9#define HS_SERVICE_PRIVATE
22#include "feature/client/circpathbias.h"
65#include "trunnel/ed25519_cert.h"
66#include "trunnel/hs/cell_establish_intro.h"
78#define FOR_EACH_SERVICE_BEGIN(var) \
80 hs_service_t **var##_iter, *var; \
81 HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
83#define FOR_EACH_SERVICE_END } STMT_END ;
88#define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
90 hs_service_descriptor_t *var; \
91 for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
92 ++var ## _loop_idx) { \
93 (var ## _loop_idx == 0) ? (var = service->desc_current) : \
94 (var = service->desc_next); \
95 if (var == NULL) continue;
96#define FOR_EACH_DESCRIPTOR_END } STMT_END ;
100static const char fname_keyfile_prefix[] =
"hs_ed25519";
101static const char dname_client_pubkeys[] =
"authorized_clients";
102static const char fname_hostname[] =
"hostname";
103static const char address_tld[] =
"onion";
119 time_t now,
bool is_current);
142static inline unsigned int
162HT_GENERATE2(hs_service_ht,
hs_service_t, hs_service_node,
183 memset(&dummy_service, 0,
sizeof(dummy_service));
185 return HT_FIND(hs_service_ht, map, &dummy_service);
203 HT_INSERT(hs_service_ht, map, service);
227 if (BUG(service == NULL) ||
232 elm = HT_REMOVE(hs_service_ht, map, service);
236 log_warn(
LD_BUG,
"Could not find service in the global map "
237 "while removing service %s",
264 c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
265 c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
280 pow_state->pop_pqueue_ev = NULL;
285 pow_state->pqueue_low_level = 16;
286 pow_state->pqueue_high_level = 16384;
288 if (service->
config.pow_queue_rate > 0 &&
289 service->
config.pow_queue_burst >= service->
config.pow_queue_rate) {
290 pow_state->using_pqueue_bucket = 1;
292 service->
config.pow_queue_rate,
293 service->
config.pow_queue_burst,
294 (uint32_t) monotime_coarse_absolute_sec());
296 pow_state->pqueue_low_level =
MAX(8, service->
config.pow_queue_rate / 4);
297 pow_state->pqueue_high_level =
298 service->
config.pow_queue_burst +
304 pow_state->suggested_effort = 0;
305 pow_state->rend_handled = 0;
306 pow_state->total_effort = 0;
307 pow_state->next_effort_update = (time(NULL) + HS_UPDATE_PERIOD);
313 log_info(
LD_REND,
"Generating both PoW seeds...");
317 pow_state->expiration_time =
320 HS_SERVICE_POW_SEED_ROTATE_TIME_MAX));
328 if (config == NULL) {
334 hs_port_config_free(p););
335 smartlist_free(config->
ports);
339 service_authorized_client_free(p));
340 smartlist_free(config->
clients);
347 memset(config, 0,
sizeof(*config));
361 const char *legacy_id = NULL;
364 const link_specifier_t *, lspec) {
365 if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
366 legacy_id = (
const char *)
367 link_specifier_getconstarray_un_legacy_id(lspec);
370 } SMARTLIST_FOREACH_END(lspec);
404 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
513 ip = tor_malloc_zero(
sizeof(*ip));
521 if (BUG(max_introduce2_cells < min_introduce2_cells)) {
525 max_introduce2_cells);
530 if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
554 if (crypto_pk_generate_key(ip->
legacy_key) < 0) {
574 service_intro_point_free(ip);
589 old_ip_entry = digest256map_set(map, ip->
auth_key_kp.pubkey.pubkey, ip);
591 tor_assert_nonfatal(!old_ip_entry);
607 digest256map_remove(desc->intro_points.map,
609 } FOR_EACH_DESCRIPTOR_END;
634 if ((ip = digest256map_get(desc->intro_points.map,
635 auth_key->pubkey)) != NULL) {
638 } FOR_EACH_DESCRIPTOR_END;
655 if (digest256map_get(desc->intro_points.map,
660 } FOR_EACH_DESCRIPTOR_END;
693 if (s && ip && *ip && desc) {
702static link_specifier_t *
705 link_specifier_t *lnk_spec = NULL;
710 link_specifier_t *, ls) {
711 if (link_specifier_get_ls_type(ls) == type) {
715 } SMARTLIST_FOREACH_END(ls);
727 const link_specifier_t *ls;
737 (
const char *) link_specifier_getconstarray_un_legacy_id(ls));
746 unsigned int direct_conn)
774 unsigned int count = 0;
781 } DIGEST256MAP_FOREACH_END;
792 unsigned int count = 0;
807 connection_mark_for_close(conn);
811 } SMARTLIST_FOREACH_END(conn);
813 log_info(
LD_REND,
"Closed %u active service directory connections for "
814 "descriptor %s of service %s",
818 smartlist_free(dir_conns);
846 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
857 DIGEST256MAP_FOREACH(intro_points->
map, key,
864 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
866 } DIGEST256MAP_FOREACH_END;
877 } FOR_EACH_DESCRIPTOR_END;
909 for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
913 next = HT_NEXT(hs_service_ht, src, iter);
918 next = HT_NEXT_RMV(hs_service_ht, src, iter);
920 log_warn(
LD_BUG,
"Ephemeral service key is already being used. "
960 if (src->ob_subcreds) {
961 dst->ob_subcreds = src->ob_subcreds;
962 dst->n_ob_subcreds = src->n_ob_subcreds;
964 src->ob_subcreds = NULL;
974 struct hs_service_ht *new_service_map;
979 new_service_map = tor_malloc_zero(
sizeof(*new_service_map));
980 HT_INIT(hs_service_ht, new_service_map);
1011 log_warn(
LD_BUG,
"Unable to register service with directory %s",
1016 } SMARTLIST_FOREACH_END(snew);
1022 } FOR_EACH_SERVICE_END;
1043 char *addr_buf = NULL;
1054 log_warn(
LD_REND,
"Could not write onion address to hostname file %s",
1062 if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1063 log_warn(
LD_FS,
"Unable to make onion service hostname file %s "
1064 "group-readable.",
escaped(fname));
1091 config = &service->
config;
1110 log_info(
LD_REND,
"Unable to load keys from %s. Generating it...", fname);
1113 uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1118 log_warn(
LD_REND,
"Unable to generate keys and save in %s.", fname);
1128 ed25519_keypair_free(kp);
1159 const char *valid_extension =
".auth";
1165 if (!
strcmpend(filename, valid_extension) &&
1166 strlen(filename) != strlen(valid_extension)) {
1188 log_fn(severity,
LD_REND,
"Client authorization encoded base32 public key "
1189 "length is invalid: %s", key_str);
1196 key_str, strlen(key_str)) !=
1198 log_fn(severity,
LD_REND,
"Client authorization public key cannot be "
1199 "decoded: %s", key_str);
1206 if (client != NULL) {
1207 service_authorized_client_free(client);
1224 char *auth_type = NULL;
1225 char *key_type = NULL;
1226 char *pubkey_b32 = NULL;
1233 SPLIT_SKIP_SPACE, 0);
1235 if (smartlist_len(fields) != 3) {
1236 log_warn(
LD_REND,
"Unknown format of client authorization file.");
1240 auth_type = smartlist_get(fields, 0);
1241 key_type = smartlist_get(fields, 1);
1242 pubkey_b32 = smartlist_get(fields, 2);
1245 if (strcmp(auth_type,
"descriptor")) {
1246 log_warn(
LD_REND,
"Client authorization auth type '%s' not supported.",
1252 if (strcmp(key_type,
"x25519")) {
1253 log_warn(
LD_REND,
"Client authorization key type '%s' not supported.",
1266 service_authorized_client_free(client);
1270 memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1274 smartlist_free(fields);
1284 char *client_key_str = NULL;
1285 char *client_key_file_path = NULL;
1286 char *client_keys_dir_path = NULL;
1292 config = &service->
config;
1298 dname_client_pubkeys);
1300 client_keys_dir_path,
1308 service_authorized_client_free(p));
1309 smartlist_free(config->
clients);
1315 if (file_list == NULL) {
1316 log_warn(
LD_REND,
"Client authorization directory %s can't be listed.",
1317 client_keys_dir_path);
1323 log_info(
LD_REND,
"Loading a client authorization key file %s...",
1327 log_warn(
LD_REND,
"Client authorization unrecognized filename %s. "
1328 "File must end in .auth. Ignoring.", filename);
1335 client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1338 if (!client_key_str) {
1339 log_warn(
LD_REND,
"Client authorization file %s can't be read. "
1340 "Corrupted or verify permission? Ignoring.",
1341 client_key_file_path);
1349 memwipe(client_key_str, 0, strlen(client_key_str));
1354 log_info(
LD_REND,
"Loaded a client authorization key file %s.",
1358 } SMARTLIST_FOREACH_END(filename);
1363 if (client_key_str) {
1364 memwipe(client_key_str, 0, strlen(client_key_str));
1368 smartlist_free(file_list);
1394 hs_descriptor_free(desc->
desc);
1432 memcpy(client_dup->
client_pk.public_key,
1482 if (smartlist_len(config1->
clients) != smartlist_len(config2->
clients)) {
1499 for (i = 0; i < smartlist_len(sl1); i++) {
1503 smartlist_get(sl2, i))) {
1514 service_authorized_client_free(p));
1515 smartlist_free(sl1);
1519 service_authorized_client_free(p));
1520 smartlist_free(sl2);
1546 service_descriptor_free(dst->
desc_next);
1554 int client_auth_changed =
1565 if (client_auth_changed && dst->
desc_next) {
1581 service_descriptor_free(dst->
desc_next);
1594 time_t failure_time = *t;
1600 } FOR_EACH_DESCRIPTOR_END;
1628 time_t *time_of_failure, *prev_ptr;
1629 const link_specifier_t *legacy_ls;
1634 time_of_failure = tor_malloc_zero(
sizeof(time_t));
1635 *time_of_failure = now;
1638 prev_ptr = digestmap_set(
1640 (
const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1656 time_t nearest_hour = now - (now % 3600);
1667 CERT_TYPE_AUTH_HS_IP_KEY,
1671 CERT_FLAG_INCLUDE_SIGNING_KEY);
1673 log_warn(
LD_REND,
"Unable to create intro point auth-key certificate");
1679 const link_specifier_t *, ls) {
1688 } SMARTLIST_FOREACH_END(ls);
1695 &signing_kp->pubkey,
1700 log_warn(
LD_REND,
"Unable to create enc key legacy cross cert.");
1718 CERT_TYPE_CROSS_HS_IP_KEYS,
1719 &ed25519_pubkey, nearest_hour,
1721 CERT_FLAG_INCLUDE_SIGNING_KEY);
1723 log_warn(
LD_REND,
"Unable to create enc key curve25519 cross cert.");
1766 hs_desc_intro_point_free(desc_ip);
1771 } DIGEST256MAP_FOREACH_END;
1793 CERT_FLAG_INCLUDE_SIGNING_KEY);
1848 config = &service->
config;
1884 } SMARTLIST_FOREACH_END(client);
1891 int num_clients = smartlist_len(superencrypted->
clients);
1892 int num_clients_to_add;
1893 if (num_clients == 0) {
1896 num_clients_to_add = 0;
1898 num_clients_to_add =
1903 for (i = 0; i < num_clients_to_add; i++) {
1956 const char ope_key_prefix[] =
"rev-counter-generation";
1960 sizeof(eph_privkey->
seckey));
2003 log_warn(
LD_REND,
"Can't generate descriptor signing keypair for "
2012 log_warn(
LD_REND,
"Can't generate auth ephemeral keypair for "
2070 &encoded_desc) < 0)) {
2089 service_descriptor_free(desc);
2097 uint64_t current_desc_tp, next_desc_tp;
2137 log_info(
LD_REND,
"Hidden service %s has just started. Both descriptors "
2138 "built. Now scheduled for upload.",
2151 if (service->desc_current == NULL && service->desc_next == NULL) {
2161 if (BUG(service->desc_current == NULL)) {
2165 if (service->desc_next == NULL) {
2167 &service->desc_next);
2168 log_info(
LD_REND,
"Hidden service %s next descriptor successfully "
2169 "built. Now scheduled for upload.",
2170 safe_str_client(service->onion_address));
2172 } FOR_EACH_DESCRIPTOR_END;
2201 direct_conn ? direct_flags : flags);
2205 if (direct_conn && !node) {
2207 "Unable to find an intro point that we can connect to "
2208 "directly, falling back to a 3-hop path.");
2232 service_intro_point_free(ip);
2243 int i = 0, num_needed_ip;
2252 if (BUG(num_needed_ip < 0)) {
2279 } DIGEST256MAP_FOREACH_END;
2284 for (i = 0; i < num_needed_ip; i++) {
2294 log_info(
LD_REND,
"Unable to find a suitable node to be an "
2295 "introduction point for service %s.",
2319 smartlist_free(exclude_nodes);
2356 int descriptor_changed)
2363 if (descriptor_changed) {
2373 unsigned int num_intro_points;
2382 if (num_intro_points < service->config.num_intro_points) {
2385 if (num_new_intro_points != 0) {
2386 log_info(
LD_REND,
"Service %s just picked %u intro points and wanted "
2387 "%u for %s descriptor. It currently has %d intro "
2388 "points. Launching ESTABLISH_INTRO circuit shortly.",
2390 num_new_intro_points,
2402 if ((num_new_intro_points + num_intro_points) <
2420 } FOR_EACH_DESCRIPTOR_END;
2421 } FOR_EACH_SERVICE_END;
2431 int descs_updated = 0;
2434 uint32_t previous_effort;
2440 if (!service->config.has_pow_defenses_enabled &&
2441 desc->desc->encrypted_data.pow_params) {
2442 log_info(
LD_REND,
"PoW defenses have been disabled, clearing "
2443 "pow_params from a descriptor.");
2444 tor_free(desc->desc->encrypted_data.pow_params);
2449 } FOR_EACH_DESCRIPTOR_END;
2453 if (!service->config.has_pow_defenses_enabled) {
2458 encrypted = &desc->desc->encrypted_data;
2463 log_info(
LD_REND,
"Initializing pow_params in descriptor...");
2471 pow_state->expiration_time) {
2483 if (pow_state->suggested_effort < previous_effort * 0.85 ||
2484 previous_effort * 1.15 < pow_state->suggested_effort) {
2485 log_info(
LD_REND,
"Suggested effort changed significantly, "
2486 "updating descriptors...");
2489 }
else if (previous_effort != pow_state->suggested_effort) {
2493 log_info(
LD_REND,
"Change in suggested effort didn't warrant "
2494 "updating descriptors.");
2496 } FOR_EACH_DESCRIPTOR_END;
2498 if (descs_updated) {
2501 } FOR_EACH_DESCRIPTOR_END;
2503 } FOR_EACH_SERVICE_END;
2554 if (has_no_node || has_expired) {
2571 ret = has_no_retries;
2576 log_info(
LD_REND,
"Intro point %s%s (retried: %u times). "
2579 has_expired ?
" has expired" :
2580 (has_no_node) ?
" fell off the consensus" :
"",
2608 DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2622 } DIGEST256MAP_FOREACH_END;
2623 } FOR_EACH_DESCRIPTOR_END;
2636 if (ocirc && !
TO_CIRCUIT(ocirc)->marked_for_close) {
2637 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2641 service_intro_point_free(ip);
2642 } SMARTLIST_FOREACH_END(ip);
2644 smartlist_free(ips_to_free);
2655 "Current seed expired. Scrubbing replay cache, rotating PoW "
2656 "seeds, generating new seed and updating descriptors.");
2663 memcpy(pow_state->seed_previous, pow_state->seed_current,
HS_POW_SEED_LEN);
2668 while (
fast_memeq(pow_state->seed_previous, pow_state->seed_current,
2674 pow_state->expiration_time =
2677 HS_SERVICE_POW_SEED_ROTATE_TIME_MAX));
2680 char fmt_next_time[ISO_TIME_LEN + 1];
2682 log_debug(
LD_REND,
"PoW state expiration time set to: %s", fmt_next_time);
2703 } aimd_event = NONE;
2705 if (pow_state->max_trimmed_effort > pow_state->suggested_effort) {
2707 aimd_event = INCREASE;
2708 }
else if (pow_state->had_queue) {
2709 if (smartlist_len(pow_state->rend_request_pqueue) > 0 &&
2712 aimd_event = INCREASE;
2714 }
else if (smartlist_len(pow_state->rend_request_pqueue) <
2715 pow_state->pqueue_low_level) {
2717 aimd_event = DECREASE;
2720 switch (aimd_event) {
2722 if (pow_state->suggested_effort < UINT32_MAX) {
2723 pow_state->suggested_effort =
MAX(pow_state->suggested_effort + 1,
2724 (uint32_t)(pow_state->total_effort /
2725 pow_state->rend_handled));
2729 pow_state->suggested_effort = 2*pow_state->suggested_effort/3;
2737 log_debug(
LD_REND,
"Recalculated suggested effort: %u",
2738 pow_state->suggested_effort);
2741 pow_state->total_effort = 0;
2742 pow_state->rend_handled = 0;
2743 pow_state->max_trimmed_effort = 0;
2744 pow_state->had_queue = 0;
2745 pow_state->next_effort_update = now + HS_UPDATE_PERIOD;
2784 char fmt_time[ISO_TIME_LEN + 1];
2786 log_info(
LD_REND,
"Next descriptor rotation time set to %s for %s",
2826 log_warn(
LD_BUG,
"Service descriptor is NULL (%p/%p). Next rotation "
2827 "time is %ld (now: %ld). Valid after time from "
2887 log_info(
LD_REND,
"Time to rotate our descriptors (%p / %p) for %s",
2888 service->desc_current, service->desc_next,
2889 safe_str_client(service->onion_address));
2892 } FOR_EACH_SERVICE_END;
2909 if (service->state.next_rotation_time == 0) {
2918 if (have_module_pow() && service->config.has_pow_defenses_enabled) {
2933 } FOR_EACH_SERVICE_END;
2956 if (have_module_pow()) {
2975 DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2988 if (ei == NULL && direct_conn) {
2989 direct_conn =
false;
2998 service_intro_point_free(ip);
3003 ip->circuit_retries++;
3005 log_info(
LD_REND,
"Unable to launch intro circuit to node %s "
3011 extend_info_free(ei);
3012 } DIGEST256MAP_FOREACH_END;
3013 } FOR_EACH_DESCRIPTOR_END;
3024 unsigned int count = 0;
3025 unsigned int multiplier = 0;
3026 unsigned int num_wanted_ip;
3030 HS_CONFIG_V3_MAX_INTRO_POINTS);
3049 multiplier += (service->
desc_next) ? 1 : 0;
3051 return (count * multiplier);
3081 log_info(
LD_REND,
"Hidden service %s exceeded its circuit launch limit "
3082 "of %u per %d seconds. It launched %u circuits in "
3083 "the last %ld seconds. Will retry in %ld seconds.",
3088 (
long int) elapsed_time,
3122 } FOR_EACH_SERVICE_END;
3132 char *encoded_desc = NULL;
3140 log_info(
LD_REND,
"Service %s not publishing descriptor. "
3141 "PublishHidServDescriptors is set to 0.",
3149 &encoded_desc) < 0)) {
3163 int is_next_desc = (service->
desc_next == desc);
3164 const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.
store_second:
3166 char *blinded_pubkey_log_str =
3171 log_info(
LD_REND,
"Service %s %s descriptor of revision %" PRIu64
3172 " initiated upload request to %s with index %s (%s)",
3174 (is_next_desc) ?
"next" :
"current",
3177 safe_str_client(
hex_str((
const char *) idx, 32)),
3178 safe_str_client(blinded_pubkey_log_str));
3201 uint64_t rev_counter = 0;
3204 time_t srv_start = 0;
3229 log_info(
LD_REND,
"Setting rev counter for TP #%u: "
3230 "SRV started at %d, now %d (%s)",
3232 (
int)now, is_current ?
"current" :
"next");
3234 tor_assert_nonfatal(now >= srv_start);
3238 time_t seconds_since_start_of_srv = now - srv_start;
3242 seconds_since_start_of_srv++;
3253 (
int) seconds_since_start_of_srv);
3256 tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
3258 log_info(
LD_REND,
"Encrypted revision counter %d to %" PRIu64,
3259 (
int) seconds_since_start_of_srv, rev_counter);
3289 service->
desc_next == desc, 0, responsible_dirs);
3304 } SMARTLIST_FOREACH_END(hsdir_rs);
3313 char fmt_next_time[ISO_TIME_LEN+1];
3315 log_debug(
LD_REND,
"Service %s set to upload a descriptor at %s",
3319 smartlist_free(responsible_dirs);
3329 int should_reupload = 0;
3339 service->
desc_next == desc, 0, responsible_dirs);
3350 should_reupload = 1;
3353 } SMARTLIST_FOREACH_END(hsdir_rs);
3356 smartlist_free(responsible_dirs);
3358 return should_reupload;
3365 LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3366 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3367 LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3368 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3369 LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3374#define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3396 { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3397 RATELIM_INIT(60), RATELIM_INIT(60) },
3398 { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3399 RATELIM_INIT(60), RATELIM_INIT(60) },
3401 bool is_next_desc =
false;
3402 unsigned int rlim_pos = 0;
3418 is_next_desc = (service->
desc_next == desc);
3422 rlim_pos = (is_next_desc ? 1 : 0);
3424 rlim = &limits[rlim_pos][reason];
3427 "Service %s can't upload its %s descriptor: %s",
3429 (is_next_desc) ?
"next" :
"current", msg);
3439 unsigned int num_intro_points, count_ip_established;
3459 msg = tor_strdup(
"Missing intro points");
3461 LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3468 if (count_ip_established != num_intro_points) {
3469 tor_asprintf(&msg,
"Intro circuits aren't yet all established (%d/%d).",
3470 count_ip_established, num_intro_points);
3472 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3478 tor_asprintf(&msg,
"Next upload time is %ld, it is now %ld.",
3481 LOG_DESC_UPLOAD_REASON_NOT_TIME);
3488 msg = tor_strdup(
"No reasonably live consensus");
3490 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3497 msg = tor_strdup(
"Not enough directory information");
3499 LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3562 log_info(
LD_REND,
"Initiating upload for hidden service %s descriptor "
3563 "for service %s with %u/%u introduction points%s.",
3564 (desc == service->desc_current) ?
"current" :
"next",
3565 safe_str_client(service->onion_address),
3566 digest256map_size(desc->intro_points.map),
3567 service->config.num_intro_points,
3568 (desc->missing_intro_points) ?
" (couldn't pick more)" :
"");
3577 } FOR_EACH_DESCRIPTOR_END;
3578 } FOR_EACH_SERVICE_END;
3596 if (BUG(!circ->
cpath)) {
3609 if (service == NULL) {
3610 log_warn(
LD_REND,
"Unknown service identity key %s on the introduction "
3611 "circuit %u. Can't find onion service.",
3617 log_warn(
LD_REND,
"Unknown introduction point auth key on circuit %u "
3630 service_intro_point_free(ip);
3637 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3657 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3662 if (service == NULL) {
3663 log_warn(
LD_REND,
"Unknown service identity key %s on the rendezvous "
3664 "circuit %u with cookie %s. Can't find onion service.",
3692 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3702 const uint8_t *payload,
3716 if (service == NULL) {
3717 log_warn(
LD_REND,
"Unknown service identity key %s on the introduction "
3718 "circuit %u. Can't find onion service.",
3725 log_warn(
LD_REND,
"Introduction circuit established without an intro "
3726 "point object on circuit %u for service %s",
3748 log_info(
LD_REND,
"Successfully received an INTRO_ESTABLISHED cell "
3749 "on circuit %u for service %s",
3776 if (service == NULL) {
3777 log_warn(
LD_BUG,
"Unknown service identity key %s when handling "
3778 "an INTRODUCE2 cell on circuit %u",
3785 log_warn(
LD_BUG,
"Unknown introduction auth key when handling "
3786 "an INTRODUCE2 cell on circuit %u for service %s",
3791 HS_METRICS_ERR_INTRO_REQ_BAD_AUTH_KEY);
3800 payload, payload_len) < 0) {
3818 char fname[128] = {0};
3828 tor_snprintf(fname,
sizeof(fname),
"%s_secret_key", fname_keyfile_prefix);
3830 tor_snprintf(fname,
sizeof(fname),
"%s_public_key", fname_keyfile_prefix);
3852 ed25519_keypair_free(kp);
3867 const uint8_t *descriptor_cookie = NULL;
3880 descriptor_cookie, encoded_out);
3892hs_service_non_anonymous_mode_consistent(
const or_options_t *options)
3896 !! options->HiddenServiceNonAnonymousMode);
3905hs_service_allow_non_anonymous_connection(
const or_options_t *options)
3907 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3919hs_service_reveal_startup_time(
const or_options_t *options)
3921 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3922 return hs_service_non_anonymous_mode_enabled(options);
3931hs_service_non_anonymous_mode_enabled(
const or_options_t *options)
3933 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3934 return options->HiddenServiceNonAnonymousMode ? 1 : 0;
3950 &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3956 &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3996 desc->desc->encrypted_data.sendme_inc != current_sendme_inc) {
4001 } FOR_EACH_DESCRIPTOR_END;
4002 } FOR_EACH_SERVICE_END;
4015 const uint8_t version,
4020 char version_str[4] = {0};
4030 memset(&ident, 0,
sizeof(ident));
4035 tor_snprintf(version_str,
sizeof(version_str),
"%u", version);
4043 strlen(encoded_desc));
4050 directory_request_free(dir_req);
4064 int max_streams_per_rdv_circuit,
4065 int max_streams_close_circuit,
4090 log_warn(
LD_CONFIG,
"Unable to generate ed25519 public key"
4097 log_warn(
LD_CONFIG,
"Bad ed25519 private key was provided");
4104 log_warn(
LD_CONFIG,
"At least one VIRTPORT/TARGET must be specified "
4110 if (auth_clients_v3) {
4117 smartlist_free(auth_clients_v3);
4129 log_warn(
LD_CONFIG,
"Onion Service private key collides with an "
4130 "existing v3 service.");
4135 log_info(
LD_CONFIG,
"Added ephemeral v3 onion service: %s",
4163 log_warn(
LD_CONFIG,
"Requested malformed v3 onion address for removal.");
4168 log_warn(
LD_CONFIG,
"Requested version of onion address for removal "
4169 "is not supported.");
4174 if (service == NULL) {
4175 log_warn(
LD_CONFIG,
"Requested non-existent v3 hidden service for "
4181 log_warn(
LD_CONFIG,
"Requested non-ephemeral v3 hidden service for "
4193 log_info(
LD_CONFIG,
"Removed ephemeral v3 hidden service: %s",
4194 safe_str_client(address));
4213 char *encoded_desc = NULL;
4221 return encoded_desc;
4257 if (service == NULL) {
4258 log_warn(
LD_REND,
"Unable to find any hidden service associated "
4259 "identity key %s on rendezvous circuit %u.",
4274#define MAX_STREAM_WARN_INTERVAL 600
4275 static struct ratelim_t stream_ratelim =
4276 RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
4278 "Maximum streams per circuit limit reached on "
4279 "rendezvous circuit %u for service %s. Circuit has "
4280 "%" PRIu64
" out of %" PRIu64
" streams. %s.",
4286 "Closing circuit" :
"Ignoring open stream request");
4299 log_info(
LD_REND,
"No virtual port mapping exists for port %d for "
4300 "hidden service %s.",
4348 if (service->config.is_ephemeral) {
4354 } FOR_EACH_DESCRIPTOR_END;
4367 static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
4369 "New dirinfo arrived: consider reuploading descriptor");
4387 log_warn(
LD_PROTOCOL,
"Received an INTRODUCE2 cell on a "
4388 "non introduction circuit of purpose %d",
4407 const uint8_t *payload,
4416 log_warn(
LD_PROTOCOL,
"Received an INTRO_ESTABLISHED cell on a "
4417 "non introduction circuit of purpose %d",
4431 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4465 const char *directory_path;
4491 if (service->config.is_ephemeral) {
4494 log_info(
LD_REND,
"Loading v3 onion service keys from %s",
4499 } SMARTLIST_FOREACH_END(service);
4526 DIGEST256MAP_FOREACH(desc->intro_points.map, key,
4528 const node_t *intro_node;
4529 const char *nickname;
4550 } DIGEST256MAP_FOREACH_END;
4552 } FOR_EACH_DESCRIPTOR_END;
4553 } FOR_EACH_SERVICE_END;
4582 } FOR_EACH_SERVICE_END;
4625 if (service == NULL) {
4631 service_descriptor_free(desc);
4632 } FOR_EACH_DESCRIPTOR_END;
4646 if (service->
state.ob_subcreds) {
4704#ifdef TOR_UNIT_TESTS
4708get_hs_service_map_size(
void)
4715get_hs_service_staging_list_size(
void)
4721get_hs_service_map(
void)
4727get_first_service(
void)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
const char * hex_str(const char *from, size_t fromlen)
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void pathbias_count_use_attempt(origin_circuit_t *circ)
Header file for circuitbuild.c.
const char * circuit_state_to_string(int state)
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_S_CONNECT_REND
#define CIRCUIT_PURPOSE_S_INTRO
#define CIRCUIT_IS_ORIGIN(c)
#define CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Header file for circuituse.c.
Functions and types for monotonic times.
const or_options_t * get_options(void)
Header file for config.c.
Public APIs for congestion control.
static uint8_t congestion_control_sendme_inc(void)
Header file for connection.c.
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
#define BASE64_DIGEST_LEN
#define crypto_digest_free(d)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
crypto_ope_t * crypto_ope_new(const uint8_t *key)
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
void crypto_rand(char *to, size_t n)
void smartlist_shuffle(smartlist_t *sl)
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Common functions for using (pseudo-)random number generators.
int crypto_rand_int_range(unsigned int min, unsigned int max)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
crypto_pk_t * crypto_pk_new(void)
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
const char * node_describe(const node_t *node)
Header file for describe.c.
int tor_memcmp(const void *a, const void *b, size_t len)
#define fast_memeq(a, b, c)
smartlist_t * tor_listdir(const char *dirname)
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
void directory_initiate_request(directory_request_t *request)
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
directory_request_t * directory_request_new(uint8_t dir_purpose)
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Header file for dirclient.c.
struct directory_request_t directory_request_t
dir_connection_t * TO_DIR_CONN(connection_t *c)
Header file for directory.c.
#define DIR_PURPOSE_UPLOAD_HSDESC
Edge-connection structure.
const char * escaped(const char *s)
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect, bool for_exit)
Header for core/or/extendinfo.c.
int write_str_to_file_if_not_equal(const char *fname, const char *str)
int top_of_rend_pqueue_is_worthwhile(hs_pow_service_state_t *pow_state)
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
void hs_circ_retry_service_rendezvous_point(const origin_circuit_t *circ)
Header file containing circuit data for the whole HS subsystem.
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
uint64_t hs_get_time_period_num(time_t now)
uint64_t hs_get_next_time_period_num(time_t now)
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
uint64_t hs_get_previous_time_period_num(time_t now)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
char * hs_path_from_filename(const char *directory, const char *filename)
Header file containing common data for the whole HS subsystem.
#define NUM_INTRO_POINTS_DEFAULT
hs_service_add_ephemeral_status_t
#define NUM_INTRO_POINTS_EXTRA
#define INTRO_CIRC_RETRY_PERIOD
void hs_config_free_all(void)
Header file containing configuration ABI/API for the HS subsystem.
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Header file containing control port event related code.
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
Header file for hs_descriptor.c.
#define HS_DESC_AUTH_CLIENT_MULTIPLE
#define HS_DESC_DEFAULT_LIFETIME
#define HS_DESC_CERT_LIFETIME
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Header file containing circuit and connection identifier data for the whole HS subsystem.
void hs_intropoint_clear(hs_intropoint_t *ip)
Header file for hs_intropoint.c.
void hs_metrics_service_free(hs_service_t *service)
void hs_metrics_service_init(hs_service_t *service)
Header for feature/hs/hs_metrics.c.
#define hs_metrics_new_established_rdv(s)
#define hs_metrics_new_established_intro(s)
#define hs_metrics_new_introduction(s)
#define hs_metrics_rdv_circ_build_time(s, obs)
#define hs_metrics_close_established_rdv(i)
#define hs_metrics_intro_circ_build_time(s, obs)
#define hs_metrics_close_established_intro(i)
#define hs_metrics_reject_intro_req(s, reason)
#define hs_metrics_pow_suggested_effort(s, n)
Header for feature/hs/hs_metrics_entry.c.
void hs_ob_refresh_keys(hs_service_t *service)
Header file for the specific code for onion balance.
void hs_pow_remove_seed_from_cache(const uint8_t *seed_head)
void hs_pow_free_service_state(hs_pow_service_state_t *state)
#define HS_POW_SEED_HEAD_LEN
static unsigned int hs_service_ht_hash(const hs_service_t *service)
static smartlist_t * hs_service_staging_list
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, smartlist_t *auth_clients_v3, char **address_out)
static void update_suggested_effort(hs_service_t *service, time_t now)
static int load_client_keys(hs_service_t *service)
STATIC void service_clear_config(hs_service_config_t *config)
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
void hs_service_stage_services(const smartlist_t *service_list)
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
void hs_service_init(void)
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void close_service_circuits(hs_service_t *service)
static int ht_free_service_(struct hs_service_t *service, void *data)
static int32_t get_intro_point_min_lifetime(void)
static void close_service_intro_circuits(hs_service_t *service)
static const char * service_escaped_dir(const hs_service_t *s)
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
static void register_all_services(void)
static void initialize_pow_defenses(hs_service_t *service)
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void close_service_rp_circuits(hs_service_t *service)
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
void hs_service_circuit_has_opened(origin_circuit_t *circ)
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
unsigned int hs_service_get_num_services(void)
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
void service_authorized_client_free_(hs_service_authorized_client_t *client)
static void service_intro_point_free_void(void *obj)
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
static void run_build_circuit_event(time_t now)
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC void run_upload_descriptor_event(time_t now)
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
smartlist_t * hs_service_get_metrics_stores(void)
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC void build_all_descriptors(time_t now)
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
static void log_cant_upload_desc(const hs_service_t *service, const hs_service_descriptor_t *desc, const char *msg, const log_desc_upload_reason_t reason)
static struct hs_service_ht * hs_service_map
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
STATIC int client_filename_is_valid(const char *filename)
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
#define FOR_EACH_SERVICE_BEGIN(var)
static int service_key_on_disk(const char *directory_path)
static int compare_service_authorzized_client_(const void **_a, const void **_b)
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
static int load_service_keys(hs_service_t *service)
static int32_t get_intro_point_max_introduce2(void)
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
static void service_free_all(void)
static void rotate_service_descriptors(hs_service_t *service)
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
void hs_service_free_all(void)
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
static int32_t get_intro_point_min_introduce2(void)
static void run_build_descriptor_event(time_t now)
static void service_intro_circ_has_opened(origin_circuit_t *circ)
STATIC void rotate_all_descriptors(time_t now)
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
void hs_service_dir_info_changed(void)
void hs_service_free_(hs_service_t *service)
int hs_service_del_ephemeral(const char *address)
STATIC void update_all_descriptors_intro_points(time_t now)
int hs_service_get_version_from_key(const hs_service_t *service)
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void pow_housekeeping(hs_service_t *service, time_t now)
void hs_service_new_consensus_params(const networkstatus_t *ns)
void hs_service_run_scheduled_events(time_t now)
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
static int32_t get_intro_point_num_extra(void)
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
#define LOG_DESC_UPLOAD_REASON_MAX
static void launch_intro_point_circuits(hs_service_t *service)
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
hs_service_authorized_client_t * parse_authorized_client_key(const char *key_str, int severity)
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
void hs_service_map_has_changed(void)
hs_service_t * hs_service_find(const ed25519_public_key_t *identity_pk)
static void rotate_pow_seeds(hs_service_t *service, time_t now)
void hs_service_dump_stats(int severity)
static void set_rotation_time(hs_service_t *service)
static int consider_republishing_hs_descriptors
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
hs_service_t * hs_service_new(const or_options_t *options)
static int32_t get_intro_point_max_lifetime(void)
int hs_service_load_all_keys(void)
STATIC void run_housekeeping_event(time_t now)
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
static void cleanup_intro_points(hs_service_t *service, time_t now)
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
static bool is_client_auth_enabled(const hs_service_t *service)
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
static void update_all_descriptors_pow_params(time_t now)
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Header file containing service data for the HS subsystem.
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
#define HS_SERVICE_POW_SEED_ROTATE_TIME_MIN
#define HS_SERVICE_DEFAULT_VERSION
@ HS_CIRCUIT_ID_PROTOCOL_NONE
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
#define hs_service_free(s)
void hs_stats_note_introduce2_cell(void)
Header file for hs_stats.c.
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Header file for loadkey.c.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
#define log_fn(severity, domain, args,...)
#define log_fn_ratelim(ratelim, severity, domain, args,...)
int have_completed_a_circuit(void)
void rescan_periodic_events(const or_options_t *options)
Header file for mainloop.c.
void tor_free_(void *mem)
#define MAP_DEL_CURRENT(keyvar)
#define DIGESTMAP_FOREACH_END
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
int usable_consensus_flavor(void)
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
Networkstatus consensus/vote structure.
Header file for nickname.c.
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Header file for node_select.c.
Node information structure.
bool node_supports_establish_intro_dos_extension(const node_t *node)
const node_t * node_get_by_id(const char *identity_digest)
const char * node_get_nickname(const node_t *node)
consensus_path_type_t router_have_consensus_path(void)
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
int router_have_minimum_dir_info(void)
bool node_supports_ed25519_hs_intro(const node_t *node)
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define INTRO_POINT_LIFETIME_MAX_SECONDS
#define INTRO_POINT_LIFETIME_MIN_SECONDS
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
#define REND_REPLAY_TIME_INTERVAL
The or_state_t structure, which represents Tor's state file.
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
int tor_snprintf(char *str, size_t size, const char *format,...)
char * rate_limit_log(ratelim_t *lim, time_t now)
replaycache_t * replaycache_new(time_t horizon, time_t interval)
#define replaycache_free(r)
Routerstatus (consensus entry) structure.
time_t sr_state_get_start_time_of_previous_protocol_run(void)
unsigned int sr_state_get_protocol_run_duration(void)
time_t sr_state_get_start_time_of_current_protocol_run(void)
Header file for shared_random_client.c.
int smartlist_contains_string(const smartlist_t *sl, const char *element)
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
uint8_t seckey[ED25519_SECKEY_LEN]
smartlist_t * intro_auth_types
hs_pow_desc_params_t * pow_params
unsigned int single_onion_service
smartlist_t * intro_points
unsigned int create2_ntor
struct hs_desc_intro_point_t::@22::@23 cert
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * enc_key_cert
tor_cert_t * auth_key_cert
struct hs_desc_intro_point_t::@22 legacy
smartlist_t * link_specifiers
uint64_t revision_counter
tor_cert_t * signing_key_cert
ed25519_public_key_t signing_pubkey
ed25519_public_key_t blinded_pubkey
curve25519_public_key_t auth_ephemeral_pubkey
hs_desc_encrypted_data_t encrypted_data
hs_desc_superencrypted_data_t superencrypted_data