1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
6 * \brief Implement next generation hidden service functionality
9 #define HS_SERVICE_PRIVATE
11 #include "core/or/or.h"
12 #include "app/config/config.h"
13 #include "app/config/statefile.h"
14 #include "core/mainloop/connection.h"
15 #include "core/mainloop/mainloop.h"
16 #include "core/or/circuitbuild.h"
17 #include "core/or/circuitlist.h"
18 #include "core/or/circuituse.h"
19 #include "core/or/extendinfo.h"
20 #include "core/or/relay.h"
21 #include "feature/client/circpathbias.h"
22 #include "feature/dirclient/dirclient.h"
23 #include "feature/dircommon/directory.h"
24 #include "feature/hs_common/shared_random_client.h"
25 #include "feature/keymgt/loadkey.h"
26 #include "feature/nodelist/describe.h"
27 #include "feature/nodelist/microdesc.h"
28 #include "feature/nodelist/networkstatus.h"
29 #include "feature/nodelist/nickname.h"
30 #include "feature/nodelist/node_select.h"
31 #include "feature/nodelist/nodelist.h"
32 #include "lib/crypt_ops/crypto_ope.h"
33 #include "lib/crypt_ops/crypto_rand.h"
34 #include "lib/crypt_ops/crypto_util.h"
36 #include "feature/hs/hs_circuit.h"
37 #include "feature/hs/hs_common.h"
38 #include "feature/hs/hs_config.h"
39 #include "feature/hs/hs_control.h"
40 #include "feature/hs/hs_descriptor.h"
41 #include "feature/hs/hs_ident.h"
42 #include "feature/hs/hs_intropoint.h"
43 #include "feature/hs/hs_metrics.h"
44 #include "feature/hs/hs_service.h"
45 #include "feature/hs/hs_stats.h"
46 #include "feature/hs/hs_ob.h"
48 #include "feature/dircommon/dir_connection_st.h"
49 #include "core/or/edge_connection_st.h"
50 #include "core/or/extend_info_st.h"
51 #include "feature/nodelist/networkstatus_st.h"
52 #include "feature/nodelist/node_st.h"
53 #include "core/or/origin_circuit_st.h"
54 #include "app/config/or_state_st.h"
55 #include "feature/nodelist/routerstatus_st.h"
57 #include "lib/encoding/confline.h"
58 #include "lib/crypt_ops/crypto_format.h"
61 #include "trunnel/ed25519_cert.h"
62 #include "trunnel/hs/cell_common.h"
63 #include "trunnel/hs/cell_establish_intro.h"
65 #ifdef HAVE_SYS_STAT_H
73 /** Helper macro. Iterate over every service in the global map. The var is the
74 * name of the service pointer. */
75 #define FOR_EACH_SERVICE_BEGIN(var) \
77 hs_service_t **var##_iter, *var; \
78 HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
80 #define FOR_EACH_SERVICE_END } STMT_END ;
82 /** Helper macro. Iterate over both current and previous descriptor of a
83 * service. The var is the name of the descriptor pointer. This macro skips
84 * any descriptor object of the service that is NULL. */
85 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
87 hs_service_descriptor_t *var; \
88 for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
89 ++var ## _loop_idx) { \
90 (var ## _loop_idx == 0) ? (var = service->desc_current) : \
91 (var = service->desc_next); \
92 if (var == NULL) continue;
93 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
94 #endif /* !defined(COCCI) */
96 /* Onion service directory file names. */
97 static const char fname_keyfile_prefix
[] = "hs_ed25519";
98 static const char dname_client_pubkeys
[] = "authorized_clients";
99 static const char fname_hostname
[] = "hostname";
100 static const char address_tld
[] = "onion";
102 /** Staging list of service object. When configuring service, we add them to
103 * this list considered a staging area and they will get added to our global
104 * map once the keys have been loaded. These two steps are separated because
105 * loading keys requires that we are an actual running tor process. */
106 static smartlist_t
*hs_service_staging_list
;
108 /** True if the list of available router descriptors might have changed which
109 * might result in an altered hash ring. Check if the hash ring changed and
110 * reupload if needed */
111 static int consider_republishing_hs_descriptors
= 0;
113 /* Static declaration. */
114 static int load_client_keys(hs_service_t
*service
);
115 static void set_descriptor_revision_counter(hs_service_descriptor_t
*hs_desc
,
116 time_t now
, bool is_current
);
117 static int build_service_desc_superencrypted(const hs_service_t
*service
,
118 hs_service_descriptor_t
*desc
);
119 static void move_descriptors(hs_service_t
*src
, hs_service_t
*dst
);
120 static int service_encode_descriptor(const hs_service_t
*service
,
121 const hs_service_descriptor_t
*desc
,
122 const ed25519_keypair_t
*signing_kp
,
125 /** Helper: Function to compare two objects in the service map. Return 1 if the
126 * two service have the same master public identity key. */
128 hs_service_ht_eq(const hs_service_t
*first
, const hs_service_t
*second
)
132 /* Simple key compare. */
133 return ed25519_pubkey_eq(&first
->keys
.identity_pk
,
134 &second
->keys
.identity_pk
);
137 /** Helper: Function for the service hash table code below. The key used is the
138 * master public identity key which is ultimately the onion address. */
139 static inline unsigned int
140 hs_service_ht_hash(const hs_service_t
*service
)
143 return (unsigned int) siphash24g(service
->keys
.identity_pk
.pubkey
,
144 sizeof(service
->keys
.identity_pk
.pubkey
));
147 /** This is _the_ global hash map of hidden services which indexed the service
148 * contained in it by master public identity key which is roughly the onion
149 * address of the service. */
150 static struct hs_service_ht
*hs_service_map
;
152 /* Register the service hash table. */
153 HT_PROTOTYPE(hs_service_ht
, /* Name of hashtable. */
154 hs_service_t
, /* Object contained in the map. */
155 hs_service_node
, /* The name of the HT_ENTRY member. */
156 hs_service_ht_hash
, /* Hashing function. */
157 hs_service_ht_eq
); /* Compare function for objects. */
159 HT_GENERATE2(hs_service_ht
, hs_service_t
, hs_service_node
,
160 hs_service_ht_hash
, hs_service_ht_eq
,
161 0.6, tor_reallocarray
, tor_free_
);
163 /** Query the given service map with a public key and return a service object
164 * if found else NULL. It is also possible to set a directory path in the
165 * search query. If pk is NULL, then it will be set to zero indicating the
166 * hash table to compare the directory path instead. */
167 STATIC hs_service_t
*
168 find_service(hs_service_ht
*map
, const ed25519_public_key_t
*pk
)
170 hs_service_t dummy_service
;
173 memset(&dummy_service
, 0, sizeof(dummy_service
));
174 ed25519_pubkey_copy(&dummy_service
.keys
.identity_pk
, pk
);
175 return HT_FIND(hs_service_ht
, map
, &dummy_service
);
178 /** Register the given service in the given map. If the service already exists
179 * in the map, -1 is returned. On success, 0 is returned and the service
180 * ownership has been transferred to the global map. */
182 register_service(hs_service_ht
*map
, hs_service_t
*service
)
186 tor_assert(!ed25519_public_key_is_zero(&service
->keys
.identity_pk
));
188 if (find_service(map
, &service
->keys
.identity_pk
)) {
189 /* Existing service with the same key. Do not register it. */
192 /* Taking ownership of the object at this point. */
193 HT_INSERT(hs_service_ht
, map
, service
);
195 /* If we just modified the global map, we notify. */
196 if (map
== hs_service_map
) {
197 hs_service_map_has_changed();
199 /* Setup metrics. This is done here because in order to initialize metrics,
200 * we require tor to have fully initialized a service so the ports of the
201 * service can be looked at for instance. */
202 hs_metrics_service_init(service
);
207 /** Remove a given service from the given map. If service is NULL or the
208 * service key is unset, return gracefully. */
210 remove_service(hs_service_ht
*map
, hs_service_t
*service
)
216 /* Ignore if no service or key is zero. */
217 if (BUG(service
== NULL
) ||
218 BUG(ed25519_public_key_is_zero(&service
->keys
.identity_pk
))) {
222 elm
= HT_REMOVE(hs_service_ht
, map
, service
);
224 tor_assert(elm
== service
);
226 log_warn(LD_BUG
, "Could not find service in the global map "
227 "while removing service %s",
228 escaped(service
->config
.directory_path
));
231 /* If we just modified the global map, we notify. */
232 if (map
== hs_service_map
) {
233 hs_service_map_has_changed();
237 /** Set the default values for a service configuration object <b>c</b>. */
239 set_service_default_config(hs_service_config_t
*c
,
240 const or_options_t
*options
)
244 c
->ports
= smartlist_new();
245 c
->directory_path
= NULL
;
246 c
->max_streams_per_rdv_circuit
= 0;
247 c
->max_streams_close_circuit
= 0;
248 c
->num_intro_points
= NUM_INTRO_POINTS_DEFAULT
;
249 c
->allow_unknown_ports
= 0;
250 c
->is_single_onion
= 0;
251 c
->dir_group_readable
= 0;
253 c
->has_dos_defense_enabled
= HS_CONFIG_V3_DOS_DEFENSE_DEFAULT
;
254 c
->intro_dos_rate_per_sec
= HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT
;
255 c
->intro_dos_burst_per_sec
= HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT
;
258 /** From a service configuration object config, clear everything from it
259 * meaning free allocated pointers and reset the values. */
261 service_clear_config(hs_service_config_t
*config
)
263 if (config
== NULL
) {
266 tor_free(config
->directory_path
);
268 SMARTLIST_FOREACH(config
->ports
, hs_port_config_t
*, p
,
269 hs_port_config_free(p
););
270 smartlist_free(config
->ports
);
272 if (config
->clients
) {
273 SMARTLIST_FOREACH(config
->clients
, hs_service_authorized_client_t
*, p
,
274 service_authorized_client_free(p
));
275 smartlist_free(config
->clients
);
277 if (config
->ob_master_pubkeys
) {
278 SMARTLIST_FOREACH(config
->ob_master_pubkeys
, ed25519_public_key_t
*, k
,
280 smartlist_free(config
->ob_master_pubkeys
);
282 memset(config
, 0, sizeof(*config
));
285 /** Helper function to return a human readable description of the given intro
288 * This function is not thread-safe. Each call to this invalidates the
289 * previous values returned by it. */
291 describe_intro_point(const hs_service_intro_point_t
*ip
)
293 /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
294 * byte hence the plus two. */
295 static char buf
[HEX_DIGEST_LEN
+ 2];
296 const char *legacy_id
= NULL
;
298 SMARTLIST_FOREACH_BEGIN(ip
->base
.link_specifiers
,
299 const link_specifier_t
*, lspec
) {
300 if (link_specifier_get_ls_type(lspec
) == LS_LEGACY_ID
) {
301 legacy_id
= (const char *)
302 link_specifier_getconstarray_un_legacy_id(lspec
);
305 } SMARTLIST_FOREACH_END(lspec
);
307 /* For now, we only print the identity digest but we could improve this with
308 * much more information such as the ed25519 identity has well. */
311 base16_encode(buf
+ 1, HEX_DIGEST_LEN
+ 1, legacy_id
, DIGEST_LEN
);
317 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
318 * rotate intro point (defined by a consensus parameter or the default
321 get_intro_point_min_introduce2(void)
323 /* The [0, 2147483647] range is quite large to accommodate anything we decide
325 return networkstatus_get_param(NULL
, "hs_intro_min_introduce2",
326 INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
,
330 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
331 * rotate intro point (defined by a consensus parameter or the default
334 get_intro_point_max_introduce2(void)
336 /* The [0, 2147483647] range is quite large to accommodate anything we decide
338 return networkstatus_get_param(NULL
, "hs_intro_max_introduce2",
339 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS
,
343 /** Return the minimum lifetime in seconds of an introduction point defined by
344 * a consensus parameter or the default value. */
346 get_intro_point_min_lifetime(void)
348 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
349 if (get_options()->TestingTorNetwork
) {
350 return MIN_INTRO_POINT_LIFETIME_TESTING
;
353 /* The [0, 2147483647] range is quite large to accommodate anything we decide
355 return networkstatus_get_param(NULL
, "hs_intro_min_lifetime",
356 INTRO_POINT_LIFETIME_MIN_SECONDS
,
360 /** Return the maximum lifetime in seconds of an introduction point defined by
361 * a consensus parameter or the default value. */
363 get_intro_point_max_lifetime(void)
365 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
366 if (get_options()->TestingTorNetwork
) {
367 return MAX_INTRO_POINT_LIFETIME_TESTING
;
370 /* The [0, 2147483647] range is quite large to accommodate anything we decide
372 return networkstatus_get_param(NULL
, "hs_intro_max_lifetime",
373 INTRO_POINT_LIFETIME_MAX_SECONDS
,
377 /** Return the number of extra introduction point defined by a consensus
378 * parameter or the default value. */
380 get_intro_point_num_extra(void)
382 /* The [0, 128] range bounds the number of extra introduction point allowed.
383 * Above 128 intro points, it's getting a bit crazy. */
384 return networkstatus_get_param(NULL
, "hs_intro_num_extra",
385 NUM_INTRO_POINTS_EXTRA
, 0, 128);
388 /** Helper: Function that needs to return 1 for the HT for each loop which
389 * frees every service in an hash map. */
391 ht_free_service_(struct hs_service_t
*service
, void *data
)
394 hs_service_free(service
);
395 /* This function MUST return 1 so the given object is then removed from the
396 * service map leading to this free of the object being safe. */
400 /** Free every service that can be found in the global map. Once done, clear
401 * and free the global map. */
403 service_free_all(void)
405 if (hs_service_map
) {
406 /* The free helper function returns 1 so this is safe. */
407 hs_service_ht_HT_FOREACH_FN(hs_service_map
, ht_free_service_
, NULL
);
408 HT_CLEAR(hs_service_ht
, hs_service_map
);
409 tor_free(hs_service_map
);
410 hs_service_map
= NULL
;
413 if (hs_service_staging_list
) {
414 /* Cleanup staging list. */
415 SMARTLIST_FOREACH(hs_service_staging_list
, hs_service_t
*, s
,
417 smartlist_free(hs_service_staging_list
);
418 hs_service_staging_list
= NULL
;
422 /** Free a given service intro point object. */
424 service_intro_point_free_(hs_service_intro_point_t
*ip
)
429 memwipe(&ip
->auth_key_kp
, 0, sizeof(ip
->auth_key_kp
));
430 memwipe(&ip
->enc_key_kp
, 0, sizeof(ip
->enc_key_kp
));
431 crypto_pk_free(ip
->legacy_key
);
432 replaycache_free(ip
->replay_cache
);
433 hs_intropoint_clear(&ip
->base
);
437 /** Helper: free an hs_service_intro_point_t object. This function is used by
438 * digest256map_free() which requires a void * pointer. */
440 service_intro_point_free_void(void *obj
)
442 service_intro_point_free_(obj
);
445 /** Return a newly allocated service intro point and fully initialized from the
446 * given node_t node, if non NULL.
448 * If node is NULL, returns a hs_service_intro_point_t with an empty link
449 * specifier list and no onion key. (This is used for testing.)
450 * On any other error, NULL is returned.
452 * node must be an node_t with an IPv4 address. */
453 STATIC hs_service_intro_point_t
*
454 service_intro_point_new(const node_t
*node
)
456 hs_service_intro_point_t
*ip
;
458 ip
= tor_malloc_zero(sizeof(*ip
));
459 /* We'll create the key material. No need for extra strong, those are short
461 ed25519_keypair_generate(&ip
->auth_key_kp
, 0);
463 { /* Set introduce2 max cells limit */
464 int32_t min_introduce2_cells
= get_intro_point_min_introduce2();
465 int32_t max_introduce2_cells
= get_intro_point_max_introduce2();
466 if (BUG(max_introduce2_cells
< min_introduce2_cells
)) {
469 ip
->introduce2_max
= crypto_rand_int_range(min_introduce2_cells
,
470 max_introduce2_cells
);
472 { /* Set intro point lifetime */
473 int32_t intro_point_min_lifetime
= get_intro_point_min_lifetime();
474 int32_t intro_point_max_lifetime
= get_intro_point_max_lifetime();
475 if (BUG(intro_point_max_lifetime
< intro_point_min_lifetime
)) {
478 ip
->time_to_expire
= approx_time() +
479 crypto_rand_int_range(intro_point_min_lifetime
,intro_point_max_lifetime
);
482 ip
->replay_cache
= replaycache_new(0, 0);
484 /* Initialize the base object. We don't need the certificate object. */
485 ip
->base
.link_specifiers
= node_get_link_specifier_smartlist(node
, 0);
491 /* Generate the encryption key for this intro point. */
492 curve25519_keypair_generate(&ip
->enc_key_kp
, 0);
493 /* Figure out if this chosen node supports v3 or is legacy only.
494 * NULL nodes are used in the unit tests. */
495 if (!node_supports_ed25519_hs_intro(node
)) {
496 ip
->base
.is_only_legacy
= 1;
497 /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
498 ip
->legacy_key
= crypto_pk_new();
499 if (crypto_pk_generate_key(ip
->legacy_key
) < 0) {
502 if (crypto_pk_get_digest(ip
->legacy_key
,
503 (char *) ip
->legacy_key_digest
) < 0) {
508 /* Flag if this intro point supports the INTRO2 dos defenses. */
509 ip
->support_intro2_dos_defense
=
510 node_supports_establish_intro_dos_extension(node
);
512 /* Finally, copy onion key from the node. */
513 memcpy(&ip
->onion_key
, node_get_curve25519_onion_key(node
),
514 sizeof(ip
->onion_key
));
519 service_intro_point_free(ip
);
523 /** Add the given intro point object to the given intro point map. The intro
524 * point MUST have its RSA encryption key set if this is a legacy type or the
525 * authentication key set otherwise. */
527 service_intro_point_add(digest256map_t
*map
, hs_service_intro_point_t
*ip
)
529 hs_service_intro_point_t
*old_ip_entry
;
534 old_ip_entry
= digest256map_set(map
, ip
->auth_key_kp
.pubkey
.pubkey
, ip
);
535 /* Make sure we didn't just try to double-add an intro point */
536 tor_assert_nonfatal(!old_ip_entry
);
539 /** For a given service, remove the intro point from that service's descriptors
540 * (check both current and next descriptor) */
542 service_intro_point_remove(const hs_service_t
*service
,
543 const hs_service_intro_point_t
*ip
)
548 /* Trying all descriptors. */
549 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
550 /* We'll try to remove the descriptor on both descriptors which is not
551 * very expensive to do instead of doing lookup + remove. */
552 digest256map_remove(desc
->intro_points
.map
,
553 ip
->auth_key_kp
.pubkey
.pubkey
);
554 } FOR_EACH_DESCRIPTOR_END
;
557 /** For a given service and authentication key, return the intro point or NULL
558 * if not found. This will check both descriptors in the service. */
559 STATIC hs_service_intro_point_t
*
560 service_intro_point_find(const hs_service_t
*service
,
561 const ed25519_public_key_t
*auth_key
)
563 hs_service_intro_point_t
*ip
= NULL
;
566 tor_assert(auth_key
);
568 /* Trying all descriptors to find the right intro point.
570 * Even if we use the same node as intro point in both descriptors, the node
571 * will have a different intro auth key for each descriptor since we generate
572 * a new one every time we pick an intro point.
574 * After #22893 gets implemented, intro points will be moved to be
575 * per-service instead of per-descriptor so this function will need to
578 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
579 if ((ip
= digest256map_get(desc
->intro_points
.map
,
580 auth_key
->pubkey
)) != NULL
) {
583 } FOR_EACH_DESCRIPTOR_END
;
588 /** For a given service and intro point, return the descriptor for which the
589 * intro point is assigned to. NULL is returned if not found. */
590 STATIC hs_service_descriptor_t
*
591 service_desc_find_by_intro(const hs_service_t
*service
,
592 const hs_service_intro_point_t
*ip
)
594 hs_service_descriptor_t
*descp
= NULL
;
599 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
600 if (digest256map_get(desc
->intro_points
.map
,
601 ip
->auth_key_kp
.pubkey
.pubkey
)) {
605 } FOR_EACH_DESCRIPTOR_END
;
610 /** From a circuit identifier, get all the possible objects associated with the
611 * ident. If not NULL, service, ip or desc are set if the object can be found.
612 * They are untouched if they can't be found.
614 * This is an helper function because we do those lookups often so it's more
615 * convenient to simply call this functions to get all the things at once. */
617 get_objects_from_ident(const hs_ident_circuit_t
*ident
,
618 hs_service_t
**service
, hs_service_intro_point_t
**ip
,
619 hs_service_descriptor_t
**desc
)
625 /* Get service object from the circuit identifier. */
626 s
= find_service(hs_service_map
, &ident
->identity_pk
);
631 /* From the service object, get the intro point object of that circuit. The
632 * following will query both descriptors intro points list. */
634 *ip
= service_intro_point_find(s
, &ident
->intro_auth_pk
);
637 /* Get the descriptor for this introduction point and service. */
638 if (s
&& ip
&& *ip
&& desc
) {
639 *desc
= service_desc_find_by_intro(s
, *ip
);
643 /** From a given intro point, return the first link specifier of type
644 * encountered in the link specifier list. Return NULL if it can't be found.
646 * The caller does NOT have ownership of the object, the intro point does. */
647 static link_specifier_t
*
648 get_link_spec_by_type(const hs_service_intro_point_t
*ip
, uint8_t type
)
650 link_specifier_t
*lnk_spec
= NULL
;
654 SMARTLIST_FOREACH_BEGIN(ip
->base
.link_specifiers
,
655 link_specifier_t
*, ls
) {
656 if (link_specifier_get_ls_type(ls
) == type
) {
660 } SMARTLIST_FOREACH_END(ls
);
666 /** Given a service intro point, return the node_t associated to it. This can
667 * return NULL if the given intro point has no legacy ID or if the node can't
668 * be found in the consensus. */
669 STATIC
const node_t
*
670 get_node_from_intro_point(const hs_service_intro_point_t
*ip
)
672 const link_specifier_t
*ls
;
676 ls
= get_link_spec_by_type(ip
, LS_LEGACY_ID
);
680 /* XXX In the future, we want to only use the ed25519 ID (#22173). */
681 return node_get_by_id(
682 (const char *) link_specifier_getconstarray_un_legacy_id(ls
));
685 /** Given a service intro point, return the extend_info_t for it. This can
686 * return NULL if the node can't be found for the intro point or the extend
687 * info can't be created for the found node. If direct_conn is set, the extend
688 * info is validated on if we can connect directly. */
689 static extend_info_t
*
690 get_extend_info_from_intro_point(const hs_service_intro_point_t
*ip
,
691 unsigned int direct_conn
)
693 extend_info_t
*info
= NULL
;
698 node
= get_node_from_intro_point(ip
);
700 /* This can happen if the relay serving as intro point has been removed
701 * from the consensus. In that case, the intro point will be removed from
702 * the descriptor during the scheduled events. */
706 /* In the case of a direct connection (single onion service), it is possible
707 * our firewall policy won't allow it so this can return a NULL value. */
708 info
= extend_info_from_node(node
, direct_conn
);
714 /** Return the number of introduction points that are established for the
715 * given descriptor. */
716 MOCK_IMPL(STATIC
unsigned int,
717 count_desc_circuit_established
, (const hs_service_descriptor_t
*desc
))
719 unsigned int count
= 0;
723 DIGEST256MAP_FOREACH(desc
->intro_points
.map
, key
,
724 const hs_service_intro_point_t
*, ip
) {
725 count
+= !!hs_circ_service_get_established_intro_circ(ip
);
726 } DIGEST256MAP_FOREACH_END
;
731 /** For a given service and descriptor of that service, close all active
732 * directory connections. */
734 close_directory_connections(const hs_service_t
*service
,
735 const hs_service_descriptor_t
*desc
)
737 unsigned int count
= 0;
738 smartlist_t
*dir_conns
;
743 /* Close pending HS desc upload connections for the blinded key of 'desc'. */
744 dir_conns
= connection_list_by_type_purpose(CONN_TYPE_DIR
,
745 DIR_PURPOSE_UPLOAD_HSDESC
);
746 SMARTLIST_FOREACH_BEGIN(dir_conns
, connection_t
*, conn
) {
747 dir_connection_t
*dir_conn
= TO_DIR_CONN(conn
);
748 if (ed25519_pubkey_eq(&dir_conn
->hs_ident
->identity_pk
,
749 &service
->keys
.identity_pk
) &&
750 ed25519_pubkey_eq(&dir_conn
->hs_ident
->blinded_pk
,
751 &desc
->blinded_kp
.pubkey
)) {
752 connection_mark_for_close(conn
);
756 } SMARTLIST_FOREACH_END(conn
);
758 log_info(LD_REND
, "Closed %u active service directory connections for "
759 "descriptor %s of service %s",
760 count
, safe_str_client(ed25519_fmt(&desc
->blinded_kp
.pubkey
)),
761 safe_str_client(service
->onion_address
));
762 /* We don't have ownership of the objects in this list. */
763 smartlist_free(dir_conns
);
766 /** Close all rendezvous circuits for the given service. */
768 close_service_rp_circuits(hs_service_t
*service
)
770 origin_circuit_t
*ocirc
= NULL
;
774 /* The reason we go over all circuit instead of using the circuitmap API is
775 * because most hidden service circuits are rendezvous circuits so there is
776 * no real improvement at getting all rendezvous circuits from the
777 * circuitmap and then going over them all to find the right ones.
778 * Furthermore, another option would have been to keep a list of RP cookies
779 * for a service but it creates an engineering complexity since we don't
780 * have a "RP circuit closed" event to clean it up properly so we avoid a
781 * memory DoS possibility. */
783 while ((ocirc
= circuit_get_next_service_rp_circ(ocirc
))) {
784 /* Only close circuits that are v3 and for this service. */
785 if (ocirc
->hs_ident
!= NULL
&&
786 ed25519_pubkey_eq(ô
->hs_ident
->identity_pk
,
787 &service
->keys
.identity_pk
)) {
788 /* Reason is FINISHED because service has been removed and thus the
789 * circuit is considered old/unneeded. When freed, it is removed from the
791 circuit_mark_for_close(TO_CIRCUIT(ocirc
), END_CIRC_REASON_FINISHED
);
796 /** Close the circuit(s) for the given map of introduction points. */
798 close_intro_circuits(hs_service_intropoints_t
*intro_points
)
800 tor_assert(intro_points
);
802 DIGEST256MAP_FOREACH(intro_points
->map
, key
,
803 const hs_service_intro_point_t
*, ip
) {
804 origin_circuit_t
*ocirc
= hs_circ_service_get_intro_circ(ip
);
806 /* Reason is FINISHED because service has been removed and thus the
807 * circuit is considered old/unneeded. When freed, the circuit is removed
808 * from the HS circuitmap. */
809 circuit_mark_for_close(TO_CIRCUIT(ocirc
), END_CIRC_REASON_FINISHED
);
811 } DIGEST256MAP_FOREACH_END
;
814 /** Close all introduction circuits for the given service. */
816 close_service_intro_circuits(hs_service_t
*service
)
820 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
821 close_intro_circuits(&desc
->intro_points
);
822 } FOR_EACH_DESCRIPTOR_END
;
825 /** Close any circuits related to the given service. */
827 close_service_circuits(hs_service_t
*service
)
831 /* Only support for version >= 3. */
832 if (BUG(service
->config
.version
< HS_VERSION_THREE
)) {
835 /* Close intro points. */
836 close_service_intro_circuits(service
);
837 /* Close rendezvous points. */
838 close_service_rp_circuits(service
);
841 /** Move every ephemeral services from the src service map to the dst service
842 * map. It is possible that a service can't be register to the dst map which
843 * won't stop the process of moving them all but will trigger a log warn. */
845 move_ephemeral_services(hs_service_ht
*src
, hs_service_ht
*dst
)
847 hs_service_t
**iter
, **next
;
852 /* Iterate over the map to find ephemeral service and move them to the other
853 * map. We loop using this method to have a safe removal process. */
854 for (iter
= HT_START(hs_service_ht
, src
); iter
!= NULL
; iter
= next
) {
855 hs_service_t
*s
= *iter
;
856 if (!s
->config
.is_ephemeral
) {
857 /* Yeah, we are in a very manual loop :). */
858 next
= HT_NEXT(hs_service_ht
, src
, iter
);
861 /* Remove service from map and then register to it to the other map.
862 * Reminder that "*iter" and "s" are the same thing. */
863 next
= HT_NEXT_RMV(hs_service_ht
, src
, iter
);
864 if (register_service(dst
, s
) < 0) {
865 log_warn(LD_BUG
, "Ephemeral service key is already being used. "
871 /** Return a const string of the directory path escaped. If this is an
872 * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
873 * the main thread because escaped() uses a static variable. */
875 service_escaped_dir(const hs_service_t
*s
)
877 return (s
->config
.is_ephemeral
) ? "[EPHEMERAL]" :
878 escaped(s
->config
.directory_path
);
881 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
882 * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
884 move_hs_state(hs_service_t
*src_service
, hs_service_t
*dst_service
)
886 tor_assert(src_service
);
887 tor_assert(dst_service
);
889 hs_service_state_t
*src
= &src_service
->state
;
890 hs_service_state_t
*dst
= &dst_service
->state
;
892 /* Let's do a shallow copy */
893 dst
->intro_circ_retry_started_time
= src
->intro_circ_retry_started_time
;
894 dst
->num_intro_circ_launched
= src
->num_intro_circ_launched
;
895 /* Freeing a NULL replaycache triggers an info LD_BUG. */
896 if (dst
->replay_cache_rend_cookie
!= NULL
) {
897 replaycache_free(dst
->replay_cache_rend_cookie
);
900 dst
->replay_cache_rend_cookie
= src
->replay_cache_rend_cookie
;
901 src
->replay_cache_rend_cookie
= NULL
; /* steal pointer reference */
903 dst
->next_rotation_time
= src
->next_rotation_time
;
905 if (src
->ob_subcreds
) {
906 dst
->ob_subcreds
= src
->ob_subcreds
;
907 dst
->n_ob_subcreds
= src
->n_ob_subcreds
;
909 src
->ob_subcreds
= NULL
; /* steal pointer reference */
913 /** Register services that are in the staging list. Once this function returns,
914 * the global service map will be set with the right content and all non
915 * surviving services will be cleaned up. */
917 register_all_services(void)
919 struct hs_service_ht
*new_service_map
;
921 tor_assert(hs_service_staging_list
);
923 /* Allocate a new map that will replace the current one. */
924 new_service_map
= tor_malloc_zero(sizeof(*new_service_map
));
925 HT_INIT(hs_service_ht
, new_service_map
);
927 /* First step is to transfer all ephemeral services from the current global
928 * map to the new one we are constructing. We do not prune ephemeral
929 * services as the only way to kill them is by deleting it from the control
930 * port or stopping the tor daemon. */
931 move_ephemeral_services(hs_service_map
, new_service_map
);
933 SMARTLIST_FOREACH_BEGIN(hs_service_staging_list
, hs_service_t
*, snew
) {
936 /* Check if that service is already in our global map and if so, we'll
937 * transfer the intro points to it. */
938 s
= find_service(hs_service_map
, &snew
->keys
.identity_pk
);
940 /* Pass ownership of the descriptors from s (the current service) to
941 * snew (the newly configured one). */
942 move_descriptors(s
, snew
);
943 move_hs_state(s
, snew
);
944 /* Remove the service from the global map because after this, we need to
945 * go over the remaining service in that map that aren't surviving the
946 * reload to close their circuits. */
947 remove_service(hs_service_map
, s
);
950 /* Great, this service is now ready to be added to our new map. */
951 if (BUG(register_service(new_service_map
, snew
) < 0)) {
952 /* This should never happen because prior to registration, we validate
953 * every service against the entire set. Not being able to register a
954 * service means we failed to validate correctly. In that case, don't
955 * break tor and ignore the service but tell user. */
956 log_warn(LD_BUG
, "Unable to register service with directory %s",
957 service_escaped_dir(snew
));
958 SMARTLIST_DEL_CURRENT(hs_service_staging_list
, snew
);
959 hs_service_free(snew
);
961 } SMARTLIST_FOREACH_END(snew
);
963 /* Close any circuits associated with the non surviving services. Every
964 * service in the current global map are roaming. */
965 FOR_EACH_SERVICE_BEGIN(service
) {
966 close_service_circuits(service
);
967 } FOR_EACH_SERVICE_END
;
969 /* Time to make the switch. We'll clear the staging list because its content
970 * has now changed ownership to the map. */
971 smartlist_clear(hs_service_staging_list
);
973 hs_service_map
= new_service_map
;
974 /* We've just register services into the new map and now we've replaced the
975 * global map with it so we have to notify that the change happened. When
976 * registering a service, the notify is only triggered if the destination
977 * map is the global map for which in here it was not. */
978 hs_service_map_has_changed();
981 /** Write the onion address of a given service to the given filename fname_ in
982 * the service directory. Return 0 on success else -1 on error. */
984 write_address_to_file(const hs_service_t
*service
, const char *fname_
)
988 char *addr_buf
= NULL
;
993 /* Construct the full address with the onion tld and write the hostname file
995 tor_asprintf(&addr_buf
, "%s.%s\n", service
->onion_address
, address_tld
);
996 /* Notice here that we use the given "fname_". */
997 fname
= hs_path_from_filename(service
->config
.directory_path
, fname_
);
998 if (write_str_to_file_if_not_equal(fname
, addr_buf
)) {
999 log_warn(LD_REND
, "Could not write onion address to hostname file %s",
1005 if (service
->config
.dir_group_readable
) {
1007 if (chmod(fname
, S_IRUSR
| S_IWUSR
| S_IRGRP
) < 0) {
1008 log_warn(LD_FS
, "Unable to make onion service hostname file %s "
1009 "group-readable.", escaped(fname
));
1012 #endif /* !defined(_WIN32) */
1022 /** Load and/or generate private keys for the given service. On success, the
1023 * hostname file will be written to disk along with the master private key iff
1024 * the service is not configured for offline keys. Return 0 on success else -1
1027 load_service_keys(hs_service_t
*service
)
1031 ed25519_keypair_t
*kp
;
1032 const hs_service_config_t
*config
;
1034 tor_assert(service
);
1036 config
= &service
->config
;
1038 /* Create and fix permission on service directory. We are about to write
1039 * files to that directory so make sure it exists and has the right
1040 * permissions. We do this here because at this stage we know that Tor is
1041 * actually running and the service we have has been validated. */
1042 if (hs_check_service_private_dir(get_options()->User
,
1043 config
->directory_path
,
1044 config
->dir_group_readable
, 1) < 0) {
1048 /* Try to load the keys from file or generate it if not found. */
1049 fname
= hs_path_from_filename(config
->directory_path
, fname_keyfile_prefix
);
1050 /* Don't ask for key creation, we want to know if we were able to load it or
1051 * we had to generate it. Better logging! */
1052 kp
= ed_key_init_from_file(fname
, INIT_ED_KEY_SPLIT
, LOG_INFO
, NULL
, 0, 0,
1055 log_info(LD_REND
, "Unable to load keys from %s. Generating it...", fname
);
1056 /* We'll now try to generate the keys and for it we want the strongest
1057 * randomness for it. The keypair will be written in different files. */
1058 uint32_t key_flags
= INIT_ED_KEY_CREATE
| INIT_ED_KEY_EXTRA_STRONG
|
1060 kp
= ed_key_init_from_file(fname
, key_flags
, LOG_WARN
, NULL
, 0, 0, 0,
1063 log_warn(LD_REND
, "Unable to generate keys and save in %s.", fname
);
1068 /* Copy loaded or generated keys to service object. */
1069 ed25519_pubkey_copy(&service
->keys
.identity_pk
, &kp
->pubkey
);
1070 memcpy(&service
->keys
.identity_sk
, &kp
->seckey
,
1071 sizeof(service
->keys
.identity_sk
));
1072 /* This does a proper memory wipe. */
1073 ed25519_keypair_free(kp
);
1075 /* Build onion address from the newly loaded keys. */
1076 tor_assert(service
->config
.version
<= UINT8_MAX
);
1077 hs_build_address(&service
->keys
.identity_pk
,
1078 (uint8_t) service
->config
.version
,
1079 service
->onion_address
);
1081 /* Write onion address to hostname file. */
1082 if (write_address_to_file(service
, fname_hostname
) < 0) {
1086 /* Load all client authorization keys in the service. */
1087 if (load_client_keys(service
) < 0) {
1098 /** Check if the client file name is valid or not. Return 1 if valid,
1099 * otherwise return 0. */
1101 client_filename_is_valid(const char *filename
)
1104 const char *valid_extension
= ".auth";
1106 tor_assert(filename
);
1108 /* The file extension must match and the total filename length can't be the
1109 * length of the extension else we do not have a filename. */
1110 if (!strcmpend(filename
, valid_extension
) &&
1111 strlen(filename
) != strlen(valid_extension
)) {
1120 /** Parse an base32-encoded authorized client from a string.
1122 * Return the key on success, return NULL, otherwise. */
1123 hs_service_authorized_client_t
*
1124 parse_authorized_client_key(const char *key_str
, int severity
)
1126 hs_service_authorized_client_t
*client
= NULL
;
1128 /* We expect a specific length of the base64 encoded key so make sure we
1129 * have that so we don't successfully decode a value with a different length
1130 * and end up in trouble when copying the decoded key into a fixed length
1132 if (strlen(key_str
) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN
)) {
1133 log_fn(severity
, LD_REND
, "Client authorization encoded base32 public key "
1134 "length is invalid: %s", key_str
);
1138 client
= tor_malloc_zero(sizeof(hs_service_authorized_client_t
));
1139 if (base32_decode((char *) client
->client_pk
.public_key
,
1140 sizeof(client
->client_pk
.public_key
),
1141 key_str
, strlen(key_str
)) !=
1142 sizeof(client
->client_pk
.public_key
)) {
1143 log_fn(severity
, LD_REND
, "Client authorization public key cannot be "
1144 "decoded: %s", key_str
);
1151 if (client
!= NULL
) {
1152 service_authorized_client_free(client
);
1157 /** Parse an authorized client from a string. The format of a client string
1158 * looks like (see rend-spec-v3.txt):
1160 * <auth-type>:<key-type>:<base32-encoded-public-key>
1162 * The <auth-type> can only be "descriptor".
1163 * The <key-type> can only be "x25519".
1165 * Return the key on success, return NULL, otherwise. */
1166 STATIC hs_service_authorized_client_t
*
1167 parse_authorized_client(const char *client_key_str
)
1169 char *auth_type
= NULL
;
1170 char *key_type
= NULL
;
1171 char *pubkey_b32
= NULL
;
1172 hs_service_authorized_client_t
*client
= NULL
;
1173 smartlist_t
*fields
= smartlist_new();
1175 tor_assert(client_key_str
);
1177 smartlist_split_string(fields
, client_key_str
, ":",
1178 SPLIT_SKIP_SPACE
, 0);
1179 /* Wrong number of fields. */
1180 if (smartlist_len(fields
) != 3) {
1181 log_warn(LD_REND
, "Unknown format of client authorization file.");
1185 auth_type
= smartlist_get(fields
, 0);
1186 key_type
= smartlist_get(fields
, 1);
1187 pubkey_b32
= smartlist_get(fields
, 2);
1189 /* Currently, the only supported auth type is "descriptor". */
1190 if (strcmp(auth_type
, "descriptor")) {
1191 log_warn(LD_REND
, "Client authorization auth type '%s' not supported.",
1196 /* Currently, the only supported key type is "x25519". */
1197 if (strcmp(key_type
, "x25519")) {
1198 log_warn(LD_REND
, "Client authorization key type '%s' not supported.",
1203 if ((client
= parse_authorized_client_key(pubkey_b32
, LOG_WARN
)) == NULL
) {
1211 service_authorized_client_free(client
);
1213 /* It is also a good idea to wipe the public key. */
1215 memwipe(pubkey_b32
, 0, strlen(pubkey_b32
));
1218 SMARTLIST_FOREACH(fields
, char *, s
, tor_free(s
));
1219 smartlist_free(fields
);
1223 /** Load all the client public keys for the given service. Return 0 on
1224 * success else -1 on failure. */
1226 load_client_keys(hs_service_t
*service
)
1229 char *client_key_str
= NULL
;
1230 char *client_key_file_path
= NULL
;
1231 char *client_keys_dir_path
= NULL
;
1232 hs_service_config_t
*config
;
1233 smartlist_t
*file_list
= NULL
;
1235 tor_assert(service
);
1237 config
= &service
->config
;
1239 /* Before calling this function, we already call load_service_keys to make
1240 * sure that the directory exists with the right permission. So, if we
1241 * cannot create a client pubkey key directory, we consider it as a bug. */
1242 client_keys_dir_path
= hs_path_from_filename(config
->directory_path
,
1243 dname_client_pubkeys
);
1244 if (BUG(hs_check_service_private_dir(get_options()->User
,
1245 client_keys_dir_path
,
1246 config
->dir_group_readable
, 1) < 0)) {
1250 /* If the list of clients already exists, we must clear it first. */
1251 if (config
->clients
) {
1252 SMARTLIST_FOREACH(config
->clients
, hs_service_authorized_client_t
*, p
,
1253 service_authorized_client_free(p
));
1254 smartlist_free(config
->clients
);
1257 config
->clients
= smartlist_new();
1259 file_list
= tor_listdir(client_keys_dir_path
);
1260 if (file_list
== NULL
) {
1261 log_warn(LD_REND
, "Client authorization directory %s can't be listed.",
1262 client_keys_dir_path
);
1266 SMARTLIST_FOREACH_BEGIN(file_list
, const char *, filename
) {
1267 hs_service_authorized_client_t
*client
= NULL
;
1268 log_info(LD_REND
, "Loading a client authorization key file %s...",
1271 if (!client_filename_is_valid(filename
)) {
1272 log_warn(LD_REND
, "Client authorization unrecognized filename %s. "
1273 "File must end in .auth. Ignoring.", filename
);
1277 /* Create a full path for a file. */
1278 client_key_file_path
= hs_path_from_filename(client_keys_dir_path
,
1280 client_key_str
= read_file_to_str(client_key_file_path
, 0, NULL
);
1282 /* If we cannot read the file, continue with the next file. */
1283 if (!client_key_str
) {
1284 log_warn(LD_REND
, "Client authorization file %s can't be read. "
1285 "Corrupted or verify permission? Ignoring.",
1286 client_key_file_path
);
1287 tor_free(client_key_file_path
);
1290 tor_free(client_key_file_path
);
1292 client
= parse_authorized_client(client_key_str
);
1293 /* Wipe and free immediately after using it. */
1294 memwipe(client_key_str
, 0, strlen(client_key_str
));
1295 tor_free(client_key_str
);
1298 smartlist_add(config
->clients
, client
);
1299 log_info(LD_REND
, "Loaded a client authorization key file %s.",
1303 } SMARTLIST_FOREACH_END(filename
);
1305 /* If the number of clients is greater than zero, set the flag to be true. */
1306 if (smartlist_len(config
->clients
) > 0) {
1307 config
->is_client_auth_enabled
= 1;
1313 if (client_key_str
) {
1314 memwipe(client_key_str
, 0, strlen(client_key_str
));
1317 SMARTLIST_FOREACH(file_list
, char *, s
, tor_free(s
));
1318 smartlist_free(file_list
);
1320 tor_free(client_key_str
);
1321 tor_free(client_key_file_path
);
1322 tor_free(client_keys_dir_path
);
1326 /** Release all storage held in <b>client</b>. */
1328 service_authorized_client_free_(hs_service_authorized_client_t
*client
)
1333 memwipe(&client
->client_pk
, 0, sizeof(client
->client_pk
));
1337 /** Free a given service descriptor object and all key material is wiped. */
1339 service_descriptor_free_(hs_service_descriptor_t
*desc
)
1344 hs_descriptor_free(desc
->desc
);
1345 memwipe(&desc
->signing_kp
, 0, sizeof(desc
->signing_kp
));
1346 memwipe(&desc
->blinded_kp
, 0, sizeof(desc
->blinded_kp
));
1347 /* Cleanup all intro points. */
1348 digest256map_free(desc
->intro_points
.map
, service_intro_point_free_void
);
1349 digestmap_free(desc
->intro_points
.failed_id
, tor_free_
);
1350 if (desc
->previous_hsdirs
) {
1351 SMARTLIST_FOREACH(desc
->previous_hsdirs
, char *, s
, tor_free(s
));
1352 smartlist_free(desc
->previous_hsdirs
);
1354 crypto_ope_free(desc
->ope_cipher
);
1358 /** Return a newly allocated service descriptor object. */
1359 STATIC hs_service_descriptor_t
*
1360 service_descriptor_new(void)
1362 hs_service_descriptor_t
*sdesc
= tor_malloc_zero(sizeof(*sdesc
));
1363 sdesc
->desc
= tor_malloc_zero(sizeof(hs_descriptor_t
));
1364 /* Initialize the intro points map. */
1365 sdesc
->intro_points
.map
= digest256map_new();
1366 sdesc
->intro_points
.failed_id
= digestmap_new();
1367 sdesc
->previous_hsdirs
= smartlist_new();
1371 /** Allocate and return a deep copy of client. */
1372 static hs_service_authorized_client_t
*
1373 service_authorized_client_dup(const hs_service_authorized_client_t
*client
)
1375 hs_service_authorized_client_t
*client_dup
= NULL
;
1379 client_dup
= tor_malloc_zero(sizeof(hs_service_authorized_client_t
));
1380 /* Currently, the public key is the only component of
1381 * hs_service_authorized_client_t. */
1382 memcpy(client_dup
->client_pk
.public_key
,
1383 client
->client_pk
.public_key
,
1384 CURVE25519_PUBKEY_LEN
);
1389 /** If two authorized clients are equal, return 0. If the first one should come
1390 * before the second, return less than zero. If the first should come after
1391 * the second, return greater than zero. */
1393 service_authorized_client_cmp(const hs_service_authorized_client_t
*client1
,
1394 const hs_service_authorized_client_t
*client2
)
1396 tor_assert(client1
);
1397 tor_assert(client2
);
1399 /* Currently, the public key is the only component of
1400 * hs_service_authorized_client_t. */
1401 return tor_memcmp(client1
->client_pk
.public_key
,
1402 client2
->client_pk
.public_key
,
1403 CURVE25519_PUBKEY_LEN
);
1406 /** Helper for sorting authorized clients. */
1408 compare_service_authorzized_client_(const void **_a
, const void **_b
)
1410 const hs_service_authorized_client_t
*a
= *_a
, *b
= *_b
;
1411 return service_authorized_client_cmp(a
, b
);
1414 /** If the list of hs_service_authorized_client_t's is different between
1415 * src and dst, return 1. Otherwise, return 0. */
1417 service_authorized_client_config_equal(const hs_service_config_t
*config1
,
1418 const hs_service_config_t
*config2
)
1422 smartlist_t
*sl1
= smartlist_new();
1423 smartlist_t
*sl2
= smartlist_new();
1425 tor_assert(config1
);
1426 tor_assert(config2
);
1427 tor_assert(config1
->clients
);
1428 tor_assert(config2
->clients
);
1430 /* If the number of clients is different, it is obvious that the list
1432 if (smartlist_len(config1
->clients
) != smartlist_len(config2
->clients
)) {
1436 /* We do not want to mutate config1 and config2, so we will duplicate both
1437 * entire client lists here. */
1438 SMARTLIST_FOREACH(config1
->clients
,
1439 hs_service_authorized_client_t
*, client
,
1440 smartlist_add(sl1
, service_authorized_client_dup(client
)));
1442 SMARTLIST_FOREACH(config2
->clients
,
1443 hs_service_authorized_client_t
*, client
,
1444 smartlist_add(sl2
, service_authorized_client_dup(client
)));
1446 smartlist_sort(sl1
, compare_service_authorzized_client_
);
1447 smartlist_sort(sl2
, compare_service_authorzized_client_
);
1449 for (i
= 0; i
< smartlist_len(sl1
); i
++) {
1450 /* If the clients at index i in both lists differ, the whole configs
1452 if (service_authorized_client_cmp(smartlist_get(sl1
, i
),
1453 smartlist_get(sl2
, i
))) {
1463 SMARTLIST_FOREACH(sl1
, hs_service_authorized_client_t
*, p
,
1464 service_authorized_client_free(p
));
1465 smartlist_free(sl1
);
1468 SMARTLIST_FOREACH(sl2
, hs_service_authorized_client_t
*, p
,
1469 service_authorized_client_free(p
));
1470 smartlist_free(sl2
);
1475 /** Move descriptor(s) from the src service to the dst service and modify their
1476 * content if necessary. We do this during SIGHUP when we re-create our
1477 * hidden services. */
1479 move_descriptors(hs_service_t
*src
, hs_service_t
*dst
)
1484 if (src
->desc_current
) {
1485 /* Nothing should be there, but clean it up just in case */
1486 if (BUG(dst
->desc_current
)) {
1487 service_descriptor_free(dst
->desc_current
);
1489 dst
->desc_current
= src
->desc_current
;
1490 src
->desc_current
= NULL
;
1493 if (src
->desc_next
) {
1494 /* Nothing should be there, but clean it up just in case */
1495 if (BUG(dst
->desc_next
)) {
1496 service_descriptor_free(dst
->desc_next
);
1498 dst
->desc_next
= src
->desc_next
;
1499 src
->desc_next
= NULL
;
1502 /* If the client authorization changes, we must rebuild the superencrypted
1503 * section and republish the descriptors. */
1504 int client_auth_changed
=
1505 !service_authorized_client_config_equal(&src
->config
, &dst
->config
);
1506 if (client_auth_changed
&& dst
->desc_current
) {
1507 /* We have to clear the superencrypted content first. */
1508 hs_desc_superencrypted_data_free_contents(
1509 &dst
->desc_current
->desc
->superencrypted_data
);
1510 if (build_service_desc_superencrypted(dst
, dst
->desc_current
) < 0) {
1513 service_desc_schedule_upload(dst
->desc_current
, time(NULL
), 1);
1515 if (client_auth_changed
&& dst
->desc_next
) {
1516 /* We have to clear the superencrypted content first. */
1517 hs_desc_superencrypted_data_free_contents(
1518 &dst
->desc_next
->desc
->superencrypted_data
);
1519 if (build_service_desc_superencrypted(dst
, dst
->desc_next
) < 0) {
1522 service_desc_schedule_upload(dst
->desc_next
, time(NULL
), 1);
1528 /* If there is an error, free all descriptors to make it clean and generate
1530 service_descriptor_free(dst
->desc_current
);
1531 service_descriptor_free(dst
->desc_next
);
1534 /** From the given service, remove all expired failing intro points for each
1537 remove_expired_failing_intro(hs_service_t
*service
, time_t now
)
1539 tor_assert(service
);
1541 /* For both descriptors, cleanup the failing intro points list. */
1542 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
1543 DIGESTMAP_FOREACH_MODIFY(desc
->intro_points
.failed_id
, key
, time_t *, t
) {
1544 time_t failure_time
= *t
;
1545 if ((failure_time
+ INTRO_CIRC_RETRY_PERIOD
) <= now
) {
1546 MAP_DEL_CURRENT(key
);
1549 } DIGESTMAP_FOREACH_END
;
1550 } FOR_EACH_DESCRIPTOR_END
;
1553 /** For the given descriptor desc, put all node_t object found from its failing
1554 * intro point list and put them in the given node_list. */
1556 setup_intro_point_exclude_list(const hs_service_descriptor_t
*desc
,
1557 smartlist_t
*node_list
)
1560 tor_assert(node_list
);
1562 DIGESTMAP_FOREACH(desc
->intro_points
.failed_id
, key
, time_t *, t
) {
1563 (void) t
; /* Make gcc happy. */
1564 const node_t
*node
= node_get_by_id(key
);
1566 smartlist_add(node_list
, (void *) node
);
1568 } DIGESTMAP_FOREACH_END
;
1571 /** For the given failing intro point ip, we add its time of failure to the
1572 * failed map and index it by identity digest (legacy ID) in the descriptor
1573 * desc failed id map. */
1575 remember_failing_intro_point(const hs_service_intro_point_t
*ip
,
1576 hs_service_descriptor_t
*desc
, time_t now
)
1578 time_t *time_of_failure
, *prev_ptr
;
1579 const link_specifier_t
*legacy_ls
;
1584 time_of_failure
= tor_malloc_zero(sizeof(time_t));
1585 *time_of_failure
= now
;
1586 legacy_ls
= get_link_spec_by_type(ip
, LS_LEGACY_ID
);
1587 tor_assert(legacy_ls
);
1588 prev_ptr
= digestmap_set(
1589 desc
->intro_points
.failed_id
,
1590 (const char *) link_specifier_getconstarray_un_legacy_id(legacy_ls
),
1595 /** Using a given descriptor signing keypair signing_kp, a service intro point
1596 * object ip and the time now, setup the content of an already allocated
1597 * descriptor intro desc_ip.
1599 * Return 0 on success else a negative value. */
1601 setup_desc_intro_point(const ed25519_keypair_t
*signing_kp
,
1602 const hs_service_intro_point_t
*ip
,
1603 time_t now
, hs_desc_intro_point_t
*desc_ip
)
1606 time_t nearest_hour
= now
- (now
% 3600);
1608 tor_assert(signing_kp
);
1610 tor_assert(desc_ip
);
1612 /* Copy the onion key. */
1613 memcpy(&desc_ip
->onion_key
, &ip
->onion_key
, sizeof(desc_ip
->onion_key
));
1615 /* Key and certificate material. */
1616 desc_ip
->auth_key_cert
= tor_cert_create_ed25519(signing_kp
,
1617 CERT_TYPE_AUTH_HS_IP_KEY
,
1618 &ip
->auth_key_kp
.pubkey
,
1620 HS_DESC_CERT_LIFETIME
,
1621 CERT_FLAG_INCLUDE_SIGNING_KEY
);
1622 if (desc_ip
->auth_key_cert
== NULL
) {
1623 log_warn(LD_REND
, "Unable to create intro point auth-key certificate");
1627 /* Copy link specifier(s). */
1628 SMARTLIST_FOREACH_BEGIN(ip
->base
.link_specifiers
,
1629 const link_specifier_t
*, ls
) {
1633 link_specifier_t
*copy
= link_specifier_dup(ls
);
1637 smartlist_add(desc_ip
->link_specifiers
, copy
);
1638 } SMARTLIST_FOREACH_END(ls
);
1640 /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1641 if (ip
->base
.is_only_legacy
) {
1642 desc_ip
->legacy
.key
= crypto_pk_dup_key(ip
->legacy_key
);
1643 /* Create cross certification cert. */
1644 ssize_t cert_len
= tor_make_rsa_ed25519_crosscert(
1645 &signing_kp
->pubkey
,
1646 desc_ip
->legacy
.key
,
1647 nearest_hour
+ HS_DESC_CERT_LIFETIME
,
1648 &desc_ip
->legacy
.cert
.encoded
);
1650 log_warn(LD_REND
, "Unable to create enc key legacy cross cert.");
1653 desc_ip
->legacy
.cert
.len
= cert_len
;
1656 /* Encryption key and its cross certificate. */
1658 ed25519_public_key_t ed25519_pubkey
;
1660 /* Use the public curve25519 key. */
1661 memcpy(&desc_ip
->enc_key
, &ip
->enc_key_kp
.pubkey
,
1662 sizeof(desc_ip
->enc_key
));
1663 /* The following can't fail. */
1664 ed25519_public_key_from_curve25519_public_key(&ed25519_pubkey
,
1665 &ip
->enc_key_kp
.pubkey
,
1667 desc_ip
->enc_key_cert
= tor_cert_create_ed25519(signing_kp
,
1668 CERT_TYPE_CROSS_HS_IP_KEYS
,
1669 &ed25519_pubkey
, nearest_hour
,
1670 HS_DESC_CERT_LIFETIME
,
1671 CERT_FLAG_INCLUDE_SIGNING_KEY
);
1672 if (desc_ip
->enc_key_cert
== NULL
) {
1673 log_warn(LD_REND
, "Unable to create enc key curve25519 cross cert.");
1684 /** Using the given descriptor from the given service, build the descriptor
1685 * intro point list so we can then encode the descriptor for publication. This
1686 * function does not pick intro points, they have to be in the descriptor
1687 * current map. Cryptographic material (keys) must be initialized in the
1688 * descriptor for this function to make sense. */
1690 build_desc_intro_points(const hs_service_t
*service
,
1691 hs_service_descriptor_t
*desc
, time_t now
)
1693 hs_desc_encrypted_data_t
*encrypted
;
1695 tor_assert(service
);
1698 /* Ease our life. */
1699 encrypted
= &desc
->desc
->encrypted_data
;
1700 /* Cleanup intro points, we are about to set them from scratch. */
1701 hs_descriptor_clear_intro_points(desc
->desc
);
1703 DIGEST256MAP_FOREACH(desc
->intro_points
.map
, key
,
1704 const hs_service_intro_point_t
*, ip
) {
1705 if (!hs_circ_service_get_established_intro_circ(ip
)) {
1706 /* Ignore un-established intro points. They can linger in that list
1707 * because their circuit has not opened and they haven't been removed
1708 * yet even though we have enough intro circuits.
1710 * Due to #31561, it can stay in that list until rotation so this check
1711 * prevents to publish an intro point without a circuit. */
1714 hs_desc_intro_point_t
*desc_ip
= hs_desc_intro_point_new();
1715 if (setup_desc_intro_point(&desc
->signing_kp
, ip
, now
, desc_ip
) < 0) {
1716 hs_desc_intro_point_free(desc_ip
);
1719 /* We have a valid descriptor intro point. Add it to the list. */
1720 smartlist_add(encrypted
->intro_points
, desc_ip
);
1721 } DIGEST256MAP_FOREACH_END
;
1724 /** Build the descriptor signing key certificate. */
1726 build_desc_signing_key_cert(hs_service_descriptor_t
*desc
, time_t now
)
1728 hs_desc_plaintext_data_t
*plaintext
;
1731 tor_assert(desc
->desc
);
1733 /* Ease our life a bit. */
1734 plaintext
= &desc
->desc
->plaintext_data
;
1736 /* Get rid of what we have right now. */
1737 tor_cert_free(plaintext
->signing_key_cert
);
1739 /* Fresh certificate for the signing key. */
1740 plaintext
->signing_key_cert
=
1741 tor_cert_create_ed25519(&desc
->blinded_kp
, CERT_TYPE_SIGNING_HS_DESC
,
1742 &desc
->signing_kp
.pubkey
, now
, HS_DESC_CERT_LIFETIME
,
1743 CERT_FLAG_INCLUDE_SIGNING_KEY
);
1744 /* If the cert creation fails, the descriptor encoding will fail and thus
1745 * ultimately won't be uploaded. We'll get a stack trace to help us learn
1746 * where the call came from and the tor_cert_create_ed25519() will log the
1748 tor_assert_nonfatal(plaintext
->signing_key_cert
);
1751 /** Populate the descriptor encrypted section from the given service object.
1752 * This will generate a valid list of introduction points that can be used
1753 * after for circuit creation. Return 0 on success else -1 on error. */
1755 build_service_desc_encrypted(const hs_service_t
*service
,
1756 hs_service_descriptor_t
*desc
)
1758 hs_desc_encrypted_data_t
*encrypted
;
1760 tor_assert(service
);
1763 encrypted
= &desc
->desc
->encrypted_data
;
1765 encrypted
->create2_ntor
= 1;
1766 encrypted
->single_onion_service
= service
->config
.is_single_onion
;
1768 /* Setup introduction points from what we have in the service. */
1769 if (encrypted
->intro_points
== NULL
) {
1770 encrypted
->intro_points
= smartlist_new();
1772 /* We do NOT build introduction point yet, we only do that once the circuit
1773 * have been opened. Until we have the right number of introduction points,
1774 * we do not encode anything in the descriptor. */
1776 /* XXX: Support client authorization (#20700). */
1777 encrypted
->intro_auth_types
= NULL
;
1781 /** Populate the descriptor superencrypted section from the given service
1782 * object. This will generate a valid list of hs_desc_authorized_client_t
1783 * of clients that are authorized to use the service. Return 0 on success
1784 * else -1 on error. */
1786 build_service_desc_superencrypted(const hs_service_t
*service
,
1787 hs_service_descriptor_t
*desc
)
1789 const hs_service_config_t
*config
;
1791 hs_desc_superencrypted_data_t
*superencrypted
;
1793 tor_assert(service
);
1796 superencrypted
= &desc
->desc
->superencrypted_data
;
1797 config
= &service
->config
;
1799 /* The ephemeral key pair is already generated, so this should not give
1801 if (BUG(!curve25519_public_key_is_ok(&desc
->auth_ephemeral_kp
.pubkey
))) {
1804 memcpy(&superencrypted
->auth_ephemeral_pubkey
,
1805 &desc
->auth_ephemeral_kp
.pubkey
,
1806 sizeof(curve25519_public_key_t
));
1808 /* Test that subcred is not zero because we might use it below */
1809 if (BUG(fast_mem_is_zero((char*)desc
->desc
->subcredential
.subcred
,
1814 /* Create a smartlist to store clients */
1815 superencrypted
->clients
= smartlist_new();
1817 /* We do not need to build the desc authorized client if the client
1818 * authorization is disabled */
1819 if (config
->is_client_auth_enabled
) {
1820 SMARTLIST_FOREACH_BEGIN(config
->clients
,
1821 hs_service_authorized_client_t
*, client
) {
1822 hs_desc_authorized_client_t
*desc_client
;
1823 desc_client
= tor_malloc_zero(sizeof(hs_desc_authorized_client_t
));
1825 /* Prepare the client for descriptor and then add to the list in the
1826 * superencrypted part of the descriptor */
1827 hs_desc_build_authorized_client(&desc
->desc
->subcredential
,
1829 &desc
->auth_ephemeral_kp
.seckey
,
1830 desc
->descriptor_cookie
, desc_client
);
1831 smartlist_add(superencrypted
->clients
, desc_client
);
1833 } SMARTLIST_FOREACH_END(client
);
1836 /* We cannot let the number of auth-clients to be zero, so we need to
1837 * make it be 16. If it is already a multiple of 16, we do not need to
1838 * do anything. Otherwise, add the additional ones to make it a
1839 * multiple of 16. */
1840 int num_clients
= smartlist_len(superencrypted
->clients
);
1841 int num_clients_to_add
;
1842 if (num_clients
== 0) {
1843 num_clients_to_add
= HS_DESC_AUTH_CLIENT_MULTIPLE
;
1844 } else if (num_clients
% HS_DESC_AUTH_CLIENT_MULTIPLE
== 0) {
1845 num_clients_to_add
= 0;
1847 num_clients_to_add
=
1848 HS_DESC_AUTH_CLIENT_MULTIPLE
1849 - (num_clients
% HS_DESC_AUTH_CLIENT_MULTIPLE
);
1852 for (i
= 0; i
< num_clients_to_add
; i
++) {
1853 hs_desc_authorized_client_t
*desc_client
=
1854 hs_desc_build_fake_authorized_client();
1855 smartlist_add(superencrypted
->clients
, desc_client
);
1858 /* Shuffle the list to prevent the client know the position in the
1860 smartlist_shuffle(superencrypted
->clients
);
1865 /** Populate the descriptor plaintext section from the given service object.
1866 * The caller must make sure that the keys in the descriptors are valid that
1867 * is are non-zero. This can't fail. */
1869 build_service_desc_plaintext(const hs_service_t
*service
,
1870 hs_service_descriptor_t
*desc
)
1872 hs_desc_plaintext_data_t
*plaintext
;
1874 tor_assert(service
);
1876 tor_assert(!fast_mem_is_zero((char *) &desc
->blinded_kp
,
1877 sizeof(desc
->blinded_kp
)));
1878 tor_assert(!fast_mem_is_zero((char *) &desc
->signing_kp
,
1879 sizeof(desc
->signing_kp
)));
1881 /* Set the subcredential. */
1882 hs_get_subcredential(&service
->keys
.identity_pk
, &desc
->blinded_kp
.pubkey
,
1883 &desc
->desc
->subcredential
);
1885 plaintext
= &desc
->desc
->plaintext_data
;
1887 plaintext
->version
= service
->config
.version
;
1888 plaintext
->lifetime_sec
= HS_DESC_DEFAULT_LIFETIME
;
1889 /* Copy public key material to go in the descriptor. */
1890 ed25519_pubkey_copy(&plaintext
->signing_pubkey
, &desc
->signing_kp
.pubkey
);
1891 ed25519_pubkey_copy(&plaintext
->blinded_pubkey
, &desc
->blinded_kp
.pubkey
);
1893 /* Create the signing key certificate. This will be updated before each
1894 * upload but we create it here so we don't complexify our unit tests. */
1895 build_desc_signing_key_cert(desc
, approx_time());
1898 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1899 static crypto_ope_t
*
1900 generate_ope_cipher_for_desc(const hs_service_descriptor_t
*hs_desc
)
1902 /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1903 uint8_t key
[DIGEST256_LEN
];
1904 crypto_digest_t
*digest
= crypto_digest256_new(DIGEST_SHA3_256
);
1905 const char ope_key_prefix
[] = "rev-counter-generation";
1906 const ed25519_secret_key_t
*eph_privkey
= &hs_desc
->blinded_kp
.seckey
;
1907 crypto_digest_add_bytes(digest
, ope_key_prefix
, sizeof(ope_key_prefix
));
1908 crypto_digest_add_bytes(digest
, (char*)eph_privkey
->seckey
,
1909 sizeof(eph_privkey
->seckey
));
1910 crypto_digest_get_digest(digest
, (char *)key
, sizeof(key
));
1911 crypto_digest_free(digest
);
1913 return crypto_ope_new(key
);
1916 /** For the given service and descriptor object, create the key material which
1917 * is the blinded keypair, the descriptor signing keypair, the ephemeral
1918 * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1919 * where the generated keys MUST be ignored. */
1921 build_service_desc_keys(const hs_service_t
*service
,
1922 hs_service_descriptor_t
*desc
)
1925 ed25519_keypair_t kp
;
1928 tor_assert(!fast_mem_is_zero((char *) &service
->keys
.identity_pk
,
1929 ED25519_PUBKEY_LEN
));
1931 /* XXX: Support offline key feature (#18098). */
1933 /* Copy the identity keys to the keypair so we can use it to create the
1935 memcpy(&kp
.pubkey
, &service
->keys
.identity_pk
, sizeof(kp
.pubkey
));
1936 memcpy(&kp
.seckey
, &service
->keys
.identity_sk
, sizeof(kp
.seckey
));
1937 /* Build blinded keypair for this time period. */
1938 hs_build_blinded_keypair(&kp
, NULL
, 0, desc
->time_period_num
,
1940 /* Let's not keep too much traces of our keys in memory. */
1941 memwipe(&kp
, 0, sizeof(kp
));
1943 /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1944 log_info(LD_GENERAL
,
1945 "Getting OPE for TP#%u", (unsigned) desc
->time_period_num
);
1946 tor_assert_nonfatal(!desc
->ope_cipher
);
1947 desc
->ope_cipher
= generate_ope_cipher_for_desc(desc
);
1949 /* No need for extra strong, this is a temporary key only for this
1950 * descriptor. Nothing long term. */
1951 if (ed25519_keypair_generate(&desc
->signing_kp
, 0) < 0) {
1952 log_warn(LD_REND
, "Can't generate descriptor signing keypair for "
1954 safe_str_client(service
->onion_address
));
1958 /* No need for extra strong, this is a temporary key only for this
1959 * descriptor. Nothing long term. */
1960 if (curve25519_keypair_generate(&desc
->auth_ephemeral_kp
, 0) < 0) {
1961 log_warn(LD_REND
, "Can't generate auth ephemeral keypair for "
1963 safe_str_client(service
->onion_address
));
1967 /* Random descriptor cookie to be used as a part of a key to encrypt the
1968 * descriptor, only if the client auth is enabled will it be used. */
1969 crypto_strongest_rand(desc
->descriptor_cookie
,
1970 sizeof(desc
->descriptor_cookie
));
1978 /** Given a service and the current time, build a descriptor for the service.
1979 * This function does not pick introduction point, this needs to be done by
1980 * the update function. On success, desc_out will point to the newly allocated
1981 * descriptor object.
1983 * This can error if we are unable to create keys or certificate. */
1985 build_service_descriptor(hs_service_t
*service
, uint64_t time_period_num
,
1986 hs_service_descriptor_t
**desc_out
)
1989 hs_service_descriptor_t
*desc
;
1991 tor_assert(service
);
1992 tor_assert(desc_out
);
1994 desc
= service_descriptor_new();
1996 /* Set current time period */
1997 desc
->time_period_num
= time_period_num
;
1999 /* Create the needed keys so we can setup the descriptor content. */
2000 if (build_service_desc_keys(service
, desc
) < 0) {
2003 /* Setup plaintext descriptor content. */
2004 build_service_desc_plaintext(service
, desc
);
2006 /* Setup superencrypted descriptor content. */
2007 if (build_service_desc_superencrypted(service
, desc
) < 0) {
2010 /* Setup encrypted descriptor content. */
2011 if (build_service_desc_encrypted(service
, desc
) < 0) {
2015 /* Let's make sure that we've created a descriptor that can actually be
2016 * encoded properly. This function also checks if the encoded output is
2017 * decodable after. */
2018 if (BUG(service_encode_descriptor(service
, desc
, &desc
->signing_kp
,
2019 &encoded_desc
) < 0)) {
2022 tor_free(encoded_desc
);
2024 /* Assign newly built descriptor to the next slot. */
2027 /* Fire a CREATED control port event. */
2028 hs_control_desc_event_created(service
->onion_address
,
2029 &desc
->blinded_kp
.pubkey
);
2031 /* If we are an onionbalance instance, we refresh our keys when we rotate
2033 hs_ob_refresh_keys(service
);
2038 service_descriptor_free(desc
);
2041 /** Build both descriptors for the given service that has just booted up.
2042 * Because it's a special case, it deserves its special function ;). */
2044 build_descriptors_for_new_service(hs_service_t
*service
, time_t now
)
2046 uint64_t current_desc_tp
, next_desc_tp
;
2048 tor_assert(service
);
2049 /* These are the conditions for a new service. */
2050 tor_assert(!service
->desc_current
);
2051 tor_assert(!service
->desc_next
);
2054 * +------------------------------------------------------------------+
2056 * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2057 * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2059 * | $==========|-----------$===========|-----------$===========| |
2062 * +------------------------------------------------------------------+
2064 * Case A: The service boots up before a new time period, the current time
2065 * period is thus TP#1 and the next is TP#2 which for both we have access to
2068 * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2069 * next descriptor because we don't have the SRV#3 so the current should be
2070 * TP#1 and next TP#2.
2073 if (hs_in_period_between_tp_and_srv(NULL
, now
)) {
2074 /* Case B from the above, inside of the new time period. */
2075 current_desc_tp
= hs_get_previous_time_period_num(0); /* TP#1 */
2076 next_desc_tp
= hs_get_time_period_num(0); /* TP#2 */
2078 /* Case A from the above, outside of the new time period. */
2079 current_desc_tp
= hs_get_time_period_num(0); /* TP#1 */
2080 next_desc_tp
= hs_get_next_time_period_num(0); /* TP#2 */
2083 /* Build descriptors. */
2084 build_service_descriptor(service
, current_desc_tp
, &service
->desc_current
);
2085 build_service_descriptor(service
, next_desc_tp
, &service
->desc_next
);
2086 log_info(LD_REND
, "Hidden service %s has just started. Both descriptors "
2087 "built. Now scheduled for upload.",
2088 safe_str_client(service
->onion_address
));
2091 /** Build descriptors for each service if needed. There are conditions to build
2092 * a descriptor which are details in the function. */
2094 build_all_descriptors(time_t now
)
2096 FOR_EACH_SERVICE_BEGIN(service
) {
2098 /* A service booting up will have both descriptors to NULL. No other cases
2099 * makes both descriptor non existent. */
2100 if (service
->desc_current
== NULL
&& service
->desc_next
== NULL
) {
2101 build_descriptors_for_new_service(service
, now
);
2105 /* Reaching this point means we are pass bootup so at runtime. We should
2106 * *never* have an empty current descriptor. If the next descriptor is
2107 * empty, we'll try to build it for the next time period. This only
2108 * happens when we rotate meaning that we are guaranteed to have a new SRV
2109 * at that point for the next time period. */
2110 if (BUG(service
->desc_current
== NULL
)) {
2114 if (service
->desc_next
== NULL
) {
2115 build_service_descriptor(service
, hs_get_next_time_period_num(0),
2116 &service
->desc_next
);
2117 log_info(LD_REND
, "Hidden service %s next descriptor successfully "
2118 "built. Now scheduled for upload.",
2119 safe_str_client(service
->onion_address
));
2121 } FOR_EACH_DESCRIPTOR_END
;
2124 /** Randomly pick a node to become an introduction point but not present in the
2125 * given exclude_nodes list. The chosen node is put in the exclude list
2126 * regardless of success or not because in case of failure, the node is simply
2127 * unsusable from that point on.
2129 * If direct_conn is set, try to pick a node that our local firewall/policy
2130 * allows us to connect to directly. If we can't find any, return NULL.
2131 * This function supports selecting dual-stack nodes for direct single onion
2132 * service IPv6 connections. But it does not send IPv6 addresses in link
2133 * specifiers. (Current clients don't use IPv6 addresses to extend, and
2134 * direct client connections to intro points are not supported.)
2136 * Return a newly allocated service intro point ready to be used for encoding.
2137 * Return NULL on error. */
2138 static hs_service_intro_point_t
*
2139 pick_intro_point(unsigned int direct_conn
, smartlist_t
*exclude_nodes
)
2141 const or_options_t
*options
= get_options();
2143 hs_service_intro_point_t
*ip
= NULL
;
2144 /* Normal 3-hop introduction point flags. */
2145 router_crn_flags_t flags
= CRN_NEED_UPTIME
| CRN_NEED_DESC
;
2146 /* Single onion flags. */
2147 router_crn_flags_t direct_flags
= flags
| CRN_PREF_ADDR
| CRN_DIRECT_CONN
;
2149 node
= router_choose_random_node(exclude_nodes
, options
->ExcludeNodes
,
2150 direct_conn
? direct_flags
: flags
);
2152 /* If we are in single onion mode, retry node selection for a 3-hop
2154 if (direct_conn
&& !node
) {
2156 "Unable to find an intro point that we can connect to "
2157 "directly, falling back to a 3-hop path.");
2158 node
= router_choose_random_node(exclude_nodes
, options
->ExcludeNodes
,
2166 /* We have a suitable node, add it to the exclude list. We do this *before*
2167 * we can validate the extend information because even in case of failure,
2168 * we don't want to use that node anymore. */
2169 smartlist_add(exclude_nodes
, (void *) node
);
2171 /* Create our objects and populate them with the node information. */
2172 ip
= service_intro_point_new(node
);
2178 log_info(LD_REND
, "Picked intro point: %s", node_describe(node
));
2181 service_intro_point_free(ip
);
2185 /** For a given descriptor from the given service, pick any needed intro points
2186 * and update the current map with those newly picked intro points. Return the
2187 * number node that might have been added to the descriptor current map. */
2189 pick_needed_intro_points(hs_service_t
*service
,
2190 hs_service_descriptor_t
*desc
)
2192 int i
= 0, num_needed_ip
;
2193 smartlist_t
*exclude_nodes
= smartlist_new();
2195 tor_assert(service
);
2198 /* Compute how many intro points we actually need to open. */
2199 num_needed_ip
= service
->config
.num_intro_points
-
2200 digest256map_size(desc
->intro_points
.map
);
2201 if (BUG(num_needed_ip
< 0)) {
2202 /* Let's not make tor freak out here and just skip this. */
2206 /* We want to end up with config.num_intro_points intro points, but if we
2207 * have no intro points at all (chances are they all cycled or we are
2208 * starting up), we launch get_intro_point_num_extra() extra circuits and
2209 * use the first config.num_intro_points that complete. See proposal #155,
2210 * section 4 for the rationale of this which is purely for performance.
2212 * The ones after the first config.num_intro_points will be converted to
2213 * 'General' internal circuits and then we'll drop them from the list of
2215 if (digest256map_size(desc
->intro_points
.map
) == 0) {
2216 num_needed_ip
+= get_intro_point_num_extra();
2219 /* Build an exclude list of nodes of our intro point(s). The expiring intro
2220 * points are OK to pick again because this is after all a concept of round
2221 * robin so they are considered valid nodes to pick again. */
2222 DIGEST256MAP_FOREACH(desc
->intro_points
.map
, key
,
2223 hs_service_intro_point_t
*, ip
) {
2224 const node_t
*intro_node
= get_node_from_intro_point(ip
);
2226 smartlist_add(exclude_nodes
, (void*)intro_node
);
2228 } DIGEST256MAP_FOREACH_END
;
2229 /* Also, add the failing intro points that our descriptor encounteered in
2230 * the exclude node list. */
2231 setup_intro_point_exclude_list(desc
, exclude_nodes
);
2233 for (i
= 0; i
< num_needed_ip
; i
++) {
2234 hs_service_intro_point_t
*ip
;
2236 /* This function will add the picked intro point node to the exclude nodes
2237 * list so we don't pick the same one at the next iteration. */
2238 ip
= pick_intro_point(service
->config
.is_single_onion
, exclude_nodes
);
2240 /* If we end up unable to pick an introduction point it is because we
2241 * can't find suitable node and calling this again is highly unlikely to
2242 * give us a valid node all of the sudden. */
2243 log_info(LD_REND
, "Unable to find a suitable node to be an "
2244 "introduction point for service %s.",
2245 safe_str_client(service
->onion_address
));
2248 /* Valid intro point object, add it to the descriptor current map. */
2249 service_intro_point_add(desc
->intro_points
.map
, ip
);
2251 /* We've successfully picked all our needed intro points thus none are
2252 * missing which will tell our upload process to expect the number of
2253 * circuits to be the number of configured intro points circuits and not the
2254 * number of intro points object that we have. */
2255 desc
->missing_intro_points
= 0;
2259 /* We don't have ownership of the node_t object in this list. */
2260 smartlist_free(exclude_nodes
);
2264 /** Clear previous cached HSDirs in <b>desc</b>. */
2266 service_desc_clear_previous_hsdirs(hs_service_descriptor_t
*desc
)
2268 if (BUG(!desc
->previous_hsdirs
)) {
2272 SMARTLIST_FOREACH(desc
->previous_hsdirs
, char*, s
, tor_free(s
));
2273 smartlist_clear(desc
->previous_hsdirs
);
2276 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2278 service_desc_note_upload(hs_service_descriptor_t
*desc
, const node_t
*hsdir
)
2280 char b64_digest
[BASE64_DIGEST_LEN
+1] = {0};
2281 digest_to_base64(b64_digest
, hsdir
->identity
);
2283 if (BUG(!desc
->previous_hsdirs
)) {
2287 if (!smartlist_contains_string(desc
->previous_hsdirs
, b64_digest
)) {
2288 smartlist_add_strdup(desc
->previous_hsdirs
, b64_digest
);
2292 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2293 * means that this descriptor is dirty. */
2295 service_desc_schedule_upload(hs_service_descriptor_t
*desc
,
2297 int descriptor_changed
)
2300 desc
->next_upload_time
= now
;
2302 /* If the descriptor changed, clean up the old HSDirs list. We want to
2303 * re-upload no matter what. */
2304 if (descriptor_changed
) {
2305 service_desc_clear_previous_hsdirs(desc
);
2309 /** Pick missing intro points for this descriptor if needed. */
2311 update_service_descriptor_intro_points(hs_service_t
*service
,
2312 hs_service_descriptor_t
*desc
, time_t now
)
2314 unsigned int num_intro_points
;
2316 tor_assert(service
);
2318 tor_assert(desc
->desc
);
2320 num_intro_points
= digest256map_size(desc
->intro_points
.map
);
2322 /* Pick any missing introduction point(s). */
2323 if (num_intro_points
< service
->config
.num_intro_points
) {
2324 unsigned int num_new_intro_points
= pick_needed_intro_points(service
,
2326 if (num_new_intro_points
!= 0) {
2327 log_info(LD_REND
, "Service %s just picked %u intro points and wanted "
2328 "%u for %s descriptor. It currently has %d intro "
2329 "points. Launching ESTABLISH_INTRO circuit shortly.",
2330 safe_str_client(service
->onion_address
),
2331 num_new_intro_points
,
2332 service
->config
.num_intro_points
- num_intro_points
,
2333 (desc
== service
->desc_current
) ? "current" : "next",
2335 /* We'll build those introduction point into the descriptor once we have
2336 * confirmation that the circuits are opened and ready. However,
2337 * indicate that this descriptor should be uploaded from now on. */
2338 service_desc_schedule_upload(desc
, now
, 1);
2340 /* Were we able to pick all the intro points we needed? If not, we'll
2341 * flag the descriptor that it's missing intro points because it
2342 * couldn't pick enough which will trigger a descriptor upload. */
2343 if ((num_new_intro_points
+ num_intro_points
) <
2344 service
->config
.num_intro_points
) {
2345 desc
->missing_intro_points
= 1;
2350 /** Update descriptor intro points for each service if needed. We do this as
2351 * part of the periodic event because we need to establish intro point circuits
2352 * before we publish descriptors. */
2354 update_all_descriptors_intro_points(time_t now
)
2356 FOR_EACH_SERVICE_BEGIN(service
) {
2357 /* We'll try to update each descriptor that is if certain conditions apply
2358 * in order for the descriptor to be updated. */
2359 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
2360 update_service_descriptor_intro_points(service
, desc
, now
);
2361 } FOR_EACH_DESCRIPTOR_END
;
2362 } FOR_EACH_SERVICE_END
;
2365 /** Return true iff the given intro point has expired that is it has been used
2366 * for too long or we've reached our max seen INTRODUCE2 cell. */
2368 intro_point_should_expire(const hs_service_intro_point_t
*ip
,
2373 if (ip
->introduce2_count
>= ip
->introduce2_max
) {
2377 if (ip
->time_to_expire
<= now
) {
2387 /** Return true iff we should remove the intro point ip from its service.
2389 * We remove an intro point from the service descriptor list if one of
2390 * these criteria is met:
2391 * - It has expired (either in INTRO2 count or in time).
2392 * - No node was found (fell off the consensus).
2393 * - We are over the maximum amount of retries.
2395 * If an established or pending circuit is found for the given ip object, this
2396 * return false indicating it should not be removed. */
2398 should_remove_intro_point(hs_service_intro_point_t
*ip
, time_t now
)
2404 /* Any one of the following needs to be True to fulfill the criteria to
2405 * remove an intro point. */
2406 bool has_no_retries
= (ip
->circuit_retries
>
2407 MAX_INTRO_POINT_CIRCUIT_RETRIES
);
2408 bool has_no_node
= (get_node_from_intro_point(ip
) == NULL
);
2409 bool has_expired
= intro_point_should_expire(ip
, now
);
2411 /* If the node fell off the consensus or the IP has expired, we have to
2413 if (has_no_node
|| has_expired
) {
2418 /* Pass this point, even though we might be over the retry limit, we check
2419 * if a circuit (established or pending) exists. In that case, we should not
2420 * remove it because it might simply be valid and opened at the previous
2421 * scheduled event for the last retry. */
2423 /* Do we simply have an existing circuit regardless of its state? */
2424 if (hs_circ_service_get_intro_circ(ip
)) {
2428 /* Getting here means we have _no_ circuits so then return if we have any
2429 * remaining retries. */
2430 ret
= has_no_retries
;
2433 /* Meaningful log in case we are about to remove the IP. */
2435 log_info(LD_REND
, "Intro point %s%s (retried: %u times). "
2437 describe_intro_point(ip
),
2438 has_expired
? " has expired" :
2439 (has_no_node
) ? " fell off the consensus" : "",
2440 ip
->circuit_retries
);
2445 /** Go over the given set of intro points for each service and remove any
2448 * If an intro point is removed, the circuit (if any) is immediately close.
2449 * If a circuit can't be found, the intro point is kept if it hasn't reached
2450 * its maximum circuit retry value and thus should be retried. */
2452 cleanup_intro_points(hs_service_t
*service
, time_t now
)
2454 /* List of intro points to close. We can't mark the intro circuits for close
2455 * in the modify loop because doing so calls back into the HS subsystem and
2456 * we need to keep that code path outside of the service/desc loop so those
2457 * maps don't get modified during the close making us in a possible
2458 * use-after-free situation. */
2459 smartlist_t
*ips_to_free
= smartlist_new();
2461 tor_assert(service
);
2463 /* For both descriptors, cleanup the intro points. */
2464 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
2465 /* Go over the current intro points we have, make sure they are still
2466 * valid and remove any of them that aren't. */
2467 DIGEST256MAP_FOREACH_MODIFY(desc
->intro_points
.map
, key
,
2468 hs_service_intro_point_t
*, ip
) {
2469 if (should_remove_intro_point(ip
, now
)) {
2470 /* We've retried too many times, remember it as a failed intro point
2471 * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2472 if (ip
->circuit_retries
> MAX_INTRO_POINT_CIRCUIT_RETRIES
) {
2473 remember_failing_intro_point(ip
, desc
, approx_time());
2476 /* Remove intro point from descriptor map and add it to the list of
2477 * ips to free for which we'll also try to close the intro circuit. */
2478 MAP_DEL_CURRENT(key
);
2479 smartlist_add(ips_to_free
, ip
);
2481 } DIGEST256MAP_FOREACH_END
;
2482 } FOR_EACH_DESCRIPTOR_END
;
2484 /* Go over the intro points to free and close their circuit if any. */
2485 SMARTLIST_FOREACH_BEGIN(ips_to_free
, hs_service_intro_point_t
*, ip
) {
2486 /* See if we need to close the intro point circuit as well */
2488 /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2489 * open until a new descriptor is uploaded and then closed all expiring
2490 * intro point circuit. Here, we close immediately and because we just
2491 * discarded the intro point, a new one will be selected, a new descriptor
2492 * created and uploaded. There is no difference to an attacker between the
2493 * timing of a new consensus and intro point rotation (possibly?). */
2494 origin_circuit_t
*ocirc
= hs_circ_service_get_intro_circ(ip
);
2495 if (ocirc
&& !TO_CIRCUIT(ocirc
)->marked_for_close
) {
2496 circuit_mark_for_close(TO_CIRCUIT(ocirc
), END_CIRC_REASON_FINISHED
);
2499 /* Cleanup the intro point */
2500 service_intro_point_free(ip
);
2501 } SMARTLIST_FOREACH_END(ip
);
2503 smartlist_free(ips_to_free
);
2506 /** Set the next rotation time of the descriptors for the given service for the
2509 set_rotation_time(hs_service_t
*service
)
2511 tor_assert(service
);
2513 service
->state
.next_rotation_time
=
2514 sr_state_get_start_time_of_current_protocol_run() +
2515 sr_state_get_protocol_run_duration();
2518 char fmt_time
[ISO_TIME_LEN
+ 1];
2519 format_local_iso_time(fmt_time
, service
->state
.next_rotation_time
);
2520 log_info(LD_REND
, "Next descriptor rotation time set to %s for %s",
2521 fmt_time
, safe_str_client(service
->onion_address
));
2525 /** Return true iff the service should rotate its descriptor. The time now is
2526 * only used to fetch the live consensus and if none can be found, this
2529 should_rotate_descriptors(hs_service_t
*service
, time_t now
)
2531 const networkstatus_t
*ns
;
2533 tor_assert(service
);
2535 ns
= networkstatus_get_reasonably_live_consensus(now
,
2536 usable_consensus_flavor());
2541 if (ns
->valid_after
>= service
->state
.next_rotation_time
) {
2542 /* In theory, we should never get here with no descriptors. We can never
2543 * have a NULL current descriptor except when tor starts up. The next
2544 * descriptor can be NULL after a rotation but we build a new one right
2547 * So, when tor starts, the next rotation time is set to the start of the
2548 * next SRV period using the consensus valid after time so it should
2549 * always be set to a future time value. This means that we should never
2550 * reach this point at bootup that is this check safeguards tor in never
2551 * allowing a rotation if the valid after time is smaller than the next
2554 * This is all good in theory but we've had a NULL descriptor issue here
2555 * so this is why we BUG() on both with extra logging to try to understand
2556 * how this can possibly happens. We'll simply ignore and tor should
2557 * recover from this by skipping rotation and building the missing
2558 * descriptors just after this. */
2559 if (BUG(service
->desc_current
== NULL
|| service
->desc_next
== NULL
)) {
2560 log_warn(LD_BUG
, "Service descriptor is NULL (%p/%p). Next rotation "
2561 "time is %ld (now: %ld). Valid after time from "
2563 service
->desc_current
, service
->desc_next
,
2564 (long)service
->state
.next_rotation_time
,
2566 (long)ns
->valid_after
);
2578 /** Rotate the service descriptors of the given service. The current descriptor
2579 * will be freed, the next one put in as the current and finally the next
2580 * descriptor pointer is NULLified. */
2582 rotate_service_descriptors(hs_service_t
*service
)
2584 if (service
->desc_current
) {
2585 /* Close all IP circuits for the descriptor. */
2586 close_intro_circuits(&service
->desc_current
->intro_points
);
2587 /* We don't need this one anymore, we won't serve any clients coming with
2588 * this service descriptor. */
2589 service_descriptor_free(service
->desc_current
);
2591 /* The next one become the current one and emptying the next will trigger
2592 * a descriptor creation for it. */
2593 service
->desc_current
= service
->desc_next
;
2594 service
->desc_next
= NULL
;
2596 /* We've just rotated, set the next time for the rotation. */
2597 set_rotation_time(service
);
2600 /** Rotate descriptors for each service if needed. A non existing current
2601 * descriptor will trigger a descriptor build for the next time period. */
2603 rotate_all_descriptors(time_t now
)
2605 /* XXX We rotate all our service descriptors at once. In the future it might
2606 * be wise, to rotate service descriptors independently to hide that all
2607 * those descriptors are on the same tor instance */
2609 FOR_EACH_SERVICE_BEGIN(service
) {
2611 /* Note for a service booting up: Both descriptors are NULL in that case
2612 * so this function might return true if we are in the timeframe for a
2613 * rotation leading to basically swapping two NULL pointers which is
2614 * harmless. However, the side effect is that triggering a rotation will
2615 * update the service state and avoid doing anymore rotations after the
2616 * two descriptors have been built. */
2617 if (!should_rotate_descriptors(service
, now
)) {
2621 log_info(LD_REND
, "Time to rotate our descriptors (%p / %p) for %s",
2622 service
->desc_current
, service
->desc_next
,
2623 safe_str_client(service
->onion_address
));
2625 rotate_service_descriptors(service
);
2626 } FOR_EACH_SERVICE_END
;
2629 /** Scheduled event run from the main loop. Make sure all our services are up
2630 * to date and ready for the other scheduled events. This includes looking at
2631 * the introduction points status and descriptor rotation time. */
2633 run_housekeeping_event(time_t now
)
2635 /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2636 * simply moving things around or removing unneeded elements. */
2638 FOR_EACH_SERVICE_BEGIN(service
) {
2640 /* If the service is starting off, set the rotation time. We can't do that
2641 * at configure time because the get_options() needs to be set for setting
2642 * that time that uses the voting interval. */
2643 if (service
->state
.next_rotation_time
== 0) {
2644 /* Set the next rotation time of the descriptors. If it's Oct 25th
2645 * 23:47:00, the next rotation time is when the next SRV is computed
2646 * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2647 set_rotation_time(service
);
2650 /* Cleanup invalid intro points from the service descriptor. */
2651 cleanup_intro_points(service
, now
);
2653 /* Remove expired failing intro point from the descriptor failed list. We
2654 * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2655 remove_expired_failing_intro(service
, now
);
2657 /* At this point, the service is now ready to go through the scheduled
2658 * events guaranteeing a valid state. Intro points might be missing from
2659 * the descriptors after the cleanup but the update/build process will
2660 * make sure we pick those missing ones. */
2661 } FOR_EACH_SERVICE_END
;
2664 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2665 * date. Once this returns, each service descriptor needs to be considered for
2666 * new introduction circuits and then for upload. */
2668 run_build_descriptor_event(time_t now
)
2670 /* Run v3+ events. */
2671 /* We start by rotating the descriptors only if needed. */
2672 rotate_all_descriptors(now
);
2674 /* Then, we'll try to build new descriptors that we might need. The
2675 * condition is that the next descriptor is non existing because it has
2676 * been rotated or we just started up. */
2677 build_all_descriptors(now
);
2679 /* Finally, we'll check if we should update the descriptors' intro
2680 * points. Missing introduction points will be picked in this function which
2681 * is useful for newly built descriptors. */
2682 update_all_descriptors_intro_points(now
);
2685 /** For the given service, launch any intro point circuits that could be
2686 * needed. This considers every descriptor of the service. */
2688 launch_intro_point_circuits(hs_service_t
*service
)
2690 tor_assert(service
);
2692 /* For both descriptors, try to launch any missing introduction point
2693 * circuits using the current map. */
2694 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
2695 /* Keep a ref on if we need a direct connection. We use this often. */
2696 bool direct_conn
= service
->config
.is_single_onion
;
2698 DIGEST256MAP_FOREACH_MODIFY(desc
->intro_points
.map
, key
,
2699 hs_service_intro_point_t
*, ip
) {
2702 /* Skip the intro point that already has an existing circuit
2703 * (established or not). */
2704 if (hs_circ_service_get_intro_circ(ip
)) {
2707 ei
= get_extend_info_from_intro_point(ip
, direct_conn
);
2709 /* If we can't connect directly to the intro point, get an extend_info
2710 * for a multi-hop path instead. */
2711 if (ei
== NULL
&& direct_conn
) {
2712 direct_conn
= false;
2713 ei
= get_extend_info_from_intro_point(ip
, 0);
2717 /* This is possible if we can get a node_t but not the extend info out
2718 * of it. In this case, we remove the intro point and a new one will
2719 * be picked at the next main loop callback. */
2720 MAP_DEL_CURRENT(key
);
2721 service_intro_point_free(ip
);
2725 /* Launch a circuit to the intro point. */
2726 ip
->circuit_retries
++;
2727 if (hs_circ_launch_intro_point(service
, ip
, ei
, direct_conn
) < 0) {
2728 log_info(LD_REND
, "Unable to launch intro circuit to node %s "
2730 safe_str_client(extend_info_describe(ei
)),
2731 safe_str_client(service
->onion_address
));
2732 /* Intro point will be retried if possible after this. */
2734 extend_info_free(ei
);
2735 } DIGEST256MAP_FOREACH_END
;
2736 } FOR_EACH_DESCRIPTOR_END
;
2739 /** Don't try to build more than this many circuits before giving up for a
2740 * while. Dynamically calculated based on the configured number of intro
2741 * points for the given service and how many descriptor exists. The default
2742 * use case of 3 introduction points and two descriptors will allow 28
2743 * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2745 get_max_intro_circ_per_period(const hs_service_t
*service
)
2747 unsigned int count
= 0;
2748 unsigned int multiplier
= 0;
2749 unsigned int num_wanted_ip
;
2751 tor_assert(service
);
2752 tor_assert(service
->config
.num_intro_points
<=
2753 HS_CONFIG_V3_MAX_INTRO_POINTS
);
2755 /** For a testing network, allow to do it for the maximum amount so circuit
2756 * creation and rotation and so on can actually be tested without limit. */
2757 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2758 if (get_options()->TestingTorNetwork
) {
2759 return MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING
;
2762 num_wanted_ip
= service
->config
.num_intro_points
;
2764 /* The calculation is as follow. We have a number of intro points that we
2765 * want configured as a torrc option (num_intro_points). We then add an
2766 * extra value so we can launch multiple circuits at once and pick the
2767 * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2768 * pick 5 intros and launch 5 circuits. */
2769 count
+= (num_wanted_ip
+ get_intro_point_num_extra());
2771 /* Then we add the number of retries that is possible to do for each intro
2772 * point. If we want 3 intros, we'll allow 3 times the number of possible
2774 count
+= (num_wanted_ip
* MAX_INTRO_POINT_CIRCUIT_RETRIES
);
2776 /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2778 multiplier
+= (service
->desc_current
) ? 1 : 0;
2779 multiplier
+= (service
->desc_next
) ? 1 : 0;
2781 return (count
* multiplier
);
2784 /** For the given service, return 1 if the service is allowed to launch more
2785 * introduction circuits else 0 if the maximum has been reached for the retry
2786 * period of INTRO_CIRC_RETRY_PERIOD. */
2788 can_service_launch_intro_circuit(hs_service_t
*service
, time_t now
)
2790 tor_assert(service
);
2792 /* Consider the intro circuit retry period of the service. */
2793 if (now
> (service
->state
.intro_circ_retry_started_time
+
2794 INTRO_CIRC_RETRY_PERIOD
)) {
2795 service
->state
.intro_circ_retry_started_time
= now
;
2796 service
->state
.num_intro_circ_launched
= 0;
2799 /* Check if we can still launch more circuits in this period. */
2800 if (service
->state
.num_intro_circ_launched
<=
2801 get_max_intro_circ_per_period(service
)) {
2805 /* Rate limit log that we've reached our circuit creation limit. */
2808 time_t elapsed_time
= now
- service
->state
.intro_circ_retry_started_time
;
2809 static ratelim_t rlimit
= RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD
);
2810 if ((msg
= rate_limit_log(&rlimit
, now
))) {
2811 log_info(LD_REND
, "Hidden service %s exceeded its circuit launch limit "
2812 "of %u per %d seconds. It launched %u circuits in "
2813 "the last %ld seconds. Will retry in %ld seconds.",
2814 safe_str_client(service
->onion_address
),
2815 get_max_intro_circ_per_period(service
),
2816 INTRO_CIRC_RETRY_PERIOD
,
2817 service
->state
.num_intro_circ_launched
,
2818 (long int) elapsed_time
,
2819 (long int) (INTRO_CIRC_RETRY_PERIOD
- elapsed_time
));
2830 /** Scheduled event run from the main loop. Make sure we have all the circuits
2831 * we need for each service. */
2833 run_build_circuit_event(time_t now
)
2835 /* Make sure we can actually have enough information or able to build
2836 * internal circuits as required by services. */
2837 if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN
||
2838 !have_completed_a_circuit()) {
2842 /* Run v3+ check. */
2843 FOR_EACH_SERVICE_BEGIN(service
) {
2844 /* For introduction circuit, we need to make sure we don't stress too much
2845 * circuit creation so make sure this service is respecting that limit. */
2846 if (can_service_launch_intro_circuit(service
, now
)) {
2847 /* Launch intro point circuits if needed. */
2848 launch_intro_point_circuits(service
);
2849 /* Once the circuits have opened, we'll make sure to update the
2850 * descriptor intro point list and cleanup any extraneous. */
2852 } FOR_EACH_SERVICE_END
;
2855 /** Encode and sign the service descriptor desc and upload it to the given
2856 * hidden service directory. This does nothing if PublishHidServDescriptors
2859 upload_descriptor_to_hsdir(const hs_service_t
*service
,
2860 hs_service_descriptor_t
*desc
, const node_t
*hsdir
)
2862 char *encoded_desc
= NULL
;
2864 tor_assert(service
);
2868 /* Let's avoid doing that if tor is configured to not publish. */
2869 if (!get_options()->PublishHidServDescriptors
) {
2870 log_info(LD_REND
, "Service %s not publishing descriptor. "
2871 "PublishHidServDescriptors is set to 0.",
2872 safe_str_client(service
->onion_address
));
2876 /* First of all, we'll encode the descriptor. This should NEVER fail but
2877 * just in case, let's make sure we have an actual usable descriptor. */
2878 if (BUG(service_encode_descriptor(service
, desc
, &desc
->signing_kp
,
2879 &encoded_desc
) < 0)) {
2883 /* Time to upload the descriptor to the directory. */
2884 hs_service_upload_desc_to_dir(encoded_desc
, service
->config
.version
,
2885 &service
->keys
.identity_pk
,
2886 &desc
->blinded_kp
.pubkey
, hsdir
->rs
);
2888 /* Add this node to previous_hsdirs list */
2889 service_desc_note_upload(desc
, hsdir
);
2891 /* Logging so we know where it was sent. */
2893 int is_next_desc
= (service
->desc_next
== desc
);
2894 const uint8_t *idx
= (is_next_desc
) ? hsdir
->hsdir_index
.store_second
:
2895 hsdir
->hsdir_index
.store_first
;
2896 char *blinded_pubkey_log_str
=
2897 tor_strdup(hex_str((char*)&desc
->blinded_kp
.pubkey
.pubkey
, 32));
2898 /* This log message is used by Chutney as part of its bootstrap
2899 * detection mechanism. Please don't change without first checking
2901 log_info(LD_REND
, "Service %s %s descriptor of revision %" PRIu64
2902 " initiated upload request to %s with index %s (%s)",
2903 safe_str_client(service
->onion_address
),
2904 (is_next_desc
) ? "next" : "current",
2905 desc
->desc
->plaintext_data
.revision_counter
,
2906 safe_str_client(node_describe(hsdir
)),
2907 safe_str_client(hex_str((const char *) idx
, 32)),
2908 safe_str_client(blinded_pubkey_log_str
));
2909 tor_free(blinded_pubkey_log_str
);
2911 /* Fire a UPLOAD control port event. */
2912 hs_control_desc_event_upload(service
->onion_address
, hsdir
->identity
,
2913 &desc
->blinded_kp
.pubkey
, idx
);
2917 tor_free(encoded_desc
);
2921 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2922 * timestamp using an OPE scheme and using the ciphertext as our revision
2925 * If <b>is_current</b> is true, then this is the current HS descriptor,
2926 * otherwise it's the next one. */
2928 set_descriptor_revision_counter(hs_service_descriptor_t
*hs_desc
, time_t now
,
2931 uint64_t rev_counter
= 0;
2933 /* Get current time */
2934 time_t srv_start
= 0;
2936 /* As our revision counter plaintext value, we use the seconds since the
2937 * start of the SR protocol run that is relevant to this descriptor. This is
2938 * guaranteed to be a positive value since we need the SRV to start making a
2939 * descriptor (so that we know where to upload it).
2941 * Depending on whether we are building the current or the next descriptor,
2942 * services use a different SRV value. See [SERVICEUPLOAD] in
2945 * In particular, for the current descriptor (aka first descriptor), Tor
2946 * always uses the previous SRV for uploading the descriptor, and hence we
2947 * should use the start time of the previous protocol run here.
2949 * Whereas for the next descriptor (aka second descriptor), Tor always uses
2950 * the current SRV for uploading the descriptor. and hence we use the start
2951 * time of the current protocol run.
2954 srv_start
= sr_state_get_start_time_of_previous_protocol_run();
2956 srv_start
= sr_state_get_start_time_of_current_protocol_run();
2959 log_info(LD_REND
, "Setting rev counter for TP #%u: "
2960 "SRV started at %d, now %d (%s)",
2961 (unsigned) hs_desc
->time_period_num
, (int)srv_start
,
2962 (int)now
, is_current
? "current" : "next");
2964 tor_assert_nonfatal(now
>= srv_start
);
2966 /* Compute seconds elapsed since the start of the time period. That's the
2967 * number of seconds of how long this blinded key has been active. */
2968 time_t seconds_since_start_of_srv
= now
- srv_start
;
2970 /* Increment by one so that we are definitely sure this is strictly
2971 * positive and not zero. */
2972 seconds_since_start_of_srv
++;
2974 /* Check for too big inputs. */
2975 if (BUG(seconds_since_start_of_srv
> OPE_INPUT_MAX
)) {
2976 seconds_since_start_of_srv
= OPE_INPUT_MAX
;
2979 /* Now we compute the final revision counter value by encrypting the
2980 plaintext using our OPE cipher: */
2981 tor_assert(hs_desc
->ope_cipher
);
2982 rev_counter
= crypto_ope_encrypt(hs_desc
->ope_cipher
,
2983 (int) seconds_since_start_of_srv
);
2985 /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2986 tor_assert_nonfatal(rev_counter
< CRYPTO_OPE_ERROR
);
2988 log_info(LD_REND
, "Encrypted revision counter %d to %" PRIu64
,
2989 (int) seconds_since_start_of_srv
, rev_counter
);
2991 hs_desc
->desc
->plaintext_data
.revision_counter
= rev_counter
;
2994 /** Encode and sign the service descriptor desc and upload it to the
2995 * responsible hidden service directories. If for_next_period is true, the set
2996 * of directories are selected using the next hsdir_index. This does nothing
2997 * if PublishHidServDescriptors is false. */
2999 upload_descriptor_to_all(const hs_service_t
*service
,
3000 hs_service_descriptor_t
*desc
)
3002 smartlist_t
*responsible_dirs
= NULL
;
3004 tor_assert(service
);
3007 /* We'll first cancel any directory request that are ongoing for this
3008 * descriptor. It is possible that we can trigger multiple uploads in a
3009 * short time frame which can lead to a race where the second upload arrives
3010 * before the first one leading to a 400 malformed descriptor response from
3011 * the directory. Closing all pending requests avoids that. */
3012 close_directory_connections(service
, desc
);
3014 /* Get our list of responsible HSDir. */
3015 responsible_dirs
= smartlist_new();
3016 /* The parameter 0 means that we aren't a client so tell the function to use
3017 * the spread store consensus parameter. */
3018 hs_get_responsible_hsdirs(&desc
->blinded_kp
.pubkey
, desc
->time_period_num
,
3019 service
->desc_next
== desc
, 0, responsible_dirs
);
3021 /** Clear list of previous hsdirs since we are about to upload to a new
3022 * list. Let's keep it up to date. */
3023 service_desc_clear_previous_hsdirs(desc
);
3025 /* For each responsible HSDir we have, initiate an upload command. */
3026 SMARTLIST_FOREACH_BEGIN(responsible_dirs
, const routerstatus_t
*,
3028 const node_t
*hsdir_node
= node_get_by_id(hsdir_rs
->identity_digest
);
3029 /* Getting responsible hsdir implies that the node_t object exists for the
3030 * routerstatus_t found in the consensus else we have a problem. */
3031 tor_assert(hsdir_node
);
3032 /* Upload this descriptor to the chosen directory. */
3033 upload_descriptor_to_hsdir(service
, desc
, hsdir_node
);
3034 } SMARTLIST_FOREACH_END(hsdir_rs
);
3036 /* Set the next upload time for this descriptor. Even if we are configured
3037 * to not upload, we still want to follow the right cycle of life for this
3039 desc
->next_upload_time
=
3040 (time(NULL
) + crypto_rand_int_range(HS_SERVICE_NEXT_UPLOAD_TIME_MIN
,
3041 HS_SERVICE_NEXT_UPLOAD_TIME_MAX
));
3043 char fmt_next_time
[ISO_TIME_LEN
+1];
3044 format_local_iso_time(fmt_next_time
, desc
->next_upload_time
);
3045 log_debug(LD_REND
, "Service %s set to upload a descriptor at %s",
3046 safe_str_client(service
->onion_address
), fmt_next_time
);
3049 smartlist_free(responsible_dirs
);
3053 /** The set of HSDirs have changed: check if the change affects our descriptor
3054 * HSDir placement, and if it does, reupload the desc. */
3056 service_desc_hsdirs_changed(const hs_service_t
*service
,
3057 const hs_service_descriptor_t
*desc
)
3059 int should_reupload
= 0;
3060 smartlist_t
*responsible_dirs
= smartlist_new();
3062 /* No desc upload has happened yet: it will happen eventually */
3063 if (!desc
->previous_hsdirs
|| !smartlist_len(desc
->previous_hsdirs
)) {
3067 /* Get list of responsible hsdirs */
3068 hs_get_responsible_hsdirs(&desc
->blinded_kp
.pubkey
, desc
->time_period_num
,
3069 service
->desc_next
== desc
, 0, responsible_dirs
);
3071 /* Check if any new hsdirs have been added to the responsible hsdirs set:
3072 * Iterate over the list of new hsdirs, and reupload if any of them is not
3073 * present in the list of previous hsdirs.
3075 SMARTLIST_FOREACH_BEGIN(responsible_dirs
, const routerstatus_t
*, hsdir_rs
) {
3076 char b64_digest
[BASE64_DIGEST_LEN
+1] = {0};
3077 digest_to_base64(b64_digest
, hsdir_rs
->identity_digest
);
3079 if (!smartlist_contains_string(desc
->previous_hsdirs
, b64_digest
)) {
3080 should_reupload
= 1;
3083 } SMARTLIST_FOREACH_END(hsdir_rs
);
3086 smartlist_free(responsible_dirs
);
3088 return should_reupload
;
3091 /** These are all the reasons why a descriptor upload can't occur. We use
3092 * those to log the reason properly with the right rate limiting and for the
3093 * right descriptor. */
3095 LOG_DESC_UPLOAD_REASON_MISSING_IPS
= 0,
3096 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED
= 1,
3097 LOG_DESC_UPLOAD_REASON_NOT_TIME
= 2,
3098 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS
= 3,
3099 LOG_DESC_UPLOAD_REASON_NO_DIRINFO
= 4,
3100 } log_desc_upload_reason_t
;
3102 /** Maximum number of reasons. This is used to allocate the static array of
3103 * all rate limiting objects. */
3104 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3106 /** Log the reason why we can't upload the given descriptor for the given
3107 * service. This takes a message string (allocated by the caller) and a
3110 * Depending on the reason and descriptor, different rate limit applies. This
3111 * is done because this function will basically be called every second. Each
3112 * descriptor for each reason uses its own log rate limit object in order to
3113 * avoid message suppression for different reasons and descriptors. */
3115 log_cant_upload_desc(const hs_service_t
*service
,
3116 const hs_service_descriptor_t
*desc
, const char *msg
,
3117 const log_desc_upload_reason_t reason
)
3119 /* Writing the log every minute shouldn't be too annoying for log rate limit
3120 * since this can be emitted every second for each descriptor.
3122 * However, for one specific case, we increase it to 10 minutes because it
3123 * is hit constantly, as an expected behavior, which is the reason
3124 * indicating that it is not the time to upload. */
3125 static ratelim_t limits
[2][LOG_DESC_UPLOAD_REASON_MAX
+ 1] =
3126 { { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3127 RATELIM_INIT(60), RATELIM_INIT(60) },
3128 { RATELIM_INIT(60), RATELIM_INIT(60), RATELIM_INIT(60 * 10),
3129 RATELIM_INIT(60), RATELIM_INIT(60) },
3131 bool is_next_desc
= false;
3132 unsigned int rlim_pos
= 0;
3133 ratelim_t
*rlim
= NULL
;
3135 tor_assert(service
);
3139 /* Make sure the reason value is valid. It should never happen because we
3140 * control that value in the code flow but will be apparent during
3141 * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3143 if (BUG(reason
> LOG_DESC_UPLOAD_REASON_MAX
)) {
3147 /* Ease our life. Flag that tells us if the descriptor is the next one. */
3148 is_next_desc
= (service
->desc_next
== desc
);
3150 /* Current descriptor is the first element in the ratelimit object array.
3151 * The next descriptor is the second element. */
3152 rlim_pos
= (is_next_desc
? 1 : 0);
3153 /* Get the ratelimit object for the reason _and_ right descriptor. */
3154 rlim
= &limits
[rlim_pos
][reason
];
3156 log_fn_ratelim(rlim
, LOG_INFO
, LD_REND
,
3157 "Service %s can't upload its %s descriptor: %s",
3158 safe_str_client(service
->onion_address
),
3159 (is_next_desc
) ? "next" : "current", msg
);
3162 /** Return 1 if the given descriptor from the given service can be uploaded
3163 * else return 0 if it can not. */
3165 should_service_upload_descriptor(const hs_service_t
*service
,
3166 const hs_service_descriptor_t
*desc
, time_t now
)
3169 unsigned int num_intro_points
, count_ip_established
;
3171 tor_assert(service
);
3174 /* If this descriptors has missing intro points that is that it couldn't get
3175 * them all when it was time to pick them, it means that we should upload
3176 * instead of waiting an arbitrary amount of time breaking the service.
3177 * Else, if we have no missing intro points, we use the value taken from the
3178 * service configuration. */
3179 if (desc
->missing_intro_points
) {
3180 num_intro_points
= digest256map_size(desc
->intro_points
.map
);
3182 num_intro_points
= service
->config
.num_intro_points
;
3185 /* This means we tried to pick intro points but couldn't get any so do not
3186 * upload descriptor in this case. We need at least one for the service to
3188 if (desc
->missing_intro_points
&& num_intro_points
== 0) {
3189 msg
= tor_strdup("Missing intro points");
3190 log_cant_upload_desc(service
, desc
, msg
,
3191 LOG_DESC_UPLOAD_REASON_MISSING_IPS
);
3195 /* Check if all our introduction circuit have been established for all the
3196 * intro points we have selected. */
3197 count_ip_established
= count_desc_circuit_established(desc
);
3198 if (count_ip_established
!= num_intro_points
) {
3199 tor_asprintf(&msg
, "Intro circuits aren't yet all established (%d/%d).",
3200 count_ip_established
, num_intro_points
);
3201 log_cant_upload_desc(service
, desc
, msg
,
3202 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED
);
3206 /* Is it the right time to upload? */
3207 if (desc
->next_upload_time
> now
) {
3208 tor_asprintf(&msg
, "Next upload time is %ld, it is now %ld.",
3209 (long int) desc
->next_upload_time
, (long int) now
);
3210 log_cant_upload_desc(service
, desc
, msg
,
3211 LOG_DESC_UPLOAD_REASON_NOT_TIME
);
3215 /* Don't upload desc if we don't have a live consensus */
3216 if (!networkstatus_get_reasonably_live_consensus(now
,
3217 usable_consensus_flavor())) {
3218 msg
= tor_strdup("No reasonably live consensus");
3219 log_cant_upload_desc(service
, desc
, msg
,
3220 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS
);
3224 /* Do we know enough router descriptors to have adequate vision of the HSDir
3226 if (!router_have_minimum_dir_info()) {
3227 msg
= tor_strdup("Not enough directory information");
3228 log_cant_upload_desc(service
, desc
, msg
,
3229 LOG_DESC_UPLOAD_REASON_NO_DIRINFO
);
3241 /** Refresh the given service descriptor meaning this will update every mutable
3242 * field that needs to be updated before we upload.
3244 * This should ONLY be called before uploading a descriptor. It assumes that
3245 * the descriptor has been built (desc->desc) and that all intro point
3246 * circuits have been established. */
3248 refresh_service_descriptor(const hs_service_t
*service
,
3249 hs_service_descriptor_t
*desc
, time_t now
)
3251 /* There are few fields that we consider "mutable" in the descriptor meaning
3252 * we need to update them regularly over the lifetime for the descriptor.
3253 * The rest are set once and should not be modified.
3255 * - Signing key certificate.
3256 * - Revision counter.
3257 * - Introduction points which includes many thing. See
3258 * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3261 /* Create the signing key certificate. */
3262 build_desc_signing_key_cert(desc
, now
);
3264 /* Build the intro points descriptor section. The refresh step is just
3265 * before we upload so all circuits have been properly established. */
3266 build_desc_intro_points(service
, desc
, now
);
3268 /* Set the desc revision counter right before uploading */
3269 set_descriptor_revision_counter(desc
, now
, service
->desc_current
== desc
);
3272 /** Scheduled event run from the main loop. Try to upload the descriptor for
3275 run_upload_descriptor_event(time_t now
)
3277 /* Run v3+ check. */
3278 FOR_EACH_SERVICE_BEGIN(service
) {
3279 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
3280 /* If we were asked to re-examine the hash ring, and it changed, then
3281 schedule an upload */
3282 if (consider_republishing_hs_descriptors
&&
3283 service_desc_hsdirs_changed(service
, desc
)) {
3284 service_desc_schedule_upload(desc
, now
, 0);
3287 /* Can this descriptor be uploaded? */
3288 if (!should_service_upload_descriptor(service
, desc
, now
)) {
3292 log_info(LD_REND
, "Initiating upload for hidden service %s descriptor "
3293 "for service %s with %u/%u introduction points%s.",
3294 (desc
== service
->desc_current
) ? "current" : "next",
3295 safe_str_client(service
->onion_address
),
3296 digest256map_size(desc
->intro_points
.map
),
3297 service
->config
.num_intro_points
,
3298 (desc
->missing_intro_points
) ? " (couldn't pick more)" : "");
3300 /* We are about to upload so we need to do one last step which is to
3301 * update the service's descriptor mutable fields in order to upload a
3302 * coherent descriptor. */
3303 refresh_service_descriptor(service
, desc
, now
);
3305 /* Proceed with the upload, the descriptor is ready to be encoded. */
3306 upload_descriptor_to_all(service
, desc
);
3307 } FOR_EACH_DESCRIPTOR_END
;
3308 } FOR_EACH_SERVICE_END
;
3310 /* We are done considering whether to republish rend descriptors */
3311 consider_republishing_hs_descriptors
= 0;
3314 /** Called when the introduction point circuit is done building and ready to be
3317 service_intro_circ_has_opened(origin_circuit_t
*circ
)
3319 hs_service_t
*service
= NULL
;
3320 hs_service_intro_point_t
*ip
= NULL
;
3321 hs_service_descriptor_t
*desc
= NULL
;
3325 /* Let's do some basic sanity checking of the circ state */
3326 if (BUG(!circ
->cpath
)) {
3329 if (BUG(TO_CIRCUIT(circ
)->purpose
!= CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
)) {
3332 if (BUG(!circ
->hs_ident
)) {
3336 /* Get the corresponding service and intro point. */
3337 get_objects_from_ident(circ
->hs_ident
, &service
, &ip
, &desc
);
3339 if (service
== NULL
) {
3340 log_warn(LD_REND
, "Unknown service identity key %s on the introduction "
3341 "circuit %u. Can't find onion service.",
3342 safe_str_client(ed25519_fmt(&circ
->hs_ident
->identity_pk
)),
3343 TO_CIRCUIT(circ
)->n_circ_id
);
3347 log_warn(LD_REND
, "Unknown introduction point auth key on circuit %u "
3349 TO_CIRCUIT(circ
)->n_circ_id
,
3350 safe_str_client(service
->onion_address
));
3353 /* We can't have an IP object without a descriptor. */
3356 if (hs_circ_service_intro_has_opened(service
, ip
, desc
, circ
)) {
3357 /* Getting here means that the circuit has been re-purposed because we
3358 * have enough intro circuit opened. Remove the IP from the service. */
3359 service_intro_point_remove(service
, ip
);
3360 service_intro_point_free(ip
);
3366 /* Close circuit, we can't use it. */
3367 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_NOSUCHSERVICE
);
3372 /** Called when a rendezvous circuit is done building and ready to be used. */
3374 service_rendezvous_circ_has_opened(origin_circuit_t
*circ
)
3376 hs_service_t
*service
= NULL
;
3379 tor_assert(circ
->cpath
);
3380 /* Getting here means this is a v3 rendezvous circuit. */
3381 tor_assert(circ
->hs_ident
);
3382 tor_assert(TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_CONNECT_REND
);
3384 /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3385 * timestamp regardless of its content because that circuit could have been
3386 * cannibalized so in any cases, we are about to use that circuit more. */
3387 TO_CIRCUIT(circ
)->timestamp_dirty
= time(NULL
);
3388 pathbias_count_use_attempt(circ
);
3390 /* Get the corresponding service and intro point. */
3391 get_objects_from_ident(circ
->hs_ident
, &service
, NULL
, NULL
);
3392 if (service
== NULL
) {
3393 log_warn(LD_REND
, "Unknown service identity key %s on the rendezvous "
3394 "circuit %u with cookie %s. Can't find onion service.",
3395 safe_str_client(ed25519_fmt(&circ
->hs_ident
->identity_pk
)),
3396 TO_CIRCUIT(circ
)->n_circ_id
,
3397 hex_str((const char *) circ
->hs_ident
->rendezvous_cookie
,
3402 /* If the cell can't be sent, the circuit will be closed within this
3404 hs_circ_service_rp_has_opened(service
, circ
);
3406 /* Update metrics that we have an established rendezvous circuit. It is not
3407 * entirely true until the client receives the RENDEZVOUS2 cell and starts
3408 * sending but if that circuit collapes, we'll decrement the counter thus it
3409 * will even out the metric. */
3410 if (TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_REND_JOINED
) {
3411 hs_metrics_new_established_rdv(service
);
3417 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_NOSUCHSERVICE
);
3422 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3423 * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3424 * introduction circuit. Return 0 on success else a negative value. */
3426 service_handle_intro_established(origin_circuit_t
*circ
,
3427 const uint8_t *payload
,
3430 hs_service_t
*service
= NULL
;
3431 hs_service_intro_point_t
*ip
= NULL
;
3434 tor_assert(payload
);
3435 tor_assert(TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
);
3437 /* We need the service and intro point for this cell. */
3438 get_objects_from_ident(circ
->hs_ident
, &service
, &ip
, NULL
);
3440 /* Get service object from the circuit identifier. */
3441 if (service
== NULL
) {
3442 log_warn(LD_REND
, "Unknown service identity key %s on the introduction "
3443 "circuit %u. Can't find onion service.",
3444 safe_str_client(ed25519_fmt(&circ
->hs_ident
->identity_pk
)),
3445 TO_CIRCUIT(circ
)->n_circ_id
);
3449 /* We don't recognize the key. */
3450 log_warn(LD_REND
, "Introduction circuit established without an intro "
3451 "point object on circuit %u for service %s",
3452 TO_CIRCUIT(circ
)->n_circ_id
,
3453 safe_str_client(service
->onion_address
));
3457 /* Try to parse the payload into a cell making sure we do actually have a
3458 * valid cell. On success, the ip object and circuit purpose is updated to
3459 * reflect the fact that the introduction circuit is established. */
3460 if (hs_circ_handle_intro_established(service
, ip
, circ
, payload
,
3465 /* Update metrics. */
3466 hs_metrics_new_established_intro(service
);
3468 log_info(LD_REND
, "Successfully received an INTRO_ESTABLISHED cell "
3469 "on circuit %u for service %s",
3470 TO_CIRCUIT(circ
)->n_circ_id
,
3471 safe_str_client(service
->onion_address
));
3478 /** We just received an INTRODUCE2 cell on the established introduction circuit
3479 * circ. Handle the cell and return 0 on success else a negative value. */
3481 service_handle_introduce2(origin_circuit_t
*circ
, const uint8_t *payload
,
3484 hs_service_t
*service
= NULL
;
3485 hs_service_intro_point_t
*ip
= NULL
;
3486 hs_service_descriptor_t
*desc
= NULL
;
3489 tor_assert(payload
);
3490 tor_assert(TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_INTRO
);
3492 /* We'll need every object associated with this circuit. */
3493 get_objects_from_ident(circ
->hs_ident
, &service
, &ip
, &desc
);
3495 /* Get service object from the circuit identifier. */
3496 if (service
== NULL
) {
3497 log_warn(LD_BUG
, "Unknown service identity key %s when handling "
3498 "an INTRODUCE2 cell on circuit %u",
3499 safe_str_client(ed25519_fmt(&circ
->hs_ident
->identity_pk
)),
3500 TO_CIRCUIT(circ
)->n_circ_id
);
3504 /* We don't recognize the key. */
3505 log_warn(LD_BUG
, "Unknown introduction auth key when handling "
3506 "an INTRODUCE2 cell on circuit %u for service %s",
3507 TO_CIRCUIT(circ
)->n_circ_id
,
3508 safe_str_client(service
->onion_address
));
3511 /* If we have an IP object, we MUST have a descriptor object. */
3514 /* The following will parse, decode and launch the rendezvous point circuit.
3515 * Both current and legacy cells are handled. */
3516 if (hs_circ_handle_introduce2(service
, circ
, ip
, &desc
->desc
->subcredential
,
3517 payload
, payload_len
) < 0) {
3520 /* Update metrics that a new introduction was successful. */
3521 hs_metrics_new_introduction(service
);
3528 /** Add to list every filename used by service. This is used by the sandbox
3531 service_add_fnames_to_list(const hs_service_t
*service
, smartlist_t
*list
)
3534 char fname
[128] = {0};
3536 tor_assert(service
);
3539 /* Ease our life. */
3540 s_dir
= service
->config
.directory_path
;
3541 /* The hostname file. */
3542 smartlist_add(list
, hs_path_from_filename(s_dir
, fname_hostname
));
3543 /* The key files split in two. */
3544 tor_snprintf(fname
, sizeof(fname
), "%s_secret_key", fname_keyfile_prefix
);
3545 smartlist_add(list
, hs_path_from_filename(s_dir
, fname
));
3546 tor_snprintf(fname
, sizeof(fname
), "%s_public_key", fname_keyfile_prefix
);
3547 smartlist_add(list
, hs_path_from_filename(s_dir
, fname
));
3550 /** Return true iff the given service identity key is present on disk. */
3552 service_key_on_disk(const char *directory_path
)
3556 ed25519_keypair_t
*kp
= NULL
;
3558 tor_assert(directory_path
);
3560 /* Build the v3 key path name and then try to load it. */
3561 fname
= hs_path_from_filename(directory_path
, fname_keyfile_prefix
);
3562 kp
= ed_key_init_from_file(fname
, INIT_ED_KEY_SPLIT
,
3563 LOG_DEBUG
, NULL
, 0, 0, 0, NULL
, NULL
);
3568 ed25519_keypair_free(kp
);
3574 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3575 * because we need some preprocessing here */
3577 service_encode_descriptor(const hs_service_t
*service
,
3578 const hs_service_descriptor_t
*desc
,
3579 const ed25519_keypair_t
*signing_kp
,
3583 const uint8_t *descriptor_cookie
= NULL
;
3585 tor_assert(service
);
3587 tor_assert(encoded_out
);
3589 /* If the client authorization is enabled, send the descriptor cookie to
3590 * hs_desc_encode_descriptor. Otherwise, send NULL */
3591 if (service
->config
.is_client_auth_enabled
) {
3592 descriptor_cookie
= desc
->descriptor_cookie
;
3595 ret
= hs_desc_encode_descriptor(desc
->desc
, signing_kp
,
3596 descriptor_cookie
, encoded_out
);
3605 /* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent?
3608 hs_service_non_anonymous_mode_consistent(const or_options_t
*options
)
3610 /* !! is used to make these options boolean */
3611 return (!! options
->HiddenServiceSingleHopMode
==
3612 !! options
->HiddenServiceNonAnonymousMode
);
3615 /* Do the options allow onion services to make direct (non-anonymous)
3616 * connections to introduction or rendezvous points?
3617 * Must only be called after options_validate_single_onion() has successfully
3618 * checked onion service option consistency.
3619 * Returns true if tor is in HiddenServiceSingleHopMode. */
3621 hs_service_allow_non_anonymous_connection(const or_options_t
*options
)
3623 tor_assert(hs_service_non_anonymous_mode_consistent(options
));
3624 return options
->HiddenServiceSingleHopMode
? 1 : 0;
3627 /* Do the options allow us to reveal the exact startup time of the onion
3629 * Single Onion Services prioritise availability over hiding their
3630 * startup time, as their IP address is publicly discoverable anyway.
3631 * Must only be called after options_validate_single_onion() has successfully
3632 * checked onion service option consistency.
3633 * Returns true if tor is in non-anonymous hidden service mode. */
3635 hs_service_reveal_startup_time(const or_options_t
*options
)
3637 tor_assert(hs_service_non_anonymous_mode_consistent(options
));
3638 return hs_service_non_anonymous_mode_enabled(options
);
3641 /* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode
3643 * Must only be called after options_validate_single_onion() has successfully
3644 * checked onion service option consistency.
3647 hs_service_non_anonymous_mode_enabled(const or_options_t
*options
)
3649 tor_assert(hs_service_non_anonymous_mode_consistent(options
));
3650 return options
->HiddenServiceNonAnonymousMode
? 1 : 0;
3653 /** Called when a circuit was just cleaned up. This is done right before the
3654 * circuit is marked for close. */
3656 hs_service_circuit_cleanup_on_close(const circuit_t
*circ
)
3659 tor_assert(CIRCUIT_IS_ORIGIN(circ
));
3661 switch (circ
->purpose
) {
3662 case CIRCUIT_PURPOSE_S_INTRO
:
3663 /* About to close an established introduction circuit. Update the metrics
3664 * to reflect how many we have at the moment. */
3665 hs_metrics_close_established_intro(
3666 &CONST_TO_ORIGIN_CIRCUIT(circ
)->hs_ident
->identity_pk
);
3668 case CIRCUIT_PURPOSE_S_REND_JOINED
:
3669 /* About to close an established rendezvous circuit. Update the metrics to
3670 * reflect how many we have at the moment. */
3671 hs_metrics_close_established_rdv(
3672 &CONST_TO_ORIGIN_CIRCUIT(circ
)->hs_ident
->identity_pk
);
3679 /** This is called every time the service map changes that is if an
3680 * element is added or removed. */
3682 hs_service_map_has_changed(void)
3684 /* If we now have services where previously we had not, we need to enable
3685 * the HS service main loop event. If we changed to having no services, we
3686 * need to disable the event. */
3687 rescan_periodic_events(get_options());
3690 /** Upload an encoded descriptor in encoded_desc of the given version. This
3691 * descriptor is for the service identity_pk and blinded_pk used to setup the
3692 * directory connection identifier. It is uploaded to the directory hsdir_rs
3693 * routerstatus_t object.
3695 * NOTE: This function does NOT check for PublishHidServDescriptors because it
3696 * is only used by the control port command HSPOST outside of this subsystem.
3697 * Inside this code, upload_descriptor_to_hsdir() should be used. */
3699 hs_service_upload_desc_to_dir(const char *encoded_desc
,
3700 const uint8_t version
,
3701 const ed25519_public_key_t
*identity_pk
,
3702 const ed25519_public_key_t
*blinded_pk
,
3703 const routerstatus_t
*hsdir_rs
)
3705 char version_str
[4] = {0};
3706 directory_request_t
*dir_req
;
3707 hs_ident_dir_conn_t ident
;
3709 tor_assert(encoded_desc
);
3710 tor_assert(identity_pk
);
3711 tor_assert(blinded_pk
);
3712 tor_assert(hsdir_rs
);
3714 /* Setup the connection identifier. */
3715 memset(&ident
, 0, sizeof(ident
));
3716 hs_ident_dir_conn_init(identity_pk
, blinded_pk
, &ident
);
3718 /* This is our resource when uploading which is used to construct the URL
3719 * with the version number: "/tor/hs/<version>/publish". */
3720 tor_snprintf(version_str
, sizeof(version_str
), "%u", version
);
3722 /* Build the directory request for this HSDir. */
3723 dir_req
= directory_request_new(DIR_PURPOSE_UPLOAD_HSDESC
);
3724 directory_request_set_routerstatus(dir_req
, hsdir_rs
);
3725 directory_request_set_indirection(dir_req
, DIRIND_ANONYMOUS
);
3726 directory_request_set_resource(dir_req
, version_str
);
3727 directory_request_set_payload(dir_req
, encoded_desc
,
3728 strlen(encoded_desc
));
3729 /* The ident object is copied over the directory connection object once
3730 * the directory request is initiated. */
3731 directory_request_upload_set_hs_ident(dir_req
, &ident
);
3733 /* Initiate the directory request to the hsdir.*/
3734 directory_initiate_request(dir_req
);
3735 directory_request_free(dir_req
);
3738 /** Add the ephemeral service using the secret key sk and ports. Both max
3739 * streams parameter will be set in the newly created service.
3741 * Ownership of sk, ports, and auth_clients_v3 is passed to this routine.
3742 * Regardless of success/failure, callers should not touch these values
3743 * after calling this routine, and may assume that correct cleanup has
3744 * been done on failure.
3746 * Return an appropriate hs_service_add_ephemeral_status_t. */
3747 hs_service_add_ephemeral_status_t
3748 hs_service_add_ephemeral(ed25519_secret_key_t
*sk
, smartlist_t
*ports
,
3749 int max_streams_per_rdv_circuit
,
3750 int max_streams_close_circuit
,
3751 smartlist_t
*auth_clients_v3
, char **address_out
)
3753 hs_service_add_ephemeral_status_t ret
;
3754 hs_service_t
*service
= NULL
;
3758 tor_assert(address_out
);
3760 service
= hs_service_new(get_options());
3762 /* Setup the service configuration with specifics. A default service is
3763 * HS_VERSION_TWO so explicitly set it. */
3764 service
->config
.version
= HS_VERSION_THREE
;
3765 service
->config
.max_streams_per_rdv_circuit
= max_streams_per_rdv_circuit
;
3766 service
->config
.max_streams_close_circuit
= !!max_streams_close_circuit
;
3767 service
->config
.is_ephemeral
= 1;
3768 smartlist_free(service
->config
.ports
);
3769 service
->config
.ports
= ports
;
3771 /* Handle the keys. */
3772 memcpy(&service
->keys
.identity_sk
, sk
, sizeof(service
->keys
.identity_sk
));
3773 if (ed25519_public_key_generate(&service
->keys
.identity_pk
,
3774 &service
->keys
.identity_sk
) < 0) {
3775 log_warn(LD_CONFIG
, "Unable to generate ed25519 public key"
3777 ret
= RSAE_BADPRIVKEY
;
3781 if (ed25519_validate_pubkey(&service
->keys
.identity_pk
) < 0) {
3782 log_warn(LD_CONFIG
, "Bad ed25519 private key was provided");
3783 ret
= RSAE_BADPRIVKEY
;
3787 /* Make sure we have at least one port. */
3788 if (smartlist_len(service
->config
.ports
) == 0) {
3789 log_warn(LD_CONFIG
, "At least one VIRTPORT/TARGET must be specified "
3791 ret
= RSAE_BADVIRTPORT
;
3795 if (auth_clients_v3
) {
3796 service
->config
.clients
= smartlist_new();
3797 SMARTLIST_FOREACH(auth_clients_v3
, hs_service_authorized_client_t
*, c
, {
3799 smartlist_add(service
->config
.clients
, c
);
3802 smartlist_free(auth_clients_v3
);
3805 /* Build the onion address for logging purposes but also the control port
3806 * uses it for the HS_DESC event. */
3807 hs_build_address(&service
->keys
.identity_pk
,
3808 (uint8_t) service
->config
.version
,
3809 service
->onion_address
);
3811 /* The only way the registration can fail is if the service public key
3812 * already exists. */
3813 if (BUG(register_service(hs_service_map
, service
) < 0)) {
3814 log_warn(LD_CONFIG
, "Onion Service private key collides with an "
3815 "existing v3 service.");
3816 ret
= RSAE_ADDREXISTS
;
3820 log_info(LD_CONFIG
, "Added ephemeral v3 onion service: %s",
3821 safe_str_client(service
->onion_address
));
3823 *address_out
= tor_strdup(service
->onion_address
);
3828 hs_service_free(service
);
3831 memwipe(sk
, 0, sizeof(ed25519_secret_key_t
));
3836 /** For the given onion address, delete the ephemeral service. Return 0 on
3837 * success else -1 on error. */
3839 hs_service_del_ephemeral(const char *address
)
3842 ed25519_public_key_t pk
;
3843 hs_service_t
*service
= NULL
;
3845 tor_assert(address
);
3847 if (hs_parse_address(address
, &pk
, NULL
, &version
) < 0) {
3848 log_warn(LD_CONFIG
, "Requested malformed v3 onion address for removal.");
3852 if (version
!= HS_VERSION_THREE
) {
3853 log_warn(LD_CONFIG
, "Requested version of onion address for removal "
3854 "is not supported.");
3858 service
= find_service(hs_service_map
, &pk
);
3859 if (service
== NULL
) {
3860 log_warn(LD_CONFIG
, "Requested non-existent v3 hidden service for "
3865 if (!service
->config
.is_ephemeral
) {
3866 log_warn(LD_CONFIG
, "Requested non-ephemeral v3 hidden service for "
3871 /* Close introduction circuits, remove from map and finally free. Notice
3872 * that the rendezvous circuits aren't closed in order for any existing
3873 * connections to finish. We let the application terminate them. */
3874 close_service_intro_circuits(service
);
3875 remove_service(hs_service_map
, service
);
3876 hs_service_free(service
);
3878 log_info(LD_CONFIG
, "Removed ephemeral v3 hidden service: %s",
3879 safe_str_client(address
));
3886 /** Using the ed25519 public key pk, find a service for that key and return the
3887 * current encoded descriptor as a newly allocated string or NULL if not
3888 * found. This is used by the control port subsystem. */
3890 hs_service_lookup_current_desc(const ed25519_public_key_t
*pk
)
3892 const hs_service_t
*service
;
3896 service
= find_service(hs_service_map
, pk
);
3897 if (service
&& service
->desc_current
) {
3898 char *encoded_desc
= NULL
;
3899 /* No matter what is the result (which should never be a failure), return
3900 * the encoded variable, if success it will contain the right thing else
3901 * it will be NULL. */
3902 service_encode_descriptor(service
,
3903 service
->desc_current
,
3904 &service
->desc_current
->signing_kp
,
3906 return encoded_desc
;
3912 /** Return the number of service we have configured and usable. */
3913 MOCK_IMPL(unsigned int,
3914 hs_service_get_num_services
,(void))
3916 if (hs_service_map
== NULL
) {
3919 return HT_SIZE(hs_service_map
);
3922 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3923 * the hidden service for the circuit circ, and look up the port and address
3924 * based on the connection port. Assign the actual connection address.
3926 * Return 0 on success. Return -1 on failure and the caller should NOT close
3927 * the circuit. Return -2 on failure and the caller MUST close the circuit for
3928 * security reasons. */
3930 hs_service_set_conn_addr_port(const origin_circuit_t
*circ
,
3931 edge_connection_t
*conn
)
3933 hs_service_t
*service
= NULL
;
3937 tor_assert(TO_CIRCUIT(circ
)->purpose
== CIRCUIT_PURPOSE_S_REND_JOINED
);
3938 tor_assert(circ
->hs_ident
);
3940 get_objects_from_ident(circ
->hs_ident
, &service
, NULL
, NULL
);
3942 if (service
== NULL
) {
3943 log_warn(LD_REND
, "Unable to find any hidden service associated "
3944 "identity key %s on rendezvous circuit %u.",
3945 ed25519_fmt(&circ
->hs_ident
->identity_pk
),
3946 TO_CIRCUIT(circ
)->n_circ_id
);
3947 /* We want the caller to close the circuit because it's not a valid
3948 * service so no danger. Attempting to bruteforce the entire key space by
3949 * opening circuits to learn which service is being hosted here is
3954 /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3955 * this circuit will exceed the limit. */
3956 if (service
->config
.max_streams_per_rdv_circuit
> 0 &&
3957 (circ
->hs_ident
->num_rdv_streams
>=
3958 service
->config
.max_streams_per_rdv_circuit
)) {
3959 #define MAX_STREAM_WARN_INTERVAL 600
3960 static struct ratelim_t stream_ratelim
=
3961 RATELIM_INIT(MAX_STREAM_WARN_INTERVAL
);
3962 log_fn_ratelim(&stream_ratelim
, LOG_WARN
, LD_REND
,
3963 "Maximum streams per circuit limit reached on "
3964 "rendezvous circuit %u for service %s. Circuit has "
3965 "%" PRIu64
" out of %" PRIu64
" streams. %s.",
3966 TO_CIRCUIT(circ
)->n_circ_id
,
3967 service
->onion_address
,
3968 circ
->hs_ident
->num_rdv_streams
,
3969 service
->config
.max_streams_per_rdv_circuit
,
3970 service
->config
.max_streams_close_circuit
?
3971 "Closing circuit" : "Ignoring open stream request");
3972 if (service
->config
.max_streams_close_circuit
) {
3973 /* Service explicitly configured to close immediately. */
3976 /* Exceeding the limit makes tor silently ignore the stream creation
3977 * request and keep the circuit open. */
3981 /* Find a virtual port of that service matching the one in the connection if
3982 * successful, set the address in the connection. */
3983 if (hs_set_conn_addr_port(service
->config
.ports
, conn
) < 0) {
3984 log_info(LD_REND
, "No virtual port mapping exists for port %d for "
3985 "hidden service %s.",
3986 TO_CONN(conn
)->port
, service
->onion_address
);
3987 if (service
->config
.allow_unknown_ports
) {
3988 /* Service explicitly allow connection to unknown ports so close right
3989 * away because we do not care about port mapping. */
3992 /* If the service didn't explicitly allow it, we do NOT close the circuit
3993 * here to raise the bar in terms of performance for port mapping. */
4000 /* Indicate the caller that the circuit should be closed. */
4003 /* Indicate the caller to NOT close the circuit. */
4007 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
4009 hs_circuit_id_protocol_t
4010 hs_service_exports_circuit_id(const ed25519_public_key_t
*pk
)
4012 hs_service_t
*service
= find_service(hs_service_map
, pk
);
4014 return HS_CIRCUIT_ID_PROTOCOL_NONE
;
4017 return service
->config
.circuit_id_protocol
;
4020 /** Add to file_list every filename used by a configured hidden service, and to
4021 * dir_list every directory path used by a configured hidden service. This is
4022 * used by the sandbox subsystem to allowlist those. */
4024 hs_service_lists_fnames_for_sandbox(smartlist_t
*file_list
,
4025 smartlist_t
*dir_list
)
4027 tor_assert(file_list
);
4028 tor_assert(dir_list
);
4030 /* Add files and dirs for v3+. */
4031 FOR_EACH_SERVICE_BEGIN(service
) {
4032 /* Skip ephemeral service, they don't touch the disk. */
4033 if (service
->config
.is_ephemeral
) {
4036 service_add_fnames_to_list(service
, file_list
);
4037 smartlist_add_strdup(dir_list
, service
->config
.directory_path
);
4038 smartlist_add_strdup(dir_list
, dname_client_pubkeys
);
4039 } FOR_EACH_DESCRIPTOR_END
;
4042 /** Called when our internal view of the directory has changed. We might have
4043 * received a new batch of descriptors which might affect the shape of the
4044 * HSDir hash ring. Signal that we should reexamine the hash ring and
4045 * re-upload our HS descriptors if needed. */
4047 hs_service_dir_info_changed(void)
4049 if (hs_service_get_num_services() > 0) {
4050 /* New directory information usually goes every consensus so rate limit
4051 * every 30 minutes to not be too conservative. */
4052 static struct ratelim_t dir_info_changed_ratelim
= RATELIM_INIT(30 * 60);
4053 log_fn_ratelim(&dir_info_changed_ratelim
, LOG_INFO
, LD_REND
,
4054 "New dirinfo arrived: consider reuploading descriptor");
4055 consider_republishing_hs_descriptors
= 1;
4059 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
4060 * launch a circuit to the rendezvous point. */
4062 hs_service_receive_introduce2(origin_circuit_t
*circ
, const uint8_t *payload
,
4068 tor_assert(payload
);
4070 /* Do some initial validation and logging before we parse the cell */
4071 if (TO_CIRCUIT(circ
)->purpose
!= CIRCUIT_PURPOSE_S_INTRO
) {
4072 log_warn(LD_PROTOCOL
, "Received an INTRODUCE2 cell on a "
4073 "non introduction circuit of purpose %d",
4074 TO_CIRCUIT(circ
)->purpose
);
4078 if (circ
->hs_ident
) {
4079 ret
= service_handle_introduce2(circ
, payload
, payload_len
);
4080 hs_stats_note_introduce2_cell();
4087 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
4088 * established introduction point. Return 0 on success else a negative value
4089 * and the circuit is closed. */
4091 hs_service_receive_intro_established(origin_circuit_t
*circ
,
4092 const uint8_t *payload
,
4098 tor_assert(payload
);
4100 if (TO_CIRCUIT(circ
)->purpose
!= CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
) {
4101 log_warn(LD_PROTOCOL
, "Received an INTRO_ESTABLISHED cell on a "
4102 "non introduction circuit of purpose %d",
4103 TO_CIRCUIT(circ
)->purpose
);
4107 if (circ
->hs_ident
) {
4108 ret
= service_handle_intro_established(circ
, payload
, payload_len
);
4116 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_TORPROTOCOL
);
4120 /** Called when any kind of hidden service circuit is done building thus
4121 * opened. This is the entry point from the circuit subsystem. */
4123 hs_service_circuit_has_opened(origin_circuit_t
*circ
)
4127 switch (TO_CIRCUIT(circ
)->purpose
) {
4128 case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
:
4129 if (circ
->hs_ident
) {
4130 service_intro_circ_has_opened(circ
);
4133 case CIRCUIT_PURPOSE_S_CONNECT_REND
:
4134 if (circ
->hs_ident
) {
4135 service_rendezvous_circ_has_opened(circ
);
4143 /** Return the service version by looking at the key in the service directory.
4144 * If the key is not found or unrecognized, -1 is returned. Else, the service
4145 * version is returned. */
4147 hs_service_get_version_from_key(const hs_service_t
*service
)
4149 int version
= -1; /* Unknown version. */
4150 const char *directory_path
;
4152 tor_assert(service
);
4154 /* We'll try to load the key for version 3. If not found, we'll try version
4155 * 2 and if not found, we'll send back an unknown version (-1). */
4156 directory_path
= service
->config
.directory_path
;
4158 /* Version 3 check. */
4159 if (service_key_on_disk(directory_path
)) {
4160 version
= HS_VERSION_THREE
;
4168 /** Load and/or generate keys for all onion services including the client
4169 * authorization if any. Return 0 on success, -1 on failure. */
4171 hs_service_load_all_keys(void)
4173 /* Load or/and generate them for v3+. */
4174 SMARTLIST_FOREACH_BEGIN(hs_service_staging_list
, hs_service_t
*, service
) {
4175 /* Ignore ephemeral service, they already have their keys set. */
4176 if (service
->config
.is_ephemeral
) {
4179 log_info(LD_REND
, "Loading v3 onion service keys from %s",
4180 service_escaped_dir(service
));
4181 if (load_service_keys(service
) < 0) {
4184 } SMARTLIST_FOREACH_END(service
);
4186 /* Final step, the staging list contains service in a quiescent state that
4187 * is ready to be used. Register them to the global map. Once this is over,
4188 * the staging list will be cleaned up. */
4189 register_all_services();
4191 /* All keys have been loaded successfully. */
4197 /** Log the status of introduction points for all version 3 onion services
4198 * at log severity <b>severity</b>.
4201 hs_service_dump_stats(int severity
)
4203 origin_circuit_t
*circ
;
4205 FOR_EACH_SERVICE_BEGIN(hs
) {
4207 tor_log(severity
, LD_GENERAL
, "Service configured in %s:",
4208 service_escaped_dir(hs
));
4209 FOR_EACH_DESCRIPTOR_BEGIN(hs
, desc
) {
4211 DIGEST256MAP_FOREACH(desc
->intro_points
.map
, key
,
4212 hs_service_intro_point_t
*, ip
) {
4213 const node_t
*intro_node
;
4214 const char *nickname
;
4216 intro_node
= get_node_from_intro_point(ip
);
4218 tor_log(severity
, LD_GENERAL
, " Couldn't find intro point, "
4222 nickname
= node_get_nickname(intro_node
);
4227 circ
= hs_circ_service_get_intro_circ(ip
);
4229 tor_log(severity
, LD_GENERAL
, " Intro point at %s: no circuit",
4233 tor_log(severity
, LD_GENERAL
, " Intro point %s: circuit is %s",
4234 nickname
, circuit_state_to_string(circ
->base_
.state
));
4235 } DIGEST256MAP_FOREACH_END
;
4237 } FOR_EACH_DESCRIPTOR_END
;
4238 } FOR_EACH_SERVICE_END
;
4241 /** Put all service object in the given service list. After this, the caller
4242 * looses ownership of every elements in the list and responsible to free the
4245 hs_service_stage_services(const smartlist_t
*service_list
)
4247 tor_assert(service_list
);
4248 /* This list is freed at registration time but this function can be called
4250 if (hs_service_staging_list
== NULL
) {
4251 hs_service_staging_list
= smartlist_new();
4253 /* Add all service object to our staging list. Caller is responsible for
4254 * freeing the service_list. */
4255 smartlist_add_all(hs_service_staging_list
, service_list
);
4258 /** Return a newly allocated list of all the service's metrics store. */
4260 hs_service_get_metrics_stores(void)
4262 smartlist_t
*list
= smartlist_new();
4264 if (hs_service_map
) {
4265 FOR_EACH_SERVICE_BEGIN(service
) {
4266 smartlist_add(list
, service
->metrics
.store
);
4267 } FOR_EACH_SERVICE_END
;
4273 /** Lookup the global service map for the given identitiy public key and
4274 * return the service object if found, NULL if not. */
4276 hs_service_find(const ed25519_public_key_t
*identity_pk
)
4278 tor_assert(identity_pk
);
4280 if (!hs_service_map
) {
4283 return find_service(hs_service_map
, identity_pk
);
4286 /** Allocate and initialize a service object. The service configuration will
4287 * contain the default values. Return the newly allocated object pointer. This
4288 * function can't fail. */
4290 hs_service_new(const or_options_t
*options
)
4292 hs_service_t
*service
= tor_malloc_zero(sizeof(hs_service_t
));
4293 /* Set default configuration value. */
4294 set_service_default_config(&service
->config
, options
);
4295 /* Set the default service version. */
4296 service
->config
.version
= HS_SERVICE_DEFAULT_VERSION
;
4297 /* Allocate the CLIENT_PK replay cache in service state. */
4298 service
->state
.replay_cache_rend_cookie
=
4299 replaycache_new(REND_REPLAY_TIME_INTERVAL
, REND_REPLAY_TIME_INTERVAL
);
4304 /** Free the given <b>service</b> object and all its content. This function
4305 * also takes care of wiping service keys from memory. It is safe to pass a
4308 hs_service_free_(hs_service_t
*service
)
4310 if (service
== NULL
) {
4314 /* Free descriptors. Go over both descriptor with this loop. */
4315 FOR_EACH_DESCRIPTOR_BEGIN(service
, desc
) {
4316 service_descriptor_free(desc
);
4317 } FOR_EACH_DESCRIPTOR_END
;
4319 /* Free service configuration. */
4320 service_clear_config(&service
->config
);
4322 /* Free replay cache from state. */
4323 if (service
->state
.replay_cache_rend_cookie
) {
4324 replaycache_free(service
->state
.replay_cache_rend_cookie
);
4327 /* Free onionbalance subcredentials (if any) */
4328 if (service
->state
.ob_subcreds
) {
4329 tor_free(service
->state
.ob_subcreds
);
4332 /* Free metrics object. */
4333 hs_metrics_service_free(service
);
4335 /* Wipe service keys. */
4336 memwipe(&service
->keys
.identity_sk
, 0, sizeof(service
->keys
.identity_sk
));
4341 /** Periodic callback. Entry point from the main loop to the HS service
4342 * subsystem. This is call every second. This is skipped if tor can't build a
4343 * circuit or the network is disabled. */
4345 hs_service_run_scheduled_events(time_t now
)
4347 /* First thing we'll do here is to make sure our services are in a
4348 * quiescent state for the scheduled events. */
4349 run_housekeeping_event(now
);
4351 /* Order matters here. We first make sure the descriptor object for each
4352 * service contains the latest data. Once done, we check if we need to open
4353 * new introduction circuit. Finally, we try to upload the descriptor for
4356 /* Make sure descriptors are up to date. */
4357 run_build_descriptor_event(now
);
4358 /* Make sure services have enough circuits. */
4359 run_build_circuit_event(now
);
4360 /* Upload the descriptors if needed/possible. */
4361 run_upload_descriptor_event(now
);
4364 /** Initialize the service HS subsystem. */
4366 hs_service_init(void)
4368 /* Should never be called twice. */
4369 tor_assert(!hs_service_map
);
4370 tor_assert(!hs_service_staging_list
);
4372 hs_service_map
= tor_malloc_zero(sizeof(struct hs_service_ht
));
4373 HT_INIT(hs_service_ht
, hs_service_map
);
4375 hs_service_staging_list
= smartlist_new();
4378 /** Release all global storage of the hidden service subsystem. */
4380 hs_service_free_all(void)
4383 hs_config_free_all();
4386 #ifdef TOR_UNIT_TESTS
4388 /** Return the global service map size. Only used by unit test. */
4390 get_hs_service_map_size(void)
4392 return HT_SIZE(hs_service_map
);
4395 /** Return the staging list size. Only used by unit test. */
4397 get_hs_service_staging_list_size(void)
4399 return smartlist_len(hs_service_staging_list
);
4402 STATIC hs_service_ht
*
4403 get_hs_service_map(void)
4405 return hs_service_map
;
4408 STATIC hs_service_t
*
4409 get_first_service(void)
4411 hs_service_t
**obj
= HT_START(hs_service_ht
, hs_service_map
);
4418 #endif /* defined(TOR_UNIT_TESTS) */