rendservice.h 9.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222
  1. /* Copyright (c) 2001 Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2019, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file rendservice.h
  8. * \brief Header file for rendservice.c.
  9. **/
  10. #ifndef TOR_RENDSERVICE_H
  11. #define TOR_RENDSERVICE_H
  12. #include "core/or/or.h"
  13. #include "feature/hs/hs_service.h"
  14. typedef struct rend_intro_cell_t rend_intro_cell_t;
  15. struct config_line_t;
  16. /* This can be used for both INTRODUCE1 and INTRODUCE2 */
  17. struct rend_intro_cell_t {
  18. /* Is this an INTRODUCE1 or INTRODUCE2? (set to 1 or 2) */
  19. uint8_t type;
  20. /* Public key digest */
  21. uint8_t pk[DIGEST_LEN];
  22. /* Optionally, store ciphertext here */
  23. uint8_t *ciphertext;
  24. ssize_t ciphertext_len;
  25. /* Optionally, store plaintext */
  26. uint8_t *plaintext;
  27. ssize_t plaintext_len;
  28. /* Have we parsed the plaintext? */
  29. uint8_t parsed;
  30. /* intro protocol version (0, 1, 2 or 3) */
  31. uint8_t version;
  32. /* Version-specific parts */
  33. union {
  34. struct {
  35. /* Rendezvous point nickname or hex-encoded key digest */
  36. uint8_t rp[42];
  37. } v0_v1;
  38. struct {
  39. /* The extend_info_t struct has everything v2 uses */
  40. extend_info_t *extend_info;
  41. } v2;
  42. struct {
  43. /* Auth type used */
  44. uint8_t auth_type;
  45. /* Length of auth data */
  46. uint16_t auth_len;
  47. /* Auth data */
  48. uint8_t *auth_data;
  49. /* Rendezvous point's IP address/port, identity digest and onion key */
  50. extend_info_t *extend_info;
  51. } v3;
  52. } u;
  53. /* Rendezvous cookie */
  54. uint8_t rc[REND_COOKIE_LEN];
  55. /* Diffie-Hellman data */
  56. uint8_t dh[DH1024_KEY_LEN];
  57. };
  58. #ifdef RENDSERVICE_PRIVATE
  59. /** Represents a single hidden service running at this OP. */
  60. typedef struct rend_service_t {
  61. /* Fields specified in config file */
  62. char *directory; /**< where in the filesystem it stores it. Will be NULL if
  63. * this service is ephemeral. */
  64. int dir_group_readable; /**< if 1, allow group read
  65. permissions on directory */
  66. smartlist_t *ports; /**< List of rend_service_port_config_t */
  67. rend_auth_type_t auth_type; /**< Client authorization type or 0 if no client
  68. * authorization is performed. */
  69. smartlist_t *clients; /**< List of rend_authorized_client_t's of
  70. * clients that may access our service. Can be NULL
  71. * if no client authorization is performed. */
  72. /* Other fields */
  73. crypto_pk_t *private_key; /**< Permanent hidden-service key. */
  74. char service_id[REND_SERVICE_ID_LEN_BASE32+1]; /**< Onion address without
  75. * '.onion' */
  76. char pk_digest[DIGEST_LEN]; /**< Hash of permanent hidden-service key. */
  77. smartlist_t *intro_nodes; /**< List of rend_intro_point_t's we have,
  78. * or are trying to establish. */
  79. /** List of rend_intro_point_t that are expiring. They are removed once
  80. * the new descriptor is successfully uploaded. A node in this list CAN
  81. * NOT appear in the intro_nodes list. */
  82. smartlist_t *expiring_nodes;
  83. time_t intro_period_started; /**< Start of the current period to build
  84. * introduction points. */
  85. int n_intro_circuits_launched; /**< Count of intro circuits we have
  86. * established in this period. */
  87. unsigned int n_intro_points_wanted; /**< Number of intro points this
  88. * service wants to have open. */
  89. rend_service_descriptor_t *desc; /**< Current hidden service descriptor. */
  90. time_t desc_is_dirty; /**< Time at which changes to the hidden service
  91. * descriptor content occurred, or 0 if it's
  92. * up-to-date. */
  93. time_t next_upload_time; /**< Scheduled next hidden service descriptor
  94. * upload time. */
  95. /** Replay cache for Diffie-Hellman values of INTRODUCE2 cells, to
  96. * detect repeats. Clients may send INTRODUCE1 cells for the same
  97. * rendezvous point through two or more different introduction points;
  98. * when they do, this keeps us from launching multiple simultaneous attempts
  99. * to connect to the same rend point. */
  100. replaycache_t *accepted_intro_dh_parts;
  101. /** If true, we don't close circuits for making requests to unsupported
  102. * ports. */
  103. int allow_unknown_ports;
  104. /** The maximum number of simultaneous streams-per-circuit that are allowed
  105. * to be established, or 0 if no limit is set.
  106. */
  107. int max_streams_per_circuit;
  108. /** If true, we close circuits that exceed the max_streams_per_circuit
  109. * limit. */
  110. int max_streams_close_circuit;
  111. } rend_service_t;
  112. STATIC void rend_service_free_(rend_service_t *service);
  113. #define rend_service_free(s) \
  114. FREE_AND_NULL(rend_service_t, rend_service_free_, (s))
  115. STATIC char *rend_service_sos_poison_path(const rend_service_t *service);
  116. STATIC int rend_service_verify_single_onion_poison(
  117. const rend_service_t *s,
  118. const or_options_t *options);
  119. STATIC int rend_service_poison_new_single_onion_dir(
  120. const rend_service_t *s,
  121. const or_options_t* options);
  122. #ifdef TOR_UNIT_TESTS
  123. STATIC void set_rend_service_list(smartlist_t *new_list);
  124. STATIC void set_rend_rend_service_staging_list(smartlist_t *new_list);
  125. STATIC void rend_service_prune_list_impl_(void);
  126. #endif /* defined(TOR_UNIT_TESTS) */
  127. #endif /* defined(RENDSERVICE_PRIVATE) */
  128. int rend_num_services(void);
  129. int rend_config_service(const struct config_line_t *line_,
  130. const or_options_t *options,
  131. hs_service_config_t *config);
  132. void rend_service_prune_list(void);
  133. void rend_service_free_staging_list(void);
  134. int rend_service_load_all_keys(const smartlist_t *service_list);
  135. int rend_service_key_on_disk(const char *directory_path);
  136. void rend_services_add_filenames_to_lists(smartlist_t *open_lst,
  137. smartlist_t *stat_lst);
  138. void rend_consider_services_intro_points(time_t now);
  139. void rend_consider_services_upload(time_t now);
  140. void rend_hsdir_routers_changed(void);
  141. void rend_consider_descriptor_republication(void);
  142. void rend_service_intro_has_opened(origin_circuit_t *circuit);
  143. int rend_service_intro_established(origin_circuit_t *circuit,
  144. const uint8_t *request,
  145. size_t request_len);
  146. void rend_service_rendezvous_has_opened(origin_circuit_t *circuit);
  147. int rend_service_receive_introduction(origin_circuit_t *circuit,
  148. const uint8_t *request,
  149. size_t request_len);
  150. int rend_service_decrypt_intro(rend_intro_cell_t *request,
  151. crypto_pk_t *key,
  152. char **err_msg_out);
  153. void rend_service_free_intro_(rend_intro_cell_t *request);
  154. #define rend_service_free_intro(req) do { \
  155. rend_service_free_intro_(req); \
  156. (req) = NULL; \
  157. } while (0)
  158. rend_intro_cell_t * rend_service_begin_parse_intro(const uint8_t *request,
  159. size_t request_len,
  160. uint8_t type,
  161. char **err_msg_out);
  162. int rend_service_parse_intro_plaintext(rend_intro_cell_t *intro,
  163. char **err_msg_out);
  164. ssize_t rend_service_encode_establish_intro_cell(char *cell_body_out,
  165. size_t cell_body_out_len,
  166. crypto_pk_t *intro_key,
  167. const char *rend_circ_nonce);
  168. int rend_service_validate_intro_late(const rend_intro_cell_t *intro,
  169. char **err_msg_out);
  170. void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc);
  171. int rend_service_set_connection_addr_port(edge_connection_t *conn,
  172. origin_circuit_t *circ);
  173. void rend_service_dump_stats(int severity);
  174. void rend_service_free_all(void);
  175. void rend_service_init(void);
  176. rend_service_port_config_t *rend_service_parse_port_config(const char *string,
  177. const char *sep,
  178. char **err_msg_out);
  179. void rend_service_port_config_free_(rend_service_port_config_t *p);
  180. #define rend_service_port_config_free(p) \
  181. FREE_AND_NULL(rend_service_port_config_t, rend_service_port_config_free_, \
  182. (p))
  183. void rend_authorized_client_free_(rend_authorized_client_t *client);
  184. #define rend_authorized_client_free(client) \
  185. FREE_AND_NULL(rend_authorized_client_t, rend_authorized_client_free_, \
  186. (client))
  187. hs_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk,
  188. smartlist_t *ports,
  189. int max_streams_per_circuit,
  190. int max_streams_close_circuit,
  191. rend_auth_type_t auth_type,
  192. smartlist_t *auth_clients,
  193. char **service_id_out);
  194. int rend_service_del_ephemeral(const char *service_id);
  195. void directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
  196. smartlist_t *descs, smartlist_t *hs_dirs,
  197. const char *service_id, int seconds_valid);
  198. void rend_service_desc_has_uploaded(const rend_data_t *rend_data);
  199. int rend_service_allow_non_anonymous_connection(const or_options_t *options);
  200. int rend_service_reveal_startup_time(const or_options_t *options);
  201. int rend_service_non_anonymous_mode_enabled(const or_options_t *options);
  202. #endif /* !defined(TOR_RENDSERVICE_H) */