| blob | a2323772211fa0d74a8d6b3322fad1a369b83c28 |
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file hs_service.c
6 * \brief Implement next generation hidden service functionality
7 **/
9 #define HS_SERVICE_PRIVATE
60 /* Trunnel */
65 #ifdef HAVE_SYS_STAT_H
66 #include <sys/stat.h>
67 #endif
68 #ifdef HAVE_UNISTD_H
69 #include <unistd.h>
70 #endif
72 #ifndef COCCI
73 /** Helper macro. Iterate over every service in the global map. The var is the
74 * name of the service pointer. */
75 #define FOR_EACH_SERVICE_BEGIN(var) \
76 STMT_BEGIN \
77 hs_service_t **var##_iter, *var; \
78 HT_FOREACH(var##_iter, hs_service_ht, hs_service_map) { \
79 var = *var##_iter;
80 #define FOR_EACH_SERVICE_END } STMT_END ;
82 /** Helper macro. Iterate over both current and previous descriptor of a
83 * service. The var is the name of the descriptor pointer. This macro skips
84 * any descriptor object of the service that is NULL. */
85 #define FOR_EACH_DESCRIPTOR_BEGIN(service, var) \
86 STMT_BEGIN \
87 hs_service_descriptor_t *var; \
88 for (int var ## _loop_idx = 0; var ## _loop_idx < 2; \
89 ++var ## _loop_idx) { \
90 (var ## _loop_idx == 0) ? (var = service->desc_current) : \
91 (var = service->desc_next); \
92 if (var == NULL) continue;
93 #define FOR_EACH_DESCRIPTOR_END } STMT_END ;
96 /* Onion service directory file names. */
102 /** Staging list of service object. When configuring service, we add them to
103 * this list considered a staging area and they will get added to our global
104 * map once the keys have been loaded. These two steps are separated because
105 * loading keys requires that we are an actual running tor process. */
108 /** True if the list of available router descriptors might have changed which
109 * might result in an altered hash ring. Check if the hash ring changed and
110 * reupload if needed */
113 /* Static declaration. */
125 /** Helper: Function to compare two objects in the service map. Return 1 if the
126 * two service have the same master public identity key. */
129 {
132 /* Simple key compare. */
135 }
137 /** Helper: Function for the service hash table code below. The key used is the
138 * master public identity key which is ultimately the onion address. */
141 {
145 }
147 /** This is _the_ global hash map of hidden services which indexed the service
148 * contained in it by master public identity key which is roughly the onion
149 * address of the service. */
152 /* Register the service hash table. */
163 /** Query the given service map with a public key and return a service object
164 * if found else NULL. It is also possible to set a directory path in the
165 * search query. If pk is NULL, then it will be set to zero indicating the
166 * hash table to compare the directory path instead. */
167 STATIC hs_service_t *
169 {
170 hs_service_t dummy_service;
176 }
178 /** Register the given service in the given map. If the service already exists
179 * in the map, -1 is returned. On success, 0 is returned and the service
180 * ownership has been transferred to the global map. */
181 STATIC int
183 {
189 /* Existing service with the same key. Do not register it. */
191 }
192 /* Taking ownership of the object at this point. */
195 /* If we just modified the global map, we notify. */
198 }
199 /* Setup metrics. This is done here because in order to initialize metrics,
200 * we require tor to have fully initialized a service so the ports of the
201 * service can be looked at for instance. */
205 }
207 /** Remove a given service from the given map. If service is NULL or the
208 * service key is unset, return gracefully. */
209 STATIC void
211 {
216 /* Ignore if no service or key is zero. */
220 }
229 }
231 /* If we just modified the global map, we notify. */
234 }
235 }
237 /** Set the default values for a service configuration object <b>c</b>. */
238 static void
241 {
256 }
258 /** From a service configuration object config, clear everything from it
259 * meaning free allocated pointers and reset the values. */
260 STATIC void
262 {
265 }
271 }
276 }
281 }
283 }
285 /** Helper function to return a human readable description of the given intro
286 * point object.
287 *
288 * This function is not thread-safe. Each call to this invalidates the
289 * previous values returned by it. */
292 {
293 /* Hex identity digest of the IP prefixed by the $ sign and ends with NUL
294 * byte hence the plus two. */
304 }
307 /* For now, we only print the identity digest but we could improve this with
308 * much more information such as the ed25519 identity has well. */
312 }
315 }
317 /** Return the lower bound of maximum INTRODUCE2 cells per circuit before we
318 * rotate intro point (defined by a consensus parameter or the default
319 * value). */
320 static int32_t
322 {
323 /* The [0, 2147483647] range is quite large to accommodate anything we decide
324 * in the future. */
326 INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS,
328 }
330 /** Return the upper bound of maximum INTRODUCE2 cells per circuit before we
331 * rotate intro point (defined by a consensus parameter or the default
332 * value). */
333 static int32_t
335 {
336 /* The [0, 2147483647] range is quite large to accommodate anything we decide
337 * in the future. */
339 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS,
341 }
343 /** Return the minimum lifetime in seconds of an introduction point defined by
344 * a consensus parameter or the default value. */
345 static int32_t
347 {
348 #define MIN_INTRO_POINT_LIFETIME_TESTING 10
351 }
353 /* The [0, 2147483647] range is quite large to accommodate anything we decide
354 * in the future. */
356 INTRO_POINT_LIFETIME_MIN_SECONDS,
358 }
360 /** Return the maximum lifetime in seconds of an introduction point defined by
361 * a consensus parameter or the default value. */
362 static int32_t
364 {
365 #define MAX_INTRO_POINT_LIFETIME_TESTING 30
368 }
370 /* The [0, 2147483647] range is quite large to accommodate anything we decide
371 * in the future. */
373 INTRO_POINT_LIFETIME_MAX_SECONDS,
375 }
377 /** Return the number of extra introduction point defined by a consensus
378 * parameter or the default value. */
379 static int32_t
381 {
382 /* The [0, 128] range bounds the number of extra introduction point allowed.
383 * Above 128 intro points, it's getting a bit crazy. */
386 }
388 /** Helper: Function that needs to return 1 for the HT for each loop which
389 * frees every service in an hash map. */
390 static int
392 {
395 /* This function MUST return 1 so the given object is then removed from the
396 * service map leading to this free of the object being safe. */
398 }
400 /** Free every service that can be found in the global map. Once done, clear
401 * and free the global map. */
402 static void
404 {
406 /* The free helper function returns 1 so this is safe. */
411 }
414 /* Cleanup staging list. */
419 }
420 }
422 /** Free a given service intro point object. */
423 STATIC void
425 {
428 }
435 }
437 /** Helper: free an hs_service_intro_point_t object. This function is used by
438 * digest256map_free() which requires a void * pointer. */
439 static void
441 {
443 }
445 /** Return a newly allocated service intro point and fully initialized from the
446 * given node_t node, if non NULL.
447 *
448 * If node is NULL, returns a hs_service_intro_point_t with an empty link
449 * specifier list and no onion key. (This is used for testing.)
450 * On any other error, NULL is returned.
451 *
452 * node must be an node_t with an IPv4 address. */
453 STATIC hs_service_intro_point_t *
455 {
459 /* We'll create the key material. No need for extra strong, those are short
460 * term keys. */
468 }
470 max_introduce2_cells);
471 }
477 }
480 }
484 /* Initialize the base object. We don't need the certificate object. */
489 }
491 /* Generate the encryption key for this intro point. */
493 /* Figure out if this chosen node supports v3 or is legacy only.
494 * NULL nodes are used in the unit tests. */
497 /* Legacy mode that is doesn't support v3+ with ed25519 auth key. */
501 }
505 }
506 }
508 /* Flag if this intro point supports the INTRO2 dos defenses. */
512 /* Finally, copy onion key from the node. */
516 done:
518 err:
521 }
523 /** Add the given intro point object to the given intro point map. The intro
524 * point MUST have its RSA encryption key set if this is a legacy type or the
525 * authentication key set otherwise. */
526 STATIC void
528 {
535 /* Make sure we didn't just try to double-add an intro point */
537 }
539 /** For a given service, remove the intro point from that service's descriptors
540 * (check both current and next descriptor) */
541 STATIC void
544 {
548 /* Trying all descriptors. */
550 /* We'll try to remove the descriptor on both descriptors which is not
551 * very expensive to do instead of doing lookup + remove. */
555 }
557 /** For a given service and authentication key, return the intro point or NULL
558 * if not found. This will check both descriptors in the service. */
559 STATIC hs_service_intro_point_t *
562 {
568 /* Trying all descriptors to find the right intro point.
569 *
570 * Even if we use the same node as intro point in both descriptors, the node
571 * will have a different intro auth key for each descriptor since we generate
572 * a new one every time we pick an intro point.
573 *
574 * After #22893 gets implemented, intro points will be moved to be
575 * per-service instead of per-descriptor so this function will need to
576 * change.
577 */
582 }
586 }
588 /** For a given service and intro point, return the descriptor for which the
589 * intro point is assigned to. NULL is returned if not found. */
590 STATIC hs_service_descriptor_t *
593 {
604 }
608 }
610 /** From a circuit identifier, get all the possible objects associated with the
611 * ident. If not NULL, service, ip or desc are set if the object can be found.
612 * They are untouched if they can't be found.
613 *
614 * This is an helper function because we do those lookups often so it's more
615 * convenient to simply call this functions to get all the things at once. */
616 STATIC void
620 {
625 /* Get service object from the circuit identifier. */
629 }
631 /* From the service object, get the intro point object of that circuit. The
632 * following will query both descriptors intro points list. */
635 }
637 /* Get the descriptor for this introduction point and service. */
640 }
641 }
643 /** From a given intro point, return the first link specifier of type
644 * encountered in the link specifier list. Return NULL if it can't be found.
645 *
646 * The caller does NOT have ownership of the object, the intro point does. */
649 {
659 }
662 end:
664 }
666 /** Given a service intro point, return the node_t associated to it. This can
667 * return NULL if the given intro point has no legacy ID or if the node can't
668 * be found in the consensus. */
671 {
679 }
680 /* XXX In the future, we want to only use the ed25519 ID (#22173). */
683 }
685 /** Given a service intro point, return the extend_info_t for it. This can
686 * return NULL if the node can't be found for the intro point or the extend
687 * info can't be created for the found node. If direct_conn is set, the extend
688 * info is validated on if we can connect directly. */
692 {
700 /* This can happen if the relay serving as intro point has been removed
701 * from the consensus. In that case, the intro point will be removed from
702 * the descriptor during the scheduled events. */
704 }
706 /* In the case of a direct connection (single onion service), it is possible
707 * our firewall policy won't allow it so this can return a NULL value. */
710 end:
712 }
714 /** Return the number of introduction points that are established for the
715 * given descriptor. */
718 {
729 }
731 /** For a given service and descriptor of that service, close all active
732 * directory connections. */
733 static void
736 {
743 /* Close pending HS desc upload connections for the blinded key of 'desc'. */
745 DIR_PURPOSE_UPLOAD_HSDESC);
753 count++;
755 }
762 /* We don't have ownership of the objects in this list. */
764 }
766 /** Close all rendezvous circuits for the given service. */
767 static void
769 {
774 /* The reason we go over all circuit instead of using the circuitmap API is
775 * because most hidden service circuits are rendezvous circuits so there is
776 * no real improvement at getting all rendezvous circuits from the
777 * circuitmap and then going over them all to find the right ones.
778 * Furthermore, another option would have been to keep a list of RP cookies
779 * for a service but it creates an engineering complexity since we don't
780 * have a "RP circuit closed" event to clean it up properly so we avoid a
781 * memory DoS possibility. */
784 /* Only close circuits that are v3 and for this service. */
788 /* Reason is FINISHED because service has been removed and thus the
789 * circuit is considered old/unneeded. When freed, it is removed from the
790 * hs circuitmap. */
792 }
793 }
794 }
796 /** Close the circuit(s) for the given map of introduction points. */
797 static void
799 {
806 /* Reason is FINISHED because service has been removed and thus the
807 * circuit is considered old/unneeded. When freed, the circuit is removed
808 * from the HS circuitmap. */
810 }
812 }
814 /** Close all introduction circuits for the given service. */
815 static void
817 {
823 }
825 /** Close any circuits related to the given service. */
826 static void
828 {
831 /* Only support for version >= 3. */
834 }
835 /* Close intro points. */
837 /* Close rendezvous points. */
839 }
841 /** Move every ephemeral services from the src service map to the dst service
842 * map. It is possible that a service can't be register to the dst map which
843 * won't stop the process of moving them all but will trigger a log warn. */
844 static void
846 {
852 /* Iterate over the map to find ephemeral service and move them to the other
853 * map. We loop using this method to have a safe removal process. */
857 /* Yeah, we are in a very manual loop :). */
860 }
861 /* Remove service from map and then register to it to the other map.
862 * Reminder that "*iter" and "s" are the same thing. */
867 }
868 }
869 }
871 /** Return a const string of the directory path escaped. If this is an
872 * ephemeral service, it returns "[EPHEMERAL]". This can only be called from
873 * the main thread because escaped() uses a static variable. */
876 {
879 }
881 /** Move the hidden service state from <b>src</b> to <b>dst</b>. We do this
882 * when we receive a SIGHUP: <b>dst</b> is the post-HUP service */
883 static void
885 {
892 /* Let's do a shallow copy */
895 /* Freeing a NULL replaycache triggers an info LD_BUG. */
898 }
910 }
911 }
913 /** Register services that are in the staging list. Once this function returns,
914 * the global service map will be set with the right content and all non
915 * surviving services will be cleaned up. */
916 static void
918 {
923 /* Allocate a new map that will replace the current one. */
927 /* First step is to transfer all ephemeral services from the current global
928 * map to the new one we are constructing. We do not prune ephemeral
929 * services as the only way to kill them is by deleting it from the control
930 * port or stopping the tor daemon. */
936 /* Check if that service is already in our global map and if so, we'll
937 * transfer the intro points to it. */
940 /* Pass ownership of the descriptors from s (the current service) to
941 * snew (the newly configured one). */
944 /* Remove the service from the global map because after this, we need to
945 * go over the remaining service in that map that aren't surviving the
946 * reload to close their circuits. */
949 }
950 /* Great, this service is now ready to be added to our new map. */
952 /* This should never happen because prior to registration, we validate
953 * every service against the entire set. Not being able to register a
954 * service means we failed to validate correctly. In that case, don't
955 * break tor and ignore the service but tell user. */
960 }
963 /* Close any circuits associated with the non surviving services. Every
964 * service in the current global map are roaming. */
969 /* Time to make the switch. We'll clear the staging list because its content
970 * has now changed ownership to the map. */
974 /* We've just register services into the new map and now we've replaced the
975 * global map with it so we have to notify that the change happened. When
976 * registering a service, the notify is only triggered if the destination
977 * map is the global map for which in here it was not. */
979 }
981 /** Write the onion address of a given service to the given filename fname_ in
982 * the service directory. Return 0 on success else -1 on error. */
983 STATIC int
985 {
993 /* Construct the full address with the onion tld and write the hostname file
994 * to disk. */
996 /* Notice here that we use the given "fname_". */
1002 }
1004 #ifndef _WIN32
1006 /* Mode to 0640. */
1010 }
1011 }
1014 /* Success. */
1016 end:
1020 }
1022 /** Load and/or generate private keys for the given service. On success, the
1023 * hostname file will be written to disk along with the master private key iff
1024 * the service is not configured for offline keys. Return 0 on success else -1
1025 * on failure. */
1026 static int
1028 {
1038 /* Create and fix permission on service directory. We are about to write
1039 * files to that directory so make sure it exists and has the right
1040 * permissions. We do this here because at this stage we know that Tor is
1041 * actually running and the service we have has been validated. */
1046 }
1048 /* Try to load the keys from file or generate it if not found. */
1050 /* Don't ask for key creation, we want to know if we were able to load it or
1051 * we had to generate it. Better logging! */
1056 /* We'll now try to generate the keys and for it we want the strongest
1057 * randomness for it. The keypair will be written in different files. */
1059 INIT_ED_KEY_SPLIT;
1065 }
1066 }
1068 /* Copy loaded or generated keys to service object. */
1072 /* This does a proper memory wipe. */
1075 /* Build onion address from the newly loaded keys. */
1081 /* Write onion address to hostname file. */
1084 }
1086 /* Load all client authorization keys in the service. */
1089 }
1091 /* Success. */
1093 end:
1096 }
1098 /** Check if the client file name is valid or not. Return 1 if valid,
1099 * otherwise return 0. */
1100 STATIC int
1102 {
1108 /* The file extension must match and the total filename length can't be the
1109 * length of the extension else we do not have a filename. */
1115 }
1118 }
1120 /** Parse an base32-encoded authorized client from a string.
1121 *
1122 * Return the key on success, return NULL, otherwise. */
1123 hs_service_authorized_client_t *
1125 {
1128 /* We expect a specific length of the base64 encoded key so make sure we
1129 * have that so we don't successfully decode a value with a different length
1130 * and end up in trouble when copying the decoded key into a fixed length
1131 * buffer. */
1136 }
1146 }
1150 err:
1153 }
1155 }
1157 /** Parse an authorized client from a string. The format of a client string
1158 * looks like (see rend-spec-v3.txt):
1159 *
1160 * <auth-type>:<key-type>:<base32-encoded-public-key>
1161 *
1162 * The <auth-type> can only be "descriptor".
1163 * The <key-type> can only be "x25519".
1164 *
1165 * Return the key on success, return NULL, otherwise. */
1166 STATIC hs_service_authorized_client_t *
1168 {
1179 /* Wrong number of fields. */
1183 }
1189 /* Currently, the only supported auth type is "descriptor". */
1192 auth_type);
1194 }
1196 /* Currently, the only supported key type is "x25519". */
1199 key_type);
1201 }
1205 }
1207 /* Success. */
1210 err:
1212 done:
1213 /* It is also a good idea to wipe the public key. */
1216 }
1221 }
1223 /** Load all the client public keys for the given service. Return 0 on
1224 * success else -1 on failure. */
1225 static int
1227 {
1239 /* Before calling this function, we already call load_service_keys to make
1240 * sure that the directory exists with the right permission. So, if we
1241 * cannot create a client pubkey key directory, we consider it as a bug. */
1243 dname_client_pubkeys);
1245 client_keys_dir_path,
1248 }
1250 /* If the list of clients already exists, we must clear it first. */
1255 }
1262 client_keys_dir_path);
1264 }
1269 filename);
1275 }
1277 /* Create a full path for a file. */
1279 filename);
1282 /* If we cannot read the file, continue with the next file. */
1286 client_key_file_path);
1289 }
1293 /* Wipe and free immediately after using it. */
1300 filename);
1301 }
1305 /* If the number of clients is greater than zero, set the flag to be true. */
1308 }
1310 /* Success. */
1312 end:
1315 }
1319 }
1324 }
1326 /** Release all storage held in <b>client</b>. */
1327 void
1329 {
1332 }
1335 }
1337 /** Free a given service descriptor object and all key material is wiped. */
1338 STATIC void
1340 {
1343 }
1347 /* Cleanup all intro points. */
1353 }
1356 }
1358 /** Return a newly allocated service descriptor object. */
1359 STATIC hs_service_descriptor_t *
1361 {
1364 /* Initialize the intro points map. */
1369 }
1371 /** Allocate and return a deep copy of client. */
1374 {
1380 /* Currently, the public key is the only component of
1381 * hs_service_authorized_client_t. */
1384 CURVE25519_PUBKEY_LEN);
1387 }
1389 /** If two authorized clients are equal, return 0. If the first one should come
1390 * before the second, return less than zero. If the first should come after
1391 * the second, return greater than zero. */
1392 static int
1395 {
1399 /* Currently, the public key is the only component of
1400 * hs_service_authorized_client_t. */
1403 CURVE25519_PUBKEY_LEN);
1404 }
1406 /** Helper for sorting authorized clients. */
1407 static int
1409 {
1412 }
1414 /** If the list of hs_service_authorized_client_t's is different between
1415 * src and dst, return 1. Otherwise, return 0. */
1416 STATIC int
1419 {
1430 /* If the number of clients is different, it is obvious that the list
1431 * changes. */
1434 }
1436 /* We do not want to mutate config1 and config2, so we will duplicate both
1437 * entire client lists here. */
1450 /* If the clients at index i in both lists differ, the whole configs
1451 * differ. */
1455 }
1456 }
1458 /* Success. */
1461 done:
1466 }
1471 }
1473 }
1475 /** Move descriptor(s) from the src service to the dst service and modify their
1476 * content if necessary. We do this during SIGHUP when we re-create our
1477 * hidden services. */
1478 static void
1480 {
1485 /* Nothing should be there, but clean it up just in case */
1488 }
1491 }
1494 /* Nothing should be there, but clean it up just in case */
1497 }
1500 }
1502 /* If the client authorization changes, we must rebuild the superencrypted
1503 * section and republish the descriptors. */
1507 /* We have to clear the superencrypted content first. */
1512 }
1514 }
1516 /* We have to clear the superencrypted content first. */
1521 }
1523 }
1527 err:
1528 /* If there is an error, free all descriptors to make it clean and generate
1529 * them later. */
1532 }
1534 /** From the given service, remove all expired failing intro points for each
1535 * descriptor. */
1536 static void
1538 {
1541 /* For both descriptors, cleanup the failing intro points list. */
1548 }
1551 }
1553 /** For the given descriptor desc, put all node_t object found from its failing
1554 * intro point list and put them in the given node_list. */
1555 static void
1558 {
1567 }
1569 }
1571 /** For the given failing intro point ip, we add its time of failure to the
1572 * failed map and index it by identity digest (legacy ID) in the descriptor
1573 * desc failed id map. */
1574 static void
1577 {
1591 time_of_failure);
1593 }
1595 /** Using a given descriptor signing keypair signing_kp, a service intro point
1596 * object ip and the time now, setup the content of an already allocated
1597 * descriptor intro desc_ip.
1598 *
1599 * Return 0 on success else a negative value. */
1600 static int
1604 {
1612 /* Copy the onion key. */
1615 /* Key and certificate material. */
1617 CERT_TYPE_AUTH_HS_IP_KEY,
1619 nearest_hour,
1620 HS_DESC_CERT_LIFETIME,
1621 CERT_FLAG_INCLUDE_SIGNING_KEY);
1625 }
1627 /* Copy link specifier(s). */
1632 }
1636 }
1640 /* For a legacy intro point, we'll use an RSA/ed cross certificate. */
1643 /* Create cross certification cert. */
1652 }
1654 }
1656 /* Encryption key and its cross certificate. */
1657 {
1658 ed25519_public_key_t ed25519_pubkey;
1660 /* Use the public curve25519 key. */
1663 /* The following can't fail. */
1668 CERT_TYPE_CROSS_HS_IP_KEYS,
1670 HS_DESC_CERT_LIFETIME,
1671 CERT_FLAG_INCLUDE_SIGNING_KEY);
1675 }
1676 }
1677 /* Success. */
1680 done:
1682 }
1684 /** Using the given descriptor from the given service, build the descriptor
1685 * intro point list so we can then encode the descriptor for publication. This
1686 * function does not pick intro points, they have to be in the descriptor
1687 * current map. Cryptographic material (keys) must be initialized in the
1688 * descriptor for this function to make sense. */
1689 static void
1692 {
1698 /* Ease our life. */
1700 /* Cleanup intro points, we are about to set them from scratch. */
1706 /* Ignore un-established intro points. They can linger in that list
1707 * because their circuit has not opened and they haven't been removed
1708 * yet even though we have enough intro circuits.
1709 *
1710 * Due to #31561, it can stay in that list until rotation so this check
1711 * prevents to publish an intro point without a circuit. */
1713 }
1718 }
1719 /* We have a valid descriptor intro point. Add it to the list. */
1722 }
1724 /** Build the descriptor signing key certificate. */
1725 static void
1727 {
1733 /* Ease our life a bit. */
1736 /* Get rid of what we have right now. */
1739 /* Fresh certificate for the signing key. */
1743 CERT_FLAG_INCLUDE_SIGNING_KEY);
1744 /* If the cert creation fails, the descriptor encoding will fail and thus
1745 * ultimately won't be uploaded. We'll get a stack trace to help us learn
1746 * where the call came from and the tor_cert_create_ed25519() will log the
1747 * error. */
1749 }
1751 /** Populate the descriptor encrypted section from the given service object.
1752 * This will generate a valid list of introduction points that can be used
1753 * after for circuit creation. Return 0 on success else -1 on error. */
1754 static int
1757 {
1768 /* Setup introduction points from what we have in the service. */
1771 }
1772 /* We do NOT build introduction point yet, we only do that once the circuit
1773 * have been opened. Until we have the right number of introduction points,
1774 * we do not encode anything in the descriptor. */
1776 /* XXX: Support client authorization (#20700). */
1779 }
1781 /** Populate the descriptor superencrypted section from the given service
1782 * object. This will generate a valid list of hs_desc_authorized_client_t
1783 * of clients that are authorized to use the service. Return 0 on success
1784 * else -1 on error. */
1785 static int
1788 {
1799 /* The ephemeral key pair is already generated, so this should not give
1800 * an error. */
1803 }
1808 /* Test that subcred is not zero because we might use it below */
1810 DIGEST256_LEN))) {
1812 }
1814 /* Create a smartlist to store clients */
1817 /* We do not need to build the desc authorized client if the client
1818 * authorization is disabled */
1825 /* Prepare the client for descriptor and then add to the list in the
1826 * superencrypted part of the descriptor */
1834 }
1836 /* We cannot let the number of auth-clients to be zero, so we need to
1837 * make it be 16. If it is already a multiple of 16, we do not need to
1838 * do anything. Otherwise, add the additional ones to make it a
1839 * multiple of 16. */
1847 num_clients_to_add =
1848 HS_DESC_AUTH_CLIENT_MULTIPLE
1850 }
1856 }
1858 /* Shuffle the list to prevent the client know the position in the
1859 * config. */
1863 }
1865 /** Populate the descriptor plaintext section from the given service object.
1866 * The caller must make sure that the keys in the descriptors are valid that
1867 * is are non-zero. This can't fail. */
1868 static void
1871 {
1881 /* Set the subcredential. */
1889 /* Copy public key material to go in the descriptor. */
1893 /* Create the signing key certificate. This will be updated before each
1894 * upload but we create it here so we don't complexify our unit tests. */
1896 }
1898 /** Compute the descriptor's OPE cipher for encrypting revision counters. */
1901 {
1902 /* Compute OPE key as H("rev-counter-generation" | blinded privkey) */
1914 }
1916 /** For the given service and descriptor object, create the key material which
1917 * is the blinded keypair, the descriptor signing keypair, the ephemeral
1918 * keypair, and the descriptor cookie. Return 0 on success else -1 on error
1919 * where the generated keys MUST be ignored. */
1920 static int
1923 {
1925 ed25519_keypair_t kp;
1929 ED25519_PUBKEY_LEN));
1931 /* XXX: Support offline key feature (#18098). */
1933 /* Copy the identity keys to the keypair so we can use it to create the
1934 * blinded key. */
1937 /* Build blinded keypair for this time period. */
1940 /* Let's not keep too much traces of our keys in memory. */
1943 /* Compute the OPE cipher struct (it's tied to the current blinded key) */
1949 /* No need for extra strong, this is a temporary key only for this
1950 * descriptor. Nothing long term. */
1956 }
1958 /* No need for extra strong, this is a temporary key only for this
1959 * descriptor. Nothing long term. */
1965 }
1967 /* Random descriptor cookie to be used as a part of a key to encrypt the
1968 * descriptor, only if the client auth is enabled will it be used. */
1972 /* Success. */
1974 end:
1976 }
1978 /** Given a service and the current time, build a descriptor for the service.
1979 * This function does not pick introduction point, this needs to be done by
1980 * the update function. On success, desc_out will point to the newly allocated
1981 * descriptor object.
1982 *
1983 * This can error if we are unable to create keys or certificate. */
1984 static void
1987 {
1996 /* Set current time period */
1999 /* Create the needed keys so we can setup the descriptor content. */
2002 }
2003 /* Setup plaintext descriptor content. */
2006 /* Setup superencrypted descriptor content. */
2009 }
2010 /* Setup encrypted descriptor content. */
2013 }
2015 /* Let's make sure that we've created a descriptor that can actually be
2016 * encoded properly. This function also checks if the encoded output is
2017 * decodable after. */
2021 }
2024 /* Assign newly built descriptor to the next slot. */
2027 /* Fire a CREATED control port event. */
2031 /* If we are an onionbalance instance, we refresh our keys when we rotate
2032 * descriptors. */
2037 err:
2039 }
2041 /** Build both descriptors for the given service that has just booted up.
2042 * Because it's a special case, it deserves its special function ;). */
2043 static void
2045 {
2049 /* These are the conditions for a new service. */
2053 /*
2054 * +------------------------------------------------------------------+
2055 * | |
2056 * | 00:00 12:00 00:00 12:00 00:00 12:00 |
2057 * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
2058 * | |
2059 * | $==========|-----------$===========|-----------$===========| |
2060 * | ^ ^ |
2061 * | A B |
2062 * +------------------------------------------------------------------+
2063 *
2064 * Case A: The service boots up before a new time period, the current time
2065 * period is thus TP#1 and the next is TP#2 which for both we have access to
2066 * their SRVs.
2067 *
2068 * Case B: The service boots up inside TP#2, we can't use the TP#3 for the
2069 * next descriptor because we don't have the SRV#3 so the current should be
2070 * TP#1 and next TP#2.
2071 */
2074 /* Case B from the above, inside of the new time period. */
2078 /* Case A from the above, outside of the new time period. */
2081 }
2083 /* Build descriptors. */
2089 }
2091 /** Build descriptors for each service if needed. There are conditions to build
2092 * a descriptor which are details in the function. */
2093 STATIC void
2095 {
2098 /* A service booting up will have both descriptors to NULL. No other cases
2099 * makes both descriptor non existent. */
2103 }
2105 /* Reaching this point means we are pass bootup so at runtime. We should
2106 * *never* have an empty current descriptor. If the next descriptor is
2107 * empty, we'll try to build it for the next time period. This only
2108 * happens when we rotate meaning that we are guaranteed to have a new SRV
2109 * at that point for the next time period. */
2112 }
2120 }
2122 }
2124 /** Randomly pick a node to become an introduction point but not present in the
2125 * given exclude_nodes list. The chosen node is put in the exclude list
2126 * regardless of success or not because in case of failure, the node is simply
2127 * unsusable from that point on.
2128 *
2129 * If direct_conn is set, try to pick a node that our local firewall/policy
2130 * allows us to connect to directly. If we can't find any, return NULL.
2131 * This function supports selecting dual-stack nodes for direct single onion
2132 * service IPv6 connections. But it does not send IPv6 addresses in link
2133 * specifiers. (Current clients don't use IPv6 addresses to extend, and
2134 * direct client connections to intro points are not supported.)
2135 *
2136 * Return a newly allocated service intro point ready to be used for encoding.
2137 * Return NULL on error. */
2140 {
2144 /* Normal 3-hop introduction point flags. */
2146 /* Single onion flags. */
2152 /* If we are in single onion mode, retry node selection for a 3-hop
2153 * path */
2156 "Unable to find an intro point that we can connect to "
2159 flags);
2160 }
2164 }
2166 /* We have a suitable node, add it to the exclude list. We do this *before*
2167 * we can validate the extend information because even in case of failure,
2168 * we don't want to use that node anymore. */
2171 /* Create our objects and populate them with the node information. */
2176 }
2180 err:
2183 }
2185 /** For a given descriptor from the given service, pick any needed intro points
2186 * and update the current map with those newly picked intro points. Return the
2187 * number node that might have been added to the descriptor current map. */
2188 static unsigned int
2191 {
2198 /* Compute how many intro points we actually need to open. */
2202 /* Let's not make tor freak out here and just skip this. */
2204 }
2206 /* We want to end up with config.num_intro_points intro points, but if we
2207 * have no intro points at all (chances are they all cycled or we are
2208 * starting up), we launch get_intro_point_num_extra() extra circuits and
2209 * use the first config.num_intro_points that complete. See proposal #155,
2210 * section 4 for the rationale of this which is purely for performance.
2211 *
2212 * The ones after the first config.num_intro_points will be converted to
2213 * 'General' internal circuits and then we'll drop them from the list of
2214 * intro points. */
2217 }
2219 /* Build an exclude list of nodes of our intro point(s). The expiring intro
2220 * points are OK to pick again because this is after all a concept of round
2221 * robin so they are considered valid nodes to pick again. */
2227 }
2229 /* Also, add the failing intro points that our descriptor encounteered in
2230 * the exclude node list. */
2236 /* This function will add the picked intro point node to the exclude nodes
2237 * list so we don't pick the same one at the next iteration. */
2240 /* If we end up unable to pick an introduction point it is because we
2241 * can't find suitable node and calling this again is highly unlikely to
2242 * give us a valid node all of the sudden. */
2247 }
2248 /* Valid intro point object, add it to the descriptor current map. */
2250 }
2251 /* We've successfully picked all our needed intro points thus none are
2252 * missing which will tell our upload process to expect the number of
2253 * circuits to be the number of configured intro points circuits and not the
2254 * number of intro points object that we have. */
2257 /* Success. */
2258 done:
2259 /* We don't have ownership of the node_t object in this list. */
2262 }
2264 /** Clear previous cached HSDirs in <b>desc</b>. */
2265 static void
2267 {
2270 }
2274 }
2276 /** Note that we attempted to upload <b>desc</b> to <b>hsdir</b>. */
2277 static void
2279 {
2285 }
2289 }
2290 }
2292 /** Schedule an upload of <b>desc</b>. If <b>descriptor_changed</b> is set, it
2293 * means that this descriptor is dirty. */
2294 STATIC void
2299 {
2302 /* If the descriptor changed, clean up the old HSDirs list. We want to
2303 * re-upload no matter what. */
2306 }
2307 }
2309 /** Pick missing intro points for this descriptor if needed. */
2310 static void
2313 {
2322 /* Pick any missing introduction point(s). */
2325 desc);
2328 "%u for %s descriptor. It currently has %d intro "
2331 num_new_intro_points,
2334 num_intro_points);
2335 /* We'll build those introduction point into the descriptor once we have
2336 * confirmation that the circuits are opened and ready. However,
2337 * indicate that this descriptor should be uploaded from now on. */
2339 }
2340 /* Were we able to pick all the intro points we needed? If not, we'll
2341 * flag the descriptor that it's missing intro points because it
2342 * couldn't pick enough which will trigger a descriptor upload. */
2346 }
2347 }
2348 }
2350 /** Update descriptor intro points for each service if needed. We do this as
2351 * part of the periodic event because we need to establish intro point circuits
2352 * before we publish descriptors. */
2353 STATIC void
2355 {
2357 /* We'll try to update each descriptor that is if certain conditions apply
2358 * in order for the descriptor to be updated. */
2363 }
2365 /** Return true iff the given intro point has expired that is it has been used
2366 * for too long or we've reached our max seen INTRODUCE2 cell. */
2367 STATIC int
2370 {
2375 }
2379 }
2381 /* Not expiring. */
2383 expired:
2385 }
2387 /** Return true iff we should remove the intro point ip from its service.
2388 *
2389 * We remove an intro point from the service descriptor list if one of
2390 * these criteria is met:
2391 * - It has expired (either in INTRO2 count or in time).
2392 * - No node was found (fell off the consensus).
2393 * - We are over the maximum amount of retries.
2394 *
2395 * If an established or pending circuit is found for the given ip object, this
2396 * return false indicating it should not be removed. */
2397 static bool
2399 {
2404 /* Any one of the following needs to be True to fulfill the criteria to
2405 * remove an intro point. */
2407 MAX_INTRO_POINT_CIRCUIT_RETRIES);
2411 /* If the node fell off the consensus or the IP has expired, we have to
2412 * remove it now. */
2416 }
2418 /* Pass this point, even though we might be over the retry limit, we check
2419 * if a circuit (established or pending) exists. In that case, we should not
2420 * remove it because it might simply be valid and opened at the previous
2421 * scheduled event for the last retry. */
2423 /* Do we simply have an existing circuit regardless of its state? */
2426 }
2428 /* Getting here means we have _no_ circuits so then return if we have any
2429 * remaining retries. */
2432 end:
2433 /* Meaningful log in case we are about to remove the IP. */
2441 }
2443 }
2445 /** Go over the given set of intro points for each service and remove any
2446 * invalid ones.
2447 *
2448 * If an intro point is removed, the circuit (if any) is immediately close.
2449 * If a circuit can't be found, the intro point is kept if it hasn't reached
2450 * its maximum circuit retry value and thus should be retried. */
2451 static void
2453 {
2454 /* List of intro points to close. We can't mark the intro circuits for close
2455 * in the modify loop because doing so calls back into the HS subsystem and
2456 * we need to keep that code path outside of the service/desc loop so those
2457 * maps don't get modified during the close making us in a possible
2458 * use-after-free situation. */
2463 /* For both descriptors, cleanup the intro points. */
2465 /* Go over the current intro points we have, make sure they are still
2466 * valid and remove any of them that aren't. */
2470 /* We've retried too many times, remember it as a failed intro point
2471 * so we don't pick it up again for INTRO_CIRC_RETRY_PERIOD sec. */
2474 }
2476 /* Remove intro point from descriptor map and add it to the list of
2477 * ips to free for which we'll also try to close the intro circuit. */
2480 }
2484 /* Go over the intro points to free and close their circuit if any. */
2486 /* See if we need to close the intro point circuit as well */
2488 /* XXX: Legacy code does NOT close circuits like this: it keeps the circuit
2489 * open until a new descriptor is uploaded and then closed all expiring
2490 * intro point circuit. Here, we close immediately and because we just
2491 * discarded the intro point, a new one will be selected, a new descriptor
2492 * created and uploaded. There is no difference to an attacker between the
2493 * timing of a new consensus and intro point rotation (possibly?). */
2497 }
2499 /* Cleanup the intro point */
2504 }
2506 /** Set the next rotation time of the descriptors for the given service for the
2507 * time now. */
2508 static void
2510 {
2517 {
2522 }
2523 }
2525 /** Return true iff the service should rotate its descriptor. The time now is
2526 * only used to fetch the live consensus and if none can be found, this
2527 * returns false. */
2528 static unsigned int
2530 {
2539 }
2542 /* In theory, we should never get here with no descriptors. We can never
2543 * have a NULL current descriptor except when tor starts up. The next
2544 * descriptor can be NULL after a rotation but we build a new one right
2545 * after.
2546 *
2547 * So, when tor starts, the next rotation time is set to the start of the
2548 * next SRV period using the consensus valid after time so it should
2549 * always be set to a future time value. This means that we should never
2550 * reach this point at bootup that is this check safeguards tor in never
2551 * allowing a rotation if the valid after time is smaller than the next
2552 * rotation time.
2553 *
2554 * This is all good in theory but we've had a NULL descriptor issue here
2555 * so this is why we BUG() on both with extra logging to try to understand
2556 * how this can possibly happens. We'll simply ignore and tor should
2557 * recover from this by skipping rotation and building the missing
2558 * descriptors just after this. */
2561 "time is %ld (now: %ld). Valid after time from "
2568 }
2570 }
2572 no_rotation:
2574 rotation:
2576 }
2578 /** Rotate the service descriptors of the given service. The current descriptor
2579 * will be freed, the next one put in as the current and finally the next
2580 * descriptor pointer is NULLified. */
2581 static void
2583 {
2585 /* Close all IP circuits for the descriptor. */
2587 /* We don't need this one anymore, we won't serve any clients coming with
2588 * this service descriptor. */
2590 }
2591 /* The next one become the current one and emptying the next will trigger
2592 * a descriptor creation for it. */
2596 /* We've just rotated, set the next time for the rotation. */
2598 }
2600 /** Rotate descriptors for each service if needed. A non existing current
2601 * descriptor will trigger a descriptor build for the next time period. */
2602 STATIC void
2604 {
2605 /* XXX We rotate all our service descriptors at once. In the future it might
2606 * be wise, to rotate service descriptors independently to hide that all
2607 * those descriptors are on the same tor instance */
2611 /* Note for a service booting up: Both descriptors are NULL in that case
2612 * so this function might return true if we are in the timeframe for a
2613 * rotation leading to basically swapping two NULL pointers which is
2614 * harmless. However, the side effect is that triggering a rotation will
2615 * update the service state and avoid doing anymore rotations after the
2616 * two descriptors have been built. */
2619 }
2627 }
2629 /** Scheduled event run from the main loop. Make sure all our services are up
2630 * to date and ready for the other scheduled events. This includes looking at
2631 * the introduction points status and descriptor rotation time. */
2632 STATIC void
2634 {
2635 /* Note that nothing here opens circuit(s) nor uploads descriptor(s). We are
2636 * simply moving things around or removing unneeded elements. */
2640 /* If the service is starting off, set the rotation time. We can't do that
2641 * at configure time because the get_options() needs to be set for setting
2642 * that time that uses the voting interval. */
2644 /* Set the next rotation time of the descriptors. If it's Oct 25th
2645 * 23:47:00, the next rotation time is when the next SRV is computed
2646 * which is at Oct 26th 00:00:00 that is in 13 minutes. */
2648 }
2650 /* Cleanup invalid intro points from the service descriptor. */
2653 /* Remove expired failing intro point from the descriptor failed list. We
2654 * reset them at each INTRO_CIRC_RETRY_PERIOD. */
2657 /* At this point, the service is now ready to go through the scheduled
2658 * events guaranteeing a valid state. Intro points might be missing from
2659 * the descriptors after the cleanup but the update/build process will
2660 * make sure we pick those missing ones. */
2662 }
2664 /** Scheduled event run from the main loop. Make sure all descriptors are up to
2665 * date. Once this returns, each service descriptor needs to be considered for
2666 * new introduction circuits and then for upload. */
2667 static void
2669 {
2670 /* Run v3+ events. */
2671 /* We start by rotating the descriptors only if needed. */
2674 /* Then, we'll try to build new descriptors that we might need. The
2675 * condition is that the next descriptor is non existing because it has
2676 * been rotated or we just started up. */
2679 /* Finally, we'll check if we should update the descriptors' intro
2680 * points. Missing introduction points will be picked in this function which
2681 * is useful for newly built descriptors. */
2683 }
2685 /** For the given service, launch any intro point circuits that could be
2686 * needed. This considers every descriptor of the service. */
2687 static void
2689 {
2692 /* For both descriptors, try to launch any missing introduction point
2693 * circuits using the current map. */
2695 /* Keep a ref on if we need a direct connection. We use this often. */
2702 /* Skip the intro point that already has an existing circuit
2703 * (established or not). */
2706 }
2709 /* If we can't connect directly to the intro point, get an extend_info
2710 * for a multi-hop path instead. */
2714 }
2717 /* This is possible if we can get a node_t but not the extend info out
2718 * of it. In this case, we remove the intro point and a new one will
2719 * be picked at the next main loop callback. */
2723 }
2725 /* Launch a circuit to the intro point. */
2732 /* Intro point will be retried if possible after this. */
2733 }
2737 }
2739 /** Don't try to build more than this many circuits before giving up for a
2740 * while. Dynamically calculated based on the configured number of intro
2741 * points for the given service and how many descriptor exists. The default
2742 * use case of 3 introduction points and two descriptors will allow 28
2743 * circuits for a retry period (((3 + 2) + (3 * 3)) * 2). */
2744 static unsigned int
2746 {
2753 HS_CONFIG_V3_MAX_INTRO_POINTS);
2755 /** For a testing network, allow to do it for the maximum amount so circuit
2756 * creation and rotation and so on can actually be tested without limit. */
2757 #define MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1
2760 }
2764 /* The calculation is as follow. We have a number of intro points that we
2765 * want configured as a torrc option (num_intro_points). We then add an
2766 * extra value so we can launch multiple circuits at once and pick the
2767 * quickest ones. For instance, we want 3 intros, we add 2 extra so we'll
2768 * pick 5 intros and launch 5 circuits. */
2771 /* Then we add the number of retries that is possible to do for each intro
2772 * point. If we want 3 intros, we'll allow 3 times the number of possible
2773 * retry. */
2776 /* Then, we multiply by a factor of 2 if we have both descriptor or 0 if we
2777 * have none. */
2782 }
2784 /** For the given service, return 1 if the service is allowed to launch more
2785 * introduction circuits else 0 if the maximum has been reached for the retry
2786 * period of INTRO_CIRC_RETRY_PERIOD. */
2787 STATIC int
2789 {
2792 /* Consider the intro circuit retry period of the service. */
2794 INTRO_CIRC_RETRY_PERIOD)) {
2798 }
2799 /* Check if we can still launch more circuits in this period. */
2803 }
2805 /* Rate limit log that we've reached our circuit creation limit. */
2806 {
2812 "of %u per %d seconds. It launched %u circuits in "
2816 INTRO_CIRC_RETRY_PERIOD,
2821 }
2822 }
2824 /* Not allow. */
2826 allow:
2828 }
2830 /** Scheduled event run from the main loop. Make sure we have all the circuits
2831 * we need for each service. */
2832 static void
2834 {
2835 /* Make sure we can actually have enough information or able to build
2836 * internal circuits as required by services. */
2840 }
2842 /* Run v3+ check. */
2844 /* For introduction circuit, we need to make sure we don't stress too much
2845 * circuit creation so make sure this service is respecting that limit. */
2847 /* Launch intro point circuits if needed. */
2849 /* Once the circuits have opened, we'll make sure to update the
2850 * descriptor intro point list and cleanup any extraneous. */
2851 }
2853 }
2855 /** Encode and sign the service descriptor desc and upload it to the given
2856 * hidden service directory. This does nothing if PublishHidServDescriptors
2857 * is false. */
2858 static void
2861 {
2868 /* Let's avoid doing that if tor is configured to not publish. */
2874 }
2876 /* First of all, we'll encode the descriptor. This should NEVER fail but
2877 * just in case, let's make sure we have an actual usable descriptor. */
2881 }
2883 /* Time to upload the descriptor to the directory. */
2888 /* Add this node to previous_hsdirs list */
2891 /* Logging so we know where it was sent. */
2892 {
2898 /* This log message is used by Chutney as part of its bootstrap
2899 * detection mechanism. Please don't change without first checking
2900 * Chutney. */
2911 /* Fire a UPLOAD control port event. */
2914 }
2916 end:
2919 }
2921 /** Set the revision counter in <b>hs_desc</b>. We do this by encrypting a
2922 * timestamp using an OPE scheme and using the ciphertext as our revision
2923 * counter.
2924 *
2925 * If <b>is_current</b> is true, then this is the current HS descriptor,
2926 * otherwise it's the next one. */
2927 static void
2930 {
2933 /* Get current time */
2936 /* As our revision counter plaintext value, we use the seconds since the
2937 * start of the SR protocol run that is relevant to this descriptor. This is
2938 * guaranteed to be a positive value since we need the SRV to start making a
2939 * descriptor (so that we know where to upload it).
2940 *
2941 * Depending on whether we are building the current or the next descriptor,
2942 * services use a different SRV value. See [SERVICEUPLOAD] in
2943 * rend-spec-v3.txt:
2944 *
2945 * In particular, for the current descriptor (aka first descriptor), Tor
2946 * always uses the previous SRV for uploading the descriptor, and hence we
2947 * should use the start time of the previous protocol run here.
2948 *
2949 * Whereas for the next descriptor (aka second descriptor), Tor always uses
2950 * the current SRV for uploading the descriptor. and hence we use the start
2951 * time of the current protocol run.
2952 */
2957 }
2966 /* Compute seconds elapsed since the start of the time period. That's the
2967 * number of seconds of how long this blinded key has been active. */
2970 /* Increment by one so that we are definitely sure this is strictly
2971 * positive and not zero. */
2972 seconds_since_start_of_srv++;
2974 /* Check for too big inputs. */
2977 }
2979 /* Now we compute the final revision counter value by encrypting the
2980 plaintext using our OPE cipher: */
2985 /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
2992 }
2994 /** Encode and sign the service descriptor desc and upload it to the
2995 * responsible hidden service directories. If for_next_period is true, the set
2996 * of directories are selected using the next hsdir_index. This does nothing
2997 * if PublishHidServDescriptors is false. */
2998 STATIC void
3001 {
3007 /* We'll first cancel any directory request that are ongoing for this
3008 * descriptor. It is possible that we can trigger multiple uploads in a
3009 * short time frame which can lead to a race where the second upload arrives
3010 * before the first one leading to a 400 malformed descriptor response from
3011 * the directory. Closing all pending requests avoids that. */
3014 /* Get our list of responsible HSDir. */
3016 /* The parameter 0 means that we aren't a client so tell the function to use
3017 * the spread store consensus parameter. */
3021 /** Clear list of previous hsdirs since we are about to upload to a new
3022 * list. Let's keep it up to date. */
3025 /* For each responsible HSDir we have, initiate an upload command. */
3027 hsdir_rs) {
3029 /* Getting responsible hsdir implies that the node_t object exists for the
3030 * routerstatus_t found in the consensus else we have a problem. */
3032 /* Upload this descriptor to the chosen directory. */
3036 /* Set the next upload time for this descriptor. Even if we are configured
3037 * to not upload, we still want to follow the right cycle of life for this
3038 * descriptor. */
3041 HS_SERVICE_NEXT_UPLOAD_TIME_MAX));
3042 {
3047 }
3051 }
3053 /** The set of HSDirs have changed: check if the change affects our descriptor
3054 * HSDir placement, and if it does, reupload the desc. */
3055 STATIC int
3058 {
3062 /* No desc upload has happened yet: it will happen eventually */
3065 }
3067 /* Get list of responsible hsdirs */
3071 /* Check if any new hsdirs have been added to the responsible hsdirs set:
3072 * Iterate over the list of new hsdirs, and reupload if any of them is not
3073 * present in the list of previous hsdirs.
3074 */
3082 }
3085 done:
3089 }
3091 /** These are all the reasons why a descriptor upload can't occur. We use
3092 * those to log the reason properly with the right rate limiting and for the
3093 * right descriptor. */
3102 /** Maximum number of reasons. This is used to allocate the static array of
3103 * all rate limiting objects. */
3104 #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO
3106 /** Log the reason why we can't upload the given descriptor for the given
3107 * service. This takes a message string (allocated by the caller) and a
3108 * reason.
3109 *
3110 * Depending on the reason and descriptor, different rate limit applies. This
3111 * is done because this function will basically be called every second. Each
3112 * descriptor for each reason uses its own log rate limit object in order to
3113 * avoid message suppression for different reasons and descriptors. */
3114 static void
3118 {
3119 /* Writing the log every minute shouldn't be too annoying for log rate limit
3120 * since this can be emitted every second for each descriptor.
3121 *
3122 * However, for one specific case, we increase it to 10 minutes because it
3123 * is hit constantly, as an expected behavior, which is the reason
3124 * indicating that it is not the time to upload. */
3130 };
3139 /* Make sure the reason value is valid. It should never happen because we
3140 * control that value in the code flow but will be apparent during
3141 * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not
3142 * updated. */
3145 }
3147 /* Ease our life. Flag that tells us if the descriptor is the next one. */
3150 /* Current descriptor is the first element in the ratelimit object array.
3151 * The next descriptor is the second element. */
3153 /* Get the ratelimit object for the reason _and_ right descriptor. */
3160 }
3162 /** Return 1 if the given descriptor from the given service can be uploaded
3163 * else return 0 if it can not. */
3164 static int
3167 {
3174 /* If this descriptors has missing intro points that is that it couldn't get
3175 * them all when it was time to pick them, it means that we should upload
3176 * instead of waiting an arbitrary amount of time breaking the service.
3177 * Else, if we have no missing intro points, we use the value taken from the
3178 * service configuration. */
3183 }
3185 /* This means we tried to pick intro points but couldn't get any so do not
3186 * upload descriptor in this case. We need at least one for the service to
3187 * be reachable. */
3191 LOG_DESC_UPLOAD_REASON_MISSING_IPS);
3193 }
3195 /* Check if all our introduction circuit have been established for all the
3196 * intro points we have selected. */
3202 LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED);
3204 }
3206 /* Is it the right time to upload? */
3211 LOG_DESC_UPLOAD_REASON_NOT_TIME);
3213 }
3215 /* Don't upload desc if we don't have a live consensus */
3220 LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS);
3222 }
3224 /* Do we know enough router descriptors to have adequate vision of the HSDir
3225 hash ring? */
3229 LOG_DESC_UPLOAD_REASON_NO_DIRINFO);
3231 }
3233 /* Can upload! */
3236 cannot:
3239 }
3241 /** Refresh the given service descriptor meaning this will update every mutable
3242 * field that needs to be updated before we upload.
3243 *
3244 * This should ONLY be called before uploading a descriptor. It assumes that
3245 * the descriptor has been built (desc->desc) and that all intro point
3246 * circuits have been established. */
3247 static void
3250 {
3251 /* There are few fields that we consider "mutable" in the descriptor meaning
3252 * we need to update them regularly over the lifetime for the descriptor.
3253 * The rest are set once and should not be modified.
3254 *
3255 * - Signing key certificate.
3256 * - Revision counter.
3257 * - Introduction points which includes many thing. See
3258 * hs_desc_intro_point_t. and the setup_desc_intro_point() function.
3259 */
3261 /* Create the signing key certificate. */
3264 /* Build the intro points descriptor section. The refresh step is just
3265 * before we upload so all circuits have been properly established. */
3268 /* Set the desc revision counter right before uploading */
3270 }
3272 /** Scheduled event run from the main loop. Try to upload the descriptor for
3273 * each service. */
3274 STATIC void
3276 {
3277 /* Run v3+ check. */
3280 /* If we were asked to re-examine the hash ring, and it changed, then
3281 schedule an upload */
3285 }
3287 /* Can this descriptor be uploaded? */
3290 }
3300 /* We are about to upload so we need to do one last step which is to
3301 * update the service's descriptor mutable fields in order to upload a
3302 * coherent descriptor. */
3305 /* Proceed with the upload, the descriptor is ready to be encoded. */
3310 /* We are done considering whether to republish rend descriptors */
3312 }
3314 /** Called when the introduction point circuit is done building and ready to be
3315 * used. */
3316 static void
3318 {
3325 /* Let's do some basic sanity checking of the circ state */
3328 }
3331 }
3334 }
3336 /* Get the corresponding service and intro point. */
3345 }
3352 }
3353 /* We can't have an IP object without a descriptor. */
3357 /* Getting here means that the circuit has been re-purposed because we
3358 * have enough intro circuit opened. Remove the IP from the service. */
3361 }
3365 err:
3366 /* Close circuit, we can't use it. */
3368 done:
3370 }
3372 /** Called when a rendezvous circuit is done building and ready to be used. */
3373 static void
3375 {
3380 /* Getting here means this is a v3 rendezvous circuit. */
3384 /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
3385 * timestamp regardless of its content because that circuit could have been
3386 * cannibalized so in any cases, we are about to use that circuit more. */
3390 /* Get the corresponding service and intro point. */
3398 REND_COOKIE_LEN));
3400 }
3402 /* If the cell can't be sent, the circuit will be closed within this
3403 * function. */
3406 /* Update metrics that we have an established rendezvous circuit. It is not
3407 * entirely true until the client receives the RENDEZVOUS2 cell and starts
3408 * sending but if that circuit collapes, we'll decrement the counter thus it
3409 * will even out the metric. */
3412 }
3416 err:
3418 done:
3420 }
3422 /** We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just
3423 * arrived. Handle the INTRO_ESTABLISHED cell arriving on the given
3424 * introduction circuit. Return 0 on success else a negative value. */
3425 static int
3429 {
3437 /* We need the service and intro point for this cell. */
3440 /* Get service object from the circuit identifier. */
3447 }
3449 /* We don't recognize the key. */
3455 }
3457 /* Try to parse the payload into a cell making sure we do actually have a
3458 * valid cell. On success, the ip object and circuit purpose is updated to
3459 * reflect the fact that the introduction circuit is established. */
3463 }
3465 /* Update metrics. */
3474 err:
3476 }
3478 /** We just received an INTRODUCE2 cell on the established introduction circuit
3479 * circ. Handle the cell and return 0 on success else a negative value. */
3480 static int
3483 {
3492 /* We'll need every object associated with this circuit. */
3495 /* Get service object from the circuit identifier. */
3502 }
3504 /* We don't recognize the key. */
3510 }
3511 /* If we have an IP object, we MUST have a descriptor object. */
3514 /* The following will parse, decode and launch the rendezvous point circuit.
3515 * Both current and legacy cells are handled. */
3519 }
3520 /* Update metrics that a new introduction was successful. */
3524 err:
3526 }
3528 /** Add to list every filename used by service. This is used by the sandbox
3529 * subsystem. */
3530 static void
3532 {
3539 /* Ease our life. */
3541 /* The hostname file. */
3543 /* The key files split in two. */
3548 }
3550 /** Return true iff the given service identity key is present on disk. */
3551 static int
3553 {
3560 /* Build the v3 key path name and then try to load it. */
3566 }
3572 }
3574 /** This is a proxy function before actually calling hs_desc_encode_descriptor
3575 * because we need some preprocessing here */
3576 static int
3581 {
3589 /* If the client authorization is enabled, send the descriptor cookie to
3590 * hs_desc_encode_descriptor. Otherwise, send NULL */
3593 }
3599 }
3601 /* ========== */
3602 /* Public API */
3603 /* ========== */
3605 /* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent?
3606 */
3607 static int
3609 {
3610 /* !! is used to make these options boolean */
3613 }
3615 /* Do the options allow onion services to make direct (non-anonymous)
3616 * connections to introduction or rendezvous points?
3617 * Must only be called after options_validate_single_onion() has successfully
3618 * checked onion service option consistency.
3619 * Returns true if tor is in HiddenServiceSingleHopMode. */
3620 int
3622 {
3625 }
3627 /* Do the options allow us to reveal the exact startup time of the onion
3628 * service?
3629 * Single Onion Services prioritise availability over hiding their
3630 * startup time, as their IP address is publicly discoverable anyway.
3631 * Must only be called after options_validate_single_onion() has successfully
3632 * checked onion service option consistency.
3633 * Returns true if tor is in non-anonymous hidden service mode. */
3634 int
3636 {
3639 }
3641 /* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode
3642 * config option?
3643 * Must only be called after options_validate_single_onion() has successfully
3644 * checked onion service option consistency.
3645 */
3646 int
3648 {
3651 }
3653 /** Called when a circuit was just cleaned up. This is done right before the
3654 * circuit is marked for close. */
3655 void
3657 {
3663 /* About to close an established introduction circuit. Update the metrics
3664 * to reflect how many we have at the moment. */
3669 /* About to close an established rendezvous circuit. Update the metrics to
3670 * reflect how many we have at the moment. */
3676 }
3677 }
3679 /** This is called every time the service map changes that is if an
3680 * element is added or removed. */
3681 void
3683 {
3684 /* If we now have services where previously we had not, we need to enable
3685 * the HS service main loop event. If we changed to having no services, we
3686 * need to disable the event. */
3688 }
3690 /** Upload an encoded descriptor in encoded_desc of the given version. This
3691 * descriptor is for the service identity_pk and blinded_pk used to setup the
3692 * directory connection identifier. It is uploaded to the directory hsdir_rs
3693 * routerstatus_t object.
3694 *
3695 * NOTE: This function does NOT check for PublishHidServDescriptors because it
3696 * is only used by the control port command HSPOST outside of this subsystem.
3697 * Inside this code, upload_descriptor_to_hsdir() should be used. */
3698 void
3704 {
3707 hs_ident_dir_conn_t ident;
3714 /* Setup the connection identifier. */
3718 /* This is our resource when uploading which is used to construct the URL
3719 * with the version number: "/tor/hs/<version>/publish". */
3722 /* Build the directory request for this HSDir. */
3729 /* The ident object is copied over the directory connection object once
3730 * the directory request is initiated. */
3733 /* Initiate the directory request to the hsdir.*/
3736 }
3738 /** Add the ephemeral service using the secret key sk and ports. Both max
3739 * streams parameter will be set in the newly created service.
3740 *
3741 * Ownership of sk, ports, and auth_clients_v3 is passed to this routine.
3742 * Regardless of success/failure, callers should not touch these values
3743 * after calling this routine, and may assume that correct cleanup has
3744 * been done on failure.
3745 *
3746 * Return an appropriate hs_service_add_ephemeral_status_t. */
3747 hs_service_add_ephemeral_status_t
3752 {
3753 hs_service_add_ephemeral_status_t ret;
3762 /* Setup the service configuration with specifics. A default service is
3763 * HS_VERSION_TWO so explicitly set it. */
3771 /* Handle the keys. */
3779 }
3785 }
3787 /* Make sure we have at least one port. */
3793 }
3800 }
3801 });
3803 }
3805 /* Build the onion address for logging purposes but also the control port
3806 * uses it for the HS_DESC event. */
3811 /* The only way the registration can fail is if the service public key
3812 * already exists. */
3818 }
3827 err:
3830 end:
3834 }
3836 /** For the given onion address, delete the ephemeral service. Return 0 on
3837 * success else -1 on error. */
3838 int
3840 {
3842 ed25519_public_key_t pk;
3850 }
3856 }
3863 }
3869 }
3871 /* Close introduction circuits, remove from map and finally free. Notice
3872 * that the rendezvous circuits aren't closed in order for any existing
3873 * connections to finish. We let the application terminate them. */
3882 err:
3884 }
3886 /** Using the ed25519 public key pk, find a service for that key and return the
3887 * current encoded descriptor as a newly allocated string or NULL if not
3888 * found. This is used by the control port subsystem. */
3891 {
3899 /* No matter what is the result (which should never be a failure), return
3900 * the encoded variable, if success it will contain the right thing else
3901 * it will be NULL. */
3907 }
3910 }
3912 /** Return the number of service we have configured and usable. */
3915 {
3918 }
3920 }
3922 /** Given conn, a rendezvous edge connection acting as an exit stream, look up
3923 * the hidden service for the circuit circ, and look up the port and address
3924 * based on the connection port. Assign the actual connection address.
3925 *
3926 * Return 0 on success. Return -1 on failure and the caller should NOT close
3927 * the circuit. Return -2 on failure and the caller MUST close the circuit for
3928 * security reasons. */
3929 int
3932 {
3947 /* We want the caller to close the circuit because it's not a valid
3948 * service so no danger. Attempting to bruteforce the entire key space by
3949 * opening circuits to learn which service is being hosted here is
3950 * impractical. */
3952 }
3954 /* Enforce the streams-per-circuit limit, and refuse to provide a mapping if
3955 * this circuit will exceed the limit. */
3959 #define MAX_STREAM_WARN_INTERVAL 600
3963 "Maximum streams per circuit limit reached on "
3964 "rendezvous circuit %u for service %s. Circuit has "
3973 /* Service explicitly configured to close immediately. */
3975 }
3976 /* Exceeding the limit makes tor silently ignore the stream creation
3977 * request and keep the circuit open. */
3979 }
3981 /* Find a virtual port of that service matching the one in the connection if
3982 * successful, set the address in the connection. */
3988 /* Service explicitly allow connection to unknown ports so close right
3989 * away because we do not care about port mapping. */
3991 }
3992 /* If the service didn't explicitly allow it, we do NOT close the circuit
3993 * here to raise the bar in terms of performance for port mapping. */
3995 }
3997 /* Success. */
3999 err_close:
4000 /* Indicate the caller that the circuit should be closed. */
4002 err_no_close:
4003 /* Indicate the caller to NOT close the circuit. */
4005 }
4007 /** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
4008 * its clients? */
4009 hs_circuit_id_protocol_t
4011 {
4015 }
4018 }
4020 /** Add to file_list every filename used by a configured hidden service, and to
4021 * dir_list every directory path used by a configured hidden service. This is
4022 * used by the sandbox subsystem to allowlist those. */
4023 void
4026 {
4030 /* Add files and dirs for v3+. */
4032 /* Skip ephemeral service, they don't touch the disk. */
4035 }
4040 }
4042 /** Called when our internal view of the directory has changed. We might have
4043 * received a new batch of descriptors which might affect the shape of the
4044 * HSDir hash ring. Signal that we should reexamine the hash ring and
4045 * re-upload our HS descriptors if needed. */
4046 void
4048 {
4050 /* New directory information usually goes every consensus so rate limit
4051 * every 30 minutes to not be too conservative. */
4056 }
4057 }
4059 /** Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and
4060 * launch a circuit to the rendezvous point. */
4061 int
4064 {
4070 /* Do some initial validation and logging before we parse the cell */
4076 }
4081 }
4083 done:
4085 }
4087 /** Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an
4088 * established introduction point. Return 0 on success else a negative value
4089 * and the circuit is closed. */
4090 int
4094 {
4105 }
4109 }
4113 }
4115 err:
4118 }
4120 /** Called when any kind of hidden service circuit is done building thus
4121 * opened. This is the entry point from the circuit subsystem. */
4122 void
4124 {
4131 }
4136 }
4140 }
4141 }
4143 /** Return the service version by looking at the key in the service directory.
4144 * If the key is not found or unrecognized, -1 is returned. Else, the service
4145 * version is returned. */
4146 int
4148 {
4154 /* We'll try to load the key for version 3. If not found, we'll try version
4155 * 2 and if not found, we'll send back an unknown version (-1). */
4158 /* Version 3 check. */
4162 }
4164 end:
4166 }
4168 /** Load and/or generate keys for all onion services including the client
4169 * authorization if any. Return 0 on success, -1 on failure. */
4170 int
4172 {
4173 /* Load or/and generate them for v3+. */
4175 /* Ignore ephemeral service, they already have their keys set. */
4178 }
4183 }
4186 /* Final step, the staging list contains service in a quiescent state that
4187 * is ready to be used. Register them to the global map. Once this is over,
4188 * the staging list will be cleaned up. */
4191 /* All keys have been loaded successfully. */
4193 err:
4195 }
4197 /** Log the status of introduction points for all version 3 onion services
4198 * at log severity <b>severity</b>.
4199 */
4200 void
4202 {
4221 }
4225 }
4230 nickname);
4232 }
4239 }
4241 /** Put all service object in the given service list. After this, the caller
4242 * looses ownership of every elements in the list and responsible to free the
4243 * list pointer. */
4244 void
4246 {
4248 /* This list is freed at registration time but this function can be called
4249 * multiple time. */
4252 }
4253 /* Add all service object to our staging list. Caller is responsible for
4254 * freeing the service_list. */
4256 }
4258 /** Return a newly allocated list of all the service's metrics store. */
4259 smartlist_t *
4261 {
4268 }
4271 }
4273 /** Lookup the global service map for the given identitiy public key and
4274 * return the service object if found, NULL if not. */
4275 hs_service_t *
4277 {
4282 }
4284 }
4286 /** Allocate and initialize a service object. The service configuration will
4287 * contain the default values. Return the newly allocated object pointer. This
4288 * function can't fail. */
4289 hs_service_t *
4291 {
4293 /* Set default configuration value. */
4295 /* Set the default service version. */
4297 /* Allocate the CLIENT_PK replay cache in service state. */
4302 }
4304 /** Free the given <b>service</b> object and all its content. This function
4305 * also takes care of wiping service keys from memory. It is safe to pass a
4306 * NULL pointer. */
4307 void
4309 {
4312 }
4314 /* Free descriptors. Go over both descriptor with this loop. */
4319 /* Free service configuration. */
4322 /* Free replay cache from state. */
4325 }
4327 /* Free onionbalance subcredentials (if any) */
4330 }
4332 /* Free metrics object. */
4335 /* Wipe service keys. */
4339 }
4341 /** Periodic callback. Entry point from the main loop to the HS service
4342 * subsystem. This is call every second. This is skipped if tor can't build a
4343 * circuit or the network is disabled. */
4344 void
4346 {
4347 /* First thing we'll do here is to make sure our services are in a
4348 * quiescent state for the scheduled events. */
4351 /* Order matters here. We first make sure the descriptor object for each
4352 * service contains the latest data. Once done, we check if we need to open
4353 * new introduction circuit. Finally, we try to upload the descriptor for
4354 * each service. */
4356 /* Make sure descriptors are up to date. */
4358 /* Make sure services have enough circuits. */
4360 /* Upload the descriptors if needed/possible. */
4362 }
4364 /** Initialize the service HS subsystem. */
4365 void
4367 {
4368 /* Should never be called twice. */
4376 }
4378 /** Release all global storage of the hidden service subsystem. */
4379 void
4381 {
4384 }
4386 #ifdef TOR_UNIT_TESTS
4388 /** Return the global service map size. Only used by unit test. */
4389 STATIC unsigned int
4391 {
4393 }
4395 /** Return the staging list size. Only used by unit test. */
4396 STATIC int
4398 {
4400 }
4402 STATIC hs_service_ht *
4404 {
4406 }
4408 STATIC hs_service_t *
4410 {
4414 }
4416 }