rendclient.c 37 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963
  1. /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  2. * Copyright (c) 2007-2010, The Tor Project, Inc. */
  3. /* See LICENSE for licensing information */
  4. /**
  5. * \file rendclient.c
  6. * \brief Client code to access location-hidden services.
  7. **/
  8. #include "or.h"
  9. /** Called when we've established a circuit to an introduction point:
  10. * send the introduction request. */
  11. void
  12. rend_client_introcirc_has_opened(origin_circuit_t *circ)
  13. {
  14. tor_assert(circ->_base.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
  15. tor_assert(circ->cpath);
  16. log_info(LD_REND,"introcirc is open");
  17. connection_ap_attach_pending();
  18. }
  19. /** Send the establish-rendezvous cell along a rendezvous circuit. if
  20. * it fails, mark the circ for close and return -1. else return 0.
  21. */
  22. static int
  23. rend_client_send_establish_rendezvous(origin_circuit_t *circ)
  24. {
  25. tor_assert(circ->_base.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
  26. tor_assert(circ->rend_data);
  27. log_info(LD_REND, "Sending an ESTABLISH_RENDEZVOUS cell");
  28. if (crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN) < 0) {
  29. log_warn(LD_BUG, "Internal error: Couldn't produce random cookie.");
  30. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
  31. return -1;
  32. }
  33. if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
  34. RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
  35. circ->rend_data->rend_cookie,
  36. REND_COOKIE_LEN,
  37. circ->cpath->prev)<0) {
  38. /* circ is already marked for close */
  39. log_warn(LD_GENERAL, "Couldn't send ESTABLISH_RENDEZVOUS cell");
  40. return -1;
  41. }
  42. return 0;
  43. }
  44. /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
  45. * down introcirc if possible.
  46. */
  47. int
  48. rend_client_send_introduction(origin_circuit_t *introcirc,
  49. origin_circuit_t *rendcirc)
  50. {
  51. size_t payload_len;
  52. int r, v3_shift = 0;
  53. char payload[RELAY_PAYLOAD_SIZE];
  54. char tmp[RELAY_PAYLOAD_SIZE];
  55. rend_cache_entry_t *entry;
  56. crypt_path_t *cpath;
  57. off_t dh_offset;
  58. crypto_pk_env_t *intro_key; /* either Bob's public key or an intro key. */
  59. tor_assert(introcirc->_base.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
  60. tor_assert(rendcirc->_base.purpose == CIRCUIT_PURPOSE_C_REND_READY);
  61. tor_assert(introcirc->rend_data);
  62. tor_assert(rendcirc->rend_data);
  63. tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address,
  64. rendcirc->rend_data->onion_address));
  65. if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
  66. &entry) < 1) {
  67. log_warn(LD_REND,
  68. "query %s didn't have valid rend desc in cache. Failing.",
  69. escaped_safe_str(introcirc->rend_data->onion_address));
  70. goto err;
  71. }
  72. /* first 20 bytes of payload are the hash of Bob's pk */
  73. if (entry->parsed->version == 0) { /* un-versioned descriptor */
  74. intro_key = entry->parsed->pk;
  75. } else { /* versioned descriptor */
  76. intro_key = NULL;
  77. SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *,
  78. intro, {
  79. if (!memcmp(introcirc->build_state->chosen_exit->identity_digest,
  80. intro->extend_info->identity_digest, DIGEST_LEN)) {
  81. intro_key = intro->intro_key;
  82. break;
  83. }
  84. });
  85. if (!intro_key) {
  86. /** XXX This case probably means that the intro point vanished while
  87. * we were building a circuit to it. In the future, we should find
  88. * out how that happened and whether we should kill the circuits to
  89. * removed intro points immediately. See task 1073. */
  90. int num_intro_points = smartlist_len(entry->parsed->intro_nodes);
  91. if (rend_cache_lookup_entry(introcirc->rend_data->onion_address,
  92. 0, &entry) > 0) {
  93. log_info(LD_REND, "We have both a v0 and a v2 rend desc for this "
  94. "service. The v2 desc doesn't contain the introduction "
  95. "point (and key) to send an INTRODUCE1/2 cell to this "
  96. "introduction point. Assuming the introduction point "
  97. "is for v0 rend clients and using the service key "
  98. "from the v0 desc instead. (This is probably a bug, "
  99. "because we shouldn't even have both a v0 and a v2 "
  100. "descriptor for the same service.)");
  101. /* See flyspray task 1024. */
  102. intro_key = entry->parsed->pk;
  103. } else {
  104. log_info(LD_REND, "Internal error: could not find intro key; we "
  105. "only have a v2 rend desc with %d intro points.",
  106. num_intro_points);
  107. goto err;
  108. }
  109. }
  110. }
  111. if (crypto_pk_get_digest(intro_key, payload)<0) {
  112. log_warn(LD_BUG, "Internal error: couldn't hash public key.");
  113. goto err;
  114. }
  115. /* Initialize the pending_final_cpath and start the DH handshake. */
  116. cpath = rendcirc->build_state->pending_final_cpath;
  117. if (!cpath) {
  118. cpath = rendcirc->build_state->pending_final_cpath =
  119. tor_malloc_zero(sizeof(crypt_path_t));
  120. cpath->magic = CRYPT_PATH_MAGIC;
  121. if (!(cpath->dh_handshake_state = crypto_dh_new())) {
  122. log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
  123. goto err;
  124. }
  125. if (crypto_dh_generate_public(cpath->dh_handshake_state)<0) {
  126. log_warn(LD_BUG, "Internal error: couldn't generate g^x.");
  127. goto err;
  128. }
  129. }
  130. /* If version is 3, write (optional) auth data and timestamp. */
  131. if (entry->parsed->protocols & (1<<3)) {
  132. tmp[0] = 3; /* version 3 of the cell format */
  133. tmp[1] = (uint8_t)introcirc->rend_data->auth_type; /* auth type, if any */
  134. v3_shift = 1;
  135. if (introcirc->rend_data->auth_type != REND_NO_AUTH) {
  136. set_uint16(tmp+2, htons(REND_DESC_COOKIE_LEN));
  137. memcpy(tmp+4, introcirc->rend_data->descriptor_cookie,
  138. REND_DESC_COOKIE_LEN);
  139. v3_shift += 2+REND_DESC_COOKIE_LEN;
  140. }
  141. set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
  142. v3_shift += 4;
  143. } /* if version 2 only write version number */
  144. else if (entry->parsed->protocols & (1<<2)) {
  145. tmp[0] = 2; /* version 2 of the cell format */
  146. }
  147. /* write the remaining items into tmp */
  148. if (entry->parsed->protocols & (1<<3) || entry->parsed->protocols & (1<<2)) {
  149. /* version 2 format */
  150. extend_info_t *extend_info = rendcirc->build_state->chosen_exit;
  151. int klen;
  152. /* nul pads */
  153. set_uint32(tmp+v3_shift+1, tor_addr_to_ipv4h(&extend_info->addr));
  154. set_uint16(tmp+v3_shift+5, htons(extend_info->port));
  155. memcpy(tmp+v3_shift+7, extend_info->identity_digest, DIGEST_LEN);
  156. klen = crypto_pk_asn1_encode(extend_info->onion_key,
  157. tmp+v3_shift+7+DIGEST_LEN+2,
  158. sizeof(tmp)-(v3_shift+7+DIGEST_LEN+2));
  159. set_uint16(tmp+v3_shift+7+DIGEST_LEN, htons(klen));
  160. memcpy(tmp+v3_shift+7+DIGEST_LEN+2+klen, rendcirc->rend_data->rend_cookie,
  161. REND_COOKIE_LEN);
  162. dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN;
  163. } else {
  164. /* Version 0. */
  165. strncpy(tmp, rendcirc->build_state->chosen_exit->nickname,
  166. (MAX_NICKNAME_LEN+1)); /* nul pads */
  167. memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie,
  168. REND_COOKIE_LEN);
  169. dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN;
  170. }
  171. if (crypto_dh_get_public(cpath->dh_handshake_state, tmp+dh_offset,
  172. DH_KEY_LEN)<0) {
  173. log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
  174. goto err;
  175. }
  176. note_crypto_pk_op(REND_CLIENT);
  177. /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
  178. * to avoid buffer overflows? */
  179. r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
  180. tmp,
  181. (int)(dh_offset+DH_KEY_LEN),
  182. PK_PKCS1_OAEP_PADDING, 0);
  183. if (r<0) {
  184. log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
  185. goto err;
  186. }
  187. payload_len = DIGEST_LEN + r;
  188. tor_assert(payload_len <= RELAY_PAYLOAD_SIZE); /* we overran something */
  189. log_info(LD_REND, "Sending an INTRODUCE1 cell");
  190. if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc),
  191. RELAY_COMMAND_INTRODUCE1,
  192. payload, payload_len,
  193. introcirc->cpath->prev)<0) {
  194. /* introcirc is already marked for close. leave rendcirc alone. */
  195. log_warn(LD_BUG, "Couldn't send INTRODUCE1 cell");
  196. return -1;
  197. }
  198. /* Now, we wait for an ACK or NAK on this circuit. */
  199. introcirc->_base.purpose = CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT;
  200. return 0;
  201. err:
  202. circuit_mark_for_close(TO_CIRCUIT(introcirc), END_CIRC_REASON_INTERNAL);
  203. circuit_mark_for_close(TO_CIRCUIT(rendcirc), END_CIRC_REASON_INTERNAL);
  204. return -1;
  205. }
  206. /** Called when a rendezvous circuit is open; sends a establish
  207. * rendezvous circuit as appropriate. */
  208. void
  209. rend_client_rendcirc_has_opened(origin_circuit_t *circ)
  210. {
  211. tor_assert(circ->_base.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
  212. log_info(LD_REND,"rendcirc is open");
  213. /* generate a rendezvous cookie, store it in circ */
  214. if (rend_client_send_establish_rendezvous(circ) < 0) {
  215. return;
  216. }
  217. }
  218. /** Called when get an ACK or a NAK for a REND_INTRODUCE1 cell.
  219. */
  220. int
  221. rend_client_introduction_acked(origin_circuit_t *circ,
  222. const char *request, size_t request_len)
  223. {
  224. origin_circuit_t *rendcirc;
  225. (void) request; // XXXX Use this.
  226. if (circ->_base.purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
  227. log_warn(LD_PROTOCOL,
  228. "Received REND_INTRODUCE_ACK on unexpected circuit %d.",
  229. circ->_base.n_circ_id);
  230. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  231. return -1;
  232. }
  233. tor_assert(circ->build_state->chosen_exit);
  234. tor_assert(circ->rend_data);
  235. if (request_len == 0) {
  236. /* It's an ACK; the introduction point relayed our introduction request. */
  237. /* Locate the rend circ which is waiting to hear about this ack,
  238. * and tell it.
  239. */
  240. log_info(LD_REND,"Received ack. Telling rend circ...");
  241. rendcirc = circuit_get_by_rend_query_and_purpose(
  242. circ->rend_data->onion_address, CIRCUIT_PURPOSE_C_REND_READY);
  243. if (rendcirc) { /* remember the ack */
  244. rendcirc->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED;
  245. } else {
  246. log_info(LD_REND,"...Found no rend circ. Dropping on the floor.");
  247. }
  248. /* close the circuit: we won't need it anymore. */
  249. circ->_base.purpose = CIRCUIT_PURPOSE_C_INTRODUCE_ACKED;
  250. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
  251. } else {
  252. /* It's a NAK; the introduction point didn't relay our request. */
  253. circ->_base.purpose = CIRCUIT_PURPOSE_C_INTRODUCING;
  254. /* Remove this intro point from the set of viable introduction
  255. * points. If any remain, extend to a new one and try again.
  256. * If none remain, refetch the service descriptor.
  257. */
  258. if (rend_client_remove_intro_point(circ->build_state->chosen_exit,
  259. circ->rend_data) > 0) {
  260. /* There are introduction points left. Re-extend the circuit to
  261. * another intro point and try again. */
  262. extend_info_t *extend_info;
  263. int result;
  264. extend_info = rend_client_get_random_intro(circ->rend_data);
  265. if (!extend_info) {
  266. log_warn(LD_REND, "No introduction points left for %s. Closing.",
  267. escaped_safe_str(circ->rend_data->onion_address));
  268. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
  269. return -1;
  270. }
  271. if (circ->remaining_relay_early_cells) {
  272. log_info(LD_REND,
  273. "Got nack for %s from %s. Re-extending circ %d, "
  274. "this time to %s.",
  275. escaped_safe_str(circ->rend_data->onion_address),
  276. circ->build_state->chosen_exit->nickname,
  277. circ->_base.n_circ_id, extend_info->nickname);
  278. result = circuit_extend_to_new_exit(circ, extend_info);
  279. } else {
  280. log_info(LD_REND,
  281. "Got nack for %s from %s. Building a new introduction "
  282. "circuit, this time to %s.",
  283. escaped_safe_str(circ->rend_data->onion_address),
  284. circ->build_state->chosen_exit->nickname,
  285. extend_info->nickname);
  286. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
  287. if (!circuit_launch_by_extend_info(CIRCUIT_PURPOSE_C_INTRODUCING,
  288. extend_info,
  289. CIRCLAUNCH_IS_INTERNAL)) {
  290. log_warn(LD_REND, "Building introduction circuit failed.");
  291. result = -1;
  292. } else {
  293. result = 0;
  294. }
  295. }
  296. extend_info_free(extend_info);
  297. return result;
  298. }
  299. }
  300. return 0;
  301. }
  302. /** The period for which a hidden service directory cannot be queried for
  303. * the same descriptor ID again. */
  304. #define REND_HID_SERV_DIR_REQUERY_PERIOD (15 * 60)
  305. /** Contains the last request times to hidden service directories for
  306. * certain queries; keys are strings consisting of base32-encoded
  307. * hidden service directory identities and base32-encoded descriptor IDs;
  308. * values are pointers to timestamps of the last requests. */
  309. static strmap_t *last_hid_serv_requests = NULL;
  310. /** Look up the last request time to hidden service directory <b>hs_dir</b>
  311. * for descriptor ID <b>desc_id_base32</b>. If <b>set</b> is non-zero,
  312. * assign the current time <b>now</b> and return that. Otherwise, return
  313. * the most recent request time, or 0 if no such request has been sent
  314. * before. */
  315. static time_t
  316. lookup_last_hid_serv_request(routerstatus_t *hs_dir,
  317. const char *desc_id_base32, time_t now, int set)
  318. {
  319. char hsdir_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  320. char hsdir_desc_comb_id[2 * REND_DESC_ID_V2_LEN_BASE32 + 1];
  321. time_t *last_request_ptr;
  322. base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
  323. hs_dir->identity_digest, DIGEST_LEN);
  324. tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s",
  325. hsdir_id_base32, desc_id_base32);
  326. if (set) {
  327. time_t *oldptr;
  328. last_request_ptr = tor_malloc_zero(sizeof(time_t));
  329. *last_request_ptr = now;
  330. oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
  331. last_request_ptr);
  332. tor_free(oldptr);
  333. } else
  334. last_request_ptr = strmap_get_lc(last_hid_serv_requests,
  335. hsdir_desc_comb_id);
  336. return (last_request_ptr) ? *last_request_ptr : 0;
  337. }
  338. /** Clean the history of request times to hidden service directories, so that
  339. * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
  340. * seconds any more. */
  341. static void
  342. directory_clean_last_hid_serv_requests(void)
  343. {
  344. strmap_iter_t *iter;
  345. time_t cutoff = time(NULL) - REND_HID_SERV_DIR_REQUERY_PERIOD;
  346. if (!last_hid_serv_requests)
  347. last_hid_serv_requests = strmap_new();
  348. for (iter = strmap_iter_init(last_hid_serv_requests);
  349. !strmap_iter_done(iter); ) {
  350. const char *key;
  351. void *val;
  352. time_t *ent;
  353. strmap_iter_get(iter, &key, &val);
  354. ent = (time_t *) val;
  355. if (*ent < cutoff) {
  356. iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
  357. tor_free(ent);
  358. } else {
  359. iter = strmap_iter_next(last_hid_serv_requests, iter);
  360. }
  361. }
  362. }
  363. /** Determine the responsible hidden service directories for <b>desc_id</b>
  364. * and fetch the descriptor belonging to that ID from one of them. Only
  365. * send a request to hidden service directories that we did not try within
  366. * the last REND_HID_SERV_DIR_REQUERY_PERIOD seconds; on success, return 1,
  367. * in the case that no hidden service directory is left to ask for the
  368. * descriptor, return 0, and in case of a failure -1. <b>query</b> is only
  369. * passed for pretty log statements. */
  370. static int
  371. directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
  372. {
  373. smartlist_t *responsible_dirs = smartlist_create();
  374. routerstatus_t *hs_dir;
  375. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  376. time_t now = time(NULL);
  377. char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
  378. tor_assert(desc_id);
  379. tor_assert(rend_query);
  380. /* Determine responsible dirs. Even if we can't get all we want,
  381. * work with the ones we have. If it's empty, we'll notice below. */
  382. (int) hid_serv_get_responsible_directories(responsible_dirs, desc_id);
  383. base32_encode(desc_id_base32, sizeof(desc_id_base32),
  384. desc_id, DIGEST_LEN);
  385. /* Only select those hidden service directories to which we did not send
  386. * a request recently and for which we have a router descriptor here. */
  387. directory_clean_last_hid_serv_requests(); /* Clean request history first. */
  388. SMARTLIST_FOREACH(responsible_dirs, routerstatus_t *, dir, {
  389. if (lookup_last_hid_serv_request(dir, desc_id_base32, 0, 0) +
  390. REND_HID_SERV_DIR_REQUERY_PERIOD >= now ||
  391. !router_get_by_digest(dir->identity_digest))
  392. SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
  393. });
  394. hs_dir = smartlist_choose(responsible_dirs);
  395. smartlist_free(responsible_dirs);
  396. if (!hs_dir) {
  397. log_info(LD_REND, "Could not pick one of the responsible hidden "
  398. "service directories, because we requested them all "
  399. "recently without success.");
  400. return 0;
  401. }
  402. /* Remember, that we are requesting a descriptor from this hidden service
  403. * directory now. */
  404. lookup_last_hid_serv_request(hs_dir, desc_id_base32, now, 1);
  405. /* Encode descriptor cookie for logging purposes. */
  406. if (rend_query->auth_type != REND_NO_AUTH) {
  407. if (base64_encode(descriptor_cookie_base64,
  408. sizeof(descriptor_cookie_base64),
  409. rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN)<0) {
  410. log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
  411. return 0;
  412. }
  413. /* Remove == signs and newline. */
  414. descriptor_cookie_base64[strlen(descriptor_cookie_base64)-3] = '\0';
  415. } else {
  416. strlcpy(descriptor_cookie_base64, "(none)",
  417. sizeof(descriptor_cookie_base64));
  418. }
  419. /* Send fetch request. (Pass query and possibly descriptor cookie so that
  420. * they can be written to the directory connection and be referred to when
  421. * the response arrives. */
  422. directory_initiate_command_routerstatus_rend(hs_dir,
  423. DIR_PURPOSE_FETCH_RENDDESC_V2,
  424. ROUTER_PURPOSE_GENERAL,
  425. 1, desc_id_base32, NULL, 0, 0,
  426. rend_query);
  427. log_info(LD_REND, "Sending fetch request for v2 descriptor for "
  428. "service '%s' with descriptor ID '%s', auth type %d, "
  429. "and descriptor cookie '%s' to hidden service "
  430. "directory '%s' on port %d.",
  431. rend_query->onion_address, desc_id_base32,
  432. rend_query->auth_type,
  433. (rend_query->auth_type == REND_NO_AUTH ? "[none]" :
  434. escaped_safe_str(descriptor_cookie_base64)),
  435. hs_dir->nickname, hs_dir->dir_port);
  436. return 1;
  437. }
  438. /** If we are not currently fetching a rendezvous service descriptor
  439. * for the service ID <b>query</b>, start a directory connection to fetch a
  440. * new one.
  441. */
  442. void
  443. rend_client_refetch_renddesc(const char *query)
  444. {
  445. if (!get_options()->FetchHidServDescriptors)
  446. return;
  447. log_info(LD_REND, "Fetching rendezvous descriptor for service %s",
  448. escaped_safe_str(query));
  449. if (connection_get_by_type_state_rendquery(CONN_TYPE_DIR, 0, query, 0)) {
  450. log_info(LD_REND,"Would fetch a new renddesc here (for %s), but one is "
  451. "already in progress.", escaped_safe_str(query));
  452. } else {
  453. /* not one already; initiate a dir rend desc lookup */
  454. directory_get_from_dirserver(DIR_PURPOSE_FETCH_RENDDESC,
  455. ROUTER_PURPOSE_GENERAL, query,
  456. PDS_RETRY_IF_NO_SERVERS);
  457. }
  458. }
  459. /** Start a connection to a hidden service directory to fetch a v2
  460. * rendezvous service descriptor for the base32-encoded service ID
  461. * <b>query</b>.
  462. */
  463. void
  464. rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
  465. {
  466. char descriptor_id[DIGEST_LEN];
  467. int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
  468. int i, tries_left, r;
  469. rend_cache_entry_t *e = NULL;
  470. time_t now = time(NULL);
  471. tor_assert(rend_query);
  472. /* Are we configured to fetch descriptors? */
  473. if (!get_options()->FetchHidServDescriptors) {
  474. log_warn(LD_REND, "We received an onion address for a v2 rendezvous "
  475. "service descriptor, but are not fetching service descriptors.");
  476. return;
  477. }
  478. /* Before fetching, check if we already have the descriptor here. */
  479. r = rend_cache_lookup_entry(rend_query->onion_address, -1, &e);
  480. if (r > 0 && now - e->received < NUM_SECONDS_BEFORE_HS_REFETCH) {
  481. log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we "
  482. "already have a fresh copy of that descriptor here. "
  483. "Not fetching.");
  484. return;
  485. }
  486. log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",
  487. safe_str(rend_query->onion_address));
  488. /* Randomly iterate over the replicas until a descriptor can be fetched
  489. * from one of the consecutive nodes, or no options are left. */
  490. tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
  491. for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++)
  492. replicas_left_to_try[i] = i;
  493. while (tries_left > 0) {
  494. int rand = crypto_rand_int(tries_left);
  495. int chosen_replica = replicas_left_to_try[rand];
  496. replicas_left_to_try[rand] = replicas_left_to_try[--tries_left];
  497. if (rend_compute_v2_desc_id(descriptor_id, rend_query->onion_address,
  498. rend_query->auth_type == REND_STEALTH_AUTH ?
  499. rend_query->descriptor_cookie : NULL,
  500. time(NULL), chosen_replica) < 0) {
  501. log_warn(LD_REND, "Internal error: Computing v2 rendezvous "
  502. "descriptor ID did not succeed.");
  503. return;
  504. }
  505. if (directory_get_from_hs_dir(descriptor_id, rend_query) != 0)
  506. return; /* either success or failure, but we're done */
  507. }
  508. /* If we come here, there are no hidden service directories left. */
  509. log_info(LD_REND, "Could not pick one of the responsible hidden "
  510. "service directories to fetch descriptors, because "
  511. "we already tried them all unsuccessfully.");
  512. /* Close pending connections (unless a v0 request is still going on). */
  513. rend_client_desc_trynow(rend_query->onion_address, 2);
  514. return;
  515. }
  516. /** Remove failed_intro from ent. If ent now has no intro points, or
  517. * service is unrecognized, then launch a new renddesc fetch.
  518. *
  519. * Return -1 if error, 0 if no intro points remain or service
  520. * unrecognized, 1 if recognized and some intro points remain.
  521. */
  522. int
  523. rend_client_remove_intro_point(extend_info_t *failed_intro,
  524. const rend_data_t *rend_query)
  525. {
  526. int i, r;
  527. rend_cache_entry_t *ent;
  528. connection_t *conn;
  529. r = rend_cache_lookup_entry(rend_query->onion_address, -1, &ent);
  530. if (r<0) {
  531. log_warn(LD_BUG, "Malformed service ID %s.",
  532. escaped_safe_str(rend_query->onion_address));
  533. return -1;
  534. }
  535. if (r==0) {
  536. log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
  537. escaped_safe_str(rend_query->onion_address));
  538. /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
  539. * arrives first. Exception: When using client authorization, only
  540. * fetch v2 descriptors.*/
  541. rend_client_refetch_v2_renddesc(rend_query);
  542. if (rend_query->auth_type == REND_NO_AUTH)
  543. rend_client_refetch_renddesc(rend_query->onion_address);
  544. return 0;
  545. }
  546. for (i = 0; i < smartlist_len(ent->parsed->intro_nodes); i++) {
  547. rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i);
  548. if (!memcmp(failed_intro->identity_digest,
  549. intro->extend_info->identity_digest, DIGEST_LEN)) {
  550. rend_intro_point_free(intro);
  551. smartlist_del(ent->parsed->intro_nodes, i);
  552. break;
  553. }
  554. }
  555. if (smartlist_len(ent->parsed->intro_nodes) == 0) {
  556. log_info(LD_REND,
  557. "No more intro points remain for %s. Re-fetching descriptor.",
  558. escaped_safe_str(rend_query->onion_address));
  559. /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
  560. * arrives first. Exception: When using client authorization, only
  561. * fetch v2 descriptors.*/
  562. rend_client_refetch_v2_renddesc(rend_query);
  563. if (rend_query->auth_type == REND_NO_AUTH)
  564. rend_client_refetch_renddesc(rend_query->onion_address);
  565. /* move all pending streams back to renddesc_wait */
  566. while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
  567. AP_CONN_STATE_CIRCUIT_WAIT,
  568. rend_query->onion_address, -1))) {
  569. conn->state = AP_CONN_STATE_RENDDESC_WAIT;
  570. }
  571. return 0;
  572. }
  573. log_info(LD_REND,"%d options left for %s.",
  574. smartlist_len(ent->parsed->intro_nodes),
  575. escaped_safe_str(rend_query->onion_address));
  576. return 1;
  577. }
  578. /** Called when we receive a RENDEZVOUS_ESTABLISHED cell; changes the state of
  579. * the circuit to C_REND_READY.
  580. */
  581. int
  582. rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request,
  583. size_t request_len)
  584. {
  585. (void) request;
  586. (void) request_len;
  587. /* we just got an ack for our establish-rendezvous. switch purposes. */
  588. if (circ->_base.purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
  589. log_warn(LD_PROTOCOL,"Got a rendezvous ack when we weren't expecting one. "
  590. "Closing circ.");
  591. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  592. return -1;
  593. }
  594. log_info(LD_REND,"Got rendezvous ack. This circuit is now ready for "
  595. "rendezvous.");
  596. circ->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY;
  597. /* XXXX022 This is a pretty brute-force approach. It'd be better to
  598. * attach only the connections that are waiting on this circuit, rather
  599. * than trying to attach them all. See comments bug 743. */
  600. /* If we already have the introduction circuit built, make sure we send
  601. * the INTRODUCE cell _now_ */
  602. connection_ap_attach_pending();
  603. return 0;
  604. }
  605. /** Bob sent us a rendezvous cell; join the circuits. */
  606. int
  607. rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
  608. size_t request_len)
  609. {
  610. crypt_path_t *hop;
  611. char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
  612. if ((circ->_base.purpose != CIRCUIT_PURPOSE_C_REND_READY &&
  613. circ->_base.purpose != CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED)
  614. || !circ->build_state->pending_final_cpath) {
  615. log_warn(LD_PROTOCOL,"Got rendezvous2 cell from hidden service, but not "
  616. "expecting it. Closing.");
  617. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  618. return -1;
  619. }
  620. if (request_len != DH_KEY_LEN+DIGEST_LEN) {
  621. log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
  622. (int)request_len);
  623. goto err;
  624. }
  625. log_info(LD_REND,"Got RENDEZVOUS2 cell from hidden service.");
  626. /* first DH_KEY_LEN bytes are g^y from bob. Finish the dh handshake...*/
  627. tor_assert(circ->build_state);
  628. tor_assert(circ->build_state->pending_final_cpath);
  629. hop = circ->build_state->pending_final_cpath;
  630. tor_assert(hop->dh_handshake_state);
  631. if (crypto_dh_compute_secret(hop->dh_handshake_state, request, DH_KEY_LEN,
  632. keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
  633. log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
  634. goto err;
  635. }
  636. /* ... and set up cpath. */
  637. if (circuit_init_cpath_crypto(hop, keys+DIGEST_LEN, 0)<0)
  638. goto err;
  639. /* Check whether the digest is right... */
  640. if (memcmp(keys, request+DH_KEY_LEN, DIGEST_LEN)) {
  641. log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
  642. goto err;
  643. }
  644. crypto_dh_free(hop->dh_handshake_state);
  645. hop->dh_handshake_state = NULL;
  646. /* All is well. Extend the circuit. */
  647. circ->_base.purpose = CIRCUIT_PURPOSE_C_REND_JOINED;
  648. hop->state = CPATH_STATE_OPEN;
  649. /* set the windows to default. these are the windows
  650. * that alice thinks bob has.
  651. */
  652. hop->package_window = circuit_initial_package_window();
  653. hop->deliver_window = CIRCWINDOW_START;
  654. onion_append_to_cpath(&circ->cpath, hop);
  655. circ->build_state->pending_final_cpath = NULL; /* prevent double-free */
  656. /* XXXX022 This is a pretty brute-force approach. It'd be better to
  657. * attach only the connections that are waiting on this circuit, rather
  658. * than trying to attach them all. See comments bug 743. */
  659. connection_ap_attach_pending();
  660. return 0;
  661. err:
  662. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
  663. return -1;
  664. }
  665. /** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that
  666. * are waiting on query. If there's a working cache entry here
  667. * with at least one intro point, move them to the next state. If
  668. * <b>rend_version</b> is non-negative, fail connections that have
  669. * requested <b>query</b> unless there are still descriptor fetch
  670. * requests in progress for other descriptor versions than
  671. * <b>rend_version</b>.
  672. */
  673. void
  674. rend_client_desc_trynow(const char *query, int rend_version)
  675. {
  676. edge_connection_t *conn;
  677. rend_cache_entry_t *entry;
  678. time_t now = time(NULL);
  679. smartlist_t *conns = get_connection_array();
  680. SMARTLIST_FOREACH(conns, connection_t *, _conn,
  681. {
  682. if (_conn->type != CONN_TYPE_AP ||
  683. _conn->state != AP_CONN_STATE_RENDDESC_WAIT ||
  684. _conn->marked_for_close)
  685. continue;
  686. conn = TO_EDGE_CONN(_conn);
  687. if (!conn->rend_data)
  688. continue;
  689. if (rend_cmp_service_ids(query, conn->rend_data->onion_address))
  690. continue;
  691. assert_connection_ok(TO_CONN(conn), now);
  692. if (rend_cache_lookup_entry(conn->rend_data->onion_address, -1,
  693. &entry) == 1 &&
  694. smartlist_len(entry->parsed->intro_nodes) > 0) {
  695. /* either this fetch worked, or it failed but there was a
  696. * valid entry from before which we should reuse */
  697. log_info(LD_REND,"Rend desc is usable. Launching circuits.");
  698. conn->_base.state = AP_CONN_STATE_CIRCUIT_WAIT;
  699. /* restart their timeout values, so they get a fair shake at
  700. * connecting to the hidden service. */
  701. conn->_base.timestamp_created = now;
  702. conn->_base.timestamp_lastread = now;
  703. conn->_base.timestamp_lastwritten = now;
  704. if (connection_ap_handshake_attach_circuit(conn) < 0) {
  705. /* it will never work */
  706. log_warn(LD_REND,"Rendezvous attempt failed. Closing.");
  707. if (!conn->_base.marked_for_close)
  708. connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
  709. }
  710. } else { /* 404, or fetch didn't get that far */
  711. /* Unless there are requests for another descriptor version pending,
  712. * close the connection. */
  713. if (rend_version >= 0 &&
  714. !connection_get_by_type_state_rendquery(CONN_TYPE_DIR, 0, query,
  715. rend_version == 0 ? 2 : 0)) {
  716. log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
  717. "unavailable (try again later).", safe_str(query));
  718. connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
  719. }
  720. }
  721. });
  722. }
  723. /** Return a newly allocated extend_info_t* for a randomly chosen introduction
  724. * point for the named hidden service. Return NULL if all introduction points
  725. * have been tried and failed.
  726. */
  727. extend_info_t *
  728. rend_client_get_random_intro(const rend_data_t *rend_query)
  729. {
  730. int i;
  731. rend_cache_entry_t *entry;
  732. rend_intro_point_t *intro;
  733. routerinfo_t *router;
  734. if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) {
  735. log_warn(LD_REND,
  736. "Query '%s' didn't have valid rend desc in cache. Failing.",
  737. safe_str(rend_query->onion_address));
  738. return NULL;
  739. }
  740. again:
  741. if (smartlist_len(entry->parsed->intro_nodes) == 0)
  742. return NULL;
  743. i = crypto_rand_int(smartlist_len(entry->parsed->intro_nodes));
  744. intro = smartlist_get(entry->parsed->intro_nodes, i);
  745. /* Do we need to look up the router or is the extend info complete? */
  746. if (!intro->extend_info->onion_key) {
  747. router = router_get_by_nickname(intro->extend_info->nickname, 0);
  748. if (!router) {
  749. log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
  750. intro->extend_info->nickname);
  751. rend_intro_point_free(intro);
  752. smartlist_del(entry->parsed->intro_nodes, i);
  753. goto again;
  754. }
  755. extend_info_free(intro->extend_info);
  756. intro->extend_info = extend_info_from_router(router);
  757. }
  758. return extend_info_dup(intro->extend_info);
  759. }
  760. /** Client-side authorizations for hidden services; map of onion address to
  761. * rend_service_authorization_t*. */
  762. static strmap_t *auth_hid_servs = NULL;
  763. /** Look up the client-side authorization for the hidden service with
  764. * <b>onion_address</b>. Return NULL if no authorization is available for
  765. * that address. */
  766. rend_service_authorization_t*
  767. rend_client_lookup_service_authorization(const char *onion_address)
  768. {
  769. tor_assert(onion_address);
  770. if (!auth_hid_servs) return NULL;
  771. return strmap_get(auth_hid_servs, onion_address);
  772. }
  773. /** Helper: Free storage held by rend_service_authorization_t. */
  774. static void
  775. rend_service_authorization_free(rend_service_authorization_t *auth)
  776. {
  777. tor_free(auth);
  778. }
  779. /** Helper for strmap_free. */
  780. static void
  781. rend_service_authorization_strmap_item_free(void *service_auth)
  782. {
  783. rend_service_authorization_free(service_auth);
  784. }
  785. /** Release all the storage held in auth_hid_servs.
  786. */
  787. void
  788. rend_service_authorization_free_all(void)
  789. {
  790. if (!auth_hid_servs) {
  791. return;
  792. }
  793. strmap_free(auth_hid_servs, rend_service_authorization_strmap_item_free);
  794. auth_hid_servs = NULL;
  795. }
  796. /** Parse <b>config_line</b> as a client-side authorization for a hidden
  797. * service and add it to the local map of hidden service authorizations.
  798. * Return 0 for success and -1 for failure. */
  799. int
  800. rend_parse_service_authorization(or_options_t *options, int validate_only)
  801. {
  802. config_line_t *line;
  803. int res = -1;
  804. strmap_t *parsed = strmap_new();
  805. smartlist_t *sl = smartlist_create();
  806. rend_service_authorization_t *auth = NULL;
  807. for (line = options->HidServAuth; line; line = line->next) {
  808. char *onion_address, *descriptor_cookie;
  809. char descriptor_cookie_tmp[REND_DESC_COOKIE_LEN+2];
  810. char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_BASE64+2+1];
  811. int auth_type_val = 0;
  812. auth = NULL;
  813. SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
  814. smartlist_clear(sl);
  815. smartlist_split_string(sl, line->value, " ",
  816. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
  817. if (smartlist_len(sl) < 2) {
  818. log_warn(LD_CONFIG, "Configuration line does not consist of "
  819. "\"onion-address authorization-cookie [service-name]\": "
  820. "'%s'", line->value);
  821. goto err;
  822. }
  823. auth = tor_malloc_zero(sizeof(rend_service_authorization_t));
  824. /* Parse onion address. */
  825. onion_address = smartlist_get(sl, 0);
  826. if (strlen(onion_address) != REND_SERVICE_ADDRESS_LEN ||
  827. strcmpend(onion_address, ".onion")) {
  828. log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
  829. onion_address);
  830. goto err;
  831. }
  832. strlcpy(auth->onion_address, onion_address, REND_SERVICE_ID_LEN_BASE32+1);
  833. if (!rend_valid_service_id(auth->onion_address)) {
  834. log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
  835. onion_address);
  836. goto err;
  837. }
  838. /* Parse descriptor cookie. */
  839. descriptor_cookie = smartlist_get(sl, 1);
  840. if (strlen(descriptor_cookie) != REND_DESC_COOKIE_LEN_BASE64) {
  841. log_warn(LD_CONFIG, "Authorization cookie has wrong length: '%s'",
  842. descriptor_cookie);
  843. goto err;
  844. }
  845. /* Add trailing zero bytes (AA) to make base64-decoding happy. */
  846. tor_snprintf(descriptor_cookie_base64ext,
  847. REND_DESC_COOKIE_LEN_BASE64+2+1,
  848. "%sAA", descriptor_cookie);
  849. if (base64_decode(descriptor_cookie_tmp, sizeof(descriptor_cookie_tmp),
  850. descriptor_cookie_base64ext,
  851. strlen(descriptor_cookie_base64ext)) < 0) {
  852. log_warn(LD_CONFIG, "Decoding authorization cookie failed: '%s'",
  853. descriptor_cookie);
  854. goto err;
  855. }
  856. auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1;
  857. if (auth_type_val < 1 || auth_type_val > 2) {
  858. log_warn(LD_CONFIG, "Authorization cookie has unknown authorization "
  859. "type encoded.");
  860. goto err;
  861. }
  862. auth->auth_type = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH;
  863. memcpy(auth->descriptor_cookie, descriptor_cookie_tmp,
  864. REND_DESC_COOKIE_LEN);
  865. if (strmap_get(parsed, auth->onion_address)) {
  866. log_warn(LD_CONFIG, "Duplicate authorization for the same hidden "
  867. "service.");
  868. goto err;
  869. }
  870. strmap_set(parsed, auth->onion_address, auth);
  871. auth = NULL;
  872. }
  873. res = 0;
  874. goto done;
  875. err:
  876. res = -1;
  877. done:
  878. if (auth)
  879. rend_service_authorization_free(auth);
  880. SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
  881. smartlist_free(sl);
  882. if (!validate_only && res == 0) {
  883. rend_service_authorization_free_all();
  884. auth_hid_servs = parsed;
  885. } else {
  886. strmap_free(parsed, rend_service_authorization_strmap_item_free);
  887. }
  888. return res;
  889. }