Tor  0.4.6.0-alpha-dev
hs_service.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_service.c
6  * \brief Implement next generation hidden service functionality
7  **/
8 
9 #define HS_SERVICE_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "app/config/statefile.h"
15 #include "core/mainloop/mainloop.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
19 #include "core/or/extendinfo.h"
20 #include "core/or/relay.h"
21 #include "feature/client/circpathbias.h"
25 #include "feature/keymgt/loadkey.h"
35 
36 #include "feature/hs/hs_circuit.h"
37 #include "feature/hs/hs_common.h"
38 #include "feature/hs/hs_config.h"
39 #include "feature/hs/hs_control.h"
41 #include "feature/hs/hs_ident.h"
43 #include "feature/hs/hs_metrics.h"
44 #include "feature/hs/hs_service.h"
45 #include "feature/hs/hs_stats.h"
46 #include "feature/hs/hs_ob.h"
47 
50 #include "core/or/extend_info_st.h"
54 #include "app/config/or_state_st.h"
56 
57 #include "lib/encoding/confline.h"
59 
60 /* Trunnel */
61 #include "trunnel/ed25519_cert.h"
62 #include "trunnel/hs/cell_common.h"
63 #include "trunnel/hs/cell_establish_intro.h"
64 
65 #ifdef HAVE_SYS_STAT_H
66 #include <sys/stat.h>
67 #endif
68 #ifdef HAVE_UNISTD_H
69 #include <unistd.h>
70 #endif
71 
72 #ifndef COCCI
73 /** Helper macro. Iterate over every service in the global map. The var is the
74  * name of the service pointer. */
75 #define FOR_EACH_SERVICE_BEGIN(var) \
76  STMT_BEGIN \
77  hs_service_t **var##_iter, *var; \
78  HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
79  var = *var##_iter;
80 #define FOR_EACH_SERVICE_END } STMT_END ;
81 
82 /** Helper macro. Iterate over both current and previous descriptor of a
83  * service. The var is the name of the descriptor pointer. This macro skips
84  * any descriptor object of the service that is NULL. */
85 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
86  STMT_BEGIN \
87  hs_service_descriptor_t *var; \
88  for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
89  ++var ## _loop_idx) { \
90  (var ## _loop_idx == 0) ? (var = service->desc_current) : \
91  (var = service->desc_next); \
92  if (var == NULL) continue;
93 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
94 #endif /* !defined(COCCI) */
95 
96 /* Onion service directory file names. */
97 static const char fname_keyfile_prefix[] = "hs_ed25519";
98 static const char dname_client_pubkeys[] = "authorized_clients";
99 static const char fname_hostname[] = "hostname";
100 static const char address_tld[] = "onion";
101 
102 /** Staging list of service object. When configuring service, we add them to
103  * this list considered a staging area and they will get added to our global
104  * map once the keys have been loaded. These two steps are separated because
105  * loading keys requires that we are an actual running tor process. */
107 
108 /** True if the list of available router descriptors might have changed which
109  * might result in an altered hash ring. Check if the hash ring changed and
110  * reupload if needed */
112 
113 /* Static declaration. */
114 static int load_client_keys(hs_service_t *service);
116  time_t now, bool is_current);
117 static int build_service_desc_superencrypted(const hs_service_t *service,
119 static void move_descriptors(hs_service_t *src, hs_service_t *dst);
120 static int service_encode_descriptor(const hs_service_t *service,
121  const hs_service_descriptor_t *desc,
122  const ed25519_keypair_t *signing_kp,
123  char **encoded_out);
124 
125 /** Helper: Function to compare two objects in the service map. Return 1 if the
126  * two service have the same master public identity key. */
127 static inline int
128 hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
129 {
130  tor_assert(first);
131  tor_assert(second);
132  /* Simple key compare. */
133  return ed25519_pubkey_eq(&first->keys.identity_pk,
134  &second->keys.identity_pk);
135 }
136 
137 /** Helper: Function for the service hash table code below. The key used is the
138  * master public identity key which is ultimately the onion address. */
139 static inline unsigned int
141 {
142  tor_assert(service);
143  return (unsigned int) siphash24g(service->keys.identity_pk.pubkey,
144  sizeof(service->keys.identity_pk.pubkey));
145 }
146 
147 /** This is _the_ global hash map of hidden services which indexed the service
148  * contained in it by master public identity key which is roughly the onion
149  * address of the service. */
150 static struct hs_service_ht *hs_service_map;
151 
152 /* Register the service hash table. */
153 HT_PROTOTYPE(hs_service_ht, /* Name of hashtable. */
154  hs_service_t, /* Object contained in the map. */
155  hs_service_node, /* The name of the HT_ENTRY member. */
156  hs_service_ht_hash, /* Hashing function. */
157  hs_service_ht_eq); /* Compare function for objects. */
158 
159 HT_GENERATE2(hs_service_ht, hs_service_t, hs_service_node,
161  0.6, tor_reallocarray, tor_free_);
162 
163 /** Query the given service map with a public key and return a service object
164  * if found else NULL. It is also possible to set a directory path in the
165  * search query. If pk is NULL, then it will be set to zero indicating the
166  * hash table to compare the directory path instead. */
168 find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
169 {
170  hs_service_t dummy_service;
171  tor_assert(map);
172  tor_assert(pk);
173  memset(&dummy_service, 0, sizeof(dummy_service));
174  ed25519_pubkey_copy(&dummy_service.keys.identity_pk, pk);
175  return HT_FIND(hs_service_ht, map, &dummy_service);
176 }
177 
178 /** Register the given service in the given map. If the service already exists
179  * in the map, -1 is returned. On success, 0 is returned and the service
180  * ownership has been transferred to the global map. */
181 STATIC int
182 register_service(hs_service_ht *map, hs_service_t *service)
183 {
184  tor_assert(map);
185  tor_assert(service);
187 
188  if (find_service(map, &service->keys.identity_pk)) {
189  /* Existing service with the same key. Do not register it. */
190  return -1;
191  }
192  /* Taking ownership of the object at this point. */
193  HT_INSERT(hs_service_ht, map, service);
194 
195  /* If we just modified the global map, we notify. */
196  if (map == hs_service_map) {
198  }
199  /* Setup metrics. */
200  hs_metrics_service_init(service);
201 
202  return 0;
203 }
204 
205 /** Remove a given service from the given map. If service is NULL or the
206  * service key is unset, return gracefully. */
207 STATIC void
208 remove_service(hs_service_ht *map, hs_service_t *service)
209 {
210  hs_service_t *elm;
211 
212  tor_assert(map);
213 
214  /* Ignore if no service or key is zero. */
215  if (BUG(service == NULL) ||
216  BUG(ed25519_public_key_is_zero(&service->keys.identity_pk))) {
217  return;
218  }
219 
220  elm = HT_REMOVE(hs_service_ht, map, service);
221  if (elm) {
222  tor_assert(elm == service);
223  } else {
224  log_warn(LD_BUG, "Could not find service in the global map "
225  "while removing service %s",
226  escaped(service->config.directory_path));
227  }
228 
229  /* If we just modified the global map, we notify. */
230  if (map == hs_service_map) {
232  }
233 }
234 
235 /** Set the default values for a service configuration object <b>c</b>. */
236 static void
238  const or_options_t *options)
239 {
240  (void) options;
241  tor_assert(c);
242  c->ports = smartlist_new();
243  c->directory_path = NULL;
247  c->allow_unknown_ports = 0;
248  c->is_single_onion = 0;
249  c->dir_group_readable = 0;
250  c->is_ephemeral = 0;
251  c->has_dos_defense_enabled = HS_CONFIG_V3_DOS_DEFENSE_DEFAULT;
252  c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
253  c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
254 }
255 
256 /** From a service configuration object config, clear everything from it
257  * meaning free allocated pointers and reset the values. */
258 STATIC void
260 {
261  if (config == NULL) {
262  return;
263  }
264  tor_free(config->directory_path);
265  if (config->ports) {
267  hs_port_config_free(p););
268  smartlist_free(config->ports);
269  }
270  if (config->clients) {
272  service_authorized_client_free(p));
273  smartlist_free(config->clients);
274  }
275  if (config->ob_master_pubkeys) {
277  tor_free(k));
278  smartlist_free(config->ob_master_pubkeys);
279  }
280  memset(config, 0, sizeof(*config));
281 }
282 
283 /** Helper function to return a human readable description of the given intro
284  * point object.
285  *
286  * This function is not thread-safe. Each call to this invalidates the
287  * previous values returned by it. */
288 static const char *
290 {
291  /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
292  * byte hence the plus two. */
293  static char buf[HEX_DIGEST_LEN + 2];
294  const char *legacy_id = NULL;
295 
297  const link_specifier_t *, lspec) {
298  if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
299  legacy_id = (const char *)
300  link_specifier_getconstarray_un_legacy_id(lspec);
301  break;
302  }
303  } SMARTLIST_FOREACH_END(lspec);
304 
305  /* For now, we only print the identity digest but we could improve this with
306  * much more information such as the ed25519 identity has well. */
307  buf[0] = '$';
308  if (legacy_id) {
309  base16_encode(buf + 1, HEX_DIGEST_LEN + 1, legacy_id, DIGEST_LEN);
310  }
311 
312  return buf;
313 }
314 
315 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
316  * rotate intro point (defined by a consensus parameter or the default
317  * value). */
318 static int32_t
320 {
321  /* The [0, 2147483647] range is quite large to accommodate anything we decide
322  * in the future. */
323  return networkstatus_get_param(NULL, "hs_intro_min_introduce2",
325  0, INT32_MAX);
326 }
327 
328 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
329  * rotate intro point (defined by a consensus parameter or the default
330  * value). */
331 static int32_t
333 {
334  /* The [0, 2147483647] range is quite large to accommodate anything we decide
335  * in the future. */
336  return networkstatus_get_param(NULL, "hs_intro_max_introduce2",
337  INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
338  0, INT32_MAX);
339 }
340 
341 /** Return the minimum lifetime in seconds of an introduction point defined by
342  * a consensus parameter or the default value. */
343 static int32_t
345 {
346 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
347  if (get_options()->TestingTorNetwork) {
348  return MIN_INTRO_POINT_LIFETIME_TESTING;
349  }
350 
351  /* The [0, 2147483647] range is quite large to accommodate anything we decide
352  * in the future. */
353  return networkstatus_get_param(NULL, "hs_intro_min_lifetime",
355  0, INT32_MAX);
356 }
357 
358 /** Return the maximum lifetime in seconds of an introduction point defined by
359  * a consensus parameter or the default value. */
360 static int32_t
362 {
363 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
364  if (get_options()->TestingTorNetwork) {
365  return MAX_INTRO_POINT_LIFETIME_TESTING;
366  }
367 
368  /* The [0, 2147483647] range is quite large to accommodate anything we decide
369  * in the future. */
370  return networkstatus_get_param(NULL, "hs_intro_max_lifetime",
372  0, INT32_MAX);
373 }
374 
375 /** Return the number of extra introduction point defined by a consensus
376  * parameter or the default value. */
377 static int32_t
379 {
380  /* The [0, 128] range bounds the number of extra introduction point allowed.
381  * Above 128 intro points, it's getting a bit crazy. */
382  return networkstatus_get_param(NULL, "hs_intro_num_extra",
383  NUM_INTRO_POINTS_EXTRA, 0, 128);
384 }
385 
386 /** Helper: Function that needs to return 1 for the HT for each loop which
387  * frees every service in an hash map. */
388 static int
389 ht_free_service_(struct hs_service_t *service, void *data)
390 {
391  (void) data;
392  hs_service_free(service);
393  /* This function MUST return 1 so the given object is then removed from the
394  * service map leading to this free of the object being safe. */
395  return 1;
396 }
397 
398 /** Free every service that can be found in the global map. Once done, clear
399  * and free the global map. */
400 static void
402 {
403  if (hs_service_map) {
404  /* The free helper function returns 1 so this is safe. */
405  hs_service_ht_HT_FOREACH_FN(hs_service_map, ht_free_service_, NULL);
406  HT_CLEAR(hs_service_ht, hs_service_map);
408  hs_service_map = NULL;
409  }
410 
412  /* Cleanup staging list. */
414  hs_service_free(s));
415  smartlist_free(hs_service_staging_list);
417  }
418 }
419 
420 /** Free a given service intro point object. */
421 STATIC void
423 {
424  if (!ip) {
425  return;
426  }
427  memwipe(&ip->auth_key_kp, 0, sizeof(ip->auth_key_kp));
428  memwipe(&ip->enc_key_kp, 0, sizeof(ip->enc_key_kp));
429  crypto_pk_free(ip->legacy_key);
432  tor_free(ip);
433 }
434 
435 /** Helper: free an hs_service_intro_point_t object. This function is used by
436  * digest256map_free() which requires a void * pointer. */
437 static void
439 {
441 }
442 
443 /** Return a newly allocated service intro point and fully initialized from the
444  * given node_t node, if non NULL.
445  *
446  * If node is NULL, returns a hs_service_intro_point_t with an empty link
447  * specifier list and no onion key. (This is used for testing.)
448  * On any other error, NULL is returned.
449  *
450  * node must be an node_t with an IPv4 address. */
453 {
455 
456  ip = tor_malloc_zero(sizeof(*ip));
457  /* We'll create the key material. No need for extra strong, those are short
458  * term keys. */
460 
461  { /* Set introduce2 max cells limit */
462  int32_t min_introduce2_cells = get_intro_point_min_introduce2();
463  int32_t max_introduce2_cells = get_intro_point_max_introduce2();
464  if (BUG(max_introduce2_cells < min_introduce2_cells)) {
465  goto err;
466  }
467  ip->introduce2_max = crypto_rand_int_range(min_introduce2_cells,
468  max_introduce2_cells);
469  }
470  { /* Set intro point lifetime */
471  int32_t intro_point_min_lifetime = get_intro_point_min_lifetime();
472  int32_t intro_point_max_lifetime = get_intro_point_max_lifetime();
473  if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
474  goto err;
475  }
476  ip->time_to_expire = approx_time() +
477  crypto_rand_int_range(intro_point_min_lifetime,intro_point_max_lifetime);
478  }
479 
480  ip->replay_cache = replaycache_new(0, 0);
481 
482  /* Initialize the base object. We don't need the certificate object. */
483  ip->base.link_specifiers = node_get_link_specifier_smartlist(node, 0);
484 
485  if (node == NULL) {
486  goto done;
487  }
488 
489  /* Generate the encryption key for this intro point. */
491  /* Figure out if this chosen node supports v3 or is legacy only.
492  * NULL nodes are used in the unit tests. */
493  if (!node_supports_ed25519_hs_intro(node)) {
494  ip->base.is_only_legacy = 1;
495  /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
496  ip->legacy_key = crypto_pk_new();
497  if (crypto_pk_generate_key(ip->legacy_key) < 0) {
498  goto err;
499  }
501  (char *) ip->legacy_key_digest) < 0) {
502  goto err;
503  }
504  }
505 
506  /* Flag if this intro point supports the INTRO2 dos defenses. */
509 
510  /* Finally, copy onion key from the node. */
511  memcpy(&ip->onion_key, node_get_curve25519_onion_key(node),
512  sizeof(ip->onion_key));
513 
514  done:
515  return ip;
516  err:
517  service_intro_point_free(ip);
518  return NULL;
519 }
520 
521 /** Add the given intro point object to the given intro point map. The intro
522  * point MUST have its RSA encryption key set if this is a legacy type or the
523  * authentication key set otherwise. */
524 STATIC void
526 {
527  hs_service_intro_point_t *old_ip_entry;
528 
529  tor_assert(map);
530  tor_assert(ip);
531 
532  old_ip_entry = digest256map_set(map, ip->auth_key_kp.pubkey.pubkey, ip);
533  /* Make sure we didn't just try to double-add an intro point */
534  tor_assert_nonfatal(!old_ip_entry);
535 }
536 
537 /** For a given service, remove the intro point from that service's descriptors
538  * (check both current and next descriptor) */
539 STATIC void
541  const hs_service_intro_point_t *ip)
542 {
543  tor_assert(service);
544  tor_assert(ip);
545 
546  /* Trying all descriptors. */
547  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
548  /* We'll try to remove the descriptor on both descriptors which is not
549  * very expensive to do instead of doing lookup + remove. */
550  digest256map_remove(desc->intro_points.map,
551  ip->auth_key_kp.pubkey.pubkey);
552  } FOR_EACH_DESCRIPTOR_END;
553 }
554 
555 /** For a given service and authentication key, return the intro point or NULL
556  * if not found. This will check both descriptors in the service. */
559  const ed25519_public_key_t *auth_key)
560 {
561  hs_service_intro_point_t *ip = NULL;
562 
563  tor_assert(service);
564  tor_assert(auth_key);
565 
566  /* Trying all descriptors to find the right intro point.
567  *
568  * Even if we use the same node as intro point in both descriptors, the node
569  * will have a different intro auth key for each descriptor since we generate
570  * a new one every time we pick an intro point.
571  *
572  * After #22893 gets implemented, intro points will be moved to be
573  * per-service instead of per-descriptor so this function will need to
574  * change.
575  */
576  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
577  if ((ip = digest256map_get(desc->intro_points.map,
578  auth_key->pubkey)) != NULL) {
579  break;
580  }
581  } FOR_EACH_DESCRIPTOR_END;
582 
583  return ip;
584 }
585 
586 /** For a given service and intro point, return the descriptor for which the
587  * intro point is assigned to. NULL is returned if not found. */
590  const hs_service_intro_point_t *ip)
591 {
592  hs_service_descriptor_t *descp = NULL;
593 
594  tor_assert(service);
595  tor_assert(ip);
596 
597  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
598  if (digest256map_get(desc->intro_points.map,
599  ip->auth_key_kp.pubkey.pubkey)) {
600  descp = desc;
601  break;
602  }
603  } FOR_EACH_DESCRIPTOR_END;
604 
605  return descp;
606 }
607 
608 /** From a circuit identifier, get all the possible objects associated with the
609  * ident. If not NULL, service, ip or desc are set if the object can be found.
610  * They are untouched if they can't be found.
611  *
612  * This is an helper function because we do those lookups often so it's more
613  * convenient to simply call this functions to get all the things at once. */
614 STATIC void
616  hs_service_t **service, hs_service_intro_point_t **ip,
618 {
619  hs_service_t *s;
620 
621  tor_assert(ident);
622 
623  /* Get service object from the circuit identifier. */
625  if (s && service) {
626  *service = s;
627  }
628 
629  /* From the service object, get the intro point object of that circuit. The
630  * following will query both descriptors intro points list. */
631  if (s && ip) {
632  *ip = service_intro_point_find(s, &ident->intro_auth_pk);
633  }
634 
635  /* Get the descriptor for this introduction point and service. */
636  if (s && ip && *ip && desc) {
637  *desc = service_desc_find_by_intro(s, *ip);
638  }
639 }
640 
641 /** From a given intro point, return the first link specifier of type
642  * encountered in the link specifier list. Return NULL if it can't be found.
643  *
644  * The caller does NOT have ownership of the object, the intro point does. */
645 static link_specifier_t *
647 {
648  link_specifier_t *lnk_spec = NULL;
649 
650  tor_assert(ip);
651 
653  link_specifier_t *, ls) {
654  if (link_specifier_get_ls_type(ls) == type) {
655  lnk_spec = ls;
656  goto end;
657  }
658  } SMARTLIST_FOREACH_END(ls);
659 
660  end:
661  return lnk_spec;
662 }
663 
664 /** Given a service intro point, return the node_t associated to it. This can
665  * return NULL if the given intro point has no legacy ID or if the node can't
666  * be found in the consensus. */
667 STATIC const node_t *
669 {
670  const link_specifier_t *ls;
671 
672  tor_assert(ip);
673 
674  ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
675  if (BUG(!ls)) {
676  return NULL;
677  }
678  /* XXX In the future, we want to only use the ed25519 ID (#22173). */
679  return node_get_by_id(
680  (const char *) link_specifier_getconstarray_un_legacy_id(ls));
681 }
682 
683 /** Given a service intro point, return the extend_info_t for it. This can
684  * return NULL if the node can't be found for the intro point or the extend
685  * info can't be created for the found node. If direct_conn is set, the extend
686  * info is validated on if we can connect directly. */
687 static extend_info_t *
689  unsigned int direct_conn)
690 {
691  extend_info_t *info = NULL;
692  const node_t *node;
693 
694  tor_assert(ip);
695 
696  node = get_node_from_intro_point(ip);
697  if (node == NULL) {
698  /* This can happen if the relay serving as intro point has been removed
699  * from the consensus. In that case, the intro point will be removed from
700  * the descriptor during the scheduled events. */
701  goto end;
702  }
703 
704  /* In the case of a direct connection (single onion service), it is possible
705  * our firewall policy won't allow it so this can return a NULL value. */
706  info = extend_info_from_node(node, direct_conn);
707 
708  end:
709  return info;
710 }
711 
712 /** Return the number of introduction points that are established for the
713  * given descriptor. */
714 MOCK_IMPL(STATIC unsigned int,
716 {
717  unsigned int count = 0;
718 
719  tor_assert(desc);
720 
721  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
722  const hs_service_intro_point_t *, ip) {
724  } DIGEST256MAP_FOREACH_END;
725 
726  return count;
727 }
728 
729 /** For a given service and descriptor of that service, close all active
730  * directory connections. */
731 static void
733  const hs_service_descriptor_t *desc)
734 {
735  unsigned int count = 0;
736  smartlist_t *dir_conns;
737 
738  tor_assert(service);
739  tor_assert(desc);
740 
741  /* Close pending HS desc upload connections for the blinded key of 'desc'. */
742  dir_conns = connection_list_by_type_purpose(CONN_TYPE_DIR,
744  SMARTLIST_FOREACH_BEGIN(dir_conns, connection_t *, conn) {
745  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
746  if (ed25519_pubkey_eq(&dir_conn->hs_ident->identity_pk,
747  &service->keys.identity_pk) &&
748  ed25519_pubkey_eq(&dir_conn->hs_ident->blinded_pk,
749  &desc->blinded_kp.pubkey)) {
750  connection_mark_for_close(conn);
751  count++;
752  continue;
753  }
754  } SMARTLIST_FOREACH_END(conn);
755 
756  log_info(LD_REND, "Closed %u active service directory connections for "
757  "descriptor %s of service %s",
758  count, safe_str_client(ed25519_fmt(&desc->blinded_kp.pubkey)),
759  safe_str_client(service->onion_address));
760  /* We don't have ownership of the objects in this list. */
761  smartlist_free(dir_conns);
762 }
763 
764 /** Close all rendezvous circuits for the given service. */
765 static void
767 {
768  origin_circuit_t *ocirc = NULL;
769 
770  tor_assert(service);
771 
772  /* The reason we go over all circuit instead of using the circuitmap API is
773  * because most hidden service circuits are rendezvous circuits so there is
774  * no real improvement at getting all rendezvous circuits from the
775  * circuitmap and then going over them all to find the right ones.
776  * Furthermore, another option would have been to keep a list of RP cookies
777  * for a service but it creates an engineering complexity since we don't
778  * have a "RP circuit closed" event to clean it up properly so we avoid a
779  * memory DoS possibility. */
780 
781  while ((ocirc = circuit_get_next_service_rp_circ(ocirc))) {
782  /* Only close circuits that are v3 and for this service. */
783  if (ocirc->hs_ident != NULL &&
785  &service->keys.identity_pk)) {
786  /* Reason is FINISHED because service has been removed and thus the
787  * circuit is considered old/unneeded. When freed, it is removed from the
788  * hs circuitmap. */
789  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
790  }
791  }
792 }
793 
794 /** Close the circuit(s) for the given map of introduction points. */
795 static void
797 {
798  tor_assert(intro_points);
799 
800  DIGEST256MAP_FOREACH(intro_points->map, key,
801  const hs_service_intro_point_t *, ip) {
803  if (ocirc) {
804  /* Reason is FINISHED because service has been removed and thus the
805  * circuit is considered old/unneeded. When freed, the circuit is removed
806  * from the HS circuitmap. */
807  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
808  }
809  } DIGEST256MAP_FOREACH_END;
810 }
811 
812 /** Close all introduction circuits for the given service. */
813 static void
815 {
816  tor_assert(service);
817 
818  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
819  close_intro_circuits(&desc->intro_points);
820  } FOR_EACH_DESCRIPTOR_END;
821 }
822 
823 /** Close any circuits related to the given service. */
824 static void
826 {
827  tor_assert(service);
828 
829  /* Only support for version >= 3. */
830  if (BUG(service->config.version < HS_VERSION_THREE)) {
831  return;
832  }
833  /* Close intro points. */
835  /* Close rendezvous points. */
836  close_service_rp_circuits(service);
837 }
838 
839 /** Move every ephemeral services from the src service map to the dst service
840  * map. It is possible that a service can't be register to the dst map which
841  * won't stop the process of moving them all but will trigger a log warn. */
842 static void
843 move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
844 {
845  hs_service_t **iter, **next;
846 
847  tor_assert(src);
848  tor_assert(dst);
849 
850  /* Iterate over the map to find ephemeral service and move them to the other
851  * map. We loop using this method to have a safe removal process. */
852  for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
853  hs_service_t *s = *iter;
854  if (!s->config.is_ephemeral) {
855  /* Yeah, we are in a very manual loop :). */
856  next = HT_NEXT(hs_service_ht, src, iter);
857  continue;
858  }
859  /* Remove service from map and then register to it to the other map.
860  * Reminder that "*iter" and "s" are the same thing. */
861  next = HT_NEXT_RMV(hs_service_ht, src, iter);
862  if (register_service(dst, s) < 0) {
863  log_warn(LD_BUG, "Ephemeral service key is already being used. "
864  "Skipping.");
865  }
866  }
867 }
868 
869 /** Return a const string of the directory path escaped. If this is an
870  * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
871  * the main thread because escaped() uses a static variable. */
872 static const char *
874 {
875  return (s->config.is_ephemeral) ? "[EPHEMERAL]" :
877 }
878 
879 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
880  * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
881 static void
882 move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
883 {
884  tor_assert(src_service);
885  tor_assert(dst_service);
886 
887  hs_service_state_t *src = &src_service->state;
888  hs_service_state_t *dst = &dst_service->state;
889 
890  /* Let's do a shallow copy */
893  /* Freeing a NULL replaycache triggers an info LD_BUG. */
894  if (dst->replay_cache_rend_cookie != NULL) {
896  }
897 
899  src->replay_cache_rend_cookie = NULL; /* steal pointer reference */
900 
902 
903  if (src->ob_subcreds) {
904  dst->ob_subcreds = src->ob_subcreds;
905  dst->n_ob_subcreds = src->n_ob_subcreds;
906 
907  src->ob_subcreds = NULL; /* steal pointer reference */
908  }
909 }
910 
911 /** Register services that are in the staging list. Once this function returns,
912  * the global service map will be set with the right content and all non
913  * surviving services will be cleaned up. */
914 static void
916 {
917  struct hs_service_ht *new_service_map;
918 
920 
921  /* Allocate a new map that will replace the current one. */
922  new_service_map = tor_malloc_zero(sizeof(*new_service_map));
923  HT_INIT(hs_service_ht, new_service_map);
924 
925  /* First step is to transfer all ephemeral services from the current global
926  * map to the new one we are constructing. We do not prune ephemeral
927  * services as the only way to kill them is by deleting it from the control
928  * port or stopping the tor daemon. */
929  move_ephemeral_services(hs_service_map, new_service_map);
930 
932  hs_service_t *s;
933 
934  /* Check if that service is already in our global map and if so, we'll
935  * transfer the intro points to it. */
936  s = find_service(hs_service_map, &snew->keys.identity_pk);
937  if (s) {
938  /* Pass ownership of the descriptors from s (the current service) to
939  * snew (the newly configured one). */
940  move_descriptors(s, snew);
941  move_hs_state(s, snew);
942  /* Remove the service from the global map because after this, we need to
943  * go over the remaining service in that map that aren't surviving the
944  * reload to close their circuits. */
946  hs_service_free(s);
947  }
948  /* Great, this service is now ready to be added to our new map. */
949  if (BUG(register_service(new_service_map, snew) < 0)) {
950  /* This should never happen because prior to registration, we validate
951  * every service against the entire set. Not being able to register a
952  * service means we failed to validate correctly. In that case, don't
953  * break tor and ignore the service but tell user. */
954  log_warn(LD_BUG, "Unable to register service with directory %s",
955  service_escaped_dir(snew));
957  hs_service_free(snew);
958  }
959  } SMARTLIST_FOREACH_END(snew);
960 
961  /* Close any circuits associated with the non surviving services. Every
962  * service in the current global map are roaming. */
963  FOR_EACH_SERVICE_BEGIN(service) {
964  close_service_circuits(service);
965  } FOR_EACH_SERVICE_END;
966 
967  /* Time to make the switch. We'll clear the staging list because its content
968  * has now changed ownership to the map. */
971  hs_service_map = new_service_map;
972  /* We've just register services into the new map and now we've replaced the
973  * global map with it so we have to notify that the change happened. When
974  * registering a service, the notify is only triggered if the destination
975  * map is the global map for which in here it was not. */
977 }
978 
979 /** Write the onion address of a given service to the given filename fname_ in
980  * the service directory. Return 0 on success else -1 on error. */
981 STATIC int
982 write_address_to_file(const hs_service_t *service, const char *fname_)
983 {
984  int ret = -1;
985  char *fname = NULL;
986  char *addr_buf = NULL;
987 
988  tor_assert(service);
989  tor_assert(fname_);
990 
991  /* Construct the full address with the onion tld and write the hostname file
992  * to disk. */
993  tor_asprintf(&addr_buf, "%s.%s\n", service->onion_address, address_tld);
994  /* Notice here that we use the given "fname_". */
995  fname = hs_path_from_filename(service->config.directory_path, fname_);
996  if (write_str_to_file_if_not_equal(fname, addr_buf)) {
997  log_warn(LD_REND, "Could not write onion address to hostname file %s",
998  escaped(fname));
999  goto end;
1000  }
1001 
1002 #ifndef _WIN32
1003  if (service->config.dir_group_readable) {
1004  /* Mode to 0640. */
1005  if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1006  log_warn(LD_FS, "Unable to make onion service hostname file %s "
1007  "group-readable.", escaped(fname));
1008  }
1009  }
1010 #endif /* !defined(_WIN32) */
1011 
1012  /* Success. */
1013  ret = 0;
1014  end:
1015  tor_free(fname);
1016  tor_free(addr_buf);
1017  return ret;
1018 }
1019 
1020 /** Load and/or generate private keys for the given service. On success, the
1021  * hostname file will be written to disk along with the master private key iff
1022  * the service is not configured for offline keys. Return 0 on success else -1
1023  * on failure. */
1024 static int
1026 {
1027  int ret = -1;
1028  char *fname = NULL;
1029  ed25519_keypair_t *kp;
1030  const hs_service_config_t *config;
1031 
1032  tor_assert(service);
1033 
1034  config = &service->config;
1035 
1036  /* Create and fix permission on service directory. We are about to write
1037  * files to that directory so make sure it exists and has the right
1038  * permissions. We do this here because at this stage we know that Tor is
1039  * actually running and the service we have has been validated. */
1041  config->directory_path,
1042  config->dir_group_readable, 1) < 0) {
1043  goto end;
1044  }
1045 
1046  /* Try to load the keys from file or generate it if not found. */
1047  fname = hs_path_from_filename(config->directory_path, fname_keyfile_prefix);
1048  /* Don't ask for key creation, we want to know if we were able to load it or
1049  * we had to generate it. Better logging! */
1050  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT, LOG_INFO, NULL, 0, 0,
1051  0, NULL, NULL);
1052  if (!kp) {
1053  log_info(LD_REND, "Unable to load keys from %s. Generating it...", fname);
1054  /* We'll now try to generate the keys and for it we want the strongest
1055  * randomness for it. The keypair will be written in different files. */
1056  uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1057  INIT_ED_KEY_SPLIT;
1058  kp = ed_key_init_from_file(fname, key_flags, LOG_WARN, NULL, 0, 0, 0,
1059  NULL, NULL);
1060  if (!kp) {
1061  log_warn(LD_REND, "Unable to generate keys and save in %s.", fname);
1062  goto end;
1063  }
1064  }
1065 
1066  /* Copy loaded or generated keys to service object. */
1067  ed25519_pubkey_copy(&service->keys.identity_pk, &kp->pubkey);
1068  memcpy(&service->keys.identity_sk, &kp->seckey,
1069  sizeof(service->keys.identity_sk));
1070  /* This does a proper memory wipe. */
1071  ed25519_keypair_free(kp);
1072 
1073  /* Build onion address from the newly loaded keys. */
1074  tor_assert(service->config.version <= UINT8_MAX);
1075  hs_build_address(&service->keys.identity_pk,
1076  (uint8_t) service->config.version,
1077  service->onion_address);
1078 
1079  /* Write onion address to hostname file. */
1080  if (write_address_to_file(service, fname_hostname) < 0) {
1081  goto end;
1082  }
1083 
1084  /* Load all client authorization keys in the service. */
1085  if (load_client_keys(service) < 0) {
1086  goto end;
1087  }
1088 
1089  /* Success. */
1090  ret = 0;
1091  end:
1092  tor_free(fname);
1093  return ret;
1094 }
1095 
1096 /** Check if the client file name is valid or not. Return 1 if valid,
1097  * otherwise return 0. */
1098 STATIC int
1099 client_filename_is_valid(const char *filename)
1100 {
1101  int ret = 1;
1102  const char *valid_extension = ".auth";
1103 
1104  tor_assert(filename);
1105 
1106  /* The file extension must match and the total filename length can't be the
1107  * length of the extension else we do not have a filename. */
1108  if (!strcmpend(filename, valid_extension) &&
1109  strlen(filename) != strlen(valid_extension)) {
1110  ret = 1;
1111  } else {
1112  ret = 0;
1113  }
1114 
1115  return ret;
1116 }
1117 
1118 /** Parse an base32-encoded authorized client from a string.
1119  *
1120  * Return the key on success, return NULL, otherwise. */
1122 parse_authorized_client_key(const char *key_str, int severity)
1123 {
1124  hs_service_authorized_client_t *client = NULL;
1125 
1126  /* We expect a specific length of the base64 encoded key so make sure we
1127  * have that so we don't successfully decode a value with a different length
1128  * and end up in trouble when copying the decoded key into a fixed length
1129  * buffer. */
1130  if (strlen(key_str) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) {
1131  log_fn(severity, LD_REND, "Client authorization encoded base32 public key "
1132  "length is invalid: %s", key_str);
1133  goto err;
1134  }
1135 
1136  client = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1137  if (base32_decode((char *) client->client_pk.public_key,
1138  sizeof(client->client_pk.public_key),
1139  key_str, strlen(key_str)) !=
1140  sizeof(client->client_pk.public_key)) {
1141  log_fn(severity, LD_REND, "Client authorization public key cannot be "
1142  "decoded: %s", key_str);
1143  goto err;
1144  }
1145 
1146  return client;
1147 
1148  err:
1149  if (client != NULL) {
1150  service_authorized_client_free(client);
1151  }
1152  return NULL;
1153 }
1154 
1155 /** Parse an authorized client from a string. The format of a client string
1156  * looks like (see rend-spec-v3.txt):
1157  *
1158  * <auth-type>:<key-type>:<base32-encoded-public-key>
1159  *
1160  * The <auth-type> can only be "descriptor".
1161  * The <key-type> can only be "x25519".
1162  *
1163  * Return the key on success, return NULL, otherwise. */
1165 parse_authorized_client(const char *client_key_str)
1166 {
1167  char *auth_type = NULL;
1168  char *key_type = NULL;
1169  char *pubkey_b32 = NULL;
1170  hs_service_authorized_client_t *client = NULL;
1171  smartlist_t *fields = smartlist_new();
1172 
1173  tor_assert(client_key_str);
1174 
1175  smartlist_split_string(fields, client_key_str, ":",
1176  SPLIT_SKIP_SPACE, 0);
1177  /* Wrong number of fields. */
1178  if (smartlist_len(fields) != 3) {
1179  log_warn(LD_REND, "Unknown format of client authorization file.");
1180  goto err;
1181  }
1182 
1183  auth_type = smartlist_get(fields, 0);
1184  key_type = smartlist_get(fields, 1);
1185  pubkey_b32 = smartlist_get(fields, 2);
1186 
1187  /* Currently, the only supported auth type is "descriptor". */
1188  if (strcmp(auth_type, "descriptor")) {
1189  log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
1190  auth_type);
1191  goto err;
1192  }
1193 
1194  /* Currently, the only supported key type is "x25519". */
1195  if (strcmp(key_type, "x25519")) {
1196  log_warn(LD_REND, "Client authorization key type '%s' not supported.",
1197  key_type);
1198  goto err;
1199  }
1200 
1201  if ((client = parse_authorized_client_key(pubkey_b32, LOG_WARN)) == NULL) {
1202  goto err;
1203  }
1204 
1205  /* Success. */
1206  goto done;
1207 
1208  err:
1209  service_authorized_client_free(client);
1210  done:
1211  /* It is also a good idea to wipe the public key. */
1212  if (pubkey_b32) {
1213  memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1214  }
1215  tor_assert(fields);
1216  SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
1217  smartlist_free(fields);
1218  return client;
1219 }
1220 
1221 /** Load all the client public keys for the given service. Return 0 on
1222  * success else -1 on failure. */
1223 static int
1225 {
1226  int ret = -1;
1227  char *client_key_str = NULL;
1228  char *client_key_file_path = NULL;
1229  char *client_keys_dir_path = NULL;
1230  hs_service_config_t *config;
1231  smartlist_t *file_list = NULL;
1232 
1233  tor_assert(service);
1234 
1235  config = &service->config;
1236 
1237  /* Before calling this function, we already call load_service_keys to make
1238  * sure that the directory exists with the right permission. So, if we
1239  * cannot create a client pubkey key directory, we consider it as a bug. */
1240  client_keys_dir_path = hs_path_from_filename(config->directory_path,
1241  dname_client_pubkeys);
1242  if (BUG(hs_check_service_private_dir(get_options()->User,
1243  client_keys_dir_path,
1244  config->dir_group_readable, 1) < 0)) {
1245  goto end;
1246  }
1247 
1248  /* If the list of clients already exists, we must clear it first. */
1249  if (config->clients) {
1251  service_authorized_client_free(p));
1252  smartlist_free(config->clients);
1253  }
1254 
1255  config->clients = smartlist_new();
1256 
1257  file_list = tor_listdir(client_keys_dir_path);
1258  if (file_list == NULL) {
1259  log_warn(LD_REND, "Client authorization directory %s can't be listed.",
1260  client_keys_dir_path);
1261  goto end;
1262  }
1263 
1264  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1265  hs_service_authorized_client_t *client = NULL;
1266  log_info(LD_REND, "Loading a client authorization key file %s...",
1267  filename);
1268 
1269  if (!client_filename_is_valid(filename)) {
1270  log_warn(LD_REND, "Client authorization unrecognized filename %s. "
1271  "File must end in .auth. Ignoring.", filename);
1272  continue;
1273  }
1274 
1275  /* Create a full path for a file. */
1276  client_key_file_path = hs_path_from_filename(client_keys_dir_path,
1277  filename);
1278  client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1279 
1280  /* If we cannot read the file, continue with the next file. */
1281  if (!client_key_str) {
1282  log_warn(LD_REND, "Client authorization file %s can't be read. "
1283  "Corrupted or verify permission? Ignoring.",
1284  client_key_file_path);
1285  tor_free(client_key_file_path);
1286  continue;
1287  }
1288  tor_free(client_key_file_path);
1289 
1290  client = parse_authorized_client(client_key_str);
1291  /* Wipe and free immediately after using it. */
1292  memwipe(client_key_str, 0, strlen(client_key_str));
1293  tor_free(client_key_str);
1294 
1295  if (client) {
1296  smartlist_add(config->clients, client);
1297  log_info(LD_REND, "Loaded a client authorization key file %s.",
1298  filename);
1299  }
1300 
1301  } SMARTLIST_FOREACH_END(filename);
1302 
1303  /* If the number of clients is greater than zero, set the flag to be true. */
1304  if (smartlist_len(config->clients) > 0) {
1305  config->is_client_auth_enabled = 1;
1306  }
1307 
1308  /* Success. */
1309  ret = 0;
1310  end:
1311  if (client_key_str) {
1312  memwipe(client_key_str, 0, strlen(client_key_str));
1313  }
1314  if (file_list) {
1315  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1316  smartlist_free(file_list);
1317  }
1318  tor_free(client_key_str);
1319  tor_free(client_key_file_path);
1320  tor_free(client_keys_dir_path);
1321  return ret;
1322 }
1323 
1324 /** Release all storage held in <b>client</b>. */
1325 void
1327 {
1328  if (!client) {
1329  return;
1330  }
1331  memwipe(&client->client_pk, 0, sizeof(client->client_pk));
1332  tor_free(client);
1333 }
1334 
1335 /** Free a given service descriptor object and all key material is wiped. */
1336 STATIC void
1338 {
1339  if (!desc) {
1340  return;
1341  }
1342  hs_descriptor_free(desc->desc);
1343  memwipe(&desc->signing_kp, 0, sizeof(desc->signing_kp));
1344  memwipe(&desc->blinded_kp, 0, sizeof(desc->blinded_kp));
1345  /* Cleanup all intro points. */
1346  digest256map_free(desc->intro_points.map, service_intro_point_free_void);
1347  digestmap_free(desc->intro_points.failed_id, tor_free_);
1348  if (desc->previous_hsdirs) {
1349  SMARTLIST_FOREACH(desc->previous_hsdirs, char *, s, tor_free(s));
1350  smartlist_free(desc->previous_hsdirs);
1351  }
1352  crypto_ope_free(desc->ope_cipher);
1353  tor_free(desc);
1354 }
1355 
1356 /** Return a newly allocated service descriptor object. */
1359 {
1360  hs_service_descriptor_t *sdesc = tor_malloc_zero(sizeof(*sdesc));
1361  sdesc->desc = tor_malloc_zero(sizeof(hs_descriptor_t));
1362  /* Initialize the intro points map. */
1363  sdesc->intro_points.map = digest256map_new();
1364  sdesc->intro_points.failed_id = digestmap_new();
1365  sdesc->previous_hsdirs = smartlist_new();
1366  return sdesc;
1367 }
1368 
1369 /** Allocate and return a deep copy of client. */
1372 {
1373  hs_service_authorized_client_t *client_dup = NULL;
1374 
1375  tor_assert(client);
1376 
1377  client_dup = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1378  /* Currently, the public key is the only component of
1379  * hs_service_authorized_client_t. */
1380  memcpy(client_dup->client_pk.public_key,
1381  client->client_pk.public_key,
1383 
1384  return client_dup;
1385 }
1386 
1387 /** If two authorized clients are equal, return 0. If the first one should come
1388  * before the second, return less than zero. If the first should come after
1389  * the second, return greater than zero. */
1390 static int
1392  const hs_service_authorized_client_t *client2)
1393 {
1394  tor_assert(client1);
1395  tor_assert(client2);
1396 
1397  /* Currently, the public key is the only component of
1398  * hs_service_authorized_client_t. */
1399  return tor_memcmp(client1->client_pk.public_key,
1400  client2->client_pk.public_key,
1402 }
1403 
1404 /** Helper for sorting authorized clients. */
1405 static int
1406 compare_service_authorzized_client_(const void **_a, const void **_b)
1407 {
1408  const hs_service_authorized_client_t *a = *_a, *b = *_b;
1409  return service_authorized_client_cmp(a, b);
1410 }
1411 
1412 /** If the list of hs_service_authorized_client_t's is different between
1413  * src and dst, return 1. Otherwise, return 0. */
1414 STATIC int
1416  const hs_service_config_t *config2)
1417 {
1418  int ret = 0;
1419  int i;
1420  smartlist_t *sl1 = smartlist_new();
1421  smartlist_t *sl2 = smartlist_new();
1422 
1423  tor_assert(config1);
1424  tor_assert(config2);
1425  tor_assert(config1->clients);
1426  tor_assert(config2->clients);
1427 
1428  /* If the number of clients is different, it is obvious that the list
1429  * changes. */
1430  if (smartlist_len(config1->clients) != smartlist_len(config2->clients)) {
1431  goto done;
1432  }
1433 
1434  /* We do not want to mutate config1 and config2, so we will duplicate both
1435  * entire client lists here. */
1436  SMARTLIST_FOREACH(config1->clients,
1439 
1440  SMARTLIST_FOREACH(config2->clients,
1443 
1446 
1447  for (i = 0; i < smartlist_len(sl1); i++) {
1448  /* If the clients at index i in both lists differ, the whole configs
1449  * differ. */
1450  if (service_authorized_client_cmp(smartlist_get(sl1, i),
1451  smartlist_get(sl2, i))) {
1452  goto done;
1453  }
1454  }
1455 
1456  /* Success. */
1457  ret = 1;
1458 
1459  done:
1460  if (sl1) {
1462  service_authorized_client_free(p));
1463  smartlist_free(sl1);
1464  }
1465  if (sl2) {
1467  service_authorized_client_free(p));
1468  smartlist_free(sl2);
1469  }
1470  return ret;
1471 }
1472 
1473 /** Move descriptor(s) from the src service to the dst service and modify their
1474  * content if necessary. We do this during SIGHUP when we re-create our
1475  * hidden services. */
1476 static void
1478 {
1479  tor_assert(src);
1480  tor_assert(dst);
1481 
1482  if (src->desc_current) {
1483  /* Nothing should be there, but clean it up just in case */
1484  if (BUG(dst->desc_current)) {
1485  service_descriptor_free(dst->desc_current);
1486  }
1487  dst->desc_current = src->desc_current;
1488  src->desc_current = NULL;
1489  }
1490 
1491  if (src->desc_next) {
1492  /* Nothing should be there, but clean it up just in case */
1493  if (BUG(dst->desc_next)) {
1494  service_descriptor_free(dst->desc_next);
1495  }
1496  dst->desc_next = src->desc_next;
1497  src->desc_next = NULL;
1498  }
1499 
1500  /* If the client authorization changes, we must rebuild the superencrypted
1501  * section and republish the descriptors. */
1502  int client_auth_changed =
1504  if (client_auth_changed && dst->desc_current) {
1505  /* We have to clear the superencrypted content first. */
1508  if (build_service_desc_superencrypted(dst, dst->desc_current) < 0) {
1509  goto err;
1510  }
1511  service_desc_schedule_upload(dst->desc_current, time(NULL), 1);
1512  }
1513  if (client_auth_changed && dst->desc_next) {
1514  /* We have to clear the superencrypted content first. */
1517  if (build_service_desc_superencrypted(dst, dst->desc_next) < 0) {
1518  goto err;
1519  }
1520  service_desc_schedule_upload(dst->desc_next, time(NULL), 1);
1521  }
1522 
1523  return;
1524 
1525  err:
1526  /* If there is an error, free all descriptors to make it clean and generate
1527  * them later. */
1528  service_descriptor_free(dst->desc_current);
1529  service_descriptor_free(dst->desc_next);
1530 }
1531 
1532 /** From the given service, remove all expired failing intro points for each
1533  * descriptor. */
1534 static void
1536 {
1537  tor_assert(service);
1538 
1539  /* For both descriptors, cleanup the failing intro points list. */
1540  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
1541  DIGESTMAP_FOREACH_MODIFY(desc->intro_points.failed_id, key, time_t *, t) {
1542  time_t failure_time = *t;
1543  if ((failure_time + INTRO_CIRC_RETRY_PERIOD) <= now) {
1544  MAP_DEL_CURRENT(key);
1545  tor_free(t);
1546  }
1548  } FOR_EACH_DESCRIPTOR_END;
1549 }
1550 
1551 /** For the given descriptor desc, put all node_t object found from its failing
1552  * intro point list and put them in the given node_list. */
1553 static void
1555  smartlist_t *node_list)
1556 {
1557  tor_assert(desc);
1558  tor_assert(node_list);
1559 
1560  DIGESTMAP_FOREACH(desc->intro_points.failed_id, key, time_t *, t) {
1561  (void) t; /* Make gcc happy. */
1562  const node_t *node = node_get_by_id(key);
1563  if (node) {
1564  smartlist_add(node_list, (void *) node);
1565  }
1567 }
1568 
1569 /** For the given failing intro point ip, we add its time of failure to the
1570  * failed map and index it by identity digest (legacy ID) in the descriptor
1571  * desc failed id map. */
1572 static void
1574  hs_service_descriptor_t *desc, time_t now)
1575 {
1576  time_t *time_of_failure, *prev_ptr;
1577  const link_specifier_t *legacy_ls;
1578 
1579  tor_assert(ip);
1580  tor_assert(desc);
1581 
1582  time_of_failure = tor_malloc_zero(sizeof(time_t));
1583  *time_of_failure = now;
1584  legacy_ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
1585  tor_assert(legacy_ls);
1586  prev_ptr = digestmap_set(
1587  desc->intro_points.failed_id,
1588  (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1589  time_of_failure);
1590  tor_free(prev_ptr);
1591 }
1592 
1593 /** Using a given descriptor signing keypair signing_kp, a service intro point
1594  * object ip and the time now, setup the content of an already allocated
1595  * descriptor intro desc_ip.
1596  *
1597  * Return 0 on success else a negative value. */
1598 static int
1600  const hs_service_intro_point_t *ip,
1601  time_t now, hs_desc_intro_point_t *desc_ip)
1602 {
1603  int ret = -1;
1604  time_t nearest_hour = now - (now % 3600);
1605 
1606  tor_assert(signing_kp);
1607  tor_assert(ip);
1608  tor_assert(desc_ip);
1609 
1610  /* Copy the onion key. */
1611  memcpy(&desc_ip->onion_key, &ip->onion_key, sizeof(desc_ip->onion_key));
1612 
1613  /* Key and certificate material. */
1614  desc_ip->auth_key_cert = tor_cert_create_ed25519(signing_kp,
1615  CERT_TYPE_AUTH_HS_IP_KEY,
1616  &ip->auth_key_kp.pubkey,
1617  nearest_hour,
1619  CERT_FLAG_INCLUDE_SIGNING_KEY);
1620  if (desc_ip->auth_key_cert == NULL) {
1621  log_warn(LD_REND, "Unable to create intro point auth-key certificate");
1622  goto done;
1623  }
1624 
1625  /* Copy link specifier(s). */
1627  const link_specifier_t *, ls) {
1628  if (BUG(!ls)) {
1629  goto done;
1630  }
1631  link_specifier_t *copy = link_specifier_dup(ls);
1632  if (BUG(!copy)) {
1633  goto done;
1634  }
1635  smartlist_add(desc_ip->link_specifiers, copy);
1636  } SMARTLIST_FOREACH_END(ls);
1637 
1638  /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1639  if (ip->base.is_only_legacy) {
1640  desc_ip->legacy.key = crypto_pk_dup_key(ip->legacy_key);
1641  /* Create cross certification cert. */
1642  ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
1643  &signing_kp->pubkey,
1644  desc_ip->legacy.key,
1645  nearest_hour + HS_DESC_CERT_LIFETIME,
1646  &desc_ip->legacy.cert.encoded);
1647  if (cert_len < 0) {
1648  log_warn(LD_REND, "Unable to create enc key legacy cross cert.");
1649  goto done;
1650  }
1651  desc_ip->legacy.cert.len = cert_len;
1652  }
1653 
1654  /* Encryption key and its cross certificate. */
1655  {
1656  ed25519_public_key_t ed25519_pubkey;
1657 
1658  /* Use the public curve25519 key. */
1659  memcpy(&desc_ip->enc_key, &ip->enc_key_kp.pubkey,
1660  sizeof(desc_ip->enc_key));
1661  /* The following can't fail. */
1663  &ip->enc_key_kp.pubkey,
1664  0);
1665  desc_ip->enc_key_cert = tor_cert_create_ed25519(signing_kp,
1666  CERT_TYPE_CROSS_HS_IP_KEYS,
1667  &ed25519_pubkey, nearest_hour,
1669  CERT_FLAG_INCLUDE_SIGNING_KEY);
1670  if (desc_ip->enc_key_cert == NULL) {
1671  log_warn(LD_REND, "Unable to create enc key curve25519 cross cert.");
1672  goto done;
1673  }
1674  }
1675  /* Success. */
1676  ret = 0;
1677 
1678  done:
1679  return ret;
1680 }
1681 
1682 /** Using the given descriptor from the given service, build the descriptor
1683  * intro point list so we can then encode the descriptor for publication. This
1684  * function does not pick intro points, they have to be in the descriptor
1685  * current map. Cryptographic material (keys) must be initialized in the
1686  * descriptor for this function to make sense. */
1687 static void
1689  hs_service_descriptor_t *desc, time_t now)
1690 {
1691  hs_desc_encrypted_data_t *encrypted;
1692 
1693  tor_assert(service);
1694  tor_assert(desc);
1695 
1696  /* Ease our life. */
1697  encrypted = &desc->desc->encrypted_data;
1698  /* Cleanup intro points, we are about to set them from scratch. */
1700 
1701  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
1702  const hs_service_intro_point_t *, ip) {
1704  /* Ignore un-established intro points. They can linger in that list
1705  * because their circuit has not opened and they haven't been removed
1706  * yet even though we have enough intro circuits.
1707  *
1708  * Due to #31561, it can stay in that list until rotation so this check
1709  * prevents to publish an intro point without a circuit. */
1710  continue;
1711  }
1713  if (setup_desc_intro_point(&desc->signing_kp, ip, now, desc_ip) < 0) {
1714  hs_desc_intro_point_free(desc_ip);
1715  continue;
1716  }
1717  /* We have a valid descriptor intro point. Add it to the list. */
1718  smartlist_add(encrypted->intro_points, desc_ip);
1719  } DIGEST256MAP_FOREACH_END;
1720 }
1721 
1722 /** Build the descriptor signing key certificate. */
1723 static void
1725 {
1726  hs_desc_plaintext_data_t *plaintext;
1727 
1728  tor_assert(desc);
1729  tor_assert(desc->desc);
1730 
1731  /* Ease our life a bit. */
1732  plaintext = &desc->desc->plaintext_data;
1733 
1734  /* Get rid of what we have right now. */
1735  tor_cert_free(plaintext->signing_key_cert);
1736 
1737  /* Fresh certificate for the signing key. */
1738  plaintext->signing_key_cert =
1739  tor_cert_create_ed25519(&desc->blinded_kp, CERT_TYPE_SIGNING_HS_DESC,
1740  &desc->signing_kp.pubkey, now, HS_DESC_CERT_LIFETIME,
1741  CERT_FLAG_INCLUDE_SIGNING_KEY);
1742  /* If the cert creation fails, the descriptor encoding will fail and thus
1743  * ultimately won't be uploaded. We'll get a stack trace to help us learn
1744  * where the call came from and the tor_cert_create_ed25519() will log the
1745  * error. */
1746  tor_assert_nonfatal(plaintext->signing_key_cert);
1747 }
1748 
1749 /** Populate the descriptor encrypted section from the given service object.
1750  * This will generate a valid list of introduction points that can be used
1751  * after for circuit creation. Return 0 on success else -1 on error. */
1752 static int
1755 {
1756  hs_desc_encrypted_data_t *encrypted;
1757 
1758  tor_assert(service);
1759  tor_assert(desc);
1760 
1761  encrypted = &desc->desc->encrypted_data;
1762 
1763  encrypted->create2_ntor = 1;
1764  encrypted->single_onion_service = service->config.is_single_onion;
1765 
1766  /* Setup introduction points from what we have in the service. */
1767  if (encrypted->intro_points == NULL) {
1768  encrypted->intro_points = smartlist_new();
1769  }
1770  /* We do NOT build introduction point yet, we only do that once the circuit
1771  * have been opened. Until we have the right number of introduction points,
1772  * we do not encode anything in the descriptor. */
1773 
1774  /* XXX: Support client authorization (#20700). */
1775  encrypted->intro_auth_types = NULL;
1776  return 0;
1777 }
1778 
1779 /** Populate the descriptor superencrypted section from the given service
1780  * object. This will generate a valid list of hs_desc_authorized_client_t
1781  * of clients that are authorized to use the service. Return 0 on success
1782  * else -1 on error. */
1783 static int
1786 {
1787  const hs_service_config_t *config;
1788  int i;
1789  hs_desc_superencrypted_data_t *superencrypted;
1790 
1791  tor_assert(service);
1792  tor_assert(desc);
1793 
1794  superencrypted = &desc->desc->superencrypted_data;
1795  config = &service->config;
1796 
1797  /* The ephemeral key pair is already generated, so this should not give
1798  * an error. */
1799  if (BUG(!curve25519_public_key_is_ok(&desc->auth_ephemeral_kp.pubkey))) {
1800  return -1;
1801  }
1802  memcpy(&superencrypted->auth_ephemeral_pubkey,
1803  &desc->auth_ephemeral_kp.pubkey,
1804  sizeof(curve25519_public_key_t));
1805 
1806  /* Test that subcred is not zero because we might use it below */
1807  if (BUG(fast_mem_is_zero((char*)desc->desc->subcredential.subcred,
1808  DIGEST256_LEN))) {
1809  return -1;
1810  }
1811 
1812  /* Create a smartlist to store clients */
1813  superencrypted->clients = smartlist_new();
1814 
1815  /* We do not need to build the desc authorized client if the client
1816  * authorization is disabled */
1817  if (config->is_client_auth_enabled) {
1819  hs_service_authorized_client_t *, client) {
1820  hs_desc_authorized_client_t *desc_client;
1821  desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
1822 
1823  /* Prepare the client for descriptor and then add to the list in the
1824  * superencrypted part of the descriptor */
1826  &client->client_pk,
1827  &desc->auth_ephemeral_kp.seckey,
1828  desc->descriptor_cookie, desc_client);
1829  smartlist_add(superencrypted->clients, desc_client);
1830 
1831  } SMARTLIST_FOREACH_END(client);
1832  }
1833 
1834  /* We cannot let the number of auth-clients to be zero, so we need to
1835  * make it be 16. If it is already a multiple of 16, we do not need to
1836  * do anything. Otherwise, add the additional ones to make it a
1837  * multiple of 16. */
1838  int num_clients = smartlist_len(superencrypted->clients);
1839  int num_clients_to_add;
1840  if (num_clients == 0) {
1841  num_clients_to_add = HS_DESC_AUTH_CLIENT_MULTIPLE;
1842  } else if (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE == 0) {
1843  num_clients_to_add = 0;
1844  } else {
1845  num_clients_to_add =
1847  - (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE);
1848  }
1849 
1850  for (i = 0; i < num_clients_to_add; i++) {
1851  hs_desc_authorized_client_t *desc_client =
1853  smartlist_add(superencrypted->clients, desc_client);
1854  }
1855 
1856  /* Shuffle the list to prevent the client know the position in the
1857  * config. */
1858  smartlist_shuffle(superencrypted->clients);
1859 
1860  return 0;
1861 }
1862 
1863 /** Populate the descriptor plaintext section from the given service object.
1864  * The caller must make sure that the keys in the descriptors are valid that
1865  * is are non-zero. This can't fail. */
1866 static void
1869 {
1870  hs_desc_plaintext_data_t *plaintext;
1871 
1872  tor_assert(service);
1873  tor_assert(desc);
1874  tor_assert(!fast_mem_is_zero((char *) &desc->blinded_kp,
1875  sizeof(desc->blinded_kp)));
1876  tor_assert(!fast_mem_is_zero((char *) &desc->signing_kp,
1877  sizeof(desc->signing_kp)));
1878 
1879  /* Set the subcredential. */
1880  hs_get_subcredential(&service->keys.identity_pk, &desc->blinded_kp.pubkey,
1881  &desc->desc->subcredential);
1882 
1883  plaintext = &desc->desc->plaintext_data;
1884 
1885  plaintext->version = service->config.version;
1887  /* Copy public key material to go in the descriptor. */
1888  ed25519_pubkey_copy(&plaintext->signing_pubkey, &desc->signing_kp.pubkey);
1889  ed25519_pubkey_copy(&plaintext->blinded_pubkey, &desc->blinded_kp.pubkey);
1890 
1891  /* Create the signing key certificate. This will be updated before each
1892  * upload but we create it here so we don't complexify our unit tests. */
1894 }
1895 
1896 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1897 static crypto_ope_t *
1899 {
1900  /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1901  uint8_t key[DIGEST256_LEN];
1902  crypto_digest_t *digest = crypto_digest256_new(DIGEST_SHA3_256);
1903  const char ope_key_prefix[] = "rev-counter-generation";
1904  const ed25519_secret_key_t *eph_privkey = &hs_desc->blinded_kp.seckey;
1905  crypto_digest_add_bytes(digest, ope_key_prefix, sizeof(ope_key_prefix));
1906  crypto_digest_add_bytes(digest, (char*)eph_privkey->seckey,
1907  sizeof(eph_privkey->seckey));
1908  crypto_digest_get_digest(digest, (char *)key, sizeof(key));
1909  crypto_digest_free(digest);
1910 
1911  return crypto_ope_new(key);
1912 }
1913 
1914 /** For the given service and descriptor object, create the key material which
1915  * is the blinded keypair, the descriptor signing keypair, the ephemeral
1916  * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1917  * where the generated keys MUST be ignored. */
1918 static int
1921 {
1922  int ret = -1;
1923  ed25519_keypair_t kp;
1924 
1925  tor_assert(desc);
1926  tor_assert(!fast_mem_is_zero((char *) &service->keys.identity_pk,
1928 
1929  /* XXX: Support offline key feature (#18098). */
1930 
1931  /* Copy the identity keys to the keypair so we can use it to create the
1932  * blinded key. */
1933  memcpy(&kp.pubkey, &service->keys.identity_pk, sizeof(kp.pubkey));
1934  memcpy(&kp.seckey, &service->keys.identity_sk, sizeof(kp.seckey));
1935  /* Build blinded keypair for this time period. */
1936  hs_build_blinded_keypair(&kp, NULL, 0, desc->time_period_num,
1937  &desc->blinded_kp);
1938  /* Let's not keep too much traces of our keys in memory. */
1939  memwipe(&kp, 0, sizeof(kp));
1940 
1941  /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1942  log_info(LD_GENERAL,
1943  "Getting OPE for TP#%u", (unsigned) desc->time_period_num);
1944  tor_assert_nonfatal(!desc->ope_cipher);
1946 
1947  /* No need for extra strong, this is a temporary key only for this
1948  * descriptor. Nothing long term. */
1949  if (ed25519_keypair_generate(&desc->signing_kp, 0) < 0) {
1950  log_warn(LD_REND, "Can't generate descriptor signing keypair for "
1951  "service %s",
1952  safe_str_client(service->onion_address));
1953  goto end;
1954  }
1955 
1956  /* No need for extra strong, this is a temporary key only for this
1957  * descriptor. Nothing long term. */
1958  if (curve25519_keypair_generate(&desc->auth_ephemeral_kp, 0) < 0) {
1959  log_warn(LD_REND, "Can't generate auth ephemeral keypair for "
1960  "service %s",
1961  safe_str_client(service->onion_address));
1962  goto end;
1963  }
1964 
1965  /* Random descriptor cookie to be used as a part of a key to encrypt the
1966  * descriptor, only if the client auth is enabled will it be used. */
1968  sizeof(desc->descriptor_cookie));
1969 
1970  /* Success. */
1971  ret = 0;
1972  end:
1973  return ret;
1974 }
1975 
1976 /** Given a service and the current time, build a descriptor for the service.
1977  * This function does not pick introduction point, this needs to be done by
1978  * the update function. On success, desc_out will point to the newly allocated
1979  * descriptor object.
1980  *
1981  * This can error if we are unable to create keys or certificate. */
1982 static void
1983 build_service_descriptor(hs_service_t *service, uint64_t time_period_num,
1984  hs_service_descriptor_t **desc_out)
1985 {
1986  char *encoded_desc;
1988 
1989  tor_assert(service);
1990  tor_assert(desc_out);
1991 
1992  desc = service_descriptor_new();
1993 
1994  /* Set current time period */
1995  desc->time_period_num = time_period_num;
1996 
1997  /* Create the needed keys so we can setup the descriptor content. */
1998  if (build_service_desc_keys(service, desc) < 0) {
1999  goto err;
2000  }
2001  /* Setup plaintext descriptor content. */
2002  build_service_desc_plaintext(service, desc);
2003 
2004  /* Setup superencrypted descriptor content. */
2005  if (build_service_desc_superencrypted(service, desc) < 0) {
2006  goto err;
2007  }
2008  /* Setup encrypted descriptor content. */
2009  if (build_service_desc_encrypted(service, desc) < 0) {
2010  goto err;
2011  }
2012 
2013  /* Let's make sure that we've created a descriptor that can actually be
2014  * encoded properly. This function also checks if the encoded output is
2015  * decodable after. */
2016  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2017  &encoded_desc) < 0)) {
2018  goto err;
2019  }
2020  tor_free(encoded_desc);
2021 
2022  /* Assign newly built descriptor to the next slot. */
2023  *desc_out = desc;
2024 
2025  /* Fire a CREATED control port event. */
2027  &desc->blinded_kp.pubkey);
2028 
2029  /* If we are an onionbalance instance, we refresh our keys when we rotate
2030  * descriptors. */
2031  hs_ob_refresh_keys(service);
2032 
2033  return;
2034 
2035  err:
2036  service_descriptor_free(desc);
2037 }
2038 
2039 /** Build both descriptors for the given service that has just booted up.
2040  * Because it's a special case, it deserves its special function ;). */
2041 static void
2043 {
2044  uint64_t current_desc_tp, next_desc_tp;
2045 
2046  tor_assert(service);
2047  /* These are the conditions for a new service. */
2048  tor_assert(!service->desc_current);
2049  tor_assert(!service->desc_next);
2050 
2051  /*
2052  * +------------------------------------------------------------------+
2053  * | |
2054  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2055  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2056  * | |
2057  * | $==========|-----------$===========|-----------$===========| |
2058  * | ^ ^ |
2059  * | A B |
2060  * +------------------------------------------------------------------+
2061  *
2062  * Case A: The service boots up before a new time period, the current time
2063  * period is thus TP#1 and the next is TP#2 which for both we have access to
2064  * their SRVs.
2065  *
2066  * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2067  * next descriptor because we don't have the SRV#3 so the current should be
2068  * TP#1 and next TP#2.
2069  */
2070 
2071  if (hs_in_period_between_tp_and_srv(NULL, now)) {
2072  /* Case B from the above, inside of the new time period. */
2073  current_desc_tp = hs_get_previous_time_period_num(0); /* TP#1 */
2074  next_desc_tp = hs_get_time_period_num(0); /* TP#2 */
2075  } else {
2076  /* Case A from the above, outside of the new time period. */
2077  current_desc_tp = hs_get_time_period_num(0); /* TP#1 */
2078  next_desc_tp = hs_get_next_time_period_num(0); /* TP#2 */
2079  }
2080 
2081  /* Build descriptors. */
2082  build_service_descriptor(service, current_desc_tp, &service->desc_current);
2083  build_service_descriptor(service, next_desc_tp, &service->desc_next);
2084  log_info(LD_REND, "Hidden service %s has just started. Both descriptors "
2085  "built. Now scheduled for upload.",
2086  safe_str_client(service->onion_address));
2087 }
2088 
2089 /** Build descriptors for each service if needed. There are conditions to build
2090  * a descriptor which are details in the function. */
2091 STATIC void
2093 {
2094  FOR_EACH_SERVICE_BEGIN(service) {
2095 
2096  /* A service booting up will have both descriptors to NULL. No other cases
2097  * makes both descriptor non existent. */
2098  if (service->desc_current == NULL && service->desc_next == NULL) {
2099  build_descriptors_for_new_service(service, now);
2100  continue;
2101  }
2102 
2103  /* Reaching this point means we are pass bootup so at runtime. We should
2104  * *never* have an empty current descriptor. If the next descriptor is
2105  * empty, we'll try to build it for the next time period. This only
2106  * happens when we rotate meaning that we are guaranteed to have a new SRV
2107  * at that point for the next time period. */
2108  if (BUG(service->desc_current == NULL)) {
2109  continue;
2110  }
2111 
2112  if (service->desc_next == NULL) {
2114  &service->desc_next);
2115  log_info(LD_REND, "Hidden service %s next descriptor successfully "
2116  "built. Now scheduled for upload.",
2117  safe_str_client(service->onion_address));
2118  }
2119  } FOR_EACH_DESCRIPTOR_END;
2120 }
2121 
2122 /** Randomly pick a node to become an introduction point but not present in the
2123  * given exclude_nodes list. The chosen node is put in the exclude list
2124  * regardless of success or not because in case of failure, the node is simply
2125  * unsusable from that point on.
2126  *
2127  * If direct_conn is set, try to pick a node that our local firewall/policy
2128  * allows us to connect to directly. If we can't find any, return NULL.
2129  * This function supports selecting dual-stack nodes for direct single onion
2130  * service IPv6 connections. But it does not send IPv6 addresses in link
2131  * specifiers. (Current clients don't use IPv6 addresses to extend, and
2132  * direct client connections to intro points are not supported.)
2133  *
2134  * Return a newly allocated service intro point ready to be used for encoding.
2135  * Return NULL on error. */
2136 static hs_service_intro_point_t *
2137 pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
2138 {
2139  const or_options_t *options = get_options();
2140  const node_t *node;
2141  hs_service_intro_point_t *ip = NULL;
2142  /* Normal 3-hop introduction point flags. */
2143  router_crn_flags_t flags = CRN_NEED_UPTIME | CRN_NEED_DESC;
2144  /* Single onion flags. */
2145  router_crn_flags_t direct_flags = flags | CRN_PREF_ADDR | CRN_DIRECT_CONN;
2146 
2147  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2148  direct_conn ? direct_flags : flags);
2149 
2150  /* If we are in single onion mode, retry node selection for a 3-hop
2151  * path */
2152  if (direct_conn && !node) {
2153  log_info(LD_REND,
2154  "Unable to find an intro point that we can connect to "
2155  "directly, falling back to a 3-hop path.");
2156  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2157  flags);
2158  }
2159 
2160  if (!node) {
2161  goto err;
2162  }
2163 
2164  /* We have a suitable node, add it to the exclude list. We do this *before*
2165  * we can validate the extend information because even in case of failure,
2166  * we don't want to use that node anymore. */
2167  smartlist_add(exclude_nodes, (void *) node);
2168 
2169  /* Create our objects and populate them with the node information. */
2170  ip = service_intro_point_new(node);
2171 
2172  if (ip == NULL) {
2173  goto err;
2174  }
2175 
2176  log_info(LD_REND, "Picked intro point: %s", node_describe(node));
2177  return ip;
2178  err:
2179  service_intro_point_free(ip);
2180  return NULL;
2181 }
2182 
2183 /** For a given descriptor from the given service, pick any needed intro points
2184  * and update the current map with those newly picked intro points. Return the
2185  * number node that might have been added to the descriptor current map. */
2186 static unsigned int
2189 {
2190  int i = 0, num_needed_ip;
2191  smartlist_t *exclude_nodes = smartlist_new();
2192 
2193  tor_assert(service);
2194  tor_assert(desc);
2195 
2196  /* Compute how many intro points we actually need to open. */
2197  num_needed_ip = service->config.num_intro_points -
2198  digest256map_size(desc->intro_points.map);
2199  if (BUG(num_needed_ip < 0)) {
2200  /* Let's not make tor freak out here and just skip this. */
2201  goto done;
2202  }
2203 
2204  /* We want to end up with config.num_intro_points intro points, but if we
2205  * have no intro points at all (chances are they all cycled or we are
2206  * starting up), we launch get_intro_point_num_extra() extra circuits and
2207  * use the first config.num_intro_points that complete. See proposal #155,
2208  * section 4 for the rationale of this which is purely for performance.
2209  *
2210  * The ones after the first config.num_intro_points will be converted to
2211  * 'General' internal circuits and then we'll drop them from the list of
2212  * intro points. */
2213  if (digest256map_size(desc->intro_points.map) == 0) {
2214  num_needed_ip += get_intro_point_num_extra();
2215  }
2216 
2217  /* Build an exclude list of nodes of our intro point(s). The expiring intro
2218  * points are OK to pick again because this is after all a concept of round
2219  * robin so they are considered valid nodes to pick again. */
2220  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
2221  hs_service_intro_point_t *, ip) {
2222  const node_t *intro_node = get_node_from_intro_point(ip);
2223  if (intro_node) {
2224  smartlist_add(exclude_nodes, (void*)intro_node);
2225  }
2226  } DIGEST256MAP_FOREACH_END;
2227  /* Also, add the failing intro points that our descriptor encounteered in
2228  * the exclude node list. */
2229  setup_intro_point_exclude_list(desc, exclude_nodes);
2230 
2231  for (i = 0; i < num_needed_ip; i++) {
2233 
2234  /* This function will add the picked intro point node to the exclude nodes
2235  * list so we don't pick the same one at the next iteration. */
2236  ip = pick_intro_point(service->config.is_single_onion, exclude_nodes);
2237  if (ip == NULL) {
2238  /* If we end up unable to pick an introduction point it is because we
2239  * can't find suitable node and calling this again is highly unlikely to
2240  * give us a valid node all of the sudden. */
2241  log_info(LD_REND, "Unable to find a suitable node to be an "
2242  "introduction point for service %s.",
2243  safe_str_client(service->onion_address));
2244  goto done;
2245  }
2246  /* Valid intro point object, add it to the descriptor current map. */
2248  }
2249  /* We've successfully picked all our needed intro points thus none are
2250  * missing which will tell our upload process to expect the number of
2251  * circuits to be the number of configured intro points circuits and not the
2252  * number of intro points object that we have. */
2253  desc->missing_intro_points = 0;
2254 
2255  /* Success. */
2256  done:
2257  /* We don't have ownership of the node_t object in this list. */
2258  smartlist_free(exclude_nodes);
2259  return i;
2260 }
2261 
2262 /** Clear previous cached HSDirs in <b>desc</b>. */
2263 static void
2265 {
2266  if (BUG(!desc->previous_hsdirs)) {
2267  return;
2268  }
2269 
2270  SMARTLIST_FOREACH(desc->previous_hsdirs, char*, s, tor_free(s));
2272 }
2273 
2274 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2275 static void
2277 {
2278  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
2279  digest_to_base64(b64_digest, hsdir->identity);
2280 
2281  if (BUG(!desc->previous_hsdirs)) {
2282  return;
2283  }
2284 
2285  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
2286  smartlist_add_strdup(desc->previous_hsdirs, b64_digest);
2287  }
2288 }
2289 
2290 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2291  * means that this descriptor is dirty. */
2292 STATIC void
2294  time_t now,
2295  int descriptor_changed)
2296 
2297 {
2298  desc->next_upload_time = now;
2299 
2300  /* If the descriptor changed, clean up the old HSDirs list. We want to
2301  * re-upload no matter what. */
2302  if (descriptor_changed) {
2304  }
2305 }
2306 
2307 /** Pick missing intro points for this descriptor if needed. */
2308 static void
2310  hs_service_descriptor_t *desc, time_t now)
2311 {
2312  unsigned int num_intro_points;
2313 
2314  tor_assert(service);
2315  tor_assert(desc);
2316  tor_assert(desc->desc);
2317 
2318  num_intro_points = digest256map_size(desc->intro_points.map);
2319 
2320  /* Pick any missing introduction point(s). */
2321  if (num_intro_points < service->config.num_intro_points) {
2322  unsigned int num_new_intro_points = pick_needed_intro_points(service,
2323  desc);
2324  if (num_new_intro_points != 0) {
2325  log_info(LD_REND, "Service %s just picked %u intro points and wanted "
2326  "%u for %s descriptor. It currently has %d intro "
2327  "points. Launching ESTABLISH_INTRO circuit shortly.",
2328  safe_str_client(service->onion_address),
2329  num_new_intro_points,
2330  service->config.num_intro_points - num_intro_points,
2331  (desc == service->desc_current) ? "current" : "next",
2332  num_intro_points);
2333  /* We'll build those introduction point into the descriptor once we have
2334  * confirmation that the circuits are opened and ready. However,
2335  * indicate that this descriptor should be uploaded from now on. */
2336  service_desc_schedule_upload(desc, now, 1);
2337  }
2338  /* Were we able to pick all the intro points we needed? If not, we'll
2339  * flag the descriptor that it's missing intro points because it
2340  * couldn't pick enough which will trigger a descriptor upload. */
2341  if ((num_new_intro_points + num_intro_points) <
2342  service->config.num_intro_points) {
2343  desc->missing_intro_points = 1;
2344  }
2345  }
2346 }
2347 
2348 /** Update descriptor intro points for each service if needed. We do this as
2349  * part of the periodic event because we need to establish intro point circuits
2350  * before we publish descriptors. */
2351 STATIC void
2353 {
2354  FOR_EACH_SERVICE_BEGIN(service) {
2355  /* We'll try to update each descriptor that is if certain conditions apply
2356  * in order for the descriptor to be updated. */
2357  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2358  update_service_descriptor_intro_points(service, desc, now);
2359  } FOR_EACH_DESCRIPTOR_END;
2360  } FOR_EACH_SERVICE_END;
2361 }
2362 
2363 /** Return true iff the given intro point has expired that is it has been used
2364  * for too long or we've reached our max seen INTRODUCE2 cell. */
2365 STATIC int
2367  time_t now)
2368 {
2369  tor_assert(ip);
2370 
2371  if (ip->introduce2_count >= ip->introduce2_max) {
2372  goto expired;
2373  }
2374 
2375  if (ip->time_to_expire <= now) {
2376  goto expired;
2377  }
2378 
2379  /* Not expiring. */
2380  return 0;
2381  expired:
2382  return 1;
2383 }
2384 
2385 /** Return true iff we should remove the intro point ip from its service.
2386  *
2387  * We remove an intro point from the service descriptor list if one of
2388  * these criteria is met:
2389  * - It has expired (either in INTRO2 count or in time).
2390  * - No node was found (fell off the consensus).
2391  * - We are over the maximum amount of retries.
2392  *
2393  * If an established or pending circuit is found for the given ip object, this
2394  * return false indicating it should not be removed. */
2395 static bool
2397 {
2398  bool ret = false;
2399 
2400  tor_assert(ip);
2401 
2402  /* Any one of the following needs to be True to fulfill the criteria to
2403  * remove an intro point. */
2404  bool has_no_retries = (ip->circuit_retries >
2406  bool has_no_node = (get_node_from_intro_point(ip) == NULL);
2407  bool has_expired = intro_point_should_expire(ip, now);
2408 
2409  /* If the node fell off the consensus or the IP has expired, we have to
2410  * remove it now. */
2411  if (has_no_node || has_expired) {
2412  ret = true;
2413  goto end;
2414  }
2415 
2416  /* Pass this point, even though we might be over the retry limit, we check
2417  * if a circuit (established or pending) exists. In that case, we should not
2418  * remove it because it might simply be valid and opened at the previous
2419  * scheduled event for the last retry. */
2420 
2421  /* Do we simply have an existing circuit regardless of its state? */
2423  goto end;
2424  }
2425 
2426  /* Getting here means we have _no_ circuits so then return if we have any
2427  * remaining retries. */
2428  ret = has_no_retries;
2429 
2430  end:
2431  /* Meaningful log in case we are about to remove the IP. */
2432  if (ret) {
2433  log_info(LD_REND, "Intro point %s%s (retried: %u times). "
2434  "Removing it.",
2436  has_expired ? " has expired" :
2437  (has_no_node) ? " fell off the consensus" : "",
2438  ip->circuit_retries);
2439  }
2440  return ret;
2441 }
2442 
2443 /** Go over the given set of intro points for each service and remove any
2444  * invalid ones.
2445  *
2446  * If an intro point is removed, the circuit (if any) is immediately close.
2447  * If a circuit can't be found, the intro point is kept if it hasn't reached
2448  * its maximum circuit retry value and thus should be retried. */
2449 static void
2450 cleanup_intro_points(hs_service_t *service, time_t now)
2451 {
2452  /* List of intro points to close. We can't mark the intro circuits for close
2453  * in the modify loop because doing so calls back into the HS subsystem and
2454  * we need to keep that code path outside of the service/desc loop so those
2455  * maps don't get modified during the close making us in a possible
2456  * use-after-free situation. */
2457  smartlist_t *ips_to_free = smartlist_new();
2458 
2459  tor_assert(service);
2460 
2461  /* For both descriptors, cleanup the intro points. */
2462  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2463  /* Go over the current intro points we have, make sure they are still
2464  * valid and remove any of them that aren't. */
2465  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2466  hs_service_intro_point_t *, ip) {
2467  if (should_remove_intro_point(ip, now)) {
2468  /* We've retried too many times, remember it as a failed intro point
2469  * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2470  if (ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
2472  }
2473 
2474  /* Remove intro point from descriptor map and add it to the list of
2475  * ips to free for which we'll also try to close the intro circuit. */
2476  MAP_DEL_CURRENT(key);
2477  smartlist_add(ips_to_free, ip);
2478  }
2479  } DIGEST256MAP_FOREACH_END;
2480  } FOR_EACH_DESCRIPTOR_END;
2481 
2482  /* Go over the intro points to free and close their circuit if any. */
2484  /* See if we need to close the intro point circuit as well */
2485 
2486  /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2487  * open until a new descriptor is uploaded and then closed all expiring
2488  * intro point circuit. Here, we close immediately and because we just
2489  * discarded the intro point, a new one will be selected, a new descriptor
2490  * created and uploaded. There is no difference to an attacker between the
2491  * timing of a new consensus and intro point rotation (possibly?). */
2493  if (ocirc && !TO_CIRCUIT(ocirc)->marked_for_close) {
2494  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2495  }
2496 
2497  /* Cleanup the intro point */
2498  service_intro_point_free(ip);
2499  } SMARTLIST_FOREACH_END(ip);
2500 
2501  smartlist_free(ips_to_free);
2502 }
2503 
2504 /** Set the next rotation time of the descriptors for the given service for the
2505  * time now. */
2506 static void
2508 {
2509  tor_assert(service);
2510 
2511  service->state.next_rotation_time =
2514 
2515  {
2516  char fmt_time[ISO_TIME_LEN + 1];
2517  format_local_iso_time(fmt_time, service->state.next_rotation_time);
2518  log_info(LD_REND, "Next descriptor rotation time set to %s for %s",
2519  fmt_time, safe_str_client(service->onion_address));
2520  }
2521 }
2522 
2523 /** Return true iff the service should rotate its descriptor. The time now is
2524  * only used to fetch the live consensus and if none can be found, this
2525  * returns false. */
2526 static unsigned int
2528 {
2529  const networkstatus_t *ns;
2530 
2531  tor_assert(service);
2532 
2535  if (ns == NULL) {
2536  goto no_rotation;
2537  }
2538 
2539  if (ns->valid_after >= service->state.next_rotation_time) {
2540  /* In theory, we should never get here with no descriptors. We can never
2541  * have a NULL current descriptor except when tor starts up. The next
2542  * descriptor can be NULL after a rotation but we build a new one right
2543  * after.
2544  *
2545  * So, when tor starts, the next rotation time is set to the start of the
2546  * next SRV period using the consensus valid after time so it should
2547  * always be set to a future time value. This means that we should never
2548  * reach this point at bootup that is this check safeguards tor in never
2549  * allowing a rotation if the valid after time is smaller than the next
2550  * rotation time.
2551  *
2552  * This is all good in theory but we've had a NULL descriptor issue here
2553  * so this is why we BUG() on both with extra logging to try to understand
2554  * how this can possibly happens. We'll simply ignore and tor should
2555  * recover from this by skipping rotation and building the missing
2556  * descriptors just after this. */
2557  if (BUG(service->desc_current == NULL || service->desc_next == NULL)) {
2558  log_warn(LD_BUG, "Service descriptor is NULL (%p/%p). Next rotation "
2559  "time is %ld (now: %ld). Valid after time from "
2560  "consensus is %ld",
2561  service->desc_current, service->desc_next,
2562  (long)service->state.next_rotation_time,
2563  (long)now,
2564  (long)ns->valid_after);
2565  goto no_rotation;
2566  }
2567  goto rotation;
2568  }
2569 
2570  no_rotation:
2571  return 0;
2572  rotation:
2573  return 1;
2574 }
2575 
2576 /** Rotate the service descriptors of the given service. The current descriptor
2577  * will be freed, the next one put in as the current and finally the next
2578  * descriptor pointer is NULLified. */
2579 static void
2581 {
2582  if (service->desc_current) {
2583  /* Close all IP circuits for the descriptor. */
2585  /* We don't need this one anymore, we won't serve any clients coming with
2586  * this service descriptor. */
2587  service_descriptor_free(service->desc_current);
2588  }
2589  /* The next one become the current one and emptying the next will trigger
2590  * a descriptor creation for it. */
2591  service->desc_current = service->desc_next;
2592  service->desc_next = NULL;
2593 
2594  /* We've just rotated, set the next time for the rotation. */
2595  set_rotation_time(service);
2596 }
2597 
2598 /** Rotate descriptors for each service if needed. A non existing current
2599  * descriptor will trigger a descriptor build for the next time period. */
2600 STATIC void
2602 {
2603  /* XXX We rotate all our service descriptors at once. In the future it might
2604  * be wise, to rotate service descriptors independently to hide that all
2605  * those descriptors are on the same tor instance */
2606 
2607  FOR_EACH_SERVICE_BEGIN(service) {
2608 
2609  /* Note for a service booting up: Both descriptors are NULL in that case
2610  * so this function might return true if we are in the timeframe for a
2611  * rotation leading to basically swapping two NULL pointers which is
2612  * harmless. However, the side effect is that triggering a rotation will
2613  * update the service state and avoid doing anymore rotations after the
2614  * two descriptors have been built. */
2615  if (!should_rotate_descriptors(service, now)) {
2616  continue;
2617  }
2618 
2619  log_info(LD_REND, "Time to rotate our descriptors (%p / %p) for %s",
2620  service->desc_current, service->desc_next,
2621  safe_str_client(service->onion_address));
2622 
2623  rotate_service_descriptors(service);
2624  } FOR_EACH_SERVICE_END;
2625 }
2626 
2627 /** Scheduled event run from the main loop. Make sure all our services are up
2628  * to date and ready for the other scheduled events. This includes looking at
2629  * the introduction points status and descriptor rotation time. */
2630 STATIC void
2632 {
2633  /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2634  * simply moving things around or removing unneeded elements. */
2635 
2636  FOR_EACH_SERVICE_BEGIN(service) {
2637 
2638  /* If the service is starting off, set the rotation time. We can't do that
2639  * at configure time because the get_options() needs to be set for setting
2640  * that time that uses the voting interval. */
2641  if (service->state.next_rotation_time == 0) {
2642  /* Set the next rotation time of the descriptors. If it's Oct 25th
2643  * 23:47:00, the next rotation time is when the next SRV is computed
2644  * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2645  set_rotation_time(service);
2646  }
2647 
2648  /* Cleanup invalid intro points from the service descriptor. */
2649  cleanup_intro_points(service, now);
2650 
2651  /* Remove expired failing intro point from the descriptor failed list. We
2652  * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2653  remove_expired_failing_intro(service, now);
2654 
2655  /* At this point, the service is now ready to go through the scheduled
2656  * events guaranteeing a valid state. Intro points might be missing from
2657  * the descriptors after the cleanup but the update/build process will
2658  * make sure we pick those missing ones. */
2659  } FOR_EACH_SERVICE_END;
2660 }
2661 
2662 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2663  * date. Once this returns, each service descriptor needs to be considered for
2664  * new introduction circuits and then for upload. */
2665 static void
2667 {
2668  /* Run v3+ events. */
2669  /* We start by rotating the descriptors only if needed. */
2671 
2672  /* Then, we'll try to build new descriptors that we might need. The
2673  * condition is that the next descriptor is non existing because it has
2674  * been rotated or we just started up. */
2675  build_all_descriptors(now);
2676 
2677  /* Finally, we'll check if we should update the descriptors' intro
2678  * points. Missing introduction points will be picked in this function which
2679  * is useful for newly built descriptors. */
2681 }
2682 
2683 /** For the given service, launch any intro point circuits that could be
2684  * needed. This considers every descriptor of the service. */
2685 static void
2687 {
2688  tor_assert(service);
2689 
2690  /* For both descriptors, try to launch any missing introduction point
2691  * circuits using the current map. */
2692  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2693  /* Keep a ref on if we need a direct connection. We use this often. */
2694  bool direct_conn = service->config.is_single_onion;
2695 
2696  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2697  hs_service_intro_point_t *, ip) {
2698  extend_info_t *ei;
2699 
2700  /* Skip the intro point that already has an existing circuit
2701  * (established or not). */
2703  continue;
2704  }
2705  ei = get_extend_info_from_intro_point(ip, direct_conn);
2706 
2707  /* If we can't connect directly to the intro point, get an extend_info
2708  * for a multi-hop path instead. */
2709  if (ei == NULL && direct_conn) {
2710  direct_conn = false;
2712  }
2713 
2714  if (ei == NULL) {
2715  /* This is possible if we can get a node_t but not the extend info out
2716  * of it. In this case, we remove the intro point and a new one will
2717  * be picked at the next main loop callback. */
2718  MAP_DEL_CURRENT(key);
2719  service_intro_point_free(ip);
2720  continue;
2721  }
2722 
2723  /* Launch a circuit to the intro point. */
2724  ip->circuit_retries++;
2725  if (hs_circ_launch_intro_point(service, ip, ei, direct_conn) < 0) {
2726  log_info(LD_REND, "Unable to launch intro circuit to node %s "
2727  "for service %s.",
2728  safe_str_client(extend_info_describe(ei)),
2729  safe_str_client(service->onion_address));
2730  /* Intro point will be retried if possible after this. */
2731  }
2732  extend_info_free(ei);
2733  } DIGEST256MAP_FOREACH_END;
2734  } FOR_EACH_DESCRIPTOR_END;
2735 }
2736 
2737 /** Don't try to build more than this many circuits before giving up for a
2738  * while. Dynamically calculated based on the configured number of intro
2739  * points for the given service and how many descriptor exists. The default
2740  * use case of 3 introduction points and two descriptors will allow 28
2741  * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2742 static unsigned int
2744 {
2745  unsigned int count = 0;
2746  unsigned int multiplier = 0;
2747  unsigned int num_wanted_ip;
2748 
2749  tor_assert(service);
2750  tor_assert(service->config.num_intro_points <=
2751  HS_CONFIG_V3_MAX_INTRO_POINTS);
2752 
2753 /** For a testing network, allow to do it for the maximum amount so circuit
2754  * creation and rotation and so on can actually be tested without limit. */
2755 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2756  if (get_options()->TestingTorNetwork) {
2757  return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
2758  }
2759 
2760  num_wanted_ip = service->config.num_intro_points;
2761 
2762  /* The calculation is as follow. We have a number of intro points that we
2763  * want configured as a torrc option (num_intro_points). We then add an
2764  * extra value so we can launch multiple circuits at once and pick the
2765  * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2766  * pick 5 intros and launch 5 circuits. */
2767  count += (num_wanted_ip + get_intro_point_num_extra());
2768 
2769  /* Then we add the number of retries that is possible to do for each intro
2770  * point. If we want 3 intros, we'll allow 3 times the number of possible
2771  * retry. */
2772  count += (num_wanted_ip * MAX_INTRO_POINT_CIRCUIT_RETRIES);
2773 
2774  /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2775  * have none. */
2776  multiplier += (service->desc_current) ? 1 : 0;
2777  multiplier += (service->desc_next) ? 1 : 0;
2778 
2779  return (count * multiplier);
2780 }
2781 
2782 /** For the given service, return 1 if the service is allowed to launch more
2783  * introduction circuits else 0 if the maximum has been reached for the retry
2784  * period of INTRO_CIRC_RETRY_PERIOD. */
2785 STATIC int
2787 {
2788  tor_assert(service);
2789 
2790  /* Consider the intro circuit retry period of the service. */
2791  if (now > (service->state.intro_circ_retry_started_time +
2793  service->state.intro_circ_retry_started_time = now;
2794  service->state.num_intro_circ_launched = 0;
2795  goto allow;
2796  }
2797  /* Check if we can still launch more circuits in this period. */
2798  if (service->state.num_intro_circ_launched <=
2799  get_max_intro_circ_per_period(service)) {
2800  goto allow;
2801  }
2802 
2803  /* Rate limit log that we've reached our circuit creation limit. */
2804  {
2805  char *msg;
2806  time_t elapsed_time = now - service->state.intro_circ_retry_started_time;
2807  static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD);
2808  if ((msg = rate_limit_log(&rlimit, now))) {
2809  log_info(LD_REND, "Hidden service %s exceeded its circuit launch limit "
2810  "of %u per %d seconds. It launched %u circuits in "
2811  "the last %ld seconds. Will retry in %ld seconds.",
2812  safe_str_client(service->onion_address),
2815  service->state.num_intro_circ_launched,
2816  (long int) elapsed_time,
2817  (long int) (INTRO_CIRC_RETRY_PERIOD - elapsed_time));
2818  tor_free(msg);
2819  }
2820  }
2821 
2822  /* Not allow. */
2823  return 0;
2824  allow:
2825  return 1;
2826 }
2827 
2828 /** Scheduled event run from the main loop. Make sure we have all the circuits
2829  * we need for each service. */
2830 static void
2832 {
2833  /* Make sure we can actually have enough information or able to build
2834  * internal circuits as required by services. */
2835  if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN ||
2837  return;
2838  }
2839 
2840  /* Run v3+ check. */
2841  FOR_EACH_SERVICE_BEGIN(service) {
2842  /* For introduction circuit, we need to make sure we don't stress too much
2843  * circuit creation so make sure this service is respecting that limit. */
2844  if (can_service_launch_intro_circuit(service, now)) {
2845  /* Launch intro point circuits if needed. */
2846  launch_intro_point_circuits(service);
2847  /* Once the circuits have opened, we'll make sure to update the
2848  * descriptor intro point list and cleanup any extraneous. */
2849  }
2850  } FOR_EACH_SERVICE_END;
2851 }
2852 
2853 /** Encode and sign the service descriptor desc and upload it to the given
2854  * hidden service directory. This does nothing if PublishHidServDescriptors
2855  * is false. */
2856 static void
2858  hs_service_descriptor_t *desc, const node_t *hsdir)
2859 {
2860  char *encoded_desc = NULL;
2861 
2862  tor_assert(service);
2863  tor_assert(desc);
2864  tor_assert(hsdir);
2865 
2866  /* Let's avoid doing that if tor is configured to not publish. */
2867  if (!get_options()->PublishHidServDescriptors) {
2868  log_info(LD_REND, "Service %s not publishing descriptor. "
2869  "PublishHidServDescriptors is set to 0.",
2870  safe_str_client(service->onion_address));
2871  goto end;
2872  }
2873 
2874  /* First of all, we'll encode the descriptor. This should NEVER fail but
2875  * just in case, let's make sure we have an actual usable descriptor. */
2876  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2877  &encoded_desc) < 0)) {
2878  goto end;
2879  }
2880 
2881  /* Time to upload the descriptor to the directory. */
2882  hs_service_upload_desc_to_dir(encoded_desc, service->config.version,
2883  &service->keys.identity_pk,
2884  &desc->blinded_kp.pubkey, hsdir->rs);
2885 
2886  /* Add this node to previous_hsdirs list */
2887  service_desc_note_upload(desc, hsdir);
2888 
2889  /* Logging so we know where it was sent. */
2890  {
2891  int is_next_desc = (service->desc_next == desc);
2892  const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.store_second:
2893  hsdir->hsdir_index.store_first;
2894  char *blinded_pubkey_log_str =
2895  tor_strdup(hex_str((char*)&desc->blinded_kp.pubkey.pubkey, 32));
2896  /* This log message is used by Chutney as part of its bootstrap
2897  * detection mechanism. Please don't change without first checking
2898  * Chutney. */
2899  log_info(LD_REND, "Service %s %s descriptor of revision %" PRIu64
2900  " initiated upload request to %s with index %s (%s)",
2901  safe_str_client(service->onion_address),
2902  (is_next_desc) ? "next" : "current",
2904  safe_str_client(node_describe(hsdir)),
2905  safe_str_client(hex_str((const char *) idx, 32)),
2906  safe_str_client(blinded_pubkey_log_str));
2907  tor_free(blinded_pubkey_log_str);
2908 
2909  /* Fire a UPLOAD control port event. */
2911  &desc->blinded_kp.pubkey, idx);
2912  }
2913 
2914  end:
2915  tor_free(encoded_desc);
2916  return;
2917 }
2918 
2919 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2920  * timestamp using an OPE scheme and using the ciphertext as our revision
2921  * counter.
2922  *
2923  * If <b>is_current</b> is true, then this is the current HS descriptor,
2924  * otherwise it's the next one. */
2925 static void
2927  bool is_current)
2928 {
2929  uint64_t rev_counter = 0;
2930 
2931  /* Get current time */
2932  time_t srv_start = 0;
2933 
2934  /* As our revision counter plaintext value, we use the seconds since the
2935  * start of the SR protocol run that is relevant to this descriptor. This is
2936  * guaranteed to be a positive value since we need the SRV to start making a
2937  * descriptor (so that we know where to upload it).
2938  *
2939  * Depending on whether we are building the current or the next descriptor,
2940  * services use a different SRV value. See [SERVICEUPLOAD] in
2941  * rend-spec-v3.txt:
2942  *
2943  * In particular, for the current descriptor (aka first descriptor), Tor
2944  * always uses the previous SRV for uploading the descriptor, and hence we
2945  * should use the start time of the previous protocol run here.
2946  *
2947  * Whereas for the next descriptor (aka second descriptor), Tor always uses
2948  * the current SRV for uploading the descriptor. and hence we use the start
2949  * time of the current protocol run.
2950  */
2951  if (is_current) {
2953  } else {
2955  }
2956 
2957  log_info(LD_REND, "Setting rev counter for TP #%u: "
2958  "SRV started at %d, now %d (%s)",
2959  (unsigned) hs_desc->time_period_num, (int)srv_start,
2960  (int)now, is_current ? "current" : "next");
2961 
2962  tor_assert_nonfatal(now >= srv_start);
2963 
2964  /* Compute seconds elapsed since the start of the time period. That's the
2965  * number of seconds of how long this blinded key has been active. */
2966  time_t seconds_since_start_of_srv = now - srv_start;
2967 
2968  /* Increment by one so that we are definitely sure this is strictly
2969  * positive and not zero. */
2970  seconds_since_start_of_srv++;
2971 
2972  /* Check for too big inputs. */
2973  if (BUG(seconds_since_start_of_srv > OPE_INPUT_MAX)) {
2974  seconds_since_start_of_srv = OPE_INPUT_MAX;
2975  }
2976 
2977  /* Now we compute the final revision counter value by encrypting the
2978  plaintext using our OPE cipher: */
2979  tor_assert(hs_desc->ope_cipher);
2980  rev_counter = crypto_ope_encrypt(hs_desc->ope_cipher,
2981  (int) seconds_since_start_of_srv);
2982 
2983  /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2984  tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
2985 
2986  log_info(LD_REND, "Encrypted revision counter %d to %" PRIu64,
2987  (int) seconds_since_start_of_srv, rev_counter);
2988 
2989  hs_desc->desc->plaintext_data.revision_counter = rev_counter;
2990 }
2991 
2992 /** Encode and sign the service descriptor desc and upload it to the
2993  * responsible hidden service directories. If for_next_period is true, the set
2994  * of directories are selected using the next hsdir_index. This does nothing
2995  * if PublishHidServDescriptors is false. */
2996 STATIC void
2999 {
3000  smartlist_t *responsible_dirs = NULL;
3001 
3002  tor_assert(service);
3003  tor_assert(desc);
3004 
3005  /* We'll first cancel any directory request that are ongoing for this
3006  * descriptor. It is possible that we can trigger multiple uploads in a
3007  * short time frame which can lead to a race where the second upload arrives
3008  * before the first one leading to a 400 malformed descriptor response from
3009  * the directory. Closing all pending requests avoids that. */
3010  close_directory_connections(service, desc);
3011 
3012  /* Get our list of responsible HSDir. */
3013  responsible_dirs = smartlist_new();
3014  /* The parameter 0 means that we aren't a client so tell the function to use
3015  * the spread store consensus parameter. */
3017  service->desc_next == desc, 0, responsible_dirs);
3018 
3019  /** Clear list of previous hsdirs since we are about to upload to a new
3020  * list. Let's keep it up to date. */
3022 
3023  /* For each responsible HSDir we have, initiate an upload command. */
3024  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *,
3025  hsdir_rs) {
3026  const node_t *hsdir_node = node_get_by_id(hsdir_rs->identity_digest);
3027  /* Getting responsible hsdir implies that the node_t object exists for the
3028  * routerstatus_t found in the consensus else we have a problem. */
3029  tor_assert(hsdir_node);
3030  /* Upload this descriptor to the chosen directory. */
3031  upload_descriptor_to_hsdir(service, desc, hsdir_node);
3032  } SMARTLIST_FOREACH_END(hsdir_rs);
3033 
3034  /* Set the next upload time for this descriptor. Even if we are configured
3035  * to not upload, we still want to follow the right cycle of life for this
3036  * descriptor. */
3037  desc->next_upload_time =
3040  {
3041  char fmt_next_time[ISO_TIME_LEN+1];
3042  format_local_iso_time(fmt_next_time, desc->next_upload_time);
3043  log_debug(LD_REND, "Service %s set to upload a descriptor at %s",
3044  safe_str_client(service->onion_address), fmt_next_time);
3045  }
3046 
3047  smartlist_free(responsible_dirs);
3048  return;
3049 }
3050 
3051 /** The set of HSDirs have changed: check if the change affects our descriptor
3052  * HSDir placement, and if it does, reupload the desc. */
3053 STATIC int
3055  const hs_service_descriptor_t *desc)
3056 {
3057  int should_reupload = 0;
3058  smartlist_t *responsible_dirs = smartlist_new();
3059 
3060  /* No desc upload has happened yet: it will happen eventually */
3061  if (!desc->previous_hsdirs || !smartlist_len(desc->previous_hsdirs)) {
3062  goto done;
3063  }
3064 
3065  /* Get list of responsible hsdirs */
3067  service->desc_next == desc, 0, responsible_dirs);
3068 
3069  /* Check if any new hsdirs have been added to the responsible hsdirs set:
3070  * Iterate over the list of new hsdirs, and reupload if any of them is not
3071  * present in the list of previous hsdirs.
3072  */
3073  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *, hsdir_rs) {
3074  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
3075  digest_to_base64(b64_digest, hsdir_rs->identity_digest);
3076 
3077  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
3078  should_reupload = 1;
3079  break;
3080  }
3081  } SMARTLIST_FOREACH_END(hsdir_rs);
3082 
3083  done:
3084  smartlist_free(responsible_dirs);
3085 
3086  return should_reupload;
3087 }
3088 
3089 /** These are all the reasons why a descriptor upload can't occur. We use
3090  * those to log the reason properly with the right rate limiting and for the
3091  * right descriptor. */
3092 typedef enum {
3093  LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3094  LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3095  LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3096  LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3097  LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3099 
3100 /** Maximum number of reasons. This is used to allocate the static array of
3101  * all rate limiting objects. */
3102 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3103 
3104 /** Log the reason why we can't upload the given descriptor for the given
3105  * service. This takes a message string (allocated by the caller) and a
3106  * reason.
3107  *
3108  * Depending on the reason and descriptor, different rate limit applies. This
3109  * is done because this function will basically be called every second. Each
3110  * descriptor for each reason uses its own log rate limit object in order to
3111  * avoid message suppression for different reasons and descriptors. */
3112 static void
3114  const hs_service_descriptor_t *desc, const char *msg,
3115  const log_desc_upload_reason_t reason)
3116 {
3117  /* Writing the log every minute shouldn't be too annoying for log rate limit
3118  * since this can be emitted every second for each descriptor.
3119  *
3120  * However, for one specific case, we increase it to 10 minutes because it
3121  * is hit constantly, as an expected behavior, which is the reason
3122  * indicating that it is not the time to upload. */
3123  static ratelim_t limits[2][LOG_DESC_UPLOAD_REASON_MAX + 1] =
3124  { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3125  RATELIM_INIT(60), RATELIM_INIT(60) },
3126  { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3127  RATELIM_INIT(60), RATELIM_INIT(60) },
3128  };
3129  bool is_next_desc = false;
3130  unsigned int rlim_pos = 0;
3131  ratelim_t *rlim = NULL;
3132 
3133  tor_assert(service);
3134  tor_assert(desc);
3135  tor_assert(msg);
3136 
3137  /* Make sure the reason value is valid. It should never happen because we
3138  * control that value in the code flow but will be apparent during
3139  * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3140  * updated. */
3141  if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX)) {
3142  return;
3143  }
3144 
3145  /* Ease our life. Flag that tells us if the descriptor is the next one. */
3146  is_next_desc = (service->desc_next == desc);
3147 
3148  /* Current descriptor is the first element in the ratelimit object array.
3149  * The next descriptor is the second element. */
3150  rlim_pos = (is_next_desc ? 1 : 0);
3151  /* Get the ratelimit object for the reason _and_ right descriptor. */
3152  rlim = &limits[rlim_pos][reason];
3153 
3155  "Service %s can't upload its %s descriptor: %s",
3156  safe_str_client(service->onion_address),
3157  (is_next_desc) ? "next" : "current", msg);
3158 }
3159 
3160 /** Return 1 if the given descriptor from the given service can be uploaded
3161  * else return 0 if it can not. */
3162 static int
3164  const hs_service_descriptor_t *desc, time_t now)
3165 {
3166  char *msg = NULL;
3167  unsigned int num_intro_points, count_ip_established;
3168 
3169  tor_assert(service);
3170  tor_assert(desc);
3171 
3172  /* If this descriptors has missing intro points that is that it couldn't get
3173  * them all when it was time to pick them, it means that we should upload
3174  * instead of waiting an arbitrary amount of time breaking the service.
3175  * Else, if we have no missing intro points, we use the value taken from the
3176  * service configuration. */
3177  if (desc->missing_intro_points) {
3178  num_intro_points = digest256map_size(desc->intro_points.map);
3179  } else {
3180  num_intro_points = service->config.num_intro_points;
3181  }
3182 
3183  /* This means we tried to pick intro points but couldn't get any so do not
3184  * upload descriptor in this case. We need at least one for the service to
3185  * be reachable. */
3186  if (desc->missing_intro_points && num_intro_points == 0) {
3187  msg = tor_strdup("Missing intro points");
3188  log_cant_upload_desc(service, desc, msg,
3189  LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3190  goto cannot;
3191  }
3192 
3193  /* Check if all our introduction circuit have been established for all the
3194  * intro points we have selected. */
3195  count_ip_established = count_desc_circuit_established(desc);
3196  if (count_ip_established != num_intro_points) {
3197  tor_asprintf(&msg, "Intro circuits aren't yet all established (%d/%d).",
3198  count_ip_established, num_intro_points);
3199  log_cant_upload_desc(service, desc, msg,
3200  LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3201  goto cannot;
3202  }
3203 
3204  /* Is it the right time to upload? */
3205  if (desc->next_upload_time > now) {
3206  tor_asprintf(&msg, "Next upload time is %ld, it is now %ld.",
3207  (long int) desc->next_upload_time, (long int) now);
3208  log_cant_upload_desc(service, desc, msg,
3209  LOG_DESC_UPLOAD_REASON_NOT_TIME);
3210  goto cannot;
3211  }
3212 
3213  /* Don't upload desc if we don't have a live consensus */
3216  msg = tor_strdup("No reasonably live consensus");
3217  log_cant_upload_desc(service, desc, msg,
3218  LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3219  goto cannot;
3220  }
3221 
3222  /* Do we know enough router descriptors to have adequate vision of the HSDir
3223  hash ring? */
3225  msg = tor_strdup("Not enough directory information");
3226  log_cant_upload_desc(service, desc, msg,
3227  LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3228  goto cannot;
3229  }
3230 
3231  /* Can upload! */
3232  return 1;
3233 
3234  cannot:
3235  tor_free(msg);
3236  return 0;
3237 }
3238 
3239 /** Refresh the given service descriptor meaning this will update every mutable
3240  * field that needs to be updated before we upload.
3241  *
3242  * This should ONLY be called before uploading a descriptor. It assumes that
3243  * the descriptor has been built (desc->desc) and that all intro point
3244  * circuits have been established. */
3245 static void
3247  hs_service_descriptor_t *desc, time_t now)
3248 {
3249  /* There are few fields that we consider "mutable" in the descriptor meaning
3250  * we need to update them regularly over the lifetime for the descriptor.
3251  * The rest are set once and should not be modified.
3252  *
3253  * - Signing key certificate.
3254  * - Revision counter.
3255  * - Introduction points which includes many thing. See
3256  * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3257  */
3258 
3259  /* Create the signing key certificate. */
3260  build_desc_signing_key_cert(desc, now);
3261 
3262  /* Build the intro points descriptor section. The refresh step is just
3263  * before we upload so all circuits have been properly established. */
3264  build_desc_intro_points(service, desc, now);
3265 
3266  /* Set the desc revision counter right before uploading */
3267  set_descriptor_revision_counter(desc, now, service->desc_current == desc);
3268 }
3269 
3270 /** Scheduled event run from the main loop. Try to upload the descriptor for
3271  * each service. */
3272 STATIC void
3274 {
3275  /* Run v3+ check. */
3276  FOR_EACH_SERVICE_BEGIN(service) {
3277  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
3278  /* If we were asked to re-examine the hash ring, and it changed, then
3279  schedule an upload */
3281  service_desc_hsdirs_changed(service, desc)) {
3282  service_desc_schedule_upload(desc, now, 0);
3283  }
3284 
3285  /* Can this descriptor be uploaded? */
3286  if (!should_service_upload_descriptor(service, desc, now)) {
3287  continue;
3288  }
3289 
3290  log_info(LD_REND, "Initiating upload for hidden service %s descriptor "
3291  "for service %s with %u/%u introduction points%s.",
3292  (desc == service->desc_current) ? "current" : "next",
3293  safe_str_client(service->onion_address),
3294  digest256map_size(desc->intro_points.map),
3295  service->config.num_intro_points,
3296  (desc->missing_intro_points) ? " (couldn't pick more)" : "");
3297 
3298  /* We are about to upload so we need to do one last step which is to
3299  * update the service's descriptor mutable fields in order to upload a
3300  * coherent descriptor. */
3301  refresh_service_descriptor(service, desc, now);
3302 
3303  /* Proceed with the upload, the descriptor is ready to be encoded. */
3304  upload_descriptor_to_all(service, desc);
3305  } FOR_EACH_DESCRIPTOR_END;
3306  } FOR_EACH_SERVICE_END;
3307 
3308  /* We are done considering whether to republish rend descriptors */
3310 }
3311 
3312 /** Called when the introduction point circuit is done building and ready to be
3313  * used. */
3314 static void
3316 {
3317  hs_service_t *service = NULL;
3318  hs_service_intro_point_t *ip = NULL;
3319  hs_service_descriptor_t *desc = NULL;
3320 
3321  tor_assert(circ);
3322 
3323  /* Let's do some basic sanity checking of the circ state */
3324  if (BUG(!circ->cpath)) {
3325  return;
3326  }
3327  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
3328  return;
3329  }
3330  if (BUG(!circ->hs_ident)) {
3331  return;
3332  }
3333 
3334  /* Get the corresponding service and intro point. */
3335  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3336 
3337  if (service == NULL) {
3338  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3339  "circuit %u. Can't find onion service.",
3340  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3341  TO_CIRCUIT(circ)->n_circ_id);
3342  goto err;
3343  }
3344  if (ip == NULL) {
3345  log_warn(LD_REND, "Unknown introduction point auth key on circuit %u "
3346  "for service %s",
3347  TO_CIRCUIT(circ)->n_circ_id,
3348  safe_str_client(service->onion_address));
3349  goto err;
3350  }
3351  /* We can't have an IP object without a descriptor. */
3352  tor_assert(desc);
3353 
3354  if (hs_circ_service_intro_has_opened(service, ip, desc, circ)) {
3355  /* Getting here means that the circuit has been re-purposed because we
3356  * have enough intro circuit opened. Remove the IP from the service. */
3357  service_intro_point_remove(service, ip);
3358  service_intro_point_free(ip);
3359  }
3360 
3361  goto done;
3362 
3363  err:
3364  /* Close circuit, we can't use it. */
3365  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3366  done:
3367  return;
3368 }
3369 
3370 /** Called when a rendezvous circuit is done building and ready to be used. */
3371 static void
3373 {
3374  hs_service_t *service = NULL;
3375 
3376  tor_assert(circ);
3377  tor_assert(circ->cpath);
3378  /* Getting here means this is a v3 rendezvous circuit. */
3379  tor_assert(circ->hs_ident);
3381 
3382  /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3383  * timestamp regardless of its content because that circuit could have been
3384  * cannibalized so in any cases, we are about to use that circuit more. */
3385  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3387 
3388  /* Get the corresponding service and intro point. */
3389  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3390  if (service == NULL) {
3391  log_warn(LD_REND, "Unknown service identity key %s on the rendezvous "
3392  "circuit %u with cookie %s. Can't find onion service.",
3393  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3394  TO_CIRCUIT(circ)->n_circ_id,
3395  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
3396  REND_COOKIE_LEN));
3397  goto err;
3398  }
3399 
3400  /* If the cell can't be sent, the circuit will be closed within this
3401  * function. */
3402  hs_circ_service_rp_has_opened(service, circ);
3403 
3404  /* Update metrics that we have an established rendezvous circuit. It is not
3405  * entirely true until the client receives the RENDEZVOUS2 cell and starts
3406  * sending but if that circuit collapes, we'll decrement the counter thus it
3407  * will even out the metric. */
3408  if (TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
3410  }
3411 
3412  goto done;
3413 
3414  err:
3415  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3416  done:
3417  return;
3418 }
3419 
3420 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3421  * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3422  * introduction circuit. Return 0 on success else a negative value. */
3423 static int
3425  const uint8_t *payload,
3426  size_t payload_len)
3427 {
3428  hs_service_t *service = NULL;
3429  hs_service_intro_point_t *ip = NULL;
3430 
3431  tor_assert(circ);
3432  tor_assert(payload);
3434 
3435  /* We need the service and intro point for this cell. */
3436  get_objects_from_ident(circ->hs_ident, &service, &ip, NULL);
3437 
3438  /* Get service object from the circuit identifier. */
3439  if (service == NULL) {
3440  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3441  "circuit %u. Can't find onion service.",
3442  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3443  TO_CIRCUIT(circ)->n_circ_id);
3444  goto err;
3445  }
3446  if (ip == NULL) {
3447  /* We don't recognize the key. */
3448  log_warn(LD_REND, "Introduction circuit established without an intro "
3449  "point object on circuit %u for service %s",
3450  TO_CIRCUIT(circ)->n_circ_id,
3451  safe_str_client(service->onion_address));
3452  goto err;
3453  }
3454 
3455  /* Try to parse the payload into a cell making sure we do actually have a
3456  * valid cell. On success, the ip object and circuit purpose is updated to
3457  * reflect the fact that the introduction circuit is established. */
3458  if (hs_circ_handle_intro_established(service, ip, circ, payload,
3459  payload_len) < 0) {
3460  goto err;
3461  }
3462 
3463  /* Update metrics. */
3465 
3466  log_info(LD_REND, "Successfully received an INTRO_ESTABLISHED cell "
3467  "on circuit %u for service %s",
3468  TO_CIRCUIT(circ)->n_circ_id,
3469  safe_str_client(service->onion_address));
3470  return 0;
3471 
3472  err:
3473  return -1;
3474 }
3475 
3476 /** We just received an INTRODUCE2 cell on the established introduction circuit
3477  * circ. Handle the cell and return 0 on success else a negative value. */
3478 static int
3479 service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3480  size_t payload_len)
3481 {
3482  hs_service_t *service = NULL;
3483  hs_service_intro_point_t *ip = NULL;
3484  hs_service_descriptor_t *desc = NULL;
3485 
3486  tor_assert(circ);
3487  tor_assert(payload);
3488  tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
3489 
3490  /* We'll need every object associated with this circuit. */
3491  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3492 
3493  /* Get service object from the circuit identifier. */
3494  if (service == NULL) {
3495  log_warn(LD_BUG, "Unknown service identity key %s when handling "
3496  "an INTRODUCE2 cell on circuit %u",
3497  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3498  TO_CIRCUIT(circ)->n_circ_id);
3499  goto err;
3500  }
3501  if (ip == NULL) {
3502  /* We don't recognize the key. */
3503  log_warn(LD_BUG, "Unknown introduction auth key when handling "
3504  "an INTRODUCE2 cell on circuit %u for service %s",
3505  TO_CIRCUIT(circ)->n_circ_id,
3506  safe_str_client(service->onion_address));
3507  goto err;
3508  }
3509  /* If we have an IP object, we MUST have a descriptor object. */
3510  tor_assert(desc);
3511 
3512  /* The following will parse, decode and launch the rendezvous point circuit.
3513  * Both current and legacy cells are handled. */
3514  if (hs_circ_handle_introduce2(service, circ, ip, &desc->desc->subcredential,
3515  payload, payload_len) < 0) {
3516  goto err;
3517  }
3518  /* Update metrics that a new introduction was successful. */
3519  hs_metrics_new_introduction(service);
3520 
3521  return 0;
3522  err:
3523  return -1;
3524 }
3525 
3526 /** Add to list every filename used by service. This is used by the sandbox
3527  * subsystem. */
3528 static void
3530 {
3531  const char *s_dir;
3532  char fname[128] = {0};
3533 
3534  tor_assert(service);
3535  tor_assert(list);
3536 
3537  /* Ease our life. */
3538  s_dir = service->config.directory_path;
3539  /* The hostname file. */
3540  smartlist_add(list, hs_path_from_filename(s_dir, fname_hostname));
3541  /* The key files split in two. */
3542  tor_snprintf(fname, sizeof(fname), "%s_secret_key", fname_keyfile_prefix);
3543  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3544  tor_snprintf(fname, sizeof(fname), "%s_public_key", fname_keyfile_prefix);
3545  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3546 }
3547 
3548 /** Return true iff the given service identity key is present on disk. */
3549 static int
3550 service_key_on_disk(const char *directory_path)
3551 {
3552  int ret = 0;
3553  char *fname;
3554  ed25519_keypair_t *kp = NULL;
3555 
3556  tor_assert(directory_path);
3557 
3558  /* Build the v3 key path name and then try to load it. */
3559  fname = hs_path_from_filename(directory_path, fname_keyfile_prefix);
3560  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT,
3561  LOG_DEBUG, NULL, 0, 0, 0, NULL, NULL);
3562  if (kp) {
3563  ret = 1;
3564  }
3565 
3566  ed25519_keypair_free(kp);
3567  tor_free(fname);
3568 
3569  return ret;
3570 }
3571 
3572 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3573  * because we need some preprocessing here */
3574 static int
3576  const hs_service_descriptor_t *desc,
3577  const ed25519_keypair_t *signing_kp,
3578  char **encoded_out)
3579 {
3580  int ret;
3581  const uint8_t *descriptor_cookie = NULL;
3582 
3583  tor_assert(service);
3584  tor_assert(desc);
3585  tor_assert(encoded_out);
3586 
3587  /* If the client authorization is enabled, send the descriptor cookie to
3588  * hs_desc_encode_descriptor. Otherwise, send NULL */
3589  if (service->config.is_client_auth_enabled) {
3590  descriptor_cookie = desc->descriptor_cookie;
3591  }
3592 
3593  ret = hs_desc_encode_descriptor(desc->desc, signing_kp,
3594  descriptor_cookie, encoded_out);
3595 
3596  return ret;
3597 }
3598 
3599 /* ========== */
3600 /* Public API */
3601 /* ========== */
3602 
3603 /* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent?
3604  */
3605 static int
3606 hs_service_non_anonymous_mode_consistent(const or_options_t *options)
3607 {
3608  /* !! is used to make these options boolean */
3609  return (!! options->HiddenServiceSingleHopMode ==
3610  !! options->HiddenServiceNonAnonymousMode);
3611 }
3612 
3613 /* Do the options allow onion services to make direct (non-anonymous)
3614  * connections to introduction or rendezvous points?
3615  * Must only be called after options_validate_single_onion() has successfully
3616  * checked onion service option consistency.
3617  * Returns true if tor is in HiddenServiceSingleHopMode. */
3618 int
3619 hs_service_allow_non_anonymous_connection(const or_options_t *options)
3620 {
3621  tor_assert(hs_service_non_anonymous_mode_consistent(options));
3622  return options->HiddenServiceSingleHopMode ? 1 : 0;
3623 }
3624 
3625 /* Do the options allow us to reveal the exact startup time of the onion
3626  * service?
3627  * Single Onion Services prioritise availability over hiding their
3628  * startup time, as their IP address is publicly discoverable anyway.
3629  * Must only be called after options_validate_single_onion() has successfully
3630  * checked onion service option consistency.
3631  * Returns true if tor is in non-anonymous hidden service mode. */
3632 int
3633 hs_service_reveal_startup_time(const or_options_t *options)
3634 {
3635  tor_assert(hs_service_non_anonymous_mode_consistent(options));
3636  return hs_service_non_anonymous_mode_enabled(options);
3637 }
3638 
3639 /* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode
3640  * config option?
3641  * Must only be called after options_validate_single_onion() has successfully
3642  * checked onion service option consistency.
3643  */
3644 int
3645 hs_service_non_anonymous_mode_enabled(const or_options_t *options)
3646 {
3647  tor_assert(hs_service_non_anonymous_mode_consistent(options));
3648  return options->HiddenServiceNonAnonymousMode ? 1 : 0;
3649 }
3650 
3651 /** Called when a circuit was just cleaned up. This is done right before the
3652  * circuit is marked for close. */
3653 void
3655 {
3656  tor_assert(circ);
3658 
3659  switch (circ->purpose) {
3661  /* About to close an established introduction circuit. Update the metrics
3662  * to reflect how many we have at the moment. */
3664  &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3665  break;
3667  /* About to close an established rendezvous circuit. Update the metrics to
3668  * reflect how many we have at the moment. */
3670  &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3671  break;
3672  default:
3673  break;
3674  }
3675 }
3676 
3677 /** This is called every time the service map changes that is if an
3678  * element is added or removed. */
3679 void
3681 {
3682  /* If we now have services where previously we had not, we need to enable
3683  * the HS service main loop event. If we changed to having no services, we
3684  * need to disable the event. */
3686 }
3687 
3688 /** Upload an encoded descriptor in encoded_desc of the given version. This
3689  * descriptor is for the service identity_pk and blinded_pk used to setup the
3690  * directory connection identifier. It is uploaded to the directory hsdir_rs
3691  * routerstatus_t object.
3692  *
3693  * NOTE: This function does NOT check for PublishHidServDescriptors because it
3694  * is only used by the control port command HSPOST outside of this subsystem.
3695  * Inside this code, upload_descriptor_to_hsdir() should be used. */
3696 void
3697 hs_service_upload_desc_to_dir(const char *encoded_desc,
3698  const uint8_t version,
3699  const ed25519_public_key_t *identity_pk,
3700  const ed25519_public_key_t *blinded_pk,
3701  const routerstatus_t *hsdir_rs)
3702 {
3703  char version_str[4] = {0};
3704  directory_request_t *dir_req;
3705  hs_ident_dir_conn_t ident;
3706 
3707  tor_assert(encoded_desc);
3708  tor_assert(identity_pk);
3709  tor_assert(blinded_pk);
3710  tor_assert(hsdir_rs);
3711 
3712  /* Setup the connection identifier. */
3713  memset(&ident, 0, sizeof(ident));
3714  hs_ident_dir_conn_init(identity_pk, blinded_pk, &ident);
3715 
3716  /* This is our resource when uploading which is used to construct the URL
3717  * with the version number: "/tor/hs/<version>/publish". */
3718  tor_snprintf(version_str, sizeof(version_str), "%u", version);
3719 
3720  /* Build the directory request for this HSDir. */
3722  directory_request_set_routerstatus(dir_req, hsdir_rs);
3724  directory_request_set_resource(dir_req, version_str);
3725  directory_request_set_payload(dir_req, encoded_desc,
3726  strlen(encoded_desc));
3727  /* The ident object is copied over the directory connection object once
3728  * the directory request is initiated. */
3729  directory_request_upload_set_hs_ident(dir_req, &ident);
3730 
3731  /* Initiate the directory request to the hsdir.*/
3732  directory_initiate_request(dir_req);
3733  directory_request_free(dir_req);
3734 }
3735 
3736 /** Add the ephemeral service using the secret key sk and ports. Both max
3737  * streams parameter will be set in the newly created service.
3738  *
3739  * Ownership of sk, ports, and auth_clients_v3 is passed to this routine.
3740  * Regardless of success/failure, callers should not touch these values
3741  * after calling this routine, and may assume that correct cleanup has
3742  * been done on failure.
3743  *
3744  * Return an appropriate hs_service_add_ephemeral_status_t. */
3747  int max_streams_per_rdv_circuit,
3748  int max_streams_close_circuit,
3749  smartlist_t *auth_clients_v3, char **address_out)
3750 {
3752  hs_service_t *service = NULL;
3753 
3754  tor_assert(sk);
3755  tor_assert(ports);
3756  tor_assert(address_out);
3757 
3758  service = hs_service_new(get_options());
3759 
3760  /* Setup the service configuration with specifics. A default service is
3761  * HS_VERSION_TWO so explicitly set it. */
3762  service->config.version = HS_VERSION_THREE;
3763  service->config.max_streams_per_rdv_circuit = max_streams_per_rdv_circuit;
3764  service->config.max_streams_close_circuit = !!max_streams_close_circuit;
3765  service->config.is_ephemeral = 1;
3766  smartlist_free(service->config.ports);
3767  service->config.ports = ports;
3768 
3769  /* Handle the keys. */
3770  memcpy(&service->keys.identity_sk, sk, sizeof(service->keys.identity_sk));
3772  &service->keys.identity_sk) < 0) {
3773  log_warn(LD_CONFIG, "Unable to generate ed25519 public key"
3774  "for v3 service.");
3775  ret = RSAE_BADPRIVKEY;
3776  goto err;
3777  }
3778 
3779  if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
3780  log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
3781  ret = RSAE_BADPRIVKEY;
3782  goto err;
3783  }
3784 
3785  /* Make sure we have at least one port. */
3786  if (smartlist_len(service->config.ports) == 0) {
3787  log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
3788  "for v3 service.");
3789  ret = RSAE_BADVIRTPORT;
3790  goto err;
3791  }
3792 
3793  if (auth_clients_v3) {
3794  service->config.clients = smartlist_new();
3795  SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, c, {
3796  if (c != NULL) {
3797  smartlist_add(service->config.clients, c);
3798  }
3799  });
3800  smartlist_free(auth_clients_v3);
3801  }
3802 
3803  /* Build the onion address for logging purposes but also the control port
3804  * uses it for the HS_DESC event. */
3805  hs_build_address(&service->keys.identity_pk,
3806  (uint8_t) service->config.version,
3807  service->onion_address);
3808 
3809  /* The only way the registration can fail is if the service public key
3810  * already exists. */
3811  if (BUG(register_service(hs_service_map, service) < 0)) {
3812  log_warn(LD_CONFIG, "Onion Service private key collides with an "
3813  "existing v3 service.");
3814  ret = RSAE_ADDREXISTS;
3815  goto err;
3816  }
3817 
3818  log_info(LD_CONFIG, "Added ephemeral v3 onion service: %s",
3819  safe_str_client(service->onion_address));
3820 
3821  *address_out = tor_strdup(service->onion_address);
3822  ret = RSAE_OKAY;
3823  goto end;
3824 
3825  err:
3826  hs_service_free(service);
3827 
3828  end:
3829  memwipe(sk, 0, sizeof(ed25519_secret_key_t));
3830  tor_free(sk);
3831  return ret;
3832 }
3833 
3834 /** For the given onion address, delete the ephemeral service. Return 0 on
3835  * success else -1 on error. */
3836 int
3837 hs_service_del_ephemeral(const char *address)
3838 {
3839  uint8_t version;
3841  hs_service_t *service = NULL;
3842 
3843  tor_assert(address);
3844 
3845  if (hs_parse_address(address, &pk, NULL, &version) < 0) {
3846  log_warn(LD_CONFIG, "Requested malformed v3 onion address for removal.");
3847  goto err;
3848  }
3849 
3850  if (version != HS_VERSION_THREE) {
3851  log_warn(LD_CONFIG, "Requested version of onion address for removal "
3852  "is not supported.");
3853  goto err;
3854  }
3855 
3856  service = find_service(hs_service_map, &pk);
3857  if (service == NULL) {
3858  log_warn(LD_CONFIG, "Requested non-existent v3 hidden service for "
3859  "removal.");
3860  goto err;
3861  }
3862 
3863  if (!service->config.is_ephemeral) {
3864  log_warn(LD_CONFIG, "Requested non-ephemeral v3 hidden service for "
3865  "removal.");
3866  goto err;
3867  }
3868 
3869  /* Close introduction circuits, remove from map and finally free. Notice
3870  * that the rendezvous circuits aren't closed in order for any existing
3871  * connections to finish. We let the application terminate them. */
3873  remove_service(hs_service_map, service);
3874  hs_service_free(service);
3875 
3876  log_info(LD_CONFIG, "Removed ephemeral v3 hidden service: %s",
3877  safe_str_client(address));
3878  return 0;
3879 
3880  err:
3881  return -1;
3882 }
3883 
3884 /** Using the ed25519 public key pk, find a service for that key and return the
3885  * current encoded descriptor as a newly allocated string or NULL if not
3886  * found. This is used by the control port subsystem. */
3887 char *
3889 {
3890  const hs_service_t *service;
3891 
3892  tor_assert(pk);
3893 
3894  service = find_service(hs_service_map, pk);
3895  if (service && service->desc_current) {
3896  char *encoded_desc = NULL;
3897  /* No matter what is the result (which should never be a failure), return
3898  * the encoded variable, if success it will contain the right thing else
3899  * it will be NULL. */
3900  service_encode_descriptor(service,
3901  service->desc_current,
3902  &service->desc_current->signing_kp,
3903  &encoded_desc);
3904  return encoded_desc;
3905  }
3906 
3907  return NULL;
3908 }
3909 
3910 /** Return the number of service we have configured and usable. */
3911 MOCK_IMPL(unsigned int,
3913 {
3914  if (hs_service_map == NULL) {
3915  return 0;
3916  }
3917  return HT_SIZE(hs_service_map);
3918 }
3919 
3920 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3921  * the hidden service for the circuit circ, and look up the port and address
3922  * based on the connection port. Assign the actual connection address.
3923  *
3924  * Return 0 on success. Return -1 on failure and the caller should NOT close
3925  * the circuit. Return -2 on failure and the caller MUST close the circuit for
3926  * security reasons. */
3927 int
3929  edge_connection_t *conn)
3930 {
3931  hs_service_t *service = NULL;
3932 
3933  tor_assert(circ);
3934  tor_assert(conn);
3936  tor_assert(circ->hs_ident);
3937 
3938  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3939 
3940  if (service == NULL) {
3941  log_warn(LD_REND, "Unable to find any hidden service associated "
3942  "identity key %s on rendezvous circuit %u.",
3943  ed25519_fmt(&circ->hs_ident->identity_pk),
3944  TO_CIRCUIT(circ)->n_circ_id);
3945  /* We want the caller to close the circuit because it's not a valid
3946  * service so no danger. Attempting to bruteforce the entire key space by
3947  * opening circuits to learn which service is being hosted here is
3948  * impractical. */
3949  goto err_close;
3950  }
3951 
3952  /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3953  * this circuit will exceed the limit. */
3954  if (service->config.max_streams_per_rdv_circuit > 0 &&
3955  (circ->hs_ident->num_rdv_streams >=
3956  service->config.max_streams_per_rdv_circuit)) {
3957 #define MAX_STREAM_WARN_INTERVAL 600
3958  static struct ratelim_t stream_ratelim =
3959  RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
3960  log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
3961  "Maximum streams per circuit limit reached on "
3962  "rendezvous circuit %u for service %s. Circuit has "
3963  "%" PRIu64 " out of %" PRIu64 " streams. %s.",
3964  TO_CIRCUIT(circ)->n_circ_id,
3965  service->onion_address,
3966  circ->hs_ident->num_rdv_streams,
3969  "Closing circuit" : "Ignoring open stream request");
3970  if (service->config.max_streams_close_circuit) {
3971  /* Service explicitly configured to close immediately. */
3972  goto err_close;
3973  }
3974  /* Exceeding the limit makes tor silently ignore the stream creation
3975  * request and keep the circuit open. */
3976  goto err_no_close;
3977  }
3978 
3979  /* Find a virtual port of that service matching the one in the connection if
3980  * successful, set the address in the connection. */
3981  if (hs_set_conn_addr_port(service->config.ports, conn) < 0) {
3982  log_info(LD_REND, "No virtual port mapping exists for port %d for "
3983  "hidden service %s.",
3984  TO_CONN(conn)->port, service->onion_address);
3985  if (service->config.allow_unknown_ports) {
3986  /* Service explicitly allow connection to unknown ports so close right
3987  * away because we do not care about port mapping. */
3988  goto err_close;
3989  }
3990  /* If the service didn't explicitly allow it, we do NOT close the circuit
3991  * here to raise the bar in terms of performance for port mapping. */
3992  goto err_no_close;
3993  }
3994 
3995  /* Success. */
3996  return 0;
3997  err_close:
3998  /* Indicate the caller that the circuit should be closed. */
3999  return -2;
4000  err_no_close:
4001  /* Indicate the caller to NOT close the circuit. */
4002  return -1;
4003 }
4004 
4005 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
4006  * its clients? */
4009 {
4010  hs_service_t *service = find_service(hs_service_map, pk);
4011  if (!service) {
4013  }
4014 
4015  return service->config.circuit_id_protocol;
4016 }
4017 
4018 /** Add to file_list every filename used by a configured hidden service, and to
4019  * dir_list every directory path used by a configured hidden service. This is
4020  * used by the sandbox subsystem to allowlist those. */
4021 void
4023  smartlist_t *dir_list)
4024 {
4025  tor_assert(file_list);
4026  tor_assert(dir_list);
4027 
4028  /* Add files and dirs for v3+. */
4029  FOR_EACH_SERVICE_BEGIN(service) {
4030  /* Skip ephemeral service, they don't touch the disk. */
4031  if (service->config.is_ephemeral) {
4032  continue;
4033  }
4034  service_add_fnames_to_list(service, file_list);
4035  smartlist_add_strdup(dir_list, service->config.directory_path);
4036  smartlist_add_strdup(dir_list, dname_client_pubkeys);
4037  } FOR_EACH_DESCRIPTOR_END;
4038 }
4039 
4040 /** Called when our internal view of the directory has changed. We might have
4041  * received a new batch of descriptors which might affect the shape of the
4042  * HSDir hash ring. Signal that we should reexamine the hash ring and
4043  * re-upload our HS descriptors if needed. */
4044 void
4046 {
4047  if (hs_service_get_num_services() > 0) {
4048  /* New directory information usually goes every consensus so rate limit
4049  * every 30 minutes to not be too conservative. */
4050  static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
4051  log_fn_ratelim(&dir_info_changed_ratelim, LOG_INFO, LD_REND,
4052  "New dirinfo arrived: consider reuploading descriptor");
4054  }
4055 }
4056 
4057 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
4058  * launch a circuit to the rendezvous point. */
4059 int
4060 hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload,
4061  size_t payload_len)
4062 {
4063  int ret = -1;
4064 
4065  tor_assert(circ);
4066  tor_assert(payload);
4067 
4068  /* Do some initial validation and logging before we parse the cell */
4069  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_INTRO) {
4070  log_warn(LD_PROTOCOL, "Received an INTRODUCE2 cell on a "
4071  "non introduction circuit of purpose %d",
4072  TO_CIRCUIT(circ)->purpose);
4073  goto done;
4074  }
4075 
4076  if (circ->hs_ident) {
4077  ret = service_handle_introduce2(circ, payload, payload_len);
4079  }
4080 
4081  done:
4082  return ret;
4083 }
4084 
4085 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
4086  * established introduction point. Return 0 on success else a negative value
4087  * and the circuit is closed. */
4088 int
4090  const uint8_t *payload,
4091  size_t payload_len)
4092 {
4093  int ret = -1;
4094 
4095  tor_assert(circ);
4096  tor_assert(payload);
4097 
4098  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
4099  log_warn(LD_PROTOCOL, "Received an INTRO_ESTABLISHED cell on a "
4100  "non introduction circuit of purpose %d",
4101  TO_CIRCUIT(circ)->purpose);
4102  goto err;
4103  }
4104 
4105  if (circ->hs_ident) {
4106  ret = service_handle_intro_established(circ, payload, payload_len);
4107  }
4108 
4109  if (ret < 0) {
4110  goto err;
4111  }
4112  return 0;
4113  err:
4114  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4115  return -1;
4116 }
4117 
4118 /** Called when any kind of hidden service circuit is done building thus
4119  * opened. This is the entry point from the circuit subsystem. */
4120 void
4122 {
4123  tor_assert(circ);
4124 
4125  switch (TO_CIRCUIT(circ)->purpose) {
4127  if (circ->hs_ident) {
4129  }
4130  break;
4132  if (circ->hs_ident) {
4134  }
4135  break;
4136  default:
4137  tor_assert(0);
4138  }
4139 }
4140 
4141 /** Return the service version by looking at the key in the service directory.
4142  * If the key is not found or unrecognized, -1 is returned. Else, the service
4143  * version is returned. */
4144 int
4146 {
4147  int version = -1; /* Unknown version. */
4148  const char *directory_path;
4149 
4150  tor_assert(service);
4151 
4152  /* We'll try to load the key for version 3. If not found, we'll try version
4153  * 2 and if not found, we'll send back an unknown version (-1). */
4154  directory_path = service->config.directory_path;
4155 
4156  /* Version 3 check. */
4157  if (service_key_on_disk(directory_path)) {
4158  version = HS_VERSION_THREE;
4159  goto end;
4160  }
4161 
4162  end:
4163  return version;
4164 }
4165 
4166 /** Load and/or generate keys for all onion services including the client
4167  * authorization if any. Return 0 on success, -1 on failure. */
4168 int
4170 {
4171  /* Load or/and generate them for v3+. */
4173  /* Ignore ephemeral service, they already have their keys set. */
4174  if (service->config.is_ephemeral) {
4175  continue;
4176  }
4177  log_info(LD_REND, "Loading v3 onion service keys from %s",
4178  service_escaped_dir(service));
4179  if (load_service_keys(service) < 0) {
4180  goto err;
4181  }
4182  } SMARTLIST_FOREACH_END(service);
4183 
4184  /* Final step, the staging list contains service in a quiescent state that
4185  * is ready to be used. Register them to the global map. Once this is over,
4186  * the staging list will be cleaned up. */
4188 
4189  /* All keys have been loaded successfully. */
4190  return 0;
4191  err:
4192  return -1;
4193 }
4194 
4195 /** Log the status of introduction points for all version 3 onion services
4196  * at log severity <b>severity</b>.
4197  */
4198 void
4200 {
4201  origin_circuit_t *circ;
4202 
4204 
4205  tor_log(severity, LD_GENERAL, "Service configured in %s:",
4206  service_escaped_dir(hs));
4207  FOR_EACH_DESCRIPTOR_BEGIN(hs, desc) {
4208 
4209  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
4210  hs_service_intro_point_t *, ip) {
4211  const node_t *intro_node;
4212  const char *nickname;
4213 
4214  intro_node = get_node_from_intro_point(ip);
4215  if (!intro_node) {
4216  tor_log(severity, LD_GENERAL, " Couldn't find intro point, "
4217  "skipping");
4218  continue;
4219  }
4220  nickname = node_get_nickname(intro_node);
4221  if (!nickname) {
4222  continue;
4223  }
4224 
4225  circ = hs_circ_service_get_intro_circ(ip);
4226  if (!circ) {
4227  tor_log(severity, LD_GENERAL, " Intro point at %s: no circuit",
4228  nickname);
4229  continue;
4230  }
4231  tor_log(severity, LD_GENERAL, " Intro point %s: circuit is %s",
4232  nickname, circuit_state_to_string(circ->base_.state));
4233  } DIGEST256MAP_FOREACH_END;
4234 
4235  } FOR_EACH_DESCRIPTOR_END;
4236  } FOR_EACH_SERVICE_END;
4237 }
4238 
4239 /** Put all service object in the given service list. After this, the caller
4240  * looses ownership of every elements in the list and responsible to free the
4241  * list pointer. */
4242 void
4244 {
4245  tor_assert(service_list);
4246  /* This list is freed at registration time but this function can be called
4247  * multiple time. */
4248  if (hs_service_staging_list == NULL) {
4250  }
4251  /* Add all service object to our staging list. Caller is responsible for
4252  * freeing the service_list. */
4254 }
4255 
4256 /** Return a newly allocated list of all the service's metrics store. */
4257 smartlist_t *
4259 {
4260  smartlist_t *list = smartlist_new();
4261 
4262  if (hs_service_map) {
4263  FOR_EACH_SERVICE_BEGIN(service) {
4264  smartlist_add(list, service->metrics.store);
4265  } FOR_EACH_SERVICE_END;
4266  }
4267 
4268  return list;
4269 }
4270 
4271 /** Lookup the global service map for the given identitiy public key and
4272  * return the service object if found, NULL if not. */
4273 hs_service_t *
4275 {
4276  tor_assert(identity_pk);
4277 
4278  if (!hs_service_map) {
4279  return NULL;
4280  }
4281  return find_service(hs_service_map, identity_pk);
4282 }
4283 
4284 /** Allocate and initialize a service object. The service configuration will
4285  * contain the default values. Return the newly allocated object pointer. This
4286  * function can't fail. */
4287 hs_service_t *
4289 {
4290  hs_service_t *service = tor_malloc_zero(sizeof(hs_service_t));
4291  /* Set default configuration value. */
4292  set_service_default_config(&service->config, options);
4293  /* Set the default service version. */
4295  /* Allocate the CLIENT_PK replay cache in service state. */
4296  service->state.replay_cache_rend_cookie =
4298 
4299  return service;
4300 }
4301 
4302 /** Free the given <b>service</b> object and all its content. This function
4303  * also takes care of wiping service keys from memory. It is safe to pass a
4304  * NULL pointer. */
4305 void
4307 {
4308  if (service == NULL) {
4309  return;
4310  }
4311 
4312  /* Free descriptors. Go over both descriptor with this loop. */
4313  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
4314  service_descriptor_free(desc);
4315  } FOR_EACH_DESCRIPTOR_END;
4316 
4317  /* Free service configuration. */
4318  service_clear_config(&service->config);
4319 
4320  /* Free replay cache from state. */
4321  if (service->state.replay_cache_rend_cookie) {
4323  }
4324 
4325  /* Free onionbalance subcredentials (if any) */
4326  if (service->state.ob_subcreds) {
4327  tor_free(service->state.ob_subcreds);
4328  }
4329 
4330  /* Free metrics object. */
4331  hs_metrics_service_free(service);
4332 
4333  /* Wipe service keys. */
4334  memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk));
4335 
4336  tor_free(service);
4337 }
4338 
4339 /** Periodic callback. Entry point from the main loop to the HS service
4340  * subsystem. This is call every second. This is skipped if tor can't build a
4341  * circuit or the network is disabled. */
4342 void
4344 {
4345  /* First thing we'll do here is to make sure our services are in a
4346  * quiescent state for the scheduled events. */
4348 
4349  /* Order matters here. We first make sure the descriptor object for each
4350  * service contains the latest data. Once done, we check if we need to open
4351  * new introduction circuit. Finally, we try to upload the descriptor for
4352  * each service. */
4353 
4354  /* Make sure descriptors are up to date. */
4356  /* Make sure services have enough circuits. */
4358  /* Upload the descriptors if needed/possible. */
4360 }
4361 
4362 /** Initialize the service HS subsystem. */
4363 void
4365 {
4366  /* Should never be called twice. */
4369 
4370  hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht));
4371  HT_INIT(hs_service_ht, hs_service_map);
4372 
4374 }
4375 
4376 /** Release all global storage of the hidden service subsystem. */
4377 void
4379 {
4380  service_free_all();
4382 }
4383 
4384 #ifdef TOR_UNIT_TESTS
4385 
4386 /** Return the global service map size. Only used by unit test. */
4387 STATIC unsigned int
4388 get_hs_service_map_size(void)
4389 {
4390  return HT_SIZE(hs_service_map);
4391 }
4392 
4393 /** Return the staging list size. Only used by unit test. */
4394 STATIC int
4395 get_hs_service_staging_list_size(void)
4396 {
4397  return smartlist_len(hs_service_staging_list);
4398 }
4399 
4400 STATIC hs_service_ht *
4401 get_hs_service_map(void)
4402 {
4403  return hs_service_map;
4404 }
4405 
4407 get_first_service(void)
4408 {
4409  hs_service_t **obj = HT_START(hs_service_ht, hs_service_map);
4410  if (obj == NULL) {
4411  return NULL;
4412  }
4413  return *obj;
4414 }
4415 
4416 #endif /* defined(TOR_UNIT_TESTS) */
client_filename_is_valid
STATIC int client_filename_is_valid(const char *filename)
Definition: hs_service.c:1099
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
intro_point_should_expire
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2366
hs_service_t::config
hs_service_config_t config
Definition: hs_service.h:316
crypto_rand_int_range
int crypto_rand_int_range(unsigned int min, unsigned int max)
Definition: crypto_rand_numeric.c:71
rotate_all_descriptors
STATIC void rotate_all_descriptors(time_t now)
Definition: hs_service.c:2601
hs_config_free_all
void hs_config_free_all(void)
Definition: hs_config.c:693
tor_free
#define tor_free(p)
Definition: malloc.h:52
service_authorized_client_free_
void service_authorized_client_free_(hs_service_authorized_client_t *client)
Definition: hs_service.c:1326
hs_service.h
Header file containing service data for the HS subsystem.
CURVE25519_PUBKEY_LEN
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
LOG_DEBUG
#define LOG_DEBUG
Definition: log.h:42
close_service_rp_circuits
static void close_service_rp_circuits(hs_service_t *service)
Definition: hs_service.c:766
hs_stats_note_introduce2_cell
void hs_stats_note_introduce2_cell(void)
Definition: hs_stats.c:20
tor_free_
void tor_free_(void *mem)
Definition: malloc.c:227
smartlist_split_string
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Definition: smartlist_split.c:37
FOR_EACH_SERVICE_BEGIN
#define FOR_EACH_SERVICE_BEGIN(var)
Definition: hs_service.c:75
hs_service_intro_point_t::base
hs_intropoint_t base
Definition: hs_service.h:47
hex_str
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
parse_authorized_client
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
Definition: hs_service.c:1165
ht_free_service_
static int ht_free_service_(struct hs_service_t *service, void *data)
Definition: hs_service.c:389
circuit_t::purpose
uint8_t purpose
Definition: circuit_st.h:111
service_intro_point_free_void
static void service_intro_point_free_void(void *obj)
Definition: hs_service.c:438
move_hs_state
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
Definition: hs_service.c:882
INTRO_CIRC_RETRY_PERIOD
#define INTRO_CIRC_RETRY_PERIOD
Definition: hs_common.h:38
setup_desc_intro_point
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
Definition: hs_service.c:1599
service_authorized_client_dup
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
Definition: hs_service.c:1371
HS_DESC_CERT_LIFETIME
#define HS_DESC_CERT_LIFETIME
Definition: hs_descriptor.h:38
hs_service_receive_introduce2
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:4060
refresh_service_descriptor
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3246
hs_ident.h
Header file containing circuit and connection identifier data for the whole HS subsystem.
close_directory_connections
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:732
memwipe
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
hs_service_staging_list
static smartlist_t * hs_service_staging_list
Definition: hs_service.c:106
smartlist_add_strdup
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
Definition: smartlist_core.c:137
upload_descriptor_to_hsdir
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2857
INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
Definition: or.h:956
directory_initiate_request
void directory_initiate_request(directory_request_t *request)
Definition: dirclient.c:1190
hs_service_exports_circuit_id
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:4008
approx_time
time_t approx_time(void)
Definition: approx_time.c:32
ed25519_validate_pubkey
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:796
MOCK_IMPL
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
hs_circ_service_rp_has_opened
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
Definition: hs_circuit.c:789
hs_service_init
void hs_service_init(void)
Definition: hs_service.c:4364
crypto_ope_t
Definition: crypto_ope.c:41
hs_service_free_
void hs_service_free_(hs_service_t *service)
Definition: hs_service.c:4306
hs_ident_dir_conn_t::blinded_pk
ed25519_public_key_t blinded_pk
Definition: hs_ident.h:95
hs_service_t::desc_next
hs_service_descriptor_t * desc_next
Definition: hs_service.h:321
sr_state_get_start_time_of_previous_protocol_run
time_t sr_state_get_start_time_of_previous_protocol_run(void)
Definition: shared_random_client.c:290
hs_set_conn_addr_port
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:606
hs_desc_encrypted_data_t
Definition: hs_descriptor.h:158
DIGESTMAP_FOREACH_MODIFY
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
Definition: map.h:165
hs_service_intropoints_t
Definition: hs_service.h:93
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
hs_desc_intro_point_t::link_specifiers
smartlist_t * link_specifiers
Definition: hs_descriptor.h:102
crypto_ope.h
header for crypto_ope.c
CONN_TYPE_DIR
#define CONN_TYPE_DIR
Definition: connection.h:55
microdesc.h
Header file for microdesc.c.
crypto_pk_new
crypto_pk_t * crypto_pk_new(void)
Definition: crypto_rsa_nss.c:165
LD_BUG
#define LD_BUG
Definition: log.h:86
ed25519_keypair_generate
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
Definition: crypto_ed25519.c:214
ed25519_pubkey_eq
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Definition: crypto_ed25519.c:642
ed_key_init_from_file
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Definition: loadkey.c:379
hs_get_next_time_period_num
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:306
hs_ident_circuit_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
fast_mem_is_zero
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
get_node_from_intro_point
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:668
circuituse.h
Header file for circuituse.c.
HS_CIRCUIT_ID_PROTOCOL_NONE
@ HS_CIRCUIT_ID_PROTOCOL_NONE
Definition: hs_service.h:196
close_intro_circuits
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
Definition: hs_service.c:796
count_desc_circuit_established
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
Definition: hs_service.c:715
MAX_INTRO_POINT_CIRCUIT_RETRIES
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
Definition: or.h:977
LD_GENERAL
#define LD_GENERAL
Definition: log.h:62
INTRO_POINT_LIFETIME_MAX_SECONDS
#define INTRO_POINT_LIFETIME_MAX_SECONDS
Definition: or.h:972
hs_in_period_between_tp_and_srv
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:987
base16_encode
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
DIGESTMAP_FOREACH_END
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
DIR_PURPOSE_UPLOAD_HSDESC
#define DIR_PURPOSE_UPLOAD_HSDESC
Definition: directory.h:67
service_desc_note_upload
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2276
loadkey.h
Header file for loadkey.c.
crypto_pk_dup_key
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Definition: crypto_rsa_nss.c:351
describe.h
Header file for describe.c.
hs_service_receive_intro_established
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:4089
hs_metrics_new_established_intro
#define hs_metrics_new_established_intro(s)
Definition: hs_metrics.h:62
get_max_intro_circ_per_period
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
Definition: hs_service.c:2743
smartlist_add_all
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
Definition: smartlist_core.c:125
HS_SERVICE_NEXT_UPLOAD_TIME_MIN
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
Definition: hs_service.h:34
hs_desc_build_fake_authorized_client
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
Definition: hs_descriptor.c:2864
pathbias_count_use_attempt
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
get_extend_info_from_intro_point
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
Definition: hs_service.c:688
build_service_desc_encrypted
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1753
node_get_by_id
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
service_encode_descriptor
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
Definition: hs_service.c:3575
hs_service_config_t::has_dos_defense_enabled
unsigned int has_dos_defense_enabled
Definition: hs_service.h:259
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
hs_descriptor_t::plaintext_data
hs_desc_plaintext_data_t plaintext_data
Definition: hs_descriptor.h:228
hs_service_ht_hash
static unsigned int hs_service_ht_hash(const hs_service_t *service)
Definition: hs_service.c:140
run_housekeeping_event
STATIC void run_housekeeping_event(time_t now)
Definition: hs_service.c:2631
hs_service_map_has_changed
void hs_service_map_has_changed(void)
Definition: hs_service.c:3680
hs_service_descriptor_t::previous_hsdirs
smartlist_t * previous_hsdirs
Definition: hs_service.h:173
hs_desc_plaintext_data_t::version
uint32_t version
Definition: hs_descriptor.h:196
replaycache_new
replaycache_t * replaycache_new(time_t horizon, time_t interval)
Definition: replaycache.c:47
LOG_DESC_UPLOAD_REASON_MAX
#define LOG_DESC_UPLOAD_REASON_MAX
Definition: hs_service.c:3102
hs_desc_plaintext_data_t::signing_pubkey
ed25519_public_key_t signing_pubkey
Definition: hs_descriptor.h:207
service_clear_config
STATIC void service_clear_config(hs_service_config_t *config)
Definition: hs_service.c:259
hs_service_del_ephemeral
int hs_service_del_ephemeral(const char *address)
Definition: hs_service.c:3837
ed25519_public_key_is_zero
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:227
routerstatus_t
Definition: routerstatus_st.h:19
ed25519_pubkey_copy
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
Definition: crypto_ed25519.c:654
hs_build_blinded_keypair
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:951
HS_SERVICE_NEXT_UPLOAD_TIME_MAX
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
Definition: hs_service.h:36
hs_service_intropoints_t::map
digest256map_t * map
Definition: hs_service.h:104
close_service_circuits
static void close_service_circuits(hs_service_t *service)
Definition: hs_service.c:825
hs_build_address
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:901
hs_service_config_t::ob_master_pubkeys
smartlist_t * ob_master_pubkeys
Definition: hs_service.h:265
hs_service_config_t::is_single_onion
unsigned int is_single_onion
Definition: hs_service.h:246
write_address_to_file
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
Definition: hs_service.c:982
HS_DESC_DEFAULT_LIFETIME
#define HS_DESC_DEFAULT_LIFETIME
Definition: hs_descriptor.h:29
hs_service_circuit_cleanup_on_close
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_service.c:3654
hs_service_state_t
Definition: hs_service.h:269
set_service_default_config
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
Definition: hs_service.c:237
service_handle_intro_established
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3424
ED25519_PUBKEY_LEN
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
hs_metrics_service_init
void hs_metrics_service_init(hs_service_t *service)
Definition: hs_metrics.c:148
crypto_digest_add_bytes
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
Definition: crypto_digest_nss.c:308
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
hs_desc_intro_point_t::auth_key_cert
tor_cert_t * auth_key_cert
Definition: hs_descriptor.h:111
hs_circ_service_get_intro_circ
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:595
crypto_digest_t
Definition: crypto_digest_nss.c:166
HS_SERVICE_DEFAULT_VERSION
#define HS_SERVICE_DEFAULT_VERSION
Definition: hs_service.h:30
hs_desc_superencrypted_data_t::clients
smartlist_t * clients
Definition: hs_descriptor.h:183
hs_service_config_t::dir_group_readable
unsigned int dir_group_readable
Definition: hs_service.h:250
tor_snprintf
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
CIRCUIT_IS_ORIGIN
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:146
hs_control_desc_event_upload
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Definition: hs_control.c:133
hs_service_find
hs_service_t * hs_service_find(const ed25519_public_key_t *identity_pk)
Definition: hs_service.c:4274
hs_service_descriptor_t::desc
hs_descriptor_t * desc
Definition: hs_service.h:155
statefile.h
Header for statefile.c.
hs_desc_encrypted_data_t::single_onion_service
unsigned int single_onion_service
Definition: hs_descriptor.h:168
strcmpend
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:251
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
hs_service_descriptor_t::auth_ephemeral_kp
curve25519_keypair_t auth_ephemeral_kp
Definition: hs_service.h:132
hs_metrics.h
Header for feature/hs/hs_metrics.c.
extend_info_describe
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:224
ed25519_public_key_generate
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
Definition: crypto_ed25519.c:202
hs_service_run_scheduled_events
void hs_service_run_scheduled_events(time_t now)
Definition: hs_service.c:4343
hs_circ_handle_introduce2
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:934
hs_service_t::state
hs_service_state_t state
Definition: hs_service.h:310
hs_desc_intro_point_t::legacy
struct hs_desc_intro_point_t::@16 legacy
hs_desc_encrypted_data_t::intro_auth_types
smartlist_t * intro_auth_types
Definition: hs_descriptor.h:165
hs_service_descriptor_t::missing_intro_points
unsigned int missing_intro_points
Definition: hs_service.h:167
hs_circ_launch_intro_point
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
Definition: hs_circuit.c:663
base32_decode
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
hs_intropoint_t::link_specifiers
smartlist_t * link_specifiers
Definition: hs_intropoint.h:24
build_service_desc_plaintext
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1867
networkstatus.h
Header file for networkstatus.c.
hs_service_state_t::replay_cache_rend_cookie
replaycache_t * replay_cache_rend_cookie
Definition: hs_service.h:284
hsdir_index_t::store_first
uint8_t store_first[DIGEST256_LEN]
Definition: hsdir_index_st.h:24
should_service_upload_descriptor
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3163
ed25519_public_key_from_curve25519_public_key
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
Definition: crypto_ed25519.c:493
hs_service_intro_point_t::time_to_expire
time_t time_to_expire
Definition: hs_service.h:74
replaycache_free
#define replaycache_free(r)
Definition: replaycache.h:42
hs_service_set_conn_addr_port
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
Definition: hs_service.c:3928
ed25519_fmt
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
Definition: crypto_format.c:193
crypto_util.h
Common functions for cryptographic routines.
hs_service_add_ephemeral_status_t
hs_service_add_ephemeral_status_t
Definition: hs_common.h:139
build_service_desc_keys
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1919
service_descriptor_free_
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
Definition: hs_service.c:1337
hs_service_config_t::directory_path
char * directory_path
Definition: hs_service.h:218
hs_intropoint_t::is_only_legacy
unsigned int is_only_legacy
Definition: hs_intropoint.h:19
remove_service
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:208
hs_service_stage_services
void hs_service_stage_services(const smartlist_t *service_list)
Definition: hs_service.c:4243
hs_service_intro_point_t::enc_key_kp
curve25519_keypair_t enc_key_kp
Definition: hs_service.h:58
circuitlist.h
Header file for circuitlist.c.
hs_desc_intro_point_t::enc_key
curve25519_public_key_t enc_key
Definition: hs_descriptor.h:114
mainloop.h
Header file for mainloop.c.
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
hs_ob_refresh_keys
void hs_ob_refresh_keys(hs_service_t *service)
Definition: hs_ob.c:365
launch_intro_point_circuits
static void launch_intro_point_circuits(hs_service_t *service)
Definition: hs_service.c:2686
build_desc_intro_points
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1688
hs_desc_superencrypted_data_t::auth_ephemeral_pubkey
curve25519_public_key_t auth_ephemeral_pubkey
Definition: hs_descriptor.h:179
hs_service_intro_point_t::support_intro2_dos_defense
unsigned int support_intro2_dos_defense
Definition: hs_service.h:89
hs_desc_plaintext_data_t::revision_counter
uint64_t revision_counter
Definition: hs_descriptor.h:216
rotate_service_descriptors
static void rotate_service_descriptors(hs_service_t *service)
Definition: hs_service.c:2580
rate_limit_log
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
hs_service_lists_fnames_for_sandbox
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
Definition: hs_service.c:4022
service_free_all
static void service_free_all(void)
Definition: hs_service.c:401
HS_DESC_AUTH_CLIENT_MULTIPLE
#define HS_DESC_AUTH_CLIENT_MULTIPLE
Definition: hs_descriptor.h:66
build_descriptors_for_new_service
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
Definition: hs_service.c:2042
crypto_format.h
Header for crypto_format.c.
RSAE_BADVIRTPORT
@ RSAE_BADVIRTPORT
Definition: hs_common.h:141
parse_authorized_client_key
hs_service_authorized_client_t * parse_authorized_client_key(const char *key_str, int severity)
Definition: hs_service.c:1122
hs_service_authorized_client_t::client_pk
curve25519_public_key_t client_pk
Definition: hs_service.h:190
register_service
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:182
service_intro_point_find
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
Definition: hs_service.c:558
hs_intropoint_clear
void hs_intropoint_clear(hs_intropoint_t *ip)
Definition: hs_intropoint.c:790
hs_descriptor_clear_intro_points
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
Definition: hs_descriptor.c:2946
hs_service_free_all
void hs_service_free_all(void)
Definition: hs_service.c:4378
hs_metrics_service_free
void hs_metrics_service_free(hs_service_t *service)
Definition: hs_metrics.c:164
hs_ident_circuit_t::intro_auth_pk
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
LD_FS
#define LD_FS
Definition: log.h:70
hs_get_previous_time_period_num
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:315
hs_service_add_ephemeral
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, smartlist_t *auth_clients_v3, char **address_out)
Definition: hs_service.c:3746
load_client_keys
static int load_client_keys(hs_service_t *service)
Definition: hs_service.c:1224
hs_path_from_filename
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:178
hs_service_config_t::is_client_auth_enabled
unsigned int is_client_auth_enabled
Definition: hs_service.h:234
service_intro_point_add
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
Definition: hs_service.c:525
hs_service_state_t::intro_circ_retry_started_time
time_t intro_circ_retry_started_time
Definition: hs_service.h:273
service_intro_point_free_
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
Definition: hs_service.c:422
service_add_fnames_to_list
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
Definition: hs_service.c:3529
service_authorized_client_cmp
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
Definition: hs_service.c:1391
node_t
Definition: node_st.h:34
origin_circuit_t
Definition: origin_circuit_st.h:79
directory_request_set_routerstatus
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
Definition: dirclient.c:1117
directory_request_set_payload
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
Definition: dirclient.c:1026
hs_ident_dir_conn_init
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Definition: hs_ident.c:69
hs_descriptor_t::superencrypted_data
hs_desc_superencrypted_data_t superencrypted_data
Definition: hs_descriptor.h:233
hs_service_upload_desc_to_dir
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
Definition: hs_service.c:3697
hs_stats.h
Header file for hs_stats.c.
generate_ope_cipher_for_desc
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
Definition: hs_service.c:1898
hs_desc_intro_point_t::key
crypto_pk_t * key
Definition: hs_descriptor.h:126
build_desc_signing_key_cert
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1724
service_intro_point_remove
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:540
NUM_INTRO_POINTS_DEFAULT
#define NUM_INTRO_POINTS_DEFAULT
Definition: hs_common.h:30
tor_cert_create_ed25519
tor_cert_t * tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:131
crypto_strongest_rand
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:340
compare_service_authorzized_client_
static int compare_service_authorzized_client_(const void **_a, const void **_b)
Definition: hs_service.c:1406
directory.h
Header file for directory.c.
register_all_services
static void register_all_services(void)
Definition: hs_service.c:915
crypto_pk_get_digest
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
extend_info_from_node
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
Definition: extendinfo.c:92
node_supports_ed25519_hs_intro
bool node_supports_ed25519_hs_intro(const node_t *node)
Definition: nodelist.c:1261
hs_desc_authorized_client_t
Definition: hs_descriptor.h:143
run_build_descriptor_event
static void run_build_descriptor_event(time_t now)
Definition: hs_service.c:2666
ed25519_public_key_t
Definition: crypto_ed25519.h:23
node_supports_establish_intro_dos_extension
bool node_supports_establish_intro_dos_extension(const node_t *node)
Definition: nodelist.c:1286
or_options_t::ExcludeNodes
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:120
hs_service_config_t::version
uint32_t version
Definition: hs_service.h:208
REND_COOKIE_LEN
#define REND_COOKIE_LEN
Definition: or.h:341
hs_service_intro_point_t::legacy_key_digest
uint8_t legacy_key_digest[DIGEST_LEN]
Definition: hs_service.h:65
networkstatus_get_reasonably_live_consensus
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
Definition: networkstatus.c:1477
hs_check_service_private_dir
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:200
LD_REND
#define LD_REND
Definition: log.h:84
escaped
const char * escaped(const char *s)
Definition: escape.c:126
usable_consensus_flavor
int usable_consensus_flavor(void)
Definition: microdesc.c:1086
hs_service_intro_point_t::introduce2_count
uint64_t introduce2_count
Definition: hs_service.h:68
hs_service_get_metrics_stores
smartlist_t * hs_service_get_metrics_stores(void)
Definition: hs_service.c:4258
hs_desc_intro_point_t::enc_key_cert
tor_cert_t * enc_key_cert
Definition: hs_descriptor.h:119
hs_circ_service_get_established_intro_circ
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:606
build_service_desc_superencrypted
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1784
hs_service_config_t
Definition: hs_service.h:205
hs_desc_plaintext_data_t::blinded_pubkey
ed25519_public_key_t blinded_pubkey
Definition: hs_descriptor.h:211
hs_circuit_id_protocol_t
hs_circuit_id_protocol_t
Definition: hs_service.h:194
log_cant_upload_desc
static void log_cant_upload_desc(const hs_service_t *service, const hs_service_descriptor_t *desc, const char *msg, const log_desc_upload_reason_t reason)
Definition: hs_service.c:3113
get_intro_point_min_introduce2
static int32_t get_intro_point_min_introduce2(void)
Definition: hs_service.c:319
crypto_ope_encrypt
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
Definition: crypto_ope.c:165
curve25519_keypair_generate
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
Definition: crypto_curve25519.c:190
hs_desc_plaintext_data_t
Definition: hs_descriptor.h:193
get_intro_point_min_lifetime
static int32_t get_intro_point_min_lifetime(void)
Definition: hs_service.c:344
circuit_t
Definition: circuit_st.h:61
nodelist.h
Header file for nodelist.c.
hs_control.h
Header file containing control port event related code.
cleanup_intro_points
static void cleanup_intro_points(hs_service_t *service, time_t now)
Definition: hs_service.c:2450
hs_service_descriptor_t::signing_kp
ed25519_keypair_t signing_kp
Definition: hs_service.h:139
hs_ident_dir_conn_t
Definition: hs_ident.h:87
hs_descriptor_t
Definition: hs_descriptor.h:226
have_completed_a_circuit
int have_completed_a_circuit(void)
Definition: mainloop.c:218
hs_desc_intro_point_t::cert
struct hs_desc_intro_point_t::@16::@17 cert
hs_port_config_t
Definition: hs_common.h:150
hs_desc_superencrypted_data_free_contents
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)
Definition: hs_descriptor.c:2712
should_remove_intro_point
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2396
smartlist_contains_string
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
hs_service_intro_point_t::onion_key
curve25519_public_key_t onion_key
Definition: hs_service.h:51
hs_desc_build_authorized_client
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
Definition: hs_descriptor.c:2883
LD_CONFIG
#define LD_CONFIG
Definition: log.h:68
BASE64_DIGEST_LEN
#define BASE64_DIGEST_LEN
Definition: crypto_digest.h:26
DIGEST256_LEN
#define DIGEST256_LEN
Definition: digest_sizes.h:23
node_select.h
Header file for node_select.c.
extendinfo.h
Header for core/or/extendinfo.c.
hsdir_index_t::store_second
uint8_t store_second[DIGEST256_LEN]
Definition: hsdir_index_st.h:26
hs_desc_intro_point_t::onion_key
curve25519_public_key_t onion_key
Definition: hs_descriptor.h:106
hs_service_config_t::allow_unknown_ports
unsigned int allow_unknown_ports
Definition: hs_service.h:242
ed25519_secret_key_t::seckey
uint8_t seckey[ED25519_SECKEY_LEN]
Definition: crypto_ed25519.h:35
hs_service_keys_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_service.h:179
write_str_to_file_if_not_equal
int write_str_to_file_if_not_equal(const char *fname, const char *str)
Definition: files.c:743
RSAE_BADPRIVKEY
@ RSAE_BADPRIVKEY
Definition: hs_common.h:143
service_desc_schedule_upload
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
Definition: hs_service.c:2293
hs_service_descriptor_t::blinded_kp
ed25519_keypair_t blinded_kp
Definition: hs_service.h:143
consider_republishing_hs_descriptors
static int consider_republishing_hs_descriptors
Definition: hs_service.c:111
crypto_digest256_new
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:272
connection_t
Definition: connection_st.h:45
hs_service_state_t::next_rotation_time
time_t next_rotation_time
Definition: hs_service.h:288
pick_needed_intro_points
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2187
hs_service_config_t::num_intro_points
unsigned int num_intro_points
Definition: hs_service.h:231
crypto_ope_new
crypto_ope_t * crypto_ope_new(const uint8_t *key)
Definition: crypto_ope.c:129
get_intro_point_num_extra
static int32_t get_intro_point_num_extra(void)
Definition: hs_service.c:378
directory_request_upload_set_hs_ident
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Definition: dirclient.c:1066
hs_ident_dir_conn_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_ident.h:90
hs_service_config_t::max_streams_close_circuit
unsigned int max_streams_close_circuit
Definition: hs_service.h:227
service_intro_point_new
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
Definition: hs_service.c:452
LOG_INFO
#define LOG_INFO
Definition: log.h:45
run_upload_descriptor_event
STATIC void run_upload_descriptor_event(time_t now)
Definition: hs_service.c:3273
crypto_rand.h
Common functions for using (pseudo-)random number generators.
remove_expired_failing_intro
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
Definition: hs_service.c:1535
hs_service_intropoints_t::failed_id
digestmap_t * failed_id
Definition: hs_service.h:110
hs_service_dir_info_changed
void hs_service_dir_info_changed(void)
Definition: hs_service.c:4045
get_options
const or_options_t * get_options(void)
Definition: config.c:917
or_state_st.h
The or_state_t structure, which represents Tor's state file.
service_intro_circ_has_opened
static void service_intro_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3315
tor_make_rsa_ed25519_crosscert
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
Definition: torcert.c:331
tor_memcmp
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
set_descriptor_revision_counter
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
Definition: hs_service.c:2926
link_specifier_dup
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1751
pick_intro_point
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
Definition: hs_service.c:2137
service_desc_clear_previous_hsdirs
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
Definition: hs_service.c:2264
circuitbuild.h
Header file for circuitbuild.c.
CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
hs_service_t
Definition: hs_service.h:300
curve25519_public_key_is_ok
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
Definition: crypto_curve25519.c:132
hs_get_responsible_hsdirs
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1224
log_desc_upload_reason_t
log_desc_upload_reason_t
Definition: hs_service.c:3092
hs_service_intro_point_t::introduce2_max
uint64_t introduce2_max
Definition: hs_service.h:71
hs_service_t::keys
hs_service_keys_t keys
Definition: hs_service.h:313
smartlist_clear
void smartlist_clear(smartlist_t *sl)
Definition: smartlist_core.c:50
directory_request_set_resource
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1015
hs_service_state_t::num_intro_circ_launched
unsigned int num_intro_circ_launched
Definition: hs_service.h:277
crypto_digest_free
#define crypto_digest_free(d)
Definition: crypto_digest.h:130
extend_info_st.h
Extend-info structure.
routerstatus_st.h
Routerstatus (consensus entry) structure.
node_describe
const char * node_describe(const node_t *node)
Definition: describe.c:160
service_desc_hsdirs_changed
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:3054
hs_common.h
Header file containing common data for the whole HS subsystem.
upload_descriptor_to_all
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2997
curve25519_public_key_t
Definition: crypto_curve25519.h:24
edge_connection_st.h
Edge-connection structure.
origin_circuit_t::cpath
crypt_path_t * cpath
Definition: origin_circuit_st.h:129
hs_circ_service_intro_has_opened
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
Definition: hs_circuit.c:721
or_options_t::HiddenServiceSingleHopMode
int HiddenServiceSingleHopMode
Definition: or_options_st.h:335
hs_desc_intro_point_new
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
Definition: hs_descriptor.c:2835
move_descriptors
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
Definition: hs_service.c:1477
service_handle_introduce2
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3479
relay.h
Header file for relay.c.
RSAE_ADDREXISTS
@ RSAE_ADDREXISTS
Definition: hs_common.h:142
connection.h
Header file for connection.c.
hs_desc_plaintext_data_t::signing_key_cert
tor_cert_t * signing_key_cert
Definition: hs_descriptor.h:203
describe_intro_point
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:289
hs_service_descriptor_t::time_period_num
uint64_t time_period_num
Definition: hs_service.h:147
remember_failing_intro_point
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1573
hs_service_load_all_keys
int hs_service_load_all_keys(void)
Definition: hs_service.c:4169
confline.h
Header for confline.c.
CIRCUIT_PURPOSE_S_CONNECT_REND
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:107
get_objects_from_ident
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
Definition: hs_service.c:615
hs_service_descriptor_t::descriptor_cookie
uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN]
Definition: hs_service.h:136
directory_request_new
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:919
smartlist_shuffle
void smartlist_shuffle(smartlist_t *sl)
Definition: crypto_rand.c:602
build_service_descriptor
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
Definition: hs_service.c:1983
hs_service_new
hs_service_t * hs_service_new(const or_options_t *options)
Definition: hs_service.c:4288
hs_desc_encrypted_data_t::create2_ntor
unsigned int create2_ntor
Definition: hs_descriptor.h:161
networkstatus_t::valid_after
time_t valid_after
Definition: networkstatus_st.h:33
nickname.h
Header file for nickname.c.
hs_config.h
Header file containing configuration ABI/API for the HS subsystem.
service_key_on_disk
static int service_key_on_disk(const char *directory_path)
Definition: hs_service.c:3550
hs_ident_circuit_t
Definition: hs_ident.h:42
dirclient.h
Header file for dirclient.c.
CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:101
tor_asprintf
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
hs_service_intro_point_t::auth_key_kp
ed25519_keypair_t auth_key_kp
Definition: hs_service.h:55
hs_service_descriptor_t
Definition: hs_service.h:130
hs_service_intro_point_t::replay_cache
replaycache_t * replay_cache
Definition: hs_service.h:85
hs_get_time_period_num
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:269
CIRCUIT_PURPOSE_S_INTRO
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:104
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
hs_ident_circuit_t::rendezvous_cookie
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
log_fn_ratelim
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:288
node_get_nickname
const char * node_get_nickname(const node_t *node)
Definition: nodelist.c:1450
run_build_circuit_event
static void run_build_circuit_event(time_t now)
Definition: hs_service.c:2831
SMARTLIST_DEL_CURRENT
#define SMARTLIST_DEL_CURRENT(sl, var)
Definition: smartlist_foreach.h:120
HS_VERSION_THREE
#define HS_VERSION_THREE
Definition: hs_common.h:23
hs_service_config_t::circuit_id_protocol
hs_circuit_id_protocol_t circuit_id_protocol
Definition: hs_service.h:256
load_service_keys
static int load_service_keys(hs_service_t *service)
Definition: hs_service.c:1025
service_rendezvous_circ_has_opened
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3372
dir_connection_st.h
Client/server directory connection structure.
sr_state_get_start_time_of_current_protocol_run
time_t sr_state_get_start_time_of_current_protocol_run(void)
Definition: shared_random_client.c:245
MAP_DEL_CURRENT
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:140
HEX_DIGEST_LEN
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
LOG_WARN
#define LOG_WARN
Definition: log.h:53
node_st.h
Node information structure.
hs_service_config_t::ports
smartlist_t * ports
Definition: hs_service.h:214
hs_desc_encrypted_data_t::intro_points
smartlist_t * intro_points
Definition: hs_descriptor.h:171
router_have_consensus_path
consensus_path_type_t router_have_consensus_path(void)
Definition: nodelist.c:2460
hs_service_descriptor_t::ope_cipher
struct crypto_ope_t * ope_cipher
Definition: hs_service.h:151
hs_descriptor_t::encrypted_data
hs_desc_encrypted_data_t encrypted_data
Definition: hs_descriptor.h:238
edge_connection_t
Definition: edge_connection_st.h:21
get_link_spec_by_type
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
Definition: hs_service.c:646
hs_ident_circuit_t::num_rdv_streams
uint64_t num_rdv_streams
Definition: hs_ident.h:81
get_intro_point_max_lifetime
static int32_t get_intro_point_max_lifetime(void)
Definition: hs_service.c:361
hs_ob.h
Header file for the specific code for onion balance.
hs_intropoint.h
Header file for hs_intropoint.c.
hs_service_t::desc_current
hs_service_descriptor_t * desc_current
Definition: hs_service.h:319
service_escaped_dir
static const char * service_escaped_dir(const hs_service_t *s)
Definition: hs_service.c:873
FOR_EACH_DESCRIPTOR_BEGIN
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
Definition: hs_service.c:85
TO_DIR_CONN
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:88
hs_metrics_close_established_intro
#define hs_metrics_close_established_intro(i)
Definition: hs_metrics.h:67
NUM_INTRO_POINTS_EXTRA
#define NUM_INTRO_POINTS_EXTRA
Definition: hs_common.h:35
HT_PROTOTYPE
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
format_local_iso_time
void format_local_iso_time(char *buf, time_t t)
Definition: time_fmt.c:285
hs_service_config_t::clients
smartlist_t * clients
Definition: hs_service.h:238
hs_metrics_close_established_rdv
#define hs_metrics_close_established_rdv(i)
Definition: hs_metrics.h:53
sr_state_get_protocol_run_duration
unsigned int sr_state_get_protocol_run_duration(void)
Definition: shared_random_client.c:310
hs_service_lookup_current_desc
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
Definition: hs_service.c:3888
shared_random_client.h
Header file for shared_random_client.c.
close_service_intro_circuits
static void close_service_intro_circuits(hs_service_t *service)
Definition: hs_service.c:814
config.h
Header file for config.c.
setup_intro_point_exclude_list
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
Definition: hs_service.c:1554
hs_service_intro_point_t::circuit_retries
uint32_t circuit_retries
Definition: hs_service.h:80
router_choose_random_node
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Definition: node_select.c:979
hs_service_free
#define hs_service_free(s)
Definition: hs_service.h:346
hs_service_intro_point_t::legacy_key
crypto_pk_t * legacy_key
Definition: hs_service.h:62
hs_service_t::onion_address
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_service.h:303
hs_descriptor_t::subcredential
hs_subcredential_t subcredential
Definition: hs_descriptor.h:242
hs_service_descriptor_t::next_upload_time
time_t next_upload_time
Definition: hs_service.h:158
node_get_curve25519_onion_key
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:2016
circuit_state_to_string
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:762
hs_service_circuit_has_opened
void hs_service_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:4121
hs_service_keys_t::identity_sk
ed25519_secret_key_t identity_sk
Definition: hs_service.h:181
hs_parse_address
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:840
hs_service_authorized_client_t
Definition: hs_service.h:188
service_desc_find_by_intro
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:589
hs_metrics_new_introduction
#define hs_metrics_new_introduction(s)
Definition: hs_metrics.h:35
move_ephemeral_services
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
Definition: hs_service.c:843
tor_log
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:590
set_rotation_time
static void set_rotation_time(hs_service_t *service)
Definition: hs_service.c:2507
circuit_get_next_service_rp_circ
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Definition: circuitlist.c:1738
origin_circuit_t::hs_ident
struct hs_ident_circuit_t * hs_ident
Definition: origin_circuit_st.h:133
build_all_descriptors
STATIC void build_all_descriptors(time_t now)
Definition: hs_service.c:2092
hs_service_map
static struct hs_service_ht * hs_service_map
Definition: hs_service.c:150
TO_CIRCUIT
#define TO_CIRCUIT(x)
Definition: or.h:845
or_options_t
Definition: or_options_st.h:64
update_all_descriptors_intro_points
STATIC void update_all_descriptors_intro_points(time_t now)
Definition: hs_service.c:2352
hs_desc_encode_descriptor
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
Definition: hs_descriptor.c:2651
hs_service_config_t::is_ephemeral
unsigned int is_ephemeral
Definition: hs_service.h:253
TO_CONN
#define TO_CONN(c)
Definition: or.h:616
hs_service_descriptor_t::intro_points
hs_service_intropoints_t intro_points
Definition: hs_service.h:163
STATIC
#define STATIC
Definition: testsupport.h:32
hs_control_desc_event_created
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
Definition: hs_control.c:111
digest_to_base64
void digest_to_base64(char *d64, const char *digest)
Definition: crypto_format.c:275
hs_circ_handle_intro_established
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:855
hs_desc_superencrypted_data_t
Definition: hs_descriptor.h:176
router_crn_flags_t
router_crn_flags_t
Definition: node_select.h:16
INTRO_POINT_LIFETIME_MIN_SECONDS
#define INTRO_POINT_LIFETIME_MIN_SECONDS
Definition: or.h:967
hs_service_dump_stats
void hs_service_dump_stats(int severity)
Definition: hs_service.c:4199
dir_connection_t
Definition: dir_connection_st.h:21
hs_service_ht_eq
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
Definition: hs_service.c:128
router_have_minimum_dir_info
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2427
hs_circuit.h
Header file containing circuit data for the whole HS subsystem.
networkstatus_get_param
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Definition: networkstatus.c:2500
ed25519_secret_key_t
Definition: crypto_ed25519.h:28
networkstatus_st.h
Networkstatus consensus/vote structure.
DIRIND_ANONYMOUS
@ DIRIND_ANONYMOUS
Definition: dirclient.h:39
smartlist_sort
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
directory_request_t
struct directory_request_t directory_request_t
Definition: dirclient.h:52
networkstatus_t
Definition: networkstatus_st.h:26
hs_service_intro_point_t
Definition: hs_service.h:45
hs_get_subcredential
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:565
origin_circuit_st.h
Origin circuit structure.
rescan_periodic_events
void rescan_periodic_events(const or_options_t *options)
Definition: mainloop.c:1583
hs_desc_intro_point_t
Definition: hs_descriptor.h:99
get_intro_point_max_introduce2
static int32_t get_intro_point_max_introduce2(void)
Definition: hs_service.c:332
hs_descriptor.h
Header file for hs_descriptor.c.
smartlist_t
Definition: smartlist_core.h:26
circuit_t::state
uint8_t state
Definition: circuit_st.h:110
should_rotate_descriptors
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
Definition: hs_service.c:2527
crypto_digest_get_digest
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Definition: crypto_digest_nss.c:348
hs_service_get_num_services
unsigned int hs_service_get_num_services(void)
Definition: hs_service.c:3912
hs_service_config_t::max_streams_per_rdv_circuit
uint64_t max_streams_per_rdv_circuit
Definition: hs_service.h:223
REND_REPLAY_TIME_INTERVAL
#define REND_REPLAY_TIME_INTERVAL
Definition: or.h:360
service_descriptor_new
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Definition: hs_service.c:1358
directory_request_set_indirection
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1002
RSAE_OKAY
@ RSAE_OKAY
Definition: hs_common.h:145
DIGESTMAP_FOREACH
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:154
can_service_launch_intro_circuit
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
Definition: hs_service.c:2786
hs_service_get_version_from_key
int hs_service_get_version_from_key(const hs_service_t *service)
Definition: hs_service.c:4145
hs_metrics_new_established_rdv
#define hs_metrics_new_established_rdv(s)
Definition: hs_metrics.h:48
extend_info_t
Definition: extend_info_st.h:27
tor_listdir
smartlist_t * tor_listdir(const char *dirname)
Definition: dir.c:307
update_service_descriptor_intro_points
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:2309
node_t::identity
char identity[DIGEST_LEN]
Definition: node_st.h:46
find_service
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
Definition: hs_service.c:168
service_authorized_client_config_equal
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
Definition: hs_service.c:1415
ratelim_t
Definition: ratelim.h:42
or.h
Master header file for Tor-specific functionality.
ed25519_keypair_t
Definition: crypto_ed25519.h:39
OPE_INPUT_MAX
#define OPE_INPUT_MAX
Definition: crypto_ope.h:31
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72
hs_desc_plaintext_data_t::lifetime_sec
uint32_t lifetime_sec
Definition: hs_descriptor.h:199