9#define HS_SERVICE_PRIVATE
22#include "feature/client/circpathbias.h"
65#include "trunnel/ed25519_cert.h"
66#include "trunnel/hs/cell_establish_intro.h"
78#define FOR_EACH_SERVICE_BEGIN(var) \
80 hs_service_t **var##_iter, *var; \
81 HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
83#define FOR_EACH_SERVICE_END } STMT_END ;
88#define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
90 hs_service_descriptor_t *var; \
91 for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
92 ++var ## _loop_idx) { \
93 (var ## _loop_idx == 0) ? (var = service->desc_current) : \
94 (var = service->desc_next); \
95 if (var == NULL) continue;
96#define FOR_EACH_DESCRIPTOR_END } STMT_END ;
100static const char fname_keyfile_prefix[] =
"hs_ed25519";
101static const char dname_client_pubkeys[] =
"authorized_clients";
102static const char fname_hostname[] =
"hostname";
103static const char address_tld[] =
"onion";
119 time_t now,
bool is_current);
142static inline unsigned int
162HT_GENERATE2(hs_service_ht,
hs_service_t, hs_service_node,
183 memset(&dummy_service, 0,
sizeof(dummy_service));
185 return HT_FIND(hs_service_ht, map, &dummy_service);
203 HT_INSERT(hs_service_ht, map, service);
227 if (BUG(service == NULL) ||
232 elm = HT_REMOVE(hs_service_ht, map, service);
236 log_warn(
LD_BUG,
"Could not find service in the global map "
237 "while removing service %s",
264 c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
265 c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
268 c->pow_queue_rate = HS_CONFIG_V3_POW_QUEUE_RATE;
269 c->pow_queue_burst = HS_CONFIG_V3_POW_QUEUE_BURST;
282 pow_state->pop_pqueue_ev = NULL;
287 pow_state->pqueue_low_level = 16;
288 pow_state->pqueue_high_level = 16384;
290 if (service->
config.pow_queue_rate > 0 &&
291 service->
config.pow_queue_burst >= service->
config.pow_queue_rate) {
292 pow_state->using_pqueue_bucket = 1;
294 service->
config.pow_queue_rate,
295 service->
config.pow_queue_burst,
296 (uint32_t) monotime_coarse_absolute_sec());
298 pow_state->pqueue_low_level =
MAX(8, service->
config.pow_queue_rate / 4);
299 pow_state->pqueue_high_level =
300 service->
config.pow_queue_burst +
306 pow_state->suggested_effort = 0;
307 pow_state->rend_handled = 0;
308 pow_state->total_effort = 0;
309 pow_state->next_effort_update = (time(NULL) + HS_UPDATE_PERIOD);
315 log_info(
LD_REND,
"Generating both PoW seeds...");
319 pow_state->expiration_time =
322 HS_SERVICE_POW_SEED_ROTATE_TIME_MAX));
330 if (config == NULL) {
336 hs_port_config_free(p););
337 smartlist_free(config->
ports);
341 service_authorized_client_free(p));
342 smartlist_free(config->
clients);
349 memset(config, 0,
sizeof(*config));
363 const char *legacy_id = NULL;
366 const link_specifier_t *, lspec) {
367 if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
368 legacy_id = (
const char *)
369 link_specifier_getconstarray_un_legacy_id(lspec);
372 } SMARTLIST_FOREACH_END(lspec);
406 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
515 ip = tor_malloc_zero(
sizeof(*ip));
523 if (BUG(max_introduce2_cells < min_introduce2_cells)) {
527 max_introduce2_cells);
532 if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
556 if (crypto_pk_generate_key(ip->
legacy_key) < 0) {
576 service_intro_point_free(ip);
591 old_ip_entry = digest256map_set(map, ip->
auth_key_kp.pubkey.pubkey, ip);
593 tor_assert_nonfatal(!old_ip_entry);
609 digest256map_remove(desc->intro_points.map,
611 } FOR_EACH_DESCRIPTOR_END;
636 if ((ip = digest256map_get(desc->intro_points.map,
637 auth_key->pubkey)) != NULL) {
640 } FOR_EACH_DESCRIPTOR_END;
657 if (digest256map_get(desc->intro_points.map,
662 } FOR_EACH_DESCRIPTOR_END;
695 if (s && ip && *ip && desc) {
704static link_specifier_t *
707 link_specifier_t *lnk_spec = NULL;
712 link_specifier_t *, ls) {
713 if (link_specifier_get_ls_type(ls) == type) {
717 } SMARTLIST_FOREACH_END(ls);
729 const link_specifier_t *ls;
739 (
const char *) link_specifier_getconstarray_un_legacy_id(ls));
748 unsigned int direct_conn)
776 unsigned int count = 0;
783 } DIGEST256MAP_FOREACH_END;
794 unsigned int count = 0;
809 connection_mark_for_close(conn);
813 } SMARTLIST_FOREACH_END(conn);
815 log_info(
LD_REND,
"Closed %u active service directory connections for "
816 "descriptor %s of service %s",
820 smartlist_free(dir_conns);
848 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
859 DIGEST256MAP_FOREACH(intro_points->
map, key,
866 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
868 } DIGEST256MAP_FOREACH_END;
879 } FOR_EACH_DESCRIPTOR_END;
911 for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
915 next = HT_NEXT(hs_service_ht, src, iter);
920 next = HT_NEXT_RMV(hs_service_ht, src, iter);
922 log_warn(
LD_BUG,
"Ephemeral service key is already being used. "
962 if (src->ob_subcreds) {
963 dst->ob_subcreds = src->ob_subcreds;
964 dst->n_ob_subcreds = src->n_ob_subcreds;
966 src->ob_subcreds = NULL;
976 struct hs_service_ht *new_service_map;
981 new_service_map = tor_malloc_zero(
sizeof(*new_service_map));
982 HT_INIT(hs_service_ht, new_service_map);
1013 log_warn(
LD_BUG,
"Unable to register service with directory %s",
1018 } SMARTLIST_FOREACH_END(snew);
1024 } FOR_EACH_SERVICE_END;
1045 char *addr_buf = NULL;
1056 log_warn(
LD_REND,
"Could not write onion address to hostname file %s",
1064 if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1065 log_warn(
LD_FS,
"Unable to make onion service hostname file %s "
1066 "group-readable.",
escaped(fname));
1093 config = &service->
config;
1112 log_info(
LD_REND,
"Unable to load keys from %s. Generating it...", fname);
1115 uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1120 log_warn(
LD_REND,
"Unable to generate keys and save in %s.", fname);
1130 ed25519_keypair_free(kp);
1161 const char *valid_extension =
".auth";
1167 if (!
strcmpend(filename, valid_extension) &&
1168 strlen(filename) != strlen(valid_extension)) {
1190 log_fn(severity,
LD_REND,
"Client authorization encoded base32 public key "
1191 "length is invalid: %s", key_str);
1198 key_str, strlen(key_str)) !=
1200 log_fn(severity,
LD_REND,
"Client authorization public key cannot be "
1201 "decoded: %s", key_str);
1208 if (client != NULL) {
1209 service_authorized_client_free(client);
1226 char *auth_type = NULL;
1227 char *key_type = NULL;
1228 char *pubkey_b32 = NULL;
1235 SPLIT_SKIP_SPACE, 0);
1237 if (smartlist_len(fields) != 3) {
1238 log_warn(
LD_REND,
"Unknown format of client authorization file.");
1242 auth_type = smartlist_get(fields, 0);
1243 key_type = smartlist_get(fields, 1);
1244 pubkey_b32 = smartlist_get(fields, 2);
1247 if (strcmp(auth_type,
"descriptor")) {
1248 log_warn(
LD_REND,
"Client authorization auth type '%s' not supported.",
1254 if (strcmp(key_type,
"x25519")) {
1255 log_warn(
LD_REND,
"Client authorization key type '%s' not supported.",
1268 service_authorized_client_free(client);
1272 memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1276 smartlist_free(fields);
1286 char *client_key_str = NULL;
1287 char *client_key_file_path = NULL;
1288 char *client_keys_dir_path = NULL;
1294 config = &service->
config;
1300 dname_client_pubkeys);
1302 client_keys_dir_path,
1310 service_authorized_client_free(p));
1311 smartlist_free(config->
clients);
1317 if (file_list == NULL) {
1318 log_warn(
LD_REND,
"Client authorization directory %s can't be listed.",
1319 client_keys_dir_path);
1325 log_info(
LD_REND,
"Loading a client authorization key file %s...",
1329 log_warn(
LD_REND,
"Client authorization unrecognized filename %s. "
1330 "File must end in .auth. Ignoring.", filename);
1337 client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1340 if (!client_key_str) {
1341 log_warn(
LD_REND,
"Client authorization file %s can't be read. "
1342 "Corrupted or verify permission? Ignoring.",
1343 client_key_file_path);
1351 memwipe(client_key_str, 0, strlen(client_key_str));
1356 log_info(
LD_REND,
"Loaded a client authorization key file %s.",
1360 } SMARTLIST_FOREACH_END(filename);
1365 if (client_key_str) {
1366 memwipe(client_key_str, 0, strlen(client_key_str));
1370 smartlist_free(file_list);
1396 hs_descriptor_free(desc->
desc);
1434 memcpy(client_dup->
client_pk.public_key,
1484 if (smartlist_len(config1->
clients) != smartlist_len(config2->
clients)) {
1501 for (i = 0; i < smartlist_len(sl1); i++) {
1505 smartlist_get(sl2, i))) {
1516 service_authorized_client_free(p));
1517 smartlist_free(sl1);
1521 service_authorized_client_free(p));
1522 smartlist_free(sl2);
1548 service_descriptor_free(dst->
desc_next);
1556 int client_auth_changed =
1567 if (client_auth_changed && dst->
desc_next) {
1583 service_descriptor_free(dst->
desc_next);
1596 time_t failure_time = *t;
1602 } FOR_EACH_DESCRIPTOR_END;
1630 time_t *time_of_failure, *prev_ptr;
1631 const link_specifier_t *legacy_ls;
1636 time_of_failure = tor_malloc_zero(
sizeof(time_t));
1637 *time_of_failure = now;
1640 prev_ptr = digestmap_set(
1642 (
const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1658 time_t nearest_hour = now - (now % 3600);
1669 CERT_TYPE_AUTH_HS_IP_KEY,
1673 CERT_FLAG_INCLUDE_SIGNING_KEY);
1675 log_warn(
LD_REND,
"Unable to create intro point auth-key certificate");
1681 const link_specifier_t *, ls) {
1690 } SMARTLIST_FOREACH_END(ls);
1697 &signing_kp->pubkey,
1702 log_warn(
LD_REND,
"Unable to create enc key legacy cross cert.");
1720 CERT_TYPE_CROSS_HS_IP_KEYS,
1721 &ed25519_pubkey, nearest_hour,
1723 CERT_FLAG_INCLUDE_SIGNING_KEY);
1725 log_warn(
LD_REND,
"Unable to create enc key curve25519 cross cert.");
1768 hs_desc_intro_point_free(desc_ip);
1773 } DIGEST256MAP_FOREACH_END;
1795 CERT_FLAG_INCLUDE_SIGNING_KEY);
1850 config = &service->
config;
1886 } SMARTLIST_FOREACH_END(client);
1893 int num_clients = smartlist_len(superencrypted->
clients);
1894 int num_clients_to_add;
1895 if (num_clients == 0) {
1898 num_clients_to_add = 0;
1900 num_clients_to_add =
1905 for (i = 0; i < num_clients_to_add; i++) {
1958 const char ope_key_prefix[] =
"rev-counter-generation";
1962 sizeof(eph_privkey->
seckey));
2005 log_warn(
LD_REND,
"Can't generate descriptor signing keypair for "
2014 log_warn(
LD_REND,
"Can't generate auth ephemeral keypair for "
2072 &encoded_desc) < 0)) {
2091 service_descriptor_free(desc);
2099 uint64_t current_desc_tp, next_desc_tp;
2139 log_info(
LD_REND,
"Hidden service %s has just started. Both descriptors "
2140 "built. Now scheduled for upload.",
2153 if (service->desc_current == NULL && service->desc_next == NULL) {
2163 if (BUG(service->desc_current == NULL)) {
2167 if (service->desc_next == NULL) {
2169 &service->desc_next);
2170 log_info(
LD_REND,
"Hidden service %s next descriptor successfully "
2171 "built. Now scheduled for upload.",
2172 safe_str_client(service->onion_address));
2174 } FOR_EACH_DESCRIPTOR_END;
2203 direct_conn ? direct_flags : flags);
2207 if (direct_conn && !node) {
2209 "Unable to find an intro point that we can connect to "
2210 "directly, falling back to a 3-hop path.");
2234 service_intro_point_free(ip);
2245 int i = 0, num_needed_ip;
2254 if (BUG(num_needed_ip < 0)) {
2281 } DIGEST256MAP_FOREACH_END;
2286 for (i = 0; i < num_needed_ip; i++) {
2296 log_info(
LD_REND,
"Unable to find a suitable node to be an "
2297 "introduction point for service %s.",
2321 smartlist_free(exclude_nodes);
2358 int descriptor_changed)
2365 if (descriptor_changed) {
2375 unsigned int num_intro_points;
2384 if (num_intro_points < service->config.num_intro_points) {
2387 if (num_new_intro_points != 0) {
2388 log_info(
LD_REND,
"Service %s just picked %u intro points and wanted "
2389 "%u for %s descriptor. It currently has %d intro "
2390 "points. Launching ESTABLISH_INTRO circuit shortly.",
2392 num_new_intro_points,
2404 if ((num_new_intro_points + num_intro_points) <
2422 } FOR_EACH_DESCRIPTOR_END;
2423 } FOR_EACH_SERVICE_END;
2433 int descs_updated = 0;
2436 uint32_t previous_effort;
2442 if (!service->config.has_pow_defenses_enabled &&
2443 desc->desc->encrypted_data.pow_params) {
2444 log_info(
LD_REND,
"PoW defenses have been disabled, clearing "
2445 "pow_params from a descriptor.");
2446 tor_free(desc->desc->encrypted_data.pow_params);
2451 } FOR_EACH_DESCRIPTOR_END;
2455 if (!service->config.has_pow_defenses_enabled) {
2460 encrypted = &desc->desc->encrypted_data;
2465 log_info(
LD_REND,
"Initializing pow_params in descriptor...");
2473 pow_state->expiration_time) {
2485 if (pow_state->suggested_effort < previous_effort * 0.85 ||
2486 previous_effort * 1.15 < pow_state->suggested_effort) {
2487 log_info(
LD_REND,
"Suggested effort changed significantly, "
2488 "updating descriptors...");
2491 }
else if (previous_effort != pow_state->suggested_effort) {
2495 log_info(
LD_REND,
"Change in suggested effort didn't warrant "
2496 "updating descriptors.");
2498 } FOR_EACH_DESCRIPTOR_END;
2500 if (descs_updated) {
2503 } FOR_EACH_DESCRIPTOR_END;
2505 } FOR_EACH_SERVICE_END;
2556 if (has_no_node || has_expired) {
2573 ret = has_no_retries;
2578 log_info(
LD_REND,
"Intro point %s%s (retried: %u times). "
2581 has_expired ?
" has expired" :
2582 (has_no_node) ?
" fell off the consensus" :
"",
2610 DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2624 } DIGEST256MAP_FOREACH_END;
2625 } FOR_EACH_DESCRIPTOR_END;
2638 if (ocirc && !
TO_CIRCUIT(ocirc)->marked_for_close) {
2639 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2643 service_intro_point_free(ip);
2644 } SMARTLIST_FOREACH_END(ip);
2646 smartlist_free(ips_to_free);
2657 "Current seed expired. Scrubbing replay cache, rotating PoW "
2658 "seeds, generating new seed and updating descriptors.");
2665 memcpy(pow_state->seed_previous, pow_state->seed_current,
HS_POW_SEED_LEN);
2670 while (
fast_memeq(pow_state->seed_previous, pow_state->seed_current,
2676 pow_state->expiration_time =
2679 HS_SERVICE_POW_SEED_ROTATE_TIME_MAX));
2682 char fmt_next_time[ISO_TIME_LEN + 1];
2684 log_debug(
LD_REND,
"PoW state expiration time set to: %s", fmt_next_time);
2705 } aimd_event = NONE;
2707 if (pow_state->max_trimmed_effort > pow_state->suggested_effort) {
2709 aimd_event = INCREASE;
2710 }
else if (pow_state->had_queue) {
2711 if (smartlist_len(pow_state->rend_request_pqueue) > 0 &&
2714 aimd_event = INCREASE;
2716 }
else if (smartlist_len(pow_state->rend_request_pqueue) <
2717 pow_state->pqueue_low_level) {
2719 aimd_event = DECREASE;
2722 switch (aimd_event) {
2724 if (pow_state->suggested_effort < UINT32_MAX) {
2725 pow_state->suggested_effort =
MAX(pow_state->suggested_effort + 1,
2726 (uint32_t)(pow_state->total_effort /
2727 pow_state->rend_handled));
2731 pow_state->suggested_effort = 2*pow_state->suggested_effort/3;
2739 log_debug(
LD_REND,
"Recalculated suggested effort: %u",
2740 pow_state->suggested_effort);
2743 pow_state->total_effort = 0;
2744 pow_state->rend_handled = 0;
2745 pow_state->max_trimmed_effort = 0;
2746 pow_state->had_queue = 0;
2747 pow_state->next_effort_update = now + HS_UPDATE_PERIOD;
2786 char fmt_time[ISO_TIME_LEN + 1];
2788 log_info(
LD_REND,
"Next descriptor rotation time set to %s for %s",
2828 log_warn(
LD_BUG,
"Service descriptor is NULL (%p/%p). Next rotation "
2829 "time is %ld (now: %ld). Valid after time from "
2889 log_info(
LD_REND,
"Time to rotate our descriptors (%p / %p) for %s",
2890 service->desc_current, service->desc_next,
2891 safe_str_client(service->onion_address));
2894 } FOR_EACH_SERVICE_END;
2911 if (service->state.next_rotation_time == 0) {
2920 if (have_module_pow() && service->config.has_pow_defenses_enabled) {
2935 } FOR_EACH_SERVICE_END;
2958 if (have_module_pow()) {
2977 DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2990 if (ei == NULL && direct_conn) {
2991 direct_conn =
false;
3000 service_intro_point_free(ip);
3005 ip->circuit_retries++;
3007 log_info(
LD_REND,
"Unable to launch intro circuit to node %s "
3013 extend_info_free(ei);
3014 } DIGEST256MAP_FOREACH_END;
3015 } FOR_EACH_DESCRIPTOR_END;
3026 unsigned int count = 0;
3027 unsigned int multiplier = 0;
3028 unsigned int num_wanted_ip;
3032 HS_CONFIG_V3_MAX_INTRO_POINTS);
3051 multiplier += (service->
desc_next) ? 1 : 0;
3053 return (count * multiplier);
3083 log_info(
LD_REND,
"Hidden service %s exceeded its circuit launch limit "
3084 "of %u per %d seconds. It launched %u circuits in "
3085 "the last %ld seconds. Will retry in %ld seconds.",
3090 (
long int) elapsed_time,
3124 } FOR_EACH_SERVICE_END;
3134 char *encoded_desc = NULL;
3142 log_info(
LD_REND,
"Service %s not publishing descriptor. "
3143 "PublishHidServDescriptors is set to 0.",
3151 &encoded_desc) < 0)) {
3165 int is_next_desc = (service->
desc_next == desc);
3166 const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.
store_second:
3168 char *blinded_pubkey_log_str =
3173 log_info(
LD_REND,
"Service %s %s descriptor of revision %" PRIu64
3174 " initiated upload request to %s with index %s (%s)",
3176 (is_next_desc) ?
"next" :
"current",
3179 safe_str_client(
hex_str((
const char *) idx, 32)),
3180 safe_str_client(blinded_pubkey_log_str));
3203 uint64_t rev_counter = 0;
3206 time_t srv_start = 0;
3231 log_info(
LD_REND,
"Setting rev counter for TP #%u: "
3232 "SRV started at %d, now %d (%s)",
3234 (
int)now, is_current ?
"current" :
"next");
3236 tor_assert_nonfatal(now >= srv_start);
3240 time_t seconds_since_start_of_srv = now - srv_start;
3244 seconds_since_start_of_srv++;
3255 (
int) seconds_since_start_of_srv);
3258 tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
3260 log_info(
LD_REND,
"Encrypted revision counter %d to %" PRIu64,
3261 (
int) seconds_since_start_of_srv, rev_counter);
3291 service->
desc_next == desc, 0, responsible_dirs);
3306 } SMARTLIST_FOREACH_END(hsdir_rs);
3315 char fmt_next_time[ISO_TIME_LEN+1];
3317 log_debug(
LD_REND,
"Service %s set to upload a descriptor at %s",
3321 smartlist_free(responsible_dirs);
3331 int should_reupload = 0;
3341 service->
desc_next == desc, 0, responsible_dirs);
3352 should_reupload = 1;
3355 } SMARTLIST_FOREACH_END(hsdir_rs);
3358 smartlist_free(responsible_dirs);
3360 return should_reupload;
3367 LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3368 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3369 LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3370 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3371 LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3376#define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3398 { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3399 RATELIM_INIT(60), RATELIM_INIT(60) },
3400 { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3401 RATELIM_INIT(60), RATELIM_INIT(60) },
3403 bool is_next_desc =
false;
3404 unsigned int rlim_pos = 0;
3420 is_next_desc = (service->
desc_next == desc);
3424 rlim_pos = (is_next_desc ? 1 : 0);
3426 rlim = &limits[rlim_pos][reason];
3429 "Service %s can't upload its %s descriptor: %s",
3431 (is_next_desc) ?
"next" :
"current", msg);
3441 unsigned int num_intro_points, count_ip_established;
3461 msg = tor_strdup(
"Missing intro points");
3463 LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3470 if (count_ip_established != num_intro_points) {
3471 tor_asprintf(&msg,
"Intro circuits aren't yet all established (%d/%d).",
3472 count_ip_established, num_intro_points);
3474 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3480 tor_asprintf(&msg,
"Next upload time is %ld, it is now %ld.",
3483 LOG_DESC_UPLOAD_REASON_NOT_TIME);
3490 msg = tor_strdup(
"No reasonably live consensus");
3492 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3499 msg = tor_strdup(
"Not enough directory information");
3501 LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3564 log_info(
LD_REND,
"Initiating upload for hidden service %s descriptor "
3565 "for service %s with %u/%u introduction points%s.",
3566 (desc == service->desc_current) ?
"current" :
"next",
3567 safe_str_client(service->onion_address),
3568 digest256map_size(desc->intro_points.map),
3569 service->config.num_intro_points,
3570 (desc->missing_intro_points) ?
" (couldn't pick more)" :
"");
3579 } FOR_EACH_DESCRIPTOR_END;
3580 } FOR_EACH_SERVICE_END;
3598 if (BUG(!circ->
cpath)) {
3611 if (service == NULL) {
3612 log_warn(
LD_REND,
"Unknown service identity key %s on the introduction "
3613 "circuit %u. Can't find onion service.",
3619 log_warn(
LD_REND,
"Unknown introduction point auth key on circuit %u "
3632 service_intro_point_free(ip);
3639 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3659 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3664 if (service == NULL) {
3665 log_warn(
LD_REND,
"Unknown service identity key %s on the rendezvous "
3666 "circuit %u with cookie %s. Can't find onion service.",
3694 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3704 const uint8_t *payload,
3718 if (service == NULL) {
3719 log_warn(
LD_REND,
"Unknown service identity key %s on the introduction "
3720 "circuit %u. Can't find onion service.",
3727 log_warn(
LD_REND,
"Introduction circuit established without an intro "
3728 "point object on circuit %u for service %s",
3750 log_info(
LD_REND,
"Successfully received an INTRO_ESTABLISHED cell "
3751 "on circuit %u for service %s",
3778 if (service == NULL) {
3779 log_warn(
LD_BUG,
"Unknown service identity key %s when handling "
3780 "an INTRODUCE2 cell on circuit %u",
3787 log_warn(
LD_BUG,
"Unknown introduction auth key when handling "
3788 "an INTRODUCE2 cell on circuit %u for service %s",
3793 HS_METRICS_ERR_INTRO_REQ_BAD_AUTH_KEY);
3802 payload, payload_len) < 0) {
3820 char fname[128] = {0};
3830 tor_snprintf(fname,
sizeof(fname),
"%s_secret_key", fname_keyfile_prefix);
3832 tor_snprintf(fname,
sizeof(fname),
"%s_public_key", fname_keyfile_prefix);
3854 ed25519_keypair_free(kp);
3869 const uint8_t *descriptor_cookie = NULL;
3882 descriptor_cookie, encoded_out);
3894hs_service_non_anonymous_mode_consistent(
const or_options_t *options)
3898 !! options->HiddenServiceNonAnonymousMode);
3907hs_service_allow_non_anonymous_connection(
const or_options_t *options)
3909 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3921hs_service_reveal_startup_time(
const or_options_t *options)
3923 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3924 return hs_service_non_anonymous_mode_enabled(options);
3933hs_service_non_anonymous_mode_enabled(
const or_options_t *options)
3935 tor_assert(hs_service_non_anonymous_mode_consistent(options));
3936 return options->HiddenServiceNonAnonymousMode ? 1 : 0;
3952 &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3958 &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3998 desc->desc->encrypted_data.sendme_inc != current_sendme_inc) {
4003 } FOR_EACH_DESCRIPTOR_END;
4004 } FOR_EACH_SERVICE_END;
4017 const uint8_t version,
4022 char version_str[4] = {0};
4032 memset(&ident, 0,
sizeof(ident));
4037 tor_snprintf(version_str,
sizeof(version_str),
"%u", version);
4045 strlen(encoded_desc));
4052 directory_request_free(dir_req);
4066 int max_streams_per_rdv_circuit,
4067 int max_streams_close_circuit,
4068 int pow_defenses_enabled,
4069 uint32_t pow_queue_rate,
4070 uint32_t pow_queue_burst,
4091 service->
config.pow_queue_rate = pow_queue_rate;
4092 service->
config.pow_queue_burst = pow_queue_burst;
4098 log_warn(
LD_CONFIG,
"Unable to generate ed25519 public key"
4105 log_warn(
LD_CONFIG,
"Bad ed25519 private key was provided");
4112 log_warn(
LD_CONFIG,
"At least one VIRTPORT/TARGET must be specified "
4118 if (auth_clients_v3) {
4125 smartlist_free(auth_clients_v3);
4137 log_warn(
LD_CONFIG,
"Onion Service private key collides with an "
4138 "existing v3 service.");
4143 log_info(
LD_CONFIG,
"Added ephemeral v3 onion service: %s",
4171 log_warn(
LD_CONFIG,
"Requested malformed v3 onion address for removal.");
4176 log_warn(
LD_CONFIG,
"Requested version of onion address for removal "
4177 "is not supported.");
4182 if (service == NULL) {
4183 log_warn(
LD_CONFIG,
"Requested non-existent v3 hidden service for "
4189 log_warn(
LD_CONFIG,
"Requested non-ephemeral v3 hidden service for "
4201 log_info(
LD_CONFIG,
"Removed ephemeral v3 hidden service: %s",
4202 safe_str_client(address));
4221 char *encoded_desc = NULL;
4229 return encoded_desc;
4265 if (service == NULL) {
4266 log_warn(
LD_REND,
"Unable to find any hidden service associated "
4267 "identity key %s on rendezvous circuit %u.",
4282#define MAX_STREAM_WARN_INTERVAL 600
4283 static struct ratelim_t stream_ratelim =
4284 RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
4286 "Maximum streams per circuit limit reached on "
4287 "rendezvous circuit %u for service %s. Circuit has "
4288 "%" PRIu64
" out of %" PRIu64
" streams. %s.",
4294 "Closing circuit" :
"Ignoring open stream request");
4307 log_info(
LD_REND,
"No virtual port mapping exists for port %d for "
4308 "hidden service %s.",
4356 if (service->config.is_ephemeral) {
4362 } FOR_EACH_DESCRIPTOR_END;
4375 static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
4377 "New dirinfo arrived: consider reuploading descriptor");
4395 log_warn(
LD_PROTOCOL,
"Received an INTRODUCE2 cell on a "
4396 "non introduction circuit of purpose %d",
4415 const uint8_t *payload,
4424 log_warn(
LD_PROTOCOL,
"Received an INTRO_ESTABLISHED cell on a "
4425 "non introduction circuit of purpose %d",
4439 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4473 const char *directory_path;
4499 if (service->config.is_ephemeral) {
4502 log_info(
LD_REND,
"Loading v3 onion service keys from %s",
4507 } SMARTLIST_FOREACH_END(service);
4534 DIGEST256MAP_FOREACH(desc->intro_points.map, key,
4536 const node_t *intro_node;
4537 const char *nickname;
4558 } DIGEST256MAP_FOREACH_END;
4560 } FOR_EACH_DESCRIPTOR_END;
4561 } FOR_EACH_SERVICE_END;
4590 } FOR_EACH_SERVICE_END;
4633 if (service == NULL) {
4639 service_descriptor_free(desc);
4640 } FOR_EACH_DESCRIPTOR_END;
4654 if (service->
state.ob_subcreds) {
4712#ifdef TOR_UNIT_TESTS
4716get_hs_service_map_size(
void)
4723get_hs_service_staging_list_size(
void)
4729get_hs_service_map(
void)
4735get_first_service(
void)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
const char * hex_str(const char *from, size_t fromlen)
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void pathbias_count_use_attempt(origin_circuit_t *circ)
Header file for circuitbuild.c.
const char * circuit_state_to_string(int state)
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_S_CONNECT_REND
#define CIRCUIT_PURPOSE_S_INTRO
#define CIRCUIT_IS_ORIGIN(c)
#define CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Header file for circuituse.c.
Functions and types for monotonic times.
const or_options_t * get_options(void)
Header file for config.c.
Public APIs for congestion control.
static uint8_t congestion_control_sendme_inc(void)
Header file for connection.c.
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
#define BASE64_DIGEST_LEN
#define crypto_digest_free(d)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
crypto_ope_t * crypto_ope_new(const uint8_t *key)
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
void crypto_rand(char *to, size_t n)
void smartlist_shuffle(smartlist_t *sl)
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Common functions for using (pseudo-)random number generators.
int crypto_rand_int_range(unsigned int min, unsigned int max)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
crypto_pk_t * crypto_pk_new(void)
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
const char * node_describe(const node_t *node)
Header file for describe.c.
int tor_memcmp(const void *a, const void *b, size_t len)
#define fast_memeq(a, b, c)
smartlist_t * tor_listdir(const char *dirname)
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
void directory_initiate_request(directory_request_t *request)
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
directory_request_t * directory_request_new(uint8_t dir_purpose)
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Header file for dirclient.c.
struct directory_request_t directory_request_t
dir_connection_t * TO_DIR_CONN(connection_t *c)
Header file for directory.c.
#define DIR_PURPOSE_UPLOAD_HSDESC
Edge-connection structure.
const char * escaped(const char *s)
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect, bool for_exit)
Header for core/or/extendinfo.c.
int write_str_to_file_if_not_equal(const char *fname, const char *str)
int top_of_rend_pqueue_is_worthwhile(hs_pow_service_state_t *pow_state)
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
void hs_circ_retry_service_rendezvous_point(const origin_circuit_t *circ)
Header file containing circuit data for the whole HS subsystem.
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
uint64_t hs_get_time_period_num(time_t now)
uint64_t hs_get_next_time_period_num(time_t now)
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
uint64_t hs_get_previous_time_period_num(time_t now)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
char * hs_path_from_filename(const char *directory, const char *filename)
Header file containing common data for the whole HS subsystem.
#define NUM_INTRO_POINTS_DEFAULT
hs_service_add_ephemeral_status_t
#define NUM_INTRO_POINTS_EXTRA
#define INTRO_CIRC_RETRY_PERIOD
void hs_config_free_all(void)
Header file containing configuration ABI/API for the HS subsystem.
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Header file containing control port event related code.
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
Header file for hs_descriptor.c.
#define HS_DESC_AUTH_CLIENT_MULTIPLE
#define HS_DESC_DEFAULT_LIFETIME
#define HS_DESC_CERT_LIFETIME
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Header file containing circuit and connection identifier data for the whole HS subsystem.
void hs_intropoint_clear(hs_intropoint_t *ip)
Header file for hs_intropoint.c.
void hs_metrics_service_free(hs_service_t *service)
void hs_metrics_service_init(hs_service_t *service)
Header for feature/hs/hs_metrics.c.
#define hs_metrics_new_established_rdv(s)
#define hs_metrics_new_established_intro(s)
#define hs_metrics_new_introduction(s)
#define hs_metrics_rdv_circ_build_time(s, obs)
#define hs_metrics_close_established_rdv(i)
#define hs_metrics_intro_circ_build_time(s, obs)
#define hs_metrics_close_established_intro(i)
#define hs_metrics_reject_intro_req(s, reason)
#define hs_metrics_pow_suggested_effort(s, n)
Header for feature/hs/hs_metrics_entry.c.
void hs_ob_refresh_keys(hs_service_t *service)
Header file for the specific code for onion balance.
void hs_pow_remove_seed_from_cache(const uint8_t *seed_head)
void hs_pow_free_service_state(hs_pow_service_state_t *state)
#define HS_POW_SEED_HEAD_LEN
static unsigned int hs_service_ht_hash(const hs_service_t *service)
static smartlist_t * hs_service_staging_list
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
static void update_suggested_effort(hs_service_t *service, time_t now)
static int load_client_keys(hs_service_t *service)
STATIC void service_clear_config(hs_service_config_t *config)
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
void hs_service_stage_services(const smartlist_t *service_list)
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
void hs_service_init(void)
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void close_service_circuits(hs_service_t *service)
static int ht_free_service_(struct hs_service_t *service, void *data)
static int32_t get_intro_point_min_lifetime(void)
static void close_service_intro_circuits(hs_service_t *service)
static const char * service_escaped_dir(const hs_service_t *s)
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
static void register_all_services(void)
static void initialize_pow_defenses(hs_service_t *service)
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void close_service_rp_circuits(hs_service_t *service)
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
void hs_service_circuit_has_opened(origin_circuit_t *circ)
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
unsigned int hs_service_get_num_services(void)
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
void service_authorized_client_free_(hs_service_authorized_client_t *client)
static void service_intro_point_free_void(void *obj)
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
static void run_build_circuit_event(time_t now)
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC void run_upload_descriptor_event(time_t now)
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
smartlist_t * hs_service_get_metrics_stores(void)
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC void build_all_descriptors(time_t now)
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
static void log_cant_upload_desc(const hs_service_t *service, const hs_service_descriptor_t *desc, const char *msg, const log_desc_upload_reason_t reason)
static struct hs_service_ht * hs_service_map
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
STATIC int client_filename_is_valid(const char *filename)
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
#define FOR_EACH_SERVICE_BEGIN(var)
static int service_key_on_disk(const char *directory_path)
static int compare_service_authorzized_client_(const void **_a, const void **_b)
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
static int load_service_keys(hs_service_t *service)
static int32_t get_intro_point_max_introduce2(void)
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
static void service_free_all(void)
static void rotate_service_descriptors(hs_service_t *service)
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
void hs_service_free_all(void)
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
static int32_t get_intro_point_min_introduce2(void)
static void run_build_descriptor_event(time_t now)
static void service_intro_circ_has_opened(origin_circuit_t *circ)
STATIC void rotate_all_descriptors(time_t now)
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
void hs_service_dir_info_changed(void)
void hs_service_free_(hs_service_t *service)
int hs_service_del_ephemeral(const char *address)
STATIC void update_all_descriptors_intro_points(time_t now)
int hs_service_get_version_from_key(const hs_service_t *service)
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void pow_housekeeping(hs_service_t *service, time_t now)
void hs_service_new_consensus_params(const networkstatus_t *ns)
void hs_service_run_scheduled_events(time_t now)
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
static int32_t get_intro_point_num_extra(void)
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
#define LOG_DESC_UPLOAD_REASON_MAX
static void launch_intro_point_circuits(hs_service_t *service)
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
hs_service_authorized_client_t * parse_authorized_client_key(const char *key_str, int severity)
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
void hs_service_map_has_changed(void)
hs_service_t * hs_service_find(const ed25519_public_key_t *identity_pk)
static void rotate_pow_seeds(hs_service_t *service, time_t now)
void hs_service_dump_stats(int severity)
static void set_rotation_time(hs_service_t *service)
static int consider_republishing_hs_descriptors
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
hs_service_t * hs_service_new(const or_options_t *options)
static int32_t get_intro_point_max_lifetime(void)
int hs_service_load_all_keys(void)
STATIC void run_housekeeping_event(time_t now)
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
static void cleanup_intro_points(hs_service_t *service, time_t now)
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
static bool is_client_auth_enabled(const hs_service_t *service)
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, int pow_defenses_enabled, uint32_t pow_queue_rate, uint32_t pow_queue_burst, smartlist_t *auth_clients_v3, char **address_out)
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
static void update_all_descriptors_pow_params(time_t now)
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Header file containing service data for the HS subsystem.
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
#define HS_SERVICE_POW_SEED_ROTATE_TIME_MIN
#define HS_SERVICE_DEFAULT_VERSION
@ HS_CIRCUIT_ID_PROTOCOL_NONE
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
#define hs_service_free(s)
void hs_stats_note_introduce2_cell(void)
Header file for hs_stats.c.
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Header file for loadkey.c.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
#define log_fn(severity, domain, args,...)
#define log_fn_ratelim(ratelim, severity, domain, args,...)
int have_completed_a_circuit(void)
void rescan_periodic_events(const or_options_t *options)
Header file for mainloop.c.
void tor_free_(void *mem)
#define MAP_DEL_CURRENT(keyvar)
#define DIGESTMAP_FOREACH_END
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
int usable_consensus_flavor(void)
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
Networkstatus consensus/vote structure.
Header file for nickname.c.
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Header file for node_select.c.
Node information structure.
bool node_supports_establish_intro_dos_extension(const node_t *node)
const node_t * node_get_by_id(const char *identity_digest)
const char * node_get_nickname(const node_t *node)
consensus_path_type_t router_have_consensus_path(void)
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
int router_have_minimum_dir_info(void)
bool node_supports_ed25519_hs_intro(const node_t *node)
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define INTRO_POINT_LIFETIME_MAX_SECONDS
#define INTRO_POINT_LIFETIME_MIN_SECONDS
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
#define REND_REPLAY_TIME_INTERVAL
The or_state_t structure, which represents Tor's state file.
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
int tor_snprintf(char *str, size_t size, const char *format,...)
char * rate_limit_log(ratelim_t *lim, time_t now)
replaycache_t * replaycache_new(time_t horizon, time_t interval)
#define replaycache_free(r)
Routerstatus (consensus entry) structure.
time_t sr_state_get_start_time_of_previous_protocol_run(void)
unsigned int sr_state_get_protocol_run_duration(void)
time_t sr_state_get_start_time_of_current_protocol_run(void)
Header file for shared_random_client.c.
int smartlist_contains_string(const smartlist_t *sl, const char *element)
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
uint8_t seckey[ED25519_SECKEY_LEN]
smartlist_t * intro_auth_types
hs_pow_desc_params_t * pow_params
unsigned int single_onion_service
smartlist_t * intro_points
unsigned int create2_ntor
struct hs_desc_intro_point_t::@22::@23 cert
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * enc_key_cert
tor_cert_t * auth_key_cert
struct hs_desc_intro_point_t::@22 legacy
smartlist_t * link_specifiers
uint64_t revision_counter
tor_cert_t * signing_key_cert
ed25519_public_key_t signing_pubkey
ed25519_public_key_t blinded_pubkey
curve25519_public_key_t auth_ephemeral_pubkey
hs_desc_encrypted_data_t encrypted_data
hs_desc_superencrypted_data_t superencrypted_data
hs_subcredential_t subcredential
hs_desc_plaintext_data_t plaintext_data
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
ed25519_public_key_t intro_auth_pk
ed25519_public_key_t identity_pk
ed25519_public_key_t blinded_pk
ed25519_public_key_t identity_pk
unsigned int is_only_legacy
smartlist_t * link_specifiers
uint8_t seed[HS_POW_SEED_LEN]
uint32_t suggested_effort
curve25519_public_key_t client_pk
smartlist_t * ob_master_pubkeys
hs_circuit_id_protocol_t circuit_id_protocol
uint64_t max_streams_per_rdv_circuit
unsigned int is_single_onion
unsigned int dir_group_readable
unsigned int max_streams_close_circuit
unsigned int is_ephemeral
unsigned int has_dos_defense_enabled
unsigned int num_intro_points
unsigned int allow_unknown_ports
unsigned int has_pow_defenses_enabled
curve25519_keypair_t auth_ephemeral_kp
smartlist_t * previous_hsdirs
unsigned int missing_intro_points
ed25519_keypair_t signing_kp
struct crypto_ope_t * ope_cipher
ed25519_keypair_t blinded_kp
uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN]
hs_service_intropoints_t intro_points
unsigned int support_intro2_dos_defense
ed25519_keypair_t auth_key_kp
replaycache_t * replay_cache
ed25519_public_key_t blinded_id
curve25519_public_key_t onion_key
curve25519_keypair_t enc_key_kp
uint8_t legacy_key_digest[DIGEST_LEN]
uint64_t introduce2_count
ed25519_secret_key_t identity_sk
ed25519_public_key_t identity_pk
time_t next_rotation_time
replaycache_t * replay_cache_rend_cookie
time_t intro_circ_retry_started_time
hs_pow_service_state_t * pow_state
unsigned int num_intro_circ_launched
hs_service_descriptor_t * desc_current
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
hs_service_config_t config
hs_service_descriptor_t * desc_next
uint8_t store_first[DIGEST256_LEN]
uint8_t store_second[DIGEST256_LEN]
char identity[DIGEST_LEN]
struct routerset_t * ExcludeNodes
int HiddenServiceSingleHopMode
struct hs_ident_circuit_t * hs_ident
#define MOCK_IMPL(rv, funcname, arglist)
void format_local_iso_time(char *buf, time_t t)
void token_bucket_ctr_init(token_bucket_ctr_t *bucket, uint32_t rate, uint32_t burst, uint32_t now_ts_sec)
void tor_gettimeofday(struct timeval *timeval)
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
tor_cert_t * tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
long tv_mdiff(const struct timeval *start, const struct timeval *end)
int strcmpend(const char *s1, const char *s2)
int fast_mem_is_zero(const char *mem, size_t len)
#define ED25519_PUBKEY_LEN
#define CURVE25519_PUBKEY_LEN