| blob | df53efd32d031eeb8c3b9c48a0e47b2537fb8f55 |
1 /* Copyright (c) 2016-2017, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file hs_cache.c
6 * \brief Handle hidden service descriptor caches.
7 **/
9 /* For unit tests.*/
10 #define HS_CACHE_PRIVATE
26 /********************** Directory HS cache ******************/
28 /* Directory descriptor cache. Map indexed by blinded key. */
31 /* Remove a given descriptor from our cache. */
32 static void
34 {
37 }
39 /* Store a given descriptor in our cache. */
40 static void
42 {
45 }
47 /* Query our cache and return the entry or NULL if not found. */
50 {
53 }
55 #define cache_dir_desc_free(val) \
56 FREE_AND_NULL(hs_cache_dir_descriptor_t, cache_dir_desc_free_, (val))
58 /* Free a directory descriptor object. */
59 static void
61 {
64 }
68 }
70 /* Helper function: Use by the free all function using the digest256map
71 * interface to cache entries. */
72 static void
74 {
76 }
78 /* Create a new directory cache descriptor object from a encoded descriptor.
79 * On success, return the heap-allocated cache object, otherwise return NULL if
80 * we can't decode the descriptor. */
83 {
96 }
98 /* The blinded pubkey is the indexed key. */
103 err:
106 }
108 /* Return the size of a cache entry in bytes. */
109 static size_t
111 {
114 }
116 /* Try to store a valid version 3 descriptor in the directory cache. Return 0
117 * on success else a negative value is returned indicating that we have a
118 * newer version in our cache. On error, caller is responsible to free the
119 * given descriptor desc. */
120 static int
122 {
127 /* Verify if we have an entry in the cache for that key and if yes, check
128 * if we should replace it? */
131 /* Only replace descriptor if revision-counter is greater than the one
132 * in our cache */
136 "greater or equal than the one we received (%d/%d). "
141 }
142 /* We now know that the descriptor we just received is a new one so
143 * remove the entry we currently have from our cache so we can then
144 * store the new one. */
148 }
149 /* Store the descriptor we just got. We are sure here that either we
150 * don't have the entry or we have a newer descriptor and the old one
151 * has been removed from the cache. */
154 /* Update our total cache size with this entry for the OOM. This uses the
155 * old HS protocol cache subsystem for which we are tied with. */
158 /* XXX: Update HS statistics. We should have specific stats for v3. */
162 err:
164 }
166 /* Using the query which is the base64 encoded blinded key of a version 3
167 * descriptor, lookup in our directory cache the entry. If found, 1 is
168 * returned and desc_out is populated with a newly allocated string being the
169 * encoded descriptor. If not found, 0 is returned and desc_out is untouched.
170 * On error, a negative value is returned and desc_out is untouched. */
171 static int
173 {
175 ed25519_public_key_t blinded_key;
180 /* Decode blinded key using the given query value. */
185 }
192 }
193 }
197 err:
199 }
201 /* Clean the v3 cache by removing any entry that has expired using the
202 * <b>global_cutoff</b> value. If <b>global_cutoff</b> is 0, the cleaning
203 * process will use the lifetime found in the plaintext data section. Return
204 * the number of bytes cleaned. */
205 STATIC size_t
207 {
210 /* Code flow error if this ever happens. */
215 }
222 /* Cutoff is the lifetime of the entry found in the descriptor. */
224 }
226 /* If the entry has been created _after_ the cutoff, not expired so
227 * continue to the next entry in our v3 cache. */
230 }
231 /* Here, our entry has expired, remove and free. */
235 /* Entry is not in the cache anymore, destroy it. */
237 /* Update our cache entry allocation size for the OOM. */
239 /* Logging. */
240 {
245 }
249 }
251 /* Given an encoded descriptor, store it in the directory cache depending on
252 * which version it is. Return a negative value on error. On success, 0 is
253 * returned. */
254 int
256 {
261 /* Create a new cache object. This can fail if the descriptor plaintext data
262 * is unparseable which in this case a log message will be triggered. */
266 }
268 /* Call the right function against the descriptor version. At this point,
269 * we are sure that the descriptor's version is supported else the
270 * decoding would have failed. */
276 }
278 }
281 err:
284 }
286 /* Using the query, lookup in our directory cache the entry. If found, 1 is
287 * returned and desc_out is populated with a newly allocated string being
288 * the encoded descriptor. If not found, 0 is returned and desc_out is
289 * untouched. On error, a negative value is returned and desc_out is
290 * untouched. */
291 int
294 {
298 /* This should never be called with an unsupported version. */
306 }
309 }
311 /* Clean all directory caches using the current time now. */
312 void
314 {
317 /* Start with v2 cache cleaning. */
321 /* Now, clean the v3 cache. Set the cutoff to 0 telling the cleanup function
322 * to compute the cutoff by itself using the lifetime value. */
324 }
326 /********************** Client-side HS cache ******************/
328 /* Client-side HS descriptor cache. Map indexed by service identity key. */
331 /* Client-side introduction point state cache. Map indexed by service public
332 * identity key (onion address). It contains hs_cache_client_intro_state_t
333 * objects all related to a specific service. */
336 /* Return the size of a client cache entry in bytes. */
337 static size_t
339 {
342 }
344 /* Remove a given descriptor from our cache. */
345 static void
347 {
350 /* Update cache size with this entry for the OOM handler. */
352 }
354 /* Store a given descriptor in our cache. */
355 static void
357 {
360 /* Update cache size with this entry for the OOM handler. */
362 }
364 /* Query our cache and return the entry or NULL if not found or if expired. */
365 STATIC hs_cache_client_descriptor_t *
367 {
373 /* Do the lookup */
377 }
379 /* Don't return expired entries */
382 }
385 }
387 /* Parse the encoded descriptor in <b>desc_str</b> using
388 * <b>service_identity_pk<b> to decrypt it first.
389 *
390 * If everything goes well, allocate and return a new
391 * hs_cache_client_descriptor_t object. In case of error, return NULL. */
395 {
402 /* Decode the descriptor we just fetched. */
405 }
408 /* All is good: make a cache object for this descriptor */
411 /* Set expiration time for this cached descriptor to be the start of the next
412 * time period since that's when clients need to start using the next blinded
413 * pk of the service (and hence will need its next descriptor). */
418 end:
420 }
422 #define cache_client_desc_free(val) \
423 FREE_AND_NULL(hs_cache_client_descriptor_t, cache_client_desc_free_, (val))
425 /** Free memory allocated by <b>desc</b>. */
426 static void
428 {
431 }
437 }
439 /** Helper function: Use by the free all function to clear the client cache */
440 static void
442 {
445 }
447 /* Return a newly allocated and initialized hs_cache_intro_state_t object. */
450 {
454 }
456 #define cache_intro_state_free(val) \
457 FREE_AND_NULL(hs_cache_intro_state_t, cache_intro_state_free_, (val))
459 /* Free an hs_cache_intro_state_t object. */
460 static void
462 {
464 }
466 /* Helper function: use by the free all function. */
467 static void
469 {
471 }
473 /* Return a newly allocated and initialized hs_cache_client_intro_state_t
474 * object. */
477 {
481 }
483 #define cache_client_intro_state_free(val) \
484 FREE_AND_NULL(hs_cache_client_intro_state_t, \
485 cache_client_intro_state_free_, (val))
487 /* Free a cache client intro state object. */
488 static void
490 {
493 }
496 }
498 /* Helper function: use by the free all function. */
499 static void
501 {
503 }
505 /* For the given service identity key service_pk and an introduction
506 * authentication key auth_key, lookup the intro state object. Return 1 if
507 * found and put it in entry if not NULL. Return 0 if not found and entry is
508 * untouched. */
509 static int
513 {
520 /* Lookup the intro state cache for this service key. */
524 }
526 /* From the cache we just found for the service, lookup in the introduction
527 * points map for the given authentication key. */
531 }
534 }
536 not_found:
538 }
540 /* Note the given failure in state. */
541 static void
543 rend_intro_point_failure_t failure)
544 {
559 }
560 }
562 /* For the given service identity key service_pk and an introduction
563 * authentication key auth_key, add an entry in the client intro state cache
564 * If no entry exists for the service, it will create one. If state is non
565 * NULL, it will point to the new intro state entry. */
566 static void
570 {
577 /* Lookup the state cache for this service key. */
582 }
586 /* This should never happened because the code flow is to lookup the entry
587 * before adding it. But, just in case, non fatal assert and free it. */
593 }
594 }
596 /* Remove every intro point state entry from cache that has been created
597 * before or at the cutoff. */
598 static void
601 {
609 }
611 }
613 /* Return true iff no intro points are in this cache. */
614 static int
616 {
618 }
620 /** Check whether <b>client_desc</b> is useful for us, and store it in the
621 * client-side HS cache if so. The client_desc is freed if we already have a
622 * fresher (higher revision counter count) in the cache. */
623 static int
625 {
628 /* TODO: Heavy code duplication with cache_store_as_dir(). Consider
629 * refactoring and uniting! */
633 /* Check if we already have a descriptor from this HS in cache. If we do,
634 * check if this descriptor is newer than the cached one */
637 /* If we have an entry in our cache that has a revision counter greater
638 * than the one we just fetched, discard the one we fetched. */
643 }
644 /* Remove old entry. Make space for the new one! */
647 }
649 /* Store descriptor in cache */
652 done:
654 }
656 /* Return true iff the cached client descriptor at <b>cached_desc</b has
657 * expired. */
658 static int
661 {
662 /* We use the current consensus time to see if we should expire this
663 * descriptor since we use consensus time for all other parts of the protocol
664 * as well (e.g. to build the blinded key and compute time periods). */
666 /* If we don't have a recent consensus, consider this entry expired since we
667 * will want to fetch a new HS desc when we get a live consensus. */
670 }
674 }
677 }
679 /* clean the client cache using now as the current time. Return the total size
680 * of removed bytes from the cache. */
681 static size_t
683 {
688 }
694 /* If the entry has not expired, continue to the next cached entry */
697 }
698 /* Here, our entry has expired, remove and free. */
702 /* Entry is not in the cache anymore, destroy it. */
704 /* Update our OOM. We didn't use the remove() function because we are in
705 * a loop so we have to explicitly decrement. */
707 /* Logging. */
708 {
714 }
718 }
720 /** Public API: Given the HS ed25519 identity public key in <b>key</b>, return
721 * its HS encoded descriptor if it's stored in our cache, or NULL if not. */
724 {
733 }
736 }
738 /** Public API: Given the HS ed25519 identity public key in <b>key</b>, return
739 * its HS descriptor if it's stored in our cache, or NULL if not. */
742 {
751 }
754 }
756 /** Public API: Given an encoded descriptor, store it in the client HS
757 * cache. Return -1 on error, 0 on success .*/
758 int
761 {
767 /* Create client cache descriptor object */
773 }
775 /* Push it to the cache */
778 }
782 err:
785 }
787 /* Clean all client caches using the current time now. */
788 void
790 {
791 /* Start with v2 cache cleaning. */
793 /* Now, clean the v3 cache. Set the cutoff to 0 telling the cleanup function
794 * to compute the cutoff by itself using the lifetime value. */
796 }
798 /* Purge the client descriptor cache. */
799 void
801 {
807 /* Update our OOM. We didn't use the remove() function because we are in
808 * a loop so we have to explicitly decrement. */
813 }
815 /* For a given service identity public key and an introduction authentication
816 * key, note the given failure in the client intro state cache. */
817 void
820 rend_intro_point_failure_t failure)
821 {
830 /* Create a new entry and add it to the cache. */
832 }
833 /* Note down the entry. */
835 }
837 /* For a given service identity public key and an introduction authentication
838 * key, return true iff it is present in the failure cache. */
842 {
846 }
848 /* Cleanup the client introduction state cache. */
849 void
851 {
856 /* Cleanup intro points failure. */
859 /* Is this cache empty for this service key? If yes, remove it from the
860 * cache. Else keep it. */
864 }
866 }
868 /* Purge the client introduction state cache. */
869 void
871 {
880 }
882 /**************** Generics *********************************/
884 /* Do a round of OOM cleanup on all directory caches. Return the amount of
885 * removed bytes. It is possible that the returned value is lower than
886 * min_remove_bytes if the caches get emptied out so the caller should be
887 * aware of this. */
888 size_t
890 {
894 /* Our OOM handler called with 0 bytes to remove is a code flow error. */
897 /* The algorithm is as follow. K is the oldest expected descriptor age.
898 *
899 * 1) Deallocate all entries from v2 cache that are older than K hours.
900 * 1.1) If the amount of remove bytes has been reached, stop.
901 * 2) Deallocate all entries from v3 cache that are older than K hours
902 * 2.1) If the amount of remove bytes has been reached, stop.
903 * 3) Set K = K - RendPostPeriod and repeat process until K is < 0.
904 *
905 * This ends up being O(Kn).
906 */
908 /* Set K to the oldest expected age in seconds which is the maximum
909 * lifetime of a cache entry. We'll use the v2 lifetime because it's much
910 * bigger than the v3 thus leading to cleaning older descriptors. */
916 /* If K becomes negative, it means we've empty the caches so stop and
917 * return what we were able to cleanup. */
920 }
921 /* Compute a cutoff value with K and the current time. */
924 /* Start by cleaning the v2 cache with that cutoff. */
928 /* We haven't remove enough bytes so clean v3 cache. */
930 /* Decrement K by a post period to shorten the cutoff. */
932 }
936 }
938 /* Return the maximum size of a v3 HS descriptor. */
939 unsigned int
941 {
945 }
947 /* Initialize the hidden service cache subsystem. */
948 void
950 {
951 /* Calling this twice is very wrong code flow. */
960 }
962 /* Cleanup the hidden service cache subsystem. */
963 void
965 {
973 cache_client_intro_state_free_void);
975 }