| blob | 3ebe13fb4dbc83fa96b00319dc8aef0832a6d9d0 |
1 /* Copyright (c) 2016-2017, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file hs_cache.c
6 * \brief Handle hidden service descriptor caches.
7 **/
9 /* For unit tests.*/
10 #define HS_CACHE_PRIVATE
26 /********************** Directory HS cache ******************/
28 /* Directory descriptor cache. Map indexed by blinded key. */
31 /* Remove a given descriptor from our cache. */
32 static void
34 {
37 }
39 /* Store a given descriptor in our cache. */
40 static void
42 {
45 }
47 /* Query our cache and return the entry or NULL if not found. */
50 {
53 }
55 /* Free a directory descriptor object. */
56 static void
58 {
61 }
65 }
67 /* Helper function: Use by the free all function using the digest256map
68 * interface to cache entries. */
69 static void
71 {
74 }
76 /* Create a new directory cache descriptor object from a encoded descriptor.
77 * On success, return the heap-allocated cache object, otherwise return NULL if
78 * we can't decode the descriptor. */
81 {
94 }
96 /* The blinded pubkey is the indexed key. */
101 err:
104 }
106 /* Return the size of a cache entry in bytes. */
107 static size_t
109 {
112 }
114 /* Try to store a valid version 3 descriptor in the directory cache. Return 0
115 * on success else a negative value is returned indicating that we have a
116 * newer version in our cache. On error, caller is responsible to free the
117 * given descriptor desc. */
118 static int
120 {
125 /* Verify if we have an entry in the cache for that key and if yes, check
126 * if we should replace it? */
129 /* Only replace descriptor if revision-counter is greater than the one
130 * in our cache */
134 "greater or equal than the one we received (%d/%d). "
139 }
140 /* We now know that the descriptor we just received is a new one so
141 * remove the entry we currently have from our cache so we can then
142 * store the new one. */
146 }
147 /* Store the descriptor we just got. We are sure here that either we
148 * don't have the entry or we have a newer descriptor and the old one
149 * has been removed from the cache. */
152 /* Update our total cache size with this entry for the OOM. This uses the
153 * old HS protocol cache subsystem for which we are tied with. */
156 /* XXX: Update HS statistics. We should have specific stats for v3. */
160 err:
162 }
164 /* Using the query which is the base64 encoded blinded key of a version 3
165 * descriptor, lookup in our directory cache the entry. If found, 1 is
166 * returned and desc_out is populated with a newly allocated string being the
167 * encoded descriptor. If not found, 0 is returned and desc_out is untouched.
168 * On error, a negative value is returned and desc_out is untouched. */
169 static int
171 {
173 ed25519_public_key_t blinded_key;
178 /* Decode blinded key using the given query value. */
183 }
190 }
191 }
195 err:
197 }
199 /* Clean the v3 cache by removing any entry that has expired using the
200 * <b>global_cutoff</b> value. If <b>global_cutoff</b> is 0, the cleaning
201 * process will use the lifetime found in the plaintext data section. Return
202 * the number of bytes cleaned. */
203 STATIC size_t
205 {
208 /* Code flow error if this ever happens. */
213 }
220 /* Cutoff is the lifetime of the entry found in the descriptor. */
222 }
224 /* If the entry has been created _after_ the cutoff, not expired so
225 * continue to the next entry in our v3 cache. */
228 }
229 /* Here, our entry has expired, remove and free. */
233 /* Entry is not in the cache anymore, destroy it. */
235 /* Update our cache entry allocation size for the OOM. */
237 /* Logging. */
238 {
243 }
247 }
249 /* Given an encoded descriptor, store it in the directory cache depending on
250 * which version it is. Return a negative value on error. On success, 0 is
251 * returned. */
252 int
254 {
259 /* Create a new cache object. This can fail if the descriptor plaintext data
260 * is unparseable which in this case a log message will be triggered. */
264 }
266 /* Call the right function against the descriptor version. At this point,
267 * we are sure that the descriptor's version is supported else the
268 * decoding would have failed. */
274 }
276 }
279 err:
282 }
284 /* Using the query, lookup in our directory cache the entry. If found, 1 is
285 * returned and desc_out is populated with a newly allocated string being
286 * the encoded descriptor. If not found, 0 is returned and desc_out is
287 * untouched. On error, a negative value is returned and desc_out is
288 * untouched. */
289 int
292 {
296 /* This should never be called with an unsupported version. */
304 }
307 }
309 /* Clean all directory caches using the current time now. */
310 void
312 {
315 /* Start with v2 cache cleaning. */
319 /* Now, clean the v3 cache. Set the cutoff to 0 telling the cleanup function
320 * to compute the cutoff by itself using the lifetime value. */
322 }
324 /********************** Client-side HS cache ******************/
326 /* Client-side HS descriptor cache. Map indexed by service identity key. */
329 /* Client-side introduction point state cache. Map indexed by service public
330 * identity key (onion address). It contains hs_cache_client_intro_state_t
331 * objects all related to a specific service. */
334 /* Return the size of a client cache entry in bytes. */
335 static size_t
337 {
340 }
342 /* Remove a given descriptor from our cache. */
343 static void
345 {
348 /* Update cache size with this entry for the OOM handler. */
350 }
352 /* Store a given descriptor in our cache. */
353 static void
355 {
358 /* Update cache size with this entry for the OOM handler. */
360 }
362 /* Query our cache and return the entry or NULL if not found or if expired. */
363 STATIC hs_cache_client_descriptor_t *
365 {
371 /* Do the lookup */
375 }
377 /* Don't return expired entries */
380 }
383 }
385 /* Parse the encoded descriptor in <b>desc_str</b> using
386 * <b>service_identity_pk<b> to decrypt it first.
387 *
388 * If everything goes well, allocate and return a new
389 * hs_cache_client_descriptor_t object. In case of error, return NULL. */
393 {
400 /* Decode the descriptor we just fetched. */
403 }
406 /* All is good: make a cache object for this descriptor */
409 /* Set expiration time for this cached descriptor to be the start of the next
410 * time period since that's when clients need to start using the next blinded
411 * pk of the service (and hence will need its next descriptor). */
416 end:
418 }
420 /** Free memory allocated by <b>desc</b>. */
421 static void
423 {
426 }
432 }
434 /** Helper function: Use by the free all function to clear the client cache */
435 static void
437 {
440 }
442 /* Return a newly allocated and initialized hs_cache_intro_state_t object. */
445 {
449 }
451 /* Free an hs_cache_intro_state_t object. */
452 static void
454 {
456 }
458 /* Helper function: use by the free all function. */
459 static void
461 {
463 }
465 /* Return a newly allocated and initialized hs_cache_client_intro_state_t
466 * object. */
469 {
473 }
475 /* Free a cache client intro state object. */
476 static void
478 {
481 }
484 }
486 /* Helper function: use by the free all function. */
487 static void
489 {
491 }
493 /* For the given service identity key service_pk and an introduction
494 * authentication key auth_key, lookup the intro state object. Return 1 if
495 * found and put it in entry if not NULL. Return 0 if not found and entry is
496 * untouched. */
497 static int
501 {
508 /* Lookup the intro state cache for this service key. */
512 }
514 /* From the cache we just found for the service, lookup in the introduction
515 * points map for the given authentication key. */
519 }
522 }
524 not_found:
526 }
528 /* Note the given failure in state. */
529 static void
531 rend_intro_point_failure_t failure)
532 {
547 }
548 }
550 /* For the given service identity key service_pk and an introduction
551 * authentication key auth_key, add an entry in the client intro state cache
552 * If no entry exists for the service, it will create one. If state is non
553 * NULL, it will point to the new intro state entry. */
554 static void
558 {
565 /* Lookup the state cache for this service key. */
570 }
574 /* This should never happened because the code flow is to lookup the entry
575 * before adding it. But, just in case, non fatal assert and free it. */
581 }
582 }
584 /* Remove every intro point state entry from cache that has been created
585 * before or at the cutoff. */
586 static void
589 {
597 }
599 }
601 /* Return true iff no intro points are in this cache. */
602 static int
604 {
606 }
608 /** Check whether <b>client_desc</b> is useful for us, and store it in the
609 * client-side HS cache if so. The client_desc is freed if we already have a
610 * fresher (higher revision counter count) in the cache. */
611 static int
613 {
616 /* TODO: Heavy code duplication with cache_store_as_dir(). Consider
617 * refactoring and uniting! */
621 /* Check if we already have a descriptor from this HS in cache. If we do,
622 * check if this descriptor is newer than the cached one */
625 /* If we have an entry in our cache that has a revision counter greater
626 * than the one we just fetched, discard the one we fetched. */
631 }
632 /* Remove old entry. Make space for the new one! */
635 }
637 /* Store descriptor in cache */
640 done:
642 }
644 /* Return true iff the cached client descriptor at <b>cached_desc</b has
645 * expired. */
646 static int
649 {
650 /* We use the current consensus time to see if we should expire this
651 * descriptor since we use consensus time for all other parts of the protocol
652 * as well (e.g. to build the blinded key and compute time periods). */
654 /* If we don't have a recent consensus, consider this entry expired since we
655 * will want to fetch a new HS desc when we get a live consensus. */
658 }
662 }
665 }
667 /* clean the client cache using now as the current time. Return the total size
668 * of removed bytes from the cache. */
669 static size_t
671 {
676 }
682 /* If the entry has not expired, continue to the next cached entry */
685 }
686 /* Here, our entry has expired, remove and free. */
690 /* Entry is not in the cache anymore, destroy it. */
692 /* Update our OOM. We didn't use the remove() function because we are in
693 * a loop so we have to explicitely decrement. */
695 /* Logging. */
696 {
702 }
706 }
708 /** Public API: Given the HS ed25519 identity public key in <b>key</b>, return
709 * its HS descriptor if it's stored in our cache, or NULL if not. */
712 {
721 }
724 }
726 /** Public API: Given an encoded descriptor, store it in the client HS
727 * cache. Return -1 on error, 0 on success .*/
728 int
731 {
737 /* Create client cache descriptor object */
743 }
745 /* Push it to the cache */
748 }
752 err:
755 }
757 /* Clean all client caches using the current time now. */
758 void
760 {
761 /* Start with v2 cache cleaning. */
763 /* Now, clean the v3 cache. Set the cutoff to 0 telling the cleanup function
764 * to compute the cutoff by itself using the lifetime value. */
766 }
768 /* Purge the client descriptor cache. */
769 void
771 {
777 /* Update our OOM. We didn't use the remove() function because we are in
778 * a loop so we have to explicitely decrement. */
783 }
785 /* For a given service identity public key and an introduction authentication
786 * key, note the given failure in the client intro state cache. */
787 void
790 rend_intro_point_failure_t failure)
791 {
800 /* Create a new entry and add it to the cache. */
802 }
803 /* Note down the entry. */
805 }
807 /* For a given service identity public key and an introduction authentication
808 * key, return true iff it is present in the failure cache. */
812 {
816 }
818 /* Cleanup the client introduction state cache. */
819 void
821 {
826 /* Cleanup intro points failure. */
829 /* Is this cache empty for this service key? If yes, remove it from the
830 * cache. Else keep it. */
834 }
836 }
838 /* Purge the client introduction state cache. */
839 void
841 {
850 }
852 /**************** Generics *********************************/
854 /* Do a round of OOM cleanup on all directory caches. Return the amount of
855 * removed bytes. It is possible that the returned value is lower than
856 * min_remove_bytes if the caches get emptied out so the caller should be
857 * aware of this. */
858 size_t
860 {
864 /* Our OOM handler called with 0 bytes to remove is a code flow error. */
867 /* The algorithm is as follow. K is the oldest expected descriptor age.
868 *
869 * 1) Deallocate all entries from v2 cache that are older than K hours.
870 * 1.1) If the amount of remove bytes has been reached, stop.
871 * 2) Deallocate all entries from v3 cache that are older than K hours
872 * 2.1) If the amount of remove bytes has been reached, stop.
873 * 3) Set K = K - RendPostPeriod and repeat process until K is < 0.
874 *
875 * This ends up being O(Kn).
876 */
878 /* Set K to the oldest expected age in seconds which is the maximum
879 * lifetime of a cache entry. We'll use the v2 lifetime because it's much
880 * bigger than the v3 thus leading to cleaning older descriptors. */
886 /* If K becomes negative, it means we've empty the caches so stop and
887 * return what we were able to cleanup. */
890 }
891 /* Compute a cutoff value with K and the current time. */
894 /* Start by cleaning the v2 cache with that cutoff. */
898 /* We haven't remove enough bytes so clean v3 cache. */
900 /* Decrement K by a post period to shorten the cutoff. */
902 }
906 }
908 /* Return the maximum size of a v3 HS descriptor. */
909 unsigned int
911 {
915 }
917 /* Initialize the hidden service cache subsystem. */
918 void
920 {
921 /* Calling this twice is very wrong code flow. */
930 }
932 /* Cleanup the hidden service cache subsystem. */
933 void
935 {
943 cache_client_intro_state_free_);
945 }