Tor  0.4.6.0-alpha-dev
hs_service.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_service.c
6  * \brief Implement next generation hidden service functionality
7  **/
8 
9 #define HS_SERVICE_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "app/config/statefile.h"
15 #include "core/mainloop/mainloop.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
19 #include "core/or/extendinfo.h"
20 #include "core/or/relay.h"
21 #include "feature/client/circpathbias.h"
25 #include "feature/keymgt/loadkey.h"
35 
36 #include "feature/hs/hs_circuit.h"
37 #include "feature/hs/hs_common.h"
38 #include "feature/hs/hs_config.h"
39 #include "feature/hs/hs_control.h"
41 #include "feature/hs/hs_ident.h"
43 #include "feature/hs/hs_metrics.h"
44 #include "feature/hs/hs_service.h"
45 #include "feature/hs/hs_stats.h"
46 #include "feature/hs/hs_ob.h"
47 
50 #include "core/or/extend_info_st.h"
54 #include "app/config/or_state_st.h"
56 
57 #include "lib/encoding/confline.h"
59 
60 /* Trunnel */
61 #include "trunnel/ed25519_cert.h"
62 #include "trunnel/hs/cell_common.h"
63 #include "trunnel/hs/cell_establish_intro.h"
64 
65 #ifdef HAVE_SYS_STAT_H
66 #include <sys/stat.h>
67 #endif
68 #ifdef HAVE_UNISTD_H
69 #include <unistd.h>
70 #endif
71 
72 #ifndef COCCI
73 /** Helper macro. Iterate over every service in the global map. The var is the
74  * name of the service pointer. */
75 #define FOR_EACH_SERVICE_BEGIN(var) \
76  STMT_BEGIN \
77  hs_service_t **var##_iter, *var; \
78  HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
79  var = *var##_iter;
80 #define FOR_EACH_SERVICE_END } STMT_END ;
81 
82 /** Helper macro. Iterate over both current and previous descriptor of a
83  * service. The var is the name of the descriptor pointer. This macro skips
84  * any descriptor object of the service that is NULL. */
85 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
86  STMT_BEGIN \
87  hs_service_descriptor_t *var; \
88  for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
89  ++var ## _loop_idx) { \
90  (var ## _loop_idx == 0) ? (var = service->desc_current) : \
91  (var = service->desc_next); \
92  if (var == NULL) continue;
93 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
94 #endif /* !defined(COCCI) */
95 
96 /* Onion service directory file names. */
97 static const char fname_keyfile_prefix[] = "hs_ed25519";
98 static const char dname_client_pubkeys[] = "authorized_clients";
99 static const char fname_hostname[] = "hostname";
100 static const char address_tld[] = "onion";
101 
102 /** Staging list of service object. When configuring service, we add them to
103  * this list considered a staging area and they will get added to our global
104  * map once the keys have been loaded. These two steps are separated because
105  * loading keys requires that we are an actual running tor process. */
107 
108 /** True if the list of available router descriptors might have changed which
109  * might result in an altered hash ring. Check if the hash ring changed and
110  * reupload if needed */
112 
113 /* Static declaration. */
114 static int load_client_keys(hs_service_t *service);
116  time_t now, bool is_current);
117 static int build_service_desc_superencrypted(const hs_service_t *service,
119 static void move_descriptors(hs_service_t *src, hs_service_t *dst);
120 static int service_encode_descriptor(const hs_service_t *service,
121  const hs_service_descriptor_t *desc,
122  const ed25519_keypair_t *signing_kp,
123  char **encoded_out);
124 
125 /** Helper: Function to compare two objects in the service map. Return 1 if the
126  * two service have the same master public identity key. */
127 static inline int
128 hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
129 {
130  tor_assert(first);
131  tor_assert(second);
132  /* Simple key compare. */
133  return ed25519_pubkey_eq(&first->keys.identity_pk,
134  &second->keys.identity_pk);
135 }
136 
137 /** Helper: Function for the service hash table code below. The key used is the
138  * master public identity key which is ultimately the onion address. */
139 static inline unsigned int
141 {
142  tor_assert(service);
143  return (unsigned int) siphash24g(service->keys.identity_pk.pubkey,
144  sizeof(service->keys.identity_pk.pubkey));
145 }
146 
147 /** This is _the_ global hash map of hidden services which indexed the service
148  * contained in it by master public identity key which is roughly the onion
149  * address of the service. */
150 static struct hs_service_ht *hs_service_map;
151 
152 /* Register the service hash table. */
153 HT_PROTOTYPE(hs_service_ht, /* Name of hashtable. */
154  hs_service_t, /* Object contained in the map. */
155  hs_service_node, /* The name of the HT_ENTRY member. */
156  hs_service_ht_hash, /* Hashing function. */
157  hs_service_ht_eq); /* Compare function for objects. */
158 
159 HT_GENERATE2(hs_service_ht, hs_service_t, hs_service_node,
161  0.6, tor_reallocarray, tor_free_);
162 
163 /** Query the given service map with a public key and return a service object
164  * if found else NULL. It is also possible to set a directory path in the
165  * search query. If pk is NULL, then it will be set to zero indicating the
166  * hash table to compare the directory path instead. */
168 find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
169 {
170  hs_service_t dummy_service;
171  tor_assert(map);
172  tor_assert(pk);
173  memset(&dummy_service, 0, sizeof(dummy_service));
174  ed25519_pubkey_copy(&dummy_service.keys.identity_pk, pk);
175  return HT_FIND(hs_service_ht, map, &dummy_service);
176 }
177 
178 /** Register the given service in the given map. If the service already exists
179  * in the map, -1 is returned. On success, 0 is returned and the service
180  * ownership has been transferred to the global map. */
181 STATIC int
182 register_service(hs_service_ht *map, hs_service_t *service)
183 {
184  tor_assert(map);
185  tor_assert(service);
187 
188  if (find_service(map, &service->keys.identity_pk)) {
189  /* Existing service with the same key. Do not register it. */
190  return -1;
191  }
192  /* Taking ownership of the object at this point. */
193  HT_INSERT(hs_service_ht, map, service);
194 
195  /* If we just modified the global map, we notify. */
196  if (map == hs_service_map) {
198  }
199  /* Setup metrics. */
200  hs_metrics_service_init(service);
201 
202  return 0;
203 }
204 
205 /** Remove a given service from the given map. If service is NULL or the
206  * service key is unset, return gracefully. */
207 STATIC void
208 remove_service(hs_service_ht *map, hs_service_t *service)
209 {
210  hs_service_t *elm;
211 
212  tor_assert(map);
213 
214  /* Ignore if no service or key is zero. */
215  if (BUG(service == NULL) ||
216  BUG(ed25519_public_key_is_zero(&service->keys.identity_pk))) {
217  return;
218  }
219 
220  elm = HT_REMOVE(hs_service_ht, map, service);
221  if (elm) {
222  tor_assert(elm == service);
223  } else {
224  log_warn(LD_BUG, "Could not find service in the global map "
225  "while removing service %s",
226  escaped(service->config.directory_path));
227  }
228 
229  /* If we just modified the global map, we notify. */
230  if (map == hs_service_map) {
232  }
233 }
234 
235 /** Set the default values for a service configuration object <b>c</b>. */
236 static void
238  const or_options_t *options)
239 {
240  (void) options;
241  tor_assert(c);
242  c->ports = smartlist_new();
243  c->directory_path = NULL;
247  c->allow_unknown_ports = 0;
248  c->is_single_onion = 0;
249  c->dir_group_readable = 0;
250  c->is_ephemeral = 0;
251  c->has_dos_defense_enabled = HS_CONFIG_V3_DOS_DEFENSE_DEFAULT;
252  c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
253  c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
254 }
255 
256 /** From a service configuration object config, clear everything from it
257  * meaning free allocated pointers and reset the values. */
258 STATIC void
260 {
261  if (config == NULL) {
262  return;
263  }
264  tor_free(config->directory_path);
265  if (config->ports) {
267  rend_service_port_config_free(p););
268  smartlist_free(config->ports);
269  }
270  if (config->clients) {
272  service_authorized_client_free(p));
273  smartlist_free(config->clients);
274  }
275  if (config->ob_master_pubkeys) {
277  tor_free(k));
278  smartlist_free(config->ob_master_pubkeys);
279  }
280  memset(config, 0, sizeof(*config));
281 }
282 
283 /** Helper function to return a human readable description of the given intro
284  * point object.
285  *
286  * This function is not thread-safe. Each call to this invalidates the
287  * previous values returned by it. */
288 static const char *
290 {
291  /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
292  * byte hence the plus two. */
293  static char buf[HEX_DIGEST_LEN + 2];
294  const char *legacy_id = NULL;
295 
297  const link_specifier_t *, lspec) {
298  if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
299  legacy_id = (const char *)
300  link_specifier_getconstarray_un_legacy_id(lspec);
301  break;
302  }
303  } SMARTLIST_FOREACH_END(lspec);
304 
305  /* For now, we only print the identity digest but we could improve this with
306  * much more information such as the ed25519 identity has well. */
307  buf[0] = '$';
308  if (legacy_id) {
309  base16_encode(buf + 1, HEX_DIGEST_LEN + 1, legacy_id, DIGEST_LEN);
310  }
311 
312  return buf;
313 }
314 
315 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
316  * rotate intro point (defined by a consensus parameter or the default
317  * value). */
318 static int32_t
320 {
321  /* The [0, 2147483647] range is quite large to accommodate anything we decide
322  * in the future. */
323  return networkstatus_get_param(NULL, "hs_intro_min_introduce2",
325  0, INT32_MAX);
326 }
327 
328 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
329  * rotate intro point (defined by a consensus parameter or the default
330  * value). */
331 static int32_t
333 {
334  /* The [0, 2147483647] range is quite large to accommodate anything we decide
335  * in the future. */
336  return networkstatus_get_param(NULL, "hs_intro_max_introduce2",
337  INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
338  0, INT32_MAX);
339 }
340 
341 /** Return the minimum lifetime in seconds of an introduction point defined by
342  * a consensus parameter or the default value. */
343 static int32_t
345 {
346 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
347  if (get_options()->TestingTorNetwork) {
348  return MIN_INTRO_POINT_LIFETIME_TESTING;
349  }
350 
351  /* The [0, 2147483647] range is quite large to accommodate anything we decide
352  * in the future. */
353  return networkstatus_get_param(NULL, "hs_intro_min_lifetime",
355  0, INT32_MAX);
356 }
357 
358 /** Return the maximum lifetime in seconds of an introduction point defined by
359  * a consensus parameter or the default value. */
360 static int32_t
362 {
363 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
364  if (get_options()->TestingTorNetwork) {
365  return MAX_INTRO_POINT_LIFETIME_TESTING;
366  }
367 
368  /* The [0, 2147483647] range is quite large to accommodate anything we decide
369  * in the future. */
370  return networkstatus_get_param(NULL, "hs_intro_max_lifetime",
372  0, INT32_MAX);
373 }
374 
375 /** Return the number of extra introduction point defined by a consensus
376  * parameter or the default value. */
377 static int32_t
379 {
380  /* The [0, 128] range bounds the number of extra introduction point allowed.
381  * Above 128 intro points, it's getting a bit crazy. */
382  return networkstatus_get_param(NULL, "hs_intro_num_extra",
383  NUM_INTRO_POINTS_EXTRA, 0, 128);
384 }
385 
386 /** Helper: Function that needs to return 1 for the HT for each loop which
387  * frees every service in an hash map. */
388 static int
389 ht_free_service_(struct hs_service_t *service, void *data)
390 {
391  (void) data;
392  hs_service_free(service);
393  /* This function MUST return 1 so the given object is then removed from the
394  * service map leading to this free of the object being safe. */
395  return 1;
396 }
397 
398 /** Free every service that can be found in the global map. Once done, clear
399  * and free the global map. */
400 static void
402 {
403  if (hs_service_map) {
404  /* The free helper function returns 1 so this is safe. */
405  hs_service_ht_HT_FOREACH_FN(hs_service_map, ht_free_service_, NULL);
406  HT_CLEAR(hs_service_ht, hs_service_map);
408  hs_service_map = NULL;
409  }
410 
412  /* Cleanup staging list. */
414  hs_service_free(s));
415  smartlist_free(hs_service_staging_list);
417  }
418 }
419 
420 /** Free a given service intro point object. */
421 STATIC void
423 {
424  if (!ip) {
425  return;
426  }
427  memwipe(&ip->auth_key_kp, 0, sizeof(ip->auth_key_kp));
428  memwipe(&ip->enc_key_kp, 0, sizeof(ip->enc_key_kp));
429  crypto_pk_free(ip->legacy_key);
432  tor_free(ip);
433 }
434 
435 /** Helper: free an hs_service_intro_point_t object. This function is used by
436  * digest256map_free() which requires a void * pointer. */
437 static void
439 {
441 }
442 
443 /** Return a newly allocated service intro point and fully initialized from the
444  * given node_t node, if non NULL.
445  *
446  * If node is NULL, returns a hs_service_intro_point_t with an empty link
447  * specifier list and no onion key. (This is used for testing.)
448  * On any other error, NULL is returned.
449  *
450  * node must be an node_t with an IPv4 address. */
453 {
455 
456  ip = tor_malloc_zero(sizeof(*ip));
457  /* We'll create the key material. No need for extra strong, those are short
458  * term keys. */
460 
461  { /* Set introduce2 max cells limit */
462  int32_t min_introduce2_cells = get_intro_point_min_introduce2();
463  int32_t max_introduce2_cells = get_intro_point_max_introduce2();
464  if (BUG(max_introduce2_cells < min_introduce2_cells)) {
465  goto err;
466  }
467  ip->introduce2_max = crypto_rand_int_range(min_introduce2_cells,
468  max_introduce2_cells);
469  }
470  { /* Set intro point lifetime */
471  int32_t intro_point_min_lifetime = get_intro_point_min_lifetime();
472  int32_t intro_point_max_lifetime = get_intro_point_max_lifetime();
473  if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
474  goto err;
475  }
476  ip->time_to_expire = approx_time() +
477  crypto_rand_int_range(intro_point_min_lifetime,intro_point_max_lifetime);
478  }
479 
480  ip->replay_cache = replaycache_new(0, 0);
481 
482  /* Initialize the base object. We don't need the certificate object. */
483  ip->base.link_specifiers = node_get_link_specifier_smartlist(node, 0);
484 
485  if (node == NULL) {
486  goto done;
487  }
488 
489  /* Generate the encryption key for this intro point. */
491  /* Figure out if this chosen node supports v3 or is legacy only.
492  * NULL nodes are used in the unit tests. */
493  if (!node_supports_ed25519_hs_intro(node)) {
494  ip->base.is_only_legacy = 1;
495  /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
496  ip->legacy_key = crypto_pk_new();
497  if (crypto_pk_generate_key(ip->legacy_key) < 0) {
498  goto err;
499  }
501  (char *) ip->legacy_key_digest) < 0) {
502  goto err;
503  }
504  }
505 
506  /* Flag if this intro point supports the INTRO2 dos defenses. */
509 
510  /* Finally, copy onion key from the node. */
511  memcpy(&ip->onion_key, node_get_curve25519_onion_key(node),
512  sizeof(ip->onion_key));
513 
514  done:
515  return ip;
516  err:
517  service_intro_point_free(ip);
518  return NULL;
519 }
520 
521 /** Add the given intro point object to the given intro point map. The intro
522  * point MUST have its RSA encryption key set if this is a legacy type or the
523  * authentication key set otherwise. */
524 STATIC void
526 {
527  hs_service_intro_point_t *old_ip_entry;
528 
529  tor_assert(map);
530  tor_assert(ip);
531 
532  old_ip_entry = digest256map_set(map, ip->auth_key_kp.pubkey.pubkey, ip);
533  /* Make sure we didn't just try to double-add an intro point */
534  tor_assert_nonfatal(!old_ip_entry);
535 }
536 
537 /** For a given service, remove the intro point from that service's descriptors
538  * (check both current and next descriptor) */
539 STATIC void
541  const hs_service_intro_point_t *ip)
542 {
543  tor_assert(service);
544  tor_assert(ip);
545 
546  /* Trying all descriptors. */
547  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
548  /* We'll try to remove the descriptor on both descriptors which is not
549  * very expensive to do instead of doing lookup + remove. */
550  digest256map_remove(desc->intro_points.map,
551  ip->auth_key_kp.pubkey.pubkey);
552  } FOR_EACH_DESCRIPTOR_END;
553 }
554 
555 /** For a given service and authentication key, return the intro point or NULL
556  * if not found. This will check both descriptors in the service. */
559  const ed25519_public_key_t *auth_key)
560 {
561  hs_service_intro_point_t *ip = NULL;
562 
563  tor_assert(service);
564  tor_assert(auth_key);
565 
566  /* Trying all descriptors to find the right intro point.
567  *
568  * Even if we use the same node as intro point in both descriptors, the node
569  * will have a different intro auth key for each descriptor since we generate
570  * a new one every time we pick an intro point.
571  *
572  * After #22893 gets implemented, intro points will be moved to be
573  * per-service instead of per-descriptor so this function will need to
574  * change.
575  */
576  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
577  if ((ip = digest256map_get(desc->intro_points.map,
578  auth_key->pubkey)) != NULL) {
579  break;
580  }
581  } FOR_EACH_DESCRIPTOR_END;
582 
583  return ip;
584 }
585 
586 /** For a given service and intro point, return the descriptor for which the
587  * intro point is assigned to. NULL is returned if not found. */
590  const hs_service_intro_point_t *ip)
591 {
592  hs_service_descriptor_t *descp = NULL;
593 
594  tor_assert(service);
595  tor_assert(ip);
596 
597  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
598  if (digest256map_get(desc->intro_points.map,
599  ip->auth_key_kp.pubkey.pubkey)) {
600  descp = desc;
601  break;
602  }
603  } FOR_EACH_DESCRIPTOR_END;
604 
605  return descp;
606 }
607 
608 /** From a circuit identifier, get all the possible objects associated with the
609  * ident. If not NULL, service, ip or desc are set if the object can be found.
610  * They are untouched if they can't be found.
611  *
612  * This is an helper function because we do those lookups often so it's more
613  * convenient to simply call this functions to get all the things at once. */
614 STATIC void
616  hs_service_t **service, hs_service_intro_point_t **ip,
618 {
619  hs_service_t *s;
620 
621  tor_assert(ident);
622 
623  /* Get service object from the circuit identifier. */
625  if (s && service) {
626  *service = s;
627  }
628 
629  /* From the service object, get the intro point object of that circuit. The
630  * following will query both descriptors intro points list. */
631  if (s && ip) {
632  *ip = service_intro_point_find(s, &ident->intro_auth_pk);
633  }
634 
635  /* Get the descriptor for this introduction point and service. */
636  if (s && ip && *ip && desc) {
637  *desc = service_desc_find_by_intro(s, *ip);
638  }
639 }
640 
641 /** From a given intro point, return the first link specifier of type
642  * encountered in the link specifier list. Return NULL if it can't be found.
643  *
644  * The caller does NOT have ownership of the object, the intro point does. */
645 static link_specifier_t *
647 {
648  link_specifier_t *lnk_spec = NULL;
649 
650  tor_assert(ip);
651 
653  link_specifier_t *, ls) {
654  if (link_specifier_get_ls_type(ls) == type) {
655  lnk_spec = ls;
656  goto end;
657  }
658  } SMARTLIST_FOREACH_END(ls);
659 
660  end:
661  return lnk_spec;
662 }
663 
664 /** Given a service intro point, return the node_t associated to it. This can
665  * return NULL if the given intro point has no legacy ID or if the node can't
666  * be found in the consensus. */
667 STATIC const node_t *
669 {
670  const link_specifier_t *ls;
671 
672  tor_assert(ip);
673 
674  ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
675  if (BUG(!ls)) {
676  return NULL;
677  }
678  /* XXX In the future, we want to only use the ed25519 ID (#22173). */
679  return node_get_by_id(
680  (const char *) link_specifier_getconstarray_un_legacy_id(ls));
681 }
682 
683 /** Given a service intro point, return the extend_info_t for it. This can
684  * return NULL if the node can't be found for the intro point or the extend
685  * info can't be created for the found node. If direct_conn is set, the extend
686  * info is validated on if we can connect directly. */
687 static extend_info_t *
689  unsigned int direct_conn)
690 {
691  extend_info_t *info = NULL;
692  const node_t *node;
693 
694  tor_assert(ip);
695 
696  node = get_node_from_intro_point(ip);
697  if (node == NULL) {
698  /* This can happen if the relay serving as intro point has been removed
699  * from the consensus. In that case, the intro point will be removed from
700  * the descriptor during the scheduled events. */
701  goto end;
702  }
703 
704  /* In the case of a direct connection (single onion service), it is possible
705  * our firewall policy won't allow it so this can return a NULL value. */
706  info = extend_info_from_node(node, direct_conn);
707 
708  end:
709  return info;
710 }
711 
712 /** Return the number of introduction points that are established for the
713  * given descriptor. */
714 MOCK_IMPL(STATIC unsigned int,
716 {
717  unsigned int count = 0;
718 
719  tor_assert(desc);
720 
721  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
722  const hs_service_intro_point_t *, ip) {
724  } DIGEST256MAP_FOREACH_END;
725 
726  return count;
727 }
728 
729 /** For a given service and descriptor of that service, close all active
730  * directory connections. */
731 static void
733  const hs_service_descriptor_t *desc)
734 {
735  unsigned int count = 0;
736  smartlist_t *dir_conns;
737 
738  tor_assert(service);
739  tor_assert(desc);
740 
741  /* Close pending HS desc upload connections for the blinded key of 'desc'. */
742  dir_conns = connection_list_by_type_purpose(CONN_TYPE_DIR,
744  SMARTLIST_FOREACH_BEGIN(dir_conns, connection_t *, conn) {
745  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
746  if (ed25519_pubkey_eq(&dir_conn->hs_ident->identity_pk,
747  &service->keys.identity_pk) &&
748  ed25519_pubkey_eq(&dir_conn->hs_ident->blinded_pk,
749  &desc->blinded_kp.pubkey)) {
750  connection_mark_for_close(conn);
751  count++;
752  continue;
753  }
754  } SMARTLIST_FOREACH_END(conn);
755 
756  log_info(LD_REND, "Closed %u active service directory connections for "
757  "descriptor %s of service %s",
758  count, safe_str_client(ed25519_fmt(&desc->blinded_kp.pubkey)),
759  safe_str_client(service->onion_address));
760  /* We don't have ownership of the objects in this list. */
761  smartlist_free(dir_conns);
762 }
763 
764 /** Close all rendezvous circuits for the given service. */
765 static void
767 {
768  origin_circuit_t *ocirc = NULL;
769 
770  tor_assert(service);
771 
772  /* The reason we go over all circuit instead of using the circuitmap API is
773  * because most hidden service circuits are rendezvous circuits so there is
774  * no real improvement at getting all rendezvous circuits from the
775  * circuitmap and then going over them all to find the right ones.
776  * Furthermore, another option would have been to keep a list of RP cookies
777  * for a service but it creates an engineering complexity since we don't
778  * have a "RP circuit closed" event to clean it up properly so we avoid a
779  * memory DoS possibility. */
780 
781  while ((ocirc = circuit_get_next_service_rp_circ(ocirc))) {
782  /* Only close circuits that are v3 and for this service. */
783  if (ocirc->hs_ident != NULL &&
785  &service->keys.identity_pk)) {
786  /* Reason is FINISHED because service has been removed and thus the
787  * circuit is considered old/unneeded. When freed, it is removed from the
788  * hs circuitmap. */
789  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
790  }
791  }
792 }
793 
794 /** Close the circuit(s) for the given map of introduction points. */
795 static void
797 {
798  tor_assert(intro_points);
799 
800  DIGEST256MAP_FOREACH(intro_points->map, key,
801  const hs_service_intro_point_t *, ip) {
803  if (ocirc) {
804  /* Reason is FINISHED because service has been removed and thus the
805  * circuit is considered old/unneeded. When freed, the circuit is removed
806  * from the HS circuitmap. */
807  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
808  }
809  } DIGEST256MAP_FOREACH_END;
810 }
811 
812 /** Close all introduction circuits for the given service. */
813 static void
815 {
816  tor_assert(service);
817 
818  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
819  close_intro_circuits(&desc->intro_points);
820  } FOR_EACH_DESCRIPTOR_END;
821 }
822 
823 /** Close any circuits related to the given service. */
824 static void
826 {
827  tor_assert(service);
828 
829  /* Only support for version >= 3. */
830  if (BUG(service->config.version < HS_VERSION_THREE)) {
831  return;
832  }
833  /* Close intro points. */
835  /* Close rendezvous points. */
836  close_service_rp_circuits(service);
837 }
838 
839 /** Move every ephemeral services from the src service map to the dst service
840  * map. It is possible that a service can't be register to the dst map which
841  * won't stop the process of moving them all but will trigger a log warn. */
842 static void
843 move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
844 {
845  hs_service_t **iter, **next;
846 
847  tor_assert(src);
848  tor_assert(dst);
849 
850  /* Iterate over the map to find ephemeral service and move them to the other
851  * map. We loop using this method to have a safe removal process. */
852  for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
853  hs_service_t *s = *iter;
854  if (!s->config.is_ephemeral) {
855  /* Yeah, we are in a very manual loop :). */
856  next = HT_NEXT(hs_service_ht, src, iter);
857  continue;
858  }
859  /* Remove service from map and then register to it to the other map.
860  * Reminder that "*iter" and "s" are the same thing. */
861  next = HT_NEXT_RMV(hs_service_ht, src, iter);
862  if (register_service(dst, s) < 0) {
863  log_warn(LD_BUG, "Ephemeral service key is already being used. "
864  "Skipping.");
865  }
866  }
867 }
868 
869 /** Return a const string of the directory path escaped. If this is an
870  * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
871  * the main thread because escaped() uses a static variable. */
872 static const char *
874 {
875  return (s->config.is_ephemeral) ? "[EPHEMERAL]" :
877 }
878 
879 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
880  * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
881 static void
882 move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
883 {
884  tor_assert(src_service);
885  tor_assert(dst_service);
886 
887  hs_service_state_t *src = &src_service->state;
888  hs_service_state_t *dst = &dst_service->state;
889 
890  /* Let's do a shallow copy */
893  /* Freeing a NULL replaycache triggers an info LD_BUG. */
894  if (dst->replay_cache_rend_cookie != NULL) {
896  }
897 
899  src->replay_cache_rend_cookie = NULL; /* steal pointer reference */
900 
902 
903  if (src->ob_subcreds) {
904  dst->ob_subcreds = src->ob_subcreds;
905  dst->n_ob_subcreds = src->n_ob_subcreds;
906 
907  src->ob_subcreds = NULL; /* steal pointer reference */
908  }
909 }
910 
911 /** Register services that are in the staging list. Once this function returns,
912  * the global service map will be set with the right content and all non
913  * surviving services will be cleaned up. */
914 static void
916 {
917  struct hs_service_ht *new_service_map;
918 
920 
921  /* Allocate a new map that will replace the current one. */
922  new_service_map = tor_malloc_zero(sizeof(*new_service_map));
923  HT_INIT(hs_service_ht, new_service_map);
924 
925  /* First step is to transfer all ephemeral services from the current global
926  * map to the new one we are constructing. We do not prune ephemeral
927  * services as the only way to kill them is by deleting it from the control
928  * port or stopping the tor daemon. */
929  move_ephemeral_services(hs_service_map, new_service_map);
930 
932  hs_service_t *s;
933 
934  /* Check if that service is already in our global map and if so, we'll
935  * transfer the intro points to it. */
936  s = find_service(hs_service_map, &snew->keys.identity_pk);
937  if (s) {
938  /* Pass ownership of the descriptors from s (the current service) to
939  * snew (the newly configured one). */
940  move_descriptors(s, snew);
941  move_hs_state(s, snew);
942  /* Remove the service from the global map because after this, we need to
943  * go over the remaining service in that map that aren't surviving the
944  * reload to close their circuits. */
946  hs_service_free(s);
947  }
948  /* Great, this service is now ready to be added to our new map. */
949  if (BUG(register_service(new_service_map, snew) < 0)) {
950  /* This should never happen because prior to registration, we validate
951  * every service against the entire set. Not being able to register a
952  * service means we failed to validate correctly. In that case, don't
953  * break tor and ignore the service but tell user. */
954  log_warn(LD_BUG, "Unable to register service with directory %s",
955  service_escaped_dir(snew));
957  hs_service_free(snew);
958  }
959  } SMARTLIST_FOREACH_END(snew);
960 
961  /* Close any circuits associated with the non surviving services. Every
962  * service in the current global map are roaming. */
963  FOR_EACH_SERVICE_BEGIN(service) {
964  close_service_circuits(service);
965  } FOR_EACH_SERVICE_END;
966 
967  /* Time to make the switch. We'll clear the staging list because its content
968  * has now changed ownership to the map. */
971  hs_service_map = new_service_map;
972  /* We've just register services into the new map and now we've replaced the
973  * global map with it so we have to notify that the change happened. When
974  * registering a service, the notify is only triggered if the destination
975  * map is the global map for which in here it was not. */
977 }
978 
979 /** Write the onion address of a given service to the given filename fname_ in
980  * the service directory. Return 0 on success else -1 on error. */
981 STATIC int
982 write_address_to_file(const hs_service_t *service, const char *fname_)
983 {
984  int ret = -1;
985  char *fname = NULL;
986  char *addr_buf = NULL;
987 
988  tor_assert(service);
989  tor_assert(fname_);
990 
991  /* Construct the full address with the onion tld and write the hostname file
992  * to disk. */
993  tor_asprintf(&addr_buf, "%s.%s\n", service->onion_address, address_tld);
994  /* Notice here that we use the given "fname_". */
995  fname = hs_path_from_filename(service->config.directory_path, fname_);
996  if (write_str_to_file_if_not_equal(fname, addr_buf)) {
997  log_warn(LD_REND, "Could not write onion address to hostname file %s",
998  escaped(fname));
999  goto end;
1000  }
1001 
1002 #ifndef _WIN32
1003  if (service->config.dir_group_readable) {
1004  /* Mode to 0640. */
1005  if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1006  log_warn(LD_FS, "Unable to make onion service hostname file %s "
1007  "group-readable.", escaped(fname));
1008  }
1009  }
1010 #endif /* !defined(_WIN32) */
1011 
1012  /* Success. */
1013  ret = 0;
1014  end:
1015  tor_free(fname);
1016  tor_free(addr_buf);
1017  return ret;
1018 }
1019 
1020 /** Load and/or generate private keys for the given service. On success, the
1021  * hostname file will be written to disk along with the master private key iff
1022  * the service is not configured for offline keys. Return 0 on success else -1
1023  * on failure. */
1024 static int
1026 {
1027  int ret = -1;
1028  char *fname = NULL;
1029  ed25519_keypair_t *kp;
1030  const hs_service_config_t *config;
1031 
1032  tor_assert(service);
1033 
1034  config = &service->config;
1035 
1036  /* Create and fix permission on service directory. We are about to write
1037  * files to that directory so make sure it exists and has the right
1038  * permissions. We do this here because at this stage we know that Tor is
1039  * actually running and the service we have has been validated. */
1041  config->directory_path,
1042  config->dir_group_readable, 1) < 0) {
1043  goto end;
1044  }
1045 
1046  /* Try to load the keys from file or generate it if not found. */
1047  fname = hs_path_from_filename(config->directory_path, fname_keyfile_prefix);
1048  /* Don't ask for key creation, we want to know if we were able to load it or
1049  * we had to generate it. Better logging! */
1050  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT, LOG_INFO, NULL, 0, 0,
1051  0, NULL, NULL);
1052  if (!kp) {
1053  log_info(LD_REND, "Unable to load keys from %s. Generating it...", fname);
1054  /* We'll now try to generate the keys and for it we want the strongest
1055  * randomness for it. The keypair will be written in different files. */
1056  uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1057  INIT_ED_KEY_SPLIT;
1058  kp = ed_key_init_from_file(fname, key_flags, LOG_WARN, NULL, 0, 0, 0,
1059  NULL, NULL);
1060  if (!kp) {
1061  log_warn(LD_REND, "Unable to generate keys and save in %s.", fname);
1062  goto end;
1063  }
1064  }
1065 
1066  /* Copy loaded or generated keys to service object. */
1067  ed25519_pubkey_copy(&service->keys.identity_pk, &kp->pubkey);
1068  memcpy(&service->keys.identity_sk, &kp->seckey,
1069  sizeof(service->keys.identity_sk));
1070  /* This does a proper memory wipe. */
1071  ed25519_keypair_free(kp);
1072 
1073  /* Build onion address from the newly loaded keys. */
1074  tor_assert(service->config.version <= UINT8_MAX);
1075  hs_build_address(&service->keys.identity_pk,
1076  (uint8_t) service->config.version,
1077  service->onion_address);
1078 
1079  /* Write onion address to hostname file. */
1080  if (write_address_to_file(service, fname_hostname) < 0) {
1081  goto end;
1082  }
1083 
1084  /* Load all client authorization keys in the service. */
1085  if (load_client_keys(service) < 0) {
1086  goto end;
1087  }
1088 
1089  /* Success. */
1090  ret = 0;
1091  end:
1092  tor_free(fname);
1093  return ret;
1094 }
1095 
1096 /** Check if the client file name is valid or not. Return 1 if valid,
1097  * otherwise return 0. */
1098 STATIC int
1099 client_filename_is_valid(const char *filename)
1100 {
1101  int ret = 1;
1102  const char *valid_extension = ".auth";
1103 
1104  tor_assert(filename);
1105 
1106  /* The file extension must match and the total filename length can't be the
1107  * length of the extension else we do not have a filename. */
1108  if (!strcmpend(filename, valid_extension) &&
1109  strlen(filename) != strlen(valid_extension)) {
1110  ret = 1;
1111  } else {
1112  ret = 0;
1113  }
1114 
1115  return ret;
1116 }
1117 
1118 /** Parse an authorized client from a string. The format of a client string
1119  * looks like (see rend-spec-v3.txt):
1120  *
1121  * <auth-type>:<key-type>:<base32-encoded-public-key>
1122  *
1123  * The <auth-type> can only be "descriptor".
1124  * The <key-type> can only be "x25519".
1125  *
1126  * Return the key on success, return NULL, otherwise. */
1128 parse_authorized_client(const char *client_key_str)
1129 {
1130  char *auth_type = NULL;
1131  char *key_type = NULL;
1132  char *pubkey_b32 = NULL;
1133  hs_service_authorized_client_t *client = NULL;
1134  smartlist_t *fields = smartlist_new();
1135 
1136  tor_assert(client_key_str);
1137 
1138  smartlist_split_string(fields, client_key_str, ":",
1139  SPLIT_SKIP_SPACE, 0);
1140  /* Wrong number of fields. */
1141  if (smartlist_len(fields) != 3) {
1142  log_warn(LD_REND, "Unknown format of client authorization file.");
1143  goto err;
1144  }
1145 
1146  auth_type = smartlist_get(fields, 0);
1147  key_type = smartlist_get(fields, 1);
1148  pubkey_b32 = smartlist_get(fields, 2);
1149 
1150  /* Currently, the only supported auth type is "descriptor". */
1151  if (strcmp(auth_type, "descriptor")) {
1152  log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
1153  auth_type);
1154  goto err;
1155  }
1156 
1157  /* Currently, the only supported key type is "x25519". */
1158  if (strcmp(key_type, "x25519")) {
1159  log_warn(LD_REND, "Client authorization key type '%s' not supported.",
1160  key_type);
1161  goto err;
1162  }
1163 
1164  /* We expect a specific length of the base32 encoded key so make sure we
1165  * have that so we don't successfully decode a value with a different length
1166  * and end up in trouble when copying the decoded key into a fixed length
1167  * buffer. */
1168  if (strlen(pubkey_b32) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) {
1169  log_warn(LD_REND, "Client authorization encoded base32 public key "
1170  "length is invalid: %s", pubkey_b32);
1171  goto err;
1172  }
1173 
1174  client = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1175  if (base32_decode((char *) client->client_pk.public_key,
1176  sizeof(client->client_pk.public_key),
1177  pubkey_b32, strlen(pubkey_b32)) !=
1178  sizeof(client->client_pk.public_key)) {
1179  log_warn(LD_REND, "Client authorization public key cannot be decoded: %s",
1180  pubkey_b32);
1181  goto err;
1182  }
1183 
1184  /* Success. */
1185  goto done;
1186 
1187  err:
1188  service_authorized_client_free(client);
1189  done:
1190  /* It is also a good idea to wipe the public key. */
1191  if (pubkey_b32) {
1192  memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1193  }
1194  tor_assert(fields);
1195  SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
1196  smartlist_free(fields);
1197  return client;
1198 }
1199 
1200 /** Load all the client public keys for the given service. Return 0 on
1201  * success else -1 on failure. */
1202 static int
1204 {
1205  int ret = -1;
1206  char *client_key_str = NULL;
1207  char *client_key_file_path = NULL;
1208  char *client_keys_dir_path = NULL;
1209  hs_service_config_t *config;
1210  smartlist_t *file_list = NULL;
1211 
1212  tor_assert(service);
1213 
1214  config = &service->config;
1215 
1216  /* Before calling this function, we already call load_service_keys to make
1217  * sure that the directory exists with the right permission. So, if we
1218  * cannot create a client pubkey key directory, we consider it as a bug. */
1219  client_keys_dir_path = hs_path_from_filename(config->directory_path,
1220  dname_client_pubkeys);
1221  if (BUG(hs_check_service_private_dir(get_options()->User,
1222  client_keys_dir_path,
1223  config->dir_group_readable, 1) < 0)) {
1224  goto end;
1225  }
1226 
1227  /* If the list of clients already exists, we must clear it first. */
1228  if (config->clients) {
1230  service_authorized_client_free(p));
1231  smartlist_free(config->clients);
1232  }
1233 
1234  config->clients = smartlist_new();
1235 
1236  file_list = tor_listdir(client_keys_dir_path);
1237  if (file_list == NULL) {
1238  log_warn(LD_REND, "Client authorization directory %s can't be listed.",
1239  client_keys_dir_path);
1240  goto end;
1241  }
1242 
1243  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1244  hs_service_authorized_client_t *client = NULL;
1245  log_info(LD_REND, "Loading a client authorization key file %s...",
1246  filename);
1247 
1248  if (!client_filename_is_valid(filename)) {
1249  log_warn(LD_REND, "Client authorization unrecognized filename %s. "
1250  "File must end in .auth. Ignoring.", filename);
1251  continue;
1252  }
1253 
1254  /* Create a full path for a file. */
1255  client_key_file_path = hs_path_from_filename(client_keys_dir_path,
1256  filename);
1257  client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1258 
1259  /* If we cannot read the file, continue with the next file. */
1260  if (!client_key_str) {
1261  log_warn(LD_REND, "Client authorization file %s can't be read. "
1262  "Corrupted or verify permission? Ignoring.",
1263  client_key_file_path);
1264  tor_free(client_key_file_path);
1265  continue;
1266  }
1267  tor_free(client_key_file_path);
1268 
1269  client = parse_authorized_client(client_key_str);
1270  /* Wipe and free immediately after using it. */
1271  memwipe(client_key_str, 0, strlen(client_key_str));
1272  tor_free(client_key_str);
1273 
1274  if (client) {
1275  smartlist_add(config->clients, client);
1276  log_info(LD_REND, "Loaded a client authorization key file %s.",
1277  filename);
1278  }
1279 
1280  } SMARTLIST_FOREACH_END(filename);
1281 
1282  /* If the number of clients is greater than zero, set the flag to be true. */
1283  if (smartlist_len(config->clients) > 0) {
1284  config->is_client_auth_enabled = 1;
1285  }
1286 
1287  /* Success. */
1288  ret = 0;
1289  end:
1290  if (client_key_str) {
1291  memwipe(client_key_str, 0, strlen(client_key_str));
1292  }
1293  if (file_list) {
1294  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1295  smartlist_free(file_list);
1296  }
1297  tor_free(client_key_str);
1298  tor_free(client_key_file_path);
1299  tor_free(client_keys_dir_path);
1300  return ret;
1301 }
1302 
1303 /** Release all storage held in <b>client</b>. */
1304 STATIC void
1306 {
1307  if (!client) {
1308  return;
1309  }
1310  memwipe(&client->client_pk, 0, sizeof(client->client_pk));
1311  tor_free(client);
1312 }
1313 
1314 /** Free a given service descriptor object and all key material is wiped. */
1315 STATIC void
1317 {
1318  if (!desc) {
1319  return;
1320  }
1321  hs_descriptor_free(desc->desc);
1322  memwipe(&desc->signing_kp, 0, sizeof(desc->signing_kp));
1323  memwipe(&desc->blinded_kp, 0, sizeof(desc->blinded_kp));
1324  /* Cleanup all intro points. */
1325  digest256map_free(desc->intro_points.map, service_intro_point_free_void);
1326  digestmap_free(desc->intro_points.failed_id, tor_free_);
1327  if (desc->previous_hsdirs) {
1328  SMARTLIST_FOREACH(desc->previous_hsdirs, char *, s, tor_free(s));
1329  smartlist_free(desc->previous_hsdirs);
1330  }
1331  crypto_ope_free(desc->ope_cipher);
1332  tor_free(desc);
1333 }
1334 
1335 /** Return a newly allocated service descriptor object. */
1338 {
1339  hs_service_descriptor_t *sdesc = tor_malloc_zero(sizeof(*sdesc));
1340  sdesc->desc = tor_malloc_zero(sizeof(hs_descriptor_t));
1341  /* Initialize the intro points map. */
1342  sdesc->intro_points.map = digest256map_new();
1343  sdesc->intro_points.failed_id = digestmap_new();
1344  sdesc->previous_hsdirs = smartlist_new();
1345  return sdesc;
1346 }
1347 
1348 /** Allocate and return a deep copy of client. */
1351 {
1352  hs_service_authorized_client_t *client_dup = NULL;
1353 
1354  tor_assert(client);
1355 
1356  client_dup = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1357  /* Currently, the public key is the only component of
1358  * hs_service_authorized_client_t. */
1359  memcpy(client_dup->client_pk.public_key,
1360  client->client_pk.public_key,
1362 
1363  return client_dup;
1364 }
1365 
1366 /** If two authorized clients are equal, return 0. If the first one should come
1367  * before the second, return less than zero. If the first should come after
1368  * the second, return greater than zero. */
1369 static int
1371  const hs_service_authorized_client_t *client2)
1372 {
1373  tor_assert(client1);
1374  tor_assert(client2);
1375 
1376  /* Currently, the public key is the only component of
1377  * hs_service_authorized_client_t. */
1378  return tor_memcmp(client1->client_pk.public_key,
1379  client2->client_pk.public_key,
1381 }
1382 
1383 /** Helper for sorting authorized clients. */
1384 static int
1385 compare_service_authorzized_client_(const void **_a, const void **_b)
1386 {
1387  const hs_service_authorized_client_t *a = *_a, *b = *_b;
1388  return service_authorized_client_cmp(a, b);
1389 }
1390 
1391 /** If the list of hs_service_authorized_client_t's is different between
1392  * src and dst, return 1. Otherwise, return 0. */
1393 STATIC int
1395  const hs_service_config_t *config2)
1396 {
1397  int ret = 0;
1398  int i;
1399  smartlist_t *sl1 = smartlist_new();
1400  smartlist_t *sl2 = smartlist_new();
1401 
1402  tor_assert(config1);
1403  tor_assert(config2);
1404  tor_assert(config1->clients);
1405  tor_assert(config2->clients);
1406 
1407  /* If the number of clients is different, it is obvious that the list
1408  * changes. */
1409  if (smartlist_len(config1->clients) != smartlist_len(config2->clients)) {
1410  goto done;
1411  }
1412 
1413  /* We do not want to mutate config1 and config2, so we will duplicate both
1414  * entire client lists here. */
1415  SMARTLIST_FOREACH(config1->clients,
1418 
1419  SMARTLIST_FOREACH(config2->clients,
1422 
1425 
1426  for (i = 0; i < smartlist_len(sl1); i++) {
1427  /* If the clients at index i in both lists differ, the whole configs
1428  * differ. */
1429  if (service_authorized_client_cmp(smartlist_get(sl1, i),
1430  smartlist_get(sl2, i))) {
1431  goto done;
1432  }
1433  }
1434 
1435  /* Success. */
1436  ret = 1;
1437 
1438  done:
1439  if (sl1) {
1441  service_authorized_client_free(p));
1442  smartlist_free(sl1);
1443  }
1444  if (sl2) {
1446  service_authorized_client_free(p));
1447  smartlist_free(sl2);
1448  }
1449  return ret;
1450 }
1451 
1452 /** Move descriptor(s) from the src service to the dst service and modify their
1453  * content if necessary. We do this during SIGHUP when we re-create our
1454  * hidden services. */
1455 static void
1457 {
1458  tor_assert(src);
1459  tor_assert(dst);
1460 
1461  if (src->desc_current) {
1462  /* Nothing should be there, but clean it up just in case */
1463  if (BUG(dst->desc_current)) {
1464  service_descriptor_free(dst->desc_current);
1465  }
1466  dst->desc_current = src->desc_current;
1467  src->desc_current = NULL;
1468  }
1469 
1470  if (src->desc_next) {
1471  /* Nothing should be there, but clean it up just in case */
1472  if (BUG(dst->desc_next)) {
1473  service_descriptor_free(dst->desc_next);
1474  }
1475  dst->desc_next = src->desc_next;
1476  src->desc_next = NULL;
1477  }
1478 
1479  /* If the client authorization changes, we must rebuild the superencrypted
1480  * section and republish the descriptors. */
1481  int client_auth_changed =
1483  if (client_auth_changed && dst->desc_current) {
1484  /* We have to clear the superencrypted content first. */
1487  if (build_service_desc_superencrypted(dst, dst->desc_current) < 0) {
1488  goto err;
1489  }
1490  service_desc_schedule_upload(dst->desc_current, time(NULL), 1);
1491  }
1492  if (client_auth_changed && dst->desc_next) {
1493  /* We have to clear the superencrypted content first. */
1496  if (build_service_desc_superencrypted(dst, dst->desc_next) < 0) {
1497  goto err;
1498  }
1499  service_desc_schedule_upload(dst->desc_next, time(NULL), 1);
1500  }
1501 
1502  return;
1503 
1504  err:
1505  /* If there is an error, free all descriptors to make it clean and generate
1506  * them later. */
1507  service_descriptor_free(dst->desc_current);
1508  service_descriptor_free(dst->desc_next);
1509 }
1510 
1511 /** From the given service, remove all expired failing intro points for each
1512  * descriptor. */
1513 static void
1515 {
1516  tor_assert(service);
1517 
1518  /* For both descriptors, cleanup the failing intro points list. */
1519  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
1520  DIGESTMAP_FOREACH_MODIFY(desc->intro_points.failed_id, key, time_t *, t) {
1521  time_t failure_time = *t;
1522  if ((failure_time + INTRO_CIRC_RETRY_PERIOD) <= now) {
1523  MAP_DEL_CURRENT(key);
1524  tor_free(t);
1525  }
1527  } FOR_EACH_DESCRIPTOR_END;
1528 }
1529 
1530 /** For the given descriptor desc, put all node_t object found from its failing
1531  * intro point list and put them in the given node_list. */
1532 static void
1534  smartlist_t *node_list)
1535 {
1536  tor_assert(desc);
1537  tor_assert(node_list);
1538 
1539  DIGESTMAP_FOREACH(desc->intro_points.failed_id, key, time_t *, t) {
1540  (void) t; /* Make gcc happy. */
1541  const node_t *node = node_get_by_id(key);
1542  if (node) {
1543  smartlist_add(node_list, (void *) node);
1544  }
1546 }
1547 
1548 /** For the given failing intro point ip, we add its time of failure to the
1549  * failed map and index it by identity digest (legacy ID) in the descriptor
1550  * desc failed id map. */
1551 static void
1553  hs_service_descriptor_t *desc, time_t now)
1554 {
1555  time_t *time_of_failure, *prev_ptr;
1556  const link_specifier_t *legacy_ls;
1557 
1558  tor_assert(ip);
1559  tor_assert(desc);
1560 
1561  time_of_failure = tor_malloc_zero(sizeof(time_t));
1562  *time_of_failure = now;
1563  legacy_ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
1564  tor_assert(legacy_ls);
1565  prev_ptr = digestmap_set(
1566  desc->intro_points.failed_id,
1567  (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1568  time_of_failure);
1569  tor_free(prev_ptr);
1570 }
1571 
1572 /** Using a given descriptor signing keypair signing_kp, a service intro point
1573  * object ip and the time now, setup the content of an already allocated
1574  * descriptor intro desc_ip.
1575  *
1576  * Return 0 on success else a negative value. */
1577 static int
1579  const hs_service_intro_point_t *ip,
1580  time_t now, hs_desc_intro_point_t *desc_ip)
1581 {
1582  int ret = -1;
1583  time_t nearest_hour = now - (now % 3600);
1584 
1585  tor_assert(signing_kp);
1586  tor_assert(ip);
1587  tor_assert(desc_ip);
1588 
1589  /* Copy the onion key. */
1590  memcpy(&desc_ip->onion_key, &ip->onion_key, sizeof(desc_ip->onion_key));
1591 
1592  /* Key and certificate material. */
1593  desc_ip->auth_key_cert = tor_cert_create_ed25519(signing_kp,
1594  CERT_TYPE_AUTH_HS_IP_KEY,
1595  &ip->auth_key_kp.pubkey,
1596  nearest_hour,
1598  CERT_FLAG_INCLUDE_SIGNING_KEY);
1599  if (desc_ip->auth_key_cert == NULL) {
1600  log_warn(LD_REND, "Unable to create intro point auth-key certificate");
1601  goto done;
1602  }
1603 
1604  /* Copy link specifier(s). */
1606  const link_specifier_t *, ls) {
1607  if (BUG(!ls)) {
1608  goto done;
1609  }
1610  link_specifier_t *copy = link_specifier_dup(ls);
1611  if (BUG(!copy)) {
1612  goto done;
1613  }
1614  smartlist_add(desc_ip->link_specifiers, copy);
1615  } SMARTLIST_FOREACH_END(ls);
1616 
1617  /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1618  if (ip->base.is_only_legacy) {
1619  desc_ip->legacy.key = crypto_pk_dup_key(ip->legacy_key);
1620  /* Create cross certification cert. */
1621  ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
1622  &signing_kp->pubkey,
1623  desc_ip->legacy.key,
1624  nearest_hour + HS_DESC_CERT_LIFETIME,
1625  &desc_ip->legacy.cert.encoded);
1626  if (cert_len < 0) {
1627  log_warn(LD_REND, "Unable to create enc key legacy cross cert.");
1628  goto done;
1629  }
1630  desc_ip->legacy.cert.len = cert_len;
1631  }
1632 
1633  /* Encryption key and its cross certificate. */
1634  {
1635  ed25519_public_key_t ed25519_pubkey;
1636 
1637  /* Use the public curve25519 key. */
1638  memcpy(&desc_ip->enc_key, &ip->enc_key_kp.pubkey,
1639  sizeof(desc_ip->enc_key));
1640  /* The following can't fail. */
1642  &ip->enc_key_kp.pubkey,
1643  0);
1644  desc_ip->enc_key_cert = tor_cert_create_ed25519(signing_kp,
1645  CERT_TYPE_CROSS_HS_IP_KEYS,
1646  &ed25519_pubkey, nearest_hour,
1648  CERT_FLAG_INCLUDE_SIGNING_KEY);
1649  if (desc_ip->enc_key_cert == NULL) {
1650  log_warn(LD_REND, "Unable to create enc key curve25519 cross cert.");
1651  goto done;
1652  }
1653  }
1654  /* Success. */
1655  ret = 0;
1656 
1657  done:
1658  return ret;
1659 }
1660 
1661 /** Using the given descriptor from the given service, build the descriptor
1662  * intro point list so we can then encode the descriptor for publication. This
1663  * function does not pick intro points, they have to be in the descriptor
1664  * current map. Cryptographic material (keys) must be initialized in the
1665  * descriptor for this function to make sense. */
1666 static void
1668  hs_service_descriptor_t *desc, time_t now)
1669 {
1670  hs_desc_encrypted_data_t *encrypted;
1671 
1672  tor_assert(service);
1673  tor_assert(desc);
1674 
1675  /* Ease our life. */
1676  encrypted = &desc->desc->encrypted_data;
1677  /* Cleanup intro points, we are about to set them from scratch. */
1679 
1680  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
1681  const hs_service_intro_point_t *, ip) {
1683  /* Ignore un-established intro points. They can linger in that list
1684  * because their circuit has not opened and they haven't been removed
1685  * yet even though we have enough intro circuits.
1686  *
1687  * Due to #31561, it can stay in that list until rotation so this check
1688  * prevents to publish an intro point without a circuit. */
1689  continue;
1690  }
1692  if (setup_desc_intro_point(&desc->signing_kp, ip, now, desc_ip) < 0) {
1693  hs_desc_intro_point_free(desc_ip);
1694  continue;
1695  }
1696  /* We have a valid descriptor intro point. Add it to the list. */
1697  smartlist_add(encrypted->intro_points, desc_ip);
1698  } DIGEST256MAP_FOREACH_END;
1699 }
1700 
1701 /** Build the descriptor signing key certificate. */
1702 static void
1704 {
1705  hs_desc_plaintext_data_t *plaintext;
1706 
1707  tor_assert(desc);
1708  tor_assert(desc->desc);
1709 
1710  /* Ease our life a bit. */
1711  plaintext = &desc->desc->plaintext_data;
1712 
1713  /* Get rid of what we have right now. */
1714  tor_cert_free(plaintext->signing_key_cert);
1715 
1716  /* Fresh certificate for the signing key. */
1717  plaintext->signing_key_cert =
1718  tor_cert_create_ed25519(&desc->blinded_kp, CERT_TYPE_SIGNING_HS_DESC,
1719  &desc->signing_kp.pubkey, now, HS_DESC_CERT_LIFETIME,
1720  CERT_FLAG_INCLUDE_SIGNING_KEY);
1721  /* If the cert creation fails, the descriptor encoding will fail and thus
1722  * ultimately won't be uploaded. We'll get a stack trace to help us learn
1723  * where the call came from and the tor_cert_create_ed25519() will log the
1724  * error. */
1725  tor_assert_nonfatal(plaintext->signing_key_cert);
1726 }
1727 
1728 /** Populate the descriptor encrypted section from the given service object.
1729  * This will generate a valid list of introduction points that can be used
1730  * after for circuit creation. Return 0 on success else -1 on error. */
1731 static int
1734 {
1735  hs_desc_encrypted_data_t *encrypted;
1736 
1737  tor_assert(service);
1738  tor_assert(desc);
1739 
1740  encrypted = &desc->desc->encrypted_data;
1741 
1742  encrypted->create2_ntor = 1;
1743  encrypted->single_onion_service = service->config.is_single_onion;
1744 
1745  /* Setup introduction points from what we have in the service. */
1746  if (encrypted->intro_points == NULL) {
1747  encrypted->intro_points = smartlist_new();
1748  }
1749  /* We do NOT build introduction point yet, we only do that once the circuit
1750  * have been opened. Until we have the right number of introduction points,
1751  * we do not encode anything in the descriptor. */
1752 
1753  /* XXX: Support client authorization (#20700). */
1754  encrypted->intro_auth_types = NULL;
1755  return 0;
1756 }
1757 
1758 /** Populate the descriptor superencrypted section from the given service
1759  * object. This will generate a valid list of hs_desc_authorized_client_t
1760  * of clients that are authorized to use the service. Return 0 on success
1761  * else -1 on error. */
1762 static int
1765 {
1766  const hs_service_config_t *config;
1767  int i;
1768  hs_desc_superencrypted_data_t *superencrypted;
1769 
1770  tor_assert(service);
1771  tor_assert(desc);
1772 
1773  superencrypted = &desc->desc->superencrypted_data;
1774  config = &service->config;
1775 
1776  /* The ephemeral key pair is already generated, so this should not give
1777  * an error. */
1778  if (BUG(!curve25519_public_key_is_ok(&desc->auth_ephemeral_kp.pubkey))) {
1779  return -1;
1780  }
1781  memcpy(&superencrypted->auth_ephemeral_pubkey,
1782  &desc->auth_ephemeral_kp.pubkey,
1783  sizeof(curve25519_public_key_t));
1784 
1785  /* Test that subcred is not zero because we might use it below */
1786  if (BUG(fast_mem_is_zero((char*)desc->desc->subcredential.subcred,
1787  DIGEST256_LEN))) {
1788  return -1;
1789  }
1790 
1791  /* Create a smartlist to store clients */
1792  superencrypted->clients = smartlist_new();
1793 
1794  /* We do not need to build the desc authorized client if the client
1795  * authorization is disabled */
1796  if (config->is_client_auth_enabled) {
1798  hs_service_authorized_client_t *, client) {
1799  hs_desc_authorized_client_t *desc_client;
1800  desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
1801 
1802  /* Prepare the client for descriptor and then add to the list in the
1803  * superencrypted part of the descriptor */
1805  &client->client_pk,
1806  &desc->auth_ephemeral_kp.seckey,
1807  desc->descriptor_cookie, desc_client);
1808  smartlist_add(superencrypted->clients, desc_client);
1809 
1810  } SMARTLIST_FOREACH_END(client);
1811  }
1812 
1813  /* We cannot let the number of auth-clients to be zero, so we need to
1814  * make it be 16. If it is already a multiple of 16, we do not need to
1815  * do anything. Otherwise, add the additional ones to make it a
1816  * multiple of 16. */
1817  int num_clients = smartlist_len(superencrypted->clients);
1818  int num_clients_to_add;
1819  if (num_clients == 0) {
1820  num_clients_to_add = HS_DESC_AUTH_CLIENT_MULTIPLE;
1821  } else if (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE == 0) {
1822  num_clients_to_add = 0;
1823  } else {
1824  num_clients_to_add =
1826  - (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE);
1827  }
1828 
1829  for (i = 0; i < num_clients_to_add; i++) {
1830  hs_desc_authorized_client_t *desc_client =
1832  smartlist_add(superencrypted->clients, desc_client);
1833  }
1834 
1835  /* Shuffle the list to prevent the client know the position in the
1836  * config. */
1837  smartlist_shuffle(superencrypted->clients);
1838 
1839  return 0;
1840 }
1841 
1842 /** Populate the descriptor plaintext section from the given service object.
1843  * The caller must make sure that the keys in the descriptors are valid that
1844  * is are non-zero. This can't fail. */
1845 static void
1848 {
1849  hs_desc_plaintext_data_t *plaintext;
1850 
1851  tor_assert(service);
1852  tor_assert(desc);
1853  tor_assert(!fast_mem_is_zero((char *) &desc->blinded_kp,
1854  sizeof(desc->blinded_kp)));
1855  tor_assert(!fast_mem_is_zero((char *) &desc->signing_kp,
1856  sizeof(desc->signing_kp)));
1857 
1858  /* Set the subcredential. */
1859  hs_get_subcredential(&service->keys.identity_pk, &desc->blinded_kp.pubkey,
1860  &desc->desc->subcredential);
1861 
1862  plaintext = &desc->desc->plaintext_data;
1863 
1864  plaintext->version = service->config.version;
1866  /* Copy public key material to go in the descriptor. */
1867  ed25519_pubkey_copy(&plaintext->signing_pubkey, &desc->signing_kp.pubkey);
1868  ed25519_pubkey_copy(&plaintext->blinded_pubkey, &desc->blinded_kp.pubkey);
1869 
1870  /* Create the signing key certificate. This will be updated before each
1871  * upload but we create it here so we don't complexify our unit tests. */
1873 }
1874 
1875 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1876 static crypto_ope_t *
1878 {
1879  /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1880  uint8_t key[DIGEST256_LEN];
1881  crypto_digest_t *digest = crypto_digest256_new(DIGEST_SHA3_256);
1882  const char ope_key_prefix[] = "rev-counter-generation";
1883  const ed25519_secret_key_t *eph_privkey = &hs_desc->blinded_kp.seckey;
1884  crypto_digest_add_bytes(digest, ope_key_prefix, sizeof(ope_key_prefix));
1885  crypto_digest_add_bytes(digest, (char*)eph_privkey->seckey,
1886  sizeof(eph_privkey->seckey));
1887  crypto_digest_get_digest(digest, (char *)key, sizeof(key));
1888  crypto_digest_free(digest);
1889 
1890  return crypto_ope_new(key);
1891 }
1892 
1893 /** For the given service and descriptor object, create the key material which
1894  * is the blinded keypair, the descriptor signing keypair, the ephemeral
1895  * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1896  * where the generated keys MUST be ignored. */
1897 static int
1900 {
1901  int ret = -1;
1902  ed25519_keypair_t kp;
1903 
1904  tor_assert(desc);
1905  tor_assert(!fast_mem_is_zero((char *) &service->keys.identity_pk,
1907 
1908  /* XXX: Support offline key feature (#18098). */
1909 
1910  /* Copy the identity keys to the keypair so we can use it to create the
1911  * blinded key. */
1912  memcpy(&kp.pubkey, &service->keys.identity_pk, sizeof(kp.pubkey));
1913  memcpy(&kp.seckey, &service->keys.identity_sk, sizeof(kp.seckey));
1914  /* Build blinded keypair for this time period. */
1915  hs_build_blinded_keypair(&kp, NULL, 0, desc->time_period_num,
1916  &desc->blinded_kp);
1917  /* Let's not keep too much traces of our keys in memory. */
1918  memwipe(&kp, 0, sizeof(kp));
1919 
1920  /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1921  log_info(LD_GENERAL,
1922  "Getting OPE for TP#%u", (unsigned) desc->time_period_num);
1923  tor_assert_nonfatal(!desc->ope_cipher);
1925 
1926  /* No need for extra strong, this is a temporary key only for this
1927  * descriptor. Nothing long term. */
1928  if (ed25519_keypair_generate(&desc->signing_kp, 0) < 0) {
1929  log_warn(LD_REND, "Can't generate descriptor signing keypair for "
1930  "service %s",
1931  safe_str_client(service->onion_address));
1932  goto end;
1933  }
1934 
1935  /* No need for extra strong, this is a temporary key only for this
1936  * descriptor. Nothing long term. */
1937  if (curve25519_keypair_generate(&desc->auth_ephemeral_kp, 0) < 0) {
1938  log_warn(LD_REND, "Can't generate auth ephemeral keypair for "
1939  "service %s",
1940  safe_str_client(service->onion_address));
1941  goto end;
1942  }
1943 
1944  /* Random descriptor cookie to be used as a part of a key to encrypt the
1945  * descriptor, only if the client auth is enabled will it be used. */
1947  sizeof(desc->descriptor_cookie));
1948 
1949  /* Success. */
1950  ret = 0;
1951  end:
1952  return ret;
1953 }
1954 
1955 /** Given a service and the current time, build a descriptor for the service.
1956  * This function does not pick introduction point, this needs to be done by
1957  * the update function. On success, desc_out will point to the newly allocated
1958  * descriptor object.
1959  *
1960  * This can error if we are unable to create keys or certificate. */
1961 static void
1962 build_service_descriptor(hs_service_t *service, uint64_t time_period_num,
1963  hs_service_descriptor_t **desc_out)
1964 {
1965  char *encoded_desc;
1967 
1968  tor_assert(service);
1969  tor_assert(desc_out);
1970 
1971  desc = service_descriptor_new();
1972 
1973  /* Set current time period */
1974  desc->time_period_num = time_period_num;
1975 
1976  /* Create the needed keys so we can setup the descriptor content. */
1977  if (build_service_desc_keys(service, desc) < 0) {
1978  goto err;
1979  }
1980  /* Setup plaintext descriptor content. */
1981  build_service_desc_plaintext(service, desc);
1982 
1983  /* Setup superencrypted descriptor content. */
1984  if (build_service_desc_superencrypted(service, desc) < 0) {
1985  goto err;
1986  }
1987  /* Setup encrypted descriptor content. */
1988  if (build_service_desc_encrypted(service, desc) < 0) {
1989  goto err;
1990  }
1991 
1992  /* Let's make sure that we've created a descriptor that can actually be
1993  * encoded properly. This function also checks if the encoded output is
1994  * decodable after. */
1995  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
1996  &encoded_desc) < 0)) {
1997  goto err;
1998  }
1999  tor_free(encoded_desc);
2000 
2001  /* Assign newly built descriptor to the next slot. */
2002  *desc_out = desc;
2003 
2004  /* Fire a CREATED control port event. */
2006  &desc->blinded_kp.pubkey);
2007 
2008  /* If we are an onionbalance instance, we refresh our keys when we rotate
2009  * descriptors. */
2010  hs_ob_refresh_keys(service);
2011 
2012  return;
2013 
2014  err:
2015  service_descriptor_free(desc);
2016 }
2017 
2018 /** Build both descriptors for the given service that has just booted up.
2019  * Because it's a special case, it deserves its special function ;). */
2020 static void
2022 {
2023  uint64_t current_desc_tp, next_desc_tp;
2024 
2025  tor_assert(service);
2026  /* These are the conditions for a new service. */
2027  tor_assert(!service->desc_current);
2028  tor_assert(!service->desc_next);
2029 
2030  /*
2031  * +------------------------------------------------------------------+
2032  * | |
2033  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2034  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2035  * | |
2036  * | $==========|-----------$===========|-----------$===========| |
2037  * | ^ ^ |
2038  * | A B |
2039  * +------------------------------------------------------------------+
2040  *
2041  * Case A: The service boots up before a new time period, the current time
2042  * period is thus TP#1 and the next is TP#2 which for both we have access to
2043  * their SRVs.
2044  *
2045  * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2046  * next descriptor because we don't have the SRV#3 so the current should be
2047  * TP#1 and next TP#2.
2048  */
2049 
2050  if (hs_in_period_between_tp_and_srv(NULL, now)) {
2051  /* Case B from the above, inside of the new time period. */
2052  current_desc_tp = hs_get_previous_time_period_num(0); /* TP#1 */
2053  next_desc_tp = hs_get_time_period_num(0); /* TP#2 */
2054  } else {
2055  /* Case A from the above, outside of the new time period. */
2056  current_desc_tp = hs_get_time_period_num(0); /* TP#1 */
2057  next_desc_tp = hs_get_next_time_period_num(0); /* TP#2 */
2058  }
2059 
2060  /* Build descriptors. */
2061  build_service_descriptor(service, current_desc_tp, &service->desc_current);
2062  build_service_descriptor(service, next_desc_tp, &service->desc_next);
2063  log_info(LD_REND, "Hidden service %s has just started. Both descriptors "
2064  "built. Now scheduled for upload.",
2065  safe_str_client(service->onion_address));
2066 }
2067 
2068 /** Build descriptors for each service if needed. There are conditions to build
2069  * a descriptor which are details in the function. */
2070 STATIC void
2072 {
2073  FOR_EACH_SERVICE_BEGIN(service) {
2074 
2075  /* A service booting up will have both descriptors to NULL. No other cases
2076  * makes both descriptor non existent. */
2077  if (service->desc_current == NULL && service->desc_next == NULL) {
2078  build_descriptors_for_new_service(service, now);
2079  continue;
2080  }
2081 
2082  /* Reaching this point means we are pass bootup so at runtime. We should
2083  * *never* have an empty current descriptor. If the next descriptor is
2084  * empty, we'll try to build it for the next time period. This only
2085  * happens when we rotate meaning that we are guaranteed to have a new SRV
2086  * at that point for the next time period. */
2087  if (BUG(service->desc_current == NULL)) {
2088  continue;
2089  }
2090 
2091  if (service->desc_next == NULL) {
2093  &service->desc_next);
2094  log_info(LD_REND, "Hidden service %s next descriptor successfully "
2095  "built. Now scheduled for upload.",
2096  safe_str_client(service->onion_address));
2097  }
2098  } FOR_EACH_DESCRIPTOR_END;
2099 }
2100 
2101 /** Randomly pick a node to become an introduction point but not present in the
2102  * given exclude_nodes list. The chosen node is put in the exclude list
2103  * regardless of success or not because in case of failure, the node is simply
2104  * unsusable from that point on.
2105  *
2106  * If direct_conn is set, try to pick a node that our local firewall/policy
2107  * allows us to connect to directly. If we can't find any, return NULL.
2108  * This function supports selecting dual-stack nodes for direct single onion
2109  * service IPv6 connections. But it does not send IPv6 addresses in link
2110  * specifiers. (Current clients don't use IPv6 addresses to extend, and
2111  * direct client connections to intro points are not supported.)
2112  *
2113  * Return a newly allocated service intro point ready to be used for encoding.
2114  * Return NULL on error. */
2115 static hs_service_intro_point_t *
2116 pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
2117 {
2118  const or_options_t *options = get_options();
2119  const node_t *node;
2120  hs_service_intro_point_t *ip = NULL;
2121  /* Normal 3-hop introduction point flags. */
2122  router_crn_flags_t flags = CRN_NEED_UPTIME | CRN_NEED_DESC;
2123  /* Single onion flags. */
2124  router_crn_flags_t direct_flags = flags | CRN_PREF_ADDR | CRN_DIRECT_CONN;
2125 
2126  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2127  direct_conn ? direct_flags : flags);
2128 
2129  /* If we are in single onion mode, retry node selection for a 3-hop
2130  * path */
2131  if (direct_conn && !node) {
2132  log_info(LD_REND,
2133  "Unable to find an intro point that we can connect to "
2134  "directly, falling back to a 3-hop path.");
2135  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2136  flags);
2137  }
2138 
2139  if (!node) {
2140  goto err;
2141  }
2142 
2143  /* We have a suitable node, add it to the exclude list. We do this *before*
2144  * we can validate the extend information because even in case of failure,
2145  * we don't want to use that node anymore. */
2146  smartlist_add(exclude_nodes, (void *) node);
2147 
2148  /* Create our objects and populate them with the node information. */
2149  ip = service_intro_point_new(node);
2150 
2151  if (ip == NULL) {
2152  goto err;
2153  }
2154 
2155  log_info(LD_REND, "Picked intro point: %s", node_describe(node));
2156  return ip;
2157  err:
2158  service_intro_point_free(ip);
2159  return NULL;
2160 }
2161 
2162 /** For a given descriptor from the given service, pick any needed intro points
2163  * and update the current map with those newly picked intro points. Return the
2164  * number node that might have been added to the descriptor current map. */
2165 static unsigned int
2168 {
2169  int i = 0, num_needed_ip;
2170  smartlist_t *exclude_nodes = smartlist_new();
2171 
2172  tor_assert(service);
2173  tor_assert(desc);
2174 
2175  /* Compute how many intro points we actually need to open. */
2176  num_needed_ip = service->config.num_intro_points -
2177  digest256map_size(desc->intro_points.map);
2178  if (BUG(num_needed_ip < 0)) {
2179  /* Let's not make tor freak out here and just skip this. */
2180  goto done;
2181  }
2182 
2183  /* We want to end up with config.num_intro_points intro points, but if we
2184  * have no intro points at all (chances are they all cycled or we are
2185  * starting up), we launch get_intro_point_num_extra() extra circuits and
2186  * use the first config.num_intro_points that complete. See proposal #155,
2187  * section 4 for the rationale of this which is purely for performance.
2188  *
2189  * The ones after the first config.num_intro_points will be converted to
2190  * 'General' internal circuits and then we'll drop them from the list of
2191  * intro points. */
2192  if (digest256map_size(desc->intro_points.map) == 0) {
2193  num_needed_ip += get_intro_point_num_extra();
2194  }
2195 
2196  /* Build an exclude list of nodes of our intro point(s). The expiring intro
2197  * points are OK to pick again because this is after all a concept of round
2198  * robin so they are considered valid nodes to pick again. */
2199  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
2200  hs_service_intro_point_t *, ip) {
2201  const node_t *intro_node = get_node_from_intro_point(ip);
2202  if (intro_node) {
2203  smartlist_add(exclude_nodes, (void*)intro_node);
2204  }
2205  } DIGEST256MAP_FOREACH_END;
2206  /* Also, add the failing intro points that our descriptor encounteered in
2207  * the exclude node list. */
2208  setup_intro_point_exclude_list(desc, exclude_nodes);
2209 
2210  for (i = 0; i < num_needed_ip; i++) {
2212 
2213  /* This function will add the picked intro point node to the exclude nodes
2214  * list so we don't pick the same one at the next iteration. */
2215  ip = pick_intro_point(service->config.is_single_onion, exclude_nodes);
2216  if (ip == NULL) {
2217  /* If we end up unable to pick an introduction point it is because we
2218  * can't find suitable node and calling this again is highly unlikely to
2219  * give us a valid node all of the sudden. */
2220  log_info(LD_REND, "Unable to find a suitable node to be an "
2221  "introduction point for service %s.",
2222  safe_str_client(service->onion_address));
2223  goto done;
2224  }
2225  /* Valid intro point object, add it to the descriptor current map. */
2227  }
2228  /* We've successfully picked all our needed intro points thus none are
2229  * missing which will tell our upload process to expect the number of
2230  * circuits to be the number of configured intro points circuits and not the
2231  * number of intro points object that we have. */
2232  desc->missing_intro_points = 0;
2233 
2234  /* Success. */
2235  done:
2236  /* We don't have ownership of the node_t object in this list. */
2237  smartlist_free(exclude_nodes);
2238  return i;
2239 }
2240 
2241 /** Clear previous cached HSDirs in <b>desc</b>. */
2242 static void
2244 {
2245  if (BUG(!desc->previous_hsdirs)) {
2246  return;
2247  }
2248 
2249  SMARTLIST_FOREACH(desc->previous_hsdirs, char*, s, tor_free(s));
2251 }
2252 
2253 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2254 static void
2256 {
2257  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
2258  digest_to_base64(b64_digest, hsdir->identity);
2259 
2260  if (BUG(!desc->previous_hsdirs)) {
2261  return;
2262  }
2263 
2264  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
2265  smartlist_add_strdup(desc->previous_hsdirs, b64_digest);
2266  }
2267 }
2268 
2269 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2270  * means that this descriptor is dirty. */
2271 STATIC void
2273  time_t now,
2274  int descriptor_changed)
2275 
2276 {
2277  desc->next_upload_time = now;
2278 
2279  /* If the descriptor changed, clean up the old HSDirs list. We want to
2280  * re-upload no matter what. */
2281  if (descriptor_changed) {
2283  }
2284 }
2285 
2286 /** Pick missing intro points for this descriptor if needed. */
2287 static void
2289  hs_service_descriptor_t *desc, time_t now)
2290 {
2291  unsigned int num_intro_points;
2292 
2293  tor_assert(service);
2294  tor_assert(desc);
2295  tor_assert(desc->desc);
2296 
2297  num_intro_points = digest256map_size(desc->intro_points.map);
2298 
2299  /* Pick any missing introduction point(s). */
2300  if (num_intro_points < service->config.num_intro_points) {
2301  unsigned int num_new_intro_points = pick_needed_intro_points(service,
2302  desc);
2303  if (num_new_intro_points != 0) {
2304  log_info(LD_REND, "Service %s just picked %u intro points and wanted "
2305  "%u for %s descriptor. It currently has %d intro "
2306  "points. Launching ESTABLISH_INTRO circuit shortly.",
2307  safe_str_client(service->onion_address),
2308  num_new_intro_points,
2309  service->config.num_intro_points - num_intro_points,
2310  (desc == service->desc_current) ? "current" : "next",
2311  num_intro_points);
2312  /* We'll build those introduction point into the descriptor once we have
2313  * confirmation that the circuits are opened and ready. However,
2314  * indicate that this descriptor should be uploaded from now on. */
2315  service_desc_schedule_upload(desc, now, 1);
2316  }
2317  /* Were we able to pick all the intro points we needed? If not, we'll
2318  * flag the descriptor that it's missing intro points because it
2319  * couldn't pick enough which will trigger a descriptor upload. */
2320  if ((num_new_intro_points + num_intro_points) <
2321  service->config.num_intro_points) {
2322  desc->missing_intro_points = 1;
2323  }
2324  }
2325 }
2326 
2327 /** Update descriptor intro points for each service if needed. We do this as
2328  * part of the periodic event because we need to establish intro point circuits
2329  * before we publish descriptors. */
2330 STATIC void
2332 {
2333  FOR_EACH_SERVICE_BEGIN(service) {
2334  /* We'll try to update each descriptor that is if certain conditions apply
2335  * in order for the descriptor to be updated. */
2336  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2337  update_service_descriptor_intro_points(service, desc, now);
2338  } FOR_EACH_DESCRIPTOR_END;
2339  } FOR_EACH_SERVICE_END;
2340 }
2341 
2342 /** Return true iff the given intro point has expired that is it has been used
2343  * for too long or we've reached our max seen INTRODUCE2 cell. */
2344 STATIC int
2346  time_t now)
2347 {
2348  tor_assert(ip);
2349 
2350  if (ip->introduce2_count >= ip->introduce2_max) {
2351  goto expired;
2352  }
2353 
2354  if (ip->time_to_expire <= now) {
2355  goto expired;
2356  }
2357 
2358  /* Not expiring. */
2359  return 0;
2360  expired:
2361  return 1;
2362 }
2363 
2364 /** Return true iff we should remove the intro point ip from its service.
2365  *
2366  * We remove an intro point from the service descriptor list if one of
2367  * these criteria is met:
2368  * - It has expired (either in INTRO2 count or in time).
2369  * - No node was found (fell off the consensus).
2370  * - We are over the maximum amount of retries.
2371  *
2372  * If an established or pending circuit is found for the given ip object, this
2373  * return false indicating it should not be removed. */
2374 static bool
2376 {
2377  bool ret = false;
2378 
2379  tor_assert(ip);
2380 
2381  /* Any one of the following needs to be True to fulfill the criteria to
2382  * remove an intro point. */
2383  bool has_no_retries = (ip->circuit_retries >
2385  bool has_no_node = (get_node_from_intro_point(ip) == NULL);
2386  bool has_expired = intro_point_should_expire(ip, now);
2387 
2388  /* If the node fell off the consensus or the IP has expired, we have to
2389  * remove it now. */
2390  if (has_no_node || has_expired) {
2391  ret = true;
2392  goto end;
2393  }
2394 
2395  /* Pass this point, even though we might be over the retry limit, we check
2396  * if a circuit (established or pending) exists. In that case, we should not
2397  * remove it because it might simply be valid and opened at the previous
2398  * scheduled event for the last retry. */
2399 
2400  /* Do we simply have an existing circuit regardless of its state? */
2402  goto end;
2403  }
2404 
2405  /* Getting here means we have _no_ circuits so then return if we have any
2406  * remaining retries. */
2407  ret = has_no_retries;
2408 
2409  end:
2410  /* Meaningful log in case we are about to remove the IP. */
2411  if (ret) {
2412  log_info(LD_REND, "Intro point %s%s (retried: %u times). "
2413  "Removing it.",
2415  has_expired ? " has expired" :
2416  (has_no_node) ? " fell off the consensus" : "",
2417  ip->circuit_retries);
2418  }
2419  return ret;
2420 }
2421 
2422 /** Go over the given set of intro points for each service and remove any
2423  * invalid ones.
2424  *
2425  * If an intro point is removed, the circuit (if any) is immediately close.
2426  * If a circuit can't be found, the intro point is kept if it hasn't reached
2427  * its maximum circuit retry value and thus should be retried. */
2428 static void
2429 cleanup_intro_points(hs_service_t *service, time_t now)
2430 {
2431  /* List of intro points to close. We can't mark the intro circuits for close
2432  * in the modify loop because doing so calls back into the HS subsystem and
2433  * we need to keep that code path outside of the service/desc loop so those
2434  * maps don't get modified during the close making us in a possible
2435  * use-after-free situation. */
2436  smartlist_t *ips_to_free = smartlist_new();
2437 
2438  tor_assert(service);
2439 
2440  /* For both descriptors, cleanup the intro points. */
2441  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2442  /* Go over the current intro points we have, make sure they are still
2443  * valid and remove any of them that aren't. */
2444  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2445  hs_service_intro_point_t *, ip) {
2446  if (should_remove_intro_point(ip, now)) {
2447  /* We've retried too many times, remember it as a failed intro point
2448  * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2449  if (ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
2451  }
2452 
2453  /* Remove intro point from descriptor map and add it to the list of
2454  * ips to free for which we'll also try to close the intro circuit. */
2455  MAP_DEL_CURRENT(key);
2456  smartlist_add(ips_to_free, ip);
2457  }
2458  } DIGEST256MAP_FOREACH_END;
2459  } FOR_EACH_DESCRIPTOR_END;
2460 
2461  /* Go over the intro points to free and close their circuit if any. */
2463  /* See if we need to close the intro point circuit as well */
2464 
2465  /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2466  * open until a new descriptor is uploaded and then closed all expiring
2467  * intro point circuit. Here, we close immediately and because we just
2468  * discarded the intro point, a new one will be selected, a new descriptor
2469  * created and uploaded. There is no difference to an attacker between the
2470  * timing of a new consensus and intro point rotation (possibly?). */
2472  if (ocirc && !TO_CIRCUIT(ocirc)->marked_for_close) {
2473  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2474  }
2475 
2476  /* Cleanup the intro point */
2477  service_intro_point_free(ip);
2478  } SMARTLIST_FOREACH_END(ip);
2479 
2480  smartlist_free(ips_to_free);
2481 }
2482 
2483 /** Set the next rotation time of the descriptors for the given service for the
2484  * time now. */
2485 static void
2487 {
2488  tor_assert(service);
2489 
2490  service->state.next_rotation_time =
2493 
2494  {
2495  char fmt_time[ISO_TIME_LEN + 1];
2496  format_local_iso_time(fmt_time, service->state.next_rotation_time);
2497  log_info(LD_REND, "Next descriptor rotation time set to %s for %s",
2498  fmt_time, safe_str_client(service->onion_address));
2499  }
2500 }
2501 
2502 /** Return true iff the service should rotate its descriptor. The time now is
2503  * only used to fetch the live consensus and if none can be found, this
2504  * returns false. */
2505 static unsigned int
2507 {
2508  const networkstatus_t *ns;
2509 
2510  tor_assert(service);
2511 
2513  if (ns == NULL) {
2514  goto no_rotation;
2515  }
2516 
2517  if (ns->valid_after >= service->state.next_rotation_time) {
2518  /* In theory, we should never get here with no descriptors. We can never
2519  * have a NULL current descriptor except when tor starts up. The next
2520  * descriptor can be NULL after a rotation but we build a new one right
2521  * after.
2522  *
2523  * So, when tor starts, the next rotation time is set to the start of the
2524  * next SRV period using the consensus valid after time so it should
2525  * always be set to a future time value. This means that we should never
2526  * reach this point at bootup that is this check safeguards tor in never
2527  * allowing a rotation if the valid after time is smaller than the next
2528  * rotation time.
2529  *
2530  * This is all good in theory but we've had a NULL descriptor issue here
2531  * so this is why we BUG() on both with extra logging to try to understand
2532  * how this can possibly happens. We'll simply ignore and tor should
2533  * recover from this by skipping rotation and building the missing
2534  * descriptors just after this. */
2535  if (BUG(service->desc_current == NULL || service->desc_next == NULL)) {
2536  log_warn(LD_BUG, "Service descriptor is NULL (%p/%p). Next rotation "
2537  "time is %ld (now: %ld). Valid after time from "
2538  "consensus is %ld",
2539  service->desc_current, service->desc_next,
2540  (long)service->state.next_rotation_time,
2541  (long)now,
2542  (long)ns->valid_after);
2543  goto no_rotation;
2544  }
2545  goto rotation;
2546  }
2547 
2548  no_rotation:
2549  return 0;
2550  rotation:
2551  return 1;
2552 }
2553 
2554 /** Rotate the service descriptors of the given service. The current descriptor
2555  * will be freed, the next one put in as the current and finally the next
2556  * descriptor pointer is NULLified. */
2557 static void
2559 {
2560  if (service->desc_current) {
2561  /* Close all IP circuits for the descriptor. */
2563  /* We don't need this one anymore, we won't serve any clients coming with
2564  * this service descriptor. */
2565  service_descriptor_free(service->desc_current);
2566  }
2567  /* The next one become the current one and emptying the next will trigger
2568  * a descriptor creation for it. */
2569  service->desc_current = service->desc_next;
2570  service->desc_next = NULL;
2571 
2572  /* We've just rotated, set the next time for the rotation. */
2573  set_rotation_time(service);
2574 }
2575 
2576 /** Rotate descriptors for each service if needed. A non existing current
2577  * descriptor will trigger a descriptor build for the next time period. */
2578 STATIC void
2580 {
2581  /* XXX We rotate all our service descriptors at once. In the future it might
2582  * be wise, to rotate service descriptors independently to hide that all
2583  * those descriptors are on the same tor instance */
2584 
2585  FOR_EACH_SERVICE_BEGIN(service) {
2586 
2587  /* Note for a service booting up: Both descriptors are NULL in that case
2588  * so this function might return true if we are in the timeframe for a
2589  * rotation leading to basically swapping two NULL pointers which is
2590  * harmless. However, the side effect is that triggering a rotation will
2591  * update the service state and avoid doing anymore rotations after the
2592  * two descriptors have been built. */
2593  if (!should_rotate_descriptors(service, now)) {
2594  continue;
2595  }
2596 
2597  log_info(LD_REND, "Time to rotate our descriptors (%p / %p) for %s",
2598  service->desc_current, service->desc_next,
2599  safe_str_client(service->onion_address));
2600 
2601  rotate_service_descriptors(service);
2602  } FOR_EACH_SERVICE_END;
2603 }
2604 
2605 /** Scheduled event run from the main loop. Make sure all our services are up
2606  * to date and ready for the other scheduled events. This includes looking at
2607  * the introduction points status and descriptor rotation time. */
2608 STATIC void
2610 {
2611  /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2612  * simply moving things around or removing unneeded elements. */
2613 
2614  FOR_EACH_SERVICE_BEGIN(service) {
2615 
2616  /* If the service is starting off, set the rotation time. We can't do that
2617  * at configure time because the get_options() needs to be set for setting
2618  * that time that uses the voting interval. */
2619  if (service->state.next_rotation_time == 0) {
2620  /* Set the next rotation time of the descriptors. If it's Oct 25th
2621  * 23:47:00, the next rotation time is when the next SRV is computed
2622  * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2623  set_rotation_time(service);
2624  }
2625 
2626  /* Cleanup invalid intro points from the service descriptor. */
2627  cleanup_intro_points(service, now);
2628 
2629  /* Remove expired failing intro point from the descriptor failed list. We
2630  * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2631  remove_expired_failing_intro(service, now);
2632 
2633  /* At this point, the service is now ready to go through the scheduled
2634  * events guaranteeing a valid state. Intro points might be missing from
2635  * the descriptors after the cleanup but the update/build process will
2636  * make sure we pick those missing ones. */
2637  } FOR_EACH_SERVICE_END;
2638 }
2639 
2640 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2641  * date. Once this returns, each service descriptor needs to be considered for
2642  * new introduction circuits and then for upload. */
2643 static void
2645 {
2646  /* For v2 services, this step happens in the upload event. */
2647 
2648  /* Run v3+ events. */
2649  /* We start by rotating the descriptors only if needed. */
2651 
2652  /* Then, we'll try to build new descriptors that we might need. The
2653  * condition is that the next descriptor is non existing because it has
2654  * been rotated or we just started up. */
2655  build_all_descriptors(now);
2656 
2657  /* Finally, we'll check if we should update the descriptors' intro
2658  * points. Missing introduction points will be picked in this function which
2659  * is useful for newly built descriptors. */
2661 }
2662 
2663 /** For the given service, launch any intro point circuits that could be
2664  * needed. This considers every descriptor of the service. */
2665 static void
2667 {
2668  tor_assert(service);
2669 
2670  /* For both descriptors, try to launch any missing introduction point
2671  * circuits using the current map. */
2672  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2673  /* Keep a ref on if we need a direct connection. We use this often. */
2674  bool direct_conn = service->config.is_single_onion;
2675 
2676  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2677  hs_service_intro_point_t *, ip) {
2678  extend_info_t *ei;
2679 
2680  /* Skip the intro point that already has an existing circuit
2681  * (established or not). */
2683  continue;
2684  }
2685  ei = get_extend_info_from_intro_point(ip, direct_conn);
2686 
2687  /* If we can't connect directly to the intro point, get an extend_info
2688  * for a multi-hop path instead. */
2689  if (ei == NULL && direct_conn) {
2690  direct_conn = false;
2692  }
2693 
2694  if (ei == NULL) {
2695  /* This is possible if we can get a node_t but not the extend info out
2696  * of it. In this case, we remove the intro point and a new one will
2697  * be picked at the next main loop callback. */
2698  MAP_DEL_CURRENT(key);
2699  service_intro_point_free(ip);
2700  continue;
2701  }
2702 
2703  /* Launch a circuit to the intro point. */
2704  ip->circuit_retries++;
2705  if (hs_circ_launch_intro_point(service, ip, ei, direct_conn) < 0) {
2706  log_info(LD_REND, "Unable to launch intro circuit to node %s "
2707  "for service %s.",
2708  safe_str_client(extend_info_describe(ei)),
2709  safe_str_client(service->onion_address));
2710  /* Intro point will be retried if possible after this. */
2711  }
2712  extend_info_free(ei);
2713  } DIGEST256MAP_FOREACH_END;
2714  } FOR_EACH_DESCRIPTOR_END;
2715 }
2716 
2717 /** Don't try to build more than this many circuits before giving up for a
2718  * while. Dynamically calculated based on the configured number of intro
2719  * points for the given service and how many descriptor exists. The default
2720  * use case of 3 introduction points and two descriptors will allow 28
2721  * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2722 static unsigned int
2724 {
2725  unsigned int count = 0;
2726  unsigned int multiplier = 0;
2727  unsigned int num_wanted_ip;
2728 
2729  tor_assert(service);
2730  tor_assert(service->config.num_intro_points <=
2731  HS_CONFIG_V3_MAX_INTRO_POINTS);
2732 
2733 /** For a testing network, allow to do it for the maximum amount so circuit
2734  * creation and rotation and so on can actually be tested without limit. */
2735 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2736  if (get_options()->TestingTorNetwork) {
2737  return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
2738  }
2739 
2740  num_wanted_ip = service->config.num_intro_points;
2741 
2742  /* The calculation is as follow. We have a number of intro points that we
2743  * want configured as a torrc option (num_intro_points). We then add an
2744  * extra value so we can launch multiple circuits at once and pick the
2745  * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2746  * pick 5 intros and launch 5 circuits. */
2747  count += (num_wanted_ip + get_intro_point_num_extra());
2748 
2749  /* Then we add the number of retries that is possible to do for each intro
2750  * point. If we want 3 intros, we'll allow 3 times the number of possible
2751  * retry. */
2752  count += (num_wanted_ip * MAX_INTRO_POINT_CIRCUIT_RETRIES);
2753 
2754  /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2755  * have none. */
2756  multiplier += (service->desc_current) ? 1 : 0;
2757  multiplier += (service->desc_next) ? 1 : 0;
2758 
2759  return (count * multiplier);
2760 }
2761 
2762 /** For the given service, return 1 if the service is allowed to launch more
2763  * introduction circuits else 0 if the maximum has been reached for the retry
2764  * period of INTRO_CIRC_RETRY_PERIOD. */
2765 STATIC int
2767 {
2768  tor_assert(service);
2769 
2770  /* Consider the intro circuit retry period of the service. */
2771  if (now > (service->state.intro_circ_retry_started_time +
2773  service->state.intro_circ_retry_started_time = now;
2774  service->state.num_intro_circ_launched = 0;
2775  goto allow;
2776  }
2777  /* Check if we can still launch more circuits in this period. */
2778  if (service->state.num_intro_circ_launched <=
2779  get_max_intro_circ_per_period(service)) {
2780  goto allow;
2781  }
2782 
2783  /* Rate limit log that we've reached our circuit creation limit. */
2784  {
2785  char *msg;
2786  time_t elapsed_time = now - service->state.intro_circ_retry_started_time;
2787  static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD);
2788  if ((msg = rate_limit_log(&rlimit, now))) {
2789  log_info(LD_REND, "Hidden service %s exceeded its circuit launch limit "
2790  "of %u per %d seconds. It launched %u circuits in "
2791  "the last %ld seconds. Will retry in %ld seconds.",
2792  safe_str_client(service->onion_address),
2795  service->state.num_intro_circ_launched,
2796  (long int) elapsed_time,
2797  (long int) (INTRO_CIRC_RETRY_PERIOD - elapsed_time));
2798  tor_free(msg);
2799  }
2800  }
2801 
2802  /* Not allow. */
2803  return 0;
2804  allow:
2805  return 1;
2806 }
2807 
2808 /** Scheduled event run from the main loop. Make sure we have all the circuits
2809  * we need for each service. */
2810 static void
2812 {
2813  /* Make sure we can actually have enough information or able to build
2814  * internal circuits as required by services. */
2815  if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN ||
2817  return;
2818  }
2819 
2820  /* Run v2 check. */
2821  if (rend_num_services() > 0) {
2823  }
2824 
2825  /* Run v3+ check. */
2826  FOR_EACH_SERVICE_BEGIN(service) {
2827  /* For introduction circuit, we need to make sure we don't stress too much
2828  * circuit creation so make sure this service is respecting that limit. */
2829  if (can_service_launch_intro_circuit(service, now)) {
2830  /* Launch intro point circuits if needed. */
2831  launch_intro_point_circuits(service);
2832  /* Once the circuits have opened, we'll make sure to update the
2833  * descriptor intro point list and cleanup any extraneous. */
2834  }
2835  } FOR_EACH_SERVICE_END;
2836 }
2837 
2838 /** Encode and sign the service descriptor desc and upload it to the given
2839  * hidden service directory. This does nothing if PublishHidServDescriptors
2840  * is false. */
2841 static void
2843  hs_service_descriptor_t *desc, const node_t *hsdir)
2844 {
2845  char *encoded_desc = NULL;
2846 
2847  tor_assert(service);
2848  tor_assert(desc);
2849  tor_assert(hsdir);
2850 
2851  /* Let's avoid doing that if tor is configured to not publish. */
2852  if (!get_options()->PublishHidServDescriptors) {
2853  log_info(LD_REND, "Service %s not publishing descriptor. "
2854  "PublishHidServDescriptors is set to 0.",
2855  safe_str_client(service->onion_address));
2856  goto end;
2857  }
2858 
2859  /* First of all, we'll encode the descriptor. This should NEVER fail but
2860  * just in case, let's make sure we have an actual usable descriptor. */
2861  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2862  &encoded_desc) < 0)) {
2863  goto end;
2864  }
2865 
2866  /* Time to upload the descriptor to the directory. */
2867  hs_service_upload_desc_to_dir(encoded_desc, service->config.version,
2868  &service->keys.identity_pk,
2869  &desc->blinded_kp.pubkey, hsdir->rs);
2870 
2871  /* Add this node to previous_hsdirs list */
2872  service_desc_note_upload(desc, hsdir);
2873 
2874  /* Logging so we know where it was sent. */
2875  {
2876  int is_next_desc = (service->desc_next == desc);
2877  const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.store_second:
2878  hsdir->hsdir_index.store_first;
2879  char *blinded_pubkey_log_str =
2880  tor_strdup(hex_str((char*)&desc->blinded_kp.pubkey.pubkey, 32));
2881  /* This log message is used by Chutney as part of its bootstrap
2882  * detection mechanism. Please don't change without first checking
2883  * Chutney. */
2884  log_info(LD_REND, "Service %s %s descriptor of revision %" PRIu64
2885  " initiated upload request to %s with index %s (%s)",
2886  safe_str_client(service->onion_address),
2887  (is_next_desc) ? "next" : "current",
2889  safe_str_client(node_describe(hsdir)),
2890  safe_str_client(hex_str((const char *) idx, 32)),
2891  safe_str_client(blinded_pubkey_log_str));
2892  tor_free(blinded_pubkey_log_str);
2893 
2894  /* Fire a UPLOAD control port event. */
2896  &desc->blinded_kp.pubkey, idx);
2897  }
2898 
2899  end:
2900  tor_free(encoded_desc);
2901  return;
2902 }
2903 
2904 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2905  * timestamp using an OPE scheme and using the ciphertext as our revision
2906  * counter.
2907  *
2908  * If <b>is_current</b> is true, then this is the current HS descriptor,
2909  * otherwise it's the next one. */
2910 static void
2912  bool is_current)
2913 {
2914  uint64_t rev_counter = 0;
2915 
2916  /* Get current time */
2917  time_t srv_start = 0;
2918 
2919  /* As our revision counter plaintext value, we use the seconds since the
2920  * start of the SR protocol run that is relevant to this descriptor. This is
2921  * guaranteed to be a positive value since we need the SRV to start making a
2922  * descriptor (so that we know where to upload it).
2923  *
2924  * Depending on whether we are building the current or the next descriptor,
2925  * services use a different SRV value. See [SERVICEUPLOAD] in
2926  * rend-spec-v3.txt:
2927  *
2928  * In particular, for the current descriptor (aka first descriptor), Tor
2929  * always uses the previous SRV for uploading the descriptor, and hence we
2930  * should use the start time of the previous protocol run here.
2931  *
2932  * Whereas for the next descriptor (aka second descriptor), Tor always uses
2933  * the current SRV for uploading the descriptor. and hence we use the start
2934  * time of the current protocol run.
2935  */
2936  if (is_current) {
2938  } else {
2940  }
2941 
2942  log_info(LD_REND, "Setting rev counter for TP #%u: "
2943  "SRV started at %d, now %d (%s)",
2944  (unsigned) hs_desc->time_period_num, (int)srv_start,
2945  (int)now, is_current ? "current" : "next");
2946 
2947  tor_assert_nonfatal(now >= srv_start);
2948 
2949  /* Compute seconds elapsed since the start of the time period. That's the
2950  * number of seconds of how long this blinded key has been active. */
2951  time_t seconds_since_start_of_srv = now - srv_start;
2952 
2953  /* Increment by one so that we are definitely sure this is strictly
2954  * positive and not zero. */
2955  seconds_since_start_of_srv++;
2956 
2957  /* Check for too big inputs. */
2958  if (BUG(seconds_since_start_of_srv > OPE_INPUT_MAX)) {
2959  seconds_since_start_of_srv = OPE_INPUT_MAX;
2960  }
2961 
2962  /* Now we compute the final revision counter value by encrypting the
2963  plaintext using our OPE cipher: */
2964  tor_assert(hs_desc->ope_cipher);
2965  rev_counter = crypto_ope_encrypt(hs_desc->ope_cipher,
2966  (int) seconds_since_start_of_srv);
2967 
2968  /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2969  tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
2970 
2971  log_info(LD_REND, "Encrypted revision counter %d to %" PRIu64,
2972  (int) seconds_since_start_of_srv, rev_counter);
2973 
2974  hs_desc->desc->plaintext_data.revision_counter = rev_counter;
2975 }
2976 
2977 /** Encode and sign the service descriptor desc and upload it to the
2978  * responsible hidden service directories. If for_next_period is true, the set
2979  * of directories are selected using the next hsdir_index. This does nothing
2980  * if PublishHidServDescriptors is false. */
2981 STATIC void
2984 {
2985  smartlist_t *responsible_dirs = NULL;
2986 
2987  tor_assert(service);
2988  tor_assert(desc);
2989 
2990  /* We'll first cancel any directory request that are ongoing for this
2991  * descriptor. It is possible that we can trigger multiple uploads in a
2992  * short time frame which can lead to a race where the second upload arrives
2993  * before the first one leading to a 400 malformed descriptor response from
2994  * the directory. Closing all pending requests avoids that. */
2995  close_directory_connections(service, desc);
2996 
2997  /* Get our list of responsible HSDir. */
2998  responsible_dirs = smartlist_new();
2999  /* The parameter 0 means that we aren't a client so tell the function to use
3000  * the spread store consensus parameter. */
3002  service->desc_next == desc, 0, responsible_dirs);
3003 
3004  /** Clear list of previous hsdirs since we are about to upload to a new
3005  * list. Let's keep it up to date. */
3007 
3008  /* For each responsible HSDir we have, initiate an upload command. */
3009  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *,
3010  hsdir_rs) {
3011  const node_t *hsdir_node = node_get_by_id(hsdir_rs->identity_digest);
3012  /* Getting responsible hsdir implies that the node_t object exists for the
3013  * routerstatus_t found in the consensus else we have a problem. */
3014  tor_assert(hsdir_node);
3015  /* Upload this descriptor to the chosen directory. */
3016  upload_descriptor_to_hsdir(service, desc, hsdir_node);
3017  } SMARTLIST_FOREACH_END(hsdir_rs);
3018 
3019  /* Set the next upload time for this descriptor. Even if we are configured
3020  * to not upload, we still want to follow the right cycle of life for this
3021  * descriptor. */
3022  desc->next_upload_time =
3025  {
3026  char fmt_next_time[ISO_TIME_LEN+1];
3027  format_local_iso_time(fmt_next_time, desc->next_upload_time);
3028  log_debug(LD_REND, "Service %s set to upload a descriptor at %s",
3029  safe_str_client(service->onion_address), fmt_next_time);
3030  }
3031 
3032  smartlist_free(responsible_dirs);
3033  return;
3034 }
3035 
3036 /** The set of HSDirs have changed: check if the change affects our descriptor
3037  * HSDir placement, and if it does, reupload the desc. */
3038 STATIC int
3040  const hs_service_descriptor_t *desc)
3041 {
3042  int should_reupload = 0;
3043  smartlist_t *responsible_dirs = smartlist_new();
3044 
3045  /* No desc upload has happened yet: it will happen eventually */
3046  if (!desc->previous_hsdirs || !smartlist_len(desc->previous_hsdirs)) {
3047  goto done;
3048  }
3049 
3050  /* Get list of responsible hsdirs */
3052  service->desc_next == desc, 0, responsible_dirs);
3053 
3054  /* Check if any new hsdirs have been added to the responsible hsdirs set:
3055  * Iterate over the list of new hsdirs, and reupload if any of them is not
3056  * present in the list of previous hsdirs.
3057  */
3058  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *, hsdir_rs) {
3059  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
3060  digest_to_base64(b64_digest, hsdir_rs->identity_digest);
3061 
3062  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
3063  should_reupload = 1;
3064  break;
3065  }
3066  } SMARTLIST_FOREACH_END(hsdir_rs);
3067 
3068  done:
3069  smartlist_free(responsible_dirs);
3070 
3071  return should_reupload;
3072 }
3073 
3074 /** These are all the reasons why a descriptor upload can't occur. We use
3075  * those to log the reason properly with the right rate limiting and for the
3076  * right descriptor. */
3077 typedef enum {
3078  LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3079  LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3080  LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3081  LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3082  LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3084 
3085 /** Maximum number of reasons. This is used to allocate the static array of
3086  * all rate limiting objects. */
3087 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3088 
3089 /** Log the reason why we can't upload the given descriptor for the given
3090  * service. This takes a message string (allocated by the caller) and a
3091  * reason.
3092  *
3093  * Depending on the reason and descriptor, different rate limit applies. This
3094  * is done because this function will basically be called every second. Each
3095  * descriptor for each reason uses its own log rate limit object in order to
3096  * avoid message suppression for different reasons and descriptors. */
3097 static void
3099  const hs_service_descriptor_t *desc, const char *msg,
3100  const log_desc_upload_reason_t reason)
3101 {
3102  /* Writing the log every minute shouldn't be too annoying for log rate limit
3103  * since this can be emitted every second for each descriptor.
3104  *
3105  * However, for one specific case, we increase it to 10 minutes because it
3106  * is hit constantly, as an expected behavior, which is the reason
3107  * indicating that it is not the time to upload. */
3108  static ratelim_t limits[2][LOG_DESC_UPLOAD_REASON_MAX + 1] =
3109  { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3110  RATELIM_INIT(60), RATELIM_INIT(60) },
3111  { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3112  RATELIM_INIT(60), RATELIM_INIT(60) },
3113  };
3114  bool is_next_desc = false;
3115  unsigned int rlim_pos = 0;
3116  ratelim_t *rlim = NULL;
3117 
3118  tor_assert(service);
3119  tor_assert(desc);
3120  tor_assert(msg);
3121 
3122  /* Make sure the reason value is valid. It should never happen because we
3123  * control that value in the code flow but will be apparent during
3124  * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3125  * updated. */
3126  if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX)) {
3127  return;
3128  }
3129 
3130  /* Ease our life. Flag that tells us if the descriptor is the next one. */
3131  is_next_desc = (service->desc_next == desc);
3132 
3133  /* Current descriptor is the first element in the ratelimit object array.
3134  * The next descriptor is the second element. */
3135  rlim_pos = (is_next_desc ? 1 : 0);
3136  /* Get the ratelimit object for the reason _and_ right descriptor. */
3137  rlim = &limits[rlim_pos][reason];
3138 
3140  "Service %s can't upload its %s descriptor: %s",
3141  safe_str_client(service->onion_address),
3142  (is_next_desc) ? "next" : "current", msg);
3143 }
3144 
3145 /** Return 1 if the given descriptor from the given service can be uploaded
3146  * else return 0 if it can not. */
3147 static int
3149  const hs_service_descriptor_t *desc, time_t now)
3150 {
3151  char *msg = NULL;
3152  unsigned int num_intro_points, count_ip_established;
3153 
3154  tor_assert(service);
3155  tor_assert(desc);
3156 
3157  /* If this descriptors has missing intro points that is that it couldn't get
3158  * them all when it was time to pick them, it means that we should upload
3159  * instead of waiting an arbitrary amount of time breaking the service.
3160  * Else, if we have no missing intro points, we use the value taken from the
3161  * service configuration. */
3162  if (desc->missing_intro_points) {
3163  num_intro_points = digest256map_size(desc->intro_points.map);
3164  } else {
3165  num_intro_points = service->config.num_intro_points;
3166  }
3167 
3168  /* This means we tried to pick intro points but couldn't get any so do not
3169  * upload descriptor in this case. We need at least one for the service to
3170  * be reachable. */
3171  if (desc->missing_intro_points && num_intro_points == 0) {
3172  msg = tor_strdup("Missing intro points");
3173  log_cant_upload_desc(service, desc, msg,
3174  LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3175  goto cannot;
3176  }
3177 
3178  /* Check if all our introduction circuit have been established for all the
3179  * intro points we have selected. */
3180  count_ip_established = count_desc_circuit_established(desc);
3181  if (count_ip_established != num_intro_points) {
3182  tor_asprintf(&msg, "Intro circuits aren't yet all established (%d/%d).",
3183  count_ip_established, num_intro_points);
3184  log_cant_upload_desc(service, desc, msg,
3185  LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3186  goto cannot;
3187  }
3188 
3189  /* Is it the right time to upload? */
3190  if (desc->next_upload_time > now) {
3191  tor_asprintf(&msg, "Next upload time is %ld, it is now %ld.",
3192  (long int) desc->next_upload_time, (long int) now);
3193  log_cant_upload_desc(service, desc, msg,
3194  LOG_DESC_UPLOAD_REASON_NOT_TIME);
3195  goto cannot;
3196  }
3197 
3198  /* Don't upload desc if we don't have a live consensus */
3200  msg = tor_strdup("No live consensus");
3201  log_cant_upload_desc(service, desc, msg,
3202  LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3203  goto cannot;
3204  }
3205 
3206  /* Do we know enough router descriptors to have adequate vision of the HSDir
3207  hash ring? */
3209  msg = tor_strdup("Not enough directory information");
3210  log_cant_upload_desc(service, desc, msg,
3211  LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3212  goto cannot;
3213  }
3214 
3215  /* Can upload! */
3216  return 1;
3217 
3218  cannot:
3219  tor_free(msg);
3220  return 0;
3221 }
3222 
3223 /** Refresh the given service descriptor meaning this will update every mutable
3224  * field that needs to be updated before we upload.
3225  *
3226  * This should ONLY be called before uploading a descriptor. It assumes that
3227  * the descriptor has been built (desc->desc) and that all intro point
3228  * circuits have been established. */
3229 static void
3231  hs_service_descriptor_t *desc, time_t now)
3232 {
3233  /* There are few fields that we consider "mutable" in the descriptor meaning
3234  * we need to update them regularly over the lifetime for the descriptor.
3235  * The rest are set once and should not be modified.
3236  *
3237  * - Signing key certificate.
3238  * - Revision counter.
3239  * - Introduction points which includes many thing. See
3240  * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3241  */
3242 
3243  /* Create the signing key certificate. */
3244  build_desc_signing_key_cert(desc, now);
3245 
3246  /* Build the intro points descriptor section. The refresh step is just
3247  * before we upload so all circuits have been properly established. */
3248  build_desc_intro_points(service, desc, now);
3249 
3250  /* Set the desc revision counter right before uploading */
3251  set_descriptor_revision_counter(desc, now, service->desc_current == desc);
3252 }
3253 
3254 /** Scheduled event run from the main loop. Try to upload the descriptor for
3255  * each service. */
3256 STATIC void
3258 {
3259  /* v2 services use the same function for descriptor creation and upload so
3260  * we do everything here because the intro circuits were checked before. */
3261  if (rend_num_services() > 0) {
3264  }
3265 
3266  /* Run v3+ check. */
3267  FOR_EACH_SERVICE_BEGIN(service) {
3268  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
3269  /* If we were asked to re-examine the hash ring, and it changed, then
3270  schedule an upload */
3272  service_desc_hsdirs_changed(service, desc)) {
3273  service_desc_schedule_upload(desc, now, 0);
3274  }
3275 
3276  /* Can this descriptor be uploaded? */
3277  if (!should_service_upload_descriptor(service, desc, now)) {
3278  continue;
3279  }
3280 
3281  log_info(LD_REND, "Initiating upload for hidden service %s descriptor "
3282  "for service %s with %u/%u introduction points%s.",
3283  (desc == service->desc_current) ? "current" : "next",
3284  safe_str_client(service->onion_address),
3285  digest256map_size(desc->intro_points.map),
3286  service->config.num_intro_points,
3287  (desc->missing_intro_points) ? " (couldn't pick more)" : "");
3288 
3289  /* We are about to upload so we need to do one last step which is to
3290  * update the service's descriptor mutable fields in order to upload a
3291  * coherent descriptor. */
3292  refresh_service_descriptor(service, desc, now);
3293 
3294  /* Proceed with the upload, the descriptor is ready to be encoded. */
3295  upload_descriptor_to_all(service, desc);
3296  } FOR_EACH_DESCRIPTOR_END;
3297  } FOR_EACH_SERVICE_END;
3298 
3299  /* We are done considering whether to republish rend descriptors */
3301 }
3302 
3303 /** Called when the introduction point circuit is done building and ready to be
3304  * used. */
3305 static void
3307 {
3308  hs_service_t *service = NULL;
3309  hs_service_intro_point_t *ip = NULL;
3310  hs_service_descriptor_t *desc = NULL;
3311 
3312  tor_assert(circ);
3313 
3314  /* Let's do some basic sanity checking of the circ state */
3315  if (BUG(!circ->cpath)) {
3316  return;
3317  }
3318  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
3319  return;
3320  }
3321  if (BUG(!circ->hs_ident)) {
3322  return;
3323  }
3324 
3325  /* Get the corresponding service and intro point. */
3326  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3327 
3328  if (service == NULL) {
3329  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3330  "circuit %u. Can't find onion service.",
3331  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3332  TO_CIRCUIT(circ)->n_circ_id);
3333  goto err;
3334  }
3335  if (ip == NULL) {
3336  log_warn(LD_REND, "Unknown introduction point auth key on circuit %u "
3337  "for service %s",
3338  TO_CIRCUIT(circ)->n_circ_id,
3339  safe_str_client(service->onion_address));
3340  goto err;
3341  }
3342  /* We can't have an IP object without a descriptor. */
3343  tor_assert(desc);
3344 
3345  if (hs_circ_service_intro_has_opened(service, ip, desc, circ)) {
3346  /* Getting here means that the circuit has been re-purposed because we
3347  * have enough intro circuit opened. Remove the IP from the service. */
3348  service_intro_point_remove(service, ip);
3349  service_intro_point_free(ip);
3350  }
3351 
3352  goto done;
3353 
3354  err:
3355  /* Close circuit, we can't use it. */
3356  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3357  done:
3358  return;
3359 }
3360 
3361 /** Called when a rendezvous circuit is done building and ready to be used. */
3362 static void
3364 {
3365  hs_service_t *service = NULL;
3366 
3367  tor_assert(circ);
3368  tor_assert(circ->cpath);
3369  /* Getting here means this is a v3 rendezvous circuit. */
3370  tor_assert(circ->hs_ident);
3372 
3373  /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3374  * timestamp regardless of its content because that circuit could have been
3375  * cannibalized so in any cases, we are about to use that circuit more. */
3376  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3378 
3379  /* Get the corresponding service and intro point. */
3380  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3381  if (service == NULL) {
3382  log_warn(LD_REND, "Unknown service identity key %s on the rendezvous "
3383  "circuit %u with cookie %s. Can't find onion service.",
3384  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3385  TO_CIRCUIT(circ)->n_circ_id,
3386  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
3387  REND_COOKIE_LEN));
3388  goto err;
3389  }
3390 
3391  /* If the cell can't be sent, the circuit will be closed within this
3392  * function. */
3393  hs_circ_service_rp_has_opened(service, circ);
3394 
3395  /* Update metrics that we have an established rendezvous circuit. It is not
3396  * entirely true until the client receives the RENDEZVOUS2 cell and starts
3397  * sending but if that circuit collapes, we'll decrement the counter thus it
3398  * will even out the metric. */
3399  if (TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
3401  }
3402 
3403  goto done;
3404 
3405  err:
3406  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3407  done:
3408  return;
3409 }
3410 
3411 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3412  * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3413  * introduction circuit. Return 0 on success else a negative value. */
3414 static int
3416  const uint8_t *payload,
3417  size_t payload_len)
3418 {
3419  hs_service_t *service = NULL;
3420  hs_service_intro_point_t *ip = NULL;
3421 
3422  tor_assert(circ);
3423  tor_assert(payload);
3425 
3426  /* We need the service and intro point for this cell. */
3427  get_objects_from_ident(circ->hs_ident, &service, &ip, NULL);
3428 
3429  /* Get service object from the circuit identifier. */
3430  if (service == NULL) {
3431  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3432  "circuit %u. Can't find onion service.",
3433  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3434  TO_CIRCUIT(circ)->n_circ_id);
3435  goto err;
3436  }
3437  if (ip == NULL) {
3438  /* We don't recognize the key. */
3439  log_warn(LD_REND, "Introduction circuit established without an intro "
3440  "point object on circuit %u for service %s",
3441  TO_CIRCUIT(circ)->n_circ_id,
3442  safe_str_client(service->onion_address));
3443  goto err;
3444  }
3445 
3446  /* Try to parse the payload into a cell making sure we do actually have a
3447  * valid cell. On success, the ip object and circuit purpose is updated to
3448  * reflect the fact that the introduction circuit is established. */
3449  if (hs_circ_handle_intro_established(service, ip, circ, payload,
3450  payload_len) < 0) {
3451  goto err;
3452  }
3453 
3454  /* Update metrics. */
3456 
3457  log_info(LD_REND, "Successfully received an INTRO_ESTABLISHED cell "
3458  "on circuit %u for service %s",
3459  TO_CIRCUIT(circ)->n_circ_id,
3460  safe_str_client(service->onion_address));
3461  return 0;
3462 
3463  err:
3464  return -1;
3465 }
3466 
3467 /** We just received an INTRODUCE2 cell on the established introduction circuit
3468  * circ. Handle the cell and return 0 on success else a negative value. */
3469 static int
3470 service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3471  size_t payload_len)
3472 {
3473  hs_service_t *service = NULL;
3474  hs_service_intro_point_t *ip = NULL;
3475  hs_service_descriptor_t *desc = NULL;
3476 
3477  tor_assert(circ);
3478  tor_assert(payload);
3479  tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
3480 
3481  /* We'll need every object associated with this circuit. */
3482  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3483 
3484  /* Get service object from the circuit identifier. */
3485  if (service == NULL) {
3486  log_warn(LD_BUG, "Unknown service identity key %s when handling "
3487  "an INTRODUCE2 cell on circuit %u",
3488  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3489  TO_CIRCUIT(circ)->n_circ_id);
3490  goto err;
3491  }
3492  if (ip == NULL) {
3493  /* We don't recognize the key. */
3494  log_warn(LD_BUG, "Unknown introduction auth key when handling "
3495  "an INTRODUCE2 cell on circuit %u for service %s",
3496  TO_CIRCUIT(circ)->n_circ_id,
3497  safe_str_client(service->onion_address));
3498  goto err;
3499  }
3500  /* If we have an IP object, we MUST have a descriptor object. */
3501  tor_assert(desc);
3502 
3503  /* The following will parse, decode and launch the rendezvous point circuit.
3504  * Both current and legacy cells are handled. */
3505  if (hs_circ_handle_introduce2(service, circ, ip, &desc->desc->subcredential,
3506  payload, payload_len) < 0) {
3507  goto err;
3508  }
3509  /* Update metrics that a new introduction was successful. */
3510  hs_metrics_new_introduction(service);
3511 
3512  return 0;
3513  err:
3514  return -1;
3515 }
3516 
3517 /** Add to list every filename used by service. This is used by the sandbox
3518  * subsystem. */
3519 static void
3521 {
3522  const char *s_dir;
3523  char fname[128] = {0};
3524 
3525  tor_assert(service);
3526  tor_assert(list);
3527 
3528  /* Ease our life. */
3529  s_dir = service->config.directory_path;
3530  /* The hostname file. */
3531  smartlist_add(list, hs_path_from_filename(s_dir, fname_hostname));
3532  /* The key files split in two. */
3533  tor_snprintf(fname, sizeof(fname), "%s_secret_key", fname_keyfile_prefix);
3534  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3535  tor_snprintf(fname, sizeof(fname), "%s_public_key", fname_keyfile_prefix);
3536  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3537 }
3538 
3539 /** Return true iff the given service identity key is present on disk. */
3540 static int
3541 service_key_on_disk(const char *directory_path)
3542 {
3543  int ret = 0;
3544  char *fname;
3545  ed25519_keypair_t *kp = NULL;
3546 
3547  tor_assert(directory_path);
3548 
3549  /* Build the v3 key path name and then try to load it. */
3550  fname = hs_path_from_filename(directory_path, fname_keyfile_prefix);
3551  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT,
3552  LOG_DEBUG, NULL, 0, 0, 0, NULL, NULL);
3553  if (kp) {
3554  ret = 1;
3555  }
3556 
3557  ed25519_keypair_free(kp);
3558  tor_free(fname);
3559 
3560  return ret;
3561 }
3562 
3563 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3564  * because we need some preprocessing here */
3565 static int
3567  const hs_service_descriptor_t *desc,
3568  const ed25519_keypair_t *signing_kp,
3569  char **encoded_out)
3570 {
3571  int ret;
3572  const uint8_t *descriptor_cookie = NULL;
3573 
3574  tor_assert(service);
3575  tor_assert(desc);
3576  tor_assert(encoded_out);
3577 
3578  /* If the client authorization is enabled, send the descriptor cookie to
3579  * hs_desc_encode_descriptor. Otherwise, send NULL */
3580  if (service->config.is_client_auth_enabled) {
3581  descriptor_cookie = desc->descriptor_cookie;
3582  }
3583 
3584  ret = hs_desc_encode_descriptor(desc->desc, signing_kp,
3585  descriptor_cookie, encoded_out);
3586 
3587  return ret;
3588 }
3589 
3590 /* ========== */
3591 /* Public API */
3592 /* ========== */
3593 
3594 /** Called when a circuit was just cleaned up. This is done right before the
3595  * circuit is marked for close. */
3596 void
3598 {
3599  tor_assert(circ);
3601 
3602  switch (circ->purpose) {
3604  /* About to close an established introduction circuit. Update the metrics
3605  * to reflect how many we have at the moment. */
3607  &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3608  break;
3610  /* About to close an established rendezvous circuit. Update the metrics to
3611  * reflect how many we have at the moment. */
3613  &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3614  break;
3615  default:
3616  break;
3617  }
3618 }
3619 
3620 /** This is called every time the service map (v2 or v3) changes that is if an
3621  * element is added or removed. */
3622 void
3624 {
3625  /* If we now have services where previously we had not, we need to enable
3626  * the HS service main loop event. If we changed to having no services, we
3627  * need to disable the event. */
3629 }
3630 
3631 /** Upload an encoded descriptor in encoded_desc of the given version. This
3632  * descriptor is for the service identity_pk and blinded_pk used to setup the
3633  * directory connection identifier. It is uploaded to the directory hsdir_rs
3634  * routerstatus_t object.
3635  *
3636  * NOTE: This function does NOT check for PublishHidServDescriptors because it
3637  * is only used by the control port command HSPOST outside of this subsystem.
3638  * Inside this code, upload_descriptor_to_hsdir() should be used. */
3639 void
3640 hs_service_upload_desc_to_dir(const char *encoded_desc,
3641  const uint8_t version,
3642  const ed25519_public_key_t *identity_pk,
3643  const ed25519_public_key_t *blinded_pk,
3644  const routerstatus_t *hsdir_rs)
3645 {
3646  char version_str[4] = {0};
3647  directory_request_t *dir_req;
3648  hs_ident_dir_conn_t ident;
3649 
3650  tor_assert(encoded_desc);
3651  tor_assert(identity_pk);
3652  tor_assert(blinded_pk);
3653  tor_assert(hsdir_rs);
3654 
3655  /* Setup the connection identifier. */
3656  memset(&ident, 0, sizeof(ident));
3657  hs_ident_dir_conn_init(identity_pk, blinded_pk, &ident);
3658 
3659  /* This is our resource when uploading which is used to construct the URL
3660  * with the version number: "/tor/hs/<version>/publish". */
3661  tor_snprintf(version_str, sizeof(version_str), "%u", version);
3662 
3663  /* Build the directory request for this HSDir. */
3665  directory_request_set_routerstatus(dir_req, hsdir_rs);
3667  directory_request_set_resource(dir_req, version_str);
3668  directory_request_set_payload(dir_req, encoded_desc,
3669  strlen(encoded_desc));
3670  /* The ident object is copied over the directory connection object once
3671  * the directory request is initiated. */
3672  directory_request_upload_set_hs_ident(dir_req, &ident);
3673 
3674  /* Initiate the directory request to the hsdir.*/
3675  directory_initiate_request(dir_req);
3676  directory_request_free(dir_req);
3677 }
3678 
3679 /** Add the ephemeral service using the secret key sk and ports. Both max
3680  * streams parameter will be set in the newly created service.
3681  *
3682  * Ownership of sk and ports is passed to this routine. Regardless of
3683  * success/failure, callers should not touch these values after calling this
3684  * routine, and may assume that correct cleanup has been done on failure.
3685  *
3686  * Return an appropriate hs_service_add_ephemeral_status_t. */
3689  int max_streams_per_rdv_circuit,
3690  int max_streams_close_circuit, char **address_out)
3691 {
3693  hs_service_t *service = NULL;
3694 
3695  tor_assert(sk);
3696  tor_assert(ports);
3697  tor_assert(address_out);
3698 
3699  service = hs_service_new(get_options());
3700 
3701  /* Setup the service configuration with specifics. A default service is
3702  * HS_VERSION_TWO so explicitly set it. */
3703  service->config.version = HS_VERSION_THREE;
3704  service->config.max_streams_per_rdv_circuit = max_streams_per_rdv_circuit;
3705  service->config.max_streams_close_circuit = !!max_streams_close_circuit;
3706  service->config.is_ephemeral = 1;
3707  smartlist_free(service->config.ports);
3708  service->config.ports = ports;
3709 
3710  /* Handle the keys. */
3711  memcpy(&service->keys.identity_sk, sk, sizeof(service->keys.identity_sk));
3713  &service->keys.identity_sk) < 0) {
3714  log_warn(LD_CONFIG, "Unable to generate ed25519 public key"
3715  "for v3 service.");
3716  ret = RSAE_BADPRIVKEY;
3717  goto err;
3718  }
3719 
3720  if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
3721  log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
3722  ret = RSAE_BADPRIVKEY;
3723  goto err;
3724  }
3725 
3726  /* Make sure we have at least one port. */
3727  if (smartlist_len(service->config.ports) == 0) {
3728  log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
3729  "for v3 service.");
3730  ret = RSAE_BADVIRTPORT;
3731  goto err;
3732  }
3733 
3734  /* Build the onion address for logging purposes but also the control port
3735  * uses it for the HS_DESC event. */
3736  hs_build_address(&service->keys.identity_pk,
3737  (uint8_t) service->config.version,
3738  service->onion_address);
3739 
3740  /* The only way the registration can fail is if the service public key
3741  * already exists. */
3742  if (BUG(register_service(hs_service_map, service) < 0)) {
3743  log_warn(LD_CONFIG, "Onion Service private key collides with an "
3744  "existing v3 service.");
3745  ret = RSAE_ADDREXISTS;
3746  goto err;
3747  }
3748 
3749  log_info(LD_CONFIG, "Added ephemeral v3 onion service: %s",
3750  safe_str_client(service->onion_address));
3751 
3752  *address_out = tor_strdup(service->onion_address);
3753  ret = RSAE_OKAY;
3754  goto end;
3755 
3756  err:
3757  hs_service_free(service);
3758 
3759  end:
3760  memwipe(sk, 0, sizeof(ed25519_secret_key_t));
3761  tor_free(sk);
3762  return ret;
3763 }
3764 
3765 /** For the given onion address, delete the ephemeral service. Return 0 on
3766  * success else -1 on error. */
3767 int
3768 hs_service_del_ephemeral(const char *address)
3769 {
3770  uint8_t version;
3772  hs_service_t *service = NULL;
3773 
3774  tor_assert(address);
3775 
3776  if (hs_parse_address(address, &pk, NULL, &version) < 0) {
3777  log_warn(LD_CONFIG, "Requested malformed v3 onion address for removal.");
3778  goto err;
3779  }
3780 
3781  if (version != HS_VERSION_THREE) {
3782  log_warn(LD_CONFIG, "Requested version of onion address for removal "
3783  "is not supported.");
3784  goto err;
3785  }
3786 
3787  service = find_service(hs_service_map, &pk);
3788  if (service == NULL) {
3789  log_warn(LD_CONFIG, "Requested non-existent v3 hidden service for "
3790  "removal.");
3791  goto err;
3792  }
3793 
3794  if (!service->config.is_ephemeral) {
3795  log_warn(LD_CONFIG, "Requested non-ephemeral v3 hidden service for "
3796  "removal.");
3797  goto err;
3798  }
3799 
3800  /* Close introduction circuits, remove from map and finally free. Notice
3801  * that the rendezvous circuits aren't closed in order for any existing
3802  * connections to finish. We let the application terminate them. */
3804  remove_service(hs_service_map, service);
3805  hs_service_free(service);
3806 
3807  log_info(LD_CONFIG, "Removed ephemeral v3 hidden service: %s",
3808  safe_str_client(address));
3809  return 0;
3810 
3811  err:
3812  return -1;
3813 }
3814 
3815 /** Using the ed25519 public key pk, find a service for that key and return the
3816  * current encoded descriptor as a newly allocated string or NULL if not
3817  * found. This is used by the control port subsystem. */
3818 char *
3820 {
3821  const hs_service_t *service;
3822 
3823  tor_assert(pk);
3824 
3825  service = find_service(hs_service_map, pk);
3826  if (service && service->desc_current) {
3827  char *encoded_desc = NULL;
3828  /* No matter what is the result (which should never be a failure), return
3829  * the encoded variable, if success it will contain the right thing else
3830  * it will be NULL. */
3831  service_encode_descriptor(service,
3832  service->desc_current,
3833  &service->desc_current->signing_kp,
3834  &encoded_desc);
3835  return encoded_desc;
3836  }
3837 
3838  return NULL;
3839 }
3840 
3841 /** Return the number of service we have configured and usable. */
3842 MOCK_IMPL(unsigned int,
3844 {
3845  if (hs_service_map == NULL) {
3846  return 0;
3847  }
3848  return HT_SIZE(hs_service_map);
3849 }
3850 
3851 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3852  * the hidden service for the circuit circ, and look up the port and address
3853  * based on the connection port. Assign the actual connection address.
3854  *
3855  * Return 0 on success. Return -1 on failure and the caller should NOT close
3856  * the circuit. Return -2 on failure and the caller MUST close the circuit for
3857  * security reasons. */
3858 int
3860  edge_connection_t *conn)
3861 {
3862  hs_service_t *service = NULL;
3863 
3864  tor_assert(circ);
3865  tor_assert(conn);
3867  tor_assert(circ->hs_ident);
3868 
3869  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3870 
3871  if (service == NULL) {
3872  log_warn(LD_REND, "Unable to find any hidden service associated "
3873  "identity key %s on rendezvous circuit %u.",
3874  ed25519_fmt(&circ->hs_ident->identity_pk),
3875  TO_CIRCUIT(circ)->n_circ_id);
3876  /* We want the caller to close the circuit because it's not a valid
3877  * service so no danger. Attempting to bruteforce the entire key space by
3878  * opening circuits to learn which service is being hosted here is
3879  * impractical. */
3880  goto err_close;
3881  }
3882 
3883  /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3884  * this circuit will exceed the limit. */
3885  if (service->config.max_streams_per_rdv_circuit > 0 &&
3886  (circ->hs_ident->num_rdv_streams >=
3887  service->config.max_streams_per_rdv_circuit)) {
3888 #define MAX_STREAM_WARN_INTERVAL 600
3889  static struct ratelim_t stream_ratelim =
3890  RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
3891  log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
3892  "Maximum streams per circuit limit reached on "
3893  "rendezvous circuit %u for service %s. Circuit has "
3894  "%" PRIu64 " out of %" PRIu64 " streams. %s.",
3895  TO_CIRCUIT(circ)->n_circ_id,
3896  service->onion_address,
3897  circ->hs_ident->num_rdv_streams,
3900  "Closing circuit" : "Ignoring open stream request");
3901  if (service->config.max_streams_close_circuit) {
3902  /* Service explicitly configured to close immediately. */
3903  goto err_close;
3904  }
3905  /* Exceeding the limit makes tor silently ignore the stream creation
3906  * request and keep the circuit open. */
3907  goto err_no_close;
3908  }
3909 
3910  /* Find a virtual port of that service matching the one in the connection if
3911  * successful, set the address in the connection. */
3912  if (hs_set_conn_addr_port(service->config.ports, conn) < 0) {
3913  log_info(LD_REND, "No virtual port mapping exists for port %d for "
3914  "hidden service %s.",
3915  TO_CONN(conn)->port, service->onion_address);
3916  if (service->config.allow_unknown_ports) {
3917  /* Service explicitly allow connection to unknown ports so close right
3918  * away because we do not care about port mapping. */
3919  goto err_close;
3920  }
3921  /* If the service didn't explicitly allow it, we do NOT close the circuit
3922  * here to raise the bar in terms of performance for port mapping. */
3923  goto err_no_close;
3924  }
3925 
3926  /* Success. */
3927  return 0;
3928  err_close:
3929  /* Indicate the caller that the circuit should be closed. */
3930  return -2;
3931  err_no_close:
3932  /* Indicate the caller to NOT close the circuit. */
3933  return -1;
3934 }
3935 
3936 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
3937  * its clients? */
3940 {
3941  hs_service_t *service = find_service(hs_service_map, pk);
3942  if (!service) {
3944  }
3945 
3946  return service->config.circuit_id_protocol;
3947 }
3948 
3949 /** Add to file_list every filename used by a configured hidden service, and to
3950  * dir_list every directory path used by a configured hidden service. This is
3951  * used by the sandbox subsystem to allowlist those. */
3952 void
3954  smartlist_t *dir_list)
3955 {
3956  tor_assert(file_list);
3957  tor_assert(dir_list);
3958 
3959  /* Add files and dirs for legacy services. */
3960  rend_services_add_filenames_to_lists(file_list, dir_list);
3961 
3962  /* Add files and dirs for v3+. */
3963  FOR_EACH_SERVICE_BEGIN(service) {
3964  /* Skip ephemeral service, they don't touch the disk. */
3965  if (service->config.is_ephemeral) {
3966  continue;
3967  }
3968  service_add_fnames_to_list(service, file_list);
3969  smartlist_add_strdup(dir_list, service->config.directory_path);
3970  smartlist_add_strdup(dir_list, dname_client_pubkeys);
3971  } FOR_EACH_DESCRIPTOR_END;
3972 }
3973 
3974 /** Called when our internal view of the directory has changed. We might have
3975  * received a new batch of descriptors which might affect the shape of the
3976  * HSDir hash ring. Signal that we should reexamine the hash ring and
3977  * re-upload our HS descriptors if needed. */
3978 void
3980 {
3981  if (hs_service_get_num_services() > 0) {
3982  /* New directory information usually goes every consensus so rate limit
3983  * every 30 minutes to not be too conservative. */
3984  static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
3985  log_fn_ratelim(&dir_info_changed_ratelim, LOG_INFO, LD_REND,
3986  "New dirinfo arrived: consider reuploading descriptor");
3988  }
3989 }
3990 
3991 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
3992  * launch a circuit to the rendezvous point. */
3993 int
3994 hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3995  size_t payload_len)
3996 {
3997  int ret = -1;
3998 
3999  tor_assert(circ);
4000  tor_assert(payload);
4001 
4002  /* Do some initial validation and logging before we parse the cell */
4003  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_INTRO) {
4004  log_warn(LD_PROTOCOL, "Received an INTRODUCE2 cell on a "
4005  "non introduction circuit of purpose %d",
4006  TO_CIRCUIT(circ)->purpose);
4007  goto done;
4008  }
4009 
4010  if (circ->hs_ident) {
4011  ret = service_handle_introduce2(circ, payload, payload_len);
4013  } else {
4014  ret = rend_service_receive_introduction(circ, payload, payload_len);
4016  }
4017 
4018  done:
4019  return ret;
4020 }
4021 
4022 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
4023  * established introduction point. Return 0 on success else a negative value
4024  * and the circuit is closed. */
4025 int
4027  const uint8_t *payload,
4028  size_t payload_len)
4029 {
4030  int ret = -1;
4031 
4032  tor_assert(circ);
4033  tor_assert(payload);
4034 
4035  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
4036  log_warn(LD_PROTOCOL, "Received an INTRO_ESTABLISHED cell on a "
4037  "non introduction circuit of purpose %d",
4038  TO_CIRCUIT(circ)->purpose);
4039  goto err;
4040  }
4041 
4042  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
4043  * identifier hs_ident. Can't be both. */
4044  if (circ->hs_ident) {
4045  ret = service_handle_intro_established(circ, payload, payload_len);
4046  } else {
4047  ret = rend_service_intro_established(circ, payload, payload_len);
4048  }
4049 
4050  if (ret < 0) {
4051  goto err;
4052  }
4053  return 0;
4054  err:
4055  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4056  return -1;
4057 }
4058 
4059 /** Called when any kind of hidden service circuit is done building thus
4060  * opened. This is the entry point from the circuit subsystem. */
4061 void
4063 {
4064  tor_assert(circ);
4065 
4066  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
4067  * identifier hs_ident. Can't be both. */
4068  switch (TO_CIRCUIT(circ)->purpose) {
4070  if (circ->hs_ident) {
4072  } else {
4074  }
4075  break;
4077  if (circ->hs_ident) {
4079  } else {
4081  }
4082  break;
4083  default:
4084  tor_assert(0);
4085  }
4086 }
4087 
4088 /** Return the service version by looking at the key in the service directory.
4089  * If the key is not found or unrecognized, -1 is returned. Else, the service
4090  * version is returned. */
4091 int
4093 {
4094  int version = -1; /* Unknown version. */
4095  const char *directory_path;
4096 
4097  tor_assert(service);
4098 
4099  /* We'll try to load the key for version 3. If not found, we'll try version
4100  * 2 and if not found, we'll send back an unknown version (-1). */
4101  directory_path = service->config.directory_path;
4102 
4103  /* Version 3 check. */
4104  if (service_key_on_disk(directory_path)) {
4105  version = HS_VERSION_THREE;
4106  goto end;
4107  }
4108  /* Version 2 check. */
4109  if (rend_service_key_on_disk(directory_path)) {
4110  version = HS_VERSION_TWO;
4111  goto end;
4112  }
4113 
4114  end:
4115  return version;
4116 }
4117 
4118 /** Load and/or generate keys for all onion services including the client
4119  * authorization if any. Return 0 on success, -1 on failure. */
4120 int
4122 {
4123  /* Load v2 service keys if we have v2. */
4124  if (rend_num_services() != 0) {
4125  if (rend_service_load_all_keys(NULL) < 0) {
4126  goto err;
4127  }
4128  }
4129 
4130  /* Load or/and generate them for v3+. */
4132  /* Ignore ephemeral service, they already have their keys set. */
4133  if (service->config.is_ephemeral) {
4134  continue;
4135  }
4136  log_info(LD_REND, "Loading v3 onion service keys from %s",
4137  service_escaped_dir(service));
4138  if (load_service_keys(service) < 0) {
4139  goto err;
4140  }
4141  } SMARTLIST_FOREACH_END(service);
4142 
4143  /* Final step, the staging list contains service in a quiescent state that
4144  * is ready to be used. Register them to the global map. Once this is over,
4145  * the staging list will be cleaned up. */
4147 
4148  /* All keys have been loaded successfully. */
4149  return 0;
4150  err:
4151  return -1;
4152 }
4153 
4154 /** Log the status of introduction points for all version 3 onion services
4155  * at log severity <b>severity</b>.
4156  */
4157 void
4159 {
4160  origin_circuit_t *circ;
4161 
4163 
4164  tor_log(severity, LD_GENERAL, "Service configured in %s:",
4165  service_escaped_dir(hs));
4166  FOR_EACH_DESCRIPTOR_BEGIN(hs, desc) {
4167 
4168  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
4169  hs_service_intro_point_t *, ip) {
4170  const node_t *intro_node;
4171  const char *nickname;
4172 
4173  intro_node = get_node_from_intro_point(ip);
4174  if (!intro_node) {
4175  tor_log(severity, LD_GENERAL, " Couldn't find intro point, "
4176  "skipping");
4177  continue;
4178  }
4179  nickname = node_get_nickname(intro_node);
4180  if (!nickname) {
4181  continue;
4182  }
4183 
4184  circ = hs_circ_service_get_intro_circ(ip);
4185  if (!circ) {
4186  tor_log(severity, LD_GENERAL, " Intro point at %s: no circuit",
4187  nickname);
4188  continue;
4189  }
4190  tor_log(severity, LD_GENERAL, " Intro point %s: circuit is %s",
4191  nickname, circuit_state_to_string(circ->base_.state));
4192  } DIGEST256MAP_FOREACH_END;
4193 
4194  } FOR_EACH_DESCRIPTOR_END;
4195  } FOR_EACH_SERVICE_END;
4196 }
4197 
4198 /** Put all service object in the given service list. After this, the caller
4199  * looses ownership of every elements in the list and responsible to free the
4200  * list pointer. */
4201 void
4203 {
4204  tor_assert(service_list);
4205  /* This list is freed at registration time but this function can be called
4206  * multiple time. */
4207  if (hs_service_staging_list == NULL) {
4209  }
4210  /* Add all service object to our staging list. Caller is responsible for
4211  * freeing the service_list. */
4213 }
4214 
4215 /** Return a newly allocated list of all the service's metrics store. */
4216 smartlist_t *
4218 {
4219  smartlist_t *list = smartlist_new();
4220 
4221  if (hs_service_map) {
4222  FOR_EACH_SERVICE_BEGIN(service) {
4223  smartlist_add(list, service->metrics.store);
4224  } FOR_EACH_SERVICE_END;
4225  }
4226 
4227  return list;
4228 }
4229 
4230 /** Lookup the global service map for the given identitiy public key and
4231  * return the service object if found, NULL if not. */
4232 hs_service_t *
4234 {
4235  tor_assert(identity_pk);
4236 
4237  if (!hs_service_map) {
4238  return NULL;
4239  }
4240  return find_service(hs_service_map, identity_pk);
4241 }
4242 
4243 /** Allocate and initialize a service object. The service configuration will
4244  * contain the default values. Return the newly allocated object pointer. This
4245  * function can't fail. */
4246 hs_service_t *
4248 {
4249  hs_service_t *service = tor_malloc_zero(sizeof(hs_service_t));
4250  /* Set default configuration value. */
4251  set_service_default_config(&service->config, options);
4252  /* Set the default service version. */
4254  /* Allocate the CLIENT_PK replay cache in service state. */
4255  service->state.replay_cache_rend_cookie =
4257 
4258  return service;
4259 }
4260 
4261 /** Free the given <b>service</b> object and all its content. This function
4262  * also takes care of wiping service keys from memory. It is safe to pass a
4263  * NULL pointer. */
4264 void
4266 {
4267  if (service == NULL) {
4268  return;
4269  }
4270 
4271  /* Free descriptors. Go over both descriptor with this loop. */
4272  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
4273  service_descriptor_free(desc);
4274  } FOR_EACH_DESCRIPTOR_END;
4275 
4276  /* Free service configuration. */
4277  service_clear_config(&service->config);
4278 
4279  /* Free replay cache from state. */
4280  if (service->state.replay_cache_rend_cookie) {
4282  }
4283 
4284  /* Free onionbalance subcredentials (if any) */
4285  if (service->state.ob_subcreds) {
4286  tor_free(service->state.ob_subcreds);
4287  }
4288 
4289  /* Free metrics object. */
4290  hs_metrics_service_free(service);
4291 
4292  /* Wipe service keys. */
4293  memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk));
4294 
4295  tor_free(service);
4296 }
4297 
4298 /** Periodic callback. Entry point from the main loop to the HS service
4299  * subsystem. This is call every second. This is skipped if tor can't build a
4300  * circuit or the network is disabled. */
4301 void
4303 {
4304  /* First thing we'll do here is to make sure our services are in a
4305  * quiescent state for the scheduled events. */
4307 
4308  /* Order matters here. We first make sure the descriptor object for each
4309  * service contains the latest data. Once done, we check if we need to open
4310  * new introduction circuit. Finally, we try to upload the descriptor for
4311  * each service. */
4312 
4313  /* Make sure descriptors are up to date. */
4315  /* Make sure services have enough circuits. */
4317  /* Upload the descriptors if needed/possible. */
4319 }
4320 
4321 /** Initialize the service HS subsystem. */
4322 void
4324 {
4325  /* Should never be called twice. */
4328 
4329  /* v2 specific. */
4330  rend_service_init();
4331 
4332  hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht));
4333  HT_INIT(hs_service_ht, hs_service_map);
4334 
4336 }
4337 
4338 /** Release all global storage of the hidden service subsystem. */
4339 void
4341 {
4343  service_free_all();
4345 }
4346 
4347 #ifdef TOR_UNIT_TESTS
4348 
4349 /** Return the global service map size. Only used by unit test. */
4350 STATIC unsigned int
4351 get_hs_service_map_size(void)
4352 {
4353  return HT_SIZE(hs_service_map);
4354 }
4355 
4356 /** Return the staging list size. Only used by unit test. */
4357 STATIC int
4358 get_hs_service_staging_list_size(void)
4359 {
4360  return smartlist_len(hs_service_staging_list);
4361 }
4362 
4363 STATIC hs_service_ht *
4364 get_hs_service_map(void)
4365 {
4366  return hs_service_map;
4367 }
4368 
4370 get_first_service(void)
4371 {
4372  hs_service_t **obj = HT_START(hs_service_ht, hs_service_map);
4373  if (obj == NULL) {
4374  return NULL;
4375  }
4376  return *obj;
4377 }
4378 
4379 #endif /* defined(TOR_UNIT_TESTS) */
client_filename_is_valid
STATIC int client_filename_is_valid(const char *filename)
Definition: hs_service.c:1099
intro_point_should_expire
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2345
hs_service_t::config
hs_service_config_t config
Definition: hs_service.h:316
crypto_rand_int_range
int crypto_rand_int_range(unsigned int min, unsigned int max)
Definition: crypto_rand_numeric.c:71
rotate_all_descriptors
STATIC void rotate_all_descriptors(time_t now)
Definition: hs_service.c:2579
hs_config_free_all
void hs_config_free_all(void)
Definition: hs_config.c:740
tor_free
#define tor_free(p)
Definition: malloc.h:52
hs_service.h
Header file containing service data for the HS subsystem.
CURVE25519_PUBKEY_LEN
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
LOG_DEBUG
#define LOG_DEBUG
Definition: log.h:42
close_service_rp_circuits
static void close_service_rp_circuits(hs_service_t *service)
Definition: hs_service.c:766
tor_free_
void tor_free_(void *mem)
Definition: malloc.c:227
smartlist_split_string
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Definition: smartlist_split.c:37
FOR_EACH_SERVICE_BEGIN
#define FOR_EACH_SERVICE_BEGIN(var)
Definition: hs_service.c:75
hs_service_intro_point_t::base
hs_intropoint_t base
Definition: hs_service.h:47
hex_str
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
parse_authorized_client
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
Definition: hs_service.c:1128
ht_free_service_
static int ht_free_service_(struct hs_service_t *service, void *data)
Definition: hs_service.c:389
circuit_t::purpose
uint8_t purpose
Definition: circuit_st.h:111
service_authorized_client_free_
STATIC void service_authorized_client_free_(hs_service_authorized_client_t *client)
Definition: hs_service.c:1305
HS_VERSION_TWO
#define HS_VERSION_TWO
Definition: hs_common.h:24
service_intro_point_free_void
static void service_intro_point_free_void(void *obj)
Definition: hs_service.c:438
move_hs_state
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
Definition: hs_service.c:882
INTRO_CIRC_RETRY_PERIOD
#define INTRO_CIRC_RETRY_PERIOD
Definition: hs_common.h:41
setup_desc_intro_point
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
Definition: hs_service.c:1578
service_authorized_client_dup
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
Definition: hs_service.c:1350
HS_DESC_CERT_LIFETIME
#define HS_DESC_CERT_LIFETIME
Definition: hs_descriptor.h:38
hs_service_receive_introduce2
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3994
refresh_service_descriptor
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3230
hs_ident.h
Header file containing circuit and connection identifier data for the whole HS subsystem.
close_directory_connections
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:732
memwipe
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
hs_service_staging_list
static smartlist_t * hs_service_staging_list
Definition: hs_service.c:106
smartlist_add_strdup
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
Definition: smartlist_core.c:137
upload_descriptor_to_hsdir
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2842
INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
Definition: or.h:1082
directory_initiate_request
void directory_initiate_request(directory_request_t *request)
Definition: dirclient.c:1235
hs_service_exports_circuit_id
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:3939
approx_time
time_t approx_time(void)
Definition: approx_time.c:32
ed25519_validate_pubkey
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:796
MOCK_IMPL
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
hs_circ_service_rp_has_opened
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
Definition: hs_circuit.c:875
hs_service_init
void hs_service_init(void)
Definition: hs_service.c:4323
crypto_ope_t
Definition: crypto_ope.c:41
hs_service_free_
void hs_service_free_(hs_service_t *service)
Definition: hs_service.c:4265
rend_service_load_all_keys
int rend_service_load_all_keys(const smartlist_t *service_list)
Definition: rendservice.c:1389
hs_ident_dir_conn_t::blinded_pk
ed25519_public_key_t blinded_pk
Definition: hs_ident.h:95
hs_service_t::desc_next
hs_service_descriptor_t * desc_next
Definition: hs_service.h:321
sr_state_get_start_time_of_previous_protocol_run
time_t sr_state_get_start_time_of_previous_protocol_run(void)
Definition: shared_random_client.c:284
hs_set_conn_addr_port
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:857
hs_desc_encrypted_data_t
Definition: hs_descriptor.h:158
DIGESTMAP_FOREACH_MODIFY
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
Definition: map.h:165
hs_service_intropoints_t
Definition: hs_service.h:93
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
hs_desc_intro_point_t::link_specifiers
smartlist_t * link_specifiers
Definition: hs_descriptor.h:102
crypto_ope.h
header for crypto_ope.c
CONN_TYPE_DIR
#define CONN_TYPE_DIR
Definition: connection.h:55
crypto_pk_new
crypto_pk_t * crypto_pk_new(void)
Definition: crypto_rsa_nss.c:165
LD_BUG
#define LD_BUG
Definition: log.h:86
ed25519_keypair_generate
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
Definition: crypto_ed25519.c:214
ed25519_pubkey_eq
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Definition: crypto_ed25519.c:642
ed_key_init_from_file
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Definition: loadkey.c:379
hs_get_next_time_period_num
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:305
hs_ident_circuit_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
rend_service_port_config_t
Definition: hs_common.h:153
fast_mem_is_zero
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
get_node_from_intro_point
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:668
circuituse.h
Header file for circuituse.c.
HS_CIRCUIT_ID_PROTOCOL_NONE
@ HS_CIRCUIT_ID_PROTOCOL_NONE
Definition: hs_service.h:196
close_intro_circuits
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
Definition: hs_service.c:796
count_desc_circuit_established
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
Definition: hs_service.c:715
MAX_INTRO_POINT_CIRCUIT_RETRIES
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
Definition: or.h:1103
LD_GENERAL
#define LD_GENERAL
Definition: log.h:62
INTRO_POINT_LIFETIME_MAX_SECONDS
#define INTRO_POINT_LIFETIME_MAX_SECONDS
Definition: or.h:1098
hs_in_period_between_tp_and_srv
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:1107
base16_encode
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
DIGESTMAP_FOREACH_END
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
DIR_PURPOSE_UPLOAD_HSDESC
#define DIR_PURPOSE_UPLOAD_HSDESC
Definition: directory.h:73
service_desc_note_upload
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2255
loadkey.h
Header file for loadkey.c.
crypto_pk_dup_key
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Definition: crypto_rsa_nss.c:351
describe.h
Header file for describe.c.
hs_service_receive_intro_established
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:4026
hs_metrics_new_established_intro
#define hs_metrics_new_established_intro(s)
Definition: hs_metrics.h:62
hs_service_add_ephemeral
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, char **address_out)
Definition: hs_service.c:3688
get_max_intro_circ_per_period
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
Definition: hs_service.c:2723
smartlist_add_all
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
Definition: smartlist_core.c:125
HS_SERVICE_NEXT_UPLOAD_TIME_MIN
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
Definition: hs_service.h:34
hs_desc_build_fake_authorized_client
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
Definition: hs_descriptor.c:2865
pathbias_count_use_attempt
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
get_extend_info_from_intro_point
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
Definition: hs_service.c:688
build_service_desc_encrypted
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1732
node_get_by_id
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
service_encode_descriptor
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
Definition: hs_service.c:3566
hs_service_config_t::has_dos_defense_enabled
unsigned int has_dos_defense_enabled
Definition: hs_service.h:259
networkstatus_get_live_consensus
networkstatus_t * networkstatus_get_live_consensus(time_t now)
Definition: networkstatus.c:1416
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
hs_descriptor_t::plaintext_data
hs_desc_plaintext_data_t plaintext_data
Definition: hs_descriptor.h:228
hs_service_ht_hash
static unsigned int hs_service_ht_hash(const hs_service_t *service)
Definition: hs_service.c:140
run_housekeeping_event
STATIC void run_housekeeping_event(time_t now)
Definition: hs_service.c:2609
hs_service_map_has_changed
void hs_service_map_has_changed(void)
Definition: hs_service.c:3623
hs_service_descriptor_t::previous_hsdirs
smartlist_t * previous_hsdirs
Definition: hs_service.h:173
hs_desc_plaintext_data_t::version
uint32_t version
Definition: hs_descriptor.h:196
replaycache_new
replaycache_t * replaycache_new(time_t horizon, time_t interval)
Definition: replaycache.c:47
LOG_DESC_UPLOAD_REASON_MAX
#define LOG_DESC_UPLOAD_REASON_MAX
Definition: hs_service.c:3087
hs_desc_plaintext_data_t::signing_pubkey
ed25519_public_key_t signing_pubkey
Definition: hs_descriptor.h:207
service_clear_config
STATIC void service_clear_config(hs_service_config_t *config)
Definition: hs_service.c:259
hs_service_del_ephemeral
int hs_service_del_ephemeral(const char *address)
Definition: hs_service.c:3768
ed25519_public_key_is_zero
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:227
routerstatus_t
Definition: routerstatus_st.h:19
ed25519_pubkey_copy
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
Definition: crypto_ed25519.c:654
hs_build_blinded_keypair
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:1071
HS_SERVICE_NEXT_UPLOAD_TIME_MAX
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
Definition: hs_service.h:36
hs_service_intropoints_t::map
digest256map_t * map
Definition: hs_service.h:104
close_service_circuits
static void close_service_circuits(hs_service_t *service)
Definition: hs_service.c:825
hs_build_address
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:1021
hs_service_config_t::ob_master_pubkeys
smartlist_t * ob_master_pubkeys
Definition: hs_service.h:265
hs_service_config_t::is_single_onion
unsigned int is_single_onion
Definition: hs_service.h:246
write_address_to_file
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
Definition: hs_service.c:982
HS_DESC_DEFAULT_LIFETIME
#define HS_DESC_DEFAULT_LIFETIME
Definition: hs_descriptor.h:29
hs_service_circuit_cleanup_on_close
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_service.c:3597
hs_service_state_t
Definition: hs_service.h:269
set_service_default_config
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
Definition: hs_service.c:237
service_handle_intro_established
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3415
ED25519_PUBKEY_LEN
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
hs_metrics_service_init
void hs_metrics_service_init(hs_service_t *service)
Definition: hs_metrics.c:148
crypto_digest_add_bytes
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
Definition: crypto_digest_nss.c:308
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
hs_desc_intro_point_t::auth_key_cert
tor_cert_t * auth_key_cert
Definition: hs_descriptor.h:111
hs_circ_service_get_intro_circ
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:666
crypto_digest_t
Definition: crypto_digest_nss.c:166
HS_SERVICE_DEFAULT_VERSION
#define HS_SERVICE_DEFAULT_VERSION
Definition: hs_service.h:30
hs_desc_superencrypted_data_t::clients
smartlist_t * clients
Definition: hs_descriptor.h:183
hs_service_config_t::dir_group_readable
unsigned int dir_group_readable
Definition: hs_service.h:250
tor_snprintf
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
CIRCUIT_IS_ORIGIN
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:148
hs_control_desc_event_upload
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Definition: hs_control.c:133
hs_service_find
hs_service_t * hs_service_find(const ed25519_public_key_t *identity_pk)
Definition: hs_service.c:4233
hs_service_descriptor_t::desc
hs_descriptor_t * desc
Definition: hs_service.h:155
statefile.h
Header for statefile.c.
hs_desc_encrypted_data_t::single_onion_service
unsigned int single_onion_service
Definition: hs_descriptor.h:168
strcmpend
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:251
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
hs_service_descriptor_t::auth_ephemeral_kp
curve25519_keypair_t auth_ephemeral_kp
Definition: hs_service.h:132
hs_metrics.h
Header for feature/hs/hs_metrics.c.
rend_consider_descriptor_republication
void rend_consider_descriptor_republication(void)
Definition: rendservice.c:4358
extend_info_describe
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:224
ed25519_public_key_generate
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
Definition: crypto_ed25519.c:202
hs_service_run_scheduled_events
void hs_service_run_scheduled_events(time_t now)
Definition: hs_service.c:4302
hs_circ_handle_introduce2
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:1022
hs_service_t::state
hs_service_state_t state
Definition: hs_service.h:310
hs_desc_intro_point_t::legacy
struct hs_desc_intro_point_t::@16 legacy
hs_desc_encrypted_data_t::intro_auth_types
smartlist_t * intro_auth_types
Definition: hs_descriptor.h:165
hs_service_descriptor_t::missing_intro_points
unsigned int missing_intro_points
Definition: hs_service.h:167
hs_circ_launch_intro_point
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
Definition: hs_circuit.c:747
base32_decode
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
hs_intropoint_t::link_specifiers
smartlist_t * link_specifiers
Definition: hs_intropoint.h:24
build_service_desc_plaintext
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1846
networkstatus.h
Header file for networkstatus.c.
hs_service_state_t::replay_cache_rend_cookie
replaycache_t * replay_cache_rend_cookie
Definition: hs_service.h:284
hsdir_index_t::store_first
uint8_t store_first[DIGEST256_LEN]
Definition: hsdir_index_st.h:24
should_service_upload_descriptor
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3148
ed25519_public_key_from_curve25519_public_key
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
Definition: crypto_ed25519.c:493
hs_service_intro_point_t::time_to_expire
time_t time_to_expire
Definition: hs_service.h:74
replaycache_free
#define replaycache_free(r)
Definition: replaycache.h:42
hs_service_set_conn_addr_port
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
Definition: hs_service.c:3859
ed25519_fmt
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
Definition: crypto_format.c:193
crypto_util.h
Common functions for cryptographic routines.
hs_service_add_ephemeral_status_t
hs_service_add_ephemeral_status_t
Definition: hs_common.h:142
rend_service_intro_established
int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
Definition: rendservice.c:3408
build_service_desc_keys
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1898
service_descriptor_free_
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
Definition: hs_service.c:1316
hs_service_config_t::directory_path
char * directory_path
Definition: hs_service.h:218
hs_intropoint_t::is_only_legacy
unsigned int is_only_legacy
Definition: hs_intropoint.h:19
remove_service
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:208
hs_service_stage_services
void hs_service_stage_services(const smartlist_t *service_list)
Definition: hs_service.c:4202
hs_service_intro_point_t::enc_key_kp
curve25519_keypair_t enc_key_kp
Definition: hs_service.h:58
circuitlist.h
Header file for circuitlist.c.
hs_desc_intro_point_t::enc_key
curve25519_public_key_t enc_key
Definition: hs_descriptor.h:114
mainloop.h
Header file for mainloop.c.
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
hs_ob_refresh_keys
void hs_ob_refresh_keys(hs_service_t *service)
Definition: hs_ob.c:365
launch_intro_point_circuits
static void launch_intro_point_circuits(hs_service_t *service)
Definition: hs_service.c:2666
build_desc_intro_points
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1667
hs_desc_superencrypted_data_t::auth_ephemeral_pubkey
curve25519_public_key_t auth_ephemeral_pubkey
Definition: hs_descriptor.h:179
hs_service_intro_point_t::support_intro2_dos_defense
unsigned int support_intro2_dos_defense
Definition: hs_service.h:89
hs_desc_plaintext_data_t::revision_counter
uint64_t revision_counter
Definition: hs_descriptor.h:216
rotate_service_descriptors
static void rotate_service_descriptors(hs_service_t *service)
Definition: hs_service.c:2558
rate_limit_log
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
hs_service_lists_fnames_for_sandbox
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
Definition: hs_service.c:3953
service_free_all
static void service_free_all(void)
Definition: hs_service.c:401
HS_DESC_AUTH_CLIENT_MULTIPLE
#define HS_DESC_AUTH_CLIENT_MULTIPLE
Definition: hs_descriptor.h:66
build_descriptors_for_new_service
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
Definition: hs_service.c:2021
crypto_format.h
Header for crypto_format.c.
RSAE_BADVIRTPORT
@ RSAE_BADVIRTPORT
Definition: hs_common.h:144
hs_service_authorized_client_t::client_pk
curve25519_public_key_t client_pk
Definition: hs_service.h:190
register_service
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:182
service_intro_point_find
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
Definition: hs_service.c:558
hs_intropoint_clear
void hs_intropoint_clear(hs_intropoint_t *ip)
Definition: hs_intropoint.c:815
rend_service_free_all
void rend_service_free_all(void)
Definition: rendservice.c:285
hs_descriptor_clear_intro_points
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
Definition: hs_descriptor.c:2947
hs_service_free_all
void hs_service_free_all(void)
Definition: hs_service.c:4340
hs_metrics_service_free
void hs_metrics_service_free(hs_service_t *service)
Definition: hs_metrics.c:164
hs_ident_circuit_t::intro_auth_pk
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
LD_FS
#define LD_FS
Definition: log.h:70
hs_get_previous_time_period_num
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:314
load_client_keys
static int load_client_keys(hs_service_t *service)
Definition: hs_service.c:1203
hs_path_from_filename
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:179
hs_service_config_t::is_client_auth_enabled
unsigned int is_client_auth_enabled
Definition: hs_service.h:234
service_intro_point_add
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
Definition: hs_service.c:525
hs_service_state_t::intro_circ_retry_started_time
time_t intro_circ_retry_started_time
Definition: hs_service.h:273
rend_service_receive_introduction
int rend_service_receive_introduction(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
Definition: rendservice.c:1881
rend_consider_services_intro_points
void rend_consider_services_intro_points(time_t now)
Definition: rendservice.c:4115
service_intro_point_free_
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
Definition: hs_service.c:422
service_add_fnames_to_list
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
Definition: hs_service.c:3520
service_authorized_client_cmp
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
Definition: hs_service.c:1370
node_t
Definition: node_st.h:34
origin_circuit_t
Definition: origin_circuit_st.h:79
directory_request_set_routerstatus
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
Definition: dirclient.c:1162
directory_request_set_payload
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
Definition: dirclient.c:1056
hs_ident_dir_conn_init
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Definition: hs_ident.c:69
hs_descriptor_t::superencrypted_data
hs_desc_superencrypted_data_t superencrypted_data
Definition: hs_descriptor.h:233
hs_service_upload_desc_to_dir
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
Definition: hs_service.c:3640
hs_stats.h
Header file for hs_stats.c.
generate_ope_cipher_for_desc
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
Definition: hs_service.c:1877
hs_desc_intro_point_t::key
crypto_pk_t * key
Definition: hs_descriptor.h:126
build_desc_signing_key_cert
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1703
service_intro_point_remove
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:540
NUM_INTRO_POINTS_DEFAULT
#define NUM_INTRO_POINTS_DEFAULT
Definition: hs_common.h:33
tor_cert_create_ed25519
tor_cert_t * tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:131
crypto_strongest_rand
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:340
compare_service_authorzized_client_
static int compare_service_authorzized_client_(const void **_a, const void **_b)
Definition: hs_service.c:1385
directory.h
Header file for directory.c.
register_all_services
static void register_all_services(void)
Definition: hs_service.c:915
crypto_pk_get_digest
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
extend_info_from_node
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
Definition: extendinfo.c:92
node_supports_ed25519_hs_intro
bool node_supports_ed25519_hs_intro(const node_t *node)
Definition: nodelist.c:1180
hs_desc_authorized_client_t
Definition: hs_descriptor.h:143
run_build_descriptor_event
static void run_build_descriptor_event(time_t now)
Definition: hs_service.c:2644
ed25519_public_key_t
Definition: crypto_ed25519.h:23
node_supports_establish_intro_dos_extension
bool node_supports_establish_intro_dos_extension(const node_t *node)
Definition: nodelist.c:1205
or_options_t::ExcludeNodes
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:120
hs_service_config_t::version
uint32_t version
Definition: hs_service.h:208
REND_COOKIE_LEN
#define REND_COOKIE_LEN
Definition: or.h:400
hs_service_intro_point_t::legacy_key_digest
uint8_t legacy_key_digest[DIGEST_LEN]
Definition: hs_service.h:65
hs_check_service_private_dir
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:201
LD_REND
#define LD_REND
Definition: log.h:84
escaped
const char * escaped(const char *s)
Definition: escape.c:126
hs_service_intro_point_t::introduce2_count
uint64_t introduce2_count
Definition: hs_service.h:68
hs_service_get_metrics_stores
smartlist_t * hs_service_get_metrics_stores(void)
Definition: hs_service.c:4217
hs_desc_intro_point_t::enc_key_cert
tor_cert_t * enc_key_cert
Definition: hs_descriptor.h:119
hs_circ_service_get_established_intro_circ
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:682
build_service_desc_superencrypted
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1763
hs_service_config_t
Definition: hs_service.h:205
hs_desc_plaintext_data_t::blinded_pubkey
ed25519_public_key_t blinded_pubkey
Definition: hs_descriptor.h:211
hs_circuit_id_protocol_t
hs_circuit_id_protocol_t
Definition: hs_service.h:194
log_cant_upload_desc
static void log_cant_upload_desc(const hs_service_t *service, const hs_service_descriptor_t *desc, const char *msg, const log_desc_upload_reason_t reason)
Definition: hs_service.c:3098
get_intro_point_min_introduce2
static int32_t get_intro_point_min_introduce2(void)
Definition: hs_service.c:319
crypto_ope_encrypt
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
Definition: crypto_ope.c:165
curve25519_keypair_generate
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
Definition: crypto_curve25519.c:190
hs_desc_plaintext_data_t
Definition: hs_descriptor.h:193
get_intro_point_min_lifetime
static int32_t get_intro_point_min_lifetime(void)
Definition: hs_service.c:344
circuit_t
Definition: circuit_st.h:61
nodelist.h
Header file for nodelist.c.
hs_control.h
Header file containing control port event related code.
cleanup_intro_points
static void cleanup_intro_points(hs_service_t *service, time_t now)
Definition: hs_service.c:2429
hs_service_descriptor_t::signing_kp
ed25519_keypair_t signing_kp
Definition: hs_service.h:139
hs_ident_dir_conn_t
Definition: hs_ident.h:87
hs_descriptor_t
Definition: hs_descriptor.h:226
have_completed_a_circuit
int have_completed_a_circuit(void)
Definition: mainloop.c:220
hs_desc_intro_point_t::cert
struct hs_desc_intro_point_t::@16::@17 cert
hs_desc_superencrypted_data_free_contents
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)
Definition: hs_descriptor.c:2713
should_remove_intro_point
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2375
smartlist_contains_string
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
hs_service_intro_point_t::onion_key
curve25519_public_key_t onion_key
Definition: hs_service.h:51
rendservice.h
Header file for rendservice.c.
hs_desc_build_authorized_client
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
Definition: hs_descriptor.c:2884
LD_CONFIG
#define LD_CONFIG
Definition: log.h:68
BASE64_DIGEST_LEN
#define BASE64_DIGEST_LEN
Definition: crypto_digest.h:26
DIGEST256_LEN
#define DIGEST256_LEN
Definition: digest_sizes.h:23
node_select.h
Header file for node_select.c.
extendinfo.h
Header for core/or/extendinfo.c.
hsdir_index_t::store_second
uint8_t store_second[DIGEST256_LEN]
Definition: hsdir_index_st.h:26
hs_desc_intro_point_t::onion_key
curve25519_public_key_t onion_key
Definition: hs_descriptor.h:106
hs_service_config_t::allow_unknown_ports
unsigned int allow_unknown_ports
Definition: hs_service.h:242
ed25519_secret_key_t::seckey
uint8_t seckey[ED25519_SECKEY_LEN]
Definition: crypto_ed25519.h:35
hs_service_keys_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_service.h:179
write_str_to_file_if_not_equal
int write_str_to_file_if_not_equal(const char *fname, const char *str)
Definition: files.c:743
RSAE_BADPRIVKEY
@ RSAE_BADPRIVKEY
Definition: hs_common.h:146
service_desc_schedule_upload
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
Definition: hs_service.c:2272
hs_service_descriptor_t::blinded_kp
ed25519_keypair_t blinded_kp
Definition: hs_service.h:143
consider_republishing_hs_descriptors
static int consider_republishing_hs_descriptors
Definition: hs_service.c:111
crypto_digest256_new
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:272
connection_t
Definition: connection_st.h:45
hs_service_state_t::next_rotation_time
time_t next_rotation_time
Definition: hs_service.h:288
pick_needed_intro_points
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2166
hs_service_config_t::num_intro_points
unsigned int num_intro_points
Definition: hs_service.h:231
crypto_ope_new
crypto_ope_t * crypto_ope_new(const uint8_t *key)
Definition: crypto_ope.c:129
get_intro_point_num_extra
static int32_t get_intro_point_num_extra(void)
Definition: hs_service.c:378
directory_request_upload_set_hs_ident
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Definition: dirclient.c:1111
hs_ident_dir_conn_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_ident.h:90
hs_service_config_t::max_streams_close_circuit
unsigned int max_streams_close_circuit
Definition: hs_service.h:227
service_intro_point_new
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
Definition: hs_service.c:452
LOG_INFO
#define LOG_INFO
Definition: log.h:45
run_upload_descriptor_event
STATIC void run_upload_descriptor_event(time_t now)
Definition: hs_service.c:3257
crypto_rand.h
Common functions for using (pseudo-)random number generators.
remove_expired_failing_intro
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
Definition: hs_service.c:1514
hs_service_intropoints_t::failed_id
digestmap_t * failed_id
Definition: hs_service.h:110
hs_service_dir_info_changed
void hs_service_dir_info_changed(void)
Definition: hs_service.c:3979
get_options
const or_options_t * get_options(void)
Definition: config.c:932
or_state_st.h
The or_state_t structure, which represents Tor's state file.
service_intro_circ_has_opened
static void service_intro_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3306
tor_make_rsa_ed25519_crosscert
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
Definition: torcert.c:331
tor_memcmp
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
set_descriptor_revision_counter
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
Definition: hs_service.c:2911
link_specifier_dup
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1875
pick_intro_point
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
Definition: hs_service.c:2116
service_desc_clear_previous_hsdirs
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
Definition: hs_service.c:2243
circuitbuild.h
Header file for circuitbuild.c.
CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:112
hs_service_t
Definition: hs_service.h:300
curve25519_public_key_is_ok
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
Definition: crypto_curve25519.c:132
hs_get_responsible_hsdirs
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1343
log_desc_upload_reason_t
log_desc_upload_reason_t
Definition: hs_service.c:3077
hs_service_intro_point_t::introduce2_max
uint64_t introduce2_max
Definition: hs_service.h:71
hs_service_t::keys
hs_service_keys_t keys
Definition: hs_service.h:313
smartlist_clear
void smartlist_clear(smartlist_t *sl)
Definition: smartlist_core.c:50
directory_request_set_resource
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1045
hs_service_state_t::num_intro_circ_launched
unsigned int num_intro_circ_launched
Definition: hs_service.h:277
crypto_digest_free
#define crypto_digest_free(d)
Definition: crypto_digest.h:130
hs_stats_note_introduce2_cell
void hs_stats_note_introduce2_cell(int is_hsv3)
Definition: hs_stats.c:22
extend_info_st.h
Extend-info structure.
routerstatus_st.h
Routerstatus (consensus entry) structure.
node_describe
const char * node_describe(const node_t *node)
Definition: describe.c:160
service_desc_hsdirs_changed
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:3039
hs_common.h
Header file containing common data for the whole HS subsystem.
upload_descriptor_to_all
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2982
curve25519_public_key_t
Definition: crypto_curve25519.h:24
edge_connection_st.h
Edge-connection structure.
origin_circuit_t::cpath
crypt_path_t * cpath
Definition: origin_circuit_st.h:129
hs_circ_service_intro_has_opened
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
Definition: hs_circuit.c:807
hs_desc_intro_point_new
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
Definition: hs_descriptor.c:2836
move_descriptors
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
Definition: hs_service.c:1456
service_handle_introduce2
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3470
relay.h
Header file for relay.c.
RSAE_ADDREXISTS
@ RSAE_ADDREXISTS
Definition: hs_common.h:145
connection.h
Header file for connection.c.
hs_desc_plaintext_data_t::signing_key_cert
tor_cert_t * signing_key_cert
Definition: hs_descriptor.h:203
describe_intro_point
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:289
hs_service_descriptor_t::time_period_num
uint64_t time_period_num
Definition: hs_service.h:147
remember_failing_intro_point
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1552
hs_service_load_all_keys
int hs_service_load_all_keys(void)
Definition: hs_service.c:4121
confline.h
Header for confline.c.
CIRCUIT_PURPOSE_S_CONNECT_REND
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:109
get_objects_from_ident
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
Definition: hs_service.c:615
hs_service_descriptor_t::descriptor_cookie
uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN]
Definition: hs_service.h:136
directory_request_new
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:948
smartlist_shuffle
void smartlist_shuffle(smartlist_t *sl)
Definition: crypto_rand.c:602
build_service_descriptor
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
Definition: hs_service.c:1962
hs_service_new
hs_service_t * hs_service_new(const or_options_t *options)
Definition: hs_service.c:4247
hs_desc_encrypted_data_t::create2_ntor
unsigned int create2_ntor
Definition: hs_descriptor.h:161
networkstatus_t::valid_after
time_t valid_after
Definition: networkstatus_st.h:33
nickname.h
Header file for nickname.c.
hs_config.h
Header file containing configuration ABI/API for the HS subsystem.
service_key_on_disk
static int service_key_on_disk(const char *directory_path)
Definition: hs_service.c:3541
hs_ident_circuit_t
Definition: hs_ident.h:42
dirclient.h
Header file for dirclient.c.
CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:103
tor_asprintf
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
hs_service_intro_point_t::auth_key_kp
ed25519_keypair_t auth_key_kp
Definition: hs_service.h:55
hs_service_descriptor_t
Definition: hs_service.h:130
hs_service_intro_point_t::replay_cache
replaycache_t * replay_cache
Definition: hs_service.h:85
hs_get_time_period_num
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:270
CIRCUIT_PURPOSE_S_INTRO
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:106
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
rend_consider_services_upload
void rend_consider_services_upload(time_t now)
Definition: rendservice.c:4299
hs_ident_circuit_t::rendezvous_cookie
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
log_fn_ratelim
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:288
node_get_nickname
const char * node_get_nickname(const node_t *node)
Definition: nodelist.c:1369
run_build_circuit_event
static void run_build_circuit_event(time_t now)
Definition: hs_service.c:2811
SMARTLIST_DEL_CURRENT
#define SMARTLIST_DEL_CURRENT(sl, var)
Definition: smartlist_foreach.h:120
HS_VERSION_THREE
#define HS_VERSION_THREE
Definition: hs_common.h:26
hs_service_config_t::circuit_id_protocol
hs_circuit_id_protocol_t circuit_id_protocol
Definition: hs_service.h:256
load_service_keys
static int load_service_keys(hs_service_t *service)
Definition: hs_service.c:1025
service_rendezvous_circ_has_opened
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3363
dir_connection_st.h
Client/server directory connection structure.
sr_state_get_start_time_of_current_protocol_run
time_t sr_state_get_start_time_of_current_protocol_run(void)
Definition: shared_random_client.c:240
MAP_DEL_CURRENT
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:140
HEX_DIGEST_LEN
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
rend_num_services
int rend_num_services(void)
Definition: rendservice.c:202
LOG_WARN
#define LOG_WARN
Definition: log.h:53
node_st.h
Node information structure.
hs_service_config_t::ports
smartlist_t * ports
Definition: hs_service.h:214
hs_desc_encrypted_data_t::intro_points
smartlist_t * intro_points
Definition: hs_descriptor.h:171
router_have_consensus_path
consensus_path_type_t router_have_consensus_path(void)
Definition: nodelist.c:2379
hs_service_descriptor_t::ope_cipher
struct crypto_ope_t * ope_cipher
Definition: hs_service.h:151
hs_descriptor_t::encrypted_data
hs_desc_encrypted_data_t encrypted_data
Definition: hs_descriptor.h:238
edge_connection_t
Definition: edge_connection_st.h:21
get_link_spec_by_type
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
Definition: hs_service.c:646
hs_ident_circuit_t::num_rdv_streams
uint64_t num_rdv_streams
Definition: hs_ident.h:81
get_intro_point_max_lifetime
static int32_t get_intro_point_max_lifetime(void)
Definition: hs_service.c:361
hs_ob.h
Header file for the specific code for onion balance.
hs_intropoint.h
Header file for hs_intropoint.c.
hs_service_t::desc_current
hs_service_descriptor_t * desc_current
Definition: hs_service.h:319
service_escaped_dir
static const char * service_escaped_dir(const hs_service_t *s)
Definition: hs_service.c:873
FOR_EACH_DESCRIPTOR_BEGIN
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
Definition: hs_service.c:85
TO_DIR_CONN
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:89
hs_metrics_close_established_intro
#define hs_metrics_close_established_intro(i)
Definition: hs_metrics.h:67
NUM_INTRO_POINTS_EXTRA
#define NUM_INTRO_POINTS_EXTRA
Definition: hs_common.h:38
HT_PROTOTYPE
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
format_local_iso_time
void format_local_iso_time(char *buf, time_t t)
Definition: time_fmt.c:285
hs_service_config_t::clients
smartlist_t * clients
Definition: hs_service.h:238
hs_metrics_close_established_rdv
#define hs_metrics_close_established_rdv(i)
Definition: hs_metrics.h:53
sr_state_get_protocol_run_duration
unsigned int sr_state_get_protocol_run_duration(void)
Definition: shared_random_client.c:304
hs_service_lookup_current_desc
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
Definition: hs_service.c:3819
shared_random_client.h
Header file for shared_random_client.c.
close_service_intro_circuits
static void close_service_intro_circuits(hs_service_t *service)
Definition: hs_service.c:814
config.h
Header file for config.c.
setup_intro_point_exclude_list
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
Definition: hs_service.c:1533
hs_service_intro_point_t::circuit_retries
uint32_t circuit_retries
Definition: hs_service.h:80
router_choose_random_node
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Definition: node_select.c:979
hs_service_free
#define hs_service_free(s)
Definition: hs_service.h:346
hs_service_intro_point_t::legacy_key
crypto_pk_t * legacy_key
Definition: hs_service.h:62
hs_service_t::onion_address
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_service.h:303
hs_descriptor_t::subcredential
hs_subcredential_t subcredential
Definition: hs_descriptor.h:242
hs_service_descriptor_t::next_upload_time
time_t next_upload_time
Definition: hs_service.h:158
node_get_curve25519_onion_key
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:1935
circuit_state_to_string
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:764
hs_service_circuit_has_opened
void hs_service_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:4062
hs_service_keys_t::identity_sk
ed25519_secret_key_t identity_sk
Definition: hs_service.h:181
hs_parse_address
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:960
hs_service_authorized_client_t
Definition: hs_service.h:188
service_desc_find_by_intro
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:589
hs_metrics_new_introduction
#define hs_metrics_new_introduction(s)
Definition: hs_metrics.h:35
move_ephemeral_services
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
Definition: hs_service.c:843
tor_log
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:590
set_rotation_time
static void set_rotation_time(hs_service_t *service)
Definition: hs_service.c:2486
circuit_get_next_service_rp_circ
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Definition: circuitlist.c:1786
origin_circuit_t::hs_ident
struct hs_ident_circuit_t * hs_ident
Definition: origin_circuit_st.h:136
build_all_descriptors
STATIC void build_all_descriptors(time_t now)
Definition: hs_service.c:2071
hs_service_map
static struct hs_service_ht * hs_service_map
Definition: hs_service.c:150
TO_CIRCUIT
#define TO_CIRCUIT(x)
Definition: or.h:965
or_options_t
Definition: or_options_st.h:64
update_all_descriptors_intro_points
STATIC void update_all_descriptors_intro_points(time_t now)
Definition: hs_service.c:2331
hs_desc_encode_descriptor
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
Definition: hs_descriptor.c:2652
hs_service_config_t::is_ephemeral
unsigned int is_ephemeral
Definition: hs_service.h:253
TO_CONN
#define TO_CONN(c)
Definition: or.h:736
hs_service_descriptor_t::intro_points
hs_service_intropoints_t intro_points
Definition: hs_service.h:163
STATIC
#define STATIC
Definition: testsupport.h:32
hs_control_desc_event_created
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
Definition: hs_control.c:111
digest_to_base64
void digest_to_base64(char *d64, const char *digest)
Definition: crypto_format.c:275
hs_circ_handle_intro_established
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:941
hs_desc_superencrypted_data_t
Definition: hs_descriptor.h:176
router_crn_flags_t
router_crn_flags_t
Definition: node_select.h:16
INTRO_POINT_LIFETIME_MIN_SECONDS
#define INTRO_POINT_LIFETIME_MIN_SECONDS
Definition: or.h:1093
hs_service_dump_stats
void hs_service_dump_stats(int severity)
Definition: hs_service.c:4158
dir_connection_t
Definition: dir_connection_st.h:21
hs_service_ht_eq
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
Definition: hs_service.c:128
router_have_minimum_dir_info
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2346
hs_circuit.h
Header file containing circuit data for the whole HS subsystem.
networkstatus_get_param
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Definition: networkstatus.c:2500
ed25519_secret_key_t
Definition: crypto_ed25519.h:28
networkstatus_st.h
Networkstatus consensus/vote structure.
rend_services_add_filenames_to_lists
void rend_services_add_filenames_to_lists(smartlist_t *open_lst, smartlist_t *stat_lst)
Definition: rendservice.c:1427
DIRIND_ANONYMOUS
@ DIRIND_ANONYMOUS
Definition: dirclient.h:39
smartlist_sort
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
directory_request_t
struct directory_request_t directory_request_t
Definition: dirclient.h:52
networkstatus_t
Definition: networkstatus_st.h:26
hs_service_intro_point_t
Definition: hs_service.h:45
hs_get_subcredential
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:816
origin_circuit_st.h
Origin circuit structure.
rescan_periodic_events
void rescan_periodic_events(const or_options_t *options)
Definition: mainloop.c:1586
hs_desc_intro_point_t
Definition: hs_descriptor.h:99
get_intro_point_max_introduce2
static int32_t get_intro_point_max_introduce2(void)
Definition: hs_service.c:332
hs_descriptor.h
Header file for hs_descriptor.c.
smartlist_t
Definition: smartlist_core.h:26
circuit_t::state
uint8_t state
Definition: circuit_st.h:110
should_rotate_descriptors
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
Definition: hs_service.c:2506
crypto_digest_get_digest
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Definition: crypto_digest_nss.c:348
hs_service_get_num_services
unsigned int hs_service_get_num_services(void)
Definition: hs_service.c:3843
hs_service_config_t::max_streams_per_rdv_circuit
uint64_t max_streams_per_rdv_circuit
Definition: hs_service.h:223
REND_REPLAY_TIME_INTERVAL
#define REND_REPLAY_TIME_INTERVAL
Definition: or.h:480
service_descriptor_new
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Definition: hs_service.c:1337
directory_request_set_indirection
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1032
RSAE_OKAY
@ RSAE_OKAY
Definition: hs_common.h:148
DIGESTMAP_FOREACH
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:154
can_service_launch_intro_circuit
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
Definition: hs_service.c:2766
hs_service_get_version_from_key
int hs_service_get_version_from_key(const hs_service_t *service)
Definition: hs_service.c:4092
hs_metrics_new_established_rdv
#define hs_metrics_new_established_rdv(s)
Definition: hs_metrics.h:48
extend_info_t
Definition: extend_info_st.h:27
tor_listdir
smartlist_t * tor_listdir(const char *dirname)
Definition: dir.c:307
rend_service_rendezvous_has_opened
void rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
Definition: rendservice.c:3469
rend_service_intro_has_opened
void rend_service_intro_has_opened(origin_circuit_t *circuit)
Definition: rendservice.c:3276
update_service_descriptor_intro_points
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:2288
node_t::identity
char identity[DIGEST_LEN]
Definition: node_st.h:46
find_service
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
Definition: hs_service.c:168
service_authorized_client_config_equal
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
Definition: hs_service.c:1394
ratelim_t
Definition: ratelim.h:42
or.h
Master header file for Tor-specific functionality.
ed25519_keypair_t
Definition: crypto_ed25519.h:39
OPE_INPUT_MAX
#define OPE_INPUT_MAX
Definition: crypto_ope.h:31
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72
hs_desc_plaintext_data_t::lifetime_sec
uint32_t lifetime_sec
Definition: hs_descriptor.h:199