Tor  0.4.8.0-alpha-dev
hs_service.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_service.c
6  * \brief Implement next generation hidden service functionality
7  **/
8 
9 #define HS_SERVICE_PRIVATE
10 
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "app/config/statefile.h"
15 #include "core/mainloop/mainloop.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
20 #include "core/or/extendinfo.h"
21 #include "core/or/relay.h"
22 #include "feature/client/circpathbias.h"
26 #include "feature/keymgt/loadkey.h"
36 #include "lib/time/tvdiff.h"
37 
38 #include "feature/hs/hs_circuit.h"
39 #include "feature/hs/hs_common.h"
40 #include "feature/hs/hs_config.h"
41 #include "feature/hs/hs_control.h"
43 #include "feature/hs/hs_ident.h"
45 #include "feature/hs/hs_metrics.h"
47 #include "feature/hs/hs_service.h"
48 #include "feature/hs/hs_stats.h"
49 #include "feature/hs/hs_ob.h"
50 
53 #include "core/or/extend_info_st.h"
57 #include "app/config/or_state_st.h"
59 
60 #include "lib/encoding/confline.h"
62 
63 /* Trunnel */
64 #include "trunnel/ed25519_cert.h"
65 #include "trunnel/hs/cell_establish_intro.h"
66 
67 #ifdef HAVE_SYS_STAT_H
68 #include <sys/stat.h>
69 #endif
70 #ifdef HAVE_UNISTD_H
71 #include <unistd.h>
72 #endif
73 
74 #ifndef COCCI
75 /** Helper macro. Iterate over every service in the global map. The var is the
76  * name of the service pointer. */
77 #define FOR_EACH_SERVICE_BEGIN(var) \
78  STMT_BEGIN \
79  hs_service_t **var##_iter, *var; \
80  HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
81  var = *var##_iter;
82 #define FOR_EACH_SERVICE_END } STMT_END ;
83 
84 /** Helper macro. Iterate over both current and previous descriptor of a
85  * service. The var is the name of the descriptor pointer. This macro skips
86  * any descriptor object of the service that is NULL. */
87 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
88  STMT_BEGIN \
89  hs_service_descriptor_t *var; \
90  for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
91  ++var ## _loop_idx) { \
92  (var ## _loop_idx == 0) ? (var = service->desc_current) : \
93  (var = service->desc_next); \
94  if (var == NULL) continue;
95 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
96 #endif /* !defined(COCCI) */
97 
98 /* Onion service directory file names. */
99 static const char fname_keyfile_prefix[] = "hs_ed25519";
100 static const char dname_client_pubkeys[] = "authorized_clients";
101 static const char fname_hostname[] = "hostname";
102 static const char address_tld[] = "onion";
103 
104 /** Staging list of service object. When configuring service, we add them to
105  * this list considered a staging area and they will get added to our global
106  * map once the keys have been loaded. These two steps are separated because
107  * loading keys requires that we are an actual running tor process. */
109 
110 /** True if the list of available router descriptors might have changed which
111  * might result in an altered hash ring. Check if the hash ring changed and
112  * reupload if needed */
114 
115 /* Static declaration. */
116 static int load_client_keys(hs_service_t *service);
118  time_t now, bool is_current);
119 static int build_service_desc_superencrypted(const hs_service_t *service,
121 static void move_descriptors(hs_service_t *src, hs_service_t *dst);
122 static int service_encode_descriptor(const hs_service_t *service,
123  const hs_service_descriptor_t *desc,
124  const ed25519_keypair_t *signing_kp,
125  char **encoded_out);
126 
127 /** Helper: Function to compare two objects in the service map. Return 1 if the
128  * two service have the same master public identity key. */
129 static inline int
130 hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
131 {
132  tor_assert(first);
133  tor_assert(second);
134  /* Simple key compare. */
135  return ed25519_pubkey_eq(&first->keys.identity_pk,
136  &second->keys.identity_pk);
137 }
138 
139 /** Helper: Function for the service hash table code below. The key used is the
140  * master public identity key which is ultimately the onion address. */
141 static inline unsigned int
143 {
144  tor_assert(service);
145  return (unsigned int) siphash24g(service->keys.identity_pk.pubkey,
146  sizeof(service->keys.identity_pk.pubkey));
147 }
148 
149 /** This is _the_ global hash map of hidden services which indexes the services
150  * contained in it by master public identity key which is roughly the onion
151  * address of the service. */
152 static struct hs_service_ht *hs_service_map;
153 
154 /* Register the service hash table. */
155 HT_PROTOTYPE(hs_service_ht, /* Name of hashtable. */
156  hs_service_t, /* Object contained in the map. */
157  hs_service_node, /* The name of the HT_ENTRY member. */
158  hs_service_ht_hash, /* Hashing function. */
159  hs_service_ht_eq); /* Compare function for objects. */
160 
161 HT_GENERATE2(hs_service_ht, hs_service_t, hs_service_node,
163  0.6, tor_reallocarray, tor_free_);
164 
165 /** Return true iff the given service has client authorization configured that
166  * is the client list is non empty. */
167 static inline bool
169 {
170  return (service->config.clients != NULL &&
171  smartlist_len(service->config.clients) > 0);
172 }
173 
174 /** Query the given service map with a public key and return a service object
175  * if found else NULL. */
177 find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
178 {
179  hs_service_t dummy_service;
180  tor_assert(map);
181  tor_assert(pk);
182  memset(&dummy_service, 0, sizeof(dummy_service));
183  ed25519_pubkey_copy(&dummy_service.keys.identity_pk, pk);
184  return HT_FIND(hs_service_ht, map, &dummy_service);
185 }
186 
187 /** Register the given service in the given map. If the service already exists
188  * in the map, -1 is returned. On success, 0 is returned and the service
189  * ownership has been transferred to the global map. */
190 STATIC int
191 register_service(hs_service_ht *map, hs_service_t *service)
192 {
193  tor_assert(map);
194  tor_assert(service);
196 
197  if (find_service(map, &service->keys.identity_pk)) {
198  /* Existing service with the same key. Do not register it. */
199  return -1;
200  }
201  /* Taking ownership of the object at this point. */
202  HT_INSERT(hs_service_ht, map, service);
203 
204  /* If we just modified the global map, we notify. */
205  if (map == hs_service_map) {
207  }
208  /* Setup metrics. This is done here because in order to initialize metrics,
209  * we require tor to have fully initialized a service so the ports of the
210  * service can be looked at for instance. */
211  hs_metrics_service_init(service);
212 
213  return 0;
214 }
215 
216 /** Remove a given service from the given map. If service is NULL or the
217  * service key is unset, return gracefully. */
218 STATIC void
219 remove_service(hs_service_ht *map, hs_service_t *service)
220 {
221  hs_service_t *elm;
222 
223  tor_assert(map);
224 
225  /* Ignore if no service or key is zero. */
226  if (BUG(service == NULL) ||
227  BUG(ed25519_public_key_is_zero(&service->keys.identity_pk))) {
228  return;
229  }
230 
231  elm = HT_REMOVE(hs_service_ht, map, service);
232  if (elm) {
233  tor_assert(elm == service);
234  } else {
235  log_warn(LD_BUG, "Could not find service in the global map "
236  "while removing service %s",
237  escaped(service->config.directory_path));
238  }
239 
240  /* If we just modified the global map, we notify. */
241  if (map == hs_service_map) {
243  }
244 }
245 
246 /** Set the default values for a service configuration object <b>c</b>. */
247 static void
249  const or_options_t *options)
250 {
251  (void) options;
252  tor_assert(c);
253  c->ports = smartlist_new();
254  c->directory_path = NULL;
258  c->allow_unknown_ports = 0;
259  c->is_single_onion = 0;
260  c->dir_group_readable = 0;
261  c->is_ephemeral = 0;
262  c->has_dos_defense_enabled = HS_CONFIG_V3_DOS_DEFENSE_DEFAULT;
263  c->intro_dos_rate_per_sec = HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT;
264  c->intro_dos_burst_per_sec = HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT;
265 }
266 
267 /** From a service configuration object config, clear everything from it
268  * meaning free allocated pointers and reset the values. */
269 STATIC void
271 {
272  if (config == NULL) {
273  return;
274  }
275  tor_free(config->directory_path);
276  if (config->ports) {
278  hs_port_config_free(p););
279  smartlist_free(config->ports);
280  }
281  if (config->clients) {
283  service_authorized_client_free(p));
284  smartlist_free(config->clients);
285  }
286  if (config->ob_master_pubkeys) {
288  tor_free(k));
289  smartlist_free(config->ob_master_pubkeys);
290  }
291  memset(config, 0, sizeof(*config));
292 }
293 
294 /** Helper function to return a human readable description of the given intro
295  * point object.
296  *
297  * This function is not thread-safe. Each call to this invalidates the
298  * previous values returned by it. */
299 static const char *
301 {
302  /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
303  * byte hence the plus two. */
304  static char buf[HEX_DIGEST_LEN + 2];
305  const char *legacy_id = NULL;
306 
308  const link_specifier_t *, lspec) {
309  if (link_specifier_get_ls_type(lspec) == LS_LEGACY_ID) {
310  legacy_id = (const char *)
311  link_specifier_getconstarray_un_legacy_id(lspec);
312  break;
313  }
314  } SMARTLIST_FOREACH_END(lspec);
315 
316  /* For now, we only print the identity digest but we could improve this with
317  * much more information such as the ed25519 identity has well. */
318  buf[0] = '$';
319  if (legacy_id) {
320  base16_encode(buf + 1, HEX_DIGEST_LEN + 1, legacy_id, DIGEST_LEN);
321  }
322 
323  return buf;
324 }
325 
326 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
327  * rotate intro point (defined by a consensus parameter or the default
328  * value). */
329 static int32_t
331 {
332  /* The [0, 2147483647] range is quite large to accommodate anything we decide
333  * in the future. */
334  return networkstatus_get_param(NULL, "hs_intro_min_introduce2",
336  0, INT32_MAX);
337 }
338 
339 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
340  * rotate intro point (defined by a consensus parameter or the default
341  * value). */
342 static int32_t
344 {
345  /* The [0, 2147483647] range is quite large to accommodate anything we decide
346  * in the future. */
347  return networkstatus_get_param(NULL, "hs_intro_max_introduce2",
348  INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
349  0, INT32_MAX);
350 }
351 
352 /** Return the minimum lifetime in seconds of an introduction point defined by
353  * a consensus parameter or the default value. */
354 static int32_t
356 {
357 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
358  if (get_options()->TestingTorNetwork) {
359  return MIN_INTRO_POINT_LIFETIME_TESTING;
360  }
361 
362  /* The [0, 2147483647] range is quite large to accommodate anything we decide
363  * in the future. */
364  return networkstatus_get_param(NULL, "hs_intro_min_lifetime",
366  0, INT32_MAX);
367 }
368 
369 /** Return the maximum lifetime in seconds of an introduction point defined by
370  * a consensus parameter or the default value. */
371 static int32_t
373 {
374 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
375  if (get_options()->TestingTorNetwork) {
376  return MAX_INTRO_POINT_LIFETIME_TESTING;
377  }
378 
379  /* The [0, 2147483647] range is quite large to accommodate anything we decide
380  * in the future. */
381  return networkstatus_get_param(NULL, "hs_intro_max_lifetime",
383  0, INT32_MAX);
384 }
385 
386 /** Return the number of extra introduction point defined by a consensus
387  * parameter or the default value. */
388 static int32_t
390 {
391  /* The [0, 128] range bounds the number of extra introduction point allowed.
392  * Above 128 intro points, it's getting a bit crazy. */
393  return networkstatus_get_param(NULL, "hs_intro_num_extra",
394  NUM_INTRO_POINTS_EXTRA, 0, 128);
395 }
396 
397 /** Helper: Function that needs to return 1 for the HT for each loop which
398  * frees every service in an hash map. */
399 static int
400 ht_free_service_(struct hs_service_t *service, void *data)
401 {
402  (void) data;
403  hs_service_free(service);
404  /* This function MUST return 1 so the given object is then removed from the
405  * service map leading to this free of the object being safe. */
406  return 1;
407 }
408 
409 /** Free every service that can be found in the global map. Once done, clear
410  * and free the global map. */
411 static void
413 {
414  if (hs_service_map) {
415  /* The free helper function returns 1 so this is safe. */
416  hs_service_ht_HT_FOREACH_FN(hs_service_map, ht_free_service_, NULL);
417  HT_CLEAR(hs_service_ht, hs_service_map);
419  hs_service_map = NULL;
420  }
421 
423  /* Cleanup staging list. */
425  hs_service_free(s));
426  smartlist_free(hs_service_staging_list);
428  }
429 }
430 
431 /** Free a given service intro point object. */
432 STATIC void
434 {
435  if (!ip) {
436  return;
437  }
438  memwipe(&ip->auth_key_kp, 0, sizeof(ip->auth_key_kp));
439  memwipe(&ip->enc_key_kp, 0, sizeof(ip->enc_key_kp));
440  crypto_pk_free(ip->legacy_key);
443  tor_free(ip);
444 }
445 
446 /** Helper: free an hs_service_intro_point_t object. This function is used by
447  * digest256map_free() which requires a void * pointer. */
448 static void
450 {
452 }
453 
454 /** Return a newly allocated service intro point and fully initialized from the
455  * given node_t node, if non NULL.
456  *
457  * If node is NULL, returns a hs_service_intro_point_t with an empty link
458  * specifier list and no onion key. (This is used for testing.)
459  * On any other error, NULL is returned.
460  *
461  * node must be an node_t with an IPv4 address. */
464 {
466 
467  ip = tor_malloc_zero(sizeof(*ip));
468  /* We'll create the key material. No need for extra strong, those are short
469  * term keys. */
471 
472  { /* Set introduce2 max cells limit */
473  int32_t min_introduce2_cells = get_intro_point_min_introduce2();
474  int32_t max_introduce2_cells = get_intro_point_max_introduce2();
475  if (BUG(max_introduce2_cells < min_introduce2_cells)) {
476  goto err;
477  }
478  ip->introduce2_max = crypto_rand_int_range(min_introduce2_cells,
479  max_introduce2_cells);
480  }
481  { /* Set intro point lifetime */
482  int32_t intro_point_min_lifetime = get_intro_point_min_lifetime();
483  int32_t intro_point_max_lifetime = get_intro_point_max_lifetime();
484  if (BUG(intro_point_max_lifetime < intro_point_min_lifetime)) {
485  goto err;
486  }
487  ip->time_to_expire = approx_time() +
488  crypto_rand_int_range(intro_point_min_lifetime,intro_point_max_lifetime);
489  }
490 
491  ip->replay_cache = replaycache_new(0, 0);
492 
493  /* Initialize the base object. We don't need the certificate object. */
494  ip->base.link_specifiers = node_get_link_specifier_smartlist(node, 0);
495 
496  if (node == NULL) {
497  goto done;
498  }
499 
500  /* Generate the encryption key for this intro point. */
502  /* Figure out if this chosen node supports v3 or is legacy only.
503  * NULL nodes are used in the unit tests. */
504  if (!node_supports_ed25519_hs_intro(node)) {
505  ip->base.is_only_legacy = 1;
506  /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
507  ip->legacy_key = crypto_pk_new();
508  if (crypto_pk_generate_key(ip->legacy_key) < 0) {
509  goto err;
510  }
512  (char *) ip->legacy_key_digest) < 0) {
513  goto err;
514  }
515  }
516 
517  /* Flag if this intro point supports the INTRO2 dos defenses. */
520 
521  /* Finally, copy onion key from the node. */
522  memcpy(&ip->onion_key, node_get_curve25519_onion_key(node),
523  sizeof(ip->onion_key));
524 
525  done:
526  return ip;
527  err:
528  service_intro_point_free(ip);
529  return NULL;
530 }
531 
532 /** Add the given intro point object to the given intro point map. The intro
533  * point MUST have its RSA encryption key set if this is a legacy type or the
534  * authentication key set otherwise. */
535 STATIC void
537 {
538  hs_service_intro_point_t *old_ip_entry;
539 
540  tor_assert(map);
541  tor_assert(ip);
542 
543  old_ip_entry = digest256map_set(map, ip->auth_key_kp.pubkey.pubkey, ip);
544  /* Make sure we didn't just try to double-add an intro point */
545  tor_assert_nonfatal(!old_ip_entry);
546 }
547 
548 /** For a given service, remove the intro point from that service's descriptors
549  * (check both current and next descriptor) */
550 STATIC void
552  const hs_service_intro_point_t *ip)
553 {
554  tor_assert(service);
555  tor_assert(ip);
556 
557  /* Trying all descriptors. */
558  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
559  /* We'll try to remove the descriptor on both descriptors which is not
560  * very expensive to do instead of doing lookup + remove. */
561  digest256map_remove(desc->intro_points.map,
562  ip->auth_key_kp.pubkey.pubkey);
563  } FOR_EACH_DESCRIPTOR_END;
564 }
565 
566 /** For a given service and authentication key, return the intro point or NULL
567  * if not found. This will check both descriptors in the service. */
570  const ed25519_public_key_t *auth_key)
571 {
572  hs_service_intro_point_t *ip = NULL;
573 
574  tor_assert(service);
575  tor_assert(auth_key);
576 
577  /* Trying all descriptors to find the right intro point.
578  *
579  * Even if we use the same node as intro point in both descriptors, the node
580  * will have a different intro auth key for each descriptor since we generate
581  * a new one every time we pick an intro point.
582  *
583  * After #22893 gets implemented, intro points will be moved to be
584  * per-service instead of per-descriptor so this function will need to
585  * change.
586  */
587  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
588  if ((ip = digest256map_get(desc->intro_points.map,
589  auth_key->pubkey)) != NULL) {
590  break;
591  }
592  } FOR_EACH_DESCRIPTOR_END;
593 
594  return ip;
595 }
596 
597 /** For a given service and intro point, return the descriptor for which the
598  * intro point is assigned to. NULL is returned if not found. */
601  const hs_service_intro_point_t *ip)
602 {
603  hs_service_descriptor_t *descp = NULL;
604 
605  tor_assert(service);
606  tor_assert(ip);
607 
608  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
609  if (digest256map_get(desc->intro_points.map,
610  ip->auth_key_kp.pubkey.pubkey)) {
611  descp = desc;
612  break;
613  }
614  } FOR_EACH_DESCRIPTOR_END;
615 
616  return descp;
617 }
618 
619 /** From a circuit identifier, get all the possible objects associated with the
620  * ident. If not NULL, service, ip or desc are set if the object can be found.
621  * They are untouched if they can't be found.
622  *
623  * This is an helper function because we do those lookups often so it's more
624  * convenient to simply call this functions to get all the things at once. */
625 STATIC void
627  hs_service_t **service, hs_service_intro_point_t **ip,
629 {
630  hs_service_t *s;
631 
632  tor_assert(ident);
633 
634  /* Get service object from the circuit identifier. */
636  if (s && service) {
637  *service = s;
638  }
639 
640  /* From the service object, get the intro point object of that circuit. The
641  * following will query both descriptors intro points list. */
642  if (s && ip) {
643  *ip = service_intro_point_find(s, &ident->intro_auth_pk);
644  }
645 
646  /* Get the descriptor for this introduction point and service. */
647  if (s && ip && *ip && desc) {
648  *desc = service_desc_find_by_intro(s, *ip);
649  }
650 }
651 
652 /** From a given intro point, return the first link specifier of type
653  * encountered in the link specifier list. Return NULL if it can't be found.
654  *
655  * The caller does NOT have ownership of the object, the intro point does. */
656 static link_specifier_t *
658 {
659  link_specifier_t *lnk_spec = NULL;
660 
661  tor_assert(ip);
662 
664  link_specifier_t *, ls) {
665  if (link_specifier_get_ls_type(ls) == type) {
666  lnk_spec = ls;
667  goto end;
668  }
669  } SMARTLIST_FOREACH_END(ls);
670 
671  end:
672  return lnk_spec;
673 }
674 
675 /** Given a service intro point, return the node_t associated to it. This can
676  * return NULL if the given intro point has no legacy ID or if the node can't
677  * be found in the consensus. */
678 STATIC const node_t *
680 {
681  const link_specifier_t *ls;
682 
683  tor_assert(ip);
684 
685  ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
686  if (BUG(!ls)) {
687  return NULL;
688  }
689  /* XXX In the future, we want to only use the ed25519 ID (#22173). */
690  return node_get_by_id(
691  (const char *) link_specifier_getconstarray_un_legacy_id(ls));
692 }
693 
694 /** Given a service intro point, return the extend_info_t for it. This can
695  * return NULL if the node can't be found for the intro point or the extend
696  * info can't be created for the found node. If direct_conn is set, the extend
697  * info is validated on if we can connect directly. */
698 static extend_info_t *
700  unsigned int direct_conn)
701 {
702  extend_info_t *info = NULL;
703  const node_t *node;
704 
705  tor_assert(ip);
706 
707  node = get_node_from_intro_point(ip);
708  if (node == NULL) {
709  /* This can happen if the relay serving as intro point has been removed
710  * from the consensus. In that case, the intro point will be removed from
711  * the descriptor during the scheduled events. */
712  goto end;
713  }
714 
715  /* In the case of a direct connection (single onion service), it is possible
716  * our firewall policy won't allow it so this can return a NULL value. */
717  info = extend_info_from_node(node, direct_conn, false);
718 
719  end:
720  return info;
721 }
722 
723 /** Return the number of introduction points that are established for the
724  * given descriptor. */
725 MOCK_IMPL(STATIC unsigned int,
727 {
728  unsigned int count = 0;
729 
730  tor_assert(desc);
731 
732  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
733  const hs_service_intro_point_t *, ip) {
735  } DIGEST256MAP_FOREACH_END;
736 
737  return count;
738 }
739 
740 /** For a given service and descriptor of that service, close all active
741  * directory connections. */
742 static void
744  const hs_service_descriptor_t *desc)
745 {
746  unsigned int count = 0;
747  smartlist_t *dir_conns;
748 
749  tor_assert(service);
750  tor_assert(desc);
751 
752  /* Close pending HS desc upload connections for the blinded key of 'desc'. */
753  dir_conns = connection_list_by_type_purpose(CONN_TYPE_DIR,
755  SMARTLIST_FOREACH_BEGIN(dir_conns, connection_t *, conn) {
756  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
757  if (ed25519_pubkey_eq(&dir_conn->hs_ident->identity_pk,
758  &service->keys.identity_pk) &&
759  ed25519_pubkey_eq(&dir_conn->hs_ident->blinded_pk,
760  &desc->blinded_kp.pubkey)) {
761  connection_mark_for_close(conn);
762  count++;
763  continue;
764  }
765  } SMARTLIST_FOREACH_END(conn);
766 
767  log_info(LD_REND, "Closed %u active service directory connections for "
768  "descriptor %s of service %s",
769  count, safe_str_client(ed25519_fmt(&desc->blinded_kp.pubkey)),
770  safe_str_client(service->onion_address));
771  /* We don't have ownership of the objects in this list. */
772  smartlist_free(dir_conns);
773 }
774 
775 /** Close all rendezvous circuits for the given service. */
776 static void
778 {
779  origin_circuit_t *ocirc = NULL;
780 
781  tor_assert(service);
782 
783  /* The reason we go over all circuit instead of using the circuitmap API is
784  * because most hidden service circuits are rendezvous circuits so there is
785  * no real improvement at getting all rendezvous circuits from the
786  * circuitmap and then going over them all to find the right ones.
787  * Furthermore, another option would have been to keep a list of RP cookies
788  * for a service but it creates an engineering complexity since we don't
789  * have a "RP circuit closed" event to clean it up properly so we avoid a
790  * memory DoS possibility. */
791 
792  while ((ocirc = circuit_get_next_service_rp_circ(ocirc))) {
793  /* Only close circuits that are v3 and for this service. */
794  if (ocirc->hs_ident != NULL &&
796  &service->keys.identity_pk)) {
797  /* Reason is FINISHED because service has been removed and thus the
798  * circuit is considered old/unneeded. When freed, it is removed from the
799  * hs circuitmap. */
800  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
801  }
802  }
803 }
804 
805 /** Close the circuit(s) for the given map of introduction points. */
806 static void
808 {
809  tor_assert(intro_points);
810 
811  DIGEST256MAP_FOREACH(intro_points->map, key,
812  const hs_service_intro_point_t *, ip) {
814  if (ocirc) {
815  /* Reason is FINISHED because service has been removed and thus the
816  * circuit is considered old/unneeded. When freed, the circuit is removed
817  * from the HS circuitmap. */
818  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
819  }
820  } DIGEST256MAP_FOREACH_END;
821 }
822 
823 /** Close all introduction circuits for the given service. */
824 static void
826 {
827  tor_assert(service);
828 
829  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
830  close_intro_circuits(&desc->intro_points);
831  } FOR_EACH_DESCRIPTOR_END;
832 }
833 
834 /** Close any circuits related to the given service. */
835 static void
837 {
838  tor_assert(service);
839 
840  /* Only support for version >= 3. */
841  if (BUG(service->config.version < HS_VERSION_THREE)) {
842  return;
843  }
844  /* Close intro points. */
846  /* Close rendezvous points. */
847  close_service_rp_circuits(service);
848 }
849 
850 /** Move every ephemeral services from the src service map to the dst service
851  * map. It is possible that a service can't be register to the dst map which
852  * won't stop the process of moving them all but will trigger a log warn. */
853 static void
854 move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
855 {
856  hs_service_t **iter, **next;
857 
858  tor_assert(src);
859  tor_assert(dst);
860 
861  /* Iterate over the map to find ephemeral service and move them to the other
862  * map. We loop using this method to have a safe removal process. */
863  for (iter = HT_START(hs_service_ht, src); iter != NULL; iter = next) {
864  hs_service_t *s = *iter;
865  if (!s->config.is_ephemeral) {
866  /* Yeah, we are in a very manual loop :). */
867  next = HT_NEXT(hs_service_ht, src, iter);
868  continue;
869  }
870  /* Remove service from map and then register to it to the other map.
871  * Reminder that "*iter" and "s" are the same thing. */
872  next = HT_NEXT_RMV(hs_service_ht, src, iter);
873  if (register_service(dst, s) < 0) {
874  log_warn(LD_BUG, "Ephemeral service key is already being used. "
875  "Skipping.");
876  }
877  }
878 }
879 
880 /** Return a const string of the directory path escaped. If this is an
881  * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
882  * the main thread because escaped() uses a static variable. */
883 static const char *
885 {
886  return (s->config.is_ephemeral) ? "[EPHEMERAL]" :
888 }
889 
890 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
891  * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
892 static void
893 move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
894 {
895  tor_assert(src_service);
896  tor_assert(dst_service);
897 
898  hs_service_state_t *src = &src_service->state;
899  hs_service_state_t *dst = &dst_service->state;
900 
901  /* Let's do a shallow copy */
904  /* Freeing a NULL replaycache triggers an info LD_BUG. */
905  if (dst->replay_cache_rend_cookie != NULL) {
907  }
908 
910  src->replay_cache_rend_cookie = NULL; /* steal pointer reference */
911 
913 
914  if (src->ob_subcreds) {
915  dst->ob_subcreds = src->ob_subcreds;
916  dst->n_ob_subcreds = src->n_ob_subcreds;
917 
918  src->ob_subcreds = NULL; /* steal pointer reference */
919  }
920 }
921 
922 /** Register services that are in the staging list. Once this function returns,
923  * the global service map will be set with the right content and all non
924  * surviving services will be cleaned up. */
925 static void
927 {
928  struct hs_service_ht *new_service_map;
929 
931 
932  /* Allocate a new map that will replace the current one. */
933  new_service_map = tor_malloc_zero(sizeof(*new_service_map));
934  HT_INIT(hs_service_ht, new_service_map);
935 
936  /* First step is to transfer all ephemeral services from the current global
937  * map to the new one we are constructing. We do not prune ephemeral
938  * services as the only way to kill them is by deleting it from the control
939  * port or stopping the tor daemon. */
940  move_ephemeral_services(hs_service_map, new_service_map);
941 
943  hs_service_t *s;
944 
945  /* Check if that service is already in our global map and if so, we'll
946  * transfer the intro points to it. */
947  s = find_service(hs_service_map, &snew->keys.identity_pk);
948  if (s) {
949  /* Pass ownership of the descriptors from s (the current service) to
950  * snew (the newly configured one). */
951  move_descriptors(s, snew);
952  move_hs_state(s, snew);
953  /* Remove the service from the global map because after this, we need to
954  * go over the remaining service in that map that aren't surviving the
955  * reload to close their circuits. */
957  hs_service_free(s);
958  }
959  /* Great, this service is now ready to be added to our new map. */
960  if (BUG(register_service(new_service_map, snew) < 0)) {
961  /* This should never happen because prior to registration, we validate
962  * every service against the entire set. Not being able to register a
963  * service means we failed to validate correctly. In that case, don't
964  * break tor and ignore the service but tell user. */
965  log_warn(LD_BUG, "Unable to register service with directory %s",
966  service_escaped_dir(snew));
968  hs_service_free(snew);
969  }
970  } SMARTLIST_FOREACH_END(snew);
971 
972  /* Close any circuits associated with the non surviving services. Every
973  * service in the current global map are roaming. */
974  FOR_EACH_SERVICE_BEGIN(service) {
975  close_service_circuits(service);
976  } FOR_EACH_SERVICE_END;
977 
978  /* Time to make the switch. We'll clear the staging list because its content
979  * has now changed ownership to the map. */
982  hs_service_map = new_service_map;
983  /* We've just register services into the new map and now we've replaced the
984  * global map with it so we have to notify that the change happened. When
985  * registering a service, the notify is only triggered if the destination
986  * map is the global map for which in here it was not. */
988 }
989 
990 /** Write the onion address of a given service to the given filename fname_ in
991  * the service directory. Return 0 on success else -1 on error. */
992 STATIC int
993 write_address_to_file(const hs_service_t *service, const char *fname_)
994 {
995  int ret = -1;
996  char *fname = NULL;
997  char *addr_buf = NULL;
998 
999  tor_assert(service);
1000  tor_assert(fname_);
1001 
1002  /* Construct the full address with the onion tld and write the hostname file
1003  * to disk. */
1004  tor_asprintf(&addr_buf, "%s.%s\n", service->onion_address, address_tld);
1005  /* Notice here that we use the given "fname_". */
1006  fname = hs_path_from_filename(service->config.directory_path, fname_);
1007  if (write_str_to_file_if_not_equal(fname, addr_buf)) {
1008  log_warn(LD_REND, "Could not write onion address to hostname file %s",
1009  escaped(fname));
1010  goto end;
1011  }
1012 
1013 #ifndef _WIN32
1014  if (service->config.dir_group_readable) {
1015  /* Mode to 0640. */
1016  if (chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP) < 0) {
1017  log_warn(LD_FS, "Unable to make onion service hostname file %s "
1018  "group-readable.", escaped(fname));
1019  }
1020  }
1021 #endif /* !defined(_WIN32) */
1022 
1023  /* Success. */
1024  ret = 0;
1025  end:
1026  tor_free(fname);
1027  tor_free(addr_buf);
1028  return ret;
1029 }
1030 
1031 /** Load and/or generate private keys for the given service. On success, the
1032  * hostname file will be written to disk along with the master private key iff
1033  * the service is not configured for offline keys. Return 0 on success else -1
1034  * on failure. */
1035 static int
1037 {
1038  int ret = -1;
1039  char *fname = NULL;
1040  ed25519_keypair_t *kp;
1041  const hs_service_config_t *config;
1042 
1043  tor_assert(service);
1044 
1045  config = &service->config;
1046 
1047  /* Create and fix permission on service directory. We are about to write
1048  * files to that directory so make sure it exists and has the right
1049  * permissions. We do this here because at this stage we know that Tor is
1050  * actually running and the service we have has been validated. */
1052  config->directory_path,
1053  config->dir_group_readable, 1) < 0) {
1054  goto end;
1055  }
1056 
1057  /* Try to load the keys from file or generate it if not found. */
1058  fname = hs_path_from_filename(config->directory_path, fname_keyfile_prefix);
1059  /* Don't ask for key creation, we want to know if we were able to load it or
1060  * we had to generate it. Better logging! */
1061  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT, LOG_INFO, NULL, 0, 0,
1062  0, NULL, NULL);
1063  if (!kp) {
1064  log_info(LD_REND, "Unable to load keys from %s. Generating it...", fname);
1065  /* We'll now try to generate the keys and for it we want the strongest
1066  * randomness for it. The keypair will be written in different files. */
1067  uint32_t key_flags = INIT_ED_KEY_CREATE | INIT_ED_KEY_EXTRA_STRONG |
1068  INIT_ED_KEY_SPLIT;
1069  kp = ed_key_init_from_file(fname, key_flags, LOG_WARN, NULL, 0, 0, 0,
1070  NULL, NULL);
1071  if (!kp) {
1072  log_warn(LD_REND, "Unable to generate keys and save in %s.", fname);
1073  goto end;
1074  }
1075  }
1076 
1077  /* Copy loaded or generated keys to service object. */
1078  ed25519_pubkey_copy(&service->keys.identity_pk, &kp->pubkey);
1079  memcpy(&service->keys.identity_sk, &kp->seckey,
1080  sizeof(service->keys.identity_sk));
1081  /* This does a proper memory wipe. */
1082  ed25519_keypair_free(kp);
1083 
1084  /* Build onion address from the newly loaded keys. */
1085  tor_assert(service->config.version <= UINT8_MAX);
1086  hs_build_address(&service->keys.identity_pk,
1087  (uint8_t) service->config.version,
1088  service->onion_address);
1089 
1090  /* Write onion address to hostname file. */
1091  if (write_address_to_file(service, fname_hostname) < 0) {
1092  goto end;
1093  }
1094 
1095  /* Load all client authorization keys in the service. */
1096  if (load_client_keys(service) < 0) {
1097  goto end;
1098  }
1099 
1100  /* Success. */
1101  ret = 0;
1102  end:
1103  tor_free(fname);
1104  return ret;
1105 }
1106 
1107 /** Check if the client file name is valid or not. Return 1 if valid,
1108  * otherwise return 0. */
1109 STATIC int
1110 client_filename_is_valid(const char *filename)
1111 {
1112  int ret = 1;
1113  const char *valid_extension = ".auth";
1114 
1115  tor_assert(filename);
1116 
1117  /* The file extension must match and the total filename length can't be the
1118  * length of the extension else we do not have a filename. */
1119  if (!strcmpend(filename, valid_extension) &&
1120  strlen(filename) != strlen(valid_extension)) {
1121  ret = 1;
1122  } else {
1123  ret = 0;
1124  }
1125 
1126  return ret;
1127 }
1128 
1129 /** Parse an base32-encoded authorized client from a string.
1130  *
1131  * Return the key on success, return NULL, otherwise. */
1133 parse_authorized_client_key(const char *key_str, int severity)
1134 {
1135  hs_service_authorized_client_t *client = NULL;
1136 
1137  /* We expect a specific length of the base64 encoded key so make sure we
1138  * have that so we don't successfully decode a value with a different length
1139  * and end up in trouble when copying the decoded key into a fixed length
1140  * buffer. */
1141  if (strlen(key_str) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) {
1142  log_fn(severity, LD_REND, "Client authorization encoded base32 public key "
1143  "length is invalid: %s", key_str);
1144  goto err;
1145  }
1146 
1147  client = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1148  if (base32_decode((char *) client->client_pk.public_key,
1149  sizeof(client->client_pk.public_key),
1150  key_str, strlen(key_str)) !=
1151  sizeof(client->client_pk.public_key)) {
1152  log_fn(severity, LD_REND, "Client authorization public key cannot be "
1153  "decoded: %s", key_str);
1154  goto err;
1155  }
1156 
1157  return client;
1158 
1159  err:
1160  if (client != NULL) {
1161  service_authorized_client_free(client);
1162  }
1163  return NULL;
1164 }
1165 
1166 /** Parse an authorized client from a string. The format of a client string
1167  * looks like (see rend-spec-v3.txt):
1168  *
1169  * <auth-type>:<key-type>:<base32-encoded-public-key>
1170  *
1171  * The <auth-type> can only be "descriptor".
1172  * The <key-type> can only be "x25519".
1173  *
1174  * Return the key on success, return NULL, otherwise. */
1176 parse_authorized_client(const char *client_key_str)
1177 {
1178  char *auth_type = NULL;
1179  char *key_type = NULL;
1180  char *pubkey_b32 = NULL;
1181  hs_service_authorized_client_t *client = NULL;
1182  smartlist_t *fields = smartlist_new();
1183 
1184  tor_assert(client_key_str);
1185 
1186  smartlist_split_string(fields, client_key_str, ":",
1187  SPLIT_SKIP_SPACE, 0);
1188  /* Wrong number of fields. */
1189  if (smartlist_len(fields) != 3) {
1190  log_warn(LD_REND, "Unknown format of client authorization file.");
1191  goto err;
1192  }
1193 
1194  auth_type = smartlist_get(fields, 0);
1195  key_type = smartlist_get(fields, 1);
1196  pubkey_b32 = smartlist_get(fields, 2);
1197 
1198  /* Currently, the only supported auth type is "descriptor". */
1199  if (strcmp(auth_type, "descriptor")) {
1200  log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
1201  auth_type);
1202  goto err;
1203  }
1204 
1205  /* Currently, the only supported key type is "x25519". */
1206  if (strcmp(key_type, "x25519")) {
1207  log_warn(LD_REND, "Client authorization key type '%s' not supported.",
1208  key_type);
1209  goto err;
1210  }
1211 
1212  if ((client = parse_authorized_client_key(pubkey_b32, LOG_WARN)) == NULL) {
1213  goto err;
1214  }
1215 
1216  /* Success. */
1217  goto done;
1218 
1219  err:
1220  service_authorized_client_free(client);
1221  done:
1222  /* It is also a good idea to wipe the public key. */
1223  if (pubkey_b32) {
1224  memwipe(pubkey_b32, 0, strlen(pubkey_b32));
1225  }
1226  tor_assert(fields);
1227  SMARTLIST_FOREACH(fields, char *, s, tor_free(s));
1228  smartlist_free(fields);
1229  return client;
1230 }
1231 
1232 /** Load all the client public keys for the given service. Return 0 on
1233  * success else -1 on failure. */
1234 static int
1236 {
1237  int ret = -1;
1238  char *client_key_str = NULL;
1239  char *client_key_file_path = NULL;
1240  char *client_keys_dir_path = NULL;
1241  hs_service_config_t *config;
1242  smartlist_t *file_list = NULL;
1243 
1244  tor_assert(service);
1245 
1246  config = &service->config;
1247 
1248  /* Before calling this function, we already call load_service_keys to make
1249  * sure that the directory exists with the right permission. So, if we
1250  * cannot create a client pubkey key directory, we consider it as a bug. */
1251  client_keys_dir_path = hs_path_from_filename(config->directory_path,
1252  dname_client_pubkeys);
1253  if (BUG(hs_check_service_private_dir(get_options()->User,
1254  client_keys_dir_path,
1255  config->dir_group_readable, 1) < 0)) {
1256  goto end;
1257  }
1258 
1259  /* If the list of clients already exists, we must clear it first. */
1260  if (config->clients) {
1262  service_authorized_client_free(p));
1263  smartlist_free(config->clients);
1264  }
1265 
1266  config->clients = smartlist_new();
1267 
1268  file_list = tor_listdir(client_keys_dir_path);
1269  if (file_list == NULL) {
1270  log_warn(LD_REND, "Client authorization directory %s can't be listed.",
1271  client_keys_dir_path);
1272  goto end;
1273  }
1274 
1275  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
1276  hs_service_authorized_client_t *client = NULL;
1277  log_info(LD_REND, "Loading a client authorization key file %s...",
1278  filename);
1279 
1280  if (!client_filename_is_valid(filename)) {
1281  log_warn(LD_REND, "Client authorization unrecognized filename %s. "
1282  "File must end in .auth. Ignoring.", filename);
1283  continue;
1284  }
1285 
1286  /* Create a full path for a file. */
1287  client_key_file_path = hs_path_from_filename(client_keys_dir_path,
1288  filename);
1289  client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1290 
1291  /* If we cannot read the file, continue with the next file. */
1292  if (!client_key_str) {
1293  log_warn(LD_REND, "Client authorization file %s can't be read. "
1294  "Corrupted or verify permission? Ignoring.",
1295  client_key_file_path);
1296  tor_free(client_key_file_path);
1297  continue;
1298  }
1299  tor_free(client_key_file_path);
1300 
1301  client = parse_authorized_client(client_key_str);
1302  /* Wipe and free immediately after using it. */
1303  memwipe(client_key_str, 0, strlen(client_key_str));
1304  tor_free(client_key_str);
1305 
1306  if (client) {
1307  smartlist_add(config->clients, client);
1308  log_info(LD_REND, "Loaded a client authorization key file %s.",
1309  filename);
1310  }
1311 
1312  } SMARTLIST_FOREACH_END(filename);
1313 
1314  /* Success. */
1315  ret = 0;
1316  end:
1317  if (client_key_str) {
1318  memwipe(client_key_str, 0, strlen(client_key_str));
1319  }
1320  if (file_list) {
1321  SMARTLIST_FOREACH(file_list, char *, s, tor_free(s));
1322  smartlist_free(file_list);
1323  }
1324  tor_free(client_key_str);
1325  tor_free(client_key_file_path);
1326  tor_free(client_keys_dir_path);
1327  return ret;
1328 }
1329 
1330 /** Release all storage held in <b>client</b>. */
1331 void
1333 {
1334  if (!client) {
1335  return;
1336  }
1337  memwipe(&client->client_pk, 0, sizeof(client->client_pk));
1338  tor_free(client);
1339 }
1340 
1341 /** Free a given service descriptor object and all key material is wiped. */
1342 STATIC void
1344 {
1345  if (!desc) {
1346  return;
1347  }
1348  hs_descriptor_free(desc->desc);
1349  memwipe(&desc->signing_kp, 0, sizeof(desc->signing_kp));
1350  memwipe(&desc->blinded_kp, 0, sizeof(desc->blinded_kp));
1351  /* Cleanup all intro points. */
1352  digest256map_free(desc->intro_points.map, service_intro_point_free_void);
1353  digestmap_free(desc->intro_points.failed_id, tor_free_);
1354  if (desc->previous_hsdirs) {
1355  SMARTLIST_FOREACH(desc->previous_hsdirs, char *, s, tor_free(s));
1356  smartlist_free(desc->previous_hsdirs);
1357  }
1358  crypto_ope_free(desc->ope_cipher);
1359  tor_free(desc);
1360 }
1361 
1362 /** Return a newly allocated service descriptor object. */
1365 {
1366  hs_service_descriptor_t *sdesc = tor_malloc_zero(sizeof(*sdesc));
1367  sdesc->desc = tor_malloc_zero(sizeof(hs_descriptor_t));
1368  /* Initialize the intro points map. */
1369  sdesc->intro_points.map = digest256map_new();
1370  sdesc->intro_points.failed_id = digestmap_new();
1371  sdesc->previous_hsdirs = smartlist_new();
1372  return sdesc;
1373 }
1374 
1375 /** Allocate and return a deep copy of client. */
1378 {
1379  hs_service_authorized_client_t *client_dup = NULL;
1380 
1381  tor_assert(client);
1382 
1383  client_dup = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
1384  /* Currently, the public key is the only component of
1385  * hs_service_authorized_client_t. */
1386  memcpy(client_dup->client_pk.public_key,
1387  client->client_pk.public_key,
1389 
1390  return client_dup;
1391 }
1392 
1393 /** If two authorized clients are equal, return 0. If the first one should come
1394  * before the second, return less than zero. If the first should come after
1395  * the second, return greater than zero. */
1396 static int
1398  const hs_service_authorized_client_t *client2)
1399 {
1400  tor_assert(client1);
1401  tor_assert(client2);
1402 
1403  /* Currently, the public key is the only component of
1404  * hs_service_authorized_client_t. */
1405  return tor_memcmp(client1->client_pk.public_key,
1406  client2->client_pk.public_key,
1408 }
1409 
1410 /** Helper for sorting authorized clients. */
1411 static int
1412 compare_service_authorzized_client_(const void **_a, const void **_b)
1413 {
1414  const hs_service_authorized_client_t *a = *_a, *b = *_b;
1415  return service_authorized_client_cmp(a, b);
1416 }
1417 
1418 /** If the list of hs_service_authorized_client_t's is different between
1419  * src and dst, return 1. Otherwise, return 0. */
1420 STATIC int
1422  const hs_service_config_t *config2)
1423 {
1424  int ret = 0;
1425  int i;
1426  smartlist_t *sl1 = smartlist_new();
1427  smartlist_t *sl2 = smartlist_new();
1428 
1429  tor_assert(config1);
1430  tor_assert(config2);
1431  tor_assert(config1->clients);
1432  tor_assert(config2->clients);
1433 
1434  /* If the number of clients is different, it is obvious that the list
1435  * changes. */
1436  if (smartlist_len(config1->clients) != smartlist_len(config2->clients)) {
1437  goto done;
1438  }
1439 
1440  /* We do not want to mutate config1 and config2, so we will duplicate both
1441  * entire client lists here. */
1442  SMARTLIST_FOREACH(config1->clients,
1445 
1446  SMARTLIST_FOREACH(config2->clients,
1449 
1452 
1453  for (i = 0; i < smartlist_len(sl1); i++) {
1454  /* If the clients at index i in both lists differ, the whole configs
1455  * differ. */
1456  if (service_authorized_client_cmp(smartlist_get(sl1, i),
1457  smartlist_get(sl2, i))) {
1458  goto done;
1459  }
1460  }
1461 
1462  /* Success. */
1463  ret = 1;
1464 
1465  done:
1466  if (sl1) {
1468  service_authorized_client_free(p));
1469  smartlist_free(sl1);
1470  }
1471  if (sl2) {
1473  service_authorized_client_free(p));
1474  smartlist_free(sl2);
1475  }
1476  return ret;
1477 }
1478 
1479 /** Move descriptor(s) from the src service to the dst service and modify their
1480  * content if necessary. We do this during SIGHUP when we re-create our
1481  * hidden services. */
1482 static void
1484 {
1485  tor_assert(src);
1486  tor_assert(dst);
1487 
1488  if (src->desc_current) {
1489  /* Nothing should be there, but clean it up just in case */
1490  if (BUG(dst->desc_current)) {
1491  service_descriptor_free(dst->desc_current);
1492  }
1493  dst->desc_current = src->desc_current;
1494  src->desc_current = NULL;
1495  }
1496 
1497  if (src->desc_next) {
1498  /* Nothing should be there, but clean it up just in case */
1499  if (BUG(dst->desc_next)) {
1500  service_descriptor_free(dst->desc_next);
1501  }
1502  dst->desc_next = src->desc_next;
1503  src->desc_next = NULL;
1504  }
1505 
1506  /* If the client authorization changes, we must rebuild the superencrypted
1507  * section and republish the descriptors. */
1508  int client_auth_changed =
1510  if (client_auth_changed && dst->desc_current) {
1511  /* We have to clear the superencrypted content first. */
1514  if (build_service_desc_superencrypted(dst, dst->desc_current) < 0) {
1515  goto err;
1516  }
1517  service_desc_schedule_upload(dst->desc_current, time(NULL), 1);
1518  }
1519  if (client_auth_changed && dst->desc_next) {
1520  /* We have to clear the superencrypted content first. */
1523  if (build_service_desc_superencrypted(dst, dst->desc_next) < 0) {
1524  goto err;
1525  }
1526  service_desc_schedule_upload(dst->desc_next, time(NULL), 1);
1527  }
1528 
1529  return;
1530 
1531  err:
1532  /* If there is an error, free all descriptors to make it clean and generate
1533  * them later. */
1534  service_descriptor_free(dst->desc_current);
1535  service_descriptor_free(dst->desc_next);
1536 }
1537 
1538 /** From the given service, remove all expired failing intro points for each
1539  * descriptor. */
1540 static void
1542 {
1543  tor_assert(service);
1544 
1545  /* For both descriptors, cleanup the failing intro points list. */
1546  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
1547  DIGESTMAP_FOREACH_MODIFY(desc->intro_points.failed_id, key, time_t *, t) {
1548  time_t failure_time = *t;
1549  if ((failure_time + INTRO_CIRC_RETRY_PERIOD) <= now) {
1550  MAP_DEL_CURRENT(key);
1551  tor_free(t);
1552  }
1554  } FOR_EACH_DESCRIPTOR_END;
1555 }
1556 
1557 /** For the given descriptor desc, put all node_t object found from its failing
1558  * intro point list and put them in the given node_list. */
1559 static void
1561  smartlist_t *node_list)
1562 {
1563  tor_assert(desc);
1564  tor_assert(node_list);
1565 
1566  DIGESTMAP_FOREACH(desc->intro_points.failed_id, key, time_t *, t) {
1567  (void) t; /* Make gcc happy. */
1568  const node_t *node = node_get_by_id(key);
1569  if (node) {
1570  smartlist_add(node_list, (void *) node);
1571  }
1573 }
1574 
1575 /** For the given failing intro point ip, we add its time of failure to the
1576  * failed map and index it by identity digest (legacy ID) in the descriptor
1577  * desc failed id map. */
1578 static void
1580  hs_service_descriptor_t *desc, time_t now)
1581 {
1582  time_t *time_of_failure, *prev_ptr;
1583  const link_specifier_t *legacy_ls;
1584 
1585  tor_assert(ip);
1586  tor_assert(desc);
1587 
1588  time_of_failure = tor_malloc_zero(sizeof(time_t));
1589  *time_of_failure = now;
1590  legacy_ls = get_link_spec_by_type(ip, LS_LEGACY_ID);
1591  tor_assert(legacy_ls);
1592  prev_ptr = digestmap_set(
1593  desc->intro_points.failed_id,
1594  (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls),
1595  time_of_failure);
1596  tor_free(prev_ptr);
1597 }
1598 
1599 /** Using a given descriptor signing keypair signing_kp, a service intro point
1600  * object ip and the time now, setup the content of an already allocated
1601  * descriptor intro desc_ip.
1602  *
1603  * Return 0 on success else a negative value. */
1604 static int
1606  const hs_service_intro_point_t *ip,
1607  time_t now, hs_desc_intro_point_t *desc_ip)
1608 {
1609  int ret = -1;
1610  time_t nearest_hour = now - (now % 3600);
1611 
1612  tor_assert(signing_kp);
1613  tor_assert(ip);
1614  tor_assert(desc_ip);
1615 
1616  /* Copy the onion key. */
1617  memcpy(&desc_ip->onion_key, &ip->onion_key, sizeof(desc_ip->onion_key));
1618 
1619  /* Key and certificate material. */
1620  desc_ip->auth_key_cert = tor_cert_create_ed25519(signing_kp,
1621  CERT_TYPE_AUTH_HS_IP_KEY,
1622  &ip->auth_key_kp.pubkey,
1623  nearest_hour,
1625  CERT_FLAG_INCLUDE_SIGNING_KEY);
1626  if (desc_ip->auth_key_cert == NULL) {
1627  log_warn(LD_REND, "Unable to create intro point auth-key certificate");
1628  goto done;
1629  }
1630 
1631  /* Copy link specifier(s). */
1633  const link_specifier_t *, ls) {
1634  if (BUG(!ls)) {
1635  goto done;
1636  }
1637  link_specifier_t *copy = link_specifier_dup(ls);
1638  if (BUG(!copy)) {
1639  goto done;
1640  }
1641  smartlist_add(desc_ip->link_specifiers, copy);
1642  } SMARTLIST_FOREACH_END(ls);
1643 
1644  /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1645  if (ip->base.is_only_legacy) {
1646  desc_ip->legacy.key = crypto_pk_dup_key(ip->legacy_key);
1647  /* Create cross certification cert. */
1648  ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
1649  &signing_kp->pubkey,
1650  desc_ip->legacy.key,
1651  nearest_hour + HS_DESC_CERT_LIFETIME,
1652  &desc_ip->legacy.cert.encoded);
1653  if (cert_len < 0) {
1654  log_warn(LD_REND, "Unable to create enc key legacy cross cert.");
1655  goto done;
1656  }
1657  desc_ip->legacy.cert.len = cert_len;
1658  }
1659 
1660  /* Encryption key and its cross certificate. */
1661  {
1662  ed25519_public_key_t ed25519_pubkey;
1663 
1664  /* Use the public curve25519 key. */
1665  memcpy(&desc_ip->enc_key, &ip->enc_key_kp.pubkey,
1666  sizeof(desc_ip->enc_key));
1667  /* The following can't fail. */
1669  &ip->enc_key_kp.pubkey,
1670  0);
1671  desc_ip->enc_key_cert = tor_cert_create_ed25519(signing_kp,
1672  CERT_TYPE_CROSS_HS_IP_KEYS,
1673  &ed25519_pubkey, nearest_hour,
1675  CERT_FLAG_INCLUDE_SIGNING_KEY);
1676  if (desc_ip->enc_key_cert == NULL) {
1677  log_warn(LD_REND, "Unable to create enc key curve25519 cross cert.");
1678  goto done;
1679  }
1680  }
1681  /* Success. */
1682  ret = 0;
1683 
1684  done:
1685  return ret;
1686 }
1687 
1688 /** Using the given descriptor from the given service, build the descriptor
1689  * intro point list so we can then encode the descriptor for publication. This
1690  * function does not pick intro points, they have to be in the descriptor
1691  * current map. Cryptographic material (keys) must be initialized in the
1692  * descriptor for this function to make sense. */
1693 static void
1695  hs_service_descriptor_t *desc, time_t now)
1696 {
1697  hs_desc_encrypted_data_t *encrypted;
1698 
1699  tor_assert(service);
1700  tor_assert(desc);
1701 
1702  /* Ease our life. */
1703  encrypted = &desc->desc->encrypted_data;
1704  /* Cleanup intro points, we are about to set them from scratch. */
1706 
1707  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
1708  const hs_service_intro_point_t *, ip) {
1710  /* Ignore un-established intro points. They can linger in that list
1711  * because their circuit has not opened and they haven't been removed
1712  * yet even though we have enough intro circuits.
1713  *
1714  * Due to #31561, it can stay in that list until rotation so this check
1715  * prevents to publish an intro point without a circuit. */
1716  continue;
1717  }
1719  if (setup_desc_intro_point(&desc->signing_kp, ip, now, desc_ip) < 0) {
1720  hs_desc_intro_point_free(desc_ip);
1721  continue;
1722  }
1723  /* We have a valid descriptor intro point. Add it to the list. */
1724  smartlist_add(encrypted->intro_points, desc_ip);
1725  } DIGEST256MAP_FOREACH_END;
1726 }
1727 
1728 /** Build the descriptor signing key certificate. */
1729 static void
1731 {
1732  hs_desc_plaintext_data_t *plaintext;
1733 
1734  tor_assert(desc);
1735  tor_assert(desc->desc);
1736 
1737  /* Ease our life a bit. */
1738  plaintext = &desc->desc->plaintext_data;
1739 
1740  /* Get rid of what we have right now. */
1741  tor_cert_free(plaintext->signing_key_cert);
1742 
1743  /* Fresh certificate for the signing key. */
1744  plaintext->signing_key_cert =
1745  tor_cert_create_ed25519(&desc->blinded_kp, CERT_TYPE_SIGNING_HS_DESC,
1746  &desc->signing_kp.pubkey, now, HS_DESC_CERT_LIFETIME,
1747  CERT_FLAG_INCLUDE_SIGNING_KEY);
1748  /* If the cert creation fails, the descriptor encoding will fail and thus
1749  * ultimately won't be uploaded. We'll get a stack trace to help us learn
1750  * where the call came from and the tor_cert_create_ed25519() will log the
1751  * error. */
1752  tor_assert_nonfatal(plaintext->signing_key_cert);
1753 }
1754 
1755 /** Populate the descriptor encrypted section from the given service object.
1756  * This will generate a valid list of introduction points that can be used
1757  * after for circuit creation. Return 0 on success else -1 on error. */
1758 static int
1761 {
1762  hs_desc_encrypted_data_t *encrypted;
1763 
1764  tor_assert(service);
1765  tor_assert(desc);
1766 
1767  encrypted = &desc->desc->encrypted_data;
1768 
1769  encrypted->create2_ntor = 1;
1770  encrypted->single_onion_service = service->config.is_single_onion;
1771 
1772  /* Setup introduction points from what we have in the service. */
1773  if (encrypted->intro_points == NULL) {
1774  encrypted->intro_points = smartlist_new();
1775  }
1776  /* We do NOT build introduction point yet, we only do that once the circuit
1777  * have been opened. Until we have the right number of introduction points,
1778  * we do not encode anything in the descriptor. */
1779 
1780  /* XXX: Support client authorization (#20700). */
1781  encrypted->intro_auth_types = NULL;
1782  return 0;
1783 }
1784 
1785 /** Populate the descriptor superencrypted section from the given service
1786  * object. This will generate a valid list of hs_desc_authorized_client_t
1787  * of clients that are authorized to use the service. Return 0 on success
1788  * else -1 on error. */
1789 static int
1792 {
1793  const hs_service_config_t *config;
1794  int i;
1795  hs_desc_superencrypted_data_t *superencrypted;
1796 
1797  tor_assert(service);
1798  tor_assert(desc);
1799 
1800  superencrypted = &desc->desc->superencrypted_data;
1801  config = &service->config;
1802 
1803  /* The ephemeral key pair is already generated, so this should not give
1804  * an error. */
1805  if (BUG(!curve25519_public_key_is_ok(&desc->auth_ephemeral_kp.pubkey))) {
1806  return -1;
1807  }
1808  memcpy(&superencrypted->auth_ephemeral_pubkey,
1809  &desc->auth_ephemeral_kp.pubkey,
1810  sizeof(curve25519_public_key_t));
1811 
1812  /* Test that subcred is not zero because we might use it below */
1813  if (BUG(fast_mem_is_zero((char*)desc->desc->subcredential.subcred,
1814  DIGEST256_LEN))) {
1815  return -1;
1816  }
1817 
1818  /* Create a smartlist to store clients */
1819  superencrypted->clients = smartlist_new();
1820 
1821  /* We do not need to build the desc authorized client if the client
1822  * authorization is disabled */
1823  if (is_client_auth_enabled(service)) {
1825  hs_service_authorized_client_t *, client) {
1826  hs_desc_authorized_client_t *desc_client;
1827  desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
1828 
1829  /* Prepare the client for descriptor and then add to the list in the
1830  * superencrypted part of the descriptor */
1832  &client->client_pk,
1833  &desc->auth_ephemeral_kp.seckey,
1834  desc->descriptor_cookie, desc_client);
1835  smartlist_add(superencrypted->clients, desc_client);
1836 
1837  } SMARTLIST_FOREACH_END(client);
1838  }
1839 
1840  /* We cannot let the number of auth-clients to be zero, so we need to
1841  * make it be 16. If it is already a multiple of 16, we do not need to
1842  * do anything. Otherwise, add the additional ones to make it a
1843  * multiple of 16. */
1844  int num_clients = smartlist_len(superencrypted->clients);
1845  int num_clients_to_add;
1846  if (num_clients == 0) {
1847  num_clients_to_add = HS_DESC_AUTH_CLIENT_MULTIPLE;
1848  } else if (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE == 0) {
1849  num_clients_to_add = 0;
1850  } else {
1851  num_clients_to_add =
1853  - (num_clients % HS_DESC_AUTH_CLIENT_MULTIPLE);
1854  }
1855 
1856  for (i = 0; i < num_clients_to_add; i++) {
1857  hs_desc_authorized_client_t *desc_client =
1859  smartlist_add(superencrypted->clients, desc_client);
1860  }
1861 
1862  /* Shuffle the list to prevent the client know the position in the
1863  * config. */
1864  smartlist_shuffle(superencrypted->clients);
1865 
1866  return 0;
1867 }
1868 
1869 /** Populate the descriptor plaintext section from the given service object.
1870  * The caller must make sure that the keys in the descriptors are valid that
1871  * is are non-zero. This can't fail. */
1872 static void
1875 {
1876  hs_desc_plaintext_data_t *plaintext;
1877 
1878  tor_assert(service);
1879  tor_assert(desc);
1880  tor_assert(!fast_mem_is_zero((char *) &desc->blinded_kp,
1881  sizeof(desc->blinded_kp)));
1882  tor_assert(!fast_mem_is_zero((char *) &desc->signing_kp,
1883  sizeof(desc->signing_kp)));
1884 
1885  /* Set the subcredential. */
1886  hs_get_subcredential(&service->keys.identity_pk, &desc->blinded_kp.pubkey,
1887  &desc->desc->subcredential);
1888 
1889  plaintext = &desc->desc->plaintext_data;
1890 
1891  plaintext->version = service->config.version;
1893  /* Copy public key material to go in the descriptor. */
1894  ed25519_pubkey_copy(&plaintext->signing_pubkey, &desc->signing_kp.pubkey);
1895  ed25519_pubkey_copy(&plaintext->blinded_pubkey, &desc->blinded_kp.pubkey);
1896 
1897  /* Create the signing key certificate. This will be updated before each
1898  * upload but we create it here so we don't complexify our unit tests. */
1900 }
1901 
1902 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1903 static crypto_ope_t *
1905 {
1906  /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1907  uint8_t key[DIGEST256_LEN];
1908  crypto_digest_t *digest = crypto_digest256_new(DIGEST_SHA3_256);
1909  const char ope_key_prefix[] = "rev-counter-generation";
1910  const ed25519_secret_key_t *eph_privkey = &hs_desc->blinded_kp.seckey;
1911  crypto_digest_add_bytes(digest, ope_key_prefix, sizeof(ope_key_prefix));
1912  crypto_digest_add_bytes(digest, (char*)eph_privkey->seckey,
1913  sizeof(eph_privkey->seckey));
1914  crypto_digest_get_digest(digest, (char *)key, sizeof(key));
1915  crypto_digest_free(digest);
1916 
1917  return crypto_ope_new(key);
1918 }
1919 
1920 /** For the given service and descriptor object, create the key material which
1921  * is the blinded keypair, the descriptor signing keypair, the ephemeral
1922  * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1923  * where the generated keys MUST be ignored. */
1924 static int
1927 {
1928  int ret = -1;
1929  ed25519_keypair_t kp;
1930 
1931  tor_assert(desc);
1932  tor_assert(!fast_mem_is_zero((char *) &service->keys.identity_pk,
1934 
1935  /* XXX: Support offline key feature (#18098). */
1936 
1937  /* Copy the identity keys to the keypair so we can use it to create the
1938  * blinded key. */
1939  memcpy(&kp.pubkey, &service->keys.identity_pk, sizeof(kp.pubkey));
1940  memcpy(&kp.seckey, &service->keys.identity_sk, sizeof(kp.seckey));
1941  /* Build blinded keypair for this time period. */
1942  hs_build_blinded_keypair(&kp, NULL, 0, desc->time_period_num,
1943  &desc->blinded_kp);
1944  /* Let's not keep too much traces of our keys in memory. */
1945  memwipe(&kp, 0, sizeof(kp));
1946 
1947  /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1948  log_info(LD_GENERAL,
1949  "Getting OPE for TP#%u", (unsigned) desc->time_period_num);
1950  tor_assert_nonfatal(!desc->ope_cipher);
1952 
1953  /* No need for extra strong, this is a temporary key only for this
1954  * descriptor. Nothing long term. */
1955  if (ed25519_keypair_generate(&desc->signing_kp, 0) < 0) {
1956  log_warn(LD_REND, "Can't generate descriptor signing keypair for "
1957  "service %s",
1958  safe_str_client(service->onion_address));
1959  goto end;
1960  }
1961 
1962  /* No need for extra strong, this is a temporary key only for this
1963  * descriptor. Nothing long term. */
1964  if (curve25519_keypair_generate(&desc->auth_ephemeral_kp, 0) < 0) {
1965  log_warn(LD_REND, "Can't generate auth ephemeral keypair for "
1966  "service %s",
1967  safe_str_client(service->onion_address));
1968  goto end;
1969  }
1970 
1971  /* Random descriptor cookie to be used as a part of a key to encrypt the
1972  * descriptor, only if the client auth is enabled will it be used. */
1974  sizeof(desc->descriptor_cookie));
1975 
1976  /* Success. */
1977  ret = 0;
1978  end:
1979  return ret;
1980 }
1981 
1982 /** Given a service and the current time, build a descriptor for the service.
1983  * This function does not pick introduction point, this needs to be done by
1984  * the update function. On success, desc_out will point to the newly allocated
1985  * descriptor object.
1986  *
1987  * This can error if we are unable to create keys or certificate. */
1988 static void
1989 build_service_descriptor(hs_service_t *service, uint64_t time_period_num,
1990  hs_service_descriptor_t **desc_out)
1991 {
1992  char *encoded_desc;
1994 
1995  tor_assert(service);
1996  tor_assert(desc_out);
1997 
1998  desc = service_descriptor_new();
1999 
2000  /* Set current time period */
2001  desc->time_period_num = time_period_num;
2002 
2003  /* Create the needed keys so we can setup the descriptor content. */
2004  if (build_service_desc_keys(service, desc) < 0) {
2005  goto err;
2006  }
2007  /* Setup plaintext descriptor content. */
2008  build_service_desc_plaintext(service, desc);
2009 
2010  /* Setup superencrypted descriptor content. */
2011  if (build_service_desc_superencrypted(service, desc) < 0) {
2012  goto err;
2013  }
2014  /* Setup encrypted descriptor content. */
2015  if (build_service_desc_encrypted(service, desc) < 0) {
2016  goto err;
2017  }
2018 
2019  /* Let's make sure that we've created a descriptor that can actually be
2020  * encoded properly. This function also checks if the encoded output is
2021  * decodable after. */
2022  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2023  &encoded_desc) < 0)) {
2024  goto err;
2025  }
2026  tor_free(encoded_desc);
2027 
2028  /* Assign newly built descriptor to the next slot. */
2029  *desc_out = desc;
2030 
2031  /* Fire a CREATED control port event. */
2033  &desc->blinded_kp.pubkey);
2034 
2035  /* If we are an onionbalance instance, we refresh our keys when we rotate
2036  * descriptors. */
2037  hs_ob_refresh_keys(service);
2038 
2039  return;
2040 
2041  err:
2042  service_descriptor_free(desc);
2043 }
2044 
2045 /** Build both descriptors for the given service that has just booted up.
2046  * Because it's a special case, it deserves its special function ;). */
2047 static void
2049 {
2050  uint64_t current_desc_tp, next_desc_tp;
2051 
2052  tor_assert(service);
2053  /* These are the conditions for a new service. */
2054  tor_assert(!service->desc_current);
2055  tor_assert(!service->desc_next);
2056 
2057  /*
2058  * +------------------------------------------------------------------+
2059  * | |
2060  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2061  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2062  * | |
2063  * | $==========|-----------$===========|-----------$===========| |
2064  * | ^ ^ |
2065  * | A B |
2066  * +------------------------------------------------------------------+
2067  *
2068  * Case A: The service boots up before a new time period, the current time
2069  * period is thus TP#1 and the next is TP#2 which for both we have access to
2070  * their SRVs.
2071  *
2072  * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2073  * next descriptor because we don't have the SRV#3 so the current should be
2074  * TP#1 and next TP#2.
2075  */
2076 
2077  if (hs_in_period_between_tp_and_srv(NULL, now)) {
2078  /* Case B from the above, inside of the new time period. */
2079  current_desc_tp = hs_get_previous_time_period_num(0); /* TP#1 */
2080  next_desc_tp = hs_get_time_period_num(0); /* TP#2 */
2081  } else {
2082  /* Case A from the above, outside of the new time period. */
2083  current_desc_tp = hs_get_time_period_num(0); /* TP#1 */
2084  next_desc_tp = hs_get_next_time_period_num(0); /* TP#2 */
2085  }
2086 
2087  /* Build descriptors. */
2088  build_service_descriptor(service, current_desc_tp, &service->desc_current);
2089  build_service_descriptor(service, next_desc_tp, &service->desc_next);
2090  log_info(LD_REND, "Hidden service %s has just started. Both descriptors "
2091  "built. Now scheduled for upload.",
2092  safe_str_client(service->onion_address));
2093 }
2094 
2095 /** Build descriptors for each service if needed. There are conditions to build
2096  * a descriptor which are details in the function. */
2097 STATIC void
2099 {
2100  FOR_EACH_SERVICE_BEGIN(service) {
2101 
2102  /* A service booting up will have both descriptors to NULL. No other cases
2103  * makes both descriptor non existent. */
2104  if (service->desc_current == NULL && service->desc_next == NULL) {
2105  build_descriptors_for_new_service(service, now);
2106  continue;
2107  }
2108 
2109  /* Reaching this point means we are pass bootup so at runtime. We should
2110  * *never* have an empty current descriptor. If the next descriptor is
2111  * empty, we'll try to build it for the next time period. This only
2112  * happens when we rotate meaning that we are guaranteed to have a new SRV
2113  * at that point for the next time period. */
2114  if (BUG(service->desc_current == NULL)) {
2115  continue;
2116  }
2117 
2118  if (service->desc_next == NULL) {
2120  &service->desc_next);
2121  log_info(LD_REND, "Hidden service %s next descriptor successfully "
2122  "built. Now scheduled for upload.",
2123  safe_str_client(service->onion_address));
2124  }
2125  } FOR_EACH_DESCRIPTOR_END;
2126 }
2127 
2128 /** Randomly pick a node to become an introduction point but not present in the
2129  * given exclude_nodes list. The chosen node is put in the exclude list
2130  * regardless of success or not because in case of failure, the node is simply
2131  * unsusable from that point on.
2132  *
2133  * If direct_conn is set, try to pick a node that our local firewall/policy
2134  * allows us to connect to directly. If we can't find any, return NULL.
2135  * This function supports selecting dual-stack nodes for direct single onion
2136  * service IPv6 connections. But it does not send IPv6 addresses in link
2137  * specifiers. (Current clients don't use IPv6 addresses to extend, and
2138  * direct client connections to intro points are not supported.)
2139  *
2140  * Return a newly allocated service intro point ready to be used for encoding.
2141  * Return NULL on error. */
2142 static hs_service_intro_point_t *
2143 pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
2144 {
2145  const or_options_t *options = get_options();
2146  const node_t *node;
2147  hs_service_intro_point_t *ip = NULL;
2148  /* Normal 3-hop introduction point flags. */
2149  router_crn_flags_t flags = CRN_NEED_UPTIME | CRN_NEED_DESC;
2150  /* Single onion flags. */
2151  router_crn_flags_t direct_flags = flags | CRN_PREF_ADDR | CRN_DIRECT_CONN;
2152 
2153  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2154  direct_conn ? direct_flags : flags);
2155 
2156  /* If we are in single onion mode, retry node selection for a 3-hop
2157  * path */
2158  if (direct_conn && !node) {
2159  log_info(LD_REND,
2160  "Unable to find an intro point that we can connect to "
2161  "directly, falling back to a 3-hop path.");
2162  node = router_choose_random_node(exclude_nodes, options->ExcludeNodes,
2163  flags);
2164  }
2165 
2166  if (!node) {
2167  goto err;
2168  }
2169 
2170  /* We have a suitable node, add it to the exclude list. We do this *before*
2171  * we can validate the extend information because even in case of failure,
2172  * we don't want to use that node anymore. */
2173  smartlist_add(exclude_nodes, (void *) node);
2174 
2175  /* Create our objects and populate them with the node information. */
2176  ip = service_intro_point_new(node);
2177 
2178  if (ip == NULL) {
2179  goto err;
2180  }
2181 
2182  log_info(LD_REND, "Picked intro point: %s", node_describe(node));
2183  return ip;
2184  err:
2185  service_intro_point_free(ip);
2186  return NULL;
2187 }
2188 
2189 /** For a given descriptor from the given service, pick any needed intro points
2190  * and update the current map with those newly picked intro points. Return the
2191  * number node that might have been added to the descriptor current map. */
2192 static unsigned int
2195 {
2196  int i = 0, num_needed_ip;
2197  smartlist_t *exclude_nodes = smartlist_new();
2198 
2199  tor_assert(service);
2200  tor_assert(desc);
2201 
2202  /* Compute how many intro points we actually need to open. */
2203  num_needed_ip = service->config.num_intro_points -
2204  digest256map_size(desc->intro_points.map);
2205  if (BUG(num_needed_ip < 0)) {
2206  /* Let's not make tor freak out here and just skip this. */
2207  goto done;
2208  }
2209 
2210  /* We want to end up with config.num_intro_points intro points, but if we
2211  * have no intro points at all (chances are they all cycled or we are
2212  * starting up), we launch get_intro_point_num_extra() extra circuits and
2213  * use the first config.num_intro_points that complete. See proposal #155,
2214  * section 4 for the rationale of this which is purely for performance.
2215  *
2216  * The ones after the first config.num_intro_points will be converted to
2217  * 'General' internal circuits and then we'll drop them from the list of
2218  * intro points. */
2219  if (digest256map_size(desc->intro_points.map) == 0) {
2220  num_needed_ip += get_intro_point_num_extra();
2221  }
2222 
2223  /* Build an exclude list of nodes of our intro point(s). The expiring intro
2224  * points are OK to pick again because this is after all a concept of round
2225  * robin so they are considered valid nodes to pick again. */
2226  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
2227  hs_service_intro_point_t *, ip) {
2228  const node_t *intro_node = get_node_from_intro_point(ip);
2229  if (intro_node) {
2230  smartlist_add(exclude_nodes, (void*)intro_node);
2231  }
2232  } DIGEST256MAP_FOREACH_END;
2233  /* Also, add the failing intro points that our descriptor encounteered in
2234  * the exclude node list. */
2235  setup_intro_point_exclude_list(desc, exclude_nodes);
2236 
2237  for (i = 0; i < num_needed_ip; i++) {
2239 
2240  /* This function will add the picked intro point node to the exclude nodes
2241  * list so we don't pick the same one at the next iteration. */
2242  ip = pick_intro_point(service->config.is_single_onion, exclude_nodes);
2243  if (ip == NULL) {
2244  /* If we end up unable to pick an introduction point it is because we
2245  * can't find suitable node and calling this again is highly unlikely to
2246  * give us a valid node all of the sudden. */
2247  log_info(LD_REND, "Unable to find a suitable node to be an "
2248  "introduction point for service %s.",
2249  safe_str_client(service->onion_address));
2250  goto done;
2251  }
2252  /* Valid intro point object, add it to the descriptor current map. */
2254  }
2255  /* We've successfully picked all our needed intro points thus none are
2256  * missing which will tell our upload process to expect the number of
2257  * circuits to be the number of configured intro points circuits and not the
2258  * number of intro points object that we have. */
2259  desc->missing_intro_points = 0;
2260 
2261  /* Success. */
2262  done:
2263  /* We don't have ownership of the node_t object in this list. */
2264  smartlist_free(exclude_nodes);
2265  return i;
2266 }
2267 
2268 /** Clear previous cached HSDirs in <b>desc</b>. */
2269 static void
2271 {
2272  if (BUG(!desc->previous_hsdirs)) {
2273  return;
2274  }
2275 
2276  SMARTLIST_FOREACH(desc->previous_hsdirs, char*, s, tor_free(s));
2278 }
2279 
2280 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2281 static void
2283 {
2284  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
2285  digest_to_base64(b64_digest, hsdir->identity);
2286 
2287  if (BUG(!desc->previous_hsdirs)) {
2288  return;
2289  }
2290 
2291  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
2292  smartlist_add_strdup(desc->previous_hsdirs, b64_digest);
2293  }
2294 }
2295 
2296 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2297  * means that this descriptor is dirty. */
2298 STATIC void
2300  time_t now,
2301  int descriptor_changed)
2302 
2303 {
2304  desc->next_upload_time = now;
2305 
2306  /* If the descriptor changed, clean up the old HSDirs list. We want to
2307  * re-upload no matter what. */
2308  if (descriptor_changed) {
2310  }
2311 }
2312 
2313 /** Pick missing intro points for this descriptor if needed. */
2314 static void
2316  hs_service_descriptor_t *desc, time_t now)
2317 {
2318  unsigned int num_intro_points;
2319 
2320  tor_assert(service);
2321  tor_assert(desc);
2322  tor_assert(desc->desc);
2323 
2324  num_intro_points = digest256map_size(desc->intro_points.map);
2325 
2326  /* Pick any missing introduction point(s). */
2327  if (num_intro_points < service->config.num_intro_points) {
2328  unsigned int num_new_intro_points = pick_needed_intro_points(service,
2329  desc);
2330  if (num_new_intro_points != 0) {
2331  log_info(LD_REND, "Service %s just picked %u intro points and wanted "
2332  "%u for %s descriptor. It currently has %d intro "
2333  "points. Launching ESTABLISH_INTRO circuit shortly.",
2334  safe_str_client(service->onion_address),
2335  num_new_intro_points,
2336  service->config.num_intro_points - num_intro_points,
2337  (desc == service->desc_current) ? "current" : "next",
2338  num_intro_points);
2339  /* We'll build those introduction point into the descriptor once we have
2340  * confirmation that the circuits are opened and ready. However,
2341  * indicate that this descriptor should be uploaded from now on. */
2342  service_desc_schedule_upload(desc, now, 1);
2343  }
2344  /* Were we able to pick all the intro points we needed? If not, we'll
2345  * flag the descriptor that it's missing intro points because it
2346  * couldn't pick enough which will trigger a descriptor upload. */
2347  if ((num_new_intro_points + num_intro_points) <
2348  service->config.num_intro_points) {
2349  desc->missing_intro_points = 1;
2350  }
2351  }
2352 }
2353 
2354 /** Update descriptor intro points for each service if needed. We do this as
2355  * part of the periodic event because we need to establish intro point circuits
2356  * before we publish descriptors. */
2357 STATIC void
2359 {
2360  FOR_EACH_SERVICE_BEGIN(service) {
2361  /* We'll try to update each descriptor that is if certain conditions apply
2362  * in order for the descriptor to be updated. */
2363  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2364  update_service_descriptor_intro_points(service, desc, now);
2365  } FOR_EACH_DESCRIPTOR_END;
2366  } FOR_EACH_SERVICE_END;
2367 }
2368 
2369 /** Return true iff the given intro point has expired that is it has been used
2370  * for too long or we've reached our max seen INTRODUCE2 cell. */
2371 STATIC int
2373  time_t now)
2374 {
2375  tor_assert(ip);
2376 
2377  if (ip->introduce2_count >= ip->introduce2_max) {
2378  goto expired;
2379  }
2380 
2381  if (ip->time_to_expire <= now) {
2382  goto expired;
2383  }
2384 
2385  /* Not expiring. */
2386  return 0;
2387  expired:
2388  return 1;
2389 }
2390 
2391 /** Return true iff we should remove the intro point ip from its service.
2392  *
2393  * We remove an intro point from the service descriptor list if one of
2394  * these criteria is met:
2395  * - It has expired (either in INTRO2 count or in time).
2396  * - No node was found (fell off the consensus).
2397  * - We are over the maximum amount of retries.
2398  *
2399  * If an established or pending circuit is found for the given ip object, this
2400  * return false indicating it should not be removed. */
2401 static bool
2403 {
2404  bool ret = false;
2405 
2406  tor_assert(ip);
2407 
2408  /* Any one of the following needs to be True to fulfill the criteria to
2409  * remove an intro point. */
2410  bool has_no_retries = (ip->circuit_retries >
2412  bool has_no_node = (get_node_from_intro_point(ip) == NULL);
2413  bool has_expired = intro_point_should_expire(ip, now);
2414 
2415  /* If the node fell off the consensus or the IP has expired, we have to
2416  * remove it now. */
2417  if (has_no_node || has_expired) {
2418  ret = true;
2419  goto end;
2420  }
2421 
2422  /* Past this point, even though we might be over the retry limit, we check
2423  * if a circuit (established or pending) exists. In that case, we should not
2424  * remove it because it might simply be valid and opened at the previous
2425  * scheduled event for the last retry. */
2426 
2427  /* Do we simply have an existing circuit regardless of its state? */
2429  goto end;
2430  }
2431 
2432  /* Getting here means we have _no_ circuits so then return if we have any
2433  * remaining retries. */
2434  ret = has_no_retries;
2435 
2436  end:
2437  /* Meaningful log in case we are about to remove the IP. */
2438  if (ret) {
2439  log_info(LD_REND, "Intro point %s%s (retried: %u times). "
2440  "Removing it.",
2442  has_expired ? " has expired" :
2443  (has_no_node) ? " fell off the consensus" : "",
2444  ip->circuit_retries);
2445  }
2446  return ret;
2447 }
2448 
2449 /** Go over the given set of intro points for each service and remove any
2450  * invalid ones.
2451  *
2452  * If an intro point is removed, the circuit (if any) is immediately close.
2453  * If a circuit can't be found, the intro point is kept if it hasn't reached
2454  * its maximum circuit retry value and thus should be retried. */
2455 static void
2456 cleanup_intro_points(hs_service_t *service, time_t now)
2457 {
2458  /* List of intro points to close. We can't mark the intro circuits for close
2459  * in the modify loop because doing so calls back into the HS subsystem and
2460  * we need to keep that code path outside of the service/desc loop so those
2461  * maps don't get modified during the close making us in a possible
2462  * use-after-free situation. */
2463  smartlist_t *ips_to_free = smartlist_new();
2464 
2465  tor_assert(service);
2466 
2467  /* For both descriptors, cleanup the intro points. */
2468  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2469  /* Go over the current intro points we have, make sure they are still
2470  * valid and remove any of them that aren't. */
2471  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2472  hs_service_intro_point_t *, ip) {
2473  if (should_remove_intro_point(ip, now)) {
2474  /* We've retried too many times, remember it as a failed intro point
2475  * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2476  if (ip->circuit_retries > MAX_INTRO_POINT_CIRCUIT_RETRIES) {
2478  }
2479 
2480  /* Remove intro point from descriptor map and add it to the list of
2481  * ips to free for which we'll also try to close the intro circuit. */
2482  MAP_DEL_CURRENT(key);
2483  smartlist_add(ips_to_free, ip);
2484  }
2485  } DIGEST256MAP_FOREACH_END;
2486  } FOR_EACH_DESCRIPTOR_END;
2487 
2488  /* Go over the intro points to free and close their circuit if any. */
2490  /* See if we need to close the intro point circuit as well */
2491 
2492  /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2493  * open until a new descriptor is uploaded and then closed all expiring
2494  * intro point circuit. Here, we close immediately and because we just
2495  * discarded the intro point, a new one will be selected, a new descriptor
2496  * created and uploaded. There is no difference to an attacker between the
2497  * timing of a new consensus and intro point rotation (possibly?). */
2499  if (ocirc && !TO_CIRCUIT(ocirc)->marked_for_close) {
2500  circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2501  }
2502 
2503  /* Cleanup the intro point */
2504  service_intro_point_free(ip);
2505  } SMARTLIST_FOREACH_END(ip);
2506 
2507  smartlist_free(ips_to_free);
2508 }
2509 
2510 /** Set the next rotation time of the descriptors for the given service for the
2511  * time now. */
2512 static void
2514 {
2515  tor_assert(service);
2516 
2517  service->state.next_rotation_time =
2520 
2521  {
2522  char fmt_time[ISO_TIME_LEN + 1];
2523  format_local_iso_time(fmt_time, service->state.next_rotation_time);
2524  log_info(LD_REND, "Next descriptor rotation time set to %s for %s",
2525  fmt_time, safe_str_client(service->onion_address));
2526  }
2527 }
2528 
2529 /** Return true iff the service should rotate its descriptor. The time now is
2530  * only used to fetch the live consensus and if none can be found, this
2531  * returns false. */
2532 static unsigned int
2534 {
2535  const networkstatus_t *ns;
2536 
2537  tor_assert(service);
2538 
2541  if (ns == NULL) {
2542  goto no_rotation;
2543  }
2544 
2545  if (ns->valid_after >= service->state.next_rotation_time) {
2546  /* In theory, we should never get here with no descriptors. We can never
2547  * have a NULL current descriptor except when tor starts up. The next
2548  * descriptor can be NULL after a rotation but we build a new one right
2549  * after.
2550  *
2551  * So, when tor starts, the next rotation time is set to the start of the
2552  * next SRV period using the consensus valid after time so it should
2553  * always be set to a future time value. This means that we should never
2554  * reach this point at bootup that is this check safeguards tor in never
2555  * allowing a rotation if the valid after time is smaller than the next
2556  * rotation time.
2557  *
2558  * This is all good in theory but we've had a NULL descriptor issue here
2559  * so this is why we BUG() on both with extra logging to try to understand
2560  * how this can possibly happens. We'll simply ignore and tor should
2561  * recover from this by skipping rotation and building the missing
2562  * descriptors just after this. */
2563  if (BUG(service->desc_current == NULL || service->desc_next == NULL)) {
2564  log_warn(LD_BUG, "Service descriptor is NULL (%p/%p). Next rotation "
2565  "time is %ld (now: %ld). Valid after time from "
2566  "consensus is %ld",
2567  service->desc_current, service->desc_next,
2568  (long)service->state.next_rotation_time,
2569  (long)now,
2570  (long)ns->valid_after);
2571  goto no_rotation;
2572  }
2573  goto rotation;
2574  }
2575 
2576  no_rotation:
2577  return 0;
2578  rotation:
2579  return 1;
2580 }
2581 
2582 /** Rotate the service descriptors of the given service. The current descriptor
2583  * will be freed, the next one put in as the current and finally the next
2584  * descriptor pointer is NULLified. */
2585 static void
2587 {
2588  if (service->desc_current) {
2589  /* Close all IP circuits for the descriptor. */
2591  /* We don't need this one anymore, we won't serve any clients coming with
2592  * this service descriptor. */
2593  service_descriptor_free(service->desc_current);
2594  }
2595  /* The next one become the current one and emptying the next will trigger
2596  * a descriptor creation for it. */
2597  service->desc_current = service->desc_next;
2598  service->desc_next = NULL;
2599 
2600  /* We've just rotated, set the next time for the rotation. */
2601  set_rotation_time(service);
2602 }
2603 
2604 /** Rotate descriptors for each service if needed. A non existing current
2605  * descriptor will trigger a descriptor build for the next time period. */
2606 STATIC void
2608 {
2609  /* XXX We rotate all our service descriptors at once. In the future it might
2610  * be wise, to rotate service descriptors independently to hide that all
2611  * those descriptors are on the same tor instance */
2612 
2613  FOR_EACH_SERVICE_BEGIN(service) {
2614 
2615  /* Note for a service booting up: Both descriptors are NULL in that case
2616  * so this function might return true if we are in the timeframe for a
2617  * rotation leading to basically swapping two NULL pointers which is
2618  * harmless. However, the side effect is that triggering a rotation will
2619  * update the service state and avoid doing anymore rotations after the
2620  * two descriptors have been built. */
2621  if (!should_rotate_descriptors(service, now)) {
2622  continue;
2623  }
2624 
2625  log_info(LD_REND, "Time to rotate our descriptors (%p / %p) for %s",
2626  service->desc_current, service->desc_next,
2627  safe_str_client(service->onion_address));
2628 
2629  rotate_service_descriptors(service);
2630  } FOR_EACH_SERVICE_END;
2631 }
2632 
2633 /** Scheduled event run from the main loop. Make sure all our services are up
2634  * to date and ready for the other scheduled events. This includes looking at
2635  * the introduction points status and descriptor rotation time. */
2636 STATIC void
2638 {
2639  /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2640  * simply moving things around or removing unneeded elements. */
2641 
2642  FOR_EACH_SERVICE_BEGIN(service) {
2643 
2644  /* If the service is starting off, set the rotation time. We can't do that
2645  * at configure time because the get_options() needs to be set for setting
2646  * that time that uses the voting interval. */
2647  if (service->state.next_rotation_time == 0) {
2648  /* Set the next rotation time of the descriptors. If it's Oct 25th
2649  * 23:47:00, the next rotation time is when the next SRV is computed
2650  * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2651  set_rotation_time(service);
2652  }
2653 
2654  /* Cleanup invalid intro points from the service descriptor. */
2655  cleanup_intro_points(service, now);
2656 
2657  /* Remove expired failing intro point from the descriptor failed list. We
2658  * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2659  remove_expired_failing_intro(service, now);
2660 
2661  /* At this point, the service is now ready to go through the scheduled
2662  * events guaranteeing a valid state. Intro points might be missing from
2663  * the descriptors after the cleanup but the update/build process will
2664  * make sure we pick those missing ones. */
2665  } FOR_EACH_SERVICE_END;
2666 }
2667 
2668 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2669  * date. Once this returns, each service descriptor needs to be considered for
2670  * new introduction circuits and then for upload. */
2671 static void
2673 {
2674  /* Run v3+ events. */
2675  /* We start by rotating the descriptors only if needed. */
2677 
2678  /* Then, we'll try to build new descriptors that we might need. The
2679  * condition is that the next descriptor is non existing because it has
2680  * been rotated or we just started up. */
2681  build_all_descriptors(now);
2682 
2683  /* Finally, we'll check if we should update the descriptors' intro
2684  * points. Missing introduction points will be picked in this function which
2685  * is useful for newly built descriptors. */
2687 }
2688 
2689 /** For the given service, launch any intro point circuits that could be
2690  * needed. This considers every descriptor of the service. */
2691 static void
2693 {
2694  tor_assert(service);
2695 
2696  /* For both descriptors, try to launch any missing introduction point
2697  * circuits using the current map. */
2698  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
2699  /* Keep a ref on if we need a direct connection. We use this often. */
2700  bool direct_conn = service->config.is_single_onion;
2701 
2702  DIGEST256MAP_FOREACH_MODIFY(desc->intro_points.map, key,
2703  hs_service_intro_point_t *, ip) {
2704  extend_info_t *ei;
2705 
2706  /* Skip the intro point that already has an existing circuit
2707  * (established or not). */
2709  continue;
2710  }
2711  ei = get_extend_info_from_intro_point(ip, direct_conn);
2712 
2713  /* If we can't connect directly to the intro point, get an extend_info
2714  * for a multi-hop path instead. */
2715  if (ei == NULL && direct_conn) {
2716  direct_conn = false;
2718  }
2719 
2720  if (ei == NULL) {
2721  /* This is possible if we can get a node_t but not the extend info out
2722  * of it. In this case, we remove the intro point and a new one will
2723  * be picked at the next main loop callback. */
2724  MAP_DEL_CURRENT(key);
2725  service_intro_point_free(ip);
2726  continue;
2727  }
2728 
2729  /* Launch a circuit to the intro point. */
2730  ip->circuit_retries++;
2731  if (hs_circ_launch_intro_point(service, ip, ei, direct_conn) < 0) {
2732  log_info(LD_REND, "Unable to launch intro circuit to node %s "
2733  "for service %s.",
2734  safe_str_client(extend_info_describe(ei)),
2735  safe_str_client(service->onion_address));
2736  /* Intro point will be retried if possible after this. */
2737  }
2738  extend_info_free(ei);
2739  } DIGEST256MAP_FOREACH_END;
2740  } FOR_EACH_DESCRIPTOR_END;
2741 }
2742 
2743 /** Don't try to build more than this many circuits before giving up for a
2744  * while. Dynamically calculated based on the configured number of intro
2745  * points for the given service and how many descriptor exists. The default
2746  * use case of 3 introduction points and two descriptors will allow 28
2747  * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2748 static unsigned int
2750 {
2751  unsigned int count = 0;
2752  unsigned int multiplier = 0;
2753  unsigned int num_wanted_ip;
2754 
2755  tor_assert(service);
2756  tor_assert(service->config.num_intro_points <=
2757  HS_CONFIG_V3_MAX_INTRO_POINTS);
2758 
2759 /** For a testing network, allow to do it for the maximum amount so circuit
2760  * creation and rotation and so on can actually be tested without limit. */
2761 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2762  if (get_options()->TestingTorNetwork) {
2763  return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING;
2764  }
2765 
2766  num_wanted_ip = service->config.num_intro_points;
2767 
2768  /* The calculation is as follow. We have a number of intro points that we
2769  * want configured as a torrc option (num_intro_points). We then add an
2770  * extra value so we can launch multiple circuits at once and pick the
2771  * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2772  * pick 5 intros and launch 5 circuits. */
2773  count += (num_wanted_ip + get_intro_point_num_extra());
2774 
2775  /* Then we add the number of retries that is possible to do for each intro
2776  * point. If we want 3 intros, we'll allow 3 times the number of possible
2777  * retry. */
2778  count += (num_wanted_ip * MAX_INTRO_POINT_CIRCUIT_RETRIES);
2779 
2780  /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2781  * have none. */
2782  multiplier += (service->desc_current) ? 1 : 0;
2783  multiplier += (service->desc_next) ? 1 : 0;
2784 
2785  return (count * multiplier);
2786 }
2787 
2788 /** For the given service, return 1 if the service is allowed to launch more
2789  * introduction circuits else 0 if the maximum has been reached for the retry
2790  * period of INTRO_CIRC_RETRY_PERIOD. */
2791 STATIC int
2793 {
2794  tor_assert(service);
2795 
2796  /* Consider the intro circuit retry period of the service. */
2797  if (now > (service->state.intro_circ_retry_started_time +
2799  service->state.intro_circ_retry_started_time = now;
2800  service->state.num_intro_circ_launched = 0;
2801  goto allow;
2802  }
2803  /* Check if we can still launch more circuits in this period. */
2804  if (service->state.num_intro_circ_launched <=
2805  get_max_intro_circ_per_period(service)) {
2806  goto allow;
2807  }
2808 
2809  /* Rate limit log that we've reached our circuit creation limit. */
2810  {
2811  char *msg;
2812  time_t elapsed_time = now - service->state.intro_circ_retry_started_time;
2813  static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD);
2814  if ((msg = rate_limit_log(&rlimit, now))) {
2815  log_info(LD_REND, "Hidden service %s exceeded its circuit launch limit "
2816  "of %u per %d seconds. It launched %u circuits in "
2817  "the last %ld seconds. Will retry in %ld seconds.",
2818  safe_str_client(service->onion_address),
2821  service->state.num_intro_circ_launched,
2822  (long int) elapsed_time,
2823  (long int) (INTRO_CIRC_RETRY_PERIOD - elapsed_time));
2824  tor_free(msg);
2825  }
2826  }
2827 
2828  /* Not allow. */
2829  return 0;
2830  allow:
2831  return 1;
2832 }
2833 
2834 /** Scheduled event run from the main loop. Make sure we have all the circuits
2835  * we need for each service. */
2836 static void
2838 {
2839  /* Make sure we can actually have enough information or able to build
2840  * internal circuits as required by services. */
2841  if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN ||
2843  return;
2844  }
2845 
2846  /* Run v3+ check. */
2847  FOR_EACH_SERVICE_BEGIN(service) {
2848  /* For introduction circuit, we need to make sure we don't stress too much
2849  * circuit creation so make sure this service is respecting that limit. */
2850  if (can_service_launch_intro_circuit(service, now)) {
2851  /* Launch intro point circuits if needed. */
2852  launch_intro_point_circuits(service);
2853  /* Once the circuits have opened, we'll make sure to update the
2854  * descriptor intro point list and cleanup any extraneous. */
2855  }
2856  } FOR_EACH_SERVICE_END;
2857 }
2858 
2859 /** Encode and sign the service descriptor desc and upload it to the given
2860  * hidden service directory. This does nothing if PublishHidServDescriptors
2861  * is false. */
2862 static void
2864  hs_service_descriptor_t *desc, const node_t *hsdir)
2865 {
2866  char *encoded_desc = NULL;
2867 
2868  tor_assert(service);
2869  tor_assert(desc);
2870  tor_assert(hsdir);
2871 
2872  /* Let's avoid doing that if tor is configured to not publish. */
2873  if (!get_options()->PublishHidServDescriptors) {
2874  log_info(LD_REND, "Service %s not publishing descriptor. "
2875  "PublishHidServDescriptors is set to 0.",
2876  safe_str_client(service->onion_address));
2877  goto end;
2878  }
2879 
2880  /* First of all, we'll encode the descriptor. This should NEVER fail but
2881  * just in case, let's make sure we have an actual usable descriptor. */
2882  if (BUG(service_encode_descriptor(service, desc, &desc->signing_kp,
2883  &encoded_desc) < 0)) {
2884  goto end;
2885  }
2886 
2887  /* Time to upload the descriptor to the directory. */
2888  hs_service_upload_desc_to_dir(encoded_desc, service->config.version,
2889  &service->keys.identity_pk,
2890  &desc->blinded_kp.pubkey, hsdir->rs);
2891 
2892  /* Add this node to previous_hsdirs list */
2893  service_desc_note_upload(desc, hsdir);
2894 
2895  /* Logging so we know where it was sent. */
2896  {
2897  int is_next_desc = (service->desc_next == desc);
2898  const uint8_t *idx = (is_next_desc) ? hsdir->hsdir_index.store_second:
2899  hsdir->hsdir_index.store_first;
2900  char *blinded_pubkey_log_str =
2901  tor_strdup(hex_str((char*)&desc->blinded_kp.pubkey.pubkey, 32));
2902  /* This log message is used by Chutney as part of its bootstrap
2903  * detection mechanism. Please don't change without first checking
2904  * Chutney. */
2905  log_info(LD_REND, "Service %s %s descriptor of revision %" PRIu64
2906  " initiated upload request to %s with index %s (%s)",
2907  safe_str_client(service->onion_address),
2908  (is_next_desc) ? "next" : "current",
2910  safe_str_client(node_describe(hsdir)),
2911  safe_str_client(hex_str((const char *) idx, 32)),
2912  safe_str_client(blinded_pubkey_log_str));
2913  tor_free(blinded_pubkey_log_str);
2914 
2915  /* Fire a UPLOAD control port event. */
2917  &desc->blinded_kp.pubkey, idx);
2918  }
2919 
2920  end:
2921  tor_free(encoded_desc);
2922  return;
2923 }
2924 
2925 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2926  * timestamp using an OPE scheme and using the ciphertext as our revision
2927  * counter.
2928  *
2929  * If <b>is_current</b> is true, then this is the current HS descriptor,
2930  * otherwise it's the next one. */
2931 static void
2933  bool is_current)
2934 {
2935  uint64_t rev_counter = 0;
2936 
2937  /* Get current time */
2938  time_t srv_start = 0;
2939 
2940  /* As our revision counter plaintext value, we use the seconds since the
2941  * start of the SR protocol run that is relevant to this descriptor. This is
2942  * guaranteed to be a positive value since we need the SRV to start making a
2943  * descriptor (so that we know where to upload it).
2944  *
2945  * Depending on whether we are building the current or the next descriptor,
2946  * services use a different SRV value. See [SERVICEUPLOAD] in
2947  * rend-spec-v3.txt:
2948  *
2949  * In particular, for the current descriptor (aka first descriptor), Tor
2950  * always uses the previous SRV for uploading the descriptor, and hence we
2951  * should use the start time of the previous protocol run here.
2952  *
2953  * Whereas for the next descriptor (aka second descriptor), Tor always uses
2954  * the current SRV for uploading the descriptor. and hence we use the start
2955  * time of the current protocol run.
2956  */
2957  if (is_current) {
2959  } else {
2961  }
2962 
2963  log_info(LD_REND, "Setting rev counter for TP #%u: "
2964  "SRV started at %d, now %d (%s)",
2965  (unsigned) hs_desc->time_period_num, (int)srv_start,
2966  (int)now, is_current ? "current" : "next");
2967 
2968  tor_assert_nonfatal(now >= srv_start);
2969 
2970  /* Compute seconds elapsed since the start of the time period. That's the
2971  * number of seconds of how long this blinded key has been active. */
2972  time_t seconds_since_start_of_srv = now - srv_start;
2973 
2974  /* Increment by one so that we are definitely sure this is strictly
2975  * positive and not zero. */
2976  seconds_since_start_of_srv++;
2977 
2978  /* Check for too big inputs. */
2979  if (BUG(seconds_since_start_of_srv > OPE_INPUT_MAX)) {
2980  seconds_since_start_of_srv = OPE_INPUT_MAX;
2981  }
2982 
2983  /* Now we compute the final revision counter value by encrypting the
2984  plaintext using our OPE cipher: */
2985  tor_assert(hs_desc->ope_cipher);
2986  rev_counter = crypto_ope_encrypt(hs_desc->ope_cipher,
2987  (int) seconds_since_start_of_srv);
2988 
2989  /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2990  tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
2991 
2992  log_info(LD_REND, "Encrypted revision counter %d to %" PRIu64,
2993  (int) seconds_since_start_of_srv, rev_counter);
2994 
2995  hs_desc->desc->plaintext_data.revision_counter = rev_counter;
2996 }
2997 
2998 /** Encode and sign the service descriptor desc and upload it to the
2999  * responsible hidden service directories. If for_next_period is true, the set
3000  * of directories are selected using the next hsdir_index. This does nothing
3001  * if PublishHidServDescriptors is false. */
3002 STATIC void
3005 {
3006  smartlist_t *responsible_dirs = NULL;
3007 
3008  tor_assert(service);
3009  tor_assert(desc);
3010 
3011  /* We'll first cancel any directory request that are ongoing for this
3012  * descriptor. It is possible that we can trigger multiple uploads in a
3013  * short time frame which can lead to a race where the second upload arrives
3014  * before the first one leading to a 400 malformed descriptor response from
3015  * the directory. Closing all pending requests avoids that. */
3016  close_directory_connections(service, desc);
3017 
3018  /* Get our list of responsible HSDir. */
3019  responsible_dirs = smartlist_new();
3020  /* The parameter 0 means that we aren't a client so tell the function to use
3021  * the spread store consensus parameter. */
3023  service->desc_next == desc, 0, responsible_dirs);
3024 
3025  /** Clear list of previous hsdirs since we are about to upload to a new
3026  * list. Let's keep it up to date. */
3028 
3029  /* For each responsible HSDir we have, initiate an upload command. */
3030  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *,
3031  hsdir_rs) {
3032  const node_t *hsdir_node = node_get_by_id(hsdir_rs->identity_digest);
3033  /* Getting responsible hsdir implies that the node_t object exists for the
3034  * routerstatus_t found in the consensus else we have a problem. */
3035  tor_assert(hsdir_node);
3036  /* Upload this descriptor to the chosen directory. */
3037  upload_descriptor_to_hsdir(service, desc, hsdir_node);
3038  } SMARTLIST_FOREACH_END(hsdir_rs);
3039 
3040  /* Set the next upload time for this descriptor. Even if we are configured
3041  * to not upload, we still want to follow the right cycle of life for this
3042  * descriptor. */
3043  desc->next_upload_time =
3046  {
3047  char fmt_next_time[ISO_TIME_LEN+1];
3048  format_local_iso_time(fmt_next_time, desc->next_upload_time);
3049  log_debug(LD_REND, "Service %s set to upload a descriptor at %s",
3050  safe_str_client(service->onion_address), fmt_next_time);
3051  }
3052 
3053  smartlist_free(responsible_dirs);
3054  return;
3055 }
3056 
3057 /** The set of HSDirs have changed: check if the change affects our descriptor
3058  * HSDir placement, and if it does, reupload the desc. */
3059 STATIC int
3061  const hs_service_descriptor_t *desc)
3062 {
3063  int should_reupload = 0;
3064  smartlist_t *responsible_dirs = smartlist_new();
3065 
3066  /* No desc upload has happened yet: it will happen eventually */
3067  if (!desc->previous_hsdirs || !smartlist_len(desc->previous_hsdirs)) {
3068  goto done;
3069  }
3070 
3071  /* Get list of responsible hsdirs */
3073  service->desc_next == desc, 0, responsible_dirs);
3074 
3075  /* Check if any new hsdirs have been added to the responsible hsdirs set:
3076  * Iterate over the list of new hsdirs, and reupload if any of them is not
3077  * present in the list of previous hsdirs.
3078  */
3079  SMARTLIST_FOREACH_BEGIN(responsible_dirs, const routerstatus_t *, hsdir_rs) {
3080  char b64_digest[BASE64_DIGEST_LEN+1] = {0};
3081  digest_to_base64(b64_digest, hsdir_rs->identity_digest);
3082 
3083  if (!smartlist_contains_string(desc->previous_hsdirs, b64_digest)) {
3084  should_reupload = 1;
3085  break;
3086  }
3087  } SMARTLIST_FOREACH_END(hsdir_rs);
3088 
3089  done:
3090  smartlist_free(responsible_dirs);
3091 
3092  return should_reupload;
3093 }
3094 
3095 /** These are all the reasons why a descriptor upload can't occur. We use
3096  * those to log the reason properly with the right rate limiting and for the
3097  * right descriptor. */
3098 typedef enum {
3099  LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0,
3100  LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1,
3101  LOG_DESC_UPLOAD_REASON_NOT_TIME = 2,
3102  LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3,
3103  LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4,
3105 
3106 /** Maximum number of reasons. This is used to allocate the static array of
3107  * all rate limiting objects. */
3108 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3109 
3110 /** Log the reason why we can't upload the given descriptor for the given
3111  * service. This takes a message string (allocated by the caller) and a
3112  * reason.
3113  *
3114  * Depending on the reason and descriptor, different rate limit applies. This
3115  * is done because this function will basically be called every second. Each
3116  * descriptor for each reason uses its own log rate limit object in order to
3117  * avoid message suppression for different reasons and descriptors. */
3118 static void
3120  const hs_service_descriptor_t *desc, const char *msg,
3121  const log_desc_upload_reason_t reason)
3122 {
3123  /* Writing the log every minute shouldn't be too annoying for log rate limit
3124  * since this can be emitted every second for each descriptor.
3125  *
3126  * However, for one specific case, we increase it to 10 minutes because it
3127  * is hit constantly, as an expected behavior, which is the reason
3128  * indicating that it is not the time to upload. */
3129  static ratelim_t limits[2][LOG_DESC_UPLOAD_REASON_MAX + 1] =
3130  { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3131  RATELIM_INIT(60), RATELIM_INIT(60) },
3132  { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3133  RATELIM_INIT(60), RATELIM_INIT(60) },
3134  };
3135  bool is_next_desc = false;
3136  unsigned int rlim_pos = 0;
3137  ratelim_t *rlim = NULL;
3138 
3139  tor_assert(service);
3140  tor_assert(desc);
3141  tor_assert(msg);
3142 
3143  /* Make sure the reason value is valid. It should never happen because we
3144  * control that value in the code flow but will be apparent during
3145  * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3146  * updated. */
3147  if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX)) {
3148  return;
3149  }
3150 
3151  /* Ease our life. Flag that tells us if the descriptor is the next one. */
3152  is_next_desc = (service->desc_next == desc);
3153 
3154  /* Current descriptor is the first element in the ratelimit object array.
3155  * The next descriptor is the second element. */
3156  rlim_pos = (is_next_desc ? 1 : 0);
3157  /* Get the ratelimit object for the reason _and_ right descriptor. */
3158  rlim = &limits[rlim_pos][reason];
3159 
3161  "Service %s can't upload its %s descriptor: %s",
3162  safe_str_client(service->onion_address),
3163  (is_next_desc) ? "next" : "current", msg);
3164 }
3165 
3166 /** Return 1 if the given descriptor from the given service can be uploaded
3167  * else return 0 if it can not. */
3168 static int
3170  const hs_service_descriptor_t *desc, time_t now)
3171 {
3172  char *msg = NULL;
3173  unsigned int num_intro_points, count_ip_established;
3174 
3175  tor_assert(service);
3176  tor_assert(desc);
3177 
3178  /* If this descriptors has missing intro points that is that it couldn't get
3179  * them all when it was time to pick them, it means that we should upload
3180  * instead of waiting an arbitrary amount of time breaking the service.
3181  * Else, if we have no missing intro points, we use the value taken from the
3182  * service configuration. */
3183  if (desc->missing_intro_points) {
3184  num_intro_points = digest256map_size(desc->intro_points.map);
3185  } else {
3186  num_intro_points = service->config.num_intro_points;
3187  }
3188 
3189  /* This means we tried to pick intro points but couldn't get any so do not
3190  * upload descriptor in this case. We need at least one for the service to
3191  * be reachable. */
3192  if (desc->missing_intro_points && num_intro_points == 0) {
3193  msg = tor_strdup("Missing intro points");
3194  log_cant_upload_desc(service, desc, msg,
3195  LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3196  goto cannot;
3197  }
3198 
3199  /* Check if all our introduction circuit have been established for all the
3200  * intro points we have selected. */
3201  count_ip_established = count_desc_circuit_established(desc);
3202  if (count_ip_established != num_intro_points) {
3203  tor_asprintf(&msg, "Intro circuits aren't yet all established (%d/%d).",
3204  count_ip_established, num_intro_points);
3205  log_cant_upload_desc(service, desc, msg,
3206  LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3207  goto cannot;
3208  }
3209 
3210  /* Is it the right time to upload? */
3211  if (desc->next_upload_time > now) {
3212  tor_asprintf(&msg, "Next upload time is %ld, it is now %ld.",
3213  (long int) desc->next_upload_time, (long int) now);
3214  log_cant_upload_desc(service, desc, msg,
3215  LOG_DESC_UPLOAD_REASON_NOT_TIME);
3216  goto cannot;
3217  }
3218 
3219  /* Don't upload desc if we don't have a live consensus */
3222  msg = tor_strdup("No reasonably live consensus");
3223  log_cant_upload_desc(service, desc, msg,
3224  LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3225  goto cannot;
3226  }
3227 
3228  /* Do we know enough router descriptors to have adequate vision of the HSDir
3229  hash ring? */
3231  msg = tor_strdup("Not enough directory information");
3232  log_cant_upload_desc(service, desc, msg,
3233  LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3234  goto cannot;
3235  }
3236 
3237  /* Can upload! */
3238  return 1;
3239 
3240  cannot:
3241  tor_free(msg);
3242  return 0;
3243 }
3244 
3245 /** Refresh the given service descriptor meaning this will update every mutable
3246  * field that needs to be updated before we upload.
3247  *
3248  * This should ONLY be called before uploading a descriptor. It assumes that
3249  * the descriptor has been built (desc->desc) and that all intro point
3250  * circuits have been established. */
3251 static void
3253  hs_service_descriptor_t *desc, time_t now)
3254 {
3255  /* There are few fields that we consider "mutable" in the descriptor meaning
3256  * we need to update them regularly over the lifetime for the descriptor.
3257  * The rest are set once and should not be modified.
3258  *
3259  * - Signing key certificate.
3260  * - Revision counter.
3261  * - Introduction points which includes many thing. See
3262  * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3263  */
3264 
3265  /* Create the signing key certificate. */
3266  build_desc_signing_key_cert(desc, now);
3267 
3268  /* Build the intro points descriptor section. The refresh step is just
3269  * before we upload so all circuits have been properly established. */
3270  build_desc_intro_points(service, desc, now);
3271 
3272  /* Set the desc revision counter right before uploading */
3273  set_descriptor_revision_counter(desc, now, service->desc_current == desc);
3274 }
3275 
3276 /** Scheduled event run from the main loop. Try to upload the descriptor for
3277  * each service. */
3278 STATIC void
3280 {
3281  /* Run v3+ check. */
3282  FOR_EACH_SERVICE_BEGIN(service) {
3283  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
3284  /* If we were asked to re-examine the hash ring, and it changed, then
3285  schedule an upload */
3287  service_desc_hsdirs_changed(service, desc)) {
3288  service_desc_schedule_upload(desc, now, 0);
3289  }
3290 
3291  /* Can this descriptor be uploaded? */
3292  if (!should_service_upload_descriptor(service, desc, now)) {
3293  continue;
3294  }
3295 
3296  log_info(LD_REND, "Initiating upload for hidden service %s descriptor "
3297  "for service %s with %u/%u introduction points%s.",
3298  (desc == service->desc_current) ? "current" : "next",
3299  safe_str_client(service->onion_address),
3300  digest256map_size(desc->intro_points.map),
3301  service->config.num_intro_points,
3302  (desc->missing_intro_points) ? " (couldn't pick more)" : "");
3303 
3304  /* We are about to upload so we need to do one last step which is to
3305  * update the service's descriptor mutable fields in order to upload a
3306  * coherent descriptor. */
3307  refresh_service_descriptor(service, desc, now);
3308 
3309  /* Proceed with the upload, the descriptor is ready to be encoded. */
3310  upload_descriptor_to_all(service, desc);
3311  } FOR_EACH_DESCRIPTOR_END;
3312  } FOR_EACH_SERVICE_END;
3313 
3314  /* We are done considering whether to republish rend descriptors */
3316 }
3317 
3318 /** Called when the introduction point circuit is done building and ready to be
3319  * used. */
3320 static void
3322 {
3323  hs_service_t *service = NULL;
3324  hs_service_intro_point_t *ip = NULL;
3325  hs_service_descriptor_t *desc = NULL;
3326 
3327  tor_assert(circ);
3328 
3329  /* Let's do some basic sanity checking of the circ state */
3330  if (BUG(!circ->cpath)) {
3331  return;
3332  }
3333  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
3334  return;
3335  }
3336  if (BUG(!circ->hs_ident)) {
3337  return;
3338  }
3339 
3340  /* Get the corresponding service and intro point. */
3341  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3342 
3343  if (service == NULL) {
3344  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3345  "circuit %u. Can't find onion service.",
3346  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3347  TO_CIRCUIT(circ)->n_circ_id);
3348  goto err;
3349  }
3350  if (ip == NULL) {
3351  log_warn(LD_REND, "Unknown introduction point auth key on circuit %u "
3352  "for service %s",
3353  TO_CIRCUIT(circ)->n_circ_id,
3354  safe_str_client(service->onion_address));
3355  goto err;
3356  }
3357  /* We can't have an IP object without a descriptor. */
3358  tor_assert(desc);
3359 
3360  if (hs_circ_service_intro_has_opened(service, ip, desc, circ)) {
3361  /* Getting here means that the circuit has been re-purposed because we
3362  * have enough intro circuit opened. Remove the IP from the service. */
3363  service_intro_point_remove(service, ip);
3364  service_intro_point_free(ip);
3365  }
3366 
3367  goto done;
3368 
3369  err:
3370  /* Close circuit, we can't use it. */
3371  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3372  done:
3373  return;
3374 }
3375 
3376 /** Called when a rendezvous circuit is done building and ready to be used. */
3377 static void
3379 {
3380  hs_service_t *service = NULL;
3381 
3382  tor_assert(circ);
3383  tor_assert(circ->cpath);
3384  /* Getting here means this is a v3 rendezvous circuit. */
3385  tor_assert(circ->hs_ident);
3387 
3388  /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3389  * timestamp regardless of its content because that circuit could have been
3390  * cannibalized so in any cases, we are about to use that circuit more. */
3391  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
3393 
3394  /* Get the corresponding service and intro point. */
3395  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3396  if (service == NULL) {
3397  log_warn(LD_REND, "Unknown service identity key %s on the rendezvous "
3398  "circuit %u with cookie %s. Can't find onion service.",
3399  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3400  TO_CIRCUIT(circ)->n_circ_id,
3401  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
3402  REND_COOKIE_LEN));
3403  goto err;
3404  }
3405 
3406  /* If the cell can't be sent, the circuit will be closed within this
3407  * function. */
3408  hs_circ_service_rp_has_opened(service, circ);
3409 
3410  /* Update metrics that we have an established rendezvous circuit. It is not
3411  * entirely true until the client receives the RENDEZVOUS2 cell and starts
3412  * sending but if that circuit collapes, we'll decrement the counter thus it
3413  * will even out the metric. */
3414  if (TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
3416 
3417  struct timeval now;
3418  tor_gettimeofday(&now);
3419  int64_t duration = tv_mdiff(&TO_CIRCUIT(circ)->timestamp_began, &now);
3420  hs_metrics_rdv_circ_build_time(service, duration);
3421  }
3422 
3423  goto done;
3424 
3425  err:
3426  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOSUCHSERVICE);
3427  done:
3428  return;
3429 }
3430 
3431 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3432  * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3433  * introduction circuit. Return 0 on success else a negative value. */
3434 static int
3436  const uint8_t *payload,
3437  size_t payload_len)
3438 {
3439  hs_service_t *service = NULL;
3440  hs_service_intro_point_t *ip = NULL;
3441 
3442  tor_assert(circ);
3443  tor_assert(payload);
3445 
3446  /* We need the service and intro point for this cell. */
3447  get_objects_from_ident(circ->hs_ident, &service, &ip, NULL);
3448 
3449  /* Get service object from the circuit identifier. */
3450  if (service == NULL) {
3451  log_warn(LD_REND, "Unknown service identity key %s on the introduction "
3452  "circuit %u. Can't find onion service.",
3453  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3454  TO_CIRCUIT(circ)->n_circ_id);
3455  goto err;
3456  }
3457  if (ip == NULL) {
3458  /* We don't recognize the key. */
3459  log_warn(LD_REND, "Introduction circuit established without an intro "
3460  "point object on circuit %u for service %s",
3461  TO_CIRCUIT(circ)->n_circ_id,
3462  safe_str_client(service->onion_address));
3463  goto err;
3464  }
3465 
3466  /* Try to parse the payload into a cell making sure we do actually have a
3467  * valid cell. On success, the ip object and circuit purpose is updated to
3468  * reflect the fact that the introduction circuit is established. */
3469  if (hs_circ_handle_intro_established(service, ip, circ, payload,
3470  payload_len) < 0) {
3471  goto err;
3472  }
3473 
3474  struct timeval now;
3475  tor_gettimeofday(&now);
3476  int64_t duration = tv_mdiff(&TO_CIRCUIT(circ)->timestamp_began, &now);
3477 
3478  /* Update metrics. */
3480  hs_metrics_intro_circ_build_time(service, duration);
3481 
3482  log_info(LD_REND, "Successfully received an INTRO_ESTABLISHED cell "
3483  "on circuit %u for service %s",
3484  TO_CIRCUIT(circ)->n_circ_id,
3485  safe_str_client(service->onion_address));
3486  return 0;
3487 
3488  err:
3489  return -1;
3490 }
3491 
3492 /** We just received an INTRODUCE2 cell on the established introduction circuit
3493  * circ. Handle the cell and return 0 on success else a negative value. */
3494 static int
3495 service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload,
3496  size_t payload_len)
3497 {
3498  hs_service_t *service = NULL;
3499  hs_service_intro_point_t *ip = NULL;
3500  hs_service_descriptor_t *desc = NULL;
3501 
3502  tor_assert(circ);
3503  tor_assert(payload);
3504  tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
3505 
3506  /* We'll need every object associated with this circuit. */
3507  get_objects_from_ident(circ->hs_ident, &service, &ip, &desc);
3508 
3509  /* Get service object from the circuit identifier. */
3510  if (service == NULL) {
3511  log_warn(LD_BUG, "Unknown service identity key %s when handling "
3512  "an INTRODUCE2 cell on circuit %u",
3513  safe_str_client(ed25519_fmt(&circ->hs_ident->identity_pk)),
3514  TO_CIRCUIT(circ)->n_circ_id);
3515  goto err;
3516  }
3517  if (ip == NULL) {
3518  /* We don't recognize the key. */
3519  log_warn(LD_BUG, "Unknown introduction auth key when handling "
3520  "an INTRODUCE2 cell on circuit %u for service %s",
3521  TO_CIRCUIT(circ)->n_circ_id,
3522  safe_str_client(service->onion_address));
3523 
3525  HS_METRICS_ERR_INTRO_REQ_BAD_AUTH_KEY);
3526  goto err;
3527  }
3528  /* If we have an IP object, we MUST have a descriptor object. */
3529  tor_assert(desc);
3530 
3531  /* The following will parse, decode and launch the rendezvous point circuit.
3532  * Both current and legacy cells are handled. */
3533  if (hs_circ_handle_introduce2(service, circ, ip, &desc->desc->subcredential,
3534  payload, payload_len) < 0) {
3535  goto err;
3536  }
3537  /* Update metrics that a new introduction was successful. */
3538  hs_metrics_new_introduction(service);
3539 
3540  return 0;
3541  err:
3542 
3543  return -1;
3544 }
3545 
3546 /** Add to list every filename used by service. This is used by the sandbox
3547  * subsystem. */
3548 static void
3550 {
3551  const char *s_dir;
3552  char fname[128] = {0};
3553 
3554  tor_assert(service);
3555  tor_assert(list);
3556 
3557  /* Ease our life. */
3558  s_dir = service->config.directory_path;
3559  /* The hostname file. */
3560  smartlist_add(list, hs_path_from_filename(s_dir, fname_hostname));
3561  /* The key files split in two. */
3562  tor_snprintf(fname, sizeof(fname), "%s_secret_key", fname_keyfile_prefix);
3563  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3564  tor_snprintf(fname, sizeof(fname), "%s_public_key", fname_keyfile_prefix);
3565  smartlist_add(list, hs_path_from_filename(s_dir, fname));
3566 }
3567 
3568 /** Return true iff the given service identity key is present on disk. */
3569 static int
3570 service_key_on_disk(const char *directory_path)
3571 {
3572  int ret = 0;
3573  char *fname;
3574  ed25519_keypair_t *kp = NULL;
3575 
3576  tor_assert(directory_path);
3577 
3578  /* Build the v3 key path name and then try to load it. */
3579  fname = hs_path_from_filename(directory_path, fname_keyfile_prefix);
3580  kp = ed_key_init_from_file(fname, INIT_ED_KEY_SPLIT,
3581  LOG_DEBUG, NULL, 0, 0, 0, NULL, NULL);
3582  if (kp) {
3583  ret = 1;
3584  }
3585 
3586  ed25519_keypair_free(kp);
3587  tor_free(fname);
3588 
3589  return ret;
3590 }
3591 
3592 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3593  * because we need some preprocessing here */
3594 static int
3596  const hs_service_descriptor_t *desc,
3597  const ed25519_keypair_t *signing_kp,
3598  char **encoded_out)
3599 {
3600  int ret;
3601  const uint8_t *descriptor_cookie = NULL;
3602 
3603  tor_assert(service);
3604  tor_assert(desc);
3605  tor_assert(encoded_out);
3606 
3607  /* If the client authorization is enabled, send the descriptor cookie to
3608  * hs_desc_encode_descriptor. Otherwise, send NULL */
3609  if (is_client_auth_enabled(service)) {
3610  descriptor_cookie = desc->descriptor_cookie;
3611  }
3612 
3613  ret = hs_desc_encode_descriptor(desc->desc, signing_kp,
3614  descriptor_cookie, encoded_out);
3615 
3616  return ret;
3617 }
3618 
3619 /* ========== */
3620 /* Public API */
3621 /* ========== */
3622 
3623 /* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent?
3624  */
3625 static int
3626 hs_service_non_anonymous_mode_consistent(const or_options_t *options)
3627 {
3628  /* !! is used to make these options boolean */
3629  return (!! options->HiddenServiceSingleHopMode ==
3630  !! options->HiddenServiceNonAnonymousMode);
3631 }
3632 
3633 /* Do the options allow onion services to make direct (non-anonymous)
3634  * connections to introduction or rendezvous points?
3635  * Must only be called after options_validate_single_onion() has successfully
3636  * checked onion service option consistency.
3637  * Returns true if tor is in HiddenServiceSingleHopMode. */
3638 int
3639 hs_service_allow_non_anonymous_connection(const or_options_t *options)
3640 {
3641  tor_assert(hs_service_non_anonymous_mode_consistent(options));
3642  return options->HiddenServiceSingleHopMode ? 1 : 0;
3643 }
3644 
3645 /* Do the options allow us to reveal the exact startup time of the onion
3646  * service?
3647  * Single Onion Services prioritise availability over hiding their
3648  * startup time, as their IP address is publicly discoverable anyway.
3649  * Must only be called after options_validate_single_onion() has successfully
3650  * checked onion service option consistency.
3651  * Returns true if tor is in non-anonymous hidden service mode. */
3652 int
3653 hs_service_reveal_startup_time(const or_options_t *options)
3654 {
3655  tor_assert(hs_service_non_anonymous_mode_consistent(options));
3656  return hs_service_non_anonymous_mode_enabled(options);
3657 }
3658 
3659 /* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode
3660  * config option?
3661  * Must only be called after options_validate_single_onion() has successfully
3662  * checked onion service option consistency.
3663  */
3664 int
3665 hs_service_non_anonymous_mode_enabled(const or_options_t *options)
3666 {
3667  tor_assert(hs_service_non_anonymous_mode_consistent(options));
3668  return options->HiddenServiceNonAnonymousMode ? 1 : 0;
3669 }
3670 
3671 /** Called when a circuit was just cleaned up. This is done right before the
3672  * circuit is marked for close. */
3673 void
3675 {
3676  tor_assert(circ);
3678 
3679  switch (circ->purpose) {
3681  /* About to close an established introduction circuit. Update the metrics
3682  * to reflect how many we have at the moment. */
3684  &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3685  break;
3687  /* About to close an established rendezvous circuit. Update the metrics to
3688  * reflect how many we have at the moment. */
3690  &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk);
3691  break;
3693  hs_circ_retry_service_rendezvous_point(CONST_TO_ORIGIN_CIRCUIT(circ));
3694  break;
3695  default:
3696  break;
3697  }
3698 }
3699 
3700 /** This is called every time the service map changes that is if an
3701  * element is added or removed. */
3702 void
3704 {
3705  /* If we now have services where previously we had not, we need to enable
3706  * the HS service main loop event. If we changed to having no services, we
3707  * need to disable the event. */
3709 }
3710 
3711 /** Called when a new consensus has arrived and has been set globally. The new
3712  * consensus is pointed by ns. */
3713 void
3715 {
3716  tor_assert(ns);
3717 
3718  /* This value is the new value from the consensus. */
3719  uint8_t current_sendme_inc = congestion_control_sendme_inc();
3720 
3721  if (!hs_service_map)
3722  return;
3723 
3724  /* Check each service and look if their descriptor contains a different
3725  * sendme increment. If so, nuke all intro points by forcing an expiration
3726  * which will lead to rebuild and reupload with the new value. */
3727  FOR_EACH_SERVICE_BEGIN(service) {
3728  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
3729  if (desc->desc &&
3730  desc->desc->encrypted_data.sendme_inc != current_sendme_inc) {
3731  /* Passing the maximum time_t will force expiration of all intro points
3732  * and thus will lead to a rebuild of the descriptor. */
3733  cleanup_intro_points(service, LONG_MAX);
3734  }
3735  } FOR_EACH_DESCRIPTOR_END;
3736  } FOR_EACH_SERVICE_END;
3737 }
3738 
3739 /** Upload an encoded descriptor in encoded_desc of the given version. This
3740  * descriptor is for the service identity_pk and blinded_pk used to setup the
3741  * directory connection identifier. It is uploaded to the directory hsdir_rs
3742  * routerstatus_t object.
3743  *
3744  * NOTE: This function does NOT check for PublishHidServDescriptors because it
3745  * is only used by the control port command HSPOST outside of this subsystem.
3746  * Inside this code, upload_descriptor_to_hsdir() should be used. */
3747 void
3748 hs_service_upload_desc_to_dir(const char *encoded_desc,
3749  const uint8_t version,
3750  const ed25519_public_key_t *identity_pk,
3751  const ed25519_public_key_t *blinded_pk,
3752  const routerstatus_t *hsdir_rs)
3753 {
3754  char version_str[4] = {0};
3755  directory_request_t *dir_req;
3756  hs_ident_dir_conn_t ident;
3757 
3758  tor_assert(encoded_desc);
3759  tor_assert(identity_pk);
3760  tor_assert(blinded_pk);
3761  tor_assert(hsdir_rs);
3762 
3763  /* Setup the connection identifier. */
3764  memset(&ident, 0, sizeof(ident));
3765  hs_ident_dir_conn_init(identity_pk, blinded_pk, &ident);
3766 
3767  /* This is our resource when uploading which is used to construct the URL
3768  * with the version number: "/tor/hs/<version>/publish". */
3769  tor_snprintf(version_str, sizeof(version_str), "%u", version);
3770 
3771  /* Build the directory request for this HSDir. */
3773  directory_request_set_routerstatus(dir_req, hsdir_rs);
3775  directory_request_set_resource(dir_req, version_str);
3776  directory_request_set_payload(dir_req, encoded_desc,
3777  strlen(encoded_desc));
3778  /* The ident object is copied over the directory connection object once
3779  * the directory request is initiated. */
3780  directory_request_upload_set_hs_ident(dir_req, &ident);
3781 
3782  /* Initiate the directory request to the hsdir.*/
3783  directory_initiate_request(dir_req);
3784  directory_request_free(dir_req);
3785 }
3786 
3787 /** Add the ephemeral service using the secret key sk and ports. Both max
3788  * streams parameter will be set in the newly created service.
3789  *
3790  * Ownership of sk, ports, and auth_clients_v3 is passed to this routine.
3791  * Regardless of success/failure, callers should not touch these values
3792  * after calling this routine, and may assume that correct cleanup has
3793  * been done on failure.
3794  *
3795  * Return an appropriate hs_service_add_ephemeral_status_t. */
3798  int max_streams_per_rdv_circuit,
3799  int max_streams_close_circuit,
3800  smartlist_t *auth_clients_v3, char **address_out)
3801 {
3803  hs_service_t *service = NULL;
3804 
3805  tor_assert(sk);
3806  tor_assert(ports);
3807  tor_assert(address_out);
3808 
3809  service = hs_service_new(get_options());
3810 
3811  /* Setup the service configuration with specifics. A default service is
3812  * HS_VERSION_TWO so explicitly set it. */
3813  service->config.version = HS_VERSION_THREE;
3814  service->config.max_streams_per_rdv_circuit = max_streams_per_rdv_circuit;
3815  service->config.max_streams_close_circuit = !!max_streams_close_circuit;
3816  service->config.is_ephemeral = 1;
3817  smartlist_free(service->config.ports);
3818  service->config.ports = ports;
3819 
3820  /* Handle the keys. */
3821  memcpy(&service->keys.identity_sk, sk, sizeof(service->keys.identity_sk));
3823  &service->keys.identity_sk) < 0) {
3824  log_warn(LD_CONFIG, "Unable to generate ed25519 public key"
3825  "for v3 service.");
3826  ret = RSAE_BADPRIVKEY;
3827  goto err;
3828  }
3829 
3830  if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
3831  log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
3832  ret = RSAE_BADPRIVKEY;
3833  goto err;
3834  }
3835 
3836  /* Make sure we have at least one port. */
3837  if (smartlist_len(service->config.ports) == 0) {
3838  log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
3839  "for v3 service.");
3840  ret = RSAE_BADVIRTPORT;
3841  goto err;
3842  }
3843 
3844  if (auth_clients_v3) {
3845  service->config.clients = smartlist_new();
3846  SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, c, {
3847  if (c != NULL) {
3848  smartlist_add(service->config.clients, c);
3849  }
3850  });
3851  smartlist_free(auth_clients_v3);
3852  }
3853 
3854  /* Build the onion address for logging purposes but also the control port
3855  * uses it for the HS_DESC event. */
3856  hs_build_address(&service->keys.identity_pk,
3857  (uint8_t) service->config.version,
3858  service->onion_address);
3859 
3860  /* The only way the registration can fail is if the service public key
3861  * already exists. */
3862  if (BUG(register_service(hs_service_map, service) < 0)) {
3863  log_warn(LD_CONFIG, "Onion Service private key collides with an "
3864  "existing v3 service.");
3865  ret = RSAE_ADDREXISTS;
3866  goto err;
3867  }
3868 
3869  log_info(LD_CONFIG, "Added ephemeral v3 onion service: %s",
3870  safe_str_client(service->onion_address));
3871 
3872  *address_out = tor_strdup(service->onion_address);
3873  ret = RSAE_OKAY;
3874  goto end;
3875 
3876  err:
3877  hs_service_free(service);
3878 
3879  end:
3880  memwipe(sk, 0, sizeof(ed25519_secret_key_t));
3881  tor_free(sk);
3882  return ret;
3883 }
3884 
3885 /** For the given onion address, delete the ephemeral service. Return 0 on
3886  * success else -1 on error. */
3887 int
3888 hs_service_del_ephemeral(const char *address)
3889 {
3890  uint8_t version;
3892  hs_service_t *service = NULL;
3893 
3894  tor_assert(address);
3895 
3896  if (hs_parse_address(address, &pk, NULL, &version) < 0) {
3897  log_warn(LD_CONFIG, "Requested malformed v3 onion address for removal.");
3898  goto err;
3899  }
3900 
3901  if (version != HS_VERSION_THREE) {
3902  log_warn(LD_CONFIG, "Requested version of onion address for removal "
3903  "is not supported.");
3904  goto err;
3905  }
3906 
3907  service = find_service(hs_service_map, &pk);
3908  if (service == NULL) {
3909  log_warn(LD_CONFIG, "Requested non-existent v3 hidden service for "
3910  "removal.");
3911  goto err;
3912  }
3913 
3914  if (!service->config.is_ephemeral) {
3915  log_warn(LD_CONFIG, "Requested non-ephemeral v3 hidden service for "
3916  "removal.");
3917  goto err;
3918  }
3919 
3920  /* Close introduction circuits, remove from map and finally free. Notice
3921  * that the rendezvous circuits aren't closed in order for any existing
3922  * connections to finish. We let the application terminate them. */
3924  remove_service(hs_service_map, service);
3925  hs_service_free(service);
3926 
3927  log_info(LD_CONFIG, "Removed ephemeral v3 hidden service: %s",
3928  safe_str_client(address));
3929  return 0;
3930 
3931  err:
3932  return -1;
3933 }
3934 
3935 /** Using the ed25519 public key pk, find a service for that key and return the
3936  * current encoded descriptor as a newly allocated string or NULL if not
3937  * found. This is used by the control port subsystem. */
3938 char *
3940 {
3941  const hs_service_t *service;
3942 
3943  tor_assert(pk);
3944 
3945  service = find_service(hs_service_map, pk);
3946  if (service && service->desc_current) {
3947  char *encoded_desc = NULL;
3948  /* No matter what is the result (which should never be a failure), return
3949  * the encoded variable, if success it will contain the right thing else
3950  * it will be NULL. */
3951  service_encode_descriptor(service,
3952  service->desc_current,
3953  &service->desc_current->signing_kp,
3954  &encoded_desc);
3955  return encoded_desc;
3956  }
3957 
3958  return NULL;
3959 }
3960 
3961 /** Return the number of service we have configured and usable. */
3962 MOCK_IMPL(unsigned int,
3964 {
3965  if (hs_service_map == NULL) {
3966  return 0;
3967  }
3968  return HT_SIZE(hs_service_map);
3969 }
3970 
3971 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3972  * the hidden service for the circuit circ, and look up the port and address
3973  * based on the connection port. Assign the actual connection address.
3974  *
3975  * Return 0 on success. Return -1 on failure and the caller should NOT close
3976  * the circuit. Return -2 on failure and the caller MUST close the circuit for
3977  * security reasons. */
3978 int
3980  edge_connection_t *conn)
3981 {
3982  hs_service_t *service = NULL;
3983 
3984  tor_assert(circ);
3985  tor_assert(conn);
3987  tor_assert(circ->hs_ident);
3988 
3989  get_objects_from_ident(circ->hs_ident, &service, NULL, NULL);
3990 
3991  if (service == NULL) {
3992  log_warn(LD_REND, "Unable to find any hidden service associated "
3993  "identity key %s on rendezvous circuit %u.",
3994  ed25519_fmt(&circ->hs_ident->identity_pk),
3995  TO_CIRCUIT(circ)->n_circ_id);
3996  /* We want the caller to close the circuit because it's not a valid
3997  * service so no danger. Attempting to bruteforce the entire key space by
3998  * opening circuits to learn which service is being hosted here is
3999  * impractical. */
4000  goto err_close;
4001  }
4002 
4003  /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
4004  * this circuit will exceed the limit. */
4005  if (service->config.max_streams_per_rdv_circuit > 0 &&
4006  (circ->hs_ident->num_rdv_streams >=
4007  service->config.max_streams_per_rdv_circuit)) {
4008 #define MAX_STREAM_WARN_INTERVAL 600
4009  static struct ratelim_t stream_ratelim =
4010  RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
4011  log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
4012  "Maximum streams per circuit limit reached on "
4013  "rendezvous circuit %u for service %s. Circuit has "
4014  "%" PRIu64 " out of %" PRIu64 " streams. %s.",
4015  TO_CIRCUIT(circ)->n_circ_id,
4016  service->onion_address,
4017  circ->hs_ident->num_rdv_streams,
4020  "Closing circuit" : "Ignoring open stream request");
4021  if (service->config.max_streams_close_circuit) {
4022  /* Service explicitly configured to close immediately. */
4023  goto err_close;
4024  }
4025  /* Exceeding the limit makes tor silently ignore the stream creation
4026  * request and keep the circuit open. */
4027  goto err_no_close;
4028  }
4029 
4030  /* Find a virtual port of that service matching the one in the connection if
4031  * successful, set the address in the connection. */
4032  if (hs_set_conn_addr_port(service->config.ports, conn) < 0) {
4033  log_info(LD_REND, "No virtual port mapping exists for port %d for "
4034  "hidden service %s.",
4035  TO_CONN(conn)->port, service->onion_address);
4036  if (service->config.allow_unknown_ports) {
4037  /* Service explicitly allow connection to unknown ports so close right
4038  * away because we do not care about port mapping. */
4039  goto err_close;
4040  }
4041  /* If the service didn't explicitly allow it, we do NOT close the circuit
4042  * here to raise the bar in terms of performance for port mapping. */
4043  goto err_no_close;
4044  }
4045 
4046  /* Success. */
4047  return 0;
4048  err_close:
4049  /* Indicate the caller that the circuit should be closed. */
4050  return -2;
4051  err_no_close:
4052  /* Indicate the caller to NOT close the circuit. */
4053  return -1;
4054 }
4055 
4056 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
4057  * its clients? */
4060 {
4061  hs_service_t *service = find_service(hs_service_map, pk);
4062  if (!service) {
4064  }
4065 
4066  return service->config.circuit_id_protocol;
4067 }
4068 
4069 /** Add to file_list every filename used by a configured hidden service, and to
4070  * dir_list every directory path used by a configured hidden service. This is
4071  * used by the sandbox subsystem to allowlist those. */
4072 void
4074  smartlist_t *dir_list)
4075 {
4076  tor_assert(file_list);
4077  tor_assert(dir_list);
4078 
4079  /* Add files and dirs for v3+. */
4080  FOR_EACH_SERVICE_BEGIN(service) {
4081  /* Skip ephemeral service, they don't touch the disk. */
4082  if (service->config.is_ephemeral) {
4083  continue;
4084  }
4085  service_add_fnames_to_list(service, file_list);
4086  smartlist_add_strdup(dir_list, service->config.directory_path);
4087  smartlist_add_strdup(dir_list, dname_client_pubkeys);
4088  } FOR_EACH_DESCRIPTOR_END;
4089 }
4090 
4091 /** Called when our internal view of the directory has changed. We might have
4092  * received a new batch of descriptors which might affect the shape of the
4093  * HSDir hash ring. Signal that we should reexamine the hash ring and
4094  * re-upload our HS descriptors if needed. */
4095 void
4097 {
4098  if (hs_service_get_num_services() > 0) {
4099  /* New directory information usually goes every consensus so rate limit
4100  * every 30 minutes to not be too conservative. */
4101  static struct ratelim_t dir_info_changed_ratelim = RATELIM_INIT(30 * 60);
4102  log_fn_ratelim(&dir_info_changed_ratelim, LOG_INFO, LD_REND,
4103  "New dirinfo arrived: consider reuploading descriptor");
4105  }
4106 }
4107 
4108 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
4109  * launch a circuit to the rendezvous point. */
4110 int
4111 hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload,
4112  size_t payload_len)
4113 {
4114  int ret = -1;
4115 
4116  tor_assert(circ);
4117  tor_assert(payload);
4118 
4119  /* Do some initial validation and logging before we parse the cell */
4120  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_INTRO) {
4121  log_warn(LD_PROTOCOL, "Received an INTRODUCE2 cell on a "
4122  "non introduction circuit of purpose %d",
4123  TO_CIRCUIT(circ)->purpose);
4124  goto done;
4125  }
4126 
4127  if (circ->hs_ident) {
4128  ret = service_handle_introduce2(circ, payload, payload_len);
4130  }
4131 
4132  done:
4133  return ret;
4134 }
4135 
4136 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
4137  * established introduction point. Return 0 on success else a negative value
4138  * and the circuit is closed. */
4139 int
4141  const uint8_t *payload,
4142  size_t payload_len)
4143 {
4144  int ret = -1;
4145 
4146  tor_assert(circ);
4147  tor_assert(payload);
4148 
4149  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
4150  log_warn(LD_PROTOCOL, "Received an INTRO_ESTABLISHED cell on a "
4151  "non introduction circuit of purpose %d",
4152  TO_CIRCUIT(circ)->purpose);
4153  goto err;
4154  }
4155 
4156  if (circ->hs_ident) {
4157  ret = service_handle_intro_established(circ, payload, payload_len);
4158  }
4159 
4160  if (ret < 0) {
4161  goto err;
4162  }
4163  return 0;
4164  err:
4165  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
4166  return -1;
4167 }
4168 
4169 /** Called when any kind of hidden service circuit is done building thus
4170  * opened. This is the entry point from the circuit subsystem. */
4171 void
4173 {
4174  tor_assert(circ);
4175 
4176  switch (TO_CIRCUIT(circ)->purpose) {
4178  if (circ->hs_ident) {
4180  }
4181  break;
4183  if (circ->hs_ident) {
4185  }
4186  break;
4187  default:
4188  tor_assert(0);
4189  }
4190 }
4191 
4192 /** Return the service version by looking at the key in the service directory.
4193  * If the key is not found or unrecognized, -1 is returned. Else, the service
4194  * version is returned. */
4195 int
4197 {
4198  int version = -1; /* Unknown version. */
4199  const char *directory_path;
4200 
4201  tor_assert(service);
4202 
4203  /* We'll try to load the key for version 3. If not found, we'll try version
4204  * 2 and if not found, we'll send back an unknown version (-1). */
4205  directory_path = service->config.directory_path;
4206 
4207  /* Version 3 check. */
4208  if (service_key_on_disk(directory_path)) {
4209  version = HS_VERSION_THREE;
4210  goto end;
4211  }
4212 
4213  end:
4214  return version;
4215 }
4216 
4217 /** Load and/or generate keys for all onion services including the client
4218  * authorization if any. Return 0 on success, -1 on failure. */
4219 int
4221 {
4222  /* Load or/and generate them for v3+. */
4224  /* Ignore ephemeral service, they already have their keys set. */
4225  if (service->config.is_ephemeral) {
4226  continue;
4227  }
4228  log_info(LD_REND, "Loading v3 onion service keys from %s",
4229  service_escaped_dir(service));
4230  if (load_service_keys(service) < 0) {
4231  goto err;
4232  }
4233  } SMARTLIST_FOREACH_END(service);
4234 
4235  /* Final step, the staging list contains service in a quiescent state that
4236  * is ready to be used. Register them to the global map. Once this is over,
4237  * the staging list will be cleaned up. */
4239 
4240  /* All keys have been loaded successfully. */
4241  return 0;
4242  err:
4243  return -1;
4244 }
4245 
4246 /** Log the status of introduction points for all version 3 onion services
4247  * at log severity <b>severity</b>.
4248  */
4249 void
4251 {
4252  origin_circuit_t *circ;
4253 
4255 
4256  tor_log(severity, LD_GENERAL, "Service configured in %s:",
4257  service_escaped_dir(hs));
4258  FOR_EACH_DESCRIPTOR_BEGIN(hs, desc) {
4259 
4260  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
4261  hs_service_intro_point_t *, ip) {
4262  const node_t *intro_node;
4263  const char *nickname;
4264 
4265  intro_node = get_node_from_intro_point(ip);
4266  if (!intro_node) {
4267  tor_log(severity, LD_GENERAL, " Couldn't find intro point, "
4268  "skipping");
4269  continue;
4270  }
4271  nickname = node_get_nickname(intro_node);
4272  if (!nickname) {
4273  continue;
4274  }
4275 
4276  circ = hs_circ_service_get_intro_circ(ip);
4277  if (!circ) {
4278  tor_log(severity, LD_GENERAL, " Intro point at %s: no circuit",
4279  nickname);
4280  continue;
4281  }
4282  tor_log(severity, LD_GENERAL, " Intro point %s: circuit is %s",
4283  nickname, circuit_state_to_string(circ->base_.state));
4284  } DIGEST256MAP_FOREACH_END;
4285 
4286  } FOR_EACH_DESCRIPTOR_END;
4287  } FOR_EACH_SERVICE_END;
4288 }
4289 
4290 /** Put all service object in the given service list. After this, the caller
4291  * looses ownership of every elements in the list and responsible to free the
4292  * list pointer. */
4293 void
4295 {
4296  tor_assert(service_list);
4297  /* This list is freed at registration time but this function can be called
4298  * multiple time. */
4299  if (hs_service_staging_list == NULL) {
4301  }
4302  /* Add all service object to our staging list. Caller is responsible for
4303  * freeing the service_list. */
4305 }
4306 
4307 /** Return a newly allocated list of all the service's metrics store. */
4308 smartlist_t *
4310 {
4311  smartlist_t *list = smartlist_new();
4312 
4313  if (hs_service_map) {
4314  FOR_EACH_SERVICE_BEGIN(service) {
4315  smartlist_add(list, service->metrics.store);
4316  } FOR_EACH_SERVICE_END;
4317  }
4318 
4319  return list;
4320 }
4321 
4322 /** Lookup the global service map for the given identitiy public key and
4323  * return the service object if found, NULL if not. */
4324 hs_service_t *
4326 {
4327  tor_assert(identity_pk);
4328 
4329  if (!hs_service_map) {
4330  return NULL;
4331  }
4332  return find_service(hs_service_map, identity_pk);
4333 }
4334 
4335 /** Allocate and initialize a service object. The service configuration will
4336  * contain the default values. Return the newly allocated object pointer. This
4337  * function can't fail. */
4338 hs_service_t *
4340 {
4341  hs_service_t *service = tor_malloc_zero(sizeof(hs_service_t));
4342  /* Set default configuration value. */
4343  set_service_default_config(&service->config, options);
4344  /* Set the default service version. */
4346  /* Allocate the CLIENT_PK replay cache in service state. */
4347  service->state.replay_cache_rend_cookie =
4349 
4350  return service;
4351 }
4352 
4353 /** Free the given <b>service</b> object and all its content. This function
4354  * also takes care of wiping service keys from memory. It is safe to pass a
4355  * NULL pointer. */
4356 void
4358 {
4359  if (service == NULL) {
4360  return;
4361  }
4362 
4363  /* Free descriptors. Go over both descriptor with this loop. */
4364  FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
4365  service_descriptor_free(desc);
4366  } FOR_EACH_DESCRIPTOR_END;
4367 
4368  /* Free service configuration. */
4369  service_clear_config(&service->config);
4370 
4371  /* Free replay cache from state. */
4372  if (service->state.replay_cache_rend_cookie) {
4374  }
4375 
4376  /* Free onionbalance subcredentials (if any) */
4377  if (service->state.ob_subcreds) {
4378  tor_free(service->state.ob_subcreds);
4379  }
4380 
4381  /* Free metrics object. */
4382  hs_metrics_service_free(service);
4383 
4384  /* Wipe service keys. */
4385  memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk));
4386 
4387  tor_free(service);
4388 }
4389 
4390 /** Periodic callback. Entry point from the main loop to the HS service
4391  * subsystem. This is call every second. This is skipped if tor can't build a
4392  * circuit or the network is disabled. */
4393 void
4395 {
4396  /* First thing we'll do here is to make sure our services are in a
4397  * quiescent state for the scheduled events. */
4399 
4400  /* Order matters here. We first make sure the descriptor object for each
4401  * service contains the latest data. Once done, we check if we need to open
4402  * new introduction circuit. Finally, we try to upload the descriptor for
4403  * each service. */
4404 
4405  /* Make sure descriptors are up to date. */
4407  /* Make sure services have enough circuits. */
4409  /* Upload the descriptors if needed/possible. */
4411 }
4412 
4413 /** Initialize the service HS subsystem. */
4414 void
4416 {
4417  /* Should never be called twice. */
4420 
4421  hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht));
4422  HT_INIT(hs_service_ht, hs_service_map);
4423 
4425 }
4426 
4427 /** Release all global storage of the hidden service subsystem. */
4428 void
4430 {
4431  service_free_all();
4433 }
4434 
4435 #ifdef TOR_UNIT_TESTS
4436 
4437 /** Return the global service map size. Only used by unit test. */
4438 STATIC unsigned int
4439 get_hs_service_map_size(void)
4440 {
4441  return HT_SIZE(hs_service_map);
4442 }
4443 
4444 /** Return the staging list size. Only used by unit test. */
4445 STATIC int
4446 get_hs_service_staging_list_size(void)
4447 {
4448  return smartlist_len(hs_service_staging_list);
4449 }
4450 
4451 STATIC hs_service_ht *
4452 get_hs_service_map(void)
4453 {
4454  return hs_service_map;
4455 }
4456 
4458 get_first_service(void)
4459 {
4460  hs_service_t **obj = HT_START(hs_service_ht, hs_service_map);
4461  if (obj == NULL) {
4462  return NULL;
4463  }
4464  return *obj;
4465 }
4466 
4467 #endif /* defined(TOR_UNIT_TESTS) */
time_t approx_time(void)
Definition: approx_time.c:32
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:615
Header file for circuitbuild.c.
origin_circuit_t * circuit_get_next_service_rp_circ(origin_circuit_t *start)
Definition: circuitlist.c:1751
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:773
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:107
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:104
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:147
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:101
Header file for circuituse.c.
const or_options_t * get_options(void)
Definition: config.c:926
Header file for config.c.
Header for confline.c.
Public APIs for congestion control.
static uint8_t congestion_control_sendme_inc(void)
Header file for connection.c.
#define CONN_TYPE_DIR
Definition: connection.h:55
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
#define BASE64_DIGEST_LEN
Definition: crypto_digest.h:26
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
#define crypto_digest_free(d)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
void digest_to_base64(char *d64, const char *digest)
Header for crypto_format.c.
crypto_ope_t * crypto_ope_new(const uint8_t *key)
Definition: crypto_ope.c:129
uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
Definition: crypto_ope.c:165
header for crypto_ope.c
#define OPE_INPUT_MAX
Definition: crypto_ope.h:31
void smartlist_shuffle(smartlist_t *sl)
Definition: crypto_rand.c:606
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Definition: crypto_rand.c:342
Common functions for using (pseudo-)random number generators.
int crypto_rand_int_range(unsigned int min, unsigned int max)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
crypto_pk_t * crypto_pk_new(void)
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:224
const char * node_describe(const node_t *node)
Definition: describe.c:160
Header file for describe.c.
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define DIGEST256_LEN
Definition: digest_sizes.h:23
smartlist_t * tor_listdir(const char *dirname)
Definition: dir.c:307
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1041
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
Definition: dirclient.c:1028
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
Definition: dirclient.c:1143
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:945
void directory_initiate_request(directory_request_t *request)
Definition: dirclient.c:1248
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
Definition: dirclient.c:1052
void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Definition: dirclient.c:1092
Header file for dirclient.c.
@ DIRIND_ANONYMOUS
Definition: dirclient.h:39
struct directory_request_t directory_request_t
Definition: dirclient.h:52
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:88
Header file for directory.c.
#define DIR_PURPOSE_UPLOAD_HSDESC
Definition: directory.h:67
Edge-connection structure.
const char * escaped(const char *s)
Definition: escape.c:126
Extend-info structure.
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect, bool for_exit)
Definition: extendinfo.c:100
Header for core/or/extendinfo.c.
int write_str_to_file_if_not_equal(const char *fname, const char *str)
Definition: files.c:743
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
Definition: hs_circuit.c:833
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:654
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
Definition: hs_circuit.c:707
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
Definition: hs_circuit.c:765
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:984
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:905
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:643
void hs_circ_retry_service_rendezvous_point(const origin_circuit_t *circ)
Definition: hs_circuit.c:681
Header file containing circuit data for the whole HS subsystem.
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1224
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:951
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:565
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:269
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:306
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:901
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1751
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:315
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:840
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:178
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:606
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:200
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:987
Header file containing common data for the whole HS subsystem.
#define NUM_INTRO_POINTS_DEFAULT
Definition: hs_common.h:30
hs_service_add_ephemeral_status_t
Definition: hs_common.h:139
@ RSAE_OKAY
Definition: hs_common.h:145
@ RSAE_BADVIRTPORT
Definition: hs_common.h:141
@ RSAE_ADDREXISTS
Definition: hs_common.h:142
@ RSAE_BADPRIVKEY
Definition: hs_common.h:143
#define NUM_INTRO_POINTS_EXTRA
Definition: hs_common.h:35
#define INTRO_CIRC_RETRY_PERIOD
Definition: hs_common.h:38
#define HS_VERSION_THREE
Definition: hs_common.h:23
void hs_config_free_all(void)
Definition: hs_config.c:702
Header file containing configuration ABI/API for the HS subsystem.
void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk)
Definition: hs_control.c:111
void hs_control_desc_event_upload(const char *onion_address, const char *hsdir_id_digest, const ed25519_public_key_t *blinded_pk, const uint8_t *hsdir_index)
Definition: hs_control.c:133
Header file containing control port event related code.
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
Header file for hs_descriptor.c.
#define HS_DESC_AUTH_CLIENT_MULTIPLE
Definition: hs_descriptor.h:66
#define HS_DESC_DEFAULT_LIFETIME
Definition: hs_descriptor.h:29
#define HS_DESC_CERT_LIFETIME
Definition: hs_descriptor.h:38
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
Definition: hs_ident.c:69
Header file containing circuit and connection identifier data for the whole HS subsystem.
void hs_intropoint_clear(hs_intropoint_t *ip)
Header file for hs_intropoint.c.
void hs_metrics_service_free(hs_service_t *service)
Definition: hs_metrics.c:244
void hs_metrics_service_init(hs_service_t *service)
Definition: hs_metrics.c:226
Header for feature/hs/hs_metrics.c.
#define hs_metrics_new_established_rdv(s)
Definition: hs_metrics.h:58
#define hs_metrics_new_established_intro(s)
Definition: hs_metrics.h:78
#define hs_metrics_new_introduction(s)
Definition: hs_metrics.h:37
#define hs_metrics_rdv_circ_build_time(s, obs)
Definition: hs_metrics.h:97
#define hs_metrics_close_established_rdv(i)
Definition: hs_metrics.h:68
#define hs_metrics_intro_circ_build_time(s, obs)
Definition: hs_metrics.h:90
#define hs_metrics_close_established_intro(i)
Definition: hs_metrics.h:84
#define hs_metrics_reject_intro_req(s, reason)
Definition: hs_metrics.h:42
Header for feature/hs/hs_metrics_entry.c.
void hs_ob_refresh_keys(hs_service_t *service)
Definition: hs_ob.c:365
Header file for the specific code for onion balance.
smartlist_t * hs_service_get_metrics_stores(void)
Definition: hs_service.c:4309
static unsigned int hs_service_ht_hash(const hs_service_t *service)
Definition: hs_service.c:142
static smartlist_t * hs_service_staging_list
Definition: hs_service.c:108
static void build_service_desc_plaintext(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1873
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, smartlist_t *auth_clients_v3, char **address_out)
Definition: hs_service.c:3797
static int load_client_keys(hs_service_t *service)
Definition: hs_service.c:1235
STATIC void service_clear_config(hs_service_config_t *config)
Definition: hs_service.c:270
void hs_service_stage_services(const smartlist_t *service_list)
Definition: hs_service.c:4294
static int should_service_upload_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3169
STATIC void upload_descriptor_to_all(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:3003
static void close_directory_connections(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:743
static void setup_intro_point_exclude_list(const hs_service_descriptor_t *desc, smartlist_t *node_list)
Definition: hs_service.c:1560
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_service.c:3674
STATIC int service_authorized_client_config_equal(const hs_service_config_t *config1, const hs_service_config_t *config2)
Definition: hs_service.c:1421
void hs_service_init(void)
Definition: hs_service.c:4415
static void upload_descriptor_to_hsdir(const hs_service_t *service, hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2863
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:4111
static void close_service_circuits(hs_service_t *service)
Definition: hs_service.c:836
static const char * service_escaped_dir(const hs_service_t *s)
Definition: hs_service.c:884
static int ht_free_service_(struct hs_service_t *service, void *data)
Definition: hs_service.c:400
static int32_t get_intro_point_min_lifetime(void)
Definition: hs_service.c:355
static extend_info_t * get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, unsigned int direct_conn)
Definition: hs_service.c:699
static void close_service_intro_circuits(hs_service_t *service)
Definition: hs_service.c:825
static void remember_failing_intro_point(const hs_service_intro_point_t *ip, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1579
STATIC const node_t * get_node_from_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:679
static int service_encode_descriptor(const hs_service_t *service, const hs_service_descriptor_t *desc, const ed25519_keypair_t *signing_kp, char **encoded_out)
Definition: hs_service.c:3595
static void move_ephemeral_services(hs_service_ht *src, hs_service_ht *dst)
Definition: hs_service.c:854
STATIC void service_desc_schedule_upload(hs_service_descriptor_t *desc, time_t now, int descriptor_changed)
Definition: hs_service.c:2299
char * hs_service_lookup_current_desc(const ed25519_public_key_t *pk)
Definition: hs_service.c:3939
static void register_all_services(void)
Definition: hs_service.c:926
hs_service_authorized_client_t * parse_authorized_client_key(const char *key_str, int severity)
Definition: hs_service.c:1133
static int build_service_desc_superencrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1790
static int service_handle_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3435
static void close_service_rp_circuits(hs_service_t *service)
Definition: hs_service.c:777
void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list)
Definition: hs_service.c:4073
static crypto_ope_t * generate_ope_cipher_for_desc(const hs_service_descriptor_t *hs_desc)
Definition: hs_service.c:1904
static void move_descriptors(hs_service_t *src, hs_service_t *dst)
Definition: hs_service.c:1483
static void set_service_default_config(hs_service_config_t *c, const or_options_t *options)
Definition: hs_service.c:248
void hs_service_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:4172
static link_specifier_t * get_link_spec_by_type(const hs_service_intro_point_t *ip, uint8_t type)
Definition: hs_service.c:657
STATIC void service_intro_point_remove(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:551
STATIC hs_service_t * find_service(hs_service_ht *map, const ed25519_public_key_t *pk)
Definition: hs_service.c:177
static void service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
Definition: hs_service.c:3549
static void service_desc_clear_previous_hsdirs(hs_service_descriptor_t *desc)
Definition: hs_service.c:2270
static void set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now, bool is_current)
Definition: hs_service.c:2932
STATIC int register_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:191
unsigned int hs_service_get_num_services(void)
Definition: hs_service.c:3963
STATIC hs_service_intro_point_t * service_intro_point_find(const hs_service_t *service, const ed25519_public_key_t *auth_key)
Definition: hs_service.c:569
static unsigned int get_max_intro_circ_per_period(const hs_service_t *service)
Definition: hs_service.c:2749
static void build_desc_signing_key_cert(hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1730
static void service_rendezvous_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3378
void service_authorized_client_free_(hs_service_authorized_client_t *client)
Definition: hs_service.c:1332
static void service_intro_point_free_void(void *obj)
Definition: hs_service.c:449
STATIC hs_service_intro_point_t * service_intro_point_new(const node_t *node)
Definition: hs_service.c:463
static void run_build_circuit_event(time_t now)
Definition: hs_service.c:2837
static void build_desc_intro_points(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:1694
STATIC void run_upload_descriptor_event(time_t now)
Definition: hs_service.c:3279
static int build_service_desc_keys(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1925
static void move_hs_state(hs_service_t *src_service, hs_service_t *dst_service)
Definition: hs_service.c:893
#define FOR_EACH_DESCRIPTOR_BEGIN(service, var)
Definition: hs_service.c:87
static void update_service_descriptor_intro_points(hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:2315
STATIC void build_all_descriptors(time_t now)
Definition: hs_service.c:2098
static int service_authorized_client_cmp(const hs_service_authorized_client_t *client1, const hs_service_authorized_client_t *client2)
Definition: hs_service.c:1397
static void log_cant_upload_desc(const hs_service_t *service, const hs_service_descriptor_t *desc, const char *msg, const log_desc_upload_reason_t reason)
Definition: hs_service.c:3119
static struct hs_service_ht * hs_service_map
Definition: hs_service.c:152
static void close_intro_circuits(hs_service_intropoints_t *intro_points)
Definition: hs_service.c:807
STATIC void get_objects_from_ident(const hs_ident_circuit_t *ident, hs_service_t **service, hs_service_intro_point_t **ip, hs_service_descriptor_t **desc)
Definition: hs_service.c:626
STATIC int client_filename_is_valid(const char *filename)
Definition: hs_service.c:1110
STATIC void service_intro_point_free_(hs_service_intro_point_t *ip)
Definition: hs_service.c:433
static void build_service_descriptor(hs_service_t *service, uint64_t time_period_num, hs_service_descriptor_t **desc_out)
Definition: hs_service.c:1989
static unsigned int should_rotate_descriptors(hs_service_t *service, time_t now)
Definition: hs_service.c:2533
#define FOR_EACH_SERVICE_BEGIN(var)
Definition: hs_service.c:77
static int service_key_on_disk(const char *directory_path)
Definition: hs_service.c:3570
static int compare_service_authorzized_client_(const void **_a, const void **_b)
Definition: hs_service.c:1412
static int load_service_keys(hs_service_t *service)
Definition: hs_service.c:1036
static int32_t get_intro_point_max_introduce2(void)
Definition: hs_service.c:343
static void service_desc_note_upload(hs_service_descriptor_t *desc, const node_t *hsdir)
Definition: hs_service.c:2282
static unsigned int pick_needed_intro_points(hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:2193
STATIC hs_service_descriptor_t * service_desc_find_by_intro(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_service.c:600
static int setup_desc_intro_point(const ed25519_keypair_t *signing_kp, const hs_service_intro_point_t *ip, time_t now, hs_desc_intro_point_t *desc_ip)
Definition: hs_service.c:1605
static void service_free_all(void)
Definition: hs_service.c:412
static void rotate_service_descriptors(hs_service_t *service)
Definition: hs_service.c:2586
STATIC unsigned int count_desc_circuit_established(const hs_service_descriptor_t *desc)
Definition: hs_service.c:726
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:4059
void hs_service_free_all(void)
Definition: hs_service.c:4429
hs_service_t * hs_service_find(const ed25519_public_key_t *identity_pk)
Definition: hs_service.c:4325
STATIC int intro_point_should_expire(const hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2372
log_desc_upload_reason_t
Definition: hs_service.c:3098
static int32_t get_intro_point_min_introduce2(void)
Definition: hs_service.c:330
static void run_build_descriptor_event(time_t now)
Definition: hs_service.c:2672
static void service_intro_circ_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:3321
static hs_service_authorized_client_t * service_authorized_client_dup(const hs_service_authorized_client_t *client)
Definition: hs_service.c:1377
STATIC void rotate_all_descriptors(time_t now)
Definition: hs_service.c:2607
STATIC int can_service_launch_intro_circuit(hs_service_t *service, time_t now)
Definition: hs_service.c:2792
hs_service_t * hs_service_new(const or_options_t *options)
Definition: hs_service.c:4339
static hs_service_intro_point_t * pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes)
Definition: hs_service.c:2143
void hs_service_dir_info_changed(void)
Definition: hs_service.c:4096
void hs_service_free_(hs_service_t *service)
Definition: hs_service.c:4357
int hs_service_del_ephemeral(const char *address)
Definition: hs_service.c:3888
STATIC void update_all_descriptors_intro_points(time_t now)
Definition: hs_service.c:2358
int hs_service_get_version_from_key(const hs_service_t *service)
Definition: hs_service.c:4196
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:4140
void hs_service_new_consensus_params(const networkstatus_t *ns)
Definition: hs_service.c:3714
void hs_service_run_scheduled_events(time_t now)
Definition: hs_service.c:4394
STATIC hs_service_descriptor_t * service_descriptor_new(void)
Definition: hs_service.c:1364
STATIC hs_service_authorized_client_t * parse_authorized_client(const char *client_key_str)
Definition: hs_service.c:1176
static const char * describe_intro_point(const hs_service_intro_point_t *ip)
Definition: hs_service.c:300
void hs_service_upload_desc_to_dir(const char *encoded_desc, const uint8_t version, const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, const routerstatus_t *hsdir_rs)
Definition: hs_service.c:3748
static int32_t get_intro_point_num_extra(void)
Definition: hs_service.c:389
static int hs_service_ht_eq(const hs_service_t *first, const hs_service_t *second)
Definition: hs_service.c:130
STATIC void remove_service(hs_service_ht *map, hs_service_t *service)
Definition: hs_service.c:219
STATIC void service_descriptor_free_(hs_service_descriptor_t *desc)
Definition: hs_service.c:1343
static void build_descriptors_for_new_service(hs_service_t *service, time_t now)
Definition: hs_service.c:2048
#define LOG_DESC_UPLOAD_REASON_MAX
Definition: hs_service.c:3108
static void launch_intro_point_circuits(hs_service_t *service)
Definition: hs_service.c:2692
static int build_service_desc_encrypted(const hs_service_t *service, hs_service_descriptor_t *desc)
Definition: hs_service.c:1759
static bool should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
Definition: hs_service.c:2402
void hs_service_map_has_changed(void)
Definition: hs_service.c:3703
void hs_service_dump_stats(int severity)
Definition: hs_service.c:4250
static void set_rotation_time(hs_service_t *service)
Definition: hs_service.c:2513
static int consider_republishing_hs_descriptors
Definition: hs_service.c:113
static int service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3495
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
Definition: hs_service.c:3979
static int32_t get_intro_point_max_lifetime(void)
Definition: hs_service.c:372
int hs_service_load_all_keys(void)
Definition: hs_service.c:4220
STATIC void run_housekeeping_event(time_t now)
Definition: hs_service.c:2637
STATIC void service_intro_point_add(digest256map_t *map, hs_service_intro_point_t *ip)
Definition: hs_service.c:536
static void remove_expired_failing_intro(hs_service_t *service, time_t now)
Definition: hs_service.c:1541
static void cleanup_intro_points(hs_service_t *service, time_t now)
Definition: hs_service.c:2456
STATIC int write_address_to_file(const hs_service_t *service, const char *fname_)
Definition: hs_service.c:993
static bool is_client_auth_enabled(const hs_service_t *service)
Definition: hs_service.c:168
STATIC int service_desc_hsdirs_changed(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_service.c:3060
static void refresh_service_descriptor(const hs_service_t *service, hs_service_descriptor_t *desc, time_t now)
Definition: hs_service.c:3252
Header file containing service data for the HS subsystem.
#define HS_SERVICE_NEXT_UPLOAD_TIME_MIN
Definition: hs_service.h:34
#define HS_SERVICE_DEFAULT_VERSION
Definition: hs_service.h:30
hs_circuit_id_protocol_t
Definition: hs_service.h:194
@ HS_CIRCUIT_ID_PROTOCOL_NONE
Definition: hs_service.h:196
#define HS_SERVICE_NEXT_UPLOAD_TIME_MAX
Definition: hs_service.h:36
#define hs_service_free(s)
Definition: hs_service.h:343
void hs_stats_note_introduce2_cell(void)
Definition: hs_stats.c:20
Header file for hs_stats.c.
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Definition: loadkey.c:379
Header file for loadkey.c.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:590
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:288
#define LD_PROTOCOL
Definition: log.h:72
#define LOG_DEBUG
Definition: log.h:42
#define LD_FS
Definition: log.h:70
#define LD_BUG
Definition: log.h:86
#define LD_GENERAL
Definition: log.h:62
#define LD_CONFIG
Definition: log.h:68
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
int have_completed_a_circuit(void)
Definition: mainloop.c:218
void rescan_periodic_events(const or_options_t *options)
Definition: mainloop.c:1587
Header file for mainloop.c.
void tor_free_(void *mem)
Definition: malloc.c:227
#define tor_free(p)
Definition: malloc.h:56
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:140
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
#define DIGESTMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)
Definition: map.h:165
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:154
int usable_consensus_flavor(void)
Definition: microdesc.c:1086
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
Networkstatus consensus/vote structure.
Header file for nickname.c.
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Definition: node_select.c:979
Header file for node_select.c.
router_crn_flags_t
Definition: node_select.h:16
Node information structure.
bool node_supports_establish_intro_dos_extension(const node_t *node)
Definition: nodelist.c:1286
const char * node_get_nickname(const node_t *node)
Definition: nodelist.c:1450
consensus_path_type_t router_have_consensus_path(void)
Definition: nodelist.c:2460
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:2016
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2427
bool node_supports_ed25519_hs_intro(const node_t *node)
Definition: nodelist.c:1261
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define REND_COOKIE_LEN
Definition: or.h:344
#define INTRO_POINT_LIFETIME_MAX_SECONDS
Definition: or.h:963
#define INTRO_POINT_LIFETIME_MIN_SECONDS
Definition: or.h:958
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
Definition: or.h:947
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
Definition: or.h:968
#define TO_CIRCUIT(x)
Definition: or.h:836
#define REND_REPLAY_TIME_INTERVAL
Definition: or.h:363
#define TO_CONN(c)
Definition: or.h:603
The or_state_t structure, which represents Tor's state file.
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
Header file for relay.c.
replaycache_t * replaycache_new(time_t horizon, time_t interval)
Definition: replaycache.c:47
#define replaycache_free(r)
Definition: replaycache.h:42
Routerstatus (consensus entry) structure.
time_t sr_state_get_start_time_of_previous_protocol_run(void)
unsigned int sr_state_get_protocol_run_duration(void)
time_t sr_state_get_start_time_of_current_protocol_run(void)
Header file for shared_random_client.c.
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Header for statefile.c.
uint8_t state
Definition: circuit_st.h:111
uint8_t purpose
Definition: circuit_st.h:112
uint8_t seckey[ED25519_SECKEY_LEN]
smartlist_t * intro_auth_types
unsigned int single_onion_service
smartlist_t * intro_points
struct hs_desc_intro_point_t::@18::@19 cert
struct hs_desc_intro_point_t::@18 legacy
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * enc_key_cert
tor_cert_t * auth_key_cert
smartlist_t * link_specifiers
tor_cert_t * signing_key_cert
ed25519_public_key_t signing_pubkey
ed25519_public_key_t blinded_pubkey
curve25519_public_key_t auth_ephemeral_pubkey
hs_desc_encrypted_data_t encrypted_data
hs_desc_superencrypted_data_t superencrypted_data
hs_subcredential_t subcredential
hs_desc_plaintext_data_t plaintext_data
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
uint64_t num_rdv_streams
Definition: hs_ident.h:81
ed25519_public_key_t blinded_pk
Definition: hs_ident.h:95
ed25519_public_key_t identity_pk
Definition: hs_ident.h:90
unsigned int is_only_legacy
Definition: hs_intropoint.h:19
smartlist_t * link_specifiers
Definition: hs_intropoint.h:24
curve25519_public_key_t client_pk
Definition: hs_service.h:190
smartlist_t * ob_master_pubkeys
Definition: hs_service.h:262
hs_circuit_id_protocol_t circuit_id_protocol
Definition: hs_service.h:253
uint64_t max_streams_per_rdv_circuit
Definition: hs_service.h:223
unsigned int is_single_onion
Definition: hs_service.h:243
smartlist_t * ports
Definition: hs_service.h:214
unsigned int dir_group_readable
Definition: hs_service.h:247
smartlist_t * clients
Definition: hs_service.h:235
unsigned int max_streams_close_circuit
Definition: hs_service.h:227
unsigned int is_ephemeral
Definition: hs_service.h:250
unsigned int has_dos_defense_enabled
Definition: hs_service.h:256
unsigned int num_intro_points
Definition: hs_service.h:231
unsigned int allow_unknown_ports
Definition: hs_service.h:239
curve25519_keypair_t auth_ephemeral_kp
Definition: hs_service.h:132
smartlist_t * previous_hsdirs
Definition: hs_service.h:173
unsigned int missing_intro_points
Definition: hs_service.h:167
ed25519_keypair_t signing_kp
Definition: hs_service.h:139
struct crypto_ope_t * ope_cipher
Definition: hs_service.h:151
hs_descriptor_t * desc
Definition: hs_service.h:155
ed25519_keypair_t blinded_kp
Definition: hs_service.h:143
uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN]
Definition: hs_service.h:136
hs_service_intropoints_t intro_points
Definition: hs_service.h:163
unsigned int support_intro2_dos_defense
Definition: hs_service.h:89
ed25519_keypair_t auth_key_kp
Definition: hs_service.h:55
hs_intropoint_t base
Definition: hs_service.h:47
replaycache_t * replay_cache
Definition: hs_service.h:85
curve25519_public_key_t onion_key
Definition: hs_service.h:51
curve25519_keypair_t enc_key_kp
Definition: hs_service.h:58
uint8_t legacy_key_digest[DIGEST_LEN]
Definition: hs_service.h:65
crypto_pk_t * legacy_key
Definition: hs_service.h:62
digest256map_t * map
Definition: hs_service.h:104
digestmap_t * failed_id
Definition: hs_service.h:110
ed25519_secret_key_t identity_sk
Definition: hs_service.h:181
ed25519_public_key_t identity_pk
Definition: hs_service.h:179
time_t next_rotation_time
Definition: hs_service.h:285
replaycache_t * replay_cache_rend_cookie
Definition: hs_service.h:281
time_t intro_circ_retry_started_time
Definition: hs_service.h:270
unsigned int num_intro_circ_launched
Definition: hs_service.h:274
hs_service_descriptor_t * desc_current
Definition: hs_service.h:316
hs_service_state_t state
Definition: hs_service.h:307
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_service.h:300
hs_service_config_t config
Definition: hs_service.h:313
hs_service_descriptor_t * desc_next
Definition: hs_service.h:318
hs_service_keys_t keys
Definition: hs_service.h:310
uint8_t store_first[DIGEST256_LEN]
uint8_t store_second[DIGEST256_LEN]
Definition: node_st.h:34
char identity[DIGEST_LEN]
Definition: node_st.h:46
struct routerset_t * ExcludeNodes
int HiddenServiceSingleHopMode
struct hs_ident_circuit_t * hs_ident
crypt_path_t * cpath
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void format_local_iso_time(char *buf, time_t t)
Definition: time_fmt.c:316
void tor_gettimeofday(struct timeval *timeval)
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
Definition: torcert.c:331
tor_cert_t * tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:131
long tv_mdiff(const struct timeval *start, const struct timeval *end)
Definition: tvdiff.c:102
Header for tvdiff.c.
#define tor_assert(expr)
Definition: util_bug.h:102
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:251
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20