9#define HS_SERVICE_PRIVATE
22#include "feature/client/circpathbias.h"
65#include "trunnel/ed25519_cert.h"
66#include "trunnel/hs/cell_establish_intro.h"
78#define FOR_EACH_SERVICE_BEGIN(var) \
80 hs_service_t **var##_iter, *var; \
81 HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
83#define FOR_EACH_SERVICE_END } STMT_END ;
88#define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
90 hs_service_descriptor_t *var; \
91 for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
92 ++var ## _loop_idx) { \
93 (var ## _loop_idx == 0) ? (var = service->desc_current) : \
94 (var = service->desc_next); \
95 if (var == NULL) continue;
96#define FOR_EACH_DESCRIPTOR_END } STMT_END ;
100static const char fname_keyfile_prefix[] =
"hs_ed25519";
101static const char dname_client_pubkeys[] =
"authorized_clients";
102static const char fname_hostname[] =
"hostname";
103static const char address_tld[] =
"onion";
119 time_t now,
bool is_current);
142static inline unsigned int
162HT_GENERATE2(hs_service_ht,
hs_service_t, hs_service_node,
183 memset(&dummy_service, 0,
sizeof(dummy_service));
185 return HT_FIND(hs_service_ht, map, &dummy_service);
203 HT_INSERT(hs_service_ht, map, service);
227 if (BUG(service == NULL) ||
232 elm = HT_REMOVE(hs_service_ht, map, service);
236 log_warn(
LD_BUG,
"Could not find service in the global map "
237 "while removing service %s",
264 c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
265 c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
280 pow_state->pop_pqueue_ev = NULL;
285 pow_state->pqueue_low_level = 16;
286 pow_state->pqueue_high_level = 16384;
288 if (service->
config.pow_queue_rate > 0 &&
289 service->
config.pow_queue_burst >= service->
config.pow_queue_rate) {
290 pow_state->using_pqueue_bucket = 1;
292 service->
config.pow_queue_rate,
293 service->
config.pow_queue_burst,
294 (uint32_t) monotime_coarse_absolute_sec());
296 pow_state->pqueue_low_level =
MAX(8, service->
config.pow_queue_rate / 4);
297 pow_state->pqueue_high_level =
298 service->
config.pow_queue_burst +
304 pow_state->suggested_effort = 0;
305 pow_state->rend_handled = 0;
306 pow_state->total_effort = 0;
307 pow_state->next_effort_update = (time(NULL) + HS_UPDATE_PERIOD);
313 log_info(
LD_REND,
"Generating both PoW seeds...");
317 pow_state->expiration_time =
320 HS_SERVICE_POW_SEED_ROTATE_TIME_MAX));
328 if (config == NULL) {
334 hs_port_config_free(p););
335 smartlist_free(config->
ports);
339 service_authorized_client_free(p));
340 smartlist_free(config->
clients);
347 memset(config, 0,
sizeof(*config));
361 const char *legacy_id = NULL;
364 const link_specifier_t *, lspec) {
365 if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
366 legacy_id = (
const char *)
367 link_specifier_getconstarray_un_legacy_id(lspec);
370 } SMARTLIST_FOREACH_END(lspec);
404 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
413#define MIN_INTRO_POINT_LIFETIME_TESTING 10
415 return MIN_INTRO_POINT_LIFETIME_TESTING;
430#define MAX_INTRO_POINT_LIFETIME_TESTING 30
432 return MAX_INTRO_POINT_LIFETIME_TESTING;
523 ip = tor_malloc_zero(
sizeof(*ip));
531 if (BUG(max_introduce2_cells < min_introduce2_cells)) {
535 max_introduce2_cells);
540 if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
564 if (crypto_pk_generate_key(ip->
legacy_key) < 0) {
584 service_intro_point_free(ip);
599 old_ip_entry = digest256map_set(map, ip->
auth_key_kp.pubkey.pubkey, ip);
601 tor_assert_nonfatal(!old_ip_entry);
617 digest256map_remove(desc->intro_points.map,
619 } FOR_EACH_DESCRIPTOR_END;
644 if ((ip = digest256map_get(desc->intro_points.map,
645 auth_key->pubkey)) != NULL) {
648 } FOR_EACH_DESCRIPTOR_END;
665 if (digest256map_get(desc->intro_points.map,
670 } FOR_EACH_DESCRIPTOR_END;
703 if (s && ip && *ip && desc) {
712static link_specifier_t *
715 link_specifier_t *lnk_spec = NULL;
720 link_specifier_t *, ls) {
721 if (link_specifier_get_ls_type(ls) == type) {
725 } SMARTLIST_FOREACH_END(ls);
737 const link_specifier_t *ls;
747 (
const char *) link_specifier_getconstarray_un_legacy_id(ls));
756 unsigned int direct_conn)
784 unsigned int count = 0;
791 } DIGEST256MAP_FOREACH_END;
802 unsigned int count = 0;
817 connection_mark_for_close(conn);
821 } SMARTLIST_FOREACH_END(conn);
823 log_info(
LD_REND,
"Closed %u active service directory connections for "
824 "descriptor %s of service %s",
828 smartlist_free(dir_conns);
856 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
867 DIGEST256MAP_FOREACH(intro_points->
map, key,
874 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
876 } DIGEST256MAP_FOREACH_END;
887 } FOR_EACH_DESCRIPTOR_END;
919 for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
923 next = HT_NEXT(hs_service_ht, src, iter);
928 next = HT_NEXT_RMV(hs_service_ht, src, iter);
930 log_warn(
LD_BUG,
"Ephemeral service key is already being used. "
970 if (src->ob_subcreds) {
971 dst->ob_subcreds = src->ob_subcreds;
972 dst->n_ob_subcreds = src->n_ob_subcreds;
974 src->ob_subcreds = NULL;
984 struct hs_service_ht *new_service_map;
989 new_service_map = tor_malloc_zero(
sizeof(*new_service_map));
990 HT_INIT(hs_service_ht, new_service_map);
1021 log_warn(
LD_BUG,
"Unable to register service with directory %s",
1026 } SMARTLIST_FOREACH_END(snew);
1032 } FOR_EACH_SERVICE_END;
1053 char *addr_buf = NULL;
1064 log_warn(
LD_REND,
"Could not write onion address to hostname file %s",
1072 if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1073 log_warn(
LD_FS,
"Unable to make onion service hostname file %s "
1074 "group-readable.",
escaped(fname));
1101 config = &service->
config;
1120 log_info(
LD_REND,
"Unable to load keys from %s. Generating it...", fname);
1123 uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1128 log_warn(
LD_REND,
"Unable to generate keys and save in %s.", fname);
1138 ed25519_keypair_free(kp);
1169 const char *valid_extension =
".auth";
1175 if (!
strcmpend(filename, valid_extension) &&
1176 strlen(filename) != strlen(valid_extension)) {
1198 log_fn(severity,
LD_REND,
"Client authorization encoded base32 public key "
1199 "length is invalid: %s", key_str);
1206 key_str, strlen(key_str)) !=
1208 log_fn(severity,
LD_REND,
"Client authorization public key cannot be "
1209 "decoded: %s", key_str);
1216 if (client != NULL) {
1217 service_authorized_client_free(client);
1234 char *auth_type = NULL;
1235 char *key_type = NULL;
1236 char *pubkey_b32 = NULL;
1243 SPLIT_SKIP_SPACE, 0);
1245 if (smartlist_len(fields) != 3) {
1246 log_warn(
LD_REND,
"Unknown format of client authorization file.");
1250 auth_type = smartlist_get(fields, 0);
1251 key_type = smartlist_get(fields, 1);
1252 pubkey_b32 = smartlist_get(fields, 2);
1255 if (strcmp(auth_type,
"descriptor")) {
1256 log_warn(
LD_REND,
"Client authorization auth type '%s' not supported.",
1262 if (strcmp(key_type,
"x25519")) {
1263 log_warn(
LD_REND,
"Client authorization key type '%s' not supported.",
1276 service_authorized_client_free(client);
1280 memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1284 smartlist_free(fields);
1294 char *client_key_str = NULL;
1295 char *client_key_file_path = NULL;
1296 char *client_keys_dir_path = NULL;
1302 config = &service->
config;
1308 dname_client_pubkeys);
1310 client_keys_dir_path,
1318 service_authorized_client_free(p));
1319 smartlist_free(config->
clients);
1325 if (file_list == NULL) {
1326 log_warn(
LD_REND,
"Client authorization directory %s can't be listed.",
1327 client_keys_dir_path);
1333 log_info(
LD_REND,
"Loading a client authorization key file %s...",
1337 log_warn(
LD_REND,
"Client authorization unrecognized filename %s. "
1338 "File must end in .auth. Ignoring.", filename);
1345 client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1348 if (!client_key_str) {
1349 log_warn(
LD_REND,
"Client authorization file %s can't be read. "
1350 "Corrupted or verify permission? Ignoring.",
1351 client_key_file_path);
1359 memwipe(client_key_str, 0, strlen(client_key_str));
1364 log_info(
LD_REND,
"Loaded a client authorization key file %s.",
1368 } SMARTLIST_FOREACH_END(filename);
1373 if (client_key_str) {
1374 memwipe(client_key_str, 0, strlen(client_key_str));
1378 smartlist_free(file_list);
1404 hs_descriptor_free(desc->
desc);
1442 memcpy(client_dup->
client_pk.public_key,
1492 if (smartlist_len(config1->
clients) != smartlist_len(config2->
clients)) {
1509 for (i = 0; i < smartlist_len(sl1); i++) {
1513 smartlist_get(sl2, i))) {
1524 service_authorized_client_free(p));
1525 smartlist_free(sl1);
1529 service_authorized_client_free(p));
1530 smartlist_free(sl2);
1556 service_descriptor_free(dst->
desc_next);
1564 int client_auth_changed =
1575 if (client_auth_changed && dst->
desc_next) {
1591 service_descriptor_free(dst->
desc_next);
1604 time_t failure_time = *t;
1610 } FOR_EACH_DESCRIPTOR_END;
1638 time_t *time_of_failure, *prev_ptr;
1639 const link_specifier_t *legacy_ls;
1644 time_of_failure = tor_malloc_zero(
sizeof(time_t));
1645 *time_of_failure = now;
1648 prev_ptr = digestmap_set(
1650 (
const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1666 time_t nearest_hour = now - (now % 3600);
1677 CERT_TYPE_AUTH_HS_IP_KEY,
1681 CERT_FLAG_INCLUDE_SIGNING_KEY);
1683 log_warn(
LD_REND,
"Unable to create intro point auth-key certificate");
1689 const link_specifier_t *, ls) {
1698 } SMARTLIST_FOREACH_END(ls);
1705 &signing_kp->pubkey,
1710 log_warn(
LD_REND,
"Unable to create enc key legacy cross cert.");
1728 CERT_TYPE_CROSS_HS_IP_KEYS,
1729 &ed25519_pubkey, nearest_hour,
1731 CERT_FLAG_INCLUDE_SIGNING_KEY);
1733 log_warn(
LD_REND,
"Unable to create enc key curve25519 cross cert.");
1776 hs_desc_intro_point_free(desc_ip);
1781 } DIGEST256MAP_FOREACH_END;
1803 CERT_FLAG_INCLUDE_SIGNING_KEY);
1858 config = &service->
config;
1894 } SMARTLIST_FOREACH_END(client);
1901 int num_clients = smartlist_len(superencrypted->
clients);
1902 int num_clients_to_add;
1903 if (num_clients == 0) {
1906 num_clients_to_add = 0;
1908 num_clients_to_add =
1913 for (i = 0; i < num_clients_to_add; i++) {
1966 const char ope_key_prefix[] =
"rev-counter-generation";
1970 sizeof(eph_privkey->
seckey));
2013 log_warn(
LD_REND,
"Can't generate descriptor signing keypair for "
2022 log_warn(
LD_REND,
"Can't generate auth ephemeral keypair for "
2080 &encoded_desc) < 0)) {
2099 service_descriptor_free(desc);
2107 uint64_t current_desc_tp, next_desc_tp;
2147 log_info(
LD_REND,
"Hidden service %s has just started. Both descriptors "
2148 "built. Now scheduled for upload.",
2161 if (service->desc_current == NULL && service->desc_next == NULL) {
2171 if (BUG(service->desc_current == NULL)) {
2175 if (service->desc_next == NULL) {
2177 &service->desc_next);
2178 log_info(
LD_REND,
"Hidden service %s next descriptor successfully "
2179 "built. Now scheduled for upload.",
2180 safe_str_client(service->onion_address));
2182 } FOR_EACH_DESCRIPTOR_END;
2211 direct_conn ? direct_flags : flags);
2215 if (direct_conn && !node) {
2217 "Unable to find an intro point that we can connect to "
2218 "directly, falling back to a 3-hop path.");
2242 service_intro_point_free(ip);
2253 int i = 0, num_needed_ip;
2262 if (BUG(num_needed_ip < 0)) {
2289 } DIGEST256MAP_FOREACH_END;
2294 for (i = 0; i < num_needed_ip; i++) {
2304 log_info(
LD_REND,
"Unable to find a suitable node to be an "
2305 "introduction point for service %s.",
2329 smartlist_free(exclude_nodes);
2366 int descriptor_changed)
2373 if (descriptor_changed) {
2383 unsigned int num_intro_points;
2392 if (num_intro_points < service->config.num_intro_points) {
2395 if (num_new_intro_points != 0) {
2396 log_info(
LD_REND,
"Service %s just picked %u intro points and wanted "
2397 "%u for %s descriptor. It currently has %d intro "
2398 "points. Launching ESTABLISH_INTRO circuit shortly.",
2400 num_new_intro_points,
2412 if ((num_new_intro_points + num_intro_points) <
2430 } FOR_EACH_DESCRIPTOR_END;
2431 } FOR_EACH_SERVICE_END;
2441 int descs_updated = 0;
2444 uint32_t previous_effort;
2450 if (!service->config.has_pow_defenses_enabled &&
2451 desc->desc->encrypted_data.pow_params) {
2452 log_info(
LD_REND,
"PoW defenses have been disabled, clearing "
2453 "pow_params from a descriptor.");
2454 tor_free(desc->desc->encrypted_data.pow_params);
2459 } FOR_EACH_DESCRIPTOR_END;
2463 if (!service->config.has_pow_defenses_enabled) {
2468 encrypted = &desc->desc->encrypted_data;
2473 log_info(
LD_REND,
"Initializing pow_params in descriptor...");
2481 pow_state->expiration_time) {
2493 if (pow_state->suggested_effort < previous_effort * 0.85 ||
2494 previous_effort * 1.15 < pow_state->suggested_effort) {
2495 log_info(
LD_REND,
"Suggested effort changed significantly, "
2496 "updating descriptors...");
2499 }
else if (previous_effort != pow_state->suggested_effort) {
2503 log_info(
LD_REND,
"Change in suggested effort didn't warrant "
2504 "updating descriptors.");
2506 } FOR_EACH_DESCRIPTOR_END;
2508 if (descs_updated) {
2511 } FOR_EACH_DESCRIPTOR_END;
2513 } FOR_EACH_SERVICE_END;
2564 if (has_no_node || has_expired) {
2581 ret = has_no_retries;
2586 log_info(
LD_REND,
"Intro point %s%s (retried: %u times). "
2589 has_expired ?
" has expired" :
2590 (has_no_node) ?
" fell off the consensus" :
"",
2618 DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2632 } DIGEST256MAP_FOREACH_END;
2633 } FOR_EACH_DESCRIPTOR_END;
2646 if (ocirc && !
TO_CIRCUIT(ocirc)->marked_for_close) {
2647 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2651 service_intro_point_free(ip);
2652 } SMARTLIST_FOREACH_END(ip);
2654 smartlist_free(ips_to_free);
2665 "Current seed expired. Scrubbing replay cache, rotating PoW "
2666 "seeds, generating new seed and updating descriptors.");
2673 memcpy(pow_state->seed_previous, pow_state->seed_current,
HS_POW_SEED_LEN);
2678 while (
fast_memeq(pow_state->seed_previous, pow_state->seed_current,
2684 pow_state->expiration_time =
2687 HS_SERVICE_POW_SEED_ROTATE_TIME_MAX));
2690 char fmt_next_time[ISO_TIME_LEN + 1];
2692 log_debug(
LD_REND,
"PoW state expiration time set to: %s", fmt_next_time);
2713 } aimd_event = NONE;
2715 if (pow_state->max_trimmed_effort > pow_state->suggested_effort) {
2717 aimd_event = INCREASE;
2718 }
else if (pow_state->had_queue) {
2719 if (smartlist_len(pow_state->rend_request_pqueue) > 0 &&
2722 aimd_event = INCREASE;
2724 }
else if (smartlist_len(pow_state->rend_request_pqueue) <
2725 pow_state->pqueue_low_level) {
2727 aimd_event = DECREASE;
2730 switch (aimd_event) {
2732 if (pow_state->suggested_effort < UINT32_MAX) {
2733 pow_state->suggested_effort =
MAX(pow_state->suggested_effort + 1,
2734 (uint32_t)(pow_state->total_effort /
2735 pow_state->rend_handled));
2739 pow_state->suggested_effort = 2*pow_state->suggested_effort/3;
2747 log_debug(
LD_REND,
"Recalculated suggested effort: %u",
2748 pow_state->suggested_effort);
2751 pow_state->total_effort = 0;
2752 pow_state->rend_handled = 0;
2753 pow_state->max_trimmed_effort = 0;
2754 pow_state->had_queue = 0;
2755 pow_state->next_effort_update = now + HS_UPDATE_PERIOD;
2794 char fmt_time[ISO_TIME_LEN + 1];
2796 log_info(
LD_REND,
"Next descriptor rotation time set to %s for %s",
2836 log_warn(
LD_BUG,
"Service descriptor is NULL (%p/%p). Next rotation "
2837 "time is %ld (now: %ld). Valid after time from "
2897 log_info(
LD_REND,
"Time to rotate our descriptors (%p / %p) for %s",
2898 service->desc_current, service->desc_next,
2899 safe_str_client(service->onion_address));
2902 } FOR_EACH_SERVICE_END;
2919 if (service->state.next_rotation_time == 0) {
2928 if (have_module_pow() && service->config.has_pow_defenses_enabled) {
2943 } FOR_EACH_SERVICE_END;
2966 if (have_module_pow()) {
2985 DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2998 if (ei == NULL && direct_conn) {
2999 direct_conn =
false;
3008 service_intro_point_free(ip);
3013 ip->circuit_retries++;
3015 log_info(
LD_REND,
"Unable to launch intro circuit to node %s "
3021 extend_info_free(ei);
3022 } DIGEST256MAP_FOREACH_END;
3023 } FOR_EACH_DESCRIPTOR_END;
3034 unsigned int count = 0;
3035 unsigned int multiplier = 0;
3036 unsigned int num_wanted_ip;
3040 HS_CONFIG_V3_MAX_INTRO_POINTS);
3044#define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
3046 return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
3066 multiplier += (service->
desc_next) ? 1 : 0;
3068 return (count * multiplier);
3098 log_info(
LD_REND,
"Hidden service %s exceeded its circuit launch limit "
3099 "of %u per %d seconds. It launched %u circuits in "
3100 "the last %ld seconds. Will retry in %ld seconds.",
3105 (
long int) elapsed_time,
3139 } FOR_EACH_SERVICE_END;
3149 char *encoded_desc = NULL;
3157 log_info(
LD_REND,
"Service %s not publishing descriptor. "
3158 "PublishHidServDescriptors is set to 0.",
3166 &encoded_desc) < 0)) {
3180 int is_next_desc = (service->
desc_next == desc);
3181 const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.
store_second:
3183 char *blinded_pubkey_log_str =
3188 log_info(
LD_REND,
"Service %s %s descriptor of revision %" PRIu64
3189 " initiated upload request to %s with index %s (%s)",
3191 (is_next_desc) ?
"next" :
"current",
3194 safe_str_client(
hex_str((
const char *) idx, 32)),
3195 safe_str_client(blinded_pubkey_log_str));
3218 uint64_t rev_counter = 0;
3221 time_t srv_start = 0;
3246 log_info(
LD_REND,
"Setting rev counter for TP #%u: "
3247 "SRV started at %d, now %d (%s)",
3249 (
int)now, is_current ?
"current" :
"next");
3251 tor_assert_nonfatal(now >= srv_start);
3255 time_t seconds_since_start_of_srv = now - srv_start;
3259 seconds_since_start_of_srv++;
3270 (
int) seconds_since_start_of_srv);
3273 tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
3275 log_info(
LD_REND,
"Encrypted revision counter %d to %" PRIu64,
3276 (
int) seconds_since_start_of_srv, rev_counter);
3306 service->
desc_next == desc, 0, responsible_dirs);
3321 } SMARTLIST_FOREACH_END(hsdir_rs);
3330 char fmt_next_time[ISO_TIME_LEN+1];
3332 log_debug(
LD_REND,
"Service %s set to upload a descriptor at %s",
3336 smartlist_free(responsible_dirs);
3346 int should_reupload = 0;
3356 service->
desc_next == desc, 0, responsible_dirs);
3367 should_reupload = 1;
3370 } SMARTLIST_FOREACH_END(hsdir_rs);
3373 smartlist_free(responsible_dirs);
3375 return should_reupload;
3382 LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3383 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3384 LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3385 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3386 LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3391#define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3413 { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3414 RATELIM_INIT(60), RATELIM_INIT(60) },
3415 { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3416 RATELIM_INIT(60), RATELIM_INIT(60) },
3418 bool is_next_desc =
false;
3419 unsigned int rlim_pos = 0;
3435 is_next_desc = (service->
desc_next == desc);
3439 rlim_pos = (is_next_desc ? 1 : 0);
3441 rlim = &limits[rlim_pos][reason];
3444 "Service %s can't upload its %s descriptor: %s",
3446 (is_next_desc) ?
"next" :
"current", msg);
3456 unsigned int num_intro_points, count_ip_established;
3476 msg = tor_strdup(
"Missing intro points");
3478 LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3485 if (count_ip_established != num_intro_points) {
3486 tor_asprintf(&msg,
"Intro circuits aren't yet all established (%d/%d).",
3487 count_ip_established, num_intro_points);
3489 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3495 tor_asprintf(&msg,
"Next upload time is %ld, it is now %ld.",
3498 LOG_DESC_UPLOAD_REASON_NOT_TIME);
3505 msg = tor_strdup(
"No reasonably live consensus");
3507 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3514 msg = tor_strdup(
"Not enough directory information");
3516 LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3579 log_info(
LD_REND,
"Initiating upload for hidden service %s descriptor "
3580 "for service %s with %u/%u introduction points%s.",
3581 (desc == service->desc_current) ?
"current" :
"next",
3582 safe_str_client(service->onion_address),
3583 digest256map_size(desc->intro_points.map),
3584 service->config.num_intro_points,
3585 (desc->missing_intro_points) ?
" (couldn't pick more)" :
"");
3594 } FOR_EACH_DESCRIPTOR_END;
3595 } FOR_EACH_SERVICE_END;
3613 if (BUG(!circ->
cpath)) {
3626 if (service == NULL) {
3627 log_warn(
LD_REND,
"Unknown service identity key %s on the introduction "
3628 "circuit %u. Can't find onion service.",
3634 log_warn(
LD_REND,
"Unknown introduction point auth key on circuit %u "
3647 service_intro_point_free(ip);
3654 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3674 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3679 if (service == NULL) {
3680 log_warn(
LD_REND,
"Unknown service identity key %s on the rendezvous "
3681 "circuit %u with cookie %s. Can't find onion service.",
3709 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3719 const uint8_t *payload,
3733 if (service == NULL) {
3734 log_warn(
LD_REND,
"Unknown service identity key %s on the introduction "
3735 "circuit %u. Can't find onion service.",
3742 log_warn(
LD_REND,
"Introduction circuit established without an intro "
3743 "point object on circuit %u for service %s",
3765 log_info(
LD_REND,
"Successfully received an INTRO_ESTABLISHED cell "
3766 "on circuit %u for service %s",
3793 if (service == NULL) {
3794 log_warn(
LD_BUG,
"Unknown service identity key %s when handling "
3795 "an INTRODUCE2 cell on circuit %u",
3802 log_warn(
LD_BUG,
"Unknown introduction auth key when handling "
3803 "an INTRODUCE2 cell on circuit %u for service %s",
3808 HS_METRICS_ERR_INTRO_REQ_BAD_AUTH_KEY);
3817 payload, payload_len) < 0) {
3835 char fname[128] = {0};
3845 tor_snprintf(fname,
sizeof(fname),
"%s_secret_key", fname_keyfile_prefix);
3847 tor_snprintf(fname,
sizeof(fname),
"%s_public_key", fname_keyfile_prefix);
3869 ed25519_keypair_free(kp);
3884 const uint8_t *descriptor_cookie = NULL;
3897 descriptor_cookie, encoded_out);
3909hs_service_non_anonymous_mode_consistent(
const or_options_t *options)
3913 !! options->HiddenServiceNonAnonymousMode);
3922hs_service_allow_non_anonymous_connection(
const or_options_t *options)
3924 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3936hs_service_reveal_startup_time(
const or_options_t *options)
3938 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3939 return hs_service_non_anonymous_mode_enabled(options);
3948hs_service_non_anonymous_mode_enabled(
const or_options_t *options)
3950 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3951 return options->HiddenServiceNonAnonymousMode ? 1 : 0;
3967 &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3973 &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
4013 desc->desc->encrypted_data.sendme_inc != current_sendme_inc) {
4018 } FOR_EACH_DESCRIPTOR_END;
4019 } FOR_EACH_SERVICE_END;
4032 const uint8_t version,
4037 char version_str[4] = {0};
4047 memset(&ident, 0,
sizeof(ident));
4052 tor_snprintf(version_str,
sizeof(version_str),
"%u", version);
4060 strlen(encoded_desc));
4067 directory_request_free(dir_req);
4081 int max_streams_per_rdv_circuit,
4082 int max_streams_close_circuit,
4107 log_warn(
LD_CONFIG,
"Unable to generate ed25519 public key"
4114 log_warn(
LD_CONFIG,
"Bad ed25519 private key was provided");
4121 log_warn(
LD_CONFIG,
"At least one VIRTPORT/TARGET must be specified "
4127 if (auth_clients_v3) {
4134 smartlist_free(auth_clients_v3);
4146 log_warn(
LD_CONFIG,
"Onion Service private key collides with an "
4147 "existing v3 service.");
4152 log_info(
LD_CONFIG,
"Added ephemeral v3 onion service: %s",
4180 log_warn(
LD_CONFIG,
"Requested malformed v3 onion address for removal.");
4185 log_warn(
LD_CONFIG,
"Requested version of onion address for removal "
4186 "is not supported.");
4191 if (service == NULL) {
4192 log_warn(
LD_CONFIG,
"Requested non-existent v3 hidden service for "
4198 log_warn(
LD_CONFIG,
"Requested non-ephemeral v3 hidden service for "
4210 log_info(
LD_CONFIG,
"Removed ephemeral v3 hidden service: %s",
4211 safe_str_client(address));
4230 char *encoded_desc = NULL;
4238 return encoded_desc;
4274 if (service == NULL) {
4275 log_warn(
LD_REND,
"Unable to find any hidden service associated "
4276 "identity key %s on rendezvous circuit %u.",
4291#define MAX_STREAM_WARN_INTERVAL 600
4292 static struct ratelim_t stream_ratelim =
4293 RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
4295 "Maximum streams per circuit limit reached on "
4296 "rendezvous circuit %u for service %s. Circuit has "
4297 "%" PRIu64
" out of %" PRIu64
" streams. %s.",
4303 "Closing circuit" :
"Ignoring open stream request");
4316 log_info(
LD_REND,
"No virtual port mapping exists for port %d for "
4317 "hidden service %s.",
4365 if (service->config.is_ephemeral) {
4371 } FOR_EACH_DESCRIPTOR_END;
4384 static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
4386 "New dirinfo arrived: consider reuploading descriptor");
4404 log_warn(
LD_PROTOCOL,
"Received an INTRODUCE2 cell on a "
4405 "non introduction circuit of purpose %d",
4424 const uint8_t *payload,
4433 log_warn(
LD_PROTOCOL,
"Received an INTRO_ESTABLISHED cell on a "
4434 "non introduction circuit of purpose %d",
4448 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4482 const char *directory_path;
4508 if (service->config.is_ephemeral) {
4511 log_info(
LD_REND,
"Loading v3 onion service keys from %s",
4516 } SMARTLIST_FOREACH_END(service);
4543 DIGEST256MAP_FOREACH(desc->intro_points.map, key,
4545 const node_t *intro_node;
4546 const char *nickname;
4567 } DIGEST256MAP_FOREACH_END;
4569 } FOR_EACH_DESCRIPTOR_END;
4570 } FOR_EACH_SERVICE_END;
4599 } FOR_EACH_SERVICE_END;
4642 if (service == NULL) {
4648 service_descriptor_free(desc);
4649 } FOR_EACH_DESCRIPTOR_END;
4663 if (service->
state.ob_subcreds) {
4721#ifdef TOR_UNIT_TESTS
4725get_hs_service_map_size(
void)
4732get_hs_service_staging_list_size(
void)
4738get_hs_service_map(
void)
4744get_first_service(
void)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
const char * hex_str(const char *from, size_t fromlen)
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void pathbias_count_use_attempt(origin_circuit_t *circ)
Header file for circuitbuild.c.
const char * circuit_state_to_string(int state)
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_S_CONNECT_REND
#define CIRCUIT_PURPOSE_S_INTRO
#define CIRCUIT_IS_ORIGIN(c)
#define CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Header file for circuituse.c.
Functions and types for monotonic times.
const or_options_t * get_options(void)
Header file for config.c.
Public APIs for congestion control.
static uint8_t congestion_control_sendme_inc(void)
Header file for connection.c.
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
#define BASE64_DIGEST_LEN
#define crypto_digest_free(d)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
crypto_ope_t * crypto_ope_new(const uint8_t *key)
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
void crypto_rand(char *to, size_t n)
void smartlist_shuffle(smartlist_t *sl)
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Common functions for using (pseudo-)random number generators.
int crypto_rand_int_range(unsigned int min, unsigned int max)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
crypto_pk_t * crypto_pk_new(void)
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
const char * node_describe(const node_t *node)
Header file for describe.c.
int tor_memcmp(const void *a, const void *b, size_t len)
#define fast_memeq(a, b, c)
smartlist_t * tor_listdir(const char *dirname)
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
void directory_initiate_request(directory_request_t *request)
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
directory_request_t * directory_request_new(uint8_t dir_purpose)
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Header file for dirclient.c.
struct directory_request_t directory_request_t
dir_connection_t * TO_DIR_CONN(connection_t *c)
Header file for directory.c.
#define DIR_PURPOSE_UPLOAD_HSDESC
Edge-connection structure.
const char * escaped(const char *s)
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect, bool for_exit)
Header for core/or/extendinfo.c.
int write_str_to_file_if_not_equal(const char *fname, const char *str)
int top_of_rend_pqueue_is_worthwhile(hs_pow_service_state_t *pow_state)
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
void hs_circ_retry_service_rendezvous_point(const origin_circuit_t *circ)
Header file containing circuit data for the whole HS subsystem.
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
uint64_t hs_get_time_period_num(time_t now)
uint64_t hs_get_next_time_period_num(time_t now)
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
uint64_t hs_get_previous_time_period_num(time_t now)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
char * hs_path_from_filename(const char *directory, const char *filename)
Header file containing common data for the whole HS subsystem.
#define NUM_INTRO_POINTS_DEFAULT
hs_service_add_ephemeral_status_t
#define NUM_INTRO_POINTS_EXTRA
#define INTRO_CIRC_RETRY_PERIOD
void hs_config_free_all(void)
Header file containing configuration ABI/API for the HS subsystem.
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Header file containing control port event related code.
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
Header file for hs_descriptor.c.
#define HS_DESC_AUTH_CLIENT_MULTIPLE
#define HS_DESC_DEFAULT_LIFETIME
#define HS_DESC_CERT_LIFETIME
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Header file containing circuit and connection identifier data for the whole HS subsystem.
void hs_intropoint_clear(hs_intropoint_t *ip)
Header file for hs_intropoint.c.
void hs_metrics_service_free(hs_service_t *service)
void hs_metrics_service_init(hs_service_t *service)
Header for feature/hs/hs_metrics.c.
#define hs_metrics_new_established_rdv(s)
#define hs_metrics_new_established_intro(s)
#define hs_metrics_new_introduction(s)
#define hs_metrics_rdv_circ_build_time(s, obs)
#define hs_metrics_close_established_rdv(i)
#define hs_metrics_intro_circ_build_time(s, obs)
#define hs_metrics_close_established_intro(i)
#define hs_metrics_reject_intro_req(s, reason)
#define hs_metrics_pow_suggested_effort(s, n)
Header for feature/hs/hs_metrics_entry.c.
void hs_ob_refresh_keys(hs_service_t *service)
Header file for the specific code for onion balance.
void hs_pow_remove_seed_from_cache(const uint8_t *seed_head)
void hs_pow_free_service_state(hs_pow_service_state_t *state)
#define HS_POW_SEED_HEAD_LEN
static unsigned int hs_service_ht_hash(const hs_service_t *service)
static smartlist_t * hs_service_staging_list
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, smartlist_t *auth_clients_v3, char **address_out)
static void update_suggested_effort(hs_service_t *service, time_t now)
static int load_client_keys(hs_service_t *service)
STATIC void service_clear_config(hs_service_config_t *config)
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
void hs_service_stage_services(const smartlist_t *service_list)
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
void hs_service_init(void)
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void close_service_circuits(hs_service_t *service)
static int ht_free_service_(struct hs_service_t *service, void *data)
static int32_t get_intro_point_min_lifetime(void)
static void close_service_intro_circuits(hs_service_t *service)
static const char * service_escaped_dir(const hs_service_t *s)
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
static void register_all_services(void)
static void initialize_pow_defenses(hs_service_t *service)
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void close_service_rp_circuits(hs_service_t *service)
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
void hs_service_circuit_has_opened(origin_circuit_t *circ)
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
unsigned int hs_service_get_num_services(void)
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
void service_authorized_client_free_(hs_service_authorized_client_t *client)
static void service_intro_point_free_void(void *obj)
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
static void run_build_circuit_event(time_t now)
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC void run_upload_descriptor_event(time_t now)
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
smartlist_t * hs_service_get_metrics_stores(void)
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC void build_all_descriptors(time_t now)
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
static void log_cant_upload_desc(const hs_service_t *service, const hs_service_descriptor_t *desc, const char *msg, const log_desc_upload_reason_t reason)
static struct hs_service_ht * hs_service_map
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
STATIC int client_filename_is_valid(const char *filename)
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
#define FOR_EACH_SERVICE_BEGIN(var)
static int service_key_on_disk(const char *directory_path)
static int compare_service_authorzized_client_(const void **_a, const void **_b)
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
static int load_service_keys(hs_service_t *service)
static int32_t get_intro_point_max_introduce2(void)
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
static void service_free_all(void)
static void rotate_service_descriptors(hs_service_t *service)
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
void hs_service_free_all(void)
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
static int32_t get_intro_point_min_introduce2(void)
static void run_build_descriptor_event(time_t now)
static void service_intro_circ_has_opened(origin_circuit_t *circ)
STATIC void rotate_all_descriptors(time_t now)
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
void hs_service_dir_info_changed(void)
void hs_service_free_(hs_service_t *service)
int hs_service_del_ephemeral(const char *address)
STATIC void update_all_descriptors_intro_points(time_t now)
int hs_service_get_version_from_key(const hs_service_t *service)
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void pow_housekeeping(hs_service_t *service, time_t now)
void hs_service_new_consensus_params(const networkstatus_t *ns)
void hs_service_run_scheduled_events(time_t now)
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
static int32_t get_intro_point_num_extra(void)
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
#define LOG_DESC_UPLOAD_REASON_MAX
static void launch_intro_point_circuits(hs_service_t *service)
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
hs_service_authorized_client_t * parse_authorized_client_key(const char *key_str, int severity)
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
void hs_service_map_has_changed(void)
hs_service_t * hs_service_find(const ed25519_public_key_t *identity_pk)
static void rotate_pow_seeds(hs_service_t *service, time_t now)
void hs_service_dump_stats(int severity)
static void set_rotation_time(hs_service_t *service)
static int consider_republishing_hs_descriptors
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
hs_service_t * hs_service_new(const or_options_t *options)
static int32_t get_intro_point_max_lifetime(void)
int hs_service_load_all_keys(void)
STATIC void run_housekeeping_event(time_t now)
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
static void cleanup_intro_points(hs_service_t *service, time_t now)
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
static bool is_client_auth_enabled(const hs_service_t *service)
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
static void update_all_descriptors_pow_params(time_t now)
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Header file containing service data for the HS subsystem.
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
#define HS_SERVICE_POW_SEED_ROTATE_TIME_MIN
#define HS_SERVICE_DEFAULT_VERSION
@ HS_CIRCUIT_ID_PROTOCOL_NONE
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
#define hs_service_free(s)
void hs_stats_note_introduce2_cell(void)
Header file for hs_stats.c.
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Header file for loadkey.c.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
#define log_fn(severity, domain, args,...)
#define log_fn_ratelim(ratelim, severity, domain, args,...)
int have_completed_a_circuit(void)
void rescan_periodic_events(const or_options_t *options)
Header file for mainloop.c.
void tor_free_(void *mem)
#define MAP_DEL_CURRENT(keyvar)
#define DIGESTMAP_FOREACH_END
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
int usable_consensus_flavor(void)
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
Networkstatus consensus/vote structure.
Header file for nickname.c.
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Header file for node_select.c.
Node information structure.
bool node_supports_establish_intro_dos_extension(const node_t *node)
const node_t * node_get_by_id(const char *identity_digest)
const char * node_get_nickname(const node_t *node)
consensus_path_type_t router_have_consensus_path(void)
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
int router_have_minimum_dir_info(void)
bool node_supports_ed25519_hs_intro(const node_t *node)
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define INTRO_POINT_LIFETIME_MAX_SECONDS
#define INTRO_POINT_LIFETIME_MIN_SECONDS
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
#define REND_REPLAY_TIME_INTERVAL
The or_state_t structure, which represents Tor's state file.
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
int tor_snprintf(char *str, size_t size, const char *format,...)
char * rate_limit_log(ratelim_t *lim, time_t now)
replaycache_t * replaycache_new(time_t horizon, time_t interval)
#define replaycache_free(r)
Routerstatus (consensus entry) structure.
time_t sr_state_get_start_time_of_previous_protocol_run(void)
unsigned int sr_state_get_protocol_run_duration(void)
time_t sr_state_get_start_time_of_current_protocol_run(void)
Header file for shared_random_client.c.
int smartlist_contains_string(const smartlist_t *sl, const char *element)
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
uint8_t seckey[ED25519_SECKEY_LEN]
smartlist_t * intro_auth_types
hs_pow_desc_params_t * pow_params
unsigned int single_onion_service
smartlist_t * intro_points
unsigned int create2_ntor
struct hs_desc_intro_point_t::@22::@23 cert
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * enc_key_cert
tor_cert_t * auth_key_cert
struct hs_desc_intro_point_t::@22 legacy
smartlist_t * link_specifiers
uint64_t revision_counter
tor_cert_t * signing_key_cert
ed25519_public_key_t signing_pubkey
ed25519_public_key_t blinded_pubkey