rendclient.c 51 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381
  1. /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  2. * Copyright (c) 2007-2013, The Tor Project, Inc. */
  3. /* See LICENSE for licensing information */
  4. /**
  5. * \file rendclient.c
  6. * \brief Client code to access location-hidden services.
  7. **/
  8. #include "or.h"
  9. #include "circpathbias.h"
  10. #include "circuitbuild.h"
  11. #include "circuitlist.h"
  12. #include "circuituse.h"
  13. #include "config.h"
  14. #include "connection.h"
  15. #include "connection_edge.h"
  16. #include "directory.h"
  17. #include "main.h"
  18. #include "networkstatus.h"
  19. #include "nodelist.h"
  20. #include "relay.h"
  21. #include "rendclient.h"
  22. #include "rendcommon.h"
  23. #include "rephist.h"
  24. #include "router.h"
  25. #include "routerlist.h"
  26. #include "routerset.h"
  27. #include "control.h"
  28. static extend_info_t *rend_client_get_random_intro_impl(
  29. const rend_cache_entry_t *rend_query,
  30. const int strict, const int warnings);
  31. /** Purge all potentially remotely-detectable state held in the hidden
  32. * service client code. Called on SIGNAL NEWNYM. */
  33. void
  34. rend_client_purge_state(void)
  35. {
  36. rend_cache_purge();
  37. rend_client_cancel_descriptor_fetches();
  38. rend_client_purge_last_hid_serv_requests();
  39. }
  40. /** Called when we've established a circuit to an introduction point:
  41. * send the introduction request. */
  42. void
  43. rend_client_introcirc_has_opened(origin_circuit_t *circ)
  44. {
  45. tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
  46. tor_assert(circ->cpath);
  47. log_info(LD_REND,"introcirc is open");
  48. connection_ap_attach_pending();
  49. }
  50. /** Send the establish-rendezvous cell along a rendezvous circuit. if
  51. * it fails, mark the circ for close and return -1. else return 0.
  52. */
  53. static int
  54. rend_client_send_establish_rendezvous(origin_circuit_t *circ)
  55. {
  56. tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
  57. tor_assert(circ->rend_data);
  58. log_info(LD_REND, "Sending an ESTABLISH_RENDEZVOUS cell");
  59. if (crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN) < 0) {
  60. log_warn(LD_BUG, "Internal error: Couldn't produce random cookie.");
  61. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
  62. return -1;
  63. }
  64. /* Set timestamp_dirty, because circuit_expire_building expects it,
  65. * and the rend cookie also means we've used the circ. */
  66. circ->base_.timestamp_dirty = time(NULL);
  67. /* We've attempted to use this circuit. Probe it if we fail */
  68. pathbias_count_use_attempt(circ);
  69. if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
  70. RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
  71. circ->rend_data->rend_cookie,
  72. REND_COOKIE_LEN,
  73. circ->cpath->prev)<0) {
  74. /* circ is already marked for close */
  75. log_warn(LD_GENERAL, "Couldn't send ESTABLISH_RENDEZVOUS cell");
  76. return -1;
  77. }
  78. return 0;
  79. }
  80. /** Extend the introduction circuit <b>circ</b> to another valid
  81. * introduction point for the hidden service it is trying to connect
  82. * to, or mark it and launch a new circuit if we can't extend it.
  83. * Return 0 on success or possible success. Return -1 and mark the
  84. * introduction circuit for close on permanent failure.
  85. *
  86. * On failure, the caller is responsible for marking the associated
  87. * rendezvous circuit for close. */
  88. static int
  89. rend_client_reextend_intro_circuit(origin_circuit_t *circ)
  90. {
  91. extend_info_t *extend_info;
  92. int result;
  93. extend_info = rend_client_get_random_intro(circ->rend_data);
  94. if (!extend_info) {
  95. log_warn(LD_REND,
  96. "No usable introduction points left for %s. Closing.",
  97. safe_str_client(circ->rend_data->onion_address));
  98. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
  99. return -1;
  100. }
  101. // XXX: should we not re-extend if hs_circ_has_timed_out?
  102. if (circ->remaining_relay_early_cells) {
  103. log_info(LD_REND,
  104. "Re-extending circ %u, this time to %s.",
  105. (unsigned)circ->base_.n_circ_id,
  106. safe_str_client(extend_info_describe(extend_info)));
  107. result = circuit_extend_to_new_exit(circ, extend_info);
  108. } else {
  109. log_info(LD_REND,
  110. "Closing intro circ %u (out of RELAY_EARLY cells).",
  111. (unsigned)circ->base_.n_circ_id);
  112. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
  113. /* connection_ap_handshake_attach_circuit will launch a new intro circ. */
  114. result = 0;
  115. }
  116. extend_info_free(extend_info);
  117. return result;
  118. }
  119. /** Return true iff we should send timestamps in our INTRODUCE1 cells */
  120. static int
  121. rend_client_should_send_timestamp(void)
  122. {
  123. if (get_options()->Support022HiddenServices >= 0)
  124. return get_options()->Support022HiddenServices;
  125. return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1);
  126. }
  127. /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
  128. * down introcirc if possible.
  129. */
  130. int
  131. rend_client_send_introduction(origin_circuit_t *introcirc,
  132. origin_circuit_t *rendcirc)
  133. {
  134. size_t payload_len;
  135. int r, v3_shift = 0;
  136. char payload[RELAY_PAYLOAD_SIZE];
  137. char tmp[RELAY_PAYLOAD_SIZE];
  138. rend_cache_entry_t *entry;
  139. crypt_path_t *cpath;
  140. off_t dh_offset;
  141. crypto_pk_t *intro_key = NULL;
  142. int status = 0;
  143. tor_assert(introcirc->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
  144. tor_assert(rendcirc->base_.purpose == CIRCUIT_PURPOSE_C_REND_READY);
  145. tor_assert(introcirc->rend_data);
  146. tor_assert(rendcirc->rend_data);
  147. tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address,
  148. rendcirc->rend_data->onion_address));
  149. #ifndef NON_ANONYMOUS_MODE_ENABLED
  150. tor_assert(!(introcirc->build_state->onehop_tunnel));
  151. tor_assert(!(rendcirc->build_state->onehop_tunnel));
  152. #endif
  153. if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
  154. &entry) < 1) {
  155. log_info(LD_REND,
  156. "query %s didn't have valid rend desc in cache. "
  157. "Refetching descriptor.",
  158. safe_str_client(introcirc->rend_data->onion_address));
  159. rend_client_refetch_v2_renddesc(introcirc->rend_data);
  160. {
  161. connection_t *conn;
  162. while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
  163. AP_CONN_STATE_CIRCUIT_WAIT,
  164. introcirc->rend_data->onion_address))) {
  165. conn->state = AP_CONN_STATE_RENDDESC_WAIT;
  166. }
  167. }
  168. status = -1;
  169. goto cleanup;
  170. }
  171. /* first 20 bytes of payload are the hash of Bob's pk */
  172. intro_key = NULL;
  173. SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *,
  174. intro, {
  175. if (tor_memeq(introcirc->build_state->chosen_exit->identity_digest,
  176. intro->extend_info->identity_digest, DIGEST_LEN)) {
  177. intro_key = intro->intro_key;
  178. break;
  179. }
  180. });
  181. if (!intro_key) {
  182. log_info(LD_REND, "Could not find intro key for %s at %s; we "
  183. "have a v2 rend desc with %d intro points. "
  184. "Trying a different intro point...",
  185. safe_str_client(introcirc->rend_data->onion_address),
  186. safe_str_client(extend_info_describe(
  187. introcirc->build_state->chosen_exit)),
  188. smartlist_len(entry->parsed->intro_nodes));
  189. if (rend_client_reextend_intro_circuit(introcirc)) {
  190. status = -2;
  191. goto perm_err;
  192. } else {
  193. status = -1;
  194. goto cleanup;
  195. }
  196. }
  197. if (crypto_pk_get_digest(intro_key, payload)<0) {
  198. log_warn(LD_BUG, "Internal error: couldn't hash public key.");
  199. status = -2;
  200. goto perm_err;
  201. }
  202. /* Initialize the pending_final_cpath and start the DH handshake. */
  203. cpath = rendcirc->build_state->pending_final_cpath;
  204. if (!cpath) {
  205. cpath = rendcirc->build_state->pending_final_cpath =
  206. tor_malloc_zero(sizeof(crypt_path_t));
  207. cpath->magic = CRYPT_PATH_MAGIC;
  208. if (!(cpath->rend_dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) {
  209. log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
  210. status = -2;
  211. goto perm_err;
  212. }
  213. if (crypto_dh_generate_public(cpath->rend_dh_handshake_state)<0) {
  214. log_warn(LD_BUG, "Internal error: couldn't generate g^x.");
  215. status = -2;
  216. goto perm_err;
  217. }
  218. }
  219. /* If version is 3, write (optional) auth data and timestamp. */
  220. if (entry->parsed->protocols & (1<<3)) {
  221. tmp[0] = 3; /* version 3 of the cell format */
  222. tmp[1] = (uint8_t)introcirc->rend_data->auth_type; /* auth type, if any */
  223. v3_shift = 1;
  224. if (introcirc->rend_data->auth_type != REND_NO_AUTH) {
  225. set_uint16(tmp+2, htons(REND_DESC_COOKIE_LEN));
  226. memcpy(tmp+4, introcirc->rend_data->descriptor_cookie,
  227. REND_DESC_COOKIE_LEN);
  228. v3_shift += 2+REND_DESC_COOKIE_LEN;
  229. }
  230. if (rend_client_should_send_timestamp()) {
  231. uint32_t now = (uint32_t)time(NULL);
  232. now += 300;
  233. now -= now % 600;
  234. set_uint32(tmp+v3_shift+1, htonl(now));
  235. } else {
  236. set_uint32(tmp+v3_shift+1, 0);
  237. }
  238. v3_shift += 4;
  239. } /* if version 2 only write version number */
  240. else if (entry->parsed->protocols & (1<<2)) {
  241. tmp[0] = 2; /* version 2 of the cell format */
  242. }
  243. /* write the remaining items into tmp */
  244. if (entry->parsed->protocols & (1<<3) || entry->parsed->protocols & (1<<2)) {
  245. /* version 2 format */
  246. extend_info_t *extend_info = rendcirc->build_state->chosen_exit;
  247. int klen;
  248. /* nul pads */
  249. set_uint32(tmp+v3_shift+1, tor_addr_to_ipv4n(&extend_info->addr));
  250. set_uint16(tmp+v3_shift+5, htons(extend_info->port));
  251. memcpy(tmp+v3_shift+7, extend_info->identity_digest, DIGEST_LEN);
  252. klen = crypto_pk_asn1_encode(extend_info->onion_key,
  253. tmp+v3_shift+7+DIGEST_LEN+2,
  254. sizeof(tmp)-(v3_shift+7+DIGEST_LEN+2));
  255. set_uint16(tmp+v3_shift+7+DIGEST_LEN, htons(klen));
  256. memcpy(tmp+v3_shift+7+DIGEST_LEN+2+klen, rendcirc->rend_data->rend_cookie,
  257. REND_COOKIE_LEN);
  258. dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN;
  259. } else {
  260. /* Version 0. */
  261. strncpy(tmp, rendcirc->build_state->chosen_exit->nickname,
  262. (MAX_NICKNAME_LEN+1)); /* nul pads */
  263. memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie,
  264. REND_COOKIE_LEN);
  265. dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN;
  266. }
  267. if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset,
  268. DH_KEY_LEN)<0) {
  269. log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
  270. status = -2;
  271. goto perm_err;
  272. }
  273. note_crypto_pk_op(REND_CLIENT);
  274. /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
  275. * to avoid buffer overflows? */
  276. r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
  277. sizeof(payload)-DIGEST_LEN,
  278. tmp,
  279. (int)(dh_offset+DH_KEY_LEN),
  280. PK_PKCS1_OAEP_PADDING, 0);
  281. if (r<0) {
  282. log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
  283. status = -2;
  284. goto perm_err;
  285. }
  286. payload_len = DIGEST_LEN + r;
  287. tor_assert(payload_len <= RELAY_PAYLOAD_SIZE); /* we overran something */
  288. /* Copy the rendezvous cookie from rendcirc to introcirc, so that
  289. * when introcirc gets an ack, we can change the state of the right
  290. * rendezvous circuit. */
  291. memcpy(introcirc->rend_data->rend_cookie, rendcirc->rend_data->rend_cookie,
  292. REND_COOKIE_LEN);
  293. log_info(LD_REND, "Sending an INTRODUCE1 cell");
  294. if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc),
  295. RELAY_COMMAND_INTRODUCE1,
  296. payload, payload_len,
  297. introcirc->cpath->prev)<0) {
  298. /* introcirc is already marked for close. leave rendcirc alone. */
  299. log_warn(LD_BUG, "Couldn't send INTRODUCE1 cell");
  300. status = -2;
  301. goto cleanup;
  302. }
  303. /* Now, we wait for an ACK or NAK on this circuit. */
  304. circuit_change_purpose(TO_CIRCUIT(introcirc),
  305. CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT);
  306. /* Set timestamp_dirty, because circuit_expire_building expects it
  307. * to specify when a circuit entered the _C_INTRODUCE_ACK_WAIT
  308. * state. */
  309. introcirc->base_.timestamp_dirty = time(NULL);
  310. pathbias_count_use_attempt(introcirc);
  311. goto cleanup;
  312. perm_err:
  313. if (!introcirc->base_.marked_for_close)
  314. circuit_mark_for_close(TO_CIRCUIT(introcirc), END_CIRC_REASON_INTERNAL);
  315. circuit_mark_for_close(TO_CIRCUIT(rendcirc), END_CIRC_REASON_INTERNAL);
  316. cleanup:
  317. memwipe(payload, 0, sizeof(payload));
  318. memwipe(tmp, 0, sizeof(tmp));
  319. return status;
  320. }
  321. /** Called when a rendezvous circuit is open; sends a establish
  322. * rendezvous circuit as appropriate. */
  323. void
  324. rend_client_rendcirc_has_opened(origin_circuit_t *circ)
  325. {
  326. tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
  327. log_info(LD_REND,"rendcirc is open");
  328. /* generate a rendezvous cookie, store it in circ */
  329. if (rend_client_send_establish_rendezvous(circ) < 0) {
  330. return;
  331. }
  332. }
  333. /**
  334. * Called to close other intro circuits we launched in parallel
  335. * due to timeout.
  336. */
  337. static void
  338. rend_client_close_other_intros(const char *onion_address)
  339. {
  340. circuit_t *c;
  341. /* abort parallel intro circs, if any */
  342. TOR_LIST_FOREACH(c, circuit_get_global_list(), head) {
  343. if ((c->purpose == CIRCUIT_PURPOSE_C_INTRODUCING ||
  344. c->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) &&
  345. !c->marked_for_close && CIRCUIT_IS_ORIGIN(c)) {
  346. origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(c);
  347. if (oc->rend_data &&
  348. !rend_cmp_service_ids(onion_address,
  349. oc->rend_data->onion_address)) {
  350. log_info(LD_REND|LD_CIRC, "Closing introduction circuit %d that we "
  351. "built in parallel (Purpose %d).", oc->global_identifier,
  352. c->purpose);
  353. circuit_mark_for_close(c, END_CIRC_REASON_TIMEOUT);
  354. }
  355. }
  356. }
  357. }
  358. /** Called when get an ACK or a NAK for a REND_INTRODUCE1 cell.
  359. */
  360. int
  361. rend_client_introduction_acked(origin_circuit_t *circ,
  362. const uint8_t *request, size_t request_len)
  363. {
  364. origin_circuit_t *rendcirc;
  365. (void) request; // XXXX Use this.
  366. if (circ->base_.purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
  367. log_warn(LD_PROTOCOL,
  368. "Received REND_INTRODUCE_ACK on unexpected circuit %u.",
  369. (unsigned)circ->base_.n_circ_id);
  370. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  371. return -1;
  372. }
  373. tor_assert(circ->build_state->chosen_exit);
  374. #ifndef NON_ANONYMOUS_MODE_ENABLED
  375. tor_assert(!(circ->build_state->onehop_tunnel));
  376. #endif
  377. tor_assert(circ->rend_data);
  378. /* For path bias: This circuit was used successfully. Valid
  379. * nacks and acks count. */
  380. pathbias_mark_use_success(circ);
  381. if (request_len == 0) {
  382. /* It's an ACK; the introduction point relayed our introduction request. */
  383. /* Locate the rend circ which is waiting to hear about this ack,
  384. * and tell it.
  385. */
  386. log_info(LD_REND,"Received ack. Telling rend circ...");
  387. rendcirc = circuit_get_ready_rend_circ_by_rend_data(circ->rend_data);
  388. if (rendcirc) { /* remember the ack */
  389. #ifndef NON_ANONYMOUS_MODE_ENABLED
  390. tor_assert(!(rendcirc->build_state->onehop_tunnel));
  391. #endif
  392. circuit_change_purpose(TO_CIRCUIT(rendcirc),
  393. CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED);
  394. /* Set timestamp_dirty, because circuit_expire_building expects
  395. * it to specify when a circuit entered the
  396. * _C_REND_READY_INTRO_ACKED state. */
  397. rendcirc->base_.timestamp_dirty = time(NULL);
  398. } else {
  399. log_info(LD_REND,"...Found no rend circ. Dropping on the floor.");
  400. }
  401. /* close the circuit: we won't need it anymore. */
  402. circuit_change_purpose(TO_CIRCUIT(circ),
  403. CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
  404. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
  405. /* close any other intros launched in parallel */
  406. rend_client_close_other_intros(circ->rend_data->onion_address);
  407. } else {
  408. /* It's a NAK; the introduction point didn't relay our request. */
  409. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_INTRODUCING);
  410. /* Remove this intro point from the set of viable introduction
  411. * points. If any remain, extend to a new one and try again.
  412. * If none remain, refetch the service descriptor.
  413. */
  414. log_info(LD_REND, "Got nack for %s from %s...",
  415. safe_str_client(circ->rend_data->onion_address),
  416. safe_str_client(extend_info_describe(circ->build_state->chosen_exit)));
  417. if (rend_client_report_intro_point_failure(circ->build_state->chosen_exit,
  418. circ->rend_data,
  419. INTRO_POINT_FAILURE_GENERIC)>0) {
  420. /* There are introduction points left. Re-extend the circuit to
  421. * another intro point and try again. */
  422. int result = rend_client_reextend_intro_circuit(circ);
  423. /* XXXX If that call failed, should we close the rend circuit,
  424. * too? */
  425. return result;
  426. }
  427. }
  428. return 0;
  429. }
  430. /** The period for which a hidden service directory cannot be queried for
  431. * the same descriptor ID again. */
  432. #define REND_HID_SERV_DIR_REQUERY_PERIOD (15 * 60)
  433. /** Contains the last request times to hidden service directories for
  434. * certain queries; each key is a string consisting of the
  435. * concatenation of a base32-encoded HS directory identity digest, a
  436. * base32-encoded HS descriptor ID, and a hidden service address
  437. * (without the ".onion" part); each value is a pointer to a time_t
  438. * holding the time of the last request for that descriptor ID to that
  439. * HS directory. */
  440. static strmap_t *last_hid_serv_requests_ = NULL;
  441. /** Returns last_hid_serv_requests_, initializing it to a new strmap if
  442. * necessary. */
  443. static strmap_t *
  444. get_last_hid_serv_requests(void)
  445. {
  446. if (!last_hid_serv_requests_)
  447. last_hid_serv_requests_ = strmap_new();
  448. return last_hid_serv_requests_;
  449. }
  450. #define LAST_HID_SERV_REQUEST_KEY_LEN (REND_DESC_ID_V2_LEN_BASE32 + \
  451. REND_DESC_ID_V2_LEN_BASE32 + \
  452. REND_SERVICE_ID_LEN_BASE32)
  453. /** Look up the last request time to hidden service directory <b>hs_dir</b>
  454. * for descriptor ID <b>desc_id_base32</b> for the service specified in
  455. * <b>rend_query</b>. If <b>set</b> is non-zero,
  456. * assign the current time <b>now</b> and return that. Otherwise, return
  457. * the most recent request time, or 0 if no such request has been sent
  458. * before. */
  459. static time_t
  460. lookup_last_hid_serv_request(routerstatus_t *hs_dir,
  461. const char *desc_id_base32,
  462. const rend_data_t *rend_query,
  463. time_t now, int set)
  464. {
  465. char hsdir_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  466. char hsdir_desc_comb_id[LAST_HID_SERV_REQUEST_KEY_LEN + 1];
  467. time_t *last_request_ptr;
  468. strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
  469. base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
  470. hs_dir->identity_digest, DIGEST_LEN);
  471. tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s%s",
  472. hsdir_id_base32,
  473. desc_id_base32,
  474. rend_query->onion_address);
  475. /* XXX023 tor_assert(strlen(hsdir_desc_comb_id) ==
  476. LAST_HID_SERV_REQUEST_KEY_LEN); */
  477. if (set) {
  478. time_t *oldptr;
  479. last_request_ptr = tor_malloc_zero(sizeof(time_t));
  480. *last_request_ptr = now;
  481. oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
  482. last_request_ptr);
  483. tor_free(oldptr);
  484. } else
  485. last_request_ptr = strmap_get_lc(last_hid_serv_requests,
  486. hsdir_desc_comb_id);
  487. return (last_request_ptr) ? *last_request_ptr : 0;
  488. }
  489. /** Clean the history of request times to hidden service directories, so that
  490. * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
  491. * seconds any more. */
  492. static void
  493. directory_clean_last_hid_serv_requests(time_t now)
  494. {
  495. strmap_iter_t *iter;
  496. time_t cutoff = now - REND_HID_SERV_DIR_REQUERY_PERIOD;
  497. strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
  498. for (iter = strmap_iter_init(last_hid_serv_requests);
  499. !strmap_iter_done(iter); ) {
  500. const char *key;
  501. void *val;
  502. time_t *ent;
  503. strmap_iter_get(iter, &key, &val);
  504. ent = (time_t *) val;
  505. if (*ent < cutoff) {
  506. iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
  507. tor_free(ent);
  508. } else {
  509. iter = strmap_iter_next(last_hid_serv_requests, iter);
  510. }
  511. }
  512. }
  513. /** Remove all requests related to the hidden service named
  514. * <b>onion_address</b> from the history of times of requests to
  515. * hidden service directories. */
  516. static void
  517. purge_hid_serv_from_last_hid_serv_requests(const char *onion_address)
  518. {
  519. strmap_iter_t *iter;
  520. strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
  521. /* XXX023 tor_assert(strlen(onion_address) == REND_SERVICE_ID_LEN_BASE32); */
  522. for (iter = strmap_iter_init(last_hid_serv_requests);
  523. !strmap_iter_done(iter); ) {
  524. const char *key;
  525. void *val;
  526. strmap_iter_get(iter, &key, &val);
  527. /* XXX023 tor_assert(strlen(key) == LAST_HID_SERV_REQUEST_KEY_LEN); */
  528. if (tor_memeq(key + LAST_HID_SERV_REQUEST_KEY_LEN -
  529. REND_SERVICE_ID_LEN_BASE32,
  530. onion_address,
  531. REND_SERVICE_ID_LEN_BASE32)) {
  532. iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
  533. tor_free(val);
  534. } else {
  535. iter = strmap_iter_next(last_hid_serv_requests, iter);
  536. }
  537. }
  538. }
  539. /** Purge the history of request times to hidden service directories,
  540. * so that future lookups of an HS descriptor will not fail because we
  541. * accessed all of the HSDir relays responsible for the descriptor
  542. * recently. */
  543. void
  544. rend_client_purge_last_hid_serv_requests(void)
  545. {
  546. /* Don't create the table if it doesn't exist yet (and it may very
  547. * well not exist if the user hasn't accessed any HSes)... */
  548. strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
  549. /* ... and let get_last_hid_serv_requests re-create it for us if
  550. * necessary. */
  551. last_hid_serv_requests_ = NULL;
  552. if (old_last_hid_serv_requests != NULL) {
  553. log_info(LD_REND, "Purging client last-HS-desc-request-time table");
  554. strmap_free(old_last_hid_serv_requests, tor_free_);
  555. }
  556. }
  557. /** Determine the responsible hidden service directories for <b>desc_id</b>
  558. * and fetch the descriptor with that ID from one of them. Only
  559. * send a request to a hidden service directory that we have not yet tried
  560. * during this attempt to connect to this hidden service; on success, return 1,
  561. * in the case that no hidden service directory is left to ask for the
  562. * descriptor, return 0, and in case of a failure -1. */
  563. static int
  564. directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
  565. {
  566. smartlist_t *responsible_dirs = smartlist_new();
  567. smartlist_t *usable_responsible_dirs = smartlist_new();
  568. const or_options_t *options = get_options();
  569. routerstatus_t *hs_dir;
  570. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  571. time_t now = time(NULL);
  572. char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
  573. const int tor2web_mode = options->Tor2webMode;
  574. int excluded_some;
  575. tor_assert(desc_id);
  576. tor_assert(rend_query);
  577. /* Determine responsible dirs. Even if we can't get all we want,
  578. * work with the ones we have. If it's empty, we'll notice below. */
  579. hid_serv_get_responsible_directories(responsible_dirs, desc_id);
  580. base32_encode(desc_id_base32, sizeof(desc_id_base32),
  581. desc_id, DIGEST_LEN);
  582. /* Only select those hidden service directories to which we did not send
  583. * a request recently and for which we have a router descriptor here. */
  584. /* Clean request history first. */
  585. directory_clean_last_hid_serv_requests(now);
  586. SMARTLIST_FOREACH(responsible_dirs, routerstatus_t *, dir, {
  587. time_t last = lookup_last_hid_serv_request(
  588. dir, desc_id_base32, rend_query, 0, 0);
  589. const node_t *node = node_get_by_id(dir->identity_digest);
  590. if (last + REND_HID_SERV_DIR_REQUERY_PERIOD >= now ||
  591. !node || !node_has_descriptor(node)) {
  592. SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
  593. continue;
  594. }
  595. if (! routerset_contains_node(options->ExcludeNodes, node)) {
  596. smartlist_add(usable_responsible_dirs, dir);
  597. }
  598. });
  599. excluded_some =
  600. smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
  601. hs_dir = smartlist_choose(usable_responsible_dirs);
  602. if (! hs_dir && ! options->StrictNodes)
  603. hs_dir = smartlist_choose(responsible_dirs);
  604. smartlist_free(responsible_dirs);
  605. smartlist_free(usable_responsible_dirs);
  606. if (!hs_dir) {
  607. log_info(LD_REND, "Could not pick one of the responsible hidden "
  608. "service directories, because we requested them all "
  609. "recently without success.");
  610. if (options->StrictNodes && excluded_some) {
  611. log_warn(LD_REND, "Could not pick a hidden service directory for the "
  612. "requested hidden service: they are all either down or "
  613. "excluded, and StrictNodes is set.");
  614. }
  615. return 0;
  616. }
  617. /* Remember that we are requesting a descriptor from this hidden service
  618. * directory now. */
  619. lookup_last_hid_serv_request(hs_dir, desc_id_base32, rend_query, now, 1);
  620. /* Encode descriptor cookie for logging purposes. */
  621. if (rend_query->auth_type != REND_NO_AUTH) {
  622. if (base64_encode(descriptor_cookie_base64,
  623. sizeof(descriptor_cookie_base64),
  624. rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN)<0) {
  625. log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
  626. return 0;
  627. }
  628. /* Remove == signs and newline. */
  629. descriptor_cookie_base64[strlen(descriptor_cookie_base64)-3] = '\0';
  630. } else {
  631. strlcpy(descriptor_cookie_base64, "(none)",
  632. sizeof(descriptor_cookie_base64));
  633. }
  634. /* Send fetch request. (Pass query and possibly descriptor cookie so that
  635. * they can be written to the directory connection and be referred to when
  636. * the response arrives. */
  637. directory_initiate_command_routerstatus_rend(hs_dir,
  638. DIR_PURPOSE_FETCH_RENDDESC_V2,
  639. ROUTER_PURPOSE_GENERAL,
  640. tor2web_mode?DIRIND_ONEHOP:DIRIND_ANONYMOUS,
  641. desc_id_base32,
  642. NULL, 0, 0,
  643. rend_query);
  644. log_info(LD_REND, "Sending fetch request for v2 descriptor for "
  645. "service '%s' with descriptor ID '%s', auth type %d, "
  646. "and descriptor cookie '%s' to hidden service "
  647. "directory %s",
  648. rend_query->onion_address, desc_id_base32,
  649. rend_query->auth_type,
  650. (rend_query->auth_type == REND_NO_AUTH ? "[none]" :
  651. escaped_safe_str_client(descriptor_cookie_base64)),
  652. routerstatus_describe(hs_dir));
  653. control_event_hs_descriptor_requested(rend_query,
  654. hs_dir->identity_digest,
  655. desc_id_base32);
  656. return 1;
  657. }
  658. /** Unless we already have a descriptor for <b>rend_query</b> with at least
  659. * one (possibly) working introduction point in it, start a connection to a
  660. * hidden service directory to fetch a v2 rendezvous service descriptor. */
  661. void
  662. rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
  663. {
  664. char descriptor_id[DIGEST_LEN];
  665. int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
  666. int i, tries_left;
  667. rend_cache_entry_t *e = NULL;
  668. tor_assert(rend_query);
  669. /* Are we configured to fetch descriptors? */
  670. if (!get_options()->FetchHidServDescriptors) {
  671. log_warn(LD_REND, "We received an onion address for a v2 rendezvous "
  672. "service descriptor, but are not fetching service descriptors.");
  673. return;
  674. }
  675. /* Before fetching, check if we already have a usable descriptor here. */
  676. if (rend_cache_lookup_entry(rend_query->onion_address, -1, &e) > 0 &&
  677. rend_client_any_intro_points_usable(e)) {
  678. log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we "
  679. "already have a usable descriptor here. Not fetching.");
  680. return;
  681. }
  682. log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",
  683. safe_str_client(rend_query->onion_address));
  684. /* Randomly iterate over the replicas until a descriptor can be fetched
  685. * from one of the consecutive nodes, or no options are left. */
  686. tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
  687. for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++)
  688. replicas_left_to_try[i] = i;
  689. while (tries_left > 0) {
  690. int rand = crypto_rand_int(tries_left);
  691. int chosen_replica = replicas_left_to_try[rand];
  692. replicas_left_to_try[rand] = replicas_left_to_try[--tries_left];
  693. if (rend_compute_v2_desc_id(descriptor_id, rend_query->onion_address,
  694. rend_query->auth_type == REND_STEALTH_AUTH ?
  695. rend_query->descriptor_cookie : NULL,
  696. time(NULL), chosen_replica) < 0) {
  697. log_warn(LD_REND, "Internal error: Computing v2 rendezvous "
  698. "descriptor ID did not succeed.");
  699. /*
  700. * Hmm, can this write anything to descriptor_id and still fail?
  701. * Let's clear it just to be safe.
  702. *
  703. * From here on, any returns should goto done which clears
  704. * descriptor_id so we don't leave key-derived material on the stack.
  705. */
  706. goto done;
  707. }
  708. if (directory_get_from_hs_dir(descriptor_id, rend_query) != 0)
  709. goto done; /* either success or failure, but we're done */
  710. }
  711. /* If we come here, there are no hidden service directories left. */
  712. log_info(LD_REND, "Could not pick one of the responsible hidden "
  713. "service directories to fetch descriptors, because "
  714. "we already tried them all unsuccessfully.");
  715. /* Close pending connections. */
  716. rend_client_desc_trynow(rend_query->onion_address);
  717. done:
  718. memwipe(descriptor_id, 0, sizeof(descriptor_id));
  719. return;
  720. }
  721. /** Cancel all rendezvous descriptor fetches currently in progress.
  722. */
  723. void
  724. rend_client_cancel_descriptor_fetches(void)
  725. {
  726. smartlist_t *connection_array = get_connection_array();
  727. SMARTLIST_FOREACH_BEGIN(connection_array, connection_t *, conn) {
  728. if (conn->type == CONN_TYPE_DIR &&
  729. conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2) {
  730. /* It's a rendezvous descriptor fetch in progress -- cancel it
  731. * by marking the connection for close.
  732. *
  733. * Even if this connection has already reached EOF, this is
  734. * enough to make sure that if the descriptor hasn't been
  735. * processed yet, it won't be. See the end of
  736. * connection_handle_read; connection_reached_eof (indirectly)
  737. * processes whatever response the connection received. */
  738. const rend_data_t *rd = (TO_DIR_CONN(conn))->rend_data;
  739. if (!rd) {
  740. log_warn(LD_BUG | LD_REND,
  741. "Marking for close dir conn fetching rendezvous "
  742. "descriptor for unknown service!");
  743. } else {
  744. log_debug(LD_REND, "Marking for close dir conn fetching "
  745. "rendezvous descriptor for service %s",
  746. safe_str(rd->onion_address));
  747. }
  748. connection_mark_for_close(conn);
  749. }
  750. } SMARTLIST_FOREACH_END(conn);
  751. }
  752. /** Mark <b>failed_intro</b> as a failed introduction point for the
  753. * hidden service specified by <b>rend_query</b>. If the HS now has no
  754. * usable intro points, or we do not have an HS descriptor for it,
  755. * then launch a new renddesc fetch.
  756. *
  757. * If <b>failure_type</b> is INTRO_POINT_FAILURE_GENERIC, remove the
  758. * intro point from (our parsed copy of) the HS descriptor.
  759. *
  760. * If <b>failure_type</b> is INTRO_POINT_FAILURE_TIMEOUT, mark the
  761. * intro point as 'timed out'; it will not be retried until the
  762. * current hidden service connection attempt has ended or it has
  763. * appeared in a newly fetched rendezvous descriptor.
  764. *
  765. * If <b>failure_type</b> is INTRO_POINT_FAILURE_UNREACHABLE,
  766. * increment the intro point's reachability-failure count; if it has
  767. * now failed MAX_INTRO_POINT_REACHABILITY_FAILURES or more times,
  768. * remove the intro point from (our parsed copy of) the HS descriptor.
  769. *
  770. * Return -1 if error, 0 if no usable intro points remain or service
  771. * unrecognized, 1 if recognized and some intro points remain.
  772. */
  773. int
  774. rend_client_report_intro_point_failure(extend_info_t *failed_intro,
  775. const rend_data_t *rend_query,
  776. unsigned int failure_type)
  777. {
  778. int i, r;
  779. rend_cache_entry_t *ent;
  780. connection_t *conn;
  781. r = rend_cache_lookup_entry(rend_query->onion_address, -1, &ent);
  782. if (r<0) {
  783. log_warn(LD_BUG, "Malformed service ID %s.",
  784. escaped_safe_str_client(rend_query->onion_address));
  785. return -1;
  786. }
  787. if (r==0) {
  788. log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
  789. escaped_safe_str_client(rend_query->onion_address));
  790. rend_client_refetch_v2_renddesc(rend_query);
  791. return 0;
  792. }
  793. for (i = 0; i < smartlist_len(ent->parsed->intro_nodes); i++) {
  794. rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i);
  795. if (tor_memeq(failed_intro->identity_digest,
  796. intro->extend_info->identity_digest, DIGEST_LEN)) {
  797. switch (failure_type) {
  798. default:
  799. log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.",
  800. failure_type);
  801. tor_fragile_assert();
  802. /* fall through */
  803. case INTRO_POINT_FAILURE_GENERIC:
  804. rend_intro_point_free(intro);
  805. smartlist_del(ent->parsed->intro_nodes, i);
  806. break;
  807. case INTRO_POINT_FAILURE_TIMEOUT:
  808. intro->timed_out = 1;
  809. break;
  810. case INTRO_POINT_FAILURE_UNREACHABLE:
  811. ++(intro->unreachable_count);
  812. {
  813. int zap_intro_point =
  814. intro->unreachable_count >= MAX_INTRO_POINT_REACHABILITY_FAILURES;
  815. log_info(LD_REND, "Failed to reach this intro point %u times.%s",
  816. intro->unreachable_count,
  817. zap_intro_point ? " Removing from descriptor.": "");
  818. if (zap_intro_point) {
  819. rend_intro_point_free(intro);
  820. smartlist_del(ent->parsed->intro_nodes, i);
  821. }
  822. }
  823. break;
  824. }
  825. break;
  826. }
  827. }
  828. if (! rend_client_any_intro_points_usable(ent)) {
  829. log_info(LD_REND,
  830. "No more intro points remain for %s. Re-fetching descriptor.",
  831. escaped_safe_str_client(rend_query->onion_address));
  832. rend_client_refetch_v2_renddesc(rend_query);
  833. /* move all pending streams back to renddesc_wait */
  834. while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
  835. AP_CONN_STATE_CIRCUIT_WAIT,
  836. rend_query->onion_address))) {
  837. conn->state = AP_CONN_STATE_RENDDESC_WAIT;
  838. }
  839. return 0;
  840. }
  841. log_info(LD_REND,"%d options left for %s.",
  842. smartlist_len(ent->parsed->intro_nodes),
  843. escaped_safe_str_client(rend_query->onion_address));
  844. return 1;
  845. }
  846. /** Called when we receive a RENDEZVOUS_ESTABLISHED cell; changes the state of
  847. * the circuit to C_REND_READY.
  848. */
  849. int
  850. rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request,
  851. size_t request_len)
  852. {
  853. (void) request;
  854. (void) request_len;
  855. /* we just got an ack for our establish-rendezvous. switch purposes. */
  856. if (circ->base_.purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
  857. log_warn(LD_PROTOCOL,"Got a rendezvous ack when we weren't expecting one. "
  858. "Closing circ.");
  859. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  860. return -1;
  861. }
  862. log_info(LD_REND,"Got rendezvous ack. This circuit is now ready for "
  863. "rendezvous.");
  864. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_REND_READY);
  865. /* Set timestamp_dirty, because circuit_expire_building expects it
  866. * to specify when a circuit entered the _C_REND_READY state. */
  867. circ->base_.timestamp_dirty = time(NULL);
  868. /* From a path bias point of view, this circuit is now successfully used.
  869. * Waiting any longer opens us up to attacks from Bob. He could induce
  870. * Alice to attempt to connect to his hidden service and never reply
  871. * to her rend requests */
  872. pathbias_mark_use_success(circ);
  873. /* XXXX This is a pretty brute-force approach. It'd be better to
  874. * attach only the connections that are waiting on this circuit, rather
  875. * than trying to attach them all. See comments bug 743. */
  876. /* If we already have the introduction circuit built, make sure we send
  877. * the INTRODUCE cell _now_ */
  878. connection_ap_attach_pending();
  879. return 0;
  880. }
  881. /** Bob sent us a rendezvous cell; join the circuits. */
  882. int
  883. rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
  884. size_t request_len)
  885. {
  886. crypt_path_t *hop;
  887. char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
  888. if ((circ->base_.purpose != CIRCUIT_PURPOSE_C_REND_READY &&
  889. circ->base_.purpose != CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED)
  890. || !circ->build_state->pending_final_cpath) {
  891. log_warn(LD_PROTOCOL,"Got rendezvous2 cell from hidden service, but not "
  892. "expecting it. Closing.");
  893. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  894. return -1;
  895. }
  896. if (request_len != DH_KEY_LEN+DIGEST_LEN) {
  897. log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
  898. (int)request_len);
  899. goto err;
  900. }
  901. log_info(LD_REND,"Got RENDEZVOUS2 cell from hidden service.");
  902. /* first DH_KEY_LEN bytes are g^y from bob. Finish the dh handshake...*/
  903. tor_assert(circ->build_state);
  904. tor_assert(circ->build_state->pending_final_cpath);
  905. hop = circ->build_state->pending_final_cpath;
  906. tor_assert(hop->rend_dh_handshake_state);
  907. if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN,
  908. hop->rend_dh_handshake_state, (char*)request,
  909. DH_KEY_LEN,
  910. keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
  911. log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
  912. goto err;
  913. }
  914. /* ... and set up cpath. */
  915. if (circuit_init_cpath_crypto(hop, keys+DIGEST_LEN, 0)<0)
  916. goto err;
  917. /* Check whether the digest is right... */
  918. if (tor_memneq(keys, request+DH_KEY_LEN, DIGEST_LEN)) {
  919. log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
  920. goto err;
  921. }
  922. crypto_dh_free(hop->rend_dh_handshake_state);
  923. hop->rend_dh_handshake_state = NULL;
  924. /* All is well. Extend the circuit. */
  925. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_REND_JOINED);
  926. hop->state = CPATH_STATE_OPEN;
  927. /* set the windows to default. these are the windows
  928. * that alice thinks bob has.
  929. */
  930. hop->package_window = circuit_initial_package_window();
  931. hop->deliver_window = CIRCWINDOW_START;
  932. /* Now that this circuit has finished connecting to its destination,
  933. * make sure circuit_get_open_circ_or_launch is willing to return it
  934. * so we can actually use it. */
  935. circ->hs_circ_has_timed_out = 0;
  936. onion_append_to_cpath(&circ->cpath, hop);
  937. circ->build_state->pending_final_cpath = NULL; /* prevent double-free */
  938. circuit_try_attaching_streams(circ);
  939. memwipe(keys, 0, sizeof(keys));
  940. return 0;
  941. err:
  942. memwipe(keys, 0, sizeof(keys));
  943. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  944. return -1;
  945. }
  946. /** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that are
  947. * waiting on <b>query</b>. If there's a working cache entry here with at
  948. * least one intro point, move them to the next state. */
  949. void
  950. rend_client_desc_trynow(const char *query)
  951. {
  952. entry_connection_t *conn;
  953. rend_cache_entry_t *entry;
  954. const rend_data_t *rend_data;
  955. time_t now = time(NULL);
  956. smartlist_t *conns = get_connection_array();
  957. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
  958. if (base_conn->type != CONN_TYPE_AP ||
  959. base_conn->state != AP_CONN_STATE_RENDDESC_WAIT ||
  960. base_conn->marked_for_close)
  961. continue;
  962. conn = TO_ENTRY_CONN(base_conn);
  963. rend_data = ENTRY_TO_EDGE_CONN(conn)->rend_data;
  964. if (!rend_data)
  965. continue;
  966. if (rend_cmp_service_ids(query, rend_data->onion_address))
  967. continue;
  968. assert_connection_ok(base_conn, now);
  969. if (rend_cache_lookup_entry(rend_data->onion_address, -1,
  970. &entry) == 1 &&
  971. rend_client_any_intro_points_usable(entry)) {
  972. /* either this fetch worked, or it failed but there was a
  973. * valid entry from before which we should reuse */
  974. log_info(LD_REND,"Rend desc is usable. Launching circuits.");
  975. base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
  976. /* restart their timeout values, so they get a fair shake at
  977. * connecting to the hidden service. */
  978. base_conn->timestamp_created = now;
  979. base_conn->timestamp_lastread = now;
  980. base_conn->timestamp_lastwritten = now;
  981. if (connection_ap_handshake_attach_circuit(conn) < 0) {
  982. /* it will never work */
  983. log_warn(LD_REND,"Rendezvous attempt failed. Closing.");
  984. if (!base_conn->marked_for_close)
  985. connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
  986. }
  987. } else { /* 404, or fetch didn't get that far */
  988. log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
  989. "unavailable (try again later).",
  990. safe_str_client(query));
  991. connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
  992. rend_client_note_connection_attempt_ended(query);
  993. }
  994. } SMARTLIST_FOREACH_END(base_conn);
  995. }
  996. /** Clear temporary state used only during an attempt to connect to
  997. * the hidden service named <b>onion_address</b>. Called when a
  998. * connection attempt has ended; may be called occasionally at other
  999. * times, and should be reasonably harmless. */
  1000. void
  1001. rend_client_note_connection_attempt_ended(const char *onion_address)
  1002. {
  1003. rend_cache_entry_t *cache_entry = NULL;
  1004. rend_cache_lookup_entry(onion_address, -1, &cache_entry);
  1005. log_info(LD_REND, "Connection attempt for %s has ended; "
  1006. "cleaning up temporary state.",
  1007. safe_str_client(onion_address));
  1008. /* Clear the timed_out flag on all remaining intro points for this HS. */
  1009. if (cache_entry != NULL) {
  1010. SMARTLIST_FOREACH(cache_entry->parsed->intro_nodes,
  1011. rend_intro_point_t *, ip,
  1012. ip->timed_out = 0; );
  1013. }
  1014. /* Remove the HS's entries in last_hid_serv_requests. */
  1015. purge_hid_serv_from_last_hid_serv_requests(onion_address);
  1016. }
  1017. /** Return a newly allocated extend_info_t* for a randomly chosen introduction
  1018. * point for the named hidden service. Return NULL if all introduction points
  1019. * have been tried and failed.
  1020. */
  1021. extend_info_t *
  1022. rend_client_get_random_intro(const rend_data_t *rend_query)
  1023. {
  1024. extend_info_t *result;
  1025. rend_cache_entry_t *entry;
  1026. if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) {
  1027. log_warn(LD_REND,
  1028. "Query '%s' didn't have valid rend desc in cache. Failing.",
  1029. safe_str_client(rend_query->onion_address));
  1030. return NULL;
  1031. }
  1032. /* See if we can get a node that complies with ExcludeNodes */
  1033. if ((result = rend_client_get_random_intro_impl(entry, 1, 1)))
  1034. return result;
  1035. /* If not, and StrictNodes is not set, see if we can return any old node
  1036. */
  1037. if (!get_options()->StrictNodes)
  1038. return rend_client_get_random_intro_impl(entry, 0, 1);
  1039. return NULL;
  1040. }
  1041. /** As rend_client_get_random_intro, except assume that StrictNodes is set
  1042. * iff <b>strict</b> is true. If <b>warnings</b> is false, don't complain
  1043. * to the user when we're out of nodes, even if StrictNodes is true.
  1044. */
  1045. static extend_info_t *
  1046. rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
  1047. const int strict,
  1048. const int warnings)
  1049. {
  1050. int i;
  1051. rend_intro_point_t *intro;
  1052. const or_options_t *options = get_options();
  1053. smartlist_t *usable_nodes;
  1054. int n_excluded = 0;
  1055. /* We'll keep a separate list of the usable nodes. If this becomes empty,
  1056. * no nodes are usable. */
  1057. usable_nodes = smartlist_new();
  1058. smartlist_add_all(usable_nodes, entry->parsed->intro_nodes);
  1059. /* Remove the intro points that have timed out during this HS
  1060. * connection attempt from our list of usable nodes. */
  1061. SMARTLIST_FOREACH(usable_nodes, rend_intro_point_t *, ip,
  1062. if (ip->timed_out) {
  1063. SMARTLIST_DEL_CURRENT(usable_nodes, ip);
  1064. });
  1065. again:
  1066. if (smartlist_len(usable_nodes) == 0) {
  1067. if (n_excluded && get_options()->StrictNodes && warnings) {
  1068. /* We only want to warn if StrictNodes is really set. Otherwise
  1069. * we're just about to retry anyways.
  1070. */
  1071. log_warn(LD_REND, "All introduction points for hidden service are "
  1072. "at excluded relays, and StrictNodes is set. Skipping.");
  1073. }
  1074. smartlist_free(usable_nodes);
  1075. return NULL;
  1076. }
  1077. i = crypto_rand_int(smartlist_len(usable_nodes));
  1078. intro = smartlist_get(usable_nodes, i);
  1079. /* Do we need to look up the router or is the extend info complete? */
  1080. if (!intro->extend_info->onion_key) {
  1081. const node_t *node;
  1082. extend_info_t *new_extend_info;
  1083. if (tor_digest_is_zero(intro->extend_info->identity_digest))
  1084. node = node_get_by_hex_id(intro->extend_info->nickname);
  1085. else
  1086. node = node_get_by_id(intro->extend_info->identity_digest);
  1087. if (!node) {
  1088. log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
  1089. intro->extend_info->nickname);
  1090. smartlist_del(usable_nodes, i);
  1091. goto again;
  1092. }
  1093. new_extend_info = extend_info_from_node(node, 0);
  1094. if (!new_extend_info) {
  1095. log_info(LD_REND, "We don't have a descriptor for the intro-point relay "
  1096. "'%s'; trying another.",
  1097. extend_info_describe(intro->extend_info));
  1098. smartlist_del(usable_nodes, i);
  1099. goto again;
  1100. } else {
  1101. extend_info_free(intro->extend_info);
  1102. intro->extend_info = new_extend_info;
  1103. }
  1104. tor_assert(intro->extend_info != NULL);
  1105. }
  1106. /* Check if we should refuse to talk to this router. */
  1107. if (strict &&
  1108. routerset_contains_extendinfo(options->ExcludeNodes,
  1109. intro->extend_info)) {
  1110. n_excluded++;
  1111. smartlist_del(usable_nodes, i);
  1112. goto again;
  1113. }
  1114. smartlist_free(usable_nodes);
  1115. return extend_info_dup(intro->extend_info);
  1116. }
  1117. /** Return true iff any introduction points still listed in <b>entry</b> are
  1118. * usable. */
  1119. int
  1120. rend_client_any_intro_points_usable(const rend_cache_entry_t *entry)
  1121. {
  1122. extend_info_t *extend_info =
  1123. rend_client_get_random_intro_impl(entry, get_options()->StrictNodes, 0);
  1124. int rv = (extend_info != NULL);
  1125. extend_info_free(extend_info);
  1126. return rv;
  1127. }
  1128. /** Client-side authorizations for hidden services; map of onion address to
  1129. * rend_service_authorization_t*. */
  1130. static strmap_t *auth_hid_servs = NULL;
  1131. /** Look up the client-side authorization for the hidden service with
  1132. * <b>onion_address</b>. Return NULL if no authorization is available for
  1133. * that address. */
  1134. rend_service_authorization_t*
  1135. rend_client_lookup_service_authorization(const char *onion_address)
  1136. {
  1137. tor_assert(onion_address);
  1138. if (!auth_hid_servs) return NULL;
  1139. return strmap_get(auth_hid_servs, onion_address);
  1140. }
  1141. /** Helper: Free storage held by rend_service_authorization_t. */
  1142. static void
  1143. rend_service_authorization_free(rend_service_authorization_t *auth)
  1144. {
  1145. tor_free(auth);
  1146. }
  1147. /** Helper for strmap_free. */
  1148. static void
  1149. rend_service_authorization_strmap_item_free(void *service_auth)
  1150. {
  1151. rend_service_authorization_free(service_auth);
  1152. }
  1153. /** Release all the storage held in auth_hid_servs.
  1154. */
  1155. void
  1156. rend_service_authorization_free_all(void)
  1157. {
  1158. if (!auth_hid_servs) {
  1159. return;
  1160. }
  1161. strmap_free(auth_hid_servs, rend_service_authorization_strmap_item_free);
  1162. auth_hid_servs = NULL;
  1163. }
  1164. /** Parse <b>config_line</b> as a client-side authorization for a hidden
  1165. * service and add it to the local map of hidden service authorizations.
  1166. * Return 0 for success and -1 for failure. */
  1167. int
  1168. rend_parse_service_authorization(const or_options_t *options,
  1169. int validate_only)
  1170. {
  1171. config_line_t *line;
  1172. int res = -1;
  1173. strmap_t *parsed = strmap_new();
  1174. smartlist_t *sl = smartlist_new();
  1175. rend_service_authorization_t *auth = NULL;
  1176. char descriptor_cookie_tmp[REND_DESC_COOKIE_LEN+2];
  1177. char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_BASE64+2+1];
  1178. for (line = options->HidServAuth; line; line = line->next) {
  1179. char *onion_address, *descriptor_cookie;
  1180. int auth_type_val = 0;
  1181. auth = NULL;
  1182. SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
  1183. smartlist_clear(sl);
  1184. smartlist_split_string(sl, line->value, " ",
  1185. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
  1186. if (smartlist_len(sl) < 2) {
  1187. log_warn(LD_CONFIG, "Configuration line does not consist of "
  1188. "\"onion-address authorization-cookie [service-name]\": "
  1189. "'%s'", line->value);
  1190. goto err;
  1191. }
  1192. auth = tor_malloc_zero(sizeof(rend_service_authorization_t));
  1193. /* Parse onion address. */
  1194. onion_address = smartlist_get(sl, 0);
  1195. if (strlen(onion_address) != REND_SERVICE_ADDRESS_LEN ||
  1196. strcmpend(onion_address, ".onion")) {
  1197. log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
  1198. onion_address);
  1199. goto err;
  1200. }
  1201. strlcpy(auth->onion_address, onion_address, REND_SERVICE_ID_LEN_BASE32+1);
  1202. if (!rend_valid_service_id(auth->onion_address)) {
  1203. log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
  1204. onion_address);
  1205. goto err;
  1206. }
  1207. /* Parse descriptor cookie. */
  1208. descriptor_cookie = smartlist_get(sl, 1);
  1209. if (strlen(descriptor_cookie) != REND_DESC_COOKIE_LEN_BASE64) {
  1210. log_warn(LD_CONFIG, "Authorization cookie has wrong length: '%s'",
  1211. descriptor_cookie);
  1212. goto err;
  1213. }
  1214. /* Add trailing zero bytes (AA) to make base64-decoding happy. */
  1215. tor_snprintf(descriptor_cookie_base64ext,
  1216. REND_DESC_COOKIE_LEN_BASE64+2+1,
  1217. "%sAA", descriptor_cookie);
  1218. if (base64_decode(descriptor_cookie_tmp, sizeof(descriptor_cookie_tmp),
  1219. descriptor_cookie_base64ext,
  1220. strlen(descriptor_cookie_base64ext)) < 0) {
  1221. log_warn(LD_CONFIG, "Decoding authorization cookie failed: '%s'",
  1222. descriptor_cookie);
  1223. goto err;
  1224. }
  1225. auth_type_val = (((uint8_t)descriptor_cookie_tmp[16]) >> 4) + 1;
  1226. if (auth_type_val < 1 || auth_type_val > 2) {
  1227. log_warn(LD_CONFIG, "Authorization cookie has unknown authorization "
  1228. "type encoded.");
  1229. goto err;
  1230. }
  1231. auth->auth_type = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH;
  1232. memcpy(auth->descriptor_cookie, descriptor_cookie_tmp,
  1233. REND_DESC_COOKIE_LEN);
  1234. if (strmap_get(parsed, auth->onion_address)) {
  1235. log_warn(LD_CONFIG, "Duplicate authorization for the same hidden "
  1236. "service.");
  1237. goto err;
  1238. }
  1239. strmap_set(parsed, auth->onion_address, auth);
  1240. auth = NULL;
  1241. }
  1242. res = 0;
  1243. goto done;
  1244. err:
  1245. res = -1;
  1246. done:
  1247. rend_service_authorization_free(auth);
  1248. SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
  1249. smartlist_free(sl);
  1250. if (!validate_only && res == 0) {
  1251. rend_service_authorization_free_all();
  1252. auth_hid_servs = parsed;
  1253. } else {
  1254. strmap_free(parsed, rend_service_authorization_strmap_item_free);
  1255. }
  1256. memwipe(descriptor_cookie_tmp, 0, sizeof(descriptor_cookie_tmp));
  1257. memwipe(descriptor_cookie_base64ext, 0, sizeof(descriptor_cookie_base64ext));
  1258. return res;
  1259. }