tor  0.4.2.0-alpha-dev
hs_service.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
9 #define HS_SERVICE_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "app/config/statefile.h"
15 #include "core/mainloop/mainloop.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
19 #include "core/or/relay.h"
20 #include "feature/client/circpathbias.h"
24 #include "feature/keymgt/loadkey.h"
31 #include "lib/crypt_ops/crypto_ope.h"
35 
36 #include "feature/hs/hs_circuit.h"
37 #include "feature/hs/hs_common.h"
38 #include "feature/hs/hs_config.h"
39 #include "feature/hs/hs_control.h"
41 #include "feature/hs/hs_ident.h"
43 #include "feature/hs/hs_service.h"
44 #include "feature/hs/hs_stats.h"
45 
46 #include "feature/dircommon/dir_connection_st.h"
47 #include "core/or/edge_connection_st.h"
48 #include "core/or/extend_info_st.h"
49 #include "feature/nodelist/networkstatus_st.h"
50 #include "feature/nodelist/node_st.h"
51 #include "core/or/origin_circuit_st.h"
52 #include "app/config/or_state_st.h"
53 #include "feature/nodelist/routerstatus_st.h"
54 
55 #include "lib/encoding/confline.h"
57 
58 /* Trunnel */
59 #include "trunnel/ed25519_cert.h"
60 #include "trunnel/hs/cell_common.h"
61 #include "trunnel/hs/cell_establish_intro.h"
62 
63 #ifdef HAVE_SYS_STAT_H
64 #include <sys/stat.h>
65 #endif
66 #ifdef HAVE_UNISTD_H
67 #include <unistd.h>
68 #endif
69 
70 /* Helper macro. Iterate over every service in the global map. The var is the
71  * name of the service pointer. */
72 #define FOR_EACH_SERVICE_BEGIN(var) \
73  STMT_BEGIN \
74  hs_service_t **var##_iter, *var; \
75  HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
76  var = *var##_iter;
77 #define FOR_EACH_SERVICE_END } STMT_END ;
78 
79 /* Helper macro. Iterate over both current and previous descriptor of a
80  * service. The var is the name of the descriptor pointer. This macro skips
81  * any descriptor object of the service that is NULL. */
82 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
83  STMT_BEGIN \
84  hs_service_descriptor_t *var; \
85  for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
86  ++var ## _loop_idx) { \
87  (var ## _loop_idx == 0) ? (var = service->desc_current) : \
88  (var = service->desc_next); \
89  if (var == NULL) continue;
90 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
91 
92 /* Onion service directory file names. */
93 static const char fname_keyfile_prefix[] = "hs_ed25519";
94 static const char dname_client_pubkeys[] = "authorized_clients";
95 static const char fname_hostname[] = "hostname";
96 static const char address_tld[] = "onion";
97 
98 /* Staging list of service object. When configuring service, we add them to
99  * this list considered a staging area and they will get added to our global
100  * map once the keys have been loaded. These two steps are separated because
101  * loading keys requires that we are an actual running tor process. */
102 static smartlist_t *hs_service_staging_list;
103 
108 
109 /* Static declaration. */
110 static int load_client_keys(hs_service_t *service);
112  time_t now, bool is_current);
113 static int build_service_desc_superencrypted(const hs_service_t *service,
115 static void move_descriptors(hs_service_t *src, hs_service_t *dst);
116 static int service_encode_descriptor(const hs_service_t *service,
117  const hs_service_descriptor_t *desc,
118  const ed25519_keypair_t *signing_kp,
119  char **encoded_out);
120 
121 /* Helper: Function to compare two objects in the service map. Return 1 if the
122  * two service have the same master public identity key. */
123 static inline int
124 hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
125 {
126  tor_assert(first);
127  tor_assert(second);
128  /* Simple key compare. */
129  return ed25519_pubkey_eq(&first->keys.identity_pk,
130  &second->keys.identity_pk);
131 }
132 
133 /* Helper: Function for the service hash table code below. The key used is the
134  * master public identity key which is ultimately the onion address. */
135 static inline unsigned int
136 hs_service_ht_hash(const hs_service_t *service)
137 {
138  tor_assert(service);
139  return (unsigned int) siphash24g(service->keys.identity_pk.pubkey,
140  sizeof(service->keys.identity_pk.pubkey));
141 }
142 
143 /* This is _the_ global hash map of hidden services which indexed the service
144  * contained in it by master public identity key which is roughly the onion
145  * address of the service. */
146 static struct hs_service_ht *hs_service_map;
147 
148 /* Register the service hash table. */
149 HT_PROTOTYPE(hs_service_ht, /* Name of hashtable. */
150  hs_service_t, /* Object contained in the map. */
151  hs_service_node, /* The name of the HT_ENTRY member. */
152  hs_service_ht_hash, /* Hashing function. */
153  hs_service_ht_eq) /* Compare function for objects. */
154 
155 HT_GENERATE2(hs_service_ht, hs_service_t, hs_service_node,
156  hs_service_ht_hash, hs_service_ht_eq,
157  0.6, tor_reallocarray, tor_free_)
158 
159 /* Query the given service map with a public key and return a service object
160  * if found else NULL. It is also possible to set a directory path in the
161  * search query. If pk is NULL, then it will be set to zero indicating the
162  * hash table to compare the directory path instead. */
163 STATIC hs_service_t *
164 find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
165 {
166  hs_service_t dummy_service;
167  tor_assert(map);
168  tor_assert(pk);
169  memset(&dummy_service, 0, sizeof(dummy_service));
170  ed25519_pubkey_copy(&dummy_service.keys.identity_pk, pk);
171  return HT_FIND(hs_service_ht, map, &dummy_service);
172 }
173 
174 /* Register the given service in the given map. If the service already exists
175  * in the map, -1 is returned. On success, 0 is returned and the service
176  * ownership has been transferred to the global map. */
177 STATIC int
178 register_service(hs_service_ht *map, hs_service_t *service)
179 {
180  tor_assert(map);
181  tor_assert(service);
182  tor_assert(!ed25519_public_key_is_zero(&service->keys.identity_pk));
183 
184  if (find_service(map, &service->keys.identity_pk)) {
185  /* Existing service with the same key. Do not register it. */
186  return -1;
187  }
188  /* Taking ownership of the object at this point. */
189  HT_INSERT(hs_service_ht, map, service);
190 
191  /* If we just modified the global map, we notify. */
192  if (map == hs_service_map) {
193  hs_service_map_has_changed();
194  }
195 
196  return 0;
197 }
198 
199 /* Remove a given service from the given map. If service is NULL or the
200  * service key is unset, return gracefully. */
201 STATIC void
202 remove_service(hs_service_ht *map, hs_service_t *service)
203 {
204  hs_service_t *elm;
205 
206  tor_assert(map);
207 
208  /* Ignore if no service or key is zero. */
209  if (BUG(service == NULL) ||
210  BUG(ed25519_public_key_is_zero(&service->keys.identity_pk))) {
211  return;
212  }
213 
214  elm = HT_REMOVE(hs_service_ht, map, service);
215  if (elm) {
216  tor_assert(elm == service);
217  } else {
218  log_warn(LD_BUG, "Could not find service in the global map "
219  "while removing service %s",
220  escaped(service->config.directory_path));
221  }
222 
223  /* If we just modified the global map, we notify. */
224  if (map == hs_service_map) {
225  hs_service_map_has_changed();
226  }
227 }
228 
229 /* Set the default values for a service configuration object <b>c</b>. */
230 static void
231 set_service_default_config(hs_service_config_t *c,
232  const or_options_t *options)
233 {
234  (void) options;
235  tor_assert(c);
236  c->ports = smartlist_new();
237  c->directory_path = NULL;
238  c->max_streams_per_rdv_circuit = 0;
239  c->max_streams_close_circuit = 0;
240  c->num_intro_points = NUM_INTRO_POINTS_DEFAULT;
241  c->allow_unknown_ports = 0;
242  c->is_single_onion = 0;
243  c->dir_group_readable = 0;
244  c->is_ephemeral = 0;
245  c->has_dos_defense_enabled = HS_CONFIG_V3_DOS_DEFENSE_DEFAULT;
246  c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
247  c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
248 }
249 
250 /* From a service configuration object config, clear everything from it
251  * meaning free allocated pointers and reset the values. */
252 STATIC void
253 service_clear_config(hs_service_config_t *config)
254 {
255  if (config == NULL) {
256  return;
257  }
258  tor_free(config->directory_path);
259  if (config->ports) {
260  SMARTLIST_FOREACH(config->ports, rend_service_port_config_t *, p,
261  rend_service_port_config_free(p););
262  smartlist_free(config->ports);
263  }
264  if (config->clients) {
266  service_authorized_client_free(p));
267  smartlist_free(config->clients);
268  }
269  memset(config, 0, sizeof(*config));
270 }
271 
272 /* Helper function to return a human readable description of the given intro
273  * point object.
274  *
275  * This function is not thread-safe. Each call to this invalidates the
276  * previous values returned by it. */
277 static const char *
278 describe_intro_point(const hs_service_intro_point_t *ip)
279 {
280  /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
281  * byte hence the plus two. */
282  static char buf[HEX_DIGEST_LEN + 2];
283  const char *legacy_id = NULL;
284 
285  SMARTLIST_FOREACH_BEGIN(ip->base.link_specifiers,
286  const link_specifier_t *, lspec) {
287  if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
288  legacy_id = (const char *)
289  link_specifier_getconstarray_un_legacy_id(lspec);
290  break;
291  }
292  } SMARTLIST_FOREACH_END(lspec);
293 
294  /* For now, we only print the identity digest but we could improve this with
295  * much more information such as the ed25519 identity has well. */
296  buf[0] = '$';
297  if (legacy_id) {
298  base16_encode(buf + 1, HEX_DIGEST_LEN + 1, legacy_id, DIGEST_LEN);
299  }
300 
301  return buf;
302 }
303 
304 /* Return the lower bound of maximum INTRODUCE2 cells per circuit before we
305  * rotate intro point (defined by a consensus parameter or the default
306  * value). */
307 static int32_t
308 get_intro_point_min_introduce2(void)
309 {
310  /* The [0, 2147483647] range is quite large to accommodate anything we decide
311  * in the future. */
312  return networkstatus_get_param(NULL, "hs_intro_min_introduce2",
314  0, INT32_MAX);
315 }
316 
317 /* Return the upper bound of maximum INTRODUCE2 cells per circuit before we
318  * rotate intro point (defined by a consensus parameter or the default
319  * value). */
320 static int32_t
321 get_intro_point_max_introduce2(void)
322 {
323  /* The [0, 2147483647] range is quite large to accommodate anything we decide
324  * in the future. */
325  return networkstatus_get_param(NULL, "hs_intro_max_introduce2",
326  INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
327  0, INT32_MAX);
328 }
329 
330 /* Return the minimum lifetime in seconds of an introduction point defined by a
331  * consensus parameter or the default value. */
332 static int32_t
333 get_intro_point_min_lifetime(void)
334 {
335 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
336  if (get_options()->TestingTorNetwork) {
337  return MIN_INTRO_POINT_LIFETIME_TESTING;
338  }
339 
340  /* The [0, 2147483647] range is quite large to accommodate anything we decide
341  * in the future. */
342  return networkstatus_get_param(NULL, "hs_intro_min_lifetime",
344  0, INT32_MAX);
345 }
346 
347 /* Return the maximum lifetime in seconds of an introduction point defined by a
348  * consensus parameter or the default value. */
349 static int32_t
350 get_intro_point_max_lifetime(void)
351 {
352 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
353  if (get_options()->TestingTorNetwork) {
354  return MAX_INTRO_POINT_LIFETIME_TESTING;
355  }
356 
357  /* The [0, 2147483647] range is quite large to accommodate anything we decide
358  * in the future. */
359  return networkstatus_get_param(NULL, "hs_intro_max_lifetime",
361  0, INT32_MAX);
362 }
363 
364 /* Return the number of extra introduction point defined by a consensus
365  * parameter or the default value. */
366 static int32_t
367 get_intro_point_num_extra(void)
368 {
369  /* The [0, 128] range bounds the number of extra introduction point allowed.
370  * Above 128 intro points, it's getting a bit crazy. */
371  return networkstatus_get_param(NULL, "hs_intro_num_extra",
372  NUM_INTRO_POINTS_EXTRA, 0, 128);
373 }
374 
375 /* Helper: Function that needs to return 1 for the HT for each loop which
376  * frees every service in an hash map. */
377 static int
378 ht_free_service_(struct hs_service_t *service, void *data)
379 {
380  (void) data;
381  hs_service_free(service);
382  /* This function MUST return 1 so the given object is then removed from the
383  * service map leading to this free of the object being safe. */
384  return 1;
385 }
386 
387 /* Free every service that can be found in the global map. Once done, clear
388  * and free the global map. */
389 static void
390 service_free_all(void)
391 {
392  if (hs_service_map) {
393  /* The free helper function returns 1 so this is safe. */
394  hs_service_ht_HT_FOREACH_FN(hs_service_map, ht_free_service_, NULL);
395  HT_CLEAR(hs_service_ht, hs_service_map);
396  tor_free(hs_service_map);
397  hs_service_map = NULL;
398  }
399 
400  if (hs_service_staging_list) {
401  /* Cleanup staging list. */
402  SMARTLIST_FOREACH(hs_service_staging_list, hs_service_t *, s,
403  hs_service_free(s));
404  smartlist_free(hs_service_staging_list);
405  hs_service_staging_list = NULL;
406  }
407 }
408 
409 /* Free a given service intro point object. */
410 STATIC void
411 service_intro_point_free_(hs_service_intro_point_t *ip)
412 {
413  if (!ip) {
414  return;
415  }
416  memwipe(&ip->auth_key_kp, 0, sizeof(ip->auth_key_kp));
417  memwipe(&ip->enc_key_kp, 0, sizeof(ip->enc_key_kp));
418  crypto_pk_free(ip->legacy_key);
419  replaycache_free(ip->replay_cache);
420  hs_intropoint_clear(&ip->base);
421  tor_free(ip);
422 }
423 
424 /* Helper: free an hs_service_intro_point_t object. This function is used by
425  * digest256map_free() which requires a void * pointer. */
426 static void
427 service_intro_point_free_void(void *obj)
428 {
429  service_intro_point_free_(obj);
430 }
431 
432 /* Return a newly allocated service intro point and fully initialized from the
433  * given node_t node, if non NULL.
434  *
435  * If node is NULL, returns a hs_service_intro_point_t with an empty link
436  * specifier list and no onion key. (This is used for testing.)
437  * On any other error, NULL is returned.
438  *
439  * node must be an node_t with an IPv4 address. */
441 service_intro_point_new(const node_t *node)
442 {
444 
445  ip = tor_malloc_zero(sizeof(*ip));
446  /* We'll create the key material. No need for extra strong, those are short
447  * term keys. */
448  ed25519_keypair_generate(&ip->auth_key_kp, 0);
449 
450  { /* Set introduce2 max cells limit */
451  int32_t min_introduce2_cells = get_intro_point_min_introduce2();
452  int32_t max_introduce2_cells = get_intro_point_max_introduce2();
453  if (BUG(max_introduce2_cells < min_introduce2_cells)) {
454  goto err;
455  }
456  ip->introduce2_max = crypto_rand_int_range(min_introduce2_cells,
457  max_introduce2_cells);
458  }
459  { /* Set intro point lifetime */
460  int32_t intro_point_min_lifetime = get_intro_point_min_lifetime();
461  int32_t intro_point_max_lifetime = get_intro_point_max_lifetime();
462  if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
463  goto err;
464  }
465  ip->time_to_expire = approx_time() +
466  crypto_rand_int_range(intro_point_min_lifetime,intro_point_max_lifetime);
467  }
468 
469  ip->replay_cache = replaycache_new(0, 0);
470 
471  /* Initialize the base object. We don't need the certificate object. */
472  ip->base.link_specifiers = node_get_link_specifier_smartlist(node, 0);
473 
474  if (node == NULL) {
475  goto done;
476  }
477 
478  /* Generate the encryption key for this intro point. */
479  curve25519_keypair_generate(&ip->enc_key_kp, 0);
480  /* Figure out if this chosen node supports v3 or is legacy only.
481  * NULL nodes are used in the unit tests. */
482  if (!node_supports_ed25519_hs_intro(node)) {
483  ip->base.is_only_legacy = 1;
484  /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
485  ip->legacy_key = crypto_pk_new();
486  if (crypto_pk_generate_key(ip->legacy_key) < 0) {
487  goto err;
488  }
489  if (crypto_pk_get_digest(ip->legacy_key,
490  (char *) ip->legacy_key_digest) < 0) {
491  goto err;
492  }
493  }
494 
495  /* Flag if this intro point supports the INTRO2 dos defenses. */
496  ip->support_intro2_dos_defense =
498 
499  /* Finally, copy onion key from the node. */
500  memcpy(&ip->onion_key, node_get_curve25519_onion_key(node),
501  sizeof(ip->onion_key));
502 
503  done:
504  return ip;
505  err:
506  service_intro_point_free(ip);
507  return NULL;
508 }
509 
510 /* Add the given intro point object to the given intro point map. The intro
511  * point MUST have its RSA encryption key set if this is a legacy type or the
512  * authentication key set otherwise. */
513 STATIC void
514 service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
515 {
516  hs_service_intro_point_t *old_ip_entry;
517 
518  tor_assert(map);
519  tor_assert(ip);
520 
521  old_ip_entry = digest256map_set(map, ip->auth_key_kp.pubkey.pubkey, ip);
522  /* Make sure we didn't just try to double-add an intro point */
523  tor_assert_nonfatal(!old_ip_entry);
524 }
525 
526 /* For a given service, remove the intro point from that service's descriptors
527  * (check both current and next descriptor) */
528 STATIC void
529 service_intro_point_remove(const hs_service_t *service,
530  const hs_service_intro_point_t *ip)
531 {
532  tor_assert(service);
533  tor_assert(ip);
534 
535  /* Trying all descriptors. */
536  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
537  /* We'll try to remove the descriptor on both descriptors which is not
538  * very expensive to do instead of doing loopup + remove. */
539  digest256map_remove(desc->intro_points.map,
540  ip->auth_key_kp.pubkey.pubkey);
541  } FOR_EACH_DESCRIPTOR_END;
542 }
543 
544 /* For a given service and authentication key, return the intro point or NULL
545  * if not found. This will check both descriptors in the service. */
547 service_intro_point_find(const hs_service_t *service,
548  const ed25519_public_key_t *auth_key)
549 {
550  hs_service_intro_point_t *ip = NULL;
551 
552  tor_assert(service);
553  tor_assert(auth_key);
554 
555  /* Trying all descriptors to find the right intro point.
556  *
557  * Even if we use the same node as intro point in both descriptors, the node
558  * will have a different intro auth key for each descriptor since we generate
559  * a new one everytime we pick an intro point.
560  *
561  * After #22893 gets implemented, intro points will be moved to be
562  * per-service instead of per-descriptor so this function will need to
563  * change.
564  */
565  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
566  if ((ip = digest256map_get(desc->intro_points.map,
567  auth_key->pubkey)) != NULL) {
568  break;
569  }
570  } FOR_EACH_DESCRIPTOR_END;
571 
572  return ip;
573 }
574 
575 /* For a given service and intro point, return the descriptor for which the
576  * intro point is assigned to. NULL is returned if not found. */
578 service_desc_find_by_intro(const hs_service_t *service,
579  const hs_service_intro_point_t *ip)
580 {
581  hs_service_descriptor_t *descp = NULL;
582 
583  tor_assert(service);
584  tor_assert(ip);
585 
586  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
587  if (digest256map_get(desc->intro_points.map,
588  ip->auth_key_kp.pubkey.pubkey)) {
589  descp = desc;
590  break;
591  }
592  } FOR_EACH_DESCRIPTOR_END;
593 
594  return descp;
595 }
596 
597 /* From a circuit identifier, get all the possible objects associated with the
598  * ident. If not NULL, service, ip or desc are set if the object can be found.
599  * They are untouched if they can't be found.
600  *
601  * This is an helper function because we do those lookups often so it's more
602  * convenient to simply call this functions to get all the things at once. */
603 STATIC void
604 get_objects_from_ident(const hs_ident_circuit_t *ident,
605  hs_service_t **service, hs_service_intro_point_t **ip,
607 {
608  hs_service_t *s;
609 
610  tor_assert(ident);
611 
612  /* Get service object from the circuit identifier. */
613  s = find_service(hs_service_map, &ident->identity_pk);
614  if (s && service) {
615  *service = s;
616  }
617 
618  /* From the service object, get the intro point object of that circuit. The
619  * following will query both descriptors intro points list. */
620  if (s && ip) {
621  *ip = service_intro_point_find(s, &ident->intro_auth_pk);
622  }
623 
624  /* Get the descriptor for this introduction point and service. */
625  if (s && ip && *ip && desc) {
626  *desc = service_desc_find_by_intro(s, *ip);
627  }
628 }
629 
630 /* From a given intro point, return the first link specifier of type
631  * encountered in the link specifier list. Return NULL if it can't be found.
632  *
633  * The caller does NOT have ownership of the object, the intro point does. */
634 static link_specifier_t *
635 get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
636 {
637  link_specifier_t *lnk_spec = NULL;
638 
639  tor_assert(ip);
640 
641  SMARTLIST_FOREACH_BEGIN(ip->base.link_specifiers,
642  link_specifier_t *, ls) {
643  if (link_specifier_get_ls_type(ls) == type) {
644  lnk_spec = ls;
645  goto end;
646  }
647  } SMARTLIST_FOREACH_END(ls);
648 
649  end:
650  return lnk_spec;
651 }
652 
653 /* Given a service intro point, return the node_t associated to it. This can
654  * return NULL if the given intro point has no legacy ID or if the node can't
655  * be found in the consensus. */
656 STATIC const node_t *
657 get_node_from_intro_point(const hs_service_intro_point_t *ip)
658 {
659  const link_specifier_t *ls;
660 
661  tor_assert(ip);
662 
663  ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
664  if (BUG(!ls)) {
665  return NULL;
666  }
667  /* XXX In the future, we want to only use the ed25519 ID (#22173). */
668  return node_get_by_id(
669  (const char *) link_specifier_getconstarray_un_legacy_id(ls));
670 }
671 
672 /* Given a service intro point, return the extend_info_t for it. This can
673  * return NULL if the node can't be found for the intro point or the extend
674  * info can't be created for the found node. If direct_conn is set, the extend
675  * info is validated on if we can connect directly. */
676 static extend_info_t *
677 get_extend_info_from_intro_point(const hs_service_intro_point_t *ip,
678  unsigned int direct_conn)
679 {
680  extend_info_t *info = NULL;
681  const node_t *node;
682 
683  tor_assert(ip);
684 
685  node = get_node_from_intro_point(ip);
686  if (node == NULL) {
687  /* This can happen if the relay serving as intro point has been removed
688  * from the consensus. In that case, the intro point will be removed from
689  * the descriptor during the scheduled events. */
690  goto end;
691  }
692 
693  /* In the case of a direct connection (single onion service), it is possible
694  * our firewall policy won't allow it so this can return a NULL value. */
695  info = extend_info_from_node(node, direct_conn);
696 
697  end:
698  return info;
699 }
700 
701 /* Return the number of introduction points that are established for the
702  * given descriptor. */
703 static unsigned int
704 count_desc_circuit_established(const hs_service_descriptor_t *desc)
705 {
706  unsigned int count = 0;
707 
708  tor_assert(desc);
709 
710  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
711  const hs_service_intro_point_t *, ip) {
712  count += ip->circuit_established;
713  } DIGEST256MAP_FOREACH_END;
714 
715  return count;
716 }
717 
718 /* For a given service and descriptor of that service, close all active
719  * directory connections. */
720 static void
721 close_directory_connections(const hs_service_t *service,
722  const hs_service_descriptor_t *desc)
723 {
724  unsigned int count = 0;
725  smartlist_t *dir_conns;
726 
727  tor_assert(service);
728  tor_assert(desc);
729 
730  /* Close pending HS desc upload connections for the blinded key of 'desc'. */
731  dir_conns = connection_list_by_type_purpose(CONN_TYPE_DIR,
733  SMARTLIST_FOREACH_BEGIN(dir_conns, connection_t *, conn) {
734  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
735  if (ed25519_pubkey_eq(&dir_conn->hs_ident->identity_pk,
736  &service->keys.identity_pk) &&
737  ed25519_pubkey_eq(&dir_conn->hs_ident->blinded_pk,
738  &desc->blinded_kp.pubkey)) {
739  connection_mark_for_close(conn);
740  count++;
741  continue;
742  }
743  } SMARTLIST_FOREACH_END(conn);
744 
745  log_info(LD_REND, "Closed %u active service directory connections for "
746  "descriptor %s of service %s",
747  count, safe_str_client(ed25519_fmt(&desc->blinded_kp.pubkey)),
748  safe_str_client(service->onion_address));
749  /* We don't have ownership of the objects in this list. */
750  smartlist_free(dir_conns);
751 }
752 
753 /* Close all rendezvous circuits for the given service. */
754 static void
755 close_service_rp_circuits(hs_service_t *service)
756 {
757  origin_circuit_t *ocirc = NULL;
758 
759  tor_assert(service);
760 
761  /* The reason we go over all circuit instead of using the circuitmap API is
762  * because most hidden service circuits are rendezvous circuits so there is
763  * no real improvement at getting all rendezvous circuits from the
764  * circuitmap and then going over them all to find the right ones.
765  * Furthermore, another option would have been to keep a list of RP cookies
766  * for a service but it creates an engineering complexity since we don't
767  * have a "RP circuit closed" event to clean it up properly so we avoid a
768  * memory DoS possibility. */
769 
770  while ((ocirc = circuit_get_next_service_rp_circ(ocirc))) {
771  /* Only close circuits that are v3 and for this service. */
772  if (ocirc->hs_ident != NULL &&
773  ed25519_pubkey_eq(&ocirc->hs_ident->identity_pk,
774  &service->keys.identity_pk)) {
775  /* Reason is FINISHED because service has been removed and thus the
776  * circuit is considered old/uneeded. When freed, it is removed from the
777  * hs circuitmap. */
778  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
779  }
780  }
781 }
782 
783 /* Close the circuit(s) for the given map of introduction points. */
784 static void
785 close_intro_circuits(hs_service_intropoints_t *intro_points)
786 {
787  tor_assert(intro_points);
788 
789  DIGEST256MAP_FOREACH(intro_points->map, key,
790  const hs_service_intro_point_t *, ip) {
791  origin_circuit_t *ocirc = hs_circ_service_get_intro_circ(ip);
792  if (ocirc) {
793  /* Reason is FINISHED because service has been removed and thus the
794  * circuit is considered old/uneeded. When freed, the circuit is removed
795  * from the HS circuitmap. */
796  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
797  }
798  } DIGEST256MAP_FOREACH_END;
799 }
800 
801 /* Close all introduction circuits for the given service. */
802 static void
803 close_service_intro_circuits(hs_service_t *service)
804 {
805  tor_assert(service);
806 
807  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
808  close_intro_circuits(&desc->intro_points);
809  } FOR_EACH_DESCRIPTOR_END;
810 }
811 
812 /* Close any circuits related to the given service. */
813 static void
814 close_service_circuits(hs_service_t *service)
815 {
816  tor_assert(service);
817 
818  /* Only support for version >= 3. */
819  if (BUG(service->config.version < HS_VERSION_THREE)) {
820  return;
821  }
822  /* Close intro points. */
823  close_service_intro_circuits(service);
824  /* Close rendezvous points. */
825  close_service_rp_circuits(service);
826 }
827 
828 /* Move every ephemeral services from the src service map to the dst service
829  * map. It is possible that a service can't be register to the dst map which
830  * won't stop the process of moving them all but will trigger a log warn. */
831 static void
832 move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
833 {
834  hs_service_t **iter, **next;
835 
836  tor_assert(src);
837  tor_assert(dst);
838 
839  /* Iterate over the map to find ephemeral service and move them to the other
840  * map. We loop using this method to have a safe removal process. */
841  for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
842  hs_service_t *s = *iter;
843  if (!s->config.is_ephemeral) {
844  /* Yeah, we are in a very manual loop :). */
845  next = HT_NEXT(hs_service_ht, src, iter);
846  continue;
847  }
848  /* Remove service from map and then register to it to the other map.
849  * Reminder that "*iter" and "s" are the same thing. */
850  next = HT_NEXT_RMV(hs_service_ht, src, iter);
851  if (register_service(dst, s) < 0) {
852  log_warn(LD_BUG, "Ephemeral service key is already being used. "
853  "Skipping.");
854  }
855  }
856 }
857 
858 /* Return a const string of the directory path escaped. If this is an
859  * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
860  * the main thread because escaped() uses a static variable. */
861 static const char *
862 service_escaped_dir(const hs_service_t *s)
863 {
864  return (s->config.is_ephemeral) ? "[EPHEMERAL]" :
865  escaped(s->config.directory_path);
866 }
867 
870 static void
871 move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
872 {
873  tor_assert(src_service);
874  tor_assert(dst_service);
875 
876  hs_service_state_t *src = &src_service->state;
877  hs_service_state_t *dst = &dst_service->state;
878 
879  /* Let's do a shallow copy */
880  dst->intro_circ_retry_started_time = src->intro_circ_retry_started_time;
881  dst->num_intro_circ_launched = src->num_intro_circ_launched;
882  /* Freeing a NULL replaycache triggers an info LD_BUG. */
883  if (dst->replay_cache_rend_cookie != NULL) {
884  replaycache_free(dst->replay_cache_rend_cookie);
885  }
886  dst->replay_cache_rend_cookie = src->replay_cache_rend_cookie;
887  dst->next_rotation_time = src->next_rotation_time;
888 
889  src->replay_cache_rend_cookie = NULL; /* steal pointer reference */
890 }
891 
892 /* Register services that are in the staging list. Once this function returns,
893  * the global service map will be set with the right content and all non
894  * surviving services will be cleaned up. */
895 static void
896 register_all_services(void)
897 {
898  struct hs_service_ht *new_service_map;
899 
900  tor_assert(hs_service_staging_list);
901 
902  /* Allocate a new map that will replace the current one. */
903  new_service_map = tor_malloc_zero(sizeof(*new_service_map));
904  HT_INIT(hs_service_ht, new_service_map);
905 
906  /* First step is to transfer all ephemeral services from the current global
907  * map to the new one we are constructing. We do not prune ephemeral
908  * services as the only way to kill them is by deleting it from the control
909  * port or stopping the tor daemon. */
910  move_ephemeral_services(hs_service_map, new_service_map);
911 
912  SMARTLIST_FOREACH_BEGIN(hs_service_staging_list, hs_service_t *, snew) {
913  hs_service_t *s;
914 
915  /* Check if that service is already in our global map and if so, we'll
916  * transfer the intro points to it. */
917  s = find_service(hs_service_map, &snew->keys.identity_pk);
918  if (s) {
919  /* Pass ownership of the descriptors from s (the current service) to
920  * snew (the newly configured one). */
921  move_descriptors(s, snew);
922  move_hs_state(s, snew);
923  /* Remove the service from the global map because after this, we need to
924  * go over the remaining service in that map that aren't surviving the
925  * reload to close their circuits. */
926  remove_service(hs_service_map, s);
927  hs_service_free(s);
928  }
929  /* Great, this service is now ready to be added to our new map. */
930  if (BUG(register_service(new_service_map, snew) < 0)) {
931  /* This should never happen because prior to registration, we validate
932  * every service against the entire set. Not being able to register a
933  * service means we failed to validate correctly. In that case, don't
934  * break tor and ignore the service but tell user. */
935  log_warn(LD_BUG, "Unable to register service with directory %s",
936  service_escaped_dir(snew));
937  SMARTLIST_DEL_CURRENT(hs_service_staging_list, snew);
938  hs_service_free(snew);
939  }
940  } SMARTLIST_FOREACH_END(snew);
941 
942  /* Close any circuits associated with the non surviving services. Every
943  * service in the current global map are roaming. */
944  FOR_EACH_SERVICE_BEGIN(service) {
945  close_service_circuits(service);
946  } FOR_EACH_SERVICE_END;
947 
948  /* Time to make the switch. We'll clear the staging list because its content
949  * has now changed ownership to the map. */
950  smartlist_clear(hs_service_staging_list);
951  service_free_all();
952  hs_service_map = new_service_map;
953  /* We've just register services into the new map and now we've replaced the
954  * global map with it so we have to notify that the change happened. When
955  * registering a service, the notify is only triggered if the destination
956  * map is the global map for which in here it was not. */
957  hs_service_map_has_changed();
958 }
959 
960 /* Write the onion address of a given service to the given filename fname_ in
961  * the service directory. Return 0 on success else -1 on error. */
962 STATIC int
963 write_address_to_file(const hs_service_t *service, const char *fname_)
964 {
965  int ret = -1;
966  char *fname = NULL;
967  char *addr_buf = NULL;
968 
969  tor_assert(service);
970  tor_assert(fname_);
971 
972  /* Construct the full address with the onion tld and write the hostname file
973  * to disk. */
974  tor_asprintf(&addr_buf, "%s.%s\n", service->onion_address, address_tld);
975  /* Notice here that we use the given "fname_". */
976  fname = hs_path_from_filename(service->config.directory_path, fname_);
977  if (write_str_to_file(fname, addr_buf, 0) < 0) {
978  log_warn(LD_REND, "Could not write onion address to hostname file %s",
979  escaped(fname));
980  goto end;
981  }
982 
983 #ifndef _WIN32
984  if (service->config.dir_group_readable) {
985  /* Mode to 0640. */
986  if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
987  log_warn(LD_FS, "Unable to make onion service hostname file %s "
988  "group-readable.", escaped(fname));
989  }
990  }
991 #endif /* !defined(_WIN32) */
992 
993  /* Success. */
994  ret = 0;
995  end:
996  tor_free(fname);
997  tor_free(addr_buf);
998  return ret;
999 }
1000 
1001 /* Load and/or generate private keys for the given service. On success, the
1002  * hostname file will be written to disk along with the master private key iff
1003  * the service is not configured for offline keys. Return 0 on success else -1
1004  * on failure. */
1005 static int
1006 load_service_keys(hs_service_t *service)
1007 {
1008  int ret = -1;
1009  char *fname = NULL;
1010  ed25519_keypair_t *kp;
1011  const hs_service_config_t *config;
1012 
1013  tor_assert(service);
1014 
1015  config = &service->config;
1016 
1017  /* Create and fix permission on service directory. We are about to write
1018  * files to that directory so make sure it exists and has the right
1019  * permissions. We do this here because at this stage we know that Tor is
1020  * actually running and the service we have has been validated. */
1021  if (hs_check_service_private_dir(get_options()->User,
1022  config->directory_path,
1023  config->dir_group_readable, 1) < 0) {
1024  goto end;
1025  }
1026 
1027  /* Try to load the keys from file or generate it if not found. */
1028  fname = hs_path_from_filename(config->directory_path, fname_keyfile_prefix);
1029  /* Don't ask for key creation, we want to know if we were able to load it or
1030  * we had to generate it. Better logging! */
1031  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT, LOG_INFO, NULL, 0, 0,
1032  0, NULL, NULL);
1033  if (!kp) {
1034  log_info(LD_REND, "Unable to load keys from %s. Generating it...", fname);
1035  /* We'll now try to generate the keys and for it we want the strongest
1036  * randomness for it. The keypair will be written in different files. */
1037  uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1038  INIT_ED_KEY_SPLIT;
1039  kp = ed_key_init_from_file(fname, key_flags, LOG_WARN, NULL, 0, 0, 0,
1040  NULL, NULL);
1041  if (!kp) {
1042  log_warn(LD_REND, "Unable to generate keys and save in %s.", fname);
1043  goto end;
1044  }
1045  }
1046 
1047  /* Copy loaded or generated keys to service object. */
1048  ed25519_pubkey_copy(&service->keys.identity_pk, &kp->pubkey);
1049  memcpy(&service->keys.identity_sk, &kp->seckey,
1050  sizeof(service->keys.identity_sk));
1051  /* This does a proper memory wipe. */
1052  ed25519_keypair_free(kp);
1053 
1054  /* Build onion address from the newly loaded keys. */
1055  tor_assert(service->config.version <= UINT8_MAX);
1056  hs_build_address(&service->keys.identity_pk,
1057  (uint8_t) service->config.version,
1058  service->onion_address);
1059 
1060  /* Write onion address to hostname file. */
1061  if (write_address_to_file(service, fname_hostname) < 0) {
1062  goto end;
1063  }
1064 
1065  /* Load all client authorization keys in the service. */
1066  if (load_client_keys(service) < 0) {
1067  goto end;
1068  }
1069 
1070  /* Succes. */
1071  ret = 0;
1072  end:
1073  tor_free(fname);
1074  return ret;
1075 }
1076 
1077 /* Check if the client file name is valid or not. Return 1 if valid,
1078  * otherwise return 0. */
1079 STATIC int
1080 client_filename_is_valid(const char *filename)
1081 {
1082  int ret = 1;
1083  const char *valid_extension = ".auth";
1084 
1085  tor_assert(filename);
1086 
1087  /* The file extension must match and the total filename length can't be the
1088  * length of the extension else we do not have a filename. */
1089  if (!strcmpend(filename, valid_extension) &&
1090  strlen(filename) != strlen(valid_extension)) {
1091  ret = 1;
1092  } else {
1093  ret = 0;
1094  }
1095 
1096  return ret;
1097 }
1098 
1099 /* Parse an authorized client from a string. The format of a client string
1100  * looks like (see rend-spec-v3.txt):
1101  *
1102  * <auth-type>:<key-type>:<base32-encoded-public-key>
1103  *
1104  * The <auth-type> can only be "descriptor".
1105  * The <key-type> can only be "x25519".
1106  *
1107  * Return the key on success, return NULL, otherwise. */
1109 parse_authorized_client(const char *client_key_str)
1110 {
1111  char *auth_type = NULL;
1112  char *key_type = NULL;
1113  char *pubkey_b32 = NULL;
1114  hs_service_authorized_client_t *client = NULL;
1115  smartlist_t *fields = smartlist_new();
1116 
1117  tor_assert(client_key_str);
1118 
1119  smartlist_split_string(fields, client_key_str, ":",
1120  SPLIT_SKIP_SPACE, 0);
1121  /* Wrong number of fields. */
1122  if (smartlist_len(fields) != 3) {
1123  log_warn(LD_REND, "Unknown format of client authorization file.");
1124  goto err;
1125  }
1126 
1127  auth_type = smartlist_get(fields, 0);
1128  key_type = smartlist_get(fields, 1);
1129  pubkey_b32 = smartlist_get(fields, 2);
1130 
1131  /* Currently, the only supported auth type is "descriptor". */
1132  if (strcmp(auth_type, "descriptor")) {
1133  log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
1134  auth_type);
1135  goto err;
1136  }
1137 
1138  /* Currently, the only supported key type is "x25519". */
1139  if (strcmp(key_type, "x25519")) {
1140  log_warn(LD_REND, "Client authorization key type '%s' not supported.",
1141  key_type);
1142  goto err;
1143  }
1144 
1145  /* We expect a specific length of the base32 encoded key so make sure we
1146  * have that so we don't successfully decode a value with a different length
1147  * and end up in trouble when copying the decoded key into a fixed length
1148  * buffer. */
1149  if (strlen(pubkey_b32) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) {
1150  log_warn(LD_REND, "Client authorization encoded base32 public key "
1151  "length is invalid: %s", pubkey_b32);
1152  goto err;
1153  }
1154 
1155  client = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1156  if (base32_decode((char *) client->client_pk.public_key,
1157  sizeof(client->client_pk.public_key),
1158  pubkey_b32, strlen(pubkey_b32)) !=
1159  sizeof(client->client_pk.public_key)) {
1160  log_warn(LD_REND, "Client authorization public key cannot be decoded: %s",
1161  pubkey_b32);
1162  goto err;
1163  }
1164 
1165  /* Success. */
1166  goto done;
1167 
1168  err:
1169  service_authorized_client_free(client);
1170  done:
1171  /* It is also a good idea to wipe the public key. */
1172  if (pubkey_b32) {
1173  memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1174  }
1175  tor_assert(fields);
1176  SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
1177  smartlist_free(fields);
1178  return client;
1179 }
1180 
1181 /* Load all the client public keys for the given service. Return 0 on
1182  * success else -1 on failure. */
1183 static int
1184 load_client_keys(hs_service_t *service)
1185 {
1186  int ret = -1;
1187  char *client_key_str = NULL;
1188  char *client_key_file_path = NULL;
1189  char *client_keys_dir_path = NULL;
1190  hs_service_config_t *config;
1191  smartlist_t *file_list = NULL;
1192 
1193  tor_assert(service);
1194 
1195  config = &service->config;
1196 
1197  /* Before calling this function, we already call load_service_keys to make
1198  * sure that the directory exists with the right permission. So, if we
1199  * cannot create a client pubkey key directory, we consider it as a bug. */
1200  client_keys_dir_path = hs_path_from_filename(config->directory_path,
1201  dname_client_pubkeys);
1202  if (BUG(hs_check_service_private_dir(get_options()->User,
1203  client_keys_dir_path,
1204  config->dir_group_readable, 1) < 0)) {
1205  goto end;
1206  }
1207 
1208  /* If the list of clients already exists, we must clear it first. */
1209  if (config->clients) {
1210  SMARTLIST_FOREACH(config->clients, hs_service_authorized_client_t *, p,
1211  service_authorized_client_free(p));
1212  smartlist_free(config->clients);
1213  }
1214 
1215  config->clients = smartlist_new();
1216 
1217  file_list = tor_listdir(client_keys_dir_path);
1218  if (file_list == NULL) {
1219  log_warn(LD_REND, "Client authorization directory %s can't be listed.",
1220  client_keys_dir_path);
1221  goto end;
1222  }
1223 
1224  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1225  hs_service_authorized_client_t *client = NULL;
1226  log_info(LD_REND, "Loading a client authorization key file %s...",
1227  filename);
1228 
1229  if (!client_filename_is_valid(filename)) {
1230  log_warn(LD_REND, "Client authorization unrecognized filename %s. "
1231  "File must end in .auth. Ignoring.", filename);
1232  continue;
1233  }
1234 
1235  /* Create a full path for a file. */
1236  client_key_file_path = hs_path_from_filename(client_keys_dir_path,
1237  filename);
1238  client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1239 
1240  /* If we cannot read the file, continue with the next file. */
1241  if (!client_key_str) {
1242  log_warn(LD_REND, "Client authorization file %s can't be read. "
1243  "Corrupted or verify permission? Ignoring.",
1244  client_key_file_path);
1245  tor_free(client_key_file_path);
1246  continue;
1247  }
1248  tor_free(client_key_file_path);
1249 
1250  client = parse_authorized_client(client_key_str);
1251  /* Wipe and free immediately after using it. */
1252  memwipe(client_key_str, 0, strlen(client_key_str));
1253  tor_free(client_key_str);
1254 
1255  if (client) {
1256  smartlist_add(config->clients, client);
1257  log_info(LD_REND, "Loaded a client authorization key file %s.",
1258  filename);
1259  }
1260 
1261  } SMARTLIST_FOREACH_END(filename);
1262 
1263  /* If the number of clients is greater than zero, set the flag to be true. */
1264  if (smartlist_len(config->clients) > 0) {
1265  config->is_client_auth_enabled = 1;
1266  }
1267 
1268  /* Success. */
1269  ret = 0;
1270  end:
1271  if (client_key_str) {
1272  memwipe(client_key_str, 0, strlen(client_key_str));
1273  }
1274  if (file_list) {
1275  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1276  smartlist_free(file_list);
1277  }
1278  tor_free(client_key_str);
1279  tor_free(client_key_file_path);
1280  tor_free(client_keys_dir_path);
1281  return ret;
1282 }
1283 
1284 STATIC void
1285 service_authorized_client_free_(hs_service_authorized_client_t *client)
1286 {
1287  if (!client) {
1288  return;
1289  }
1290  memwipe(&client->client_pk, 0, sizeof(client->client_pk));
1291  tor_free(client);
1292 }
1293 
1294 /* Free a given service descriptor object and all key material is wiped. */
1295 STATIC void
1296 service_descriptor_free_(hs_service_descriptor_t *desc)
1297 {
1298  if (!desc) {
1299  return;
1300  }
1301  hs_descriptor_free(desc->desc);
1302  memwipe(&desc->signing_kp, 0, sizeof(desc->signing_kp));
1303  memwipe(&desc->blinded_kp, 0, sizeof(desc->blinded_kp));
1304  /* Cleanup all intro points. */
1305  digest256map_free(desc->intro_points.map, service_intro_point_free_void);
1306  digestmap_free(desc->intro_points.failed_id, tor_free_);
1307  if (desc->previous_hsdirs) {
1308  SMARTLIST_FOREACH(desc->previous_hsdirs, char *, s, tor_free(s));
1309  smartlist_free(desc->previous_hsdirs);
1310  }
1311  crypto_ope_free(desc->ope_cipher);
1312  tor_free(desc);
1313 }
1314 
1315 /* Return a newly allocated service descriptor object. */
1316 STATIC hs_service_descriptor_t *
1317 service_descriptor_new(void)
1318 {
1319  hs_service_descriptor_t *sdesc = tor_malloc_zero(sizeof(*sdesc));
1320  sdesc->desc = tor_malloc_zero(sizeof(hs_descriptor_t));
1321  /* Initialize the intro points map. */
1322  sdesc->intro_points.map = digest256map_new();
1323  sdesc->intro_points.failed_id = digestmap_new();
1324  sdesc->previous_hsdirs = smartlist_new();
1325  return sdesc;
1326 }
1327 
1328 /* Allocate and return a deep copy of client. */
1330 service_authorized_client_dup(const hs_service_authorized_client_t *client)
1331 {
1332  hs_service_authorized_client_t *client_dup = NULL;
1333 
1334  tor_assert(client);
1335 
1336  client_dup = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1337  /* Currently, the public key is the only component of
1338  * hs_service_authorized_client_t. */
1339  memcpy(client_dup->client_pk.public_key,
1340  client->client_pk.public_key,
1342 
1343  return client_dup;
1344 }
1345 
1346 /* If two authorized clients are equal, return 0. If the first one should come
1347  * before the second, return less than zero. If the first should come after
1348  * the second, return greater than zero. */
1349 static int
1350 service_authorized_client_cmp(const hs_service_authorized_client_t *client1,
1351  const hs_service_authorized_client_t *client2)
1352 {
1353  tor_assert(client1);
1354  tor_assert(client2);
1355 
1356  /* Currently, the public key is the only component of
1357  * hs_service_authorized_client_t. */
1358  return tor_memcmp(client1->client_pk.public_key,
1359  client2->client_pk.public_key,
1361 }
1362 
1363 /* Helper for sorting authorized clients. */
1364 static int
1365 compare_service_authorzized_client_(const void **_a, const void **_b)
1366 {
1367  const hs_service_authorized_client_t *a = *_a, *b = *_b;
1368  return service_authorized_client_cmp(a, b);
1369 }
1370 
1371 /* If the list of hs_service_authorized_client_t's is different between
1372  * src and dst, return 1. Otherwise, return 0. */
1373 STATIC int
1374 service_authorized_client_config_equal(const hs_service_config_t *config1,
1375  const hs_service_config_t *config2)
1376 {
1377  int ret = 0;
1378  int i;
1379  smartlist_t *sl1 = smartlist_new();
1380  smartlist_t *sl2 = smartlist_new();
1381 
1382  tor_assert(config1);
1383  tor_assert(config2);
1384  tor_assert(config1->clients);
1385  tor_assert(config2->clients);
1386 
1387  /* If the number of clients is different, it is obvious that the list
1388  * changes. */
1389  if (smartlist_len(config1->clients) != smartlist_len(config2->clients)) {
1390  goto done;
1391  }
1392 
1393  /* We do not want to mutate config1 and config2, so we will duplicate both
1394  * entire client lists here. */
1395  SMARTLIST_FOREACH(config1->clients,
1397  smartlist_add(sl1, service_authorized_client_dup(client)));
1398 
1399  SMARTLIST_FOREACH(config2->clients,
1401  smartlist_add(sl2, service_authorized_client_dup(client)));
1402 
1403  smartlist_sort(sl1, compare_service_authorzized_client_);
1404  smartlist_sort(sl2, compare_service_authorzized_client_);
1405 
1406  for (i = 0; i < smartlist_len(sl1); i++) {
1407  /* If the clients at index i in both lists differ, the whole configs
1408  * differ. */
1409  if (service_authorized_client_cmp(smartlist_get(sl1, i),
1410  smartlist_get(sl2, i))) {
1411  goto done;
1412  }
1413  }
1414 
1415  /* Success. */
1416  ret = 1;
1417 
1418  done:
1419  if (sl1) {
1421  service_authorized_client_free(p));
1422  smartlist_free(sl1);
1423  }
1424  if (sl2) {
1426  service_authorized_client_free(p));
1427  smartlist_free(sl2);
1428  }
1429  return ret;
1430 }
1431 
1432 /* Move descriptor(s) from the src service to the dst service and modify their
1433  * content if necessary. We do this during SIGHUP when we re-create our
1434  * hidden services. */
1435 static void
1436 move_descriptors(hs_service_t *src, hs_service_t *dst)
1437 {
1438  tor_assert(src);
1439  tor_assert(dst);
1440 
1441  if (src->desc_current) {
1442  /* Nothing should be there, but clean it up just in case */
1443  if (BUG(dst->desc_current)) {
1444  service_descriptor_free(dst->desc_current);
1445  }
1446  dst->desc_current = src->desc_current;
1447  src->desc_current = NULL;
1448  }
1449 
1450  if (src->desc_next) {
1451  /* Nothing should be there, but clean it up just in case */
1452  if (BUG(dst->desc_next)) {
1453  service_descriptor_free(dst->desc_next);
1454  }
1455  dst->desc_next = src->desc_next;
1456  src->desc_next = NULL;
1457  }
1458 
1459  /* If the client authorization changes, we must rebuild the superencrypted
1460  * section and republish the descriptors. */
1461  int client_auth_changed =
1462  !service_authorized_client_config_equal(&src->config, &dst->config);
1463  if (client_auth_changed && dst->desc_current) {
1464  /* We have to clear the superencrypted content first. */
1465  hs_desc_superencrypted_data_free_contents(
1466  &dst->desc_current->desc->superencrypted_data);
1467  if (build_service_desc_superencrypted(dst, dst->desc_current) < 0) {
1468  goto err;
1469  }
1470  service_desc_schedule_upload(dst->desc_current, time(NULL), 1);
1471  }
1472  if (client_auth_changed && dst->desc_next) {
1473  /* We have to clear the superencrypted content first. */
1474  hs_desc_superencrypted_data_free_contents(
1475  &dst->desc_next->desc->superencrypted_data);
1476  if (build_service_desc_superencrypted(dst, dst->desc_next) < 0) {
1477  goto err;
1478  }
1479  service_desc_schedule_upload(dst->desc_next, time(NULL), 1);
1480  }
1481 
1482  return;
1483 
1484  err:
1485  /* If there is an error, free all descriptors to make it clean and generate
1486  * them later. */
1487  service_descriptor_free(dst->desc_current);
1488  service_descriptor_free(dst->desc_next);
1489 }
1490 
1491 /* From the given service, remove all expired failing intro points for each
1492  * descriptor. */
1493 static void
1494 remove_expired_failing_intro(hs_service_t *service, time_t now)
1495 {
1496  tor_assert(service);
1497 
1498  /* For both descriptors, cleanup the failing intro points list. */
1499  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
1500  DIGESTMAP_FOREACH_MODIFY(desc->intro_points.failed_id, key, time_t *, t) {
1501  time_t failure_time = *t;
1502  if ((failure_time + INTRO_CIRC_RETRY_PERIOD) <= now) {
1503  MAP_DEL_CURRENT(key);
1504  tor_free(t);
1505  }
1507  } FOR_EACH_DESCRIPTOR_END;
1508 }
1509 
1510 /* For the given descriptor desc, put all node_t object found from its failing
1511  * intro point list and put them in the given node_list. */
1512 static void
1513 setup_intro_point_exclude_list(const hs_service_descriptor_t *desc,
1514  smartlist_t *node_list)
1515 {
1516  tor_assert(desc);
1517  tor_assert(node_list);
1518 
1519  DIGESTMAP_FOREACH(desc->intro_points.failed_id, key, time_t *, t) {
1520  (void) t; /* Make gcc happy. */
1521  const node_t *node = node_get_by_id(key);
1522  if (node) {
1523  smartlist_add(node_list, (void *) node);
1524  }
1526 }
1527 
1528 /* For the given failing intro point ip, we add its time of failure to the
1529  * failed map and index it by identity digest (legacy ID) in the descriptor
1530  * desc failed id map. */
1531 static void
1532 remember_failing_intro_point(const hs_service_intro_point_t *ip,
1533  hs_service_descriptor_t *desc, time_t now)
1534 {
1535  time_t *time_of_failure, *prev_ptr;
1536  const link_specifier_t *legacy_ls;
1537 
1538  tor_assert(ip);
1539  tor_assert(desc);
1540 
1541  time_of_failure = tor_malloc_zero(sizeof(time_t));
1542  *time_of_failure = now;
1543  legacy_ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
1544  tor_assert(legacy_ls);
1545  prev_ptr = digestmap_set(
1546  desc->intro_points.failed_id,
1547  (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1548  time_of_failure);
1549  tor_free(prev_ptr);
1550 }
1551 
1552 /* Using a given descriptor signing keypair signing_kp, a service intro point
1553  * object ip and the time now, setup the content of an already allocated
1554  * descriptor intro desc_ip.
1555  *
1556  * Return 0 on success else a negative value. */
1557 static int
1558 setup_desc_intro_point(const ed25519_keypair_t *signing_kp,
1559  const hs_service_intro_point_t *ip,
1560  time_t now, hs_desc_intro_point_t *desc_ip)
1561 {
1562  int ret = -1;
1563  time_t nearest_hour = now - (now % 3600);
1564 
1565  tor_assert(signing_kp);
1566  tor_assert(ip);
1567  tor_assert(desc_ip);
1568 
1569  /* Copy the onion key. */
1570  memcpy(&desc_ip->onion_key, &ip->onion_key, sizeof(desc_ip->onion_key));
1571 
1572  /* Key and certificate material. */
1573  desc_ip->auth_key_cert = tor_cert_create(signing_kp,
1574  CERT_TYPE_AUTH_HS_IP_KEY,
1575  &ip->auth_key_kp.pubkey,
1576  nearest_hour,
1577  HS_DESC_CERT_LIFETIME,
1578  CERT_FLAG_INCLUDE_SIGNING_KEY);
1579  if (desc_ip->auth_key_cert == NULL) {
1580  log_warn(LD_REND, "Unable to create intro point auth-key certificate");
1581  goto done;
1582  }
1583 
1584  /* Copy link specifier(s). */
1585  SMARTLIST_FOREACH_BEGIN(ip->base.link_specifiers,
1586  const link_specifier_t *, ls) {
1587  if (BUG(!ls)) {
1588  goto done;
1589  }
1590  link_specifier_t *copy = link_specifier_dup(ls);
1591  if (BUG(!copy)) {
1592  goto done;
1593  }
1594  smartlist_add(desc_ip->link_specifiers, copy);
1595  } SMARTLIST_FOREACH_END(ls);
1596 
1597  /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1598  if (ip->base.is_only_legacy) {
1599  desc_ip->legacy.key = crypto_pk_dup_key(ip->legacy_key);
1600  /* Create cross certification cert. */
1601  ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
1602  &signing_kp->pubkey,
1603  desc_ip->legacy.key,
1604  nearest_hour + HS_DESC_CERT_LIFETIME,
1605  &desc_ip->legacy.cert.encoded);
1606  if (cert_len < 0) {
1607  log_warn(LD_REND, "Unable to create enc key legacy cross cert.");
1608  goto done;
1609  }
1610  desc_ip->legacy.cert.len = cert_len;
1611  }
1612 
1613  /* Encryption key and its cross certificate. */
1614  {
1615  ed25519_public_key_t ed25519_pubkey;
1616 
1617  /* Use the public curve25519 key. */
1618  memcpy(&desc_ip->enc_key, &ip->enc_key_kp.pubkey,
1619  sizeof(desc_ip->enc_key));
1620  /* The following can't fail. */
1622  &ip->enc_key_kp.pubkey,
1623  0);
1624  desc_ip->enc_key_cert = tor_cert_create(signing_kp,
1625  CERT_TYPE_CROSS_HS_IP_KEYS,
1626  &ed25519_pubkey, nearest_hour,
1627  HS_DESC_CERT_LIFETIME,
1628  CERT_FLAG_INCLUDE_SIGNING_KEY);
1629  if (desc_ip->enc_key_cert == NULL) {
1630  log_warn(LD_REND, "Unable to create enc key curve25519 cross cert.");
1631  goto done;
1632  }
1633  }
1634  /* Success. */
1635  ret = 0;
1636 
1637  done:
1638  return ret;
1639 }
1640 
1641 /* Using the given descriptor from the given service, build the descriptor
1642  * intro point list so we can then encode the descriptor for publication. This
1643  * function does not pick intro points, they have to be in the descriptor
1644  * current map. Cryptographic material (keys) must be initialized in the
1645  * descriptor for this function to make sense. */
1646 static void
1647 build_desc_intro_points(const hs_service_t *service,
1648  hs_service_descriptor_t *desc, time_t now)
1649 {
1650  hs_desc_encrypted_data_t *encrypted;
1651 
1652  tor_assert(service);
1653  tor_assert(desc);
1654 
1655  /* Ease our life. */
1656  encrypted = &desc->desc->encrypted_data;
1657  /* Cleanup intro points, we are about to set them from scratch. */
1658  hs_descriptor_clear_intro_points(desc->desc);
1659 
1660  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
1661  const hs_service_intro_point_t *, ip) {
1662  hs_desc_intro_point_t *desc_ip = hs_desc_intro_point_new();
1663  if (setup_desc_intro_point(&desc->signing_kp, ip, now, desc_ip) < 0) {
1664  hs_desc_intro_point_free(desc_ip);
1665  continue;
1666  }
1667  /* We have a valid descriptor intro point. Add it to the list. */
1668  smartlist_add(encrypted->intro_points, desc_ip);
1669  } DIGEST256MAP_FOREACH_END;
1670 }
1671 
1672 /* Build the descriptor signing key certificate. */
1673 static void
1674 build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
1675 {
1676  hs_desc_plaintext_data_t *plaintext;
1677 
1678  tor_assert(desc);
1679  tor_assert(desc->desc);
1680 
1681  /* Ease our life a bit. */
1682  plaintext = &desc->desc->plaintext_data;
1683 
1684  /* Get rid of what we have right now. */
1685  tor_cert_free(plaintext->signing_key_cert);
1686 
1687  /* Fresh certificate for the signing key. */
1688  plaintext->signing_key_cert =
1689  tor_cert_create(&desc->blinded_kp, CERT_TYPE_SIGNING_HS_DESC,
1690  &desc->signing_kp.pubkey, now, HS_DESC_CERT_LIFETIME,
1691  CERT_FLAG_INCLUDE_SIGNING_KEY);
1692  /* If the cert creation fails, the descriptor encoding will fail and thus
1693  * ultimately won't be uploaded. We'll get a stack trace to help us learn
1694  * where the call came from and the tor_cert_create() will log the error. */
1695  tor_assert_nonfatal(plaintext->signing_key_cert);
1696 }
1697 
1698 /* Populate the descriptor encrypted section from the given service object.
1699  * This will generate a valid list of introduction points that can be used
1700  * after for circuit creation. Return 0 on success else -1 on error. */
1701 static int
1702 build_service_desc_encrypted(const hs_service_t *service,
1704 {
1705  hs_desc_encrypted_data_t *encrypted;
1706 
1707  tor_assert(service);
1708  tor_assert(desc);
1709 
1710  encrypted = &desc->desc->encrypted_data;
1711 
1712  encrypted->create2_ntor = 1;
1713  encrypted->single_onion_service = service->config.is_single_onion;
1714 
1715  /* Setup introduction points from what we have in the service. */
1716  if (encrypted->intro_points == NULL) {
1717  encrypted->intro_points = smartlist_new();
1718  }
1719  /* We do NOT build introduction point yet, we only do that once the circuit
1720  * have been opened. Until we have the right number of introduction points,
1721  * we do not encode anything in the descriptor. */
1722 
1723  /* XXX: Support client authorization (#20700). */
1724  encrypted->intro_auth_types = NULL;
1725  return 0;
1726 }
1727 
1728 /* Populate the descriptor superencrypted section from the given service
1729  * object. This will generate a valid list of hs_desc_authorized_client_t
1730  * of clients that are authorized to use the service. Return 0 on success
1731  * else -1 on error. */
1732 static int
1733 build_service_desc_superencrypted(const hs_service_t *service,
1735 {
1736  const hs_service_config_t *config;
1737  int i;
1738  hs_desc_superencrypted_data_t *superencrypted;
1739 
1740  tor_assert(service);
1741  tor_assert(desc);
1742 
1743  superencrypted = &desc->desc->superencrypted_data;
1744  config = &service->config;
1745 
1746  /* The ephemeral key pair is already generated, so this should not give
1747  * an error. */
1748  if (BUG(!curve25519_public_key_is_ok(&desc->auth_ephemeral_kp.pubkey))) {
1749  return -1;
1750  }
1751  memcpy(&superencrypted->auth_ephemeral_pubkey,
1752  &desc->auth_ephemeral_kp.pubkey,
1753  sizeof(curve25519_public_key_t));
1754 
1755  /* Test that subcred is not zero because we might use it below */
1756  if (BUG(fast_mem_is_zero((char*)desc->desc->subcredential, DIGEST256_LEN))) {
1757  return -1;
1758  }
1759 
1760  /* Create a smartlist to store clients */
1761  superencrypted->clients = smartlist_new();
1762 
1763  /* We do not need to build the desc authorized client if the client
1764  * authorization is disabled */
1765  if (config->is_client_auth_enabled) {
1766  SMARTLIST_FOREACH_BEGIN(config->clients,
1767  hs_service_authorized_client_t *, client) {
1768  hs_desc_authorized_client_t *desc_client;
1769  desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
1770 
1771  /* Prepare the client for descriptor and then add to the list in the
1772  * superencrypted part of the descriptor */
1773  hs_desc_build_authorized_client(desc->desc->subcredential,
1774  &client->client_pk,
1775  &desc->auth_ephemeral_kp.seckey,
1776  desc->descriptor_cookie, desc_client);
1777  smartlist_add(superencrypted->clients, desc_client);
1778 
1779  } SMARTLIST_FOREACH_END(client);
1780  }
1781 
1782  /* We cannot let the number of auth-clients to be zero, so we need to
1783  * make it be 16. If it is already a multiple of 16, we do not need to
1784  * do anything. Otherwise, add the additional ones to make it a
1785  * multiple of 16. */
1786  int num_clients = smartlist_len(superencrypted->clients);
1787  int num_clients_to_add;
1788  if (num_clients == 0) {
1789  num_clients_to_add = HS_DESC_AUTH_CLIENT_MULTIPLE;
1790  } else if (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE == 0) {
1791  num_clients_to_add = 0;
1792  } else {
1793  num_clients_to_add =
1794  HS_DESC_AUTH_CLIENT_MULTIPLE
1795  - (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE);
1796  }
1797 
1798  for (i = 0; i < num_clients_to_add; i++) {
1799  hs_desc_authorized_client_t *desc_client =
1800  hs_desc_build_fake_authorized_client();
1801  smartlist_add(superencrypted->clients, desc_client);
1802  }
1803 
1804  /* Shuffle the list to prevent the client know the position in the
1805  * config. */
1806  smartlist_shuffle(superencrypted->clients);
1807 
1808  return 0;
1809 }
1810 
1811 /* Populate the descriptor plaintext section from the given service object.
1812  * The caller must make sure that the keys in the descriptors are valid that
1813  * is are non-zero. This can't fail. */
1814 static void
1815 build_service_desc_plaintext(const hs_service_t *service,
1817 {
1818  hs_desc_plaintext_data_t *plaintext;
1819 
1820  tor_assert(service);
1821  tor_assert(desc);
1822  tor_assert(!fast_mem_is_zero((char *) &desc->blinded_kp,
1823  sizeof(desc->blinded_kp)));
1824  tor_assert(!fast_mem_is_zero((char *) &desc->signing_kp,
1825  sizeof(desc->signing_kp)));
1826 
1827  /* Set the subcredential. */
1828  hs_get_subcredential(&service->keys.identity_pk, &desc->blinded_kp.pubkey,
1829  desc->desc->subcredential);
1830 
1831  plaintext = &desc->desc->plaintext_data;
1832 
1833  plaintext->version = service->config.version;
1834  plaintext->lifetime_sec = HS_DESC_DEFAULT_LIFETIME;
1835  /* Copy public key material to go in the descriptor. */
1836  ed25519_pubkey_copy(&plaintext->signing_pubkey, &desc->signing_kp.pubkey);
1837  ed25519_pubkey_copy(&plaintext->blinded_pubkey, &desc->blinded_kp.pubkey);
1838 
1839  /* Create the signing key certificate. This will be updated before each
1840  * upload but we create it here so we don't complexify our unit tests. */
1841  build_desc_signing_key_cert(desc, approx_time());
1842 }
1843 
1845 static crypto_ope_t *
1847 {
1848  /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1849  uint8_t key[DIGEST256_LEN];
1850  crypto_digest_t *digest = crypto_digest256_new(DIGEST_SHA3_256);
1851  const char ope_key_prefix[] = "rev-counter-generation";
1852  const ed25519_secret_key_t *eph_privkey = &hs_desc->blinded_kp.seckey;
1853  crypto_digest_add_bytes(digest, ope_key_prefix, sizeof(ope_key_prefix));
1854  crypto_digest_add_bytes(digest, (char*)eph_privkey->seckey,
1855  sizeof(eph_privkey->seckey));
1856  crypto_digest_get_digest(digest, (char *)key, sizeof(key));
1857  crypto_digest_free(digest);
1858 
1859  return crypto_ope_new(key);
1860 }
1861 
1862 /* For the given service and descriptor object, create the key material which
1863  * is the blinded keypair, the descriptor signing keypair, the ephemeral
1864  * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1865  * where the generated keys MUST be ignored. */
1866 static int
1867 build_service_desc_keys(const hs_service_t *service,
1869 {
1870  int ret = -1;
1871  ed25519_keypair_t kp;
1872 
1873  tor_assert(desc);
1874  tor_assert(!fast_mem_is_zero((char *) &service->keys.identity_pk,
1875  ED25519_PUBKEY_LEN));
1876 
1877  /* XXX: Support offline key feature (#18098). */
1878 
1879  /* Copy the identity keys to the keypair so we can use it to create the
1880  * blinded key. */
1881  memcpy(&kp.pubkey, &service->keys.identity_pk, sizeof(kp.pubkey));
1882  memcpy(&kp.seckey, &service->keys.identity_sk, sizeof(kp.seckey));
1883  /* Build blinded keypair for this time period. */
1884  hs_build_blinded_keypair(&kp, NULL, 0, desc->time_period_num,
1885  &desc->blinded_kp);
1886  /* Let's not keep too much traces of our keys in memory. */
1887  memwipe(&kp, 0, sizeof(kp));
1888 
1889  /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1890  log_info(LD_GENERAL,
1891  "Getting OPE for TP#%u", (unsigned) desc->time_period_num);
1892  tor_assert_nonfatal(!desc->ope_cipher);
1894 
1895  /* No need for extra strong, this is a temporary key only for this
1896  * descriptor. Nothing long term. */
1897  if (ed25519_keypair_generate(&desc->signing_kp, 0) < 0) {
1898  log_warn(LD_REND, "Can't generate descriptor signing keypair for "
1899  "service %s",
1900  safe_str_client(service->onion_address));
1901  goto end;
1902  }
1903 
1904  /* No need for extra strong, this is a temporary key only for this
1905  * descriptor. Nothing long term. */
1906  if (curve25519_keypair_generate(&desc->auth_ephemeral_kp, 0) < 0) {
1907  log_warn(LD_REND, "Can't generate auth ephemeral keypair for "
1908  "service %s",
1909  safe_str_client(service->onion_address));
1910  goto end;
1911  }
1912 
1913  /* Random descriptor cookie to be used as a part of a key to encrypt the
1914  * descriptor, only if the client auth is enabled will it be used. */
1915  crypto_strongest_rand(desc->descriptor_cookie,
1916  sizeof(desc->descriptor_cookie));
1917 
1918  /* Success. */
1919  ret = 0;
1920  end:
1921  return ret;
1922 }
1923 
1924 /* Given a service and the current time, build a descriptor for the service.
1925  * This function does not pick introduction point, this needs to be done by
1926  * the update function. On success, desc_out will point to the newly allocated
1927  * descriptor object.
1928  *
1929  * This can error if we are unable to create keys or certificate. */
1930 static void
1931 build_service_descriptor(hs_service_t *service, uint64_t time_period_num,
1932  hs_service_descriptor_t **desc_out)
1933 {
1934  char *encoded_desc;
1936 
1937  tor_assert(service);
1938  tor_assert(desc_out);
1939 
1940  desc = service_descriptor_new();
1941 
1942  /* Set current time period */
1943  desc->time_period_num = time_period_num;
1944 
1945  /* Create the needed keys so we can setup the descriptor content. */
1946  if (build_service_desc_keys(service, desc) < 0) {
1947  goto err;
1948  }
1949  /* Setup plaintext descriptor content. */
1950  build_service_desc_plaintext(service, desc);
1951 
1952  /* Setup superencrypted descriptor content. */
1953  if (build_service_desc_superencrypted(service, desc) < 0) {
1954  goto err;
1955  }
1956  /* Setup encrypted descriptor content. */
1957  if (build_service_desc_encrypted(service, desc) < 0) {
1958  goto err;
1959  }
1960 
1961  /* Let's make sure that we've created a descriptor that can actually be
1962  * encoded properly. This function also checks if the encoded output is
1963  * decodable after. */
1964  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
1965  &encoded_desc) < 0)) {
1966  goto err;
1967  }
1968  tor_free(encoded_desc);
1969 
1970  /* Assign newly built descriptor to the next slot. */
1971  *desc_out = desc;
1972  /* Fire a CREATED control port event. */
1973  hs_control_desc_event_created(service->onion_address,
1974  &desc->blinded_kp.pubkey);
1975  return;
1976 
1977  err:
1978  service_descriptor_free(desc);
1979 }
1980 
1981 /* Build both descriptors for the given service that has just booted up.
1982  * Because it's a special case, it deserves its special function ;). */
1983 static void
1984 build_descriptors_for_new_service(hs_service_t *service, time_t now)
1985 {
1986  uint64_t current_desc_tp, next_desc_tp;
1987 
1988  tor_assert(service);
1989  /* These are the conditions for a new service. */
1990  tor_assert(!service->desc_current);
1991  tor_assert(!service->desc_next);
1992 
1993  /*
1994  * +------------------------------------------------------------------+
1995  * | |
1996  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
1997  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
1998  * | |
1999  * | $==========|-----------$===========|-----------$===========| |
2000  * | ^ ^ |
2001  * | A B |
2002  * +------------------------------------------------------------------+
2003  *
2004  * Case A: The service boots up before a new time period, the current time
2005  * period is thus TP#1 and the next is TP#2 which for both we have access to
2006  * their SRVs.
2007  *
2008  * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2009  * next descriptor because we don't have the SRV#3 so the current should be
2010  * TP#1 and next TP#2.
2011  */
2012 
2013  if (hs_in_period_between_tp_and_srv(NULL, now)) {
2014  /* Case B from the above, inside of the new time period. */
2015  current_desc_tp = hs_get_previous_time_period_num(0); /* TP#1 */
2016  next_desc_tp = hs_get_time_period_num(0); /* TP#2 */
2017  } else {
2018  /* Case A from the above, outside of the new time period. */
2019  current_desc_tp = hs_get_time_period_num(0); /* TP#1 */
2020  next_desc_tp = hs_get_next_time_period_num(0); /* TP#2 */
2021  }
2022 
2023  /* Build descriptors. */
2024  build_service_descriptor(service, current_desc_tp, &service->desc_current);
2025  build_service_descriptor(service, next_desc_tp, &service->desc_next);
2026  log_info(LD_REND, "Hidden service %s has just started. Both descriptors "
2027  "built. Now scheduled for upload.",
2028  safe_str_client(service->onion_address));
2029 }
2030 
2031 /* Build descriptors for each service if needed. There are conditions to build
2032  * a descriptor which are details in the function. */
2033 STATIC void
2034 build_all_descriptors(time_t now)
2035 {
2036  FOR_EACH_SERVICE_BEGIN(service) {
2037 
2038  /* A service booting up will have both descriptors to NULL. No other cases
2039  * makes both descriptor non existent. */
2040  if (service->desc_current == NULL && service->desc_next == NULL) {
2041  build_descriptors_for_new_service(service, now);
2042  continue;
2043  }
2044 
2045  /* Reaching this point means we are pass bootup so at runtime. We should
2046  * *never* have an empty current descriptor. If the next descriptor is
2047  * empty, we'll try to build it for the next time period. This only
2048  * happens when we rotate meaning that we are guaranteed to have a new SRV
2049  * at that point for the next time period. */
2050  if (BUG(service->desc_current == NULL)) {
2051  continue;
2052  }
2053 
2054  if (service->desc_next == NULL) {
2055  build_service_descriptor(service, hs_get_next_time_period_num(0),
2056  &service->desc_next);
2057  log_info(LD_REND, "Hidden service %s next descriptor successfully "
2058  "built. Now scheduled for upload.",
2059  safe_str_client(service->onion_address));
2060  }
2061  } FOR_EACH_DESCRIPTOR_END;
2062 }
2063 
2064 /* Randomly pick a node to become an introduction point but not present in the
2065  * given exclude_nodes list. The chosen node is put in the exclude list
2066  * regardless of success or not because in case of failure, the node is simply
2067  * unsusable from that point on.
2068  *
2069  * If direct_conn is set, try to pick a node that our local firewall/policy
2070  * allows us to connect to directly. If we can't find any, return NULL.
2071  * This function supports selecting dual-stack nodes for direct single onion
2072  * service IPv6 connections. But it does not send IPv6 addresses in link
2073  * specifiers. (Current clients don't use IPv6 addresses to extend, and
2074  * direct client connections to intro points are not supported.)
2075  *
2076  * Return a newly allocated service intro point ready to be used for encoding.
2077  * Return NULL on error. */
2078 static hs_service_intro_point_t *
2079 pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
2080 {
2081  const or_options_t *options = get_options();
2082  const node_t *node;
2083  hs_service_intro_point_t *ip = NULL;
2084  /* Normal 3-hop introduction point flags. */
2085  router_crn_flags_t flags = CRN_NEED_UPTIME | CRN_NEED_DESC;
2086  /* Single onion flags. */
2087  router_crn_flags_t direct_flags = flags | CRN_PREF_ADDR | CRN_DIRECT_CONN;
2088 
2089  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2090  direct_conn ? direct_flags : flags);
2091 
2092  /* If we are in single onion mode, retry node selection for a 3-hop
2093  * path */
2094  if (direct_conn && !node) {
2095  log_info(LD_REND,
2096  "Unable to find an intro point that we can connect to "
2097  "directly, falling back to a 3-hop path.");
2098  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2099  flags);
2100  }
2101 
2102  if (!node) {
2103  goto err;
2104  }
2105 
2106  /* We have a suitable node, add it to the exclude list. We do this *before*
2107  * we can validate the extend information because even in case of failure,
2108  * we don't want to use that node anymore. */
2109  smartlist_add(exclude_nodes, (void *) node);
2110 
2111  /* Create our objects and populate them with the node information. */
2112  ip = service_intro_point_new(node);
2113 
2114  if (ip == NULL) {
2115  goto err;
2116  }
2117 
2118  log_info(LD_REND, "Picked intro point: %s", node_describe(node));
2119  return ip;
2120  err:
2121  service_intro_point_free(ip);
2122  return NULL;
2123 }
2124 
2125 /* For a given descriptor from the given service, pick any needed intro points
2126  * and update the current map with those newly picked intro points. Return the
2127  * number node that might have been added to the descriptor current map. */
2128 static unsigned int
2129 pick_needed_intro_points(hs_service_t *service,
2131 {
2132  int i = 0, num_needed_ip;
2133  smartlist_t *exclude_nodes = smartlist_new();
2134 
2135  tor_assert(service);
2136  tor_assert(desc);
2137 
2138  /* Compute how many intro points we actually need to open. */
2139  num_needed_ip = service->config.num_intro_points -
2140  digest256map_size(desc->intro_points.map);
2141  if (BUG(num_needed_ip < 0)) {
2142  /* Let's not make tor freak out here and just skip this. */
2143  goto done;
2144  }
2145 
2146  /* We want to end up with config.num_intro_points intro points, but if we
2147  * have no intro points at all (chances are they all cycled or we are
2148  * starting up), we launch get_intro_point_num_extra() extra circuits and
2149  * use the first config.num_intro_points that complete. See proposal #155,
2150  * section 4 for the rationale of this which is purely for performance.
2151  *
2152  * The ones after the first config.num_intro_points will be converted to
2153  * 'General' internal circuits and then we'll drop them from the list of
2154  * intro points. */
2155  if (digest256map_size(desc->intro_points.map) == 0) {
2156  num_needed_ip += get_intro_point_num_extra();
2157  }
2158 
2159  /* Build an exclude list of nodes of our intro point(s). The expiring intro
2160  * points are OK to pick again because this is afterall a concept of round
2161  * robin so they are considered valid nodes to pick again. */
2162  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
2163  hs_service_intro_point_t *, ip) {
2164  const node_t *intro_node = get_node_from_intro_point(ip);
2165  if (intro_node) {
2166  smartlist_add(exclude_nodes, (void*)intro_node);
2167  }
2168  } DIGEST256MAP_FOREACH_END;
2169  /* Also, add the failing intro points that our descriptor encounteered in
2170  * the exclude node list. */
2171  setup_intro_point_exclude_list(desc, exclude_nodes);
2172 
2173  for (i = 0; i < num_needed_ip; i++) {
2175 
2176  /* This function will add the picked intro point node to the exclude nodes
2177  * list so we don't pick the same one at the next iteration. */
2178  ip = pick_intro_point(service->config.is_single_onion, exclude_nodes);
2179  if (ip == NULL) {
2180  /* If we end up unable to pick an introduction point it is because we
2181  * can't find suitable node and calling this again is highly unlikely to
2182  * give us a valid node all of the sudden. */
2183  log_info(LD_REND, "Unable to find a suitable node to be an "
2184  "introduction point for service %s.",
2185  safe_str_client(service->onion_address));
2186  goto done;
2187  }
2188  /* Valid intro point object, add it to the descriptor current map. */
2189  service_intro_point_add(desc->intro_points.map, ip);
2190  }
2191  /* We've successfully picked all our needed intro points thus none are
2192  * missing which will tell our upload process to expect the number of
2193  * circuits to be the number of configured intro points circuits and not the
2194  * number of intro points object that we have. */
2195  desc->missing_intro_points = 0;
2196 
2197  /* Success. */
2198  done:
2199  /* We don't have ownership of the node_t object in this list. */
2200  smartlist_free(exclude_nodes);
2201  return i;
2202 }
2203 
2205 static void
2207 {
2208  if (BUG(!desc->previous_hsdirs)) {
2209  return;
2210  }
2211 
2212  SMARTLIST_FOREACH(desc->previous_hsdirs, char*, s, tor_free(s));
2214 }
2215 
2217 static void
2219 {
2220  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
2221  digest_to_base64(b64_digest, hsdir->identity);
2222 
2223  if (BUG(!desc->previous_hsdirs)) {
2224  return;
2225  }
2226 
2227  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
2228  smartlist_add_strdup(desc->previous_hsdirs, b64_digest);
2229  }
2230 }
2231 
2234 STATIC void
2236  time_t now,
2237  int descriptor_changed)
2238 
2239 {
2240  desc->next_upload_time = now;
2241 
2242  /* If the descriptor changed, clean up the old HSDirs list. We want to
2243  * re-upload no matter what. */
2244  if (descriptor_changed) {
2246  }
2247 }
2248 
2249 /* Pick missing intro points for this descriptor if needed. */
2250 static void
2251 update_service_descriptor_intro_points(hs_service_t *service,
2252  hs_service_descriptor_t *desc, time_t now)
2253 {
2254  unsigned int num_intro_points;
2255 
2256  tor_assert(service);
2257  tor_assert(desc);
2258  tor_assert(desc->desc);
2259 
2260  num_intro_points = digest256map_size(desc->intro_points.map);
2261 
2262  /* Pick any missing introduction point(s). */
2263  if (num_intro_points < service->config.num_intro_points) {
2264  unsigned int num_new_intro_points = pick_needed_intro_points(service,
2265  desc);
2266  if (num_new_intro_points != 0) {
2267  log_info(LD_REND, "Service %s just picked %u intro points and wanted "
2268  "%u for %s descriptor. It currently has %d intro "
2269  "points. Launching ESTABLISH_INTRO circuit shortly.",
2270  safe_str_client(service->onion_address),
2271  num_new_intro_points,
2272  service->config.num_intro_points - num_intro_points,
2273  (desc == service->desc_current) ? "current" : "next",
2274  num_intro_points);
2275  /* We'll build those introduction point into the descriptor once we have
2276  * confirmation that the circuits are opened and ready. However,
2277  * indicate that this descriptor should be uploaded from now on. */
2278  service_desc_schedule_upload(desc, now, 1);
2279  }
2280  /* Were we able to pick all the intro points we needed? If not, we'll
2281  * flag the descriptor that it's missing intro points because it
2282  * couldn't pick enough which will trigger a descriptor upload. */
2283  if ((num_new_intro_points + num_intro_points) <
2284  service->config.num_intro_points) {
2285  desc->missing_intro_points = 1;
2286  }
2287  }
2288 }
2289 
2290 /* Update descriptor intro points for each service if needed. We do this as
2291  * part of the periodic event because we need to establish intro point circuits
2292  * before we publish descriptors. */
2293 STATIC void
2294 update_all_descriptors_intro_points(time_t now)
2295 {
2296  FOR_EACH_SERVICE_BEGIN(service) {
2297  /* We'll try to update each descriptor that is if certain conditions apply
2298  * in order for the descriptor to be updated. */
2299  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2300  update_service_descriptor_intro_points(service, desc, now);
2301  } FOR_EACH_DESCRIPTOR_END;
2302  } FOR_EACH_SERVICE_END;
2303 }
2304 
2305 /* Return true iff the given intro point has expired that is it has been used
2306  * for too long or we've reached our max seen INTRODUCE2 cell. */
2307 STATIC int
2308 intro_point_should_expire(const hs_service_intro_point_t *ip,
2309  time_t now)
2310 {
2311  tor_assert(ip);
2312 
2313  if (ip->introduce2_count >= ip->introduce2_max) {
2314  goto expired;
2315  }
2316 
2317  if (ip->time_to_expire <= now) {
2318  goto expired;
2319  }
2320 
2321  /* Not expiring. */
2322  return 0;
2323  expired:
2324  return 1;
2325 }
2326 
2327 /* Go over the given set of intro points for each service and remove any
2328  * invalid ones. The conditions for removal are:
2329  *
2330  * - The node doesn't exists anymore (not in consensus)
2331  * OR
2332  * - The intro point maximum circuit retry count has been reached and no
2333  * circuit can be found associated with it.
2334  * OR
2335  * - The intro point has expired and we should pick a new one.
2336  *
2337  * If an intro point is removed, the circuit (if any) is immediately close.
2338  * If a circuit can't be found, the intro point is kept if it hasn't reached
2339  * its maximum circuit retry value and thus should be retried. */
2340 static void
2341 cleanup_intro_points(hs_service_t *service, time_t now)
2342 {
2343  /* List of intro points to close. We can't mark the intro circuits for close
2344  * in the modify loop because doing so calls
2345  * hs_service_intro_circ_has_closed() which does a digest256map_get() on the
2346  * intro points map (that we are iterating over). This can't be done in a
2347  * single iteration after a MAP_DEL_CURRENT, the object will still be
2348  * returned leading to a use-after-free. So, we close the circuits and free
2349  * the intro points after the loop if any. */
2350  smartlist_t *ips_to_free = smartlist_new();
2351 
2352  tor_assert(service);
2353 
2354  /* For both descriptors, cleanup the intro points. */
2355  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2356  /* Go over the current intro points we have, make sure they are still
2357  * valid and remove any of them that aren't. */
2358  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2359  hs_service_intro_point_t *, ip) {
2360  const node_t *node = get_node_from_intro_point(ip);
2361  int has_expired = intro_point_should_expire(ip, now);
2362 
2363  /* We cleanup an intro point if it has expired or if we do not know the
2364  * node_t anymore (removed from our latest consensus) or if we've
2365  * reached the maximum number of retry with a non existing circuit. */
2366  if (has_expired || node == NULL ||
2367  ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
2368  log_info(LD_REND, "Intro point %s%s (retried: %u times). "
2369  "Removing it.",
2370  describe_intro_point(ip),
2371  has_expired ? " has expired" :
2372  (node == NULL) ? " fell off the consensus" : "",
2373  ip->circuit_retries);
2374 
2375  /* We've retried too many times, remember it as a failed intro point
2376  * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2377  if (ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
2378  remember_failing_intro_point(ip, desc, approx_time());
2379  }
2380 
2381  /* Remove intro point from descriptor map and add it to the list of
2382  * ips to free for which we'll also try to close the intro circuit. */
2383  MAP_DEL_CURRENT(key);
2384  smartlist_add(ips_to_free, ip);
2385  }
2386  } DIGEST256MAP_FOREACH_END;
2387  } FOR_EACH_DESCRIPTOR_END;
2388 
2389  /* Go over the intro points to free and close their circuit if any. */
2391  /* See if we need to close the intro point circuit as well */
2392 
2393  /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2394  * open until a new descriptor is uploaded and then closed all expiring
2395  * intro point circuit. Here, we close immediately and because we just
2396  * discarded the intro point, a new one will be selected, a new descriptor
2397  * created and uploaded. There is no difference to an attacker between the
2398  * timing of a new consensus and intro point rotation (possibly?). */
2399  origin_circuit_t *ocirc = hs_circ_service_get_intro_circ(ip);
2400  if (ocirc && !TO_CIRCUIT(ocirc)->marked_for_close) {
2401  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2402  }
2403 
2404  /* Cleanup the intro point */
2405  service_intro_point_free(ip);
2406  } SMARTLIST_FOREACH_END(ip);
2407 
2408  smartlist_free(ips_to_free);
2409 }
2410 
2411 /* Set the next rotation time of the descriptors for the given service for the
2412  * time now. */
2413 static void
2414 set_rotation_time(hs_service_t *service)
2415 {
2416  tor_assert(service);
2417 
2418  service->state.next_rotation_time =
2421 
2422  {
2423  char fmt_time[ISO_TIME_LEN + 1];
2424  format_local_iso_time(fmt_time, service->state.next_rotation_time);
2425  log_info(LD_REND, "Next descriptor rotation time set to %s for %s",
2426  fmt_time, safe_str_client(service->onion_address));
2427  }
2428 }
2429 
2430 /* Return true iff the service should rotate its descriptor. The time now is
2431  * only used to fetch the live consensus and if none can be found, this
2432  * returns false. */
2433 static unsigned int
2434 should_rotate_descriptors(hs_service_t *service, time_t now)
2435 {
2436  const networkstatus_t *ns;
2437 
2438  tor_assert(service);
2439 
2440  ns = networkstatus_get_live_consensus(now);
2441  if (ns == NULL) {
2442  goto no_rotation;
2443  }
2444 
2445  if (ns->valid_after >= service->state.next_rotation_time) {
2446  /* In theory, we should never get here with no descriptors. We can never
2447  * have a NULL current descriptor except when tor starts up. The next
2448  * descriptor can be NULL after a rotation but we build a new one right
2449  * after.
2450  *
2451  * So, when tor starts, the next rotation time is set to the start of the
2452  * next SRV period using the consensus valid after time so it should
2453  * always be set to a future time value. This means that we should never
2454  * reach this point at bootup that is this check safeguards tor in never
2455  * allowing a rotation if the valid after time is smaller than the next
2456  * rotation time.
2457  *
2458  * This is all good in theory but we've had a NULL descriptor issue here
2459  * so this is why we BUG() on both with extra logging to try to understand
2460  * how this can possibly happens. We'll simply ignore and tor should
2461  * recover from this by skipping rotation and building the missing
2462  * descriptors just after this. */
2463  if (BUG(service->desc_current == NULL || service->desc_next == NULL)) {
2464  log_warn(LD_BUG, "Service descriptor is NULL (%p/%p). Next rotation "
2465  "time is %ld (now: %ld). Valid after time from "
2466  "consensus is %ld",
2467  service->desc_current, service->desc_next,
2468  (long)service->state.next_rotation_time,
2469  (long)now,
2470  (long)ns->valid_after);
2471  goto no_rotation;
2472  }
2473  goto rotation;
2474  }
2475 
2476  no_rotation:
2477  return 0;
2478  rotation:
2479  return 1;
2480 }
2481 
2482 /* Rotate the service descriptors of the given service. The current descriptor
2483  * will be freed, the next one put in as the current and finally the next
2484  * descriptor pointer is NULLified. */
2485 static void
2486 rotate_service_descriptors(hs_service_t *service)
2487 {
2488  if (service->desc_current) {
2489  /* Close all IP circuits for the descriptor. */
2490  close_intro_circuits(&service->desc_current->intro_points);
2491  /* We don't need this one anymore, we won't serve any clients coming with
2492  * this service descriptor. */
2493  service_descriptor_free(service->desc_current);
2494  }
2495  /* The next one become the current one and emptying the next will trigger
2496  * a descriptor creation for it. */
2497  service->desc_current = service->desc_next;
2498  service->desc_next = NULL;
2499 
2500  /* We've just rotated, set the next time for the rotation. */
2501  set_rotation_time(service);
2502 }
2503 
2504 /* Rotate descriptors for each service if needed. A non existing current
2505  * descriptor will trigger a descriptor build for the next time period. */
2506 STATIC void
2507 rotate_all_descriptors(time_t now)
2508 {
2509  /* XXX We rotate all our service descriptors at once. In the future it might
2510  * be wise, to rotate service descriptors independently to hide that all
2511  * those descriptors are on the same tor instance */
2512 
2513  FOR_EACH_SERVICE_BEGIN(service) {
2514 
2515  /* Note for a service booting up: Both descriptors are NULL in that case
2516  * so this function might return true if we are in the timeframe for a
2517  * rotation leading to basically swapping two NULL pointers which is
2518  * harmless. However, the side effect is that triggering a rotation will
2519  * update the service state and avoid doing anymore rotations after the
2520  * two descriptors have been built. */
2521  if (!should_rotate_descriptors(service, now)) {
2522  continue;
2523  }
2524 
2525  log_info(LD_REND, "Time to rotate our descriptors (%p / %p) for %s",
2526  service->desc_current, service->desc_next,
2527  safe_str_client(service->onion_address));
2528 
2529  rotate_service_descriptors(service);
2530  } FOR_EACH_SERVICE_END;
2531 }
2532 
2533 /* Scheduled event run from the main loop. Make sure all our services are up
2534  * to date and ready for the other scheduled events. This includes looking at
2535  * the introduction points status and descriptor rotation time. */
2536 STATIC void
2537 run_housekeeping_event(time_t now)
2538 {
2539  /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2540  * simply moving things around or removing unneeded elements. */
2541 
2542  FOR_EACH_SERVICE_BEGIN(service) {
2543 
2544  /* If the service is starting off, set the rotation time. We can't do that
2545  * at configure time because the get_options() needs to be set for setting
2546  * that time that uses the voting interval. */
2547  if (service->state.next_rotation_time == 0) {
2548  /* Set the next rotation time of the descriptors. If it's Oct 25th
2549  * 23:47:00, the next rotation time is when the next SRV is computed
2550  * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2551  set_rotation_time(service);
2552  }
2553 
2554  /* Cleanup invalid intro points from the service descriptor. */
2555  cleanup_intro_points(service, now);
2556 
2557  /* Remove expired failing intro point from the descriptor failed list. We
2558  * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2559  remove_expired_failing_intro(service, now);
2560 
2561  /* At this point, the service is now ready to go through the scheduled
2562  * events guaranteeing a valid state. Intro points might be missing from
2563  * the descriptors after the cleanup but the update/build process will
2564  * make sure we pick those missing ones. */
2565  } FOR_EACH_SERVICE_END;
2566 }
2567 
2568 /* Scheduled event run from the main loop. Make sure all descriptors are up to
2569  * date. Once this returns, each service descriptor needs to be considered for
2570  * new introduction circuits and then for upload. */
2571 static void
2572 run_build_descriptor_event(time_t now)
2573 {
2574  /* For v2 services, this step happens in the upload event. */
2575 
2576  /* Run v3+ events. */
2577  /* We start by rotating the descriptors only if needed. */
2578  rotate_all_descriptors(now);
2579 
2580  /* Then, we'll try to build new descriptors that we might need. The
2581  * condition is that the next descriptor is non existing because it has
2582  * been rotated or we just started up. */
2583  build_all_descriptors(now);
2584 
2585  /* Finally, we'll check if we should update the descriptors' intro
2586  * points. Missing introduction points will be picked in this function which
2587  * is useful for newly built descriptors. */
2588  update_all_descriptors_intro_points(now);
2589 }
2590 
2591 /* For the given service, launch any intro point circuits that could be
2592  * needed. This considers every descriptor of the service. */
2593 static void
2594 launch_intro_point_circuits(hs_service_t *service)
2595 {
2596  tor_assert(service);
2597 
2598  /* For both descriptors, try to launch any missing introduction point
2599  * circuits using the current map. */
2600  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2601  /* Keep a ref on if we need a direct connection. We use this often. */
2602  bool direct_conn = service->config.is_single_onion;
2603 
2604  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2605  hs_service_intro_point_t *, ip) {
2606  extend_info_t *ei;
2607 
2608  /* Skip the intro point that already has an existing circuit
2609  * (established or not). */
2610  if (hs_circ_service_get_intro_circ(ip)) {
2611  continue;
2612  }
2613  ei = get_extend_info_from_intro_point(ip, direct_conn);
2614 
2615  /* If we can't connect directly to the intro point, get an extend_info
2616  * for a multi-hop path instead. */
2617  if (ei == NULL && direct_conn) {
2618  direct_conn = false;
2619  ei = get_extend_info_from_intro_point(ip, 0);
2620  }
2621 
2622  if (ei == NULL) {
2623  /* This is possible if we can get a node_t but not the extend info out
2624  * of it. In this case, we remove the intro point and a new one will
2625  * be picked at the next main loop callback. */
2626  MAP_DEL_CURRENT(key);
2627  service_intro_point_free(ip);
2628  continue;
2629  }
2630 
2631  /* Launch a circuit to the intro point. */
2632  ip->circuit_retries++;
2633  if (hs_circ_launch_intro_point(service, ip, ei, direct_conn) < 0) {
2634  log_info(LD_REND, "Unable to launch intro circuit to node %s "
2635  "for service %s.",
2636  safe_str_client(extend_info_describe(ei)),
2637  safe_str_client(service->onion_address));
2638  /* Intro point will be retried if possible after this. */
2639  }
2640  extend_info_free(ei);
2641  } DIGEST256MAP_FOREACH_END;
2642  } FOR_EACH_DESCRIPTOR_END;
2643 }
2644 
2645 /* Don't try to build more than this many circuits before giving up for a
2646  * while. Dynamically calculated based on the configured number of intro
2647  * points for the given service and how many descriptor exists. The default
2648  * use case of 3 introduction points and two descriptors will allow 28
2649  * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2650 static unsigned int
2651 get_max_intro_circ_per_period(const hs_service_t *service)
2652 {
2653  unsigned int count = 0;
2654  unsigned int multiplier = 0;
2655  unsigned int num_wanted_ip;
2656 
2657  tor_assert(service);
2658  tor_assert(service->config.num_intro_points <=
2659  HS_CONFIG_V3_MAX_INTRO_POINTS);
2660 
2661 /* For a testing network, allow to do it for the maximum amount so circuit
2662  * creation and rotation and so on can actually be tested without limit. */
2663 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2664  if (get_options()->TestingTorNetwork) {
2665  return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
2666  }
2667 
2668  num_wanted_ip = service->config.num_intro_points;
2669 
2670  /* The calculation is as follow. We have a number of intro points that we
2671  * want configured as a torrc option (num_intro_points). We then add an
2672  * extra value so we can launch multiple circuits at once and pick the
2673  * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2674  * pick 5 intros and launch 5 circuits. */
2675  count += (num_wanted_ip + get_intro_point_num_extra());
2676 
2677  /* Then we add the number of retries that is possible to do for each intro
2678  * point. If we want 3 intros, we'll allow 3 times the number of possible
2679  * retry. */
2680  count += (num_wanted_ip * MAX_INTRO_POINT_CIRCUIT_RETRIES);
2681 
2682  /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2683  * have none. */
2684  multiplier += (service->desc_current) ? 1 : 0;
2685  multiplier += (service->desc_next) ? 1 : 0;
2686 
2687  return (count * multiplier);
2688 }
2689 
2690 /* For the given service, return 1 if the service is allowed to launch more
2691  * introduction circuits else 0 if the maximum has been reached for the retry
2692  * period of INTRO_CIRC_RETRY_PERIOD. */
2693 STATIC int
2694 can_service_launch_intro_circuit(hs_service_t *service, time_t now)
2695 {
2696  tor_assert(service);
2697 
2698  /* Consider the intro circuit retry period of the service. */
2699  if (now > (service->state.intro_circ_retry_started_time +
2701  service->state.intro_circ_retry_started_time = now;
2702  service->state.num_intro_circ_launched = 0;
2703  goto allow;
2704  }
2705  /* Check if we can still launch more circuits in this period. */
2706  if (service->state.num_intro_circ_launched <=
2707  get_max_intro_circ_per_period(service)) {
2708  goto allow;
2709  }
2710 
2711  /* Rate limit log that we've reached our circuit creation limit. */
2712  {
2713  char *msg;
2714  time_t elapsed_time = now - service->state.intro_circ_retry_started_time;
2715  static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD);
2716  if ((msg = rate_limit_log(&rlimit, now))) {
2717  log_info(LD_REND, "Hidden service %s exceeded its circuit launch limit "
2718  "of %u per %d seconds. It launched %u circuits in "
2719  "the last %ld seconds. Will retry in %ld seconds.",
2720  safe_str_client(service->onion_address),
2721  get_max_intro_circ_per_period(service),
2723  service->state.num_intro_circ_launched,
2724  (long int) elapsed_time,
2725  (long int) (INTRO_CIRC_RETRY_PERIOD - elapsed_time));
2726  tor_free(msg);
2727  }
2728  }
2729 
2730  /* Not allow. */
2731  return 0;
2732  allow:
2733  return 1;
2734 }
2735 
2736 /* Scheduled event run from the main loop. Make sure we have all the circuits
2737  * we need for each service. */
2738 static void
2739 run_build_circuit_event(time_t now)
2740 {
2741  /* Make sure we can actually have enough information or able to build
2742  * internal circuits as required by services. */
2743  if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN ||
2745  return;
2746  }
2747 
2748  /* Run v2 check. */
2749  if (rend_num_services() > 0) {
2751  }
2752 
2753  /* Run v3+ check. */
2754  FOR_EACH_SERVICE_BEGIN(service) {
2755  /* For introduction circuit, we need to make sure we don't stress too much
2756  * circuit creation so make sure this service is respecting that limit. */
2757  if (can_service_launch_intro_circuit(service, now)) {
2758  /* Launch intro point circuits if needed. */
2759  launch_intro_point_circuits(service);
2760  /* Once the circuits have opened, we'll make sure to update the
2761  * descriptor intro point list and cleanup any extraneous. */
2762  }
2763  } FOR_EACH_SERVICE_END;
2764 }
2765 
2766 /* Encode and sign the service descriptor desc and upload it to the given
2767  * hidden service directory. This does nothing if PublishHidServDescriptors
2768  * is false. */
2769 static void
2770 upload_descriptor_to_hsdir(const hs_service_t *service,
2771  hs_service_descriptor_t *desc, const node_t *hsdir)
2772 {
2773  char *encoded_desc = NULL;
2774 
2775  tor_assert(service);
2776  tor_assert(desc);
2777  tor_assert(hsdir);
2778 
2779  /* Let's avoid doing that if tor is configured to not publish. */
2780  if (!get_options()->PublishHidServDescriptors) {
2781  log_info(LD_REND, "Service %s not publishing descriptor. "
2782  "PublishHidServDescriptors is set to 1.",
2783  safe_str_client(service->onion_address));
2784  goto end;
2785  }
2786 
2787  /* First of all, we'll encode the descriptor. This should NEVER fail but
2788  * just in case, let's make sure we have an actual usable descriptor. */
2789  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2790  &encoded_desc) < 0)) {
2791  goto end;
2792  }
2793 
2794  /* Time to upload the descriptor to the directory. */
2795  hs_service_upload_desc_to_dir(encoded_desc, service->config.version,
2796  &service->keys.identity_pk,
2797  &desc->blinded_kp.pubkey, hsdir->rs);
2798 
2799  /* Add this node to previous_hsdirs list */
2800  service_desc_note_upload(desc, hsdir);
2801 
2802  /* Logging so we know where it was sent. */
2803  {
2804  int is_next_desc = (service->desc_next == desc);
2805  const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.store_second:
2806  hsdir->hsdir_index.store_first;
2807  char *blinded_pubkey_log_str =
2808  tor_strdup(hex_str((char*)&desc->blinded_kp.pubkey.pubkey, 32));
2809  log_info(LD_REND, "Service %s %s descriptor of revision %" PRIu64
2810  " initiated upload request to %s with index %s (%s)",
2811  safe_str_client(service->onion_address),
2812  (is_next_desc) ? "next" : "current",
2813  desc->desc->plaintext_data.revision_counter,
2814  safe_str_client(node_describe(hsdir)),
2815  safe_str_client(hex_str((const char *) idx, 32)),
2816  safe_str_client(blinded_pubkey_log_str));
2817  tor_free(blinded_pubkey_log_str);
2818 
2819  /* Fire a UPLOAD control port event. */
2820  hs_control_desc_event_upload(service->onion_address, hsdir->identity,
2821  &desc->blinded_kp.pubkey, idx);
2822  }
2823 
2824  end:
2825  tor_free(encoded_desc);
2826  return;
2827 }
2828 
2835 static void
2837  bool is_current)
2838 {
2839  uint64_t rev_counter = 0;
2840 
2841  /* Get current time */
2842  time_t srv_start = 0;
2843 
2844  /* As our revision counter plaintext value, we use the seconds since the
2845  * start of the SR protocol run that is relevant to this descriptor. This is
2846  * guaranteed to be a positive value since we need the SRV to start making a
2847  * descriptor (so that we know where to upload it).
2848  *
2849  * Depending on whether we are building the current or the next descriptor,
2850  * services use a different SRV value. See [SERVICEUPLOAD] in
2851  * rend-spec-v3.txt:
2852  *
2853  * In particular, for the current descriptor (aka first descriptor), Tor
2854  * always uses the previous SRV for uploading the descriptor, and hence we
2855  * should use the start time of the previous protocol run here.
2856  *
2857  * Whereas for the next descriptor (aka second descriptor), Tor always uses
2858  * the current SRV for uploading the descriptor. and hence we use the start
2859  * time of the current protocol run.
2860  */
2861  if (is_current) {
2863  } else {
2865  }
2866 
2867  log_info(LD_REND, "Setting rev counter for TP #%u: "
2868  "SRV started at %d, now %d (%s)",
2869  (unsigned) hs_desc->time_period_num, (int)srv_start,
2870  (int)now, is_current ? "current" : "next");
2871 
2872  tor_assert_nonfatal(now >= srv_start);
2873 
2874  /* Compute seconds elapsed since the start of the time period. That's the
2875  * number of seconds of how long this blinded key has been active. */
2876  time_t seconds_since_start_of_srv = now - srv_start;
2877 
2878  /* Increment by one so that we are definitely sure this is strictly
2879  * positive and not zero. */
2880  seconds_since_start_of_srv++;
2881 
2882  /* Check for too big inputs. */
2883  if (BUG(seconds_since_start_of_srv > OPE_INPUT_MAX)) {
2884  seconds_since_start_of_srv = OPE_INPUT_MAX;
2885  }
2886 
2887  /* Now we compute the final revision counter value by encrypting the
2888  plaintext using our OPE cipher: */
2889  tor_assert(hs_desc->ope_cipher);
2890  rev_counter = crypto_ope_encrypt(hs_desc->ope_cipher,
2891  (int) seconds_since_start_of_srv);
2892 
2893  /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2894  tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
2895 
2896  log_info(LD_REND, "Encrypted revision counter %d to %" PRIu64,
2897  (int) seconds_since_start_of_srv, rev_counter);
2898 
2899  hs_desc->desc->plaintext_data.revision_counter = rev_counter;
2900 }
2901 
2902 /* Encode and sign the service descriptor desc and upload it to the
2903  * responsible hidden service directories. If for_next_period is true, the set
2904  * of directories are selected using the next hsdir_index. This does nothing
2905  * if PublishHidServDescriptors is false. */
2906 STATIC void
2909 {
2910  smartlist_t *responsible_dirs = NULL;
2911 
2912  tor_assert(service);
2913  tor_assert(desc);
2914 
2915  /* We'll first cancel any directory request that are ongoing for this
2916  * descriptor. It is possible that we can trigger multiple uploads in a
2917  * short time frame which can lead to a race where the second upload arrives
2918  * before the first one leading to a 400 malformed descriptor response from
2919  * the directory. Closing all pending requests avoids that. */
2920  close_directory_connections(service, desc);
2921 
2922  /* Get our list of responsible HSDir. */
2923  responsible_dirs = smartlist_new();
2924  /* The parameter 0 means that we aren't a client so tell the function to use
2925  * the spread store consensus paremeter. */
2926  hs_get_responsible_hsdirs(&desc->blinded_kp.pubkey, desc->time_period_num,
2927  service->desc_next == desc, 0, responsible_dirs);
2928 
2932 
2933  /* For each responsible HSDir we have, initiate an upload command. */
2934  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *,
2935  hsdir_rs) {
2936  const node_t *hsdir_node = node_get_by_id(hsdir_rs->identity_digest);
2937  /* Getting responsible hsdir implies that the node_t object exists for the
2938  * routerstatus_t found in the consensus else we have a problem. */
2939  tor_assert(hsdir_node);
2940  /* Upload this descriptor to the chosen directory. */
2941  upload_descriptor_to_hsdir(service, desc, hsdir_node);
2942  } SMARTLIST_FOREACH_END(hsdir_rs);
2943 
2944  /* Set the next upload time for this descriptor. Even if we are configured
2945  * to not upload, we still want to follow the right cycle of life for this
2946  * descriptor. */
2947  desc->next_upload_time =
2948  (time(NULL) + crypto_rand_int_range(HS_SERVICE_NEXT_UPLOAD_TIME_MIN,
2949  HS_SERVICE_NEXT_UPLOAD_TIME_MAX));
2950  {
2951  char fmt_next_time[ISO_TIME_LEN+1];
2952  format_local_iso_time(fmt_next_time, desc->next_upload_time);
2953  log_debug(LD_REND, "Service %s set to upload a descriptor at %s",
2954  safe_str_client(service->onion_address), fmt_next_time);
2955  }
2956 
2957  smartlist_free(responsible_dirs);
2958  return;
2959 }
2960 
2963 STATIC int
2965  const hs_service_descriptor_t *desc)
2966 {
2967  int should_reupload = 0;
2968  smartlist_t *responsible_dirs = smartlist_new();
2969 
2970  /* No desc upload has happened yet: it will happen eventually */
2971  if (!desc->previous_hsdirs || !smartlist_len(desc->previous_hsdirs)) {
2972  goto done;
2973  }
2974 
2975  /* Get list of responsible hsdirs */
2976  hs_get_responsible_hsdirs(&desc->blinded_kp.pubkey, desc->time_period_num,
2977  service->desc_next == desc, 0, responsible_dirs);
2978 
2979  /* Check if any new hsdirs have been added to the responsible hsdirs set:
2980  * Iterate over the list of new hsdirs, and reupload if any of them is not
2981  * present in the list of previous hsdirs.
2982  */
2983  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *, hsdir_rs) {
2984  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
2985  digest_to_base64(b64_digest, hsdir_rs->identity_digest);
2986 
2987  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
2988  should_reupload = 1;
2989  break;
2990  }
2991  } SMARTLIST_FOREACH_END(hsdir_rs);
2992 
2993  done:
2994  smartlist_free(responsible_dirs);
2995 
2996  return should_reupload;
2997 }
2998 
2999 /* Return 1 if the given descriptor from the given service can be uploaded
3000  * else return 0 if it can not. */
3001 static int
3002 should_service_upload_descriptor(const hs_service_t *service,
3003  const hs_service_descriptor_t *desc, time_t now)
3004 {
3005  unsigned int num_intro_points;
3006 
3007  tor_assert(service);
3008  tor_assert(desc);
3009 
3010  /* If this descriptors has missing intro points that is that it couldn't get
3011  * them all when it was time to pick them, it means that we should upload
3012  * instead of waiting an arbitrary amount of time breaking the service.
3013  * Else, if we have no missing intro points, we use the value taken from the
3014  * service configuration. */
3015  if (desc->missing_intro_points) {
3016  num_intro_points = digest256map_size(desc->intro_points.map);
3017  } else {
3018  num_intro_points = service->config.num_intro_points;
3019  }
3020 
3021  /* This means we tried to pick intro points but couldn't get any so do not
3022  * upload descriptor in this case. We need at least one for the service to
3023  * be reachable. */
3024  if (desc->missing_intro_points && num_intro_points == 0) {
3025  goto cannot;
3026  }
3027 
3028  /* Check if all our introduction circuit have been established for all the
3029  * intro points we have selected. */
3030  if (count_desc_circuit_established(desc) != num_intro_points) {
3031  goto cannot;
3032  }
3033 
3034  /* Is it the right time to upload? */
3035  if (desc->next_upload_time > now) {
3036  goto cannot;
3037  }
3038 
3039  /* Don't upload desc if we don't have a live consensus */
3040  if (!networkstatus_get_live_consensus(now)) {
3041  goto cannot;
3042  }
3043 
3044  /* Do we know enough router descriptors to have adequate vision of the HSDir
3045  hash ring? */
3046  if (!router_have_minimum_dir_info()) {
3047  goto cannot;
3048  }
3049 
3050  /* Can upload! */
3051  return 1;
3052  cannot:
3053  return 0;
3054 }
3055 
3056 /* Refresh the given service descriptor meaning this will update every mutable
3057  * field that needs to be updated before we upload.
3058  *
3059  * This should ONLY be called before uploading a descriptor. It assumes that
3060  * the descriptor has been built (desc->desc) and that all intro point
3061  * circuits have been established. */
3062 static void
3063 refresh_service_descriptor(const hs_service_t *service,
3064  hs_service_descriptor_t *desc, time_t now)
3065 {
3066  /* There are few fields that we consider "mutable" in the descriptor meaning
3067  * we need to update them regurlarly over the lifetime fo the descriptor.
3068  * The rest are set once and should not be modified.
3069  *
3070  * - Signing key certificate.
3071  * - Revision counter.
3072  * - Introduction points which includes many thing. See
3073  * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3074  */
3075 
3076  /* Create the signing key certificate. */
3077  build_desc_signing_key_cert(desc, now);
3078 
3079  /* Build the intro points descriptor section. The refresh step is just
3080  * before we upload so all circuits have been properly established. */
3081  build_desc_intro_points(service, desc, now);
3082 
3083  /* Set the desc revision counter right before uploading */
3084  set_descriptor_revision_counter(desc, now, service->desc_current == desc);
3085 }
3086 
3087 /* Scheduled event run from the main loop. Try to upload the descriptor for
3088  * each service. */
3089 STATIC void
3090 run_upload_descriptor_event(time_t now)
3091 {
3092  /* v2 services use the same function for descriptor creation and upload so
3093  * we do everything here because the intro circuits were checked before. */
3094  if (rend_num_services() > 0) {
3097  }
3098 
3099  /* Run v3+ check. */
3100  FOR_EACH_SERVICE_BEGIN(service) {
3101  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
3102  /* If we were asked to re-examine the hash ring, and it changed, then
3103  schedule an upload */
3105  service_desc_hsdirs_changed(service, desc)) {
3106  service_desc_schedule_upload(desc, now, 0);
3107  }
3108 
3109  /* Can this descriptor be uploaded? */
3110  if (!should_service_upload_descriptor(service, desc, now)) {
3111  continue;
3112  }
3113 
3114  log_info(LD_REND, "Initiating upload for hidden service %s descriptor "
3115  "for service %s with %u/%u introduction points%s.",
3116  (desc == service->desc_current) ? "current" : "next",
3117  safe_str_client(service->onion_address),
3118  digest256map_size(desc->intro_points.map),
3119  service->config.num_intro_points,
3120  (desc->missing_intro_points) ? " (couldn't pick more)" : "");
3121 
3122  /* We are about to upload so we need to do one last step which is to
3123  * update the service's descriptor mutable fields in order to upload a
3124  * coherent descriptor. */
3125  refresh_service_descriptor(service, desc, now);
3126 
3127  /* Proceed with the upload, the descriptor is ready to be encoded. */
3128  upload_descriptor_to_all(service, desc);
3129  } FOR_EACH_DESCRIPTOR_END;
3130  } FOR_EACH_SERVICE_END;
3131 
3132  /* We are done considering whether to republish rend descriptors */
3134 }
3135 
3136 /* Called when the introduction point circuit is done building and ready to be
3137  * used. */
3138 static void
3139 service_intro_circ_has_opened(origin_circuit_t *circ)
3140 {
3141  hs_service_t *service = NULL;
3142  hs_service_intro_point_t *ip = NULL;
3143  hs_service_descriptor_t *desc = NULL;
3144 
3145  tor_assert(circ);
3146 
3147  /* Let's do some basic sanity checking of the circ state */
3148  if (BUG(!circ->cpath)) {
3149  return;
3150  }
3151  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
3152  return;
3153  }
3154  if (BUG(!circ->hs_ident)) {
3155  return;
3156  }
3157 
3158  /* Get the corresponding service and intro point. */
3159  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3160 
3161  if (service == NULL) {
3162  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3163  "circuit %u. Can't find onion service.",
3164  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3165  TO_CIRCUIT(circ)->n_circ_id);
3166  goto err;
3167  }
3168  if (ip == NULL) {
3169  log_warn(LD_REND, "Unknown introduction point auth key on circuit %u "
3170  "for service %s",
3171  TO_CIRCUIT(circ)->n_circ_id,
3172  safe_str_client(service->onion_address));
3173  goto err;
3174  }
3175  /* We can't have an IP object without a descriptor. */
3176  tor_assert(desc);
3177 
3178  if (hs_circ_service_intro_has_opened(service, ip, desc, circ)) {
3179  /* Getting here means that the circuit has been re-purposed because we
3180  * have enough intro circuit opened. Remove the IP from the service. */
3181  service_intro_point_remove(service, ip);
3182  service_intro_point_free(ip);
3183  }
3184 
3185  goto done;
3186 
3187  err:
3188  /* Close circuit, we can't use it. */
3189  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3190  done:
3191  return;
3192 }
3193 
3194 /* Called when a rendezvous circuit is done building and ready to be used. */
3195 static void
3196 service_rendezvous_circ_has_opened(origin_circuit_t *circ)
3197 {
3198  hs_service_t *service = NULL;
3199 
3200  tor_assert(circ);
3201  tor_assert(circ->cpath);
3202  /* Getting here means this is a v3 rendezvous circuit. */
3203  tor_assert(circ->hs_ident);
3205 
3206  /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3207  * timestamp regardless of its content because that circuit could have been
3208  * cannibalized so in any cases, we are about to use that circuit more. */
3209  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3211 
3212  /* Get the corresponding service and intro point. */
3213  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3214  if (service == NULL) {
3215  log_warn(LD_REND, "Unknown service identity key %s on the rendezvous "
3216  "circuit %u with cookie %s. Can't find onion service.",
3217  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3218  TO_CIRCUIT(circ)->n_circ_id,
3219  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
3220  REND_COOKIE_LEN));
3221  goto err;
3222  }
3223 
3224  /* If the cell can't be sent, the circuit will be closed within this
3225  * function. */
3226  hs_circ_service_rp_has_opened(service, circ);
3227  goto done;
3228 
3229  err:
3230  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3231  done:
3232  return;
3233 }
3234 
3235 /* We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3236  * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3237  * introduction circuit. Return 0 on success else a negative value. */
3238 static int
3239 service_handle_intro_established(origin_circuit_t *circ,
3240  const uint8_t *payload,
3241  size_t payload_len)
3242 {
3243  hs_service_t *service = NULL;
3244  hs_service_intro_point_t *ip = NULL;
3245 
3246  tor_assert(circ);
3247  tor_assert(payload);
3249 
3250  /* We need the service and intro point for this cell. */
3251  get_objects_from_ident(circ->hs_ident, &service, &ip, NULL);
3252 
3253  /* Get service object from the circuit identifier. */
3254  if (service == NULL) {
3255  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3256  "circuit %u. Can't find onion service.",
3257  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3258  TO_CIRCUIT(circ)->n_circ_id);
3259  goto err;
3260  }
3261  if (ip == NULL) {
3262  /* We don't recognize the key. */
3263  log_warn(LD_REND, "Introduction circuit established without an intro "
3264  "point object on circuit %u for service %s",
3265  TO_CIRCUIT(circ)->n_circ_id,
3266  safe_str_client(service->onion_address));
3267  goto err;
3268  }
3269 
3270  /* Try to parse the payload into a cell making sure we do actually have a
3271  * valid cell. On success, the ip object and circuit purpose is updated to
3272  * reflect the fact that the introduction circuit is established. */
3273  if (hs_circ_handle_intro_established(service, ip, circ, payload,
3274  payload_len) < 0) {
3275  goto err;
3276  }
3277 
3278  /* Flag that we have an established circuit for this intro point. This value
3279  * is what indicates the upload scheduled event if we are ready to build the
3280  * intro point into the descriptor and upload. */
3281  ip->circuit_established = 1;
3282 
3283  log_info(LD_REND, "Successfully received an INTRO_ESTABLISHED cell "
3284  "on circuit %u for service %s",
3285  TO_CIRCUIT(circ)->n_circ_id,
3286  safe_str_client(service->onion_address));
3287  return 0;
3288 
3289  err:
3290  return -1;
3291 }
3292 
3293 /* We just received an INTRODUCE2 cell on the established introduction circuit
3294  * circ. Handle the cell and return 0 on success else a negative value. */
3295 static int
3296 service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3297  size_t payload_len)
3298 {
3299  hs_service_t *service = NULL;
3300  hs_service_intro_point_t *ip = NULL;
3301  hs_service_descriptor_t *desc = NULL;
3302 
3303  tor_assert(circ);
3304  tor_assert(payload);
3305  tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
3306 
3307  /* We'll need every object associated with this circuit. */
3308  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3309 
3310  /* Get service object from the circuit identifier. */
3311  if (service == NULL) {
3312  log_warn(LD_BUG, "Unknown service identity key %s when handling "
3313  "an INTRODUCE2 cell on circuit %u",
3314  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3315  TO_CIRCUIT(circ)->n_circ_id);
3316  goto err;
3317  }
3318  if (ip == NULL) {
3319  /* We don't recognize the key. */
3320  log_warn(LD_BUG, "Unknown introduction auth key when handling "
3321  "an INTRODUCE2 cell on circuit %u for service %s",
3322  TO_CIRCUIT(circ)->n_circ_id,
3323  safe_str_client(service->onion_address));
3324  goto err;
3325  }
3326  /* If we have an IP object, we MUST have a descriptor object. */
3327  tor_assert(desc);
3328 
3329  /* The following will parse, decode and launch the rendezvous point circuit.
3330  * Both current and legacy cells are handled. */
3331  if (hs_circ_handle_introduce2(service, circ, ip, desc->desc->subcredential,
3332  payload, payload_len) < 0) {
3333  goto err;
3334  }
3335 
3336  return 0;
3337  err:
3338  return -1;
3339 }
3340 
3341 /* Add to list every filename used by service. This is used by the sandbox
3342  * subsystem. */
3343 static void
3344 service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
3345 {
3346  const char *s_dir;
3347  char fname[128] = {0};
3348 
3349  tor_assert(service);
3350  tor_assert(list);
3351 
3352  /* Ease our life. */
3353  s_dir = service->config.directory_path;
3354  /* The hostname file. */
3355  smartlist_add(list, hs_path_from_filename(s_dir, fname_hostname));
3356  /* The key files splitted in two. */
3357  tor_snprintf(fname, sizeof(fname), "%s_secret_key", fname_keyfile_prefix);
3358  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3359  tor_snprintf(fname, sizeof(fname), "%s_public_key", fname_keyfile_prefix);
3360  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3361 }
3362 
3363 /* Return true iff the given service identity key is present on disk. */
3364 static int
3365 service_key_on_disk(const char *directory_path)
3366 {
3367  int ret = 0;
3368  char *fname;
3369  ed25519_keypair_t *kp = NULL;
3370 
3371  tor_assert(directory_path);
3372 
3373  /* Build the v3 key path name and then try to load it. */
3374  fname = hs_path_from_filename(directory_path, fname_keyfile_prefix);
3375  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT,
3376  LOG_DEBUG, NULL, 0, 0, 0, NULL, NULL);
3377  if (kp) {
3378  ret = 1;
3379  }
3380 
3381  ed25519_keypair_free(kp);
3382  tor_free(fname);
3383 
3384  return ret;
3385 }
3386 
3387 /* This is a proxy function before actually calling hs_desc_encode_descriptor
3388  * because we need some preprocessing here */
3389 static int
3390 service_encode_descriptor(const hs_service_t *service,
3391  const hs_service_descriptor_t *desc,
3392  const ed25519_keypair_t *signing_kp,
3393  char **encoded_out)
3394 {
3395  int ret;
3396  const uint8_t *descriptor_cookie = NULL;
3397 
3398  tor_assert(service);
3399  tor_assert(desc);
3400  tor_assert(encoded_out);
3401 
3402  /* If the client authorization is enabled, send the descriptor cookie to
3403  * hs_desc_encode_descriptor. Otherwise, send NULL */
3404  if (service->config.is_client_auth_enabled) {
3405  descriptor_cookie = desc->descriptor_cookie;
3406  }
3407 
3408  ret = hs_desc_encode_descriptor(desc->desc, signing_kp,
3409  descriptor_cookie, encoded_out);
3410 
3411  return ret;
3412 }
3413 
3414 /* ========== */
3415 /* Public API */
3416 /* ========== */
3417 
3418 /* This is called everytime the service map (v2 or v3) changes that is if an
3419  * element is added or removed. */
3420 void
3421 hs_service_map_has_changed(void)
3422 {
3423  /* If we now have services where previously we had not, we need to enable
3424  * the HS service main loop event. If we changed to having no services, we
3425  * need to disable the event. */
3426  rescan_periodic_events(get_options());
3427 }
3428 
3429 /* Upload an encoded descriptor in encoded_desc of the given version. This
3430  * descriptor is for the service identity_pk and blinded_pk used to setup the
3431  * directory connection identifier. It is uploaded to the directory hsdir_rs
3432  * routerstatus_t object.
3433  *
3434  * NOTE: This function does NOT check for PublishHidServDescriptors because it
3435  * is only used by the control port command HSPOST outside of this subsystem.
3436  * Inside this code, upload_descriptor_to_hsdir() should be used. */
3437 void
3438 hs_service_upload_desc_to_dir(const char *encoded_desc,
3439  const uint8_t version,
3440  const ed25519_public_key_t *identity_pk,
3441  const ed25519_public_key_t *blinded_pk,
3442  const routerstatus_t *hsdir_rs)
3443 {
3444  char version_str[4] = {0};
3445  directory_request_t *dir_req;
3446  hs_ident_dir_conn_t ident;
3447 
3448  tor_assert(encoded_desc);
3449  tor_assert(identity_pk);
3450  tor_assert(blinded_pk);
3451  tor_assert(hsdir_rs);
3452 
3453  /* Setup the connection identifier. */
3454  memset(&ident, 0, sizeof(ident));
3455  hs_ident_dir_conn_init(identity_pk, blinded_pk, &ident);
3456 
3457  /* This is our resource when uploading which is used to construct the URL
3458  * with the version number: "/tor/hs/<version>/publish". */
3459  tor_snprintf(version_str, sizeof(version_str), "%u", version);
3460 
3461  /* Build the directory request for this HSDir. */
3463  directory_request_set_routerstatus(dir_req, hsdir_rs);
3465  directory_request_set_resource(dir_req, version_str);
3466  directory_request_set_payload(dir_req, encoded_desc,
3467  strlen(encoded_desc));
3468  /* The ident object is copied over the directory connection object once
3469  * the directory request is initiated. */
3470  directory_request_upload_set_hs_ident(dir_req, &ident);
3471 
3472  /* Initiate the directory request to the hsdir.*/
3473  directory_initiate_request(dir_req);
3474  directory_request_free(dir_req);
3475 }
3476 
3477 /* Add the ephemeral service using the secret key sk and ports. Both max
3478  * streams parameter will be set in the newly created service.
3479  *
3480  * Ownership of sk and ports is passed to this routine. Regardless of
3481  * success/failure, callers should not touch these values after calling this
3482  * routine, and may assume that correct cleanup has been done on failure.
3483  *
3484  * Return an appropriate hs_service_add_ephemeral_status_t. */
3486 hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
3487  int max_streams_per_rdv_circuit,
3488  int max_streams_close_circuit, char **address_out)
3489 {
3491  hs_service_t *service = NULL;
3492 
3493  tor_assert(sk);
3494  tor_assert(ports);
3495  tor_assert(address_out);
3496 
3497  service = hs_service_new(get_options());
3498 
3499  /* Setup the service configuration with specifics. A default service is
3500  * HS_VERSION_TWO so explicitly set it. */
3501  service->config.version = HS_VERSION_THREE;
3502  service->config.max_streams_per_rdv_circuit = max_streams_per_rdv_circuit;
3503  service->config.max_streams_close_circuit = !!max_streams_close_circuit;
3504  service->config.is_ephemeral = 1;
3505  smartlist_free(service->config.ports);
3506  service->config.ports = ports;
3507 
3508  /* Handle the keys. */
3509  memcpy(&service->keys.identity_sk, sk, sizeof(service->keys.identity_sk));
3510  if (ed25519_public_key_generate(&service->keys.identity_pk,
3511  &service->keys.identity_sk) < 0) {
3512  log_warn(LD_CONFIG, "Unable to generate ed25519 public key"
3513  "for v3 service.");
3514  ret = RSAE_BADPRIVKEY;
3515  goto err;
3516  }
3517 
3518  /* Make sure we have at least one port. */
3519  if (smartlist_len(service->config.ports) == 0) {
3520  log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
3521  "for v3 service.");
3522  ret = RSAE_BADVIRTPORT;
3523  goto err;
3524  }
3525 
3526  /* Build the onion address for logging purposes but also the control port
3527  * uses it for the HS_DESC event. */
3528  hs_build_address(&service->keys.identity_pk,
3529  (uint8_t) service->config.version,
3530  service->onion_address);
3531 
3532  /* The only way the registration can fail is if the service public key
3533  * already exists. */
3534  if (BUG(register_service(hs_service_map, service) < 0)) {
3535  log_warn(LD_CONFIG, "Onion Service private key collides with an "
3536  "existing v3 service.");
3537  ret = RSAE_ADDREXISTS;
3538  goto err;
3539  }
3540 
3541  log_info(LD_CONFIG, "Added ephemeral v3 onion service: %s",
3542  safe_str_client(service->onion_address));
3543 
3544  *address_out = tor_strdup(service->onion_address);
3545  ret = RSAE_OKAY;
3546  goto end;
3547 
3548  err:
3549  hs_service_free(service);
3550 
3551  end:
3552  memwipe(sk, 0, sizeof(ed25519_secret_key_t));
3553  tor_free(sk);
3554  return ret;
3555 }
3556 
3557 /* For the given onion address, delete the ephemeral service. Return 0 on
3558  * success else -1 on error. */
3559 int
3560 hs_service_del_ephemeral(const char *address)
3561 {
3562  uint8_t version;
3564  hs_service_t *service = NULL;
3565 
3566  tor_assert(address);
3567 
3568  if (hs_parse_address(address, &pk, NULL, &version) < 0) {
3569  log_warn(LD_CONFIG, "Requested malformed v3 onion address for removal.");
3570  goto err;
3571  }
3572 
3573  if (version != HS_VERSION_THREE) {
3574  log_warn(LD_CONFIG, "Requested version of onion address for removal "
3575  "is not supported.");
3576  goto err;
3577  }
3578 
3579  service = find_service(hs_service_map, &pk);
3580  if (service == NULL) {
3581  log_warn(LD_CONFIG, "Requested non-existent v3 hidden service for "
3582  "removal.");
3583  goto err;
3584  }
3585 
3586  if (!service->config.is_ephemeral) {
3587  log_warn(LD_CONFIG, "Requested non-ephemeral v3 hidden service for "
3588  "removal.");
3589  goto err;
3590  }
3591 
3592  /* Close introduction circuits, remove from map and finally free. Notice
3593  * that the rendezvous circuits aren't closed in order for any existing
3594  * connections to finish. We let the application terminate them. */
3595  close_service_intro_circuits(service);
3596  remove_service(hs_service_map, service);
3597  hs_service_free(service);
3598 
3599  log_info(LD_CONFIG, "Removed ephemeral v3 hidden service: %s",
3600  safe_str_client(address));
3601  return 0;
3602 
3603  err:
3604  return -1;
3605 }
3606 
3607 /* Using the ed25519 public key pk, find a service for that key and return the
3608  * current encoded descriptor as a newly allocated string or NULL if not
3609  * found. This is used by the control port subsystem. */
3610 char *
3611 hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
3612 {
3613  const hs_service_t *service;
3614 
3615  tor_assert(pk);
3616 
3617  service = find_service(hs_service_map, pk);
3618  if (service && service->desc_current) {
3619  char *encoded_desc = NULL;
3620  /* No matter what is the result (which should never be a failure), return
3621  * the encoded variable, if success it will contain the right thing else
3622  * it will be NULL. */
3623  service_encode_descriptor(service,
3624  service->desc_current,
3625  &service->desc_current->signing_kp,
3626  &encoded_desc);
3627  return encoded_desc;
3628  }
3629 
3630  return NULL;
3631 }
3632 
3633 /* Return the number of service we have configured and usable. */
3634 MOCK_IMPL(unsigned int,
3635 hs_service_get_num_services,(void))
3636 {
3637  if (hs_service_map == NULL) {
3638  return 0;
3639  }
3640  return HT_SIZE(hs_service_map);
3641 }
3642 
3643 /* Called once an introduction circuit is closed. If the circuit doesn't have
3644  * a v3 identifier, it is ignored. */
3645 void
3646 hs_service_intro_circ_has_closed(origin_circuit_t *circ)
3647 {
3648  hs_service_t *service = NULL;
3649  hs_service_intro_point_t *ip = NULL;
3650  hs_service_descriptor_t *desc = NULL;
3651 
3652  tor_assert(circ);
3653 
3654  if (circ->hs_ident == NULL) {
3655  /* This is not a v3 circuit, ignore. */
3656  goto end;
3657  }
3658 
3659  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3660  if (service == NULL) {
3661  /* This is possible if the circuits are closed and the service is
3662  * immediately deleted. */
3663  log_info(LD_REND, "Unable to find any hidden service associated "
3664  "identity key %s on intro circuit %u.",
3665  ed25519_fmt(&circ->hs_ident->identity_pk),
3666  TO_CIRCUIT(circ)->n_circ_id);
3667  goto end;
3668  }
3669  if (ip == NULL) {
3670  /* The introduction point object has already been removed probably by our
3671  * cleanup process so ignore. */
3672  goto end;
3673  }
3674  /* Can't have an intro point object without a descriptor. */
3675  tor_assert(desc);
3676 
3677  /* Circuit disappeared so make sure the intro point is updated. By
3678  * keeping the object in the descriptor, we'll be able to retry. */
3679  ip->circuit_established = 0;
3680 
3681  end:
3682  return;
3683 }
3684 
3685 /* Given conn, a rendezvous edge connection acting as an exit stream, look up
3686  * the hidden service for the circuit circ, and look up the port and address
3687  * based on the connection port. Assign the actual connection address.
3688  *
3689  * Return 0 on success. Return -1 on failure and the caller should NOT close
3690  * the circuit. Return -2 on failure and the caller MUST close the circuit for
3691  * security reasons. */
3692 int
3693 hs_service_set_conn_addr_port(const origin_circuit_t *circ,
3694  edge_connection_t *conn)
3695 {
3696  hs_service_t *service = NULL;
3697 
3698  tor_assert(circ);
3699  tor_assert(conn);
3701  tor_assert(circ->hs_ident);
3702 
3703  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3704 
3705  if (service == NULL) {
3706  log_warn(LD_REND, "Unable to find any hidden service associated "
3707  "identity key %s on rendezvous circuit %u.",
3708  ed25519_fmt(&circ->hs_ident->identity_pk),
3709  TO_CIRCUIT(circ)->n_circ_id);
3710  /* We want the caller to close the circuit because it's not a valid
3711  * service so no danger. Attempting to bruteforce the entire key space by
3712  * opening circuits to learn which service is being hosted here is
3713  * impractical. */
3714  goto err_close;
3715  }
3716 
3717  /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3718  * this circuit will exceed the limit. */
3719  if (service->config.max_streams_per_rdv_circuit > 0 &&
3720  (circ->hs_ident->num_rdv_streams >=
3721  service->config.max_streams_per_rdv_circuit)) {
3722 #define MAX_STREAM_WARN_INTERVAL 600
3723  static struct ratelim_t stream_ratelim =
3724  RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
3725  log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
3726  "Maximum streams per circuit limit reached on "
3727  "rendezvous circuit %u for service %s. Circuit has "
3728  "%" PRIu64 " out of %" PRIu64 " streams. %s.",
3729  TO_CIRCUIT(circ)->n_circ_id,
3730  service->onion_address,
3731  circ->hs_ident->num_rdv_streams,
3732  service->config.max_streams_per_rdv_circuit,
3733  service->config.max_streams_close_circuit ?
3734  "Closing circuit" : "Ignoring open stream request");
3735  if (service->config.max_streams_close_circuit) {
3736  /* Service explicitly configured to close immediately. */
3737  goto err_close;
3738  }
3739  /* Exceeding the limit makes tor silently ignore the stream creation
3740  * request and keep the circuit open. */
3741  goto err_no_close;
3742  }
3743 
3744  /* Find a virtual port of that service mathcing the one in the connection if
3745  * successful, set the address in the connection. */
3746  if (hs_set_conn_addr_port(service->config.ports, conn) < 0) {
3747  log_info(LD_REND, "No virtual port mapping exists for port %d for "
3748  "hidden service %s.",
3749  TO_CONN(conn)->port, service->onion_address);
3750  if (service->config.allow_unknown_ports) {
3751  /* Service explicitly allow connection to unknown ports so close right
3752  * away because we do not care about port mapping. */
3753  goto err_close;
3754  }
3755  /* If the service didn't explicitly allow it, we do NOT close the circuit
3756  * here to raise the bar in terms of performance for port mapping. */
3757  goto err_no_close;
3758  }
3759 
3760  /* Success. */
3761  return 0;
3762  err_close:
3763  /* Indicate the caller that the circuit should be closed. */
3764  return -2;
3765  err_no_close:
3766  /* Indicate the caller to NOT close the circuit. */
3767  return -1;
3768 }
3769 
3774 {
3775  hs_service_t *service = find_service(hs_service_map, pk);
3776  if (!service) {
3778  }
3779 
3780  return service->config.circuit_id_protocol;
3781 }
3782 
3783 /* Add to file_list every filename used by a configured hidden service, and to
3784  * dir_list every directory path used by a configured hidden service. This is
3785  * used by the sandbox subsystem to whitelist those. */
3786 void
3787 hs_service_lists_fnames_for_sandbox(smartlist_t *file_list,
3788  smartlist_t *dir_list)
3789 {
3790  tor_assert(file_list);
3791  tor_assert(dir_list);
3792 
3793  /* Add files and dirs for legacy services. */
3794  rend_services_add_filenames_to_lists(file_list, dir_list);
3795 
3796  /* Add files and dirs for v3+. */
3797  FOR_EACH_SERVICE_BEGIN(service) {
3798  /* Skip ephemeral service, they don't touch the disk. */
3799  if (service->config.is_ephemeral) {
3800  continue;
3801  }
3802  service_add_fnames_to_list(service, file_list);
3803  smartlist_add_strdup(dir_list, service->config.directory_path);
3804  smartlist_add_strdup(dir_list, dname_client_pubkeys);
3805  } FOR_EACH_DESCRIPTOR_END;
3806 }
3807 
3808 /* Called when our internal view of the directory has changed. We might have
3809  * received a new batch of descriptors which might affect the shape of the
3810  * HSDir hash ring. Signal that we should reexamine the hash ring and
3811  * re-upload our HS descriptors if needed. */
3812 void
3813 hs_service_dir_info_changed(void)
3814 {
3815  if (hs_service_get_num_services() > 0) {
3816  /* New directory information usually goes every consensus so rate limit
3817  * every 30 minutes to not be too conservative. */
3818  static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
3819  log_fn_ratelim(&dir_info_changed_ratelim, LOG_INFO, LD_REND,
3820  "New dirinfo arrived: consider reuploading descriptor");
3822  }
3823 }
3824 
3825 /* Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
3826  * launch a circuit to the rendezvous point. */
3827 int
3828 hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3829  size_t payload_len)
3830 {
3831  int ret = -1;
3832 
3833  tor_assert(circ);
3834  tor_assert(payload);
3835 
3836  /* Do some initial validation and logging before we parse the cell */
3837  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_INTRO) {
3838  log_warn(LD_PROTOCOL, "Received an INTRODUCE2 cell on a "
3839  "non introduction circuit of purpose %d",
3840  TO_CIRCUIT(circ)->purpose);
3841  goto done;
3842  }
3843 
3844  if (circ->hs_ident) {
3845  ret = service_handle_introduce2(circ, payload, payload_len);
3847  } else {
3848  ret = rend_service_receive_introduction(circ, payload, payload_len);
3850  }
3851 
3852  done:
3853  return ret;
3854 }
3855 
3856 /* Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
3857  * established introduction point. Return 0 on success else a negative value
3858  * and the circuit is closed. */
3859 int
3860 hs_service_receive_intro_established(origin_circuit_t *circ,
3861  const uint8_t *payload,
3862  size_t payload_len)
3863 {
3864  int ret = -1;
3865 
3866  tor_assert(circ);
3867  tor_assert(payload);
3868 
3869  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
3870  log_warn(LD_PROTOCOL, "Received an INTRO_ESTABLISHED cell on a "
3871  "non introduction circuit of purpose %d",
3872  TO_CIRCUIT(circ)->purpose);
3873  goto err;
3874  }
3875 
3876  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
3877  * identifier hs_ident. Can't be both. */
3878  if (circ->hs_ident) {
3879  ret = service_handle_intro_established(circ, payload, payload_len);
3880  } else {
3881  ret = rend_service_intro_established(circ, payload, payload_len);
3882  }
3883 
3884  if (ret < 0) {
3885  goto err;
3886  }
3887  return 0;
3888  err:
3889  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
3890  return -1;
3891 }
3892 
3893 /* Called when any kind of hidden service circuit is done building thus
3894  * opened. This is the entry point from the circuit subsystem. */
3895 void
3896 hs_service_circuit_has_opened(origin_circuit_t *circ)
3897 {
3898  tor_assert(circ);
3899 
3900  /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
3901  * identifier hs_ident. Can't be both. */
3902  switch (TO_CIRCUIT(circ)->purpose) {
3904  if (circ->hs_ident) {
3905  service_intro_circ_has_opened(circ);
3906  } else {
3908  }
3909  break;
3911  if (circ->hs_ident) {
3912  service_rendezvous_circ_has_opened(circ);
3913  } else {
3915  }
3916  break;
3917  default:
3918  tor_assert(0);
3919  }
3920 }
3921 
3922 /* Return the service version by looking at the key in the service directory.
3923  * If the key is not found or unrecognized, -1 is returned. Else, the service
3924  * version is returned. */
3925 int
3926 hs_service_get_version_from_key(const hs_service_t *service)
3927 {
3928  int version = -1; /* Unknown version. */
3929  const char *directory_path;
3930 
3931  tor_assert(service);
3932 
3933  /* We'll try to load the key for version 3. If not found, we'll try version
3934  * 2 and if not found, we'll send back an unknown version (-1). */
3935  directory_path = service->config.directory_path;
3936 
3937  /* Version 3 check. */
3938  if (service_key_on_disk(directory_path)) {
3939  version = HS_VERSION_THREE;
3940  goto end;
3941  }
3942  /* Version 2 check. */
3943  if (rend_service_key_on_disk(directory_path)) {
3944  version = HS_VERSION_TWO;
3945  goto end;
3946  }
3947 
3948  end:
3949  return version;
3950 }
3951 
3952 /* Load and/or generate keys for all onion services including the client
3953  * authorization if any. Return 0 on success, -1 on failure. */
3954 int
3955 hs_service_load_all_keys(void)
3956 {
3957  /* Load v2 service keys if we have v2. */
3958  if (rend_num_services() != 0) {
3959  if (rend_service_load_all_keys(NULL) < 0) {
3960  goto err;
3961  }
3962  }
3963 
3964  /* Load or/and generate them for v3+. */
3965  SMARTLIST_FOREACH_BEGIN(hs_service_staging_list, hs_service_t *, service) {
3966  /* Ignore ephemeral service, they already have their keys set. */
3967  if (service->config.is_ephemeral) {
3968  continue;
3969  }
3970  log_info(LD_REND, "Loading v3 onion service keys from %s",
3971  service_escaped_dir(service));
3972  if (load_service_keys(service) < 0) {
3973  goto err;
3974  }
3975  } SMARTLIST_FOREACH_END(service);
3976 
3977  /* Final step, the staging list contains service in a quiescent state that
3978  * is ready to be used. Register them to the global map. Once this is over,
3979  * the staging list will be cleaned up. */
3980  register_all_services();
3981 
3982  /* All keys have been loaded successfully. */
3983  return 0;
3984  err:
3985  return -1;
3986 }
3987 
3988 /* Put all service object in the given service list. After this, the caller
3989  * looses ownership of every elements in the list and responsible to free the
3990  * list pointer. */
3991 void
3992 hs_service_stage_services(const smartlist_t *service_list)
3993 {
3994  tor_assert(service_list);
3995  /* This list is freed at registration time but this function can be called
3996  * multiple time. */
3997  if (hs_service_staging_list == NULL) {
3998  hs_service_staging_list = smartlist_new();
3999  }
4000  /* Add all service object to our staging list. Caller is responsible for
4001  * freeing the service_list. */
4002  smartlist_add_all(hs_service_staging_list, service_list);
4003 }
4004 
4005 /* Allocate and initilize a service object. The service configuration will
4006  * contain the default values. Return the newly allocated object pointer. This
4007  * function can't fail. */
4008 hs_service_t *
4009 hs_service_new(const or_options_t *options)
4010 {
4011  hs_service_t *service = tor_malloc_zero(sizeof(hs_service_t));
4012  /* Set default configuration value. */
4013  set_service_default_config(&service->config, options);
4014  /* Set the default service version. */
4015  service->config.version = HS_SERVICE_DEFAULT_VERSION;
4016  /* Allocate the CLIENT_PK replay cache in service state. */
4017  service->state.replay_cache_rend_cookie =
4019 
4020  return service;
4021 }
4022 
4023 /* Free the given <b>service</b> object and all its content. This function
4024  * also takes care of wiping service keys from memory. It is safe to pass a
4025  * NULL pointer. */
4026 void
4027 hs_service_free_(hs_service_t *service)
4028 {
4029  if (service == NULL) {
4030  return;
4031  }
4032 
4033  /* Free descriptors. Go over both descriptor with this loop. */
4034  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
4035  service_descriptor_free(desc);
4036  } FOR_EACH_DESCRIPTOR_END;
4037 
4038  /* Free service configuration. */
4039  service_clear_config(&service->config);
4040 
4041  /* Free replay cache from state. */
4042  if (service->state.replay_cache_rend_cookie) {
4043  replaycache_free(service->state.replay_cache_rend_cookie);
4044  }
4045 
4046  /* Wipe service keys. */
4047  memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk));
4048 
4049  tor_free(service);
4050 }
4051 
4052 /* Periodic callback. Entry point from the main loop to the HS service
4053  * subsystem. This is call every second. This is skipped if tor can't build a
4054  * circuit or the network is disabled. */
4055 void
4056 hs_service_run_scheduled_events(time_t now)
4057 {
4058  /* First thing we'll do here is to make sure our services are in a
4059  * quiescent state for the scheduled events. */
4060  run_housekeeping_event(now);
4061 
4062  /* Order matters here. We first make sure the descriptor object for each
4063  * service contains the latest data. Once done, we check if we need to open
4064  * new introduction circuit. Finally, we try to upload the descriptor for
4065  * each service. */
4066 
4067  /* Make sure descriptors are up to date. */
4068  run_build_descriptor_event(now);
4069  /* Make sure services have enough circuits. */
4070  run_build_circuit_event(now);
4071  /* Upload the descriptors if needed/possible. */
4072  run_upload_descriptor_event(now);
4073 }
4074 
4075 /* Initialize the service HS subsystem. */
4076 void
4077 hs_service_init(void)
4078 {
4079  /* Should never be called twice. */
4080  tor_assert(!hs_service_map);
4081  tor_assert(!hs_service_staging_list);
4082 
4083  /* v2 specific. */
4084  rend_service_init();
4085 
4086  hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht));
4087  HT_INIT(hs_service_ht, hs_service_map);
4088 
4089  hs_service_staging_list = smartlist_new();
4090 }
4091 
4092 /* Release all global storage of the hidden service subsystem. */
4093 void
4094 hs_service_free_all(void)
4095 {
4097  service_free_all();
4098 }
4099 
4100 #ifdef TOR_UNIT_TESTS
4101 
4102 /* Return the global service map size. Only used by unit test. */
4103 STATIC unsigned int
4104 get_hs_service_map_size(void)
4105 {
4106  return HT_SIZE(hs_service_map);
4107 }
4108 
4109 /* Return the staging list size. Only used by unit test. */
4110 STATIC int
4111 get_hs_service_staging_list_size(void)
4112 {
4113  return smartlist_len(hs_service_staging_list);
4114 }
4115 
4116 STATIC hs_service_ht *
4117 get_hs_service_map(void)
4118 {
4119  return hs_service_map;
4120 }
4121 
4122 STATIC hs_service_t *
4123 get_first_service(void)
4124 {
4125  hs_service_t **obj = HT_START(hs_service_ht, hs_service_map);
4126  if (obj == NULL) {
4127  return NULL;
4128  }
4129  return *obj;
4130 }
4131 
4132 #endif /* defined(TOR_UNIT_TESTS) */
#define DIR_PURPOSE_UPLOAD_HSDESC
Definition: directory.h:72
Header for statefile.c.
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *rs)
Definition: dirclient.c:1160
Header file for dirclient.c.
Header for confline.c.
int rend_num_services(void)
Definition: rendservice.c:184
Header file containing common data for the whole HS subsytem.
Header file containing configuration ABI/API for the HS subsytem.
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
Definition: hs_service.c:871
void rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
Definition: rendservice.c:3461
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:28
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
Definition: or.h:1070
Header file containing service data for the HS subsytem.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define TO_CONN(c)
Definition: or.h:735
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
int rend_service_load_all_keys(const smartlist_t *service_list)
Definition: rendservice.c:1387
Header file for node_select.c.
void format_local_iso_time(char *buf, time_t t)
Definition: time_fmt.c:285
void rend_service_free_all(void)
Definition: rendservice.c:267
void rend_consider_services_intro_points(time_t now)
Definition: rendservice.c:4101
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:204
Header file for connection.c.
int node_supports_ed25519_hs_intro(const node_t *node)
Definition: nodelist.c:1162
#define INTRO_POINT_LIFETIME_MAX_SECONDS
Definition: or.h:1086
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
#define LD_GENERAL
Definition: log.h:60
void hs_stats_note_introduce2_cell(int is_hsv3)
Definition: hs_stats.c:22
int rend_service_receive_introduction(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
Definition: rendservice.c:1876
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
#define LOG_INFO
Definition: log.h:43
Header file for describe.c.
Header file for nodelist.c.
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
Definition: hs_service.c:1846
HT_PROTOTYPE(HT_GENERATE2(strmap_impl, HT_GENERATE2(strmap_entry_t, HT_GENERATE2(node, HT_GENERATE2(strmap_entry_hash, HT_GENERATE2(strmap_entries_eq)
Definition: map.c:87
crypt_path_t * cpath
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
Definition: or.h:1091
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:242
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:2964
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
time_t sr_state_get_start_time_of_current_protocol_run(void)
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
struct directory_request_t directory_request_t
Definition: dirclient.h:52
#define TO_CIRCUIT(x)
Definition: or.h:951
Header file for config.c.
tor_cert_t * tor_cert_create(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:131
Header file for nickname.c.
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void digest_to_base64(char *d64, const char *digest)
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Definition: circuitlist.c:1770
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:102
void rend_service_intro_has_opened(origin_circuit_t *circuit)
Definition: rendservice.c:3268
int crypto_rand_int_range(unsigned int min, unsigned int max)
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:139
#define tor_free(p)
Definition: malloc.h:52
#define SMARTLIST_DEL_CURRENT(sl, var)
Header file for mainloop.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
Header file for hs_stats.c.
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:3773
time_t sr_state_get_start_time_of_previous_protocol_run(void)
void smartlist_shuffle(smartlist_t *sl)
Definition: crypto_rand.c:602
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
Definition: hs_service.c:2206
struct crypto_ope_t * ope_cipher
Definition: hs_service.h:142
Header file for loadkey.c.
#define DIGEST256_LEN
Definition: digest_sizes.h:23
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:153
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1030
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:1889
Common functions for cryptographic routines.
tor_assert(buffer)
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:946
smartlist_t * previous_hsdirs
Definition: hs_service.h:164
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
Definition: torcert.c:331
Header for crypto_format.c.
void rend_consider_services_upload(time_t now)
Definition: rendservice.c:4285
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
uint8_t seckey[ED25519_SECKEY_LEN]
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
routerset_t * ExcludeNodes
Definition: or_options_st.h:85
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:85
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2907
#define DIGEST_LEN
Definition: digest_sizes.h:20
const char * node_describe(const node_t *node)
Definition: describe.c:143
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
char identity[DIGEST_LEN]
Definition: node_st.h:40
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
Master header file for Tor-specific functionality.
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
#define INTRO_CIRC_RETRY_PERIOD
Definition: hs_common.h:40
unsigned int sr_state_get_protocol_run_duration(void)
Header file for circuitbuild.c.
Header file containing circuit and connection identifier data for the whole HS subsytem.
#define NUM_INTRO_POINTS_EXTRA
Definition: hs_common.h:37
#define LOG_WARN
Definition: log.h:51
hs_service_add_ephemeral_status_t
Definition: hs_common.h:140
Header file for shared_random_client.c.
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Definition: node_select.c:903
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:279
Header file for circuituse.c.
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
Header file for hs_descriptor.c.
Header file for hs_intropoint.c.
void tor_free_(void *mem)
Definition: malloc.c:227
replaycache_t * replaycache_new(time_t horizon, time_t interval)
Definition: replaycache.c:47
static int consider_republishing_hs_descriptors
Definition: hs_service.c:107
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:108
#define LD_REND
Definition: log.h:82
Header file for circuitlist.c.
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Header file for rendservice.c.
int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
Definition: rendservice.c:3400
void rend_services_add_filenames_to_lists(smartlist_t *open_lst, smartlist_t *stat_lst)
Definition: rendservice.c:1425
router_crn_flags_t
Definition: node_select.h:16
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:105
#define DIGESTMAP_FOREACH_END
Definition: map.h:167
#define LD_FS
Definition: log.h:68
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
hs_circuit_id_protocol_t
Definition: hs_service.h:185
Header file containing circuit data for the whole HS subsytem.
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
Header file containing control port event related code.
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
Definition: hs_service.c:2235
#define NUM_INTRO_POINTS_DEFAULT
Definition: hs_common.h:32
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
struct hs_ident_circuit_t * hs_ident
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
Header file for relay.c.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
const char * escaped(const char *s)
Definition: escape.c:126
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
Definition: hs_service.c:2836
#define BASE64_DIGEST_LEN
Definition: crypto_digest.h:26
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
Definition: map.h:164
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:340
time_t approx_time(void)
Definition: approx_time.c:32
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
void rescan_periodic_events(const or_options_t *options)
Definition: mainloop.c:1568
#define LOG_DEBUG
Definition: log.h:40
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
#define CONN_TYPE_DIR
Definition: connection.h:35
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Definition: dirclient.c:1109
int node_supports_establish_intro_dos_extension(const node_t *node)
Definition: nodelist.c:1172
#define REND_COOKIE_LEN
Definition: or.h:399
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:267
#define INTRO_POINT_LIFETIME_MIN_SECONDS
Definition: or.h:1081
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:302
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1043
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:111
#define LD_PROTOCOL
Definition: log.h:70
void smartlist_clear(smartlist_t *sl)
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Definition: loadkey.c:379
#define REND_REPLAY_TIME_INTERVAL
Definition: or.h:479
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:84
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
Definition: dirclient.c:1054
#define LD_CONFIG
Definition: log.h:66
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2218
int have_completed_a_circuit(void)
Definition: mainloop.c:218
void rend_consider_descriptor_republication(void)
Definition: rendservice.c:4344
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)