Tor  0.4.5.0-alpha-dev
rendcache.c
Go to the documentation of this file.
1 /* Copyright (c) 2015-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file rendcache.c
6  * \brief Hidden service descriptor cache.
7  **/
8 
9 #define RENDCACHE_PRIVATE
10 #include "feature/rend/rendcache.h"
11 
12 #include "app/config/config.h"
13 #include "feature/stats/rephist.h"
16 #include "feature/rend/rendparse.h"
17 
18 #include "core/or/extend_info_st.h"
21 
22 #include "lib/ctime/di_ops.h"
23 
24 /** Map from service id (as generated by rend_get_service_id) to
25  * rend_cache_entry_t. */
26 STATIC strmap_t *rend_cache = NULL;
27 
28 /** Map from service id to rend_cache_entry_t; only for hidden services. */
29 static strmap_t *rend_cache_local_service = NULL;
30 
31 /** Map from descriptor id to rend_cache_entry_t; only for hidden service
32  * directories. */
33 STATIC digestmap_t *rend_cache_v2_dir = NULL;
34 
35 /** (Client side only) Map from service id to rend_cache_failure_t. This
36  * cache is used to track intro point(IP) failures so we know when to keep
37  * or discard a new descriptor we just fetched. Here is a description of the
38  * cache behavior.
39  *
40  * Everytime tor discards an IP (ex: receives a NACK), we add an entry to
41  * this cache noting the identity digest of the IP and it's failure type for
42  * the service ID. The reason we indexed this cache by service ID is to
43  * differentiate errors that can occur only for a specific service like a
44  * NACK for instance. It applies for one but maybe not for the others.
45  *
46  * Once a service descriptor is fetched and considered valid, each IP is
47  * looked up in this cache and if present, it is discarded from the fetched
48  * descriptor. At the end, all IP(s) in the cache, for a specific service
49  * ID, that were NOT present in the descriptor are removed from this cache.
50  * Which means that if at least one IP was not in this cache, thus usable,
51  * it's considered a new descriptor so we keep it. Else, if all IPs were in
52  * this cache, we discard the descriptor as it's considered unusable.
53  *
54  * Once a descriptor is removed from the rend cache or expires, the entry
55  * in this cache is also removed for the service ID.
56  *
57  * This scheme allows us to not rely on the descriptor's timestamp (which
58  * is rounded down to the hour) to know if we have a newer descriptor. We
59  * only rely on the usability of intro points from an internal state. */
60 STATIC strmap_t *rend_cache_failure = NULL;
61 
62 /* DOCDOC */
63 STATIC size_t rend_cache_total_allocation = 0;
64 
65 /** Initializes the service descriptor cache.
66 */
67 void
69 {
70  rend_cache = strmap_new();
71  rend_cache_v2_dir = digestmap_new();
72  rend_cache_local_service = strmap_new();
73  rend_cache_failure = strmap_new();
74 }
75 
76 /** Return the approximate number of bytes needed to hold <b>e</b>. */
77 STATIC size_t
79 {
80  if (!e)
81  return 0;
82 
83  /* This doesn't count intro_nodes or key size */
84  return sizeof(*e) + e->len + sizeof(*e->parsed);
85 }
86 
87 /* DOCDOC */
88 size_t
89 rend_cache_get_total_allocation(void)
90 {
91  return rend_cache_total_allocation;
92 }
93 
94 /** Decrement the total bytes attributed to the rendezvous cache by n. */
95 void
97 {
98  static int have_underflowed = 0;
99 
100  if (rend_cache_total_allocation >= n) {
101  rend_cache_total_allocation -= n;
102  } else {
103  rend_cache_total_allocation = 0;
104  if (! have_underflowed) {
105  have_underflowed = 1;
106  log_warn(LD_BUG, "Underflow in rend_cache_decrement_allocation");
107  }
108  }
109 }
110 
111 /** Increase the total bytes attributed to the rendezvous cache by n. */
112 void
114 {
115  static int have_overflowed = 0;
116  if (rend_cache_total_allocation <= SIZE_MAX - n) {
117  rend_cache_total_allocation += n;
118  } else {
119  rend_cache_total_allocation = SIZE_MAX;
120  if (! have_overflowed) {
121  have_overflowed = 1;
122  log_warn(LD_BUG, "Overflow in rend_cache_increment_allocation");
123  }
124  }
125 }
126 
127 /** Helper: free a rend cache failure intro object. */
128 STATIC void
130 {
131  if (entry == NULL) {
132  return;
133  }
134  tor_free(entry);
135 }
136 
137 static void
138 rend_cache_failure_intro_entry_free_void(void *entry)
139 {
141 }
142 
143 /** Allocate a rend cache failure intro object and return it. <b>failure</b>
144  * is set into the object. This function can not fail. */
146 rend_cache_failure_intro_entry_new(rend_intro_point_failure_t failure)
147 {
148  rend_cache_failure_intro_t *entry = tor_malloc(sizeof(*entry));
149  entry->failure_type = failure;
150  entry->created_ts = time(NULL);
151  return entry;
152 }
153 
154 /** Helper: free a rend cache failure object. */
155 STATIC void
157 {
158  if (entry == NULL) {
159  return;
160  }
161 
162  /* Free and remove every intro failure object. */
163  digestmap_free(entry->intro_failures,
164  rend_cache_failure_intro_entry_free_void);
165 
166  tor_free(entry);
167 }
168 
169 /** Helper: deallocate a rend_cache_failure_t. (Used with strmap_free(),
170  * which requires a function pointer whose argument is void*). */
171 STATIC void
173 {
175 }
176 
177 /** Allocate a rend cache failure object and return it. This function can
178  * not fail. */
181 {
182  rend_cache_failure_t *entry = tor_malloc(sizeof(*entry));
183  entry->intro_failures = digestmap_new();
184  return entry;
185 }
186 
187 /** Remove failure cache entry for the service ID in the given descriptor
188  * <b>desc</b>. */
189 STATIC void
191 {
192  char service_id[REND_SERVICE_ID_LEN_BASE32 + 1];
193  rend_cache_failure_t *entry;
194 
195  if (desc == NULL) {
196  return;
197  }
198  if (rend_get_service_id(desc->pk, service_id) < 0) {
199  return;
200  }
201  entry = strmap_get_lc(rend_cache_failure, service_id);
202  if (entry != NULL) {
204  rend_cache_failure_entry_free(entry);
205  }
206 }
207 
208 /** Helper: free storage held by a single service descriptor cache entry. */
209 STATIC void
211 {
212  if (!e)
213  return;
215  /* We are about to remove a descriptor from the cache so remove the entry
216  * in the failure cache. */
218  rend_service_descriptor_free(e->parsed);
219  tor_free(e->desc);
220  tor_free(e);
221 }
222 
223 /** Helper: deallocate a rend_cache_entry_t. (Used with strmap_free(), which
224  * requires a function pointer whose argument is void*). */
225 static void
227 {
229 }
230 
231 /** Check if a failure cache entry exists for the given intro point. */
232 bool
233 rend_cache_intro_failure_exists(const char *service_id,
234  const uint8_t *intro_identity)
235 {
236  tor_assert(service_id);
237  tor_assert(intro_identity);
238 
239  return cache_failure_intro_lookup(intro_identity, service_id, NULL);
240 }
241 
242 /** Free all storage held by the service descriptor cache. */
243 void
245 {
250  rend_cache = NULL;
251  rend_cache_v2_dir = NULL;
253  rend_cache_failure = NULL;
254  rend_cache_total_allocation = 0;
255 }
256 
257 /** Remove all entries that re REND_CACHE_FAILURE_MAX_AGE old. This is
258  * called every second.
259  *
260  * We have to clean these regurlarly else if for whatever reasons an hidden
261  * service goes offline and a client tries to connect to it during that
262  * time, a failure entry is created and the client will be unable to connect
263  * for a while even though the service has return online. */
264 void
266 {
267  time_t cutoff = now - REND_CACHE_FAILURE_MAX_AGE;
268  STRMAP_FOREACH_MODIFY(rend_cache_failure, key,
269  rend_cache_failure_t *, ent) {
270  /* Free and remove every intro failure object that match the cutoff. */
271  DIGESTMAP_FOREACH_MODIFY(ent->intro_failures, ip_key,
272  rend_cache_failure_intro_t *, ip_ent) {
273  if (ip_ent->created_ts < cutoff) {
274  rend_cache_failure_intro_entry_free(ip_ent);
275  MAP_DEL_CURRENT(ip_key);
276  }
278  /* If the entry is now empty of intro point failures, remove it. */
279  if (digestmap_isempty(ent->intro_failures)) {
280  rend_cache_failure_entry_free(ent);
281  MAP_DEL_CURRENT(key);
282  }
283  } STRMAP_FOREACH_END;
284 }
285 
286 /** Removes all old entries from the client or service descriptor cache.
287 */
288 void
289 rend_cache_clean(time_t now, rend_cache_type_t cache_type)
290 {
291  strmap_iter_t *iter;
292  const char *key;
293  void *val;
294  rend_cache_entry_t *ent;
295  time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
296  strmap_t *cache = NULL;
297 
298  if (cache_type == REND_CACHE_TYPE_CLIENT) {
299  cache = rend_cache;
300  } else if (cache_type == REND_CACHE_TYPE_SERVICE) {
301  cache = rend_cache_local_service;
302  }
303  tor_assert(cache);
304 
305  for (iter = strmap_iter_init(cache); !strmap_iter_done(iter); ) {
306  strmap_iter_get(iter, &key, &val);
307  ent = (rend_cache_entry_t*)val;
308  if (ent->parsed->timestamp < cutoff) {
309  iter = strmap_iter_next_rmv(cache, iter);
310  rend_cache_entry_free(ent);
311  } else {
312  iter = strmap_iter_next(cache, iter);
313  }
314  }
315 }
316 
317 /** Remove ALL entries from the rendezvous service descriptor cache.
318 */
319 void
321 {
322  if (rend_cache) {
323  log_info(LD_REND, "Purging HS v2 descriptor cache");
325  }
326  rend_cache = strmap_new();
327 }
328 
329 /** Remove ALL entries from the failure cache. This is also called when a
330  * NEWNYM signal is received. */
331 void
333 {
334  if (rend_cache_failure) {
335  log_info(LD_REND, "Purging HS v2 failure cache");
337  }
338  rend_cache_failure = strmap_new();
339 }
340 
341 /** Lookup the rend failure cache using a relay identity digest in
342  * <b>identity</b> which has DIGEST_LEN bytes and service ID <b>service_id</b>
343  * which is a null-terminated string. If @a intro_entry is provided, then it
344  * is set to the entry on success, and to NULL on failure.
345  * Return 1 iff found else 0. */
346 STATIC int
347 cache_failure_intro_lookup(const uint8_t *identity, const char *service_id,
348  rend_cache_failure_intro_t **intro_entry)
349 {
350  rend_cache_failure_t *elem;
351  rend_cache_failure_intro_t *intro_elem;
352 
354 
355  if (intro_entry) {
356  *intro_entry = NULL;
357  }
358 
359  /* Lookup descriptor and return it. */
360  elem = strmap_get_lc(rend_cache_failure, service_id);
361  if (elem == NULL) {
362  goto not_found;
363  }
364  intro_elem = digestmap_get(elem->intro_failures, (char *) identity);
365  if (intro_elem == NULL) {
366  goto not_found;
367  }
368  if (intro_entry) {
369  *intro_entry = intro_elem;
370  }
371  return 1;
372  not_found:
373  return 0;
374 }
375 
376 /** Allocate a new cache failure intro object and copy the content from
377  * <b>entry</b> to this newly allocated object. Return it. */
380 {
381  rend_cache_failure_intro_t *ent_dup =
382  rend_cache_failure_intro_entry_new(entry->failure_type);
383  ent_dup->created_ts = entry->created_ts;
384  return ent_dup;
385 }
386 
387 /** Add an intro point failure to the failure cache using the relay
388  * <b>identity</b> and service ID <b>service_id</b>. Record the
389  * <b>failure</b> in that object. */
390 STATIC void
391 cache_failure_intro_add(const uint8_t *identity, const char *service_id,
392  rend_intro_point_failure_t failure)
393 {
394  rend_cache_failure_t *fail_entry;
395  rend_cache_failure_intro_t *entry, *old_entry;
396 
397  /* Make sure we have a failure object for this service ID and if not,
398  * create it with this new intro failure entry. */
399  fail_entry = strmap_get_lc(rend_cache_failure, service_id);
400  if (fail_entry == NULL) {
401  fail_entry = rend_cache_failure_entry_new();
402  /* Add failure entry to global rend failure cache. */
403  strmap_set_lc(rend_cache_failure, service_id, fail_entry);
404  }
405  entry = rend_cache_failure_intro_entry_new(failure);
406  old_entry = digestmap_set(fail_entry->intro_failures,
407  (char *) identity, entry);
408  /* This _should_ be NULL, but in case it isn't, free it. */
409  rend_cache_failure_intro_entry_free(old_entry);
410 }
411 
412 /** Using a parsed descriptor <b>desc</b>, check if the introduction points
413  * are present in the failure cache and if so they are removed from the
414  * descriptor and kept into the failure cache. Then, each intro points that
415  * are NOT in the descriptor but in the failure cache for the given
416  * <b>service_id</b> are removed from the failure cache. */
417 STATIC void
419  const char *service_id)
420 {
421  rend_cache_failure_t *new_entry, *cur_entry;
422  /* New entry for the service ID that will be replacing the one in the
423  * failure cache since we have a new descriptor. In the case where all
424  * intro points are removed, we are assured that the new entry is the same
425  * as the current one. */
426  new_entry = tor_malloc(sizeof(*new_entry));
427  new_entry->intro_failures = digestmap_new();
428 
429  tor_assert(desc);
430 
432  int found;
434  const uint8_t *identity =
435  (uint8_t *) intro->extend_info->identity_digest;
436 
437  found = cache_failure_intro_lookup(identity, service_id, &entry);
438  if (found) {
439  /* Dup here since it will be freed at the end when removing the
440  * original entry in the cache. */
442  /* This intro point is in our cache, discard it from the descriptor
443  * because chances are that it's unusable. */
444  SMARTLIST_DEL_CURRENT(desc->intro_nodes, intro);
445  /* Keep it for our new entry. */
446  digestmap_set(new_entry->intro_failures, (char *) identity, ent_dup);
447  /* Only free it when we're done looking at it. */
448  rend_intro_point_free(intro);
449  continue;
450  }
451  } SMARTLIST_FOREACH_END(intro);
452 
453  /* Swap the failure entry in the cache and free the current one. */
454  cur_entry = strmap_get_lc(rend_cache_failure, service_id);
455  if (cur_entry != NULL) {
456  rend_cache_failure_entry_free(cur_entry);
457  }
458  strmap_set_lc(rend_cache_failure, service_id, new_entry);
459 }
460 
461 /** Note down an intro failure in the rend failure cache using the type of
462  * failure in <b>failure</b> for the relay identity digest in
463  * <b>identity</b> and service ID <b>service_id</b>. If an entry already
464  * exists in the cache, the failure type is changed with <b>failure</b>. */
465 void
466 rend_cache_intro_failure_note(rend_intro_point_failure_t failure,
467  const uint8_t *identity,
468  const char *service_id)
469 {
470  int found;
472 
473  found = cache_failure_intro_lookup(identity, service_id, &entry);
474  if (!found) {
475  cache_failure_intro_add(identity, service_id, failure);
476  } else {
477  /* Replace introduction point failure with this one. */
478  entry->failure_type = failure;
479  }
480 }
481 
482 /** Remove all old v2 descriptors and those for which this hidden service
483  * directory is not responsible for any more. The cutoff is the time limit for
484  * which we want to keep the cache entry. In other words, any entry created
485  * before will be removed. */
486 size_t
488 {
489  digestmap_iter_t *iter;
490  size_t bytes_removed = 0;
491 
492  for (iter = digestmap_iter_init(rend_cache_v2_dir);
493  !digestmap_iter_done(iter); ) {
494  const char *key;
495  void *val;
496  rend_cache_entry_t *ent;
497  digestmap_iter_get(iter, &key, &val);
498  ent = val;
499  if (ent->parsed->timestamp < cutoff) {
500  char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
501  base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
502  log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
503  safe_str_client(key_base32));
504  bytes_removed += rend_cache_entry_allocation(ent);
505  iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
506  rend_cache_entry_free(ent);
507  } else {
508  iter = digestmap_iter_next(rend_cache_v2_dir, iter);
509  }
510  }
511 
512  return bytes_removed;
513 }
514 
515 /** Lookup in the client cache the given service ID <b>query</b> for
516  * <b>version</b>.
517  *
518  * Return 0 if found and if <b>e</b> is non NULL, set it with the entry
519  * found. Else, a negative value is returned and <b>e</b> is untouched.
520  * -EINVAL means that <b>query</b> is not a valid service id.
521  * -ENOENT means that no entry in the cache was found. */
522 int
523 rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
524 {
525  int ret = 0;
526  char key[REND_SERVICE_ID_LEN_BASE32 + 2]; /* <version><query>\0 */
527  rend_cache_entry_t *entry = NULL;
528  static const int default_version = 2;
529 
530  tor_assert(query);
531 
532  /* This is possible if we are in the shutdown process and the cache was
533  * freed while some other subsystem might do a lookup to the cache for
534  * cleanup reasons such HS circuit cleanup for instance. */
535  if (!rend_cache) {
536  ret = -ENOENT;
537  goto end;
538  }
539 
540  if (!rend_valid_v2_service_id(query)) {
541  ret = -EINVAL;
542  goto end;
543  }
544 
545  switch (version) {
546  case 0:
547  log_warn(LD_REND, "Cache lookup of a v0 renddesc is deprecated.");
548  break;
549  case 2:
550  /* Default is version 2. */
551  default:
552  tor_snprintf(key, sizeof(key), "%d%s", default_version, query);
553  entry = strmap_get_lc(rend_cache, key);
554  break;
555  }
556  if (!entry) {
557  ret = -ENOENT;
558  goto end;
559  }
560  tor_assert(entry->parsed && entry->parsed->intro_nodes);
561 
562  if (e) {
563  *e = entry;
564  }
565 
566  end:
567  return ret;
568 }
569 
570 /*
571  * Lookup the v2 service descriptor with the service ID <b>query</b> in the
572  * local service descriptor cache. Return 0 if found and if <b>e</b> is
573  * non NULL, set it with the entry found. Else, a negative value is returned
574  * and <b>e</b> is untouched.
575  * -EINVAL means that <b>query</b> is not a valid service id.
576  * -ENOENT means that no entry in the cache was found. */
577 int
578 rend_cache_lookup_v2_desc_as_service(const char *query, rend_cache_entry_t **e)
579 {
580  int ret = 0;
581  rend_cache_entry_t *entry = NULL;
582 
584  tor_assert(query);
585 
586  if (!rend_valid_v2_service_id(query)) {
587  ret = -EINVAL;
588  goto end;
589  }
590 
591  /* Lookup descriptor and return. */
592  entry = strmap_get_lc(rend_cache_local_service, query);
593  if (!entry) {
594  ret = -ENOENT;
595  goto end;
596  }
597 
598  if (e) {
599  *e = entry;
600  }
601 
602  end:
603  return ret;
604 }
605 
606 /** Lookup the v2 service descriptor with base32-encoded <b>desc_id</b> and
607  * copy the pointer to it to *<b>desc</b>. Return 1 on success, 0 on
608  * well-formed-but-not-found, and -1 on failure.
609  */
610 int
611 rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
612 {
614  char desc_id_digest[DIGEST_LEN];
616  if (base32_decode(desc_id_digest, DIGEST_LEN,
617  desc_id, REND_DESC_ID_V2_LEN_BASE32) != DIGEST_LEN) {
618  log_fn(LOG_PROTOCOL_WARN, LD_REND,
619  "Rejecting v2 rendezvous descriptor request -- descriptor ID "
620  "has wrong length or illegal characters: %s",
621  safe_str(desc_id));
622  return -1;
623  }
624  /* Lookup descriptor and return. */
625  e = digestmap_get(rend_cache_v2_dir, desc_id_digest);
626  if (e) {
627  *desc = e->desc;
628  e->last_served = approx_time();
629  return 1;
630  }
631  return 0;
632 }
633 
634 /** Parse the v2 service descriptor(s) in <b>desc</b> and store it/them to the
635  * local rend cache. Don't attempt to decrypt the included list of introduction
636  * points (as we don't have a descriptor cookie for it).
637  *
638  * If we have a newer descriptor with the same ID, ignore this one.
639  * If we have an older descriptor with the same ID, replace it.
640  *
641  * Return 0 on success, or -1 if we couldn't parse any of them.
642  *
643  * We should only call this function for public (e.g. non bridge) relays.
644  */
645 int
647 {
648  const or_options_t *options = get_options();
650  char desc_id[DIGEST_LEN];
651  char *intro_content;
652  size_t intro_size;
653  size_t encoded_size;
654  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
655  int number_parsed = 0, number_stored = 0;
656  const char *current_desc = desc;
657  const char *next_desc;
659  time_t now = time(NULL);
661  tor_assert(desc);
662  while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
663  &intro_size, &encoded_size,
664  &next_desc, current_desc, 1) >= 0) {
665  number_parsed++;
666  /* We don't care about the introduction points. */
667  tor_free(intro_content);
668  /* For pretty log statements. */
669  base32_encode(desc_id_base32, sizeof(desc_id_base32),
670  desc_id, DIGEST_LEN);
671  /* Is descriptor too old? */
672  if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
673  log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
674  safe_str(desc_id_base32));
675  goto skip;
676  }
677  /* Is descriptor too far in the future? */
678  if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
679  log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
680  "future.",
681  safe_str(desc_id_base32));
682  goto skip;
683  }
684  /* Do we already have a newer descriptor? */
685  e = digestmap_get(rend_cache_v2_dir, desc_id);
686  if (e && e->parsed->timestamp > parsed->timestamp) {
687  log_info(LD_REND, "We already have a newer service descriptor with the "
688  "same desc ID %s and version.",
689  safe_str(desc_id_base32));
690  goto skip;
691  }
692  /* Do we already have this descriptor? */
693  if (e && !strcmp(desc, e->desc)) {
694  log_info(LD_REND, "We already have this service descriptor with desc "
695  "ID %s.", safe_str(desc_id_base32));
696  goto skip;
697  }
698  /* Store received descriptor. */
699  if (!e) {
700  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
701  digestmap_set(rend_cache_v2_dir, desc_id, e);
702  /* Treat something just uploaded as having been served a little
703  * while ago, so that flooding with new descriptors doesn't help
704  * too much.
705  */
706  e->last_served = approx_time() - 3600;
707  } else {
709  rend_service_descriptor_free(e->parsed);
710  tor_free(e->desc);
711  }
712  e->parsed = parsed;
713  e->desc = tor_strndup(current_desc, encoded_size);
714  e->len = encoded_size;
716  log_info(LD_REND, "Successfully stored service descriptor with desc ID "
717  "'%s' and len %d.",
718  safe_str(desc_id_base32), (int)encoded_size);
719  /* Statistics: Note down this potentially new HS. */
720  if (options->HiddenServiceStatistics) {
722  }
723 
724  number_stored++;
725  goto advance;
726  skip:
727  rend_service_descriptor_free(parsed);
728  advance:
729  /* advance to next descriptor, if available. */
730  current_desc = next_desc;
731  /* check if there is a next descriptor. */
732  if (!current_desc ||
733  strcmpstart(current_desc, "rendezvous-service-descriptor "))
734  break;
735  }
736  if (!number_parsed) {
737  log_info(LD_REND, "Could not parse any descriptor.");
738  return -1;
739  }
740  log_info(LD_REND, "Parsed %d and added %d descriptor%s.",
741  number_parsed, number_stored, number_stored != 1 ? "s" : "");
742  return 0;
743 }
744 
745 /** Parse the v2 service descriptor in <b>desc</b> and store it to the
746 * local service rend cache. Don't attempt to decrypt the included list of
747 * introduction points.
748 *
749 * If we have a newer descriptor with the same ID, ignore this one.
750 * If we have an older descriptor with the same ID, replace it.
751 *
752 * Return 0 on success, or -1 if we couldn't understand the descriptor.
753 */
754 int
756 {
757  rend_service_descriptor_t *parsed = NULL;
758  char desc_id[DIGEST_LEN];
759  char *intro_content = NULL;
760  size_t intro_size;
761  size_t encoded_size;
762  const char *next_desc;
763  char service_id[REND_SERVICE_ID_LEN_BASE32+1];
765  int retval = -1;
767  tor_assert(desc);
768 
769  /* Parse the descriptor. */
770  if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
771  &intro_size, &encoded_size,
772  &next_desc, desc, 0) < 0) {
773  log_warn(LD_REND, "Could not parse descriptor.");
774  goto err;
775  }
776  /* Compute service ID from public key. */
777  if (rend_get_service_id(parsed->pk, service_id)<0) {
778  log_warn(LD_REND, "Couldn't compute service ID.");
779  goto err;
780  }
781 
782  /* Do we already have a newer descriptor? Allow new descriptors with a
783  rounded timestamp equal to or newer than the current descriptor */
785  service_id);
786  if (e && e->parsed->timestamp > parsed->timestamp) {
787  log_info(LD_REND, "We already have a newer service descriptor for "
788  "service ID %s.", safe_str_client(service_id));
789  goto okay;
790  }
791  /* We don't care about the introduction points. */
792  tor_free(intro_content);
793  if (!e) {
794  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
795  strmap_set_lc(rend_cache_local_service, service_id, e);
796  } else {
798  rend_service_descriptor_free(e->parsed);
799  tor_free(e->desc);
800  }
801  e->parsed = parsed;
802  e->desc = tor_malloc_zero(encoded_size + 1);
803  strlcpy(e->desc, desc, encoded_size + 1);
804  e->len = encoded_size;
806  log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
807  safe_str_client(service_id), (int)encoded_size);
808  return 0;
809 
810  okay:
811  retval = 0;
812 
813  err:
814  rend_service_descriptor_free(parsed);
815  tor_free(intro_content);
816  return retval;
817 }
818 
819 /** Parse the v2 service descriptor in <b>desc</b>, decrypt the included list
820  * of introduction points with <b>descriptor_cookie</b> (which may also be
821  * <b>NULL</b> if decryption is not necessary), and store the descriptor to
822  * the local cache under its version and service id.
823  *
824  * If we have a newer v2 descriptor with the same ID, ignore this one.
825  * If we have an older descriptor with the same ID, replace it.
826  * If the descriptor's service ID does not match
827  * <b>rend_query</b>->onion_address, reject it.
828  *
829  * If the descriptor's descriptor ID doesn't match <b>desc_id_base32</b>,
830  * reject it.
831  *
832  * Return 0 on success, or -1 if we rejected the descriptor.
833  * If entry is not NULL, set it with the cache entry pointer of the descriptor.
834  */
835 int
837  const char *desc_id_base32,
838  const rend_data_t *rend_query,
839  rend_cache_entry_t **entry)
840 {
841  /*XXXX this seems to have a bit of duplicate code with
842  * rend_cache_store_v2_desc_as_dir(). Fix that. */
843  /* Though having similar elements, both functions were separated on
844  * purpose:
845  * - dirs don't care about encoded/encrypted introduction points, clients
846  * do.
847  * - dirs store descriptors in a separate cache by descriptor ID, whereas
848  * clients store them by service ID; both caches are different data
849  * structures and have different access methods.
850  * - dirs store a descriptor only if they are responsible for its ID,
851  * clients do so in every way (because they have requested it before).
852  * - dirs can process multiple concatenated descriptors which is required
853  * for replication, whereas clients only accept a single descriptor.
854  * Thus, combining both methods would result in a lot of if statements
855  * which probably would not improve, but worsen code readability. -KL */
856  rend_service_descriptor_t *parsed = NULL;
857  char desc_id[DIGEST_LEN];
858  char *intro_content = NULL;
859  size_t intro_size;
860  size_t encoded_size;
861  const char *next_desc;
862  time_t now = time(NULL);
863  char key[REND_SERVICE_ID_LEN_BASE32+2];
864  char service_id[REND_SERVICE_ID_LEN_BASE32+1];
865  char want_desc_id[DIGEST_LEN];
867  int retval = -1;
868  rend_data_v2_t *rend_data = TO_REND_DATA_V2(rend_query);
869 
871  tor_assert(desc);
872  tor_assert(desc_id_base32);
873  memset(want_desc_id, 0, sizeof(want_desc_id));
874  if (entry) {
875  *entry = NULL;
876  }
877  if (base32_decode(want_desc_id, sizeof(want_desc_id),
878  desc_id_base32, strlen(desc_id_base32)) !=
879  sizeof(want_desc_id)) {
880  log_warn(LD_BUG, "Couldn't decode base32 %s for descriptor id.",
881  escaped_safe_str_client(desc_id_base32));
882  goto err;
883  }
884  /* Parse the descriptor. */
885  if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
886  &intro_size, &encoded_size,
887  &next_desc, desc, 0) < 0) {
888  log_warn(LD_REND, "Could not parse descriptor.");
889  goto err;
890  }
891  /* Compute service ID from public key. */
892  if (rend_get_service_id(parsed->pk, service_id)<0) {
893  log_warn(LD_REND, "Couldn't compute service ID.");
894  goto err;
895  }
896  if (rend_data->onion_address[0] != '\0' &&
897  strcmp(rend_data->onion_address, service_id)) {
898  log_warn(LD_REND, "Received service descriptor for service ID %s; "
899  "expected descriptor for service ID %s.",
900  service_id, safe_str(rend_data->onion_address));
901  goto err;
902  }
903  if (tor_memneq(desc_id, want_desc_id, DIGEST_LEN)) {
904  log_warn(LD_REND, "Received service descriptor for %s with incorrect "
905  "descriptor ID.", service_id);
906  goto err;
907  }
908 
909  /* Decode/decrypt introduction points. */
910  if (intro_content && intro_size > 0) {
911  int n_intro_points;
912  if (rend_data->auth_type != REND_NO_AUTH &&
914  sizeof(rend_data->descriptor_cookie))) {
915  char *ipos_decrypted = NULL;
916  size_t ipos_decrypted_size;
917  if (rend_decrypt_introduction_points(&ipos_decrypted,
918  &ipos_decrypted_size,
919  rend_data->descriptor_cookie,
920  intro_content,
921  intro_size) < 0) {
922  log_warn(LD_REND, "Failed to decrypt introduction points. We are "
923  "probably unable to parse the encoded introduction points.");
924  } else {
925  /* Replace encrypted with decrypted introduction points. */
926  log_info(LD_REND, "Successfully decrypted introduction points.");
927  tor_free(intro_content);
928  intro_content = ipos_decrypted;
929  intro_size = ipos_decrypted_size;
930  }
931  }
932  n_intro_points = rend_parse_introduction_points(parsed, intro_content,
933  intro_size);
934  if (n_intro_points <= 0) {
935  log_warn(LD_REND, "Failed to parse introduction points. Either the "
936  "service has published a corrupt descriptor or you have "
937  "provided invalid authorization data.");
938  goto err;
939  } else if (n_intro_points > MAX_INTRO_POINTS) {
940  log_warn(LD_REND, "Found too many introduction points on a hidden "
941  "service descriptor for %s. This is probably a (misguided) "
942  "attempt to improve reliability, but it could also be an "
943  "attempt to do a guard enumeration attack. Rejecting.",
944  safe_str_client(service_id));
945 
946  goto err;
947  }
948  } else {
949  log_info(LD_REND, "Descriptor does not contain any introduction points.");
950  parsed->intro_nodes = smartlist_new();
951  }
952  /* We don't need the encoded/encrypted introduction points any longer. */
953  tor_free(intro_content);
954  /* Is descriptor too old? */
955  if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
956  log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
957  safe_str_client(service_id));
958  goto err;
959  }
960  /* Is descriptor too far in the future? */
961  if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
962  log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
963  "the future.", safe_str_client(service_id));
964  goto err;
965  }
966  /* Do we have the same exact copy already in our cache? */
967  tor_snprintf(key, sizeof(key), "2%s", service_id);
969  if (e && !strcmp(desc, e->desc)) {
970  log_info(LD_REND,"We already have this service descriptor %s.",
971  safe_str_client(service_id));
972  goto okay;
973  }
974  /* Verify that we are not replacing an older descriptor. It's important to
975  * avoid an evil HSDir serving old descriptor. We validate if the
976  * timestamp is greater than and not equal because it's a rounded down
977  * timestamp to the hour so if the descriptor changed in the same hour,
978  * the rend cache failure will tell us if we have a new descriptor. */
979  if (e && e->parsed->timestamp > parsed->timestamp) {
980  log_info(LD_REND, "We already have a new enough service descriptor for "
981  "service ID %s with the same desc ID and version.",
982  safe_str_client(service_id));
983  goto okay;
984  }
985  /* Lookup our failure cache for intro point that might be unusable. */
986  validate_intro_point_failure(parsed, service_id);
987  /* It's now possible that our intro point list is empty, which means that
988  * this descriptor is useless to us because intro points have all failed
989  * somehow before. Discard the descriptor. */
990  if (smartlist_len(parsed->intro_nodes) == 0) {
991  log_info(LD_REND, "Service descriptor with service ID %s has no "
992  "usable intro points. Discarding it.",
993  safe_str_client(service_id));
994  goto err;
995  }
996  /* Now either purge the current one and replace its content or create a
997  * new one and add it to the rend cache. */
998  if (!e) {
999  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
1000  strmap_set_lc(rend_cache, key, e);
1001  } else {
1004  rend_service_descriptor_free(e->parsed);
1005  tor_free(e->desc);
1006  }
1007  e->parsed = parsed;
1008  e->desc = tor_malloc_zero(encoded_size + 1);
1009  strlcpy(e->desc, desc, encoded_size + 1);
1010  e->len = encoded_size;
1012  log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
1013  safe_str_client(service_id), (int)encoded_size);
1014  if (entry) {
1015  *entry = e;
1016  }
1017  return 0;
1018 
1019  okay:
1020  if (entry) {
1021  *entry = e;
1022  }
1023  retval = 0;
1024 
1025  err:
1026  rend_service_descriptor_free(parsed);
1027  tor_free(intro_content);
1028  return retval;
1029 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:287
rend_cache_failure_intro_t
Definition: rendcache.h:38
rend_cache_failure_t
Definition: rendcache.h:46
safe_mem_is_zero
int safe_mem_is_zero(const void *mem, size_t sz)
Definition: di_ops.c:224
tor_free
#define tor_free(p)
Definition: malloc.h:52
rend_cache_entry_t
Definition: rendcache.h:29
rend_cache_v2_dir
STATIC digestmap_t * rend_cache_v2_dir
Definition: rendcache.c:33
approx_time
time_t approx_time(void)
Definition: approx_time.c:32
rend_data_v2_t::auth_type
rend_auth_type_t auth_type
Definition: or.h:450
DIGESTMAP_FOREACH_MODIFY
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
Definition: map.h:165
rend_service_descriptor_st.h
Parsed v2 HS descriptor structure.
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
rendparse.h
Header file for rendparse.c.
LD_BUG
#define LD_BUG
Definition: log.h:86
rend_cache_free_all
void rend_cache_free_all(void)
Definition: rendcache.c:244
rend_cache_failure_intro_entry_new
STATIC rend_cache_failure_intro_t * rend_cache_failure_intro_entry_new(rend_intro_point_failure_t failure)
Definition: rendcache.c:146
rend_cache_entry_t::last_served
time_t last_served
Definition: rendcache.h:31
DIGESTMAP_FOREACH_END
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
REND_SERVICE_ID_LEN_BASE32
#define REND_SERVICE_ID_LEN_BASE32
Definition: or.h:332
rend_cache_clean
void rend_cache_clean(time_t now, rend_cache_type_t cache_type)
Definition: rendcache.c:289
rend_cache_entry_free_void
static void rend_cache_entry_free_void(void *p)
Definition: rendcache.c:226
rend_parse_introduction_points
int rend_parse_introduction_points(rend_service_descriptor_t *parsed, const char *intro_points_encoded, size_t intro_points_encoded_size)
Definition: rendparse.c:379
rend_cache_store_v2_desc_as_service
int rend_cache_store_v2_desc_as_service(const char *desc)
Definition: rendcache.c:755
rend_cache_entry_allocation
STATIC size_t rend_cache_entry_allocation(const rend_cache_entry_t *e)
Definition: rendcache.c:78
rend_cache_failure_clean
void rend_cache_failure_clean(time_t now)
Definition: rendcache.c:265
rend_cache_failure_intro_entry_free_
STATIC void rend_cache_failure_intro_entry_free_(rend_cache_failure_intro_t *entry)
Definition: rendcache.c:129
rend_cache_intro_failure_exists
bool rend_cache_intro_failure_exists(const char *service_id, const uint8_t *intro_identity)
Definition: rendcache.c:233
rend_service_descriptor_t
Definition: rend_service_descriptor_st.h:19
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
rend_cache_local_service
static strmap_t * rend_cache_local_service
Definition: rendcache.c:29
tor_snprintf
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
rend_intro_point_st.h
v2 hidden service introduction point structure.
rend_cache_failure_entry_free_void
STATIC void rend_cache_failure_entry_free_void(void *entry)
Definition: rendcache.c:172
base32_decode
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
rend_cache_lookup_entry
int rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
Definition: rendcache.c:523
base32_encode
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
escaped_safe_str_client
const char * escaped_safe_str_client(const char *address)
Definition: config.c:1119
REND_DESC_ID_V2_LEN_BASE32
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:355
rend_cache_failure_entry_new
STATIC rend_cache_failure_t * rend_cache_failure_entry_new(void)
Definition: rendcache.c:180
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
rend_cache_entry_t::parsed
rend_service_descriptor_t * parsed
Definition: rendcache.h:34
strmap_set_lc
void * strmap_set_lc(strmap_t *map, const char *key, void *val)
Definition: map.c:346
tor_memneq
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
cache_failure_intro_add
STATIC void cache_failure_intro_add(const uint8_t *identity, const char *service_id, rend_intro_point_failure_t failure)
Definition: rendcache.c:391
rend_data_v2_t::descriptor_cookie
char descriptor_cookie[REND_DESC_COOKIE_LEN]
Definition: or.h:447
rend_cache_entry_free_
STATIC void rend_cache_entry_free_(rend_cache_entry_t *e)
Definition: rendcache.c:210
rend_cache_purge
void rend_cache_purge(void)
Definition: rendcache.c:320
rend_service_descriptor_t::pk
crypto_pk_t * pk
Definition: rend_service_descriptor_st.h:20
LD_REND
#define LD_REND
Definition: log.h:84
rend_cache_intro_failure_note
void rend_cache_intro_failure_note(rend_intro_point_failure_t failure, const uint8_t *identity, const char *service_id)
Definition: rendcache.c:466
strcmpstart
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:215
rend_cache_entry_t::len
size_t len
Definition: rendcache.h:30
rend_valid_v2_service_id
int rend_valid_v2_service_id(const char *query)
Definition: rendcommon.c:725
or_options_t::HiddenServiceStatistics
int HiddenServiceStatistics
Definition: or_options_st.h:652
routerlist.h
Header file for routerlist.c.
rend_cache_failure_entry_free_
STATIC void rend_cache_failure_entry_free_(rend_cache_failure_t *entry)
Definition: rendcache.c:156
rend_cache_store_v2_desc_as_dir
int rend_cache_store_v2_desc_as_dir(const char *desc)
Definition: rendcache.c:646
rendcache.h
Header file for rendcache.c.
cache_failure_intro_dup
static rend_cache_failure_intro_t * cache_failure_intro_dup(const rend_cache_failure_intro_t *entry)
Definition: rendcache.c:379
di_ops.h
Headers for di_ops.c.
get_options
const or_options_t * get_options(void)
Definition: config.c:928
REND_CACHE_MAX_AGE
#define REND_CACHE_MAX_AGE
Definition: rendcache.h:17
rend_intro_point_t
Definition: rend_intro_point_st.h:21
rend_service_descriptor_t::intro_nodes
smartlist_t * intro_nodes
Definition: rend_service_descriptor_st.h:28
rend_service_descriptor_t::timestamp
time_t timestamp
Definition: rend_service_descriptor_st.h:22
rep_hist_stored_maybe_new_hs
void rep_hist_stored_maybe_new_hs(const crypto_pk_t *pubkey)
Definition: rephist.c:1805
extend_info_st.h
Extend-info structure.
validate_intro_point_failure
STATIC void validate_intro_point_failure(const rend_service_descriptor_t *desc, const char *service_id)
Definition: rendcache.c:418
rend_parse_v2_service_descriptor
int rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, char *desc_id_out, char **intro_points_encrypted_out, size_t *intro_points_encrypted_size_out, size_t *encoded_size_out, const char **next_out, const char *desc, int as_hsdir)
Definition: rendparse.c:73
rend_cache_failure_purge
void rend_cache_failure_purge(void)
Definition: rendcache.c:332
rend_decrypt_introduction_points
int rend_decrypt_introduction_points(char **ipos_decrypted, size_t *ipos_decrypted_size, const char *descriptor_cookie, const char *ipos_encrypted, size_t ipos_encrypted_size)
Definition: rendparse.c:268
strmap_get_lc
void * strmap_get_lc(const strmap_t *map, const char *key)
Definition: map.c:360
rend_cache_clean_v2_descs_as_dir
size_t rend_cache_clean_v2_descs_as_dir(time_t cutoff)
Definition: rendcache.c:487
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
rend_data_v2_t::onion_address
char onion_address[REND_SERVICE_ID_LEN_BASE32+1]
Definition: or.h:439
SMARTLIST_DEL_CURRENT
#define SMARTLIST_DEL_CURRENT(sl, var)
Definition: smartlist_foreach.h:120
MAP_DEL_CURRENT
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:140
rend_cache_increment_allocation
void rend_cache_increment_allocation(size_t n)
Definition: rendcache.c:113
rend_cache_failure_remove
STATIC void rend_cache_failure_remove(rend_service_descriptor_t *desc)
Definition: rendcache.c:190
rend_data_t
Definition: or.h:419
rend_cache_entry_t::desc
char * desc
Definition: rendcache.h:33
rend_cache_failure
STATIC strmap_t * rend_cache_failure
Definition: rendcache.c:60
rend_cache_decrement_allocation
void rend_cache_decrement_allocation(size_t n)
Definition: rendcache.c:96
config.h
Header file for config.c.
cache_failure_intro_lookup
STATIC int cache_failure_intro_lookup(const uint8_t *identity, const char *service_id, rend_cache_failure_intro_t **intro_entry)
Definition: rendcache.c:347
strmap_remove_lc
void * strmap_remove_lc(strmap_t *map, const char *key)
Definition: map.c:372
or_options_t
Definition: or_options_st.h:45
rend_cache_store_v2_desc_as_client
int rend_cache_store_v2_desc_as_client(const char *desc, const char *desc_id_base32, const rend_data_t *rend_query, rend_cache_entry_t **entry)
Definition: rendcache.c:836
rend_cache_lookup_v2_desc_as_dir
int rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
Definition: rendcache.c:611
STATIC
#define STATIC
Definition: testsupport.h:32
rend_cache
STATIC strmap_t * rend_cache
Definition: rendcache.c:26
REND_CACHE_FAILURE_MAX_AGE
#define REND_CACHE_FAILURE_MAX_AGE
Definition: rendcache.h:22
rend_data_v2_t
Definition: or.h:434
rend_cache_init
void rend_cache_init(void)
Definition: rendcache.c:68
REND_CACHE_MAX_SKEW
#define REND_CACHE_MAX_SKEW
Definition: rendcache.h:20
rendcommon.h
Header file for rendcommon.c.
rephist.h
Header file for rephist.c.
rend_get_service_id
int rend_get_service_id(crypto_pk_t *pk, char *out)
Definition: rendcommon.c:712