search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Now that FOO_free(NULL) always works, remove checks before calling it.
[tor.git] / src / or / rendclient.c
blob9268647c287d60118ac7918ccde4806a786a4ddf
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2009, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4
5 /**
6 * \file rendclient.c
7 * \brief Client code to access location-hidden services.
8 **/
9
10 #include "or.h"
11
12 /** Called when we've established a circuit to an introduction point:
13 * send the introduction request. */
14 void
15 rend_client_introcirc_has_opened(origin_circuit_t *circ)
16 {
17 tor_assert(circ->_base.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
18 tor_assert(circ->cpath);
19
20 log_info(LD_REND,"introcirc is open");
21 connection_ap_attach_pending();
22 }
23
24 /** Send the establish-rendezvous cell along a rendezvous circuit. if
25 * it fails, mark the circ for close and return -1. else return 0.
26 */
27 static int
28 rend_client_send_establish_rendezvous(origin_circuit_t *circ)
29 {
30 tor_assert(circ->_base.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
31 tor_assert(circ->rend_data);
32 log_info(LD_REND, "Sending an ESTABLISH_RENDEZVOUS cell");
33
34 if (crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN) < 0) {
35 log_warn(LD_BUG, "Internal error: Couldn't produce random cookie.");
36 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
37 return -1;
38 }
39 if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
40 RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
41 circ->rend_data->rend_cookie,
42 REND_COOKIE_LEN,
43 circ->cpath->prev)<0) {
44 /* circ is already marked for close */
45 log_warn(LD_GENERAL, "Couldn't send ESTABLISH_RENDEZVOUS cell");
46 return -1;
47 }
48
49 return 0;
50 }
51
52 /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
53 * down introcirc if possible.
54 */
55 int
56 rend_client_send_introduction(origin_circuit_t *introcirc,
57 origin_circuit_t *rendcirc)
58 {
59 size_t payload_len;
60 int r, v3_shift = 0;
61 char payload[RELAY_PAYLOAD_SIZE];
62 char tmp[RELAY_PAYLOAD_SIZE];
63 rend_cache_entry_t *entry;
64 crypt_path_t *cpath;
65 off_t dh_offset;
66 crypto_pk_env_t *intro_key = NULL;
67
68 tor_assert(introcirc->_base.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
69 tor_assert(rendcirc->_base.purpose == CIRCUIT_PURPOSE_C_REND_READY);
70 tor_assert(introcirc->rend_data);
71 tor_assert(rendcirc->rend_data);
72 tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address,
73 rendcirc->rend_data->onion_address));
74
75 if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
76 &entry) < 1) {
77 log_warn(LD_REND,
78 "query %s didn't have valid rend desc in cache. Failing.",
79 escaped_safe_str(introcirc->rend_data->onion_address));
80 goto err;
81 }
82
83 /* first 20 bytes of payload are the hash of the intro key */
84 intro_key = NULL;
85 SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *,
86 intro, {
87 if (!memcmp(introcirc->build_state->chosen_exit->identity_digest,
88 intro->extend_info->identity_digest, DIGEST_LEN)) {
89 intro_key = intro->intro_key;
90 break;
91 }
92 });
93 if (!intro_key) {
94 log_info(LD_REND, "Our introduction point knowledge changed in "
95 "mid-connect! Could not find intro key; we only have a "
96 "v2 rend desc with %d intro points. Giving up.",
97 smartlist_len(entry->parsed->intro_nodes));
98 goto err;
99 }
100 if (crypto_pk_get_digest(intro_key, payload)<0) {
101 log_warn(LD_BUG, "Internal error: couldn't hash public key.");
102 goto err;
103 }
104
105 /* Initialize the pending_final_cpath and start the DH handshake. */
106 cpath = rendcirc->build_state->pending_final_cpath;
107 if (!cpath) {
108 cpath = rendcirc->build_state->pending_final_cpath =
109 tor_malloc_zero(sizeof(crypt_path_t));
110 cpath->magic = CRYPT_PATH_MAGIC;
111 if (!(cpath->dh_handshake_state = crypto_dh_new())) {
112 log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
113 goto err;
114 }
115 if (crypto_dh_generate_public(cpath->dh_handshake_state)<0) {
116 log_warn(LD_BUG, "Internal error: couldn't generate g^x.");
117 goto err;
118 }
119 }
120
121 /* If version is 3, write (optional) auth data and timestamp. */
122 if (entry->parsed->protocols & (1<<3)) {
123 tmp[0] = 3; /* version 3 of the cell format */
124 tmp[1] = (uint8_t)introcirc->rend_data->auth_type; /* auth type, if any */
125 v3_shift = 1;
126 if (introcirc->rend_data->auth_type != REND_NO_AUTH) {
127 set_uint16(tmp+2, htons(REND_DESC_COOKIE_LEN));
128 memcpy(tmp+4, introcirc->rend_data->descriptor_cookie,
129 REND_DESC_COOKIE_LEN);
130 v3_shift += 2+REND_DESC_COOKIE_LEN;
131 }
132 set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
133 v3_shift += 4;
134 } /* if version 2 only write version number */
135 else if (entry->parsed->protocols & (1<<2)) {
136 tmp[0] = 2; /* version 2 of the cell format */
137 }
138
139 /* write the remaining items into tmp */
140 if (entry->parsed->protocols & (1<<3) || entry->parsed->protocols & (1<<2)) {
141 /* version 2 format */
142 extend_info_t *extend_info = rendcirc->build_state->chosen_exit;
143 int klen;
144 /* nul pads */
145 set_uint32(tmp+v3_shift+1, tor_addr_to_ipv4h(&extend_info->addr));
146 set_uint16(tmp+v3_shift+5, htons(extend_info->port));
147 memcpy(tmp+v3_shift+7, extend_info->identity_digest, DIGEST_LEN);
148 klen = crypto_pk_asn1_encode(extend_info->onion_key,
149 tmp+v3_shift+7+DIGEST_LEN+2,
150 sizeof(tmp)-(v3_shift+7+DIGEST_LEN+2));
151 set_uint16(tmp+v3_shift+7+DIGEST_LEN, htons(klen));
152 memcpy(tmp+v3_shift+7+DIGEST_LEN+2+klen, rendcirc->rend_data->rend_cookie,
153 REND_COOKIE_LEN);
154 dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN;
155 } else {
156 /* Version 0. */
157 strncpy(tmp, rendcirc->build_state->chosen_exit->nickname,
158 (MAX_NICKNAME_LEN+1)); /* nul pads */
159 memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie,
160 REND_COOKIE_LEN);
161 dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN;
162 }
163
164 if (crypto_dh_get_public(cpath->dh_handshake_state, tmp+dh_offset,
165 DH_KEY_LEN)<0) {
166 log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
167 goto err;
168 }
169
170 note_crypto_pk_op(REND_CLIENT);
171 /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
172 * to avoid buffer overflows? */
173 r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
174 tmp,
175 (int)(dh_offset+DH_KEY_LEN),
176 PK_PKCS1_OAEP_PADDING, 0);
177 if (r<0) {
178 log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
179 goto err;
180 }
181
182 payload_len = DIGEST_LEN + r;
183 tor_assert(payload_len <= RELAY_PAYLOAD_SIZE); /* we overran something */
184
185 log_info(LD_REND, "Sending an INTRODUCE1 cell");
186 if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc),
187 RELAY_COMMAND_INTRODUCE1,
188 payload, payload_len,
189 introcirc->cpath->prev)<0) {
190 /* introcirc is already marked for close. leave rendcirc alone. */
191 log_warn(LD_BUG, "Couldn't send INTRODUCE1 cell");
192 return -1;
193 }
194
195 /* Now, we wait for an ACK or NAK on this circuit. */
196 introcirc->_base.purpose = CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT;
197
198 return 0;
199 err:
200 circuit_mark_for_close(TO_CIRCUIT(introcirc), END_CIRC_REASON_INTERNAL);
201 circuit_mark_for_close(TO_CIRCUIT(rendcirc), END_CIRC_REASON_INTERNAL);
202 return -1;
203 }
204
205 /** Called when a rendezvous circuit is open; sends a establish
206 * rendezvous circuit as appropriate. */
207 void
208 rend_client_rendcirc_has_opened(origin_circuit_t *circ)
209 {
210 tor_assert(circ->_base.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
211
212 log_info(LD_REND,"rendcirc is open");
213
214 /* generate a rendezvous cookie, store it in circ */
215 if (rend_client_send_establish_rendezvous(circ) < 0) {
216 return;
217 }
218 }
219
220 /** Called when get an ACK or a NAK for a REND_INTRODUCE1 cell.
221 */
222 int
223 rend_client_introduction_acked(origin_circuit_t *circ,
224 const char *request, size_t request_len)
225 {
226 origin_circuit_t *rendcirc;
227 (void) request; // XXXX Use this.
228
229 if (circ->_base.purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
230 log_warn(LD_PROTOCOL,
231 "Received REND_INTRODUCE_ACK on unexpected circuit %d.",
232 circ->_base.n_circ_id);
233 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
234 return -1;
235 }
236
237 tor_assert(circ->build_state->chosen_exit);
238 tor_assert(circ->rend_data);
239
240 if (request_len == 0) {
241 /* It's an ACK; the introduction point relayed our introduction request. */
242 /* Locate the rend circ which is waiting to hear about this ack,
243 * and tell it.
244 */
245 log_info(LD_REND,"Received ack. Telling rend circ...");
246 rendcirc = circuit_get_by_rend_query_and_purpose(
247 circ->rend_data->onion_address, CIRCUIT_PURPOSE_C_REND_READY);
248 if (rendcirc) { /* remember the ack */
249 rendcirc->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED;
250 } else {
251 log_info(LD_REND,"...Found no rend circ. Dropping on the floor.");
252 }
253 /* close the circuit: we won't need it anymore. */
254 circ->_base.purpose = CIRCUIT_PURPOSE_C_INTRODUCE_ACKED;
255 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
256 } else {
257 /* It's a NAK; the introduction point didn't relay our request. */
258 circ->_base.purpose = CIRCUIT_PURPOSE_C_INTRODUCING;
259 /* Remove this intro point from the set of viable introduction
260 * points. If any remain, extend to a new one and try again.
261 * If none remain, refetch the service descriptor.
262 */
263 if (rend_client_remove_intro_point(circ->build_state->chosen_exit,
264 circ->rend_data) > 0) {
265 /* There are introduction points left. Re-extend the circuit to
266 * another intro point and try again. */
267 extend_info_t *extend_info;
268 int result;
269 extend_info = rend_client_get_random_intro(circ->rend_data);
270 if (!extend_info) {
271 log_warn(LD_REND, "No introduction points left for %s. Closing.",
272 escaped_safe_str(circ->rend_data->onion_address));
273 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
274 return -1;
275 }
276 if (circ->remaining_relay_early_cells) {
277 log_info(LD_REND,
278 "Got nack for %s from %s. Re-extending circ %d, "
279 "this time to %s.",
280 escaped_safe_str(circ->rend_data->onion_address),
281 circ->build_state->chosen_exit->nickname,
282 circ->_base.n_circ_id, extend_info->nickname);
283 result = circuit_extend_to_new_exit(circ, extend_info);
284 } else {
285 log_info(LD_REND,
286 "Got nack for %s from %s. Building a new introduction "
287 "circuit, this time to %s.",
288 escaped_safe_str(circ->rend_data->onion_address),
289 circ->build_state->chosen_exit->nickname,
290 extend_info->nickname);
291 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
292 if (!circuit_launch_by_extend_info(CIRCUIT_PURPOSE_C_INTRODUCING,
293 extend_info,
294 CIRCLAUNCH_IS_INTERNAL)) {
295 log_warn(LD_REND, "Building introduction circuit failed.");
296 result = -1;
297 } else {
298 result = 0;
299 }
300 }
301 extend_info_free(extend_info);
302 return result;
303 }
304 }
305 return 0;
306 }
307
308 /** The period for which a hidden service directory cannot be queried for
309 * the same descriptor ID again. */
310 #define REND_HID_SERV_DIR_REQUERY_PERIOD (15 * 60)
311
312 /** Contains the last request times to hidden service directories for
313 * certain queries; keys are strings consisting of base32-encoded
314 * hidden service directory identities and base32-encoded descriptor IDs;
315 * values are pointers to timestamps of the last requests. */
316 static strmap_t *last_hid_serv_requests = NULL;
317
318 /** Look up the last request time to hidden service directory <b>hs_dir</b>
319 * for descriptor ID <b>desc_id_base32</b>. If <b>set</b> is non-zero,
320 * assign the current time <b>now</b> and return that. Otherwise, return
321 * the most recent request time, or 0 if no such request has been sent
322 * before. */
323 static time_t
324 lookup_last_hid_serv_request(routerstatus_t *hs_dir,
325 const char *desc_id_base32, time_t now, int set)
326 {
327 char hsdir_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
328 char hsdir_desc_comb_id[2 * REND_DESC_ID_V2_LEN_BASE32 + 1];
329 time_t *last_request_ptr;
330 base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
331 hs_dir->identity_digest, DIGEST_LEN);
332 tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s",
333 hsdir_id_base32, desc_id_base32);
334 if (set) {
335 last_request_ptr = tor_malloc_zero(sizeof(time_t *));
336 *last_request_ptr = now;
337 strmap_set(last_hid_serv_requests, hsdir_desc_comb_id, last_request_ptr);
338 } else
339 last_request_ptr = strmap_get_lc(last_hid_serv_requests,
340 hsdir_desc_comb_id);
341 return (last_request_ptr) ? *last_request_ptr : 0;
342 }
343
344 /** Clean the history of request times to hidden service directories, so that
345 * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
346 * seconds any more. */
347 static void
348 directory_clean_last_hid_serv_requests(void)
349 {
350 strmap_iter_t *iter;
351 time_t cutoff = time(NULL) - REND_HID_SERV_DIR_REQUERY_PERIOD;
352 if (!last_hid_serv_requests)
353 last_hid_serv_requests = strmap_new();
354 for (iter = strmap_iter_init(last_hid_serv_requests);
355 !strmap_iter_done(iter); ) {
356 const char *key;
357 void *val;
358 time_t *ent;
359 strmap_iter_get(iter, &key, &val);
360 ent = (time_t *) val;
361 if (*ent < cutoff) {
362 iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
363 tor_free(ent);
364 } else {
365 iter = strmap_iter_next(last_hid_serv_requests, iter);
366 }
367 }
368 }
369
370 /** Determine the responsible hidden service directories for <b>desc_id</b>
371 * and fetch the descriptor belonging to that ID from one of them. Only
372 * send a request to hidden service directories that we did not try within
373 * the last REND_HID_SERV_DIR_REQUERY_PERIOD seconds; on success, return 1,
374 * in the case that no hidden service directory is left to ask for the
375 * descriptor, return 0, and in case of a failure -1. <b>query</b> is only
376 * passed for pretty log statements. */
377 static int
378 directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
379 {
380 smartlist_t *responsible_dirs = smartlist_create();
381 routerstatus_t *hs_dir;
382 char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
383 time_t now = time(NULL);
384 char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
385 tor_assert(desc_id);
386 tor_assert(rend_query);
387 /* Determine responsible dirs. Even if we can't get all we want,
388 * work with the ones we have. If it's empty, we'll notice below. */
389 (int) hid_serv_get_responsible_directories(responsible_dirs, desc_id);
390
391 base32_encode(desc_id_base32, sizeof(desc_id_base32),
392 desc_id, DIGEST_LEN);
393
394 /* Only select those hidden service directories to which we did not send
395 * a request recently and for which we have a router descriptor here. */
396 directory_clean_last_hid_serv_requests(); /* Clean request history first. */
397
398 SMARTLIST_FOREACH(responsible_dirs, routerstatus_t *, dir, {
399 if (lookup_last_hid_serv_request(dir, desc_id_base32, 0, 0) +
400 REND_HID_SERV_DIR_REQUERY_PERIOD >= now ||
401 !router_get_by_digest(dir->identity_digest))
402 SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
403 });
404
405 hs_dir = smartlist_choose(responsible_dirs);
406 smartlist_free(responsible_dirs);
407 if (!hs_dir) {
408 log_info(LD_REND, "Could not pick one of the responsible hidden "
409 "service directories, because we requested them all "
410 "recently without success.");
411 return 0;
412 }
413
414 /* Remember, that we are requesting a descriptor from this hidden service
415 * directory now. */
416 lookup_last_hid_serv_request(hs_dir, desc_id_base32, now, 1);
417
418 /* Encode descriptor cookie for logging purposes. */
419 if (rend_query->auth_type != REND_NO_AUTH) {
420 if (base64_encode(descriptor_cookie_base64,
421 sizeof(descriptor_cookie_base64),
422 rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN)<0) {
423 log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
424 return 0;
425 }
426 /* Remove == signs and newline. */
427 descriptor_cookie_base64[strlen(descriptor_cookie_base64)-3] = '\0';
428 } else {
429 strlcpy(descriptor_cookie_base64, "(none)",
430 sizeof(descriptor_cookie_base64));
431 }
432
433 /* Send fetch request. (Pass query and possibly descriptor cookie so that
434 * they can be written to the directory connection and be referred to when
435 * the response arrives. */
436 directory_initiate_command_routerstatus_rend(hs_dir,
437 DIR_PURPOSE_FETCH_RENDDESC_V2,
438 ROUTER_PURPOSE_GENERAL,
439 1, desc_id_base32, NULL, 0, 0,
440 rend_query);
441 log_info(LD_REND, "Sending fetch request for v2 descriptor for "
442 "service '%s' with descriptor ID '%s', auth type %d, "
443 "and descriptor cookie '%s' to hidden service "
444 "directory '%s' on port %d.",
445 rend_query->onion_address, desc_id_base32,
446 rend_query->auth_type,
447 (rend_query->auth_type == REND_NO_AUTH ? "[none]" :
448 escaped_safe_str(descriptor_cookie_base64)),
449 hs_dir->nickname, hs_dir->dir_port);
450 return 1;
451 }
452
453 /** Unless we already have a descriptor for <b>rend_query</b> with at least
454 * one (possibly) working introduction point in it, start a connection to a
455 * hidden service directory to fetch a v2 rendezvous service descriptor. */
456 void
457 rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
458 {
459 char descriptor_id[DIGEST_LEN];
460 int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
461 int i, tries_left;
462 rend_cache_entry_t *e = NULL;
463 tor_assert(rend_query);
464 /* Are we configured to fetch descriptors? */
465 if (!get_options()->FetchHidServDescriptors) {
466 log_warn(LD_REND, "We received an onion address for a v2 rendezvous "
467 "service descriptor, but are not fetching service descriptors.");
468 return;
469 }
470 /* Before fetching, check if we already have the descriptor here. */
471 if (rend_cache_lookup_entry(rend_query->onion_address, -1, &e) > 0) {
472 log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we "
473 "already have that descriptor here. Not fetching.");
474 return;
475 }
476 log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",
477 safe_str(rend_query->onion_address));
478 /* Randomly iterate over the replicas until a descriptor can be fetched
479 * from one of the consecutive nodes, or no options are left. */
480 tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
481 for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++)
482 replicas_left_to_try[i] = i;
483 while (tries_left > 0) {
484 int rand = crypto_rand_int(tries_left);
485 int chosen_replica = replicas_left_to_try[rand];
486 replicas_left_to_try[rand] = replicas_left_to_try[--tries_left];
487
488 if (rend_compute_v2_desc_id(descriptor_id, rend_query->onion_address,
489 rend_query->auth_type == REND_STEALTH_AUTH ?
490 rend_query->descriptor_cookie : NULL,
491 time(NULL), chosen_replica) < 0) {
492 log_warn(LD_REND, "Internal error: Computing v2 rendezvous "
493 "descriptor ID did not succeed.");
494 return;
495 }
496 if (directory_get_from_hs_dir(descriptor_id, rend_query) != 0)
497 return; /* either success or failure, but we're done */
498 }
499 /* If we come here, there are no hidden service directories left. */
500 log_info(LD_REND, "Could not pick one of the responsible hidden "
501 "service directories to fetch descriptors, because "
502 "we already tried them all unsuccessfully.");
503 /* Close pending connections. */
504 rend_client_desc_trynow(rend_query->onion_address);
505 return;
506 }
507
508 /** Remove failed_intro from ent. If ent now has no intro points, or
509 * service is unrecognized, then launch a new renddesc fetch.
510 *
511 * Return -1 if error, 0 if no intro points remain or service
512 * unrecognized, 1 if recognized and some intro points remain.
513 */
514 int
515 rend_client_remove_intro_point(extend_info_t *failed_intro,
516 const rend_data_t *rend_query)
517 {
518 int i, r;
519 rend_cache_entry_t *ent;
520 connection_t *conn;
521
522 r = rend_cache_lookup_entry(rend_query->onion_address, -1, &ent);
523 if (r<0) {
524 log_warn(LD_BUG, "Malformed service ID %s.",
525 escaped_safe_str(rend_query->onion_address));
526 return -1;
527 }
528 if (r==0) {
529 log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
530 escaped_safe_str(rend_query->onion_address));
531 rend_client_refetch_v2_renddesc(rend_query);
532 return 0;
533 }
534
535 for (i = 0; i < smartlist_len(ent->parsed->intro_nodes); i++) {
536 rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i);
537 if (!memcmp(failed_intro->identity_digest,
538 intro->extend_info->identity_digest, DIGEST_LEN)) {
539 rend_intro_point_free(intro);
540 smartlist_del(ent->parsed->intro_nodes, i);
541 break;
542 }
543 }
544
545 if (smartlist_len(ent->parsed->intro_nodes) == 0) {
546 log_info(LD_REND,
547 "No more intro points remain for %s. Re-fetching descriptor.",
548 escaped_safe_str(rend_query->onion_address));
549 rend_client_refetch_v2_renddesc(rend_query);
550
551 /* move all pending streams back to renddesc_wait */
552 while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
553 AP_CONN_STATE_CIRCUIT_WAIT,
554 rend_query->onion_address))) {
555 conn->state = AP_CONN_STATE_RENDDESC_WAIT;
556 }
557
558 return 0;
559 }
560 log_info(LD_REND,"%d options left for %s.",
561 smartlist_len(ent->parsed->intro_nodes),
562 escaped_safe_str(rend_query->onion_address));
563 return 1;
564 }
565
566 /** Called when we receive a RENDEZVOUS_ESTABLISHED cell; changes the state of
567 * the circuit to C_REND_READY.
568 */
569 int
570 rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request,
571 size_t request_len)
572 {
573 (void) request;
574 (void) request_len;
575 /* we just got an ack for our establish-rendezvous. switch purposes. */
576 if (circ->_base.purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
577 log_warn(LD_PROTOCOL,"Got a rendezvous ack when we weren't expecting one. "
578 "Closing circ.");
579 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
580 return -1;
581 }
582 log_info(LD_REND,"Got rendezvous ack. This circuit is now ready for "
583 "rendezvous.");
584 circ->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY;
585 /* XXXX022 This is a pretty brute-force approach. It'd be better to
586 * attach only the connections that are waiting on this circuit, rather
587 * than trying to attach them all. See comments bug 743. */
588 /* If we already have the introduction circuit built, make sure we send
589 * the INTRODUCE cell _now_ */
590 connection_ap_attach_pending();
591 return 0;
592 }
593
594 /** Bob sent us a rendezvous cell; join the circuits. */
595 int
596 rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
597 size_t request_len)
598 {
599 crypt_path_t *hop;
600 char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
601
602 if ((circ->_base.purpose != CIRCUIT_PURPOSE_C_REND_READY &&
603 circ->_base.purpose != CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED)
604 || !circ->build_state->pending_final_cpath) {
605 log_warn(LD_PROTOCOL,"Got rendezvous2 cell from hidden service, but not "
606 "expecting it. Closing.");
607 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
608 return -1;
609 }
610
611 if (request_len != DH_KEY_LEN+DIGEST_LEN) {
612 log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
613 (int)request_len);
614 goto err;
615 }
616
617 log_info(LD_REND,"Got RENDEZVOUS2 cell from hidden service.");
618
619 /* first DH_KEY_LEN bytes are g^y from bob. Finish the dh handshake...*/
620 tor_assert(circ->build_state);
621 tor_assert(circ->build_state->pending_final_cpath);
622 hop = circ->build_state->pending_final_cpath;
623 tor_assert(hop->dh_handshake_state);
624 if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->dh_handshake_state,
625 request, DH_KEY_LEN, keys,
626 DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
627 log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
628 goto err;
629 }
630 /* ... and set up cpath. */
631 if (circuit_init_cpath_crypto(hop, keys+DIGEST_LEN, 0)<0)
632 goto err;
633
634 /* Check whether the digest is right... */
635 if (memcmp(keys, request+DH_KEY_LEN, DIGEST_LEN)) {
636 log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
637 goto err;
638 }
639
640 crypto_dh_free(hop->dh_handshake_state);
641 hop->dh_handshake_state = NULL;
642
643 /* All is well. Extend the circuit. */
644 circ->_base.purpose = CIRCUIT_PURPOSE_C_REND_JOINED;
645 hop->state = CPATH_STATE_OPEN;
646 /* set the windows to default. these are the windows
647 * that alice thinks bob has.
648 */
649 hop->package_window = circuit_initial_package_window();
650 hop->deliver_window = CIRCWINDOW_START;
651
652 onion_append_to_cpath(&circ->cpath, hop);
653 circ->build_state->pending_final_cpath = NULL; /* prevent double-free */
654 /* XXXX022 This is a pretty brute-force approach. It'd be better to
655 * attach only the connections that are waiting on this circuit, rather
656 * than trying to attach them all. See comments bug 743. */
657 connection_ap_attach_pending();
658 return 0;
659 err:
660 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
661 return -1;
662 }
663
664 /** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that are
665 * waiting on <b>query</b>. If there's a working cache entry here with at
666 * least one intro point, move them to the next state. */
667 void
668 rend_client_desc_trynow(const char *query)
669 {
670 edge_connection_t *conn;
671 rend_cache_entry_t *entry;
672 time_t now = time(NULL);
673
674 smartlist_t *conns = get_connection_array();
675 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, _conn) {
676 if (_conn->type != CONN_TYPE_AP ||
677 _conn->state != AP_CONN_STATE_RENDDESC_WAIT ||
678 _conn->marked_for_close)
679 continue;
680 conn = TO_EDGE_CONN(_conn);
681 if (!conn->rend_data)
682 continue;
683 if (rend_cmp_service_ids(query, conn->rend_data->onion_address))
684 continue;
685 assert_connection_ok(TO_CONN(conn), now);
686 if (rend_cache_lookup_entry(conn->rend_data->onion_address, -1,
687 &entry) == 1 &&
688 smartlist_len(entry->parsed->intro_nodes) > 0) {
689 /* either this fetch worked, or it failed but there was a
690 * valid entry from before which we should reuse */
691 log_info(LD_REND,"Rend desc is usable. Launching circuits.");
692 conn->_base.state = AP_CONN_STATE_CIRCUIT_WAIT;
693
694 /* restart their timeout values, so they get a fair shake at
695 * connecting to the hidden service. */
696 conn->_base.timestamp_created = now;
697 conn->_base.timestamp_lastread = now;
698 conn->_base.timestamp_lastwritten = now;
699
700 if (connection_ap_handshake_attach_circuit(conn) < 0) {
701 /* it will never work */
702 log_warn(LD_REND,"Rendezvous attempt failed. Closing.");
703 if (!conn->_base.marked_for_close)
704 connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
705 }
706 } else { /* 404, or fetch didn't get that far */
707 log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
708 "unavailable (try again later).", safe_str(query));
709 connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
710 }
711 } SMARTLIST_FOREACH_END(_conn);
712 }
713
714 /** Return a newly allocated extend_info_t* for a randomly chosen introduction
715 * point for the named hidden service. Return NULL if all introduction points
716 * have been tried and failed.
717 */
718 extend_info_t *
719 rend_client_get_random_intro(const rend_data_t *rend_query)
720 {
721 int i;
722 rend_cache_entry_t *entry;
723 rend_intro_point_t *intro;
724 routerinfo_t *router;
725
726 if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) {
727 log_warn(LD_REND,
728 "Query '%s' didn't have valid rend desc in cache. Failing.",
729 safe_str(rend_query->onion_address));
730 return NULL;
731 }
732
733 again:
734 if (smartlist_len(entry->parsed->intro_nodes) == 0)
735 return NULL;
736
737 i = crypto_rand_int(smartlist_len(entry->parsed->intro_nodes));
738 intro = smartlist_get(entry->parsed->intro_nodes, i);
739 /* Do we need to look up the router or is the extend info complete? */
740 if (!intro->extend_info->onion_key) {
741 router = router_get_by_nickname(intro->extend_info->nickname, 0);
742 if (!router) {
743 log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
744 intro->extend_info->nickname);
745 rend_intro_point_free(intro);
746 smartlist_del(entry->parsed->intro_nodes, i);
747 goto again;
748 }
749 extend_info_free(intro->extend_info);
750 intro->extend_info = extend_info_from_router(router);
751 }
752 return extend_info_dup(intro->extend_info);
753 }
754
755 /** Client-side authorizations for hidden services; map of onion address to
756 * rend_service_authorization_t*. */
757 static strmap_t *auth_hid_servs = NULL;
758
759 /** Look up the client-side authorization for the hidden service with
760 * <b>onion_address</b>. Return NULL if no authorization is available for
761 * that address. */
762 rend_service_authorization_t*
763 rend_client_lookup_service_authorization(const char *onion_address)
764 {
765 tor_assert(onion_address);
766 if (!auth_hid_servs) return NULL;
767 return strmap_get(auth_hid_servs, onion_address);
768 }
769
770 /** Helper: Free storage held by rend_service_authorization_t. */
771 static void
772 rend_service_authorization_free(rend_service_authorization_t *auth)
773 {
774 tor_free(auth);
775 }
776
777 /** Helper for strmap_free. */
778 static void
779 rend_service_authorization_strmap_item_free(void *service_auth)
780 {
781 rend_service_authorization_free(service_auth);
782 }
783
784 /** Release all the storage held in auth_hid_servs.
785 */
786 void
787 rend_service_authorization_free_all(void)
788 {
789 if (!auth_hid_servs) {
790 return;
791 }
792 strmap_free(auth_hid_servs, rend_service_authorization_strmap_item_free);
793 auth_hid_servs = NULL;
794 }
795
796 /** Parse <b>config_line</b> as a client-side authorization for a hidden
797 * service and add it to the local map of hidden service authorizations.
798 * Return 0 for success and -1 for failure. */
799 int
800 rend_parse_service_authorization(or_options_t *options, int validate_only)
801 {
802 config_line_t *line;
803 int res = -1;
804 strmap_t *parsed = strmap_new();
805 smartlist_t *sl = smartlist_create();
806 rend_service_authorization_t *auth = NULL;
807
808 for (line = options->HidServAuth; line; line = line->next) {
809 char *onion_address, *descriptor_cookie;
810 char descriptor_cookie_tmp[REND_DESC_COOKIE_LEN+2];
811 char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_BASE64+2+1];
812 int auth_type_val = 0;
813 auth = NULL;
814 SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
815 smartlist_clear(sl);
816 smartlist_split_string(sl, line->value, " ",
817 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
818 if (smartlist_len(sl) < 2) {
819 log_warn(LD_CONFIG, "Configuration line does not consist of "
820 "\"onion-address authorization-cookie [service-name]\": "
821 "'%s'", line->value);
822 goto err;
823 }
824 auth = tor_malloc_zero(sizeof(rend_service_authorization_t));
825 /* Parse onion address. */
826 onion_address = smartlist_get(sl, 0);
827 if (strlen(onion_address) != REND_SERVICE_ADDRESS_LEN ||
828 strcmpend(onion_address, ".onion")) {
829 log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
830 onion_address);
831 goto err;
832 }
833 strlcpy(auth->onion_address, onion_address, REND_SERVICE_ID_LEN_BASE32+1);
834 if (!rend_valid_service_id(auth->onion_address)) {
835 log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
836 onion_address);
837 goto err;
838 }
839 /* Parse descriptor cookie. */
840 descriptor_cookie = smartlist_get(sl, 1);
841 if (strlen(descriptor_cookie) != REND_DESC_COOKIE_LEN_BASE64) {
842 log_warn(LD_CONFIG, "Authorization cookie has wrong length: '%s'",
843 descriptor_cookie);
844 goto err;
845 }
846 /* Add trailing zero bytes (AA) to make base64-decoding happy. */
847 tor_snprintf(descriptor_cookie_base64ext,
848 REND_DESC_COOKIE_LEN_BASE64+2+1,
849 "%sAA", descriptor_cookie);
850 if (base64_decode(descriptor_cookie_tmp, sizeof(descriptor_cookie_tmp),
851 descriptor_cookie_base64ext,
852 strlen(descriptor_cookie_base64ext)) < 0) {
853 log_warn(LD_CONFIG, "Decoding authorization cookie failed: '%s'",
854 descriptor_cookie);
855 goto err;
856 }
857 auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1;
858 if (auth_type_val < 1 || auth_type_val > 2) {
859 log_warn(LD_CONFIG, "Authorization cookie has unknown authorization "
860 "type encoded.");
861 goto err;
862 }
863 auth->auth_type = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH;
864 memcpy(auth->descriptor_cookie, descriptor_cookie_tmp,
865 REND_DESC_COOKIE_LEN);
866 if (strmap_get(parsed, auth->onion_address)) {
867 log_warn(LD_CONFIG, "Duplicate authorization for the same hidden "
868 "service.");
869 goto err;
870 }
871 strmap_set(parsed, auth->onion_address, auth);
872 auth = NULL;
873 }
874 res = 0;
875 goto done;
876 err:
877 res = -1;
878 done:
879 rend_service_authorization_free(auth);
880 SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
881 smartlist_free(sl);
882 if (!validate_only && res == 0) {
883 rend_service_authorization_free_all();
884 auth_hid_servs = parsed;
885 } else {
886 strmap_free(parsed, rend_service_authorization_strmap_item_free);
887 }
888 return res;
889 }
890
The Onion Router