1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2015, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
7 * \brief Client code to access location-hidden services.
11 #include "circpathbias.h"
12 #include "circuitbuild.h"
13 #include "circuitlist.h"
14 #include "circuituse.h"
16 #include "connection.h"
17 #include "connection_edge.h"
18 #include "directory.h"
20 #include "networkstatus.h"
23 #include "rendclient.h"
24 #include "rendcommon.h"
27 #include "routerlist.h"
28 #include "routerset.h"
31 static extend_info_t
*rend_client_get_random_intro_impl(
32 const rend_cache_entry_t
*rend_query
,
33 const int strict
, const int warnings
);
35 /** Purge all potentially remotely-detectable state held in the hidden
36 * service client code. Called on SIGNAL NEWNYM. */
38 rend_client_purge_state(void)
41 rend_cache_failure_purge();
42 rend_client_cancel_descriptor_fetches();
43 rend_client_purge_last_hid_serv_requests();
46 /** Called when we've established a circuit to an introduction point:
47 * send the introduction request. */
49 rend_client_introcirc_has_opened(origin_circuit_t
*circ
)
51 tor_assert(circ
->base_
.purpose
== CIRCUIT_PURPOSE_C_INTRODUCING
);
52 tor_assert(circ
->cpath
);
54 log_info(LD_REND
,"introcirc is open");
55 connection_ap_attach_pending(1);
58 /** Send the establish-rendezvous cell along a rendezvous circuit. if
59 * it fails, mark the circ for close and return -1. else return 0.
62 rend_client_send_establish_rendezvous(origin_circuit_t
*circ
)
64 tor_assert(circ
->base_
.purpose
== CIRCUIT_PURPOSE_C_ESTABLISH_REND
);
65 tor_assert(circ
->rend_data
);
66 log_info(LD_REND
, "Sending an ESTABLISH_RENDEZVOUS cell");
68 crypto_rand(circ
->rend_data
->rend_cookie
, REND_COOKIE_LEN
);
70 /* Set timestamp_dirty, because circuit_expire_building expects it,
71 * and the rend cookie also means we've used the circ. */
72 circ
->base_
.timestamp_dirty
= time(NULL
);
74 /* We've attempted to use this circuit. Probe it if we fail */
75 pathbias_count_use_attempt(circ
);
77 if (relay_send_command_from_edge(0, TO_CIRCUIT(circ
),
78 RELAY_COMMAND_ESTABLISH_RENDEZVOUS
,
79 circ
->rend_data
->rend_cookie
,
81 circ
->cpath
->prev
)<0) {
82 /* circ is already marked for close */
83 log_warn(LD_GENERAL
, "Couldn't send ESTABLISH_RENDEZVOUS cell");
90 /** Extend the introduction circuit <b>circ</b> to another valid
91 * introduction point for the hidden service it is trying to connect
92 * to, or mark it and launch a new circuit if we can't extend it.
93 * Return 0 on success or possible success. Return -1 and mark the
94 * introduction circuit for close on permanent failure.
96 * On failure, the caller is responsible for marking the associated
97 * rendezvous circuit for close. */
99 rend_client_reextend_intro_circuit(origin_circuit_t
*circ
)
101 extend_info_t
*extend_info
;
103 extend_info
= rend_client_get_random_intro(circ
->rend_data
);
106 "No usable introduction points left for %s. Closing.",
107 safe_str_client(circ
->rend_data
->onion_address
));
108 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_INTERNAL
);
111 // XXX: should we not re-extend if hs_circ_has_timed_out?
112 if (circ
->remaining_relay_early_cells
) {
114 "Re-extending circ %u, this time to %s.",
115 (unsigned)circ
->base_
.n_circ_id
,
116 safe_str_client(extend_info_describe(extend_info
)));
117 result
= circuit_extend_to_new_exit(circ
, extend_info
);
120 "Closing intro circ %u (out of RELAY_EARLY cells).",
121 (unsigned)circ
->base_
.n_circ_id
);
122 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_FINISHED
);
123 /* connection_ap_handshake_attach_circuit will launch a new intro circ. */
126 extend_info_free(extend_info
);
130 /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
131 * down introcirc if possible.
134 rend_client_send_introduction(origin_circuit_t
*introcirc
,
135 origin_circuit_t
*rendcirc
)
139 char payload
[RELAY_PAYLOAD_SIZE
];
140 char tmp
[RELAY_PAYLOAD_SIZE
];
141 rend_cache_entry_t
*entry
= NULL
;
144 crypto_pk_t
*intro_key
= NULL
;
147 tor_assert(introcirc
->base_
.purpose
== CIRCUIT_PURPOSE_C_INTRODUCING
);
148 tor_assert(rendcirc
->base_
.purpose
== CIRCUIT_PURPOSE_C_REND_READY
);
149 tor_assert(introcirc
->rend_data
);
150 tor_assert(rendcirc
->rend_data
);
151 tor_assert(!rend_cmp_service_ids(introcirc
->rend_data
->onion_address
,
152 rendcirc
->rend_data
->onion_address
));
153 #ifndef NON_ANONYMOUS_MODE_ENABLED
154 tor_assert(!(introcirc
->build_state
->onehop_tunnel
));
155 tor_assert(!(rendcirc
->build_state
->onehop_tunnel
));
158 r
= rend_cache_lookup_entry(introcirc
->rend_data
->onion_address
, -1,
160 /* An invalid onion address is not possible else we have a big issue. */
161 tor_assert(r
!= -EINVAL
);
162 if (r
< 0 || !rend_client_any_intro_points_usable(entry
)) {
163 /* If the descriptor is not found or the intro points are not usable
164 * anymore, trigger a fetch. */
166 "query %s didn't have valid rend desc in cache. "
167 "Refetching descriptor.",
168 safe_str_client(introcirc
->rend_data
->onion_address
));
169 rend_client_refetch_v2_renddesc(introcirc
->rend_data
);
173 while ((conn
= connection_get_by_type_state_rendquery(CONN_TYPE_AP
,
174 AP_CONN_STATE_CIRCUIT_WAIT
,
175 introcirc
->rend_data
->onion_address
))) {
176 connection_ap_mark_as_non_pending_circuit(TO_ENTRY_CONN(conn
));
177 conn
->state
= AP_CONN_STATE_RENDDESC_WAIT
;
185 /* first 20 bytes of payload are the hash of the service's pk */
187 SMARTLIST_FOREACH(entry
->parsed
->intro_nodes
, rend_intro_point_t
*,
189 if (tor_memeq(introcirc
->build_state
->chosen_exit
->identity_digest
,
190 intro
->extend_info
->identity_digest
, DIGEST_LEN
)) {
191 intro_key
= intro
->intro_key
;
196 log_info(LD_REND
, "Could not find intro key for %s at %s; we "
197 "have a v2 rend desc with %d intro points. "
198 "Trying a different intro point...",
199 safe_str_client(introcirc
->rend_data
->onion_address
),
200 safe_str_client(extend_info_describe(
201 introcirc
->build_state
->chosen_exit
)),
202 smartlist_len(entry
->parsed
->intro_nodes
));
204 if (rend_client_reextend_intro_circuit(introcirc
)) {
212 if (crypto_pk_get_digest(intro_key
, payload
)<0) {
213 log_warn(LD_BUG
, "Internal error: couldn't hash public key.");
218 /* Initialize the pending_final_cpath and start the DH handshake. */
219 cpath
= rendcirc
->build_state
->pending_final_cpath
;
221 cpath
= rendcirc
->build_state
->pending_final_cpath
=
222 tor_malloc_zero(sizeof(crypt_path_t
));
223 cpath
->magic
= CRYPT_PATH_MAGIC
;
224 if (!(cpath
->rend_dh_handshake_state
= crypto_dh_new(DH_TYPE_REND
))) {
225 log_warn(LD_BUG
, "Internal error: couldn't allocate DH.");
229 if (crypto_dh_generate_public(cpath
->rend_dh_handshake_state
)<0) {
230 log_warn(LD_BUG
, "Internal error: couldn't generate g^x.");
236 /* If version is 3, write (optional) auth data and timestamp. */
237 if (entry
->parsed
->protocols
& (1<<3)) {
238 tmp
[0] = 3; /* version 3 of the cell format */
239 tmp
[1] = (uint8_t)introcirc
->rend_data
->auth_type
; /* auth type, if any */
241 if (introcirc
->rend_data
->auth_type
!= REND_NO_AUTH
) {
242 set_uint16(tmp
+2, htons(REND_DESC_COOKIE_LEN
));
243 memcpy(tmp
+4, introcirc
->rend_data
->descriptor_cookie
,
244 REND_DESC_COOKIE_LEN
);
245 v3_shift
+= 2+REND_DESC_COOKIE_LEN
;
247 /* Once this held a timestamp. */
248 set_uint32(tmp
+v3_shift
+1, 0);
250 } /* if version 2 only write version number */
251 else if (entry
->parsed
->protocols
& (1<<2)) {
252 tmp
[0] = 2; /* version 2 of the cell format */
255 /* write the remaining items into tmp */
256 if (entry
->parsed
->protocols
& (1<<3) || entry
->parsed
->protocols
& (1<<2)) {
257 /* version 2 format */
258 extend_info_t
*extend_info
= rendcirc
->build_state
->chosen_exit
;
261 set_uint32(tmp
+v3_shift
+1, tor_addr_to_ipv4n(&extend_info
->addr
));
262 set_uint16(tmp
+v3_shift
+5, htons(extend_info
->port
));
263 memcpy(tmp
+v3_shift
+7, extend_info
->identity_digest
, DIGEST_LEN
);
264 klen
= crypto_pk_asn1_encode(extend_info
->onion_key
,
265 tmp
+v3_shift
+7+DIGEST_LEN
+2,
266 sizeof(tmp
)-(v3_shift
+7+DIGEST_LEN
+2));
267 set_uint16(tmp
+v3_shift
+7+DIGEST_LEN
, htons(klen
));
268 memcpy(tmp
+v3_shift
+7+DIGEST_LEN
+2+klen
, rendcirc
->rend_data
->rend_cookie
,
270 dh_offset
= v3_shift
+7+DIGEST_LEN
+2+klen
+REND_COOKIE_LEN
;
273 strncpy(tmp
, rendcirc
->build_state
->chosen_exit
->nickname
,
274 (MAX_NICKNAME_LEN
+1)); /* nul pads */
275 memcpy(tmp
+MAX_NICKNAME_LEN
+1, rendcirc
->rend_data
->rend_cookie
,
277 dh_offset
= MAX_NICKNAME_LEN
+1+REND_COOKIE_LEN
;
280 if (crypto_dh_get_public(cpath
->rend_dh_handshake_state
, tmp
+dh_offset
,
282 log_warn(LD_BUG
, "Internal error: couldn't extract g^x.");
287 note_crypto_pk_op(REND_CLIENT
);
288 /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
289 * to avoid buffer overflows? */
290 r
= crypto_pk_public_hybrid_encrypt(intro_key
, payload
+DIGEST_LEN
,
291 sizeof(payload
)-DIGEST_LEN
,
293 (int)(dh_offset
+DH_KEY_LEN
),
294 PK_PKCS1_OAEP_PADDING
, 0);
296 log_warn(LD_BUG
,"Internal error: hybrid pk encrypt failed.");
301 payload_len
= DIGEST_LEN
+ r
;
302 tor_assert(payload_len
<= RELAY_PAYLOAD_SIZE
); /* we overran something */
304 /* Copy the rendezvous cookie from rendcirc to introcirc, so that
305 * when introcirc gets an ack, we can change the state of the right
306 * rendezvous circuit. */
307 memcpy(introcirc
->rend_data
->rend_cookie
, rendcirc
->rend_data
->rend_cookie
,
310 log_info(LD_REND
, "Sending an INTRODUCE1 cell");
311 if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc
),
312 RELAY_COMMAND_INTRODUCE1
,
313 payload
, payload_len
,
314 introcirc
->cpath
->prev
)<0) {
315 /* introcirc is already marked for close. leave rendcirc alone. */
316 log_warn(LD_BUG
, "Couldn't send INTRODUCE1 cell");
321 /* Now, we wait for an ACK or NAK on this circuit. */
322 circuit_change_purpose(TO_CIRCUIT(introcirc
),
323 CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
);
324 /* Set timestamp_dirty, because circuit_expire_building expects it
325 * to specify when a circuit entered the _C_INTRODUCE_ACK_WAIT
327 introcirc
->base_
.timestamp_dirty
= time(NULL
);
329 pathbias_count_use_attempt(introcirc
);
334 if (!introcirc
->base_
.marked_for_close
)
335 circuit_mark_for_close(TO_CIRCUIT(introcirc
), END_CIRC_REASON_INTERNAL
);
336 circuit_mark_for_close(TO_CIRCUIT(rendcirc
), END_CIRC_REASON_INTERNAL
);
338 memwipe(payload
, 0, sizeof(payload
));
339 memwipe(tmp
, 0, sizeof(tmp
));
344 /** Called when a rendezvous circuit is open; sends a establish
345 * rendezvous circuit as appropriate. */
347 rend_client_rendcirc_has_opened(origin_circuit_t
*circ
)
349 tor_assert(circ
->base_
.purpose
== CIRCUIT_PURPOSE_C_ESTABLISH_REND
);
351 log_info(LD_REND
,"rendcirc is open");
353 /* generate a rendezvous cookie, store it in circ */
354 if (rend_client_send_establish_rendezvous(circ
) < 0) {
360 * Called to close other intro circuits we launched in parallel.
363 rend_client_close_other_intros(const char *onion_address
)
365 /* abort parallel intro circs, if any */
366 SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t
*, c
) {
367 if ((c
->purpose
== CIRCUIT_PURPOSE_C_INTRODUCING
||
368 c
->purpose
== CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
) &&
369 !c
->marked_for_close
&& CIRCUIT_IS_ORIGIN(c
)) {
370 origin_circuit_t
*oc
= TO_ORIGIN_CIRCUIT(c
);
372 !rend_cmp_service_ids(onion_address
,
373 oc
->rend_data
->onion_address
)) {
374 log_info(LD_REND
|LD_CIRC
, "Closing introduction circuit %d that we "
375 "built in parallel (Purpose %d).", oc
->global_identifier
,
377 circuit_mark_for_close(c
, END_CIRC_REASON_IP_NOW_REDUNDANT
);
381 SMARTLIST_FOREACH_END(c
);
384 /** Called when get an ACK or a NAK for a REND_INTRODUCE1 cell.
387 rend_client_introduction_acked(origin_circuit_t
*circ
,
388 const uint8_t *request
, size_t request_len
)
390 origin_circuit_t
*rendcirc
;
391 (void) request
; // XXXX Use this.
393 if (circ
->base_
.purpose
!= CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
) {
394 log_warn(LD_PROTOCOL
,
395 "Received REND_INTRODUCE_ACK on unexpected circuit %u.",
396 (unsigned)circ
->base_
.n_circ_id
);
397 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_TORPROTOCOL
);
401 tor_assert(circ
->build_state
->chosen_exit
);
402 #ifndef NON_ANONYMOUS_MODE_ENABLED
403 tor_assert(!(circ
->build_state
->onehop_tunnel
));
405 tor_assert(circ
->rend_data
);
407 /* For path bias: This circuit was used successfully. Valid
408 * nacks and acks count. */
409 pathbias_mark_use_success(circ
);
411 if (request_len
== 0) {
412 /* It's an ACK; the introduction point relayed our introduction request. */
413 /* Locate the rend circ which is waiting to hear about this ack,
416 log_info(LD_REND
,"Received ack. Telling rend circ...");
417 rendcirc
= circuit_get_ready_rend_circ_by_rend_data(circ
->rend_data
);
418 if (rendcirc
) { /* remember the ack */
419 #ifndef NON_ANONYMOUS_MODE_ENABLED
420 tor_assert(!(rendcirc
->build_state
->onehop_tunnel
));
422 circuit_change_purpose(TO_CIRCUIT(rendcirc
),
423 CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
);
424 /* Set timestamp_dirty, because circuit_expire_building expects
425 * it to specify when a circuit entered the
426 * _C_REND_READY_INTRO_ACKED state. */
427 rendcirc
->base_
.timestamp_dirty
= time(NULL
);
429 log_info(LD_REND
,"...Found no rend circ. Dropping on the floor.");
431 /* close the circuit: we won't need it anymore. */
432 circuit_change_purpose(TO_CIRCUIT(circ
),
433 CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
);
434 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_FINISHED
);
436 /* close any other intros launched in parallel */
437 rend_client_close_other_intros(circ
->rend_data
->onion_address
);
439 /* It's a NAK; the introduction point didn't relay our request. */
440 circuit_change_purpose(TO_CIRCUIT(circ
), CIRCUIT_PURPOSE_C_INTRODUCING
);
441 /* Remove this intro point from the set of viable introduction
442 * points. If any remain, extend to a new one and try again.
443 * If none remain, refetch the service descriptor.
445 log_info(LD_REND
, "Got nack for %s from %s...",
446 safe_str_client(circ
->rend_data
->onion_address
),
447 safe_str_client(extend_info_describe(circ
->build_state
->chosen_exit
)));
448 if (rend_client_report_intro_point_failure(circ
->build_state
->chosen_exit
,
450 INTRO_POINT_FAILURE_GENERIC
)>0) {
451 /* There are introduction points left. Re-extend the circuit to
452 * another intro point and try again. */
453 int result
= rend_client_reextend_intro_circuit(circ
);
454 /* XXXX If that call failed, should we close the rend circuit,
458 /* Close circuit because no more intro points are usable thus not
459 * useful anymore. Change it's purpose before so we don't report an
460 * intro point failure again triggering an extra descriptor fetch. */
461 circuit_change_purpose(TO_CIRCUIT(circ
),
462 CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
);
463 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_FINISHED
);
469 /** The period for which a hidden service directory cannot be queried for
470 * the same descriptor ID again. */
471 #define REND_HID_SERV_DIR_REQUERY_PERIOD (15 * 60)
473 /** Contains the last request times to hidden service directories for
474 * certain queries; each key is a string consisting of the
475 * concatenation of a base32-encoded HS directory identity digest and
476 * base32-encoded HS descriptor ID; each value is a pointer to a time_t
477 * holding the time of the last request for that descriptor ID to that
479 static strmap_t
*last_hid_serv_requests_
= NULL
;
481 /** Returns last_hid_serv_requests_, initializing it to a new strmap if
484 get_last_hid_serv_requests(void)
486 if (!last_hid_serv_requests_
)
487 last_hid_serv_requests_
= strmap_new();
488 return last_hid_serv_requests_
;
491 #define LAST_HID_SERV_REQUEST_KEY_LEN (REND_DESC_ID_V2_LEN_BASE32 + \
492 REND_DESC_ID_V2_LEN_BASE32)
494 /** Look up the last request time to hidden service directory <b>hs_dir</b>
495 * for descriptor ID <b>desc_id_base32</b>. If <b>set</b> is non-zero,
496 * assign the current time <b>now</b> and return that. Otherwise, return the
497 * most recent request time, or 0 if no such request has been sent before.
500 lookup_last_hid_serv_request(routerstatus_t
*hs_dir
,
501 const char *desc_id_base32
,
504 char hsdir_id_base32
[REND_DESC_ID_V2_LEN_BASE32
+ 1];
505 char hsdir_desc_comb_id
[LAST_HID_SERV_REQUEST_KEY_LEN
+ 1];
506 time_t *last_request_ptr
;
507 strmap_t
*last_hid_serv_requests
= get_last_hid_serv_requests();
508 base32_encode(hsdir_id_base32
, sizeof(hsdir_id_base32
),
509 hs_dir
->identity_digest
, DIGEST_LEN
);
510 tor_snprintf(hsdir_desc_comb_id
, sizeof(hsdir_desc_comb_id
), "%s%s",
513 /* XXX023 tor_assert(strlen(hsdir_desc_comb_id) ==
514 LAST_HID_SERV_REQUEST_KEY_LEN); */
517 last_request_ptr
= tor_malloc_zero(sizeof(time_t));
518 *last_request_ptr
= now
;
519 oldptr
= strmap_set(last_hid_serv_requests
, hsdir_desc_comb_id
,
523 last_request_ptr
= strmap_get_lc(last_hid_serv_requests
,
525 return (last_request_ptr
) ? *last_request_ptr
: 0;
528 /** Clean the history of request times to hidden service directories, so that
529 * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
530 * seconds any more. */
532 directory_clean_last_hid_serv_requests(time_t now
)
535 time_t cutoff
= now
- REND_HID_SERV_DIR_REQUERY_PERIOD
;
536 strmap_t
*last_hid_serv_requests
= get_last_hid_serv_requests();
537 for (iter
= strmap_iter_init(last_hid_serv_requests
);
538 !strmap_iter_done(iter
); ) {
542 strmap_iter_get(iter
, &key
, &val
);
543 ent
= (time_t *) val
;
545 iter
= strmap_iter_next_rmv(last_hid_serv_requests
, iter
);
548 iter
= strmap_iter_next(last_hid_serv_requests
, iter
);
553 /** Remove all requests related to the descriptor ID <b>desc_id</b> from the
554 * history of times of requests to hidden service directories.
555 * <b>desc_id</b> is an unencoded descriptor ID of size DIGEST_LEN.
557 * This is called from rend_client_note_connection_attempt_ended(), which
558 * must be idempotent, so any future changes to this function must leave it
561 purge_hid_serv_from_last_hid_serv_requests(const char *desc_id
)
564 strmap_t
*last_hid_serv_requests
= get_last_hid_serv_requests();
565 char desc_id_base32
[REND_DESC_ID_V2_LEN_BASE32
+ 1];
567 /* Key is stored with the base32 encoded desc_id. */
568 base32_encode(desc_id_base32
, sizeof(desc_id_base32
), desc_id
,
570 for (iter
= strmap_iter_init(last_hid_serv_requests
);
571 !strmap_iter_done(iter
); ) {
574 strmap_iter_get(iter
, &key
, &val
);
575 /* XXX023 tor_assert(strlen(key) == LAST_HID_SERV_REQUEST_KEY_LEN); */
576 if (tor_memeq(key
+ LAST_HID_SERV_REQUEST_KEY_LEN
-
577 REND_DESC_ID_V2_LEN_BASE32
,
579 REND_DESC_ID_V2_LEN_BASE32
)) {
580 iter
= strmap_iter_next_rmv(last_hid_serv_requests
, iter
);
583 iter
= strmap_iter_next(last_hid_serv_requests
, iter
);
588 /** Purge the history of request times to hidden service directories,
589 * so that future lookups of an HS descriptor will not fail because we
590 * accessed all of the HSDir relays responsible for the descriptor
593 rend_client_purge_last_hid_serv_requests(void)
595 /* Don't create the table if it doesn't exist yet (and it may very
596 * well not exist if the user hasn't accessed any HSes)... */
597 strmap_t
*old_last_hid_serv_requests
= last_hid_serv_requests_
;
598 /* ... and let get_last_hid_serv_requests re-create it for us if
600 last_hid_serv_requests_
= NULL
;
602 if (old_last_hid_serv_requests
!= NULL
) {
603 log_info(LD_REND
, "Purging client last-HS-desc-request-time table");
604 strmap_free(old_last_hid_serv_requests
, tor_free_
);
608 /** This returns a good valid hs dir that should be used for the given
611 * Return NULL on error else the hsdir node pointer. */
612 static routerstatus_t
*
613 pick_hsdir(const char *desc_id
, const char *desc_id_base32
)
615 smartlist_t
*responsible_dirs
= smartlist_new();
616 smartlist_t
*usable_responsible_dirs
= smartlist_new();
617 const or_options_t
*options
= get_options();
618 routerstatus_t
*hs_dir
;
619 time_t now
= time(NULL
);
623 tor_assert(desc_id_base32
);
625 /* Determine responsible dirs. Even if we can't get all we want, work with
626 * the ones we have. If it's empty, we'll notice below. */
627 hid_serv_get_responsible_directories(responsible_dirs
, desc_id
);
629 /* Clean request history first. */
630 directory_clean_last_hid_serv_requests(now
);
632 /* Only select those hidden service directories to which we did not send a
633 * request recently and for which we have a router descriptor here. */
634 SMARTLIST_FOREACH_BEGIN(responsible_dirs
, routerstatus_t
*, dir
) {
635 time_t last
= lookup_last_hid_serv_request(dir
, desc_id_base32
,
637 const node_t
*node
= node_get_by_id(dir
->identity_digest
);
638 if (last
+ REND_HID_SERV_DIR_REQUERY_PERIOD
>= now
||
639 !node
|| !node_has_descriptor(node
)) {
640 SMARTLIST_DEL_CURRENT(responsible_dirs
, dir
);
643 if (!routerset_contains_node(options
->ExcludeNodes
, node
)) {
644 smartlist_add(usable_responsible_dirs
, dir
);
646 } SMARTLIST_FOREACH_END(dir
);
649 smartlist_len(usable_responsible_dirs
) < smartlist_len(responsible_dirs
);
651 hs_dir
= smartlist_choose(usable_responsible_dirs
);
652 if (!hs_dir
&& !options
->StrictNodes
) {
653 hs_dir
= smartlist_choose(responsible_dirs
);
656 smartlist_free(responsible_dirs
);
657 smartlist_free(usable_responsible_dirs
);
659 log_info(LD_REND
, "Could not pick one of the responsible hidden "
660 "service directories, because we requested them all "
661 "recently without success.");
662 if (options
->StrictNodes
&& excluded_some
) {
663 log_warn(LD_REND
, "Could not pick a hidden service directory for the "
664 "requested hidden service: they are all either down or "
665 "excluded, and StrictNodes is set.");
668 /* Remember that we are requesting a descriptor from this hidden service
670 lookup_last_hid_serv_request(hs_dir
, desc_id_base32
, now
, 1);
676 /** Determine the responsible hidden service directories for <b>desc_id</b>
677 * and fetch the descriptor with that ID from one of them. Only
678 * send a request to a hidden service directory that we have not yet tried
679 * during this attempt to connect to this hidden service; on success, return 1,
680 * in the case that no hidden service directory is left to ask for the
681 * descriptor, return 0, and in case of a failure -1. */
683 directory_get_from_hs_dir(const char *desc_id
, const rend_data_t
*rend_query
,
684 routerstatus_t
*rs_hsdir
)
686 routerstatus_t
*hs_dir
= rs_hsdir
;
688 char desc_id_base32
[REND_DESC_ID_V2_LEN_BASE32
+ 1];
689 char descriptor_cookie_base64
[3*REND_DESC_COOKIE_LEN_BASE64
];
690 #ifdef ENABLE_TOR2WEB_MODE
691 const int tor2web_mode
= get_options()->Tor2webMode
;
692 const int how_to_fetch
= tor2web_mode
? DIRIND_ONEHOP
: DIRIND_ANONYMOUS
;
694 const int how_to_fetch
= DIRIND_ANONYMOUS
;
699 base32_encode(desc_id_base32
, sizeof(desc_id_base32
),
700 desc_id
, DIGEST_LEN
);
702 /* Automatically pick an hs dir if none given. */
704 hs_dir
= pick_hsdir(desc_id
, desc_id_base32
);
706 /* No suitable hs dir can be found, stop right now. */
711 /* Add a copy of the HSDir identity digest to the query so we can track it
712 * on the control port. */
713 hsdir_fp
= tor_memdup(hs_dir
->identity_digest
,
714 sizeof(hs_dir
->identity_digest
));
715 smartlist_add(rend_query
->hsdirs_fp
, hsdir_fp
);
717 /* Encode descriptor cookie for logging purposes. Also, if the cookie is
718 * malformed, no fetch is triggered thus this needs to be done before the
720 if (rend_query
->auth_type
!= REND_NO_AUTH
) {
721 if (base64_encode(descriptor_cookie_base64
,
722 sizeof(descriptor_cookie_base64
),
723 rend_query
->descriptor_cookie
, REND_DESC_COOKIE_LEN
,
725 log_warn(LD_BUG
, "Could not base64-encode descriptor cookie.");
728 /* Remove == signs. */
729 descriptor_cookie_base64
[strlen(descriptor_cookie_base64
)-2] = '\0';
731 strlcpy(descriptor_cookie_base64
, "(none)",
732 sizeof(descriptor_cookie_base64
));
735 /* Send fetch request. (Pass query and possibly descriptor cookie so that
736 * they can be written to the directory connection and be referred to when
737 * the response arrives. */
738 directory_initiate_command_routerstatus_rend(hs_dir
,
739 DIR_PURPOSE_FETCH_RENDDESC_V2
,
740 ROUTER_PURPOSE_GENERAL
,
745 log_info(LD_REND
, "Sending fetch request for v2 descriptor for "
746 "service '%s' with descriptor ID '%s', auth type %d, "
747 "and descriptor cookie '%s' to hidden service "
749 rend_query
->onion_address
, desc_id_base32
,
750 rend_query
->auth_type
,
751 (rend_query
->auth_type
== REND_NO_AUTH
? "[none]" :
752 escaped_safe_str_client(descriptor_cookie_base64
)),
753 routerstatus_describe(hs_dir
));
754 control_event_hs_descriptor_requested(rend_query
,
755 hs_dir
->identity_digest
,
760 /** Fetch a v2 descriptor using the given descriptor id. If any hsdir(s) are
761 * given, they will be used instead.
763 * On success, 1 is returned. If no hidden service is left to ask, return 0.
764 * On error, -1 is returned. */
766 fetch_v2_desc_by_descid(const char *desc_id
, const rend_data_t
*rend_query
,
771 tor_assert(rend_query
);
774 ret
= directory_get_from_hs_dir(desc_id
, rend_query
, NULL
);
775 goto end
; /* either success or failure, but we're done */
778 /* Using the given hsdir list, trigger a fetch on each of them. */
779 SMARTLIST_FOREACH_BEGIN(hsdirs
, routerstatus_t
*, hs_dir
) {
780 /* This should always be a success. */
781 ret
= directory_get_from_hs_dir(desc_id
, rend_query
, hs_dir
);
783 } SMARTLIST_FOREACH_END(hs_dir
);
785 /* Everything went well. */
792 /** Fetch a v2 descriptor using the onion address in the given query object.
793 * This will compute the descriptor id for each replicas and fetch it on the
794 * given hsdir(s) if any or the responsible ones that are choosen
797 * On success, 1 is returned. If no hidden service is left to ask, return 0.
798 * On error, -1 is returned. */
800 fetch_v2_desc_by_addr(rend_data_t
*query
, smartlist_t
*hsdirs
)
802 char descriptor_id
[DIGEST_LEN
];
803 int replicas_left_to_try
[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
];
804 int i
, tries_left
, ret
;
808 /* Randomly iterate over the replicas until a descriptor can be fetched
809 * from one of the consecutive nodes, or no options are left. */
810 for (i
= 0; i
< REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
; i
++) {
811 replicas_left_to_try
[i
] = i
;
814 tries_left
= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
;
815 while (tries_left
> 0) {
816 int rand
= crypto_rand_int(tries_left
);
817 int chosen_replica
= replicas_left_to_try
[rand
];
818 replicas_left_to_try
[rand
] = replicas_left_to_try
[--tries_left
];
820 ret
= rend_compute_v2_desc_id(descriptor_id
, query
->onion_address
,
821 query
->auth_type
== REND_STEALTH_AUTH
?
822 query
->descriptor_cookie
: NULL
,
823 time(NULL
), chosen_replica
);
825 /* Normally, on failure the descriptor_id is untouched but let's be
826 * safe in general in case the function changes at some point. */
830 if (tor_memcmp(descriptor_id
, query
->descriptor_id
[chosen_replica
],
831 sizeof(descriptor_id
)) != 0) {
832 /* Not equal from what we currently have so purge the last hid serv
833 * request cache and update the descriptor ID with the new value. */
834 purge_hid_serv_from_last_hid_serv_requests(
835 query
->descriptor_id
[chosen_replica
]);
836 memcpy(query
->descriptor_id
[chosen_replica
], descriptor_id
,
837 sizeof(query
->descriptor_id
[chosen_replica
]));
840 /* Trigger the fetch with the computed descriptor ID. */
841 ret
= fetch_v2_desc_by_descid(descriptor_id
, query
, hsdirs
);
843 /* Either on success or failure, as long as we tried a fetch we are
849 /* If we come here, there are no hidden service directories left. */
850 log_info(LD_REND
, "Could not pick one of the responsible hidden "
851 "service directories to fetch descriptors, because "
852 "we already tried them all unsuccessfully.");
856 memwipe(descriptor_id
, 0, sizeof(descriptor_id
));
860 /** Fetch a v2 descriptor using the given query. If any hsdir are specified,
861 * use them for the fetch.
863 * On success, 1 is returned. If no hidden service is left to ask, return 0.
864 * On error, -1 is returned. */
866 rend_client_fetch_v2_desc(rend_data_t
*query
, smartlist_t
*hsdirs
)
872 /* Depending on what's available in the rend data query object, we will
873 * trigger a fetch by HS address or using a descriptor ID. */
875 if (query
->onion_address
[0] != '\0') {
876 ret
= fetch_v2_desc_by_addr(query
, hsdirs
);
877 } else if (!tor_digest_is_zero(query
->desc_id_fetch
)) {
878 ret
= fetch_v2_desc_by_descid(query
->desc_id_fetch
, query
, hsdirs
);
880 /* Query data is invalid. */
889 /** Unless we already have a descriptor for <b>rend_query</b> with at least
890 * one (possibly) working introduction point in it, start a connection to a
891 * hidden service directory to fetch a v2 rendezvous service descriptor. */
893 rend_client_refetch_v2_renddesc(rend_data_t
*rend_query
)
896 rend_cache_entry_t
*e
= NULL
;
898 tor_assert(rend_query
);
899 /* Are we configured to fetch descriptors? */
900 if (!get_options()->FetchHidServDescriptors
) {
901 log_warn(LD_REND
, "We received an onion address for a v2 rendezvous "
902 "service descriptor, but are not fetching service descriptors.");
905 /* Before fetching, check if we already have a usable descriptor here. */
906 if (rend_cache_lookup_entry(rend_query
->onion_address
, -1, &e
) == 0 &&
907 rend_client_any_intro_points_usable(e
)) {
908 log_info(LD_REND
, "We would fetch a v2 rendezvous descriptor, but we "
909 "already have a usable descriptor here. Not fetching.");
912 log_debug(LD_REND
, "Fetching v2 rendezvous descriptor for service %s",
913 safe_str_client(rend_query
->onion_address
));
915 ret
= rend_client_fetch_v2_desc(rend_query
, NULL
);
917 /* Close pending connections on error or if no hsdir can be found. */
918 rend_client_desc_trynow(rend_query
->onion_address
);
923 /** Cancel all rendezvous descriptor fetches currently in progress.
926 rend_client_cancel_descriptor_fetches(void)
928 smartlist_t
*connection_array
= get_connection_array();
930 SMARTLIST_FOREACH_BEGIN(connection_array
, connection_t
*, conn
) {
931 if (conn
->type
== CONN_TYPE_DIR
&&
932 conn
->purpose
== DIR_PURPOSE_FETCH_RENDDESC_V2
) {
933 /* It's a rendezvous descriptor fetch in progress -- cancel it
934 * by marking the connection for close.
936 * Even if this connection has already reached EOF, this is
937 * enough to make sure that if the descriptor hasn't been
938 * processed yet, it won't be. See the end of
939 * connection_handle_read; connection_reached_eof (indirectly)
940 * processes whatever response the connection received. */
942 const rend_data_t
*rd
= (TO_DIR_CONN(conn
))->rend_data
;
944 log_warn(LD_BUG
| LD_REND
,
945 "Marking for close dir conn fetching rendezvous "
946 "descriptor for unknown service!");
948 log_debug(LD_REND
, "Marking for close dir conn fetching "
949 "rendezvous descriptor for service %s",
950 safe_str(rd
->onion_address
));
952 connection_mark_for_close(conn
);
954 } SMARTLIST_FOREACH_END(conn
);
957 /** Mark <b>failed_intro</b> as a failed introduction point for the
958 * hidden service specified by <b>rend_query</b>. If the HS now has no
959 * usable intro points, or we do not have an HS descriptor for it,
960 * then launch a new renddesc fetch.
962 * If <b>failure_type</b> is INTRO_POINT_FAILURE_GENERIC, remove the
963 * intro point from (our parsed copy of) the HS descriptor.
965 * If <b>failure_type</b> is INTRO_POINT_FAILURE_TIMEOUT, mark the
966 * intro point as 'timed out'; it will not be retried until the
967 * current hidden service connection attempt has ended or it has
968 * appeared in a newly fetched rendezvous descriptor.
970 * If <b>failure_type</b> is INTRO_POINT_FAILURE_UNREACHABLE,
971 * increment the intro point's reachability-failure count; if it has
972 * now failed MAX_INTRO_POINT_REACHABILITY_FAILURES or more times,
973 * remove the intro point from (our parsed copy of) the HS descriptor.
975 * Return -1 if error, 0 if no usable intro points remain or service
976 * unrecognized, 1 if recognized and some intro points remain.
979 rend_client_report_intro_point_failure(extend_info_t
*failed_intro
,
980 rend_data_t
*rend_query
,
981 unsigned int failure_type
)
984 rend_cache_entry_t
*ent
;
987 r
= rend_cache_lookup_entry(rend_query
->onion_address
, -1, &ent
);
989 /* Either invalid onion address or cache entry not found. */
992 log_warn(LD_BUG
, "Malformed service ID %s.",
993 escaped_safe_str_client(rend_query
->onion_address
));
996 log_info(LD_REND
, "Unknown service %s. Re-fetching descriptor.",
997 escaped_safe_str_client(rend_query
->onion_address
));
998 rend_client_refetch_v2_renddesc(rend_query
);
1001 log_warn(LD_BUG
, "Unknown cache lookup returned code: %d", r
);
1005 /* The intro points are not checked here if they are usable or not because
1006 * this is called when an intro point circuit is closed thus there must be
1007 * at least one intro point that is usable and is about to be flagged. */
1009 for (i
= 0; i
< smartlist_len(ent
->parsed
->intro_nodes
); i
++) {
1010 rend_intro_point_t
*intro
= smartlist_get(ent
->parsed
->intro_nodes
, i
);
1011 if (tor_memeq(failed_intro
->identity_digest
,
1012 intro
->extend_info
->identity_digest
, DIGEST_LEN
)) {
1013 switch (failure_type
) {
1015 log_warn(LD_BUG
, "Unknown failure type %u. Removing intro point.",
1017 tor_fragile_assert();
1019 case INTRO_POINT_FAILURE_GENERIC
:
1020 rend_cache_intro_failure_note(failure_type
,
1021 (uint8_t *)failed_intro
->identity_digest
,
1022 rend_query
->onion_address
);
1023 rend_intro_point_free(intro
);
1024 smartlist_del(ent
->parsed
->intro_nodes
, i
);
1026 case INTRO_POINT_FAILURE_TIMEOUT
:
1027 intro
->timed_out
= 1;
1029 case INTRO_POINT_FAILURE_UNREACHABLE
:
1030 ++(intro
->unreachable_count
);
1032 int zap_intro_point
=
1033 intro
->unreachable_count
>= MAX_INTRO_POINT_REACHABILITY_FAILURES
;
1034 log_info(LD_REND
, "Failed to reach this intro point %u times.%s",
1035 intro
->unreachable_count
,
1036 zap_intro_point
? " Removing from descriptor.": "");
1037 if (zap_intro_point
) {
1038 rend_cache_intro_failure_note(
1040 (uint8_t *) failed_intro
->identity_digest
,
1041 rend_query
->onion_address
);
1042 rend_intro_point_free(intro
);
1043 smartlist_del(ent
->parsed
->intro_nodes
, i
);
1052 if (! rend_client_any_intro_points_usable(ent
)) {
1054 "No more intro points remain for %s. Re-fetching descriptor.",
1055 escaped_safe_str_client(rend_query
->onion_address
));
1056 rend_client_refetch_v2_renddesc(rend_query
);
1058 /* move all pending streams back to renddesc_wait */
1059 /* NOTE: We can now do this faster, if we use pending_entry_connections */
1060 while ((conn
= connection_get_by_type_state_rendquery(CONN_TYPE_AP
,
1061 AP_CONN_STATE_CIRCUIT_WAIT
,
1062 rend_query
->onion_address
))) {
1063 connection_ap_mark_as_non_pending_circuit(TO_ENTRY_CONN(conn
));
1064 conn
->state
= AP_CONN_STATE_RENDDESC_WAIT
;
1069 log_info(LD_REND
,"%d options left for %s.",
1070 smartlist_len(ent
->parsed
->intro_nodes
),
1071 escaped_safe_str_client(rend_query
->onion_address
));
1075 /** Called when we receive a RENDEZVOUS_ESTABLISHED cell; changes the state of
1076 * the circuit to C_REND_READY.
1079 rend_client_rendezvous_acked(origin_circuit_t
*circ
, const uint8_t *request
,
1084 /* we just got an ack for our establish-rendezvous. switch purposes. */
1085 if (circ
->base_
.purpose
!= CIRCUIT_PURPOSE_C_ESTABLISH_REND
) {
1086 log_warn(LD_PROTOCOL
,"Got a rendezvous ack when we weren't expecting one. "
1088 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_TORPROTOCOL
);
1091 log_info(LD_REND
,"Got rendezvous ack. This circuit is now ready for "
1093 circuit_change_purpose(TO_CIRCUIT(circ
), CIRCUIT_PURPOSE_C_REND_READY
);
1094 /* Set timestamp_dirty, because circuit_expire_building expects it
1095 * to specify when a circuit entered the _C_REND_READY state. */
1096 circ
->base_
.timestamp_dirty
= time(NULL
);
1098 /* From a path bias point of view, this circuit is now successfully used.
1099 * Waiting any longer opens us up to attacks from malicious hidden services.
1100 * They could induce the client to attempt to connect to their hidden
1101 * service and never reply to the client's rend requests */
1102 pathbias_mark_use_success(circ
);
1104 /* XXXX This is a pretty brute-force approach. It'd be better to
1105 * attach only the connections that are waiting on this circuit, rather
1106 * than trying to attach them all. See comments bug 743. */
1107 /* If we already have the introduction circuit built, make sure we send
1108 * the INTRODUCE cell _now_ */
1109 connection_ap_attach_pending(1);
1113 /** The service sent us a rendezvous cell; join the circuits. */
1115 rend_client_receive_rendezvous(origin_circuit_t
*circ
, const uint8_t *request
,
1119 char keys
[DIGEST_LEN
+CPATH_KEY_MATERIAL_LEN
];
1121 if ((circ
->base_
.purpose
!= CIRCUIT_PURPOSE_C_REND_READY
&&
1122 circ
->base_
.purpose
!= CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
)
1123 || !circ
->build_state
->pending_final_cpath
) {
1124 log_warn(LD_PROTOCOL
,"Got rendezvous2 cell from hidden service, but not "
1125 "expecting it. Closing.");
1126 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_TORPROTOCOL
);
1130 if (request_len
!= DH_KEY_LEN
+DIGEST_LEN
) {
1131 log_warn(LD_PROTOCOL
,"Incorrect length (%d) on RENDEZVOUS2 cell.",
1136 log_info(LD_REND
,"Got RENDEZVOUS2 cell from hidden service.");
1138 /* first DH_KEY_LEN bytes are g^y from the service. Finish the dh
1140 tor_assert(circ
->build_state
);
1141 tor_assert(circ
->build_state
->pending_final_cpath
);
1142 hop
= circ
->build_state
->pending_final_cpath
;
1143 tor_assert(hop
->rend_dh_handshake_state
);
1144 if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN
,
1145 hop
->rend_dh_handshake_state
, (char*)request
,
1147 keys
, DIGEST_LEN
+CPATH_KEY_MATERIAL_LEN
)<0) {
1148 log_warn(LD_GENERAL
, "Couldn't complete DH handshake.");
1151 /* ... and set up cpath. */
1152 if (circuit_init_cpath_crypto(hop
, keys
+DIGEST_LEN
, 0)<0)
1155 /* Check whether the digest is right... */
1156 if (tor_memneq(keys
, request
+DH_KEY_LEN
, DIGEST_LEN
)) {
1157 log_warn(LD_PROTOCOL
, "Incorrect digest of key material.");
1161 crypto_dh_free(hop
->rend_dh_handshake_state
);
1162 hop
->rend_dh_handshake_state
= NULL
;
1164 /* All is well. Extend the circuit. */
1165 circuit_change_purpose(TO_CIRCUIT(circ
), CIRCUIT_PURPOSE_C_REND_JOINED
);
1166 hop
->state
= CPATH_STATE_OPEN
;
1167 /* set the windows to default. these are the windows
1168 * that the client thinks the service has.
1170 hop
->package_window
= circuit_initial_package_window();
1171 hop
->deliver_window
= CIRCWINDOW_START
;
1173 /* Now that this circuit has finished connecting to its destination,
1174 * make sure circuit_get_open_circ_or_launch is willing to return it
1175 * so we can actually use it. */
1176 circ
->hs_circ_has_timed_out
= 0;
1178 onion_append_to_cpath(&circ
->cpath
, hop
);
1179 circ
->build_state
->pending_final_cpath
= NULL
; /* prevent double-free */
1181 circuit_try_attaching_streams(circ
);
1183 memwipe(keys
, 0, sizeof(keys
));
1186 memwipe(keys
, 0, sizeof(keys
));
1187 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_TORPROTOCOL
);
1191 /** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that are
1192 * waiting on <b>query</b>. If there's a working cache entry here with at
1193 * least one intro point, move them to the next state. */
1195 rend_client_desc_trynow(const char *query
)
1197 entry_connection_t
*conn
;
1198 rend_cache_entry_t
*entry
;
1199 const rend_data_t
*rend_data
;
1200 time_t now
= time(NULL
);
1202 smartlist_t
*conns
= get_connection_array();
1203 SMARTLIST_FOREACH_BEGIN(conns
, connection_t
*, base_conn
) {
1204 if (base_conn
->type
!= CONN_TYPE_AP
||
1205 base_conn
->state
!= AP_CONN_STATE_RENDDESC_WAIT
||
1206 base_conn
->marked_for_close
)
1208 conn
= TO_ENTRY_CONN(base_conn
);
1209 rend_data
= ENTRY_TO_EDGE_CONN(conn
)->rend_data
;
1212 if (rend_cmp_service_ids(query
, rend_data
->onion_address
))
1214 assert_connection_ok(base_conn
, now
);
1215 if (rend_cache_lookup_entry(rend_data
->onion_address
, -1,
1217 rend_client_any_intro_points_usable(entry
)) {
1218 /* either this fetch worked, or it failed but there was a
1219 * valid entry from before which we should reuse */
1220 log_info(LD_REND
,"Rend desc is usable. Launching circuits.");
1221 base_conn
->state
= AP_CONN_STATE_CIRCUIT_WAIT
;
1223 /* restart their timeout values, so they get a fair shake at
1224 * connecting to the hidden service. */
1225 base_conn
->timestamp_created
= now
;
1226 base_conn
->timestamp_lastread
= now
;
1227 base_conn
->timestamp_lastwritten
= now
;
1229 connection_ap_mark_as_pending_circuit(conn
);
1230 } else { /* 404, or fetch didn't get that far */
1231 log_notice(LD_REND
,"Closing stream for '%s.onion': hidden service is "
1232 "unavailable (try again later).",
1233 safe_str_client(query
));
1234 connection_mark_unattached_ap(conn
, END_STREAM_REASON_RESOLVEFAILED
);
1235 rend_client_note_connection_attempt_ended(rend_data
);
1237 } SMARTLIST_FOREACH_END(base_conn
);
1240 /** Clear temporary state used only during an attempt to connect to the
1241 * hidden service with <b>rend_data</b>. Called when a connection attempt
1242 * has ended; it is possible for this to be called multiple times while
1243 * handling an ended connection attempt, and any future changes to this
1244 * function must ensure it remains idempotent. */
1246 rend_client_note_connection_attempt_ended(const rend_data_t
*rend_data
)
1248 unsigned int have_onion
= 0;
1249 rend_cache_entry_t
*cache_entry
= NULL
;
1251 if (*rend_data
->onion_address
!= '\0') {
1252 /* Ignore return value; we find an entry, or we don't. */
1253 (void) rend_cache_lookup_entry(rend_data
->onion_address
, -1,
1258 /* Clear the timed_out flag on all remaining intro points for this HS. */
1259 if (cache_entry
!= NULL
) {
1260 SMARTLIST_FOREACH(cache_entry
->parsed
->intro_nodes
,
1261 rend_intro_point_t
*, ip
,
1262 ip
->timed_out
= 0; );
1265 /* Remove the HS's entries in last_hid_serv_requests. */
1267 unsigned int replica
;
1268 for (replica
= 0; replica
< ARRAY_LENGTH(rend_data
->descriptor_id
);
1270 const char *desc_id
= rend_data
->descriptor_id
[replica
];
1271 purge_hid_serv_from_last_hid_serv_requests(desc_id
);
1273 log_info(LD_REND
, "Connection attempt for %s has ended; "
1274 "cleaning up temporary state.",
1275 safe_str_client(rend_data
->onion_address
));
1277 /* We only have an ID for a fetch. Probably used by HSFETCH. */
1278 purge_hid_serv_from_last_hid_serv_requests(rend_data
->desc_id_fetch
);
1282 /** Return a newly allocated extend_info_t* for a randomly chosen introduction
1283 * point for the named hidden service. Return NULL if all introduction points
1284 * have been tried and failed.
1287 rend_client_get_random_intro(const rend_data_t
*rend_query
)
1290 extend_info_t
*result
;
1291 rend_cache_entry_t
*entry
;
1293 ret
= rend_cache_lookup_entry(rend_query
->onion_address
, -1, &entry
);
1294 if (ret
< 0 || !rend_client_any_intro_points_usable(entry
)) {
1296 "Query '%s' didn't have valid rend desc in cache. Failing.",
1297 safe_str_client(rend_query
->onion_address
));
1298 /* XXX: Should we refetch the descriptor here if the IPs are not usable
1303 /* See if we can get a node that complies with ExcludeNodes */
1304 if ((result
= rend_client_get_random_intro_impl(entry
, 1, 1)))
1306 /* If not, and StrictNodes is not set, see if we can return any old node
1308 if (!get_options()->StrictNodes
)
1309 return rend_client_get_random_intro_impl(entry
, 0, 1);
1313 /** As rend_client_get_random_intro, except assume that StrictNodes is set
1314 * iff <b>strict</b> is true. If <b>warnings</b> is false, don't complain
1315 * to the user when we're out of nodes, even if StrictNodes is true.
1317 static extend_info_t
*
1318 rend_client_get_random_intro_impl(const rend_cache_entry_t
*entry
,
1324 rend_intro_point_t
*intro
;
1325 const or_options_t
*options
= get_options();
1326 smartlist_t
*usable_nodes
;
1329 /* We'll keep a separate list of the usable nodes. If this becomes empty,
1330 * no nodes are usable. */
1331 usable_nodes
= smartlist_new();
1332 smartlist_add_all(usable_nodes
, entry
->parsed
->intro_nodes
);
1334 /* Remove the intro points that have timed out during this HS
1335 * connection attempt from our list of usable nodes. */
1336 SMARTLIST_FOREACH(usable_nodes
, rend_intro_point_t
*, ip
,
1337 if (ip
->timed_out
) {
1338 SMARTLIST_DEL_CURRENT(usable_nodes
, ip
);
1342 if (smartlist_len(usable_nodes
) == 0) {
1343 if (n_excluded
&& get_options()->StrictNodes
&& warnings
) {
1344 /* We only want to warn if StrictNodes is really set. Otherwise
1345 * we're just about to retry anyways.
1347 log_warn(LD_REND
, "All introduction points for hidden service are "
1348 "at excluded relays, and StrictNodes is set. Skipping.");
1350 smartlist_free(usable_nodes
);
1354 i
= crypto_rand_int(smartlist_len(usable_nodes
));
1355 intro
= smartlist_get(usable_nodes
, i
);
1356 /* Do we need to look up the router or is the extend info complete? */
1357 if (!intro
->extend_info
->onion_key
) {
1359 extend_info_t
*new_extend_info
;
1360 if (tor_digest_is_zero(intro
->extend_info
->identity_digest
))
1361 node
= node_get_by_hex_id(intro
->extend_info
->nickname
);
1363 node
= node_get_by_id(intro
->extend_info
->identity_digest
);
1365 log_info(LD_REND
, "Unknown router with nickname '%s'; trying another.",
1366 intro
->extend_info
->nickname
);
1367 smartlist_del(usable_nodes
, i
);
1370 new_extend_info
= extend_info_from_node(node
, 0);
1371 if (!new_extend_info
) {
1372 log_info(LD_REND
, "We don't have a descriptor for the intro-point relay "
1373 "'%s'; trying another.",
1374 extend_info_describe(intro
->extend_info
));
1375 smartlist_del(usable_nodes
, i
);
1378 extend_info_free(intro
->extend_info
);
1379 intro
->extend_info
= new_extend_info
;
1381 tor_assert(intro
->extend_info
!= NULL
);
1383 /* Check if we should refuse to talk to this router. */
1385 routerset_contains_extendinfo(options
->ExcludeNodes
,
1386 intro
->extend_info
)) {
1388 smartlist_del(usable_nodes
, i
);
1392 smartlist_free(usable_nodes
);
1393 return extend_info_dup(intro
->extend_info
);
1396 /** Return true iff any introduction points still listed in <b>entry</b> are
1399 rend_client_any_intro_points_usable(const rend_cache_entry_t
*entry
)
1401 extend_info_t
*extend_info
=
1402 rend_client_get_random_intro_impl(entry
, get_options()->StrictNodes
, 0);
1404 int rv
= (extend_info
!= NULL
);
1406 extend_info_free(extend_info
);
1410 /** Client-side authorizations for hidden services; map of onion address to
1411 * rend_service_authorization_t*. */
1412 static strmap_t
*auth_hid_servs
= NULL
;
1414 /** Look up the client-side authorization for the hidden service with
1415 * <b>onion_address</b>. Return NULL if no authorization is available for
1417 rend_service_authorization_t
*
1418 rend_client_lookup_service_authorization(const char *onion_address
)
1420 tor_assert(onion_address
);
1421 if (!auth_hid_servs
) return NULL
;
1422 return strmap_get(auth_hid_servs
, onion_address
);
1425 /** Helper: Free storage held by rend_service_authorization_t. */
1427 rend_service_authorization_free(rend_service_authorization_t
*auth
)
1432 /** Helper for strmap_free. */
1434 rend_service_authorization_strmap_item_free(void *service_auth
)
1436 rend_service_authorization_free(service_auth
);
1439 /** Release all the storage held in auth_hid_servs.
1442 rend_service_authorization_free_all(void)
1444 if (!auth_hid_servs
) {
1447 strmap_free(auth_hid_servs
, rend_service_authorization_strmap_item_free
);
1448 auth_hid_servs
= NULL
;
1451 /** Parse <b>config_line</b> as a client-side authorization for a hidden
1452 * service and add it to the local map of hidden service authorizations.
1453 * Return 0 for success and -1 for failure. */
1455 rend_parse_service_authorization(const or_options_t
*options
,
1458 config_line_t
*line
;
1460 strmap_t
*parsed
= strmap_new();
1461 smartlist_t
*sl
= smartlist_new();
1462 rend_service_authorization_t
*auth
= NULL
;
1463 char descriptor_cookie_tmp
[REND_DESC_COOKIE_LEN
+2];
1464 char descriptor_cookie_base64ext
[REND_DESC_COOKIE_LEN_BASE64
+2+1];
1466 for (line
= options
->HidServAuth
; line
; line
= line
->next
) {
1467 char *onion_address
, *descriptor_cookie
;
1468 int auth_type_val
= 0;
1470 SMARTLIST_FOREACH(sl
, char *, c
, tor_free(c
););
1471 smartlist_clear(sl
);
1472 smartlist_split_string(sl
, line
->value
, " ",
1473 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
1474 if (smartlist_len(sl
) < 2) {
1475 log_warn(LD_CONFIG
, "Configuration line does not consist of "
1476 "\"onion-address authorization-cookie [service-name]\": "
1477 "'%s'", line
->value
);
1480 auth
= tor_malloc_zero(sizeof(rend_service_authorization_t
));
1481 /* Parse onion address. */
1482 onion_address
= smartlist_get(sl
, 0);
1483 if (strlen(onion_address
) != REND_SERVICE_ADDRESS_LEN
||
1484 strcmpend(onion_address
, ".onion")) {
1485 log_warn(LD_CONFIG
, "Onion address has wrong format: '%s'",
1489 strlcpy(auth
->onion_address
, onion_address
, REND_SERVICE_ID_LEN_BASE32
+1);
1490 if (!rend_valid_service_id(auth
->onion_address
)) {
1491 log_warn(LD_CONFIG
, "Onion address has wrong format: '%s'",
1495 /* Parse descriptor cookie. */
1496 descriptor_cookie
= smartlist_get(sl
, 1);
1497 if (strlen(descriptor_cookie
) != REND_DESC_COOKIE_LEN_BASE64
) {
1498 log_warn(LD_CONFIG
, "Authorization cookie has wrong length: '%s'",
1502 /* Add trailing zero bytes (AA) to make base64-decoding happy. */
1503 tor_snprintf(descriptor_cookie_base64ext
,
1504 REND_DESC_COOKIE_LEN_BASE64
+2+1,
1505 "%sAA", descriptor_cookie
);
1506 if (base64_decode(descriptor_cookie_tmp
, sizeof(descriptor_cookie_tmp
),
1507 descriptor_cookie_base64ext
,
1508 strlen(descriptor_cookie_base64ext
)) < 0) {
1509 log_warn(LD_CONFIG
, "Decoding authorization cookie failed: '%s'",
1513 auth_type_val
= (((uint8_t)descriptor_cookie_tmp
[16]) >> 4) + 1;
1514 if (auth_type_val
< 1 || auth_type_val
> 2) {
1515 log_warn(LD_CONFIG
, "Authorization cookie has unknown authorization "
1519 auth
->auth_type
= auth_type_val
== 1 ? REND_BASIC_AUTH
: REND_STEALTH_AUTH
;
1520 memcpy(auth
->descriptor_cookie
, descriptor_cookie_tmp
,
1521 REND_DESC_COOKIE_LEN
);
1522 if (strmap_get(parsed
, auth
->onion_address
)) {
1523 log_warn(LD_CONFIG
, "Duplicate authorization for the same hidden "
1527 strmap_set(parsed
, auth
->onion_address
, auth
);
1535 rend_service_authorization_free(auth
);
1536 SMARTLIST_FOREACH(sl
, char *, c
, tor_free(c
););
1538 if (!validate_only
&& res
== 0) {
1539 rend_service_authorization_free_all();
1540 auth_hid_servs
= parsed
;
1542 strmap_free(parsed
, rend_service_authorization_strmap_item_free
);
1544 memwipe(descriptor_cookie_tmp
, 0, sizeof(descriptor_cookie_tmp
));
1545 memwipe(descriptor_cookie_base64ext
, 0, sizeof(descriptor_cookie_base64ext
));