hs_client.c 57 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617
  1. /* Copyright (c) 2016-2017, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file hs_client.c
  5. * \brief Implement next generation hidden service client functionality
  6. **/
  7. #define HS_CLIENT_PRIVATE
  8. #include "or.h"
  9. #include "hs_circuit.h"
  10. #include "hs_ident.h"
  11. #include "connection_edge.h"
  12. #include "container.h"
  13. #include "rendclient.h"
  14. #include "hs_descriptor.h"
  15. #include "hs_cache.h"
  16. #include "hs_cell.h"
  17. #include "hs_ident.h"
  18. #include "config.h"
  19. #include "directory.h"
  20. #include "hs_client.h"
  21. #include "hs_control.h"
  22. #include "router.h"
  23. #include "routerset.h"
  24. #include "circuitlist.h"
  25. #include "circuituse.h"
  26. #include "connection.h"
  27. #include "nodelist.h"
  28. #include "circpathbias.h"
  29. #include "connection.h"
  30. #include "hs_ntor.h"
  31. #include "circuitbuild.h"
  32. #include "networkstatus.h"
  33. #include "reasons.h"
  34. /* Return a human-readable string for the client fetch status code. */
  35. static const char *
  36. fetch_status_to_string(hs_client_fetch_status_t status)
  37. {
  38. switch (status) {
  39. case HS_CLIENT_FETCH_ERROR:
  40. return "Internal error";
  41. case HS_CLIENT_FETCH_LAUNCHED:
  42. return "Descriptor fetch launched";
  43. case HS_CLIENT_FETCH_HAVE_DESC:
  44. return "Already have descriptor";
  45. case HS_CLIENT_FETCH_NO_HSDIRS:
  46. return "No more HSDir available to query";
  47. case HS_CLIENT_FETCH_NOT_ALLOWED:
  48. return "Fetching descriptors is not allowed";
  49. case HS_CLIENT_FETCH_MISSING_INFO:
  50. return "Missing directory information";
  51. case HS_CLIENT_FETCH_PENDING:
  52. return "Pending descriptor fetch";
  53. default:
  54. return "(Unknown client fetch status code)";
  55. }
  56. }
  57. /* Return true iff tor should close the SOCKS request(s) for the descriptor
  58. * fetch that ended up with this given status code. */
  59. static int
  60. fetch_status_should_close_socks(hs_client_fetch_status_t status)
  61. {
  62. switch (status) {
  63. case HS_CLIENT_FETCH_NO_HSDIRS:
  64. /* No more HSDir to query, we can't complete the SOCKS request(s). */
  65. case HS_CLIENT_FETCH_ERROR:
  66. /* The fetch triggered an internal error. */
  67. case HS_CLIENT_FETCH_NOT_ALLOWED:
  68. /* Client is not allowed to fetch (FetchHidServDescriptors 0). */
  69. goto close;
  70. case HS_CLIENT_FETCH_MISSING_INFO:
  71. case HS_CLIENT_FETCH_HAVE_DESC:
  72. case HS_CLIENT_FETCH_PENDING:
  73. case HS_CLIENT_FETCH_LAUNCHED:
  74. /* The rest doesn't require tor to close the SOCKS request(s). */
  75. goto no_close;
  76. }
  77. no_close:
  78. return 0;
  79. close:
  80. return 1;
  81. }
  82. /* Cancel all descriptor fetches currently in progress. */
  83. static void
  84. cancel_descriptor_fetches(void)
  85. {
  86. smartlist_t *conns =
  87. connection_list_by_type_state(CONN_TYPE_DIR, DIR_PURPOSE_FETCH_HSDESC);
  88. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
  89. const hs_ident_dir_conn_t *ident = TO_DIR_CONN(conn)->hs_ident;
  90. if (BUG(ident == NULL)) {
  91. /* A directory connection fetching a service descriptor can't have an
  92. * empty hidden service identifier. */
  93. continue;
  94. }
  95. log_debug(LD_REND, "Marking for close a directory connection fetching "
  96. "a hidden service descriptor for service %s.",
  97. safe_str_client(ed25519_fmt(&ident->identity_pk)));
  98. connection_mark_for_close(conn);
  99. } SMARTLIST_FOREACH_END(conn);
  100. /* No ownership of the objects in this list. */
  101. smartlist_free(conns);
  102. log_info(LD_REND, "Hidden service client descriptor fetches cancelled.");
  103. }
  104. /* Get all connections that are waiting on a circuit and flag them back to
  105. * waiting for a hidden service descriptor for the given service key
  106. * service_identity_pk. */
  107. static void
  108. flag_all_conn_wait_desc(const ed25519_public_key_t *service_identity_pk)
  109. {
  110. tor_assert(service_identity_pk);
  111. smartlist_t *conns =
  112. connection_list_by_type_state(CONN_TYPE_AP, AP_CONN_STATE_CIRCUIT_WAIT);
  113. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
  114. edge_connection_t *edge_conn;
  115. if (BUG(!CONN_IS_EDGE(conn))) {
  116. continue;
  117. }
  118. edge_conn = TO_EDGE_CONN(conn);
  119. if (edge_conn->hs_ident &&
  120. ed25519_pubkey_eq(&edge_conn->hs_ident->identity_pk,
  121. service_identity_pk)) {
  122. connection_ap_mark_as_non_pending_circuit(TO_ENTRY_CONN(conn));
  123. conn->state = AP_CONN_STATE_RENDDESC_WAIT;
  124. }
  125. } SMARTLIST_FOREACH_END(conn);
  126. smartlist_free(conns);
  127. }
  128. /* Remove tracked HSDir requests from our history for this hidden service
  129. * identity public key. */
  130. static void
  131. purge_hid_serv_request(const ed25519_public_key_t *identity_pk)
  132. {
  133. char base64_blinded_pk[ED25519_BASE64_LEN + 1];
  134. ed25519_public_key_t blinded_pk;
  135. tor_assert(identity_pk);
  136. /* Get blinded pubkey of hidden service. It is possible that we just moved
  137. * to a new time period meaning that we won't be able to purge the request
  138. * from the previous time period. That is fine because they will expire at
  139. * some point and we don't care about those anymore. */
  140. hs_build_blinded_pubkey(identity_pk, NULL, 0,
  141. hs_get_time_period_num(0), &blinded_pk);
  142. if (BUG(ed25519_public_to_base64(base64_blinded_pk, &blinded_pk) < 0)) {
  143. return;
  144. }
  145. /* Purge last hidden service request from cache for this blinded key. */
  146. hs_purge_hid_serv_from_last_hid_serv_requests(base64_blinded_pk);
  147. }
  148. /* Return true iff there is at least one pending directory descriptor request
  149. * for the service identity_pk. */
  150. static int
  151. directory_request_is_pending(const ed25519_public_key_t *identity_pk)
  152. {
  153. int ret = 0;
  154. smartlist_t *conns =
  155. connection_list_by_type_purpose(CONN_TYPE_DIR, DIR_PURPOSE_FETCH_HSDESC);
  156. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
  157. const hs_ident_dir_conn_t *ident = TO_DIR_CONN(conn)->hs_ident;
  158. if (BUG(ident == NULL)) {
  159. /* A directory connection fetching a service descriptor can't have an
  160. * empty hidden service identifier. */
  161. continue;
  162. }
  163. if (!ed25519_pubkey_eq(identity_pk, &ident->identity_pk)) {
  164. continue;
  165. }
  166. ret = 1;
  167. break;
  168. } SMARTLIST_FOREACH_END(conn);
  169. /* No ownership of the objects in this list. */
  170. smartlist_free(conns);
  171. return ret;
  172. }
  173. /* We failed to fetch a descriptor for the service with <b>identity_pk</b>
  174. * because of <b>status</b>. Find all pending SOCKS connections for this
  175. * service that are waiting on the descriptor and close them with
  176. * <b>reason</b>. */
  177. static void
  178. close_all_socks_conns_waiting_for_desc(const ed25519_public_key_t *identity_pk,
  179. hs_client_fetch_status_t status,
  180. int reason)
  181. {
  182. unsigned int count = 0;
  183. time_t now = approx_time();
  184. smartlist_t *conns =
  185. connection_list_by_type_state(CONN_TYPE_AP, AP_CONN_STATE_RENDDESC_WAIT);
  186. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
  187. entry_connection_t *entry_conn = TO_ENTRY_CONN(base_conn);
  188. const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
  189. /* Only consider the entry connections that matches the service for which
  190. * we tried to get the descriptor */
  191. if (!edge_conn->hs_ident ||
  192. !ed25519_pubkey_eq(identity_pk,
  193. &edge_conn->hs_ident->identity_pk)) {
  194. continue;
  195. }
  196. assert_connection_ok(base_conn, now);
  197. /* Unattach the entry connection which will close for the reason. */
  198. connection_mark_unattached_ap(entry_conn, reason);
  199. count++;
  200. } SMARTLIST_FOREACH_END(base_conn);
  201. if (count > 0) {
  202. char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
  203. hs_build_address(identity_pk, HS_VERSION_THREE, onion_address);
  204. log_notice(LD_REND, "Closed %u streams for service %s.onion "
  205. "for reason %s. Fetch status: %s.",
  206. count, safe_str_client(onion_address),
  207. stream_end_reason_to_string(reason),
  208. fetch_status_to_string(status));
  209. }
  210. /* No ownership of the object(s) in this list. */
  211. smartlist_free(conns);
  212. }
  213. /* Find all pending SOCKS connection waiting for a descriptor and retry them
  214. * all. This is called when the directory information changed. */
  215. static void
  216. retry_all_socks_conn_waiting_for_desc(void)
  217. {
  218. smartlist_t *conns =
  219. connection_list_by_type_state(CONN_TYPE_AP, AP_CONN_STATE_RENDDESC_WAIT);
  220. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
  221. hs_client_fetch_status_t status;
  222. const edge_connection_t *edge_conn =
  223. ENTRY_TO_EDGE_CONN(TO_ENTRY_CONN(base_conn));
  224. /* Ignore non HS or non v3 connection. */
  225. if (edge_conn->hs_ident == NULL) {
  226. continue;
  227. }
  228. /* In this loop, we will possibly try to fetch a descriptor for the
  229. * pending connections because we just got more directory information.
  230. * However, the refetch process can cleanup all SOCKS request so the same
  231. * service if an internal error happens. Thus, we can end up with closed
  232. * connections in our list. */
  233. if (base_conn->marked_for_close) {
  234. continue;
  235. }
  236. /* XXX: There is an optimization we could do which is that for a service
  237. * key, we could check if we can fetch and remember that decision. */
  238. /* Order a refetch in case it works this time. */
  239. status = hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk);
  240. if (BUG(status == HS_CLIENT_FETCH_HAVE_DESC)) {
  241. /* This case is unique because it can NOT happen in theory. Once we get
  242. * a new descriptor, the HS client subsystem is notified immediately and
  243. * the connections waiting for it are handled which means the state will
  244. * change from renddesc wait state. Log this and continue to next
  245. * connection. */
  246. continue;
  247. }
  248. /* In the case of an error, either all SOCKS connections have been
  249. * closed or we are still missing directory information. Leave the
  250. * connection in renddesc wait state so when we get more info, we'll be
  251. * able to try it again. */
  252. } SMARTLIST_FOREACH_END(base_conn);
  253. /* We don't have ownership of those objects. */
  254. smartlist_free(conns);
  255. }
  256. /* A v3 HS circuit successfully connected to the hidden service. Update the
  257. * stream state at <b>hs_conn_ident</b> appropriately. */
  258. static void
  259. note_connection_attempt_succeeded(const hs_ident_edge_conn_t *hs_conn_ident)
  260. {
  261. tor_assert(hs_conn_ident);
  262. /* Remove from the hid serv cache all requests for that service so we can
  263. * query the HSDir again later on for various reasons. */
  264. purge_hid_serv_request(&hs_conn_ident->identity_pk);
  265. /* The v2 subsystem cleans up the intro point time out flag at this stage.
  266. * We don't try to do it here because we still need to keep intact the intro
  267. * point state for future connections. Even though we are able to connect to
  268. * the service, doesn't mean we should reset the timed out intro points.
  269. *
  270. * It is not possible to have successfully connected to an intro point
  271. * present in our cache that was on error or timed out. Every entry in that
  272. * cache have a 2 minutes lifetime so ultimately the intro point(s) state
  273. * will be reset and thus possible to be retried. */
  274. }
  275. /* Given the pubkey of a hidden service in <b>onion_identity_pk</b>, fetch its
  276. * descriptor by launching a dir connection to <b>hsdir</b>. Return a
  277. * hs_client_fetch_status_t status code depending on how it went. */
  278. static hs_client_fetch_status_t
  279. directory_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk,
  280. const routerstatus_t *hsdir)
  281. {
  282. uint64_t current_time_period = hs_get_time_period_num(0);
  283. ed25519_public_key_t blinded_pubkey;
  284. char base64_blinded_pubkey[ED25519_BASE64_LEN + 1];
  285. hs_ident_dir_conn_t hs_conn_dir_ident;
  286. int retval;
  287. tor_assert(hsdir);
  288. tor_assert(onion_identity_pk);
  289. /* Get blinded pubkey */
  290. hs_build_blinded_pubkey(onion_identity_pk, NULL, 0,
  291. current_time_period, &blinded_pubkey);
  292. /* ...and base64 it. */
  293. retval = ed25519_public_to_base64(base64_blinded_pubkey, &blinded_pubkey);
  294. if (BUG(retval < 0)) {
  295. return HS_CLIENT_FETCH_ERROR;
  296. }
  297. /* Copy onion pk to a dir_ident so that we attach it to the dir conn */
  298. hs_ident_dir_conn_init(onion_identity_pk, &blinded_pubkey,
  299. &hs_conn_dir_ident);
  300. /* Setup directory request */
  301. directory_request_t *req =
  302. directory_request_new(DIR_PURPOSE_FETCH_HSDESC);
  303. directory_request_set_routerstatus(req, hsdir);
  304. directory_request_set_indirection(req, DIRIND_ANONYMOUS);
  305. directory_request_set_resource(req, base64_blinded_pubkey);
  306. directory_request_fetch_set_hs_ident(req, &hs_conn_dir_ident);
  307. directory_initiate_request(req);
  308. directory_request_free(req);
  309. log_info(LD_REND, "Descriptor fetch request for service %s with blinded "
  310. "key %s to directory %s",
  311. safe_str_client(ed25519_fmt(onion_identity_pk)),
  312. safe_str_client(base64_blinded_pubkey),
  313. safe_str_client(routerstatus_describe(hsdir)));
  314. /* Fire a REQUESTED event on the control port. */
  315. hs_control_desc_event_requested(onion_identity_pk, base64_blinded_pubkey,
  316. hsdir);
  317. /* Cleanup memory. */
  318. memwipe(&blinded_pubkey, 0, sizeof(blinded_pubkey));
  319. memwipe(base64_blinded_pubkey, 0, sizeof(base64_blinded_pubkey));
  320. memwipe(&hs_conn_dir_ident, 0, sizeof(hs_conn_dir_ident));
  321. return HS_CLIENT_FETCH_LAUNCHED;
  322. }
  323. /** Return the HSDir we should use to fetch the descriptor of the hidden
  324. * service with identity key <b>onion_identity_pk</b>. */
  325. STATIC routerstatus_t *
  326. pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk)
  327. {
  328. int retval;
  329. char base64_blinded_pubkey[ED25519_BASE64_LEN + 1];
  330. uint64_t current_time_period = hs_get_time_period_num(0);
  331. smartlist_t *responsible_hsdirs;
  332. ed25519_public_key_t blinded_pubkey;
  333. routerstatus_t *hsdir_rs = NULL;
  334. tor_assert(onion_identity_pk);
  335. responsible_hsdirs = smartlist_new();
  336. /* Get blinded pubkey of hidden service */
  337. hs_build_blinded_pubkey(onion_identity_pk, NULL, 0,
  338. current_time_period, &blinded_pubkey);
  339. /* ...and base64 it. */
  340. retval = ed25519_public_to_base64(base64_blinded_pubkey, &blinded_pubkey);
  341. if (BUG(retval < 0)) {
  342. return NULL;
  343. }
  344. /* Get responsible hsdirs of service for this time period */
  345. hs_get_responsible_hsdirs(&blinded_pubkey, current_time_period,
  346. 0, 1, responsible_hsdirs);
  347. log_debug(LD_REND, "Found %d responsible HSDirs and about to pick one.",
  348. smartlist_len(responsible_hsdirs));
  349. /* Pick an HSDir from the responsible ones. The ownership of
  350. * responsible_hsdirs is given to this function so no need to free it. */
  351. hsdir_rs = hs_pick_hsdir(responsible_hsdirs, base64_blinded_pubkey);
  352. return hsdir_rs;
  353. }
  354. /** Fetch a v3 descriptor using the given <b>onion_identity_pk</b>.
  355. *
  356. * On success, HS_CLIENT_FETCH_LAUNCHED is returned. Otherwise, an error from
  357. * hs_client_fetch_status_t is returned. */
  358. MOCK_IMPL(STATIC hs_client_fetch_status_t,
  359. fetch_v3_desc, (const ed25519_public_key_t *onion_identity_pk))
  360. {
  361. routerstatus_t *hsdir_rs =NULL;
  362. tor_assert(onion_identity_pk);
  363. hsdir_rs = pick_hsdir_v3(onion_identity_pk);
  364. if (!hsdir_rs) {
  365. log_info(LD_REND, "Couldn't pick a v3 hsdir.");
  366. return HS_CLIENT_FETCH_NO_HSDIRS;
  367. }
  368. return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs);
  369. }
  370. /* Make sure that the given v3 origin circuit circ is a valid correct
  371. * introduction circuit. This will BUG() on any problems and hard assert if
  372. * the anonymity of the circuit is not ok. Return 0 on success else -1 where
  373. * the circuit should be mark for closed immediately. */
  374. static int
  375. intro_circ_is_ok(const origin_circuit_t *circ)
  376. {
  377. int ret = 0;
  378. tor_assert(circ);
  379. if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCING &&
  380. TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT &&
  381. TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACKED)) {
  382. ret = -1;
  383. }
  384. if (BUG(circ->hs_ident == NULL)) {
  385. ret = -1;
  386. }
  387. if (BUG(!hs_ident_intro_circ_is_valid(circ->hs_ident))) {
  388. ret = -1;
  389. }
  390. /* This can stop the tor daemon but we want that since if we don't have
  391. * anonymity on this circuit, something went really wrong. */
  392. assert_circ_anonymity_ok(circ, get_options());
  393. return ret;
  394. }
  395. /* Find a descriptor intro point object that matches the given ident in the
  396. * given descriptor desc. Return NULL if not found. */
  397. static const hs_desc_intro_point_t *
  398. find_desc_intro_point_by_ident(const hs_ident_circuit_t *ident,
  399. const hs_descriptor_t *desc)
  400. {
  401. const hs_desc_intro_point_t *intro_point = NULL;
  402. tor_assert(ident);
  403. tor_assert(desc);
  404. SMARTLIST_FOREACH_BEGIN(desc->encrypted_data.intro_points,
  405. const hs_desc_intro_point_t *, ip) {
  406. if (ed25519_pubkey_eq(&ident->intro_auth_pk,
  407. &ip->auth_key_cert->signed_key)) {
  408. intro_point = ip;
  409. break;
  410. }
  411. } SMARTLIST_FOREACH_END(ip);
  412. return intro_point;
  413. }
  414. /* Find a descriptor intro point object from the descriptor object desc that
  415. * matches the given legacy identity digest in legacy_id. Return NULL if not
  416. * found. */
  417. static hs_desc_intro_point_t *
  418. find_desc_intro_point_by_legacy_id(const char *legacy_id,
  419. const hs_descriptor_t *desc)
  420. {
  421. hs_desc_intro_point_t *ret_ip = NULL;
  422. tor_assert(legacy_id);
  423. tor_assert(desc);
  424. /* We will go over every intro point and try to find which one is linked to
  425. * that circuit. Those lists are small so it's not that expensive. */
  426. SMARTLIST_FOREACH_BEGIN(desc->encrypted_data.intro_points,
  427. hs_desc_intro_point_t *, ip) {
  428. SMARTLIST_FOREACH_BEGIN(ip->link_specifiers,
  429. const hs_desc_link_specifier_t *, lspec) {
  430. /* Not all tor node have an ed25519 identity key so we still rely on the
  431. * legacy identity digest. */
  432. if (lspec->type != LS_LEGACY_ID) {
  433. continue;
  434. }
  435. if (fast_memneq(legacy_id, lspec->u.legacy_id, DIGEST_LEN)) {
  436. break;
  437. }
  438. /* Found it. */
  439. ret_ip = ip;
  440. goto end;
  441. } SMARTLIST_FOREACH_END(lspec);
  442. } SMARTLIST_FOREACH_END(ip);
  443. end:
  444. return ret_ip;
  445. }
  446. /* Send an INTRODUCE1 cell along the intro circuit and populate the rend
  447. * circuit identifier with the needed key material for the e2e encryption.
  448. * Return 0 on success, -1 if there is a transient error such that an action
  449. * has been taken to recover and -2 if there is a permanent error indicating
  450. * that both circuits were closed. */
  451. static int
  452. send_introduce1(origin_circuit_t *intro_circ,
  453. origin_circuit_t *rend_circ)
  454. {
  455. int status;
  456. char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
  457. const ed25519_public_key_t *service_identity_pk = NULL;
  458. const hs_desc_intro_point_t *ip;
  459. tor_assert(rend_circ);
  460. if (intro_circ_is_ok(intro_circ) < 0) {
  461. goto perm_err;
  462. }
  463. service_identity_pk = &intro_circ->hs_ident->identity_pk;
  464. /* For logging purposes. There will be a time where the hs_ident will have a
  465. * version number but for now there is none because it's all v3. */
  466. hs_build_address(service_identity_pk, HS_VERSION_THREE, onion_address);
  467. log_info(LD_REND, "Sending INTRODUCE1 cell to service %s on circuit %u",
  468. safe_str_client(onion_address), TO_CIRCUIT(intro_circ)->n_circ_id);
  469. /* 1) Get descriptor from our cache. */
  470. const hs_descriptor_t *desc =
  471. hs_cache_lookup_as_client(service_identity_pk);
  472. if (desc == NULL || !hs_client_any_intro_points_usable(service_identity_pk,
  473. desc)) {
  474. log_info(LD_REND, "Request to %s %s. Trying to fetch a new descriptor.",
  475. safe_str_client(onion_address),
  476. (desc) ? "didn't have usable intro points" :
  477. "didn't have a descriptor");
  478. hs_client_refetch_hsdesc(service_identity_pk);
  479. /* We just triggered a refetch, make sure every connections are back
  480. * waiting for that descriptor. */
  481. flag_all_conn_wait_desc(service_identity_pk);
  482. /* We just asked for a refetch so this is a transient error. */
  483. goto tran_err;
  484. }
  485. /* We need to find which intro point in the descriptor we are connected to
  486. * on intro_circ. */
  487. ip = find_desc_intro_point_by_ident(intro_circ->hs_ident, desc);
  488. if (BUG(ip == NULL)) {
  489. /* If we can find a descriptor from this introduction circuit ident, we
  490. * must have a valid intro point object. Permanent error. */
  491. goto perm_err;
  492. }
  493. /* Send the INTRODUCE1 cell. */
  494. if (hs_circ_send_introduce1(intro_circ, rend_circ, ip,
  495. desc->subcredential) < 0) {
  496. /* Unable to send the cell, the intro circuit has been marked for close so
  497. * this is a permanent error. */
  498. tor_assert_nonfatal(TO_CIRCUIT(intro_circ)->marked_for_close);
  499. goto perm_err;
  500. }
  501. /* Cell has been sent successfully. Copy the introduction point
  502. * authentication and encryption key in the rendezvous circuit identifier so
  503. * we can compute the ntor keys when we receive the RENDEZVOUS2 cell. */
  504. memcpy(&rend_circ->hs_ident->intro_enc_pk, &ip->enc_key,
  505. sizeof(rend_circ->hs_ident->intro_enc_pk));
  506. ed25519_pubkey_copy(&rend_circ->hs_ident->intro_auth_pk,
  507. &intro_circ->hs_ident->intro_auth_pk);
  508. /* Now, we wait for an ACK or NAK on this circuit. */
  509. circuit_change_purpose(TO_CIRCUIT(intro_circ),
  510. CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT);
  511. /* Set timestamp_dirty, because circuit_expire_building expects it to
  512. * specify when a circuit entered the _C_INTRODUCE_ACK_WAIT state. */
  513. TO_CIRCUIT(intro_circ)->timestamp_dirty = time(NULL);
  514. pathbias_count_use_attempt(intro_circ);
  515. /* Success. */
  516. status = 0;
  517. goto end;
  518. perm_err:
  519. /* Permanent error: it is possible that the intro circuit was closed prior
  520. * because we weren't able to send the cell. Make sure we don't double close
  521. * it which would result in a warning. */
  522. if (!TO_CIRCUIT(intro_circ)->marked_for_close) {
  523. circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_INTERNAL);
  524. }
  525. circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
  526. status = -2;
  527. goto end;
  528. tran_err:
  529. status = -1;
  530. end:
  531. memwipe(onion_address, 0, sizeof(onion_address));
  532. return status;
  533. }
  534. /* Using the introduction circuit circ, setup the authentication key of the
  535. * intro point this circuit has extended to. */
  536. static void
  537. setup_intro_circ_auth_key(origin_circuit_t *circ)
  538. {
  539. const hs_descriptor_t *desc;
  540. const hs_desc_intro_point_t *ip;
  541. tor_assert(circ);
  542. desc = hs_cache_lookup_as_client(&circ->hs_ident->identity_pk);
  543. if (BUG(desc == NULL)) {
  544. /* Opening intro circuit without the descriptor is no good... */
  545. goto end;
  546. }
  547. /* We will go over every intro point and try to find which one is linked to
  548. * that circuit. Those lists are small so it's not that expensive. */
  549. ip = find_desc_intro_point_by_legacy_id(
  550. circ->build_state->chosen_exit->identity_digest, desc);
  551. if (ip) {
  552. /* We got it, copy its authentication key to the identifier. */
  553. ed25519_pubkey_copy(&circ->hs_ident->intro_auth_pk,
  554. &ip->auth_key_cert->signed_key);
  555. goto end;
  556. }
  557. /* Reaching this point means we didn't find any intro point for this circuit
  558. * which is not suppose to happen. */
  559. tor_assert_nonfatal_unreached();
  560. end:
  561. return;
  562. }
  563. /* Called when an introduction circuit has opened. */
  564. static void
  565. client_intro_circ_has_opened(origin_circuit_t *circ)
  566. {
  567. tor_assert(circ);
  568. tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
  569. log_info(LD_REND, "Introduction circuit %u has opened. Attaching streams.",
  570. (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
  571. /* This is an introduction circuit so we'll attach the correct
  572. * authentication key to the circuit identifier so it can be identified
  573. * properly later on. */
  574. setup_intro_circ_auth_key(circ);
  575. connection_ap_attach_pending(1);
  576. }
  577. /* Called when a rendezvous circuit has opened. */
  578. static void
  579. client_rendezvous_circ_has_opened(origin_circuit_t *circ)
  580. {
  581. tor_assert(circ);
  582. tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
  583. const extend_info_t *rp_ei = circ->build_state->chosen_exit;
  584. /* Check that we didn't accidentally choose a node that does not understand
  585. * the v3 rendezvous protocol */
  586. if (rp_ei) {
  587. const node_t *rp_node = node_get_by_id(rp_ei->identity_digest);
  588. if (rp_node) {
  589. if (BUG(!node_supports_v3_rendezvous_point(rp_node))) {
  590. return;
  591. }
  592. }
  593. }
  594. log_info(LD_REND, "Rendezvous circuit has opened to %s.",
  595. safe_str_client(extend_info_describe(rp_ei)));
  596. /* Ignore returned value, nothing we can really do. On failure, the circuit
  597. * will be marked for close. */
  598. hs_circ_send_establish_rendezvous(circ);
  599. /* Register rend circuit in circuitmap if it's still alive. */
  600. if (!TO_CIRCUIT(circ)->marked_for_close) {
  601. hs_circuitmap_register_rend_circ_client_side(circ,
  602. circ->hs_ident->rendezvous_cookie);
  603. }
  604. }
  605. /* This is an helper function that convert a descriptor intro point object ip
  606. * to a newly allocated extend_info_t object fully initialized. Return NULL if
  607. * we can't convert it for which chances are that we are missing or malformed
  608. * link specifiers. */
  609. STATIC extend_info_t *
  610. desc_intro_point_to_extend_info(const hs_desc_intro_point_t *ip)
  611. {
  612. extend_info_t *ei;
  613. smartlist_t *lspecs = smartlist_new();
  614. tor_assert(ip);
  615. /* We first encode the descriptor link specifiers into the binary
  616. * representation which is a trunnel object. */
  617. SMARTLIST_FOREACH_BEGIN(ip->link_specifiers,
  618. const hs_desc_link_specifier_t *, desc_lspec) {
  619. link_specifier_t *lspec = hs_desc_lspec_to_trunnel(desc_lspec);
  620. smartlist_add(lspecs, lspec);
  621. } SMARTLIST_FOREACH_END(desc_lspec);
  622. /* Explicitly put the direct connection option to 0 because this is client
  623. * side and there is no such thing as a non anonymous client. */
  624. ei = hs_get_extend_info_from_lspecs(lspecs, &ip->onion_key, 0);
  625. SMARTLIST_FOREACH(lspecs, link_specifier_t *, ls, link_specifier_free(ls));
  626. smartlist_free(lspecs);
  627. return ei;
  628. }
  629. /* Return true iff the intro point ip for the service service_pk is usable.
  630. * This function checks if the intro point is in the client intro state cache
  631. * and checks at the failures. It is considered usable if:
  632. * - No error happened (INTRO_POINT_FAILURE_GENERIC)
  633. * - It is not flagged as timed out (INTRO_POINT_FAILURE_TIMEOUT)
  634. * - The unreachable count is lower than
  635. * MAX_INTRO_POINT_REACHABILITY_FAILURES (INTRO_POINT_FAILURE_UNREACHABLE)
  636. */
  637. static int
  638. intro_point_is_usable(const ed25519_public_key_t *service_pk,
  639. const hs_desc_intro_point_t *ip)
  640. {
  641. const hs_cache_intro_state_t *state;
  642. tor_assert(service_pk);
  643. tor_assert(ip);
  644. state = hs_cache_client_intro_state_find(service_pk,
  645. &ip->auth_key_cert->signed_key);
  646. if (state == NULL) {
  647. /* This means we've never encountered any problem thus usable. */
  648. goto usable;
  649. }
  650. if (state->error) {
  651. log_info(LD_REND, "Intro point with auth key %s had an error. Not usable",
  652. safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
  653. goto not_usable;
  654. }
  655. if (state->timed_out) {
  656. log_info(LD_REND, "Intro point with auth key %s timed out. Not usable",
  657. safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
  658. goto not_usable;
  659. }
  660. if (state->unreachable_count >= MAX_INTRO_POINT_REACHABILITY_FAILURES) {
  661. log_info(LD_REND, "Intro point with auth key %s unreachable. Not usable",
  662. safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)));
  663. goto not_usable;
  664. }
  665. usable:
  666. return 1;
  667. not_usable:
  668. return 0;
  669. }
  670. /* Using a descriptor desc, return a newly allocated extend_info_t object of a
  671. * randomly picked introduction point from its list. Return NULL if none are
  672. * usable. */
  673. STATIC extend_info_t *
  674. client_get_random_intro(const ed25519_public_key_t *service_pk)
  675. {
  676. extend_info_t *ei = NULL, *ei_excluded = NULL;
  677. smartlist_t *usable_ips = NULL;
  678. const hs_descriptor_t *desc;
  679. const hs_desc_encrypted_data_t *enc_data;
  680. const or_options_t *options = get_options();
  681. /* Calculate the onion address for logging purposes */
  682. char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
  683. tor_assert(service_pk);
  684. desc = hs_cache_lookup_as_client(service_pk);
  685. /* Assume the service is v3 if the descriptor is missing. This is ok,
  686. * because we only use the address in log messages */
  687. hs_build_address(service_pk,
  688. desc ? desc->plaintext_data.version : HS_VERSION_THREE,
  689. onion_address);
  690. if (desc == NULL || !hs_client_any_intro_points_usable(service_pk,
  691. desc)) {
  692. log_info(LD_REND, "Unable to randomly select an introduction point "
  693. "for service %s because descriptor %s. We can't connect.",
  694. safe_str_client(onion_address),
  695. (desc) ? "doesn't have any usable intro points"
  696. : "is missing (assuming v3 onion address)");
  697. goto end;
  698. }
  699. enc_data = &desc->encrypted_data;
  700. usable_ips = smartlist_new();
  701. smartlist_add_all(usable_ips, enc_data->intro_points);
  702. while (smartlist_len(usable_ips) != 0) {
  703. int idx;
  704. const hs_desc_intro_point_t *ip;
  705. /* Pick a random intro point and immediately remove it from the usable
  706. * list so we don't pick it again if we have to iterate more. */
  707. idx = crypto_rand_int(smartlist_len(usable_ips));
  708. ip = smartlist_get(usable_ips, idx);
  709. smartlist_del(usable_ips, idx);
  710. /* We need to make sure we have a usable intro points which is in a good
  711. * state in our cache. */
  712. if (!intro_point_is_usable(service_pk, ip)) {
  713. continue;
  714. }
  715. /* Generate an extend info object from the intro point object. */
  716. ei = desc_intro_point_to_extend_info(ip);
  717. if (ei == NULL) {
  718. /* We can get here for instance if the intro point is a private address
  719. * and we aren't allowed to extend to those. */
  720. log_info(LD_REND, "Unable to select introduction point with auth key %s "
  721. "for service %s, because we could not extend to it.",
  722. safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)),
  723. safe_str_client(onion_address));
  724. continue;
  725. }
  726. /* Test the pick against ExcludeNodes. */
  727. if (routerset_contains_extendinfo(options->ExcludeNodes, ei)) {
  728. /* If this pick is in the ExcludeNodes list, we keep its reference so if
  729. * we ever end up not being able to pick anything else and StrictNodes is
  730. * unset, we'll use it. */
  731. if (ei_excluded) {
  732. /* If something was already here free it. After the loop is gone we
  733. * will examine the last excluded intro point, and that's fine since
  734. * that's random anyway */
  735. extend_info_free(ei_excluded);
  736. }
  737. ei_excluded = ei;
  738. continue;
  739. }
  740. /* Good pick! Let's go with this. */
  741. goto end;
  742. }
  743. /* Reaching this point means a couple of things. Either we can't use any of
  744. * the intro point listed because the IP address can't be extended to or it
  745. * is listed in the ExcludeNodes list. In the later case, if StrictNodes is
  746. * set, we are forced to not use anything. */
  747. ei = ei_excluded;
  748. if (options->StrictNodes) {
  749. log_warn(LD_REND, "Every introduction point for service %s is in the "
  750. "ExcludeNodes set and StrictNodes is set. We can't connect.",
  751. safe_str_client(onion_address));
  752. extend_info_free(ei);
  753. ei = NULL;
  754. } else {
  755. log_fn(LOG_PROTOCOL_WARN, LD_REND, "Every introduction point for service "
  756. "%s is unusable or we can't extend to it. We can't connect.",
  757. safe_str_client(onion_address));
  758. }
  759. end:
  760. smartlist_free(usable_ips);
  761. memwipe(onion_address, 0, sizeof(onion_address));
  762. return ei;
  763. }
  764. /* For this introduction circuit, we'll look at if we have any usable
  765. * introduction point left for this service. If so, we'll use the circuit to
  766. * re-extend to a new intro point. Else, we'll close the circuit and its
  767. * corresponding rendezvous circuit. Return 0 if we are re-extending else -1
  768. * if we are closing the circuits.
  769. *
  770. * This is called when getting an INTRODUCE_ACK cell with a NACK. */
  771. static int
  772. close_or_reextend_intro_circ(origin_circuit_t *intro_circ)
  773. {
  774. int ret = -1;
  775. const hs_descriptor_t *desc;
  776. origin_circuit_t *rend_circ;
  777. tor_assert(intro_circ);
  778. desc = hs_cache_lookup_as_client(&intro_circ->hs_ident->identity_pk);
  779. if (BUG(desc == NULL)) {
  780. /* We can't continue without a descriptor. */
  781. goto close;
  782. }
  783. /* We still have the descriptor, great! Let's try to see if we can
  784. * re-extend by looking up if there are any usable intro points. */
  785. if (!hs_client_any_intro_points_usable(&intro_circ->hs_ident->identity_pk,
  786. desc)) {
  787. goto close;
  788. }
  789. /* Try to re-extend now. */
  790. if (hs_client_reextend_intro_circuit(intro_circ) < 0) {
  791. goto close;
  792. }
  793. /* Success on re-extending. Don't return an error. */
  794. ret = 0;
  795. goto end;
  796. close:
  797. /* Change the intro circuit purpose before so we don't report an intro point
  798. * failure again triggering an extra descriptor fetch. The circuit can
  799. * already be closed on failure to re-extend. */
  800. if (!TO_CIRCUIT(intro_circ)->marked_for_close) {
  801. circuit_change_purpose(TO_CIRCUIT(intro_circ),
  802. CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
  803. circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
  804. }
  805. /* Close the related rendezvous circuit. */
  806. rend_circ = hs_circuitmap_get_rend_circ_client_side(
  807. intro_circ->hs_ident->rendezvous_cookie);
  808. /* The rendezvous circuit might have collapsed while the INTRODUCE_ACK was
  809. * inflight so we can't expect one every time. */
  810. if (rend_circ) {
  811. circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_FINISHED);
  812. }
  813. end:
  814. return ret;
  815. }
  816. /* Called when we get an INTRODUCE_ACK success status code. Do the appropriate
  817. * actions for the rendezvous point and finally close intro_circ. */
  818. static void
  819. handle_introduce_ack_success(origin_circuit_t *intro_circ)
  820. {
  821. origin_circuit_t *rend_circ = NULL;
  822. tor_assert(intro_circ);
  823. log_info(LD_REND, "Received INTRODUCE_ACK ack! Informing rendezvous");
  824. /* Get the rendezvous circuit for this rendezvous cookie. */
  825. uint8_t *rendezvous_cookie = intro_circ->hs_ident->rendezvous_cookie;
  826. rend_circ =
  827. hs_circuitmap_get_established_rend_circ_client_side(rendezvous_cookie);
  828. if (rend_circ == NULL) {
  829. log_warn(LD_REND, "Can't find any rendezvous circuit. Stopping");
  830. goto end;
  831. }
  832. assert_circ_anonymity_ok(rend_circ, get_options());
  833. /* It is possible to get a RENDEZVOUS2 cell before the INTRODUCE_ACK which
  834. * means that the circuit will be joined and already transmitting data. In
  835. * that case, simply skip the purpose change and close the intro circuit
  836. * like it should be. */
  837. if (TO_CIRCUIT(rend_circ)->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
  838. goto end;
  839. }
  840. circuit_change_purpose(TO_CIRCUIT(rend_circ),
  841. CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED);
  842. /* Set timestamp_dirty, because circuit_expire_building expects it to
  843. * specify when a circuit entered the
  844. * CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED state. */
  845. TO_CIRCUIT(rend_circ)->timestamp_dirty = time(NULL);
  846. end:
  847. /* We don't need the intro circuit anymore. It did what it had to do! */
  848. circuit_change_purpose(TO_CIRCUIT(intro_circ),
  849. CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
  850. circuit_mark_for_close(TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
  851. /* XXX: Close pending intro circuits we might have in parallel. */
  852. return;
  853. }
  854. /* Called when we get an INTRODUCE_ACK failure status code. Depending on our
  855. * failure cache status, either close the circuit or re-extend to a new
  856. * introduction point. */
  857. static void
  858. handle_introduce_ack_bad(origin_circuit_t *circ, int status)
  859. {
  860. tor_assert(circ);
  861. log_info(LD_REND, "Received INTRODUCE_ACK nack by %s. Reason: %u",
  862. safe_str_client(extend_info_describe(circ->build_state->chosen_exit)),
  863. status);
  864. /* It's a NAK. The introduction point didn't relay our request. */
  865. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_INTRODUCING);
  866. /* Note down this failure in the intro point failure cache. Depending on how
  867. * many times we've tried this intro point, close it or reextend. */
  868. hs_cache_client_intro_state_note(&circ->hs_ident->identity_pk,
  869. &circ->hs_ident->intro_auth_pk,
  870. INTRO_POINT_FAILURE_GENERIC);
  871. }
  872. /* Called when we get an INTRODUCE_ACK on the intro circuit circ. The encoded
  873. * cell is in payload of length payload_len. Return 0 on success else a
  874. * negative value. The circuit is either close or reuse to re-extend to a new
  875. * introduction point. */
  876. static int
  877. handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload,
  878. size_t payload_len)
  879. {
  880. int status, ret = -1;
  881. tor_assert(circ);
  882. tor_assert(circ->build_state);
  883. tor_assert(circ->build_state->chosen_exit);
  884. assert_circ_anonymity_ok(circ, get_options());
  885. tor_assert(payload);
  886. status = hs_cell_parse_introduce_ack(payload, payload_len);
  887. switch (status) {
  888. case HS_CELL_INTRO_ACK_SUCCESS:
  889. ret = 0;
  890. handle_introduce_ack_success(circ);
  891. goto end;
  892. case HS_CELL_INTRO_ACK_FAILURE:
  893. case HS_CELL_INTRO_ACK_BADFMT:
  894. case HS_CELL_INTRO_ACK_NORELAY:
  895. handle_introduce_ack_bad(circ, status);
  896. /* We are going to see if we have to close the circuits (IP and RP) or we
  897. * can re-extend to a new intro point. */
  898. ret = close_or_reextend_intro_circ(circ);
  899. break;
  900. default:
  901. log_info(LD_PROTOCOL, "Unknown INTRODUCE_ACK status code %u from %s",
  902. status,
  903. safe_str_client(extend_info_describe(circ->build_state->chosen_exit)));
  904. break;
  905. }
  906. end:
  907. return ret;
  908. }
  909. /* Called when we get a RENDEZVOUS2 cell on the rendezvous circuit circ. The
  910. * encoded cell is in payload of length payload_len. Return 0 on success or a
  911. * negative value on error. On error, the circuit is marked for close. */
  912. STATIC int
  913. handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload,
  914. size_t payload_len)
  915. {
  916. int ret = -1;
  917. curve25519_public_key_t server_pk;
  918. uint8_t auth_mac[DIGEST256_LEN] = {0};
  919. uint8_t handshake_info[CURVE25519_PUBKEY_LEN + sizeof(auth_mac)] = {0};
  920. hs_ntor_rend_cell_keys_t keys;
  921. const hs_ident_circuit_t *ident;
  922. tor_assert(circ);
  923. tor_assert(payload);
  924. /* Make things easier. */
  925. ident = circ->hs_ident;
  926. tor_assert(ident);
  927. if (hs_cell_parse_rendezvous2(payload, payload_len, handshake_info,
  928. sizeof(handshake_info)) < 0) {
  929. goto err;
  930. }
  931. /* Get from the handshake info the SERVER_PK and AUTH_MAC. */
  932. memcpy(&server_pk, handshake_info, CURVE25519_PUBKEY_LEN);
  933. memcpy(auth_mac, handshake_info + CURVE25519_PUBKEY_LEN, sizeof(auth_mac));
  934. /* Generate the handshake info. */
  935. if (hs_ntor_client_get_rendezvous1_keys(&ident->intro_auth_pk,
  936. &ident->rendezvous_client_kp,
  937. &ident->intro_enc_pk, &server_pk,
  938. &keys) < 0) {
  939. log_info(LD_REND, "Unable to compute the rendezvous keys.");
  940. goto err;
  941. }
  942. /* Critical check, make sure that the MAC matches what we got with what we
  943. * computed just above. */
  944. if (!hs_ntor_client_rendezvous2_mac_is_good(&keys, auth_mac)) {
  945. log_info(LD_REND, "Invalid MAC in RENDEZVOUS2. Rejecting cell.");
  946. goto err;
  947. }
  948. /* Setup the e2e encryption on the circuit and finalize its state. */
  949. if (hs_circuit_setup_e2e_rend_circ(circ, keys.ntor_key_seed,
  950. sizeof(keys.ntor_key_seed), 0) < 0) {
  951. log_info(LD_REND, "Unable to setup the e2e encryption.");
  952. goto err;
  953. }
  954. /* Success. Hidden service connection finalized! */
  955. ret = 0;
  956. goto end;
  957. err:
  958. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  959. end:
  960. memwipe(&keys, 0, sizeof(keys));
  961. return ret;
  962. }
  963. /* Return true iff the client can fetch a descriptor for this service public
  964. * identity key and status_out if not NULL is untouched. If the client can
  965. * _not_ fetch the descriptor and if status_out is not NULL, it is set with
  966. * the fetch status code. */
  967. static unsigned int
  968. can_client_refetch_desc(const ed25519_public_key_t *identity_pk,
  969. hs_client_fetch_status_t *status_out)
  970. {
  971. hs_client_fetch_status_t status;
  972. tor_assert(identity_pk);
  973. /* Are we configured to fetch descriptors? */
  974. if (!get_options()->FetchHidServDescriptors) {
  975. log_warn(LD_REND, "We received an onion address for a hidden service "
  976. "descriptor but we are configured to not fetch.");
  977. status = HS_CLIENT_FETCH_NOT_ALLOWED;
  978. goto cannot;
  979. }
  980. /* Without a live consensus we can't do any client actions. It is needed to
  981. * compute the hashring for a service. */
  982. if (!networkstatus_get_live_consensus(approx_time())) {
  983. log_info(LD_REND, "Can't fetch descriptor for service %s because we "
  984. "are missing a live consensus. Stalling connection.",
  985. safe_str_client(ed25519_fmt(identity_pk)));
  986. status = HS_CLIENT_FETCH_MISSING_INFO;
  987. goto cannot;
  988. }
  989. if (!router_have_minimum_dir_info()) {
  990. log_info(LD_REND, "Can't fetch descriptor for service %s because we "
  991. "dont have enough descriptors. Stalling connection.",
  992. safe_str_client(ed25519_fmt(identity_pk)));
  993. status = HS_CLIENT_FETCH_MISSING_INFO;
  994. goto cannot;
  995. }
  996. /* Check if fetching a desc for this HS is useful to us right now */
  997. {
  998. const hs_descriptor_t *cached_desc = NULL;
  999. cached_desc = hs_cache_lookup_as_client(identity_pk);
  1000. if (cached_desc && hs_client_any_intro_points_usable(identity_pk,
  1001. cached_desc)) {
  1002. log_info(LD_GENERAL, "We would fetch a v3 hidden service descriptor "
  1003. "but we already have a usable descriptor.");
  1004. status = HS_CLIENT_FETCH_HAVE_DESC;
  1005. goto cannot;
  1006. }
  1007. }
  1008. /* Don't try to refetch while we have a pending request for it. */
  1009. if (directory_request_is_pending(identity_pk)) {
  1010. log_info(LD_REND, "Already a pending directory request. Waiting on it.");
  1011. status = HS_CLIENT_FETCH_PENDING;
  1012. goto cannot;
  1013. }
  1014. /* Yes, client can fetch! */
  1015. return 1;
  1016. cannot:
  1017. if (status_out) {
  1018. *status_out = status;
  1019. }
  1020. return 0;
  1021. }
  1022. /* ========== */
  1023. /* Public API */
  1024. /* ========== */
  1025. /** A circuit just finished connecting to a hidden service that the stream
  1026. * <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
  1027. void
  1028. hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn)
  1029. {
  1030. tor_assert(connection_edge_is_rendezvous_stream(conn));
  1031. if (BUG(conn->rend_data && conn->hs_ident)) {
  1032. log_warn(LD_BUG, "Stream had both rend_data and hs_ident..."
  1033. "Prioritizing hs_ident");
  1034. }
  1035. if (conn->hs_ident) { /* It's v3: pass it to the prop224 handler */
  1036. note_connection_attempt_succeeded(conn->hs_ident);
  1037. return;
  1038. } else if (conn->rend_data) { /* It's v2: pass it to the legacy handler */
  1039. rend_client_note_connection_attempt_ended(conn->rend_data);
  1040. return;
  1041. }
  1042. }
  1043. /* With the given encoded descriptor in desc_str and the service key in
  1044. * service_identity_pk, decode the descriptor and set the desc pointer with a
  1045. * newly allocated descriptor object.
  1046. *
  1047. * Return 0 on success else a negative value and desc is set to NULL. */
  1048. int
  1049. hs_client_decode_descriptor(const char *desc_str,
  1050. const ed25519_public_key_t *service_identity_pk,
  1051. hs_descriptor_t **desc)
  1052. {
  1053. int ret;
  1054. uint8_t subcredential[DIGEST256_LEN];
  1055. ed25519_public_key_t blinded_pubkey;
  1056. tor_assert(desc_str);
  1057. tor_assert(service_identity_pk);
  1058. tor_assert(desc);
  1059. /* Create subcredential for this HS so that we can decrypt */
  1060. {
  1061. uint64_t current_time_period = hs_get_time_period_num(0);
  1062. hs_build_blinded_pubkey(service_identity_pk, NULL, 0, current_time_period,
  1063. &blinded_pubkey);
  1064. hs_get_subcredential(service_identity_pk, &blinded_pubkey, subcredential);
  1065. }
  1066. /* Parse descriptor */
  1067. ret = hs_desc_decode_descriptor(desc_str, subcredential, desc);
  1068. memwipe(subcredential, 0, sizeof(subcredential));
  1069. if (ret < 0) {
  1070. log_warn(LD_GENERAL, "Could not parse received descriptor as client.");
  1071. if (get_options()->SafeLogging_ == SAFELOG_SCRUB_NONE) {
  1072. log_warn(LD_GENERAL, "%s", escaped(desc_str));
  1073. }
  1074. goto err;
  1075. }
  1076. /* Make sure the descriptor signing key cross certifies with the computed
  1077. * blinded key. Without this validation, anyone knowing the subcredential
  1078. * and onion address can forge a descriptor. */
  1079. tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
  1080. if (tor_cert_checksig(cert,
  1081. &blinded_pubkey, approx_time()) < 0) {
  1082. log_warn(LD_GENERAL, "Descriptor signing key certificate signature "
  1083. "doesn't validate with computed blinded key: %s",
  1084. tor_cert_describe_signature_status(cert));
  1085. goto err;
  1086. }
  1087. return 0;
  1088. err:
  1089. return -1;
  1090. }
  1091. /* Return true iff there are at least one usable intro point in the service
  1092. * descriptor desc. */
  1093. int
  1094. hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk,
  1095. const hs_descriptor_t *desc)
  1096. {
  1097. tor_assert(service_pk);
  1098. tor_assert(desc);
  1099. SMARTLIST_FOREACH_BEGIN(desc->encrypted_data.intro_points,
  1100. const hs_desc_intro_point_t *, ip) {
  1101. if (intro_point_is_usable(service_pk, ip)) {
  1102. goto usable;
  1103. }
  1104. } SMARTLIST_FOREACH_END(ip);
  1105. return 0;
  1106. usable:
  1107. return 1;
  1108. }
  1109. /** Launch a connection to a hidden service directory to fetch a hidden
  1110. * service descriptor using <b>identity_pk</b> to get the necessary keys.
  1111. *
  1112. * A hs_client_fetch_status_t code is returned. */
  1113. int
  1114. hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
  1115. {
  1116. hs_client_fetch_status_t status;
  1117. tor_assert(identity_pk);
  1118. if (!can_client_refetch_desc(identity_pk, &status)) {
  1119. return status;
  1120. }
  1121. /* Try to fetch the desc and if we encounter an unrecoverable error, mark
  1122. * the desc as unavailable for now. */
  1123. status = fetch_v3_desc(identity_pk);
  1124. if (fetch_status_should_close_socks(status)) {
  1125. close_all_socks_conns_waiting_for_desc(identity_pk, status,
  1126. END_STREAM_REASON_RESOLVEFAILED);
  1127. /* Remove HSDir fetch attempts so that we can retry later if the user
  1128. * wants us to regardless of if we closed any connections. */
  1129. purge_hid_serv_request(identity_pk);
  1130. }
  1131. return status;
  1132. }
  1133. /* This is called when we are trying to attach an AP connection to these
  1134. * hidden service circuits from connection_ap_handshake_attach_circuit().
  1135. * Return 0 on success, -1 for a transient error that is actions were
  1136. * triggered to recover or -2 for a permenent error where both circuits will
  1137. * marked for close.
  1138. *
  1139. * The following supports every hidden service version. */
  1140. int
  1141. hs_client_send_introduce1(origin_circuit_t *intro_circ,
  1142. origin_circuit_t *rend_circ)
  1143. {
  1144. return (intro_circ->hs_ident) ? send_introduce1(intro_circ, rend_circ) :
  1145. rend_client_send_introduction(intro_circ,
  1146. rend_circ);
  1147. }
  1148. /* Called when the client circuit circ has been established. It can be either
  1149. * an introduction or rendezvous circuit. This function handles all hidden
  1150. * service versions. */
  1151. void
  1152. hs_client_circuit_has_opened(origin_circuit_t *circ)
  1153. {
  1154. tor_assert(circ);
  1155. /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
  1156. * identifier hs_ident. Can't be both. */
  1157. switch (TO_CIRCUIT(circ)->purpose) {
  1158. case CIRCUIT_PURPOSE_C_INTRODUCING:
  1159. if (circ->hs_ident) {
  1160. client_intro_circ_has_opened(circ);
  1161. } else {
  1162. rend_client_introcirc_has_opened(circ);
  1163. }
  1164. break;
  1165. case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
  1166. if (circ->hs_ident) {
  1167. client_rendezvous_circ_has_opened(circ);
  1168. } else {
  1169. rend_client_rendcirc_has_opened(circ);
  1170. }
  1171. break;
  1172. default:
  1173. tor_assert_nonfatal_unreached();
  1174. }
  1175. }
  1176. /* Called when we receive a RENDEZVOUS_ESTABLISHED cell. Change the state of
  1177. * the circuit to CIRCUIT_PURPOSE_C_REND_READY. Return 0 on success else a
  1178. * negative value and the circuit marked for close. */
  1179. int
  1180. hs_client_receive_rendezvous_acked(origin_circuit_t *circ,
  1181. const uint8_t *payload, size_t payload_len)
  1182. {
  1183. tor_assert(circ);
  1184. tor_assert(payload);
  1185. (void) payload_len;
  1186. if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
  1187. log_warn(LD_PROTOCOL, "Got a RENDEZVOUS_ESTABLISHED but we were not "
  1188. "expecting one. Closing circuit.");
  1189. goto err;
  1190. }
  1191. log_info(LD_REND, "Received an RENDEZVOUS_ESTABLISHED. This circuit is "
  1192. "now ready for rendezvous.");
  1193. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_REND_READY);
  1194. /* Set timestamp_dirty, because circuit_expire_building expects it to
  1195. * specify when a circuit entered the _C_REND_READY state. */
  1196. TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
  1197. /* From a path bias point of view, this circuit is now successfully used.
  1198. * Waiting any longer opens us up to attacks from malicious hidden services.
  1199. * They could induce the client to attempt to connect to their hidden
  1200. * service and never reply to the client's rend requests */
  1201. pathbias_mark_use_success(circ);
  1202. /* If we already have the introduction circuit built, make sure we send
  1203. * the INTRODUCE cell _now_ */
  1204. connection_ap_attach_pending(1);
  1205. return 0;
  1206. err:
  1207. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  1208. return -1;
  1209. }
  1210. /* This is called when a descriptor has arrived following a fetch request and
  1211. * has been stored in the client cache. Every entry connection that matches
  1212. * the service identity key in the ident will get attached to the hidden
  1213. * service circuit. */
  1214. void
  1215. hs_client_desc_has_arrived(const hs_ident_dir_conn_t *ident)
  1216. {
  1217. time_t now = time(NULL);
  1218. smartlist_t *conns = NULL;
  1219. tor_assert(ident);
  1220. conns = connection_list_by_type_state(CONN_TYPE_AP,
  1221. AP_CONN_STATE_RENDDESC_WAIT);
  1222. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
  1223. const hs_descriptor_t *desc;
  1224. entry_connection_t *entry_conn = TO_ENTRY_CONN(base_conn);
  1225. const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
  1226. /* Only consider the entry connections that matches the service for which
  1227. * we just fetched its descriptor. */
  1228. if (!edge_conn->hs_ident ||
  1229. !ed25519_pubkey_eq(&ident->identity_pk,
  1230. &edge_conn->hs_ident->identity_pk)) {
  1231. continue;
  1232. }
  1233. assert_connection_ok(base_conn, now);
  1234. /* We were just called because we stored the descriptor for this service
  1235. * so not finding a descriptor means we have a bigger problem. */
  1236. desc = hs_cache_lookup_as_client(&ident->identity_pk);
  1237. if (BUG(desc == NULL)) {
  1238. goto end;
  1239. }
  1240. if (!hs_client_any_intro_points_usable(&ident->identity_pk, desc)) {
  1241. log_info(LD_REND, "Hidden service descriptor is unusable. "
  1242. "Closing streams.");
  1243. connection_mark_unattached_ap(entry_conn,
  1244. END_STREAM_REASON_RESOLVEFAILED);
  1245. /* We are unable to use the descriptor so remove the directory request
  1246. * from the cache so the next connection can try again. */
  1247. note_connection_attempt_succeeded(edge_conn->hs_ident);
  1248. goto end;
  1249. }
  1250. log_info(LD_REND, "Descriptor has arrived. Launching circuits.");
  1251. /* Because the connection can now proceed to opening circuit and
  1252. * ultimately connect to the service, reset those timestamp so the
  1253. * connection is considered "fresh" and can continue without being closed
  1254. * too early. */
  1255. base_conn->timestamp_created = now;
  1256. base_conn->timestamp_lastread = now;
  1257. base_conn->timestamp_lastwritten = now;
  1258. /* Change connection's state into waiting for a circuit. */
  1259. base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
  1260. connection_ap_mark_as_pending_circuit(entry_conn);
  1261. } SMARTLIST_FOREACH_END(base_conn);
  1262. end:
  1263. /* We don't have ownership of the objects in this list. */
  1264. smartlist_free(conns);
  1265. }
  1266. /* Return a newly allocated extend_info_t for a randomly chosen introduction
  1267. * point for the given edge connection identifier ident. Return NULL if we
  1268. * can't pick any usable introduction points. */
  1269. extend_info_t *
  1270. hs_client_get_random_intro_from_edge(const edge_connection_t *edge_conn)
  1271. {
  1272. tor_assert(edge_conn);
  1273. return (edge_conn->hs_ident) ?
  1274. client_get_random_intro(&edge_conn->hs_ident->identity_pk) :
  1275. rend_client_get_random_intro(edge_conn->rend_data);
  1276. }
  1277. /* Called when get an INTRODUCE_ACK cell on the introduction circuit circ.
  1278. * Return 0 on success else a negative value is returned. The circuit will be
  1279. * closed or reuse to extend again to another intro point. */
  1280. int
  1281. hs_client_receive_introduce_ack(origin_circuit_t *circ,
  1282. const uint8_t *payload, size_t payload_len)
  1283. {
  1284. int ret = -1;
  1285. tor_assert(circ);
  1286. tor_assert(payload);
  1287. if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
  1288. log_warn(LD_PROTOCOL, "Unexpected INTRODUCE_ACK on circuit %u.",
  1289. (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
  1290. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  1291. goto end;
  1292. }
  1293. ret = (circ->hs_ident) ? handle_introduce_ack(circ, payload, payload_len) :
  1294. rend_client_introduction_acked(circ, payload,
  1295. payload_len);
  1296. /* For path bias: This circuit was used successfully. NACK or ACK counts. */
  1297. pathbias_mark_use_success(circ);
  1298. end:
  1299. return ret;
  1300. }
  1301. /* Called when get a RENDEZVOUS2 cell on the rendezvous circuit circ. Return
  1302. * 0 on success else a negative value is returned. The circuit will be closed
  1303. * on error. */
  1304. int
  1305. hs_client_receive_rendezvous2(origin_circuit_t *circ,
  1306. const uint8_t *payload, size_t payload_len)
  1307. {
  1308. int ret = -1;
  1309. tor_assert(circ);
  1310. tor_assert(payload);
  1311. /* Circuit can possibly be in both state because we could receive a
  1312. * RENDEZVOUS2 cell before the INTRODUCE_ACK has been received. */
  1313. if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_REND_READY &&
  1314. TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) {
  1315. log_warn(LD_PROTOCOL, "Unexpected RENDEZVOUS2 cell on circuit %u. "
  1316. "Closing circuit.",
  1317. (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
  1318. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  1319. goto end;
  1320. }
  1321. log_info(LD_REND, "Got RENDEZVOUS2 cell from hidden service on circuit %u.",
  1322. TO_CIRCUIT(circ)->n_circ_id);
  1323. ret = (circ->hs_ident) ? handle_rendezvous2(circ, payload, payload_len) :
  1324. rend_client_receive_rendezvous(circ, payload,
  1325. payload_len);
  1326. end:
  1327. return ret;
  1328. }
  1329. /* Extend the introduction circuit circ to another valid introduction point
  1330. * for the hidden service it is trying to connect to, or mark it and launch a
  1331. * new circuit if we can't extend it. Return 0 on success or possible
  1332. * success. Return -1 and mark the introduction circuit for close on permanent
  1333. * failure.
  1334. *
  1335. * On failure, the caller is responsible for marking the associated rendezvous
  1336. * circuit for close. */
  1337. int
  1338. hs_client_reextend_intro_circuit(origin_circuit_t *circ)
  1339. {
  1340. int ret = -1;
  1341. extend_info_t *ei;
  1342. tor_assert(circ);
  1343. ei = (circ->hs_ident) ?
  1344. client_get_random_intro(&circ->hs_ident->identity_pk) :
  1345. rend_client_get_random_intro(circ->rend_data);
  1346. if (ei == NULL) {
  1347. log_warn(LD_REND, "No usable introduction points left. Closing.");
  1348. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
  1349. goto end;
  1350. }
  1351. if (circ->remaining_relay_early_cells) {
  1352. log_info(LD_REND, "Re-extending circ %u, this time to %s.",
  1353. (unsigned int) TO_CIRCUIT(circ)->n_circ_id,
  1354. safe_str_client(extend_info_describe(ei)));
  1355. ret = circuit_extend_to_new_exit(circ, ei);
  1356. if (ret == 0) {
  1357. /* We were able to extend so update the timestamp so we avoid expiring
  1358. * this circuit too early. The intro circuit is short live so the
  1359. * linkability issue is minimized, we just need the circuit to hold a
  1360. * bit longer so we can introduce. */
  1361. TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
  1362. }
  1363. } else {
  1364. log_info(LD_REND, "Closing intro circ %u (out of RELAY_EARLY cells).",
  1365. (unsigned int) TO_CIRCUIT(circ)->n_circ_id);
  1366. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
  1367. /* connection_ap_handshake_attach_circuit will launch a new intro circ. */
  1368. ret = 0;
  1369. }
  1370. end:
  1371. extend_info_free(ei);
  1372. return ret;
  1373. }
  1374. /* Release all the storage held by the client subsystem. */
  1375. void
  1376. hs_client_free_all(void)
  1377. {
  1378. /* Purge the hidden service request cache. */
  1379. hs_purge_last_hid_serv_requests();
  1380. }
  1381. /* Purge all potentially remotely-detectable state held in the hidden
  1382. * service client code. Called on SIGNAL NEWNYM. */
  1383. void
  1384. hs_client_purge_state(void)
  1385. {
  1386. /* v2 subsystem. */
  1387. rend_client_purge_state();
  1388. /* Cancel all descriptor fetches. Do this first so once done we are sure
  1389. * that our descriptor cache won't modified. */
  1390. cancel_descriptor_fetches();
  1391. /* Purge the introduction point state cache. */
  1392. hs_cache_client_intro_state_purge();
  1393. /* Purge the descriptor cache. */
  1394. hs_cache_purge_as_client();
  1395. /* Purge the last hidden service request cache. */
  1396. hs_purge_last_hid_serv_requests();
  1397. log_info(LD_REND, "Hidden service client state has been purged.");
  1398. }
  1399. /* Called when our directory information has changed. */
  1400. void
  1401. hs_client_dir_info_changed(void)
  1402. {
  1403. /* We have possibly reached the minimum directory information or new
  1404. * consensus so retry all pending SOCKS connection in
  1405. * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
  1406. retry_all_socks_conn_waiting_for_desc();
  1407. }