Tor  0.4.4.0-alpha-dev
hs_service.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_service.c
6  * \brief Implement next generation hidden service functionality
7  **/
8 
9 #define HS_SERVICE_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "app/config/statefile.h"
15 #include "core/mainloop/mainloop.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
19 #include "core/or/relay.h"
20 #include "feature/client/circpathbias.h"
24 #include "feature/keymgt/loadkey.h"
34 
35 #include "feature/hs/hs_circuit.h"
36 #include "feature/hs/hs_common.h"
37 #include "feature/hs/hs_config.h"
38 #include "feature/hs/hs_control.h"
40 #include "feature/hs/hs_ident.h"
42 #include "feature/hs/hs_service.h"
43 #include "feature/hs/hs_stats.h"
44 #include "feature/hs/hs_ob.h"
45 
48 #include "core/or/extend_info_st.h"
52 #include "app/config/or_state_st.h"
54 
55 #include "lib/encoding/confline.h"
57 
58 /* Trunnel */
59 #include "trunnel/ed25519_cert.h"
60 #include "trunnel/hs/cell_common.h"
61 #include "trunnel/hs/cell_establish_intro.h"
62 
63 #ifdef HAVE_SYS_STAT_H
64 #include <sys/stat.h>
65 #endif
66 #ifdef HAVE_UNISTD_H
67 #include <unistd.h>
68 #endif
69 
70 #ifndef COCCI
71 /** Helper macro. Iterate over every service in the global map. The var is the
72  * name of the service pointer. */
73 #define FOR_EACH_SERVICE_BEGIN(var) \
74  STMT_BEGIN \
75  hs_service_t **var##_iter, *var; \
76  HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
77  var = *var##_iter;
78 #define FOR_EACH_SERVICE_END } STMT_END ;
79 
80 /** Helper macro. Iterate over both current and previous descriptor of a
81  * service. The var is the name of the descriptor pointer. This macro skips
82  * any descriptor object of the service that is NULL. */
83 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
84  STMT_BEGIN \
85  hs_service_descriptor_t *var; \
86  for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
87  ++var ## _loop_idx) { \
88  (var ## _loop_idx == 0) ? (var = service->desc_current) : \
89  (var = service->desc_next); \
90  if (var == NULL) continue;
91 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
92 #endif /* !defined(COCCI) */
93 
94 /* Onion service directory file names. */
95 static const char fname_keyfile_prefix[] = "hs_ed25519";
96 static const char dname_client_pubkeys[] = "authorized_clients";
97 static const char fname_hostname[] = "hostname";
98 static const char address_tld[] = "onion";
99 
100 /** Staging list of service object. When configuring service, we add them to
101  * this list considered a staging area and they will get added to our global
102  * map once the keys have been loaded. These two steps are separated because
103  * loading keys requires that we are an actual running tor process. */
105 
106 /** True if the list of available router descriptors might have changed which
107  * might result in an altered hash ring. Check if the hash ring changed and
108  * reupload if needed */
110 
111 /* Static declaration. */
112 static int load_client_keys(hs_service_t *service);
114  time_t now, bool is_current);
115 static int build_service_desc_superencrypted(const hs_service_t *service,
117 static void move_descriptors(hs_service_t *src, hs_service_t *dst);
118 static int service_encode_descriptor(const hs_service_t *service,
119  const hs_service_descriptor_t *desc,
120  const ed25519_keypair_t *signing_kp,
121  char **encoded_out);
122 
123 /** Helper: Function to compare two objects in the service map. Return 1 if the
124  * two service have the same master public identity key. */
125 static inline int
126 hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
127 {
128  tor_assert(first);
129  tor_assert(second);
130  /* Simple key compare. */
131  return ed25519_pubkey_eq(&first->keys.identity_pk,
132  &second->keys.identity_pk);
133 }
134 
135 /** Helper: Function for the service hash table code below. The key used is the
136  * master public identity key which is ultimately the onion address. */
137 static inline unsigned int
139 {
140  tor_assert(service);
141  return (unsigned int) siphash24g(service->keys.identity_pk.pubkey,
142  sizeof(service->keys.identity_pk.pubkey));
143 }
144 
145 /** This is _the_ global hash map of hidden services which indexed the service
146  * contained in it by master public identity key which is roughly the onion
147  * address of the service. */
148 static struct hs_service_ht *hs_service_map;
149 
150 /* Register the service hash table. */
151 HT_PROTOTYPE(hs_service_ht, /* Name of hashtable. */
152  hs_service_t, /* Object contained in the map. */
153  hs_service_node, /* The name of the HT_ENTRY member. */
154  hs_service_ht_hash, /* Hashing function. */
155  hs_service_ht_eq); /* Compare function for objects. */
156 
157 HT_GENERATE2(hs_service_ht, hs_service_t, hs_service_node,
159  0.6, tor_reallocarray, tor_free_);
160 
161 /** Query the given service map with a public key and return a service object
162  * if found else NULL. It is also possible to set a directory path in the
163  * search query. If pk is NULL, then it will be set to zero indicating the
164  * hash table to compare the directory path instead. */
166 find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
167 {
168  hs_service_t dummy_service;
169  tor_assert(map);
170  tor_assert(pk);
171  memset(&dummy_service, 0, sizeof(dummy_service));
172  ed25519_pubkey_copy(&dummy_service.keys.identity_pk, pk);
173  return HT_FIND(hs_service_ht, map, &dummy_service);
174 }
175 
176 /** Register the given service in the given map. If the service already exists
177  * in the map, -1 is returned. On success, 0 is returned and the service
178  * ownership has been transferred to the global map. */
179 STATIC int
180 register_service(hs_service_ht *map, hs_service_t *service)
181 {
182  tor_assert(map);
183  tor_assert(service);
185 
186  if (find_service(map, &service->keys.identity_pk)) {
187  /* Existing service with the same key. Do not register it. */
188  return -1;
189  }
190  /* Taking ownership of the object at this point. */
191  HT_INSERT(hs_service_ht, map, service);
192 
193  /* If we just modified the global map, we notify. */
194  if (map == hs_service_map) {
196  }
197 
198  return 0;
199 }
200 
201 /** Remove a given service from the given map. If service is NULL or the
202  * service key is unset, return gracefully. */
203 STATIC void
204 remove_service(hs_service_ht *map, hs_service_t *service)
205 {
206  hs_service_t *elm;
207 
208  tor_assert(map);
209 
210  /* Ignore if no service or key is zero. */
211  if (BUG(service == NULL) ||
212  BUG(ed25519_public_key_is_zero(&service->keys.identity_pk))) {
213  return;
214  }
215 
216  elm = HT_REMOVE(hs_service_ht, map, service);
217  if (elm) {
218  tor_assert(elm == service);
219  } else {
220  log_warn(LD_BUG, "Could not find service in the global map "
221  "while removing service %s",
222  escaped(service->config.directory_path));
223  }
224 
225  /* If we just modified the global map, we notify. */
226  if (map == hs_service_map) {
228  }
229 }
230 
231 /** Set the default values for a service configuration object <b>c</b>. */
232 static void
234  const or_options_t *options)
235 {
236  (void) options;
237  tor_assert(c);
238  c->ports = smartlist_new();
239  c->directory_path = NULL;
243  c->allow_unknown_ports = 0;
244  c->is_single_onion = 0;
245  c->dir_group_readable = 0;
246  c->is_ephemeral = 0;
247  c->has_dos_defense_enabled = HS_CONFIG_V3_DOS_DEFENSE_DEFAULT;
248  c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
249  c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
250 }
251 
252 /** From a service configuration object config, clear everything from it
253  * meaning free allocated pointers and reset the values. */
254 STATIC void
256 {
257  if (config == NULL) {
258  return;
259  }
260  tor_free(config->directory_path);
261  if (config->ports) {
263  rend_service_port_config_free(p););
264  smartlist_free(config->ports);
265  }
266  if (config->clients) {
268  service_authorized_client_free(p));
269  smartlist_free(config->clients);
270  }
271  if (config->ob_master_pubkeys) {
273  tor_free(k));
274  smartlist_free(config->ob_master_pubkeys);
275  }
276  memset(config, 0, sizeof(*config));
277 }
278 
279 /** Helper function to return a human readable description of the given intro
280  * point object.
281  *
282  * This function is not thread-safe. Each call to this invalidates the
283  * previous values returned by it. */
284 static const char *
286 {
287  /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
288  * byte hence the plus two. */
289  static char buf[HEX_DIGEST_LEN + 2];
290  const char *legacy_id = NULL;
291 
293  const link_specifier_t *, lspec) {
294  if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
295  legacy_id = (const char *)
296  link_specifier_getconstarray_un_legacy_id(lspec);
297  break;
298  }
299  } SMARTLIST_FOREACH_END(lspec);
300 
301  /* For now, we only print the identity digest but we could improve this with
302  * much more information such as the ed25519 identity has well. */
303  buf[0] = '$';
304  if (legacy_id) {
305  base16_encode(buf + 1, HEX_DIGEST_LEN + 1, legacy_id, DIGEST_LEN);
306  }
307 
308  return buf;
309 }
310 
311 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
312  * rotate intro point (defined by a consensus parameter or the default
313  * value). */
314 static int32_t
316 {
317  /* The [0, 2147483647] range is quite large to accommodate anything we decide
318  * in the future. */
319  return networkstatus_get_param(NULL, "hs_intro_min_introduce2",
321  0, INT32_MAX);
322 }
323 
324 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
325  * rotate intro point (defined by a consensus parameter or the default
326  * value). */
327 static int32_t
329 {
330  /* The [0, 2147483647] range is quite large to accommodate anything we decide
331  * in the future. */
332  return networkstatus_get_param(NULL, "hs_intro_max_introduce2",
333  INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
334  0, INT32_MAX);
335 }
336 
337 /** Return the minimum lifetime in seconds of an introduction point defined by
338  * a consensus parameter or the default value. */
339 static int32_t
341 {
342 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
343  if (get_options()->TestingTorNetwork) {
344  return MIN_INTRO_POINT_LIFETIME_TESTING;
345  }
346 
347  /* The [0, 2147483647] range is quite large to accommodate anything we decide
348  * in the future. */
349  return networkstatus_get_param(NULL, "hs_intro_min_lifetime",
351  0, INT32_MAX);
352 }
353 
354 /** Return the maximum lifetime in seconds of an introduction point defined by
355  * a consensus parameter or the default value. */
356 static int32_t
358 {
359 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
360  if (get_options()->TestingTorNetwork) {
361  return MAX_INTRO_POINT_LIFETIME_TESTING;
362  }
363 
364  /* The [0, 2147483647] range is quite large to accommodate anything we decide
365  * in the future. */
366  return networkstatus_get_param(NULL, "hs_intro_max_lifetime",
368  0, INT32_MAX);
369 }
370 
371 /** Return the number of extra introduction point defined by a consensus
372  * parameter or the default value. */
373 static int32_t
375 {
376  /* The [0, 128] range bounds the number of extra introduction point allowed.
377  * Above 128 intro points, it's getting a bit crazy. */
378  return networkstatus_get_param(NULL, "hs_intro_num_extra",
379  NUM_INTRO_POINTS_EXTRA, 0, 128);
380 }
381 
382 /** Helper: Function that needs to return 1 for the HT for each loop which
383  * frees every service in an hash map. */
384 static int
385 ht_free_service_(struct hs_service_t *service, void *data)
386 {
387  (void) data;
388  hs_service_free(service);
389  /* This function MUST return 1 so the given object is then removed from the
390  * service map leading to this free of the object being safe. */
391  return 1;
392 }
393 
394 /** Free every service that can be found in the global map. Once done, clear
395  * and free the global map. */
396 static void
398 {
399  if (hs_service_map) {
400  /* The free helper function returns 1 so this is safe. */
401  hs_service_ht_HT_FOREACH_FN(hs_service_map, ht_free_service_, NULL);
402  HT_CLEAR(hs_service_ht, hs_service_map);
404  hs_service_map = NULL;
405  }
406 
408  /* Cleanup staging list. */
410  hs_service_free(s));
411  smartlist_free(hs_service_staging_list);
413  }
414 }
415 
416 /** Free a given service intro point object. */
417 STATIC void
419 {
420  if (!ip) {
421  return;
422  }
423  memwipe(&ip->auth_key_kp, 0, sizeof(ip->auth_key_kp));
424  memwipe(&ip->enc_key_kp, 0, sizeof(ip->enc_key_kp));
425  crypto_pk_free(ip->legacy_key);
428  tor_free(ip);
429 }
430 
431 /** Helper: free an hs_service_intro_point_t object. This function is used by
432  * digest256map_free() which requires a void * pointer. */
433 static void
435 {
437 }
438 
439 /** Return a newly allocated service intro point and fully initialized from the
440  * given node_t node, if non NULL.
441  *
442  * If node is NULL, returns a hs_service_intro_point_t with an empty link
443  * specifier list and no onion key. (This is used for testing.)
444  * On any other error, NULL is returned.
445  *
446  * node must be an node_t with an IPv4 address. */
449 {
451 
452  ip = tor_malloc_zero(sizeof(*ip));
453  /* We'll create the key material. No need for extra strong, those are short
454  * term keys. */
456 
457  { /* Set introduce2 max cells limit */
458  int32_t min_introduce2_cells = get_intro_point_min_introduce2();
459  int32_t max_introduce2_cells = get_intro_point_max_introduce2();
460  if (BUG(max_introduce2_cells < min_introduce2_cells)) {
461  goto err;
462  }
463  ip->introduce2_max = crypto_rand_int_range(min_introduce2_cells,
464  max_introduce2_cells);
465  }
466  { /* Set intro point lifetime */
467  int32_t intro_point_min_lifetime = get_intro_point_min_lifetime();
468  int32_t intro_point_max_lifetime = get_intro_point_max_lifetime();
469  if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
470  goto err;
471  }
472  ip->time_to_expire = approx_time() +
473  crypto_rand_int_range(intro_point_min_lifetime,intro_point_max_lifetime);
474  }
475 
476  ip->replay_cache = replaycache_new(0, 0);
477 
478  /* Initialize the base object. We don't need the certificate object. */
479  ip->base.link_specifiers = node_get_link_specifier_smartlist(node, 0);
480 
481  if (node == NULL) {
482  goto done;
483  }
484 
485  /* Generate the encryption key for this intro point. */
487  /* Figure out if this chosen node supports v3 or is legacy only.
488  * NULL nodes are used in the unit tests. */
489  if (!node_supports_ed25519_hs_intro(node)) {
490  ip->base.is_only_legacy = 1;
491  /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
492  ip->legacy_key = crypto_pk_new();
493  if (crypto_pk_generate_key(ip->legacy_key) < 0) {
494  goto err;
495  }
497  (char *) ip->legacy_key_digest) < 0) {
498  goto err;
499  }
500  }
501 
502  /* Flag if this intro point supports the INTRO2 dos defenses. */
505 
506  /* Finally, copy onion key from the node. */
507  memcpy(&ip->onion_key, node_get_curve25519_onion_key(node),
508  sizeof(ip->onion_key));
509 
510  done:
511  return ip;
512  err:
513  service_intro_point_free(ip);
514  return NULL;
515 }
516 
517 /** Add the given intro point object to the given intro point map. The intro
518  * point MUST have its RSA encryption key set if this is a legacy type or the
519  * authentication key set otherwise. */
520 STATIC void
522 {
523  hs_service_intro_point_t *old_ip_entry;
524 
525  tor_assert(map);
526  tor_assert(ip);
527 
528  old_ip_entry = digest256map_set(map, ip->auth_key_kp.pubkey.pubkey, ip);
529  /* Make sure we didn't just try to double-add an intro point */
530  tor_assert_nonfatal(!old_ip_entry);
531 }
532 
533 /** For a given service, remove the intro point from that service's descriptors
534  * (check both current and next descriptor) */
535 STATIC void
537  const hs_service_intro_point_t *ip)
538 {
539  tor_assert(service);
540  tor_assert(ip);
541 
542  /* Trying all descriptors. */
543  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
544  /* We'll try to remove the descriptor on both descriptors which is not
545  * very expensive to do instead of doing loopup + remove. */
546  digest256map_remove(desc->intro_points.map,
547  ip->auth_key_kp.pubkey.pubkey);
548  } FOR_EACH_DESCRIPTOR_END;
549 }
550 
551 /** For a given service and authentication key, return the intro point or NULL
552  * if not found. This will check both descriptors in the service. */
555  const ed25519_public_key_t *auth_key)
556 {
557  hs_service_intro_point_t *ip = NULL;
558 
559  tor_assert(service);
560  tor_assert(auth_key);
561 
562  /* Trying all descriptors to find the right intro point.
563  *
564  * Even if we use the same node as intro point in both descriptors, the node
565  * will have a different intro auth key for each descriptor since we generate
566  * a new one everytime we pick an intro point.
567  *
568  * After #22893 gets implemented, intro points will be moved to be
569  * per-service instead of per-descriptor so this function will need to
570  * change.
571  */
572  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
573  if ((ip = digest256map_get(desc->intro_points.map,
574  auth_key->pubkey)) != NULL) {
575  break;
576  }
577  } FOR_EACH_DESCRIPTOR_END;
578 
579  return ip;
580 }
581 
582 /** For a given service and intro point, return the descriptor for which the
583  * intro point is assigned to. NULL is returned if not found. */
586  const hs_service_intro_point_t *ip)
587 {
588  hs_service_descriptor_t *descp = NULL;
589 
590  tor_assert(service);
591  tor_assert(ip);
592 
593  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
594  if (digest256map_get(desc->intro_points.map,
595  ip->auth_key_kp.pubkey.pubkey)) {
596  descp = desc;
597  break;
598  }
599  } FOR_EACH_DESCRIPTOR_END;
600 
601  return descp;
602 }
603 
604 /** From a circuit identifier, get all the possible objects associated with the
605  * ident. If not NULL, service, ip or desc are set if the object can be found.
606  * They are untouched if they can't be found.
607  *
608  * This is an helper function because we do those lookups often so it's more
609  * convenient to simply call this functions to get all the things at once. */
610 STATIC void
612  hs_service_t **service, hs_service_intro_point_t **ip,
614 {
615  hs_service_t *s;
616 
617  tor_assert(ident);
618 
619  /* Get service object from the circuit identifier. */
621  if (s && service) {
622  *service = s;
623  }
624 
625  /* From the service object, get the intro point object of that circuit. The
626  * following will query both descriptors intro points list. */
627  if (s && ip) {
628  *ip = service_intro_point_find(s, &ident->intro_auth_pk);
629  }
630 
631  /* Get the descriptor for this introduction point and service. */
632  if (s && ip && *ip && desc) {
633  *desc = service_desc_find_by_intro(s, *ip);
634  }
635 }
636 
637 /** From a given intro point, return the first link specifier of type
638  * encountered in the link specifier list. Return NULL if it can't be found.
639  *
640  * The caller does NOT have ownership of the object, the intro point does. */
641 static link_specifier_t *
643 {
644  link_specifier_t *lnk_spec = NULL;
645 
646  tor_assert(ip);
647 
649  link_specifier_t *, ls) {
650  if (link_specifier_get_ls_type(ls) == type) {
651  lnk_spec = ls;
652  goto end;
653  }
654  } SMARTLIST_FOREACH_END(ls);
655 
656  end:
657  return lnk_spec;
658 }
659 
660 /** Given a service intro point, return the node_t associated to it. This can
661  * return NULL if the given intro point has no legacy ID or if the node can't
662  * be found in the consensus. */
663 STATIC const node_t *
665 {
666  const link_specifier_t *ls;
667 
668  tor_assert(ip);
669 
670  ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
671  if (BUG(!ls)) {
672  return NULL;
673  }
674  /* XXX In the future, we want to only use the ed25519 ID (#22173). */
675  return node_get_by_id(
676  (const char *) link_specifier_getconstarray_un_legacy_id(ls));
677 }
678 
679 /** Given a service intro point, return the extend_info_t for it. This can
680  * return NULL if the node can't be found for the intro point or the extend
681  * info can't be created for the found node. If direct_conn is set, the extend
682  * info is validated on if we can connect directly. */
683 static extend_info_t *
685  unsigned int direct_conn)
686 {
687  extend_info_t *info = NULL;
688  const node_t *node;
689 
690  tor_assert(ip);
691 
692  node = get_node_from_intro_point(ip);
693  if (node == NULL) {
694  /* This can happen if the relay serving as intro point has been removed
695  * from the consensus. In that case, the intro point will be removed from
696  * the descriptor during the scheduled events. */
697  goto end;
698  }
699 
700  /* In the case of a direct connection (single onion service), it is possible
701  * our firewall policy won't allow it so this can return a NULL value. */
702  info = extend_info_from_node(node, direct_conn);
703 
704  end:
705  return info;
706 }
707 
708 /** Return the number of introduction points that are established for the
709  * given descriptor. */
710 MOCK_IMPL(STATIC unsigned int,
712 {
713  unsigned int count = 0;
714 
715  tor_assert(desc);
716 
717  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
718  const hs_service_intro_point_t *, ip) {
720  } DIGEST256MAP_FOREACH_END;
721 
722  return count;
723 }
724 
725 /** For a given service and descriptor of that service, close all active
726  * directory connections. */
727 static void
729  const hs_service_descriptor_t *desc)
730 {
731  unsigned int count = 0;
732  smartlist_t *dir_conns;
733 
734  tor_assert(service);
735  tor_assert(desc);
736 
737  /* Close pending HS desc upload connections for the blinded key of 'desc'. */
738  dir_conns = connection_list_by_type_purpose(CONN_TYPE_DIR,
740  SMARTLIST_FOREACH_BEGIN(dir_conns, connection_t *, conn) {
741  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
742  if (ed25519_pubkey_eq(&dir_conn->hs_ident->identity_pk,
743  &service->keys.identity_pk) &&
744  ed25519_pubkey_eq(&dir_conn->hs_ident->blinded_pk,
745  &desc->blinded_kp.pubkey)) {
746  connection_mark_for_close(conn);
747  count++;
748  continue;
749  }
750  } SMARTLIST_FOREACH_END(conn);
751 
752  log_info(LD_REND, "Closed %u active service directory connections for "
753  "descriptor %s of service %s",
754  count, safe_str_client(ed25519_fmt(&desc->blinded_kp.pubkey)),
755  safe_str_client(service->onion_address));
756  /* We don't have ownership of the objects in this list. */
757  smartlist_free(dir_conns);
758 }
759 
760 /** Close all rendezvous circuits for the given service. */
761 static void
763 {
764  origin_circuit_t *ocirc = NULL;
765 
766  tor_assert(service);
767 
768  /* The reason we go over all circuit instead of using the circuitmap API is
769  * because most hidden service circuits are rendezvous circuits so there is
770  * no real improvement at getting all rendezvous circuits from the
771  * circuitmap and then going over them all to find the right ones.
772  * Furthermore, another option would have been to keep a list of RP cookies
773  * for a service but it creates an engineering complexity since we don't
774  * have a "RP circuit closed" event to clean it up properly so we avoid a
775  * memory DoS possibility. */
776 
777  while ((ocirc = circuit_get_next_service_rp_circ(ocirc))) {
778  /* Only close circuits that are v3 and for this service. */
779  if (ocirc->hs_ident != NULL &&
781  &service->keys.identity_pk)) {
782  /* Reason is FINISHED because service has been removed and thus the
783  * circuit is considered old/uneeded. When freed, it is removed from the
784  * hs circuitmap. */
785  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
786  }
787  }
788 }
789 
790 /** Close the circuit(s) for the given map of introduction points. */
791 static void
793 {
794  tor_assert(intro_points);
795 
796  DIGEST256MAP_FOREACH(intro_points->map, key,
797  const hs_service_intro_point_t *, ip) {
799  if (ocirc) {
800  /* Reason is FINISHED because service has been removed and thus the
801  * circuit is considered old/uneeded. When freed, the circuit is removed
802  * from the HS circuitmap. */
803  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
804  }
805  } DIGEST256MAP_FOREACH_END;
806 }
807 
808 /** Close all introduction circuits for the given service. */
809 static void
811 {
812  tor_assert(service);
813 
814  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
815  close_intro_circuits(&desc->intro_points);
816  } FOR_EACH_DESCRIPTOR_END;
817 }
818 
819 /** Close any circuits related to the given service. */
820 static void
822 {
823  tor_assert(service);
824 
825  /* Only support for version >= 3. */
826  if (BUG(service->config.version < HS_VERSION_THREE)) {
827  return;
828  }
829  /* Close intro points. */
831  /* Close rendezvous points. */
832  close_service_rp_circuits(service);
833 }
834 
835 /** Move every ephemeral services from the src service map to the dst service
836  * map. It is possible that a service can't be register to the dst map which
837  * won't stop the process of moving them all but will trigger a log warn. */
838 static void
839 move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
840 {
841  hs_service_t **iter, **next;
842 
843  tor_assert(src);
844  tor_assert(dst);
845 
846  /* Iterate over the map to find ephemeral service and move them to the other
847  * map. We loop using this method to have a safe removal process. */
848  for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
849  hs_service_t *s = *iter;
850  if (!s->config.is_ephemeral) {
851  /* Yeah, we are in a very manual loop :). */
852  next = HT_NEXT(hs_service_ht, src, iter);
853  continue;
854  }
855  /* Remove service from map and then register to it to the other map.
856  * Reminder that "*iter" and "s" are the same thing. */
857  next = HT_NEXT_RMV(hs_service_ht, src, iter);
858  if (register_service(dst, s) < 0) {
859  log_warn(LD_BUG, "Ephemeral service key is already being used. "
860  "Skipping.");
861  }
862  }
863 }
864 
865 /** Return a const string of the directory path escaped. If this is an
866  * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
867  * the main thread because escaped() uses a static variable. */
868 static const char *
870 {
871  return (s->config.is_ephemeral) ? "[EPHEMERAL]" :
873 }
874 
875 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
876  * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
877 static void
878 move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
879 {
880  tor_assert(src_service);
881  tor_assert(dst_service);
882 
883  hs_service_state_t *src = &src_service->state;
884  hs_service_state_t *dst = &dst_service->state;
885 
886  /* Let's do a shallow copy */
889  /* Freeing a NULL replaycache triggers an info LD_BUG. */
890  if (dst->replay_cache_rend_cookie != NULL) {
892  }
893 
895  src->replay_cache_rend_cookie = NULL; /* steal pointer reference */
896 
898 
899  if (src->ob_subcreds) {
900  dst->ob_subcreds = src->ob_subcreds;
901  dst->n_ob_subcreds = src->n_ob_subcreds;
902 
903  src->ob_subcreds = NULL; /* steal pointer reference */
904  }
905 }
906 
907 /** Register services that are in the staging list. Once this function returns,
908  * the global service map will be set with the right content and all non
909  * surviving services will be cleaned up. */
910 static void
912 {
913  struct hs_service_ht *new_service_map;
914 
916 
917  /* Allocate a new map that will replace the current one. */
918  new_service_map = tor_malloc_zero(sizeof(*new_service_map));
919  HT_INIT(hs_service_ht, new_service_map);
920 
921  /* First step is to transfer all ephemeral services from the current global
922  * map to the new one we are constructing. We do not prune ephemeral
923  * services as the only way to kill them is by deleting it from the control
924  * port or stopping the tor daemon. */
925  move_ephemeral_services(hs_service_map, new_service_map);
926 
928  hs_service_t *s;
929 
930  /* Check if that service is already in our global map and if so, we'll
931  * transfer the intro points to it. */
932  s = find_service(hs_service_map, &snew->keys.identity_pk);
933  if (s) {
934  /* Pass ownership of the descriptors from s (the current service) to
935  * snew (the newly configured one). */
936  move_descriptors(s, snew);
937  move_hs_state(s, snew);
938  /* Remove the service from the global map because after this, we need to
939  * go over the remaining service in that map that aren't surviving the
940  * reload to close their circuits. */
942  hs_service_free(s);
943  }
944  /* Great, this service is now ready to be added to our new map. */
945  if (BUG(register_service(new_service_map, snew) < 0)) {
946  /* This should never happen because prior to registration, we validate
947  * every service against the entire set. Not being able to register a
948  * service means we failed to validate correctly. In that case, don't
949  * break tor and ignore the service but tell user. */
950  log_warn(LD_BUG, "Unable to register service with directory %s",
951  service_escaped_dir(snew));
953  hs_service_free(snew);
954  }
955  } SMARTLIST_FOREACH_END(snew);
956 
957  /* Close any circuits associated with the non surviving services. Every
958  * service in the current global map are roaming. */
959  FOR_EACH_SERVICE_BEGIN(service) {
960  close_service_circuits(service);
961  } FOR_EACH_SERVICE_END;
962 
963  /* Time to make the switch. We'll clear the staging list because its content
964  * has now changed ownership to the map. */
967  hs_service_map = new_service_map;
968  /* We've just register services into the new map and now we've replaced the
969  * global map with it so we have to notify that the change happened. When
970  * registering a service, the notify is only triggered if the destination
971  * map is the global map for which in here it was not. */
973 }
974 
975 /** Write the onion address of a given service to the given filename fname_ in
976  * the service directory. Return 0 on success else -1 on error. */
977 STATIC int
978 write_address_to_file(const hs_service_t *service, const char *fname_)
979 {
980  int ret = -1;
981  char *fname = NULL;
982  char *addr_buf = NULL;
983 
984  tor_assert(service);
985  tor_assert(fname_);
986 
987  /* Construct the full address with the onion tld and write the hostname file
988  * to disk. */
989  tor_asprintf(&addr_buf, "%s.%s\n", service->onion_address, address_tld);
990  /* Notice here that we use the given "fname_". */
991  fname = hs_path_from_filename(service->config.directory_path, fname_);
992  if (write_str_to_file(fname, addr_buf, 0) < 0) {
993  log_warn(LD_REND, "Could not write onion address to hostname file %s",
994  escaped(fname));
995  goto end;
996  }
997 
998 #ifndef _WIN32
999  if (service->config.dir_group_readable) {
1000  /* Mode to 0640. */
1001  if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1002  log_warn(LD_FS, "Unable to make onion service hostname file %s "
1003  "group-readable.", escaped(fname));
1004  }
1005  }
1006 #endif /* !defined(_WIN32) */
1007 
1008  /* Success. */
1009  ret = 0;
1010  end:
1011  tor_free(fname);
1012  tor_free(addr_buf);
1013  return ret;
1014 }
1015 
1016 /** Load and/or generate private keys for the given service. On success, the
1017  * hostname file will be written to disk along with the master private key iff
1018  * the service is not configured for offline keys. Return 0 on success else -1
1019  * on failure. */
1020 static int
1022 {
1023  int ret = -1;
1024  char *fname = NULL;
1025  ed25519_keypair_t *kp;
1026  const hs_service_config_t *config;
1027 
1028  tor_assert(service);
1029 
1030  config = &service->config;
1031 
1032  /* Create and fix permission on service directory. We are about to write
1033  * files to that directory so make sure it exists and has the right
1034  * permissions. We do this here because at this stage we know that Tor is
1035  * actually running and the service we have has been validated. */
1037  config->directory_path,
1038  config->dir_group_readable, 1) < 0) {
1039  goto end;
1040  }
1041 
1042  /* Try to load the keys from file or generate it if not found. */
1043  fname = hs_path_from_filename(config->directory_path, fname_keyfile_prefix);
1044  /* Don't ask for key creation, we want to know if we were able to load it or
1045  * we had to generate it. Better logging! */
1046  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT, LOG_INFO, NULL, 0, 0,
1047  0, NULL, NULL);
1048  if (!kp) {
1049  log_info(LD_REND, "Unable to load keys from %s. Generating it...", fname);
1050  /* We'll now try to generate the keys and for it we want the strongest
1051  * randomness for it. The keypair will be written in different files. */
1052  uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1053  INIT_ED_KEY_SPLIT;
1054  kp = ed_key_init_from_file(fname, key_flags, LOG_WARN, NULL, 0, 0, 0,
1055  NULL, NULL);
1056  if (!kp) {
1057  log_warn(LD_REND, "Unable to generate keys and save in %s.", fname);
1058  goto end;
1059  }
1060  }
1061 
1062  /* Copy loaded or generated keys to service object. */
1063  ed25519_pubkey_copy(&service->keys.identity_pk, &kp->pubkey);
1064  memcpy(&service->keys.identity_sk, &kp->seckey,
1065  sizeof(service->keys.identity_sk));
1066  /* This does a proper memory wipe. */
1067  ed25519_keypair_free(kp);
1068 
1069  /* Build onion address from the newly loaded keys. */
1070  tor_assert(service->config.version <= UINT8_MAX);
1071  hs_build_address(&service->keys.identity_pk,
1072  (uint8_t) service->config.version,
1073  service->onion_address);
1074 
1075  /* Write onion address to hostname file. */
1076  if (write_address_to_file(service, fname_hostname) < 0) {
1077  goto end;
1078  }
1079 
1080  /* Load all client authorization keys in the service. */
1081  if (load_client_keys(service) < 0) {
1082  goto end;
1083  }
1084 
1085  /* Succes. */
1086  ret = 0;
1087  end:
1088  tor_free(fname);
1089  return ret;
1090 }
1091 
1092 /** Check if the client file name is valid or not. Return 1 if valid,
1093  * otherwise return 0. */
1094 STATIC int
1095 client_filename_is_valid(const char *filename)
1096 {
1097  int ret = 1;
1098  const char *valid_extension = ".auth";
1099 
1100  tor_assert(filename);
1101 
1102  /* The file extension must match and the total filename length can't be the
1103  * length of the extension else we do not have a filename. */
1104  if (!strcmpend(filename, valid_extension) &&
1105  strlen(filename) != strlen(valid_extension)) {
1106  ret = 1;
1107  } else {
1108  ret = 0;
1109  }
1110 
1111  return ret;
1112 }
1113 
1114 /** Parse an authorized client from a string. The format of a client string
1115  * looks like (see rend-spec-v3.txt):
1116  *
1117  * <auth-type>:<key-type>:<base32-encoded-public-key>
1118  *
1119  * The <auth-type> can only be "descriptor".
1120  * The <key-type> can only be "x25519".
1121  *
1122  * Return the key on success, return NULL, otherwise. */
1124 parse_authorized_client(const char *client_key_str)
1125 {
1126  char *auth_type = NULL;
1127  char *key_type = NULL;
1128  char *pubkey_b32 = NULL;
1129  hs_service_authorized_client_t *client = NULL;
1130  smartlist_t *fields = smartlist_new();
1131 
1132  tor_assert(client_key_str);
1133 
1134  smartlist_split_string(fields, client_key_str, ":",
1135  SPLIT_SKIP_SPACE, 0);
1136  /* Wrong number of fields. */
1137  if (smartlist_len(fields) != 3) {
1138  log_warn(LD_REND, "Unknown format of client authorization file.");
1139  goto err;
1140  }
1141 
1142  auth_type = smartlist_get(fields, 0);
1143  key_type = smartlist_get(fields, 1);
1144  pubkey_b32 = smartlist_get(fields, 2);
1145 
1146  /* Currently, the only supported auth type is "descriptor". */
1147  if (strcmp(auth_type, "descriptor")) {
1148  log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
1149  auth_type);
1150  goto err;
1151  }
1152 
1153  /* Currently, the only supported key type is "x25519". */
1154  if (strcmp(key_type, "x25519")) {
1155  log_warn(LD_REND, "Client authorization key type '%s' not supported.",
1156  key_type);
1157  goto err;
1158  }
1159 
1160  /* We expect a specific length of the base32 encoded key so make sure we
1161  * have that so we don't successfully decode a value with a different length
1162  * and end up in trouble when copying the decoded key into a fixed length
1163  * buffer. */
1164  if (strlen(pubkey_b32) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) {
1165  log_warn(LD_REND, "Client authorization encoded base32 public key "
1166  "length is invalid: %s", pubkey_b32);
1167  goto err;
1168  }
1169 
1170  client = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1171  if (base32_decode((char *) client->client_pk.public_key,
1172  sizeof(client->client_pk.public_key),
1173  pubkey_b32, strlen(pubkey_b32)) !=
1174  sizeof(client->client_pk.public_key)) {
1175  log_warn(LD_REND, "Client authorization public key cannot be decoded: %s",
1176  pubkey_b32);
1177  goto err;
1178  }
1179 
1180  /* Success. */
1181  goto done;
1182 
1183  err:
1184  service_authorized_client_free(client);
1185  done:
1186  /* It is also a good idea to wipe the public key. */
1187  if (pubkey_b32) {
1188  memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1189  }
1190  tor_assert(fields);
1191  SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
1192  smartlist_free(fields);
1193  return client;
1194 }
1195 
1196 /** Load all the client public keys for the given service. Return 0 on
1197  * success else -1 on failure. */
1198 static int
1200 {
1201  int ret = -1;
1202  char *client_key_str = NULL;
1203  char *client_key_file_path = NULL;
1204  char *client_keys_dir_path = NULL;
1205  hs_service_config_t *config;
1206  smartlist_t *file_list = NULL;
1207 
1208  tor_assert(service);
1209 
1210  config = &service->config;
1211 
1212  /* Before calling this function, we already call load_service_keys to make
1213  * sure that the directory exists with the right permission. So, if we
1214  * cannot create a client pubkey key directory, we consider it as a bug. */
1215  client_keys_dir_path = hs_path_from_filename(config->directory_path,
1216  dname_client_pubkeys);
1217  if (BUG(hs_check_service_private_dir(get_options()->User,
1218  client_keys_dir_path,
1219  config->dir_group_readable, 1) < 0)) {
1220  goto end;
1221  }
1222 
1223  /* If the list of clients already exists, we must clear it first. */
1224  if (config->clients) {
1226  service_authorized_client_free(p));
1227  smartlist_free(config->clients);
1228  }
1229 
1230  config->clients = smartlist_new();
1231 
1232  file_list = tor_listdir(client_keys_dir_path);
1233  if (file_list == NULL) {
1234  log_warn(LD_REND, "Client authorization directory %s can't be listed.",
1235  client_keys_dir_path);
1236  goto end;
1237  }
1238 
1239  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1240  hs_service_authorized_client_t *client = NULL;
1241  log_info(LD_REND, "Loading a client authorization key file %s...",
1242  filename);
1243 
1244  if (!client_filename_is_valid(filename)) {
1245  log_warn(LD_REND, "Client authorization unrecognized filename %s. "
1246  "File must end in .auth. Ignoring.", filename);
1247  continue;
1248  }
1249 
1250  /* Create a full path for a file. */
1251  client_key_file_path = hs_path_from_filename(client_keys_dir_path,
1252  filename);
1253  client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1254 
1255  /* If we cannot read the file, continue with the next file. */
1256  if (!client_key_str) {
1257  log_warn(LD_REND, "Client authorization file %s can't be read. "
1258  "Corrupted or verify permission? Ignoring.",
1259  client_key_file_path);
1260  tor_free(client_key_file_path);
1261  continue;
1262  }
1263  tor_free(client_key_file_path);
1264 
1265  client = parse_authorized_client(client_key_str);
1266  /* Wipe and free immediately after using it. */
1267  memwipe(client_key_str, 0, strlen(client_key_str));
1268  tor_free(client_key_str);
1269 
1270  if (client) {
1271  smartlist_add(config->clients, client);
1272  log_info(LD_REND, "Loaded a client authorization key file %s.",
1273  filename);
1274  }
1275 
1276  } SMARTLIST_FOREACH_END(filename);
1277 
1278  /* If the number of clients is greater than zero, set the flag to be true. */
1279  if (smartlist_len(config->clients) > 0) {
1280  config->is_client_auth_enabled = 1;
1281  }
1282 
1283  /* Success. */
1284  ret = 0;
1285  end:
1286  if (client_key_str) {
1287  memwipe(client_key_str, 0, strlen(client_key_str));
1288  }
1289  if (file_list) {
1290  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1291  smartlist_free(file_list);
1292  }
1293  tor_free(client_key_str);
1294  tor_free(client_key_file_path);
1295  tor_free(client_keys_dir_path);
1296  return ret;
1297 }
1298 
1299 /** Release all storage held in <b>client</b>. */
1300 STATIC void
1302 {
1303  if (!client) {
1304  return;
1305  }
1306  memwipe(&client->client_pk, 0, sizeof(client->client_pk));
1307  tor_free(client);
1308 }
1309 
1310 /** Free a given service descriptor object and all key material is wiped. */
1311 STATIC void
1313 {
1314  if (!desc) {
1315  return;
1316  }
1317  hs_descriptor_free(desc->desc);
1318  memwipe(&desc->signing_kp, 0, sizeof(desc->signing_kp));
1319  memwipe(&desc->blinded_kp, 0, sizeof(desc->blinded_kp));
1320  /* Cleanup all intro points. */
1321  digest256map_free(desc->intro_points.map, service_intro_point_free_void);
1322  digestmap_free(desc->intro_points.failed_id, tor_free_);
1323  if (desc->previous_hsdirs) {
1324  SMARTLIST_FOREACH(desc->previous_hsdirs, char *, s, tor_free(s));
1325  smartlist_free(desc->previous_hsdirs);
1326  }
1327  crypto_ope_free(desc->ope_cipher);
1328  tor_free(desc);
1329 }
1330 
1331 /** Return a newly allocated service descriptor object. */
1334 {
1335  hs_service_descriptor_t *sdesc = tor_malloc_zero(sizeof(*sdesc));
1336  sdesc->desc = tor_malloc_zero(sizeof(hs_descriptor_t));
1337  /* Initialize the intro points map. */
1338  sdesc->intro_points.map = digest256map_new();
1339  sdesc->intro_points.failed_id = digestmap_new();
1340  sdesc->previous_hsdirs = smartlist_new();
1341  return sdesc;
1342 }
1343 
1344 /** Allocate and return a deep copy of client. */
1347 {
1348  hs_service_authorized_client_t *client_dup = NULL;
1349 
1350  tor_assert(client);
1351 
1352  client_dup = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1353  /* Currently, the public key is the only component of
1354  * hs_service_authorized_client_t. */
1355  memcpy(client_dup->client_pk.public_key,
1356  client->client_pk.public_key,
1358 
1359  return client_dup;
1360 }
1361 
1362 /** If two authorized clients are equal, return 0. If the first one should come
1363  * before the second, return less than zero. If the first should come after
1364  * the second, return greater than zero. */
1365 static int
1367  const hs_service_authorized_client_t *client2)
1368 {
1369  tor_assert(client1);
1370  tor_assert(client2);
1371 
1372  /* Currently, the public key is the only component of
1373  * hs_service_authorized_client_t. */
1374  return tor_memcmp(client1->client_pk.public_key,
1375  client2->client_pk.public_key,
1377 }
1378 
1379 /** Helper for sorting authorized clients. */
1380 static int
1381 compare_service_authorzized_client_(const void **_a, const void **_b)
1382 {
1383  const hs_service_authorized_client_t *a = *_a, *b = *_b;
1384  return service_authorized_client_cmp(a, b);
1385 }
1386 
1387 /** If the list of hs_service_authorized_client_t's is different between
1388  * src and dst, return 1. Otherwise, return 0. */
1389 STATIC int
1391  const hs_service_config_t *config2)
1392 {
1393  int ret = 0;
1394  int i;
1395  smartlist_t *sl1 = smartlist_new();
1396  smartlist_t *sl2 = smartlist_new();
1397 
1398  tor_assert(config1);
1399  tor_assert(config2);
1400  tor_assert(config1->clients);
1401  tor_assert(config2->clients);
1402 
1403  /* If the number of clients is different, it is obvious that the list
1404  * changes. */
1405  if (smartlist_len(config1->clients) != smartlist_len(config2->clients)) {
1406  goto done;
1407  }
1408 
1409  /* We do not want to mutate config1 and config2, so we will duplicate both
1410  * entire client lists here. */
1411  SMARTLIST_FOREACH(config1->clients,
1414 
1415  SMARTLIST_FOREACH(config2->clients,
1418 
1421 
1422  for (i = 0; i < smartlist_len(sl1); i++) {
1423  /* If the clients at index i in both lists differ, the whole configs
1424  * differ. */
1425  if (service_authorized_client_cmp(smartlist_get(sl1, i),
1426  smartlist_get(sl2, i))) {
1427  goto done;
1428  }
1429  }
1430 
1431  /* Success. */
1432  ret = 1;
1433 
1434  done:
1435  if (sl1) {
1437  service_authorized_client_free(p));
1438  smartlist_free(sl1);
1439  }
1440  if (sl2) {
1442  service_authorized_client_free(p));
1443  smartlist_free(sl2);
1444  }
1445  return ret;
1446 }
1447 
1448 /** Move descriptor(s) from the src service to the dst service and modify their
1449  * content if necessary. We do this during SIGHUP when we re-create our
1450  * hidden services. */
1451 static void
1453 {
1454  tor_assert(src);
1455  tor_assert(dst);
1456 
1457  if (src->desc_current) {
1458  /* Nothing should be there, but clean it up just in case */
1459  if (BUG(dst->desc_current)) {
1460  service_descriptor_free(dst->desc_current);
1461  }
1462  dst->desc_current = src->desc_current;
1463  src->desc_current = NULL;
1464  }
1465 
1466  if (src->desc_next) {
1467  /* Nothing should be there, but clean it up just in case */
1468  if (BUG(dst->desc_next)) {
1469  service_descriptor_free(dst->desc_next);
1470  }
1471  dst->desc_next = src->desc_next;
1472  src->desc_next = NULL;
1473  }
1474 
1475  /* If the client authorization changes, we must rebuild the superencrypted
1476  * section and republish the descriptors. */
1477  int client_auth_changed =
1479  if (client_auth_changed && dst->desc_current) {
1480  /* We have to clear the superencrypted content first. */
1483  if (build_service_desc_superencrypted(dst, dst->desc_current) < 0) {
1484  goto err;
1485  }
1486  service_desc_schedule_upload(dst->desc_current, time(NULL), 1);
1487  }
1488  if (client_auth_changed && dst->desc_next) {
1489  /* We have to clear the superencrypted content first. */
1492  if (build_service_desc_superencrypted(dst, dst->desc_next) < 0) {
1493  goto err;
1494  }
1495  service_desc_schedule_upload(dst->desc_next, time(NULL), 1);
1496  }
1497 
1498  return;
1499 
1500  err:
1501  /* If there is an error, free all descriptors to make it clean and generate
1502  * them later. */
1503  service_descriptor_free(dst->desc_current);
1504  service_descriptor_free(dst->desc_next);
1505 }
1506 
1507 /** From the given service, remove all expired failing intro points for each
1508  * descriptor. */
1509 static void
1511 {
1512  tor_assert(service);
1513 
1514  /* For both descriptors, cleanup the failing intro points list. */
1515  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
1516  DIGESTMAP_FOREACH_MODIFY(desc->intro_points.failed_id, key, time_t *, t) {
1517  time_t failure_time = *t;
1518  if ((failure_time + INTRO_CIRC_RETRY_PERIOD) <= now) {
1519  MAP_DEL_CURRENT(key);
1520  tor_free(t);
1521  }
1523  } FOR_EACH_DESCRIPTOR_END;
1524 }
1525 
1526 /** For the given descriptor desc, put all node_t object found from its failing
1527  * intro point list and put them in the given node_list. */
1528 static void
1530  smartlist_t *node_list)
1531 {
1532  tor_assert(desc);
1533  tor_assert(node_list);
1534 
1535  DIGESTMAP_FOREACH(desc->intro_points.failed_id, key, time_t *, t) {
1536  (void) t; /* Make gcc happy. */
1537  const node_t *node = node_get_by_id(key);
1538  if (node) {
1539  smartlist_add(node_list, (void *) node);
1540  }
1542 }
1543 
1544 /** For the given failing intro point ip, we add its time of failure to the
1545  * failed map and index it by identity digest (legacy ID) in the descriptor
1546  * desc failed id map. */
1547 static void
1549  hs_service_descriptor_t *desc, time_t now)
1550 {
1551  time_t *time_of_failure, *prev_ptr;
1552  const link_specifier_t *legacy_ls;
1553 
1554  tor_assert(ip);
1555  tor_assert(desc);
1556 
1557  time_of_failure = tor_malloc_zero(sizeof(time_t));
1558  *time_of_failure = now;
1559  legacy_ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
1560  tor_assert(legacy_ls);
1561  prev_ptr = digestmap_set(
1562  desc->intro_points.failed_id,
1563  (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1564  time_of_failure);
1565  tor_free(prev_ptr);
1566 }
1567 
1568 /** Using a given descriptor signing keypair signing_kp, a service intro point
1569  * object ip and the time now, setup the content of an already allocated
1570  * descriptor intro desc_ip.
1571  *
1572  * Return 0 on success else a negative value. */
1573 static int
1575  const hs_service_intro_point_t *ip,
1576  time_t now, hs_desc_intro_point_t *desc_ip)
1577 {
1578  int ret = -1;
1579  time_t nearest_hour = now - (now % 3600);
1580 
1581  tor_assert(signing_kp);
1582  tor_assert(ip);
1583  tor_assert(desc_ip);
1584 
1585  /* Copy the onion key. */
1586  memcpy(&desc_ip->onion_key, &ip->onion_key, sizeof(desc_ip->onion_key));
1587 
1588  /* Key and certificate material. */
1589  desc_ip->auth_key_cert = tor_cert_create(signing_kp,
1590  CERT_TYPE_AUTH_HS_IP_KEY,
1591  &ip->auth_key_kp.pubkey,
1592  nearest_hour,
1594  CERT_FLAG_INCLUDE_SIGNING_KEY);
1595  if (desc_ip->auth_key_cert == NULL) {
1596  log_warn(LD_REND, "Unable to create intro point auth-key certificate");
1597  goto done;
1598  }
1599 
1600  /* Copy link specifier(s). */
1602  const link_specifier_t *, ls) {
1603  if (BUG(!ls)) {
1604  goto done;
1605  }
1606  link_specifier_t *copy = link_specifier_dup(ls);
1607  if (BUG(!copy)) {
1608  goto done;
1609  }
1610  smartlist_add(desc_ip->link_specifiers, copy);
1611  } SMARTLIST_FOREACH_END(ls);
1612 
1613  /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1614  if (ip->base.is_only_legacy) {
1615  desc_ip->legacy.key = crypto_pk_dup_key(ip->legacy_key);
1616  /* Create cross certification cert. */
1617  ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
1618  &signing_kp->pubkey,
1619  desc_ip->legacy.key,
1620  nearest_hour + HS_DESC_CERT_LIFETIME,
1621  &desc_ip->legacy.cert.encoded);
1622  if (cert_len < 0) {
1623  log_warn(LD_REND, "Unable to create enc key legacy cross cert.");
1624  goto done;
1625  }
1626  desc_ip->legacy.cert.len = cert_len;
1627  }
1628 
1629  /* Encryption key and its cross certificate. */
1630  {
1631  ed25519_public_key_t ed25519_pubkey;
1632 
1633  /* Use the public curve25519 key. */
1634  memcpy(&desc_ip->enc_key, &ip->enc_key_kp.pubkey,
1635  sizeof(desc_ip->enc_key));
1636  /* The following can't fail. */
1638  &ip->enc_key_kp.pubkey,
1639  0);
1640  desc_ip->enc_key_cert = tor_cert_create(signing_kp,
1641  CERT_TYPE_CROSS_HS_IP_KEYS,
1642  &ed25519_pubkey, nearest_hour,
1644  CERT_FLAG_INCLUDE_SIGNING_KEY);
1645  if (desc_ip->enc_key_cert == NULL) {
1646  log_warn(LD_REND, "Unable to create enc key curve25519 cross cert.");
1647  goto done;
1648  }
1649  }
1650  /* Success. */
1651  ret = 0;
1652 
1653  done:
1654  return ret;
1655 }
1656 
1657 /** Using the given descriptor from the given service, build the descriptor
1658  * intro point list so we can then encode the descriptor for publication. This
1659  * function does not pick intro points, they have to be in the descriptor
1660  * current map. Cryptographic material (keys) must be initialized in the
1661  * descriptor for this function to make sense. */
1662 static void
1664  hs_service_descriptor_t *desc, time_t now)
1665 {
1666  hs_desc_encrypted_data_t *encrypted;
1667 
1668  tor_assert(service);
1669  tor_assert(desc);
1670 
1671  /* Ease our life. */
1672  encrypted = &desc->desc->encrypted_data;
1673  /* Cleanup intro points, we are about to set them from scratch. */
1675 
1676  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
1677  const hs_service_intro_point_t *, ip) {
1679  /* Ignore un-established intro points. They can linger in that list
1680  * because their circuit has not opened and they haven't been removed
1681  * yet even though we have enough intro circuits.
1682  *
1683  * Due to #31561, it can stay in that list until rotation so this check
1684  * prevents to publish an intro point without a circuit. */
1685  continue;
1686  }
1688  if (setup_desc_intro_point(&desc->signing_kp, ip, now, desc_ip) < 0) {
1689  hs_desc_intro_point_free(desc_ip);
1690  continue;
1691  }
1692  /* We have a valid descriptor intro point. Add it to the list. */
1693  smartlist_add(encrypted->intro_points, desc_ip);
1694  } DIGEST256MAP_FOREACH_END;
1695 }
1696 
1697 /** Build the descriptor signing key certificate. */
1698 static void
1700 {
1701  hs_desc_plaintext_data_t *plaintext;
1702 
1703  tor_assert(desc);
1704  tor_assert(desc->desc);
1705 
1706  /* Ease our life a bit. */
1707  plaintext = &desc->desc->plaintext_data;
1708 
1709  /* Get rid of what we have right now. */
1710  tor_cert_free(plaintext->signing_key_cert);
1711 
1712  /* Fresh certificate for the signing key. */
1713  plaintext->signing_key_cert =
1714  tor_cert_create(&desc->blinded_kp, CERT_TYPE_SIGNING_HS_DESC,
1715  &desc->signing_kp.pubkey, now, HS_DESC_CERT_LIFETIME,
1716  CERT_FLAG_INCLUDE_SIGNING_KEY);
1717  /* If the cert creation fails, the descriptor encoding will fail and thus
1718  * ultimately won't be uploaded. We'll get a stack trace to help us learn
1719  * where the call came from and the tor_cert_create() will log the error. */
1720  tor_assert_nonfatal(plaintext->signing_key_cert);
1721 }
1722 
1723 /** Populate the descriptor encrypted section from the given service object.
1724  * This will generate a valid list of introduction points that can be used
1725  * after for circuit creation. Return 0 on success else -1 on error. */
1726 static int
1729 {
1730  hs_desc_encrypted_data_t *encrypted;
1731 
1732  tor_assert(service);
1733  tor_assert(desc);
1734 
1735  encrypted = &desc->desc->encrypted_data;
1736 
1737  encrypted->create2_ntor = 1;
1738  encrypted->single_onion_service = service->config.is_single_onion;
1739 
1740  /* Setup introduction points from what we have in the service. */
1741  if (encrypted->intro_points == NULL) {
1742  encrypted->intro_points = smartlist_new();
1743  }
1744  /* We do NOT build introduction point yet, we only do that once the circuit
1745  * have been opened. Until we have the right number of introduction points,
1746  * we do not encode anything in the descriptor. */
1747 
1748  /* XXX: Support client authorization (#20700). */
1749  encrypted->intro_auth_types = NULL;
1750  return 0;
1751 }
1752 
1753 /** Populate the descriptor superencrypted section from the given service
1754  * object. This will generate a valid list of hs_desc_authorized_client_t
1755  * of clients that are authorized to use the service. Return 0 on success
1756  * else -1 on error. */
1757 static int
1760 {
1761  const hs_service_config_t *config;
1762  int i;
1763  hs_desc_superencrypted_data_t *superencrypted;
1764 
1765  tor_assert(service);
1766  tor_assert(desc);
1767 
1768  superencrypted = &desc->desc->superencrypted_data;
1769  config = &service->config;
1770 
1771  /* The ephemeral key pair is already generated, so this should not give
1772  * an error. */
1773  if (BUG(!curve25519_public_key_is_ok(&desc->auth_ephemeral_kp.pubkey))) {
1774  return -1;
1775  }
1776  memcpy(&superencrypted->auth_ephemeral_pubkey,
1777  &desc->auth_ephemeral_kp.pubkey,
1778  sizeof(curve25519_public_key_t));
1779 
1780  /* Test that subcred is not zero because we might use it below */
1781  if (BUG(fast_mem_is_zero((char*)desc->desc->subcredential.subcred,
1782  DIGEST256_LEN))) {
1783  return -1;
1784  }
1785 
1786  /* Create a smartlist to store clients */
1787  superencrypted->clients = smartlist_new();
1788 
1789  /* We do not need to build the desc authorized client if the client
1790  * authorization is disabled */
1791  if (config->is_client_auth_enabled) {
1793  hs_service_authorized_client_t *, client) {
1794  hs_desc_authorized_client_t *desc_client;
1795  desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
1796 
1797  /* Prepare the client for descriptor and then add to the list in the
1798  * superencrypted part of the descriptor */
1800  &client->client_pk,
1801  &desc->auth_ephemeral_kp.seckey,
1802  desc->descriptor_cookie, desc_client);
1803  smartlist_add(superencrypted->clients, desc_client);
1804 
1805  } SMARTLIST_FOREACH_END(client);
1806  }
1807 
1808  /* We cannot let the number of auth-clients to be zero, so we need to
1809  * make it be 16. If it is already a multiple of 16, we do not need to
1810  * do anything. Otherwise, add the additional ones to make it a
1811  * multiple of 16. */
1812  int num_clients = smartlist_len(superencrypted->clients);
1813  int num_clients_to_add;
1814  if (num_clients == 0) {
1815  num_clients_to_add = HS_DESC_AUTH_CLIENT_MULTIPLE;
1816  } else if (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE == 0) {
1817  num_clients_to_add = 0;
1818  } else {
1819  num_clients_to_add =
1821  - (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE);
1822  }
1823 
1824  for (i = 0; i < num_clients_to_add; i++) {
1825  hs_desc_authorized_client_t *desc_client =
1827  smartlist_add(superencrypted->clients, desc_client);
1828  }
1829 
1830  /* Shuffle the list to prevent the client know the position in the
1831  * config. */
1832  smartlist_shuffle(superencrypted->clients);
1833 
1834  return 0;
1835 }
1836 
1837 /** Populate the descriptor plaintext section from the given service object.
1838  * The caller must make sure that the keys in the descriptors are valid that
1839  * is are non-zero. This can't fail. */
1840 static void
1843 {
1844  hs_desc_plaintext_data_t *plaintext;
1845 
1846  tor_assert(service);
1847  tor_assert(desc);
1848  tor_assert(!fast_mem_is_zero((char *) &desc->blinded_kp,
1849  sizeof(desc->blinded_kp)));
1850  tor_assert(!fast_mem_is_zero((char *) &desc->signing_kp,
1851  sizeof(desc->signing_kp)));
1852 
1853  /* Set the subcredential. */
1854  hs_get_subcredential(&service->keys.identity_pk, &desc->blinded_kp.pubkey,
1855  &desc->desc->subcredential);
1856 
1857  plaintext = &desc->desc->plaintext_data;
1858 
1859  plaintext->version = service->config.version;
1861  /* Copy public key material to go in the descriptor. */
1862  ed25519_pubkey_copy(&plaintext->signing_pubkey, &desc->signing_kp.pubkey);
1863  ed25519_pubkey_copy(&plaintext->blinded_pubkey, &desc->blinded_kp.pubkey);
1864 
1865  /* Create the signing key certificate. This will be updated before each
1866  * upload but we create it here so we don't complexify our unit tests. */
1868 }
1869 
1870 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1871 static crypto_ope_t *
1873 {
1874  /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1875  uint8_t key[DIGEST256_LEN];
1876  crypto_digest_t *digest = crypto_digest256_new(DIGEST_SHA3_256);
1877  const char ope_key_prefix[] = "rev-counter-generation";
1878  const ed25519_secret_key_t *eph_privkey = &hs_desc->blinded_kp.seckey;
1879  crypto_digest_add_bytes(digest, ope_key_prefix, sizeof(ope_key_prefix));
1880  crypto_digest_add_bytes(digest, (char*)eph_privkey->seckey,
1881  sizeof(eph_privkey->seckey));
1882  crypto_digest_get_digest(digest, (char *)key, sizeof(key));
1883  crypto_digest_free(digest);
1884 
1885  return crypto_ope_new(key);
1886 }
1887 
1888 /** For the given service and descriptor object, create the key material which
1889  * is the blinded keypair, the descriptor signing keypair, the ephemeral
1890  * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1891  * where the generated keys MUST be ignored. */
1892 static int
1895 {
1896  int ret = -1;
1897  ed25519_keypair_t kp;
1898 
1899  tor_assert(desc);
1900  tor_assert(!fast_mem_is_zero((char *) &service->keys.identity_pk,
1902 
1903  /* XXX: Support offline key feature (#18098). */
1904 
1905  /* Copy the identity keys to the keypair so we can use it to create the
1906  * blinded key. */
1907  memcpy(&kp.pubkey, &service->keys.identity_pk, sizeof(kp.pubkey));
1908  memcpy(&kp.seckey, &service->keys.identity_sk, sizeof(kp.seckey));
1909  /* Build blinded keypair for this time period. */
1910  hs_build_blinded_keypair(&kp, NULL, 0, desc->time_period_num,
1911  &desc->blinded_kp);
1912  /* Let's not keep too much traces of our keys in memory. */
1913  memwipe(&kp, 0, sizeof(kp));
1914 
1915  /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1916  log_info(LD_GENERAL,
1917  "Getting OPE for TP#%u", (unsigned) desc->time_period_num);
1918  tor_assert_nonfatal(!desc->ope_cipher);
1920 
1921  /* No need for extra strong, this is a temporary key only for this
1922  * descriptor. Nothing long term. */
1923  if (ed25519_keypair_generate(&desc->signing_kp, 0) < 0) {
1924  log_warn(LD_REND, "Can't generate descriptor signing keypair for "
1925  "service %s",
1926  safe_str_client(service->onion_address));
1927  goto end;
1928  }
1929 
1930  /* No need for extra strong, this is a temporary key only for this
1931  * descriptor. Nothing long term. */
1932  if (curve25519_keypair_generate(&desc->auth_ephemeral_kp, 0) < 0) {
1933  log_warn(LD_REND, "Can't generate auth ephemeral keypair for "
1934  "service %s",
1935  safe_str_client(service->onion_address));
1936  goto end;
1937  }
1938 
1939  /* Random descriptor cookie to be used as a part of a key to encrypt the
1940  * descriptor, only if the client auth is enabled will it be used. */
1942  sizeof(desc->descriptor_cookie));
1943 
1944  /* Success. */
1945  ret = 0;
1946  end:
1947  return ret;
1948 }
1949 
1950 /** Given a service and the current time, build a descriptor for the service.
1951  * This function does not pick introduction point, this needs to be done by
1952  * the update function. On success, desc_out will point to the newly allocated
1953  * descriptor object.
1954  *
1955  * This can error if we are unable to create keys or certificate. */
1956 static void
1957 build_service_descriptor(hs_service_t *service, uint64_t time_period_num,
1958  hs_service_descriptor_t **desc_out)
1959 {
1960  char *encoded_desc;
1962 
1963  tor_assert(service);
1964  tor_assert(desc_out);
1965 
1966  desc = service_descriptor_new();
1967 
1968  /* Set current time period */
1969  desc->time_period_num = time_period_num;
1970 
1971  /* Create the needed keys so we can setup the descriptor content. */
1972  if (build_service_desc_keys(service, desc) < 0) {
1973  goto err;
1974  }
1975  /* Setup plaintext descriptor content. */
1976  build_service_desc_plaintext(service, desc);
1977 
1978  /* Setup superencrypted descriptor content. */
1979  if (build_service_desc_superencrypted(service, desc) < 0) {
1980  goto err;
1981  }
1982  /* Setup encrypted descriptor content. */
1983  if (build_service_desc_encrypted(service, desc) < 0) {
1984  goto err;
1985  }
1986 
1987  /* Let's make sure that we've created a descriptor that can actually be
1988  * encoded properly. This function also checks if the encoded output is
1989  * decodable after. */
1990  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
1991  &encoded_desc) < 0)) {
1992  goto err;
1993  }
1994  tor_free(encoded_desc);
1995 
1996  /* Assign newly built descriptor to the next slot. */
1997  *desc_out = desc;
1998 
1999  /* Fire a CREATED control port event. */
2001  &desc->blinded_kp.pubkey);
2002 
2003  /* If we are an onionbalance instance, we refresh our keys when we rotate
2004  * descriptors. */
2005  hs_ob_refresh_keys(service);
2006 
2007  return;
2008 
2009  err:
2010  service_descriptor_free(desc);
2011 }
2012 
2013 /** Build both descriptors for the given service that has just booted up.
2014  * Because it's a special case, it deserves its special function ;). */
2015 static void
2017 {
2018  uint64_t current_desc_tp, next_desc_tp;
2019 
2020  tor_assert(service);
2021  /* These are the conditions for a new service. */
2022  tor_assert(!service->desc_current);
2023  tor_assert(!service->desc_next);
2024 
2025  /*
2026  * +------------------------------------------------------------------+
2027  * | |
2028  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2029  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2030  * | |
2031  * | $==========|-----------$===========|-----------$===========| |
2032  * | ^ ^ |
2033  * | A B |
2034  * +------------------------------------------------------------------+
2035  *
2036  * Case A: The service boots up before a new time period, the current time
2037  * period is thus TP#1 and the next is TP#2 which for both we have access to
2038  * their SRVs.
2039  *
2040  * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2041  * next descriptor because we don't have the SRV#3 so the current should be
2042  * TP#1 and next TP#2.
2043  */
2044 
2045  if (hs_in_period_between_tp_and_srv(NULL, now)) {
2046  /* Case B from the above, inside of the new time period. */
2047  current_desc_tp = hs_get_previous_time_period_num(0); /* TP#1 */
2048  next_desc_tp = hs_get_time_period_num(0); /* TP#2 */
2049  } else {
2050  /* Case A from the above, outside of the new time period. */
2051  current_desc_tp = hs_get_time_period_num(0); /* TP#1 */
2052  next_desc_tp = hs_get_next_time_period_num(0); /* TP#2 */
2053  }
2054 
2055  /* Build descriptors. */
2056  build_service_descriptor(service, current_desc_tp, &service->desc_current);
2057  build_service_descriptor(service, next_desc_tp, &service->desc_next);
2058  log_info(LD_REND, "Hidden service %s has just started. Both descriptors "
2059  "built. Now scheduled for upload.",
2060  safe_str_client(service->onion_address));
2061 }
2062 
2063 /** Build descriptors for each service if needed. There are conditions to build
2064  * a descriptor which are details in the function. */
2065 STATIC void
2067 {
2068  FOR_EACH_SERVICE_BEGIN(service) {
2069 
2070  /* A service booting up will have both descriptors to NULL. No other cases
2071  * makes both descriptor non existent. */
2072  if (service->desc_current == NULL && service->desc_next == NULL) {
2073  build_descriptors_for_new_service(service, now);
2074  continue;
2075  }
2076 
2077  /* Reaching this point means we are pass bootup so at runtime. We should
2078  * *never* have an empty current descriptor. If the next descriptor is
2079  * empty, we'll try to build it for the next time period. This only
2080  * happens when we rotate meaning that we are guaranteed to have a new SRV
2081  * at that point for the next time period. */
2082  if (BUG(service->desc_current == NULL)) {
2083  continue;
2084  }
2085 
2086  if (service->desc_next == NULL) {
2088  &service->desc_next);
2089  log_info(LD_REND, "Hidden service %s next descriptor successfully "
2090  "built. Now scheduled for upload.",
2091  safe_str_client(service->onion_address));
2092  }
2093  } FOR_EACH_DESCRIPTOR_END;
2094 }
2095 
2096 /** Randomly pick a node to become an introduction point but not present in the
2097  * given exclude_nodes list. The chosen node is put in the exclude list
2098  * regardless of success or not because in case of failure, the node is simply
2099  * unsusable from that point on.
2100  *
2101  * If direct_conn is set, try to pick a node that our local firewall/policy
2102  * allows us to connect to directly. If we can't find any, return NULL.
2103  * This function supports selecting dual-stack nodes for direct single onion
2104  * service IPv6 connections. But it does not send IPv6 addresses in link
2105  * specifiers. (Current clients don't use IPv6 addresses to extend, and
2106  * direct client connections to intro points are not supported.)
2107  *
2108  * Return a newly allocated service intro point ready to be used for encoding.
2109  * Return NULL on error. */
2110 static hs_service_intro_point_t *
2111 pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
2112 {
2113  const or_options_t *options = get_options();
2114  const node_t *node;
2115  hs_service_intro_point_t *ip = NULL;
2116  /* Normal 3-hop introduction point flags. */
2117  router_crn_flags_t flags = CRN_NEED_UPTIME | CRN_NEED_DESC;
2118  /* Single onion flags. */
2119  router_crn_flags_t direct_flags = flags | CRN_PREF_ADDR | CRN_DIRECT_CONN;
2120 
2121  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2122  direct_conn ? direct_flags : flags);
2123 
2124  /* If we are in single onion mode, retry node selection for a 3-hop
2125  * path */
2126  if (direct_conn && !node) {
2127  log_info(LD_REND,
2128  "Unable to find an intro point that we can connect to "
2129  "directly, falling back to a 3-hop path.");
2130  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2131  flags);
2132  }
2133 
2134  if (!node) {
2135  goto err;
2136  }
2137 
2138  /* We have a suitable node, add it to the exclude list. We do this *before*
2139  * we can validate the extend information because even in case of failure,
2140  * we don't want to use that node anymore. */
2141  smartlist_add(exclude_nodes, (void *) node);
2142 
2143  /* Create our objects and populate them with the node information. */
2144  ip = service_intro_point_new(node);
2145 
2146  if (ip == NULL) {
2147  goto err;
2148  }
2149 
2150  log_info(LD_REND, "Picked intro point: %s", node_describe(node));
2151  return ip;
2152  err:
2153  service_intro_point_free(ip);
2154  return NULL;
2155 }
2156 
2157 /** For a given descriptor from the given service, pick any needed intro points
2158  * and update the current map with those newly picked intro points. Return the
2159  * number node that might have been added to the descriptor current map. */
2160 static unsigned int
2163 {
2164  int i = 0, num_needed_ip;
2165  smartlist_t *exclude_nodes = smartlist_new();
2166 
2167  tor_assert(service);
2168  tor_assert(desc);
2169 
2170  /* Compute how many intro points we actually need to open. */
2171  num_needed_ip = service->config.num_intro_points -
2172  digest256map_size(desc->intro_points.map);
2173  if (BUG(num_needed_ip < 0)) {
2174  /* Let's not make tor freak out here and just skip this. */
2175  goto done;
2176  }
2177 
2178  /* We want to end up with config.num_intro_points intro points, but if we
2179  * have no intro points at all (chances are they all cycled or we are
2180  * starting up), we launch get_intro_point_num_extra() extra circuits and
2181  * use the first config.num_intro_points that complete. See proposal #155,
2182  * section 4 for the rationale of this which is purely for performance.
2183  *
2184  * The ones after the first config.num_intro_points will be converted to
2185  * 'General' internal circuits and then we'll drop them from the list of
2186  * intro points. */
2187  if (digest256map_size(desc->intro_points.map) == 0) {
2188  num_needed_ip += get_intro_point_num_extra();
2189  }
2190 
2191  /* Build an exclude list of nodes of our intro point(s). The expiring intro
2192  * points are OK to pick again because this is afterall a concept of round
2193  * robin so they are considered valid nodes to pick again. */
2194  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
2195  hs_service_intro_point_t *, ip) {
2196  const node_t *intro_node = get_node_from_intro_point(ip);
2197  if (intro_node) {
2198  smartlist_add(exclude_nodes, (void*)intro_node);
2199  }
2200  } DIGEST256MAP_FOREACH_END;
2201  /* Also, add the failing intro points that our descriptor encounteered in
2202  * the exclude node list. */
2203  setup_intro_point_exclude_list(desc, exclude_nodes);
2204 
2205  for (i = 0; i < num_needed_ip; i++) {
2207 
2208  /* This function will add the picked intro point node to the exclude nodes
2209  * list so we don't pick the same one at the next iteration. */
2210  ip = pick_intro_point(service->config.is_single_onion, exclude_nodes);
2211  if (ip == NULL) {
2212  /* If we end up unable to pick an introduction point it is because we
2213  * can't find suitable node and calling this again is highly unlikely to
2214  * give us a valid node all of the sudden. */
2215  log_info(LD_REND, "Unable to find a suitable node to be an "
2216  "introduction point for service %s.",
2217  safe_str_client(service->onion_address));
2218  goto done;
2219  }
2220  /* Valid intro point object, add it to the descriptor current map. */
2222  }
2223  /* We've successfully picked all our needed intro points thus none are
2224  * missing which will tell our upload process to expect the number of
2225  * circuits to be the number of configured intro points circuits and not the
2226  * number of intro points object that we have. */
2227  desc->missing_intro_points = 0;
2228 
2229  /* Success. */
2230  done:
2231  /* We don't have ownership of the node_t object in this list. */
2232  smartlist_free(exclude_nodes);
2233  return i;
2234 }
2235 
2236 /** Clear previous cached HSDirs in <b>desc</b>. */
2237 static void
2239 {
2240  if (BUG(!desc->previous_hsdirs)) {
2241  return;
2242  }
2243 
2244  SMARTLIST_FOREACH(desc->previous_hsdirs, char*, s, tor_free(s));
2246 }
2247 
2248 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2249 static void
2251 {
2252  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
2253  digest_to_base64(b64_digest, hsdir->identity);
2254 
2255  if (BUG(!desc->previous_hsdirs)) {
2256  return;
2257  }
2258 
2259  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
2260  smartlist_add_strdup(desc->previous_hsdirs, b64_digest);
2261  }
2262 }
2263 
2264 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2265  * means that this descriptor is dirty. */
2266 STATIC void
2268  time_t now,
2269  int descriptor_changed)
2270 
2271 {
2272  desc->next_upload_time = now;
2273 
2274  /* If the descriptor changed, clean up the old HSDirs list. We want to
2275  * re-upload no matter what. */
2276  if (descriptor_changed) {
2278  }
2279 }
2280 
2281 /** Pick missing intro points for this descriptor if needed. */
2282 static void
2284  hs_service_descriptor_t *desc, time_t now)
2285 {
2286  unsigned int num_intro_points;
2287 
2288  tor_assert(service);
2289  tor_assert(desc);
2290  tor_assert(desc->desc);
2291 
2292  num_intro_points = digest256map_size(desc->intro_points.map);
2293 
2294  /* Pick any missing introduction point(s). */
2295  if (num_intro_points < service->config.num_intro_points) {
2296  unsigned int num_new_intro_points = pick_needed_intro_points(service,
2297  desc);
2298  if (num_new_intro_points != 0) {
2299  log_info(LD_REND, "Service %s just picked %u intro points and wanted "
2300  "%u for %s descriptor. It currently has %d intro "
2301  "points. Launching ESTABLISH_INTRO circuit shortly.",
2302  safe_str_client(service->onion_address),
2303  num_new_intro_points,
2304  service->config.num_intro_points - num_intro_points,
2305  (desc == service->desc_current) ? "current" : "next",
2306  num_intro_points);
2307  /* We'll build those introduction point into the descriptor once we have
2308  * confirmation that the circuits are opened and ready. However,
2309  * indicate that this descriptor should be uploaded from now on. */
2310  service_desc_schedule_upload(desc, now, 1);
2311  }
2312  /* Were we able to pick all the intro points we needed? If not, we'll
2313  * flag the descriptor that it's missing intro points because it
2314  * couldn't pick enough which will trigger a descriptor upload. */
2315  if ((num_new_intro_points + num_intro_points) <
2316  service->config.num_intro_points) {
2317  desc->missing_intro_points = 1;
2318  }
2319  }
2320 }
2321 
2322 /** Update descriptor intro points for each service if needed. We do this as
2323  * part of the periodic event because we need to establish intro point circuits
2324  * before we publish descriptors. */
2325 STATIC void
2327 {
2328  FOR_EACH_SERVICE_BEGIN(service) {
2329  /* We'll try to update each descriptor that is if certain conditions apply
2330  * in order for the descriptor to be updated. */
2331  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2332  update_service_descriptor_intro_points(service, desc, now);
2333  } FOR_EACH_DESCRIPTOR_END;
2334  } FOR_EACH_SERVICE_END;
2335 }
2336 
2337 /** Return true iff the given intro point has expired that is it has been used
2338  * for too long or we've reached our max seen INTRODUCE2 cell. */
2339 STATIC int
2341  time_t now)
2342 {
2343  tor_assert(ip);
2344 
2345  if (ip->introduce2_count >= ip->introduce2_max) {
2346  goto expired;
2347  }
2348 
2349  if (ip->time_to_expire <= now) {
2350  goto expired;
2351  }
2352 
2353  /* Not expiring. */
2354  return 0;
2355  expired:
2356  return 1;
2357 }
2358 
2359 /** Return true iff we should remove the intro point ip from its service.
2360  *
2361  * We remove an intro point from the service descriptor list if one of
2362  * these criteria is met:
2363  * - It has expired (either in INTRO2 count or in time).
2364  * - No node was found (fell off the consensus).
2365  * - We are over the maximum amount of retries.
2366  *
2367  * If an established or pending circuit is found for the given ip object, this
2368  * return false indicating it should not be removed. */
2369 static bool
2371 {
2372  bool ret = false;
2373 
2374  tor_assert(ip);
2375 
2376  /* Any one of the following needs to be True to furfill the criteria to
2377  * remove an intro point. */
2378  bool has_no_retries = (ip->circuit_retries >
2380  bool has_no_node = (get_node_from_intro_point(ip) == NULL);
2381  bool has_expired = intro_point_should_expire(ip, now);
2382 
2383  /* If the node fell off the consensus or the IP has expired, we have to
2384  * remove it now. */
2385  if (has_no_node || has_expired) {
2386  ret = true;
2387  goto end;
2388  }
2389 
2390  /* Pass this point, even though we might be over the retry limit, we check
2391  * if a circuit (established or pending) exists. In that case, we should not
2392  * remove it because it might simply be valid and opened at the previous
2393  * scheduled event for the last retry. */
2394 
2395  /* Do we simply have an existing circuit regardless of its state? */
2397  goto end;
2398  }
2399 
2400  /* Getting here means we have _no_ circuits so then return if we have any
2401  * remaining retries. */
2402  ret = has_no_retries;
2403 
2404  end:
2405  /* Meaningful log in case we are about to remove the IP. */
2406  if (ret) {
2407  log_info(LD_REND, "Intro point %s%s (retried: %u times). "
2408  "Removing it.",
2410  has_expired ? " has expired" :
2411  (has_no_node) ? " fell off the consensus" : "",
2412  ip->circuit_retries);
2413  }
2414  return ret;
2415 }
2416 
2417 /** Go over the given set of intro points for each service and remove any
2418  * invalid ones.
2419  *
2420  * If an intro point is removed, the circuit (if any) is immediately close.
2421  * If a circuit can't be found, the intro point is kept if it hasn't reached
2422  * its maximum circuit retry value and thus should be retried. */
2423 static void
2424 cleanup_intro_points(hs_service_t *service, time_t now)
2425 {
2426  /* List of intro points to close. We can't mark the intro circuits for close
2427  * in the modify loop because doing so calls back into the HS subsystem and
2428  * we need to keep that code path outside of the service/desc loop so those
2429  * maps don't get modified during the close making us in a possible
2430  * use-after-free situation. */
2431  smartlist_t *ips_to_free = smartlist_new();
2432 
2433  tor_assert(service);
2434 
2435  /* For both descriptors, cleanup the intro points. */
2436  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2437  /* Go over the current intro points we have, make sure they are still
2438  * valid and remove any of them that aren't. */
2439  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2440  hs_service_intro_point_t *, ip) {
2441  if (should_remove_intro_point(ip, now)) {
2442  /* We've retried too many times, remember it as a failed intro point
2443  * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2444  if (ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
2446  }
2447 
2448  /* Remove intro point from descriptor map and add it to the list of
2449  * ips to free for which we'll also try to close the intro circuit. */
2450  MAP_DEL_CURRENT(key);
2451  smartlist_add(ips_to_free, ip);
2452  }
2453  } DIGEST256MAP_FOREACH_END;
2454  } FOR_EACH_DESCRIPTOR_END;
2455 
2456  /* Go over the intro points to free and close their circuit if any. */
2458  /* See if we need to close the intro point circuit as well */
2459 
2460  /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2461  * open until a new descriptor is uploaded and then closed all expiring
2462  * intro point circuit. Here, we close immediately and because we just
2463  * discarded the intro point, a new one will be selected, a new descriptor
2464  * created and uploaded. There is no difference to an attacker between the
2465  * timing of a new consensus and intro point rotation (possibly?). */
2467  if (ocirc && !TO_CIRCUIT(ocirc)->marked_for_close) {
2468  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2469  }
2470 
2471  /* Cleanup the intro point */
2472  service_intro_point_free(ip);
2473  } SMARTLIST_FOREACH_END(ip);
2474 
2475  smartlist_free(ips_to_free);
2476 }
2477 
2478 /** Set the next rotation time of the descriptors for the given service for the
2479  * time now. */
2480 static void
2482 {
2483  tor_assert(service);
2484 
2485  service->state.next_rotation_time =
2488 
2489  {
2490  char fmt_time[ISO_TIME_LEN + 1];
2491  format_local_iso_time(fmt_time, service->state.next_rotation_time);
2492  log_info(LD_REND, "Next descriptor rotation time set to %s for %s",
2493  fmt_time, safe_str_client(service->onion_address));
2494  }
2495 }
2496 
2497 /** Return true iff the service should rotate its descriptor. The time now is
2498  * only used to fetch the live consensus and if none can be found, this
2499  * returns false. */
2500 static unsigned int
2502 {
2503  const networkstatus_t *ns;
2504 
2505  tor_assert(service);
2506 
2508  if (ns == NULL) {
2509  goto no_rotation;
2510  }
2511 
2512  if (ns->valid_after >= service->state.next_rotation_time) {
2513  /* In theory, we should never get here with no descriptors. We can never
2514  * have a NULL current descriptor except when tor starts up. The next
2515  * descriptor can be NULL after a rotation but we build a new one right
2516  * after.
2517  *
2518  * So, when tor starts, the next rotation time is set to the start of the
2519  * next SRV period using the consensus valid after time so it should
2520  * always be set to a future time value. This means that we should never
2521  * reach this point at bootup that is this check safeguards tor in never
2522  * allowing a rotation if the valid after time is smaller than the next
2523  * rotation time.
2524  *
2525  * This is all good in theory but we've had a NULL descriptor issue here
2526  * so this is why we BUG() on both with extra logging to try to understand
2527  * how this can possibly happens. We'll simply ignore and tor should
2528  * recover from this by skipping rotation and building the missing
2529  * descriptors just after this. */
2530  if (BUG(service->desc_current == NULL || service->desc_next == NULL)) {
2531  log_warn(LD_BUG, "Service descriptor is NULL (%p/%p). Next rotation "
2532  "time is %ld (now: %ld). Valid after time from "
2533  "consensus is %ld",
2534  service->desc_current, service->desc_next,
2535  (long)service->state.next_rotation_time,
2536  (long)now,
2537  (long)ns->valid_after);
2538  goto no_rotation;
2539  }
2540  goto rotation;
2541  }
2542 
2543  no_rotation:
2544  return 0;
2545  rotation:
2546  return 1;
2547 }
2548 
2549 /** Rotate the service descriptors of the given service. The current descriptor
2550  * will be freed, the next one put in as the current and finally the next
2551  * descriptor pointer is NULLified. */
2552 static void
2554 {
2555  if (service->desc_current) {
2556  /* Close all IP circuits for the descriptor. */
2558  /* We don't need this one anymore, we won't serve any clients coming with
2559  * this service descriptor. */
2560  service_descriptor_free(service->desc_current);
2561  }
2562  /* The next one become the current one and emptying the next will trigger
2563  * a descriptor creation for it. */
2564  service->desc_current = service->desc_next;
2565  service->desc_next = NULL;
2566 
2567  /* We've just rotated, set the next time for the rotation. */
2568  set_rotation_time(service);
2569 }
2570 
2571 /** Rotate descriptors for each service if needed. A non existing current
2572  * descriptor will trigger a descriptor build for the next time period. */
2573 STATIC void
2575 {
2576  /* XXX We rotate all our service descriptors at once. In the future it might
2577  * be wise, to rotate service descriptors independently to hide that all
2578  * those descriptors are on the same tor instance */
2579 
2580  FOR_EACH_SERVICE_BEGIN(service) {
2581 
2582  /* Note for a service booting up: Both descriptors are NULL in that case
2583  * so this function might return true if we are in the timeframe for a
2584  * rotation leading to basically swapping two NULL pointers which is
2585  * harmless. However, the side effect is that triggering a rotation will
2586  * update the service state and avoid doing anymore rotations after the
2587  * two descriptors have been built. */
2588  if (!should_rotate_descriptors(service, now)) {
2589  continue;
2590  }
2591 
2592  log_info(LD_REND, "Time to rotate our descriptors (%p / %p) for %s",
2593  service->desc_current, service->desc_next,
2594  safe_str_client(service->onion_address));
2595 
2596  rotate_service_descriptors(service);
2597  } FOR_EACH_SERVICE_END;
2598 }
2599 
2600 /** Scheduled event run from the main loop. Make sure all our services are up
2601  * to date and ready for the other scheduled events. This includes looking at
2602  * the introduction points status and descriptor rotation time. */
2603 STATIC void
2605 {
2606  /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2607  * simply moving things around or removing unneeded elements. */
2608 
2609  FOR_EACH_SERVICE_BEGIN(service) {
2610 
2611  /* If the service is starting off, set the rotation time. We can't do that
2612  * at configure time because the get_options() needs to be set for setting
2613  * that time that uses the voting interval. */
2614  if (service->state.next_rotation_time == 0) {
2615  /* Set the next rotation time of the descriptors. If it's Oct 25th
2616  * 23:47:00, the next rotation time is when the next SRV is computed
2617  * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2618  set_rotation_time(service);
2619  }
2620 
2621  /* Cleanup invalid intro points from the service descriptor. */
2622  cleanup_intro_points(service, now);
2623 
2624  /* Remove expired failing intro point from the descriptor failed list. We
2625  * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2626  remove_expired_failing_intro(service, now);
2627 
2628  /* At this point, the service is now ready to go through the scheduled
2629  * events guaranteeing a valid state. Intro points might be missing from
2630  * the descriptors after the cleanup but the update/build process will
2631  * make sure we pick those missing ones. */
2632  } FOR_EACH_SERVICE_END;
2633 }
2634 
2635 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2636  * date. Once this returns, each service descriptor needs to be considered for
2637  * new introduction circuits and then for upload. */
2638 static void
2640 {
2641  /* For v2 services, this step happens in the upload event. */
2642 
2643  /* Run v3+ events. */
2644  /* We start by rotating the descriptors only if needed. */
2646 
2647  /* Then, we'll try to build new descriptors that we might need. The
2648  * condition is that the next descriptor is non existing because it has
2649  * been rotated or we just started up. */
2650  build_all_descriptors(now);
2651 
2652  /* Finally, we'll check if we should update the descriptors' intro
2653  * points. Missing introduction points will be picked in this function which
2654  * is useful for newly built descriptors. */
2656 }
2657 
2658 /** For the given service, launch any intro point circuits that could be
2659  * needed. This considers every descriptor of the service. */
2660 static void
2662 {
2663  tor_assert(service);
2664 
2665  /* For both descriptors, try to launch any missing introduction point
2666  * circuits using the current map. */
2667  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2668  /* Keep a ref on if we need a direct connection. We use this often. */
2669  bool direct_conn = service->config.is_single_onion;
2670 
2671  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2672  hs_service_intro_point_t *, ip) {
2673  extend_info_t *ei;
2674 
2675  /* Skip the intro point that already has an existing circuit
2676  * (established or not). */
2678  continue;
2679  }
2680  ei = get_extend_info_from_intro_point(ip, direct_conn);
2681 
2682  /* If we can't connect directly to the intro point, get an extend_info
2683  * for a multi-hop path instead. */
2684  if (ei == NULL && direct_conn) {
2685  direct_conn = false;
2687  }
2688 
2689  if (ei == NULL) {
2690  /* This is possible if we can get a node_t but not the extend info out
2691  * of it. In this case, we remove the intro point and a new one will
2692  * be picked at the next main loop callback. */
2693  MAP_DEL_CURRENT(key);
2694  service_intro_point_free(ip);
2695  continue;
2696  }
2697 
2698  /* Launch a circuit to the intro point. */
2699  ip->circuit_retries++;
2700  if (hs_circ_launch_intro_point(service, ip, ei, direct_conn) < 0) {
2701  log_info(LD_REND, "Unable to launch intro circuit to node %s "
2702  "for service %s.",
2703  safe_str_client(extend_info_describe(ei)),
2704  safe_str_client(service->onion_address));
2705  /* Intro point will be retried if possible after this. */
2706  }
2707  extend_info_free(ei);
2708  } DIGEST256MAP_FOREACH_END;
2709  } FOR_EACH_DESCRIPTOR_END;
2710 }
2711 
2712 /** Don't try to build more than this many circuits before giving up for a
2713  * while. Dynamically calculated based on the configured number of intro
2714  * points for the given service and how many descriptor exists. The default
2715  * use case of 3 introduction points and two descriptors will allow 28
2716  * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2717 static unsigned int
2719 {
2720  unsigned int count = 0;
2721  unsigned int multiplier = 0;
2722  unsigned int num_wanted_ip;
2723 
2724  tor_assert(service);
2725  tor_assert(service->config.num_intro_points <=
2726  HS_CONFIG_V3_MAX_INTRO_POINTS);
2727 
2728 /** For a testing network, allow to do it for the maximum amount so circuit
2729  * creation and rotation and so on can actually be tested without limit. */
2730 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2731  if (get_options()->TestingTorNetwork) {
2732  return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
2733  }
2734 
2735  num_wanted_ip = service->config.num_intro_points;
2736 
2737  /* The calculation is as follow. We have a number of intro points that we
2738  * want configured as a torrc option (num_intro_points). We then add an
2739  * extra value so we can launch multiple circuits at once and pick the
2740  * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2741  * pick 5 intros and launch 5 circuits. */
2742  count += (num_wanted_ip + get_intro_point_num_extra());
2743 
2744  /* Then we add the number of retries that is possible to do for each intro
2745  * point. If we want 3 intros, we'll allow 3 times the number of possible
2746  * retry. */
2747  count += (num_wanted_ip * MAX_INTRO_POINT_CIRCUIT_RETRIES);
2748 
2749  /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2750  * have none. */
2751  multiplier += (service->desc_current) ? 1 : 0;
2752  multiplier += (service->desc_next) ? 1 : 0;
2753 
2754  return (count * multiplier);
2755 }
2756 
2757 /** For the given service, return 1 if the service is allowed to launch more
2758  * introduction circuits else 0 if the maximum has been reached for the retry
2759  * period of INTRO_CIRC_RETRY_PERIOD. */
2760 STATIC int
2762 {
2763  tor_assert(service);
2764 
2765  /* Consider the intro circuit retry period of the service. */
2766  if (now > (service->state.intro_circ_retry_started_time +
2768  service->state.intro_circ_retry_started_time = now;
2769  service->state.num_intro_circ_launched = 0;
2770  goto allow;
2771  }
2772  /* Check if we can still launch more circuits in this period. */
2773  if (service->state.num_intro_circ_launched <=
2774  get_max_intro_circ_per_period(service)) {
2775  goto allow;
2776  }
2777 
2778  /* Rate limit log that we've reached our circuit creation limit. */
2779  {
2780  char *msg;
2781  time_t elapsed_time = now - service->state.intro_circ_retry_started_time;
2782  static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD);
2783  if ((msg = rate_limit_log(&rlimit, now))) {
2784  log_info(LD_REND, "Hidden service %s exceeded its circuit launch limit "
2785  "of %u per %d seconds. It launched %u circuits in "
2786  "the last %ld seconds. Will retry in %ld seconds.",
2787  safe_str_client(service->onion_address),
2790  service->state.num_intro_circ_launched,
2791  (long int) elapsed_time,
2792  (long int) (INTRO_CIRC_RETRY_PERIOD - elapsed_time));
2793  tor_free(msg);
2794  }
2795  }
2796 
2797  /* Not allow. */
2798  return 0;
2799  allow:
2800  return 1;
2801 }
2802 
2803 /** Scheduled event run from the main loop. Make sure we have all the circuits
2804  * we need for each service. */
2805 static void
2807 {
2808  /* Make sure we can actually have enough information or able to build
2809  * internal circuits as required by services. */
2810  if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN ||
2812  return;
2813  }
2814 
2815  /* Run v2 check. */
2816  if (rend_num_services() > 0) {
2818  }
2819 
2820  /* Run v3+ check. */
2821  FOR_EACH_SERVICE_BEGIN(service) {
2822  /* For introduction circuit, we need to make sure we don't stress too much
2823  * circuit creation so make sure this service is respecting that limit. */
2824  if (can_service_launch_intro_circuit(service, now)) {
2825  /* Launch intro point circuits if needed. */
2826  launch_intro_point_circuits(service);
2827  /* Once the circuits have opened, we'll make sure to update the
2828  * descriptor intro point list and cleanup any extraneous. */
2829  }
2830  } FOR_EACH_SERVICE_END;
2831 }
2832 
2833 /** Encode and sign the service descriptor desc and upload it to the given
2834  * hidden service directory. This does nothing if PublishHidServDescriptors
2835  * is false. */
2836 static void
2838  hs_service_descriptor_t *desc, const node_t *hsdir)
2839 {
2840  char *encoded_desc = NULL;
2841 
2842  tor_assert(service);
2843  tor_assert(desc);
2844  tor_assert(hsdir);
2845 
2846  /* Let's avoid doing that if tor is configured to not publish. */
2847  if (!get_options()->PublishHidServDescriptors) {
2848  log_info(LD_REND, "Service %s not publishing descriptor. "
2849  "PublishHidServDescriptors is set to 0.",
2850  safe_str_client(service->onion_address));
2851  goto end;
2852  }
2853 
2854  /* First of all, we'll encode the descriptor. This should NEVER fail but
2855  * just in case, let's make sure we have an actual usable descriptor. */
2856  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2857  &encoded_desc) < 0)) {
2858  goto end;
2859  }
2860 
2861  /* Time to upload the descriptor to the directory. */
2862  hs_service_upload_desc_to_dir(encoded_desc, service->config.version,
2863  &service->keys.identity_pk,
2864  &desc->blinded_kp.pubkey, hsdir->rs);
2865 
2866  /* Add this node to previous_hsdirs list */
2867  service_desc_note_upload(desc, hsdir);
2868 
2869  /* Logging so we know where it was sent. */
2870  {
2871  int is_next_desc = (service->desc_next == desc);
2872  const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.store_second:
2873  hsdir->hsdir_index.store_first;
2874  char *blinded_pubkey_log_str =
2875  tor_strdup(hex_str((char*)&desc->blinded_kp.pubkey.pubkey, 32));
2876  log_info(LD_REND, "Service %s %s descriptor of revision %" PRIu64
2877  " initiated upload request to %s with index %s (%s)",
2878  safe_str_client(service->onion_address),
2879  (is_next_desc) ? "next" : "current",
2881  safe_str_client(node_describe(hsdir)),
2882  safe_str_client(hex_str((const char *) idx, 32)),
2883  safe_str_client(blinded_pubkey_log_str));
2884  tor_free(blinded_pubkey_log_str);
2885 
2886  /* Fire a UPLOAD control port event. */
2888  &desc->blinded_kp.pubkey, idx);
2889  }
2890 
2891  end:
2892  tor_free(encoded_desc);
2893  return;
2894 }
2895 
2896 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2897  * timestamp using an OPE scheme and using the ciphertext as our revision
2898  * counter.
2899  *
2900  * If <b>is_current</b> is true, then this is the current HS descriptor,
2901  * otherwise it's the next one. */
2902 static void
2904  bool is_current)
2905 {
2906  uint64_t rev_counter = 0;
2907 
2908  /* Get current time */
2909  time_t srv_start = 0;
2910 
2911  /* As our revision counter plaintext value, we use the seconds since the
2912  * start of the SR protocol run that is relevant to this descriptor. This is
2913  * guaranteed to be a positive value since we need the SRV to start making a
2914  * descriptor (so that we know where to upload it).
2915  *
2916  * Depending on whether we are building the current or the next descriptor,
2917  * services use a different SRV value. See [SERVICEUPLOAD] in
2918  * rend-spec-v3.txt:
2919  *
2920  * In particular, for the current descriptor (aka first descriptor), Tor
2921  * always uses the previous SRV for uploading the descriptor, and hence we
2922  * should use the start time of the previous protocol run here.
2923  *
2924  * Whereas for the next descriptor (aka second descriptor), Tor always uses
2925  * the current SRV for uploading the descriptor. and hence we use the start
2926  * time of the current protocol run.
2927  */
2928  if (is_current) {
2930  } else {
2932  }
2933 
2934  log_info(LD_REND, "Setting rev counter for TP #%u: "
2935  "SRV started at %d, now %d (%s)",
2936  (unsigned) hs_desc->time_period_num, (int)srv_start,
2937  (int)now, is_current ? "current" : "next");
2938 
2939  tor_assert_nonfatal(now >= srv_start);
2940 
2941  /* Compute seconds elapsed since the start of the time period. That's the
2942  * number of seconds of how long this blinded key has been active. */
2943  time_t seconds_since_start_of_srv = now - srv_start;
2944 
2945  /* Increment by one so that we are definitely sure this is strictly
2946  * positive and not zero. */
2947  seconds_since_start_of_srv++;
2948 
2949  /* Check for too big inputs. */
2950  if (BUG(seconds_since_start_of_srv > OPE_INPUT_MAX)) {
2951  seconds_since_start_of_srv = OPE_INPUT_MAX;
2952  }
2953 
2954  /* Now we compute the final revision counter value by encrypting the
2955  plaintext using our OPE cipher: */
2956  tor_assert(hs_desc->ope_cipher);
2957  rev_counter = crypto_ope_encrypt(hs_desc->ope_cipher,
2958  (int) seconds_since_start_of_srv);
2959 
2960  /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2961  tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
2962 
2963  log_info(LD_REND, "Encrypted revision counter %d to %" PRIu64,
2964  (int) seconds_since_start_of_srv, rev_counter);
2965 
2966  hs_desc->desc->plaintext_data.revision_counter = rev_counter;
2967 }
2968 
2969 /** Encode and sign the service descriptor desc and upload it to the
2970  * responsible hidden service directories. If for_next_period is true, the set
2971  * of directories are selected using the next hsdir_index. This does nothing
2972  * if PublishHidServDescriptors is false. */
2973 STATIC void
2976 {
2977  smartlist_t *responsible_dirs = NULL;
2978 
2979  tor_assert(service);
2980  tor_assert(desc);
2981 
2982  /* We'll first cancel any directory request that are ongoing for this
2983  * descriptor. It is possible that we can trigger multiple uploads in a
2984  * short time frame which can lead to a race where the second upload arrives
2985  * before the first one leading to a 400 malformed descriptor response from
2986  * the directory. Closing all pending requests avoids that. */
2987  close_directory_connections(service, desc);
2988 
2989  /* Get our list of responsible HSDir. */
2990  responsible_dirs = smartlist_new();
2991  /* The parameter 0 means that we aren't a client so tell the function to use
2992  * the spread store consensus paremeter. */
2994  service->desc_next == desc, 0, responsible_dirs);
2995 
2996  /** Clear list of previous hsdirs since we are about to upload to a new
2997  * list. Let's keep it up to date. */
2999 
3000  /* For each responsible HSDir we have, initiate an upload command. */
3001  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *,
3002  hsdir_rs) {
3003  const node_t *hsdir_node = node_get_by_id(hsdir_rs->identity_digest);
3004  /* Getting responsible hsdir implies that the node_t object exists for the
3005  * routerstatus_t found in the consensus else we have a problem. */
3006  tor_assert(hsdir_node);
3007  /* Upload this descriptor to the chosen directory. */
3008  upload_descriptor_to_hsdir(service, desc, hsdir_node);
3009  } SMARTLIST_FOREACH_END(hsdir_rs);
3010 
3011  /* Set the next upload time for this descriptor. Even if we are configured
3012  * to not upload, we still want to follow the right cycle of life for this
3013  * descriptor. */
3014  desc->next_upload_time =
3017  {
3018  char fmt_next_time[ISO_TIME_LEN+1];
3019  format_local_iso_time(fmt_next_time, desc->next_upload_time);
3020  log_debug(LD_REND, "Service %s set to upload a descriptor at %s",
3021  safe_str_client(service->onion_address), fmt_next_time);
3022  }
3023 
3024  smartlist_free(responsible_dirs);
3025  return;
3026 }
3027 
3028 /** The set of HSDirs have changed: check if the change affects our descriptor
3029  * HSDir placement, and if it does, reupload the desc. */
3030 STATIC int
3032  const hs_service_descriptor_t *desc)
3033 {
3034  int should_reupload = 0;
3035  smartlist_t *responsible_dirs = smartlist_new();
3036 
3037  /* No desc upload has happened yet: it will happen eventually */
3038  if (!desc->previous_hsdirs || !smartlist_len(desc->previous_hsdirs)) {
3039  goto done;
3040  }
3041 
3042  /* Get list of responsible hsdirs */
3044  service->desc_next == desc, 0, responsible_dirs);
3045 
3046  /* Check if any new hsdirs have been added to the responsible hsdirs set:
3047  * Iterate over the list of new hsdirs, and reupload if any of them is not
3048  * present in the list of previous hsdirs.
3049  */
3050  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *, hsdir_rs) {
3051  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
3052  digest_to_base64(b64_digest, hsdir_rs->identity_digest);
3053 
3054  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
3055  should_reupload = 1;
3056  break;
3057  }
3058  } SMARTLIST_FOREACH_END(hsdir_rs);
3059 
3060  done:
3061  smartlist_free(responsible_dirs);
3062 
3063  return should_reupload;
3064 }
3065 
3066 /** These are all the reasons why a descriptor upload can't occur. We use
3067  * those to log the reason properly with the right rate limiting and for the
3068  * right descriptor. */
3069 typedef enum {
3070  LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3071  LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3072  LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3073  LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3074  LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3076 
3077 /** Maximum number of reasons. This is used to allocate the static array of
3078  * all rate limiting objects. */
3079 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3080 
3081 /** Log the reason why we can't upload the given descriptor for the given
3082  * service. This takes a message string (allocated by the caller) and a
3083  * reason.
3084  *
3085  * Depending on the reason and descriptor, different rate limit applies. This
3086  * is done because this function will basically be called every second. Each
3087  * descriptor for each reason uses its own log rate limit object in order to
3088  * avoid message suppression for different reasons and descriptors. */
3089 static void
3091  const hs_service_descriptor_t *desc, const char *msg,
3092  const log_desc_upload_reason_t reason)
3093 {
3094  /* Writing the log every minute shouldn't be too annoying for log rate limit
3095  * since this can be emitted every second for each descriptor.
3096  *
3097  * However, for one specific case, we increase it to 10 minutes because it
3098  * is hit constantly, as an expected behavior, which is the reason
3099  * indicating that it is not the time to upload. */
3100  static ratelim_t limits[2][LOG_DESC_UPLOAD_REASON_MAX + 1] =
3101  { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3102  RATELIM_INIT(60), RATELIM_INIT(60) },
3103  { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3104  RATELIM_INIT(60), RATELIM_INIT(60) },
3105  };
3106  bool is_next_desc = false;
3107  unsigned int rlim_pos = 0;
3108  ratelim_t *rlim = NULL;
3109 
3110  tor_assert(service);
3111  tor_assert(desc);
3112  tor_assert(msg);
3113 
3114  /* Make sure the reason value is valid. It should never happen because we
3115  * control that value in the code flow but will be apparent during
3116  * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3117  * updated. */
3118  if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX || reason < 0)) {
3119  return;
3120  }
3121 
3122  /* Ease our life. Flag that tells us if the descriptor is the next one. */
3123  is_next_desc = (service->desc_next == desc);
3124 
3125  /* Current descriptor is the first element in the ratelimit object array.
3126  * The next descriptor is the second element. */
3127  rlim_pos = (is_next_desc ? 1 : 0);
3128  /* Get the ratelimit object for the reason _and_ right descriptor. */
3129  rlim = &limits[rlim_pos][reason];
3130 
3132  "Service %s can't upload its %s descriptor: %s",
3133  safe_str_client(service->onion_address),
3134  (is_next_desc) ? "next" : "current", msg);
3135 }
3136 
3137 /** Return 1 if the given descriptor from the given service can be uploaded
3138  * else return 0 if it can not. */
3139 static int
3141  const hs_service_descriptor_t *desc, time_t now)
3142 {
3143  char *msg = NULL;
3144  unsigned int num_intro_points, count_ip_established;
3145 
3146  tor_assert(service);
3147  tor_assert(desc);
3148 
3149  /* If this descriptors has missing intro points that is that it couldn't get
3150  * them all when it was time to pick them, it means that we should upload
3151  * instead of waiting an arbitrary amount of time breaking the service.
3152  * Else, if we have no missing intro points, we use the value taken from the
3153  * service configuration. */
3154  if (desc->missing_intro_points) {
3155  num_intro_points = digest256map_size(desc->intro_points.map);
3156  } else {
3157  num_intro_points = service->config.num_intro_points;
3158  }
3159 
3160  /* This means we tried to pick intro points but couldn't get any so do not
3161  * upload descriptor in this case. We need at least one for the service to
3162  * be reachable. */
3163  if (desc->missing_intro_points && num_intro_points == 0) {
3164  msg = tor_strdup("Missing intro points");
3165  log_cant_upload_desc(service, desc, msg,
3166  LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3167  goto cannot;
3168  }
3169 
3170  /* Check if all our introduction circuit have been established for all the
3171  * intro points we have selected. */
3172  count_ip_established = count_desc_circuit_established(desc);
3173  if (count_ip_established != num_intro_points) {
3174  tor_asprintf(&msg, "Intro circuits aren't yet all established (%d/%d).",
3175  count_ip_established, num_intro_points);
3176  log_cant_upload_desc(service, desc, msg,
3177  LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3178  goto cannot;
3179  }
3180 
3181  /* Is it the right time to upload? */
3182  if (desc->next_upload_time > now) {
3183  tor_asprintf(&msg, "Next upload time is %ld, it is now %ld.",
3184  (long int) desc->next_upload_time, (long int) now);
3185  log_cant_upload_desc(service, desc, msg,
3186  LOG_DESC_UPLOAD_REASON_NOT_TIME);
3187  goto cannot;
3188  }
3189 
3190  /* Don't upload desc if we don't have a live consensus */
3192  msg = tor_strdup("No live consensus");
3193  log_cant_upload_desc(service, desc, msg,
3194  LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3195  goto cannot;
3196  }
3197 
3198  /* Do we know enough router descriptors to have adequate vision of the HSDir
3199  hash ring? */
3201  msg = tor_strdup("Not enough directory information");
3202  log_cant_upload_desc(service, desc, msg,
3203  LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3204  goto cannot;
3205  }
3206 
3207  /* Can upload! */
3208  return 1;
3209 
3210  cannot:
3211  tor_free(msg);
3212  return 0;
3213 }
3214 
3215 /** Refresh the given service descriptor meaning this will update every mutable
3216  * field that needs to be updated before we upload.
3217  *
3218  * This should ONLY be called before uploading a descriptor. It assumes that
3219  * the descriptor has been built (desc->desc) and that all intro point
3220  * circuits have been established. */
3221 static void
3223  hs_service_descriptor_t *desc, time_t now)
3224 {
3225  /* There are few fields that we consider "mutable" in the descriptor meaning
3226  * we need to update them regurlarly over the lifetime fo the descriptor.
3227  * The rest are set once and should not be modified.
3228  *
3229  * - Signing key certificate.
3230  * - Revision counter.
3231  * - Introduction points which includes many thing. See
3232  * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3233  */
3234 
3235  /* Create the signing key certificate. */
3236  build_desc_signing_key_cert(desc, now);
3237 
3238  /* Build the intro points descriptor section. The refresh step is just
3239  * before we upload so all circuits have been properly established. */
3240  build_desc_intro_points(service, desc, now);
3241 
3242  /* Set the desc revision counter right before uploading */
3243  set_descriptor_revision_counter(desc, now, service->desc_current == desc);
3244 }
3245 
3246 /** Scheduled event run from the main loop. Try to upload the descriptor for
3247  * each service. */
3248 STATIC void
3250 {
3251  /* v2 services use the same function for descriptor creation and upload so
3252  * we do everything here because the intro circuits were checked before. */
3253  if (rend_num_services() > 0) {
3256  }
3257 
3258  /* Run v3+ check. */
3259  FOR_EACH_SERVICE_BEGIN(service) {
3260  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
3261  /* If we were asked to re-examine the hash ring, and it changed, then
3262  schedule an upload */
3264  service_desc_hsdirs_changed(service, desc)) {
3265  service_desc_schedule_upload(desc, now, 0);
3266  }
3267 
3268  /* Can this descriptor be uploaded? */
3269  if (!should_service_upload_descriptor(service, desc, now)) {
3270  continue;
3271  }
3272 
3273  log_info(LD_REND, "Initiating upload for hidden service %s descriptor "
3274  "for service %s with %u/%u introduction points%s.",
3275  (desc == service->desc_current) ? "current" : "next",
3276  safe_str_client(service->onion_address),
3277  digest256map_size(desc->intro_points.map),
3278  service->config.num_intro_points,
3279  (desc->missing_intro_points) ? " (couldn't pick more)" : "");
3280 
3281  /* We are about to upload so we need to do one last step which is to
3282  * update the service's descriptor mutable fields in order to upload a
3283  * coherent descriptor. */
3284  refresh_service_descriptor(service, desc, now);
3285 
3286  /* Proceed with the upload, the descriptor is ready to be encoded. */
3287  upload_descriptor_to_all(service, desc);
3288  } FOR_EACH_DESCRIPTOR_END;
3289  } FOR_EACH_SERVICE_END;
3290 
3291  /* We are done considering whether to republish rend descriptors */
3293 }
3294 
3295 /** Called when the introduction point circuit is done building and ready to be
3296  * used. */
3297 static void
3299 {
3300  hs_service_t *service = NULL;
3301  hs_service_intro_point_t *ip = NULL;
3302  hs_service_descriptor_t *desc = NULL;
3303 
3304  tor_assert(circ);
3305 
3306  /* Let's do some basic sanity checking of the circ state */
3307  if (BUG(!circ->cpath)) {
3308  return;
3309  }
3310  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
3311  return;
3312  }
3313  if (BUG(!circ->hs_ident)) {
3314  return;
3315  }
3316 
3317  /* Get the corresponding service and intro point. */
3318  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3319 
3320  if (service == NULL) {
3321  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3322  "circuit %u. Can't find onion service.",
3323  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3324  TO_CIRCUIT(circ)->n_circ_id);
3325  goto err;
3326  }
3327  if (ip == NULL) {
3328  log_warn(LD_REND, "Unknown introduction point auth key on circuit %u "
3329  "for service %s",
3330  TO_CIRCUIT(circ)->n_circ_id,
3331  safe_str_client(service->onion_address));
3332  goto err;
3333  }
3334  /* We can't have an IP object without a descriptor. */
3335  tor_assert(desc);
3336 
3337  if (hs_circ_service_intro_has_opened(service, ip, desc, circ)) {
3338  /* Getting here means that the circuit has been re-purposed because we
3339  * have enough intro circuit opened. Remove the IP from the service. */
3340  service_intro_point_remove(service, ip);
3341  service_intro_point_free(ip);
3342  }
3343 
3344  goto done;
3345 
3346  err:
3347  /* Close circuit, we can't use it. */
3348  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3349  done:
3350  return;
3351 }
3352 
3353 /** Called when a rendezvous circuit is done building and ready to be used. */
3354 static void
3356 {
3357  hs_service_t *service = NULL;
3358 
3359  tor_assert(circ);
3360  tor_assert(circ->cpath);
3361  /* Getting here means this is a v3 rendezvous circuit. */
3362  tor_assert(circ->hs_ident);
3364 
3365  /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3366  * timestamp regardless of its content because that circuit could have been
3367  * cannibalized so in any cases, we are about to use that circuit more. */
3368  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3370 
3371  /* Get the corresponding service and intro point. */
3372  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3373  if (service == NULL) {
3374  log_warn(LD_REND, "Unknown service identity key %s on the rendezvous "
3375  "circuit %u with cookie %s. Can't find onion service.",
3376  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3377  TO_CIRCUIT(circ)->n_circ_id,
3378  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
3379  REND_COOKIE_LEN));
3380  goto err;
3381  }
3382 
3383  /* If the cell can't be sent, the circuit will be closed within this
3384  * function. */
3385  hs_circ_service_rp_has_opened(service, circ);
3386  goto done;
3387 
3388  err:
3389  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3390  done:
3391  return;
3392 }
3393 
3394 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3395  * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3396  * introduction circuit. Return 0 on success else a negative value. */
3397 static int
3399  const uint8_t *payload,
3400  size_t payload_len)
3401 {
3402  hs_service_t *service = NULL;
3403  hs_service_intro_point_t *ip = NULL;
3404 
3405  tor_assert(circ);
3406  tor_assert(payload);
3408 
3409  /* We need the service and intro point for this cell. */
3410  get_objects_from_ident(circ->hs_ident, &service, &ip, NULL);
3411 
3412  /* Get service object from the circuit identifier. */
3413  if (service == NULL) {
3414  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3415  "circuit %u. Can't find onion service.",
3416  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3417  TO_CIRCUIT(circ)->n_circ_id);
3418  goto err;
3419  }
3420  if (ip == NULL) {
3421  /* We don't recognize the key. */
3422  log_warn(LD_REND, "Introduction circuit established without an intro "
3423  "point object on circuit %u for service %s",
3424  TO_CIRCUIT(circ)->n_circ_id,
3425  safe_str_client(service->onion_address));
3426  goto err;
3427  }
3428 
3429  /* Try to parse the payload into a cell making sure we do actually have a
3430  * valid cell. On success, the ip object and circuit purpose is updated to
3431  * reflect the fact that the introduction circuit is established. */
3432  if (hs_circ_handle_intro_established(service, ip, circ, payload,
3433  payload_len) < 0) {
3434  goto err;
3435  }
3436 
3437  log_info(LD_REND, "Successfully received an INTRO_ESTABLISHED cell "
3438  "on circuit %u for service %s",
3439  TO_CIRCUIT(circ)->n_circ_id,
3440  safe_str_client(service->onion_address));
3441  return 0;
3442 
3443  err:
3444  return -1;
3445 }
3446 
3447 /** We just received an INTRODUCE2 cell on the established introduction circuit
3448  * circ. Handle the cell and return 0 on success else a negative value. */
3449 static int
3450 service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3451  size_t payload_len)
3452 {
3453  hs_service_t *service = NULL;
3454  hs_service_intro_point_t *ip = NULL;
3455  hs_service_descriptor_t *desc = NULL;
3456 
3457  tor_assert(circ);
3458  tor_assert(payload);
3459  tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
3460 
3461  /* We'll need every object associated with this circuit. */
3462  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3463 
3464  /* Get service object from the circuit identifier. */
3465  if (service == NULL) {
3466  log_warn(LD_BUG, "Unknown service identity key %s when handling "
3467  "an INTRODUCE2 cell on circuit %u",
3468  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3469  TO_CIRCUIT(circ)->n_circ_id);
3470  goto err;
3471  }
3472  if (ip == NULL) {
3473  /* We don't recognize the key. */
3474  log_warn(LD_BUG, "Unknown introduction auth key when handling "
3475  "an INTRODUCE2 cell on circuit %u for service %s",
3476  TO_CIRCUIT(circ)->n_circ_id,
3477  safe_str_client(service->onion_address));
3478  goto err;
3479  }
3480  /* If we have an IP object, we MUST have a descriptor object. */
3481  tor_assert(desc);
3482 
3483  /* The following will parse, decode and launch the rendezvous point circuit.
3484  * Both current and legacy cells are handled. */
3485  if (hs_circ_handle_introduce2(service, circ, ip, &desc->desc->subcredential,
3486  payload, payload_len) < 0) {
3487  goto err;
3488  }
3489 
3490  return 0;
3491  err:
3492  return -1;
3493 }
3494 
3495 /** Add to list every filename used by service. This is used by the sandbox
3496  * subsystem. */
3497 static void
3499 {
3500  const char *s_dir;
3501  char fname[128] = {0};
3502 
3503  tor_assert(service);
3504  tor_assert(list);
3505 
3506  /* Ease our life. */
3507  s_dir = service->config.directory_path;
3508  /* The hostname file. */
3509  smartlist_add(list, hs_path_from_filename(s_dir, fname_hostname));
3510  /* The key files splitted in two. */
3511  tor_snprintf(fname, sizeof(fname), "%s_secret_key", fname_keyfile_prefix);
3512  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3513  tor_snprintf(fname, sizeof(fname), "%s_public_key", fname_keyfile_prefix);
3514  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3515 }
3516 
3517 /** Return true iff the given service identity key is present on disk. */
3518 static int
3519 service_key_on_disk(const char *directory_path)
3520 {
3521  int ret = 0;
3522  char *fname;
3523  ed25519_keypair_t *kp = NULL;
3524 
3525  tor_assert(directory_path);
3526 
3527  /* Build the v3 key path name and then try to load it. */
3528  fname = hs_path_from_filename(directory_path, fname_keyfile_prefix);
3529  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT,
3530  LOG_DEBUG, NULL, 0, 0, 0, NULL, NULL);
3531  if (kp) {
3532  ret = 1;
3533  }
3534 
3535  ed25519_keypair_free(kp);
3536  tor_free(fname);
3537 
3538  return ret;
3539 }
3540 
3541 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3542  * because we need some preprocessing here */
3543 static int
3545  const hs_service_descriptor_t *desc,
3546  const ed25519_keypair_t *signing_kp,
3547  char **encoded_out)
3548 {
3549  int ret;
3550  const uint8_t *descriptor_cookie = NULL;
3551 
3552  tor_assert(service);
3553  tor_assert(desc);
3554  tor_assert(encoded_out);
3555 
3556  /* If the client authorization is enabled, send the descriptor cookie to
3557  * hs_desc_encode_descriptor. Otherwise, send NULL */
3558  if (service->config.is_client_auth_enabled) {
3559  descriptor_cookie = desc->descriptor_cookie;
3560  }
3561 
3562  ret = hs_desc_encode_descriptor(desc->desc, signing_kp,
3563  descriptor_cookie, encoded_out);
3564 
3565  return ret;
3566 }
3567 
3568 /* ========== */
3569 /* Public API */
3570 /* ========== */
3571 
3572 /** This is called everytime the service map (v2 or v3) changes that is if an
3573  * element is added or removed. */
3574 void
3576 {
3577  /* If we now have services where previously we had not, we need to enable
3578  * the HS service main loop event. If we changed to having no services, we
3579  * need to disable the event. */
3581 }
3582 
3583 /** Upload an encoded descriptor in encoded_desc of the given version. This
3584  * descriptor is for the service identity_pk and blinded_pk used to setup the
3585  * directory connection identifier. It is uploaded to the directory hsdir_rs
3586  * routerstatus_t object.
3587  *
3588  * NOTE: This function does NOT check for PublishHidServDescriptors because it
3589  * is only used by the control port command HSPOST outside of this subsystem.
3590  * Inside this code, upload_descriptor_to_hsdir() should be used. */
3591 void
3592 hs_service_upload_desc_to_dir(const char *encoded_desc,
3593  const uint8_t version,
3594  const ed25519_public_key_t *identity_pk,
3595  const ed25519_public_key_t *blinded_pk,
3596  const routerstatus_t *hsdir_rs)
3597 {
3598  char version_str[4] = {0};
3599  directory_request_t *dir_req;
3600  hs_ident_dir_conn_t ident;
3601 
3602  tor_assert(encoded_desc);
3603  tor_assert(identity_pk);
3604  tor_assert(blinded_pk);
3605  tor_assert(hsdir_rs);
3606 
3607  /* Setup the connection identifier. */
3608  memset(&ident, 0, sizeof(ident));
3609  hs_ident_dir_conn_init(identity_pk, blinded_pk, &ident);
3610 
3611  /* This is our resource when uploading which is used to construct the URL
3612  * with the version number: "/tor/hs/<version>/publish". */
3613  tor_snprintf(version_str, sizeof(version_str), "%u", version);
3614 
3615  /* Build the directory request for this HSDir. */
3617  directory_request_set_routerstatus(dir_req, hsdir_rs);
3619  directory_request_set_resource(dir_req, version_str);
3620  directory_request_set_payload(dir_req, encoded_desc,
3621  strlen(encoded_desc));
3622  /* The ident object is copied over the directory connection object once
3623  * the directory request is initiated. */
3624  directory_request_upload_set_hs_ident(dir_req, &ident);
3625 
3626  /* Initiate the directory request to the hsdir.*/
3627  directory_initiate_request(dir_req);
3628  directory_request_free(dir_req);
3629 }
3630 
3631 /** Add the ephemeral service using the secret key sk and ports. Both max
3632  * streams parameter will be set in the newly created service.
3633  *
3634  * Ownership of sk and ports is passed to this routine. Regardless of
3635  * success/failure, callers should not touch these values after calling this
3636  * routine, and may assume that correct cleanup has been done on failure.
3637  *
3638  * Return an appropriate hs_service_add_ephemeral_status_t. */
3641  int max_streams_per_rdv_circuit,
3642  int max_streams_close_circuit, char **address_out)
3643 {
3645  hs_service_t *service = NULL;
3646 
3647  tor_assert(sk);
3648  tor_assert(ports);
3649  tor_assert(address_out);
3650 
3651  service = hs_service_new(get_options());
3652 
3653  /* Setup the service configuration with specifics. A default service is
3654  * HS_VERSION_TWO so explicitly set it. */
3655  service->config.version = HS_VERSION_THREE;
3656  service->config.max_streams_per_rdv_circuit = max_streams_per_rdv_circuit;
3657  service->config.max_streams_close_circuit = !!max_streams_close_circuit;
3658  service->config.is_ephemeral = 1;
3659  smartlist_free(service->config.ports);
3660  service->config.ports = ports;
3661 
3662  /* Handle the keys. */
3663  memcpy(&service->keys.identity_sk, sk, sizeof(service->keys.identity_sk));
3665  &service->keys.identity_sk) < 0) {
3666  log_warn(LD_CONFIG, "Unable to generate ed25519 public key"
3667  "for v3 service.");
3668  ret = RSAE_BADPRIVKEY;
3669  goto err;
3670  }
3671 
3672  if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
3673  log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
3674  ret = RSAE_BADPRIVKEY;
3675  goto err;
3676  }
3677 
3678  /* Make sure we have at least one port. */
3679  if (smartlist_len(service->config.ports) == 0) {
3680  log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
3681  "for v3 service.");
3682  ret = RSAE_BADVIRTPORT;
3683  goto err;
3684  }
3685 
3686  /* Build the onion address for logging purposes but also the control port
3687  * uses it for the HS_DESC event. */
3688  hs_build_address(&service->keys.identity_pk,
3689  (uint8_t) service->config.version,
3690  service->onion_address);
3691 
3692  /* The only way the registration can fail is if the service public key
3693  * already exists. */
3694  if (BUG(register_service(hs_service_map, service) < 0)) {
3695  log_warn(LD_CONFIG, "Onion Service private key collides with an "
3696  "existing v3 service.");
3697  ret = RSAE_ADDREXISTS;
3698  goto err;
3699  }
3700 
3701  log_info(LD_CONFIG, "Added ephemeral v3 onion service: %s",
3702  safe_str_client(service->onion_address));
3703 
3704  *address_out = tor_strdup(service->onion_address);
3705  ret = RSAE_OKAY;
3706  goto end;
3707 
3708  err:
3709  hs_service_free(service);
3710 
3711  end:
3712  memwipe(sk, 0, sizeof(ed25519_secret_key_t));
3713  tor_free(sk);
3714  return ret;
3715 }
3716 
3717 /** For the given onion address, delete the ephemeral service. Return 0 on
3718  * success else -1 on error. */
3719 int
3720 hs_service_del_ephemeral(const char *address)
3721 {
3722  uint8_t version;
3724  hs_service_t *service = NULL;
3725 
3726  tor_assert(address);
3727 
3728  if (hs_parse_address(address, &pk, NULL, &version) < 0) {
3729  log_warn(LD_CONFIG, "Requested malformed v3 onion address for removal.");
3730  goto err;
3731  }
3732 
3733  if (version != HS_VERSION_THREE) {
3734  log_warn(LD_CONFIG, "Requested version of onion address for removal "
3735  "is not supported.");
3736  goto err;
3737  }
3738 
3739  service = find_service(hs_service_map, &pk);
3740  if (service == NULL) {
3741  log_warn(LD_CONFIG, "Requested non-existent v3 hidden service for "
3742  "removal.");
3743  goto err;
3744  }
3745 
3746  if (!service->config.is_ephemeral) {
3747  log_warn(LD_CONFIG, "Requested non-ephemeral v3 hidden service for "
3748  "removal.");
3749  goto err;
3750  }
3751 
3752  /* Close introduction circuits, remove from map and finally free. Notice
3753  * that the rendezvous circuits aren't closed in order for any existing
3754  * connections to finish. We let the application terminate them. */
3756  remove_service(hs_service_map, service);
3757  hs_service_free(service);
3758 
3759  log_info(LD_CONFIG, "Removed ephemeral v3 hidden service: %s",
3760  safe_str_client(address));
3761  return 0;
3762 
3763  err:
3764  return -1;
3765 }
3766 
3767 /** Using the ed25519 public key pk, find a service for that key and return the
3768  * current encoded descriptor as a newly allocated string or NULL if not
3769  * found. This is used by the control port subsystem. */
3770 char *
3772 {
3773  const hs_service_t *service;
3774 
3775  tor_assert(pk);
3776 
3777  service = find_service(hs_service_map, pk);
3778  if (service && service->desc_current) {
3779  char *encoded_desc = NULL;
3780  /* No matter what is the result (which should never be a failure), return
3781  * the encoded variable, if success it will contain the right thing else
3782  * it will be NULL. */
3783  service_encode_descriptor(service,
3784  service->desc_current,
3785  &service->desc_current->signing_kp,
3786  &encoded_desc);
3787  return encoded_desc;
3788  }
3789 
3790  return NULL;
3791 }
3792 
3793 /** Return the number of service we have configured and usable. */
3794 MOCK_IMPL(unsigned int,
3796 {
3797  if (hs_service_map == NULL) {
3798  return 0;
3799  }
3800  return HT_SIZE(hs_service_map);
3801 }
3802 
3803 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3804  * the hidden service for the circuit circ, and look up the port and address
3805  * based on the connection port. Assign the actual connection address.
3806  *
3807  * Return 0 on success. Return -1 on failure and the caller should NOT close
3808  * the circuit. Return -2 on failure and the caller MUST close the circuit for
3809  * security reasons. */
3810 int
3812  edge_connection_t *conn)
3813 {
3814  hs_service_t *service = NULL;
3815 
3816  tor_assert(circ);
3817  tor_assert(conn);
3819  tor_assert(circ->hs_ident);
3820 
3821  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3822 
3823  if (service == NULL) {
3824  log_warn(LD_REND, "Unable to find any hidden service associated "
3825  "identity key %s on rendezvous circuit %u.",
3826  ed25519_fmt(&circ->hs_ident->identity_pk),
3827  TO_CIRCUIT(circ)->n_circ_id);
3828  /* We want the caller to close the circuit because it's not a valid
3829  * service so no danger. Attempting to bruteforce the entire key space by
3830  * opening circuits to learn which service is being hosted here is
3831  * impractical. */
3832  goto err_close;
3833  }
3834 
3835  /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3836  * this circuit will exceed the limit. */
3837  if (service->config.max_streams_per_rdv_circuit > 0 &&
3838  (circ->hs_ident->num_rdv_streams >=
3839  service->config.max_streams_per_rdv_circuit)) {
3840 #define MAX_STREAM_WARN_INTERVAL 600
3841  static struct ratelim_t stream_ratelim =
3842  RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
3843  log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
3844  "Maximum streams per circuit limit reached on "
3845  "rendezvous circuit %u for service %s. Circuit has "
3846  "%" PRIu64 " out of %" PRIu64 " streams. %s.",
3847  TO_CIRCUIT(circ)->n_circ_id,
3848  service->onion_address,
3849  circ->hs_ident->num_rdv_streams,
3852  "Closing circuit" : "Ignoring open stream request");
3853  if (service->config.max_streams_close_circuit) {
3854  /* Service explicitly configured to close immediately. */
3855  goto err_close;
3856  }
3857  /* Exceeding the limit makes tor silently ignore the stream creation
3858  * request and keep the circuit open. */
3859  goto err_no_close;
3860  }
3861 
3862  /* Find a virtual port of that service mathcing the one in the connection if
3863  * successful, set the address in the connection. */
3864  if (hs_set_conn_addr_port(service->config.ports, conn) < 0) {
3865  log_info(LD_REND, "No virtual port mapping exists for port %d for "
3866  "hidden service %s.",
3867  TO_CONN(conn)->port, service->onion_address);
3868  if (service->config.allow_unknown_ports) {
3869  /* Service explicitly allow connection to unknown ports so close right
3870  * away because we do not care about port mapping. */
3871  goto err_close;
3872  }
3873  /* If the service didn't explicitly allow it, we do NOT close the circuit
3874  * here to raise the bar in terms of performance for port mapping. */
3875  goto err_no_close;
3876  }
3877 
3878  /* Success. */
3879  return 0;
3880  err_close:
3881  /* Indicate the caller that the circuit should be closed. */
3882  return -2;
3883  err_no_close:
3884  /* Indicate the caller to NOT close the circuit. */
3885  return -1;
3886 }
3887 
3888 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
3889  * its clients? */
3892 {
3893  hs_service_t *service = find_service(hs_service_map, pk);
3894  if (!service) {
3896  }
3897 
3898  return service->config.circuit_id_protocol;
3899 }
3900 
3901 /** Add to file_list every filename used by a configured hidden service, and to
3902  * dir_list every directory path used by a configured hidden service. This is
3903  * used by the sandbox subsystem to whitelist those. */
3904 void
3906  smartlist_t *dir_list)
3907 {
3908  tor_assert(file_list);
3909  tor_assert(dir_list);
3910 
3911  /* Add files and dirs for legacy services. */
3912  rend_services_add_filenames_to_lists(file_list, dir_list);
3913 
3914  /* Add files and dirs for v3+. */
3915  FOR_EACH_SERVICE_BEGIN(service) {
3916  /* Skip ephemeral service, they don't touch the disk. */
3917  if (service->config.is_ephemeral) {
3918  continue;
3919  }
3920  service_add_fnames_to_list(service, file_list);
3921  smartlist_add_strdup(dir_list, service->config.directory_path);
3922  smartlist_add_strdup(dir_list, dname_client_pubkeys);
3923  } FOR_EACH_DESCRIPTOR_END;
3924 }
3925 
3926 /** Called when our internal view of the directory has changed. We might have
3927  * received a new batch of descriptors which might affect the shape of the
3928  * HSDir hash ring. Signal that we should reexamine the hash ring and
3929  * re-upload our HS descriptors if needed. */
3930 void
3932 {
3933  if (hs_service_get_num_services() > 0) {
3934  /* New directory information usually goes every consensus so rate limit
3935  * every 30 minutes to not be too conservative. */
3936  static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
3937  log_fn_ratelim(&dir_info_changed_ratelim, LOG_INFO, LD_REND,
3938  "New dirinfo arrived: consider reuploading descriptor");
3940  }
3941 }
3942 
3943 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
3944  * launch a circuit to the rendezvous point. */
3945 int
3946 hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3947  size_t payload_len)
3948 {
3949  int ret = -1;
3950 
3951  tor_assert(circ);
3952  tor_assert(payload);
3953 
3954  /* Do some initial validation and logging before we parse the cell */
3955  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_INTRO) {
3956  log_warn(LD_PROTOCOL, "Received an INTRODUCE2 cell on a "
3957  "non introduction circuit of purpose %d",
3958  TO_CIRCUIT(circ)->purpose);
3959  goto done;
3960  }
3961 
3962  if (circ->hs_ident) {
3963  ret = service_handle_introduce2(circ, payload, payload_len);
3965  } else {
3966  ret = rend_service_receive_introduction(circ, payload, payload_len);
3968  }
3969 
3970  done:
3971  return ret;
3972 }
3973 
3974 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
3975  * established introduction point. Return 0 on success else a negative value
3976  * and the circuit is closed. */
3977 int
3979  const uint8_t *payload,
3980  size_t payload_len)
3981 {
3982  int ret = -1;
3983 
3984  tor_assert(circ);
3985  tor_assert(payload);
3986 
3987  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
3988  log_warn(LD_PROTOCOL, "Received an INTRO_ESTABLISHED cell on a "
3989  "non introduction circuit of purpose %d",
3990  TO_CIRCUIT(circ)->purpose);
3991  goto err;
3992  }
3993 
3994  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
3995  * identifier hs_ident. Can't be both. */
3996  if (circ->hs_ident) {
3997  ret = service_handle_intro_established(circ, payload, payload_len);
3998  } else {
3999  ret = rend_service_intro_established(circ, payload, payload_len);
4000  }
4001 
4002  if (ret < 0) {
4003  goto err;
4004  }
4005  return 0;
4006  err:
4007  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4008  return -1;
4009 }
4010 
4011 /** Called when any kind of hidden service circuit is done building thus
4012  * opened. This is the entry point from the circuit subsystem. */
4013 void
4015 {
4016  tor_assert(circ);
4017 
4018  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
4019  * identifier hs_ident. Can't be both. */
4020  switch (TO_CIRCUIT(circ)->purpose) {
4022  if (circ->hs_ident) {
4024  } else {
4026  }
4027  break;
4029  if (circ->hs_ident) {
4031  } else {
4033  }
4034  break;
4035  default:
4036  tor_assert(0);
4037  }
4038 }
4039 
4040 /** Return the service version by looking at the key in the service directory.
4041  * If the key is not found or unrecognized, -1 is returned. Else, the service
4042  * version is returned. */
4043 int
4045 {
4046  int version = -1; /* Unknown version. */
4047  const char *directory_path;
4048 
4049  tor_assert(service);
4050 
4051  /* We'll try to load the key for version 3. If not found, we'll try version
4052  * 2 and if not found, we'll send back an unknown version (-1). */
4053  directory_path = service->config.directory_path;
4054 
4055  /* Version 3 check. */
4056  if (service_key_on_disk(directory_path)) {
4057  version = HS_VERSION_THREE;
4058  goto end;
4059  }
4060  /* Version 2 check. */
4061  if (rend_service_key_on_disk(directory_path)) {
4062  version = HS_VERSION_TWO;
4063  goto end;
4064  }
4065 
4066  end:
4067  return version;
4068 }
4069 
4070 /** Load and/or generate keys for all onion services including the client
4071  * authorization if any. Return 0 on success, -1 on failure. */
4072 int
4074 {
4075  /* Load v2 service keys if we have v2. */
4076  if (rend_num_services() != 0) {
4077  if (rend_service_load_all_keys(NULL) < 0) {
4078  goto err;
4079  }
4080  }
4081 
4082  /* Load or/and generate them for v3+. */
4084  /* Ignore ephemeral service, they already have their keys set. */
4085  if (service->config.is_ephemeral) {
4086  continue;
4087  }
4088  log_info(LD_REND, "Loading v3 onion service keys from %s",
4089  service_escaped_dir(service));
4090  if (load_service_keys(service) < 0) {
4091  goto err;
4092  }
4093  } SMARTLIST_FOREACH_END(service);
4094 
4095  /* Final step, the staging list contains service in a quiescent state that
4096  * is ready to be used. Register them to the global map. Once this is over,
4097  * the staging list will be cleaned up. */
4099 
4100  /* All keys have been loaded successfully. */
4101  return 0;
4102  err:
4103  return -1;
4104 }
4105 
4106 /** Put all service object in the given service list. After this, the caller
4107  * looses ownership of every elements in the list and responsible to free the
4108  * list pointer. */
4109 void
4111 {
4112  tor_assert(service_list);
4113  /* This list is freed at registration time but this function can be called
4114  * multiple time. */
4115  if (hs_service_staging_list == NULL) {
4117  }
4118  /* Add all service object to our staging list. Caller is responsible for
4119  * freeing the service_list. */
4121 }
4122 
4123 /** Allocate and initilize a service object. The service configuration will
4124  * contain the default values. Return the newly allocated object pointer. This
4125  * function can't fail. */
4126 hs_service_t *
4128 {
4129  hs_service_t *service = tor_malloc_zero(sizeof(hs_service_t));
4130  /* Set default configuration value. */
4131  set_service_default_config(&service->config, options);
4132  /* Set the default service version. */
4134  /* Allocate the CLIENT_PK replay cache in service state. */
4135  service->state.replay_cache_rend_cookie =
4137 
4138  return service;
4139 }
4140 
4141 /** Free the given <b>service</b> object and all its content. This function
4142  * also takes care of wiping service keys from memory. It is safe to pass a
4143  * NULL pointer. */
4144 void
4146 {
4147  if (service == NULL) {
4148  return;
4149  }
4150 
4151  /* Free descriptors. Go over both descriptor with this loop. */
4152  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
4153  service_descriptor_free(desc);
4154  } FOR_EACH_DESCRIPTOR_END;
4155 
4156  /* Free service configuration. */
4157  service_clear_config(&service->config);
4158 
4159  /* Free replay cache from state. */
4160  if (service->state.replay_cache_rend_cookie) {
4162  }
4163 
4164  /* Free onionbalance subcredentials (if any) */
4165  if (service->state.ob_subcreds) {
4166  tor_free(service->state.ob_subcreds);
4167  }
4168 
4169  /* Wipe service keys. */
4170  memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk));
4171 
4172  tor_free(service);
4173 }
4174 
4175 /** Periodic callback. Entry point from the main loop to the HS service
4176  * subsystem. This is call every second. This is skipped if tor can't build a
4177  * circuit or the network is disabled. */
4178 void
4180 {
4181  /* First thing we'll do here is to make sure our services are in a
4182  * quiescent state for the scheduled events. */
4184 
4185  /* Order matters here. We first make sure the descriptor object for each
4186  * service contains the latest data. Once done, we check if we need to open
4187  * new introduction circuit. Finally, we try to upload the descriptor for
4188  * each service. */
4189 
4190  /* Make sure descriptors are up to date. */
4192  /* Make sure services have enough circuits. */
4194  /* Upload the descriptors if needed/possible. */
4196 }
4197 
4198 /** Initialize the service HS subsystem. */
4199 void
4201 {
4202  /* Should never be called twice. */
4205 
4206  /* v2 specific. */
4207  rend_service_init();
4208 
4209  hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht));
4210  HT_INIT(hs_service_ht, hs_service_map);
4211 
4213 }
4214 
4215 /** Release all global storage of the hidden service subsystem. */
4216 void
4218 {
4220  service_free_all();
4222 }
4223 
4224 #ifdef TOR_UNIT_TESTS
4225 
4226 /** Return the global service map size. Only used by unit test. */
4227 STATIC unsigned int
4228 get_hs_service_map_size(void)
4229 {
4230  return HT_SIZE(hs_service_map);
4231 }
4232 
4233 /** Return the staging list size. Only used by unit test. */
4234 STATIC int
4235 get_hs_service_staging_list_size(void)
4236 {
4237  return smartlist_len(hs_service_staging_list);
4238 }
4239 
4240 STATIC hs_service_ht *
4241 get_hs_service_map(void)
4242 {
4243  return hs_service_map;
4244 }
4245 
4247 get_first_service(void)
4248 {
4249  hs_service_t **obj = HT_START(hs_service_ht, hs_service_map);
4250  if (obj == NULL) {
4251  return NULL;
4252  }
4253  return *obj;
4254 }
4255 
4256 #endif /* defined(TOR_UNIT_TESTS) */
smartlist_t * previous_hsdirs
Definition: hs_service.h:166
static int compare_service_authorzized_client_(const void **_a, const void **_b)
Definition: hs_service.c:1381
#define DIR_PURPOSE_UPLOAD_HSDESC
Definition: directory.h:72
Header for statefile.c.
hs_service_state_t state
Definition: hs_service.h:303
Header file for dirclient.c.
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
Definition: hs_service.c:1346
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3946
static void run_build_descriptor_event(time_t now)
Definition: hs_service.c:2639
Header for confline.c.
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
Definition: hs_service.h:33
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
Definition: hs_service.c:684
int rend_num_services(void)
Definition: rendservice.c:185
Header file containing common data for the whole HS subsytem.
#define OPE_INPUT_MAX
Definition: crypto_ope.h:31
Header file containing configuration ABI/API for the HS subsytem.
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
Definition: hs_control.c:111
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
Definition: hs_service.c:3811
static int load_service_keys(hs_service_t *service)
Definition: hs_service.c:1021
hs_service_descriptor_t * desc_next
Definition: hs_service.h:314
unsigned int num_intro_circ_launched
Definition: hs_service.h:270
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
Definition: hs_service.c:878
void rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
Definition: rendservice.c:3443
Common functions for using (pseudo-)random number generators.
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
Definition: hs_service.c:1452
Definition: node_st.h:34
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
Definition: or.h:1070
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:180
digest256map_t * map
Definition: hs_service.h:97
Header file containing service data for the HS subsytem.
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:856
int hs_service_get_version_from_key(const hs_service_t *service)
Definition: hs_service.c:4044
curve25519_keypair_t auth_ephemeral_kp
Definition: hs_service.h:125
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
int hs_service_load_all_keys(void)
Definition: hs_service.c:4073
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:957
#define TO_CONN(c)
Definition: or.h:735
smartlist_t * link_specifiers
Definition: hs_intropoint.h:24
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
Definition: hs_service.c:166
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
time_t next_rotation_time
Definition: hs_service.h:281
uint8_t store_second[DIGEST256_LEN]
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
static const char * service_escaped_dir(const hs_service_t *s)
Definition: hs_service.c:869
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
int rend_service_load_all_keys(const smartlist_t *service_list)
Definition: rendservice.c:1369
hs_desc_superencrypted_data_t superencrypted_data
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
Definition: hs_service.c:792
Header file for node_select.c.
static struct hs_service_ht * hs_service_map
Definition: hs_service.c:148
void format_local_iso_time(char *buf, time_t t)
Definition: time_fmt.c:285
void rend_service_free_all(void)
Definition: rendservice.c:268
curve25519_public_key_t client_pk
Definition: hs_service.h:183
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2370
void rend_consider_services_intro_points(time_t now)
Definition: rendservice.c:4083
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:204
hs_desc_encrypted_data_t encrypted_data
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Definition: hs_ident.c:69
Header file for connection.c.
int node_supports_ed25519_hs_intro(const node_t *node)
Definition: nodelist.c:1189
#define INTRO_POINT_LIFETIME_MAX_SECONDS
Definition: or.h:1086
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
unsigned int num_intro_points
Definition: hs_service.h:224
#define LD_GENERAL
Definition: log.h:62
void hs_service_free_all(void)
Definition: hs_service.c:4217
void hs_stats_note_introduce2_cell(int is_hsv3)
Definition: hs_stats.c:22
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:815
int rend_service_receive_introduction(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
Definition: rendservice.c:1858
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
Definition: hs_service.c:3544
unsigned int max_streams_close_circuit
Definition: hs_service.h:220
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
Definition: hs_service.c:642
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3355
static int32_t get_intro_point_max_lifetime(void)
Definition: hs_service.c:357
ed25519_public_key_t signing_pubkey
#define LOG_INFO
Definition: log.h:45
Header file for describe.c.
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1841
unsigned int dir_group_readable
Definition: hs_service.h:243
Header file for nodelist.c.
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:200
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
Definition: hs_service.c:1872
static void log_cant_upload_desc(const hs_service_t *service, const hs_service_descriptor_t *desc, const char *msg, const log_desc_upload_reason_t reason)
Definition: hs_service.c:3090
STATIC void service_clear_config(hs_service_config_t *config)
Definition: hs_service.c:255
static smartlist_t * hs_service_staging_list
Definition: hs_service.c:104
struct hs_desc_intro_point_t::@16 legacy
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
Definition: hs_service.c:1510
unsigned int support_intro2_dos_defense
Definition: hs_service.h:82
curve25519_keypair_t enc_key_kp
Definition: hs_service.h:51
replaycache_t * replay_cache
Definition: hs_service.h:78
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
Definition: or.h:1091
static int32_t get_intro_point_min_lifetime(void)
Definition: hs_service.c:340
hs_subcredential_t subcredential
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
static void close_service_circuits(hs_service_t *service)
Definition: hs_service.c:821
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:242
void hs_intropoint_clear(hs_intropoint_t *ip)
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Definition: hs_service.c:1333
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:3031
#define FOR_EACH_SERVICE_BEGIN(var)
Definition: hs_service.c:73
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
Definition: hs_service.c:2111
time_t sr_state_get_start_time_of_current_protocol_run(void)
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:178
smartlist_t * clients
Definition: hs_service.h:231
Node information structure.
int hs_service_del_ephemeral(const char *address)
Definition: hs_service.c:3720
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
log_desc_upload_reason_t
Definition: hs_service.c:3069
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3450
struct directory_request_t directory_request_t
Definition: dirclient.h:52
#define TO_CIRCUIT(x)
Definition: or.h:951
Header file for config.c.
tor_cert_t * tor_cert_create(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:131
Header file for nickname.c.
unsigned int single_onion_service
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void digest_to_base64(char *d64, const char *digest)
const or_options_t * get_options(void)
Definition: config.c:925
crypt_path_t * cpath
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define tor_assert(expr)
Definition: util_bug.h:102
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Definition: circuitlist.c:1775
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
Definition: hs_service.c:3592
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2340
smartlist_t * intro_auth_types
tor_cert_t * enc_key_cert
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:103
void rend_service_intro_has_opened(origin_circuit_t *circuit)
Definition: rendservice.c:3250
static void close_service_intro_circuits(hs_service_t *service)
Definition: hs_service.c:810
smartlist_t * tor_listdir(const char *dirname)
Definition: dir.c:307
header for crypto_ope.c
#define HS_DESC_CERT_LIFETIME
Definition: hs_descriptor.h:38
int crypto_rand_int_range(unsigned int min, unsigned int max)
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:140
#define tor_free(p)
Definition: malloc.h:52
unsigned int allow_unknown_ports
Definition: hs_service.h:235
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
#define SMARTLIST_DEL_CURRENT(sl, var)
static void set_rotation_time(hs_service_t *service)
Definition: hs_service.c:2481
Header file for mainloop.c.
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
Definition: hs_service.c:1957
networkstatus_t * networkstatus_get_live_consensus(time_t now)
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
Definition: hs_service.c:1312
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Header file for hs_stats.c.
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1041
smartlist_t * ports
Definition: hs_service.h:207
smartlist_t * smartlist_new(void)
ed25519_keypair_t signing_kp
Definition: hs_service.h:132
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:3891
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Definition: hs_control.c:133
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:89
ed25519_secret_key_t identity_sk
Definition: hs_service.h:174
ed25519_public_key_t blinded_pubkey
time_t sr_state_get_start_time_of_previous_protocol_run(void)
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1340
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
void hs_service_free_(hs_service_t *service)
Definition: hs_service.c:4145
unsigned int is_client_auth_enabled
Definition: hs_service.h:227
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
void smartlist_shuffle(smartlist_t *sl)
Definition: crypto_rand.c:602
#define STATIC
Definition: testsupport.h:32
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3398
static void service_intro_point_free_void(void *obj)
Definition: hs_service.c:434
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1758
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2324
int write_str_to_file(const char *fname, const char *str, int bin)
Definition: files.c:258
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
Definition: hs_service.c:2238
#define HS_VERSION_THREE
Definition: hs_common.h:26
static int32_t get_intro_point_min_introduce2(void)
Definition: hs_service.c:315
Routerstatus (consensus entry) structure.
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:944
Header file for loadkey.c.
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
Definition: hs_service.c:3771
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
Definition: hs_circuit.c:802
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
Definition: hs_service.c:521
#define DIGEST256_LEN
Definition: digest_sizes.h:23
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:154
uint64_t max_streams_per_rdv_circuit
Definition: hs_service.h:216
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
Definition: hs_service.c:2761
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2161
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
hs_desc_plaintext_data_t plaintext_data
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:1916
Common functions for cryptographic routines.
static int load_client_keys(hs_service_t *service)
Definition: hs_service.c:1199
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1727
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
Definition: hs_service.c:3498
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
Definition: torcert.c:331
STATIC void build_all_descriptors(time_t now)
Definition: hs_service.c:2066
void hs_service_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:4014
void hs_service_map_has_changed(void)
Definition: hs_service.c:3575
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:661
Header for crypto_format.c.
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1699
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
Definition: hs_service.c:839
uint8_t seckey[ED25519_SECKEY_LEN]
void rend_consider_services_upload(time_t now)
Definition: rendservice.c:4267
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
curve25519_public_key_t onion_key
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
Definition: hs_service.c:2718
#define HS_DESC_AUTH_CLIENT_MULTIPLE
Definition: hs_descriptor.h:66
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:85
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2974
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2837
unsigned int is_only_legacy
Definition: hs_intropoint.h:19
static void rotate_service_descriptors(hs_service_t *service)
Definition: hs_service.c:2553
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
Definition: hs_service.c:1124
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_service.h:296
#define replaycache_free(r)
Definition: replaycache.h:42
#define DIGEST_LEN
Definition: digest_sizes.h:20
Origin circuit structure.
void hs_service_init(void)
Definition: hs_service.c:4200
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
Definition: hs_service.c:2016
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
Definition: hs_circuit.c:870
const char * node_describe(const node_t *node)
Definition: describe.c:143
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN]
Definition: hs_service.h:129
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
tor_cert_t * signing_key_cert
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:728
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:204
Master header file for Tor-specific functionality.
crypto_ope_t * crypto_ope_new(const uint8_t *key)
Definition: crypto_ope.c:129
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
Definition: hs_service.c:611
#define INTRO_CIRC_RETRY_PERIOD
Definition: hs_common.h:41
unsigned int sr_state_get_protocol_run_duration(void)
Header file for circuitbuild.c.
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1663
struct hs_desc_intro_point_t::@16::@17 cert
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
char identity[DIGEST_LEN]
Definition: node_st.h:46
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:1068
static void service_free_all(void)
Definition: hs_service.c:397
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3978
ed25519_keypair_t auth_key_kp
Definition: hs_service.h:48
hs_service_keys_t keys
Definition: hs_service.h:306
Header file containing circuit and connection identifier data for the whole HS subsytem.
#define NUM_INTRO_POINTS_EXTRA
Definition: hs_common.h:38
#define HS_DESC_DEFAULT_LIFETIME
Definition: hs_descriptor.h:29
unsigned int has_dos_defense_enabled
Definition: hs_service.h:252
#define LOG_WARN
Definition: log.h:53
hs_service_add_ephemeral_status_t
Definition: hs_common.h:142
crypto_pk_t * crypto_pk_new(void)
Header file for shared_random_client.c.
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Definition: node_select.c:950
#define hs_service_free(s)
Definition: hs_service.h:336
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:292
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:664
Header file for circuituse.c.
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
Header file for hs_descriptor.c.
Extend-info structure.
Header file for hs_intropoint.c.
hs_service_config_t config
Definition: hs_service.h:309
ed25519_public_key_t identity_pk
Definition: hs_service.h:172
STATIC int client_filename_is_valid(const char *filename)
Definition: hs_service.c:1095
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
Definition: hs_service.c:711
unsigned int is_single_onion
Definition: hs_service.h:239
void tor_free_(void *mem)
Definition: malloc.c:227
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
Definition: hs_service.c:126
curve25519_public_key_t onion_key
Definition: hs_service.h:44
#define LOG_DESC_UPLOAD_REASON_MAX
Definition: hs_service.c:3079
#define crypto_digest_free(d)
replaycache_t * replaycache_new(time_t horizon, time_t interval)
Definition: replaycache.c:47
static int consider_republishing_hs_descriptors
Definition: hs_service.c:109
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:109
#define LD_REND
Definition: log.h:84
Header file for circuitlist.c.
hs_descriptor_t * desc
Definition: hs_service.h:148
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Header file for rendservice.c.
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:1017
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
Definition: hs_circuit.c:742
int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
Definition: rendservice.c:3382
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
Definition: hs_service.c:978
void hs_ob_refresh_keys(hs_service_t *service)
Definition: hs_ob.c:364
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
Definition: hs_service.c:3905
curve25519_public_key_t enc_key
void rend_services_add_filenames_to_lists(smartlist_t *open_lst, smartlist_t *stat_lst)
Definition: rendservice.c:1407
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1893
router_crn_flags_t
Definition: node_select.h:16
Client/server directory connection structure.
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:106
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
static int ht_free_service_(struct hs_service_t *service, void *data)
Definition: hs_service.c:385
#define LD_FS
Definition: log.h:70
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:1018
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:313
hs_circuit_id_protocol_t
Definition: hs_service.h:187
struct crypto_ope_t * ope_cipher
Definition: hs_service.h:144
digestmap_t * failed_id
Definition: hs_service.h:103
Header file containing circuit data for the whole HS subsytem.
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1548
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
Definition: hs_service.c:418
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
Definition: hs_service.c:2501
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
hs_service_intropoints_t intro_points
Definition: hs_service.h:156
hs_circuit_id_protocol_t circuit_id_protocol
Definition: hs_service.h:249
Header file containing control port event related code.
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
Definition: hs_service.c:2267
#define NUM_INTRO_POINTS_DEFAULT
Definition: hs_common.h:33
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
#define HS_SERVICE_DEFAULT_VERSION
Definition: hs_service.h:29
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
static void close_service_rp_circuits(hs_service_t *service)
Definition: hs_service.c:762
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:2283
hs_service_descriptor_t * desc_current
Definition: hs_service.h:312
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:936
replaycache_t * replay_cache_rend_cookie
Definition: hs_service.h:277
Header file for relay.c.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
static void run_build_circuit_event(time_t now)
Definition: hs_service.c:2806
void hs_service_dir_info_changed(void)
Definition: hs_service.c:3931
static int service_key_on_disk(const char *directory_path)
Definition: hs_service.c:3519
The or_state_t structure, which represents Tor's state file.
STATIC void service_authorized_client_free_(hs_service_authorized_client_t *client)
Definition: hs_service.c:1301
void hs_service_run_scheduled_events(time_t now)
Definition: hs_service.c:4179
const char * escaped(const char *s)
Definition: escape.c:126
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1872
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
Definition: hs_service.c:2903
static unsigned int hs_service_ht_hash(const hs_service_t *service)
Definition: hs_service.c:138
STATIC void run_housekeeping_event(time_t now)
Definition: hs_service.c:2604
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, char **address_out)
Definition: hs_service.c:3640
#define HS_VERSION_TWO
Definition: hs_common.h:24
#define BASE64_DIGEST_LEN
Definition: crypto_digest.h:26
STATIC void update_all_descriptors_intro_points(time_t now)
Definition: hs_service.c:2326
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3140
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
Definition: map.h:165
void hs_config_free_all(void)
Definition: hs_config.c:740
void directory_initiate_request(directory_request_t *request)
Definition: dirclient.c:1231
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:677
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
crypto_pk_t * legacy_key
Definition: hs_service.h:55
smartlist_t * link_specifiers
STATIC void run_upload_descriptor_event(time_t now)
Definition: hs_service.c:3249
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:340
ed25519_public_key_t blinded_pk
Definition: hs_ident.h:95
smartlist_t * intro_points
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
Definition: hs_service.c:83
time_t approx_time(void)
Definition: approx_time.c:32
curve25519_public_key_t auth_ephemeral_pubkey
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
Edge-connection structure.
void rescan_periodic_events(const or_options_t *options)
Definition: mainloop.c:1589
ed25519_keypair_t blinded_kp
Definition: hs_service.h:136
smartlist_t * ob_master_pubkeys
Definition: hs_service.h:258
#define LOG_DEBUG
Definition: log.h:42
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1028
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
unsigned int hs_service_get_num_services(void)
Definition: hs_service.c:3795
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
Definition: hs_service.c:1529
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
Definition: hs_service.c:554
uint8_t store_first[DIGEST256_LEN]
unsigned int is_ephemeral
Definition: hs_service.h:246
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:536
#define CONN_TYPE_DIR
Definition: connection.h:53
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:585
int node_supports_establish_intro_dos_extension(const node_t *node)
Definition: nodelist.c:1199
static void register_all_services(void)
Definition: hs_service.c:911
consensus_path_type_t router_have_consensus_path(void)
Definition: nodelist.c:2357
static void service_intro_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3298
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3222
#define REND_COOKIE_LEN
Definition: or.h:399
Header file for the specific code for onion balance.
hs_intropoint_t base
Definition: hs_service.h:40
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:269
#define INTRO_POINT_LIFETIME_MIN_SECONDS
Definition: or.h:1081
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Definition: dirclient.c:1107
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:1104
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:304
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:112
struct hs_ident_circuit_t * hs_ident
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
Definition: dirclient.c:1052
void hs_service_stage_services(const smartlist_t *service_list)
Definition: hs_service.c:4110
#define LD_PROTOCOL
Definition: log.h:72
void smartlist_clear(smartlist_t *sl)
uint64_t num_rdv_streams
Definition: hs_ident.h:81
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
Definition: hs_service.c:1574
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
Definition: dirclient.c:1158
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
static void launch_intro_point_circuits(hs_service_t *service)
Definition: hs_service.c:2661
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:285
ed25519_public_key_t identity_pk
Definition: hs_ident.h:90
static int32_t get_intro_point_max_introduce2(void)
Definition: hs_service.c:328
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Definition: loadkey.c:379
#define REND_REPLAY_TIME_INTERVAL
Definition: or.h:479
time_t intro_circ_retry_started_time
Definition: hs_service.h:266
unsigned int missing_intro_points
Definition: hs_service.h:160
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
Definition: hs_service.h:35
hs_service_t * hs_service_new(const or_options_t *options)
Definition: hs_service.c:4127
static void cleanup_intro_points(hs_service_t *service, time_t now)
Definition: hs_service.c:2424
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:86
#define LD_CONFIG
Definition: log.h:68
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
Definition: hs_service.c:1366
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
Definition: hs_service.c:233
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2250
uint8_t legacy_key_digest[DIGEST_LEN]
Definition: hs_service.h:58
static int32_t get_intro_point_num_extra(void)
Definition: hs_service.c:374
tor_cert_t * auth_key_cert
int have_completed_a_circuit(void)
Definition: mainloop.c:219
Networkstatus consensus/vote structure.
void rend_consider_descriptor_republication(void)
Definition: rendservice.c:4326
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
Definition: hs_service.c:1390
STATIC void rotate_all_descriptors(time_t now)
Definition: hs_service.c:2574
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
Definition: hs_service.c:448
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
Definition: crypto_ope.c:165
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)