| blob | 1ccd3e4435c68115fee2f02cd6eff56fa9603b13 |
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file hs_service.c
6 * \brief Implement next generation hidden service functionality
7 **/
9 #define HS_SERVICE_PRIVATE
60 /* Trunnel */
65 #ifdef HAVE_SYS_STAT_H
66 #include <sys/stat.h>
67 #endif
68 #ifdef HAVE_UNISTD_H
69 #include <unistd.h>
70 #endif
72 #ifndef COCCI
73 /** Helper macro. Iterate over every service in the global map. The var is the
74 * name of the service pointer. */
75 #define FOR_EACH_SERVICE_BEGIN(var) \
76 STMT_BEGIN \
77 hs_service_t **var##_iter, *var; \
78 HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
79 var = *var##_iter;
80 #define FOR_EACH_SERVICE_END } STMT_END ;
82 /** Helper macro. Iterate over both current and previous descriptor of a
83 * service. The var is the name of the descriptor pointer. This macro skips
84 * any descriptor object of the service that is NULL. */
85 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
86 STMT_BEGIN \
87 hs_service_descriptor_t *var; \
88 for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
89 ++var ## _loop_idx) { \
90 (var ## _loop_idx == 0) ? (var = service->desc_current) : \
91 (var = service->desc_next); \
92 if (var == NULL) continue;
93 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
96 /* Onion service directory file names. */
102 /** Staging list of service object. When configuring service, we add them to
103 * this list considered a staging area and they will get added to our global
104 * map once the keys have been loaded. These two steps are separated because
105 * loading keys requires that we are an actual running tor process. */
108 /** True if the list of available router descriptors might have changed which
109 * might result in an altered hash ring. Check if the hash ring changed and
110 * reupload if needed */
113 /* Static declaration. */
125 /** Helper: Function to compare two objects in the service map. Return 1 if the
126 * two service have the same master public identity key. */
129 {
132 /* Simple key compare. */
135 }
137 /** Helper: Function for the service hash table code below. The key used is the
138 * master public identity key which is ultimately the onion address. */
141 {
145 }
147 /** This is _the_ global hash map of hidden services which indexed the service
148 * contained in it by master public identity key which is roughly the onion
149 * address of the service. */
152 /* Register the service hash table. */
163 /** Query the given service map with a public key and return a service object
164 * if found else NULL. It is also possible to set a directory path in the
165 * search query. If pk is NULL, then it will be set to zero indicating the
166 * hash table to compare the directory path instead. */
167 STATIC hs_service_t *
169 {
170 hs_service_t dummy_service;
176 }
178 /** Register the given service in the given map. If the service already exists
179 * in the map, -1 is returned. On success, 0 is returned and the service
180 * ownership has been transferred to the global map. */
181 STATIC int
183 {
189 /* Existing service with the same key. Do not register it. */
191 }
192 /* Taking ownership of the object at this point. */
195 /* If we just modified the global map, we notify. */
198 }
199 /* Setup metrics. */
203 }
205 /** Remove a given service from the given map. If service is NULL or the
206 * service key is unset, return gracefully. */
207 STATIC void
209 {
214 /* Ignore if no service or key is zero. */
218 }
227 }
229 /* If we just modified the global map, we notify. */
232 }
233 }
235 /** Set the default values for a service configuration object <b>c</b>. */
236 static void
239 {
254 }
256 /** From a service configuration object config, clear everything from it
257 * meaning free allocated pointers and reset the values. */
258 STATIC void
260 {
263 }
269 }
274 }
279 }
281 }
283 /** Helper function to return a human readable description of the given intro
284 * point object.
285 *
286 * This function is not thread-safe. Each call to this invalidates the
287 * previous values returned by it. */
290 {
291 /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
292 * byte hence the plus two. */
302 }
305 /* For now, we only print the identity digest but we could improve this with
306 * much more information such as the ed25519 identity has well. */
310 }
313 }
315 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
316 * rotate intro point (defined by a consensus parameter or the default
317 * value). */
318 static int32_t
320 {
321 /* The [0, 2147483647] range is quite large to accommodate anything we decide
322 * in the future. */
324 INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS,
326 }
328 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
329 * rotate intro point (defined by a consensus parameter or the default
330 * value). */
331 static int32_t
333 {
334 /* The [0, 2147483647] range is quite large to accommodate anything we decide
335 * in the future. */
337 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
339 }
341 /** Return the minimum lifetime in seconds of an introduction point defined by
342 * a consensus parameter or the default value. */
343 static int32_t
345 {
346 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
349 }
351 /* The [0, 2147483647] range is quite large to accommodate anything we decide
352 * in the future. */
354 INTRO_POINT_LIFETIME_MIN_SECONDS,
356 }
358 /** Return the maximum lifetime in seconds of an introduction point defined by
359 * a consensus parameter or the default value. */
360 static int32_t
362 {
363 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
366 }
368 /* The [0, 2147483647] range is quite large to accommodate anything we decide
369 * in the future. */
371 INTRO_POINT_LIFETIME_MAX_SECONDS,
373 }
375 /** Return the number of extra introduction point defined by a consensus
376 * parameter or the default value. */
377 static int32_t
379 {
380 /* The [0, 128] range bounds the number of extra introduction point allowed.
381 * Above 128 intro points, it's getting a bit crazy. */
384 }
386 /** Helper: Function that needs to return 1 for the HT for each loop which
387 * frees every service in an hash map. */
388 static int
390 {
393 /* This function MUST return 1 so the given object is then removed from the
394 * service map leading to this free of the object being safe. */
396 }
398 /** Free every service that can be found in the global map. Once done, clear
399 * and free the global map. */
400 static void
402 {
404 /* The free helper function returns 1 so this is safe. */
409 }
412 /* Cleanup staging list. */
417 }
418 }
420 /** Free a given service intro point object. */
421 STATIC void
423 {
426 }
433 }
435 /** Helper: free an hs_service_intro_point_t object. This function is used by
436 * digest256map_free() which requires a void * pointer. */
437 static void
439 {
441 }
443 /** Return a newly allocated service intro point and fully initialized from the
444 * given node_t node, if non NULL.
445 *
446 * If node is NULL, returns a hs_service_intro_point_t with an empty link
447 * specifier list and no onion key. (This is used for testing.)
448 * On any other error, NULL is returned.
449 *
450 * node must be an node_t with an IPv4 address. */
451 STATIC hs_service_intro_point_t *
453 {
457 /* We'll create the key material. No need for extra strong, those are short
458 * term keys. */
466 }
468 max_introduce2_cells);
469 }
475 }
478 }
482 /* Initialize the base object. We don't need the certificate object. */
487 }
489 /* Generate the encryption key for this intro point. */
491 /* Figure out if this chosen node supports v3 or is legacy only.
492 * NULL nodes are used in the unit tests. */
495 /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
499 }
503 }
504 }
506 /* Flag if this intro point supports the INTRO2 dos defenses. */
510 /* Finally, copy onion key from the node. */
514 done:
516 err:
519 }
521 /** Add the given intro point object to the given intro point map. The intro
522 * point MUST have its RSA encryption key set if this is a legacy type or the
523 * authentication key set otherwise. */
524 STATIC void
526 {
533 /* Make sure we didn't just try to double-add an intro point */
535 }
537 /** For a given service, remove the intro point from that service's descriptors
538 * (check both current and next descriptor) */
539 STATIC void
542 {
546 /* Trying all descriptors. */
548 /* We'll try to remove the descriptor on both descriptors which is not
549 * very expensive to do instead of doing loopup + remove. */
553 }
555 /** For a given service and authentication key, return the intro point or NULL
556 * if not found. This will check both descriptors in the service. */
557 STATIC hs_service_intro_point_t *
560 {
566 /* Trying all descriptors to find the right intro point.
567 *
568 * Even if we use the same node as intro point in both descriptors, the node
569 * will have a different intro auth key for each descriptor since we generate
570 * a new one everytime we pick an intro point.
571 *
572 * After #22893 gets implemented, intro points will be moved to be
573 * per-service instead of per-descriptor so this function will need to
574 * change.
575 */
580 }
584 }
586 /** For a given service and intro point, return the descriptor for which the
587 * intro point is assigned to. NULL is returned if not found. */
588 STATIC hs_service_descriptor_t *
591 {
602 }
606 }
608 /** From a circuit identifier, get all the possible objects associated with the
609 * ident. If not NULL, service, ip or desc are set if the object can be found.
610 * They are untouched if they can't be found.
611 *
612 * This is an helper function because we do those lookups often so it's more
613 * convenient to simply call this functions to get all the things at once. */
614 STATIC void
618 {
623 /* Get service object from the circuit identifier. */
627 }
629 /* From the service object, get the intro point object of that circuit. The
630 * following will query both descriptors intro points list. */
633 }
635 /* Get the descriptor for this introduction point and service. */
638 }
639 }
641 /** From a given intro point, return the first link specifier of type
642 * encountered in the link specifier list. Return NULL if it can't be found.
643 *
644 * The caller does NOT have ownership of the object, the intro point does. */
647 {
657 }
660 end:
662 }
664 /** Given a service intro point, return the node_t associated to it. This can
665 * return NULL if the given intro point has no legacy ID or if the node can't
666 * be found in the consensus. */
669 {
677 }
678 /* XXX In the future, we want to only use the ed25519 ID (#22173). */
681 }
683 /** Given a service intro point, return the extend_info_t for it. This can
684 * return NULL if the node can't be found for the intro point or the extend
685 * info can't be created for the found node. If direct_conn is set, the extend
686 * info is validated on if we can connect directly. */
690 {
698 /* This can happen if the relay serving as intro point has been removed
699 * from the consensus. In that case, the intro point will be removed from
700 * the descriptor during the scheduled events. */
702 }
704 /* In the case of a direct connection (single onion service), it is possible
705 * our firewall policy won't allow it so this can return a NULL value. */
708 end:
710 }
712 /** Return the number of introduction points that are established for the
713 * given descriptor. */
716 {
727 }
729 /** For a given service and descriptor of that service, close all active
730 * directory connections. */
731 static void
734 {
741 /* Close pending HS desc upload connections for the blinded key of 'desc'. */
743 DIR_PURPOSE_UPLOAD_HSDESC);
751 count++;
753 }
760 /* We don't have ownership of the objects in this list. */
762 }
764 /** Close all rendezvous circuits for the given service. */
765 static void
767 {
772 /* The reason we go over all circuit instead of using the circuitmap API is
773 * because most hidden service circuits are rendezvous circuits so there is
774 * no real improvement at getting all rendezvous circuits from the
775 * circuitmap and then going over them all to find the right ones.
776 * Furthermore, another option would have been to keep a list of RP cookies
777 * for a service but it creates an engineering complexity since we don't
778 * have a "RP circuit closed" event to clean it up properly so we avoid a
779 * memory DoS possibility. */
782 /* Only close circuits that are v3 and for this service. */
786 /* Reason is FINISHED because service has been removed and thus the
787 * circuit is considered old/uneeded. When freed, it is removed from the
788 * hs circuitmap. */
790 }
791 }
792 }
794 /** Close the circuit(s) for the given map of introduction points. */
795 static void
797 {
804 /* Reason is FINISHED because service has been removed and thus the
805 * circuit is considered old/uneeded. When freed, the circuit is removed
806 * from the HS circuitmap. */
808 }
810 }
812 /** Close all introduction circuits for the given service. */
813 static void
815 {
821 }
823 /** Close any circuits related to the given service. */
824 static void
826 {
829 /* Only support for version >= 3. */
832 }
833 /* Close intro points. */
835 /* Close rendezvous points. */
837 }
839 /** Move every ephemeral services from the src service map to the dst service
840 * map. It is possible that a service can't be register to the dst map which
841 * won't stop the process of moving them all but will trigger a log warn. */
842 static void
844 {
850 /* Iterate over the map to find ephemeral service and move them to the other
851 * map. We loop using this method to have a safe removal process. */
855 /* Yeah, we are in a very manual loop :). */
858 }
859 /* Remove service from map and then register to it to the other map.
860 * Reminder that "*iter" and "s" are the same thing. */
865 }
866 }
867 }
869 /** Return a const string of the directory path escaped. If this is an
870 * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
871 * the main thread because escaped() uses a static variable. */
874 {
877 }
879 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
880 * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
881 static void
883 {
890 /* Let's do a shallow copy */
893 /* Freeing a NULL replaycache triggers an info LD_BUG. */
896 }
908 }
909 }
911 /** Register services that are in the staging list. Once this function returns,
912 * the global service map will be set with the right content and all non
913 * surviving services will be cleaned up. */
914 static void
916 {
921 /* Allocate a new map that will replace the current one. */
925 /* First step is to transfer all ephemeral services from the current global
926 * map to the new one we are constructing. We do not prune ephemeral
927 * services as the only way to kill them is by deleting it from the control
928 * port or stopping the tor daemon. */
934 /* Check if that service is already in our global map and if so, we'll
935 * transfer the intro points to it. */
938 /* Pass ownership of the descriptors from s (the current service) to
939 * snew (the newly configured one). */
942 /* Remove the service from the global map because after this, we need to
943 * go over the remaining service in that map that aren't surviving the
944 * reload to close their circuits. */
947 }
948 /* Great, this service is now ready to be added to our new map. */
950 /* This should never happen because prior to registration, we validate
951 * every service against the entire set. Not being able to register a
952 * service means we failed to validate correctly. In that case, don't
953 * break tor and ignore the service but tell user. */
958 }
961 /* Close any circuits associated with the non surviving services. Every
962 * service in the current global map are roaming. */
967 /* Time to make the switch. We'll clear the staging list because its content
968 * has now changed ownership to the map. */
972 /* We've just register services into the new map and now we've replaced the
973 * global map with it so we have to notify that the change happened. When
974 * registering a service, the notify is only triggered if the destination
975 * map is the global map for which in here it was not. */
977 }
979 /** Write the onion address of a given service to the given filename fname_ in
980 * the service directory. Return 0 on success else -1 on error. */
981 STATIC int
983 {
991 /* Construct the full address with the onion tld and write the hostname file
992 * to disk. */
994 /* Notice here that we use the given "fname_". */
1000 }
1002 #ifndef _WIN32
1004 /* Mode to 0640. */
1008 }
1009 }
1012 /* Success. */
1014 end:
1018 }
1020 /** Load and/or generate private keys for the given service. On success, the
1021 * hostname file will be written to disk along with the master private key iff
1022 * the service is not configured for offline keys. Return 0 on success else -1
1023 * on failure. */
1024 static int
1026 {
1036 /* Create and fix permission on service directory. We are about to write
1037 * files to that directory so make sure it exists and has the right
1038 * permissions. We do this here because at this stage we know that Tor is
1039 * actually running and the service we have has been validated. */
1044 }
1046 /* Try to load the keys from file or generate it if not found. */
1048 /* Don't ask for key creation, we want to know if we were able to load it or
1049 * we had to generate it. Better logging! */
1054 /* We'll now try to generate the keys and for it we want the strongest
1055 * randomness for it. The keypair will be written in different files. */
1057 INIT_ED_KEY_SPLIT;
1063 }
1064 }
1066 /* Copy loaded or generated keys to service object. */
1070 /* This does a proper memory wipe. */
1073 /* Build onion address from the newly loaded keys. */
1079 /* Write onion address to hostname file. */
1082 }
1084 /* Load all client authorization keys in the service. */
1087 }
1089 /* Succes. */
1091 end:
1094 }
1096 /** Check if the client file name is valid or not. Return 1 if valid,
1097 * otherwise return 0. */
1098 STATIC int
1100 {
1106 /* The file extension must match and the total filename length can't be the
1107 * length of the extension else we do not have a filename. */
1113 }
1116 }
1118 /** Parse an authorized client from a string. The format of a client string
1119 * looks like (see rend-spec-v3.txt):
1120 *
1121 * <auth-type>:<key-type>:<base32-encoded-public-key>
1122 *
1123 * The <auth-type> can only be "descriptor".
1124 * The <key-type> can only be "x25519".
1125 *
1126 * Return the key on success, return NULL, otherwise. */
1127 STATIC hs_service_authorized_client_t *
1129 {
1140 /* Wrong number of fields. */
1144 }
1150 /* Currently, the only supported auth type is "descriptor". */
1153 auth_type);
1155 }
1157 /* Currently, the only supported key type is "x25519". */
1160 key_type);
1162 }
1164 /* We expect a specific length of the base32 encoded key so make sure we
1165 * have that so we don't successfully decode a value with a different length
1166 * and end up in trouble when copying the decoded key into a fixed length
1167 * buffer. */
1172 }
1180 pubkey_b32);
1182 }
1184 /* Success. */
1187 err:
1189 done:
1190 /* It is also a good idea to wipe the public key. */
1193 }
1198 }
1200 /** Load all the client public keys for the given service. Return 0 on
1201 * success else -1 on failure. */
1202 static int
1204 {
1216 /* Before calling this function, we already call load_service_keys to make
1217 * sure that the directory exists with the right permission. So, if we
1218 * cannot create a client pubkey key directory, we consider it as a bug. */
1220 dname_client_pubkeys);
1222 client_keys_dir_path,
1225 }
1227 /* If the list of clients already exists, we must clear it first. */
1232 }
1239 client_keys_dir_path);
1241 }
1246 filename);
1252 }
1254 /* Create a full path for a file. */
1256 filename);
1259 /* If we cannot read the file, continue with the next file. */
1263 client_key_file_path);
1266 }
1270 /* Wipe and free immediately after using it. */
1277 filename);
1278 }
1282 /* If the number of clients is greater than zero, set the flag to be true. */
1285 }
1287 /* Success. */
1289 end:
1292 }
1296 }
1301 }
1303 /** Release all storage held in <b>client</b>. */
1304 STATIC void
1306 {
1309 }
1312 }
1314 /** Free a given service descriptor object and all key material is wiped. */
1315 STATIC void
1317 {
1320 }
1324 /* Cleanup all intro points. */
1330 }
1333 }
1335 /** Return a newly allocated service descriptor object. */
1336 STATIC hs_service_descriptor_t *
1338 {
1341 /* Initialize the intro points map. */
1346 }
1348 /** Allocate and return a deep copy of client. */
1351 {
1357 /* Currently, the public key is the only component of
1358 * hs_service_authorized_client_t. */
1361 CURVE25519_PUBKEY_LEN);
1364 }
1366 /** If two authorized clients are equal, return 0. If the first one should come
1367 * before the second, return less than zero. If the first should come after
1368 * the second, return greater than zero. */
1369 static int
1372 {
1376 /* Currently, the public key is the only component of
1377 * hs_service_authorized_client_t. */
1380 CURVE25519_PUBKEY_LEN);
1381 }
1383 /** Helper for sorting authorized clients. */
1384 static int
1386 {
1389 }
1391 /** If the list of hs_service_authorized_client_t's is different between
1392 * src and dst, return 1. Otherwise, return 0. */
1393 STATIC int
1396 {
1407 /* If the number of clients is different, it is obvious that the list
1408 * changes. */
1411 }
1413 /* We do not want to mutate config1 and config2, so we will duplicate both
1414 * entire client lists here. */
1427 /* If the clients at index i in both lists differ, the whole configs
1428 * differ. */
1432 }
1433 }
1435 /* Success. */
1438 done:
1443 }
1448 }
1450 }
1452 /** Move descriptor(s) from the src service to the dst service and modify their
1453 * content if necessary. We do this during SIGHUP when we re-create our
1454 * hidden services. */
1455 static void
1457 {
1462 /* Nothing should be there, but clean it up just in case */
1465 }
1468 }
1471 /* Nothing should be there, but clean it up just in case */
1474 }
1477 }
1479 /* If the client authorization changes, we must rebuild the superencrypted
1480 * section and republish the descriptors. */
1484 /* We have to clear the superencrypted content first. */
1489 }
1491 }
1493 /* We have to clear the superencrypted content first. */
1498 }
1500 }
1504 err:
1505 /* If there is an error, free all descriptors to make it clean and generate
1506 * them later. */
1509 }
1511 /** From the given service, remove all expired failing intro points for each
1512 * descriptor. */
1513 static void
1515 {
1518 /* For both descriptors, cleanup the failing intro points list. */
1525 }
1528 }
1530 /** For the given descriptor desc, put all node_t object found from its failing
1531 * intro point list and put them in the given node_list. */
1532 static void
1535 {
1544 }
1546 }
1548 /** For the given failing intro point ip, we add its time of failure to the
1549 * failed map and index it by identity digest (legacy ID) in the descriptor
1550 * desc failed id map. */
1551 static void
1554 {
1568 time_of_failure);
1570 }
1572 /** Using a given descriptor signing keypair signing_kp, a service intro point
1573 * object ip and the time now, setup the content of an already allocated
1574 * descriptor intro desc_ip.
1575 *
1576 * Return 0 on success else a negative value. */
1577 static int
1581 {
1589 /* Copy the onion key. */
1592 /* Key and certificate material. */
1594 CERT_TYPE_AUTH_HS_IP_KEY,
1596 nearest_hour,
1597 HS_DESC_CERT_LIFETIME,
1598 CERT_FLAG_INCLUDE_SIGNING_KEY);
1602 }
1604 /* Copy link specifier(s). */
1609 }
1613 }
1617 /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1620 /* Create cross certification cert. */
1629 }
1631 }
1633 /* Encryption key and its cross certificate. */
1634 {
1635 ed25519_public_key_t ed25519_pubkey;
1637 /* Use the public curve25519 key. */
1640 /* The following can't fail. */
1645 CERT_TYPE_CROSS_HS_IP_KEYS,
1647 HS_DESC_CERT_LIFETIME,
1648 CERT_FLAG_INCLUDE_SIGNING_KEY);
1652 }
1653 }
1654 /* Success. */
1657 done:
1659 }
1661 /** Using the given descriptor from the given service, build the descriptor
1662 * intro point list so we can then encode the descriptor for publication. This
1663 * function does not pick intro points, they have to be in the descriptor
1664 * current map. Cryptographic material (keys) must be initialized in the
1665 * descriptor for this function to make sense. */
1666 static void
1669 {
1675 /* Ease our life. */
1677 /* Cleanup intro points, we are about to set them from scratch. */
1683 /* Ignore un-established intro points. They can linger in that list
1684 * because their circuit has not opened and they haven't been removed
1685 * yet even though we have enough intro circuits.
1686 *
1687 * Due to #31561, it can stay in that list until rotation so this check
1688 * prevents to publish an intro point without a circuit. */
1690 }
1695 }
1696 /* We have a valid descriptor intro point. Add it to the list. */
1699 }
1701 /** Build the descriptor signing key certificate. */
1702 static void
1704 {
1710 /* Ease our life a bit. */
1713 /* Get rid of what we have right now. */
1716 /* Fresh certificate for the signing key. */
1720 CERT_FLAG_INCLUDE_SIGNING_KEY);
1721 /* If the cert creation fails, the descriptor encoding will fail and thus
1722 * ultimately won't be uploaded. We'll get a stack trace to help us learn
1723 * where the call came from and the tor_cert_create_ed25519() will log the
1724 * error. */
1726 }
1728 /** Populate the descriptor encrypted section from the given service object.
1729 * This will generate a valid list of introduction points that can be used
1730 * after for circuit creation. Return 0 on success else -1 on error. */
1731 static int
1734 {
1745 /* Setup introduction points from what we have in the service. */
1748 }
1749 /* We do NOT build introduction point yet, we only do that once the circuit
1750 * have been opened. Until we have the right number of introduction points,
1751 * we do not encode anything in the descriptor. */
1753 /* XXX: Support client authorization (#20700). */
1756 }
1758 /** Populate the descriptor superencrypted section from the given service
1759 * object. This will generate a valid list of hs_desc_authorized_client_t
1760 * of clients that are authorized to use the service. Return 0 on success
1761 * else -1 on error. */
1762 static int
1765 {
1776 /* The ephemeral key pair is already generated, so this should not give
1777 * an error. */
1780 }
1785 /* Test that subcred is not zero because we might use it below */
1787 DIGEST256_LEN))) {
1789 }
1791 /* Create a smartlist to store clients */
1794 /* We do not need to build the desc authorized client if the client
1795 * authorization is disabled */
1802 /* Prepare the client for descriptor and then add to the list in the
1803 * superencrypted part of the descriptor */
1811 }
1813 /* We cannot let the number of auth-clients to be zero, so we need to
1814 * make it be 16. If it is already a multiple of 16, we do not need to
1815 * do anything. Otherwise, add the additional ones to make it a
1816 * multiple of 16. */
1824 num_clients_to_add =
1825 HS_DESC_AUTH_CLIENT_MULTIPLE
1827 }
1833 }
1835 /* Shuffle the list to prevent the client know the position in the
1836 * config. */
1840 }
1842 /** Populate the descriptor plaintext section from the given service object.
1843 * The caller must make sure that the keys in the descriptors are valid that
1844 * is are non-zero. This can't fail. */
1845 static void
1848 {
1858 /* Set the subcredential. */
1866 /* Copy public key material to go in the descriptor. */
1870 /* Create the signing key certificate. This will be updated before each
1871 * upload but we create it here so we don't complexify our unit tests. */
1873 }
1875 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1878 {
1879 /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1891 }
1893 /** For the given service and descriptor object, create the key material which
1894 * is the blinded keypair, the descriptor signing keypair, the ephemeral
1895 * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1896 * where the generated keys MUST be ignored. */
1897 static int
1900 {
1902 ed25519_keypair_t kp;
1906 ED25519_PUBKEY_LEN));
1908 /* XXX: Support offline key feature (#18098). */
1910 /* Copy the identity keys to the keypair so we can use it to create the
1911 * blinded key. */
1914 /* Build blinded keypair for this time period. */
1917 /* Let's not keep too much traces of our keys in memory. */
1920 /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1926 /* No need for extra strong, this is a temporary key only for this
1927 * descriptor. Nothing long term. */
1933 }
1935 /* No need for extra strong, this is a temporary key only for this
1936 * descriptor. Nothing long term. */
1942 }
1944 /* Random descriptor cookie to be used as a part of a key to encrypt the
1945 * descriptor, only if the client auth is enabled will it be used. */
1949 /* Success. */
1951 end:
1953 }
1955 /** Given a service and the current time, build a descriptor for the service.
1956 * This function does not pick introduction point, this needs to be done by
1957 * the update function. On success, desc_out will point to the newly allocated
1958 * descriptor object.
1959 *
1960 * This can error if we are unable to create keys or certificate. */
1961 static void
1964 {
1973 /* Set current time period */
1976 /* Create the needed keys so we can setup the descriptor content. */
1979 }
1980 /* Setup plaintext descriptor content. */
1983 /* Setup superencrypted descriptor content. */
1986 }
1987 /* Setup encrypted descriptor content. */
1990 }
1992 /* Let's make sure that we've created a descriptor that can actually be
1993 * encoded properly. This function also checks if the encoded output is
1994 * decodable after. */
1998 }
2001 /* Assign newly built descriptor to the next slot. */
2004 /* Fire a CREATED control port event. */
2008 /* If we are an onionbalance instance, we refresh our keys when we rotate
2009 * descriptors. */
2014 err:
2016 }
2018 /** Build both descriptors for the given service that has just booted up.
2019 * Because it's a special case, it deserves its special function ;). */
2020 static void
2022 {
2026 /* These are the conditions for a new service. */
2030 /*
2031 * +------------------------------------------------------------------+
2032 * | |
2033 * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2034 * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2035 * | |
2036 * | $==========|-----------$===========|-----------$===========| |
2037 * | ^ ^ |
2038 * | A B |
2039 * +------------------------------------------------------------------+
2040 *
2041 * Case A: The service boots up before a new time period, the current time
2042 * period is thus TP#1 and the next is TP#2 which for both we have access to
2043 * their SRVs.
2044 *
2045 * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2046 * next descriptor because we don't have the SRV#3 so the current should be
2047 * TP#1 and next TP#2.
2048 */
2051 /* Case B from the above, inside of the new time period. */
2055 /* Case A from the above, outside of the new time period. */
2058 }
2060 /* Build descriptors. */
2066 }
2068 /** Build descriptors for each service if needed. There are conditions to build
2069 * a descriptor which are details in the function. */
2070 STATIC void
2072 {
2075 /* A service booting up will have both descriptors to NULL. No other cases
2076 * makes both descriptor non existent. */
2080 }
2082 /* Reaching this point means we are pass bootup so at runtime. We should
2083 * *never* have an empty current descriptor. If the next descriptor is
2084 * empty, we'll try to build it for the next time period. This only
2085 * happens when we rotate meaning that we are guaranteed to have a new SRV
2086 * at that point for the next time period. */
2089 }
2097 }
2099 }
2101 /** Randomly pick a node to become an introduction point but not present in the
2102 * given exclude_nodes list. The chosen node is put in the exclude list
2103 * regardless of success or not because in case of failure, the node is simply
2104 * unsusable from that point on.
2105 *
2106 * If direct_conn is set, try to pick a node that our local firewall/policy
2107 * allows us to connect to directly. If we can't find any, return NULL.
2108 * This function supports selecting dual-stack nodes for direct single onion
2109 * service IPv6 connections. But it does not send IPv6 addresses in link
2110 * specifiers. (Current clients don't use IPv6 addresses to extend, and
2111 * direct client connections to intro points are not supported.)
2112 *
2113 * Return a newly allocated service intro point ready to be used for encoding.
2114 * Return NULL on error. */
2117 {
2121 /* Normal 3-hop introduction point flags. */
2123 /* Single onion flags. */
2129 /* If we are in single onion mode, retry node selection for a 3-hop
2130 * path */
2133 "Unable to find an intro point that we can connect to "
2136 flags);
2137 }
2141 }
2143 /* We have a suitable node, add it to the exclude list. We do this *before*
2144 * we can validate the extend information because even in case of failure,
2145 * we don't want to use that node anymore. */
2148 /* Create our objects and populate them with the node information. */
2153 }
2157 err:
2160 }
2162 /** For a given descriptor from the given service, pick any needed intro points
2163 * and update the current map with those newly picked intro points. Return the
2164 * number node that might have been added to the descriptor current map. */
2165 static unsigned int
2168 {
2175 /* Compute how many intro points we actually need to open. */
2179 /* Let's not make tor freak out here and just skip this. */
2181 }
2183 /* We want to end up with config.num_intro_points intro points, but if we
2184 * have no intro points at all (chances are they all cycled or we are
2185 * starting up), we launch get_intro_point_num_extra() extra circuits and
2186 * use the first config.num_intro_points that complete. See proposal #155,
2187 * section 4 for the rationale of this which is purely for performance.
2188 *
2189 * The ones after the first config.num_intro_points will be converted to
2190 * 'General' internal circuits and then we'll drop them from the list of
2191 * intro points. */
2194 }
2196 /* Build an exclude list of nodes of our intro point(s). The expiring intro
2197 * points are OK to pick again because this is afterall a concept of round
2198 * robin so they are considered valid nodes to pick again. */
2204 }
2206 /* Also, add the failing intro points that our descriptor encounteered in
2207 * the exclude node list. */
2213 /* This function will add the picked intro point node to the exclude nodes
2214 * list so we don't pick the same one at the next iteration. */
2217 /* If we end up unable to pick an introduction point it is because we
2218 * can't find suitable node and calling this again is highly unlikely to
2219 * give us a valid node all of the sudden. */
2224 }
2225 /* Valid intro point object, add it to the descriptor current map. */
2227 }
2228 /* We've successfully picked all our needed intro points thus none are
2229 * missing which will tell our upload process to expect the number of
2230 * circuits to be the number of configured intro points circuits and not the
2231 * number of intro points object that we have. */
2234 /* Success. */
2235 done:
2236 /* We don't have ownership of the node_t object in this list. */
2239 }
2241 /** Clear previous cached HSDirs in <b>desc</b>. */
2242 static void
2244 {
2247 }
2251 }
2253 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2254 static void
2256 {
2262 }
2266 }
2267 }
2269 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2270 * means that this descriptor is dirty. */
2271 STATIC void
2276 {
2279 /* If the descriptor changed, clean up the old HSDirs list. We want to
2280 * re-upload no matter what. */
2283 }
2284 }
2286 /** Pick missing intro points for this descriptor if needed. */
2287 static void
2290 {
2299 /* Pick any missing introduction point(s). */
2302 desc);
2305 "%u for %s descriptor. It currently has %d intro "
2308 num_new_intro_points,
2311 num_intro_points);
2312 /* We'll build those introduction point into the descriptor once we have
2313 * confirmation that the circuits are opened and ready. However,
2314 * indicate that this descriptor should be uploaded from now on. */
2316 }
2317 /* Were we able to pick all the intro points we needed? If not, we'll
2318 * flag the descriptor that it's missing intro points because it
2319 * couldn't pick enough which will trigger a descriptor upload. */
2323 }
2324 }
2325 }
2327 /** Update descriptor intro points for each service if needed. We do this as
2328 * part of the periodic event because we need to establish intro point circuits
2329 * before we publish descriptors. */
2330 STATIC void
2332 {
2334 /* We'll try to update each descriptor that is if certain conditions apply
2335 * in order for the descriptor to be updated. */
2340 }
2342 /** Return true iff the given intro point has expired that is it has been used
2343 * for too long or we've reached our max seen INTRODUCE2 cell. */
2344 STATIC int
2347 {
2352 }
2356 }
2358 /* Not expiring. */
2360 expired:
2362 }
2364 /** Return true iff we should remove the intro point ip from its service.
2365 *
2366 * We remove an intro point from the service descriptor list if one of
2367 * these criteria is met:
2368 * - It has expired (either in INTRO2 count or in time).
2369 * - No node was found (fell off the consensus).
2370 * - We are over the maximum amount of retries.
2371 *
2372 * If an established or pending circuit is found for the given ip object, this
2373 * return false indicating it should not be removed. */
2374 static bool
2376 {
2381 /* Any one of the following needs to be True to furfill the criteria to
2382 * remove an intro point. */
2384 MAX_INTRO_POINT_CIRCUIT_RETRIES);
2388 /* If the node fell off the consensus or the IP has expired, we have to
2389 * remove it now. */
2393 }
2395 /* Pass this point, even though we might be over the retry limit, we check
2396 * if a circuit (established or pending) exists. In that case, we should not
2397 * remove it because it might simply be valid and opened at the previous
2398 * scheduled event for the last retry. */
2400 /* Do we simply have an existing circuit regardless of its state? */
2403 }
2405 /* Getting here means we have _no_ circuits so then return if we have any
2406 * remaining retries. */
2409 end:
2410 /* Meaningful log in case we are about to remove the IP. */
2418 }
2420 }
2422 /** Go over the given set of intro points for each service and remove any
2423 * invalid ones.
2424 *
2425 * If an intro point is removed, the circuit (if any) is immediately close.
2426 * If a circuit can't be found, the intro point is kept if it hasn't reached
2427 * its maximum circuit retry value and thus should be retried. */
2428 static void
2430 {
2431 /* List of intro points to close. We can't mark the intro circuits for close
2432 * in the modify loop because doing so calls back into the HS subsystem and
2433 * we need to keep that code path outside of the service/desc loop so those
2434 * maps don't get modified during the close making us in a possible
2435 * use-after-free situation. */
2440 /* For both descriptors, cleanup the intro points. */
2442 /* Go over the current intro points we have, make sure they are still
2443 * valid and remove any of them that aren't. */
2447 /* We've retried too many times, remember it as a failed intro point
2448 * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2451 }
2453 /* Remove intro point from descriptor map and add it to the list of
2454 * ips to free for which we'll also try to close the intro circuit. */
2457 }
2461 /* Go over the intro points to free and close their circuit if any. */
2463 /* See if we need to close the intro point circuit as well */
2465 /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2466 * open until a new descriptor is uploaded and then closed all expiring
2467 * intro point circuit. Here, we close immediately and because we just
2468 * discarded the intro point, a new one will be selected, a new descriptor
2469 * created and uploaded. There is no difference to an attacker between the
2470 * timing of a new consensus and intro point rotation (possibly?). */
2474 }
2476 /* Cleanup the intro point */
2481 }
2483 /** Set the next rotation time of the descriptors for the given service for the
2484 * time now. */
2485 static void
2487 {
2494 {
2499 }
2500 }
2502 /** Return true iff the service should rotate its descriptor. The time now is
2503 * only used to fetch the live consensus and if none can be found, this
2504 * returns false. */
2505 static unsigned int
2507 {
2515 }
2518 /* In theory, we should never get here with no descriptors. We can never
2519 * have a NULL current descriptor except when tor starts up. The next
2520 * descriptor can be NULL after a rotation but we build a new one right
2521 * after.
2522 *
2523 * So, when tor starts, the next rotation time is set to the start of the
2524 * next SRV period using the consensus valid after time so it should
2525 * always be set to a future time value. This means that we should never
2526 * reach this point at bootup that is this check safeguards tor in never
2527 * allowing a rotation if the valid after time is smaller than the next
2528 * rotation time.
2529 *
2530 * This is all good in theory but we've had a NULL descriptor issue here
2531 * so this is why we BUG() on both with extra logging to try to understand
2532 * how this can possibly happens. We'll simply ignore and tor should
2533 * recover from this by skipping rotation and building the missing
2534 * descriptors just after this. */
2537 "time is %ld (now: %ld). Valid after time from "
2544 }
2546 }
2548 no_rotation:
2550 rotation:
2552 }
2554 /** Rotate the service descriptors of the given service. The current descriptor
2555 * will be freed, the next one put in as the current and finally the next
2556 * descriptor pointer is NULLified. */
2557 static void
2559 {
2561 /* Close all IP circuits for the descriptor. */
2563 /* We don't need this one anymore, we won't serve any clients coming with
2564 * this service descriptor. */
2566 }
2567 /* The next one become the current one and emptying the next will trigger
2568 * a descriptor creation for it. */
2572 /* We've just rotated, set the next time for the rotation. */
2574 }
2576 /** Rotate descriptors for each service if needed. A non existing current
2577 * descriptor will trigger a descriptor build for the next time period. */
2578 STATIC void
2580 {
2581 /* XXX We rotate all our service descriptors at once. In the future it might
2582 * be wise, to rotate service descriptors independently to hide that all
2583 * those descriptors are on the same tor instance */
2587 /* Note for a service booting up: Both descriptors are NULL in that case
2588 * so this function might return true if we are in the timeframe for a
2589 * rotation leading to basically swapping two NULL pointers which is
2590 * harmless. However, the side effect is that triggering a rotation will
2591 * update the service state and avoid doing anymore rotations after the
2592 * two descriptors have been built. */
2595 }
2603 }
2605 /** Scheduled event run from the main loop. Make sure all our services are up
2606 * to date and ready for the other scheduled events. This includes looking at
2607 * the introduction points status and descriptor rotation time. */
2608 STATIC void
2610 {
2611 /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2612 * simply moving things around or removing unneeded elements. */
2616 /* If the service is starting off, set the rotation time. We can't do that
2617 * at configure time because the get_options() needs to be set for setting
2618 * that time that uses the voting interval. */
2620 /* Set the next rotation time of the descriptors. If it's Oct 25th
2621 * 23:47:00, the next rotation time is when the next SRV is computed
2622 * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2624 }
2626 /* Cleanup invalid intro points from the service descriptor. */
2629 /* Remove expired failing intro point from the descriptor failed list. We
2630 * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2633 /* At this point, the service is now ready to go through the scheduled
2634 * events guaranteeing a valid state. Intro points might be missing from
2635 * the descriptors after the cleanup but the update/build process will
2636 * make sure we pick those missing ones. */
2638 }
2640 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2641 * date. Once this returns, each service descriptor needs to be considered for
2642 * new introduction circuits and then for upload. */
2643 static void
2645 {
2646 /* For v2 services, this step happens in the upload event. */
2648 /* Run v3+ events. */
2649 /* We start by rotating the descriptors only if needed. */
2652 /* Then, we'll try to build new descriptors that we might need. The
2653 * condition is that the next descriptor is non existing because it has
2654 * been rotated or we just started up. */
2657 /* Finally, we'll check if we should update the descriptors' intro
2658 * points. Missing introduction points will be picked in this function which
2659 * is useful for newly built descriptors. */
2661 }
2663 /** For the given service, launch any intro point circuits that could be
2664 * needed. This considers every descriptor of the service. */
2665 static void
2667 {
2670 /* For both descriptors, try to launch any missing introduction point
2671 * circuits using the current map. */
2673 /* Keep a ref on if we need a direct connection. We use this often. */
2680 /* Skip the intro point that already has an existing circuit
2681 * (established or not). */
2684 }
2687 /* If we can't connect directly to the intro point, get an extend_info
2688 * for a multi-hop path instead. */
2692 }
2695 /* This is possible if we can get a node_t but not the extend info out
2696 * of it. In this case, we remove the intro point and a new one will
2697 * be picked at the next main loop callback. */
2701 }
2703 /* Launch a circuit to the intro point. */
2710 /* Intro point will be retried if possible after this. */
2711 }
2715 }
2717 /** Don't try to build more than this many circuits before giving up for a
2718 * while. Dynamically calculated based on the configured number of intro
2719 * points for the given service and how many descriptor exists. The default
2720 * use case of 3 introduction points and two descriptors will allow 28
2721 * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2722 static unsigned int
2724 {
2731 HS_CONFIG_V3_MAX_INTRO_POINTS);
2733 /** For a testing network, allow to do it for the maximum amount so circuit
2734 * creation and rotation and so on can actually be tested without limit. */
2735 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2738 }
2742 /* The calculation is as follow. We have a number of intro points that we
2743 * want configured as a torrc option (num_intro_points). We then add an
2744 * extra value so we can launch multiple circuits at once and pick the
2745 * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2746 * pick 5 intros and launch 5 circuits. */
2749 /* Then we add the number of retries that is possible to do for each intro
2750 * point. If we want 3 intros, we'll allow 3 times the number of possible
2751 * retry. */
2754 /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2755 * have none. */
2760 }
2762 /** For the given service, return 1 if the service is allowed to launch more
2763 * introduction circuits else 0 if the maximum has been reached for the retry
2764 * period of INTRO_CIRC_RETRY_PERIOD. */
2765 STATIC int
2767 {
2770 /* Consider the intro circuit retry period of the service. */
2772 INTRO_CIRC_RETRY_PERIOD)) {
2776 }
2777 /* Check if we can still launch more circuits in this period. */
2781 }
2783 /* Rate limit log that we've reached our circuit creation limit. */
2784 {
2790 "of %u per %d seconds. It launched %u circuits in "
2794 INTRO_CIRC_RETRY_PERIOD,
2799 }
2800 }
2802 /* Not allow. */
2804 allow:
2806 }
2808 /** Scheduled event run from the main loop. Make sure we have all the circuits
2809 * we need for each service. */
2810 static void
2812 {
2813 /* Make sure we can actually have enough information or able to build
2814 * internal circuits as required by services. */
2818 }
2820 /* Run v2 check. */
2823 }
2825 /* Run v3+ check. */
2827 /* For introduction circuit, we need to make sure we don't stress too much
2828 * circuit creation so make sure this service is respecting that limit. */
2830 /* Launch intro point circuits if needed. */
2832 /* Once the circuits have opened, we'll make sure to update the
2833 * descriptor intro point list and cleanup any extraneous. */
2834 }
2836 }
2838 /** Encode and sign the service descriptor desc and upload it to the given
2839 * hidden service directory. This does nothing if PublishHidServDescriptors
2840 * is false. */
2841 static void
2844 {
2851 /* Let's avoid doing that if tor is configured to not publish. */
2857 }
2859 /* First of all, we'll encode the descriptor. This should NEVER fail but
2860 * just in case, let's make sure we have an actual usable descriptor. */
2864 }
2866 /* Time to upload the descriptor to the directory. */
2871 /* Add this node to previous_hsdirs list */
2874 /* Logging so we know where it was sent. */
2875 {
2881 /* This log message is used by Chutney as part of its bootstrap
2882 * detection mechanism. Please don't change without first checking
2883 * Chutney. */
2894 /* Fire a UPLOAD control port event. */
2897 }
2899 end:
2902 }
2904 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2905 * timestamp using an OPE scheme and using the ciphertext as our revision
2906 * counter.
2907 *
2908 * If <b>is_current</b> is true, then this is the current HS descriptor,
2909 * otherwise it's the next one. */
2910 static void
2913 {
2916 /* Get current time */
2919 /* As our revision counter plaintext value, we use the seconds since the
2920 * start of the SR protocol run that is relevant to this descriptor. This is
2921 * guaranteed to be a positive value since we need the SRV to start making a
2922 * descriptor (so that we know where to upload it).
2923 *
2924 * Depending on whether we are building the current or the next descriptor,
2925 * services use a different SRV value. See [SERVICEUPLOAD] in
2926 * rend-spec-v3.txt:
2927 *
2928 * In particular, for the current descriptor (aka first descriptor), Tor
2929 * always uses the previous SRV for uploading the descriptor, and hence we
2930 * should use the start time of the previous protocol run here.
2931 *
2932 * Whereas for the next descriptor (aka second descriptor), Tor always uses
2933 * the current SRV for uploading the descriptor. and hence we use the start
2934 * time of the current protocol run.
2935 */
2940 }
2949 /* Compute seconds elapsed since the start of the time period. That's the
2950 * number of seconds of how long this blinded key has been active. */
2953 /* Increment by one so that we are definitely sure this is strictly
2954 * positive and not zero. */
2955 seconds_since_start_of_srv++;
2957 /* Check for too big inputs. */
2960 }
2962 /* Now we compute the final revision counter value by encrypting the
2963 plaintext using our OPE cipher: */
2968 /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2975 }
2977 /** Encode and sign the service descriptor desc and upload it to the
2978 * responsible hidden service directories. If for_next_period is true, the set
2979 * of directories are selected using the next hsdir_index. This does nothing
2980 * if PublishHidServDescriptors is false. */
2981 STATIC void
2984 {
2990 /* We'll first cancel any directory request that are ongoing for this
2991 * descriptor. It is possible that we can trigger multiple uploads in a
2992 * short time frame which can lead to a race where the second upload arrives
2993 * before the first one leading to a 400 malformed descriptor response from
2994 * the directory. Closing all pending requests avoids that. */
2997 /* Get our list of responsible HSDir. */
2999 /* The parameter 0 means that we aren't a client so tell the function to use
3000 * the spread store consensus paremeter. */
3004 /** Clear list of previous hsdirs since we are about to upload to a new
3005 * list. Let's keep it up to date. */
3008 /* For each responsible HSDir we have, initiate an upload command. */
3010 hsdir_rs) {
3012 /* Getting responsible hsdir implies that the node_t object exists for the
3013 * routerstatus_t found in the consensus else we have a problem. */
3015 /* Upload this descriptor to the chosen directory. */
3019 /* Set the next upload time for this descriptor. Even if we are configured
3020 * to not upload, we still want to follow the right cycle of life for this
3021 * descriptor. */
3024 HS_SERVICE_NEXT_UPLOAD_TIME_MAX));
3025 {
3030 }
3034 }
3036 /** The set of HSDirs have changed: check if the change affects our descriptor
3037 * HSDir placement, and if it does, reupload the desc. */
3038 STATIC int
3041 {
3045 /* No desc upload has happened yet: it will happen eventually */
3048 }
3050 /* Get list of responsible hsdirs */
3054 /* Check if any new hsdirs have been added to the responsible hsdirs set:
3055 * Iterate over the list of new hsdirs, and reupload if any of them is not
3056 * present in the list of previous hsdirs.
3057 */
3065 }
3068 done:
3072 }
3074 /** These are all the reasons why a descriptor upload can't occur. We use
3075 * those to log the reason properly with the right rate limiting and for the
3076 * right descriptor. */
3085 /** Maximum number of reasons. This is used to allocate the static array of
3086 * all rate limiting objects. */
3087 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3089 /** Log the reason why we can't upload the given descriptor for the given
3090 * service. This takes a message string (allocated by the caller) and a
3091 * reason.
3092 *
3093 * Depending on the reason and descriptor, different rate limit applies. This
3094 * is done because this function will basically be called every second. Each
3095 * descriptor for each reason uses its own log rate limit object in order to
3096 * avoid message suppression for different reasons and descriptors. */
3097 static void
3101 {
3102 /* Writing the log every minute shouldn't be too annoying for log rate limit
3103 * since this can be emitted every second for each descriptor.
3104 *
3105 * However, for one specific case, we increase it to 10 minutes because it
3106 * is hit constantly, as an expected behavior, which is the reason
3107 * indicating that it is not the time to upload. */
3113 };
3122 /* Make sure the reason value is valid. It should never happen because we
3123 * control that value in the code flow but will be apparent during
3124 * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3125 * updated. */
3128 }
3130 /* Ease our life. Flag that tells us if the descriptor is the next one. */
3133 /* Current descriptor is the first element in the ratelimit object array.
3134 * The next descriptor is the second element. */
3136 /* Get the ratelimit object for the reason _and_ right descriptor. */
3143 }
3145 /** Return 1 if the given descriptor from the given service can be uploaded
3146 * else return 0 if it can not. */
3147 static int
3150 {
3157 /* If this descriptors has missing intro points that is that it couldn't get
3158 * them all when it was time to pick them, it means that we should upload
3159 * instead of waiting an arbitrary amount of time breaking the service.
3160 * Else, if we have no missing intro points, we use the value taken from the
3161 * service configuration. */
3166 }
3168 /* This means we tried to pick intro points but couldn't get any so do not
3169 * upload descriptor in this case. We need at least one for the service to
3170 * be reachable. */
3174 LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3176 }
3178 /* Check if all our introduction circuit have been established for all the
3179 * intro points we have selected. */
3185 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3187 }
3189 /* Is it the right time to upload? */
3194 LOG_DESC_UPLOAD_REASON_NOT_TIME);
3196 }
3198 /* Don't upload desc if we don't have a live consensus */
3202 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3204 }
3206 /* Do we know enough router descriptors to have adequate vision of the HSDir
3207 hash ring? */
3211 LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3213 }
3215 /* Can upload! */
3218 cannot:
3221 }
3223 /** Refresh the given service descriptor meaning this will update every mutable
3224 * field that needs to be updated before we upload.
3225 *
3226 * This should ONLY be called before uploading a descriptor. It assumes that
3227 * the descriptor has been built (desc->desc) and that all intro point
3228 * circuits have been established. */
3229 static void
3232 {
3233 /* There are few fields that we consider "mutable" in the descriptor meaning
3234 * we need to update them regurlarly over the lifetime fo the descriptor.
3235 * The rest are set once and should not be modified.
3236 *
3237 * - Signing key certificate.
3238 * - Revision counter.
3239 * - Introduction points which includes many thing. See
3240 * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3241 */
3243 /* Create the signing key certificate. */
3246 /* Build the intro points descriptor section. The refresh step is just
3247 * before we upload so all circuits have been properly established. */
3250 /* Set the desc revision counter right before uploading */
3252 }
3254 /** Scheduled event run from the main loop. Try to upload the descriptor for
3255 * each service. */
3256 STATIC void
3258 {
3259 /* v2 services use the same function for descriptor creation and upload so
3260 * we do everything here because the intro circuits were checked before. */
3264 }
3266 /* Run v3+ check. */
3269 /* If we were asked to re-examine the hash ring, and it changed, then
3270 schedule an upload */
3274 }
3276 /* Can this descriptor be uploaded? */
3279 }
3289 /* We are about to upload so we need to do one last step which is to
3290 * update the service's descriptor mutable fields in order to upload a
3291 * coherent descriptor. */
3294 /* Proceed with the upload, the descriptor is ready to be encoded. */
3299 /* We are done considering whether to republish rend descriptors */
3301 }
3303 /** Called when the introduction point circuit is done building and ready to be
3304 * used. */
3305 static void
3307 {
3314 /* Let's do some basic sanity checking of the circ state */
3317 }
3320 }
3323 }
3325 /* Get the corresponding service and intro point. */
3334 }
3341 }
3342 /* We can't have an IP object without a descriptor. */
3346 /* Getting here means that the circuit has been re-purposed because we
3347 * have enough intro circuit opened. Remove the IP from the service. */
3350 }
3354 err:
3355 /* Close circuit, we can't use it. */
3357 done:
3359 }
3361 /** Called when a rendezvous circuit is done building and ready to be used. */
3362 static void
3364 {
3369 /* Getting here means this is a v3 rendezvous circuit. */
3373 /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3374 * timestamp regardless of its content because that circuit could have been
3375 * cannibalized so in any cases, we are about to use that circuit more. */
3379 /* Get the corresponding service and intro point. */
3387 REND_COOKIE_LEN));
3389 }
3391 /* If the cell can't be sent, the circuit will be closed within this
3392 * function. */
3396 err:
3398 done:
3400 }
3402 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3403 * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3404 * introduction circuit. Return 0 on success else a negative value. */
3405 static int
3409 {
3417 /* We need the service and intro point for this cell. */
3420 /* Get service object from the circuit identifier. */
3427 }
3429 /* We don't recognize the key. */
3435 }
3437 /* Try to parse the payload into a cell making sure we do actually have a
3438 * valid cell. On success, the ip object and circuit purpose is updated to
3439 * reflect the fact that the introduction circuit is established. */
3443 }
3451 err:
3453 }
3455 /** We just received an INTRODUCE2 cell on the established introduction circuit
3456 * circ. Handle the cell and return 0 on success else a negative value. */
3457 static int
3460 {
3469 /* We'll need every object associated with this circuit. */
3472 /* Get service object from the circuit identifier. */
3479 }
3481 /* We don't recognize the key. */
3487 }
3488 /* If we have an IP object, we MUST have a descriptor object. */
3491 /* The following will parse, decode and launch the rendezvous point circuit.
3492 * Both current and legacy cells are handled. */
3496 }
3497 /* Update metrics that a new introduction was successful. */
3501 err:
3503 }
3505 /** Add to list every filename used by service. This is used by the sandbox
3506 * subsystem. */
3507 static void
3509 {
3516 /* Ease our life. */
3518 /* The hostname file. */
3520 /* The key files splitted in two. */
3525 }
3527 /** Return true iff the given service identity key is present on disk. */
3528 static int
3530 {
3537 /* Build the v3 key path name and then try to load it. */
3543 }
3549 }
3551 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3552 * because we need some preprocessing here */
3553 static int
3558 {
3566 /* If the client authorization is enabled, send the descriptor cookie to
3567 * hs_desc_encode_descriptor. Otherwise, send NULL */
3570 }
3576 }
3578 /* ========== */
3579 /* Public API */
3580 /* ========== */
3582 /** This is called everytime the service map (v2 or v3) changes that is if an
3583 * element is added or removed. */
3584 void
3586 {
3587 /* If we now have services where previously we had not, we need to enable
3588 * the HS service main loop event. If we changed to having no services, we
3589 * need to disable the event. */
3591 }
3593 /** Upload an encoded descriptor in encoded_desc of the given version. This
3594 * descriptor is for the service identity_pk and blinded_pk used to setup the
3595 * directory connection identifier. It is uploaded to the directory hsdir_rs
3596 * routerstatus_t object.
3597 *
3598 * NOTE: This function does NOT check for PublishHidServDescriptors because it
3599 * is only used by the control port command HSPOST outside of this subsystem.
3600 * Inside this code, upload_descriptor_to_hsdir() should be used. */
3601 void
3607 {
3610 hs_ident_dir_conn_t ident;
3617 /* Setup the connection identifier. */
3621 /* This is our resource when uploading which is used to construct the URL
3622 * with the version number: "/tor/hs/<version>/publish". */
3625 /* Build the directory request for this HSDir. */
3632 /* The ident object is copied over the directory connection object once
3633 * the directory request is initiated. */
3636 /* Initiate the directory request to the hsdir.*/
3639 }
3641 /** Add the ephemeral service using the secret key sk and ports. Both max
3642 * streams parameter will be set in the newly created service.
3643 *
3644 * Ownership of sk and ports is passed to this routine. Regardless of
3645 * success/failure, callers should not touch these values after calling this
3646 * routine, and may assume that correct cleanup has been done on failure.
3647 *
3648 * Return an appropriate hs_service_add_ephemeral_status_t. */
3649 hs_service_add_ephemeral_status_t
3653 {
3654 hs_service_add_ephemeral_status_t ret;
3663 /* Setup the service configuration with specifics. A default service is
3664 * HS_VERSION_TWO so explicitly set it. */
3672 /* Handle the keys. */
3680 }
3686 }
3688 /* Make sure we have at least one port. */
3694 }
3696 /* Build the onion address for logging purposes but also the control port
3697 * uses it for the HS_DESC event. */
3702 /* The only way the registration can fail is if the service public key
3703 * already exists. */
3709 }
3718 err:
3721 end:
3725 }
3727 /** For the given onion address, delete the ephemeral service. Return 0 on
3728 * success else -1 on error. */
3729 int
3731 {
3733 ed25519_public_key_t pk;
3741 }
3747 }
3754 }
3760 }
3762 /* Close introduction circuits, remove from map and finally free. Notice
3763 * that the rendezvous circuits aren't closed in order for any existing
3764 * connections to finish. We let the application terminate them. */
3773 err:
3775 }
3777 /** Using the ed25519 public key pk, find a service for that key and return the
3778 * current encoded descriptor as a newly allocated string or NULL if not
3779 * found. This is used by the control port subsystem. */
3782 {
3790 /* No matter what is the result (which should never be a failure), return
3791 * the encoded variable, if success it will contain the right thing else
3792 * it will be NULL. */
3798 }
3801 }
3803 /** Return the number of service we have configured and usable. */
3806 {
3809 }
3811 }
3813 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3814 * the hidden service for the circuit circ, and look up the port and address
3815 * based on the connection port. Assign the actual connection address.
3816 *
3817 * Return 0 on success. Return -1 on failure and the caller should NOT close
3818 * the circuit. Return -2 on failure and the caller MUST close the circuit for
3819 * security reasons. */
3820 int
3823 {
3838 /* We want the caller to close the circuit because it's not a valid
3839 * service so no danger. Attempting to bruteforce the entire key space by
3840 * opening circuits to learn which service is being hosted here is
3841 * impractical. */
3843 }
3845 /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3846 * this circuit will exceed the limit. */
3850 #define MAX_STREAM_WARN_INTERVAL 600
3854 "Maximum streams per circuit limit reached on "
3855 "rendezvous circuit %u for service %s. Circuit has "
3864 /* Service explicitly configured to close immediately. */
3866 }
3867 /* Exceeding the limit makes tor silently ignore the stream creation
3868 * request and keep the circuit open. */
3870 }
3872 /* Find a virtual port of that service mathcing the one in the connection if
3873 * successful, set the address in the connection. */
3879 /* Service explicitly allow connection to unknown ports so close right
3880 * away because we do not care about port mapping. */
3882 }
3883 /* If the service didn't explicitly allow it, we do NOT close the circuit
3884 * here to raise the bar in terms of performance for port mapping. */
3886 }
3888 /* Success. */
3890 err_close:
3891 /* Indicate the caller that the circuit should be closed. */
3893 err_no_close:
3894 /* Indicate the caller to NOT close the circuit. */
3896 }
3898 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
3899 * its clients? */
3900 hs_circuit_id_protocol_t
3902 {
3906 }
3909 }
3911 /** Add to file_list every filename used by a configured hidden service, and to
3912 * dir_list every directory path used by a configured hidden service. This is
3913 * used by the sandbox subsystem to allowlist those. */
3914 void
3917 {
3921 /* Add files and dirs for legacy services. */
3924 /* Add files and dirs for v3+. */
3926 /* Skip ephemeral service, they don't touch the disk. */
3929 }
3934 }
3936 /** Called when our internal view of the directory has changed. We might have
3937 * received a new batch of descriptors which might affect the shape of the
3938 * HSDir hash ring. Signal that we should reexamine the hash ring and
3939 * re-upload our HS descriptors if needed. */
3940 void
3942 {
3944 /* New directory information usually goes every consensus so rate limit
3945 * every 30 minutes to not be too conservative. */
3950 }
3951 }
3953 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
3954 * launch a circuit to the rendezvous point. */
3955 int
3958 {
3964 /* Do some initial validation and logging before we parse the cell */
3970 }
3978 }
3980 done:
3982 }
3984 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
3985 * established introduction point. Return 0 on success else a negative value
3986 * and the circuit is closed. */
3987 int
3991 {
4002 }
4004 /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
4005 * identifier hs_ident. Can't be both. */
4010 }
4014 }
4016 err:
4019 }
4021 /** Called when any kind of hidden service circuit is done building thus
4022 * opened. This is the entry point from the circuit subsystem. */
4023 void
4025 {
4028 /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
4029 * identifier hs_ident. Can't be both. */
4036 }
4043 }
4047 }
4048 }
4050 /** Return the service version by looking at the key in the service directory.
4051 * If the key is not found or unrecognized, -1 is returned. Else, the service
4052 * version is returned. */
4053 int
4055 {
4061 /* We'll try to load the key for version 3. If not found, we'll try version
4062 * 2 and if not found, we'll send back an unknown version (-1). */
4065 /* Version 3 check. */
4069 }
4070 /* Version 2 check. */
4074 }
4076 end:
4078 }
4080 /** Load and/or generate keys for all onion services including the client
4081 * authorization if any. Return 0 on success, -1 on failure. */
4082 int
4084 {
4085 /* Load v2 service keys if we have v2. */
4089 }
4090 }
4092 /* Load or/and generate them for v3+. */
4094 /* Ignore ephemeral service, they already have their keys set. */
4097 }
4102 }
4105 /* Final step, the staging list contains service in a quiescent state that
4106 * is ready to be used. Register them to the global map. Once this is over,
4107 * the staging list will be cleaned up. */
4110 /* All keys have been loaded successfully. */
4112 err:
4114 }
4116 /** Log the status of introduction points for all version 3 onion services
4117 * at log severity <b>severity</b>.
4118 */
4119 void
4121 {
4140 }
4144 }
4149 nickname);
4151 }
4158 }
4160 /** Put all service object in the given service list. After this, the caller
4161 * looses ownership of every elements in the list and responsible to free the
4162 * list pointer. */
4163 void
4165 {
4167 /* This list is freed at registration time but this function can be called
4168 * multiple time. */
4171 }
4172 /* Add all service object to our staging list. Caller is responsible for
4173 * freeing the service_list. */
4175 }
4177 /** Return a newly allocated list of all the service's metrics store. */
4178 smartlist_t *
4180 {
4187 }
4190 }
4192 /** Lookup the global service map for the given identitiy public key and
4193 * return the service object if found, NULL if not. */
4194 hs_service_t *
4196 {
4201 }
4203 }
4205 /** Allocate and initilize a service object. The service configuration will
4206 * contain the default values. Return the newly allocated object pointer. This
4207 * function can't fail. */
4208 hs_service_t *
4210 {
4212 /* Set default configuration value. */
4214 /* Set the default service version. */
4216 /* Allocate the CLIENT_PK replay cache in service state. */
4221 }
4223 /** Free the given <b>service</b> object and all its content. This function
4224 * also takes care of wiping service keys from memory. It is safe to pass a
4225 * NULL pointer. */
4226 void
4228 {
4231 }
4233 /* Free descriptors. Go over both descriptor with this loop. */
4238 /* Free service configuration. */
4241 /* Free replay cache from state. */
4244 }
4246 /* Free onionbalance subcredentials (if any) */
4249 }
4251 /* Free metrics object. */
4254 /* Wipe service keys. */
4258 }
4260 /** Periodic callback. Entry point from the main loop to the HS service
4261 * subsystem. This is call every second. This is skipped if tor can't build a
4262 * circuit or the network is disabled. */
4263 void
4265 {
4266 /* First thing we'll do here is to make sure our services are in a
4267 * quiescent state for the scheduled events. */
4270 /* Order matters here. We first make sure the descriptor object for each
4271 * service contains the latest data. Once done, we check if we need to open
4272 * new introduction circuit. Finally, we try to upload the descriptor for
4273 * each service. */
4275 /* Make sure descriptors are up to date. */
4277 /* Make sure services have enough circuits. */
4279 /* Upload the descriptors if needed/possible. */
4281 }
4283 /** Initialize the service HS subsystem. */
4284 void
4286 {
4287 /* Should never be called twice. */
4291 /* v2 specific. */
4298 }
4300 /** Release all global storage of the hidden service subsystem. */
4301 void
4303 {
4307 }
4309 #ifdef TOR_UNIT_TESTS
4311 /** Return the global service map size. Only used by unit test. */
4312 STATIC unsigned int
4314 {
4316 }
4318 /** Return the staging list size. Only used by unit test. */
4319 STATIC int
4321 {
4323 }
4325 STATIC hs_service_ht *
4327 {
4329 }
4331 STATIC hs_service_t *
4333 {
4337 }
4339 }