1#![cfg_attr(docsrs, feature(doc_auto_cfg, doc_cfg))]
2#![doc = include_str!("../README.md")]
3// @@ begin lint list maintained by maint/add_warning @@
4#![allow(renamed_and_removed_lints)] // @@REMOVE_WHEN(ci_arti_stable)
5#![allow(unknown_lints)] // @@REMOVE_WHEN(ci_arti_nightly)
6#![warn(missing_docs)]
7#![warn(noop_method_call)]
8#![warn(unreachable_pub)]
9#![warn(clippy::all)]
10#![deny(clippy::await_holding_lock)]
11#![deny(clippy::cargo_common_metadata)]
12#![deny(clippy::cast_lossless)]
13#![deny(clippy::checked_conversions)]
14#![warn(clippy::cognitive_complexity)]
15#![deny(clippy::debug_assert_with_mut_call)]
16#![deny(clippy::exhaustive_enums)]
17#![deny(clippy::exhaustive_structs)]
18#![deny(clippy::expl_impl_clone_on_copy)]
19#![deny(clippy::fallible_impl_from)]
20#![deny(clippy::implicit_clone)]
21#![deny(clippy::large_stack_arrays)]
22#![warn(clippy::manual_ok_or)]
23#![deny(clippy::missing_docs_in_private_items)]
24#![warn(clippy::needless_borrow)]
25#![warn(clippy::needless_pass_by_value)]
26#![warn(clippy::option_option)]
27#![deny(clippy::print_stderr)]
28#![deny(clippy::print_stdout)]
29#![warn(clippy::rc_buffer)]
30#![deny(clippy::ref_option_ref)]
31#![warn(clippy::semicolon_if_nothing_returned)]
32#![warn(clippy::trait_duplication_in_bounds)]
33#![deny(clippy::unchecked_duration_subtraction)]
34#![deny(clippy::unnecessary_wraps)]
35#![warn(clippy::unseparated_literal_suffix)]
36#![deny(clippy::unwrap_used)]
37#![deny(clippy::mod_module_files)]
38#![allow(clippy::let_unit_value)] // This can reasonably be done for explicitness
39#![allow(clippy::uninlined_format_args)]
40#![allow(clippy::significant_drop_in_scrutinee)] // arti/-/merge_requests/588/#note_2812945
41#![allow(clippy::result_large_err)] // temporary workaround for arti#587
42#![allow(clippy::needless_raw_string_hashes)] // complained-about code is fine, often best
43#![allow(clippy::needless_lifetimes)] // See arti#1765
44#![allow(mismatched_lifetime_syntaxes)] // temporary workaround for arti#2060
45//! <!-- @@ end lint list maintained by maint/add_warning @@ -->
4647mod connect;
48mod err;
49mod isol_map;
50mod keys;
51mod pow;
52mod proto_oneshot;
53mod relay_info;
54mod state;
5556use std::future::Future;
57use std::sync::{Arc, Mutex, MutexGuard};
5859use futures::stream::BoxStream;
60use futures::task::SpawnExt as _;
61use futures::StreamExt as _;
6263use educe::Educe;
64use tracing::debug;
6566use tor_circmgr::hspool::HsCircPool;
67use tor_circmgr::isolation::StreamIsolation;
68use tor_error::{internal, Bug};
69use tor_hscrypto::pk::HsId;
70use tor_netdir::NetDir;
71use tor_proto::circuit::ClientCirc;
72use tor_rtcompat::Runtime;
7374pub use err::FailedAttemptError;
75pub use err::{ConnError, DescriptorError, DescriptorErrorDetail, StartupError};
76pub use keys::{HsClientDescEncKeypairSpecifier, HsClientSecretKeys, HsClientSecretKeysBuilder};
77pub use relay_info::InvalidTarget;
78pub use state::HsClientConnectorConfig;
7980use err::{rend_pt_identity_for_error, IntroPtIndex, RendPtIdentityForError};
81use state::{Config, MockableConnectorData, Services};
8283/// An object that negotiates connections with onion services
84///
85/// This can be used by multiple requests on behalf of different clients,
86/// with potentially different HS service discovery keys (`KS_hsc_*`)
87/// and potentially different circuit isolation.
88///
89/// The principal entrypoint is
90/// [`get_or_launch_connection()`](HsClientConnector::get_or_launch_connection).
91///
92/// This object is handle-like: it is fairly cheap to clone,
93/// and contains `Arc`s internally.
94#[derive(Educe)]
95#[educe(Clone)]
96pub struct HsClientConnector<R: Runtime, D: state::MockableConnectorData = connect::Data> {
97/// The runtime
98runtime: R,
99/// A [`HsCircPool`] that we use to build circuits to HsDirs, introduction
100 /// points, and rendezvous points.
101circpool: Arc<HsCircPool<R>>,
102/// Information we are remembering about different onion services.
103services: Arc<Mutex<state::Services<D>>>,
104/// For mocking in tests of `state.rs`
105mock_for_state: D::MockGlobalState,
106}
107108impl<R: Runtime> HsClientConnector<R, connect::Data> {
109/// Create a new `HsClientConnector`
110 ///
111 /// `housekeeping_prompt` should yield "occasionally",
112 /// perhaps every few hours or maybe daily.
113 ///
114 /// In Arti we arrange for this to happen when we have a new consensus.
115 ///
116 /// Housekeeping events shouldn't arrive while we're dormant,
117 /// since the housekeeping might involve processing that ought to be deferred.
118// This ^ is why we don't have a separate "launch background tasks" method.
119 // It is fine for this background task to be launched pre-bootstrap, since it willp
120 // do nothing until it gets events.
121pub fn new(
122 runtime: R,
123 circpool: Arc<HsCircPool<R>>,
124 config: &impl HsClientConnectorConfig,
125 housekeeping_prompt: BoxStream<'static, ()>,
126 ) -> Result<Self, StartupError> {
127let config = Config {
128 retry: config.as_ref().clone(),
129 };
130let connector = HsClientConnector {
131 runtime,
132 circpool,
133 services: Arc::new(Mutex::new(Services::new(config))),
134 mock_for_state: (),
135 };
136 connector.spawn_housekeeping_task(housekeeping_prompt)?;
137Ok(connector)
138 }
139140/// Connect to a hidden service
141 ///
142 /// On success, this function will return an open
143 /// rendezvous circuit with an authenticated connection to the onion service
144 /// whose identity is `hs_id`. If such a circuit already exists, and its isolation
145 /// is compatible with `isolation`, that circuit may be returned; otherwise,
146 /// a new circuit will be created.
147 ///
148 /// Once a circuit is returned, the caller can use it to open new streams to the
149 /// onion service. To do so, call [`ClientCirc::begin_stream`] on it.
150 ///
151 /// Each HS connection request must provide the appropriate
152 /// service discovery keys to use -
153 /// or [`default`](HsClientSecretKeys::default)
154 /// if the hidden service is not running in restricted discovery mode.
155//
156 // This returns an explicit `impl Future` so that we can write the `Send` bound.
157 // Without this, it is possible for `Services::get_or_launch_connection`
158 // to not return a `Send` future.
159 // https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1034#note_2881718
160pub fn get_or_launch_circuit<'r>(
161&'r self,
162 netdir: &'r Arc<NetDir>,
163 hs_id: HsId,
164 secret_keys: HsClientSecretKeys,
165 isolation: StreamIsolation,
166 ) -> impl Future<Output = Result<Arc<ClientCirc>, ConnError>> + Send + Sync + 'r {
167// As in tor-circmgr, we take `StreamIsolation`, to ensure that callers in
168 // arti-client pass us the final overall isolation,
169 // including the per-TorClient isolation.
170 // But internally we need a Box<dyn Isolation> since we need .join().
171let isolation = Box::new(isolation);
172 Services::get_or_launch_connection(self, netdir, hs_id, isolation, secret_keys)
173 }
174175/// A deprecated alias for `get_or_launch_circuit`.
176 ///
177 /// We renamed it to be
178 /// more clear about what exactly it is launching.
179#[deprecated(since = "0.5.1", note = "Use get_or_launch_circuit instead.")]
180pub fn get_or_launch_connection<'r>(
181&'r self,
182 netdir: &'r Arc<NetDir>,
183 hs_id: HsId,
184 secret_keys: HsClientSecretKeys,
185 isolation: StreamIsolation,
186 ) -> impl Future<Output = Result<Arc<ClientCirc>, ConnError>> + Send + Sync + 'r {
187self.get_or_launch_circuit(netdir, hs_id, secret_keys, isolation)
188 }
189}
190191impl<R: Runtime, D: MockableConnectorData> HsClientConnector<R, D> {
192/// Lock the `Services` table and return the guard
193 ///
194 /// Convenience method
195fn services(&self) -> Result<MutexGuard<Services<D>>, Bug> {
196self.services
197 .lock()
198 .map_err(|_| internal!("HS connector poisoned"))
199 }
200201/// Spawn a task which watches `prompt` and calls [`Services::run_housekeeping`]
202fn spawn_housekeeping_task(
203&self,
204mut prompt: BoxStream<'static, ()>,
205 ) -> Result<(), StartupError> {
206self.runtime
207 .spawn({
208let connector = self.clone();
209let runtime = self.runtime.clone();
210async move {
211while let Some(()) = prompt.next().await {
212let Ok(mut services) = connector.services() else {
213break;
214 };
215216// (Currently) this is "expire old data".
217services.run_housekeeping(runtime.now());
218 }
219debug!("HS connector housekeeping task exiting (EOF on prompt stream)");
220 }
221 })
222 .map_err(|cause| StartupError::Spawn {
223 spawning: "housekeeping task",
224 cause: cause.into(),
225 })
226 }
227}
228229/// Return a list of the protocols [supported](tor_protover::doc_supported) by this crate,
230/// running as a hidden service client.
231pub fn supported_hsclient_protocols() -> tor_protover::Protocols {
232use tor_protover::named::*;
233// WARNING: REMOVING ELEMENTS FROM THIS LIST CAN BE DANGEROUS!
234 // SEE [`tor_protover::doc_changing`]
235[
236 HSINTRO_V3,
237// Technically, there is nothing for a client to do to support HSINTRO_RATELIM.
238 // See torspec#319
239HSINTRO_RATELIM,
240 HSREND_V3,
241 HSDIR_V3,
242 ]
243 .into_iter()
244 .collect()
245}
246247#[cfg(test)]
248mod test {
249// @@ begin test lint list maintained by maint/add_warning @@
250#![allow(clippy::bool_assert_comparison)]
251 #![allow(clippy::clone_on_copy)]
252 #![allow(clippy::dbg_macro)]
253 #![allow(clippy::mixed_attributes_style)]
254 #![allow(clippy::print_stderr)]
255 #![allow(clippy::print_stdout)]
256 #![allow(clippy::single_char_pattern)]
257 #![allow(clippy::unwrap_used)]
258 #![allow(clippy::unchecked_duration_subtraction)]
259 #![allow(clippy::useless_vec)]
260 #![allow(clippy::needless_pass_by_value)]
261//! <!-- @@ end test lint list maintained by maint/add_warning @@ -->
262263use super::*;
264265#[test]
266fn protocols() {
267let pr = supported_hsclient_protocols();
268let expected = "HSIntro=4-5 HSRend=2 HSDir=2".parse().unwrap();
269assert_eq!(pr, expected);
270 }
271}