rendclient.c 57 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554
  1. /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  2. * Copyright (c) 2007-2016, The Tor Project, Inc. */
  3. /* See LICENSE for licensing information */
  4. /**
  5. * \file rendclient.c
  6. * \brief Client code to access location-hidden services.
  7. **/
  8. #include "or.h"
  9. #include "circpathbias.h"
  10. #include "circuitbuild.h"
  11. #include "circuitlist.h"
  12. #include "circuituse.h"
  13. #include "config.h"
  14. #include "connection.h"
  15. #include "connection_edge.h"
  16. #include "directory.h"
  17. #include "main.h"
  18. #include "networkstatus.h"
  19. #include "nodelist.h"
  20. #include "relay.h"
  21. #include "rendclient.h"
  22. #include "rendcommon.h"
  23. #include "rephist.h"
  24. #include "router.h"
  25. #include "routerlist.h"
  26. #include "routerset.h"
  27. #include "control.h"
  28. static extend_info_t *rend_client_get_random_intro_impl(
  29. const rend_cache_entry_t *rend_query,
  30. const int strict, const int warnings);
  31. /** Purge all potentially remotely-detectable state held in the hidden
  32. * service client code. Called on SIGNAL NEWNYM. */
  33. void
  34. rend_client_purge_state(void)
  35. {
  36. rend_cache_purge();
  37. rend_cache_failure_purge();
  38. rend_client_cancel_descriptor_fetches();
  39. rend_client_purge_last_hid_serv_requests();
  40. }
  41. /** Called when we've established a circuit to an introduction point:
  42. * send the introduction request. */
  43. void
  44. rend_client_introcirc_has_opened(origin_circuit_t *circ)
  45. {
  46. tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
  47. tor_assert(circ->cpath);
  48. log_info(LD_REND,"introcirc is open");
  49. connection_ap_attach_pending(1);
  50. }
  51. /** Send the establish-rendezvous cell along a rendezvous circuit. if
  52. * it fails, mark the circ for close and return -1. else return 0.
  53. */
  54. static int
  55. rend_client_send_establish_rendezvous(origin_circuit_t *circ)
  56. {
  57. tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
  58. tor_assert(circ->rend_data);
  59. log_info(LD_REND, "Sending an ESTABLISH_RENDEZVOUS cell");
  60. crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN);
  61. /* Set timestamp_dirty, because circuit_expire_building expects it,
  62. * and the rend cookie also means we've used the circ. */
  63. circ->base_.timestamp_dirty = time(NULL);
  64. /* We've attempted to use this circuit. Probe it if we fail */
  65. pathbias_count_use_attempt(circ);
  66. if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
  67. RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
  68. circ->rend_data->rend_cookie,
  69. REND_COOKIE_LEN,
  70. circ->cpath->prev)<0) {
  71. /* circ is already marked for close */
  72. log_warn(LD_GENERAL, "Couldn't send ESTABLISH_RENDEZVOUS cell");
  73. return -1;
  74. }
  75. return 0;
  76. }
  77. /** Extend the introduction circuit <b>circ</b> to another valid
  78. * introduction point for the hidden service it is trying to connect
  79. * to, or mark it and launch a new circuit if we can't extend it.
  80. * Return 0 on success or possible success. Return -1 and mark the
  81. * introduction circuit for close on permanent failure.
  82. *
  83. * On failure, the caller is responsible for marking the associated
  84. * rendezvous circuit for close. */
  85. static int
  86. rend_client_reextend_intro_circuit(origin_circuit_t *circ)
  87. {
  88. extend_info_t *extend_info;
  89. int result;
  90. extend_info = rend_client_get_random_intro(circ->rend_data);
  91. if (!extend_info) {
  92. log_warn(LD_REND,
  93. "No usable introduction points left for %s. Closing.",
  94. safe_str_client(circ->rend_data->onion_address));
  95. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
  96. return -1;
  97. }
  98. // XXX: should we not re-extend if hs_circ_has_timed_out?
  99. if (circ->remaining_relay_early_cells) {
  100. log_info(LD_REND,
  101. "Re-extending circ %u, this time to %s.",
  102. (unsigned)circ->base_.n_circ_id,
  103. safe_str_client(extend_info_describe(extend_info)));
  104. result = circuit_extend_to_new_exit(circ, extend_info);
  105. } else {
  106. log_info(LD_REND,
  107. "Closing intro circ %u (out of RELAY_EARLY cells).",
  108. (unsigned)circ->base_.n_circ_id);
  109. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
  110. /* connection_ap_handshake_attach_circuit will launch a new intro circ. */
  111. result = 0;
  112. }
  113. extend_info_free(extend_info);
  114. return result;
  115. }
  116. /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
  117. * down introcirc if possible.
  118. */
  119. int
  120. rend_client_send_introduction(origin_circuit_t *introcirc,
  121. origin_circuit_t *rendcirc)
  122. {
  123. size_t payload_len;
  124. int r, v3_shift = 0;
  125. char payload[RELAY_PAYLOAD_SIZE];
  126. char tmp[RELAY_PAYLOAD_SIZE];
  127. rend_cache_entry_t *entry = NULL;
  128. crypt_path_t *cpath;
  129. off_t dh_offset;
  130. crypto_pk_t *intro_key = NULL;
  131. int status = 0;
  132. tor_assert(introcirc->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
  133. tor_assert(rendcirc->base_.purpose == CIRCUIT_PURPOSE_C_REND_READY);
  134. tor_assert(introcirc->rend_data);
  135. tor_assert(rendcirc->rend_data);
  136. tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address,
  137. rendcirc->rend_data->onion_address));
  138. #ifndef NON_ANONYMOUS_MODE_ENABLED
  139. tor_assert(!(introcirc->build_state->onehop_tunnel));
  140. tor_assert(!(rendcirc->build_state->onehop_tunnel));
  141. #endif
  142. r = rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
  143. &entry);
  144. /* An invalid onion address is not possible else we have a big issue. */
  145. tor_assert(r != -EINVAL);
  146. if (r < 0 || !rend_client_any_intro_points_usable(entry)) {
  147. /* If the descriptor is not found or the intro points are not usable
  148. * anymore, trigger a fetch. */
  149. log_info(LD_REND,
  150. "query %s didn't have valid rend desc in cache. "
  151. "Refetching descriptor.",
  152. safe_str_client(introcirc->rend_data->onion_address));
  153. rend_client_refetch_v2_renddesc(introcirc->rend_data);
  154. {
  155. connection_t *conn;
  156. while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
  157. AP_CONN_STATE_CIRCUIT_WAIT,
  158. introcirc->rend_data->onion_address))) {
  159. connection_ap_mark_as_non_pending_circuit(TO_ENTRY_CONN(conn));
  160. conn->state = AP_CONN_STATE_RENDDESC_WAIT;
  161. }
  162. }
  163. status = -1;
  164. goto cleanup;
  165. }
  166. /* first 20 bytes of payload are the hash of the service's pk */
  167. intro_key = NULL;
  168. SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *,
  169. intro, {
  170. if (tor_memeq(introcirc->build_state->chosen_exit->identity_digest,
  171. intro->extend_info->identity_digest, DIGEST_LEN)) {
  172. intro_key = intro->intro_key;
  173. break;
  174. }
  175. });
  176. if (!intro_key) {
  177. log_info(LD_REND, "Could not find intro key for %s at %s; we "
  178. "have a v2 rend desc with %d intro points. "
  179. "Trying a different intro point...",
  180. safe_str_client(introcirc->rend_data->onion_address),
  181. safe_str_client(extend_info_describe(
  182. introcirc->build_state->chosen_exit)),
  183. smartlist_len(entry->parsed->intro_nodes));
  184. if (rend_client_reextend_intro_circuit(introcirc)) {
  185. status = -2;
  186. goto perm_err;
  187. } else {
  188. status = -1;
  189. goto cleanup;
  190. }
  191. }
  192. if (crypto_pk_get_digest(intro_key, payload)<0) {
  193. log_warn(LD_BUG, "Internal error: couldn't hash public key.");
  194. status = -2;
  195. goto perm_err;
  196. }
  197. /* Initialize the pending_final_cpath and start the DH handshake. */
  198. cpath = rendcirc->build_state->pending_final_cpath;
  199. if (!cpath) {
  200. cpath = rendcirc->build_state->pending_final_cpath =
  201. tor_malloc_zero(sizeof(crypt_path_t));
  202. cpath->magic = CRYPT_PATH_MAGIC;
  203. if (!(cpath->rend_dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) {
  204. log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
  205. status = -2;
  206. goto perm_err;
  207. }
  208. if (crypto_dh_generate_public(cpath->rend_dh_handshake_state)<0) {
  209. log_warn(LD_BUG, "Internal error: couldn't generate g^x.");
  210. status = -2;
  211. goto perm_err;
  212. }
  213. }
  214. /* If version is 3, write (optional) auth data and timestamp. */
  215. if (entry->parsed->protocols & (1<<3)) {
  216. tmp[0] = 3; /* version 3 of the cell format */
  217. tmp[1] = (uint8_t)introcirc->rend_data->auth_type; /* auth type, if any */
  218. v3_shift = 1;
  219. if (introcirc->rend_data->auth_type != REND_NO_AUTH) {
  220. set_uint16(tmp+2, htons(REND_DESC_COOKIE_LEN));
  221. memcpy(tmp+4, introcirc->rend_data->descriptor_cookie,
  222. REND_DESC_COOKIE_LEN);
  223. v3_shift += 2+REND_DESC_COOKIE_LEN;
  224. }
  225. /* Once this held a timestamp. */
  226. set_uint32(tmp+v3_shift+1, 0);
  227. v3_shift += 4;
  228. } /* if version 2 only write version number */
  229. else if (entry->parsed->protocols & (1<<2)) {
  230. tmp[0] = 2; /* version 2 of the cell format */
  231. }
  232. /* write the remaining items into tmp */
  233. if (entry->parsed->protocols & (1<<3) || entry->parsed->protocols & (1<<2)) {
  234. /* version 2 format */
  235. extend_info_t *extend_info = rendcirc->build_state->chosen_exit;
  236. int klen;
  237. /* nul pads */
  238. set_uint32(tmp+v3_shift+1, tor_addr_to_ipv4n(&extend_info->addr));
  239. set_uint16(tmp+v3_shift+5, htons(extend_info->port));
  240. memcpy(tmp+v3_shift+7, extend_info->identity_digest, DIGEST_LEN);
  241. klen = crypto_pk_asn1_encode(extend_info->onion_key,
  242. tmp+v3_shift+7+DIGEST_LEN+2,
  243. sizeof(tmp)-(v3_shift+7+DIGEST_LEN+2));
  244. set_uint16(tmp+v3_shift+7+DIGEST_LEN, htons(klen));
  245. memcpy(tmp+v3_shift+7+DIGEST_LEN+2+klen, rendcirc->rend_data->rend_cookie,
  246. REND_COOKIE_LEN);
  247. dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN;
  248. } else {
  249. /* Version 0. */
  250. strncpy(tmp, rendcirc->build_state->chosen_exit->nickname,
  251. (MAX_NICKNAME_LEN+1)); /* nul pads */
  252. memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie,
  253. REND_COOKIE_LEN);
  254. dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN;
  255. }
  256. if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset,
  257. DH_KEY_LEN)<0) {
  258. log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
  259. status = -2;
  260. goto perm_err;
  261. }
  262. note_crypto_pk_op(REND_CLIENT);
  263. /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
  264. * to avoid buffer overflows? */
  265. r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
  266. sizeof(payload)-DIGEST_LEN,
  267. tmp,
  268. (int)(dh_offset+DH_KEY_LEN),
  269. PK_PKCS1_OAEP_PADDING, 0);
  270. if (r<0) {
  271. log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
  272. status = -2;
  273. goto perm_err;
  274. }
  275. payload_len = DIGEST_LEN + r;
  276. tor_assert(payload_len <= RELAY_PAYLOAD_SIZE); /* we overran something */
  277. /* Copy the rendezvous cookie from rendcirc to introcirc, so that
  278. * when introcirc gets an ack, we can change the state of the right
  279. * rendezvous circuit. */
  280. memcpy(introcirc->rend_data->rend_cookie, rendcirc->rend_data->rend_cookie,
  281. REND_COOKIE_LEN);
  282. log_info(LD_REND, "Sending an INTRODUCE1 cell");
  283. if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc),
  284. RELAY_COMMAND_INTRODUCE1,
  285. payload, payload_len,
  286. introcirc->cpath->prev)<0) {
  287. /* introcirc is already marked for close. leave rendcirc alone. */
  288. log_warn(LD_BUG, "Couldn't send INTRODUCE1 cell");
  289. status = -2;
  290. goto cleanup;
  291. }
  292. /* Now, we wait for an ACK or NAK on this circuit. */
  293. circuit_change_purpose(TO_CIRCUIT(introcirc),
  294. CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT);
  295. /* Set timestamp_dirty, because circuit_expire_building expects it
  296. * to specify when a circuit entered the _C_INTRODUCE_ACK_WAIT
  297. * state. */
  298. introcirc->base_.timestamp_dirty = time(NULL);
  299. pathbias_count_use_attempt(introcirc);
  300. goto cleanup;
  301. perm_err:
  302. if (!introcirc->base_.marked_for_close)
  303. circuit_mark_for_close(TO_CIRCUIT(introcirc), END_CIRC_REASON_INTERNAL);
  304. circuit_mark_for_close(TO_CIRCUIT(rendcirc), END_CIRC_REASON_INTERNAL);
  305. cleanup:
  306. memwipe(payload, 0, sizeof(payload));
  307. memwipe(tmp, 0, sizeof(tmp));
  308. return status;
  309. }
  310. /** Called when a rendezvous circuit is open; sends a establish
  311. * rendezvous circuit as appropriate. */
  312. void
  313. rend_client_rendcirc_has_opened(origin_circuit_t *circ)
  314. {
  315. tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
  316. log_info(LD_REND,"rendcirc is open");
  317. /* generate a rendezvous cookie, store it in circ */
  318. if (rend_client_send_establish_rendezvous(circ) < 0) {
  319. return;
  320. }
  321. }
  322. /**
  323. * Called to close other intro circuits we launched in parallel.
  324. */
  325. static void
  326. rend_client_close_other_intros(const char *onion_address)
  327. {
  328. /* abort parallel intro circs, if any */
  329. SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c) {
  330. if ((c->purpose == CIRCUIT_PURPOSE_C_INTRODUCING ||
  331. c->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) &&
  332. !c->marked_for_close && CIRCUIT_IS_ORIGIN(c)) {
  333. origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(c);
  334. if (oc->rend_data &&
  335. !rend_cmp_service_ids(onion_address,
  336. oc->rend_data->onion_address)) {
  337. log_info(LD_REND|LD_CIRC, "Closing introduction circuit %d that we "
  338. "built in parallel (Purpose %d).", oc->global_identifier,
  339. c->purpose);
  340. circuit_mark_for_close(c, END_CIRC_REASON_IP_NOW_REDUNDANT);
  341. }
  342. }
  343. }
  344. SMARTLIST_FOREACH_END(c);
  345. }
  346. /** Called when get an ACK or a NAK for a REND_INTRODUCE1 cell.
  347. */
  348. int
  349. rend_client_introduction_acked(origin_circuit_t *circ,
  350. const uint8_t *request, size_t request_len)
  351. {
  352. origin_circuit_t *rendcirc;
  353. (void) request; // XXXX Use this.
  354. if (circ->base_.purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
  355. log_warn(LD_PROTOCOL,
  356. "Received REND_INTRODUCE_ACK on unexpected circuit %u.",
  357. (unsigned)circ->base_.n_circ_id);
  358. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  359. return -1;
  360. }
  361. tor_assert(circ->build_state->chosen_exit);
  362. #ifndef NON_ANONYMOUS_MODE_ENABLED
  363. tor_assert(!(circ->build_state->onehop_tunnel));
  364. #endif
  365. tor_assert(circ->rend_data);
  366. /* For path bias: This circuit was used successfully. Valid
  367. * nacks and acks count. */
  368. pathbias_mark_use_success(circ);
  369. if (request_len == 0) {
  370. /* It's an ACK; the introduction point relayed our introduction request. */
  371. /* Locate the rend circ which is waiting to hear about this ack,
  372. * and tell it.
  373. */
  374. log_info(LD_REND,"Received ack. Telling rend circ...");
  375. rendcirc = circuit_get_ready_rend_circ_by_rend_data(circ->rend_data);
  376. if (rendcirc) { /* remember the ack */
  377. #ifndef NON_ANONYMOUS_MODE_ENABLED
  378. tor_assert(!(rendcirc->build_state->onehop_tunnel));
  379. #endif
  380. circuit_change_purpose(TO_CIRCUIT(rendcirc),
  381. CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED);
  382. /* Set timestamp_dirty, because circuit_expire_building expects
  383. * it to specify when a circuit entered the
  384. * _C_REND_READY_INTRO_ACKED state. */
  385. rendcirc->base_.timestamp_dirty = time(NULL);
  386. } else {
  387. log_info(LD_REND,"...Found no rend circ. Dropping on the floor.");
  388. }
  389. /* close the circuit: we won't need it anymore. */
  390. circuit_change_purpose(TO_CIRCUIT(circ),
  391. CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
  392. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
  393. /* close any other intros launched in parallel */
  394. rend_client_close_other_intros(circ->rend_data->onion_address);
  395. } else {
  396. /* It's a NAK; the introduction point didn't relay our request. */
  397. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_INTRODUCING);
  398. /* Remove this intro point from the set of viable introduction
  399. * points. If any remain, extend to a new one and try again.
  400. * If none remain, refetch the service descriptor.
  401. */
  402. log_info(LD_REND, "Got nack for %s from %s...",
  403. safe_str_client(circ->rend_data->onion_address),
  404. safe_str_client(extend_info_describe(circ->build_state->chosen_exit)));
  405. if (rend_client_report_intro_point_failure(circ->build_state->chosen_exit,
  406. circ->rend_data,
  407. INTRO_POINT_FAILURE_GENERIC)>0) {
  408. /* There are introduction points left. Re-extend the circuit to
  409. * another intro point and try again. */
  410. int result = rend_client_reextend_intro_circuit(circ);
  411. /* XXXX If that call failed, should we close the rend circuit,
  412. * too? */
  413. return result;
  414. } else {
  415. /* Close circuit because no more intro points are usable thus not
  416. * useful anymore. Change it's purpose before so we don't report an
  417. * intro point failure again triggering an extra descriptor fetch. */
  418. circuit_change_purpose(TO_CIRCUIT(circ),
  419. CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
  420. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
  421. }
  422. }
  423. return 0;
  424. }
  425. /** The period for which a hidden service directory cannot be queried for
  426. * the same descriptor ID again. */
  427. #define REND_HID_SERV_DIR_REQUERY_PERIOD (15 * 60)
  428. /** Contains the last request times to hidden service directories for
  429. * certain queries; each key is a string consisting of the
  430. * concatenation of a base32-encoded HS directory identity digest and
  431. * base32-encoded HS descriptor ID; each value is a pointer to a time_t
  432. * holding the time of the last request for that descriptor ID to that
  433. * HS directory. */
  434. static strmap_t *last_hid_serv_requests_ = NULL;
  435. /** Returns last_hid_serv_requests_, initializing it to a new strmap if
  436. * necessary. */
  437. static strmap_t *
  438. get_last_hid_serv_requests(void)
  439. {
  440. if (!last_hid_serv_requests_)
  441. last_hid_serv_requests_ = strmap_new();
  442. return last_hid_serv_requests_;
  443. }
  444. #define LAST_HID_SERV_REQUEST_KEY_LEN (REND_DESC_ID_V2_LEN_BASE32 + \
  445. REND_DESC_ID_V2_LEN_BASE32)
  446. /** Look up the last request time to hidden service directory <b>hs_dir</b>
  447. * for descriptor ID <b>desc_id_base32</b>. If <b>set</b> is non-zero,
  448. * assign the current time <b>now</b> and return that. Otherwise, return the
  449. * most recent request time, or 0 if no such request has been sent before.
  450. */
  451. static time_t
  452. lookup_last_hid_serv_request(routerstatus_t *hs_dir,
  453. const char *desc_id_base32,
  454. time_t now, int set)
  455. {
  456. char hsdir_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  457. char hsdir_desc_comb_id[LAST_HID_SERV_REQUEST_KEY_LEN + 1];
  458. time_t *last_request_ptr;
  459. strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
  460. base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
  461. hs_dir->identity_digest, DIGEST_LEN);
  462. tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s",
  463. hsdir_id_base32,
  464. desc_id_base32);
  465. /* XXX023 tor_assert(strlen(hsdir_desc_comb_id) ==
  466. LAST_HID_SERV_REQUEST_KEY_LEN); */
  467. if (set) {
  468. time_t *oldptr;
  469. last_request_ptr = tor_malloc_zero(sizeof(time_t));
  470. *last_request_ptr = now;
  471. oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
  472. last_request_ptr);
  473. tor_free(oldptr);
  474. } else
  475. last_request_ptr = strmap_get_lc(last_hid_serv_requests,
  476. hsdir_desc_comb_id);
  477. return (last_request_ptr) ? *last_request_ptr : 0;
  478. }
  479. /** Clean the history of request times to hidden service directories, so that
  480. * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
  481. * seconds any more. */
  482. static void
  483. directory_clean_last_hid_serv_requests(time_t now)
  484. {
  485. strmap_iter_t *iter;
  486. time_t cutoff = now - REND_HID_SERV_DIR_REQUERY_PERIOD;
  487. strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
  488. for (iter = strmap_iter_init(last_hid_serv_requests);
  489. !strmap_iter_done(iter); ) {
  490. const char *key;
  491. void *val;
  492. time_t *ent;
  493. strmap_iter_get(iter, &key, &val);
  494. ent = (time_t *) val;
  495. if (*ent < cutoff) {
  496. iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
  497. tor_free(ent);
  498. } else {
  499. iter = strmap_iter_next(last_hid_serv_requests, iter);
  500. }
  501. }
  502. }
  503. /** Remove all requests related to the descriptor ID <b>desc_id</b> from the
  504. * history of times of requests to hidden service directories.
  505. * <b>desc_id</b> is an unencoded descriptor ID of size DIGEST_LEN.
  506. *
  507. * This is called from rend_client_note_connection_attempt_ended(), which
  508. * must be idempotent, so any future changes to this function must leave it
  509. * idempotent too. */
  510. static void
  511. purge_hid_serv_from_last_hid_serv_requests(const char *desc_id)
  512. {
  513. strmap_iter_t *iter;
  514. strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
  515. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  516. /* Key is stored with the base32 encoded desc_id. */
  517. base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
  518. DIGEST_LEN);
  519. for (iter = strmap_iter_init(last_hid_serv_requests);
  520. !strmap_iter_done(iter); ) {
  521. const char *key;
  522. void *val;
  523. strmap_iter_get(iter, &key, &val);
  524. /* XXX023 tor_assert(strlen(key) == LAST_HID_SERV_REQUEST_KEY_LEN); */
  525. if (tor_memeq(key + LAST_HID_SERV_REQUEST_KEY_LEN -
  526. REND_DESC_ID_V2_LEN_BASE32,
  527. desc_id_base32,
  528. REND_DESC_ID_V2_LEN_BASE32)) {
  529. iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
  530. tor_free(val);
  531. } else {
  532. iter = strmap_iter_next(last_hid_serv_requests, iter);
  533. }
  534. }
  535. }
  536. /** Purge the history of request times to hidden service directories,
  537. * so that future lookups of an HS descriptor will not fail because we
  538. * accessed all of the HSDir relays responsible for the descriptor
  539. * recently. */
  540. void
  541. rend_client_purge_last_hid_serv_requests(void)
  542. {
  543. /* Don't create the table if it doesn't exist yet (and it may very
  544. * well not exist if the user hasn't accessed any HSes)... */
  545. strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
  546. /* ... and let get_last_hid_serv_requests re-create it for us if
  547. * necessary. */
  548. last_hid_serv_requests_ = NULL;
  549. if (old_last_hid_serv_requests != NULL) {
  550. log_info(LD_REND, "Purging client last-HS-desc-request-time table");
  551. strmap_free(old_last_hid_serv_requests, tor_free_);
  552. }
  553. }
  554. /** This returns a good valid hs dir that should be used for the given
  555. * descriptor id.
  556. *
  557. * Return NULL on error else the hsdir node pointer. */
  558. static routerstatus_t *
  559. pick_hsdir(const char *desc_id, const char *desc_id_base32)
  560. {
  561. smartlist_t *responsible_dirs = smartlist_new();
  562. smartlist_t *usable_responsible_dirs = smartlist_new();
  563. const or_options_t *options = get_options();
  564. routerstatus_t *hs_dir;
  565. time_t now = time(NULL);
  566. int excluded_some;
  567. tor_assert(desc_id);
  568. tor_assert(desc_id_base32);
  569. /* Determine responsible dirs. Even if we can't get all we want, work with
  570. * the ones we have. If it's empty, we'll notice below. */
  571. hid_serv_get_responsible_directories(responsible_dirs, desc_id);
  572. /* Clean request history first. */
  573. directory_clean_last_hid_serv_requests(now);
  574. /* Only select those hidden service directories to which we did not send a
  575. * request recently and for which we have a router descriptor here. */
  576. SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
  577. time_t last = lookup_last_hid_serv_request(dir, desc_id_base32,
  578. 0, 0);
  579. const node_t *node = node_get_by_id(dir->identity_digest);
  580. if (last + REND_HID_SERV_DIR_REQUERY_PERIOD >= now ||
  581. !node || !node_has_descriptor(node)) {
  582. SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
  583. continue;
  584. }
  585. if (!routerset_contains_node(options->ExcludeNodes, node)) {
  586. smartlist_add(usable_responsible_dirs, dir);
  587. }
  588. } SMARTLIST_FOREACH_END(dir);
  589. excluded_some =
  590. smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
  591. hs_dir = smartlist_choose(usable_responsible_dirs);
  592. if (!hs_dir && !options->StrictNodes) {
  593. hs_dir = smartlist_choose(responsible_dirs);
  594. }
  595. smartlist_free(responsible_dirs);
  596. smartlist_free(usable_responsible_dirs);
  597. if (!hs_dir) {
  598. log_info(LD_REND, "Could not pick one of the responsible hidden "
  599. "service directories, because we requested them all "
  600. "recently without success.");
  601. if (options->StrictNodes && excluded_some) {
  602. log_warn(LD_REND, "Could not pick a hidden service directory for the "
  603. "requested hidden service: they are all either down or "
  604. "excluded, and StrictNodes is set.");
  605. }
  606. } else {
  607. /* Remember that we are requesting a descriptor from this hidden service
  608. * directory now. */
  609. lookup_last_hid_serv_request(hs_dir, desc_id_base32, now, 1);
  610. }
  611. return hs_dir;
  612. }
  613. /** Determine the responsible hidden service directories for <b>desc_id</b>
  614. * and fetch the descriptor with that ID from one of them. Only
  615. * send a request to a hidden service directory that we have not yet tried
  616. * during this attempt to connect to this hidden service; on success, return 1,
  617. * in the case that no hidden service directory is left to ask for the
  618. * descriptor, return 0, and in case of a failure -1. */
  619. static int
  620. directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query,
  621. routerstatus_t *rs_hsdir)
  622. {
  623. routerstatus_t *hs_dir = rs_hsdir;
  624. char *hsdir_fp;
  625. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  626. char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
  627. #ifdef ENABLE_TOR2WEB_MODE
  628. const int tor2web_mode = get_options()->Tor2webMode;
  629. const int how_to_fetch = tor2web_mode ? DIRIND_ONEHOP : DIRIND_ANONYMOUS;
  630. #else
  631. const int how_to_fetch = DIRIND_ANONYMOUS;
  632. #endif
  633. tor_assert(desc_id);
  634. base32_encode(desc_id_base32, sizeof(desc_id_base32),
  635. desc_id, DIGEST_LEN);
  636. /* Automatically pick an hs dir if none given. */
  637. if (!rs_hsdir) {
  638. hs_dir = pick_hsdir(desc_id, desc_id_base32);
  639. if (!hs_dir) {
  640. /* No suitable hs dir can be found, stop right now. */
  641. return 0;
  642. }
  643. }
  644. /* Add a copy of the HSDir identity digest to the query so we can track it
  645. * on the control port. */
  646. hsdir_fp = tor_memdup(hs_dir->identity_digest,
  647. sizeof(hs_dir->identity_digest));
  648. smartlist_add(rend_query->hsdirs_fp, hsdir_fp);
  649. /* Encode descriptor cookie for logging purposes. Also, if the cookie is
  650. * malformed, no fetch is triggered thus this needs to be done before the
  651. * fetch request. */
  652. if (rend_query->auth_type != REND_NO_AUTH) {
  653. if (base64_encode(descriptor_cookie_base64,
  654. sizeof(descriptor_cookie_base64),
  655. rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN,
  656. 0)<0) {
  657. log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
  658. return 0;
  659. }
  660. /* Remove == signs. */
  661. descriptor_cookie_base64[strlen(descriptor_cookie_base64)-2] = '\0';
  662. } else {
  663. strlcpy(descriptor_cookie_base64, "(none)",
  664. sizeof(descriptor_cookie_base64));
  665. }
  666. /* Send fetch request. (Pass query and possibly descriptor cookie so that
  667. * they can be written to the directory connection and be referred to when
  668. * the response arrives. */
  669. directory_initiate_command_routerstatus_rend(hs_dir,
  670. DIR_PURPOSE_FETCH_RENDDESC_V2,
  671. ROUTER_PURPOSE_GENERAL,
  672. how_to_fetch,
  673. desc_id_base32,
  674. NULL, 0, 0,
  675. rend_query);
  676. log_info(LD_REND, "Sending fetch request for v2 descriptor for "
  677. "service '%s' with descriptor ID '%s', auth type %d, "
  678. "and descriptor cookie '%s' to hidden service "
  679. "directory %s",
  680. rend_query->onion_address, desc_id_base32,
  681. rend_query->auth_type,
  682. (rend_query->auth_type == REND_NO_AUTH ? "[none]" :
  683. escaped_safe_str_client(descriptor_cookie_base64)),
  684. routerstatus_describe(hs_dir));
  685. control_event_hs_descriptor_requested(rend_query,
  686. hs_dir->identity_digest,
  687. desc_id_base32);
  688. return 1;
  689. }
  690. /** Fetch a v2 descriptor using the given descriptor id. If any hsdir(s) are
  691. * given, they will be used instead.
  692. *
  693. * On success, 1 is returned. If no hidden service is left to ask, return 0.
  694. * On error, -1 is returned. */
  695. static int
  696. fetch_v2_desc_by_descid(const char *desc_id, const rend_data_t *rend_query,
  697. smartlist_t *hsdirs)
  698. {
  699. int ret;
  700. tor_assert(rend_query);
  701. if (!hsdirs) {
  702. ret = directory_get_from_hs_dir(desc_id, rend_query, NULL);
  703. goto end; /* either success or failure, but we're done */
  704. }
  705. /* Using the given hsdir list, trigger a fetch on each of them. */
  706. SMARTLIST_FOREACH_BEGIN(hsdirs, routerstatus_t *, hs_dir) {
  707. /* This should always be a success. */
  708. ret = directory_get_from_hs_dir(desc_id, rend_query, hs_dir);
  709. tor_assert(ret);
  710. } SMARTLIST_FOREACH_END(hs_dir);
  711. /* Everything went well. */
  712. ret = 0;
  713. end:
  714. return ret;
  715. }
  716. /** Fetch a v2 descriptor using the onion address in the given query object.
  717. * This will compute the descriptor id for each replicas and fetch it on the
  718. * given hsdir(s) if any or the responsible ones that are choosen
  719. * automatically.
  720. *
  721. * On success, 1 is returned. If no hidden service is left to ask, return 0.
  722. * On error, -1 is returned. */
  723. static int
  724. fetch_v2_desc_by_addr(rend_data_t *query, smartlist_t *hsdirs)
  725. {
  726. char descriptor_id[DIGEST_LEN];
  727. int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
  728. int i, tries_left, ret;
  729. tor_assert(query);
  730. /* Randomly iterate over the replicas until a descriptor can be fetched
  731. * from one of the consecutive nodes, or no options are left. */
  732. for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++) {
  733. replicas_left_to_try[i] = i;
  734. }
  735. tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
  736. while (tries_left > 0) {
  737. int rand = crypto_rand_int(tries_left);
  738. int chosen_replica = replicas_left_to_try[rand];
  739. replicas_left_to_try[rand] = replicas_left_to_try[--tries_left];
  740. ret = rend_compute_v2_desc_id(descriptor_id, query->onion_address,
  741. query->auth_type == REND_STEALTH_AUTH ?
  742. query->descriptor_cookie : NULL,
  743. time(NULL), chosen_replica);
  744. if (ret < 0) {
  745. /* Normally, on failure the descriptor_id is untouched but let's be
  746. * safe in general in case the function changes at some point. */
  747. goto end;
  748. }
  749. if (tor_memcmp(descriptor_id, query->descriptor_id[chosen_replica],
  750. sizeof(descriptor_id)) != 0) {
  751. /* Not equal from what we currently have so purge the last hid serv
  752. * request cache and update the descriptor ID with the new value. */
  753. purge_hid_serv_from_last_hid_serv_requests(
  754. query->descriptor_id[chosen_replica]);
  755. memcpy(query->descriptor_id[chosen_replica], descriptor_id,
  756. sizeof(query->descriptor_id[chosen_replica]));
  757. }
  758. /* Trigger the fetch with the computed descriptor ID. */
  759. ret = fetch_v2_desc_by_descid(descriptor_id, query, hsdirs);
  760. if (ret != 0) {
  761. /* Either on success or failure, as long as we tried a fetch we are
  762. * done here. */
  763. goto end;
  764. }
  765. }
  766. /* If we come here, there are no hidden service directories left. */
  767. log_info(LD_REND, "Could not pick one of the responsible hidden "
  768. "service directories to fetch descriptors, because "
  769. "we already tried them all unsuccessfully.");
  770. ret = 0;
  771. end:
  772. memwipe(descriptor_id, 0, sizeof(descriptor_id));
  773. return ret;
  774. }
  775. /** Fetch a v2 descriptor using the given query. If any hsdir are specified,
  776. * use them for the fetch.
  777. *
  778. * On success, 1 is returned. If no hidden service is left to ask, return 0.
  779. * On error, -1 is returned. */
  780. int
  781. rend_client_fetch_v2_desc(rend_data_t *query, smartlist_t *hsdirs)
  782. {
  783. int ret;
  784. tor_assert(query);
  785. /* Depending on what's available in the rend data query object, we will
  786. * trigger a fetch by HS address or using a descriptor ID. */
  787. if (query->onion_address[0] != '\0') {
  788. ret = fetch_v2_desc_by_addr(query, hsdirs);
  789. } else if (!tor_digest_is_zero(query->desc_id_fetch)) {
  790. ret = fetch_v2_desc_by_descid(query->desc_id_fetch, query, hsdirs);
  791. } else {
  792. /* Query data is invalid. */
  793. ret = -1;
  794. goto error;
  795. }
  796. error:
  797. return ret;
  798. }
  799. /** Unless we already have a descriptor for <b>rend_query</b> with at least
  800. * one (possibly) working introduction point in it, start a connection to a
  801. * hidden service directory to fetch a v2 rendezvous service descriptor. */
  802. void
  803. rend_client_refetch_v2_renddesc(rend_data_t *rend_query)
  804. {
  805. rend_cache_entry_t *e = NULL;
  806. tor_assert(rend_query);
  807. /* Are we configured to fetch descriptors? */
  808. if (!get_options()->FetchHidServDescriptors) {
  809. log_warn(LD_REND, "We received an onion address for a v2 rendezvous "
  810. "service descriptor, but are not fetching service descriptors.");
  811. return;
  812. }
  813. /* Before fetching, check if we already have a usable descriptor here. */
  814. if (rend_cache_lookup_entry(rend_query->onion_address, -1, &e) == 0 &&
  815. rend_client_any_intro_points_usable(e)) {
  816. log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we "
  817. "already have a usable descriptor here. Not fetching.");
  818. return;
  819. }
  820. log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",
  821. safe_str_client(rend_query->onion_address));
  822. rend_client_fetch_v2_desc(rend_query, NULL);
  823. /* We don't need to look the error code because either on failure or
  824. * success, the necessary steps to continue the HS connection will be
  825. * triggered once the descriptor arrives or if all fetch failed. */
  826. return;
  827. }
  828. /** Cancel all rendezvous descriptor fetches currently in progress.
  829. */
  830. void
  831. rend_client_cancel_descriptor_fetches(void)
  832. {
  833. smartlist_t *connection_array = get_connection_array();
  834. SMARTLIST_FOREACH_BEGIN(connection_array, connection_t *, conn) {
  835. if (conn->type == CONN_TYPE_DIR &&
  836. conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2) {
  837. /* It's a rendezvous descriptor fetch in progress -- cancel it
  838. * by marking the connection for close.
  839. *
  840. * Even if this connection has already reached EOF, this is
  841. * enough to make sure that if the descriptor hasn't been
  842. * processed yet, it won't be. See the end of
  843. * connection_handle_read; connection_reached_eof (indirectly)
  844. * processes whatever response the connection received. */
  845. const rend_data_t *rd = (TO_DIR_CONN(conn))->rend_data;
  846. if (!rd) {
  847. log_warn(LD_BUG | LD_REND,
  848. "Marking for close dir conn fetching rendezvous "
  849. "descriptor for unknown service!");
  850. } else {
  851. log_debug(LD_REND, "Marking for close dir conn fetching "
  852. "rendezvous descriptor for service %s",
  853. safe_str(rd->onion_address));
  854. }
  855. connection_mark_for_close(conn);
  856. }
  857. } SMARTLIST_FOREACH_END(conn);
  858. }
  859. /** Mark <b>failed_intro</b> as a failed introduction point for the
  860. * hidden service specified by <b>rend_query</b>. If the HS now has no
  861. * usable intro points, or we do not have an HS descriptor for it,
  862. * then launch a new renddesc fetch.
  863. *
  864. * If <b>failure_type</b> is INTRO_POINT_FAILURE_GENERIC, remove the
  865. * intro point from (our parsed copy of) the HS descriptor.
  866. *
  867. * If <b>failure_type</b> is INTRO_POINT_FAILURE_TIMEOUT, mark the
  868. * intro point as 'timed out'; it will not be retried until the
  869. * current hidden service connection attempt has ended or it has
  870. * appeared in a newly fetched rendezvous descriptor.
  871. *
  872. * If <b>failure_type</b> is INTRO_POINT_FAILURE_UNREACHABLE,
  873. * increment the intro point's reachability-failure count; if it has
  874. * now failed MAX_INTRO_POINT_REACHABILITY_FAILURES or more times,
  875. * remove the intro point from (our parsed copy of) the HS descriptor.
  876. *
  877. * Return -1 if error, 0 if no usable intro points remain or service
  878. * unrecognized, 1 if recognized and some intro points remain.
  879. */
  880. int
  881. rend_client_report_intro_point_failure(extend_info_t *failed_intro,
  882. rend_data_t *rend_query,
  883. unsigned int failure_type)
  884. {
  885. int i, r;
  886. rend_cache_entry_t *ent;
  887. connection_t *conn;
  888. r = rend_cache_lookup_entry(rend_query->onion_address, -1, &ent);
  889. if (r < 0) {
  890. /* Either invalid onion address or cache entry not found. */
  891. switch (-r) {
  892. case EINVAL:
  893. log_warn(LD_BUG, "Malformed service ID %s.",
  894. escaped_safe_str_client(rend_query->onion_address));
  895. return -1;
  896. case ENOENT:
  897. log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
  898. escaped_safe_str_client(rend_query->onion_address));
  899. rend_client_refetch_v2_renddesc(rend_query);
  900. return 0;
  901. default:
  902. log_warn(LD_BUG, "Unknown cache lookup returned code: %d", r);
  903. return -1;
  904. }
  905. }
  906. /* The intro points are not checked here if they are usable or not because
  907. * this is called when an intro point circuit is closed thus there must be
  908. * at least one intro point that is usable and is about to be flagged. */
  909. for (i = 0; i < smartlist_len(ent->parsed->intro_nodes); i++) {
  910. rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i);
  911. if (tor_memeq(failed_intro->identity_digest,
  912. intro->extend_info->identity_digest, DIGEST_LEN)) {
  913. switch (failure_type) {
  914. default:
  915. log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.",
  916. failure_type);
  917. tor_fragile_assert();
  918. /* fall through */
  919. case INTRO_POINT_FAILURE_GENERIC:
  920. rend_cache_intro_failure_note(failure_type,
  921. (uint8_t *)failed_intro->identity_digest,
  922. rend_query->onion_address);
  923. rend_intro_point_free(intro);
  924. smartlist_del(ent->parsed->intro_nodes, i);
  925. break;
  926. case INTRO_POINT_FAILURE_TIMEOUT:
  927. intro->timed_out = 1;
  928. break;
  929. case INTRO_POINT_FAILURE_UNREACHABLE:
  930. ++(intro->unreachable_count);
  931. {
  932. int zap_intro_point =
  933. intro->unreachable_count >= MAX_INTRO_POINT_REACHABILITY_FAILURES;
  934. log_info(LD_REND, "Failed to reach this intro point %u times.%s",
  935. intro->unreachable_count,
  936. zap_intro_point ? " Removing from descriptor.": "");
  937. if (zap_intro_point) {
  938. rend_cache_intro_failure_note(
  939. failure_type,
  940. (uint8_t *) failed_intro->identity_digest,
  941. rend_query->onion_address);
  942. rend_intro_point_free(intro);
  943. smartlist_del(ent->parsed->intro_nodes, i);
  944. }
  945. }
  946. break;
  947. }
  948. break;
  949. }
  950. }
  951. if (! rend_client_any_intro_points_usable(ent)) {
  952. log_info(LD_REND,
  953. "No more intro points remain for %s. Re-fetching descriptor.",
  954. escaped_safe_str_client(rend_query->onion_address));
  955. rend_client_refetch_v2_renddesc(rend_query);
  956. /* move all pending streams back to renddesc_wait */
  957. /* NOTE: We can now do this faster, if we use pending_entry_connections */
  958. while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
  959. AP_CONN_STATE_CIRCUIT_WAIT,
  960. rend_query->onion_address))) {
  961. connection_ap_mark_as_non_pending_circuit(TO_ENTRY_CONN(conn));
  962. conn->state = AP_CONN_STATE_RENDDESC_WAIT;
  963. }
  964. return 0;
  965. }
  966. log_info(LD_REND,"%d options left for %s.",
  967. smartlist_len(ent->parsed->intro_nodes),
  968. escaped_safe_str_client(rend_query->onion_address));
  969. return 1;
  970. }
  971. /** Called when we receive a RENDEZVOUS_ESTABLISHED cell; changes the state of
  972. * the circuit to C_REND_READY.
  973. */
  974. int
  975. rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request,
  976. size_t request_len)
  977. {
  978. (void) request;
  979. (void) request_len;
  980. /* we just got an ack for our establish-rendezvous. switch purposes. */
  981. if (circ->base_.purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
  982. log_warn(LD_PROTOCOL,"Got a rendezvous ack when we weren't expecting one. "
  983. "Closing circ.");
  984. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  985. return -1;
  986. }
  987. log_info(LD_REND,"Got rendezvous ack. This circuit is now ready for "
  988. "rendezvous.");
  989. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_REND_READY);
  990. /* Set timestamp_dirty, because circuit_expire_building expects it
  991. * to specify when a circuit entered the _C_REND_READY state. */
  992. circ->base_.timestamp_dirty = time(NULL);
  993. /* From a path bias point of view, this circuit is now successfully used.
  994. * Waiting any longer opens us up to attacks from malicious hidden services.
  995. * They could induce the client to attempt to connect to their hidden
  996. * service and never reply to the client's rend requests */
  997. pathbias_mark_use_success(circ);
  998. /* XXXX This is a pretty brute-force approach. It'd be better to
  999. * attach only the connections that are waiting on this circuit, rather
  1000. * than trying to attach them all. See comments bug 743. */
  1001. /* If we already have the introduction circuit built, make sure we send
  1002. * the INTRODUCE cell _now_ */
  1003. connection_ap_attach_pending(1);
  1004. return 0;
  1005. }
  1006. /** The service sent us a rendezvous cell; join the circuits. */
  1007. int
  1008. rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
  1009. size_t request_len)
  1010. {
  1011. crypt_path_t *hop;
  1012. char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
  1013. if ((circ->base_.purpose != CIRCUIT_PURPOSE_C_REND_READY &&
  1014. circ->base_.purpose != CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED)
  1015. || !circ->build_state->pending_final_cpath) {
  1016. log_warn(LD_PROTOCOL,"Got rendezvous2 cell from hidden service, but not "
  1017. "expecting it. Closing.");
  1018. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  1019. return -1;
  1020. }
  1021. if (request_len != DH_KEY_LEN+DIGEST_LEN) {
  1022. log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
  1023. (int)request_len);
  1024. goto err;
  1025. }
  1026. log_info(LD_REND,"Got RENDEZVOUS2 cell from hidden service.");
  1027. /* first DH_KEY_LEN bytes are g^y from the service. Finish the dh
  1028. * handshake...*/
  1029. tor_assert(circ->build_state);
  1030. tor_assert(circ->build_state->pending_final_cpath);
  1031. hop = circ->build_state->pending_final_cpath;
  1032. tor_assert(hop->rend_dh_handshake_state);
  1033. if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN,
  1034. hop->rend_dh_handshake_state, (char*)request,
  1035. DH_KEY_LEN,
  1036. keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
  1037. log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
  1038. goto err;
  1039. }
  1040. /* ... and set up cpath. */
  1041. if (circuit_init_cpath_crypto(hop, keys+DIGEST_LEN, 0)<0)
  1042. goto err;
  1043. /* Check whether the digest is right... */
  1044. if (tor_memneq(keys, request+DH_KEY_LEN, DIGEST_LEN)) {
  1045. log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
  1046. goto err;
  1047. }
  1048. crypto_dh_free(hop->rend_dh_handshake_state);
  1049. hop->rend_dh_handshake_state = NULL;
  1050. /* All is well. Extend the circuit. */
  1051. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_REND_JOINED);
  1052. hop->state = CPATH_STATE_OPEN;
  1053. /* set the windows to default. these are the windows
  1054. * that the client thinks the service has.
  1055. */
  1056. hop->package_window = circuit_initial_package_window();
  1057. hop->deliver_window = CIRCWINDOW_START;
  1058. /* Now that this circuit has finished connecting to its destination,
  1059. * make sure circuit_get_open_circ_or_launch is willing to return it
  1060. * so we can actually use it. */
  1061. circ->hs_circ_has_timed_out = 0;
  1062. onion_append_to_cpath(&circ->cpath, hop);
  1063. circ->build_state->pending_final_cpath = NULL; /* prevent double-free */
  1064. circuit_try_attaching_streams(circ);
  1065. memwipe(keys, 0, sizeof(keys));
  1066. return 0;
  1067. err:
  1068. memwipe(keys, 0, sizeof(keys));
  1069. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  1070. return -1;
  1071. }
  1072. /** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that are
  1073. * waiting on <b>query</b>. If there's a working cache entry here with at
  1074. * least one intro point, move them to the next state. */
  1075. void
  1076. rend_client_desc_trynow(const char *query)
  1077. {
  1078. entry_connection_t *conn;
  1079. rend_cache_entry_t *entry;
  1080. const rend_data_t *rend_data;
  1081. time_t now = time(NULL);
  1082. smartlist_t *conns = get_connection_array();
  1083. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
  1084. if (base_conn->type != CONN_TYPE_AP ||
  1085. base_conn->state != AP_CONN_STATE_RENDDESC_WAIT ||
  1086. base_conn->marked_for_close)
  1087. continue;
  1088. conn = TO_ENTRY_CONN(base_conn);
  1089. rend_data = ENTRY_TO_EDGE_CONN(conn)->rend_data;
  1090. if (!rend_data)
  1091. continue;
  1092. if (rend_cmp_service_ids(query, rend_data->onion_address))
  1093. continue;
  1094. assert_connection_ok(base_conn, now);
  1095. if (rend_cache_lookup_entry(rend_data->onion_address, -1,
  1096. &entry) == 0 &&
  1097. rend_client_any_intro_points_usable(entry)) {
  1098. /* either this fetch worked, or it failed but there was a
  1099. * valid entry from before which we should reuse */
  1100. log_info(LD_REND,"Rend desc is usable. Launching circuits.");
  1101. base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
  1102. /* restart their timeout values, so they get a fair shake at
  1103. * connecting to the hidden service. */
  1104. base_conn->timestamp_created = now;
  1105. base_conn->timestamp_lastread = now;
  1106. base_conn->timestamp_lastwritten = now;
  1107. connection_ap_mark_as_pending_circuit(conn);
  1108. } else { /* 404, or fetch didn't get that far */
  1109. log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
  1110. "unavailable (try again later).",
  1111. safe_str_client(query));
  1112. connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
  1113. rend_client_note_connection_attempt_ended(rend_data);
  1114. }
  1115. } SMARTLIST_FOREACH_END(base_conn);
  1116. }
  1117. /** Clear temporary state used only during an attempt to connect to the
  1118. * hidden service with <b>rend_data</b>. Called when a connection attempt
  1119. * has ended; it is possible for this to be called multiple times while
  1120. * handling an ended connection attempt, and any future changes to this
  1121. * function must ensure it remains idempotent. */
  1122. void
  1123. rend_client_note_connection_attempt_ended(const rend_data_t *rend_data)
  1124. {
  1125. unsigned int have_onion = 0;
  1126. rend_cache_entry_t *cache_entry = NULL;
  1127. if (*rend_data->onion_address != '\0') {
  1128. /* Ignore return value; we find an entry, or we don't. */
  1129. (void) rend_cache_lookup_entry(rend_data->onion_address, -1,
  1130. &cache_entry);
  1131. have_onion = 1;
  1132. }
  1133. /* Clear the timed_out flag on all remaining intro points for this HS. */
  1134. if (cache_entry != NULL) {
  1135. SMARTLIST_FOREACH(cache_entry->parsed->intro_nodes,
  1136. rend_intro_point_t *, ip,
  1137. ip->timed_out = 0; );
  1138. }
  1139. /* Remove the HS's entries in last_hid_serv_requests. */
  1140. if (have_onion) {
  1141. unsigned int replica;
  1142. for (replica = 0; replica < ARRAY_LENGTH(rend_data->descriptor_id);
  1143. replica++) {
  1144. const char *desc_id = rend_data->descriptor_id[replica];
  1145. purge_hid_serv_from_last_hid_serv_requests(desc_id);
  1146. }
  1147. log_info(LD_REND, "Connection attempt for %s has ended; "
  1148. "cleaning up temporary state.",
  1149. safe_str_client(rend_data->onion_address));
  1150. } else {
  1151. /* We only have an ID for a fetch. Probably used by HSFETCH. */
  1152. purge_hid_serv_from_last_hid_serv_requests(rend_data->desc_id_fetch);
  1153. }
  1154. }
  1155. /** Return a newly allocated extend_info_t* for a randomly chosen introduction
  1156. * point for the named hidden service. Return NULL if all introduction points
  1157. * have been tried and failed.
  1158. */
  1159. extend_info_t *
  1160. rend_client_get_random_intro(const rend_data_t *rend_query)
  1161. {
  1162. int ret;
  1163. extend_info_t *result;
  1164. rend_cache_entry_t *entry;
  1165. ret = rend_cache_lookup_entry(rend_query->onion_address, -1, &entry);
  1166. if (ret < 0 || !rend_client_any_intro_points_usable(entry)) {
  1167. log_warn(LD_REND,
  1168. "Query '%s' didn't have valid rend desc in cache. Failing.",
  1169. safe_str_client(rend_query->onion_address));
  1170. /* XXX: Should we refetch the descriptor here if the IPs are not usable
  1171. * anymore ?. */
  1172. return NULL;
  1173. }
  1174. /* See if we can get a node that complies with ExcludeNodes */
  1175. if ((result = rend_client_get_random_intro_impl(entry, 1, 1)))
  1176. return result;
  1177. /* If not, and StrictNodes is not set, see if we can return any old node
  1178. */
  1179. if (!get_options()->StrictNodes)
  1180. return rend_client_get_random_intro_impl(entry, 0, 1);
  1181. return NULL;
  1182. }
  1183. /** As rend_client_get_random_intro, except assume that StrictNodes is set
  1184. * iff <b>strict</b> is true. If <b>warnings</b> is false, don't complain
  1185. * to the user when we're out of nodes, even if StrictNodes is true.
  1186. */
  1187. static extend_info_t *
  1188. rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
  1189. const int strict,
  1190. const int warnings)
  1191. {
  1192. int i;
  1193. rend_intro_point_t *intro;
  1194. const or_options_t *options = get_options();
  1195. smartlist_t *usable_nodes;
  1196. int n_excluded = 0;
  1197. /* We'll keep a separate list of the usable nodes. If this becomes empty,
  1198. * no nodes are usable. */
  1199. usable_nodes = smartlist_new();
  1200. smartlist_add_all(usable_nodes, entry->parsed->intro_nodes);
  1201. /* Remove the intro points that have timed out during this HS
  1202. * connection attempt from our list of usable nodes. */
  1203. SMARTLIST_FOREACH(usable_nodes, rend_intro_point_t *, ip,
  1204. if (ip->timed_out) {
  1205. SMARTLIST_DEL_CURRENT(usable_nodes, ip);
  1206. });
  1207. again:
  1208. if (smartlist_len(usable_nodes) == 0) {
  1209. if (n_excluded && get_options()->StrictNodes && warnings) {
  1210. /* We only want to warn if StrictNodes is really set. Otherwise
  1211. * we're just about to retry anyways.
  1212. */
  1213. log_warn(LD_REND, "All introduction points for hidden service are "
  1214. "at excluded relays, and StrictNodes is set. Skipping.");
  1215. }
  1216. smartlist_free(usable_nodes);
  1217. return NULL;
  1218. }
  1219. i = crypto_rand_int(smartlist_len(usable_nodes));
  1220. intro = smartlist_get(usable_nodes, i);
  1221. /* Do we need to look up the router or is the extend info complete? */
  1222. if (!intro->extend_info->onion_key) {
  1223. const node_t *node;
  1224. extend_info_t *new_extend_info;
  1225. if (tor_digest_is_zero(intro->extend_info->identity_digest))
  1226. node = node_get_by_hex_id(intro->extend_info->nickname);
  1227. else
  1228. node = node_get_by_id(intro->extend_info->identity_digest);
  1229. if (!node) {
  1230. log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
  1231. intro->extend_info->nickname);
  1232. smartlist_del(usable_nodes, i);
  1233. goto again;
  1234. }
  1235. #ifdef ENABLE_TOR2WEB_MODE
  1236. new_extend_info = extend_info_from_node(node, options->Tor2webMode);
  1237. #else
  1238. new_extend_info = extend_info_from_node(node, 0);
  1239. #endif
  1240. if (!new_extend_info) {
  1241. const char *alternate_reason = "";
  1242. #ifdef ENABLE_TOR2WEB_MODE
  1243. alternate_reason = ", or we cannot connect directly to it";
  1244. #endif
  1245. log_info(LD_REND, "We don't have a descriptor for the intro-point relay "
  1246. "'%s'%s; trying another.",
  1247. extend_info_describe(intro->extend_info), alternate_reason);
  1248. smartlist_del(usable_nodes, i);
  1249. goto again;
  1250. } else {
  1251. extend_info_free(intro->extend_info);
  1252. intro->extend_info = new_extend_info;
  1253. }
  1254. tor_assert(intro->extend_info != NULL);
  1255. }
  1256. /* Check if we should refuse to talk to this router. */
  1257. if (strict &&
  1258. routerset_contains_extendinfo(options->ExcludeNodes,
  1259. intro->extend_info)) {
  1260. n_excluded++;
  1261. smartlist_del(usable_nodes, i);
  1262. goto again;
  1263. }
  1264. smartlist_free(usable_nodes);
  1265. return extend_info_dup(intro->extend_info);
  1266. }
  1267. /** Return true iff any introduction points still listed in <b>entry</b> are
  1268. * usable. */
  1269. int
  1270. rend_client_any_intro_points_usable(const rend_cache_entry_t *entry)
  1271. {
  1272. extend_info_t *extend_info =
  1273. rend_client_get_random_intro_impl(entry, get_options()->StrictNodes, 0);
  1274. int rv = (extend_info != NULL);
  1275. extend_info_free(extend_info);
  1276. return rv;
  1277. }
  1278. /** Client-side authorizations for hidden services; map of onion address to
  1279. * rend_service_authorization_t*. */
  1280. static strmap_t *auth_hid_servs = NULL;
  1281. /** Look up the client-side authorization for the hidden service with
  1282. * <b>onion_address</b>. Return NULL if no authorization is available for
  1283. * that address. */
  1284. rend_service_authorization_t*
  1285. rend_client_lookup_service_authorization(const char *onion_address)
  1286. {
  1287. tor_assert(onion_address);
  1288. if (!auth_hid_servs) return NULL;
  1289. return strmap_get(auth_hid_servs, onion_address);
  1290. }
  1291. /** Helper: Free storage held by rend_service_authorization_t. */
  1292. static void
  1293. rend_service_authorization_free(rend_service_authorization_t *auth)
  1294. {
  1295. tor_free(auth);
  1296. }
  1297. /** Helper for strmap_free. */
  1298. static void
  1299. rend_service_authorization_strmap_item_free(void *service_auth)
  1300. {
  1301. rend_service_authorization_free(service_auth);
  1302. }
  1303. /** Release all the storage held in auth_hid_servs.
  1304. */
  1305. void
  1306. rend_service_authorization_free_all(void)
  1307. {
  1308. if (!auth_hid_servs) {
  1309. return;
  1310. }
  1311. strmap_free(auth_hid_servs, rend_service_authorization_strmap_item_free);
  1312. auth_hid_servs = NULL;
  1313. }
  1314. /** Parse <b>config_line</b> as a client-side authorization for a hidden
  1315. * service and add it to the local map of hidden service authorizations.
  1316. * Return 0 for success and -1 for failure. */
  1317. int
  1318. rend_parse_service_authorization(const or_options_t *options,
  1319. int validate_only)
  1320. {
  1321. config_line_t *line;
  1322. int res = -1;
  1323. strmap_t *parsed = strmap_new();
  1324. smartlist_t *sl = smartlist_new();
  1325. rend_service_authorization_t *auth = NULL;
  1326. char descriptor_cookie_tmp[REND_DESC_COOKIE_LEN+2];
  1327. char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_BASE64+2+1];
  1328. for (line = options->HidServAuth; line; line = line->next) {
  1329. char *onion_address, *descriptor_cookie;
  1330. int auth_type_val = 0;
  1331. auth = NULL;
  1332. SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
  1333. smartlist_clear(sl);
  1334. smartlist_split_string(sl, line->value, " ",
  1335. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
  1336. if (smartlist_len(sl) < 2) {
  1337. log_warn(LD_CONFIG, "Configuration line does not consist of "
  1338. "\"onion-address authorization-cookie [service-name]\": "
  1339. "'%s'", line->value);
  1340. goto err;
  1341. }
  1342. auth = tor_malloc_zero(sizeof(rend_service_authorization_t));
  1343. /* Parse onion address. */
  1344. onion_address = smartlist_get(sl, 0);
  1345. if (strlen(onion_address) != REND_SERVICE_ADDRESS_LEN ||
  1346. strcmpend(onion_address, ".onion")) {
  1347. log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
  1348. onion_address);
  1349. goto err;
  1350. }
  1351. strlcpy(auth->onion_address, onion_address, REND_SERVICE_ID_LEN_BASE32+1);
  1352. if (!rend_valid_service_id(auth->onion_address)) {
  1353. log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
  1354. onion_address);
  1355. goto err;
  1356. }
  1357. /* Parse descriptor cookie. */
  1358. descriptor_cookie = smartlist_get(sl, 1);
  1359. if (strlen(descriptor_cookie) != REND_DESC_COOKIE_LEN_BASE64) {
  1360. log_warn(LD_CONFIG, "Authorization cookie has wrong length: '%s'",
  1361. descriptor_cookie);
  1362. goto err;
  1363. }
  1364. /* Add trailing zero bytes (AA) to make base64-decoding happy. */
  1365. tor_snprintf(descriptor_cookie_base64ext,
  1366. REND_DESC_COOKIE_LEN_BASE64+2+1,
  1367. "%sAA", descriptor_cookie);
  1368. if (base64_decode(descriptor_cookie_tmp, sizeof(descriptor_cookie_tmp),
  1369. descriptor_cookie_base64ext,
  1370. strlen(descriptor_cookie_base64ext)) < 0) {
  1371. log_warn(LD_CONFIG, "Decoding authorization cookie failed: '%s'",
  1372. descriptor_cookie);
  1373. goto err;
  1374. }
  1375. auth_type_val = (((uint8_t)descriptor_cookie_tmp[16]) >> 4) + 1;
  1376. if (auth_type_val < 1 || auth_type_val > 2) {
  1377. log_warn(LD_CONFIG, "Authorization cookie has unknown authorization "
  1378. "type encoded.");
  1379. goto err;
  1380. }
  1381. auth->auth_type = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH;
  1382. memcpy(auth->descriptor_cookie, descriptor_cookie_tmp,
  1383. REND_DESC_COOKIE_LEN);
  1384. if (strmap_get(parsed, auth->onion_address)) {
  1385. log_warn(LD_CONFIG, "Duplicate authorization for the same hidden "
  1386. "service.");
  1387. goto err;
  1388. }
  1389. strmap_set(parsed, auth->onion_address, auth);
  1390. auth = NULL;
  1391. }
  1392. res = 0;
  1393. goto done;
  1394. err:
  1395. res = -1;
  1396. done:
  1397. rend_service_authorization_free(auth);
  1398. SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
  1399. smartlist_free(sl);
  1400. if (!validate_only && res == 0) {
  1401. rend_service_authorization_free_all();
  1402. auth_hid_servs = parsed;
  1403. } else {
  1404. strmap_free(parsed, rend_service_authorization_strmap_item_free);
  1405. }
  1406. memwipe(descriptor_cookie_tmp, 0, sizeof(descriptor_cookie_tmp));
  1407. memwipe(descriptor_cookie_base64ext, 0, sizeof(descriptor_cookie_base64ext));
  1408. return res;
  1409. }