1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
6 * \brief Implement next generation hidden service functionality
9 #define HS_SERVICE_PRIVATE
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "app/config/statefile.h"
14 #include "core/mainloop/connection.h"
15 #include "core/mainloop/mainloop.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
19 #include "core/or/extendinfo.h"
20 #include "core/or/relay.h"
21 #include "feature/client/circpathbias.h"
22 #include "feature/dirclient/dirclient.h"
23 #include "feature/dircommon/directory.h"
24 #include "feature/hs_common/shared_random_client.h"
25 #include "feature/keymgt/loadkey.h"
26 #include "feature/nodelist/describe.h"
27 #include "feature/nodelist/networkstatus.h"
28 #include "feature/nodelist/nickname.h"
29 #include "feature/nodelist/node_select.h"
30 #include "feature/nodelist/nodelist.h"
31 #include "feature/rend/rendservice.h"
32 #include "lib/crypt_ops/crypto_ope.h"
33 #include "lib/crypt_ops/crypto_rand.h"
34 #include "lib/crypt_ops/crypto_util.h"
36 #include "feature/hs/hs_circuit.h"
37 #include "feature/hs/hs_common.h"
38 #include "feature/hs/hs_config.h"
39 #include "feature/hs/hs_control.h"
40 #include "feature/hs/hs_descriptor.h"
41 #include "feature/hs/hs_ident.h"
42 #include "feature/hs/hs_intropoint.h"
43 #include "feature/hs/hs_metrics.h"
44 #include "feature/hs/hs_service.h"
45 #include "feature/hs/hs_stats.h"
46 #include "feature/hs/hs_ob.h"
48 #include "feature/dircommon/dir_connection_st.h"
49 #include "core/or/edge_connection_st.h"
50 #include "core/or/extend_info_st.h"
51 #include "feature/nodelist/networkstatus_st.h"
52 #include "feature/nodelist/node_st.h"
53 #include "core/or/origin_circuit_st.h"
54 #include "app/config/or_state_st.h"
55 #include "feature/nodelist/routerstatus_st.h"
57 #include "lib/encoding/confline.h"
58 #include "lib/crypt_ops/crypto_format.h"
61 #include "trunnel/ed25519_cert.h"
62 #include "trunnel/hs/cell_common.h"
63 #include "trunnel/hs/cell_establish_intro.h"
65 #ifdef HAVE_SYS_STAT_H
73 /** Helper macro. Iterate over every service in the global map. The var is the
74 * name of the service pointer. */
75 #define FOR_EACH_SERVICE_BEGIN(var) \
77 hs_service_t **var##_iter, *var; \
78 HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
80 #define FOR_EACH_SERVICE_END } STMT_END ;
82 /** Helper macro. Iterate over both current and previous descriptor of a
83 * service. The var is the name of the descriptor pointer. This macro skips
84 * any descriptor object of the service that is NULL. */
85 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
87 hs_service_descriptor_t *var; \
88 for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
89 ++var ## _loop_idx) { \
90 (var ## _loop_idx == 0) ? (var = service->desc_current) : \
91 (var = service->desc_next); \
92 if (var == NULL) continue;
93 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
94 #endif /* !defined(COCCI) */
96 /* Onion service directory file names. */
97 static const char fname_keyfile_prefix
[] = "hs_ed25519";
98 static const char dname_client_pubkeys
[] = "authorized_clients";
99 static const char fname_hostname
[] = "hostname";
100 static const char address_tld
[] = "onion";
102 /** Staging list of service object. When configuring service, we add them to
103 * this list considered a staging area and they will get added to our global
104 * map once the keys have been loaded. These two steps are separated because
105 * loading keys requires that we are an actual running tor process. */
106 static smartlist_t
*hs_service_staging_list
;
108 /** True if the list of available router descriptors might have changed which
109 * might result in an altered hash ring. Check if the hash ring changed and
110 * reupload if needed */
111 static int consider_republishing_hs_descriptors
= 0;
113 /* Static declaration. */
114 static int load_client_keys(hs_service_t
*service
);
115 static void set_descriptor_revision_counter(hs_service_descriptor_t
*hs_desc
,
116 time_t now
, bool is_current
);
117 static int build_service_desc_superencrypted(const hs_service_t
*service
,
118 hs_service_descriptor_t
*desc
);
119 static void move_descriptors(hs_service_t
*src
, hs_service_t
*dst
);
120 static int service_encode_descriptor(const hs_service_t
*service
,
121 const hs_service_descriptor_t
*desc
,
122 const ed25519_keypair_t
*signing_kp
,
125 /** Helper: Function to compare two objects in the service map. Return 1 if the
126 * two service have the same master public identity key. */
128 hs_service_ht_eq(const hs_service_t
*first
, const hs_service_t
*second
)
132 /* Simple key compare. */
133 return ed25519_pubkey_eq(&first
->keys
.identity_pk
,
134 &second
->keys
.identity_pk
);
137 /** Helper: Function for the service hash table code below. The key used is the
138 * master public identity key which is ultimately the onion address. */
139 static inline unsigned int
140 hs_service_ht_hash(const hs_service_t
*service
)
143 return (unsigned int) siphash24g(service
->keys
.identity_pk
.pubkey
,
144 sizeof(service
->keys
.identity_pk
.pubkey
));
147 /** This is _the_ global hash map of hidden services which indexed the service
148 * contained in it by master public identity key which is roughly the onion
149 * address of the service. */
150 static struct hs_service_ht
*hs_service_map
;
152 /* Register the service hash table. */
153 HT_PROTOTYPE(hs_service_ht
, /* Name of hashtable. */
154 hs_service_t
, /* Object contained in the map. */
155 hs_service_node
, /* The name of the HT_ENTRY member. */
156 hs_service_ht_hash
, /* Hashing function. */
157 hs_service_ht_eq
); /* Compare function for objects. */
159 HT_GENERATE2(hs_service_ht
, hs_service_t
, hs_service_node
,
160 hs_service_ht_hash
, hs_service_ht_eq
,
161 0.6, tor_reallocarray
, tor_free_
);
163 /** Query the given service map with a public key and return a service object
164 * if found else NULL. It is also possible to set a directory path in the
165 * search query. If pk is NULL, then it will be set to zero indicating the
166 * hash table to compare the directory path instead. */
167 STATIC hs_service_t
*
168 find_service(hs_service_ht
*map
, const ed25519_public_key_t
*pk
)
170 hs_service_t dummy_service
;
173 memset(&dummy_service
, 0, sizeof(dummy_service
));
174 ed25519_pubkey_copy(&dummy_service
.keys
.identity_pk
, pk
);
175 return HT_FIND(hs_service_ht
, map
, &dummy_service
);
178 /** Register the given service in the given map. If the service already exists
179 * in the map, -1 is returned. On success, 0 is returned and the service
180 * ownership has been transferred to the global map. */
182 register_service(hs_service_ht
*map
, hs_service_t
*service
)
186 tor_assert(!ed25519_public_key_is_zero(&service
->keys
.identity_pk
));
188 if (find_service(map
, &service
->keys
.identity_pk
)) {
189 /* Existing service with the same key. Do not register it. */
192 /* Taking ownership of the object at this point. */
193 HT_INSERT(hs_service_ht
, map
, service
);
195 /* If we just modified the global map, we notify. */
196 if (map
== hs_service_map
) {
197 hs_service_map_has_changed();
200 hs_metrics_service_init(service
);
205 /** Remove a given service from the given map. If service is NULL or the
206 * service key is unset, return gracefully. */
208 remove_service(hs_service_ht
*map
, hs_service_t
*service
)
214 /* Ignore if no service or key is zero. */
215 if (BUG(service
== NULL
) ||
216 BUG(ed25519_public_key_is_zero(&service
->keys
.identity_pk
))) {
220 elm
= HT_REMOVE(hs_service_ht
, map
, service
);
222 tor_assert(elm
== service
);
224 log_warn(LD_BUG
, "Could not find service in the global map "
225 "while removing service %s",
226 escaped(service
->config
.directory_path
));
229 /* If we just modified the global map, we notify. */
230 if (map
== hs_service_map
) {
231 hs_service_map_has_changed();
235 /** Set the default values for a service configuration object <b>c</b>. */
237 set_service_default_config(hs_service_config_t
*c
,
238 const or_options_t
*options
)
242 c
->ports
= smartlist_new();
243 c
->directory_path
= NULL
;
244 c
->max_streams_per_rdv_circuit
= 0;
245 c
->max_streams_close_circuit
= 0;
246 c
->num_intro_points
= NUM_INTRO_POINTS_DEFAULT
;
247 c
->allow_unknown_ports
= 0;
248 c
->is_single_onion
= 0;
249 c
->dir_group_readable
= 0;
251 c
->has_dos_defense_enabled
= HS_CONFIG_V3_DOS_DEFENSE_DEFAULT
;
252 c
->intro_dos_rate_per_sec
= HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT
;
253 c
->intro_dos_burst_per_sec
= HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT
;
256 /** From a service configuration object config, clear everything from it
257 * meaning free allocated pointers and reset the values. */
259 service_clear_config(hs_service_config_t
*config
)
261 if (config
== NULL
) {
264 tor_free(config
->directory_path
);
266 SMARTLIST_FOREACH(config
->ports
, rend_service_port_config_t
*, p
,
267 rend_service_port_config_free(p
););
268 smartlist_free(config
->ports
);
270 if (config
->clients
) {
271 SMARTLIST_FOREACH(config
->clients
, hs_service_authorized_client_t
*, p
,
272 service_authorized_client_free(p
));
273 smartlist_free(config
->clients
);
275 if (config
->ob_master_pubkeys
) {
276 SMARTLIST_FOREACH(config
->ob_master_pubkeys
, ed25519_public_key_t
*, k
,
278 smartlist_free(config
->ob_master_pubkeys
);
280 memset(config
, 0, sizeof(*config
));
283 /** Helper function to return a human readable description of the given intro
286 * This function is not thread-safe. Each call to this invalidates the
287 * previous values returned by it. */
289 describe_intro_point(const hs_service_intro_point_t
*ip
)
291 /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
292 * byte hence the plus two. */
293 static char buf
[HEX_DIGEST_LEN
+ 2];
294 const char *legacy_id
= NULL
;
296 SMARTLIST_FOREACH_BEGIN(ip
->base
.link_specifiers
,
297 const link_specifier_t
*, lspec
) {
298 if (link_specifier_get_ls_type(lspec
) == LS_LEGACY_ID
) {
299 legacy_id
= (const char *)
300 link_specifier_getconstarray_un_legacy_id(lspec
);
303 } SMARTLIST_FOREACH_END(lspec
);
305 /* For now, we only print the identity digest but we could improve this with
306 * much more information such as the ed25519 identity has well. */
309 base16_encode(buf
+ 1, HEX_DIGEST_LEN
+ 1, legacy_id
, DIGEST_LEN
);
315 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
316 * rotate intro point (defined by a consensus parameter or the default
319 get_intro_point_min_introduce2(void)
321 /* The [0, 2147483647] range is quite large to accommodate anything we decide
323 return networkstatus_get_param(NULL
, "hs_intro_min_introduce2",
324 INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
,
328 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
329 * rotate intro point (defined by a consensus parameter or the default
332 get_intro_point_max_introduce2(void)
334 /* The [0, 2147483647] range is quite large to accommodate anything we decide
336 return networkstatus_get_param(NULL
, "hs_intro_max_introduce2",
337 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS
,
341 /** Return the minimum lifetime in seconds of an introduction point defined by
342 * a consensus parameter or the default value. */
344 get_intro_point_min_lifetime(void)
346 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
347 if (get_options()->TestingTorNetwork
) {
348 return MIN_INTRO_POINT_LIFETIME_TESTING
;
351 /* The [0, 2147483647] range is quite large to accommodate anything we decide
353 return networkstatus_get_param(NULL
, "hs_intro_min_lifetime",
354 INTRO_POINT_LIFETIME_MIN_SECONDS
,
358 /** Return the maximum lifetime in seconds of an introduction point defined by
359 * a consensus parameter or the default value. */
361 get_intro_point_max_lifetime(void)
363 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
364 if (get_options()->TestingTorNetwork
) {
365 return MAX_INTRO_POINT_LIFETIME_TESTING
;
368 /* The [0, 2147483647] range is quite large to accommodate anything we decide
370 return networkstatus_get_param(NULL
, "hs_intro_max_lifetime",
371 INTRO_POINT_LIFETIME_MAX_SECONDS
,
375 /** Return the number of extra introduction point defined by a consensus
376 * parameter or the default value. */
378 get_intro_point_num_extra(void)
380 /* The [0, 128] range bounds the number of extra introduction point allowed.
381 * Above 128 intro points, it's getting a bit crazy. */
382 return networkstatus_get_param(NULL
, "hs_intro_num_extra",
383 NUM_INTRO_POINTS_EXTRA
, 0, 128);
386 /** Helper: Function that needs to return 1 for the HT for each loop which
387 * frees every service in an hash map. */
389 ht_free_service_(struct hs_service_t
*service
, void *data
)
392 hs_service_free(service
);
393 /* This function MUST return 1 so the given object is then removed from the
394 * service map leading to this free of the object being safe. */
398 /** Free every service that can be found in the global map. Once done, clear
399 * and free the global map. */
401 service_free_all(void)
403 if (hs_service_map
) {
404 /* The free helper function returns 1 so this is safe. */
405 hs_service_ht_HT_FOREACH_FN(hs_service_map
, ht_free_service_
, NULL
);
406 HT_CLEAR(hs_service_ht
, hs_service_map
);
407 tor_free(hs_service_map
);
408 hs_service_map
= NULL
;
411 if (hs_service_staging_list
) {
412 /* Cleanup staging list. */
413 SMARTLIST_FOREACH(hs_service_staging_list
, hs_service_t
*, s
,
415 smartlist_free(hs_service_staging_list
);
416 hs_service_staging_list
= NULL
;
420 /** Free a given service intro point object. */
422 service_intro_point_free_(hs_service_intro_point_t
*ip
)
427 memwipe(&ip
->auth_key_kp
, 0, sizeof(ip
->auth_key_kp
));
428 memwipe(&ip
->enc_key_kp
, 0, sizeof(ip
->enc_key_kp
));
429 crypto_pk_free(ip
->legacy_key
);
430 replaycache_free(ip
->replay_cache
);
431 hs_intropoint_clear(&ip
->base
);
435 /** Helper: free an hs_service_intro_point_t object. This function is used by
436 * digest256map_free() which requires a void * pointer. */
438 service_intro_point_free_void(void *obj
)
440 service_intro_point_free_(obj
);
443 /** Return a newly allocated service intro point and fully initialized from the
444 * given node_t node, if non NULL.
446 * If node is NULL, returns a hs_service_intro_point_t with an empty link
447 * specifier list and no onion key. (This is used for testing.)
448 * On any other error, NULL is returned.
450 * node must be an node_t with an IPv4 address. */
451 STATIC hs_service_intro_point_t
*
452 service_intro_point_new(const node_t
*node
)
454 hs_service_intro_point_t
*ip
;
456 ip
= tor_malloc_zero(sizeof(*ip
));
457 /* We'll create the key material. No need for extra strong, those are short
459 ed25519_keypair_generate(&ip
->auth_key_kp
, 0);
461 { /* Set introduce2 max cells limit */
462 int32_t min_introduce2_cells
= get_intro_point_min_introduce2();
463 int32_t max_introduce2_cells
= get_intro_point_max_introduce2();
464 if (BUG(max_introduce2_cells
< min_introduce2_cells
)) {
467 ip
->introduce2_max
= crypto_rand_int_range(min_introduce2_cells
,
468 max_introduce2_cells
);
470 { /* Set intro point lifetime */
471 int32_t intro_point_min_lifetime
= get_intro_point_min_lifetime();
472 int32_t intro_point_max_lifetime
= get_intro_point_max_lifetime();
473 if (BUG(intro_point_max_lifetime
< intro_point_min_lifetime
)) {
476 ip
->time_to_expire
= approx_time() +
477 crypto_rand_int_range(intro_point_min_lifetime
,intro_point_max_lifetime
);
480 ip
->replay_cache
= replaycache_new(0, 0);
482 /* Initialize the base object. We don't need the certificate object. */
483 ip
->base
.link_specifiers
= node_get_link_specifier_smartlist(node
, 0);
489 /* Generate the encryption key for this intro point. */
490 curve25519_keypair_generate(&ip
->enc_key_kp
, 0);
491 /* Figure out if this chosen node supports v3 or is legacy only.
492 * NULL nodes are used in the unit tests. */
493 if (!node_supports_ed25519_hs_intro(node
)) {
494 ip
->base
.is_only_legacy
= 1;
495 /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
496 ip
->legacy_key
= crypto_pk_new();
497 if (crypto_pk_generate_key(ip
->legacy_key
) < 0) {
500 if (crypto_pk_get_digest(ip
->legacy_key
,
501 (char *) ip
->legacy_key_digest
) < 0) {
506 /* Flag if this intro point supports the INTRO2 dos defenses. */
507 ip
->support_intro2_dos_defense
=
508 node_supports_establish_intro_dos_extension(node
);
510 /* Finally, copy onion key from the node. */
511 memcpy(&ip
->onion_key
, node_get_curve25519_onion_key(node
),
512 sizeof(ip
->onion_key
));
517 service_intro_point_free(ip
);
521 /** Add the given intro point object to the given intro point map. The intro
522 * point MUST have its RSA encryption key set if this is a legacy type or the
523 * authentication key set otherwise. */
525 service_intro_point_add(digest256map_t
*map
, hs_service_intro_point_t
*ip
)
527 hs_service_intro_point_t
*old_ip_entry
;
532 old_ip_entry
= digest256map_set(map
, ip
->auth_key_kp
.pubkey
.pubkey
, ip
);
533 /* Make sure we didn't just try to double-add an intro point */
534 tor_assert_nonfatal(!old_ip_entry
);
537 /** For a given service, remove the intro point from that service's descriptors
538 * (check both current and next descriptor) */
540 service_intro_point_remove(const hs_service_t
*service
,
541 const hs_service_intro_point_t
*ip
)
546 /* Trying all descriptors. */
547 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
548 /* We'll try to remove the descriptor on both descriptors which is not
549 * very expensive to do instead of doing loopup + remove. */
550 digest256map_remove(desc
->intro_points
.map
,
551 ip
->auth_key_kp
.pubkey
.pubkey
);
552 } FOR_EACH_DESCRIPTOR_END
;
555 /** For a given service and authentication key, return the intro point or NULL
556 * if not found. This will check both descriptors in the service. */
557 STATIC hs_service_intro_point_t
*
558 service_intro_point_find(const hs_service_t
*service
,
559 const ed25519_public_key_t
*auth_key
)
561 hs_service_intro_point_t
*ip
= NULL
;
564 tor_assert(auth_key
);
566 /* Trying all descriptors to find the right intro point.
568 * Even if we use the same node as intro point in both descriptors, the node
569 * will have a different intro auth key for each descriptor since we generate
570 * a new one everytime we pick an intro point.
572 * After #22893 gets implemented, intro points will be moved to be
573 * per-service instead of per-descriptor so this function will need to
576 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
577 if ((ip
= digest256map_get(desc
->intro_points
.map
,
578 auth_key
->pubkey
)) != NULL
) {
581 } FOR_EACH_DESCRIPTOR_END
;
586 /** For a given service and intro point, return the descriptor for which the
587 * intro point is assigned to. NULL is returned if not found. */
588 STATIC hs_service_descriptor_t
*
589 service_desc_find_by_intro(const hs_service_t
*service
,
590 const hs_service_intro_point_t
*ip
)
592 hs_service_descriptor_t
*descp
= NULL
;
597 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
598 if (digest256map_get(desc
->intro_points
.map
,
599 ip
->auth_key_kp
.pubkey
.pubkey
)) {
603 } FOR_EACH_DESCRIPTOR_END
;
608 /** From a circuit identifier, get all the possible objects associated with the
609 * ident. If not NULL, service, ip or desc are set if the object can be found.
610 * They are untouched if they can't be found.
612 * This is an helper function because we do those lookups often so it's more
613 * convenient to simply call this functions to get all the things at once. */
615 get_objects_from_ident(const hs_ident_circuit_t
*ident
,
616 hs_service_t
**service
, hs_service_intro_point_t
**ip
,
617 hs_service_descriptor_t
**desc
)
623 /* Get service object from the circuit identifier. */
624 s
= find_service(hs_service_map
, &ident
->identity_pk
);
629 /* From the service object, get the intro point object of that circuit. The
630 * following will query both descriptors intro points list. */
632 *ip
= service_intro_point_find(s
, &ident
->intro_auth_pk
);
635 /* Get the descriptor for this introduction point and service. */
636 if (s
&& ip
&& *ip
&& desc
) {
637 *desc
= service_desc_find_by_intro(s
, *ip
);
641 /** From a given intro point, return the first link specifier of type
642 * encountered in the link specifier list. Return NULL if it can't be found.
644 * The caller does NOT have ownership of the object, the intro point does. */
645 static link_specifier_t
*
646 get_link_spec_by_type(const hs_service_intro_point_t
*ip
, uint8_t type
)
648 link_specifier_t
*lnk_spec
= NULL
;
652 SMARTLIST_FOREACH_BEGIN(ip
->base
.link_specifiers
,
653 link_specifier_t
*, ls
) {
654 if (link_specifier_get_ls_type(ls
) == type
) {
658 } SMARTLIST_FOREACH_END(ls
);
664 /** Given a service intro point, return the node_t associated to it. This can
665 * return NULL if the given intro point has no legacy ID or if the node can't
666 * be found in the consensus. */
667 STATIC
const node_t
*
668 get_node_from_intro_point(const hs_service_intro_point_t
*ip
)
670 const link_specifier_t
*ls
;
674 ls
= get_link_spec_by_type(ip
, LS_LEGACY_ID
);
678 /* XXX In the future, we want to only use the ed25519 ID (#22173). */
679 return node_get_by_id(
680 (const char *) link_specifier_getconstarray_un_legacy_id(ls
));
683 /** Given a service intro point, return the extend_info_t for it. This can
684 * return NULL if the node can't be found for the intro point or the extend
685 * info can't be created for the found node. If direct_conn is set, the extend
686 * info is validated on if we can connect directly. */
687 static extend_info_t
*
688 get_extend_info_from_intro_point(const hs_service_intro_point_t
*ip
,
689 unsigned int direct_conn
)
691 extend_info_t
*info
= NULL
;
696 node
= get_node_from_intro_point(ip
);
698 /* This can happen if the relay serving as intro point has been removed
699 * from the consensus. In that case, the intro point will be removed from
700 * the descriptor during the scheduled events. */
704 /* In the case of a direct connection (single onion service), it is possible
705 * our firewall policy won't allow it so this can return a NULL value. */
706 info
= extend_info_from_node(node
, direct_conn
);
712 /** Return the number of introduction points that are established for the
713 * given descriptor. */
714 MOCK_IMPL(STATIC
unsigned int,
715 count_desc_circuit_established
, (const hs_service_descriptor_t
*desc
))
717 unsigned int count
= 0;
721 DIGEST256MAP_FOREACH(desc
->intro_points
.map
, key
,
722 const hs_service_intro_point_t
*, ip
) {
723 count
+= !!hs_circ_service_get_established_intro_circ(ip
);
724 } DIGEST256MAP_FOREACH_END
;
729 /** For a given service and descriptor of that service, close all active
730 * directory connections. */
732 close_directory_connections(const hs_service_t
*service
,
733 const hs_service_descriptor_t
*desc
)
735 unsigned int count
= 0;
736 smartlist_t
*dir_conns
;
741 /* Close pending HS desc upload connections for the blinded key of 'desc'. */
742 dir_conns
= connection_list_by_type_purpose(CONN_TYPE_DIR
,
743 DIR_PURPOSE_UPLOAD_HSDESC
);
744 SMARTLIST_FOREACH_BEGIN(dir_conns
, connection_t
*, conn
) {
745 dir_connection_t
*dir_conn
= TO_DIR_CONN(conn
);
746 if (ed25519_pubkey_eq(&dir_conn
->hs_ident
->identity_pk
,
747 &service
->keys
.identity_pk
) &&
748 ed25519_pubkey_eq(&dir_conn
->hs_ident
->blinded_pk
,
749 &desc
->blinded_kp
.pubkey
)) {
750 connection_mark_for_close(conn
);
754 } SMARTLIST_FOREACH_END(conn
);
756 log_info(LD_REND
, "Closed %u active service directory connections for "
757 "descriptor %s of service %s",
758 count
, safe_str_client(ed25519_fmt(&desc
->blinded_kp
.pubkey
)),
759 safe_str_client(service
->onion_address
));
760 /* We don't have ownership of the objects in this list. */
761 smartlist_free(dir_conns
);
764 /** Close all rendezvous circuits for the given service. */
766 close_service_rp_circuits(hs_service_t
*service
)
768 origin_circuit_t
*ocirc
= NULL
;
772 /* The reason we go over all circuit instead of using the circuitmap API is
773 * because most hidden service circuits are rendezvous circuits so there is
774 * no real improvement at getting all rendezvous circuits from the
775 * circuitmap and then going over them all to find the right ones.
776 * Furthermore, another option would have been to keep a list of RP cookies
777 * for a service but it creates an engineering complexity since we don't
778 * have a "RP circuit closed" event to clean it up properly so we avoid a
779 * memory DoS possibility. */
781 while ((ocirc
= circuit_get_next_service_rp_circ(ocirc
))) {
782 /* Only close circuits that are v3 and for this service. */
783 if (ocirc
->hs_ident
!= NULL
&&
784 ed25519_pubkey_eq(ô
->hs_ident
->identity_pk
,
785 &service
->keys
.identity_pk
)) {
786 /* Reason is FINISHED because service has been removed and thus the
787 * circuit is considered old/uneeded. When freed, it is removed from the
789 circuit_mark_for_close(TO_CIRCUIT(ocirc
), END_CIRC_REASON_FINISHED
);
794 /** Close the circuit(s) for the given map of introduction points. */
796 close_intro_circuits(hs_service_intropoints_t
*intro_points
)
798 tor_assert(intro_points
);
800 DIGEST256MAP_FOREACH(intro_points
->map
, key
,
801 const hs_service_intro_point_t
*, ip
) {
802 origin_circuit_t
*ocirc
= hs_circ_service_get_intro_circ(ip
);
804 /* Reason is FINISHED because service has been removed and thus the
805 * circuit is considered old/uneeded. When freed, the circuit is removed
806 * from the HS circuitmap. */
807 circuit_mark_for_close(TO_CIRCUIT(ocirc
), END_CIRC_REASON_FINISHED
);
809 } DIGEST256MAP_FOREACH_END
;
812 /** Close all introduction circuits for the given service. */
814 close_service_intro_circuits(hs_service_t
*service
)
818 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
819 close_intro_circuits(&desc
->intro_points
);
820 } FOR_EACH_DESCRIPTOR_END
;
823 /** Close any circuits related to the given service. */
825 close_service_circuits(hs_service_t
*service
)
829 /* Only support for version >= 3. */
830 if (BUG(service
->config
.version
< HS_VERSION_THREE
)) {
833 /* Close intro points. */
834 close_service_intro_circuits(service
);
835 /* Close rendezvous points. */
836 close_service_rp_circuits(service
);
839 /** Move every ephemeral services from the src service map to the dst service
840 * map. It is possible that a service can't be register to the dst map which
841 * won't stop the process of moving them all but will trigger a log warn. */
843 move_ephemeral_services(hs_service_ht
*src
, hs_service_ht
*dst
)
845 hs_service_t
**iter
, **next
;
850 /* Iterate over the map to find ephemeral service and move them to the other
851 * map. We loop using this method to have a safe removal process. */
852 for (iter
= HT_START(hs_service_ht
, src
); iter
!= NULL
; iter
= next
) {
853 hs_service_t
*s
= *iter
;
854 if (!s
->config
.is_ephemeral
) {
855 /* Yeah, we are in a very manual loop :). */
856 next
= HT_NEXT(hs_service_ht
, src
, iter
);
859 /* Remove service from map and then register to it to the other map.
860 * Reminder that "*iter" and "s" are the same thing. */
861 next
= HT_NEXT_RMV(hs_service_ht
, src
, iter
);
862 if (register_service(dst
, s
) < 0) {
863 log_warn(LD_BUG
, "Ephemeral service key is already being used. "
869 /** Return a const string of the directory path escaped. If this is an
870 * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
871 * the main thread because escaped() uses a static variable. */
873 service_escaped_dir(const hs_service_t
*s
)
875 return (s
->config
.is_ephemeral
) ? "[EPHEMERAL]" :
876 escaped(s
->config
.directory_path
);
879 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
880 * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
882 move_hs_state(hs_service_t
*src_service
, hs_service_t
*dst_service
)
884 tor_assert(src_service
);
885 tor_assert(dst_service
);
887 hs_service_state_t
*src
= &src_service
->state
;
888 hs_service_state_t
*dst
= &dst_service
->state
;
890 /* Let's do a shallow copy */
891 dst
->intro_circ_retry_started_time
= src
->intro_circ_retry_started_time
;
892 dst
->num_intro_circ_launched
= src
->num_intro_circ_launched
;
893 /* Freeing a NULL replaycache triggers an info LD_BUG. */
894 if (dst
->replay_cache_rend_cookie
!= NULL
) {
895 replaycache_free(dst
->replay_cache_rend_cookie
);
898 dst
->replay_cache_rend_cookie
= src
->replay_cache_rend_cookie
;
899 src
->replay_cache_rend_cookie
= NULL
; /* steal pointer reference */
901 dst
->next_rotation_time
= src
->next_rotation_time
;
903 if (src
->ob_subcreds
) {
904 dst
->ob_subcreds
= src
->ob_subcreds
;
905 dst
->n_ob_subcreds
= src
->n_ob_subcreds
;
907 src
->ob_subcreds
= NULL
; /* steal pointer reference */
911 /** Register services that are in the staging list. Once this function returns,
912 * the global service map will be set with the right content and all non
913 * surviving services will be cleaned up. */
915 register_all_services(void)
917 struct hs_service_ht
*new_service_map
;
919 tor_assert(hs_service_staging_list
);
921 /* Allocate a new map that will replace the current one. */
922 new_service_map
= tor_malloc_zero(sizeof(*new_service_map
));
923 HT_INIT(hs_service_ht
, new_service_map
);
925 /* First step is to transfer all ephemeral services from the current global
926 * map to the new one we are constructing. We do not prune ephemeral
927 * services as the only way to kill them is by deleting it from the control
928 * port or stopping the tor daemon. */
929 move_ephemeral_services(hs_service_map
, new_service_map
);
931 SMARTLIST_FOREACH_BEGIN(hs_service_staging_list
, hs_service_t
*, snew
) {
934 /* Check if that service is already in our global map and if so, we'll
935 * transfer the intro points to it. */
936 s
= find_service(hs_service_map
, &snew
->keys
.identity_pk
);
938 /* Pass ownership of the descriptors from s (the current service) to
939 * snew (the newly configured one). */
940 move_descriptors(s
, snew
);
941 move_hs_state(s
, snew
);
942 /* Remove the service from the global map because after this, we need to
943 * go over the remaining service in that map that aren't surviving the
944 * reload to close their circuits. */
945 remove_service(hs_service_map
, s
);
948 /* Great, this service is now ready to be added to our new map. */
949 if (BUG(register_service(new_service_map
, snew
) < 0)) {
950 /* This should never happen because prior to registration, we validate
951 * every service against the entire set. Not being able to register a
952 * service means we failed to validate correctly. In that case, don't
953 * break tor and ignore the service but tell user. */
954 log_warn(LD_BUG
, "Unable to register service with directory %s",
955 service_escaped_dir(snew
));
956 SMARTLIST_DEL_CURRENT(hs_service_staging_list
, snew
);
957 hs_service_free(snew
);
959 } SMARTLIST_FOREACH_END(snew
);
961 /* Close any circuits associated with the non surviving services. Every
962 * service in the current global map are roaming. */
963 FOR_EACH_SERVICE_BEGIN(service
) {
964 close_service_circuits(service
);
965 } FOR_EACH_SERVICE_END
;
967 /* Time to make the switch. We'll clear the staging list because its content
968 * has now changed ownership to the map. */
969 smartlist_clear(hs_service_staging_list
);
971 hs_service_map
= new_service_map
;
972 /* We've just register services into the new map and now we've replaced the
973 * global map with it so we have to notify that the change happened. When
974 * registering a service, the notify is only triggered if the destination
975 * map is the global map for which in here it was not. */
976 hs_service_map_has_changed();
979 /** Write the onion address of a given service to the given filename fname_ in
980 * the service directory. Return 0 on success else -1 on error. */
982 write_address_to_file(const hs_service_t
*service
, const char *fname_
)
986 char *addr_buf
= NULL
;
991 /* Construct the full address with the onion tld and write the hostname file
993 tor_asprintf(&addr_buf
, "%s.%s\n", service
->onion_address
, address_tld
);
994 /* Notice here that we use the given "fname_". */
995 fname
= hs_path_from_filename(service
->config
.directory_path
, fname_
);
996 if (write_str_to_file_if_not_equal(fname
, addr_buf
)) {
997 log_warn(LD_REND
, "Could not write onion address to hostname file %s",
1003 if (service
->config
.dir_group_readable
) {
1005 if (chmod(fname
, S_IRUSR
| S_IWUSR
| S_IRGRP
) < 0) {
1006 log_warn(LD_FS
, "Unable to make onion service hostname file %s "
1007 "group-readable.", escaped(fname
));
1010 #endif /* !defined(_WIN32) */
1020 /** Load and/or generate private keys for the given service. On success, the
1021 * hostname file will be written to disk along with the master private key iff
1022 * the service is not configured for offline keys. Return 0 on success else -1
1025 load_service_keys(hs_service_t
*service
)
1029 ed25519_keypair_t
*kp
;
1030 const hs_service_config_t
*config
;
1032 tor_assert(service
);
1034 config
= &service
->config
;
1036 /* Create and fix permission on service directory. We are about to write
1037 * files to that directory so make sure it exists and has the right
1038 * permissions. We do this here because at this stage we know that Tor is
1039 * actually running and the service we have has been validated. */
1040 if (hs_check_service_private_dir(get_options()->User
,
1041 config
->directory_path
,
1042 config
->dir_group_readable
, 1) < 0) {
1046 /* Try to load the keys from file or generate it if not found. */
1047 fname
= hs_path_from_filename(config
->directory_path
, fname_keyfile_prefix
);
1048 /* Don't ask for key creation, we want to know if we were able to load it or
1049 * we had to generate it. Better logging! */
1050 kp
= ed_key_init_from_file(fname
, INIT_ED_KEY_SPLIT
, LOG_INFO
, NULL
, 0, 0,
1053 log_info(LD_REND
, "Unable to load keys from %s. Generating it...", fname
);
1054 /* We'll now try to generate the keys and for it we want the strongest
1055 * randomness for it. The keypair will be written in different files. */
1056 uint32_t key_flags
= INIT_ED_KEY_CREATE
| INIT_ED_KEY_EXTRA_STRONG
|
1058 kp
= ed_key_init_from_file(fname
, key_flags
, LOG_WARN
, NULL
, 0, 0, 0,
1061 log_warn(LD_REND
, "Unable to generate keys and save in %s.", fname
);
1066 /* Copy loaded or generated keys to service object. */
1067 ed25519_pubkey_copy(&service
->keys
.identity_pk
, &kp
->pubkey
);
1068 memcpy(&service
->keys
.identity_sk
, &kp
->seckey
,
1069 sizeof(service
->keys
.identity_sk
));
1070 /* This does a proper memory wipe. */
1071 ed25519_keypair_free(kp
);
1073 /* Build onion address from the newly loaded keys. */
1074 tor_assert(service
->config
.version
<= UINT8_MAX
);
1075 hs_build_address(&service
->keys
.identity_pk
,
1076 (uint8_t) service
->config
.version
,
1077 service
->onion_address
);
1079 /* Write onion address to hostname file. */
1080 if (write_address_to_file(service
, fname_hostname
) < 0) {
1084 /* Load all client authorization keys in the service. */
1085 if (load_client_keys(service
) < 0) {
1096 /** Check if the client file name is valid or not. Return 1 if valid,
1097 * otherwise return 0. */
1099 client_filename_is_valid(const char *filename
)
1102 const char *valid_extension
= ".auth";
1104 tor_assert(filename
);
1106 /* The file extension must match and the total filename length can't be the
1107 * length of the extension else we do not have a filename. */
1108 if (!strcmpend(filename
, valid_extension
) &&
1109 strlen(filename
) != strlen(valid_extension
)) {
1118 /** Parse an authorized client from a string. The format of a client string
1119 * looks like (see rend-spec-v3.txt):
1121 * <auth-type>:<key-type>:<base32-encoded-public-key>
1123 * The <auth-type> can only be "descriptor".
1124 * The <key-type> can only be "x25519".
1126 * Return the key on success, return NULL, otherwise. */
1127 STATIC hs_service_authorized_client_t
*
1128 parse_authorized_client(const char *client_key_str
)
1130 char *auth_type
= NULL
;
1131 char *key_type
= NULL
;
1132 char *pubkey_b32
= NULL
;
1133 hs_service_authorized_client_t
*client
= NULL
;
1134 smartlist_t
*fields
= smartlist_new();
1136 tor_assert(client_key_str
);
1138 smartlist_split_string(fields
, client_key_str
, ":",
1139 SPLIT_SKIP_SPACE
, 0);
1140 /* Wrong number of fields. */
1141 if (smartlist_len(fields
) != 3) {
1142 log_warn(LD_REND
, "Unknown format of client authorization file.");
1146 auth_type
= smartlist_get(fields
, 0);
1147 key_type
= smartlist_get(fields
, 1);
1148 pubkey_b32
= smartlist_get(fields
, 2);
1150 /* Currently, the only supported auth type is "descriptor". */
1151 if (strcmp(auth_type
, "descriptor")) {
1152 log_warn(LD_REND
, "Client authorization auth type '%s' not supported.",
1157 /* Currently, the only supported key type is "x25519". */
1158 if (strcmp(key_type
, "x25519")) {
1159 log_warn(LD_REND
, "Client authorization key type '%s' not supported.",
1164 /* We expect a specific length of the base32 encoded key so make sure we
1165 * have that so we don't successfully decode a value with a different length
1166 * and end up in trouble when copying the decoded key into a fixed length
1168 if (strlen(pubkey_b32
) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN
)) {
1169 log_warn(LD_REND
, "Client authorization encoded base32 public key "
1170 "length is invalid: %s", pubkey_b32
);
1174 client
= tor_malloc_zero(sizeof(hs_service_authorized_client_t
));
1175 if (base32_decode((char *) client
->client_pk
.public_key
,
1176 sizeof(client
->client_pk
.public_key
),
1177 pubkey_b32
, strlen(pubkey_b32
)) !=
1178 sizeof(client
->client_pk
.public_key
)) {
1179 log_warn(LD_REND
, "Client authorization public key cannot be decoded: %s",
1188 service_authorized_client_free(client
);
1190 /* It is also a good idea to wipe the public key. */
1192 memwipe(pubkey_b32
, 0, strlen(pubkey_b32
));
1195 SMARTLIST_FOREACH(fields
, char *, s
, tor_free(s
));
1196 smartlist_free(fields
);
1200 /** Load all the client public keys for the given service. Return 0 on
1201 * success else -1 on failure. */
1203 load_client_keys(hs_service_t
*service
)
1206 char *client_key_str
= NULL
;
1207 char *client_key_file_path
= NULL
;
1208 char *client_keys_dir_path
= NULL
;
1209 hs_service_config_t
*config
;
1210 smartlist_t
*file_list
= NULL
;
1212 tor_assert(service
);
1214 config
= &service
->config
;
1216 /* Before calling this function, we already call load_service_keys to make
1217 * sure that the directory exists with the right permission. So, if we
1218 * cannot create a client pubkey key directory, we consider it as a bug. */
1219 client_keys_dir_path
= hs_path_from_filename(config
->directory_path
,
1220 dname_client_pubkeys
);
1221 if (BUG(hs_check_service_private_dir(get_options()->User
,
1222 client_keys_dir_path
,
1223 config
->dir_group_readable
, 1) < 0)) {
1227 /* If the list of clients already exists, we must clear it first. */
1228 if (config
->clients
) {
1229 SMARTLIST_FOREACH(config
->clients
, hs_service_authorized_client_t
*, p
,
1230 service_authorized_client_free(p
));
1231 smartlist_free(config
->clients
);
1234 config
->clients
= smartlist_new();
1236 file_list
= tor_listdir(client_keys_dir_path
);
1237 if (file_list
== NULL
) {
1238 log_warn(LD_REND
, "Client authorization directory %s can't be listed.",
1239 client_keys_dir_path
);
1243 SMARTLIST_FOREACH_BEGIN(file_list
, const char *, filename
) {
1244 hs_service_authorized_client_t
*client
= NULL
;
1245 log_info(LD_REND
, "Loading a client authorization key file %s...",
1248 if (!client_filename_is_valid(filename
)) {
1249 log_warn(LD_REND
, "Client authorization unrecognized filename %s. "
1250 "File must end in .auth. Ignoring.", filename
);
1254 /* Create a full path for a file. */
1255 client_key_file_path
= hs_path_from_filename(client_keys_dir_path
,
1257 client_key_str
= read_file_to_str(client_key_file_path
, 0, NULL
);
1259 /* If we cannot read the file, continue with the next file. */
1260 if (!client_key_str
) {
1261 log_warn(LD_REND
, "Client authorization file %s can't be read. "
1262 "Corrupted or verify permission? Ignoring.",
1263 client_key_file_path
);
1264 tor_free(client_key_file_path
);
1267 tor_free(client_key_file_path
);
1269 client
= parse_authorized_client(client_key_str
);
1270 /* Wipe and free immediately after using it. */
1271 memwipe(client_key_str
, 0, strlen(client_key_str
));
1272 tor_free(client_key_str
);
1275 smartlist_add(config
->clients
, client
);
1276 log_info(LD_REND
, "Loaded a client authorization key file %s.",
1280 } SMARTLIST_FOREACH_END(filename
);
1282 /* If the number of clients is greater than zero, set the flag to be true. */
1283 if (smartlist_len(config
->clients
) > 0) {
1284 config
->is_client_auth_enabled
= 1;
1290 if (client_key_str
) {
1291 memwipe(client_key_str
, 0, strlen(client_key_str
));
1294 SMARTLIST_FOREACH(file_list
, char *, s
, tor_free(s
));
1295 smartlist_free(file_list
);
1297 tor_free(client_key_str
);
1298 tor_free(client_key_file_path
);
1299 tor_free(client_keys_dir_path
);
1303 /** Release all storage held in <b>client</b>. */
1305 service_authorized_client_free_(hs_service_authorized_client_t
*client
)
1310 memwipe(&client
->client_pk
, 0, sizeof(client
->client_pk
));
1314 /** Free a given service descriptor object and all key material is wiped. */
1316 service_descriptor_free_(hs_service_descriptor_t
*desc
)
1321 hs_descriptor_free(desc
->desc
);
1322 memwipe(&desc
->signing_kp
, 0, sizeof(desc
->signing_kp
));
1323 memwipe(&desc
->blinded_kp
, 0, sizeof(desc
->blinded_kp
));
1324 /* Cleanup all intro points. */
1325 digest256map_free(desc
->intro_points
.map
, service_intro_point_free_void
);
1326 digestmap_free(desc
->intro_points
.failed_id
, tor_free_
);
1327 if (desc
->previous_hsdirs
) {
1328 SMARTLIST_FOREACH(desc
->previous_hsdirs
, char *, s
, tor_free(s
));
1329 smartlist_free(desc
->previous_hsdirs
);
1331 crypto_ope_free(desc
->ope_cipher
);
1335 /** Return a newly allocated service descriptor object. */
1336 STATIC hs_service_descriptor_t
*
1337 service_descriptor_new(void)
1339 hs_service_descriptor_t
*sdesc
= tor_malloc_zero(sizeof(*sdesc
));
1340 sdesc
->desc
= tor_malloc_zero(sizeof(hs_descriptor_t
));
1341 /* Initialize the intro points map. */
1342 sdesc
->intro_points
.map
= digest256map_new();
1343 sdesc
->intro_points
.failed_id
= digestmap_new();
1344 sdesc
->previous_hsdirs
= smartlist_new();
1348 /** Allocate and return a deep copy of client. */
1349 static hs_service_authorized_client_t
*
1350 service_authorized_client_dup(const hs_service_authorized_client_t
*client
)
1352 hs_service_authorized_client_t
*client_dup
= NULL
;
1356 client_dup
= tor_malloc_zero(sizeof(hs_service_authorized_client_t
));
1357 /* Currently, the public key is the only component of
1358 * hs_service_authorized_client_t. */
1359 memcpy(client_dup
->client_pk
.public_key
,
1360 client
->client_pk
.public_key
,
1361 CURVE25519_PUBKEY_LEN
);
1366 /** If two authorized clients are equal, return 0. If the first one should come
1367 * before the second, return less than zero. If the first should come after
1368 * the second, return greater than zero. */
1370 service_authorized_client_cmp(const hs_service_authorized_client_t
*client1
,
1371 const hs_service_authorized_client_t
*client2
)
1373 tor_assert(client1
);
1374 tor_assert(client2
);
1376 /* Currently, the public key is the only component of
1377 * hs_service_authorized_client_t. */
1378 return tor_memcmp(client1
->client_pk
.public_key
,
1379 client2
->client_pk
.public_key
,
1380 CURVE25519_PUBKEY_LEN
);
1383 /** Helper for sorting authorized clients. */
1385 compare_service_authorzized_client_(const void **_a
, const void **_b
)
1387 const hs_service_authorized_client_t
*a
= *_a
, *b
= *_b
;
1388 return service_authorized_client_cmp(a
, b
);
1391 /** If the list of hs_service_authorized_client_t's is different between
1392 * src and dst, return 1. Otherwise, return 0. */
1394 service_authorized_client_config_equal(const hs_service_config_t
*config1
,
1395 const hs_service_config_t
*config2
)
1399 smartlist_t
*sl1
= smartlist_new();
1400 smartlist_t
*sl2
= smartlist_new();
1402 tor_assert(config1
);
1403 tor_assert(config2
);
1404 tor_assert(config1
->clients
);
1405 tor_assert(config2
->clients
);
1407 /* If the number of clients is different, it is obvious that the list
1409 if (smartlist_len(config1
->clients
) != smartlist_len(config2
->clients
)) {
1413 /* We do not want to mutate config1 and config2, so we will duplicate both
1414 * entire client lists here. */
1415 SMARTLIST_FOREACH(config1
->clients
,
1416 hs_service_authorized_client_t
*, client
,
1417 smartlist_add(sl1
, service_authorized_client_dup(client
)));
1419 SMARTLIST_FOREACH(config2
->clients
,
1420 hs_service_authorized_client_t
*, client
,
1421 smartlist_add(sl2
, service_authorized_client_dup(client
)));
1423 smartlist_sort(sl1
, compare_service_authorzized_client_
);
1424 smartlist_sort(sl2
, compare_service_authorzized_client_
);
1426 for (i
= 0; i
< smartlist_len(sl1
); i
++) {
1427 /* If the clients at index i in both lists differ, the whole configs
1429 if (service_authorized_client_cmp(smartlist_get(sl1
, i
),
1430 smartlist_get(sl2
, i
))) {
1440 SMARTLIST_FOREACH(sl1
, hs_service_authorized_client_t
*, p
,
1441 service_authorized_client_free(p
));
1442 smartlist_free(sl1
);
1445 SMARTLIST_FOREACH(sl2
, hs_service_authorized_client_t
*, p
,
1446 service_authorized_client_free(p
));
1447 smartlist_free(sl2
);
1452 /** Move descriptor(s) from the src service to the dst service and modify their
1453 * content if necessary. We do this during SIGHUP when we re-create our
1454 * hidden services. */
1456 move_descriptors(hs_service_t
*src
, hs_service_t
*dst
)
1461 if (src
->desc_current
) {
1462 /* Nothing should be there, but clean it up just in case */
1463 if (BUG(dst
->desc_current
)) {
1464 service_descriptor_free(dst
->desc_current
);
1466 dst
->desc_current
= src
->desc_current
;
1467 src
->desc_current
= NULL
;
1470 if (src
->desc_next
) {
1471 /* Nothing should be there, but clean it up just in case */
1472 if (BUG(dst
->desc_next
)) {
1473 service_descriptor_free(dst
->desc_next
);
1475 dst
->desc_next
= src
->desc_next
;
1476 src
->desc_next
= NULL
;
1479 /* If the client authorization changes, we must rebuild the superencrypted
1480 * section and republish the descriptors. */
1481 int client_auth_changed
=
1482 !service_authorized_client_config_equal(&src
->config
, &dst
->config
);
1483 if (client_auth_changed
&& dst
->desc_current
) {
1484 /* We have to clear the superencrypted content first. */
1485 hs_desc_superencrypted_data_free_contents(
1486 &dst
->desc_current
->desc
->superencrypted_data
);
1487 if (build_service_desc_superencrypted(dst
, dst
->desc_current
) < 0) {
1490 service_desc_schedule_upload(dst
->desc_current
, time(NULL
), 1);
1492 if (client_auth_changed
&& dst
->desc_next
) {
1493 /* We have to clear the superencrypted content first. */
1494 hs_desc_superencrypted_data_free_contents(
1495 &dst
->desc_next
->desc
->superencrypted_data
);
1496 if (build_service_desc_superencrypted(dst
, dst
->desc_next
) < 0) {
1499 service_desc_schedule_upload(dst
->desc_next
, time(NULL
), 1);
1505 /* If there is an error, free all descriptors to make it clean and generate
1507 service_descriptor_free(dst
->desc_current
);
1508 service_descriptor_free(dst
->desc_next
);
1511 /** From the given service, remove all expired failing intro points for each
1514 remove_expired_failing_intro(hs_service_t
*service
, time_t now
)
1516 tor_assert(service
);
1518 /* For both descriptors, cleanup the failing intro points list. */
1519 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
1520 DIGESTMAP_FOREACH_MODIFY(desc
->intro_points
.failed_id
, key
, time_t *, t
) {
1521 time_t failure_time
= *t
;
1522 if ((failure_time
+ INTRO_CIRC_RETRY_PERIOD
) <= now
) {
1523 MAP_DEL_CURRENT(key
);
1526 } DIGESTMAP_FOREACH_END
;
1527 } FOR_EACH_DESCRIPTOR_END
;
1530 /** For the given descriptor desc, put all node_t object found from its failing
1531 * intro point list and put them in the given node_list. */
1533 setup_intro_point_exclude_list(const hs_service_descriptor_t
*desc
,
1534 smartlist_t
*node_list
)
1537 tor_assert(node_list
);
1539 DIGESTMAP_FOREACH(desc
->intro_points
.failed_id
, key
, time_t *, t
) {
1540 (void) t
; /* Make gcc happy. */
1541 const node_t
*node
= node_get_by_id(key
);
1543 smartlist_add(node_list
, (void *) node
);
1545 } DIGESTMAP_FOREACH_END
;
1548 /** For the given failing intro point ip, we add its time of failure to the
1549 * failed map and index it by identity digest (legacy ID) in the descriptor
1550 * desc failed id map. */
1552 remember_failing_intro_point(const hs_service_intro_point_t
*ip
,
1553 hs_service_descriptor_t
*desc
, time_t now
)
1555 time_t *time_of_failure
, *prev_ptr
;
1556 const link_specifier_t
*legacy_ls
;
1561 time_of_failure
= tor_malloc_zero(sizeof(time_t));
1562 *time_of_failure
= now
;
1563 legacy_ls
= get_link_spec_by_type(ip
, LS_LEGACY_ID
);
1564 tor_assert(legacy_ls
);
1565 prev_ptr
= digestmap_set(
1566 desc
->intro_points
.failed_id
,
1567 (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls
),
1572 /** Using a given descriptor signing keypair signing_kp, a service intro point
1573 * object ip and the time now, setup the content of an already allocated
1574 * descriptor intro desc_ip.
1576 * Return 0 on success else a negative value. */
1578 setup_desc_intro_point(const ed25519_keypair_t
*signing_kp
,
1579 const hs_service_intro_point_t
*ip
,
1580 time_t now
, hs_desc_intro_point_t
*desc_ip
)
1583 time_t nearest_hour
= now
- (now
% 3600);
1585 tor_assert(signing_kp
);
1587 tor_assert(desc_ip
);
1589 /* Copy the onion key. */
1590 memcpy(&desc_ip
->onion_key
, &ip
->onion_key
, sizeof(desc_ip
->onion_key
));
1592 /* Key and certificate material. */
1593 desc_ip
->auth_key_cert
= tor_cert_create_ed25519(signing_kp
,
1594 CERT_TYPE_AUTH_HS_IP_KEY
,
1595 &ip
->auth_key_kp
.pubkey
,
1597 HS_DESC_CERT_LIFETIME
,
1598 CERT_FLAG_INCLUDE_SIGNING_KEY
);
1599 if (desc_ip
->auth_key_cert
== NULL
) {
1600 log_warn(LD_REND
, "Unable to create intro point auth-key certificate");
1604 /* Copy link specifier(s). */
1605 SMARTLIST_FOREACH_BEGIN(ip
->base
.link_specifiers
,
1606 const link_specifier_t
*, ls
) {
1610 link_specifier_t
*copy
= link_specifier_dup(ls
);
1614 smartlist_add(desc_ip
->link_specifiers
, copy
);
1615 } SMARTLIST_FOREACH_END(ls
);
1617 /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1618 if (ip
->base
.is_only_legacy
) {
1619 desc_ip
->legacy
.key
= crypto_pk_dup_key(ip
->legacy_key
);
1620 /* Create cross certification cert. */
1621 ssize_t cert_len
= tor_make_rsa_ed25519_crosscert(
1622 &signing_kp
->pubkey
,
1623 desc_ip
->legacy
.key
,
1624 nearest_hour
+ HS_DESC_CERT_LIFETIME
,
1625 &desc_ip
->legacy
.cert
.encoded
);
1627 log_warn(LD_REND
, "Unable to create enc key legacy cross cert.");
1630 desc_ip
->legacy
.cert
.len
= cert_len
;
1633 /* Encryption key and its cross certificate. */
1635 ed25519_public_key_t ed25519_pubkey
;
1637 /* Use the public curve25519 key. */
1638 memcpy(&desc_ip
->enc_key
, &ip
->enc_key_kp
.pubkey
,
1639 sizeof(desc_ip
->enc_key
));
1640 /* The following can't fail. */
1641 ed25519_public_key_from_curve25519_public_key(&ed25519_pubkey
,
1642 &ip
->enc_key_kp
.pubkey
,
1644 desc_ip
->enc_key_cert
= tor_cert_create_ed25519(signing_kp
,
1645 CERT_TYPE_CROSS_HS_IP_KEYS
,
1646 &ed25519_pubkey
, nearest_hour
,
1647 HS_DESC_CERT_LIFETIME
,
1648 CERT_FLAG_INCLUDE_SIGNING_KEY
);
1649 if (desc_ip
->enc_key_cert
== NULL
) {
1650 log_warn(LD_REND
, "Unable to create enc key curve25519 cross cert.");
1661 /** Using the given descriptor from the given service, build the descriptor
1662 * intro point list so we can then encode the descriptor for publication. This
1663 * function does not pick intro points, they have to be in the descriptor
1664 * current map. Cryptographic material (keys) must be initialized in the
1665 * descriptor for this function to make sense. */
1667 build_desc_intro_points(const hs_service_t
*service
,
1668 hs_service_descriptor_t
*desc
, time_t now
)
1670 hs_desc_encrypted_data_t
*encrypted
;
1672 tor_assert(service
);
1675 /* Ease our life. */
1676 encrypted
= &desc
->desc
->encrypted_data
;
1677 /* Cleanup intro points, we are about to set them from scratch. */
1678 hs_descriptor_clear_intro_points(desc
->desc
);
1680 DIGEST256MAP_FOREACH(desc
->intro_points
.map
, key
,
1681 const hs_service_intro_point_t
*, ip
) {
1682 if (!hs_circ_service_get_established_intro_circ(ip
)) {
1683 /* Ignore un-established intro points. They can linger in that list
1684 * because their circuit has not opened and they haven't been removed
1685 * yet even though we have enough intro circuits.
1687 * Due to #31561, it can stay in that list until rotation so this check
1688 * prevents to publish an intro point without a circuit. */
1691 hs_desc_intro_point_t
*desc_ip
= hs_desc_intro_point_new();
1692 if (setup_desc_intro_point(&desc
->signing_kp
, ip
, now
, desc_ip
) < 0) {
1693 hs_desc_intro_point_free(desc_ip
);
1696 /* We have a valid descriptor intro point. Add it to the list. */
1697 smartlist_add(encrypted
->intro_points
, desc_ip
);
1698 } DIGEST256MAP_FOREACH_END
;
1701 /** Build the descriptor signing key certificate. */
1703 build_desc_signing_key_cert(hs_service_descriptor_t
*desc
, time_t now
)
1705 hs_desc_plaintext_data_t
*plaintext
;
1708 tor_assert(desc
->desc
);
1710 /* Ease our life a bit. */
1711 plaintext
= &desc
->desc
->plaintext_data
;
1713 /* Get rid of what we have right now. */
1714 tor_cert_free(plaintext
->signing_key_cert
);
1716 /* Fresh certificate for the signing key. */
1717 plaintext
->signing_key_cert
=
1718 tor_cert_create_ed25519(&desc
->blinded_kp
, CERT_TYPE_SIGNING_HS_DESC
,
1719 &desc
->signing_kp
.pubkey
, now
, HS_DESC_CERT_LIFETIME
,
1720 CERT_FLAG_INCLUDE_SIGNING_KEY
);
1721 /* If the cert creation fails, the descriptor encoding will fail and thus
1722 * ultimately won't be uploaded. We'll get a stack trace to help us learn
1723 * where the call came from and the tor_cert_create_ed25519() will log the
1725 tor_assert_nonfatal(plaintext
->signing_key_cert
);
1728 /** Populate the descriptor encrypted section from the given service object.
1729 * This will generate a valid list of introduction points that can be used
1730 * after for circuit creation. Return 0 on success else -1 on error. */
1732 build_service_desc_encrypted(const hs_service_t
*service
,
1733 hs_service_descriptor_t
*desc
)
1735 hs_desc_encrypted_data_t
*encrypted
;
1737 tor_assert(service
);
1740 encrypted
= &desc
->desc
->encrypted_data
;
1742 encrypted
->create2_ntor
= 1;
1743 encrypted
->single_onion_service
= service
->config
.is_single_onion
;
1745 /* Setup introduction points from what we have in the service. */
1746 if (encrypted
->intro_points
== NULL
) {
1747 encrypted
->intro_points
= smartlist_new();
1749 /* We do NOT build introduction point yet, we only do that once the circuit
1750 * have been opened. Until we have the right number of introduction points,
1751 * we do not encode anything in the descriptor. */
1753 /* XXX: Support client authorization (#20700). */
1754 encrypted
->intro_auth_types
= NULL
;
1758 /** Populate the descriptor superencrypted section from the given service
1759 * object. This will generate a valid list of hs_desc_authorized_client_t
1760 * of clients that are authorized to use the service. Return 0 on success
1761 * else -1 on error. */
1763 build_service_desc_superencrypted(const hs_service_t
*service
,
1764 hs_service_descriptor_t
*desc
)
1766 const hs_service_config_t
*config
;
1768 hs_desc_superencrypted_data_t
*superencrypted
;
1770 tor_assert(service
);
1773 superencrypted
= &desc
->desc
->superencrypted_data
;
1774 config
= &service
->config
;
1776 /* The ephemeral key pair is already generated, so this should not give
1778 if (BUG(!curve25519_public_key_is_ok(&desc
->auth_ephemeral_kp
.pubkey
))) {
1781 memcpy(&superencrypted
->auth_ephemeral_pubkey
,
1782 &desc
->auth_ephemeral_kp
.pubkey
,
1783 sizeof(curve25519_public_key_t
));
1785 /* Test that subcred is not zero because we might use it below */
1786 if (BUG(fast_mem_is_zero((char*)desc
->desc
->subcredential
.subcred
,
1791 /* Create a smartlist to store clients */
1792 superencrypted
->clients
= smartlist_new();
1794 /* We do not need to build the desc authorized client if the client
1795 * authorization is disabled */
1796 if (config
->is_client_auth_enabled
) {
1797 SMARTLIST_FOREACH_BEGIN(config
->clients
,
1798 hs_service_authorized_client_t
*, client
) {
1799 hs_desc_authorized_client_t
*desc_client
;
1800 desc_client
= tor_malloc_zero(sizeof(hs_desc_authorized_client_t
));
1802 /* Prepare the client for descriptor and then add to the list in the
1803 * superencrypted part of the descriptor */
1804 hs_desc_build_authorized_client(&desc
->desc
->subcredential
,
1806 &desc
->auth_ephemeral_kp
.seckey
,
1807 desc
->descriptor_cookie
, desc_client
);
1808 smartlist_add(superencrypted
->clients
, desc_client
);
1810 } SMARTLIST_FOREACH_END(client
);
1813 /* We cannot let the number of auth-clients to be zero, so we need to
1814 * make it be 16. If it is already a multiple of 16, we do not need to
1815 * do anything. Otherwise, add the additional ones to make it a
1816 * multiple of 16. */
1817 int num_clients
= smartlist_len(superencrypted
->clients
);
1818 int num_clients_to_add
;
1819 if (num_clients
== 0) {
1820 num_clients_to_add
= HS_DESC_AUTH_CLIENT_MULTIPLE
;
1821 } else if (num_clients
% HS_DESC_AUTH_CLIENT_MULTIPLE
== 0) {
1822 num_clients_to_add
= 0;
1824 num_clients_to_add
=
1825 HS_DESC_AUTH_CLIENT_MULTIPLE
1826 - (num_clients
% HS_DESC_AUTH_CLIENT_MULTIPLE
);
1829 for (i
= 0; i
< num_clients_to_add
; i
++) {
1830 hs_desc_authorized_client_t
*desc_client
=
1831 hs_desc_build_fake_authorized_client();
1832 smartlist_add(superencrypted
->clients
, desc_client
);
1835 /* Shuffle the list to prevent the client know the position in the
1837 smartlist_shuffle(superencrypted
->clients
);
1842 /** Populate the descriptor plaintext section from the given service object.
1843 * The caller must make sure that the keys in the descriptors are valid that
1844 * is are non-zero. This can't fail. */
1846 build_service_desc_plaintext(const hs_service_t
*service
,
1847 hs_service_descriptor_t
*desc
)
1849 hs_desc_plaintext_data_t
*plaintext
;
1851 tor_assert(service
);
1853 tor_assert(!fast_mem_is_zero((char *) &desc
->blinded_kp
,
1854 sizeof(desc
->blinded_kp
)));
1855 tor_assert(!fast_mem_is_zero((char *) &desc
->signing_kp
,
1856 sizeof(desc
->signing_kp
)));
1858 /* Set the subcredential. */
1859 hs_get_subcredential(&service
->keys
.identity_pk
, &desc
->blinded_kp
.pubkey
,
1860 &desc
->desc
->subcredential
);
1862 plaintext
= &desc
->desc
->plaintext_data
;
1864 plaintext
->version
= service
->config
.version
;
1865 plaintext
->lifetime_sec
= HS_DESC_DEFAULT_LIFETIME
;
1866 /* Copy public key material to go in the descriptor. */
1867 ed25519_pubkey_copy(&plaintext
->signing_pubkey
, &desc
->signing_kp
.pubkey
);
1868 ed25519_pubkey_copy(&plaintext
->blinded_pubkey
, &desc
->blinded_kp
.pubkey
);
1870 /* Create the signing key certificate. This will be updated before each
1871 * upload but we create it here so we don't complexify our unit tests. */
1872 build_desc_signing_key_cert(desc
, approx_time());
1875 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1876 static crypto_ope_t
*
1877 generate_ope_cipher_for_desc(const hs_service_descriptor_t
*hs_desc
)
1879 /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1880 uint8_t key
[DIGEST256_LEN
];
1881 crypto_digest_t
*digest
= crypto_digest256_new(DIGEST_SHA3_256
);
1882 const char ope_key_prefix
[] = "rev-counter-generation";
1883 const ed25519_secret_key_t
*eph_privkey
= &hs_desc
->blinded_kp
.seckey
;
1884 crypto_digest_add_bytes(digest
, ope_key_prefix
, sizeof(ope_key_prefix
));
1885 crypto_digest_add_bytes(digest
, (char*)eph_privkey
->seckey
,
1886 sizeof(eph_privkey
->seckey
));
1887 crypto_digest_get_digest(digest
, (char *)key
, sizeof(key
));
1888 crypto_digest_free(digest
);
1890 return crypto_ope_new(key
);
1893 /** For the given service and descriptor object, create the key material which
1894 * is the blinded keypair, the descriptor signing keypair, the ephemeral
1895 * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1896 * where the generated keys MUST be ignored. */
1898 build_service_desc_keys(const hs_service_t
*service
,
1899 hs_service_descriptor_t
*desc
)
1902 ed25519_keypair_t kp
;
1905 tor_assert(!fast_mem_is_zero((char *) &service
->keys
.identity_pk
,
1906 ED25519_PUBKEY_LEN
));
1908 /* XXX: Support offline key feature (#18098). */
1910 /* Copy the identity keys to the keypair so we can use it to create the
1912 memcpy(&kp
.pubkey
, &service
->keys
.identity_pk
, sizeof(kp
.pubkey
));
1913 memcpy(&kp
.seckey
, &service
->keys
.identity_sk
, sizeof(kp
.seckey
));
1914 /* Build blinded keypair for this time period. */
1915 hs_build_blinded_keypair(&kp
, NULL
, 0, desc
->time_period_num
,
1917 /* Let's not keep too much traces of our keys in memory. */
1918 memwipe(&kp
, 0, sizeof(kp
));
1920 /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1921 log_info(LD_GENERAL
,
1922 "Getting OPE for TP#%u", (unsigned) desc
->time_period_num
);
1923 tor_assert_nonfatal(!desc
->ope_cipher
);
1924 desc
->ope_cipher
= generate_ope_cipher_for_desc(desc
);
1926 /* No need for extra strong, this is a temporary key only for this
1927 * descriptor. Nothing long term. */
1928 if (ed25519_keypair_generate(&desc
->signing_kp
, 0) < 0) {
1929 log_warn(LD_REND
, "Can't generate descriptor signing keypair for "
1931 safe_str_client(service
->onion_address
));
1935 /* No need for extra strong, this is a temporary key only for this
1936 * descriptor. Nothing long term. */
1937 if (curve25519_keypair_generate(&desc
->auth_ephemeral_kp
, 0) < 0) {
1938 log_warn(LD_REND
, "Can't generate auth ephemeral keypair for "
1940 safe_str_client(service
->onion_address
));
1944 /* Random descriptor cookie to be used as a part of a key to encrypt the
1945 * descriptor, only if the client auth is enabled will it be used. */
1946 crypto_strongest_rand(desc
->descriptor_cookie
,
1947 sizeof(desc
->descriptor_cookie
));
1955 /** Given a service and the current time, build a descriptor for the service.
1956 * This function does not pick introduction point, this needs to be done by
1957 * the update function. On success, desc_out will point to the newly allocated
1958 * descriptor object.
1960 * This can error if we are unable to create keys or certificate. */
1962 build_service_descriptor(hs_service_t
*service
, uint64_t time_period_num
,
1963 hs_service_descriptor_t
**desc_out
)
1966 hs_service_descriptor_t
*desc
;
1968 tor_assert(service
);
1969 tor_assert(desc_out
);
1971 desc
= service_descriptor_new();
1973 /* Set current time period */
1974 desc
->time_period_num
= time_period_num
;
1976 /* Create the needed keys so we can setup the descriptor content. */
1977 if (build_service_desc_keys(service
, desc
) < 0) {
1980 /* Setup plaintext descriptor content. */
1981 build_service_desc_plaintext(service
, desc
);
1983 /* Setup superencrypted descriptor content. */
1984 if (build_service_desc_superencrypted(service
, desc
) < 0) {
1987 /* Setup encrypted descriptor content. */
1988 if (build_service_desc_encrypted(service
, desc
) < 0) {
1992 /* Let's make sure that we've created a descriptor that can actually be
1993 * encoded properly. This function also checks if the encoded output is
1994 * decodable after. */
1995 if (BUG(service_encode_descriptor(service
, desc
, &desc
->signing_kp
,
1996 &encoded_desc
) < 0)) {
1999 tor_free(encoded_desc
);
2001 /* Assign newly built descriptor to the next slot. */
2004 /* Fire a CREATED control port event. */
2005 hs_control_desc_event_created(service
->onion_address
,
2006 &desc
->blinded_kp
.pubkey
);
2008 /* If we are an onionbalance instance, we refresh our keys when we rotate
2010 hs_ob_refresh_keys(service
);
2015 service_descriptor_free(desc
);
2018 /** Build both descriptors for the given service that has just booted up.
2019 * Because it's a special case, it deserves its special function ;). */
2021 build_descriptors_for_new_service(hs_service_t
*service
, time_t now
)
2023 uint64_t current_desc_tp
, next_desc_tp
;
2025 tor_assert(service
);
2026 /* These are the conditions for a new service. */
2027 tor_assert(!service
->desc_current
);
2028 tor_assert(!service
->desc_next
);
2031 * +------------------------------------------------------------------+
2033 * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2034 * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2036 * | $==========|-----------$===========|-----------$===========| |
2039 * +------------------------------------------------------------------+
2041 * Case A: The service boots up before a new time period, the current time
2042 * period is thus TP#1 and the next is TP#2 which for both we have access to
2045 * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2046 * next descriptor because we don't have the SRV#3 so the current should be
2047 * TP#1 and next TP#2.
2050 if (hs_in_period_between_tp_and_srv(NULL
, now
)) {
2051 /* Case B from the above, inside of the new time period. */
2052 current_desc_tp
= hs_get_previous_time_period_num(0); /* TP#1 */
2053 next_desc_tp
= hs_get_time_period_num(0); /* TP#2 */
2055 /* Case A from the above, outside of the new time period. */
2056 current_desc_tp
= hs_get_time_period_num(0); /* TP#1 */
2057 next_desc_tp
= hs_get_next_time_period_num(0); /* TP#2 */
2060 /* Build descriptors. */
2061 build_service_descriptor(service
, current_desc_tp
, &service
->desc_current
);
2062 build_service_descriptor(service
, next_desc_tp
, &service
->desc_next
);
2063 log_info(LD_REND
, "Hidden service %s has just started. Both descriptors "
2064 "built. Now scheduled for upload.",
2065 safe_str_client(service
->onion_address
));
2068 /** Build descriptors for each service if needed. There are conditions to build
2069 * a descriptor which are details in the function. */
2071 build_all_descriptors(time_t now
)
2073 FOR_EACH_SERVICE_BEGIN(service
) {
2075 /* A service booting up will have both descriptors to NULL. No other cases
2076 * makes both descriptor non existent. */
2077 if (service
->desc_current
== NULL
&& service
->desc_next
== NULL
) {
2078 build_descriptors_for_new_service(service
, now
);
2082 /* Reaching this point means we are pass bootup so at runtime. We should
2083 * *never* have an empty current descriptor. If the next descriptor is
2084 * empty, we'll try to build it for the next time period. This only
2085 * happens when we rotate meaning that we are guaranteed to have a new SRV
2086 * at that point for the next time period. */
2087 if (BUG(service
->desc_current
== NULL
)) {
2091 if (service
->desc_next
== NULL
) {
2092 build_service_descriptor(service
, hs_get_next_time_period_num(0),
2093 &service
->desc_next
);
2094 log_info(LD_REND
, "Hidden service %s next descriptor successfully "
2095 "built. Now scheduled for upload.",
2096 safe_str_client(service
->onion_address
));
2098 } FOR_EACH_DESCRIPTOR_END
;
2101 /** Randomly pick a node to become an introduction point but not present in the
2102 * given exclude_nodes list. The chosen node is put in the exclude list
2103 * regardless of success or not because in case of failure, the node is simply
2104 * unsusable from that point on.
2106 * If direct_conn is set, try to pick a node that our local firewall/policy
2107 * allows us to connect to directly. If we can't find any, return NULL.
2108 * This function supports selecting dual-stack nodes for direct single onion
2109 * service IPv6 connections. But it does not send IPv6 addresses in link
2110 * specifiers. (Current clients don't use IPv6 addresses to extend, and
2111 * direct client connections to intro points are not supported.)
2113 * Return a newly allocated service intro point ready to be used for encoding.
2114 * Return NULL on error. */
2115 static hs_service_intro_point_t
*
2116 pick_intro_point(unsigned int direct_conn
, smartlist_t
*exclude_nodes
)
2118 const or_options_t
*options
= get_options();
2120 hs_service_intro_point_t
*ip
= NULL
;
2121 /* Normal 3-hop introduction point flags. */
2122 router_crn_flags_t flags
= CRN_NEED_UPTIME
| CRN_NEED_DESC
;
2123 /* Single onion flags. */
2124 router_crn_flags_t direct_flags
= flags
| CRN_PREF_ADDR
| CRN_DIRECT_CONN
;
2126 node
= router_choose_random_node(exclude_nodes
, options
->ExcludeNodes
,
2127 direct_conn
? direct_flags
: flags
);
2129 /* If we are in single onion mode, retry node selection for a 3-hop
2131 if (direct_conn
&& !node
) {
2133 "Unable to find an intro point that we can connect to "
2134 "directly, falling back to a 3-hop path.");
2135 node
= router_choose_random_node(exclude_nodes
, options
->ExcludeNodes
,
2143 /* We have a suitable node, add it to the exclude list. We do this *before*
2144 * we can validate the extend information because even in case of failure,
2145 * we don't want to use that node anymore. */
2146 smartlist_add(exclude_nodes
, (void *) node
);
2148 /* Create our objects and populate them with the node information. */
2149 ip
= service_intro_point_new(node
);
2155 log_info(LD_REND
, "Picked intro point: %s", node_describe(node
));
2158 service_intro_point_free(ip
);
2162 /** For a given descriptor from the given service, pick any needed intro points
2163 * and update the current map with those newly picked intro points. Return the
2164 * number node that might have been added to the descriptor current map. */
2166 pick_needed_intro_points(hs_service_t
*service
,
2167 hs_service_descriptor_t
*desc
)
2169 int i
= 0, num_needed_ip
;
2170 smartlist_t
*exclude_nodes
= smartlist_new();
2172 tor_assert(service
);
2175 /* Compute how many intro points we actually need to open. */
2176 num_needed_ip
= service
->config
.num_intro_points
-
2177 digest256map_size(desc
->intro_points
.map
);
2178 if (BUG(num_needed_ip
< 0)) {
2179 /* Let's not make tor freak out here and just skip this. */
2183 /* We want to end up with config.num_intro_points intro points, but if we
2184 * have no intro points at all (chances are they all cycled or we are
2185 * starting up), we launch get_intro_point_num_extra() extra circuits and
2186 * use the first config.num_intro_points that complete. See proposal #155,
2187 * section 4 for the rationale of this which is purely for performance.
2189 * The ones after the first config.num_intro_points will be converted to
2190 * 'General' internal circuits and then we'll drop them from the list of
2192 if (digest256map_size(desc
->intro_points
.map
) == 0) {
2193 num_needed_ip
+= get_intro_point_num_extra();
2196 /* Build an exclude list of nodes of our intro point(s). The expiring intro
2197 * points are OK to pick again because this is afterall a concept of round
2198 * robin so they are considered valid nodes to pick again. */
2199 DIGEST256MAP_FOREACH(desc
->intro_points
.map
, key
,
2200 hs_service_intro_point_t
*, ip
) {
2201 const node_t
*intro_node
= get_node_from_intro_point(ip
);
2203 smartlist_add(exclude_nodes
, (void*)intro_node
);
2205 } DIGEST256MAP_FOREACH_END
;
2206 /* Also, add the failing intro points that our descriptor encounteered in
2207 * the exclude node list. */
2208 setup_intro_point_exclude_list(desc
, exclude_nodes
);
2210 for (i
= 0; i
< num_needed_ip
; i
++) {
2211 hs_service_intro_point_t
*ip
;
2213 /* This function will add the picked intro point node to the exclude nodes
2214 * list so we don't pick the same one at the next iteration. */
2215 ip
= pick_intro_point(service
->config
.is_single_onion
, exclude_nodes
);
2217 /* If we end up unable to pick an introduction point it is because we
2218 * can't find suitable node and calling this again is highly unlikely to
2219 * give us a valid node all of the sudden. */
2220 log_info(LD_REND
, "Unable to find a suitable node to be an "
2221 "introduction point for service %s.",
2222 safe_str_client(service
->onion_address
));
2225 /* Valid intro point object, add it to the descriptor current map. */
2226 service_intro_point_add(desc
->intro_points
.map
, ip
);
2228 /* We've successfully picked all our needed intro points thus none are
2229 * missing which will tell our upload process to expect the number of
2230 * circuits to be the number of configured intro points circuits and not the
2231 * number of intro points object that we have. */
2232 desc
->missing_intro_points
= 0;
2236 /* We don't have ownership of the node_t object in this list. */
2237 smartlist_free(exclude_nodes
);
2241 /** Clear previous cached HSDirs in <b>desc</b>. */
2243 service_desc_clear_previous_hsdirs(hs_service_descriptor_t
*desc
)
2245 if (BUG(!desc
->previous_hsdirs
)) {
2249 SMARTLIST_FOREACH(desc
->previous_hsdirs
, char*, s
, tor_free(s
));
2250 smartlist_clear(desc
->previous_hsdirs
);
2253 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2255 service_desc_note_upload(hs_service_descriptor_t
*desc
, const node_t
*hsdir
)
2257 char b64_digest
[BASE64_DIGEST_LEN
+1] = {0};
2258 digest_to_base64(b64_digest
, hsdir
->identity
);
2260 if (BUG(!desc
->previous_hsdirs
)) {
2264 if (!smartlist_contains_string(desc
->previous_hsdirs
, b64_digest
)) {
2265 smartlist_add_strdup(desc
->previous_hsdirs
, b64_digest
);
2269 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2270 * means that this descriptor is dirty. */
2272 service_desc_schedule_upload(hs_service_descriptor_t
*desc
,
2274 int descriptor_changed
)
2277 desc
->next_upload_time
= now
;
2279 /* If the descriptor changed, clean up the old HSDirs list. We want to
2280 * re-upload no matter what. */
2281 if (descriptor_changed
) {
2282 service_desc_clear_previous_hsdirs(desc
);
2286 /** Pick missing intro points for this descriptor if needed. */
2288 update_service_descriptor_intro_points(hs_service_t
*service
,
2289 hs_service_descriptor_t
*desc
, time_t now
)
2291 unsigned int num_intro_points
;
2293 tor_assert(service
);
2295 tor_assert(desc
->desc
);
2297 num_intro_points
= digest256map_size(desc
->intro_points
.map
);
2299 /* Pick any missing introduction point(s). */
2300 if (num_intro_points
< service
->config
.num_intro_points
) {
2301 unsigned int num_new_intro_points
= pick_needed_intro_points(service
,
2303 if (num_new_intro_points
!= 0) {
2304 log_info(LD_REND
, "Service %s just picked %u intro points and wanted "
2305 "%u for %s descriptor. It currently has %d intro "
2306 "points. Launching ESTABLISH_INTRO circuit shortly.",
2307 safe_str_client(service
->onion_address
),
2308 num_new_intro_points
,
2309 service
->config
.num_intro_points
- num_intro_points
,
2310 (desc
== service
->desc_current
) ? "current" : "next",
2312 /* We'll build those introduction point into the descriptor once we have
2313 * confirmation that the circuits are opened and ready. However,
2314 * indicate that this descriptor should be uploaded from now on. */
2315 service_desc_schedule_upload(desc
, now
, 1);
2317 /* Were we able to pick all the intro points we needed? If not, we'll
2318 * flag the descriptor that it's missing intro points because it
2319 * couldn't pick enough which will trigger a descriptor upload. */
2320 if ((num_new_intro_points
+ num_intro_points
) <
2321 service
->config
.num_intro_points
) {
2322 desc
->missing_intro_points
= 1;
2327 /** Update descriptor intro points for each service if needed. We do this as
2328 * part of the periodic event because we need to establish intro point circuits
2329 * before we publish descriptors. */
2331 update_all_descriptors_intro_points(time_t now
)
2333 FOR_EACH_SERVICE_BEGIN(service
) {
2334 /* We'll try to update each descriptor that is if certain conditions apply
2335 * in order for the descriptor to be updated. */
2336 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
2337 update_service_descriptor_intro_points(service
, desc
, now
);
2338 } FOR_EACH_DESCRIPTOR_END
;
2339 } FOR_EACH_SERVICE_END
;
2342 /** Return true iff the given intro point has expired that is it has been used
2343 * for too long or we've reached our max seen INTRODUCE2 cell. */
2345 intro_point_should_expire(const hs_service_intro_point_t
*ip
,
2350 if (ip
->introduce2_count
>= ip
->introduce2_max
) {
2354 if (ip
->time_to_expire
<= now
) {
2364 /** Return true iff we should remove the intro point ip from its service.
2366 * We remove an intro point from the service descriptor list if one of
2367 * these criteria is met:
2368 * - It has expired (either in INTRO2 count or in time).
2369 * - No node was found (fell off the consensus).
2370 * - We are over the maximum amount of retries.
2372 * If an established or pending circuit is found for the given ip object, this
2373 * return false indicating it should not be removed. */
2375 should_remove_intro_point(hs_service_intro_point_t
*ip
, time_t now
)
2381 /* Any one of the following needs to be True to furfill the criteria to
2382 * remove an intro point. */
2383 bool has_no_retries
= (ip
->circuit_retries
>
2384 MAX_INTRO_POINT_CIRCUIT_RETRIES
);
2385 bool has_no_node
= (get_node_from_intro_point(ip
) == NULL
);
2386 bool has_expired
= intro_point_should_expire(ip
, now
);
2388 /* If the node fell off the consensus or the IP has expired, we have to
2390 if (has_no_node
|| has_expired
) {
2395 /* Pass this point, even though we might be over the retry limit, we check
2396 * if a circuit (established or pending) exists. In that case, we should not
2397 * remove it because it might simply be valid and opened at the previous
2398 * scheduled event for the last retry. */
2400 /* Do we simply have an existing circuit regardless of its state? */
2401 if (hs_circ_service_get_intro_circ(ip
)) {
2405 /* Getting here means we have _no_ circuits so then return if we have any
2406 * remaining retries. */
2407 ret
= has_no_retries
;
2410 /* Meaningful log in case we are about to remove the IP. */
2412 log_info(LD_REND
, "Intro point %s%s (retried: %u times). "
2414 describe_intro_point(ip
),
2415 has_expired
? " has expired" :
2416 (has_no_node
) ? " fell off the consensus" : "",
2417 ip
->circuit_retries
);
2422 /** Go over the given set of intro points for each service and remove any
2425 * If an intro point is removed, the circuit (if any) is immediately close.
2426 * If a circuit can't be found, the intro point is kept if it hasn't reached
2427 * its maximum circuit retry value and thus should be retried. */
2429 cleanup_intro_points(hs_service_t
*service
, time_t now
)
2431 /* List of intro points to close. We can't mark the intro circuits for close
2432 * in the modify loop because doing so calls back into the HS subsystem and
2433 * we need to keep that code path outside of the service/desc loop so those
2434 * maps don't get modified during the close making us in a possible
2435 * use-after-free situation. */
2436 smartlist_t
*ips_to_free
= smartlist_new();
2438 tor_assert(service
);
2440 /* For both descriptors, cleanup the intro points. */
2441 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
2442 /* Go over the current intro points we have, make sure they are still
2443 * valid and remove any of them that aren't. */
2444 DIGEST256MAP_FOREACH_MODIFY(desc
->intro_points
.map
, key
,
2445 hs_service_intro_point_t
*, ip
) {
2446 if (should_remove_intro_point(ip
, now
)) {
2447 /* We've retried too many times, remember it as a failed intro point
2448 * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2449 if (ip
->circuit_retries
> MAX_INTRO_POINT_CIRCUIT_RETRIES
) {
2450 remember_failing_intro_point(ip
, desc
, approx_time());
2453 /* Remove intro point from descriptor map and add it to the list of
2454 * ips to free for which we'll also try to close the intro circuit. */
2455 MAP_DEL_CURRENT(key
);
2456 smartlist_add(ips_to_free
, ip
);
2458 } DIGEST256MAP_FOREACH_END
;
2459 } FOR_EACH_DESCRIPTOR_END
;
2461 /* Go over the intro points to free and close their circuit if any. */
2462 SMARTLIST_FOREACH_BEGIN(ips_to_free
, hs_service_intro_point_t
*, ip
) {
2463 /* See if we need to close the intro point circuit as well */
2465 /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2466 * open until a new descriptor is uploaded and then closed all expiring
2467 * intro point circuit. Here, we close immediately and because we just
2468 * discarded the intro point, a new one will be selected, a new descriptor
2469 * created and uploaded. There is no difference to an attacker between the
2470 * timing of a new consensus and intro point rotation (possibly?). */
2471 origin_circuit_t
*ocirc
= hs_circ_service_get_intro_circ(ip
);
2472 if (ocirc
&& !TO_CIRCUIT(ocirc
)->marked_for_close
) {
2473 circuit_mark_for_close(TO_CIRCUIT(ocirc
), END_CIRC_REASON_FINISHED
);
2476 /* Cleanup the intro point */
2477 service_intro_point_free(ip
);
2478 } SMARTLIST_FOREACH_END(ip
);
2480 smartlist_free(ips_to_free
);
2483 /** Set the next rotation time of the descriptors for the given service for the
2486 set_rotation_time(hs_service_t
*service
)
2488 tor_assert(service
);
2490 service
->state
.next_rotation_time
=
2491 sr_state_get_start_time_of_current_protocol_run() +
2492 sr_state_get_protocol_run_duration();
2495 char fmt_time
[ISO_TIME_LEN
+ 1];
2496 format_local_iso_time(fmt_time
, service
->state
.next_rotation_time
);
2497 log_info(LD_REND
, "Next descriptor rotation time set to %s for %s",
2498 fmt_time
, safe_str_client(service
->onion_address
));
2502 /** Return true iff the service should rotate its descriptor. The time now is
2503 * only used to fetch the live consensus and if none can be found, this
2506 should_rotate_descriptors(hs_service_t
*service
, time_t now
)
2508 const networkstatus_t
*ns
;
2510 tor_assert(service
);
2512 ns
= networkstatus_get_live_consensus(now
);
2517 if (ns
->valid_after
>= service
->state
.next_rotation_time
) {
2518 /* In theory, we should never get here with no descriptors. We can never
2519 * have a NULL current descriptor except when tor starts up. The next
2520 * descriptor can be NULL after a rotation but we build a new one right
2523 * So, when tor starts, the next rotation time is set to the start of the
2524 * next SRV period using the consensus valid after time so it should
2525 * always be set to a future time value. This means that we should never
2526 * reach this point at bootup that is this check safeguards tor in never
2527 * allowing a rotation if the valid after time is smaller than the next
2530 * This is all good in theory but we've had a NULL descriptor issue here
2531 * so this is why we BUG() on both with extra logging to try to understand
2532 * how this can possibly happens. We'll simply ignore and tor should
2533 * recover from this by skipping rotation and building the missing
2534 * descriptors just after this. */
2535 if (BUG(service
->desc_current
== NULL
|| service
->desc_next
== NULL
)) {
2536 log_warn(LD_BUG
, "Service descriptor is NULL (%p/%p). Next rotation "
2537 "time is %ld (now: %ld). Valid after time from "
2539 service
->desc_current
, service
->desc_next
,
2540 (long)service
->state
.next_rotation_time
,
2542 (long)ns
->valid_after
);
2554 /** Rotate the service descriptors of the given service. The current descriptor
2555 * will be freed, the next one put in as the current and finally the next
2556 * descriptor pointer is NULLified. */
2558 rotate_service_descriptors(hs_service_t
*service
)
2560 if (service
->desc_current
) {
2561 /* Close all IP circuits for the descriptor. */
2562 close_intro_circuits(&service
->desc_current
->intro_points
);
2563 /* We don't need this one anymore, we won't serve any clients coming with
2564 * this service descriptor. */
2565 service_descriptor_free(service
->desc_current
);
2567 /* The next one become the current one and emptying the next will trigger
2568 * a descriptor creation for it. */
2569 service
->desc_current
= service
->desc_next
;
2570 service
->desc_next
= NULL
;
2572 /* We've just rotated, set the next time for the rotation. */
2573 set_rotation_time(service
);
2576 /** Rotate descriptors for each service if needed. A non existing current
2577 * descriptor will trigger a descriptor build for the next time period. */
2579 rotate_all_descriptors(time_t now
)
2581 /* XXX We rotate all our service descriptors at once. In the future it might
2582 * be wise, to rotate service descriptors independently to hide that all
2583 * those descriptors are on the same tor instance */
2585 FOR_EACH_SERVICE_BEGIN(service
) {
2587 /* Note for a service booting up: Both descriptors are NULL in that case
2588 * so this function might return true if we are in the timeframe for a
2589 * rotation leading to basically swapping two NULL pointers which is
2590 * harmless. However, the side effect is that triggering a rotation will
2591 * update the service state and avoid doing anymore rotations after the
2592 * two descriptors have been built. */
2593 if (!should_rotate_descriptors(service
, now
)) {
2597 log_info(LD_REND
, "Time to rotate our descriptors (%p / %p) for %s",
2598 service
->desc_current
, service
->desc_next
,
2599 safe_str_client(service
->onion_address
));
2601 rotate_service_descriptors(service
);
2602 } FOR_EACH_SERVICE_END
;
2605 /** Scheduled event run from the main loop. Make sure all our services are up
2606 * to date and ready for the other scheduled events. This includes looking at
2607 * the introduction points status and descriptor rotation time. */
2609 run_housekeeping_event(time_t now
)
2611 /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2612 * simply moving things around or removing unneeded elements. */
2614 FOR_EACH_SERVICE_BEGIN(service
) {
2616 /* If the service is starting off, set the rotation time. We can't do that
2617 * at configure time because the get_options() needs to be set for setting
2618 * that time that uses the voting interval. */
2619 if (service
->state
.next_rotation_time
== 0) {
2620 /* Set the next rotation time of the descriptors. If it's Oct 25th
2621 * 23:47:00, the next rotation time is when the next SRV is computed
2622 * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2623 set_rotation_time(service
);
2626 /* Cleanup invalid intro points from the service descriptor. */
2627 cleanup_intro_points(service
, now
);
2629 /* Remove expired failing intro point from the descriptor failed list. We
2630 * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2631 remove_expired_failing_intro(service
, now
);
2633 /* At this point, the service is now ready to go through the scheduled
2634 * events guaranteeing a valid state. Intro points might be missing from
2635 * the descriptors after the cleanup but the update/build process will
2636 * make sure we pick those missing ones. */
2637 } FOR_EACH_SERVICE_END
;
2640 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2641 * date. Once this returns, each service descriptor needs to be considered for
2642 * new introduction circuits and then for upload. */
2644 run_build_descriptor_event(time_t now
)
2646 /* For v2 services, this step happens in the upload event. */
2648 /* Run v3+ events. */
2649 /* We start by rotating the descriptors only if needed. */
2650 rotate_all_descriptors(now
);
2652 /* Then, we'll try to build new descriptors that we might need. The
2653 * condition is that the next descriptor is non existing because it has
2654 * been rotated or we just started up. */
2655 build_all_descriptors(now
);
2657 /* Finally, we'll check if we should update the descriptors' intro
2658 * points. Missing introduction points will be picked in this function which
2659 * is useful for newly built descriptors. */
2660 update_all_descriptors_intro_points(now
);
2663 /** For the given service, launch any intro point circuits that could be
2664 * needed. This considers every descriptor of the service. */
2666 launch_intro_point_circuits(hs_service_t
*service
)
2668 tor_assert(service
);
2670 /* For both descriptors, try to launch any missing introduction point
2671 * circuits using the current map. */
2672 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
2673 /* Keep a ref on if we need a direct connection. We use this often. */
2674 bool direct_conn
= service
->config
.is_single_onion
;
2676 DIGEST256MAP_FOREACH_MODIFY(desc
->intro_points
.map
, key
,
2677 hs_service_intro_point_t
*, ip
) {
2680 /* Skip the intro point that already has an existing circuit
2681 * (established or not). */
2682 if (hs_circ_service_get_intro_circ(ip
)) {
2685 ei
= get_extend_info_from_intro_point(ip
, direct_conn
);
2687 /* If we can't connect directly to the intro point, get an extend_info
2688 * for a multi-hop path instead. */
2689 if (ei
== NULL
&& direct_conn
) {
2690 direct_conn
= false;
2691 ei
= get_extend_info_from_intro_point(ip
, 0);
2695 /* This is possible if we can get a node_t but not the extend info out
2696 * of it. In this case, we remove the intro point and a new one will
2697 * be picked at the next main loop callback. */
2698 MAP_DEL_CURRENT(key
);
2699 service_intro_point_free(ip
);
2703 /* Launch a circuit to the intro point. */
2704 ip
->circuit_retries
++;
2705 if (hs_circ_launch_intro_point(service
, ip
, ei
, direct_conn
) < 0) {
2706 log_info(LD_REND
, "Unable to launch intro circuit to node %s "
2708 safe_str_client(extend_info_describe(ei
)),
2709 safe_str_client(service
->onion_address
));
2710 /* Intro point will be retried if possible after this. */
2712 extend_info_free(ei
);
2713 } DIGEST256MAP_FOREACH_END
;
2714 } FOR_EACH_DESCRIPTOR_END
;
2717 /** Don't try to build more than this many circuits before giving up for a
2718 * while. Dynamically calculated based on the configured number of intro
2719 * points for the given service and how many descriptor exists. The default
2720 * use case of 3 introduction points and two descriptors will allow 28
2721 * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2723 get_max_intro_circ_per_period(const hs_service_t
*service
)
2725 unsigned int count
= 0;
2726 unsigned int multiplier
= 0;
2727 unsigned int num_wanted_ip
;
2729 tor_assert(service
);
2730 tor_assert(service
->config
.num_intro_points
<=
2731 HS_CONFIG_V3_MAX_INTRO_POINTS
);
2733 /** For a testing network, allow to do it for the maximum amount so circuit
2734 * creation and rotation and so on can actually be tested without limit. */
2735 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2736 if (get_options()->TestingTorNetwork
) {
2737 return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING
;
2740 num_wanted_ip
= service
->config
.num_intro_points
;
2742 /* The calculation is as follow. We have a number of intro points that we
2743 * want configured as a torrc option (num_intro_points). We then add an
2744 * extra value so we can launch multiple circuits at once and pick the
2745 * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2746 * pick 5 intros and launch 5 circuits. */
2747 count
+= (num_wanted_ip
+ get_intro_point_num_extra());
2749 /* Then we add the number of retries that is possible to do for each intro
2750 * point. If we want 3 intros, we'll allow 3 times the number of possible
2752 count
+= (num_wanted_ip
* MAX_INTRO_POINT_CIRCUIT_RETRIES
);
2754 /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2756 multiplier
+= (service
->desc_current
) ? 1 : 0;
2757 multiplier
+= (service
->desc_next
) ? 1 : 0;
2759 return (count
* multiplier
);
2762 /** For the given service, return 1 if the service is allowed to launch more
2763 * introduction circuits else 0 if the maximum has been reached for the retry
2764 * period of INTRO_CIRC_RETRY_PERIOD. */
2766 can_service_launch_intro_circuit(hs_service_t
*service
, time_t now
)
2768 tor_assert(service
);
2770 /* Consider the intro circuit retry period of the service. */
2771 if (now
> (service
->state
.intro_circ_retry_started_time
+
2772 INTRO_CIRC_RETRY_PERIOD
)) {
2773 service
->state
.intro_circ_retry_started_time
= now
;
2774 service
->state
.num_intro_circ_launched
= 0;
2777 /* Check if we can still launch more circuits in this period. */
2778 if (service
->state
.num_intro_circ_launched
<=
2779 get_max_intro_circ_per_period(service
)) {
2783 /* Rate limit log that we've reached our circuit creation limit. */
2786 time_t elapsed_time
= now
- service
->state
.intro_circ_retry_started_time
;
2787 static ratelim_t rlimit
= RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD
);
2788 if ((msg
= rate_limit_log(&rlimit
, now
))) {
2789 log_info(LD_REND
, "Hidden service %s exceeded its circuit launch limit "
2790 "of %u per %d seconds. It launched %u circuits in "
2791 "the last %ld seconds. Will retry in %ld seconds.",
2792 safe_str_client(service
->onion_address
),
2793 get_max_intro_circ_per_period(service
),
2794 INTRO_CIRC_RETRY_PERIOD
,
2795 service
->state
.num_intro_circ_launched
,
2796 (long int) elapsed_time
,
2797 (long int) (INTRO_CIRC_RETRY_PERIOD
- elapsed_time
));
2808 /** Scheduled event run from the main loop. Make sure we have all the circuits
2809 * we need for each service. */
2811 run_build_circuit_event(time_t now
)
2813 /* Make sure we can actually have enough information or able to build
2814 * internal circuits as required by services. */
2815 if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN
||
2816 !have_completed_a_circuit()) {
2821 if (rend_num_services() > 0) {
2822 rend_consider_services_intro_points(now
);
2825 /* Run v3+ check. */
2826 FOR_EACH_SERVICE_BEGIN(service
) {
2827 /* For introduction circuit, we need to make sure we don't stress too much
2828 * circuit creation so make sure this service is respecting that limit. */
2829 if (can_service_launch_intro_circuit(service
, now
)) {
2830 /* Launch intro point circuits if needed. */
2831 launch_intro_point_circuits(service
);
2832 /* Once the circuits have opened, we'll make sure to update the
2833 * descriptor intro point list and cleanup any extraneous. */
2835 } FOR_EACH_SERVICE_END
;
2838 /** Encode and sign the service descriptor desc and upload it to the given
2839 * hidden service directory. This does nothing if PublishHidServDescriptors
2842 upload_descriptor_to_hsdir(const hs_service_t
*service
,
2843 hs_service_descriptor_t
*desc
, const node_t
*hsdir
)
2845 char *encoded_desc
= NULL
;
2847 tor_assert(service
);
2851 /* Let's avoid doing that if tor is configured to not publish. */
2852 if (!get_options()->PublishHidServDescriptors
) {
2853 log_info(LD_REND
, "Service %s not publishing descriptor. "
2854 "PublishHidServDescriptors is set to 0.",
2855 safe_str_client(service
->onion_address
));
2859 /* First of all, we'll encode the descriptor. This should NEVER fail but
2860 * just in case, let's make sure we have an actual usable descriptor. */
2861 if (BUG(service_encode_descriptor(service
, desc
, &desc
->signing_kp
,
2862 &encoded_desc
) < 0)) {
2866 /* Time to upload the descriptor to the directory. */
2867 hs_service_upload_desc_to_dir(encoded_desc
, service
->config
.version
,
2868 &service
->keys
.identity_pk
,
2869 &desc
->blinded_kp
.pubkey
, hsdir
->rs
);
2871 /* Add this node to previous_hsdirs list */
2872 service_desc_note_upload(desc
, hsdir
);
2874 /* Logging so we know where it was sent. */
2876 int is_next_desc
= (service
->desc_next
== desc
);
2877 const uint8_t *idx
= (is_next_desc
) ? hsdir
->hsdir_index
.store_second
:
2878 hsdir
->hsdir_index
.store_first
;
2879 char *blinded_pubkey_log_str
=
2880 tor_strdup(hex_str((char*)&desc
->blinded_kp
.pubkey
.pubkey
, 32));
2881 /* This log message is used by Chutney as part of its bootstrap
2882 * detection mechanism. Please don't change without first checking
2884 log_info(LD_REND
, "Service %s %s descriptor of revision %" PRIu64
2885 " initiated upload request to %s with index %s (%s)",
2886 safe_str_client(service
->onion_address
),
2887 (is_next_desc
) ? "next" : "current",
2888 desc
->desc
->plaintext_data
.revision_counter
,
2889 safe_str_client(node_describe(hsdir
)),
2890 safe_str_client(hex_str((const char *) idx
, 32)),
2891 safe_str_client(blinded_pubkey_log_str
));
2892 tor_free(blinded_pubkey_log_str
);
2894 /* Fire a UPLOAD control port event. */
2895 hs_control_desc_event_upload(service
->onion_address
, hsdir
->identity
,
2896 &desc
->blinded_kp
.pubkey
, idx
);
2900 tor_free(encoded_desc
);
2904 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2905 * timestamp using an OPE scheme and using the ciphertext as our revision
2908 * If <b>is_current</b> is true, then this is the current HS descriptor,
2909 * otherwise it's the next one. */
2911 set_descriptor_revision_counter(hs_service_descriptor_t
*hs_desc
, time_t now
,
2914 uint64_t rev_counter
= 0;
2916 /* Get current time */
2917 time_t srv_start
= 0;
2919 /* As our revision counter plaintext value, we use the seconds since the
2920 * start of the SR protocol run that is relevant to this descriptor. This is
2921 * guaranteed to be a positive value since we need the SRV to start making a
2922 * descriptor (so that we know where to upload it).
2924 * Depending on whether we are building the current or the next descriptor,
2925 * services use a different SRV value. See [SERVICEUPLOAD] in
2928 * In particular, for the current descriptor (aka first descriptor), Tor
2929 * always uses the previous SRV for uploading the descriptor, and hence we
2930 * should use the start time of the previous protocol run here.
2932 * Whereas for the next descriptor (aka second descriptor), Tor always uses
2933 * the current SRV for uploading the descriptor. and hence we use the start
2934 * time of the current protocol run.
2937 srv_start
= sr_state_get_start_time_of_previous_protocol_run();
2939 srv_start
= sr_state_get_start_time_of_current_protocol_run();
2942 log_info(LD_REND
, "Setting rev counter for TP #%u: "
2943 "SRV started at %d, now %d (%s)",
2944 (unsigned) hs_desc
->time_period_num
, (int)srv_start
,
2945 (int)now
, is_current
? "current" : "next");
2947 tor_assert_nonfatal(now
>= srv_start
);
2949 /* Compute seconds elapsed since the start of the time period. That's the
2950 * number of seconds of how long this blinded key has been active. */
2951 time_t seconds_since_start_of_srv
= now
- srv_start
;
2953 /* Increment by one so that we are definitely sure this is strictly
2954 * positive and not zero. */
2955 seconds_since_start_of_srv
++;
2957 /* Check for too big inputs. */
2958 if (BUG(seconds_since_start_of_srv
> OPE_INPUT_MAX
)) {
2959 seconds_since_start_of_srv
= OPE_INPUT_MAX
;
2962 /* Now we compute the final revision counter value by encrypting the
2963 plaintext using our OPE cipher: */
2964 tor_assert(hs_desc
->ope_cipher
);
2965 rev_counter
= crypto_ope_encrypt(hs_desc
->ope_cipher
,
2966 (int) seconds_since_start_of_srv
);
2968 /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2969 tor_assert_nonfatal(rev_counter
< CRYPTO_OPE_ERROR
);
2971 log_info(LD_REND
, "Encrypted revision counter %d to %" PRIu64
,
2972 (int) seconds_since_start_of_srv
, rev_counter
);
2974 hs_desc
->desc
->plaintext_data
.revision_counter
= rev_counter
;
2977 /** Encode and sign the service descriptor desc and upload it to the
2978 * responsible hidden service directories. If for_next_period is true, the set
2979 * of directories are selected using the next hsdir_index. This does nothing
2980 * if PublishHidServDescriptors is false. */
2982 upload_descriptor_to_all(const hs_service_t
*service
,
2983 hs_service_descriptor_t
*desc
)
2985 smartlist_t
*responsible_dirs
= NULL
;
2987 tor_assert(service
);
2990 /* We'll first cancel any directory request that are ongoing for this
2991 * descriptor. It is possible that we can trigger multiple uploads in a
2992 * short time frame which can lead to a race where the second upload arrives
2993 * before the first one leading to a 400 malformed descriptor response from
2994 * the directory. Closing all pending requests avoids that. */
2995 close_directory_connections(service
, desc
);
2997 /* Get our list of responsible HSDir. */
2998 responsible_dirs
= smartlist_new();
2999 /* The parameter 0 means that we aren't a client so tell the function to use
3000 * the spread store consensus paremeter. */
3001 hs_get_responsible_hsdirs(&desc
->blinded_kp
.pubkey
, desc
->time_period_num
,
3002 service
->desc_next
== desc
, 0, responsible_dirs
);
3004 /** Clear list of previous hsdirs since we are about to upload to a new
3005 * list. Let's keep it up to date. */
3006 service_desc_clear_previous_hsdirs(desc
);
3008 /* For each responsible HSDir we have, initiate an upload command. */
3009 SMARTLIST_FOREACH_BEGIN(responsible_dirs
, const routerstatus_t
*,
3011 const node_t
*hsdir_node
= node_get_by_id(hsdir_rs
->identity_digest
);
3012 /* Getting responsible hsdir implies that the node_t object exists for the
3013 * routerstatus_t found in the consensus else we have a problem. */
3014 tor_assert(hsdir_node
);
3015 /* Upload this descriptor to the chosen directory. */
3016 upload_descriptor_to_hsdir(service
, desc
, hsdir_node
);
3017 } SMARTLIST_FOREACH_END(hsdir_rs
);
3019 /* Set the next upload time for this descriptor. Even if we are configured
3020 * to not upload, we still want to follow the right cycle of life for this
3022 desc
->next_upload_time
=
3023 (time(NULL
) + crypto_rand_int_range(HS_SERVICE_NEXT_UPLOAD_TIME_MIN
,
3024 HS_SERVICE_NEXT_UPLOAD_TIME_MAX
));
3026 char fmt_next_time
[ISO_TIME_LEN
+1];
3027 format_local_iso_time(fmt_next_time
, desc
->next_upload_time
);
3028 log_debug(LD_REND
, "Service %s set to upload a descriptor at %s",
3029 safe_str_client(service
->onion_address
), fmt_next_time
);
3032 smartlist_free(responsible_dirs
);
3036 /** The set of HSDirs have changed: check if the change affects our descriptor
3037 * HSDir placement, and if it does, reupload the desc. */
3039 service_desc_hsdirs_changed(const hs_service_t
*service
,
3040 const hs_service_descriptor_t
*desc
)
3042 int should_reupload
= 0;
3043 smartlist_t
*responsible_dirs
= smartlist_new();
3045 /* No desc upload has happened yet: it will happen eventually */
3046 if (!desc
->previous_hsdirs
|| !smartlist_len(desc
->previous_hsdirs
)) {
3050 /* Get list of responsible hsdirs */
3051 hs_get_responsible_hsdirs(&desc
->blinded_kp
.pubkey
, desc
->time_period_num
,
3052 service
->desc_next
== desc
, 0, responsible_dirs
);
3054 /* Check if any new hsdirs have been added to the responsible hsdirs set:
3055 * Iterate over the list of new hsdirs, and reupload if any of them is not
3056 * present in the list of previous hsdirs.
3058 SMARTLIST_FOREACH_BEGIN(responsible_dirs
, const routerstatus_t
*, hsdir_rs
) {
3059 char b64_digest
[BASE64_DIGEST_LEN
+1] = {0};
3060 digest_to_base64(b64_digest
, hsdir_rs
->identity_digest
);
3062 if (!smartlist_contains_string(desc
->previous_hsdirs
, b64_digest
)) {
3063 should_reupload
= 1;
3066 } SMARTLIST_FOREACH_END(hsdir_rs
);
3069 smartlist_free(responsible_dirs
);
3071 return should_reupload
;
3074 /** These are all the reasons why a descriptor upload can't occur. We use
3075 * those to log the reason properly with the right rate limiting and for the
3076 * right descriptor. */
3078 LOG_DESC_UPLOAD_REASON_MISSING_IPS
= 0,
3079 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED
= 1,
3080 LOG_DESC_UPLOAD_REASON_NOT_TIME
= 2,
3081 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS
= 3,
3082 LOG_DESC_UPLOAD_REASON_NO_DIRINFO
= 4,
3083 } log_desc_upload_reason_t
;
3085 /** Maximum number of reasons. This is used to allocate the static array of
3086 * all rate limiting objects. */
3087 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3089 /** Log the reason why we can't upload the given descriptor for the given
3090 * service. This takes a message string (allocated by the caller) and a
3093 * Depending on the reason and descriptor, different rate limit applies. This
3094 * is done because this function will basically be called every second. Each
3095 * descriptor for each reason uses its own log rate limit object in order to
3096 * avoid message suppression for different reasons and descriptors. */
3098 log_cant_upload_desc(const hs_service_t
*service
,
3099 const hs_service_descriptor_t
*desc
, const char *msg
,
3100 const log_desc_upload_reason_t reason
)
3102 /* Writing the log every minute shouldn't be too annoying for log rate limit
3103 * since this can be emitted every second for each descriptor.
3105 * However, for one specific case, we increase it to 10 minutes because it
3106 * is hit constantly, as an expected behavior, which is the reason
3107 * indicating that it is not the time to upload. */
3108 static ratelim_t limits
[2][LOG_DESC_UPLOAD_REASON_MAX
+ 1] =
3109 { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3110 RATELIM_INIT(60), RATELIM_INIT(60) },
3111 { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3112 RATELIM_INIT(60), RATELIM_INIT(60) },
3114 bool is_next_desc
= false;
3115 unsigned int rlim_pos
= 0;
3116 ratelim_t
*rlim
= NULL
;
3118 tor_assert(service
);
3122 /* Make sure the reason value is valid. It should never happen because we
3123 * control that value in the code flow but will be apparent during
3124 * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3126 if (BUG(reason
> LOG_DESC_UPLOAD_REASON_MAX
)) {
3130 /* Ease our life. Flag that tells us if the descriptor is the next one. */
3131 is_next_desc
= (service
->desc_next
== desc
);
3133 /* Current descriptor is the first element in the ratelimit object array.
3134 * The next descriptor is the second element. */
3135 rlim_pos
= (is_next_desc
? 1 : 0);
3136 /* Get the ratelimit object for the reason _and_ right descriptor. */
3137 rlim
= &limits
[rlim_pos
][reason
];
3139 log_fn_ratelim(rlim
, LOG_INFO
, LD_REND
,
3140 "Service %s can't upload its %s descriptor: %s",
3141 safe_str_client(service
->onion_address
),
3142 (is_next_desc
) ? "next" : "current", msg
);
3145 /** Return 1 if the given descriptor from the given service can be uploaded
3146 * else return 0 if it can not. */
3148 should_service_upload_descriptor(const hs_service_t
*service
,
3149 const hs_service_descriptor_t
*desc
, time_t now
)
3152 unsigned int num_intro_points
, count_ip_established
;
3154 tor_assert(service
);
3157 /* If this descriptors has missing intro points that is that it couldn't get
3158 * them all when it was time to pick them, it means that we should upload
3159 * instead of waiting an arbitrary amount of time breaking the service.
3160 * Else, if we have no missing intro points, we use the value taken from the
3161 * service configuration. */
3162 if (desc
->missing_intro_points
) {
3163 num_intro_points
= digest256map_size(desc
->intro_points
.map
);
3165 num_intro_points
= service
->config
.num_intro_points
;
3168 /* This means we tried to pick intro points but couldn't get any so do not
3169 * upload descriptor in this case. We need at least one for the service to
3171 if (desc
->missing_intro_points
&& num_intro_points
== 0) {
3172 msg
= tor_strdup("Missing intro points");
3173 log_cant_upload_desc(service
, desc
, msg
,
3174 LOG_DESC_UPLOAD_REASON_MISSING_IPS
);
3178 /* Check if all our introduction circuit have been established for all the
3179 * intro points we have selected. */
3180 count_ip_established
= count_desc_circuit_established(desc
);
3181 if (count_ip_established
!= num_intro_points
) {
3182 tor_asprintf(&msg
, "Intro circuits aren't yet all established (%d/%d).",
3183 count_ip_established
, num_intro_points
);
3184 log_cant_upload_desc(service
, desc
, msg
,
3185 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED
);
3189 /* Is it the right time to upload? */
3190 if (desc
->next_upload_time
> now
) {
3191 tor_asprintf(&msg
, "Next upload time is %ld, it is now %ld.",
3192 (long int) desc
->next_upload_time
, (long int) now
);
3193 log_cant_upload_desc(service
, desc
, msg
,
3194 LOG_DESC_UPLOAD_REASON_NOT_TIME
);
3198 /* Don't upload desc if we don't have a live consensus */
3199 if (!networkstatus_get_live_consensus(now
)) {
3200 msg
= tor_strdup("No live consensus");
3201 log_cant_upload_desc(service
, desc
, msg
,
3202 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS
);
3206 /* Do we know enough router descriptors to have adequate vision of the HSDir
3208 if (!router_have_minimum_dir_info()) {
3209 msg
= tor_strdup("Not enough directory information");
3210 log_cant_upload_desc(service
, desc
, msg
,
3211 LOG_DESC_UPLOAD_REASON_NO_DIRINFO
);
3223 /** Refresh the given service descriptor meaning this will update every mutable
3224 * field that needs to be updated before we upload.
3226 * This should ONLY be called before uploading a descriptor. It assumes that
3227 * the descriptor has been built (desc->desc) and that all intro point
3228 * circuits have been established. */
3230 refresh_service_descriptor(const hs_service_t
*service
,
3231 hs_service_descriptor_t
*desc
, time_t now
)
3233 /* There are few fields that we consider "mutable" in the descriptor meaning
3234 * we need to update them regurlarly over the lifetime fo the descriptor.
3235 * The rest are set once and should not be modified.
3237 * - Signing key certificate.
3238 * - Revision counter.
3239 * - Introduction points which includes many thing. See
3240 * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3243 /* Create the signing key certificate. */
3244 build_desc_signing_key_cert(desc
, now
);
3246 /* Build the intro points descriptor section. The refresh step is just
3247 * before we upload so all circuits have been properly established. */
3248 build_desc_intro_points(service
, desc
, now
);
3250 /* Set the desc revision counter right before uploading */
3251 set_descriptor_revision_counter(desc
, now
, service
->desc_current
== desc
);
3254 /** Scheduled event run from the main loop. Try to upload the descriptor for
3257 run_upload_descriptor_event(time_t now
)
3259 /* v2 services use the same function for descriptor creation and upload so
3260 * we do everything here because the intro circuits were checked before. */
3261 if (rend_num_services() > 0) {
3262 rend_consider_services_upload(now
);
3263 rend_consider_descriptor_republication();
3266 /* Run v3+ check. */
3267 FOR_EACH_SERVICE_BEGIN(service
) {
3268 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
3269 /* If we were asked to re-examine the hash ring, and it changed, then
3270 schedule an upload */
3271 if (consider_republishing_hs_descriptors
&&
3272 service_desc_hsdirs_changed(service
, desc
)) {
3273 service_desc_schedule_upload(desc
, now
, 0);
3276 /* Can this descriptor be uploaded? */
3277 if (!should_service_upload_descriptor(service
, desc
, now
)) {
3281 log_info(LD_REND
, "Initiating upload for hidden service %s descriptor "
3282 "for service %s with %u/%u introduction points%s.",
3283 (desc
== service
->desc_current
) ? "current" : "next",
3284 safe_str_client(service
->onion_address
),
3285 digest256map_size(desc
->intro_points
.map
),
3286 service
->config
.num_intro_points
,
3287 (desc
->missing_intro_points
) ? " (couldn't pick more)" : "");
3289 /* We are about to upload so we need to do one last step which is to
3290 * update the service's descriptor mutable fields in order to upload a
3291 * coherent descriptor. */
3292 refresh_service_descriptor(service
, desc
, now
);
3294 /* Proceed with the upload, the descriptor is ready to be encoded. */
3295 upload_descriptor_to_all(service
, desc
);
3296 } FOR_EACH_DESCRIPTOR_END
;
3297 } FOR_EACH_SERVICE_END
;
3299 /* We are done considering whether to republish rend descriptors */
3300 consider_republishing_hs_descriptors
= 0;
3303 /** Called when the introduction point circuit is done building and ready to be
3306 service_intro_circ_has_opened(origin_circuit_t
*circ
)
3308 hs_service_t
*service
= NULL
;
3309 hs_service_intro_point_t
*ip
= NULL
;
3310 hs_service_descriptor_t
*desc
= NULL
;
3314 /* Let's do some basic sanity checking of the circ state */
3315 if (BUG(!circ
->cpath
)) {
3318 if (BUG(TO_CIRCUIT(circ
)->purpose
!= CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
)) {
3321 if (BUG(!circ
->hs_ident
)) {
3325 /* Get the corresponding service and intro point. */
3326 get_objects_from_ident(circ
->hs_ident
, &service
, &ip
, &desc
);
3328 if (service
== NULL
) {
3329 log_warn(LD_REND
, "Unknown service identity key %s on the introduction "
3330 "circuit %u. Can't find onion service.",
3331 safe_str_client(ed25519_fmt(&circ
->hs_ident
->identity_pk
)),
3332 TO_CIRCUIT(circ
)->n_circ_id
);
3336 log_warn(LD_REND
, "Unknown introduction point auth key on circuit %u "
3338 TO_CIRCUIT(circ
)->n_circ_id
,
3339 safe_str_client(service
->onion_address
));
3342 /* We can't have an IP object without a descriptor. */
3345 if (hs_circ_service_intro_has_opened(service
, ip
, desc
, circ
)) {
3346 /* Getting here means that the circuit has been re-purposed because we
3347 * have enough intro circuit opened. Remove the IP from the service. */
3348 service_intro_point_remove(service
, ip
);
3349 service_intro_point_free(ip
);
3355 /* Close circuit, we can't use it. */
3356 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_NOSUCHSERVICE
);
3361 /** Called when a rendezvous circuit is done building and ready to be used. */
3363 service_rendezvous_circ_has_opened(origin_circuit_t
*circ
)
3365 hs_service_t
*service
= NULL
;
3368 tor_assert(circ
->cpath
);
3369 /* Getting here means this is a v3 rendezvous circuit. */
3370 tor_assert(circ
->hs_ident
);
3371 tor_assert(TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_CONNECT_REND
);
3373 /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3374 * timestamp regardless of its content because that circuit could have been
3375 * cannibalized so in any cases, we are about to use that circuit more. */
3376 TO_CIRCUIT(circ
)->timestamp_dirty
= time(NULL
);
3377 pathbias_count_use_attempt(circ
);
3379 /* Get the corresponding service and intro point. */
3380 get_objects_from_ident(circ
->hs_ident
, &service
, NULL
, NULL
);
3381 if (service
== NULL
) {
3382 log_warn(LD_REND
, "Unknown service identity key %s on the rendezvous "
3383 "circuit %u with cookie %s. Can't find onion service.",
3384 safe_str_client(ed25519_fmt(&circ
->hs_ident
->identity_pk
)),
3385 TO_CIRCUIT(circ
)->n_circ_id
,
3386 hex_str((const char *) circ
->hs_ident
->rendezvous_cookie
,
3391 /* If the cell can't be sent, the circuit will be closed within this
3393 hs_circ_service_rp_has_opened(service
, circ
);
3397 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_NOSUCHSERVICE
);
3402 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3403 * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3404 * introduction circuit. Return 0 on success else a negative value. */
3406 service_handle_intro_established(origin_circuit_t
*circ
,
3407 const uint8_t *payload
,
3410 hs_service_t
*service
= NULL
;
3411 hs_service_intro_point_t
*ip
= NULL
;
3414 tor_assert(payload
);
3415 tor_assert(TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
);
3417 /* We need the service and intro point for this cell. */
3418 get_objects_from_ident(circ
->hs_ident
, &service
, &ip
, NULL
);
3420 /* Get service object from the circuit identifier. */
3421 if (service
== NULL
) {
3422 log_warn(LD_REND
, "Unknown service identity key %s on the introduction "
3423 "circuit %u. Can't find onion service.",
3424 safe_str_client(ed25519_fmt(&circ
->hs_ident
->identity_pk
)),
3425 TO_CIRCUIT(circ
)->n_circ_id
);
3429 /* We don't recognize the key. */
3430 log_warn(LD_REND
, "Introduction circuit established without an intro "
3431 "point object on circuit %u for service %s",
3432 TO_CIRCUIT(circ
)->n_circ_id
,
3433 safe_str_client(service
->onion_address
));
3437 /* Try to parse the payload into a cell making sure we do actually have a
3438 * valid cell. On success, the ip object and circuit purpose is updated to
3439 * reflect the fact that the introduction circuit is established. */
3440 if (hs_circ_handle_intro_established(service
, ip
, circ
, payload
,
3445 log_info(LD_REND
, "Successfully received an INTRO_ESTABLISHED cell "
3446 "on circuit %u for service %s",
3447 TO_CIRCUIT(circ
)->n_circ_id
,
3448 safe_str_client(service
->onion_address
));
3455 /** We just received an INTRODUCE2 cell on the established introduction circuit
3456 * circ. Handle the cell and return 0 on success else a negative value. */
3458 service_handle_introduce2(origin_circuit_t
*circ
, const uint8_t *payload
,
3461 hs_service_t
*service
= NULL
;
3462 hs_service_intro_point_t
*ip
= NULL
;
3463 hs_service_descriptor_t
*desc
= NULL
;
3466 tor_assert(payload
);
3467 tor_assert(TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_INTRO
);
3469 /* We'll need every object associated with this circuit. */
3470 get_objects_from_ident(circ
->hs_ident
, &service
, &ip
, &desc
);
3472 /* Get service object from the circuit identifier. */
3473 if (service
== NULL
) {
3474 log_warn(LD_BUG
, "Unknown service identity key %s when handling "
3475 "an INTRODUCE2 cell on circuit %u",
3476 safe_str_client(ed25519_fmt(&circ
->hs_ident
->identity_pk
)),
3477 TO_CIRCUIT(circ
)->n_circ_id
);
3481 /* We don't recognize the key. */
3482 log_warn(LD_BUG
, "Unknown introduction auth key when handling "
3483 "an INTRODUCE2 cell on circuit %u for service %s",
3484 TO_CIRCUIT(circ
)->n_circ_id
,
3485 safe_str_client(service
->onion_address
));
3488 /* If we have an IP object, we MUST have a descriptor object. */
3491 /* The following will parse, decode and launch the rendezvous point circuit.
3492 * Both current and legacy cells are handled. */
3493 if (hs_circ_handle_introduce2(service
, circ
, ip
, &desc
->desc
->subcredential
,
3494 payload
, payload_len
) < 0) {
3497 /* Update metrics that a new introduction was successful. */
3498 hs_metrics_new_introduction(service
);
3505 /** Add to list every filename used by service. This is used by the sandbox
3508 service_add_fnames_to_list(const hs_service_t
*service
, smartlist_t
*list
)
3511 char fname
[128] = {0};
3513 tor_assert(service
);
3516 /* Ease our life. */
3517 s_dir
= service
->config
.directory_path
;
3518 /* The hostname file. */
3519 smartlist_add(list
, hs_path_from_filename(s_dir
, fname_hostname
));
3520 /* The key files splitted in two. */
3521 tor_snprintf(fname
, sizeof(fname
), "%s_secret_key", fname_keyfile_prefix
);
3522 smartlist_add(list
, hs_path_from_filename(s_dir
, fname
));
3523 tor_snprintf(fname
, sizeof(fname
), "%s_public_key", fname_keyfile_prefix
);
3524 smartlist_add(list
, hs_path_from_filename(s_dir
, fname
));
3527 /** Return true iff the given service identity key is present on disk. */
3529 service_key_on_disk(const char *directory_path
)
3533 ed25519_keypair_t
*kp
= NULL
;
3535 tor_assert(directory_path
);
3537 /* Build the v3 key path name and then try to load it. */
3538 fname
= hs_path_from_filename(directory_path
, fname_keyfile_prefix
);
3539 kp
= ed_key_init_from_file(fname
, INIT_ED_KEY_SPLIT
,
3540 LOG_DEBUG
, NULL
, 0, 0, 0, NULL
, NULL
);
3545 ed25519_keypair_free(kp
);
3551 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3552 * because we need some preprocessing here */
3554 service_encode_descriptor(const hs_service_t
*service
,
3555 const hs_service_descriptor_t
*desc
,
3556 const ed25519_keypair_t
*signing_kp
,
3560 const uint8_t *descriptor_cookie
= NULL
;
3562 tor_assert(service
);
3564 tor_assert(encoded_out
);
3566 /* If the client authorization is enabled, send the descriptor cookie to
3567 * hs_desc_encode_descriptor. Otherwise, send NULL */
3568 if (service
->config
.is_client_auth_enabled
) {
3569 descriptor_cookie
= desc
->descriptor_cookie
;
3572 ret
= hs_desc_encode_descriptor(desc
->desc
, signing_kp
,
3573 descriptor_cookie
, encoded_out
);
3582 /** This is called everytime the service map (v2 or v3) changes that is if an
3583 * element is added or removed. */
3585 hs_service_map_has_changed(void)
3587 /* If we now have services where previously we had not, we need to enable
3588 * the HS service main loop event. If we changed to having no services, we
3589 * need to disable the event. */
3590 rescan_periodic_events(get_options());
3593 /** Upload an encoded descriptor in encoded_desc of the given version. This
3594 * descriptor is for the service identity_pk and blinded_pk used to setup the
3595 * directory connection identifier. It is uploaded to the directory hsdir_rs
3596 * routerstatus_t object.
3598 * NOTE: This function does NOT check for PublishHidServDescriptors because it
3599 * is only used by the control port command HSPOST outside of this subsystem.
3600 * Inside this code, upload_descriptor_to_hsdir() should be used. */
3602 hs_service_upload_desc_to_dir(const char *encoded_desc
,
3603 const uint8_t version
,
3604 const ed25519_public_key_t
*identity_pk
,
3605 const ed25519_public_key_t
*blinded_pk
,
3606 const routerstatus_t
*hsdir_rs
)
3608 char version_str
[4] = {0};
3609 directory_request_t
*dir_req
;
3610 hs_ident_dir_conn_t ident
;
3612 tor_assert(encoded_desc
);
3613 tor_assert(identity_pk
);
3614 tor_assert(blinded_pk
);
3615 tor_assert(hsdir_rs
);
3617 /* Setup the connection identifier. */
3618 memset(&ident
, 0, sizeof(ident
));
3619 hs_ident_dir_conn_init(identity_pk
, blinded_pk
, &ident
);
3621 /* This is our resource when uploading which is used to construct the URL
3622 * with the version number: "/tor/hs/<version>/publish". */
3623 tor_snprintf(version_str
, sizeof(version_str
), "%u", version
);
3625 /* Build the directory request for this HSDir. */
3626 dir_req
= directory_request_new(DIR_PURPOSE_UPLOAD_HSDESC
);
3627 directory_request_set_routerstatus(dir_req
, hsdir_rs
);
3628 directory_request_set_indirection(dir_req
, DIRIND_ANONYMOUS
);
3629 directory_request_set_resource(dir_req
, version_str
);
3630 directory_request_set_payload(dir_req
, encoded_desc
,
3631 strlen(encoded_desc
));
3632 /* The ident object is copied over the directory connection object once
3633 * the directory request is initiated. */
3634 directory_request_upload_set_hs_ident(dir_req
, &ident
);
3636 /* Initiate the directory request to the hsdir.*/
3637 directory_initiate_request(dir_req
);
3638 directory_request_free(dir_req
);
3641 /** Add the ephemeral service using the secret key sk and ports. Both max
3642 * streams parameter will be set in the newly created service.
3644 * Ownership of sk and ports is passed to this routine. Regardless of
3645 * success/failure, callers should not touch these values after calling this
3646 * routine, and may assume that correct cleanup has been done on failure.
3648 * Return an appropriate hs_service_add_ephemeral_status_t. */
3649 hs_service_add_ephemeral_status_t
3650 hs_service_add_ephemeral(ed25519_secret_key_t
*sk
, smartlist_t
*ports
,
3651 int max_streams_per_rdv_circuit
,
3652 int max_streams_close_circuit
, char **address_out
)
3654 hs_service_add_ephemeral_status_t ret
;
3655 hs_service_t
*service
= NULL
;
3659 tor_assert(address_out
);
3661 service
= hs_service_new(get_options());
3663 /* Setup the service configuration with specifics. A default service is
3664 * HS_VERSION_TWO so explicitly set it. */
3665 service
->config
.version
= HS_VERSION_THREE
;
3666 service
->config
.max_streams_per_rdv_circuit
= max_streams_per_rdv_circuit
;
3667 service
->config
.max_streams_close_circuit
= !!max_streams_close_circuit
;
3668 service
->config
.is_ephemeral
= 1;
3669 smartlist_free(service
->config
.ports
);
3670 service
->config
.ports
= ports
;
3672 /* Handle the keys. */
3673 memcpy(&service
->keys
.identity_sk
, sk
, sizeof(service
->keys
.identity_sk
));
3674 if (ed25519_public_key_generate(&service
->keys
.identity_pk
,
3675 &service
->keys
.identity_sk
) < 0) {
3676 log_warn(LD_CONFIG
, "Unable to generate ed25519 public key"
3678 ret
= RSAE_BADPRIVKEY
;
3682 if (ed25519_validate_pubkey(&service
->keys
.identity_pk
) < 0) {
3683 log_warn(LD_CONFIG
, "Bad ed25519 private key was provided");
3684 ret
= RSAE_BADPRIVKEY
;
3688 /* Make sure we have at least one port. */
3689 if (smartlist_len(service
->config
.ports
) == 0) {
3690 log_warn(LD_CONFIG
, "At least one VIRTPORT/TARGET must be specified "
3692 ret
= RSAE_BADVIRTPORT
;
3696 /* Build the onion address for logging purposes but also the control port
3697 * uses it for the HS_DESC event. */
3698 hs_build_address(&service
->keys
.identity_pk
,
3699 (uint8_t) service
->config
.version
,
3700 service
->onion_address
);
3702 /* The only way the registration can fail is if the service public key
3703 * already exists. */
3704 if (BUG(register_service(hs_service_map
, service
) < 0)) {
3705 log_warn(LD_CONFIG
, "Onion Service private key collides with an "
3706 "existing v3 service.");
3707 ret
= RSAE_ADDREXISTS
;
3711 log_info(LD_CONFIG
, "Added ephemeral v3 onion service: %s",
3712 safe_str_client(service
->onion_address
));
3714 *address_out
= tor_strdup(service
->onion_address
);
3719 hs_service_free(service
);
3722 memwipe(sk
, 0, sizeof(ed25519_secret_key_t
));
3727 /** For the given onion address, delete the ephemeral service. Return 0 on
3728 * success else -1 on error. */
3730 hs_service_del_ephemeral(const char *address
)
3733 ed25519_public_key_t pk
;
3734 hs_service_t
*service
= NULL
;
3736 tor_assert(address
);
3738 if (hs_parse_address(address
, &pk
, NULL
, &version
) < 0) {
3739 log_warn(LD_CONFIG
, "Requested malformed v3 onion address for removal.");
3743 if (version
!= HS_VERSION_THREE
) {
3744 log_warn(LD_CONFIG
, "Requested version of onion address for removal "
3745 "is not supported.");
3749 service
= find_service(hs_service_map
, &pk
);
3750 if (service
== NULL
) {
3751 log_warn(LD_CONFIG
, "Requested non-existent v3 hidden service for "
3756 if (!service
->config
.is_ephemeral
) {
3757 log_warn(LD_CONFIG
, "Requested non-ephemeral v3 hidden service for "
3762 /* Close introduction circuits, remove from map and finally free. Notice
3763 * that the rendezvous circuits aren't closed in order for any existing
3764 * connections to finish. We let the application terminate them. */
3765 close_service_intro_circuits(service
);
3766 remove_service(hs_service_map
, service
);
3767 hs_service_free(service
);
3769 log_info(LD_CONFIG
, "Removed ephemeral v3 hidden service: %s",
3770 safe_str_client(address
));
3777 /** Using the ed25519 public key pk, find a service for that key and return the
3778 * current encoded descriptor as a newly allocated string or NULL if not
3779 * found. This is used by the control port subsystem. */
3781 hs_service_lookup_current_desc(const ed25519_public_key_t
*pk
)
3783 const hs_service_t
*service
;
3787 service
= find_service(hs_service_map
, pk
);
3788 if (service
&& service
->desc_current
) {
3789 char *encoded_desc
= NULL
;
3790 /* No matter what is the result (which should never be a failure), return
3791 * the encoded variable, if success it will contain the right thing else
3792 * it will be NULL. */
3793 service_encode_descriptor(service
,
3794 service
->desc_current
,
3795 &service
->desc_current
->signing_kp
,
3797 return encoded_desc
;
3803 /** Return the number of service we have configured and usable. */
3804 MOCK_IMPL(unsigned int,
3805 hs_service_get_num_services
,(void))
3807 if (hs_service_map
== NULL
) {
3810 return HT_SIZE(hs_service_map
);
3813 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3814 * the hidden service for the circuit circ, and look up the port and address
3815 * based on the connection port. Assign the actual connection address.
3817 * Return 0 on success. Return -1 on failure and the caller should NOT close
3818 * the circuit. Return -2 on failure and the caller MUST close the circuit for
3819 * security reasons. */
3821 hs_service_set_conn_addr_port(const origin_circuit_t
*circ
,
3822 edge_connection_t
*conn
)
3824 hs_service_t
*service
= NULL
;
3828 tor_assert(TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_REND_JOINED
);
3829 tor_assert(circ
->hs_ident
);
3831 get_objects_from_ident(circ
->hs_ident
, &service
, NULL
, NULL
);
3833 if (service
== NULL
) {
3834 log_warn(LD_REND
, "Unable to find any hidden service associated "
3835 "identity key %s on rendezvous circuit %u.",
3836 ed25519_fmt(&circ
->hs_ident
->identity_pk
),
3837 TO_CIRCUIT(circ
)->n_circ_id
);
3838 /* We want the caller to close the circuit because it's not a valid
3839 * service so no danger. Attempting to bruteforce the entire key space by
3840 * opening circuits to learn which service is being hosted here is
3845 /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3846 * this circuit will exceed the limit. */
3847 if (service
->config
.max_streams_per_rdv_circuit
> 0 &&
3848 (circ
->hs_ident
->num_rdv_streams
>=
3849 service
->config
.max_streams_per_rdv_circuit
)) {
3850 #define MAX_STREAM_WARN_INTERVAL 600
3851 static struct ratelim_t stream_ratelim
=
3852 RATELIM_INIT(MAX_STREAM_WARN_INTERVAL
);
3853 log_fn_ratelim(&stream_ratelim
, LOG_WARN
, LD_REND
,
3854 "Maximum streams per circuit limit reached on "
3855 "rendezvous circuit %u for service %s. Circuit has "
3856 "%" PRIu64
" out of %" PRIu64
" streams. %s.",
3857 TO_CIRCUIT(circ
)->n_circ_id
,
3858 service
->onion_address
,
3859 circ
->hs_ident
->num_rdv_streams
,
3860 service
->config
.max_streams_per_rdv_circuit
,
3861 service
->config
.max_streams_close_circuit
?
3862 "Closing circuit" : "Ignoring open stream request");
3863 if (service
->config
.max_streams_close_circuit
) {
3864 /* Service explicitly configured to close immediately. */
3867 /* Exceeding the limit makes tor silently ignore the stream creation
3868 * request and keep the circuit open. */
3872 /* Find a virtual port of that service mathcing the one in the connection if
3873 * successful, set the address in the connection. */
3874 if (hs_set_conn_addr_port(service
->config
.ports
, conn
) < 0) {
3875 log_info(LD_REND
, "No virtual port mapping exists for port %d for "
3876 "hidden service %s.",
3877 TO_CONN(conn
)->port
, service
->onion_address
);
3878 if (service
->config
.allow_unknown_ports
) {
3879 /* Service explicitly allow connection to unknown ports so close right
3880 * away because we do not care about port mapping. */
3883 /* If the service didn't explicitly allow it, we do NOT close the circuit
3884 * here to raise the bar in terms of performance for port mapping. */
3891 /* Indicate the caller that the circuit should be closed. */
3894 /* Indicate the caller to NOT close the circuit. */
3898 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
3900 hs_circuit_id_protocol_t
3901 hs_service_exports_circuit_id(const ed25519_public_key_t
*pk
)
3903 hs_service_t
*service
= find_service(hs_service_map
, pk
);
3905 return HS_CIRCUIT_ID_PROTOCOL_NONE
;
3908 return service
->config
.circuit_id_protocol
;
3911 /** Add to file_list every filename used by a configured hidden service, and to
3912 * dir_list every directory path used by a configured hidden service. This is
3913 * used by the sandbox subsystem to allowlist those. */
3915 hs_service_lists_fnames_for_sandbox(smartlist_t
*file_list
,
3916 smartlist_t
*dir_list
)
3918 tor_assert(file_list
);
3919 tor_assert(dir_list
);
3921 /* Add files and dirs for legacy services. */
3922 rend_services_add_filenames_to_lists(file_list
, dir_list
);
3924 /* Add files and dirs for v3+. */
3925 FOR_EACH_SERVICE_BEGIN(service
) {
3926 /* Skip ephemeral service, they don't touch the disk. */
3927 if (service
->config
.is_ephemeral
) {
3930 service_add_fnames_to_list(service
, file_list
);
3931 smartlist_add_strdup(dir_list
, service
->config
.directory_path
);
3932 smartlist_add_strdup(dir_list
, dname_client_pubkeys
);
3933 } FOR_EACH_DESCRIPTOR_END
;
3936 /** Called when our internal view of the directory has changed. We might have
3937 * received a new batch of descriptors which might affect the shape of the
3938 * HSDir hash ring. Signal that we should reexamine the hash ring and
3939 * re-upload our HS descriptors if needed. */
3941 hs_service_dir_info_changed(void)
3943 if (hs_service_get_num_services() > 0) {
3944 /* New directory information usually goes every consensus so rate limit
3945 * every 30 minutes to not be too conservative. */
3946 static struct ratelim_t dir_info_changed_ratelim
= RATELIM_INIT(30 * 60);
3947 log_fn_ratelim(&dir_info_changed_ratelim
, LOG_INFO
, LD_REND
,
3948 "New dirinfo arrived: consider reuploading descriptor");
3949 consider_republishing_hs_descriptors
= 1;
3953 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
3954 * launch a circuit to the rendezvous point. */
3956 hs_service_receive_introduce2(origin_circuit_t
*circ
, const uint8_t *payload
,
3962 tor_assert(payload
);
3964 /* Do some initial validation and logging before we parse the cell */
3965 if (TO_CIRCUIT(circ
)->purpose
!= CIRCUIT_PURPOSE_S_INTRO
) {
3966 log_warn(LD_PROTOCOL
, "Received an INTRODUCE2 cell on a "
3967 "non introduction circuit of purpose %d",
3968 TO_CIRCUIT(circ
)->purpose
);
3972 if (circ
->hs_ident
) {
3973 ret
= service_handle_introduce2(circ
, payload
, payload_len
);
3974 hs_stats_note_introduce2_cell(1);
3976 ret
= rend_service_receive_introduction(circ
, payload
, payload_len
);
3977 hs_stats_note_introduce2_cell(0);
3984 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
3985 * established introduction point. Return 0 on success else a negative value
3986 * and the circuit is closed. */
3988 hs_service_receive_intro_established(origin_circuit_t
*circ
,
3989 const uint8_t *payload
,
3995 tor_assert(payload
);
3997 if (TO_CIRCUIT(circ
)->purpose
!= CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
) {
3998 log_warn(LD_PROTOCOL
, "Received an INTRO_ESTABLISHED cell on a "
3999 "non introduction circuit of purpose %d",
4000 TO_CIRCUIT(circ
)->purpose
);
4004 /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
4005 * identifier hs_ident. Can't be both. */
4006 if (circ
->hs_ident
) {
4007 ret
= service_handle_intro_established(circ
, payload
, payload_len
);
4009 ret
= rend_service_intro_established(circ
, payload
, payload_len
);
4017 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_TORPROTOCOL
);
4021 /** Called when any kind of hidden service circuit is done building thus
4022 * opened. This is the entry point from the circuit subsystem. */
4024 hs_service_circuit_has_opened(origin_circuit_t
*circ
)
4028 /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
4029 * identifier hs_ident. Can't be both. */
4030 switch (TO_CIRCUIT(circ
)->purpose
) {
4031 case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
:
4032 if (circ
->hs_ident
) {
4033 service_intro_circ_has_opened(circ
);
4035 rend_service_intro_has_opened(circ
);
4038 case CIRCUIT_PURPOSE_S_CONNECT_REND
:
4039 if (circ
->hs_ident
) {
4040 service_rendezvous_circ_has_opened(circ
);
4042 rend_service_rendezvous_has_opened(circ
);
4050 /** Return the service version by looking at the key in the service directory.
4051 * If the key is not found or unrecognized, -1 is returned. Else, the service
4052 * version is returned. */
4054 hs_service_get_version_from_key(const hs_service_t
*service
)
4056 int version
= -1; /* Unknown version. */
4057 const char *directory_path
;
4059 tor_assert(service
);
4061 /* We'll try to load the key for version 3. If not found, we'll try version
4062 * 2 and if not found, we'll send back an unknown version (-1). */
4063 directory_path
= service
->config
.directory_path
;
4065 /* Version 3 check. */
4066 if (service_key_on_disk(directory_path
)) {
4067 version
= HS_VERSION_THREE
;
4070 /* Version 2 check. */
4071 if (rend_service_key_on_disk(directory_path
)) {
4072 version
= HS_VERSION_TWO
;
4080 /** Load and/or generate keys for all onion services including the client
4081 * authorization if any. Return 0 on success, -1 on failure. */
4083 hs_service_load_all_keys(void)
4085 /* Load v2 service keys if we have v2. */
4086 if (rend_num_services() != 0) {
4087 if (rend_service_load_all_keys(NULL
) < 0) {
4092 /* Load or/and generate them for v3+. */
4093 SMARTLIST_FOREACH_BEGIN(hs_service_staging_list
, hs_service_t
*, service
) {
4094 /* Ignore ephemeral service, they already have their keys set. */
4095 if (service
->config
.is_ephemeral
) {
4098 log_info(LD_REND
, "Loading v3 onion service keys from %s",
4099 service_escaped_dir(service
));
4100 if (load_service_keys(service
) < 0) {
4103 } SMARTLIST_FOREACH_END(service
);
4105 /* Final step, the staging list contains service in a quiescent state that
4106 * is ready to be used. Register them to the global map. Once this is over,
4107 * the staging list will be cleaned up. */
4108 register_all_services();
4110 /* All keys have been loaded successfully. */
4116 /** Log the status of introduction points for all version 3 onion services
4117 * at log severity <b>severity</b>.
4120 hs_service_dump_stats(int severity
)
4122 origin_circuit_t
*circ
;
4124 FOR_EACH_SERVICE_BEGIN(hs
) {
4126 tor_log(severity
, LD_GENERAL
, "Service configured in %s:",
4127 service_escaped_dir(hs
));
4128 FOR_EACH_DESCRIPTOR_BEGIN(hs
, desc
) {
4130 DIGEST256MAP_FOREACH(desc
->intro_points
.map
, key
,
4131 hs_service_intro_point_t
*, ip
) {
4132 const node_t
*intro_node
;
4133 const char *nickname
;
4135 intro_node
= get_node_from_intro_point(ip
);
4137 tor_log(severity
, LD_GENERAL
, " Couldn't find intro point, "
4141 nickname
= node_get_nickname(intro_node
);
4146 circ
= hs_circ_service_get_intro_circ(ip
);
4148 tor_log(severity
, LD_GENERAL
, " Intro point at %s: no circuit",
4152 tor_log(severity
, LD_GENERAL
, " Intro point %s: circuit is %s",
4153 nickname
, circuit_state_to_string(circ
->base_
.state
));
4154 } DIGEST256MAP_FOREACH_END
;
4156 } FOR_EACH_DESCRIPTOR_END
;
4157 } FOR_EACH_SERVICE_END
;
4160 /** Put all service object in the given service list. After this, the caller
4161 * looses ownership of every elements in the list and responsible to free the
4164 hs_service_stage_services(const smartlist_t
*service_list
)
4166 tor_assert(service_list
);
4167 /* This list is freed at registration time but this function can be called
4169 if (hs_service_staging_list
== NULL
) {
4170 hs_service_staging_list
= smartlist_new();
4172 /* Add all service object to our staging list. Caller is responsible for
4173 * freeing the service_list. */
4174 smartlist_add_all(hs_service_staging_list
, service_list
);
4177 /** Return a newly allocated list of all the service's metrics store. */
4179 hs_service_get_metrics_stores(void)
4181 smartlist_t
*list
= smartlist_new();
4183 if (hs_service_map
) {
4184 FOR_EACH_SERVICE_BEGIN(service
) {
4185 smartlist_add(list
, service
->metrics
.store
);
4186 } FOR_EACH_SERVICE_END
;
4192 /** Lookup the global service map for the given identitiy public key and
4193 * return the service object if found, NULL if not. */
4195 hs_service_find(const ed25519_public_key_t
*identity_pk
)
4197 tor_assert(identity_pk
);
4199 if (!hs_service_map
) {
4202 return find_service(hs_service_map
, identity_pk
);
4205 /** Allocate and initilize a service object. The service configuration will
4206 * contain the default values. Return the newly allocated object pointer. This
4207 * function can't fail. */
4209 hs_service_new(const or_options_t
*options
)
4211 hs_service_t
*service
= tor_malloc_zero(sizeof(hs_service_t
));
4212 /* Set default configuration value. */
4213 set_service_default_config(&service
->config
, options
);
4214 /* Set the default service version. */
4215 service
->config
.version
= HS_SERVICE_DEFAULT_VERSION
;
4216 /* Allocate the CLIENT_PK replay cache in service state. */
4217 service
->state
.replay_cache_rend_cookie
=
4218 replaycache_new(REND_REPLAY_TIME_INTERVAL
, REND_REPLAY_TIME_INTERVAL
);
4223 /** Free the given <b>service</b> object and all its content. This function
4224 * also takes care of wiping service keys from memory. It is safe to pass a
4227 hs_service_free_(hs_service_t
*service
)
4229 if (service
== NULL
) {
4233 /* Free descriptors. Go over both descriptor with this loop. */
4234 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
4235 service_descriptor_free(desc
);
4236 } FOR_EACH_DESCRIPTOR_END
;
4238 /* Free service configuration. */
4239 service_clear_config(&service
->config
);
4241 /* Free replay cache from state. */
4242 if (service
->state
.replay_cache_rend_cookie
) {
4243 replaycache_free(service
->state
.replay_cache_rend_cookie
);
4246 /* Free onionbalance subcredentials (if any) */
4247 if (service
->state
.ob_subcreds
) {
4248 tor_free(service
->state
.ob_subcreds
);
4251 /* Free metrics object. */
4252 hs_metrics_service_free(service
);
4254 /* Wipe service keys. */
4255 memwipe(&service
->keys
.identity_sk
, 0, sizeof(service
->keys
.identity_sk
));
4260 /** Periodic callback. Entry point from the main loop to the HS service
4261 * subsystem. This is call every second. This is skipped if tor can't build a
4262 * circuit or the network is disabled. */
4264 hs_service_run_scheduled_events(time_t now
)
4266 /* First thing we'll do here is to make sure our services are in a
4267 * quiescent state for the scheduled events. */
4268 run_housekeeping_event(now
);
4270 /* Order matters here. We first make sure the descriptor object for each
4271 * service contains the latest data. Once done, we check if we need to open
4272 * new introduction circuit. Finally, we try to upload the descriptor for
4275 /* Make sure descriptors are up to date. */
4276 run_build_descriptor_event(now
);
4277 /* Make sure services have enough circuits. */
4278 run_build_circuit_event(now
);
4279 /* Upload the descriptors if needed/possible. */
4280 run_upload_descriptor_event(now
);
4283 /** Initialize the service HS subsystem. */
4285 hs_service_init(void)
4287 /* Should never be called twice. */
4288 tor_assert(!hs_service_map
);
4289 tor_assert(!hs_service_staging_list
);
4292 rend_service_init();
4294 hs_service_map
= tor_malloc_zero(sizeof(struct hs_service_ht
));
4295 HT_INIT(hs_service_ht
, hs_service_map
);
4297 hs_service_staging_list
= smartlist_new();
4300 /** Release all global storage of the hidden service subsystem. */
4302 hs_service_free_all(void)
4304 rend_service_free_all();
4306 hs_config_free_all();
4309 #ifdef TOR_UNIT_TESTS
4311 /** Return the global service map size. Only used by unit test. */
4313 get_hs_service_map_size(void)
4315 return HT_SIZE(hs_service_map
);
4318 /** Return the staging list size. Only used by unit test. */
4320 get_hs_service_staging_list_size(void)
4322 return smartlist_len(hs_service_staging_list
);
4325 STATIC hs_service_ht
*
4326 get_hs_service_map(void)
4328 return hs_service_map
;
4331 STATIC hs_service_t
*
4332 get_first_service(void)
4334 hs_service_t
**obj
= HT_START(hs_service_ht
, hs_service_map
);
4341 #endif /* defined(TOR_UNIT_TESTS) */