &desc->desc->superencrypted_data;
1755  config = &service->config;
1756 
1757  /* The ephemeral key pair is already generated, so this should not give
1758  * an error. */
1759  if (BUG(!curve25519_public_key_is_ok(&desc->auth_ephemeral_kp.pubkey))) {
1760  return -1;
1761  }
1762  memcpy(&superencrypted->auth_ephemeral_pubkey,
1763  &desc->auth_ephemeral_kp.pubkey,
1764  sizeof(curve25519_public_key_t));
1765 
1766  /* Test that subcred is not zero because we might use it below */
1767  if (BUG(fast_mem_is_zero((char*)desc->desc->subcredential, DIGEST256_LEN))) {
1768  return -1;
1769  }
1770 
1771  /* Create a smartlist to store clients */
1772  superencrypted->clients = smartlist_new();
1773 
1774  /* We do not need to build the desc authorized client if the client
1775  * authorization is disabled */
1776  if (config->is_client_auth_enabled) {
1778  hs_service_authorized_client_t *, client) {
1779  hs_desc_authorized_client_t *desc_client;
1780  desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
1781 
1782  /* Prepare the client for descriptor and then add to the list in the
1783  * superencrypted part of the descriptor */
1785  &client->client_pk,
1786  &desc->auth_ephemeral_kp.seckey,
1787  desc->descriptor_cookie, desc_client);
1788  smartlist_add(superencrypted->clients, desc_client);
1789 
1790  } SMARTLIST_FOREACH_END(client);
1791  }
1792 
1793  /* We cannot let the number of auth-clients to be zero, so we need to
1794  * make it be 16. If it is already a multiple of 16, we do not need to
1795  * do anything. Otherwise, add the additional ones to make it a
1796  * multiple of 16. */
1797  int num_clients = smartlist_len(superencrypted->clients);
1798  int num_clients_to_add;
1799  if (num_clients == 0) {
1800  num_clients_to_add = HS_DESC_AUTH_CLIENT_MULTIPLE;
1801  } else if (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE == 0) {
1802  num_clients_to_add = 0;
1803  } else {
1804  num_clients_to_add =
1806  - (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE);
1807  }
1808 
1809  for (i = 0; i < num_clients_to_add; i++) {
1810  hs_desc_authorized_client_t *desc_client =
1812  smartlist_add(superencrypted->clients, desc_client);
1813  }
1814 
1815  /* Shuffle the list to prevent the client know the position in the
1816  * config. */
1817  smartlist_shuffle(superencrypted->clients);
1818 
1819  return 0;
1820 }
1821 
1822 /** Populate the descriptor plaintext section from the given service object.
1823  * The caller must make sure that the keys in the descriptors are valid that
1824  * is are non-zero. This can't fail. */
1825 static void
1828 {
1829  hs_desc_plaintext_data_t *plaintext;
1830 
1831  tor_assert(service);
1832  tor_assert(desc);
1833  tor_assert(!fast_mem_is_zero((char *) &desc->blinded_kp,
1834  sizeof(desc->blinded_kp)));
1835  tor_assert(!fast_mem_is_zero((char *) &desc->signing_kp,
1836  sizeof(desc->signing_kp)));
1837 
1838  /* Set the subcredential. */
1839  hs_get_subcredential(&service->keys.identity_pk, &desc->blinded_kp.pubkey,
1840  desc->desc->subcredential);
1841 
1842  plaintext = &desc->desc->plaintext_data;
1843 
1844  plaintext->version = service->config.version;
1846  /* Copy public key material to go in the descriptor. */
1847  ed25519_pubkey_copy(&plaintext->signing_pubkey, &desc->signing_kp.pubkey);
1848  ed25519_pubkey_copy(&plaintext->blinded_pubkey, &desc->blinded_kp.pubkey);
1849 
1850  /* Create the signing key certificate. This will be updated before each
1851  * upload but we create it here so we don't complexify our unit tests. */
1853 }
1854 
1855 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1856 static crypto_ope_t *
1858 {
1859  /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1860  uint8_t key[DIGEST256_LEN];
1861  crypto_digest_t *digest = crypto_digest256_new(DIGEST_SHA3_256);
1862  const char ope_key_prefix[] = "rev-counter-generation";
1863  const ed25519_secret_key_t *eph_privkey = &hs_desc->blinded_kp.seckey;
1864  crypto_digest_add_bytes(digest, ope_key_prefix, sizeof(ope_key_prefix));
1865  crypto_digest_add_bytes(digest, (char*)eph_privkey->seckey,
1866  sizeof(eph_privkey->seckey));
1867  crypto_digest_get_digest(digest, (char *)key, sizeof(key));
1868  crypto_digest_free(digest);
1869 
1870  return crypto_ope_new(key);
1871 }
1872 
1873 /** For the given service and descriptor object, create the key material which
1874  * is the blinded keypair, the descriptor signing keypair, the ephemeral
1875  * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1876  * where the generated keys MUST be ignored. */
1877 static int
1880 {
1881  int ret = -1;
1882  ed25519_keypair_t kp;
1883 
1884  tor_assert(desc);
1885  tor_assert(!fast_mem_is_zero((char *) &service->keys.identity_pk,
1887 
1888  /* XXX: Support offline key feature (#18098). */
1889 
1890  /* Copy the identity keys to the keypair so we can use it to create the
1891  * blinded key. */
1892  memcpy(&kp.pubkey, &service->keys.identity_pk, sizeof(kp.pubkey));
1893  memcpy(&kp.seckey, &service->keys.identity_sk, sizeof(kp.seckey));
1894  /* Build blinded keypair for this time period. */
1895  hs_build_blinded_keypair(&kp, NULL, 0, desc->time_period_num,
1896  &desc->blinded_kp);
1897  /* Let's not keep too much traces of our keys in memory. */
1898  memwipe(&kp, 0, sizeof(kp));
1899 
1900  /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1901  log_info(LD_GENERAL,
1902  "Getting OPE for TP#%u", (unsigned) desc->time_period_num);
1903  tor_assert_nonfatal(!desc->ope_cipher);
1905 
1906  /* No need for extra strong, this is a temporary key only for this
1907  * descriptor. Nothing long term. */
1908  if (ed25519_keypair_generate(&desc->signing_kp, 0) < 0) {
1909  log_warn(LD_REND, "Can't generate descriptor signing keypair for "
1910  "service %s",
1911  safe_str_client(service->onion_address));
1912  goto end;
1913  }
1914 
1915  /* No need for extra strong, this is a temporary key only for this
1916  * descriptor. Nothing long term. */
1917  if (curve25519_keypair_generate(&desc->auth_ephemeral_kp, 0) < 0) {
1918  log_warn(LD_REND, "Can't generate auth ephemeral keypair for "
1919  "service %s",
1920  safe_str_client(service->onion_address));
1921  goto end;
1922  }
1923 
1924  /* Random descriptor cookie to be used as a part of a key to encrypt the
1925  * descriptor, only if the client auth is enabled will it be used. */
1927  sizeof(desc->descriptor_cookie));
1928 
1929  /* Success. */
1930  ret = 0;
1931  end:
1932  return ret;
1933 }
1934 
1935 /** Given a service and the current time, build a descriptor for the service.
1936  * This function does not pick introduction point, this needs to be done by
1937  * the update function. On success, desc_out will point to the newly allocated
1938  * descriptor object.
1939  *
1940  * This can error if we are unable to create keys or certificate. */
1941 static void
1942 build_service_descriptor(hs_service_t *service, uint64_t time_period_num,
1943  hs_service_descriptor_t **desc_out)
1944 {
1945  char *encoded_desc;
1947 
1948  tor_assert(service);
1949  tor_assert(desc_out);
1950 
1951  desc = service_descriptor_new();
1952 
1953  /* Set current time period */
1954  desc->time_period_num = time_period_num;
1955 
1956  /* Create the needed keys so we can setup the descriptor content. */
1957  if (build_service_desc_keys(service, desc) < 0) {
1958  goto err;
1959  }
1960  /* Setup plaintext descriptor content. */
1961  build_service_desc_plaintext(service, desc);
1962 
1963  /* Setup superencrypted descriptor content. */
1964  if (build_service_desc_superencrypted(service, desc) < 0) {
1965  goto err;
1966  }
1967  /* Setup encrypted descriptor content. */
1968  if (build_service_desc_encrypted(service, desc) < 0) {
1969  goto err;
1970  }
1971 
1972  /* Let's make sure that we've created a descriptor that can actually be
1973  * encoded properly. This function also checks if the encoded output is
1974  * decodable after. */
1975  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
1976  &encoded_desc) < 0)) {
1977  goto err;
1978  }
1979  tor_free(encoded_desc);
1980 
1981  /* Assign newly built descriptor to the next slot. */
1982  *desc_out = desc;
1983  /* Fire a CREATED control port event. */
1985  &desc->blinded_kp.pubkey);
1986  return;
1987 
1988  err:
1989  service_descriptor_free(desc);
1990 }
1991 
1992 /** Build both descriptors for the given service that has just booted up.
1993  * Because it's a special case, it deserves its special function ;). */
1994 static void
1996 {
1997  uint64_t current_desc_tp, next_desc_tp;
1998 
1999  tor_assert(service);
2000  /* These are the conditions for a new service. */
2001  tor_assert(!service->desc_current);
2002  tor_assert(!service->desc_next);
2003 
2004  /*
2005  * +------------------------------------------------------------------+
2006  * | |
2007  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2008  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2009  * | |
2010  * | $==========|-----------$===========|-----------$===========| |
2011  * | ^ ^ |
2012  * | A B |
2013  * +------------------------------------------------------------------+
2014  *
2015  * Case A: The service boots up before a new time period, the current time
2016  * period is thus TP#1 and the next is TP#2 which for both we have access to
2017  * their SRVs.
2018  *
2019  * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2020  * next descriptor because we don't have the SRV#3 so the current should be
2021  * TP#1 and next TP#2.
2022  */
2023 
2024  if (hs_in_period_between_tp_and_srv(NULL, now)) {
2025  /* Case B from the above, inside of the new time period. */
2026  current_desc_tp = hs_get_previous_time_period_num(0); /* TP#1 */
2027  next_desc_tp = hs_get_time_period_num(0); /* TP#2 */
2028  } else {
2029  /* Case A from the above, outside of the new time period. */
2030  current_desc_tp = hs_get_time_period_num(0); /* TP#1 */
2031  next_desc_tp = hs_get_next_time_period_num(0); /* TP#2 */
2032  }
2033 
2034  /* Build descriptors. */
2035  build_service_descriptor(service, current_desc_tp, &service->desc_current);
2036  build_service_descriptor(service, next_desc_tp, &service->desc_next);
2037  log_info(LD_REND, "Hidden service %s has just started. Both descriptors "
2038  "built. Now scheduled for upload.",
2039  safe_str_client(service->onion_address));
2040 }
2041 
2042 /** Build descriptors for each service if needed. There are conditions to build
2043  * a descriptor which are details in the function. */
2044 STATIC void
2046 {
2047  FOR_EACH_SERVICE_BEGIN(service) {
2048 
2049  /* A service booting up will have both descriptors to NULL. No other cases
2050  * makes both descriptor non existent. */
2051  if (service->desc_current == NULL && service->desc_next == NULL) {
2052  build_descriptors_for_new_service(service, now);
2053  continue;
2054  }
2055 
2056  /* Reaching this point means we are pass bootup so at runtime. We should
2057  * *never* have an empty current descriptor. If the next descriptor is
2058  * empty, we'll try to build it for the next time period. This only
2059  * happens when we rotate meaning that we are guaranteed to have a new SRV
2060  * at that point for the next time period. */
2061  if (BUG(service->desc_current == NULL)) {
2062  continue;
2063  }
2064 
2065  if (service->desc_next == NULL) {
2067  &service->desc_next);
2068  log_info(LD_REND, "Hidden service %s next descriptor successfully "
2069  "built. Now scheduled for upload.",
2070  safe_str_client(service->onion_address));
2071  }
2072  } FOR_EACH_DESCRIPTOR_END;
2073 }
2074 
2075 /** Randomly pick a node to become an introduction point but not present in the
2076  * given exclude_nodes list. The chosen node is put in the exclude list
2077  * regardless of success or not because in case of failure, the node is simply
2078  * unsusable from that point on.
2079  *
2080  * If direct_conn is set, try to pick a node that our local firewall/policy
2081  * allows us to connect to directly. If we can't find any, return NULL.
2082  * This function supports selecting dual-stack nodes for direct single onion
2083  * service IPv6 connections. But it does not send IPv6 addresses in link
2084  * specifiers. (Current clients don't use IPv6 addresses to extend, and
2085  * direct client connections to intro points are not supported.)
2086  *
2087  * Return a newly allocated service intro point ready to be used for encoding.
2088  * Return NULL on error. */
2089 static hs_service_intro_point_t *
2090 pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
2091 {
2092  const or_options_t *options = get_options();
2093  const node_t *node;
2094  hs_service_intro_point_t *ip = NULL;
2095  /* Normal 3-hop introduction point flags. */
2096  router_crn_flags_t flags = CRN_NEED_UPTIME | CRN_NEED_DESC;
2097  /* Single onion flags. */
2098  router_crn_flags_t direct_flags = flags | CRN_PREF_ADDR | CRN_DIRECT_CONN;
2099 
2100  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2101  direct_conn ? direct_flags : flags);
2102 
2103  /* If we are in single onion mode, retry node selection for a 3-hop
2104  * path */
2105  if (direct_conn && !node) {
2106  log_info(LD_REND,
2107  "Unable to find an intro point that we can connect to "
2108  "directly, falling back to a 3-hop path.");
2109  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2110  flags);
2111  }
2112 
2113  if (!node) {
2114  goto err;
2115  }
2116 
2117  /* We have a suitable node, add it to the exclude list. We do this *before*
2118  * we can validate the extend information because even in case of failure,
2119  * we don't want to use that node anymore. */
2120  smartlist_add(exclude_nodes, (void *) node);
2121 
2122  /* Create our objects and populate them with the node information. */
2123  ip = service_intro_point_new(node);
2124 
2125  if (ip == NULL) {
2126  goto err;
2127  }
2128 
2129  log_info(LD_REND, "Picked intro point: %s", node_describe(node));
2130  return ip;
2131  err:
2132  service_intro_point_free(ip);
2133  return NULL;
2134 }
2135 
2136 /** For a given descriptor from the given service, pick any needed intro points
2137  * and update the current map with those newly picked intro points. Return the
2138  * number node that might have been added to the descriptor current map. */
2139 static unsigned int
2142 {
2143  int i = 0, num_needed_ip;
2144  smartlist_t *exclude_nodes = smartlist_new();
2145 
2146  tor_assert(service);
2147  tor_assert(desc);
2148 
2149  /* Compute how many intro points we actually need to open. */
2150  num_needed_ip = service->config.num_intro_points -
2151  digest256map_size(desc->intro_points.map);
2152  if (BUG(num_needed_ip < 0)) {
2153  /* Let's not make tor freak out here and just skip this. */
2154  goto done;
2155  }
2156 
2157  /* We want to end up with config.num_intro_points intro points, but if we
2158  * have no intro points at all (chances are they all cycled or we are
2159  * starting up), we launch get_intro_point_num_extra() extra circuits and
2160  * use the first config.num_intro_points that complete. See proposal #155,
2161  * section 4 for the rationale of this which is purely for performance.
2162  *
2163  * The ones after the first config.num_intro_points will be converted to
2164  * 'General' internal circuits and then we'll drop them from the list of
2165  * intro points. */
2166  if (digest256map_size(desc->intro_points.map) == 0) {
2167  num_needed_ip += get_intro_point_num_extra();
2168  }
2169 
2170  /* Build an exclude list of nodes of our intro point(s). The expiring intro
2171  * points are OK to pick again because this is afterall a concept of round
2172  * robin so they are considered valid nodes to pick again. */
2173  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
2174  hs_service_intro_point_t *, ip) {
2175  const node_t *intro_node = get_node_from_intro_point(ip);
2176  if (intro_node) {
2177  smartlist_add(exclude_nodes, (void*)intro_node);
2178  }
2179  } DIGEST256MAP_FOREACH_END;
2180  /* Also, add the failing intro points that our descriptor encounteered in
2181  * the exclude node list. */
2182  setup_intro_point_exclude_list(desc, exclude_nodes);
2183 
2184  for (i = 0; i < num_needed_ip; i++) {
2186 
2187  /* This function will add the picked intro point node to the exclude nodes
2188  * list so we don't pick the same one at the next iteration. */
2189  ip = pick_intro_point(service->config.is_single_onion, exclude_nodes);
2190  if (ip == NULL) {
2191  /* If we end up unable to pick an introduction point it is because we
2192  * can't find suitable node and calling this again is highly unlikely to
2193  * give us a valid node all of the sudden. */
2194  log_info(LD_REND, "Unable to find a suitable node to be an "
2195  "introduction point for service %s.",
2196  safe_str_client(service->onion_address));
2197  goto done;
2198  }
2199  /* Valid intro point object, add it to the descriptor current map. */
2201  }
2202  /* We've successfully picked all our needed intro points thus none are
2203  * missing which will tell our upload process to expect the number of
2204  * circuits to be the number of configured intro points circuits and not the
2205  * number of intro points object that we have. */
2206  desc->missing_intro_points = 0;
2207 
2208  /* Success. */
2209  done:
2210  /* We don't have ownership of the node_t object in this list. */
2211  smartlist_free(exclude_nodes);
2212  return i;
2213 }
2214 
2215 /** Clear previous cached HSDirs in <b>desc</b>. */
2216 static void
2218 {
2219  if (BUG(!desc->previous_hsdirs)) {
2220  return;
2221  }
2222 
2223  SMARTLIST_FOREACH(desc->previous_hsdirs, char*, s, tor_free(s));
2225 }
2226 
2227 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2228 static void
2230 {
2231  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
2232  digest_to_base64(b64_digest, hsdir->identity);
2233 
2234  if (BUG(!desc->previous_hsdirs)) {
2235  return;
2236  }
2237 
2238  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
2239  smartlist_add_strdup(desc->previous_hsdirs, b64_digest);
2240  }
2241 }
2242 
2243 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2244  * means that this descriptor is dirty. */
2245 STATIC void
2247  time_t now,
2248  int descriptor_changed)
2249 
2250 {
2251  desc->next_upload_time = now;
2252 
2253  /* If the descriptor changed, clean up the old HSDirs list. We want to
2254  * re-upload no matter what. */
2255  if (descriptor_changed) {
2257  }
2258 }
2259 
2260 /** Pick missing intro points for this descriptor if needed. */
2261 static void
2263  hs_service_descriptor_t *desc, time_t now)
2264 {
2265  unsigned int num_intro_points;
2266 
2267  tor_assert(service);
2268  tor_assert(desc);
2269  tor_assert(desc->desc);
2270 
2271  num_intro_points = digest256map_size(desc->intro_points.map);
2272 
2273  /* Pick any missing introduction point(s). */
2274  if (num_intro_points < service->config.num_intro_points) {
2275  unsigned int num_new_intro_points = pick_needed_intro_points(service,
2276  desc);
2277  if (num_new_intro_points != 0) {
2278  log_info(LD_REND, "Service %s just picked %u intro points and wanted "
2279  "%u for %s descriptor. It currently has %d intro "
2280  "points. Launching ESTABLISH_INTRO circuit shortly.",
2281  safe_str_client(service->onion_address),
2282  num_new_intro_points,
2283  service->config.num_intro_points - num_intro_points,
2284  (desc == service->desc_current) ? "current" : "next",
2285  num_intro_points);
2286  /* We'll build those introduction point into the descriptor once we have
2287  * confirmation that the circuits are opened and ready. However,
2288  * indicate that this descriptor should be uploaded from now on. */
2289  service_desc_schedule_upload(desc, now, 1);
2290  }
2291  /* Were we able to pick all the intro points we needed? If not, we'll
2292  * flag the descriptor that it's missing intro points because it
2293  * couldn't pick enough which will trigger a descriptor upload. */
2294  if ((num_new_intro_points + num_intro_points) <
2295  service->config.num_intro_points) {
2296  desc->missing_intro_points = 1;
2297  }
2298  }
2299 }
2300 
2301 /** Update descriptor intro points for each service if needed. We do this as
2302  * part of the periodic event because we need to establish intro point circuits
2303  * before we publish descriptors. */
2304 STATIC void
2306 {
2307  FOR_EACH_SERVICE_BEGIN(service) {
2308  /* We'll try to update each descriptor that is if certain conditions apply
2309  * in order for the descriptor to be updated. */
2310  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2311  update_service_descriptor_intro_points(service, desc, now);
2312  } FOR_EACH_DESCRIPTOR_END;
2313  } FOR_EACH_SERVICE_END;
2314 }
2315 
2316 /** Return true iff the given intro point has expired that is it has been used
2317  * for too long or we've reached our max seen INTRODUCE2 cell. */
2318 STATIC int
2320  time_t now)
2321 {
2322  tor_assert(ip);
2323 
2324  if (ip->introduce2_count >= ip->introduce2_max) {
2325  goto expired;
2326  }
2327 
2328  if (ip->time_to_expire <= now) {
2329  goto expired;
2330  }
2331 
2332  /* Not expiring. */
2333  return 0;
2334  expired:
2335  return 1;
2336 }
2337 
2338 /** Return true iff we should remove the intro point ip from its service.
2339  *
2340  * We remove an intro point from the service descriptor list if one of
2341  * these criteria is met:
2342  * - It has expired (either in INTRO2 count or in time).
2343  * - No node was found (fell off the consensus).
2344  * - We are over the maximum amount of retries.
2345  *
2346  * If an established or pending circuit is found for the given ip object, this
2347  * return false indicating it should not be removed. */
2348 static bool
2350 {
2351  bool ret = false;
2352 
2353  tor_assert(ip);
2354 
2355  /* Any one of the following needs to be True to furfill the criteria to
2356  * remove an intro point. */
2357  bool has_no_retries = (ip->circuit_retries >
2359  bool has_no_node = (get_node_from_intro_point(ip) == NULL);
2360  bool has_expired = intro_point_should_expire(ip, now);
2361 
2362  /* If the node fell off the consensus or the IP has expired, we have to
2363  * remove it now. */
2364  if (has_no_node || has_expired) {
2365  ret = true;
2366  goto end;
2367  }
2368 
2369  /* Pass this point, even though we might be over the retry limit, we check
2370  * if a circuit (established or pending) exists. In that case, we should not
2371  * remove it because it might simply be valid and opened at the previous
2372  * scheduled event for the last retry. */
2373 
2374  /* Do we simply have an existing circuit regardless of its state? */
2376  goto end;
2377  }
2378 
2379  /* Getting here means we have _no_ circuits so then return if we have any
2380  * remaining retries. */
2381  ret = has_no_retries;
2382 
2383  end:
2384  /* Meaningful log in case we are about to remove the IP. */
2385  if (ret) {
2386  log_info(LD_REND, "Intro point %s%s (retried: %u times). "
2387  "Removing it.",
2389  has_expired ? " has expired" :
2390  (has_no_node) ? " fell off the consensus" : "",
2391  ip->circuit_retries);
2392  }
2393  return ret;
2394 }
2395 
2396 /** Go over the given set of intro points for each service and remove any
2397  * invalid ones.
2398  *
2399  * If an intro point is removed, the circuit (if any) is immediately close.
2400  * If a circuit can't be found, the intro point is kept if it hasn't reached
2401  * its maximum circuit retry value and thus should be retried. */
2402 static void
2403 cleanup_intro_points(hs_service_t *service, time_t now)
2404 {
2405  /* List of intro points to close. We can't mark the intro circuits for close
2406  * in the modify loop because doing so calls back into the HS subsystem and
2407  * we need to keep that code path outside of the service/desc loop so those
2408  * maps don't get modified during the close making us in a possible
2409  * use-after-free situation. */
2410  smartlist_t *ips_to_free = smartlist_new();
2411 
2412  tor_assert(service);
2413 
2414  /* For both descriptors, cleanup the intro points. */
2415  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2416  /* Go over the current intro points we have, make sure they are still
2417  * valid and remove any of them that aren't. */
2418  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2419  hs_service_intro_point_t *, ip) {
2420  if (should_remove_intro_point(ip, now)) {
2421  /* We've retried too many times, remember it as a failed intro point
2422  * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2423  if (ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
2425  }
2426 
2427  /* Remove intro point from descriptor map and add it to the list of
2428  * ips to free for which we'll also try to close the intro circuit. */
2429  MAP_DEL_CURRENT(key);
2430  smartlist_add(ips_to_free, ip);
2431  }
2432  } DIGEST256MAP_FOREACH_END;
2433  } FOR_EACH_DESCRIPTOR_END;
2434 
2435  /* Go over the intro points to free and close their circuit if any. */
2437  /* See if we need to close the intro point circuit as well */
2438 
2439  /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2440  * open until a new descriptor is uploaded and then closed all expiring
2441  * intro point circuit. Here, we close immediately and because we just
2442  * discarded the intro point, a new one will be selected, a new descriptor
2443  * created and uploaded. There is no difference to an attacker between the
2444  * timing of a new consensus and intro point rotation (possibly?). */
2446  if (ocirc && !TO_CIRCUIT(ocirc)->marked_for_close) {
2447  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2448  }
2449 
2450  /* Cleanup the intro point */
2451  service_intro_point_free(ip);
2452  } SMARTLIST_FOREACH_END(ip);
2453 
2454  smartlist_free(ips_to_free);
2455 }
2456 
2457 /** Set the next rotation time of the descriptors for the given service for the
2458  * time now. */
2459 static void
2461 {
2462  tor_assert(service);
2463 
2464  service->state.next_rotation_time =
2467 
2468  {
2469  char fmt_time[ISO_TIME_LEN + 1];
2470  format_local_iso_time(fmt_time, service->state.next_rotation_time);
2471  log_info(LD_REND, "Next descriptor rotation time set to %s for %s",
2472  fmt_time, safe_str_client(service->onion_address));
2473  }
2474 }
2475 
2476 /** Return true iff the service should rotate its descriptor. The time now is
2477  * only used to fetch the live consensus and if none can be found, this
2478  * returns false. */
2479 static unsigned int
2481 {
2482  const networkstatus_t *ns;
2483 
2484  tor_assert(service);
2485 
2487  if (ns == NULL) {
2488  goto no_rotation;
2489  }
2490 
2491  if (ns->valid_after >= service->state.next_rotation_time) {
2492  /* In theory, we should never get here with no descriptors. We can never
2493  * have a NULL current descriptor except when tor starts up. The next
2494  * descriptor can be NULL after a rotation but we build a new one right
2495  * after.
2496  *
2497  * So, when tor starts, the next rotation time is set to the start of the
2498  * next SRV period using the consensus valid after time so it should
2499  * always be set to a future time value. This means that we should never
2500  * reach this point at bootup that is this check safeguards tor in never
2501  * allowing a rotation if the valid after time is smaller than the next
2502  * rotation time.
2503  *
2504  * This is all good in theory but we've had a NULL descriptor issue here
2505  * so this is why we BUG() on both with extra logging to try to understand
2506  * how this can possibly happens. We'll simply ignore and tor should
2507  * recover from this by skipping rotation and building the missing
2508  * descriptors just after this. */
2509  if (BUG(service->desc_current == NULL || service->desc_next == NULL)) {
2510  log_warn(LD_BUG, "Service descriptor is NULL (%p/%p). Next rotation "
2511  "time is %ld (now: %ld). Valid after time from "
2512  "consensus is %ld",
2513  service->desc_current, service->desc_next,
2514  (long)service->state.next_rotation_time,
2515  (long)now,
2516  (long)ns->valid_after);
2517  goto no_rotation;
2518  }
2519  goto rotation;
2520  }
2521 
2522  no_rotation:
2523  return 0;
2524  rotation:
2525  return 1;
2526 }
2527 
2528 /** Rotate the service descriptors of the given service. The current descriptor
2529  * will be freed, the next one put in as the current and finally the next
2530  * descriptor pointer is NULLified. */
2531 static void
2533 {
2534  if (service->desc_current) {
2535  /* Close all IP circuits for the descriptor. */
2537  /* We don't need this one anymore, we won't serve any clients coming with
2538  * this service descriptor. */
2539  service_descriptor_free(service->desc_current);
2540  }
2541  /* The next one become the current one and emptying the next will trigger
2542  * a descriptor creation for it. */
2543  service->desc_current = service->desc_next;
2544  service->desc_next = NULL;
2545 
2546  /* We've just rotated, set the next time for the rotation. */
2547  set_rotation_time(service);
2548 }
2549 
2550 /** Rotate descriptors for each service if needed. A non existing current
2551  * descriptor will trigger a descriptor build for the next time period. */
2552 STATIC void
2554 {
2555  /* XXX We rotate all our service descriptors at once. In the future it might
2556  * be wise, to rotate service descriptors independently to hide that all
2557  * those descriptors are on the same tor instance */
2558 
2559  FOR_EACH_SERVICE_BEGIN(service) {
2560 
2561  /* Note for a service booting up: Both descriptors are NULL in that case
2562  * so this function might return true if we are in the timeframe for a
2563  * rotation leading to basically swapping two NULL pointers which is
2564  * harmless. However, the side effect is that triggering a rotation will
2565  * update the service state and avoid doing anymore rotations after the
2566  * two descriptors have been built. */
2567  if (!should_rotate_descriptors(service, now)) {
2568  continue;
2569  }
2570 
2571  log_info(LD_REND, "Time to rotate our descriptors (%p / %p) for %s",
2572  service->desc_current, service->desc_next,
2573  safe_str_client(service->onion_address));
2574 
2575  rotate_service_descriptors(service);
2576  } FOR_EACH_SERVICE_END;
2577 }
2578 
2579 /** Scheduled event run from the main loop. Make sure all our services are up
2580  * to date and ready for the other scheduled events. This includes looking at
2581  * the introduction points status and descriptor rotation time. */
2582 STATIC void
2584 {
2585  /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2586  * simply moving things around or removing unneeded elements. */
2587 
2588  FOR_EACH_SERVICE_BEGIN(service) {
2589 
2590  /* If the service is starting off, set the rotation time. We can't do that
2591  * at configure time because the get_options() needs to be set for setting
2592  * that time that uses the voting interval. */
2593  if (service->state.next_rotation_time == 0) {
2594  /* Set the next rotation time of the descriptors. If it's Oct 25th
2595  * 23:47:00, the next rotation time is when the next SRV is computed
2596  * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2597  set_rotation_time(service);
2598  }
2599 
2600  /* Cleanup invalid intro points from the service descriptor. */
2601  cleanup_intro_points(service, now);
2602 
2603  /* Remove expired failing intro point from the descriptor failed list. We
2604  * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2605  remove_expired_failing_intro(service, now);
2606 
2607  /* At this point, the service is now ready to go through the scheduled
2608  * events guaranteeing a valid state. Intro points might be missing from
2609  * the descriptors after the cleanup but the update/build process will
2610  * make sure we pick those missing ones. */
2611  } FOR_EACH_SERVICE_END;
2612 }
2613 
2614 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2615  * date. Once this returns, each service descriptor needs to be considered for
2616  * new introduction circuits and then for upload. */
2617 static void
2619 {
2620  /* For v2 services, this step happens in the upload event. */
2621 
2622  /* Run v3+ events. */
2623  /* We start by rotating the descriptors only if needed. */
2625 
2626  /* Then, we'll try to build new descriptors that we might need. The
2627  * condition is that the next descriptor is non existing because it has
2628  * been rotated or we just started up. */
2629  build_all_descriptors(now);
2630 
2631  /* Finally, we'll check if we should update the descriptors' intro
2632  * points. Missing introduction points will be picked in this function which
2633  * is useful for newly built descriptors. */
2635 }
2636 
2637 /** For the given service, launch any intro point circuits that could be
2638  * needed. This considers every descriptor of the service. */
2639 static void
2641 {
2642  tor_assert(service);
2643 
2644  /* For both descriptors, try to launch any missing introduction point
2645  * circuits using the current map. */
2646  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2647  /* Keep a ref on if we need a direct connection. We use this often. */
2648  bool direct_conn = service->config.is_single_onion;
2649 
2650  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2651  hs_service_intro_point_t *, ip) {
2652  extend_info_t *ei;
2653 
2654  /* Skip the intro point that already has an existing circuit
2655  * (established or not). */
2657  continue;
2658  }
2659  ei = get_extend_info_from_intro_point(ip, direct_conn);
2660 
2661  /* If we can't connect directly to the intro point, get an extend_info
2662  * for a multi-hop path instead. */
2663  if (ei == NULL && direct_conn) {
2664  direct_conn = false;
2666  }
2667 
2668  if (ei == NULL) {
2669  /* This is possible if we can get a node_t but not the extend info out
2670  * of it. In this case, we remove the intro point and a new one will
2671  * be picked at the next main loop callback. */
2672  MAP_DEL_CURRENT(key);
2673  service_intro_point_free(ip);
2674  continue;
2675  }
2676 
2677  /* Launch a circuit to the intro point. */
2678  ip->circuit_retries++;
2679  if (hs_circ_launch_intro_point(service, ip, ei, direct_conn) < 0) {
2680  log_info(LD_REND, "Unable to launch intro circuit to node %s "
2681  "for service %s.",
2682  safe_str_client(extend_info_describe(ei)),
2683  safe_str_client(service->onion_address));
2684  /* Intro point will be retried if possible after this. */
2685  }
2686  extend_info_free(ei);
2687  } DIGEST256MAP_FOREACH_END;
2688  } FOR_EACH_DESCRIPTOR_END;
2689 }
2690 
2691 /** Don't try to build more than this many circuits before giving up for a
2692  * while. Dynamically calculated based on the configured number of intro
2693  * points for the given service and how many descriptor exists. The default
2694  * use case of 3 introduction points and two descriptors will allow 28
2695  * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2696 static unsigned int
2698 {
2699  unsigned int count = 0;
2700  unsigned int multiplier = 0;
2701  unsigned int num_wanted_ip;
2702 
2703  tor_assert(service);
2704  tor_assert(service->config.num_intro_points <=
2705  HS_CONFIG_V3_MAX_INTRO_POINTS);
2706 
2707 /** For a testing network, allow to do it for the maximum amount so circuit
2708  * creation and rotation and so on can actually be tested without limit. */
2709 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2710  if (get_options()->TestingTorNetwork) {
2711  return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
2712  }
2713 
2714  num_wanted_ip = service->config.num_intro_points;
2715 
2716  /* The calculation is as follow. We have a number of intro points that we
2717  * want configured as a torrc option (num_intro_points). We then add an
2718  * extra value so we can launch multiple circuits at once and pick the
2719  * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2720  * pick 5 intros and launch 5 circuits. */
2721  count += (num_wanted_ip + get_intro_point_num_extra());
2722 
2723  /* Then we add the number of retries that is possible to do for each intro
2724  * point. If we want 3 intros, we'll allow 3 times the number of possible
2725  * retry. */
2726  count += (num_wanted_ip * MAX_INTRO_POINT_CIRCUIT_RETRIES);
2727 
2728  /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2729  * have none. */
2730  multiplier += (service->desc_current) ? 1 : 0;
2731  multiplier += (service->desc_next) ? 1 : 0;
2732 
2733  return (count * multiplier);
2734 }
2735 
2736 /** For the given service, return 1 if the service is allowed to launch more
2737  * introduction circuits else 0 if the maximum has been reached for the retry
2738  * period of INTRO_CIRC_RETRY_PERIOD. */
2739 STATIC int
2741 {
2742  tor_assert(service);
2743 
2744  /* Consider the intro circuit retry period of the service. */
2745  if (now > (service->state.intro_circ_retry_started_time +
2747  service->state.intro_circ_retry_started_time = now;
2748  service->state.num_intro_circ_launched = 0;
2749  goto allow;
2750  }
2751  /* Check if we can still launch more circuits in this period. */
2752  if (service->state.num_intro_circ_launched <=
2753  get_max_intro_circ_per_period(service)) {
2754  goto allow;
2755  }
2756 
2757  /* Rate limit log that we've reached our circuit creation limit. */
2758  {
2759  char *msg;
2760  time_t elapsed_time = now - service->state.intro_circ_retry_started_time;
2761  static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD);
2762  if ((msg = rate_limit_log(&rlimit, now))) {
2763  log_info(LD_REND, "Hidden service %s exceeded its circuit launch limit "
2764  "of %u per %d seconds. It launched %u circuits in "
2765  "the last %ld seconds. Will retry in %ld seconds.",
2766  safe_str_client(service->onion_address),
2769  service->state.num_intro_circ_launched,
2770  (long int) elapsed_time,
2771  (long int) (INTRO_CIRC_RETRY_PERIOD - elapsed_time));
2772  tor_free(msg);
2773  }
2774  }
2775 
2776  /* Not allow. */
2777  return 0;
2778  allow:
2779  return 1;
2780 }
2781 
2782 /** Scheduled event run from the main loop. Make sure we have all the circuits
2783  * we need for each service. */
2784 static void
2786 {
2787  /* Make sure we can actually have enough information or able to build
2788  * internal circuits as required by services. */
2789  if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN ||
2791  return;
2792  }
2793 
2794  /* Run v2 check. */
2795  if (rend_num_services() > 0) {
2797  }
2798 
2799  /* Run v3+ check. */
2800  FOR_EACH_SERVICE_BEGIN(service) {
2801  /* For introduction circuit, we need to make sure we don't stress too much
2802  * circuit creation so make sure this service is respecting that limit. */
2803  if (can_service_launch_intro_circuit(service, now)) {
2804  /* Launch intro point circuits if needed. */
2805  launch_intro_point_circuits(service);
2806  /* Once the circuits have opened, we'll make sure to update the
2807  * descriptor intro point list and cleanup any extraneous. */
2808  }
2809  } FOR_EACH_SERVICE_END;
2810 }
2811 
2812 /** Encode and sign the service descriptor desc and upload it to the given
2813  * hidden service directory. This does nothing if PublishHidServDescriptors
2814  * is false. */
2815 static void
2817  hs_service_descriptor_t *desc, const node_t *hsdir)
2818 {
2819  char *encoded_desc = NULL;
2820 
2821  tor_assert(service);
2822  tor_assert(desc);
2823  tor_assert(hsdir);
2824 
2825  /* Let's avoid doing that if tor is configured to not publish. */
2826  if (!get_options()->PublishHidServDescriptors) {
2827  log_info(LD_REND, "Service %s not publishing descriptor. "
2828  "PublishHidServDescriptors is set to 1.",
2829  safe_str_client(service->onion_address));
2830  goto end;
2831  }
2832 
2833  /* First of all, we'll encode the descriptor. This should NEVER fail but
2834  * just in case, let's make sure we have an actual usable descriptor. */
2835  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2836  &encoded_desc) < 0)) {
2837  goto end;
2838  }
2839 
2840  /* Time to upload the descriptor to the directory. */
2841  hs_service_upload_desc_to_dir(encoded_desc, service->config.version,
2842  &service->keys.identity_pk,
2843  &desc->blinded_kp.pubkey, hsdir->rs);
2844 
2845  /* Add this node to previous_hsdirs list */
2846  service_desc_note_upload(desc, hsdir);
2847 
2848  /* Logging so we know where it was sent. */
2849  {
2850  int is_next_desc = (service->desc_next == desc);
2851  const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.store_second:
2852  hsdir->hsdir_index.store_first;
2853  char *blinded_pubkey_log_str =
2854  tor_strdup(hex_str((char*)&desc->blinded_kp.pubkey.pubkey, 32));
2855  log_info(LD_REND, "Service %s %s descriptor of revision %" PRIu64
2856  " initiated upload request to %s with index %s (%s)",
2857  safe_str_client(service->onion_address),
2858  (is_next_desc) ? "next" : "current",
2860  safe_str_client(node_describe(hsdir)),
2861  safe_str_client(hex_str((const char *) idx, 32)),
2862  safe_str_client(blinded_pubkey_log_str));
2863  tor_free(blinded_pubkey_log_str);
2864 
2865  /* Fire a UPLOAD control port event. */
2867  &desc->blinded_kp.pubkey, idx);
2868  }
2869 
2870  end:
2871  tor_free(encoded_desc);
2872  return;
2873 }
2874 
2875 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2876  * timestamp using an OPE scheme and using the ciphertext as our revision
2877  * counter.
2878  *
2879  * If <b>is_current</b> is true, then this is the current HS descriptor,
2880  * otherwise it's the next one. */
2881 static void
2883  bool is_current)
2884 {
2885  uint64_t rev_counter = 0;
2886 
2887  /* Get current time */
2888  time_t srv_start = 0;
2889 
2890  /* As our revision counter plaintext value, we use the seconds since the
2891  * start of the SR protocol run that is relevant to this descriptor. This is
2892  * guaranteed to be a positive value since we need the SRV to start making a
2893  * descriptor (so that we know where to upload it).
2894  *
2895  * Depending on whether we are building the current or the next descriptor,
2896  * services use a different SRV value. See [SERVICEUPLOAD] in
2897  * rend-spec-v3.txt:
2898  *
2899  * In particular, for the current descriptor (aka first descriptor), Tor
2900  * always uses the previous SRV for uploading the descriptor, and hence we
2901  * should use the start time of the previous protocol run here.
2902  *
2903  * Whereas for the next descriptor (aka second descriptor), Tor always uses
2904  * the current SRV for uploading the descriptor. and hence we use the start
2905  * time of the current protocol run.
2906  */
2907  if (is_current) {
2909  } else {
2911  }
2912 
2913  log_info(LD_REND, "Setting rev counter for TP #%u: "
2914  "SRV started at %d, now %d (%s)",
2915  (unsigned) hs_desc->time_period_num, (int)srv_start,
2916  (int)now, is_current ? "current" : "next");
2917 
2918  tor_assert_nonfatal(now >= srv_start);
2919 
2920  /* Compute seconds elapsed since the start of the time period. That's the
2921  * number of seconds of how long this blinded key has been active. */
2922  time_t seconds_since_start_of_srv = now - srv_start;
2923 
2924  /* Increment by one so that we are definitely sure this is strictly
2925  * positive and not zero. */
2926  seconds_since_start_of_srv++;
2927 
2928  /* Check for too big inputs. */
2929  if (BUG(seconds_since_start_of_srv > OPE_INPUT_MAX)) {
2930  seconds_since_start_of_srv = OPE_INPUT_MAX;
2931  }
2932 
2933  /* Now we compute the final revision counter value by encrypting the
2934  plaintext using our OPE cipher: */
2935  tor_assert(hs_desc->ope_cipher);
2936  rev_counter = crypto_ope_encrypt(hs_desc->ope_cipher,
2937  (int) seconds_since_start_of_srv);
2938 
2939  /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2940  tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
2941 
2942  log_info(LD_REND, "Encrypted revision counter %d to %" PRIu64,
2943  (int) seconds_since_start_of_srv, rev_counter);
2944 
2945  hs_desc->desc->plaintext_data.revision_counter = rev_counter;
2946 }
2947 
2948 /** Encode and sign the service descriptor desc and upload it to the
2949  * responsible hidden service directories. If for_next_period is true, the set
2950  * of directories are selected using the next hsdir_index. This does nothing
2951  * if PublishHidServDescriptors is false. */
2952 STATIC void
2955 {
2956  smartlist_t *responsible_dirs = NULL;
2957 
2958  tor_assert(service);
2959  tor_assert(desc);
2960 
2961  /* We'll first cancel any directory request that are ongoing for this
2962  * descriptor. It is possible that we can trigger multiple uploads in a
2963  * short time frame which can lead to a race where the second upload arrives
2964  * before the first one leading to a 400 malformed descriptor response from
2965  * the directory. Closing all pending requests avoids that. */
2966  close_directory_connections(service, desc);
2967 
2968  /* Get our list of responsible HSDir. */
2969  responsible_dirs = smartlist_new();
2970  /* The parameter 0 means that we aren't a client so tell the function to use
2971  * the spread store consensus paremeter. */
2973  service->desc_next == desc, 0, responsible_dirs);
2974 
2975  /** Clear list of previous hsdirs since we are about to upload to a new
2976  * list. Let's keep it up to date. */
2978 
2979  /* For each responsible HSDir we have, initiate an upload command. */
2980  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *,
2981  hsdir_rs) {
2982  const node_t *hsdir_node = node_get_by_id(hsdir_rs->identity_digest);
2983  /* Getting responsible hsdir implies that the node_t object exists for the
2984  * routerstatus_t found in the consensus else we have a problem. */
2985  tor_assert(hsdir_node);
2986  /* Upload this descriptor to the chosen directory. */
2987  upload_descriptor_to_hsdir(service, desc, hsdir_node);
2988  } SMARTLIST_FOREACH_END(hsdir_rs);
2989 
2990  /* Set the next upload time for this descriptor. Even if we are configured
2991  * to not upload, we still want to follow the right cycle of life for this
2992  * descriptor. */
2993  desc->next_upload_time =
2996  {
2997  char fmt_next_time[ISO_TIME_LEN+1];
2998  format_local_iso_time(fmt_next_time, desc->next_upload_time);
2999  log_debug(LD_REND, "Service %s set to upload a descriptor at %s",
3000  safe_str_client(service->onion_address), fmt_next_time);
3001  }
3002 
3003  smartlist_free(responsible_dirs);
3004  return;
3005 }
3006 
3007 /** The set of HSDirs have changed: check if the change affects our descriptor
3008  * HSDir placement, and if it does, reupload the desc. */
3009 STATIC int
3011  const hs_service_descriptor_t *desc)
3012 {
3013  int should_reupload = 0;
3014  smartlist_t *responsible_dirs = smartlist_new();
3015 
3016  /* No desc upload has happened yet: it will happen eventually */
3017  if (!desc->previous_hsdirs || !smartlist_len(desc->previous_hsdirs)) {
3018  goto done;
3019  }
3020 
3021  /* Get list of responsible hsdirs */
3023  service->desc_next == desc, 0, responsible_dirs);
3024 
3025  /* Check if any new hsdirs have been added to the responsible hsdirs set:
3026  * Iterate over the list of new hsdirs, and reupload if any of them is not
3027  * present in the list of previous hsdirs.
3028  */
3029  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *, hsdir_rs) {
3030  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
3031  digest_to_base64(b64_digest, hsdir_rs->identity_digest);
3032 
3033  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
3034  should_reupload = 1;
3035  break;
3036  }
3037  } SMARTLIST_FOREACH_END(hsdir_rs);
3038 
3039  done:
3040  smartlist_free(responsible_dirs);
3041 
3042  return should_reupload;
3043 }
3044 
3045 /** Return 1 if the given descriptor from the given service can be uploaded
3046  * else return 0 if it can not. */
3047 static int
3049  const hs_service_descriptor_t *desc, time_t now)
3050 {
3051  unsigned int num_intro_points;
3052 
3053  tor_assert(service);
3054  tor_assert(desc);
3055 
3056  /* If this descriptors has missing intro points that is that it couldn't get
3057  * them all when it was time to pick them, it means that we should upload
3058  * instead of waiting an arbitrary amount of time breaking the service.
3059  * Else, if we have no missing intro points, we use the value taken from the
3060  * service configuration. */
3061  if (desc->missing_intro_points) {
3062  num_intro_points = digest256map_size(desc->intro_points.map);
3063  } else {
3064  num_intro_points = service->config.num_intro_points;
3065  }
3066 
3067  /* This means we tried to pick intro points but couldn't get any so do not
3068  * upload descriptor in this case. We need at least one for the service to
3069  * be reachable. */
3070  if (desc->missing_intro_points && num_intro_points == 0) {
3071  goto cannot;
3072  }
3073 
3074  /* Check if all our introduction circuit have been established for all the
3075  * intro points we have selected. */
3076  if (count_desc_circuit_established(desc) != num_intro_points) {
3077  goto cannot;
3078  }
3079 
3080  /* Is it the right time to upload? */
3081  if (desc->next_upload_time > now) {
3082  goto cannot;
3083  }
3084 
3085  /* Don't upload desc if we don't have a live consensus */
3087  goto cannot;
3088  }
3089 
3090  /* Do we know enough router descriptors to have adequate vision of the HSDir
3091  hash ring? */
3093  goto cannot;
3094  }
3095 
3096  /* Can upload! */
3097  return 1;
3098  cannot:
3099  return 0;
3100 }
3101 
3102 /** Refresh the given service descriptor meaning this will update every mutable
3103  * field that needs to be updated before we upload.
3104  *
3105  * This should ONLY be called before uploading a descriptor. It assumes that
3106  * the descriptor has been built (desc->desc) and that all intro point
3107  * circuits have been established. */
3108 static void
3110  hs_service_descriptor_t *desc, time_t now)
3111 {
3112  /* There are few fields that we consider "mutable" in the descriptor meaning
3113  * we need to update them regurlarly over the lifetime fo the descriptor.
3114  * The rest are set once and should not be modified.
3115  *
3116  * - Signing key certificate.
3117  * - Revision counter.
3118  * - Introduction points which includes many thing. See
3119  * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3120  */
3121 
3122  /* Create the signing key certificate. */
3123  build_desc_signing_key_cert(desc, now);
3124 
3125  /* Build the intro points descriptor section. The refresh step is just
3126  * before we upload so all circuits have been properly established. */
3127  build_desc_intro_points(service, desc, now);
3128 
3129  /* Set the desc revision counter right before uploading */
3130  set_descriptor_revision_counter(desc, now, service->desc_current == desc);
3131 }
3132 
3133 /** Scheduled event run from the main loop. Try to upload the descriptor for
3134  * each service. */
3135 STATIC void
3137 {
3138  /* v2 services use the same function for descriptor creation and upload so
3139  * we do everything here because the intro circuits were checked before. */
3140  if (rend_num_services() > 0) {
3143  }
3144 
3145  /* Run v3+ check. */
3146  FOR_EACH_SERVICE_BEGIN(service) {
3147  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
3148  /* If we were asked to re-examine the hash ring, and it changed, then
3149  schedule an upload */
3151  service_desc_hsdirs_changed(service, desc)) {
3152  service_desc_schedule_upload(desc, now, 0);
3153  }
3154 
3155  /* Can this descriptor be uploaded? */
3156  if (!should_service_upload_descriptor(service, desc, now)) {
3157  continue;
3158  }
3159 
3160  log_info(LD_REND, "Initiating upload for hidden service %s descriptor "
3161  "for service %s with %u/%u introduction points%s.",
3162  (desc == service->desc_current) ? "current" : "next",
3163  safe_str_client(service->onion_address),
3164  digest256map_size(desc->intro_points.map),
3165  service->config.num_intro_points,
3166  (desc->missing_intro_points) ? " (couldn't pick more)" : "");
3167 
3168  /* We are about to upload so we need to do one last step which is to
3169  * update the service's descriptor mutable fields in order to upload a
3170  * coherent descriptor. */
3171  refresh_service_descriptor(service, desc, now);
3172 
3173  /* Proceed with the upload, the descriptor is ready to be encoded. */
3174  upload_descriptor_to_all(service, desc);
3175  } FOR_EACH_DESCRIPTOR_END;
3176  } FOR_EACH_SERVICE_END;
3177 
3178  /* We are done considering whether to republish rend descriptors */
3180 }
3181 
3182 /** Called when the introduction point circuit is done building and ready to be
3183  * used. */
3184 static void
3186 {
3187  hs_service_t *service = NULL;
3188  hs_service_intro_point_t *ip = NULL;
3189  hs_service_descriptor_t *desc = NULL;
3190 
3191  tor_assert(circ);
3192 
3193  /* Let's do some basic sanity checking of the circ state */
3194  if (BUG(!circ->cpath)) {
3195  return;
3196  }
3197  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
3198  return;
3199  }
3200  if (BUG(!circ->hs_ident)) {
3201  return;
3202  }
3203 
3204  /* Get the corresponding service and intro point. */
3205  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3206 
3207  if (service == NULL) {
3208  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3209  "circuit %u. Can't find onion service.",
3210  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3211  TO_CIRCUIT(circ)->n_circ_id);
3212  goto err;
3213  }
3214  if (ip == NULL) {
3215  log_warn(LD_REND, "Unknown introduction point auth key on circuit %u "
3216  "for service %s",
3217  TO_CIRCUIT(circ)->n_circ_id,
3218  safe_str_client(service->onion_address));
3219  goto err;
3220  }
3221  /* We can't have an IP object without a descriptor. */
3222  tor_assert(desc);
3223 
3224  if (hs_circ_service_intro_has_opened(service, ip, desc, circ)) {
3225  /* Getting here means that the circuit has been re-purposed because we
3226  * have enough intro circuit opened. Remove the IP from the service. */
3227  service_intro_point_remove(service, ip);
3228  service_intro_point_free(ip);
3229  }
3230 
3231  goto done;
3232 
3233  err:
3234  /* Close circuit, we can't use it. */
3235  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3236  done:
3237  return;
3238 }
3239 
3240 /** Called when a rendezvous circuit is done building and ready to be used. */
3241 static void
3243 {
3244  hs_service_t *service = NULL;
3245 
3246  tor_assert(circ);
3247  tor_assert(circ->cpath);
3248  /* Getting here means this is a v3 rendezvous circuit. */
3249  tor_assert(circ->hs_ident);
3251 
3252  /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3253  * timestamp regardless of its content because that circuit could have been
3254  * cannibalized so in any cases, we are about to use that circuit more. */
3255  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3257 
3258  /* Get the corresponding service and intro point. */
3259  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3260  if (service == NULL) {
3261  log_warn(LD_REND, "Unknown service identity key %s on the rendezvous "
3262  "circuit %u with cookie %s. Can't find onion service.",
3263  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3264  TO_CIRCUIT(circ)->n_circ_id,
3265  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
3266  REND_COOKIE_LEN));
3267  goto err;
3268  }
3269 
3270  /* If the cell can't be sent, the circuit will be closed within this
3271  * function. */
3272  hs_circ_service_rp_has_opened(service, circ);
3273  goto done;
3274 
3275  err:
3276  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3277  done:
3278  return;
3279 }
3280 
3281 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3282  * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3283  * introduction circuit. Return 0 on success else a negative value. */
3284 static int
3286  const uint8_t *payload,
3287  size_t payload_len)
3288 {
3289  hs_service_t *service = NULL;
3290  hs_service_intro_point_t *ip = NULL;
3291 
3292  tor_assert(circ);
3293  tor_assert(payload);
3295 
3296  /* We need the service and intro point for this cell. */
3297  get_objects_from_ident(circ->hs_ident, &service, &ip, NULL);
3298 
3299  /* Get service object from the circuit identifier. */
3300  if (service == NULL) {
3301  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3302  "circuit %u. Can't find onion service.",
3303  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3304  TO_CIRCUIT(circ)->n_circ_id);
3305  goto err;
3306  }
3307  if (ip == NULL) {
3308  /* We don't recognize the key. */
3309  log_warn(LD_REND, "Introduction circuit established without an intro "
3310  "point object on circuit %u for service %s",
3311  TO_CIRCUIT(circ)->n_circ_id,
3312  safe_str_client(service->onion_address));
3313  goto err;
3314  }
3315 
3316  /* Try to parse the payload into a cell making sure we do actually have a
3317  * valid cell. On success, the ip object and circuit purpose is updated to
3318  * reflect the fact that the introduction circuit is established. */
3319  if (hs_circ_handle_intro_established(service, ip, circ, payload,
3320  payload_len) < 0) {
3321  goto err;
3322  }
3323 
3324  log_info(LD_REND, "Successfully received an INTRO_ESTABLISHED cell "
3325  "on circuit %u for service %s",
3326  TO_CIRCUIT(circ)->n_circ_id,
3327  safe_str_client(service->onion_address));
3328  return 0;
3329 
3330  err:
3331  return -1;
3332 }
3333 
3334 /** We just received an INTRODUCE2 cell on the established introduction circuit
3335  * circ. Handle the cell and return 0 on success else a negative value. */
3336 static int
3337 service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3338  size_t payload_len)
3339 {
3340  hs_service_t *service = NULL;
3341  hs_service_intro_point_t *ip = NULL;
3342  hs_service_descriptor_t *desc = NULL;
3343 
3344  tor_assert(circ);
3345  tor_assert(payload);
3346  tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
3347 
3348  /* We'll need every object associated with this circuit. */
3349  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3350 
3351  /* Get service object from the circuit identifier. */
3352  if (service == NULL) {
3353  log_warn(LD_BUG, "Unknown service identity key %s when handling "
3354  "an INTRODUCE2 cell on circuit %u",
3355  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3356  TO_CIRCUIT(circ)->n_circ_id);
3357  goto err;
3358  }
3359  if (ip == NULL) {
3360  /* We don't recognize the key. */
3361  log_warn(LD_BUG, "Unknown introduction auth key when handling "
3362  "an INTRODUCE2 cell on circuit %u for service %s",
3363  TO_CIRCUIT(circ)->n_circ_id,
3364  safe_str_client(service->onion_address));
3365  goto err;
3366  }
3367  /* If we have an IP object, we MUST have a descriptor object. */
3368  tor_assert(desc);
3369 
3370  /* The following will parse, decode and launch the rendezvous point circuit.
3371  * Both current and legacy cells are handled. */
3372  if (hs_circ_handle_introduce2(service, circ, ip, desc->desc->subcredential,
3373  payload, payload_len) < 0) {
3374  goto err;
3375  }
3376 
3377  return 0;
3378  err:
3379  return -1;
3380 }
3381 
3382 /** Add to list every filename used by service. This is used by the sandbox
3383  * subsystem. */
3384 static void
3386 {
3387  const char *s_dir;
3388  char fname[128] = {0};
3389 
3390  tor_assert(service);
3391  tor_assert(list);
3392 
3393  /* Ease our life. */
3394  s_dir = service->config.directory_path;
3395  /* The hostname file. */
3396  smartlist_add(list, hs_path_from_filename(s_dir, fname_hostname));
3397  /* The key files splitted in two. */
3398  tor_snprintf(fname, sizeof(fname), "%s_secret_key", fname_keyfile_prefix);
3399  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3400  tor_snprintf(fname, sizeof(fname), "%s_public_key", fname_keyfile_prefix);
3401  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3402 }
3403 
3404 /** Return true iff the given service identity key is present on disk. */
3405 static int
3406 service_key_on_disk(const char *directory_path)
3407 {
3408  int ret = 0;
3409  char *fname;
3410  ed25519_keypair_t *kp = NULL;
3411 
3412  tor_assert(directory_path);
3413 
3414  /* Build the v3 key path name and then try to load it. */
3415  fname = hs_path_from_filename(directory_path, fname_keyfile_prefix);
3416  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT,
3417  LOG_DEBUG, NULL, 0, 0, 0, NULL, NULL);
3418  if (kp) {
3419  ret = 1;
3420  }
3421 
3422  ed25519_keypair_free(kp);
3423  tor_free(fname);
3424 
3425  return ret;
3426 }
3427 
3428 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3429  * because we need some preprocessing here */
3430 static int
3432  const hs_service_descriptor_t *desc,
3433  const ed25519_keypair_t *signing_kp,
3434  char **encoded_out)
3435 {
3436  int ret;
3437  const uint8_t *descriptor_cookie = NULL;
3438 
3439  tor_assert(service);
3440  tor_assert(desc);
3441  tor_assert(encoded_out);
3442 
3443  /* If the client authorization is enabled, send the descriptor cookie to
3444  * hs_desc_encode_descriptor. Otherwise, send NULL */
3445  if (service->config.is_client_auth_enabled) {
3446  descriptor_cookie = desc->descriptor_cookie;
3447  }
3448 
3449  ret = hs_desc_encode_descriptor(desc->desc, signing_kp,
3450  descriptor_cookie, encoded_out);
3451 
3452  return ret;
3453 }
3454 
3455 /* ========== */
3456 /* Public API */
3457 /* ========== */
3458 
3459 /** This is called everytime the service map (v2 or v3) changes that is if an
3460  * element is added or removed. */
3461 void
3463 {
3464  /* If we now have services where previously we had not, we need to enable
3465  * the HS service main loop event. If we changed to having no services, we
3466  * need to disable the event. */
3468 }
3469 
3470 /** Upload an encoded descriptor in encoded_desc of the given version. This
3471  * descriptor is for the service identity_pk and blinded_pk used to setup the
3472  * directory connection identifier. It is uploaded to the directory hsdir_rs
3473  * routerstatus_t object.
3474  *
3475  * NOTE: This function does NOT check for PublishHidServDescriptors because it
3476  * is only used by the control port command HSPOST outside of this subsystem.
3477  * Inside this code, upload_descriptor_to_hsdir() should be used. */
3478 void
3479 hs_service_upload_desc_to_dir(const char *encoded_desc,
3480  const uint8_t version,
3481  const ed25519_public_key_t *identity_pk,
3482  const ed25519_public_key_t *blinded_pk,
3483  const routerstatus_t *hsdir_rs)
3484 {
3485  char version_str[4] = {0};
3486  directory_request_t *dir_req;
3487  hs_ident_dir_conn_t ident;
3488 
3489  tor_assert(encoded_desc);
3490  tor_assert(identity_pk);
3491  tor_assert(blinded_pk);
3492  tor_assert(hsdir_rs);
3493 
3494  /* Setup the connection identifier. */
3495  memset(&ident, 0, sizeof(ident));
3496  hs_ident_dir_conn_init(identity_pk, blinded_pk, &ident);
3497 
3498  /* This is our resource when uploading which is used to construct the URL
3499  * with the version number: "/tor/hs/<version>/publish". */
3500  tor_snprintf(version_str, sizeof(version_str), "%u", version);
3501 
3502  /* Build the directory request for this HSDir. */
3504  directory_request_set_routerstatus(dir_req, hsdir_rs);
3506  directory_request_set_resource(dir_req, version_str);
3507  directory_request_set_payload(dir_req, encoded_desc,
3508  strlen(encoded_desc));
3509  /* The ident object is copied over the directory connection object once
3510  * the directory request is initiated. */
3511  directory_request_upload_set_hs_ident(dir_req, &ident);
3512 
3513  /* Initiate the directory request to the hsdir.*/
3514  directory_initiate_request(dir_req);
3515  directory_request_free(dir_req);
3516 }
3517 
3518 /** Add the ephemeral service using the secret key sk and ports. Both max
3519  * streams parameter will be set in the newly created service.
3520  *
3521  * Ownership of sk and ports is passed to this routine. Regardless of
3522  * success/failure, callers should not touch these values after calling this
3523  * routine, and may assume that correct cleanup has been done on failure.
3524  *
3525  * Return an appropriate hs_service_add_ephemeral_status_t. */
3528  int max_streams_per_rdv_circuit,
3529  int max_streams_close_circuit, char **address_out)
3530 {
3532  hs_service_t *service = NULL;
3533 
3534  tor_assert(sk);
3535  tor_assert(ports);
3536  tor_assert(address_out);
3537 
3538  service = hs_service_new(get_options());
3539 
3540  /* Setup the service configuration with specifics. A default service is
3541  * HS_VERSION_TWO so explicitly set it. */
3542  service->config.version = HS_VERSION_THREE;
3543  service->config.max_streams_per_rdv_circuit = max_streams_per_rdv_circuit;
3544  service->config.max_streams_close_circuit = !!max_streams_close_circuit;
3545  service->config.is_ephemeral = 1;
3546  smartlist_free(service->config.ports);
3547  service->config.ports = ports;
3548 
3549  /* Handle the keys. */
3550  memcpy(&service->keys.identity_sk, sk, sizeof(service->keys.identity_sk));
3552  &service->keys.identity_sk) < 0) {
3553  log_warn(LD_CONFIG, "Unable to generate ed25519 public key"
3554  "for v3 service.");
3555  ret = RSAE_BADPRIVKEY;
3556  goto err;
3557  }
3558 
3559  /* Make sure we have at least one port. */
3560  if (smartlist_len(service->config.ports) == 0) {
3561  log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
3562  "for v3 service.");
3563  ret = RSAE_BADVIRTPORT;
3564  goto err;
3565  }
3566 
3567  /* Build the onion address for logging purposes but also the control port
3568  * uses it for the HS_DESC event. */
3569  hs_build_address(&service->keys.identity_pk,
3570  (uint8_t) service->config.version,
3571  service->onion_address);
3572 
3573  /* The only way the registration can fail is if the service public key
3574  * already exists. */
3575  if (BUG(register_service(hs_service_map, service) < 0)) {
3576  log_warn(LD_CONFIG, "Onion Service private key collides with an "
3577  "existing v3 service.");
3578  ret = RSAE_ADDREXISTS;
3579  goto err;
3580  }
3581 
3582  log_info(LD_CONFIG, "Added ephemeral v3 onion service: %s",
3583  safe_str_client(service->onion_address));
3584 
3585  *address_out = tor_strdup(service->onion_address);
3586  ret = RSAE_OKAY;
3587  goto end;
3588 
3589  err:
3590  hs_service_free(service);
3591 
3592  end:
3593  memwipe(sk, 0, sizeof(ed25519_secret_key_t));
3594  tor_free(sk);
3595  return ret;
3596 }
3597 
3598 /** For the given onion address, delete the ephemeral service. Return 0 on
3599  * success else -1 on error. */
3600 int
3601 hs_service_del_ephemeral(const char *address)
3602 {
3603  uint8_t version;
3605  hs_service_t *service = NULL;
3606 
3607  tor_assert(address);
3608 
3609  if (hs_parse_address(address, &pk, NULL, &version) < 0) {
3610  log_warn(LD_CONFIG, "Requested malformed v3 onion address for removal.");
3611  goto err;
3612  }
3613 
3614  if (version != HS_VERSION_THREE) {
3615  log_warn(LD_CONFIG, "Requested version of onion address for removal "
3616  "is not supported.");
3617  goto err;
3618  }
3619 
3620  service = find_service(hs_service_map, &pk);
3621  if (service == NULL) {
3622  log_warn(LD_CONFIG, "Requested non-existent v3 hidden service for "
3623  "removal.");
3624  goto err;
3625  }
3626 
3627  if (!service->config.is_ephemeral) {
3628  log_warn(LD_CONFIG, "Requested non-ephemeral v3 hidden service for "
3629  "removal.");
3630  goto err;
3631  }
3632 
3633  /* Close introduction circuits, remove from map and finally free. Notice
3634  * that the rendezvous circuits aren't closed in order for any existing
3635  * connections to finish. We let the application terminate them. */
3637  remove_service(hs_service_map, service);
3638  hs_service_free(service);
3639 
3640  log_info(LD_CONFIG, "Removed ephemeral v3 hidden service: %s",
3641  safe_str_client(address));
3642  return 0;
3643 
3644  err:
3645  return -1;
3646 }
3647 
3648 /** Using the ed25519 public key pk, find a service for that key and return the
3649  * current encoded descriptor as a newly allocated string or NULL if not
3650  * found. This is used by the control port subsystem. */
3651 char *
3653 {
3654  const hs_service_t *service;
3655 
3656  tor_assert(pk);
3657 
3658  service = find_service(hs_service_map, pk);
3659  if (service && service->desc_current) {
3660  char *encoded_desc = NULL;
3661  /* No matter what is the result (which should never be a failure), return
3662  * the encoded variable, if success it will contain the right thing else
3663  * it will be NULL. */
3664  service_encode_descriptor(service,
3665  service->desc_current,
3666  &service->desc_current->signing_kp,
3667  &encoded_desc);
3668  return encoded_desc;
3669  }
3670 
3671  return NULL;
3672 }
3673 
3674 /** Return the number of service we have configured and usable. */
3675 MOCK_IMPL(unsigned int,
3677 {
3678  if (hs_service_map == NULL) {
3679  return 0;
3680  }
3681  return HT_SIZE(hs_service_map);
3682 }
3683 
3684 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3685  * the hidden service for the circuit circ, and look up the port and address
3686  * based on the connection port. Assign the actual connection address.
3687  *
3688  * Return 0 on success. Return -1 on failure and the caller should NOT close
3689  * the circuit. Return -2 on failure and the caller MUST close the circuit for
3690  * security reasons. */
3691 int
3693  edge_connection_t *conn)
3694 {
3695  hs_service_t *service = NULL;
3696 
3697  tor_assert(circ);
3698  tor_assert(conn);
3700  tor_assert(circ->hs_ident);
3701 
3702  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3703 
3704  if (service == NULL) {
3705  log_warn(LD_REND, "Unable to find any hidden service associated "
3706  "identity key %s on rendezvous circuit %u.",
3707  ed25519_fmt(&circ->hs_ident->identity_pk),
3708  TO_CIRCUIT(circ)->n_circ_id);
3709  /* We want the caller to close the circuit because it's not a valid
3710  * service so no danger. Attempting to bruteforce the entire key space by
3711  * opening circuits to learn which service is being hosted here is
3712  * impractical. */
3713  goto err_close;
3714  }
3715 
3716  /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3717  * this circuit will exceed the limit. */
3718  if (service->config.max_streams_per_rdv_circuit > 0 &&
3719  (circ->hs_ident->num_rdv_streams >=
3720  service->config.max_streams_per_rdv_circuit)) {
3721 #define MAX_STREAM_WARN_INTERVAL 600
3722  static struct ratelim_t stream_ratelim =
3723  RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
3724  log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
3725  "Maximum streams per circuit limit reached on "
3726  "rendezvous circuit %u for service %s. Circuit has "
3727  "%" PRIu64 " out of %" PRIu64 " streams. %s.",
3728  TO_CIRCUIT(circ)->n_circ_id,
3729  service->onion_address,
3730  circ->hs_ident->num_rdv_streams,
3733  "Closing circuit" : "Ignoring open stream request");
3734  if (service->config.max_streams_close_circuit) {
3735  /* Service explicitly configured to close immediately. */
3736  goto err_close;
3737  }
3738  /* Exceeding the limit makes tor silently ignore the stream creation
3739  * request and keep the circuit open. */
3740  goto err_no_close;
3741  }
3742 
3743  /* Find a virtual port of that service mathcing the one in the connection if
3744  * successful, set the address in the connection. */
3745  if (hs_set_conn_addr_port(service->config.ports, conn) < 0) {
3746  log_info(LD_REND, "No virtual port mapping exists for port %d for "
3747  "hidden service %s.",
3748  TO_CONN(conn)->port, service->onion_address);
3749  if (service->config.allow_unknown_ports) {
3750  /* Service explicitly allow connection to unknown ports so close right
3751  * away because we do not care about port mapping. */
3752  goto err_close;
3753  }
3754  /* If the service didn't explicitly allow it, we do NOT close the circuit
3755  * here to raise the bar in terms of performance for port mapping. */
3756  goto err_no_close;
3757  }
3758 
3759  /* Success. */
3760  return 0;
3761  err_close:
3762  /* Indicate the caller that the circuit should be closed. */
3763  return -2;
3764  err_no_close:
3765  /* Indicate the caller to NOT close the circuit. */
3766  return -1;
3767 }
3768 
3769 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
3770  * its clients? */
3773 {
3774  hs_service_t *service = find_service(hs_service_map, pk);
3775  if (!service) {
3777  }
3778 
3779  return service->config.circuit_id_protocol;
3780 }
3781 
3782 /** Add to file_list every filename used by a configured hidden service, and to
3783  * dir_list every directory path used by a configured hidden service. This is
3784  * used by the sandbox subsystem to whitelist those. */
3785 void
3787  smartlist_t *dir_list)
3788 {
3789  tor_assert(file_list);
3790  tor_assert(dir_list);
3791 
3792  /* Add files and dirs for legacy services. */
3793  rend_services_add_filenames_to_lists(file_list, dir_list);
3794 
3795  /* Add files and dirs for v3+. */
3796  FOR_EACH_SERVICE_BEGIN(service) {
3797  /* Skip ephemeral service, they don't touch the disk. */
3798  if (service->config.is_ephemeral) {
3799  continue;
3800  }
3801  service_add_fnames_to_list(service, file_list);
3802  smartlist_add_strdup(dir_list, service->config.directory_path);
3803  smartlist_add_strdup(dir_list, dname_client_pubkeys);
3804  } FOR_EACH_DESCRIPTOR_END;
3805 }
3806 
3807 /** Called when our internal view of the directory has changed. We might have
3808  * received a new batch of descriptors which might affect the shape of the
3809  * HSDir hash ring. Signal that we should reexamine the hash ring and
3810  * re-upload our HS descriptors if needed. */
3811 void
3813 {
3814  if (hs_service_get_num_services() > 0) {
3815  /* New directory information usually goes every consensus so rate limit
3816  * every 30 minutes to not be too conservative. */
3817  static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
3818  log_fn_ratelim(&dir_info_changed_ratelim, LOG_INFO, LD_REND,
3819  "New dirinfo arrived: consider reuploading descriptor");
3821  }
3822 }
3823 
3824 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
3825  * launch a circuit to the rendezvous point. */
3826 int
3827 hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3828  size_t payload_len)
3829 {
3830  int ret = -1;
3831 
3832  tor_assert(circ);
3833  tor_assert(payload);
3834 
3835  /* Do some initial validation and logging before we parse the cell */
3836  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_INTRO) {
3837  log_warn(LD_PROTOCOL, "Received an INTRODUCE2 cell on a "
3838  "non introduction circuit of purpose %d",
3839  TO_CIRCUIT(circ)->purpose);
3840  goto done;
3841  }
3842 
3843  if (circ->hs_ident) {
3844  ret = service_handle_introduce2(circ, payload, payload_len);
3846  } else {
3847  ret = rend_service_receive_introduction(circ, payload, payload_len);
3849  }
3850 
3851  done:
3852  return ret;
3853 }
3854 
3855 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
3856  * established introduction point. Return 0 on success else a negative value
3857  * and the circuit is closed. */
3858 int
3860  const uint8_t *payload,
3861  size_t payload_len)
3862 {
3863  int ret = -1;
3864 
3865  tor_assert(circ);
3866  tor_assert(payload);
3867 
3868  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
3869  log_warn(LD_PROTOCOL, "Received an INTRO_ESTABLISHED cell on a "
3870  "non introduction circuit of purpose %d",
3871  TO_CIRCUIT(circ)->purpose);
3872  goto err;
3873  }
3874 
3875  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
3876  * identifier hs_ident. Can't be both. */
3877  if (circ->hs_ident) {
3878  ret = service_handle_intro_established(circ, payload, payload_len);
3879  } else {
3880  ret = rend_service_intro_established(circ, payload, payload_len);
3881  }
3882 
3883  if (ret < 0) {
3884  goto err;
3885  }
3886  return 0;
3887  err:
3888  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
3889  return -1;
3890 }
3891 
3892 /** Called when any kind of hidden service circuit is done building thus
3893  * opened. This is the entry point from the circuit subsystem. */
3894 void
3896 {
3897  tor_assert(circ);
3898 
3899  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
3900  * identifier hs_ident. Can't be both. */
3901  switch (TO_CIRCUIT(circ)->purpose) {
3903  if (circ->hs_ident) {
3905  } else {
3907  }
3908  break;
3910  if (circ->hs_ident) {
3912  } else {
3914  }
3915  break;
3916  default:
3917  tor_assert(0);
3918  }
3919 }
3920 
3921 /** Return the service version by looking at the key in the service directory.
3922  * If the key is not found or unrecognized, -1 is returned. Else, the service
3923  * version is returned. */
3924 int
3926 {
3927  int version = -1; /* Unknown version. */
3928  const char *directory_path;
3929 
3930  tor_assert(service);
3931 
3932  /* We'll try to load the key for version 3. If not found, we'll try version
3933  * 2 and if not found, we'll send back an unknown version (-1). */
3934  directory_path = service->config.directory_path;
3935 
3936  /* Version 3 check. */
3937  if (service_key_on_disk(directory_path)) {
3938  version = HS_VERSION_THREE;
3939  goto end;
3940  }
3941  /* Version 2 check. */
3942  if (rend_service_key_on_disk(directory_path)) {
3943  version = HS_VERSION_TWO;
3944  goto end;
3945  }
3946 
3947  end:
3948  return version;
3949 }
3950 
3951 /** Load and/or generate keys for all onion services including the client
3952  * authorization if any. Return 0 on success, -1 on failure. */
3953 int
3955 {
3956  /* Load v2 service keys if we have v2. */
3957  if (rend_num_services() != 0) {
3958  if (rend_service_load_all_keys(NULL) < 0) {
3959  goto err;
3960  }
3961  }
3962 
3963  /* Load or/and generate them for v3+. */
3965  /* Ignore ephemeral service, they already have their keys set. */
3966  if (service->config.is_ephemeral) {
3967  continue;
3968  }
3969  log_info(LD_REND, "Loading v3 onion service keys from %s",
3970  service_escaped_dir(service));
3971  if (load_service_keys(service) < 0) {
3972  goto err;
3973  }
3974  } SMARTLIST_FOREACH_END(service);
3975 
3976  /* Final step, the staging list contains service in a quiescent state that
3977  * is ready to be used. Register them to the global map. Once this is over,
3978  * the staging list will be cleaned up. */
3980 
3981  /* All keys have been loaded successfully. */
3982  return 0;
3983  err:
3984  return -1;
3985 }
3986 
3987 /** Put all service object in the given service list. After this, the caller
3988  * looses ownership of every elements in the list and responsible to free the
3989  * list pointer. */
3990 void
3992 {
3993  tor_assert(service_list);
3994  /* This list is freed at registration time but this function can be called
3995  * multiple time. */
3996  if (hs_service_staging_list == NULL) {
3998  }
3999  /* Add all service object to our staging list. Caller is responsible for
4000  * freeing the service_list. */
4002 }
4003 
4004 /** Allocate and initilize a service object. The service configuration will
4005  * contain the default values. Return the newly allocated object pointer. This
4006  * function can't fail. */
4007 hs_service_t *
4009 {
4010  hs_service_t *service = tor_malloc_zero(sizeof(hs_service_t));
4011  /* Set default configuration value. */
4012  set_service_default_config(&service->config, options);
4013  /* Set the default service version. */
4015  /* Allocate the CLIENT_PK replay cache in service state. */
4016  service->state.replay_cache_rend_cookie =
4018 
4019  return service;
4020 }
4021 
4022 /** Free the given <b>service</b> object and all its content. This function
4023  * also takes care of wiping service keys from memory. It is safe to pass a
4024  * NULL pointer. */
4025 void
4027 {
4028  if (service == NULL) {
4029  return;
4030  }
4031 
4032  /* Free descriptors. Go over both descriptor with this loop. */
4033  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
4034  service_descriptor_free(desc);
4035  } FOR_EACH_DESCRIPTOR_END;
4036 
4037  /* Free service configuration. */
4038  service_clear_config(&service->config);
4039 
4040  /* Free replay cache from state. */
4041  if (service->state.replay_cache_rend_cookie) {
4043  }
4044 
4045  /* Wipe service keys. */
4046  memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk));
4047 
4048  tor_free(service);
4049 }
4050 
4051 /** Periodic callback. Entry point from the main loop to the HS service
4052  * subsystem. This is call every second. This is skipped if tor can't build a
4053  * circuit or the network is disabled. */
4054 void
4056 {
4057  /* First thing we'll do here is to make sure our services are in a
4058  * quiescent state for the scheduled events. */
4060 
4061  /* Order matters here. We first make sure the descriptor object for each
4062  * service contains the latest data. Once done, we check if we need to open
4063  * new introduction circuit. Finally, we try to upload the descriptor for
4064  * each service. */
4065 
4066  /* Make sure descriptors are up to date. */
4068  /* Make sure services have enough circuits. */
4070  /* Upload the descriptors if needed/possible. */
4072 }
4073 
4074 /** Initialize the service HS subsystem. */
4075 void
4077 {
4078  /* Should never be called twice. */
4081 
4082  /* v2 specific. */
4083  rend_service_init();
4084 
4085  hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht));
4086  HT_INIT(hs_service_ht, hs_service_map);
4087 
4089 }
4090 
4091 /** Release all global storage of the hidden service subsystem. */
4092 void
4094 {
4096  service_free_all();
4097 }
4098 
4099 #ifdef TOR_UNIT_TESTS
4100 
4101 /** Return the global service map size. Only used by unit test. */
4102 STATIC unsigned int
4103 get_hs_service_map_size(void)
4104 {
4105  return HT_SIZE(hs_service_map);
4106 }
4107 
4108 /** Return the staging list size. Only used by unit test. */
4109 STATIC int
4110 get_hs_service_staging_list_size(void)
4111 {
4112  return smartlist_len(hs_service_staging_list);
4113 }
4114 
4115 STATIC hs_service_ht *
4116 get_hs_service_map(void)
4117 {
4118  return hs_service_map;
4119 }
4120 
4122 get_first_service(void)
4123 {
4124  hs_service_t **obj = HT_START(hs_service_ht, hs_service_map);
4125  if (obj == NULL) {
4126  return NULL;
4127  }
4128  return *obj;
4129 }
4130 
4131 #endif /* defined(TOR_UNIT_TESTS) */
smartlist_t * previous_hsdirs
Definition: hs_service.h:166
static int compare_service_authorzized_client_(const void **_a, const void **_b)
Definition: hs_service.c:1367
#define DIR_PURPOSE_UPLOAD_HSDESC
Definition: directory.h:72
Header for statefile.c.
hs_service_state_t state
Definition: hs_service.h:291
Header file for dirclient.c.
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
Definition: hs_service.c:1332
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3827
static void run_build_descriptor_event(time_t now)
Definition: hs_service.c:2618
Header for confline.c.
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
Definition: hs_service.h:33
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
Definition: hs_service.c:678
int rend_num_services(void)
Definition: rendservice.c:184
Header file containing common data for the whole HS subsytem.
#define OPE_INPUT_MAX
Definition: crypto_ope.h:31
Header file containing configuration ABI/API for the HS subsytem.
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
Definition: hs_control.c:111
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
Definition: hs_service.c:3692
static int load_service_keys(hs_service_t *service)
Definition: hs_service.c:1007
hs_service_descriptor_t * desc_next
Definition: hs_service.h:302
unsigned int num_intro_circ_launched
Definition: hs_service.h:266
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
Definition: hs_service.c:872
void rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
Definition: rendservice.c:3461
Common functions for using (pseudo-)random number generators.
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
Definition: hs_service.c:1438
Definition: node_st.h:34
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
Definition: or.h:1070
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:179
digest256map_t * map
Definition: hs_service.h:97
Header file containing service data for the HS subsytem.
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:854
int hs_service_get_version_from_key(const hs_service_t *service)
Definition: hs_service.c:3925
curve25519_keypair_t auth_ephemeral_kp
Definition: hs_service.h:125
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
int hs_service_load_all_keys(void)
Definition: hs_service.c:3954
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:914
#define TO_CONN(c)
Definition: or.h:735
smartlist_t * link_specifiers
Definition: hs_intropoint.h:24
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
time_t next_rotation_time
Definition: hs_service.h:277
uint8_t store_second[DIGEST256_LEN]
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
static const char * service_escaped_dir(const hs_service_t *s)
Definition: hs_service.c:863
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
int rend_service_load_all_keys(const smartlist_t *service_list)
Definition: rendservice.c:1387
hs_desc_superencrypted_data_t superencrypted_data
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
Definition: hs_service.c:786
Header file for node_select.c.
static struct hs_service_ht * hs_service_map
Definition: hs_service.c:147
void format_local_iso_time(char *buf, time_t t)
Definition: time_fmt.c:285
void rend_service_free_all(void)
Definition: rendservice.c:267
curve25519_public_key_t client_pk
Definition: hs_service.h:183
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2349
void rend_consider_services_intro_points(time_t now)
Definition: rendservice.c:4101
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:204
hs_desc_encrypted_data_t encrypted_data
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Definition: hs_ident.c:69
Header file for connection.c.
int node_supports_ed25519_hs_intro(const node_t *node)
Definition: nodelist.c:1162
#define INTRO_POINT_LIFETIME_MAX_SECONDS
Definition: or.h:1086
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
unsigned int num_intro_points
Definition: hs_service.h:224
#define LD_GENERAL
Definition: log.h:62
void hs_service_free_all(void)
Definition: hs_service.c:4093
void hs_stats_note_introduce2_cell(int is_hsv3)
Definition: hs_stats.c:22
int rend_service_receive_introduction(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
Definition: rendservice.c:1876
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
Definition: hs_service.c:3431
unsigned int max_streams_close_circuit
Definition: hs_service.h:220
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
Definition: hs_service.c:636
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3242
static int32_t get_intro_point_max_lifetime(void)
Definition: hs_service.c:351
ed25519_public_key_t signing_pubkey
#define LOG_INFO
Definition: log.h:45
Header file for describe.c.
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1826
unsigned int dir_group_readable
Definition: hs_service.h:243
Header file for nodelist.c.
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:199
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
Definition: hs_service.c:1857
STATIC void service_clear_config(hs_service_config_t *config)
Definition: hs_service.c:254
static smartlist_t * hs_service_staging_list
Definition: hs_service.c:103
struct hs_desc_intro_point_t::@16 legacy
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
Definition: hs_service.c:1496
uint8_t subcredential[DIGEST256_LEN]
unsigned int support_intro2_dos_defense
Definition: hs_service.h:82
curve25519_keypair_t enc_key_kp
Definition: hs_service.h:51
replaycache_t * replay_cache
Definition: hs_service.h:78
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
Definition: or.h:1091
static int32_t get_intro_point_min_lifetime(void)
Definition: hs_service.c:334
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
static void close_service_circuits(hs_service_t *service)
Definition: hs_service.c:815
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:242
void hs_intropoint_clear(hs_intropoint_t *ip)
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Definition: hs_service.c:1319
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:3010
#define FOR_EACH_SERVICE_BEGIN(var)
Definition: hs_service.c:72
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
Definition: hs_service.c:2090
time_t sr_state_get_start_time_of_current_protocol_run(void)
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:177
smartlist_t * clients
Definition: hs_service.h:231
Node information structure.
static unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
Definition: hs_service.c:705
int hs_service_del_ephemeral(const char *address)
Definition: hs_service.c:3601
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3337
struct directory_request_t directory_request_t
Definition: dirclient.h:50
#define TO_CIRCUIT(x)
Definition: or.h:951
Header file for config.c.
tor_cert_t * tor_cert_create(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:131
Header file for nickname.c.
unsigned int single_onion_service
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void digest_to_base64(char *d64, const char *digest)
const or_options_t * get_options(void)
Definition: config.c:926
crypt_path_t * cpath
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define tor_assert(expr)
Definition: util_bug.h:102
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Definition: circuitlist.c:1775
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
Definition: hs_service.c:3479
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2319
smartlist_t * intro_auth_types
tor_cert_t * enc_key_cert
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:103
void rend_service_intro_has_opened(origin_circuit_t *circuit)
Definition: rendservice.c:3268
static void close_service_intro_circuits(hs_service_t *service)
Definition: hs_service.c:804
smartlist_t * tor_listdir(const char *dirname)
Definition: dir.c:307
header for crypto_ope.c
#define HS_DESC_CERT_LIFETIME
Definition: hs_descriptor.h:37
int crypto_rand_int_range(unsigned int min, unsigned int max)
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:140
#define tor_free(p)
Definition: malloc.h:52
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const uint8_t *subcredential, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:966
unsigned int allow_unknown_ports
Definition: hs_service.h:235
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
#define SMARTLIST_DEL_CURRENT(sl, var)
static void set_rotation_time(hs_service_t *service)
Definition: hs_service.c:2460
Header file for mainloop.c.
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
Definition: hs_service.c:1942
networkstatus_t * networkstatus_get_live_consensus(time_t now)
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
Definition: hs_service.c:1298
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Header file for hs_stats.c.
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1039
smartlist_t * ports
Definition: hs_service.h:207
smartlist_t * smartlist_new(void)
ed25519_keypair_t signing_kp
Definition: hs_service.h:132
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:3772
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Definition: hs_control.c:133
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:89
ed25519_secret_key_t identity_sk
Definition: hs_service.h:174
ed25519_public_key_t blinded_pubkey
time_t sr_state_get_start_time_of_previous_protocol_run(void)
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1317
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
void hs_service_free_(hs_service_t *service)
Definition: hs_service.c:4026
unsigned int is_client_auth_enabled
Definition: hs_service.h:227
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
void smartlist_shuffle(smartlist_t *sl)
Definition: crypto_rand.c:602
#define STATIC
Definition: testsupport.h:32
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3285
static void service_intro_point_free_void(void *obj)
Definition: hs_service.c:428
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1744
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2297
int write_str_to_file(const char *fname, const char *str, int bin)
Definition: files.c:258
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
Definition: hs_service.c:2217
#define HS_VERSION_THREE
Definition: hs_common.h:26
static int32_t get_intro_point_min_introduce2(void)
Definition: hs_service.c:309
Routerstatus (consensus entry) structure.
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:942
Header file for loadkey.c.
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
Definition: hs_service.c:3652
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
Definition: hs_circuit.c:787
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
Definition: hs_service.c:515
#define DIGEST256_LEN
Definition: digest_sizes.h:23
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:154
uint64_t max_streams_per_rdv_circuit
Definition: hs_service.h:216
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
Definition: hs_service.c:2740
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2140
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
hs_desc_plaintext_data_t plaintext_data
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:1889
Common functions for cryptographic routines.
static int load_client_keys(hs_service_t *service)
Definition: hs_service.c:1185
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1713
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
Definition: hs_service.c:3385
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
Definition: torcert.c:331
STATIC void build_all_descriptors(time_t now)
Definition: hs_service.c:2045
void hs_service_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3895
void hs_service_map_has_changed(void)
Definition: hs_service.c:3462
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:646
Header for crypto_format.c.
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1685
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
Definition: hs_service.c:833
uint8_t seckey[ED25519_SECKEY_LEN]
void rend_consider_services_upload(time_t now)
Definition: rendservice.c:4285
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
curve25519_public_key_t onion_key
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
Definition: hs_service.c:2697
#define HS_DESC_AUTH_CLIENT_MULTIPLE
Definition: hs_descriptor.h:65
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:85
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2953
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2816
unsigned int is_only_legacy
Definition: hs_intropoint.h:19
static void rotate_service_descriptors(hs_service_t *service)
Definition: hs_service.c:2532
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
Definition: hs_service.c:1110
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_service.h:284
#define replaycache_free(r)
Definition: replaycache.h:42
#define DIGEST_LEN
Definition: digest_sizes.h:20
Origin circuit structure.
void hs_service_init(void)
Definition: hs_service.c:4076
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
Definition: hs_service.c:1995
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
Definition: hs_circuit.c:855
const char * node_describe(const node_t *node)
Definition: describe.c:143
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN]
Definition: hs_service.h:129
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
tor_cert_t * signing_key_cert
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:722
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:203
Master header file for Tor-specific functionality.
crypto_ope_t * crypto_ope_new(const uint8_t *key)
Definition: crypto_ope.c:129
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
HT_GENERATE2(cdm_diff_ht, cdm_diff_t, node, cdm_diff_hash, cdm_diff_eq, 0.6, tor_reallocarray, tor_free_) static void cdm_diff_free_(cdm_diff_t *diff)
Definition: consdiffmgr.c:222
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
Definition: hs_service.c:605
#define INTRO_CIRC_RETRY_PERIOD
Definition: hs_common.h:41
unsigned int sr_state_get_protocol_run_duration(void)
Header file for circuitbuild.c.
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1649
struct hs_desc_intro_point_t::@16::@17 cert
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
char identity[DIGEST_LEN]
Definition: node_st.h:46
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:1045
static void service_free_all(void)
Definition: hs_service.c:391
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3859
ed25519_keypair_t auth_key_kp
Definition: hs_service.h:48
hs_service_keys_t keys
Definition: hs_service.h:294
Header file containing circuit and connection identifier data for the whole HS subsytem.
#define NUM_INTRO_POINTS_EXTRA
Definition: hs_common.h:38
#define HS_DESC_DEFAULT_LIFETIME
Definition: hs_descriptor.h:28
#define LOG_WARN
Definition: log.h:53
hs_service_add_ephemeral_status_t
Definition: hs_common.h:142
crypto_pk_t * crypto_pk_new(void)
Header file for shared_random_client.c.
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, uint8_t *subcred_out)
Definition: hs_common.c:814
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Definition: node_select.c:950
#define hs_service_free(s)
Definition: hs_service.h:327
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:292
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:658
Header file for circuituse.c.
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
Header file for hs_descriptor.c.
Extend-info structure.
Header file for hs_intropoint.c.
hs_service_config_t config
Definition: hs_service.h:297
ed25519_public_key_t identity_pk
Definition: hs_service.h:172
STATIC int client_filename_is_valid(const char *filename)
Definition: hs_service.c:1081
unsigned int is_single_onion
Definition: hs_service.h:239
void tor_free_(void *mem)
Definition: malloc.c:227
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
Definition: hs_service.c:125
curve25519_public_key_t onion_key
Definition: hs_service.h:44
#define crypto_digest_free(d)
replaycache_t * replaycache_new(time_t horizon, time_t interval)
Definition: replaycache.c:47
static int consider_republishing_hs_descriptors
Definition: hs_service.c:108
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:109
#define LD_REND
Definition: log.h:84
Header file for circuitlist.c.
hs_descriptor_t * desc
Definition: hs_service.h:148
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Header file for rendservice.c.
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
Definition: hs_circuit.c:727
int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
Definition: rendservice.c:3400
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
Definition: hs_service.c:964
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
Definition: hs_service.c:3786
curve25519_public_key_t enc_key
void rend_services_add_filenames_to_lists(smartlist_t *open_lst, smartlist_t *stat_lst)
Definition: rendservice.c:1425
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1878
router_crn_flags_t
Definition: node_select.h:16
Client/server directory connection structure.
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:106
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
static int ht_free_service_(struct hs_service_t *service, void *data)
Definition: hs_service.c:379
#define LD_FS
Definition: log.h:70
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:995
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:312
hs_circuit_id_protocol_t
Definition: hs_service.h:187
struct crypto_ope_t * ope_cipher
Definition: hs_service.h:144
digestmap_t * failed_id
Definition: hs_service.h:103
Header file containing circuit data for the whole HS subsytem.
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1534
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
Definition: hs_service.c:412
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
Definition: hs_service.c:2480
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
hs_service_intropoints_t intro_points
Definition: hs_service.h:156
hs_circuit_id_protocol_t circuit_id_protocol
Definition: hs_service.h:249
Header file containing control port event related code.
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
Definition: hs_service.c:2246
#define NUM_INTRO_POINTS_DEFAULT
Definition: hs_common.h:33
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
#define HS_SERVICE_DEFAULT_VERSION
Definition: hs_service.h:29
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
static void close_service_rp_circuits(hs_service_t *service)
Definition: hs_service.c:756
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:2262
hs_service_descriptor_t * desc_current
Definition: hs_service.h:300
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:921
replaycache_t * replay_cache_rend_cookie
Definition: hs_service.h:273
Header file for relay.c.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
static void run_build_circuit_event(time_t now)
Definition: hs_service.c:2785
void hs_service_dir_info_changed(void)
Definition: hs_service.c:3812
static int service_key_on_disk(const char *directory_path)
Definition: hs_service.c:3406
The or_state_t structure, which represents Tor's state file.
STATIC void service_authorized_client_free_(hs_service_authorized_client_t *client)
Definition: hs_service.c:1287
void hs_service_run_scheduled_events(time_t now)
Definition: hs_service.c:4055
const char * escaped(const char *s)
Definition: escape.c:126
HT_PROTOTYPE(HT_GENERATE2(channel_gid_map, HT_GENERATE2(channel_t, HT_GENERATE2(gidmap_node, HT_GENERATE2(channel_id_hash, HT_GENERATE2(channel_id_eq)
Definition: channel.c:121
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1848
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
Definition: hs_service.c:2882
static unsigned int hs_service_ht_hash(const hs_service_t *service)
Definition: hs_service.c:137
STATIC void run_housekeeping_event(time_t now)
Definition: hs_service.c:2583
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, char **address_out)
Definition: hs_service.c:3527
#define HS_VERSION_TWO
Definition: hs_common.h:24
#define BASE64_DIGEST_LEN
Definition: crypto_digest.h:26
STATIC void update_all_descriptors_intro_points(time_t now)
Definition: hs_service.c:2305
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3048
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
Definition: map.h:165
void directory_initiate_request(directory_request_t *request)
Definition: dirclient.c:1229
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:662
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
crypto_pk_t * legacy_key
Definition: hs_service.h:55
smartlist_t * link_specifiers
STATIC void run_upload_descriptor_event(time_t now)
Definition: hs_service.c:3136
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:340
ed25519_public_key_t blinded_pk
Definition: hs_ident.h:95
smartlist_t * intro_points
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
Definition: hs_service.c:82
time_t approx_time(void)
Definition: approx_time.c:32
curve25519_public_key_t auth_ephemeral_pubkey
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
Edge-connection structure.
void rescan_periodic_events(const or_options_t *options)
Definition: mainloop.c:1590
ed25519_keypair_t blinded_kp
Definition: hs_service.h:136
#define LOG_DEBUG
Definition: log.h:42
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1026
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
unsigned int hs_service_get_num_services(void)
Definition: hs_service.c:3676
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
Definition: hs_service.c:1515
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
Definition: hs_service.c:548
uint8_t store_first[DIGEST256_LEN]
unsigned int is_ephemeral
Definition: hs_service.h:246
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:530
#define CONN_TYPE_DIR
Definition: connection.h:53
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:579
int node_supports_establish_intro_dos_extension(const node_t *node)
Definition: nodelist.c:1172
static void register_all_services(void)
Definition: hs_service.c:897
consensus_path_type_t router_have_consensus_path(void)
Definition: nodelist.c:2330
static void service_intro_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3185
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3109
#define REND_COOKIE_LEN
Definition: or.h:399
hs_intropoint_t base
Definition: hs_service.h:40
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:268
#define INTRO_POINT_LIFETIME_MIN_SECONDS
Definition: or.h:1081
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Definition: dirclient.c:1105
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:1081
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:303
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:112
struct hs_ident_circuit_t * hs_ident
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
Definition: dirclient.c:1050
void hs_service_stage_services(const smartlist_t *service_list)
Definition: hs_service.c:3991
#define LD_PROTOCOL
Definition: log.h:72
void smartlist_clear(smartlist_t *sl)
uint64_t num_rdv_streams
Definition: hs_ident.h:81
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
Definition: hs_service.c:1560
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
Definition: dirclient.c:1156
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
static void launch_intro_point_circuits(hs_service_t *service)
Definition: hs_service.c:2640
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:279
ed25519_public_key_t identity_pk
Definition: hs_ident.h:90
static int32_t get_intro_point_max_introduce2(void)
Definition: hs_service.c:322
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Definition: loadkey.c:379
#define REND_REPLAY_TIME_INTERVAL
Definition: or.h:479
time_t intro_circ_retry_started_time
Definition: hs_service.h:262
unsigned int missing_intro_points
Definition: hs_service.h:160
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
Definition: hs_service.h:35
hs_service_t * hs_service_new(const or_options_t *options)
Definition: hs_service.c:4008
void hs_desc_build_authorized_client(const uint8_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
static void cleanup_intro_points(hs_service_t *service, time_t now)
Definition: hs_service.c:2403
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:86
#define LD_CONFIG
Definition: log.h:68
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
Definition: hs_service.c:1352
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
Definition: hs_service.c:232
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2229
uint8_t legacy_key_digest[DIGEST_LEN]
Definition: hs_service.h:58
static int32_t get_intro_point_num_extra(void)
Definition: hs_service.c:368
tor_cert_t * auth_key_cert
int have_completed_a_circuit(void)
Definition: mainloop.c:219
Networkstatus consensus/vote structure.
void rend_consider_descriptor_republication(void)
Definition: rendservice.c:4344
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
Definition: hs_service.c:1376
STATIC void rotate_all_descriptors(time_t now)
Definition: hs_service.c:2553
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
Definition: hs_service.c:442
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
Definition: crypto_ope.c:165
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)