9 #define HS_SERVICE_PRIVATE
21 #include "feature/client/circpathbias.h"
61 #include "trunnel/ed25519_cert.h"
62 #include "trunnel/hs/cell_common.h"
63 #include "trunnel/hs/cell_establish_intro.h"
65 #ifdef HAVE_SYS_STAT_H
75 #define FOR_EACH_SERVICE_BEGIN(var) \
77 hs_service_t **var##_iter, *var; \
78 HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
80 #define FOR_EACH_SERVICE_END } STMT_END ;
85 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
87 hs_service_descriptor_t *var; \
88 for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
89 ++var ## _loop_idx) { \
90 (var ## _loop_idx == 0) ? (var = service->desc_current) : \
91 (var = service->desc_next); \
92 if (var == NULL) continue;
93 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
97 static const char fname_keyfile_prefix[] =
"hs_ed25519";
98 static const char dname_client_pubkeys[] =
"authorized_clients";
99 static const char fname_hostname[] =
"hostname";
100 static const char address_tld[] =
"onion";
116 time_t now,
bool is_current);
139 static inline unsigned int
159 HT_GENERATE2(hs_service_ht,
hs_service_t, hs_service_node,
182 memset(&dummy_service, 0,
sizeof(dummy_service));
184 return HT_FIND(hs_service_ht, map, &dummy_service);
202 HT_INSERT(hs_service_ht, map, service);
226 if (BUG(service == NULL) ||
231 elm = HT_REMOVE(hs_service_ht, map, service);
235 log_warn(
LD_BUG,
"Could not find service in the global map "
236 "while removing service %s",
263 c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
264 c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
272 if (config == NULL) {
278 hs_port_config_free(p););
279 smartlist_free(config->
ports);
283 service_authorized_client_free(p));
284 smartlist_free(config->
clients);
291 memset(config, 0,
sizeof(*config));
305 const char *legacy_id = NULL;
308 const link_specifier_t *, lspec) {
309 if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
310 legacy_id = (
const char *)
311 link_specifier_getconstarray_un_legacy_id(lspec);
314 } SMARTLIST_FOREACH_END(lspec);
348 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
357 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
359 return MIN_INTRO_POINT_LIFETIME_TESTING;
374 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
376 return MAX_INTRO_POINT_LIFETIME_TESTING;
467 ip = tor_malloc_zero(
sizeof(*ip));
475 if (BUG(max_introduce2_cells < min_introduce2_cells)) {
479 max_introduce2_cells);
484 if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
508 if (crypto_pk_generate_key(ip->
legacy_key) < 0) {
528 service_intro_point_free(ip);
543 old_ip_entry = digest256map_set(map, ip->
auth_key_kp.pubkey.pubkey, ip);
545 tor_assert_nonfatal(!old_ip_entry);
561 digest256map_remove(desc->intro_points.map,
563 } FOR_EACH_DESCRIPTOR_END;
588 if ((ip = digest256map_get(desc->intro_points.map,
589 auth_key->pubkey)) != NULL) {
592 } FOR_EACH_DESCRIPTOR_END;
609 if (digest256map_get(desc->intro_points.map,
614 } FOR_EACH_DESCRIPTOR_END;
647 if (s && ip && *ip && desc) {
656 static link_specifier_t *
659 link_specifier_t *lnk_spec = NULL;
664 link_specifier_t *, ls) {
665 if (link_specifier_get_ls_type(ls) == type) {
669 } SMARTLIST_FOREACH_END(ls);
681 const link_specifier_t *ls;
691 (
const char *) link_specifier_getconstarray_un_legacy_id(ls));
700 unsigned int direct_conn)
728 unsigned int count = 0;
735 } DIGEST256MAP_FOREACH_END;
746 unsigned int count = 0;
761 connection_mark_for_close(conn);
765 } SMARTLIST_FOREACH_END(conn);
767 log_info(
LD_REND,
"Closed %u active service directory connections for "
768 "descriptor %s of service %s",
772 smartlist_free(dir_conns);
800 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
811 DIGEST256MAP_FOREACH(intro_points->
map, key,
818 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
820 } DIGEST256MAP_FOREACH_END;
831 } FOR_EACH_DESCRIPTOR_END;
863 for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
867 next = HT_NEXT(hs_service_ht, src, iter);
872 next = HT_NEXT_RMV(hs_service_ht, src, iter);
874 log_warn(
LD_BUG,
"Ephemeral service key is already being used. "
914 if (src->ob_subcreds) {
915 dst->ob_subcreds = src->ob_subcreds;
916 dst->n_ob_subcreds = src->n_ob_subcreds;
918 src->ob_subcreds = NULL;
928 struct hs_service_ht *new_service_map;
933 new_service_map = tor_malloc_zero(
sizeof(*new_service_map));
934 HT_INIT(hs_service_ht, new_service_map);
965 log_warn(
LD_BUG,
"Unable to register service with directory %s",
970 } SMARTLIST_FOREACH_END(snew);
976 } FOR_EACH_SERVICE_END;
997 char *addr_buf = NULL;
1008 log_warn(
LD_REND,
"Could not write onion address to hostname file %s",
1016 if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1017 log_warn(
LD_FS,
"Unable to make onion service hostname file %s "
1018 "group-readable.",
escaped(fname));
1045 config = &service->
config;
1064 log_info(
LD_REND,
"Unable to load keys from %s. Generating it...", fname);
1067 uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1072 log_warn(
LD_REND,
"Unable to generate keys and save in %s.", fname);
1082 ed25519_keypair_free(kp);
1113 const char *valid_extension =
".auth";
1119 if (!
strcmpend(filename, valid_extension) &&
1120 strlen(filename) != strlen(valid_extension)) {
1142 log_fn(severity,
LD_REND,
"Client authorization encoded base32 public key "
1143 "length is invalid: %s", key_str);
1150 key_str, strlen(key_str)) !=
1152 log_fn(severity,
LD_REND,
"Client authorization public key cannot be "
1153 "decoded: %s", key_str);
1160 if (client != NULL) {
1161 service_authorized_client_free(client);
1178 char *auth_type = NULL;
1179 char *key_type = NULL;
1180 char *pubkey_b32 = NULL;
1187 SPLIT_SKIP_SPACE, 0);
1189 if (smartlist_len(fields) != 3) {
1190 log_warn(
LD_REND,
"Unknown format of client authorization file.");
1194 auth_type = smartlist_get(fields, 0);
1195 key_type = smartlist_get(fields, 1);
1196 pubkey_b32 = smartlist_get(fields, 2);
1199 if (strcmp(auth_type,
"descriptor")) {
1200 log_warn(
LD_REND,
"Client authorization auth type '%s' not supported.",
1206 if (strcmp(key_type,
"x25519")) {
1207 log_warn(
LD_REND,
"Client authorization key type '%s' not supported.",
1220 service_authorized_client_free(client);
1224 memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1228 smartlist_free(fields);
1238 char *client_key_str = NULL;
1239 char *client_key_file_path = NULL;
1240 char *client_keys_dir_path = NULL;
1246 config = &service->
config;
1252 dname_client_pubkeys);
1254 client_keys_dir_path,
1262 service_authorized_client_free(p));
1263 smartlist_free(config->
clients);
1269 if (file_list == NULL) {
1270 log_warn(
LD_REND,
"Client authorization directory %s can't be listed.",
1271 client_keys_dir_path);
1277 log_info(
LD_REND,
"Loading a client authorization key file %s...",
1281 log_warn(
LD_REND,
"Client authorization unrecognized filename %s. "
1282 "File must end in .auth. Ignoring.", filename);
1289 client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1292 if (!client_key_str) {
1293 log_warn(
LD_REND,
"Client authorization file %s can't be read. "
1294 "Corrupted or verify permission? Ignoring.",
1295 client_key_file_path);
1303 memwipe(client_key_str, 0, strlen(client_key_str));
1308 log_info(
LD_REND,
"Loaded a client authorization key file %s.",
1312 } SMARTLIST_FOREACH_END(filename);
1317 if (client_key_str) {
1318 memwipe(client_key_str, 0, strlen(client_key_str));
1322 smartlist_free(file_list);
1348 hs_descriptor_free(desc->
desc);
1386 memcpy(client_dup->
client_pk.public_key,
1436 if (smartlist_len(config1->
clients) != smartlist_len(config2->
clients)) {
1453 for (i = 0; i < smartlist_len(sl1); i++) {
1457 smartlist_get(sl2, i))) {
1468 service_authorized_client_free(p));
1469 smartlist_free(sl1);
1473 service_authorized_client_free(p));
1474 smartlist_free(sl2);
1500 service_descriptor_free(dst->
desc_next);
1508 int client_auth_changed =
1519 if (client_auth_changed && dst->
desc_next) {
1535 service_descriptor_free(dst->
desc_next);
1548 time_t failure_time = *t;
1554 } FOR_EACH_DESCRIPTOR_END;
1582 time_t *time_of_failure, *prev_ptr;
1583 const link_specifier_t *legacy_ls;
1588 time_of_failure = tor_malloc_zero(
sizeof(time_t));
1589 *time_of_failure = now;
1592 prev_ptr = digestmap_set(
1594 (
const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1610 time_t nearest_hour = now - (now % 3600);
1621 CERT_TYPE_AUTH_HS_IP_KEY,
1625 CERT_FLAG_INCLUDE_SIGNING_KEY);
1627 log_warn(
LD_REND,
"Unable to create intro point auth-key certificate");
1633 const link_specifier_t *, ls) {
1642 } SMARTLIST_FOREACH_END(ls);
1649 &signing_kp->pubkey,
1654 log_warn(
LD_REND,
"Unable to create enc key legacy cross cert.");
1672 CERT_TYPE_CROSS_HS_IP_KEYS,
1673 &ed25519_pubkey, nearest_hour,
1675 CERT_FLAG_INCLUDE_SIGNING_KEY);
1677 log_warn(
LD_REND,
"Unable to create enc key curve25519 cross cert.");
1720 hs_desc_intro_point_free(desc_ip);
1725 } DIGEST256MAP_FOREACH_END;
1747 CERT_FLAG_INCLUDE_SIGNING_KEY);
1801 config = &service->
config;
1837 } SMARTLIST_FOREACH_END(client);
1844 int num_clients = smartlist_len(superencrypted->
clients);
1845 int num_clients_to_add;
1846 if (num_clients == 0) {
1849 num_clients_to_add = 0;
1851 num_clients_to_add =
1856 for (i = 0; i < num_clients_to_add; i++) {
1909 const char ope_key_prefix[] =
"rev-counter-generation";
1913 sizeof(eph_privkey->
seckey));
1956 log_warn(
LD_REND,
"Can't generate descriptor signing keypair for "
1965 log_warn(
LD_REND,
"Can't generate auth ephemeral keypair for "
2023 &encoded_desc) < 0)) {
2042 service_descriptor_free(desc);
2050 uint64_t current_desc_tp, next_desc_tp;
2090 log_info(
LD_REND,
"Hidden service %s has just started. Both descriptors "
2091 "built. Now scheduled for upload.",
2104 if (service->desc_current == NULL && service->desc_next == NULL) {
2114 if (BUG(service->desc_current == NULL)) {
2118 if (service->desc_next == NULL) {
2120 &service->desc_next);
2121 log_info(
LD_REND,
"Hidden service %s next descriptor successfully "
2122 "built. Now scheduled for upload.",
2123 safe_str_client(service->onion_address));
2125 } FOR_EACH_DESCRIPTOR_END;
2154 direct_conn ? direct_flags : flags);
2158 if (direct_conn && !node) {
2160 "Unable to find an intro point that we can connect to "
2161 "directly, falling back to a 3-hop path.");
2185 service_intro_point_free(ip);
2196 int i = 0, num_needed_ip;
2205 if (BUG(num_needed_ip < 0)) {
2232 } DIGEST256MAP_FOREACH_END;
2237 for (i = 0; i < num_needed_ip; i++) {
2247 log_info(
LD_REND,
"Unable to find a suitable node to be an "
2248 "introduction point for service %s.",
2264 smartlist_free(exclude_nodes);
2301 int descriptor_changed)
2308 if (descriptor_changed) {
2318 unsigned int num_intro_points;
2327 if (num_intro_points < service->config.num_intro_points) {
2330 if (num_new_intro_points != 0) {
2331 log_info(
LD_REND,
"Service %s just picked %u intro points and wanted "
2332 "%u for %s descriptor. It currently has %d intro "
2333 "points. Launching ESTABLISH_INTRO circuit shortly.",
2335 num_new_intro_points,
2347 if ((num_new_intro_points + num_intro_points) <
2365 } FOR_EACH_DESCRIPTOR_END;
2366 } FOR_EACH_SERVICE_END;
2417 if (has_no_node || has_expired) {
2434 ret = has_no_retries;
2439 log_info(
LD_REND,
"Intro point %s%s (retried: %u times). "
2442 has_expired ?
" has expired" :
2443 (has_no_node) ?
" fell off the consensus" :
"",
2471 DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2485 } DIGEST256MAP_FOREACH_END;
2486 } FOR_EACH_DESCRIPTOR_END;
2499 if (ocirc && !
TO_CIRCUIT(ocirc)->marked_for_close) {
2500 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2504 service_intro_point_free(ip);
2505 } SMARTLIST_FOREACH_END(ip);
2507 smartlist_free(ips_to_free);
2522 char fmt_time[ISO_TIME_LEN + 1];
2524 log_info(
LD_REND,
"Next descriptor rotation time set to %s for %s",
2564 log_warn(
LD_BUG,
"Service descriptor is NULL (%p/%p). Next rotation "
2565 "time is %ld (now: %ld). Valid after time from "
2625 log_info(
LD_REND,
"Time to rotate our descriptors (%p / %p) for %s",
2626 service->desc_current, service->desc_next,
2627 safe_str_client(service->onion_address));
2630 } FOR_EACH_SERVICE_END;
2647 if (service->state.next_rotation_time == 0) {
2665 } FOR_EACH_SERVICE_END;
2702 DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2715 if (ei == NULL && direct_conn) {
2716 direct_conn =
false;
2725 service_intro_point_free(ip);
2730 ip->circuit_retries++;
2732 log_info(
LD_REND,
"Unable to launch intro circuit to node %s "
2738 extend_info_free(ei);
2739 } DIGEST256MAP_FOREACH_END;
2740 } FOR_EACH_DESCRIPTOR_END;
2751 unsigned int count = 0;
2752 unsigned int multiplier = 0;
2753 unsigned int num_wanted_ip;
2757 HS_CONFIG_V3_MAX_INTRO_POINTS);
2761 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2763 return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
2783 multiplier += (service->
desc_next) ? 1 : 0;
2785 return (count * multiplier);
2815 log_info(
LD_REND,
"Hidden service %s exceeded its circuit launch limit "
2816 "of %u per %d seconds. It launched %u circuits in "
2817 "the last %ld seconds. Will retry in %ld seconds.",
2822 (
long int) elapsed_time,
2856 } FOR_EACH_SERVICE_END;
2866 char *encoded_desc = NULL;
2874 log_info(
LD_REND,
"Service %s not publishing descriptor. "
2875 "PublishHidServDescriptors is set to 0.",
2883 &encoded_desc) < 0)) {
2897 int is_next_desc = (service->
desc_next == desc);
2898 const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.
store_second:
2900 char *blinded_pubkey_log_str =
2905 log_info(
LD_REND,
"Service %s %s descriptor of revision %" PRIu64
2906 " initiated upload request to %s with index %s (%s)",
2908 (is_next_desc) ?
"next" :
"current",
2911 safe_str_client(
hex_str((
const char *) idx, 32)),
2912 safe_str_client(blinded_pubkey_log_str));
2935 uint64_t rev_counter = 0;
2938 time_t srv_start = 0;
2963 log_info(
LD_REND,
"Setting rev counter for TP #%u: "
2964 "SRV started at %d, now %d (%s)",
2966 (
int)now, is_current ?
"current" :
"next");
2968 tor_assert_nonfatal(now >= srv_start);
2972 time_t seconds_since_start_of_srv = now - srv_start;
2976 seconds_since_start_of_srv++;
2987 (
int) seconds_since_start_of_srv);
2990 tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
2992 log_info(
LD_REND,
"Encrypted revision counter %d to %" PRIu64,
2993 (
int) seconds_since_start_of_srv, rev_counter);
3023 service->
desc_next == desc, 0, responsible_dirs);
3038 } SMARTLIST_FOREACH_END(hsdir_rs);
3047 char fmt_next_time[ISO_TIME_LEN+1];
3049 log_debug(
LD_REND,
"Service %s set to upload a descriptor at %s",
3053 smartlist_free(responsible_dirs);
3063 int should_reupload = 0;
3073 service->
desc_next == desc, 0, responsible_dirs);
3084 should_reupload = 1;
3087 } SMARTLIST_FOREACH_END(hsdir_rs);
3090 smartlist_free(responsible_dirs);
3092 return should_reupload;
3099 LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3100 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3101 LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3102 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3103 LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3108 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3130 { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3131 RATELIM_INIT(60), RATELIM_INIT(60) },
3132 { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3133 RATELIM_INIT(60), RATELIM_INIT(60) },
3135 bool is_next_desc =
false;
3136 unsigned int rlim_pos = 0;
3152 is_next_desc = (service->
desc_next == desc);
3156 rlim_pos = (is_next_desc ? 1 : 0);
3158 rlim = &limits[rlim_pos][reason];
3161 "Service %s can't upload its %s descriptor: %s",
3163 (is_next_desc) ?
"next" :
"current", msg);
3173 unsigned int num_intro_points, count_ip_established;
3193 msg = tor_strdup(
"Missing intro points");
3195 LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3202 if (count_ip_established != num_intro_points) {
3203 tor_asprintf(&msg,
"Intro circuits aren't yet all established (%d/%d).",
3204 count_ip_established, num_intro_points);
3206 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3212 tor_asprintf(&msg,
"Next upload time is %ld, it is now %ld.",
3215 LOG_DESC_UPLOAD_REASON_NOT_TIME);
3222 msg = tor_strdup(
"No reasonably live consensus");
3224 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3231 msg = tor_strdup(
"Not enough directory information");
3233 LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3296 log_info(
LD_REND,
"Initiating upload for hidden service %s descriptor "
3297 "for service %s with %u/%u introduction points%s.",
3298 (desc == service->desc_current) ?
"current" :
"next",
3299 safe_str_client(service->onion_address),
3300 digest256map_size(desc->intro_points.map),
3301 service->config.num_intro_points,
3302 (desc->missing_intro_points) ?
" (couldn't pick more)" :
"");
3311 } FOR_EACH_DESCRIPTOR_END;
3312 } FOR_EACH_SERVICE_END;
3330 if (BUG(!circ->
cpath)) {
3343 if (service == NULL) {
3344 log_warn(
LD_REND,
"Unknown service identity key %s on the introduction "
3345 "circuit %u. Can't find onion service.",
3351 log_warn(
LD_REND,
"Unknown introduction point auth key on circuit %u "
3364 service_intro_point_free(ip);
3371 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3391 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3396 if (service == NULL) {
3397 log_warn(
LD_REND,
"Unknown service identity key %s on the rendezvous "
3398 "circuit %u with cookie %s. Can't find onion service.",
3421 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3431 const uint8_t *payload,
3445 if (service == NULL) {
3446 log_warn(
LD_REND,
"Unknown service identity key %s on the introduction "
3447 "circuit %u. Can't find onion service.",
3454 log_warn(
LD_REND,
"Introduction circuit established without an intro "
3455 "point object on circuit %u for service %s",
3472 log_info(
LD_REND,
"Successfully received an INTRO_ESTABLISHED cell "
3473 "on circuit %u for service %s",
3500 if (service == NULL) {
3501 log_warn(
LD_BUG,
"Unknown service identity key %s when handling "
3502 "an INTRODUCE2 cell on circuit %u",
3509 log_warn(
LD_BUG,
"Unknown introduction auth key when handling "
3510 "an INTRODUCE2 cell on circuit %u for service %s",
3521 payload, payload_len) < 0) {
3538 char fname[128] = {0};
3548 tor_snprintf(fname,
sizeof(fname),
"%s_secret_key", fname_keyfile_prefix);
3550 tor_snprintf(fname,
sizeof(fname),
"%s_public_key", fname_keyfile_prefix);
3572 ed25519_keypair_free(kp);
3587 const uint8_t *descriptor_cookie = NULL;
3600 descriptor_cookie, encoded_out);
3612 hs_service_non_anonymous_mode_consistent(
const or_options_t *options)
3616 !! options->HiddenServiceNonAnonymousMode);
3625 hs_service_allow_non_anonymous_connection(
const or_options_t *options)
3627 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3639 hs_service_reveal_startup_time(
const or_options_t *options)
3641 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3642 return hs_service_non_anonymous_mode_enabled(options);
3651 hs_service_non_anonymous_mode_enabled(
const or_options_t *options)
3653 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3654 return options->HiddenServiceNonAnonymousMode ? 1 : 0;
3670 &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3676 &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3704 const uint8_t version,
3709 char version_str[4] = {0};
3719 memset(&ident, 0,
sizeof(ident));
3724 tor_snprintf(version_str,
sizeof(version_str),
"%u", version);
3732 strlen(encoded_desc));
3739 directory_request_free(dir_req);
3753 int max_streams_per_rdv_circuit,
3754 int max_streams_close_circuit,
3779 log_warn(
LD_CONFIG,
"Unable to generate ed25519 public key"
3786 log_warn(
LD_CONFIG,
"Bad ed25519 private key was provided");
3793 log_warn(
LD_CONFIG,
"At least one VIRTPORT/TARGET must be specified "
3799 if (auth_clients_v3) {
3806 smartlist_free(auth_clients_v3);
3818 log_warn(
LD_CONFIG,
"Onion Service private key collides with an "
3819 "existing v3 service.");
3824 log_info(
LD_CONFIG,
"Added ephemeral v3 onion service: %s",
3852 log_warn(
LD_CONFIG,
"Requested malformed v3 onion address for removal.");
3857 log_warn(
LD_CONFIG,
"Requested version of onion address for removal "
3858 "is not supported.");
3863 if (service == NULL) {
3864 log_warn(
LD_CONFIG,
"Requested non-existent v3 hidden service for "
3870 log_warn(
LD_CONFIG,
"Requested non-ephemeral v3 hidden service for "
3882 log_info(
LD_CONFIG,
"Removed ephemeral v3 hidden service: %s",
3883 safe_str_client(address));
3902 char *encoded_desc = NULL;
3910 return encoded_desc;
3946 if (service == NULL) {
3947 log_warn(
LD_REND,
"Unable to find any hidden service associated "
3948 "identity key %s on rendezvous circuit %u.",
3963 #define MAX_STREAM_WARN_INTERVAL 600
3964 static struct ratelim_t stream_ratelim =
3965 RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
3967 "Maximum streams per circuit limit reached on "
3968 "rendezvous circuit %u for service %s. Circuit has "
3969 "%" PRIu64
" out of %" PRIu64
" streams. %s.",
3975 "Closing circuit" :
"Ignoring open stream request");
3988 log_info(
LD_REND,
"No virtual port mapping exists for port %d for "
3989 "hidden service %s.",
4037 if (service->config.is_ephemeral) {
4043 } FOR_EACH_DESCRIPTOR_END;
4056 static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
4058 "New dirinfo arrived: consider reuploading descriptor");
4076 log_warn(
LD_PROTOCOL,
"Received an INTRODUCE2 cell on a "
4077 "non introduction circuit of purpose %d",
4096 const uint8_t *payload,
4105 log_warn(
LD_PROTOCOL,
"Received an INTRO_ESTABLISHED cell on a "
4106 "non introduction circuit of purpose %d",
4120 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4154 const char *directory_path;
4180 if (service->config.is_ephemeral) {
4183 log_info(
LD_REND,
"Loading v3 onion service keys from %s",
4188 } SMARTLIST_FOREACH_END(service);
4215 DIGEST256MAP_FOREACH(desc->intro_points.map, key,
4217 const node_t *intro_node;
4218 const char *nickname;
4239 } DIGEST256MAP_FOREACH_END;
4241 } FOR_EACH_DESCRIPTOR_END;
4242 } FOR_EACH_SERVICE_END;
4271 } FOR_EACH_SERVICE_END;
4314 if (service == NULL) {
4320 service_descriptor_free(desc);
4321 } FOR_EACH_DESCRIPTOR_END;
4332 if (service->
state.ob_subcreds) {
4390 #ifdef TOR_UNIT_TESTS
4394 get_hs_service_map_size(
void)
4401 get_hs_service_staging_list_size(
void)
4407 get_hs_service_map(
void)
4413 get_first_service(
void)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
const char * hex_str(const char *from, size_t fromlen)
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void pathbias_count_use_attempt(origin_circuit_t *circ)
Header file for circuitbuild.c.
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
const char * circuit_state_to_string(int state)
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_S_CONNECT_REND
#define CIRCUIT_PURPOSE_S_INTRO
#define CIRCUIT_IS_ORIGIN(c)
#define CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Header file for circuituse.c.
const or_options_t * get_options(void)
Header file for config.c.
Header file for connection.c.
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
#define BASE64_DIGEST_LEN
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
#define crypto_digest_free(d)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
crypto_ope_t * crypto_ope_new(const uint8_t *key)
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
void smartlist_shuffle(smartlist_t *sl)
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Common functions for using (pseudo-)random number generators.
int crypto_rand_int_range(unsigned int min, unsigned int max)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
crypto_pk_t * crypto_pk_new(void)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
const char * node_describe(const node_t *node)
Header file for describe.c.
int tor_memcmp(const void *a, const void *b, size_t len)
smartlist_t * tor_listdir(const char *dirname)
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
directory_request_t * directory_request_new(uint8_t dir_purpose)
void directory_initiate_request(directory_request_t *request)
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Header file for dirclient.c.
struct directory_request_t directory_request_t
dir_connection_t * TO_DIR_CONN(connection_t *c)
Header file for directory.c.
#define DIR_PURPOSE_UPLOAD_HSDESC
Edge-connection structure.
const char * escaped(const char *s)
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
Header for core/or/extendinfo.c.
int write_str_to_file_if_not_equal(const char *fname, const char *str)
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
Header file containing circuit data for the whole HS subsystem.
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
uint64_t hs_get_time_period_num(time_t now)
uint64_t hs_get_next_time_period_num(time_t now)
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
uint64_t hs_get_previous_time_period_num(time_t now)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
char * hs_path_from_filename(const char *directory, const char *filename)
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Header file containing common data for the whole HS subsystem.
#define NUM_INTRO_POINTS_DEFAULT
hs_service_add_ephemeral_status_t
#define NUM_INTRO_POINTS_EXTRA
#define INTRO_CIRC_RETRY_PERIOD
void hs_config_free_all(void)
Header file containing configuration ABI/API for the HS subsystem.
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Header file containing control port event related code.
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
Header file for hs_descriptor.c.
#define HS_DESC_AUTH_CLIENT_MULTIPLE
#define HS_DESC_DEFAULT_LIFETIME
#define HS_DESC_CERT_LIFETIME
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Header file containing circuit and connection identifier data for the whole HS subsystem.
void hs_intropoint_clear(hs_intropoint_t *ip)
Header file for hs_intropoint.c.
void hs_metrics_service_free(hs_service_t *service)
void hs_metrics_service_init(hs_service_t *service)
Header for feature/hs/hs_metrics.c.
#define hs_metrics_new_established_rdv(s)
#define hs_metrics_new_established_intro(s)
#define hs_metrics_new_introduction(s)
#define hs_metrics_close_established_rdv(i)
#define hs_metrics_close_established_intro(i)
void hs_ob_refresh_keys(hs_service_t *service)
Header file for the specific code for onion balance.
smartlist_t * hs_service_get_metrics_stores(void)
static unsigned int hs_service_ht_hash(const hs_service_t *service)
static smartlist_t * hs_service_staging_list
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, smartlist_t *auth_clients_v3, char **address_out)
static int load_client_keys(hs_service_t *service)
STATIC void service_clear_config(hs_service_config_t *config)
void hs_service_stage_services(const smartlist_t *service_list)
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
void hs_service_init(void)
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void close_service_circuits(hs_service_t *service)
static const char * service_escaped_dir(const hs_service_t *s)
static int ht_free_service_(struct hs_service_t *service, void *data)
static int32_t get_intro_point_min_lifetime(void)
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
static void close_service_intro_circuits(hs_service_t *service)
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
static void register_all_services(void)
hs_service_authorized_client_t * parse_authorized_client_key(const char *key_str, int severity)
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void close_service_rp_circuits(hs_service_t *service)
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
void hs_service_circuit_has_opened(origin_circuit_t *circ)
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
unsigned int hs_service_get_num_services(void)
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
void service_authorized_client_free_(hs_service_authorized_client_t *client)
static void service_intro_point_free_void(void *obj)
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
static void run_build_circuit_event(time_t now)
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC void run_upload_descriptor_event(time_t now)
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC void build_all_descriptors(time_t now)
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
static void log_cant_upload_desc(const hs_service_t *service, const hs_service_descriptor_t *desc, const char *msg, const log_desc_upload_reason_t reason)
static struct hs_service_ht * hs_service_map
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
STATIC int client_filename_is_valid(const char *filename)
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
#define FOR_EACH_SERVICE_BEGIN(var)
static int service_key_on_disk(const char *directory_path)
static int compare_service_authorzized_client_(const void **_a, const void **_b)
static int load_service_keys(hs_service_t *service)
static int32_t get_intro_point_max_introduce2(void)
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
static void service_free_all(void)
static void rotate_service_descriptors(hs_service_t *service)
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
void hs_service_free_all(void)
hs_service_t * hs_service_find(const ed25519_public_key_t *identity_pk)
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
static int32_t get_intro_point_min_introduce2(void)
static void run_build_descriptor_event(time_t now)
static void service_intro_circ_has_opened(origin_circuit_t *circ)
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
STATIC void rotate_all_descriptors(time_t now)
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
hs_service_t * hs_service_new(const or_options_t *options)
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
void hs_service_dir_info_changed(void)
void hs_service_free_(hs_service_t *service)
int hs_service_del_ephemeral(const char *address)
STATIC void update_all_descriptors_intro_points(time_t now)
int hs_service_get_version_from_key(const hs_service_t *service)
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
void hs_service_run_scheduled_events(time_t now)
STATIC hs_service_descriptor_t * service_descriptor_new(void)
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
static int32_t get_intro_point_num_extra(void)
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
#define LOG_DESC_UPLOAD_REASON_MAX
static void launch_intro_point_circuits(hs_service_t *service)
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
void hs_service_map_has_changed(void)
void hs_service_dump_stats(int severity)
static void set_rotation_time(hs_service_t *service)
static int consider_republishing_hs_descriptors
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
static int32_t get_intro_point_max_lifetime(void)
int hs_service_load_all_keys(void)
STATIC void run_housekeeping_event(time_t now)
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
static void cleanup_intro_points(hs_service_t *service, time_t now)
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
static bool is_client_auth_enabled(const hs_service_t *service)
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Header file containing service data for the HS subsystem.
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
#define HS_SERVICE_DEFAULT_VERSION
@ HS_CIRCUIT_ID_PROTOCOL_NONE
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
#define hs_service_free(s)
void hs_stats_note_introduce2_cell(void)
Header file for hs_stats.c.
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Header file for loadkey.c.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
#define log_fn(severity, domain, args,...)
#define log_fn_ratelim(ratelim, severity, domain, args,...)
int have_completed_a_circuit(void)
void rescan_periodic_events(const or_options_t *options)
Header file for mainloop.c.
void tor_free_(void *mem)
#define MAP_DEL_CURRENT(keyvar)
#define DIGESTMAP_FOREACH_END
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
int usable_consensus_flavor(void)
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
Networkstatus consensus/vote structure.
Header file for nickname.c.
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Header file for node_select.c.
Node information structure.
bool node_supports_establish_intro_dos_extension(const node_t *node)
const char * node_get_nickname(const node_t *node)
consensus_path_type_t router_have_consensus_path(void)
const node_t * node_get_by_id(const char *identity_digest)
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
int router_have_minimum_dir_info(void)
bool node_supports_ed25519_hs_intro(const node_t *node)
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define INTRO_POINT_LIFETIME_MAX_SECONDS
#define INTRO_POINT_LIFETIME_MIN_SECONDS
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
#define REND_REPLAY_TIME_INTERVAL
The or_state_t structure, which represents Tor's state file.
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
int tor_snprintf(char *str, size_t size, const char *format,...)
char * rate_limit_log(ratelim_t *lim, time_t now)
replaycache_t * replaycache_new(time_t horizon, time_t interval)
#define replaycache_free(r)
Routerstatus (consensus entry) structure.
time_t sr_state_get_start_time_of_previous_protocol_run(void)
unsigned int sr_state_get_protocol_run_duration(void)
time_t sr_state_get_start_time_of_current_protocol_run(void)
Header file for shared_random_client.c.
int smartlist_contains_string(const smartlist_t *sl, const char *element)
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
uint8_t seckey[ED25519_SECKEY_LEN]
smartlist_t * intro_auth_types
unsigned int single_onion_service
smartlist_t * intro_points
unsigned int create2_ntor
struct hs_desc_intro_point_t::@16 legacy
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * enc_key_cert
tor_cert_t * auth_key_cert
struct hs_desc_intro_point_t::@16::@17 cert
smartlist_t * link_specifiers
uint64_t revision_counter
tor_cert_t * signing_key_cert
ed25519_public_key_t signing_pubkey
ed25519_public_key_t blinded_pubkey
curve25519_public_key_t auth_ephemeral_pubkey
hs_desc_encrypted_data_t encrypted_data
hs_desc_superencrypted_data_t superencrypted_data
hs_subcredential_t subcredential
hs_desc_plaintext_data_t plaintext_data
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
ed25519_public_key_t intro_auth_pk
ed25519_public_key_t identity_pk
ed25519_public_key_t blinded_pk
ed25519_public_key_t identity_pk
unsigned int is_only_legacy
smartlist_t * link_specifiers
curve25519_public_key_t client_pk
smartlist_t * ob_master_pubkeys
hs_circuit_id_protocol_t circuit_id_protocol
uint64_t max_streams_per_rdv_circuit
unsigned int is_single_onion
unsigned int dir_group_readable
unsigned int max_streams_close_circuit
unsigned int is_ephemeral
unsigned int has_dos_defense_enabled
unsigned int num_intro_points
unsigned int allow_unknown_ports
curve25519_keypair_t auth_ephemeral_kp
smartlist_t * previous_hsdirs
unsigned int missing_intro_points
ed25519_keypair_t signing_kp
struct crypto_ope_t * ope_cipher
ed25519_keypair_t blinded_kp
uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN]
hs_service_intropoints_t intro_points
unsigned int support_intro2_dos_defense
ed25519_keypair_t auth_key_kp
replaycache_t * replay_cache
curve25519_public_key_t onion_key
curve25519_keypair_t enc_key_kp
uint8_t legacy_key_digest[DIGEST_LEN]
uint64_t introduce2_count
ed25519_secret_key_t identity_sk
ed25519_public_key_t identity_pk
time_t next_rotation_time
replaycache_t * replay_cache_rend_cookie
time_t intro_circ_retry_started_time
unsigned int num_intro_circ_launched
hs_service_descriptor_t * desc_current
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
hs_service_config_t config
hs_service_descriptor_t * desc_next
uint8_t store_first[DIGEST256_LEN]
uint8_t store_second[DIGEST256_LEN]
char identity[DIGEST_LEN]
struct routerset_t * ExcludeNodes
int HiddenServiceSingleHopMode
struct hs_ident_circuit_t * hs_ident
#define MOCK_IMPL(rv, funcname, arglist)
void format_local_iso_time(char *buf, time_t t)
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
tor_cert_t * tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
int strcmpend(const char *s1, const char *s2)
int fast_mem_is_zero(const char *mem, size_t len)
#define ED25519_PUBKEY_LEN
#define CURVE25519_PUBKEY_LEN