diff --git a/src/app/config/config.c b/src/app/config/config.c
index dec4890e70..abb408767c 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -103,8 +103,6 @@
#include "feature/relay/routermode.h"
#include "feature/relay/relay_config.h"
#include "feature/relay/transport_config.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendservice.h"
#include "lib/geoip/geoip.h"
#include "feature/stats/geoip_stats.h"
#include "lib/compress/compress.h"
@@ -2089,7 +2087,7 @@ options_act,(const or_options_t *old_options))
return -1;
}
- if (rend_non_anonymous_mode_enabled(options)) {
+ if (hs_service_non_anonymous_mode_enabled(options)) {
log_warn(LD_GENERAL, "This copy of Tor was compiled or configured to run "
"in a non-anonymous mode. It will provide NO ANONYMITY.");
}
@@ -3199,7 +3197,7 @@ options_validate_single_onion(or_options_t *options, char **msg)
}
/* Now that we've checked that the two options are consistent, we can safely
- * call the rend_service_* functions that abstract these options. */
+ * call the hs_service_* functions that abstract these options. */
/* If you run an anonymous client with an active Single Onion service, the
* client loses anonymity. */
@@ -3208,13 +3206,13 @@ options_validate_single_onion(or_options_t *options, char **msg)
options->NATDPort_set ||
options->DNSPort_set ||
options->HTTPTunnelPort_set);
- if (rend_service_non_anonymous_mode_enabled(options) && client_port_set) {
+ if (hs_service_non_anonymous_mode_enabled(options) && client_port_set) {
REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as "
"an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
"revert HiddenServiceNonAnonymousMode to 0.");
}
- if (rend_service_allow_non_anonymous_connection(options)
+ if (hs_service_allow_non_anonymous_connection(options)
&& options->UseEntryGuards) {
/* Single Onion services only use entry guards when uploading descriptors;
* all other connections are one-hop. Further, Single Onions causes the
@@ -3564,7 +3562,7 @@ options_validate_cb(const void *old_options_, void *options_, char **msg)
if (!(options->UseEntryGuards) &&
(options->RendConfigLines != NULL) &&
- !rend_service_allow_non_anonymous_connection(options)) {
+ !hs_service_allow_non_anonymous_connection(options)) {
log_warn(LD_CONFIG,
"UseEntryGuards is disabled, but you have configured one or more "
"hidden services on this Tor instance. Your hidden services "
@@ -3607,7 +3605,7 @@ options_validate_cb(const void *old_options_, void *options_, char **msg)
}
/* Single Onion Services: non-anonymous hidden services */
- if (rend_service_non_anonymous_mode_enabled(options)) {
+ if (hs_service_non_anonymous_mode_enabled(options)) {
log_warn(LD_CONFIG,
"HiddenServiceNonAnonymousMode is set. Every hidden service on "
"this tor instance is NON-ANONYMOUS. If "
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index f9c6dae2b6..90302eae7b 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -336,7 +336,7 @@ struct or_options_t {
/* Makes hidden service clients and servers non-anonymous on this tor
* instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
* non-anonymous behaviour in the hidden service protocol.
- * Use rend_service_non_anonymous_mode_enabled() instead of using this option
+ * Use hs_service_non_anonymous_mode_enabled() instead of using this option
* directly.
*/
int HiddenServiceNonAnonymousMode;
diff --git a/src/app/main/main.c b/src/app/main/main.c
index e7ffb31b4f..902ff66f6d 100644
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -44,6 +44,7 @@
#include "feature/dirparse/routerparse.h"
#include "feature/hibernate/hibernate.h"
#include "feature/hs/hs_dos.h"
+#include "feature/hs/hs_service.h"
#include "feature/nodelist/authcert.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/routerlist.h"
@@ -51,8 +52,6 @@
#include "feature/relay/ext_orport.h"
#include "feature/relay/routerkeys.h"
#include "feature/relay/routermode.h"
-#include "feature/rend/rendcache.h"
-#include "feature/rend/rendservice.h"
#include "feature/stats/predict_ports.h"
#include "feature/stats/bwhist.h"
#include "feature/stats/rephist.h"
@@ -427,7 +426,6 @@ dumpstats(int severity)
dumpmemusage(severity);
rep_hist_dump_stats(now,severity);
- rend_service_dump_stats(severity);
hs_service_dump_stats(severity);
}
@@ -553,7 +551,6 @@ tor_init(int argc, char *argv[])
rep_hist_init();
bwhist_init();
/* Initialize the service cache. */
- rend_cache_init();
addressmap_init(); /* Init the client dns cache. Do it always, since it's
* cheap. */
diff --git a/src/app/main/shutdown.c b/src/app/main/shutdown.c
index fe80a92991..921f84143f 100644
--- a/src/app/main/shutdown.c
+++ b/src/app/main/shutdown.c
@@ -45,7 +45,6 @@
#include "feature/nodelist/routerlist.h"
#include "feature/relay/ext_orport.h"
#include "feature/relay/relay_config.h"
-#include "feature/rend/rendcache.h"
#include "feature/stats/bwhist.h"
#include "feature/stats/geoip_stats.h"
#include "feature/stats/rephist.h"
@@ -118,7 +117,6 @@ tor_free_all(int postfork)
networkstatus_free_all();
addressmap_free_all();
dirserv_free_all();
- rend_cache_free_all();
rep_hist_free_all();
bwhist_free_all();
circuit_free_all();
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
index 376994f1c1..9bf9f32eaa 100644
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -897,7 +897,6 @@ connection_free_minimal(connection_t *conn)
}
}
if (CONN_IS_EDGE(conn)) {
- rend_data_free(TO_EDGE_CONN(conn)->rend_data);
hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
}
if (conn->type == CONN_TYPE_CONTROL) {
@@ -926,7 +925,6 @@ connection_free_minimal(connection_t *conn)
tor_compress_free(dir_conn->compress_state);
dir_conn_clear_spool(dir_conn);
- rend_data_free(dir_conn->rend_data);
hs_ident_dir_conn_free(dir_conn->hs_ident);
if (dir_conn->guard_state) {
/* Cancel before freeing, if it's still there. */
@@ -4804,34 +4802,6 @@ connection_get_by_type_nonlinked,(int type))
CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
}
-/** Return a connection of type type that has rendquery equal
- * to rendquery, and that is not marked for close. If state
- * is non-zero, conn must be of that state too.
- */
-connection_t *
-connection_get_by_type_state_rendquery(int type, int state,
- const char *rendquery)
-{
- tor_assert(type == CONN_TYPE_DIR ||
- type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
- tor_assert(rendquery);
-
- CONN_GET_TEMPLATE(conn,
- (conn->type == type &&
- (!state || state == conn->state)) &&
- (
- (type == CONN_TYPE_DIR &&
- TO_DIR_CONN(conn)->rend_data &&
- !rend_cmp_service_ids(rendquery,
- rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
- ||
- (CONN_IS_EDGE(conn) &&
- TO_EDGE_CONN(conn)->rend_data &&
- !rend_cmp_service_ids(rendquery,
- rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
- ));
-}
-
/** Return a new smartlist of dir_connection_t * from get_connection_array()
* that satisfy conn_test on connection_t *conn_var, and dirconn_test on
* dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c
index f30545eef0..ba87e62af7 100644
--- a/src/core/mainloop/mainloop.c
+++ b/src/core/mainloop/mainloop.c
@@ -91,8 +91,6 @@
#include "feature/relay/routerkeys.h"
#include "feature/relay/routermode.h"
#include "feature/relay/selftest.h"
-#include "feature/rend/rendcache.h"
-#include "feature/rend/rendservice.h"
#include "feature/stats/geoip_stats.h"
#include "feature/stats/predict_ports.h"
#include "feature/stats/connstats.h"
@@ -1468,8 +1466,7 @@ get_my_roles(const or_options_t *options)
int is_relay = server_mode(options);
int is_dirauth = authdir_mode_v3(options);
int is_bridgeauth = authdir_mode_bridge(options);
- int is_hidden_service = !!hs_service_get_num_services() ||
- !!rend_num_services();
+ int is_hidden_service = !!hs_service_get_num_services();
int is_dirserver = dir_server_mode(options);
int sending_control_events = control_any_per_second_event_enabled();
@@ -1826,7 +1823,7 @@ check_network_participation_callback(time_t now, const or_options_t *options)
/* If we're running an onion service, we can't become dormant. */
/* XXXX this would be nice to change, so that we can be dormant with a
* service. */
- if (hs_service_get_num_services() || rend_num_services()) {
+ if (hs_service_get_num_services()) {
goto found_activity;
}
@@ -2013,7 +2010,6 @@ clean_caches_callback(time_t now, const or_options_t *options)
{
/* Remove old information from rephist and the rend cache. */
rep_history_clean(now - options->RephistTrackTime);
- rend_cache_clean(now, REND_CACHE_TYPE_SERVICE);
hs_cache_clean_as_client(now);
hs_cache_clean_as_dir(now);
microdesc_cache_rebuild(NULL, 0);
@@ -2032,7 +2028,6 @@ rend_cache_failure_clean_callback(time_t now, const or_options_t *options)
/* We don't keep entries that are more than five minutes old so we try to
* clean it as soon as we can since we want to make sure the client waits
* as little as possible for reachability reasons. */
- rend_cache_failure_clean(now);
hs_cache_client_intro_state_clean(now);
return 30;
}
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index 26c93d169f..c0c5f5e1d1 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -71,12 +71,12 @@
#include "core/or/relay.h"
#include "core/or/scheduler.h"
#include "feature/client/entrynodes.h"
+#include "feature/hs/hs_service.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerlist.h"
#include "feature/relay/router.h"
-#include "feature/rend/rendservice.h"
#include "feature/stats/geoip_stats.h"
#include "feature/stats/rephist.h"
#include "lib/evloop/timers.h"
@@ -1897,7 +1897,7 @@ channel_do_open_actions(channel_t *chan)
if (!get_options()->ConnectionPadding) {
/* Disable if torrc disabled */
channelpadding_disable_padding_on_channel(chan);
- } else if (rend_service_allow_non_anonymous_connection(get_options()) &&
+ } else if (hs_service_allow_non_anonymous_connection(get_options()) &&
!networkstatus_get_param(NULL,
CHANNELPADDING_SOS_PARAM,
CHANNELPADDING_SOS_DEFAULT, 0, 1)) {
diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c
index d0c43e8bdc..441545b98b 100644
--- a/src/core/or/channelpadding.c
+++ b/src/core/or/channelpadding.c
@@ -27,8 +27,8 @@
#include "feature/relay/router.h"
#include "feature/relay/routermode.h"
#include "lib/time/compat_time.h"
-#include "feature/rend/rendservice.h"
#include "lib/evloop/timers.h"
+#include "feature/hs/hs_service.h"
#include "core/or/cell_st.h"
#include "core/or/or_connection_st.h"
@@ -744,7 +744,7 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
return CHANNELPADDING_WONTPAD;
}
- if (rend_service_allow_non_anonymous_connection(options) &&
+ if (hs_service_allow_non_anonymous_connection(options) &&
!consensus_nf_pad_single_onion) {
/* If the consensus just changed values, this channel may still
* think padding is enabled. Negotiate it off. */
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index c0c918abe4..03af7e3e82 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -69,7 +69,6 @@
#include "feature/relay/router.h"
#include "feature/relay/routermode.h"
#include "feature/relay/selftest.h"
-#include "feature/rend/rendcommon.h"
#include "feature/stats/predict_ports.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/trace/events.h"
@@ -1331,16 +1330,13 @@ circuit_truncated(origin_circuit_t *circ, int reason)
* CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
*
* - A hidden service connecting to a rendezvous point, which the
- * client picked (CIRCUIT_PURPOSE_S_CONNECT_REND, via
- * rend_service_receive_introduction() and
- * rend_service_relaunch_rendezvous)
+ * client picked (CIRCUIT_PURPOSE_S_CONNECT_REND.
*
* There are currently two situations where we picked the exit node
* ourselves, making DEFAULT_ROUTE_LEN a safe circuit length:
*
* - We are a hidden service connecting to an introduction point
- * (CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, via
- * rend_service_launch_establish_intro())
+ * (CIRCUIT_PURPOSE_S_ESTABLISH_INTRO).
*
* - We are a router testing its own reachabiity
* (CIRCUIT_PURPOSE_TESTING, via router_do_reachability_checks())
@@ -2030,7 +2026,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei,
if (state->onehop_tunnel) {
log_debug(LD_CIRC, "Launching a one-hop circuit for dir tunnel%s.",
- (rend_allow_non_anonymous_connection(get_options()) ?
+ (hs_service_allow_non_anonymous_connection(get_options()) ?
", or intro or rendezvous connection" : ""));
state->desired_path_len = 1;
} else {
diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c
index f6d9fcf534..19e1902560 100644
--- a/src/core/or/circuitlist.c
+++ b/src/core/or/circuitlist.c
@@ -43,7 +43,6 @@
* For hidden services, we need to be able to look up introduction point
* circuits and rendezvous circuits by cookie, key, etc. These are
* currently handled with linear searches in
- * circuit_get_ready_rend_circuit_by_rend_data(),
* circuit_get_next_by_pk_and_purpose(), and with hash lookups in
* circuit_get_rendezvous() and circuit_get_intro_point().
*
@@ -77,6 +76,7 @@
#include "feature/dircommon/directory.h"
#include "feature/client/entrynodes.h"
#include "core/mainloop/mainloop.h"
+#include "feature/hs/hs_cache.h"
#include "feature/hs/hs_circuit.h"
#include "feature/hs/hs_circuitmap.h"
#include "feature/hs/hs_ident.h"
@@ -88,7 +88,6 @@
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "core/crypto/relay_crypto.h"
-#include "feature/rend/rendcache.h"
#include "feature/rend/rendcommon.h"
#include "feature/stats/predict_ports.h"
#include "feature/stats/bwhist.h"
@@ -135,7 +134,6 @@ static smartlist_t *circuits_pending_other_guards = NULL;
* circuit_mark_for_close and which are waiting for circuit_about_to_free. */
static smartlist_t *circuits_pending_close = NULL;
-static void cpath_ref_decref(crypt_path_reference_t *cpath_ref);
static void circuit_about_to_free_atexit(circuit_t *circ);
static void circuit_about_to_free(circuit_t *circ);
@@ -1163,8 +1161,6 @@ circuit_free_(circuit_t *circ)
if (ocirc->build_state) {
extend_info_free(ocirc->build_state->chosen_exit);
- cpath_free(ocirc->build_state->pending_final_cpath);
- cpath_ref_decref(ocirc->build_state->service_pending_final_cpath_ref);
}
tor_free(ocirc->build_state);
@@ -1177,7 +1173,6 @@ circuit_free_(circuit_t *circ)
circuit_clear_cpath(ocirc);
crypto_pk_free(ocirc->intro_key);
- rend_data_free(ocirc->rend_data);
/* Finally, free the identifier of the circuit and nullify it so multiple
* cleanup will work. */
@@ -1354,18 +1349,6 @@ circuit_free_all(void)
HT_CLEAR(chan_circid_map, &chan_circid_map);
}
-/** Release a crypt_path_reference_t*, which may be NULL. */
-static void
-cpath_ref_decref(crypt_path_reference_t *cpath_ref)
-{
- if (cpath_ref != NULL) {
- if (--(cpath_ref->refcount) == 0) {
- cpath_free(cpath_ref->cpath);
- tor_free(cpath_ref);
- }
- }
-}
-
/** A helper function for circuit_dump_by_conn() below. Log a bunch
* of information about circuit circ.
*/
@@ -1684,37 +1667,6 @@ circuit_unlink_all_from_channel(channel_t *chan, int reason)
smartlist_free(detached);
}
-/** Return a circ such that
- * - circ-\>rend_data-\>onion_address is equal to
- * rend_data-\>onion_address,
- * - circ-\>rend_data-\>rend_cookie is equal to
- * rend_data-\>rend_cookie, and
- * - circ-\>purpose is equal to CIRCUIT_PURPOSE_C_REND_READY.
- *
- * Return NULL if no such circuit exists.
- */
-origin_circuit_t *
-circuit_get_ready_rend_circ_by_rend_data(const rend_data_t *rend_data)
-{
- SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
- if (!circ->marked_for_close &&
- circ->purpose == CIRCUIT_PURPOSE_C_REND_READY) {
- origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
- if (ocirc->rend_data == NULL) {
- continue;
- }
- if (!rend_cmp_service_ids(rend_data_get_address(rend_data),
- rend_data_get_address(ocirc->rend_data)) &&
- tor_memeq(ocirc->rend_data->rend_cookie,
- rend_data->rend_cookie,
- REND_COOKIE_LEN))
- return ocirc;
- }
- }
- SMARTLIST_FOREACH_END(circ);
- return NULL;
-}
-
/** Return the first introduction circuit originating from the global circuit
* list after start or at the start of the list if start is
* NULL. Return NULL if no circuit is found.
@@ -1811,14 +1763,10 @@ circuit_get_next_service_rp_circ(origin_circuit_t *start)
}
/** Return the first circuit originating here in global_circuitlist after
- * start whose purpose is purpose, and where digest (if
- * set) matches the private key digest of the rend data associated with the
- * circuit. Return NULL if no circuit is found. If start is NULL,
- * begin at the start of the list.
- */
+ * start whose purpose is purpose. Return NULL if no circuit is
+ * found. If start is NULL, begin at the start of the list. */
origin_circuit_t *
-circuit_get_next_by_pk_and_purpose(origin_circuit_t *start,
- const uint8_t *digest, uint8_t purpose)
+circuit_get_next_by_purpose(origin_circuit_t *start, uint8_t purpose)
{
int idx;
smartlist_t *lst = circuit_get_global_list();
@@ -1830,7 +1778,6 @@ circuit_get_next_by_pk_and_purpose(origin_circuit_t *start,
for ( ; idx < smartlist_len(lst); ++idx) {
circuit_t *circ = smartlist_get(lst, idx);
- origin_circuit_t *ocirc;
if (circ->marked_for_close)
continue;
@@ -1841,12 +1788,7 @@ circuit_get_next_by_pk_and_purpose(origin_circuit_t *start,
if (BUG(!CIRCUIT_PURPOSE_IS_ORIGIN(circ->purpose))) {
break;
}
- ocirc = TO_ORIGIN_CIRCUIT(circ);
- if (!digest)
- return ocirc;
- if (rend_circuit_pk_digest_eq(ocirc, digest)) {
- return ocirc;
- }
+ return TO_ORIGIN_CIRCUIT(circ);
}
return NULL;
}
@@ -2670,7 +2612,7 @@ circuits_handle_oom(size_t current_allocation)
tor_zlib_get_total_allocation(),
tor_zstd_get_total_allocation(),
tor_lzma_get_total_allocation(),
- rend_cache_get_total_allocation());
+ hs_cache_get_total_allocation());
{
size_t mem_target = (size_t)(get_options()->MaxMemInQueues *
diff --git a/src/core/or/circuitlist.h b/src/core/or/circuitlist.h
index 3178e6cd0d..b600f9646a 100644
--- a/src/core/or/circuitlist.h
+++ b/src/core/or/circuitlist.h
@@ -60,9 +60,7 @@
* to becoming open, or they are open and have sent the
* establish_rendezvous cell but haven't received an ack.
* circuits that are c_rend_ready are open and have received a
- * rend ack, but haven't heard from the service yet. if they have a
- * buildstate->pending_final_cpath then they're expecting a
- * cell from the service, else they're not.
+ * rend ack, but haven't heard from the service yet.
* circuits that are c_rend_ready_intro_acked are open, and
* some intro circ has sent its intro and received an ack.
* circuits that are c_rend_joined are open, have heard from
@@ -206,10 +204,8 @@ int circuit_id_in_use_on_channel(circid_t circ_id, channel_t *chan);
circuit_t *circuit_get_by_edge_conn(edge_connection_t *conn);
void circuit_unlink_all_from_channel(channel_t *chan, int reason);
origin_circuit_t *circuit_get_by_global_id(uint32_t id);
-origin_circuit_t *circuit_get_ready_rend_circ_by_rend_data(
- const rend_data_t *rend_data);
-origin_circuit_t *circuit_get_next_by_pk_and_purpose(origin_circuit_t *start,
- const uint8_t *digest, uint8_t purpose);
+origin_circuit_t *circuit_get_next_by_purpose(origin_circuit_t *start,
+ uint8_t purpose);
origin_circuit_t *circuit_get_next_intro_circ(const origin_circuit_t *start,
bool want_client_circ);
origin_circuit_t *circuit_get_next_service_rp_circ(origin_circuit_t *start);
diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c
index 7f3b5007b3..d6729eb11f 100644
--- a/src/core/or/circuitstats.c
+++ b/src/core/or/circuitstats.c
@@ -34,7 +34,6 @@
#include "lib/crypt_ops/crypto_rand.h"
#include "core/mainloop/mainloop.h"
#include "feature/nodelist/networkstatus.h"
-#include "feature/rend/rendservice.h"
#include "feature/relay/router.h"
#include "app/config/statefile.h"
#include "core/or/circuitlist.h"
@@ -43,6 +42,7 @@
#include "lib/time/tvdiff.h"
#include "lib/encoding/confline.h"
#include "feature/dirauth/authmode.h"
+#include "feature/hs/hs_service.h"
#include "feature/relay/relay_periodic.h"
#include "core/or/crypt_path_st.h"
@@ -145,8 +145,8 @@ circuit_build_times_disabled_(const or_options_t *options,
*
* If we fix both of these issues someday, we should test
* these modes with LearnCircuitBuildTimeout on again. */
- int single_onion_disabled = rend_service_allow_non_anonymous_connection(
- options);
+ int single_onion_disabled = hs_service_allow_non_anonymous_connection(
+ options);
if (consensus_disabled || config_disabled || dirauth_disabled ||
state_disabled || single_onion_disabled) {
diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c
index 26c4711a5b..b00d24407a 100644
--- a/src/core/or/circuituse.c
+++ b/src/core/or/circuituse.c
@@ -58,8 +58,6 @@
#include "feature/nodelist/routerlist.h"
#include "feature/relay/routermode.h"
#include "feature/relay/selftest.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendservice.h"
#include "feature/stats/predict_ports.h"
#include "lib/math/fp.h"
#include "lib/time/tvdiff.h"
@@ -83,16 +81,6 @@ static int
circuit_matches_with_rend_stream(const edge_connection_t *edge_conn,
const origin_circuit_t *origin_circ)
{
- /* Check if this is a v2 rendezvous circ/stream */
- if ((edge_conn->rend_data && !origin_circ->rend_data) ||
- (!edge_conn->rend_data && origin_circ->rend_data) ||
- (edge_conn->rend_data && origin_circ->rend_data &&
- rend_cmp_service_ids(rend_data_get_address(edge_conn->rend_data),
- rend_data_get_address(origin_circ->rend_data)))) {
- /* this circ is not for this conn */
- return 0;
- }
-
/* Check if this is a v3 rendezvous circ/stream */
if ((edge_conn->hs_ident && !origin_circ->hs_ident) ||
(!edge_conn->hs_ident && origin_circ->hs_ident) ||
@@ -688,8 +676,7 @@ circuit_expire_building(void)
/* c_rend_ready circs measure age since timestamp_dirty,
* because that's set when they switch purposes
*/
- if (TO_ORIGIN_CIRCUIT(victim)->rend_data ||
- TO_ORIGIN_CIRCUIT(victim)->hs_ident ||
+ if (TO_ORIGIN_CIRCUIT(victim)->hs_ident ||
victim->timestamp_dirty > cutoff.tv_sec)
continue;
break;
@@ -896,7 +883,7 @@ circuit_log_ancient_one_hop_circuits(int age)
continue;
/* Single Onion Services deliberately make long term one-hop intro
* and rendezvous connections. Don't log the established ones. */
- if (rend_service_allow_non_anonymous_connection(options) &&
+ if (hs_service_allow_non_anonymous_connection(options) &&
(circ->purpose == CIRCUIT_PURPOSE_S_INTRO ||
circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED))
continue;
@@ -1141,7 +1128,7 @@ needs_exit_circuits(time_t now, int *needs_uptime, int *needs_capacity)
STATIC int
needs_hs_server_circuits(time_t now, int num_uptime_internal)
{
- if (!rend_num_services() && !hs_service_get_num_services()) {
+ if (!hs_service_get_num_services()) {
/* No services, we don't need anything. */
goto no_need;
}
@@ -2013,14 +2000,6 @@ circuit_purpose_is_hs_vanguards(const uint8_t purpose)
return (purpose == CIRCUIT_PURPOSE_HS_VANGUARDS);
}
-/** Return true iff the given circuit is an HS v2 circuit. */
-bool
-circuit_is_hs_v2(const circuit_t *circ)
-{
- return (CIRCUIT_IS_ORIGIN(circ) &&
- (CONST_TO_ORIGIN_CIRCUIT(circ)->rend_data != NULL));
-}
-
/** Return true iff the given circuit is an HS v3 circuit. */
bool
circuit_is_hs_v3(const circuit_t *circ)
@@ -2451,11 +2430,8 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
connection_ap_mark_as_waiting_for_renddesc(conn);
return 0;
}
- log_info(LD_REND,"Chose %s as intro point for '%s'.",
- extend_info_describe(extend_info),
- (edge_conn->rend_data) ?
- safe_str_client(rend_data_get_address(edge_conn->rend_data)) :
- "service");
+ log_info(LD_REND,"Chose %s as intro point for service",
+ extend_info_describe(extend_info));
}
/* If we have specified a particular exit node for our
@@ -2579,10 +2555,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
rep_hist_note_used_internal(time(NULL), need_uptime, 1);
if (circ) {
const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
- if (edge_conn->rend_data) {
- /* write the service_id into circ */
- circ->rend_data = rend_data_dup(edge_conn->rend_data);
- } else if (edge_conn->hs_ident) {
+ if (edge_conn->hs_ident) {
circ->hs_ident =
hs_ident_circuit_new(&edge_conn->hs_ident->identity_pk);
}
@@ -2829,13 +2802,9 @@ connection_ap_get_nonrend_circ_purpose(const entry_connection_t *conn)
if (base_conn->linked_conn &&
base_conn->linked_conn->type == CONN_TYPE_DIR) {
/* Set a custom purpose for hsdir activity */
- if (base_conn->linked_conn->purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2 ||
- base_conn->linked_conn->purpose == DIR_PURPOSE_UPLOAD_HSDESC) {
+ if (base_conn->linked_conn->purpose == DIR_PURPOSE_UPLOAD_HSDESC) {
return CIRCUIT_PURPOSE_S_HSDIR_POST;
- } else if (base_conn->linked_conn->purpose
- == DIR_PURPOSE_FETCH_RENDDESC_V2 ||
- base_conn->linked_conn->purpose
- == DIR_PURPOSE_FETCH_HSDESC) {
+ } else if (base_conn->linked_conn->purpose == DIR_PURPOSE_FETCH_HSDESC) {
return CIRCUIT_PURPOSE_C_HSDIR_GET;
}
}
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index 37cc24672e..b407fd4b1b 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -97,7 +97,6 @@
#include "feature/relay/router.h"
#include "feature/relay/routermode.h"
#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendservice.h"
#include "feature/stats/predict_ports.h"
#include "feature/stats/rephist.h"
#include "lib/buf/buffers.h"
@@ -3823,13 +3822,7 @@ handle_hs_exit_conn(circuit_t *circ, edge_connection_t *conn)
conn->base_.address = tor_strdup("(rendezvous)");
conn->base_.state = EXIT_CONN_STATE_CONNECTING;
- /* The circuit either has an hs identifier for v3+ or a rend_data for legacy
- * service. */
- if (origin_circ->rend_data) {
- conn->rend_data = rend_data_dup(origin_circ->rend_data);
- tor_assert(connection_edge_is_rendezvous_stream(conn));
- ret = rend_service_set_connection_addr_port(conn, origin_circ);
- } else if (origin_circ->hs_ident) {
+ if (origin_circ->hs_ident) {
/* Setup the identifier to be the one for the circuit service. */
conn->hs_ident =
hs_ident_edge_conn_new(&origin_circ->hs_ident->identity_pk);
@@ -4392,10 +4385,8 @@ int
connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
{
tor_assert(conn);
- /* It should not be possible to set both of these structs */
- tor_assert_nonfatal(!(conn->rend_data && conn->hs_ident));
- if (conn->rend_data || conn->hs_ident) {
+ if (conn->hs_ident) {
return 1;
}
return 0;
diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c
index 40c4441de6..fdae8ea19c 100644
--- a/src/core/or/connection_or.c
+++ b/src/core/or/connection_or.c
@@ -66,6 +66,7 @@
#include "feature/nodelist/torcert.h"
#include "core/or/channelpadding.h"
#include "feature/dirauth/authmode.h"
+#include "feature/hs/hs_service.h"
#include "core/or/cell_st.h"
#include "core/or/cell_queue_st.h"
@@ -1979,7 +1980,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
conn->identity_digest);
const int is_authority_fingerprint = router_digest_is_trusted_dir(
conn->identity_digest);
- const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options);
+ const int non_anonymous_mode =
+ hs_service_non_anonymous_mode_enabled(options);
int severity;
const char *extra_log = "";
diff --git a/src/core/or/cpath_build_state_st.h b/src/core/or/cpath_build_state_st.h
index eb8e97edc5..e31af4c8ed 100644
--- a/src/core/or/cpath_build_state_st.h
+++ b/src/core/or/cpath_build_state_st.h
@@ -30,11 +30,6 @@ struct cpath_build_state_t {
* These are for encrypted dir conns that exit to this router, not
* for arbitrary exits from the circuit. */
unsigned int onehop_tunnel : 1;
- /** The crypt_path_t to append after rendezvous: used for rendezvous. */
- crypt_path_t *pending_final_cpath;
- /** A ref-counted reference to the crypt_path_t to append after
- * rendezvous; used on the service side. */
- crypt_path_reference_t *service_pending_final_cpath_ref;
/** How many times has building a circuit for this task failed? */
int failure_count;
/** At what time should we give up on this task? */
diff --git a/src/core/or/edge_connection_st.h b/src/core/or/edge_connection_st.h
index 9b2f031b9d..e850c40755 100644
--- a/src/core/or/edge_connection_st.h
+++ b/src/core/or/edge_connection_st.h
@@ -33,9 +33,6 @@ struct edge_connection_t {
/** A pointer to which node in the circ this conn exits at. Set for AP
* connections and for hidden service exit connections. */
struct crypt_path_t *cpath_layer;
- /** What rendezvous service are we querying for (if an AP) or providing (if
- * an exit)? */
- rend_data_t *rend_data;
/* Hidden service connection identifier for edge connections. Used by the HS
* client-side code to identify client SOCKS connections and by the
diff --git a/src/core/or/or.h b/src/core/or/or.h
index 182ebc48eb..5bade00128 100644
--- a/src/core/or/or.h
+++ b/src/core/or/or.h
@@ -415,60 +415,6 @@ typedef struct rend_service_authorization_t {
rend_auth_type_t auth_type;
} rend_service_authorization_t;
-/** Client- and server-side data that is used for hidden service connection
- * establishment. Not all fields contain data depending on where this struct
- * is used. */
-typedef struct rend_data_t {
- /* Hidden service protocol version of this base object. */
- uint32_t version;
-
- /** List of HSDir fingerprints on which this request has been sent to. This
- * contains binary identity digest of the directory of size DIGEST_LEN. */
- smartlist_t *hsdirs_fp;
-
- /** Rendezvous cookie used by both, client and service. */
- char rend_cookie[REND_COOKIE_LEN];
-
- /** Number of streams associated with this rendezvous circuit. */
- int nr_streams;
-} rend_data_t;
-
-typedef struct rend_data_v2_t {
- /* Rendezvous base data. */
- rend_data_t base_;
-
- /** Onion address (without the .onion part) that a client requests. */
- char onion_address[REND_SERVICE_ID_LEN_BASE32+1];
-
- /** Descriptor ID for each replicas computed from the onion address. If
- * the onion address is empty, this array MUST be empty. We keep them so
- * we know when to purge our entry in the last hsdir request table. */
- char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN];
-
- /** (Optional) descriptor cookie that is used by a client. */
- char descriptor_cookie[REND_DESC_COOKIE_LEN];
-
- /** Authorization type for accessing a service used by a client. */
- rend_auth_type_t auth_type;
-
- /** Descriptor ID for a client request. The control port command HSFETCH
- * uses this. It's set if the descriptor query should only use this
- * descriptor ID. */
- char desc_id_fetch[DIGEST_LEN];
-
- /** Hash of the hidden service's PK used by a service. */
- char rend_pk_digest[DIGEST_LEN];
-} rend_data_v2_t;
-
-/* From a base rend_data_t object d, return the v2 object. */
-static inline
-rend_data_v2_t *TO_REND_DATA_V2(const rend_data_t *d)
-{
- tor_assert(d);
- tor_assert(d->version == 2);
- return DOWNCAST(rend_data_v2_t, d);
-}
-
/* Stub because we can't include hs_ident.h. */
struct hs_ident_edge_conn_t;
struct hs_ident_dir_conn_t;
diff --git a/src/core/or/origin_circuit_st.h b/src/core/or/origin_circuit_st.h
index a45a6573dc..4822760c8d 100644
--- a/src/core/or/origin_circuit_st.h
+++ b/src/core/or/origin_circuit_st.h
@@ -128,9 +128,6 @@ struct origin_circuit_t {
*/
crypt_path_t *cpath;
- /** Holds all rendezvous data on either client or service side. */
- rend_data_t *rend_data;
-
/** Holds hidden service identifier on either client or service side. This
* is for both introduction and rendezvous circuit. */
struct hs_ident_circuit_t *hs_ident;
diff --git a/src/core/or/relay.c b/src/core/or/relay.c
index f986883370..32d6ca731a 100644
--- a/src/core/or/relay.c
+++ b/src/core/or/relay.c
@@ -78,7 +78,6 @@
#include "core/or/reasons.h"
#include "core/or/relay.h"
#include "core/crypto/relay_crypto.h"
-#include "feature/rend/rendcache.h"
#include "feature/rend/rendcommon.h"
#include "feature/nodelist/describe.h"
#include "feature/nodelist/routerlist.h"
@@ -2711,8 +2710,8 @@ cell_queues_check_size(void)
alloc += half_streams_get_total_allocation();
alloc += buf_get_total_allocation();
alloc += tor_compress_get_total_allocation();
- const size_t rend_cache_total = rend_cache_get_total_allocation();
- alloc += rend_cache_total;
+ const size_t hs_cache_total = hs_cache_get_total_allocation();
+ alloc += hs_cache_total;
const size_t geoip_client_cache_total =
geoip_client_cache_total_allocation();
alloc += geoip_client_cache_total;
@@ -2724,9 +2723,9 @@ cell_queues_check_size(void)
/* If we're spending over 20% of the memory limit on hidden service
* descriptors, free them until we're down to 10%. Do the same for geoip
* client cache. */
- if (rend_cache_total > get_options()->MaxMemInQueues / 5) {
+ if (hs_cache_total > get_options()->MaxMemInQueues / 5) {
const size_t bytes_to_remove =
- rend_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
+ hs_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
alloc -= hs_cache_handle_oom(now, bytes_to_remove);
}
if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) {
diff --git a/src/feature/control/control.c b/src/feature/control/control.c
index 2aebe1aac6..2cb20b700f 100644
--- a/src/feature/control/control.c
+++ b/src/feature/control/control.c
@@ -48,8 +48,8 @@
#include "feature/control/control_cmd.h"
#include "feature/control/control_events.h"
#include "feature/control/control_proto.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendservice.h"
+#include "feature/hs/hs_common.h"
+#include "feature/hs/hs_service.h"
#include "lib/evloop/procmon.h"
#include "feature/control/control_connection_st.h"
@@ -240,9 +240,7 @@ connection_control_closed(control_connection_t *conn)
*/
if (conn->ephemeral_onion_services) {
SMARTLIST_FOREACH_BEGIN(conn->ephemeral_onion_services, char *, cp) {
- if (rend_valid_v2_service_id(cp)) {
- rend_service_del_ephemeral(cp);
- } else if (hs_address_is_valid(cp)) {
+ if (hs_address_is_valid(cp)) {
hs_service_del_ephemeral(cp);
} else {
/* An invalid .onion in our list should NEVER happen */
diff --git a/src/feature/control/control_cmd.c b/src/feature/control/control_cmd.c
index e88f17de09..009105bb20 100644
--- a/src/feature/control/control_cmd.c
+++ b/src/feature/control/control_cmd.c
@@ -38,8 +38,6 @@
#include "feature/nodelist/routerinfo.h"
#include "feature/nodelist/routerlist.h"
#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendparse.h"
-#include "feature/rend/rendservice.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/encoding/confline.h"
@@ -53,9 +51,6 @@
#include "feature/control/control_connection_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/routerinfo_st.h"
-#include "feature/rend/rend_authorized_client_st.h"
-#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
#include "src/app/config/statefile.h"
@@ -1442,31 +1437,15 @@ handle_control_hsfetch(control_connection_t *conn,
const control_cmd_args_t *args)
{
- char digest[DIGEST_LEN], *desc_id = NULL;
+ char *desc_id = NULL;
smartlist_t *hsdirs = NULL;
- static const char *v2_str = "v2-";
- const size_t v2_str_len = strlen(v2_str);
- rend_data_t *rend_query = NULL;
ed25519_public_key_t v3_pk;
uint32_t version;
const char *hsaddress = NULL;
/* Extract the first argument (either HSAddress or DescID). */
const char *arg1 = smartlist_get(args->args, 0);
- /* Test if it's an HS address without the .onion part. */
- if (rend_valid_v2_service_id(arg1)) {
- hsaddress = arg1;
- version = HS_VERSION_TWO;
- } else if (strcmpstart(arg1, v2_str) == 0 &&
- rend_valid_descriptor_id(arg1 + v2_str_len) &&
- base32_decode(digest, sizeof(digest), arg1 + v2_str_len,
- REND_DESC_ID_V2_LEN_BASE32) ==
- sizeof(digest)) {
- /* We have a well formed version 2 descriptor ID. Keep the decoded value
- * of the id. */
- desc_id = digest;
- version = HS_VERSION_TWO;
- } else if (hs_address_is_valid(arg1)) {
+ if (hs_address_is_valid(arg1)) {
hsaddress = arg1;
version = HS_VERSION_THREE;
hs_parse_address(hsaddress, &v3_pk, NULL, NULL);
@@ -1495,15 +1474,6 @@ handle_control_hsfetch(control_connection_t *conn,
}
}
- if (version == HS_VERSION_TWO) {
- rend_query = rend_data_client_create(hsaddress, desc_id, NULL,
- REND_NO_AUTH);
- if (rend_query == NULL) {
- control_write_endreply(conn, 551, "Error creating the HS query");
- goto done;
- }
- }
-
/* Using a descriptor ID, we force the user to provide at least one
* hsdir server using the SERVER= option. */
if (desc_id && (!hsdirs || !smartlist_len(hsdirs))) {
@@ -1526,7 +1496,6 @@ handle_control_hsfetch(control_connection_t *conn,
done:
/* Contains data pointer that we don't own thus no cleanup. */
smartlist_free(hsdirs);
- rend_data_free(rend_query);
return 0;
}
@@ -1547,7 +1516,6 @@ handle_control_hspost(control_connection_t *conn,
{
smartlist_t *hs_dirs = NULL;
const char *encoded_desc = args->cmddata;
- size_t encoded_desc_len = args->cmddata_len;
const char *onion_address = NULL;
const config_line_t *line;
@@ -1587,44 +1555,6 @@ handle_control_hspost(control_connection_t *conn,
goto done;
}
- /* From this point on, it is only v2. */
-
- /* parse it. */
- rend_encoded_v2_service_descriptor_t *desc =
- tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
- desc->desc_str = tor_memdup_nulterm(encoded_desc, encoded_desc_len);
-
- rend_service_descriptor_t *parsed = NULL;
- char *intro_content = NULL;
- size_t intro_size;
- size_t encoded_size;
- const char *next_desc;
- if (!rend_parse_v2_service_descriptor(&parsed, desc->desc_id, &intro_content,
- &intro_size, &encoded_size,
- &next_desc, desc->desc_str, 1)) {
- /* Post the descriptor. */
- char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
- if (!rend_get_service_id(parsed->pk, serviceid)) {
- smartlist_t *descs = smartlist_new();
- smartlist_add(descs, desc);
-
- /* We are about to trigger HS descriptor upload so send the OK now
- * because after that 650 event(s) are possible so better to have the
- * 250 OK before them to avoid out of order replies. */
- send_control_done(conn);
-
- /* Trigger the descriptor upload */
- directory_post_to_hs_dir(parsed, descs, hs_dirs, serviceid, 0);
- smartlist_free(descs);
- }
-
- rend_service_descriptor_free(parsed);
- } else {
- control_write_endreply(conn, 554, "Invalid descriptor");
- }
-
- tor_free(intro_content);
- rend_encoded_v2_service_descriptor_free(desc);
done:
smartlist_free(hs_dirs); /* Contents belong to the rend service code. */
return 0;
@@ -1640,7 +1570,6 @@ handle_control_hspost(control_connection_t *conn,
* The port_cfgs is a list of service port. Ownership transferred to service.
* The max_streams refers to the MaxStreams= key.
* The max_streams_close_circuit refers to the MaxStreamsCloseCircuit key.
- * The auth_type is the authentication type of the clients in auth_clients.
* The ownership of that list is transferred to the service.
*
* On success (RSAE_OKAY), the address_out points to a newly allocated string
@@ -1650,8 +1579,7 @@ STATIC hs_service_add_ephemeral_status_t
add_onion_helper_add_service(int hs_version,
add_onion_secret_key_t *pk,
smartlist_t *port_cfgs, int max_streams,
- int max_streams_close_circuit, int auth_type,
- smartlist_t *auth_clients,
+ int max_streams_close_circuit,
smartlist_t *auth_clients_v3, char **address_out)
{
hs_service_add_ephemeral_status_t ret;
@@ -1661,11 +1589,6 @@ add_onion_helper_add_service(int hs_version,
tor_assert(address_out);
switch (hs_version) {
- case HS_VERSION_TWO:
- ret = rend_service_add_ephemeral(pk->v2, port_cfgs, max_streams,
- max_streams_close_circuit, auth_type,
- auth_clients, address_out);
- break;
case HS_VERSION_THREE:
ret = hs_service_add_ephemeral(pk->v3, port_cfgs, max_streams,
max_streams_close_circuit,
@@ -1711,16 +1634,14 @@ handle_control_add_onion(control_connection_t *conn,
* material first, since there's no reason to touch that at all if any of
* the other arguments are malformed.
*/
+ rend_auth_type_t auth_type = REND_NO_AUTH;
smartlist_t *port_cfgs = smartlist_new();
- smartlist_t *auth_clients = NULL;
- smartlist_t *auth_created_clients = NULL;
smartlist_t *auth_clients_v3 = NULL;
smartlist_t *auth_clients_v3_str = NULL;
int discard_pk = 0;
int detach = 0;
int max_streams = 0;
int max_streams_close_circuit = 0;
- rend_auth_type_t auth_type = REND_NO_AUTH;
int non_anonymous = 0;
const config_line_t *arg;
@@ -1758,7 +1679,6 @@ handle_control_add_onion(control_connection_t *conn,
static const char *discard_flag = "DiscardPK";
static const char *detach_flag = "Detach";
static const char *max_s_close_flag = "MaxStreamsCloseCircuit";
- static const char *basicauth_flag = "BasicAuth";
static const char *v3auth_flag = "V3Auth";
static const char *non_anonymous_flag = "NonAnonymous";
@@ -1778,8 +1698,6 @@ handle_control_add_onion(control_connection_t *conn,
detach = 1;
} else if (!strcasecmp(flag, max_s_close_flag)) {
max_streams_close_circuit = 1;
- } else if (!strcasecmp(flag, basicauth_flag)) {
- auth_type = REND_BASIC_AUTH;
} else if (!strcasecmp(flag, v3auth_flag)) {
auth_type = REND_V3_AUTH;
} else if (!strcasecmp(flag, non_anonymous_flag)) {
@@ -1795,36 +1713,6 @@ handle_control_add_onion(control_connection_t *conn,
smartlist_free(flags);
if (bad)
goto out;
-
- } else if (!strcasecmp(arg->key, "ClientAuth")) {
- int created = 0;
- rend_authorized_client_t *client =
- add_onion_helper_clientauth(arg->value, &created, conn);
- if (!client) {
- goto out;
- }
-
- if (auth_clients != NULL) {
- int bad = 0;
- SMARTLIST_FOREACH_BEGIN(auth_clients, rend_authorized_client_t *, ac) {
- if (strcmp(ac->client_name, client->client_name) == 0) {
- bad = 1;
- break;
- }
- } SMARTLIST_FOREACH_END(ac);
- if (bad) {
- control_write_endreply(conn, 512, "Duplicate name in ClientAuth");
- rend_authorized_client_free(client);
- goto out;
- }
- } else {
- auth_clients = smartlist_new();
- auth_created_clients = smartlist_new();
- }
- smartlist_add(auth_clients, client);
- if (created) {
- smartlist_add(auth_created_clients, client);
- }
} else if (!strcasecmp(arg->key, "ClientAuthV3")) {
hs_service_authorized_client_t *client_v3 =
parse_authorized_client_key(arg->value, LOG_INFO);
@@ -1848,31 +1736,14 @@ handle_control_add_onion(control_connection_t *conn,
if (smartlist_len(port_cfgs) == 0) {
control_write_endreply(conn, 512, "Missing 'Port' argument");
goto out;
- } else if (auth_type == REND_NO_AUTH &&
- (auth_clients != NULL && auth_clients_v3 != NULL)) {
+ } else if (auth_type == REND_NO_AUTH && auth_clients_v3 != NULL) {
control_write_endreply(conn, 512, "No auth type specified");
goto out;
- } else if (auth_type != REND_NO_AUTH &&
- (auth_clients == NULL && auth_clients_v3 == NULL)) {
+ } else if (auth_type != REND_NO_AUTH && auth_clients_v3 == NULL) {
control_write_endreply(conn, 512, "No auth clients specified");
goto out;
- } else if ((auth_type == REND_BASIC_AUTH &&
- smartlist_len(auth_clients) > 512) ||
- (auth_type == REND_STEALTH_AUTH &&
- smartlist_len(auth_clients) > 16)) {
- control_write_endreply(conn, 512, "Too many auth clients");
- goto out;
- } else if ((auth_type == REND_BASIC_AUTH ||
- auth_type == REND_STEALTH_AUTH) && auth_clients_v3) {
- control_write_endreply(conn, 512,
- "ClientAuthV3 does not support basic or stealth auth");
- goto out;
- } else if (auth_type == REND_V3_AUTH && auth_clients) {
- control_write_endreply(conn, 512, "ClientAuth does not support v3 auth");
- goto out;
-
- } else if (non_anonymous != rend_service_non_anonymous_mode_enabled(
- get_options())) {
+ } else if (non_anonymous != hs_service_non_anonymous_mode_enabled(
+ get_options())) {
/* If we failed, and the non-anonymous flag is set, Tor must be in
* anonymous hidden service mode.
* The error message changes based on the current Tor config:
@@ -1899,29 +1770,15 @@ handle_control_add_onion(control_connection_t *conn,
goto out;
}
- /* We can't mix ClientAuth and Version 3 Onion Services, or ClientAuthV3 and
- * Version 2. If that's the case, send back an error. */
- if (hs_version == HS_VERSION_THREE && auth_clients) {
- control_write_endreply(conn, 513, "ClientAuth not supported");
- goto out;
- }
- if (hs_version == HS_VERSION_TWO && auth_clients_v3) {
- control_write_endreply(conn, 513, "ClientAuthV3 not supported");
- goto out;
- }
-
- /* Create the HS, using private key pk, client authentication auth_type,
- * the list of auth_clients, and port config port_cfg.
- * rend_service_add_ephemeral() will take ownership of pk and port_cfg,
- * regardless of success/failure.
- */
+ /* Create the HS, using private key pk and port config port_cfg.
+ * hs_service_add_ephemeral() will take ownership of pk and port_cfg,
+ * regardless of success/failure. */
char *service_id = NULL;
- int ret =
- add_onion_helper_add_service(hs_version, &pk, port_cfgs, max_streams,
- max_streams_close_circuit, auth_type,
- auth_clients, auth_clients_v3, &service_id);
- port_cfgs = NULL; /* port_cfgs is now owned by the rendservice code. */
- auth_clients = NULL; /* so is auth_clients */
+ int ret = add_onion_helper_add_service(hs_version, &pk, port_cfgs,
+ max_streams,
+ max_streams_close_circuit,
+ auth_clients_v3, &service_id);
+ port_cfgs = NULL; /* port_cfgs is now owned by the hs_service code. */
auth_clients_v3 = NULL; /* so is auth_clients_v3 */
switch (ret) {
case RSAE_OKAY:
@@ -1943,17 +1800,6 @@ handle_control_add_onion(control_connection_t *conn,
control_printf_midreply(conn, 250, "PrivateKey=%s:%s",
key_new_alg, key_new_blob);
}
- if (auth_created_clients) {
- SMARTLIST_FOREACH(auth_created_clients, rend_authorized_client_t *, ac, {
- char *encoded = rend_auth_encode_cookie(ac->descriptor_cookie,
- auth_type);
- tor_assert(encoded);
- control_printf_midreply(conn, 250, "ClientAuth=%s:%s",
- ac->client_name, encoded);
- memwipe(encoded, 0, strlen(encoded));
- tor_free(encoded);
- });
- }
if (auth_clients_v3_str) {
SMARTLIST_FOREACH(auth_clients_v3_str, char *, client_str, {
control_printf_midreply(conn, 250, "ClientAuthV3=%s", client_str);
@@ -1990,12 +1836,6 @@ handle_control_add_onion(control_connection_t *conn,
hs_port_config_free(p));
smartlist_free(port_cfgs);
}
-
- if (auth_clients) {
- SMARTLIST_FOREACH(auth_clients, rend_authorized_client_t *, ac,
- rend_authorized_client_free(ac));
- smartlist_free(auth_clients);
- }
if (auth_clients_v3) {
SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, ac,
service_authorized_client_free(ac));
@@ -2007,10 +1847,6 @@ handle_control_add_onion(control_connection_t *conn,
smartlist_free(auth_clients_v3_str);
}
- if (auth_created_clients) {
- // Do not free entries; they are the same as auth_clients
- smartlist_free(auth_created_clients);
- }
return 0;
}
@@ -2034,7 +1870,6 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
control_connection_t *conn)
{
smartlist_t *key_args = smartlist_new();
- crypto_pk_t *pk = NULL;
const char *key_new_alg = NULL;
char *key_new_blob = NULL;
int ret = -1;
@@ -2048,27 +1883,12 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
/* The format is "KeyType:KeyBlob". */
static const char *key_type_new = "NEW";
static const char *key_type_best = "BEST";
- static const char *key_type_rsa1024 = "RSA1024";
static const char *key_type_ed25519_v3 = "ED25519-V3";
const char *key_type = smartlist_get(key_args, 0);
const char *key_blob = smartlist_get(key_args, 1);
- if (!strcasecmp(key_type_rsa1024, key_type)) {
- /* "RSA:" - Loading a pre-existing RSA1024 key. */
- pk = crypto_pk_base64_decode_private(key_blob, strlen(key_blob));
- if (!pk) {
- control_write_endreply(conn, 512, "Failed to decode RSA key");
- goto err;
- }
- if (crypto_pk_num_bits(pk) != PK_BYTES*8) {
- crypto_pk_free(pk);
- control_write_endreply(conn, 512, "Invalid RSA key size");
- goto err;
- }
- decoded_key->v2 = pk;
- *hs_version = HS_VERSION_TWO;
- } else if (!strcasecmp(key_type_ed25519_v3, key_type)) {
+ if (!strcasecmp(key_type_ed25519_v3, key_type)) {
/* parsing of private ed25519 key */
/* "ED25519-V3:" - Loading a pre-existing ed25519 key. */
ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk));
@@ -2082,27 +1902,8 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
*hs_version = HS_VERSION_THREE;
} else if (!strcasecmp(key_type_new, key_type)) {
/* "NEW:" - Generating a new key, blob as algorithm. */
- if (!strcasecmp(key_type_rsa1024, key_blob)) {
- /* "RSA1024", RSA 1024 bit, also currently "BEST" by default. */
- pk = crypto_pk_new();
- if (crypto_pk_generate_key(pk)) {
- control_printf_endreply(conn, 551, "Failed to generate %s key",
- key_type_rsa1024);
- goto err;
- }
- if (!discard_pk) {
- if (crypto_pk_base64_encode_private(pk, &key_new_blob)) {
- crypto_pk_free(pk);
- control_printf_endreply(conn, 551, "Failed to encode %s key",
- key_type_rsa1024);
- goto err;
- }
- key_new_alg = key_type_rsa1024;
- }
- decoded_key->v2 = pk;
- *hs_version = HS_VERSION_TWO;
- } else if (!strcasecmp(key_type_ed25519_v3, key_blob) ||
- !strcasecmp(key_type_best, key_blob)) {
+ if (!strcasecmp(key_type_ed25519_v3, key_blob) ||
+ !strcasecmp(key_type_best, key_blob)) {
/* "ED25519-V3", ed25519 key, also currently "BEST" by default. */
ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk));
if (ed25519_secret_key_generate(sk, 1) < 0) {
@@ -2151,68 +1952,6 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
return ret;
}
-/** Helper function to handle parsing a ClientAuth argument to the
- * ADD_ONION command. Return a new rend_authorized_client_t, or NULL
- * and an optional control protocol error message on failure. The
- * caller is responsible for freeing the returned auth_client.
- *
- * If 'created' is specified, it will be set to 1 when a new cookie has
- * been generated.
- *
- * Note: conn is only used for writing control replies. For testing
- * purposes, it can be NULL if control_write_reply() is appropriately
- * mocked.
- */
-STATIC rend_authorized_client_t *
-add_onion_helper_clientauth(const char *arg, int *created,
- control_connection_t *conn)
-{
- int ok = 0;
-
- tor_assert(arg);
- tor_assert(created);
-
- smartlist_t *auth_args = smartlist_new();
- rend_authorized_client_t *client =
- tor_malloc_zero(sizeof(rend_authorized_client_t));
- smartlist_split_string(auth_args, arg, ":", 0, 0);
- if (smartlist_len(auth_args) < 1 || smartlist_len(auth_args) > 2) {
- control_write_endreply(conn, 512, "Invalid ClientAuth syntax");
- goto err;
- }
- client->client_name = tor_strdup(smartlist_get(auth_args, 0));
- if (smartlist_len(auth_args) == 2) {
- char *decode_err_msg = NULL;
- if (rend_auth_decode_cookie(smartlist_get(auth_args, 1),
- client->descriptor_cookie,
- NULL, &decode_err_msg) < 0) {
- tor_assert(decode_err_msg);
- control_write_endreply(conn, 512, decode_err_msg);
- tor_free(decode_err_msg);
- goto err;
- }
- *created = 0;
- } else {
- crypto_rand((char *) client->descriptor_cookie, REND_DESC_COOKIE_LEN);
- *created = 1;
- }
-
- if (!rend_valid_client_name(client->client_name)) {
- control_write_endreply(conn, 512, "Invalid name in ClientAuth");
- goto err;
- }
-
- ok = 1;
- err:
- SMARTLIST_FOREACH(auth_args, char *, item, tor_free(item));
- smartlist_free(auth_args);
- if (!ok) {
- rend_authorized_client_free(client);
- client = NULL;
- }
- return client;
-}
-
static const control_cmd_syntax_t del_onion_syntax = {
.min_args = 1, .max_args = 1,
};
@@ -2228,9 +1967,7 @@ handle_control_del_onion(control_connection_t *conn,
tor_assert(smartlist_len(args) == 1);
const char *service_id = smartlist_get(args, 0);
- if (rend_valid_v2_service_id(service_id)) {
- hs_version = HS_VERSION_TWO;
- } else if (hs_address_is_valid(service_id)) {
+ if (hs_address_is_valid(service_id)) {
hs_version = HS_VERSION_THREE;
} else {
control_write_endreply(conn, 512, "Malformed Onion Service id");
@@ -2261,9 +1998,6 @@ handle_control_del_onion(control_connection_t *conn,
} else {
int ret = -1;
switch (hs_version) {
- case HS_VERSION_TWO:
- ret = rend_service_del_ephemeral(service_id);
- break;
case HS_VERSION_THREE:
ret = hs_service_del_ephemeral(service_id);
break;
diff --git a/src/feature/control/control_cmd.h b/src/feature/control/control_cmd.h
index b3c1d5cb2f..f21dc65edd 100644
--- a/src/feature/control/control_cmd.h
+++ b/src/feature/control/control_cmd.h
@@ -99,13 +99,9 @@ STATIC hs_service_add_ephemeral_status_t add_onion_helper_add_service(
int hs_version,
add_onion_secret_key_t *pk,
smartlist_t *port_cfgs, int max_streams,
- int max_streams_close_circuit, int auth_type,
- smartlist_t *auth_clients,
+ int max_streams_close_circuit,
smartlist_t *auth_clients_v3, char **address_out);
-STATIC rend_authorized_client_t *add_onion_helper_clientauth(const char *arg,
- int *created, control_connection_t *conn);
-
STATIC control_cmd_args_t *control_cmd_parse_args(
const char *command,
const control_cmd_syntax_t *syntax,
diff --git a/src/feature/control/control_events.c b/src/feature/control/control_events.c
index b38b7a4f42..2e192c98ad 100644
--- a/src/feature/control/control_events.c
+++ b/src/feature/control/control_events.c
@@ -2066,8 +2066,6 @@ control_event_hs_descriptor_upload(const char *onion_address,
/** send HS_DESC event after got response from hs directory.
*
* NOTE: this is an internal function used by following functions:
- * control_event_hsv2_descriptor_received
- * control_event_hsv2_descriptor_failed
* control_event_hsv3_descriptor_failed
*
* So do not call this function directly.
@@ -2138,82 +2136,6 @@ control_event_hs_descriptor_upload_end(const char *action,
tor_free(reason_field);
}
-/** For an HS descriptor query rend_data, using the
- * onion_address and HSDir fingerprint hsdir_fp, find out
- * which descriptor ID in the query is the right one.
- *
- * Return a pointer of the binary descriptor ID found in the query's object
- * or NULL if not found. */
-static const char *
-get_desc_id_from_query(const rend_data_t *rend_data, const char *hsdir_fp)
-{
- int replica;
- const char *desc_id = NULL;
- const rend_data_v2_t *rend_data_v2 = TO_REND_DATA_V2(rend_data);
-
- /* Possible if the fetch was done using a descriptor ID. This means that
- * the HSFETCH command was used. */
- if (!tor_digest_is_zero(rend_data_v2->desc_id_fetch)) {
- desc_id = rend_data_v2->desc_id_fetch;
- goto end;
- }
-
- /* Without a directory fingerprint at this stage, we can't do much. */
- if (hsdir_fp == NULL) {
- goto end;
- }
-
- /* OK, we have an onion address so now let's find which descriptor ID
- * is the one associated with the HSDir fingerprint. */
- for (replica = 0; replica < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
- replica++) {
- const char *digest = rend_data_get_desc_id(rend_data, replica, NULL);
-
- SMARTLIST_FOREACH_BEGIN(rend_data->hsdirs_fp, char *, fingerprint) {
- if (tor_memcmp(fingerprint, hsdir_fp, DIGEST_LEN) == 0) {
- /* Found it! This descriptor ID is the right one. */
- desc_id = digest;
- goto end;
- }
- } SMARTLIST_FOREACH_END(fingerprint);
- }
-
- end:
- return desc_id;
-}
-
-/** send HS_DESC RECEIVED event
- *
- * called when we successfully received a hidden service descriptor.
- */
-void
-control_event_hsv2_descriptor_received(const char *onion_address,
- const rend_data_t *rend_data,
- const char *hsdir_id_digest)
-{
- char *desc_id_field = NULL;
- const char *desc_id;
-
- if (BUG(!rend_data || !hsdir_id_digest || !onion_address)) {
- return;
- }
-
- desc_id = get_desc_id_from_query(rend_data, hsdir_id_digest);
- if (desc_id != NULL) {
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- /* Set the descriptor ID digest to base32 so we can send it. */
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
- DIGEST_LEN);
- /* Extra whitespace is needed before the value. */
- tor_asprintf(&desc_id_field, " %s", desc_id_base32);
- }
-
- event_hs_descriptor_receive_end("RECEIVED", onion_address, desc_id_field,
- TO_REND_DATA_V2(rend_data)->auth_type,
- hsdir_id_digest, NULL);
- tor_free(desc_id_field);
-}
-
/* Send HS_DESC RECEIVED event
*
* Called when we successfully received a hidden service descriptor. */
@@ -2253,40 +2175,6 @@ control_event_hs_descriptor_uploaded(const char *id_digest,
id_digest, NULL);
}
-/** Send HS_DESC event to inform controller that query rend_data
- * failed to retrieve hidden service descriptor from directory identified by
- * id_digest. If NULL, "UNKNOWN" is used. If reason is not NULL,
- * add it to REASON= field.
- */
-void
-control_event_hsv2_descriptor_failed(const rend_data_t *rend_data,
- const char *hsdir_id_digest,
- const char *reason)
-{
- char *desc_id_field = NULL;
- const char *desc_id;
-
- if (BUG(!rend_data)) {
- return;
- }
-
- desc_id = get_desc_id_from_query(rend_data, hsdir_id_digest);
- if (desc_id != NULL) {
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- /* Set the descriptor ID digest to base32 so we can send it. */
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
- DIGEST_LEN);
- /* Extra whitespace is needed before the value. */
- tor_asprintf(&desc_id_field, " %s", desc_id_base32);
- }
-
- event_hs_descriptor_receive_end("FAILED", rend_data_get_address(rend_data),
- desc_id_field,
- TO_REND_DATA_V2(rend_data)->auth_type,
- hsdir_id_digest, reason);
- tor_free(desc_id_field);
-}
-
/** Send HS_DESC event to inform controller that the query to
* onion_address failed to retrieve hidden service descriptor
* desc_id from directory identified by hsdir_id_digest. If
diff --git a/src/feature/control/control_events.h b/src/feature/control/control_events.h
index e499c037ba..d20091e662 100644
--- a/src/feature/control/control_events.h
+++ b/src/feature/control/control_events.h
@@ -202,13 +202,6 @@ void control_event_hs_descriptor_upload_end(const char *action,
const char *reason);
void control_event_hs_descriptor_uploaded(const char *hs_dir,
const char *onion_address);
-/* Hidden service v2 HS_DESC specific. */
-void control_event_hsv2_descriptor_failed(const rend_data_t *rend_data,
- const char *id_digest,
- const char *reason);
-void control_event_hsv2_descriptor_received(const char *onion_address,
- const rend_data_t *rend_data,
- const char *id_digest);
/* Hidden service v3 HS_DESC specific. */
void control_event_hsv3_descriptor_failed(const char *onion_address,
const char *desc_id,
diff --git a/src/feature/control/control_fmt.c b/src/feature/control/control_fmt.c
index 014427c5b5..cb0673ee7d 100644
--- a/src/feature/control/control_fmt.c
+++ b/src/feature/control/control_fmt.c
@@ -122,15 +122,11 @@ circuit_describe_status_for_controller(origin_circuit_t *circ)
}
}
- if (circ->rend_data != NULL || circ->hs_ident != NULL) {
+ if (circ->hs_ident != NULL) {
char addr[HS_SERVICE_ADDR_LEN_BASE32 + 1];
const char *onion_address;
- if (circ->rend_data) {
- onion_address = rend_data_get_address(circ->rend_data);
- } else {
- hs_build_address(&circ->hs_ident->identity_pk, HS_VERSION_THREE, addr);
- onion_address = addr;
- }
+ hs_build_address(&circ->hs_ident->identity_pk, HS_VERSION_THREE, addr);
+ onion_address = addr;
smartlist_add_asprintf(descparts, "REND_QUERY=%s", onion_address);
}
diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c
index 75d5418d19..29032111ef 100644
--- a/src/feature/control/control_getinfo.c
+++ b/src/feature/control/control_getinfo.c
@@ -47,7 +47,6 @@
#include "feature/relay/router.h"
#include "feature/relay/routermode.h"
#include "feature/relay/selftest.h"
-#include "feature/rend/rendcache.h"
#include "feature/stats/geoip_stats.h"
#include "feature/stats/predict_ports.h"
#include "feature/stats/rephist.h"
diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c
index 00bb0abf23..013fd1f9ae 100644
--- a/src/feature/dircache/dircache.c
+++ b/src/feature/dircache/dircache.c
@@ -31,7 +31,6 @@
#include "feature/nodelist/routerlist.h"
#include "feature/relay/relay_config.h"
#include "feature/relay/routermode.h"
-#include "feature/rend/rendcache.h"
#include "feature/stats/geoip_stats.h"
#include "feature/stats/rephist.h"
#include "lib/compress/compress.h"
@@ -353,8 +352,6 @@ static int handle_get_descriptor(dir_connection_t *conn,
const get_handler_args_t *args);
static int handle_get_keys(dir_connection_t *conn,
const get_handler_args_t *args);
-static int handle_get_hs_descriptor_v2(dir_connection_t *conn,
- const get_handler_args_t *args);
static int handle_get_robots(dir_connection_t *conn,
const get_handler_args_t *args);
static int handle_get_networkstatus_bridges(dir_connection_t *conn,
@@ -373,7 +370,6 @@ static const url_table_ent_t url_table[] = {
{ "/tor/server/", 1, handle_get_descriptor },
{ "/tor/extra/", 1, handle_get_descriptor },
{ "/tor/keys/", 1, handle_get_keys },
- { "/tor/rendezvous2/", 1, handle_get_hs_descriptor_v2 },
{ "/tor/hs/3/", 1, handle_get_hs_descriptor_v3 },
{ "/tor/robots.txt", 0, handle_get_robots },
{ "/tor/networkstatus-bridges", 0, handle_get_networkstatus_bridges },
@@ -1347,44 +1343,6 @@ handle_get_keys(dir_connection_t *conn, const get_handler_args_t *args)
return 0;
}
-/** Helper function for GET /tor/rendezvous2/
- */
-static int
-handle_get_hs_descriptor_v2(dir_connection_t *conn,
- const get_handler_args_t *args)
-{
- const char *url = args->url;
- if (connection_dir_is_encrypted(conn)) {
- /* Handle v2 rendezvous descriptor fetch request. */
- const char *descp;
- const char *query = url + strlen("/tor/rendezvous2/");
- if (rend_valid_descriptor_id(query)) {
- log_info(LD_REND, "Got a v2 rendezvous descriptor request for ID '%s'",
- safe_str(escaped(query)));
- switch (rend_cache_lookup_v2_desc_as_dir(query, &descp)) {
- case 1: /* valid */
- write_http_response_header(conn, strlen(descp), NO_METHOD, 0);
- connection_buf_add(descp, strlen(descp), TO_CONN(conn));
- break;
- case 0: /* well-formed but not present */
- write_short_http_response(conn, 404, "Not found");
- break;
- case -1: /* not well-formed */
- write_short_http_response(conn, 400, "Bad request");
- break;
- }
- } else { /* not well-formed */
- write_short_http_response(conn, 400, "Bad request");
- }
- goto done;
- } else {
- /* Not encrypted! */
- write_short_http_response(conn, 404, "Not found");
- }
- done:
- return 0;
-}
-
/** Helper function for GET `/tor/hs/3/...`. Only for version 3.
*/
STATIC int
@@ -1626,22 +1584,6 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers,
}
log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url));
- /* Handle v2 rendezvous service publish request. */
- if (connection_dir_is_encrypted(conn) &&
- !strcmpstart(url,"/tor/rendezvous2/publish")) {
- if (rend_cache_store_v2_desc_as_dir(body) < 0) {
- log_warn(LD_REND, "Rejected v2 rend descriptor (body size %d) from %s.",
- (int)body_len,
- connection_describe_peer(TO_CONN(conn)));
- write_short_http_response(conn, 400,
- "Invalid v2 service descriptor rejected");
- } else {
- write_short_http_response(conn, 200, "Service descriptor (v2) stored");
- log_info(LD_REND, "Handled v2 rendezvous descriptor post: accepted");
- }
- goto done;
- }
-
/* Handle HS descriptor publish request. We force an anonymous connection
* (which also tests for encrypted). We do not allow single-hop client to
* post a descriptor onto an HSDir. */
diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c
index dd7af9dbfc..c5b0d19dd7 100644
--- a/src/feature/dirclient/dirclient.c
+++ b/src/feature/dirclient/dirclient.c
@@ -47,9 +47,7 @@
#include "feature/relay/relay_find_addr.h"
#include "feature/relay/routermode.h"
#include "feature/relay/selftest.h"
-#include "feature/rend/rendcache.h"
#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendservice.h"
#include "feature/stats/predict_ports.h"
#include "lib/cc/ctassert.h"
@@ -66,7 +64,6 @@
#include "feature/nodelist/networkstatus_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/routerinfo_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
/** Maximum size, in bytes, for any directory object that we've downloaded. */
#define MAX_DIR_DL_SIZE ((1<<24)-1) /* 16 MB - 1 */
@@ -119,10 +116,6 @@ dir_conn_purpose_to_string(int purpose)
return "status vote fetch";
case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
return "consensus signature fetch";
- case DIR_PURPOSE_FETCH_RENDDESC_V2:
- return "hidden-service v2 descriptor fetch";
- case DIR_PURPOSE_UPLOAD_RENDDESC_V2:
- return "hidden-service v2 descriptor upload";
case DIR_PURPOSE_FETCH_HSDESC:
return "hidden-service descriptor fetch";
case DIR_PURPOSE_UPLOAD_HSDESC:
@@ -949,7 +942,6 @@ directory_request_new(uint8_t dir_purpose)
tor_assert(dir_purpose >= DIR_PURPOSE_MIN_);
tor_assert(dir_purpose <= DIR_PURPOSE_MAX_);
tor_assert(dir_purpose != DIR_PURPOSE_SERVER);
- tor_assert(dir_purpose != DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2);
tor_assert(dir_purpose != DIR_PURPOSE_HAS_FETCHED_HSDESC);
directory_request_t *result = tor_malloc_zero(sizeof(*result));
@@ -1086,21 +1078,6 @@ directory_request_add_header(directory_request_t *req,
{
config_line_prepend(&req->additional_headers, key, val);
}
-/**
- * Set an object containing HS data to be associated with this request. Note
- * that only an alias to query is stored, so the query object
- * must outlive the request.
- */
-void
-directory_request_set_rend_query(directory_request_t *req,
- const rend_data_t *query)
-{
- if (query) {
- tor_assert(req->dir_purpose == DIR_PURPOSE_FETCH_RENDDESC_V2 ||
- req->dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2);
- }
- req->rend_query = query;
-}
/**
* Set an object containing HS connection identifier to be associated with
* this request. Note that only an alias to ident is stored, so the
@@ -1249,7 +1226,6 @@ directory_initiate_request,(directory_request_t *request))
const uint8_t router_purpose = request->router_purpose;
const dir_indirection_t indirection = request->indirection;
const char *resource = request->resource;
- const rend_data_t *rend_query = request->rend_query;
const hs_ident_dir_conn_t *hs_ident = request->hs_ident;
circuit_guard_state_t *guard_state = request->guard_state;
@@ -1285,7 +1261,7 @@ directory_initiate_request,(directory_request_t *request))
if (purpose_needs_anonymity(dir_purpose, router_purpose, resource)) {
tor_assert(anonymized_connection ||
- rend_non_anonymous_mode_enabled(options));
+ hs_service_non_anonymous_mode_enabled(options));
}
/* use encrypted begindir connections for everything except relays
@@ -1337,15 +1313,7 @@ directory_initiate_request,(directory_request_t *request))
/* XXXX This is a bad name for this field now. */
conn->dirconn_direct = !anonymized_connection;
- /* copy rendezvous data, if any */
- if (rend_query) {
- /* We can't have both v2 and v3+ identifier. */
- tor_assert_nonfatal(!hs_ident);
- conn->rend_data = rend_data_dup(rend_query);
- }
if (hs_ident) {
- /* We can't have both v2 and v3+ identifier. */
- tor_assert_nonfatal(!rend_query);
conn->hs_ident = hs_ident_dir_conn_dup(hs_ident);
}
@@ -1680,13 +1648,6 @@ directory_send_command(dir_connection_t *conn,
httpcommand = "POST";
url = tor_strdup("/tor/post/consensus-signature");
break;
- case DIR_PURPOSE_FETCH_RENDDESC_V2:
- tor_assert(resource);
- tor_assert(strlen(resource) <= REND_DESC_ID_V2_LEN_BASE32);
- tor_assert(!payload);
- httpcommand = "GET";
- tor_asprintf(&url, "/tor/rendezvous2/%s", resource);
- break;
case DIR_PURPOSE_FETCH_HSDESC:
tor_assert(resource);
tor_assert(strlen(resource) <= ED25519_BASE64_LEN);
@@ -1694,12 +1655,6 @@ directory_send_command(dir_connection_t *conn,
httpcommand = "GET";
tor_asprintf(&url, "/tor/hs/3/%s", resource);
break;
- case DIR_PURPOSE_UPLOAD_RENDDESC_V2:
- tor_assert(!resource);
- tor_assert(payload);
- httpcommand = "POST";
- url = tor_strdup("/tor/rendezvous2/publish");
- break;
case DIR_PURPOSE_UPLOAD_HSDESC:
tor_assert(resource);
tor_assert(payload);
@@ -1843,10 +1798,6 @@ static int handle_response_upload_vote(dir_connection_t *,
const response_handler_args_t *);
static int handle_response_upload_signatures(dir_connection_t *,
const response_handler_args_t *);
-static int handle_response_fetch_renddesc_v2(dir_connection_t *,
- const response_handler_args_t *);
-static int handle_response_upload_renddesc_v2(dir_connection_t *,
- const response_handler_args_t *);
static int handle_response_upload_hsdesc(dir_connection_t *,
const response_handler_args_t *);
@@ -2193,9 +2144,6 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
case DIR_PURPOSE_FETCH_MICRODESC:
rv = handle_response_fetch_microdesc(conn, &args);
break;
- case DIR_PURPOSE_FETCH_RENDDESC_V2:
- rv = handle_response_fetch_renddesc_v2(conn, &args);
- break;
case DIR_PURPOSE_UPLOAD_DIR:
rv = handle_response_upload_dir(conn, &args);
break;
@@ -2205,9 +2153,6 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
case DIR_PURPOSE_UPLOAD_VOTE:
rv = handle_response_upload_vote(conn, &args);
break;
- case DIR_PURPOSE_UPLOAD_RENDDESC_V2:
- rv = handle_response_upload_renddesc_v2(conn, &args);
- break;
case DIR_PURPOSE_UPLOAD_HSDESC:
rv = handle_response_upload_hsdesc(conn, &args);
break;
@@ -2800,152 +2745,6 @@ handle_response_fetch_hsdesc_v3(dir_connection_t *conn,
return 0;
}
-/**
- * Handler function: processes a response to a request for a v2 hidden service
- * descriptor.
- **/
-static int
-handle_response_fetch_renddesc_v2(dir_connection_t *conn,
- const response_handler_args_t *args)
-{
- tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_RENDDESC_V2);
- const int status_code = args->status_code;
- const char *reason = args->reason;
- const char *body = args->body;
- const size_t body_len = args->body_len;
-
-#define SEND_HS_DESC_FAILED_EVENT(reason) \
- (control_event_hsv2_descriptor_failed(conn->rend_data, \
- conn->identity_digest, \
- reason))
-#define SEND_HS_DESC_FAILED_CONTENT() \
- (control_event_hs_descriptor_content( \
- rend_data_get_address(conn->rend_data), \
- conn->requested_resource, \
- conn->identity_digest, \
- NULL))
-
- tor_assert(conn->rend_data);
- log_info(LD_REND,"Received rendezvous descriptor (body size %d, status %d "
- "(%s))",
- (int)body_len, status_code, escaped(reason));
- switch (status_code) {
- case 200:
- {
- rend_cache_entry_t *entry = NULL;
-
- if (rend_cache_store_v2_desc_as_client(body,
- conn->requested_resource,
- conn->rend_data, &entry) < 0) {
- log_warn(LD_REND,"Fetching v2 rendezvous descriptor failed. "
- "Retrying at another directory.");
- /* We'll retry when connection_about_to_close_connection()
- * cleans this dir conn up. */
- SEND_HS_DESC_FAILED_EVENT("BAD_DESC");
- SEND_HS_DESC_FAILED_CONTENT();
- } else {
- char service_id[REND_SERVICE_ID_LEN_BASE32 + 1];
- /* Should never be NULL here if we found the descriptor. */
- tor_assert(entry);
- rend_get_service_id(entry->parsed->pk, service_id);
-
- /* success. notify pending connections about this. */
- log_info(LD_REND, "Successfully fetched v2 rendezvous "
- "descriptor.");
- control_event_hsv2_descriptor_received(service_id,
- conn->rend_data,
- conn->identity_digest);
- control_event_hs_descriptor_content(service_id,
- conn->requested_resource,
- conn->identity_digest,
- body);
- conn->base_.purpose = DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2;
- memwipe(service_id, 0, sizeof(service_id));
- }
- break;
- }
- case 404:
- /* Not there. We'll retry when
- * connection_about_to_close_connection() cleans this conn up. */
- log_info(LD_REND,"Fetching v2 rendezvous descriptor failed: "
- "Retrying at another directory.");
- SEND_HS_DESC_FAILED_EVENT("NOT_FOUND");
- SEND_HS_DESC_FAILED_CONTENT();
- break;
- case 400:
- log_warn(LD_REND, "Fetching v2 rendezvous descriptor failed: "
- "http status 400 (%s). Dirserver didn't like our "
- "v2 rendezvous query? Retrying at another directory.",
- escaped(reason));
- SEND_HS_DESC_FAILED_EVENT("QUERY_REJECTED");
- SEND_HS_DESC_FAILED_CONTENT();
- break;
- default:
- log_warn(LD_REND, "Fetching v2 rendezvous descriptor failed: "
- "http status %d (%s) response unexpected while "
- "fetching v2 hidden service descriptor (server %s). "
- "Retrying at another directory.",
- status_code, escaped(reason),
- connection_describe_peer(TO_CONN(conn)));
- SEND_HS_DESC_FAILED_EVENT("UNEXPECTED");
- SEND_HS_DESC_FAILED_CONTENT();
- break;
- }
-
- return 0;
-}
-
-/**
- * Handler function: processes a response to a POST request to upload a v2
- * hidden service descriptor.
- **/
-static int
-handle_response_upload_renddesc_v2(dir_connection_t *conn,
- const response_handler_args_t *args)
-{
- tor_assert(conn->base_.purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2);
- const int status_code = args->status_code;
- const char *reason = args->reason;
-
-#define SEND_HS_DESC_UPLOAD_FAILED_EVENT(reason) \
- (control_event_hs_descriptor_upload_failed( \
- conn->identity_digest, \
- rend_data_get_address(conn->rend_data), \
- reason))
-
- log_info(LD_REND,"Uploaded rendezvous descriptor (status %d "
- "(%s))",
- status_code, escaped(reason));
- /* Without the rend data, we'll have a problem identifying what has been
- * uploaded for which service. */
- tor_assert(conn->rend_data);
- switch (status_code) {
- case 200:
- log_info(LD_REND,
- "Uploading rendezvous descriptor: finished with status "
- "200 (%s)", escaped(reason));
- control_event_hs_descriptor_uploaded(conn->identity_digest,
- rend_data_get_address(conn->rend_data));
- rend_service_desc_has_uploaded(conn->rend_data);
- break;
- case 400:
- log_warn(LD_REND,"http status 400 (%s) response from dirserver "
- "%s. Malformed rendezvous descriptor?",
- escaped(reason), connection_describe_peer(TO_CONN(conn)));
- SEND_HS_DESC_UPLOAD_FAILED_EVENT("UPLOAD_REJECTED");
- break;
- default:
- log_warn(LD_REND,"http status %d (%s) response unexpected (server "
- "%s).",
- status_code, escaped(reason),
- connection_describe_peer(TO_CONN(conn)));
- SEND_HS_DESC_UPLOAD_FAILED_EVENT("UNEXPECTED");
- break;
- }
-
- return 0;
-}
-
/**
* Handler function: processes a response to a POST request to upload an
* hidden service descriptor.
diff --git a/src/feature/dirclient/dirclient.h b/src/feature/dirclient/dirclient.h
index 096b197526..519cbb1211 100644
--- a/src/feature/dirclient/dirclient.h
+++ b/src/feature/dirclient/dirclient.h
@@ -74,8 +74,6 @@ void directory_request_set_payload(directory_request_t *req,
size_t payload_len);
void directory_request_set_if_modified_since(directory_request_t *req,
time_t if_modified_since);
-void directory_request_set_rend_query(directory_request_t *req,
- const rend_data_t *query);
void directory_request_upload_set_hs_ident(directory_request_t *req,
const hs_ident_dir_conn_t *ident);
void directory_request_fetch_set_hs_ident(directory_request_t *req,
@@ -125,8 +123,6 @@ struct directory_request_t {
size_t payload_len;
/** Value to send in an if-modified-since header, or 0 for none. */
time_t if_modified_since;
- /** Hidden-service-specific information v2. */
- const rend_data_t *rend_query;
/** Extra headers to append to the request */
struct config_line_t *additional_headers;
/** Hidden-service-specific information for v3+. */
diff --git a/src/feature/dircommon/dir_connection_st.h b/src/feature/dircommon/dir_connection_st.h
index 12230e6741..958dc623d4 100644
--- a/src/feature/dircommon/dir_connection_st.h
+++ b/src/feature/dircommon/dir_connection_st.h
@@ -42,9 +42,6 @@ struct dir_connection_t {
/** The compression object doing on-the-fly compression for spooled data. */
struct tor_compress_state_t *compress_state;
- /** What rendezvous service are we querying for? */
- rend_data_t *rend_data;
-
/* Hidden service connection identifier for dir connections: Used by HS
client-side code to fetch HS descriptors, and by the service-side code to
upload descriptors. */
diff --git a/src/feature/dircommon/directory.c b/src/feature/dircommon/directory.c
index 0029eb37a1..f264fd0750 100644
--- a/src/feature/dircommon/directory.c
+++ b/src/feature/dircommon/directory.c
@@ -142,9 +142,6 @@ purpose_needs_anonymity(uint8_t dir_purpose, uint8_t router_purpose,
case DIR_PURPOSE_FETCH_MICRODESC:
return 0;
case DIR_PURPOSE_HAS_FETCHED_HSDESC:
- case DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2:
- case DIR_PURPOSE_UPLOAD_RENDDESC_V2:
- case DIR_PURPOSE_FETCH_RENDDESC_V2:
case DIR_PURPOSE_FETCH_HSDESC:
case DIR_PURPOSE_UPLOAD_HSDESC:
return 1;
diff --git a/src/feature/dircommon/directory.h b/src/feature/dircommon/directory.h
index 0aa2ff53ef..5e4b097816 100644
--- a/src/feature/dircommon/directory.h
+++ b/src/feature/dircommon/directory.h
@@ -30,10 +30,7 @@ const dir_connection_t *CONST_TO_DIR_CONN(const connection_t *c);
#define DIR_CONN_STATE_SERVER_WRITING 6
#define DIR_CONN_STATE_MAX_ 6
-#define DIR_PURPOSE_MIN_ 4
-/** A connection to a directory server: set after a v2 rendezvous
- * descriptor is downloaded. */
-#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4
+#define DIR_PURPOSE_MIN_ 6
/** A connection to a directory server: download one or more server
* descriptors. */
#define DIR_PURPOSE_FETCH_SERVERDESC 6
@@ -61,12 +58,9 @@ const dir_connection_t *CONST_TO_DIR_CONN(const connection_t *c);
/** Purpose for connection at a directory server. */
#define DIR_PURPOSE_SERVER 16
-/** A connection to a hidden service directory server: upload a v2 rendezvous
- * descriptor. */
-#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17
-/** A connection to a hidden service directory server: download a v2 rendezvous
- * descriptor. */
-#define DIR_PURPOSE_FETCH_RENDDESC_V2 18
+
+/** Value 17 and 18 were onion service v2 purposes. */
+
/** A connection to a directory server: download a microdescriptor. */
#define DIR_PURPOSE_FETCH_MICRODESC 19
/** A connection to a hidden service directory: upload a v3 descriptor. */
@@ -84,7 +78,6 @@ const dir_connection_t *CONST_TO_DIR_CONN(const connection_t *c);
((p)==DIR_PURPOSE_UPLOAD_DIR || \
(p)==DIR_PURPOSE_UPLOAD_VOTE || \
(p)==DIR_PURPOSE_UPLOAD_SIGNATURES || \
- (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 || \
(p)==DIR_PURPOSE_UPLOAD_HSDESC)
enum compress_method_t;
diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c
index 765323df0d..ac43e78767 100644
--- a/src/feature/hs/hs_cache.c
+++ b/src/feature/hs/hs_cache.c
@@ -19,13 +19,15 @@
#include "feature/hs/hs_descriptor.h"
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
-#include "feature/rend/rendcache.h"
#include "feature/stats/rephist.h"
#include "feature/hs/hs_cache.h"
#include "feature/nodelist/networkstatus_st.h"
+/* Total counter of the cache size. */
+static size_t hs_cache_total_allocation = 0;
+
static int cached_client_descriptor_has_expired(time_t now,
const hs_cache_client_descriptor_t *cached_desc);
@@ -164,7 +166,7 @@ cache_store_v3_as_dir(hs_cache_dir_descriptor_t *desc)
* remove the entry we currently have from our cache so we can then
* store the new one. */
remove_v3_desc_as_dir(cache_entry);
- rend_cache_decrement_allocation(cache_get_dir_entry_size(cache_entry));
+ hs_cache_decrement_allocation(cache_get_dir_entry_size(cache_entry));
cache_dir_desc_free(cache_entry);
}
/* Store the descriptor we just got. We are sure here that either we
@@ -174,7 +176,7 @@ cache_store_v3_as_dir(hs_cache_dir_descriptor_t *desc)
/* Update our total cache size with this entry for the OOM. This uses the
* old HS protocol cache subsystem for which we are tied with. */
- rend_cache_increment_allocation(cache_get_dir_entry_size(desc));
+ hs_cache_increment_allocation(cache_get_dir_entry_size(desc));
/* Update HSv3 statistics */
if (get_options()->HiddenServiceStatistics) {
@@ -259,7 +261,7 @@ cache_clean_v3_as_dir(time_t now, time_t global_cutoff)
/* Entry is not in the cache anymore, destroy it. */
cache_dir_desc_free(entry);
/* Update our cache entry allocation size for the OOM. */
- rend_cache_decrement_allocation(entry_size);
+ hs_cache_decrement_allocation(entry_size);
/* Logging. */
{
char key_b64[BASE64_DIGEST256_LEN + 1];
@@ -336,12 +338,6 @@ hs_cache_lookup_as_dir(uint32_t version, const char *query,
void
hs_cache_clean_as_dir(time_t now)
{
- time_t cutoff;
-
- /* Start with v2 cache cleaning. */
- cutoff = now - rend_cache_max_entry_lifetime();
- rend_cache_clean_v2_descs_as_dir(cutoff);
-
/* Now, clean the v3 cache. Set the cutoff to 0 telling the cleanup function
* to compute the cutoff by itself using the lifetime value. */
cache_clean_v3_as_dir(now, 0);
@@ -387,7 +383,7 @@ remove_v3_desc_as_client(const hs_cache_client_descriptor_t *desc)
tor_assert(desc);
digest256map_remove(hs_cache_v3_client, desc->key.pubkey);
/* Update cache size with this entry for the OOM handler. */
- rend_cache_decrement_allocation(cache_get_client_entry_size(desc));
+ hs_cache_decrement_allocation(cache_get_client_entry_size(desc));
}
/** Store a given descriptor in our cache. */
@@ -397,7 +393,7 @@ store_v3_desc_as_client(hs_cache_client_descriptor_t *desc)
tor_assert(desc);
digest256map_set(hs_cache_v3_client, desc->key.pubkey, desc);
/* Update cache size with this entry for the OOM handler. */
- rend_cache_increment_allocation(cache_get_client_entry_size(desc));
+ hs_cache_increment_allocation(cache_get_client_entry_size(desc));
}
/** Query our cache and return the entry or NULL if not found or if expired. */
@@ -796,7 +792,7 @@ cache_clean_v3_as_client(time_t now)
cache_client_desc_free(entry);
/* Update our OOM. We didn't use the remove() function because we are in
* a loop so we have to explicitly decrement. */
- rend_cache_decrement_allocation(entry_size);
+ hs_cache_decrement_allocation(entry_size);
/* Logging. */
{
char key_b64[BASE64_DIGEST256_LEN + 1];
@@ -934,8 +930,6 @@ hs_cache_remove_as_client(const ed25519_public_key_t *key)
void
hs_cache_clean_as_client(time_t now)
{
- /* Start with v2 cache cleaning. */
- rend_cache_clean(now, REND_CACHE_TYPE_CLIENT);
/* Now, clean the v3 cache. Set the cutoff to 0 telling the cleanup function
* to compute the cutoff by itself using the lifetime value. */
cache_clean_v3_as_client(now);
@@ -952,7 +946,7 @@ hs_cache_purge_as_client(void)
cache_client_desc_free(entry);
/* Update our OOM. We didn't use the remove() function because we are in
* a loop so we have to explicitly decrement. */
- rend_cache_decrement_allocation(entry_size);
+ hs_cache_decrement_allocation(entry_size);
} DIGEST256MAP_FOREACH_END;
log_info(LD_REND, "Hidden service client descriptor cache purged.");
@@ -1074,19 +1068,16 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
/* The algorithm is as follow. K is the oldest expected descriptor age.
*
- * 1) Deallocate all entries from v2 cache that are older than K hours.
- * 1.1) If the amount of remove bytes has been reached, stop.
- * 2) Deallocate all entries from v3 cache that are older than K hours
+ * 1) Deallocate all entries from v3 cache that are older than K hours
* 2.1) If the amount of remove bytes has been reached, stop.
- * 3) Set K = K - RendPostPeriod and repeat process until K is < 0.
+ * 2) Set K = K - RendPostPeriod and repeat process until K is < 0.
*
* This ends up being O(Kn).
*/
/* Set K to the oldest expected age in seconds which is the maximum
- * lifetime of a cache entry. We'll use the v2 lifetime because it's much
- * bigger than the v3 thus leading to cleaning older descriptors. */
- k = rend_cache_max_entry_lifetime();
+ * lifetime of a cache entry. */
+ k = hs_cache_max_entry_lifetime();
do {
time_t cutoff;
@@ -1099,9 +1090,6 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
/* Compute a cutoff value with K and the current time. */
cutoff = now - k;
- /* Start by cleaning the v2 cache with that cutoff. */
- bytes_removed += rend_cache_clean_v2_descs_as_dir(cutoff);
-
if (bytes_removed < min_remove_bytes) {
/* We haven't remove enough bytes so clean v3 cache. */
bytes_removed += cache_clean_v3_as_dir(now, cutoff);
@@ -1150,4 +1138,45 @@ hs_cache_free_all(void)
digest256map_free(hs_cache_client_intro_state,
cache_client_intro_state_free_void);
hs_cache_client_intro_state = NULL;
+ hs_cache_total_allocation = 0;
+}
+
+/* Return total size of the cache. */
+size_t
+hs_cache_get_total_allocation(void)
+{
+ return hs_cache_total_allocation;
+}
+
+/** Decrement the total bytes attributed to the rendezvous cache by n. */
+void
+hs_cache_decrement_allocation(size_t n)
+{
+ static int have_underflowed = 0;
+
+ if (hs_cache_total_allocation >= n) {
+ hs_cache_total_allocation -= n;
+ } else {
+ hs_cache_total_allocation = 0;
+ if (! have_underflowed) {
+ have_underflowed = 1;
+ log_warn(LD_BUG, "Underflow in hs_cache_decrement_allocation");
+ }
+ }
+}
+
+/** Increase the total bytes attributed to the rendezvous cache by n. */
+void
+hs_cache_increment_allocation(size_t n)
+{
+ static int have_overflowed = 0;
+ if (hs_cache_total_allocation <= SIZE_MAX - n) {
+ hs_cache_total_allocation += n;
+ } else {
+ hs_cache_total_allocation = SIZE_MAX;
+ if (! have_overflowed) {
+ have_overflowed = 1;
+ log_warn(LD_BUG, "Overflow in hs_cache_increment_allocation");
+ }
+ }
}
diff --git a/src/feature/hs/hs_cache.h b/src/feature/hs/hs_cache.h
index bb3c77f224..e8165569db 100644
--- a/src/feature/hs/hs_cache.h
+++ b/src/feature/hs/hs_cache.h
@@ -21,6 +21,14 @@ struct ed25519_public_key_t;
/** This is the maximum time an introduction point state object can stay in the
* client cache in seconds (2 mins or 120 seconds). */
#define HS_CACHE_CLIENT_INTRO_STATE_MAX_AGE (2 * 60)
+/** How old do we let hidden service descriptors get before discarding
+ * them as too old? */
+#define HS_CACHE_MAX_AGE (2*24*60*60)
+/** How wrong do we assume our clock may be when checking whether hidden
+ * services are too old or too new? */
+#define HS_CACHE_MAX_SKEW (24*60*60)
+/** How old do we keep an intro point failure entry in the failure cache? */
+#define HS_CACHE_FAILURE_MAX_AGE (5*60)
/** Introduction point state. */
typedef struct hs_cache_intro_state_t {
@@ -57,7 +65,6 @@ typedef struct hs_cache_dir_descriptor_t {
/** Descriptor plaintext information. Obviously, we can't decrypt the
* encrypted part of the descriptor. */
hs_desc_plaintext_data_t *plaintext_data;
-
/** Encoded descriptor which is basically in text form. It's a NUL terminated
* string thus safe to strlen(). */
char *encoded_desc;
@@ -65,6 +72,13 @@ typedef struct hs_cache_dir_descriptor_t {
/* Public API */
+/* Return maximum lifetime in seconds of a cache entry. */
+static inline time_t
+hs_cache_max_entry_lifetime(void)
+{
+ return HS_CACHE_MAX_AGE + HS_CACHE_MAX_SKEW;
+}
+
void hs_cache_init(void);
void hs_cache_free_all(void);
void hs_cache_clean_as_dir(time_t now);
@@ -102,6 +116,10 @@ void hs_cache_client_intro_state_purge(void);
bool hs_cache_client_new_auth_parse(const ed25519_public_key_t *service_pk);
+size_t hs_cache_get_total_allocation(void);
+void hs_cache_decrement_allocation(size_t n);
+void hs_cache_increment_allocation(size_t n);
+
#ifdef HS_CACHE_PRIVATE
#include "lib/crypt_ops/crypto_ed25519.h"
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c
index 8bdaa4922a..01dd39e231 100644
--- a/src/feature/hs/hs_cell.c
+++ b/src/feature/hs/hs_cell.c
@@ -9,7 +9,6 @@
#include "core/or/or.h"
#include "app/config/config.h"
#include "lib/crypt_ops/crypto_util.h"
-#include "feature/rend/rendservice.h"
#include "feature/hs_common/replaycache.h"
#include "feature/hs/hs_cell.h"
@@ -194,37 +193,10 @@ parse_introduce2_encrypted(const uint8_t *decrypted_data,
return NULL;
}
-/** Build a legacy ESTABLISH_INTRO cell with the given circuit nonce and RSA
- * encryption key. The encoded cell is put in cell_out that MUST at least be
- * of the size of RELAY_PAYLOAD_SIZE. Return the encoded cell length on
- * success else a negative value and cell_out is untouched. */
-static ssize_t
-build_legacy_establish_intro(const char *circ_nonce, crypto_pk_t *enc_key,
- uint8_t *cell_out)
-{
- ssize_t cell_len;
-
- tor_assert(circ_nonce);
- tor_assert(enc_key);
- tor_assert(cell_out);
-
- memwipe(cell_out, 0, RELAY_PAYLOAD_SIZE);
-
- cell_len = rend_service_encode_establish_intro_cell((char*)cell_out,
- RELAY_PAYLOAD_SIZE,
- enc_key, circ_nonce);
- return cell_len;
-}
-
/** Parse an INTRODUCE2 cell from payload of size payload_len for the given
* service and circuit which are used only for logging purposes. The resulting
* parsed cell is put in cell_ptr_out.
*
- * This function only parses prop224 INTRODUCE2 cells even when the intro point
- * is a legacy intro point. That's because intro points don't actually care
- * about the contents of the introduce cell. Legacy INTRODUCE cells are only
- * used by the legacy system now.
- *
* Return 0 on success else a negative value and cell_ptr_out is untouched. */
static int
parse_introduce2_cell(const hs_service_t *service,
@@ -457,28 +429,6 @@ introduce1_set_auth_key(trn_cell_introduce1_t *cell,
data->auth_pk->pubkey, trn_cell_introduce1_getlen_auth_key(cell));
}
-/** Set the legacy ID field in the INTRODUCE1 cell from the given data. */
-static void
-introduce1_set_legacy_id(trn_cell_introduce1_t *cell,
- const hs_cell_introduce1_data_t *data)
-{
- tor_assert(cell);
- tor_assert(data);
-
- if (data->is_legacy) {
- uint8_t digest[DIGEST_LEN];
- if (BUG(crypto_pk_get_digest(data->legacy_key, (char *) digest) < 0)) {
- return;
- }
- memcpy(trn_cell_introduce1_getarray_legacy_key_id(cell),
- digest, trn_cell_introduce1_getlen_legacy_key_id(cell));
- } else {
- /* We have to zeroed the LEGACY_KEY_ID field. */
- memset(trn_cell_introduce1_getarray_legacy_key_id(cell), 0,
- trn_cell_introduce1_getlen_legacy_key_id(cell));
- }
-}
-
/** Build and add to the given DoS cell extension the given parameter type and
* value. */
static void
@@ -608,8 +558,7 @@ build_establish_intro_extensions(const hs_service_config_t *service_config,
/** Build an ESTABLISH_INTRO cell with the given circuit nonce and intro point
* object. The encoded cell is put in cell_out that MUST at least be of the
* size of RELAY_PAYLOAD_SIZE. Return the encoded cell length on success else
- * a negative value and cell_out is untouched. This function also supports
- * legacy cell creation. */
+ * a negative value and cell_out is untouched. */
ssize_t
hs_cell_build_establish_intro(const char *circ_nonce,
const hs_service_config_t *service_config,
@@ -625,16 +574,6 @@ hs_cell_build_establish_intro(const char *circ_nonce,
tor_assert(service_config);
tor_assert(ip);
- /* Quickly handle the legacy IP. */
- if (ip->base.is_only_legacy) {
- tor_assert(ip->legacy_key);
- cell_len = build_legacy_establish_intro(circ_nonce, ip->legacy_key,
- cell_out);
- tor_assert(cell_len <= RELAY_PAYLOAD_SIZE);
- /* Success or not we are done here. */
- goto done;
- }
-
/* Build the extensions, if any. */
extensions = build_establish_intro_extensions(service_config, ip);
@@ -1022,9 +961,6 @@ hs_cell_build_introduce1(const hs_cell_introduce1_data_t *data,
trn_cell_extension_set_num(ext, 0);
trn_cell_introduce1_set_extensions(cell, ext);
- /* Set the legacy ID field. */
- introduce1_set_legacy_id(cell, data);
-
/* Set the authentication key. */
introduce1_set_auth_key(cell, data);
@@ -1067,18 +1003,6 @@ hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len)
tor_assert(payload);
- /* If it is a legacy IP, rend-spec.txt specifies that a ACK is 0 byte and a
- * NACK is 1 byte. We can't use the legacy function for this so we have to
- * do a special case. */
- if (payload_len <= 1) {
- if (payload_len == 0) {
- ret = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS;
- } else {
- ret = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID;
- }
- goto end;
- }
-
if (trn_cell_introduce_ack_parse(&cell, payload, payload_len) < 0) {
log_info(LD_REND, "Invalid INTRODUCE_ACK cell. Unable to parse it.");
goto end;
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index b246ab423c..548e1cbe2a 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -28,7 +28,6 @@
#include "feature/hs/hs_service.h"
#include "feature/nodelist/describe.h"
#include "feature/nodelist/nodelist.h"
-#include "feature/rend/rendservice.h"
#include "feature/stats/rephist.h"
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_rand.h"
@@ -105,57 +104,6 @@ create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
return cpath;
}
-/** We are a v2 legacy HS client: Create and return a crypt path for the hidden
- * service on the other side of the rendezvous circuit circ. Initialize
- * the crypt path crypto using the body of the RENDEZVOUS1 cell at
- * rend_cell_body (which must be at least DH1024_KEY_LEN+DIGEST_LEN
- * bytes).
- */
-static crypt_path_t *
-create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
-{
- crypt_path_t *hop = NULL;
- char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
-
- /* first DH1024_KEY_LEN bytes are g^y from the service. Finish the dh
- * handshake...*/
- tor_assert(circ->build_state);
- tor_assert(circ->build_state->pending_final_cpath);
- hop = circ->build_state->pending_final_cpath;
-
- tor_assert(hop->rend_dh_handshake_state);
- if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->rend_dh_handshake_state,
- (char*)rend_cell_body, DH1024_KEY_LEN,
- keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
- log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
- goto err;
- }
- /* ... and set up cpath. */
- if (cpath_init_circuit_crypto(hop,
- keys+DIGEST_LEN, sizeof(keys)-DIGEST_LEN,
- 0, 0) < 0)
- goto err;
-
- /* Check whether the digest is right... */
- if (tor_memneq(keys, rend_cell_body+DH1024_KEY_LEN, DIGEST_LEN)) {
- log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
- goto err;
- }
-
- /* clean up the crypto stuff we just made */
- crypto_dh_free(hop->rend_dh_handshake_state);
- hop->rend_dh_handshake_state = NULL;
-
- goto done;
-
- err:
- hop = NULL;
-
- done:
- memwipe(keys, 0, sizeof(keys));
- return hop;
-}
-
/** Append the final hop to the cpath of the rend circ, and mark
* circ ready for use to transfer HS relay cells. */
static void
@@ -184,13 +132,6 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop,
/* Append the hop to the cpath of this circuit */
cpath_extend_linked_list(&circ->cpath, hop);
- /* In legacy code, 'pending_final_cpath' points to the final hop we just
- * appended to the cpath. We set the original pointer to NULL so that we
- * don't double free it. */
- if (circ->build_state) {
- circ->build_state->pending_final_cpath = NULL;
- }
-
/* Finally, mark circuit as ready to be used for client streams */
if (!is_service_side) {
circuit_try_attaching_streams(circ);
@@ -198,7 +139,7 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop,
}
/** For a given circuit and a service introduction point object, register the
- * intro circuit to the circuitmap. This supports legacy intro point. */
+ * intro circuit to the circuitmap. */
static void
register_intro_circ(const hs_service_intro_point_t *ip,
origin_circuit_t *circ)
@@ -206,13 +147,8 @@ register_intro_circ(const hs_service_intro_point_t *ip,
tor_assert(ip);
tor_assert(circ);
- if (ip->base.is_only_legacy) {
- hs_circuitmap_register_intro_circ_v2_service_side(circ,
- ip->legacy_key_digest);
- } else {
- hs_circuitmap_register_intro_circ_v3_service_side(circ,
- &ip->auth_key_kp.pubkey);
- }
+ hs_circuitmap_register_intro_circ_v3_service_side(circ,
+ &ip->auth_key_kp.pubkey);
}
/** Return the number of opened introduction circuit for the given circuit that
@@ -605,10 +541,6 @@ setup_introduce1_data(const hs_desc_intro_point_t *ip,
/* Populate the introduce1 data object. */
memset(intro1_data, 0, sizeof(hs_cell_introduce1_data_t));
- if (ip->legacy.key != NULL) {
- intro1_data->is_legacy = 1;
- intro1_data->legacy_key = ip->legacy.key;
- }
intro1_data->auth_pk = &ip->auth_key_cert->signed_key;
intro1_data->enc_pk = &ip->enc_key;
intro1_data->subcredential = subcredential;
@@ -635,8 +567,8 @@ cleanup_on_close_client_circ(circuit_t *circ)
if (circuit_is_hs_v3(circ)) {
hs_client_circuit_cleanup_on_close(circ);
}
- /* It is possible the circuit has an HS purpose but no identifier (rend_data
- * or hs_ident). Thus possible that this passes through. */
+ /* It is possible the circuit has an HS purpose but no identifier (hs_ident).
+ * Thus possible that this passes through. */
}
/** Helper: cleanup function for client circuit. This is for every HS version.
@@ -649,8 +581,8 @@ cleanup_on_free_client_circ(circuit_t *circ)
if (circuit_is_hs_v3(circ)) {
hs_client_circuit_cleanup_on_free(circ);
}
- /* It is possible the circuit has an HS purpose but no identifier (rend_data
- * or hs_ident). Thus possible that this passes through. */
+ /* It is possible the circuit has an HS purpose but no identifier (hs_ident).
+ * Thus possible that this passes through. */
}
/* ========== */
@@ -664,12 +596,7 @@ hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
{
tor_assert(ip);
- if (ip->base.is_only_legacy) {
- return hs_circuitmap_get_intro_circ_v2_service_side(ip->legacy_key_digest);
- } else {
- return hs_circuitmap_get_intro_circ_v3_service_side(
- &ip->auth_key_kp.pubkey);
- }
+ return hs_circuitmap_get_intro_circ_v3_service_side(&ip->auth_key_kp.pubkey);
}
/** Return an introduction point established circuit matching the given intro
@@ -682,12 +609,7 @@ hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
tor_assert(ip);
- if (ip->base.is_only_legacy) {
- circ = hs_circuitmap_get_intro_circ_v2_service_side(ip->legacy_key_digest);
- } else {
- circ = hs_circuitmap_get_intro_circ_v3_service_side(
- &ip->auth_key_kp.pubkey);
- }
+ circ = hs_circuitmap_get_intro_circ_v3_service_side(&ip->auth_key_kp.pubkey);
/* Only return circuit if it is established. */
return (circ && TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO) ?
@@ -695,8 +617,7 @@ hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
}
/** Called when we fail building a rendezvous circuit at some point other than
- * the last hop: launches a new circuit to the same rendezvous point. This
- * supports legacy service.
+ * the last hop: launches a new circuit to the same rendezvous point.
*
* We currently relaunch connections to rendezvous points if:
* - A rendezvous circuit timed out before connecting to RP.
@@ -726,8 +647,6 @@ hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ)
/* Legacy services don't have a hidden service ident. */
if (circ->hs_ident) {
retry_service_rendezvous_point(circ);
- } else {
- rend_service_relaunch_rendezvous(circ);
}
done:
@@ -762,9 +681,7 @@ hs_circ_launch_intro_point(hs_service_t *service,
goto end;
}
/* We only use a one-hop path on the first attempt. If the first attempt
- * fails, we use a 3-hop path for reachability / reliability.
- * (Unlike v2, retries is incremented by the caller before it calls this
- * function.) */
+ * fails, we use a 3-hop path for reachability / reliability. */
if (direct_conn && ip->circuit_retries == 1) {
circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
}
@@ -952,10 +869,8 @@ hs_circ_handle_intro_established(const hs_service_t *service,
}
/* Try to parse the payload into a cell making sure we do actually have a
- * valid cell. For a legacy node, it's an empty payload so as long as we
- * have the cell, we are good. */
- if (!ip->base.is_only_legacy &&
- hs_cell_parse_intro_established(payload, payload_len) < 0) {
+ * valid cell. */
+ if (hs_cell_parse_intro_established(payload, payload_len) < 0) {
log_warn(LD_REND, "Unable to parse the INTRO_ESTABLISHED cell on "
"circuit %u for service %s",
TO_CIRCUIT(circ)->n_circ_id,
@@ -1112,31 +1027,6 @@ hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
return 0;
}
-/** We are a v2 legacy HS client and we just received a RENDEZVOUS1 cell
- * rend_cell_body on circ. Finish up the DH key exchange and then
- * extend the crypt path of circ so that the hidden service is on the
- * other side. */
-int
-hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ,
- const uint8_t *rend_cell_body)
-{
-
- if (BUG(!circuit_purpose_is_correct_for_rend(
- TO_CIRCUIT(circ)->purpose, 0))) {
- return -1;
- }
-
- crypt_path_t *hop = create_rend_cpath_legacy(circ, rend_cell_body);
- if (!hop) {
- log_warn(LD_GENERAL, "Couldn't get v2 cpath.");
- return -1;
- }
-
- finalize_rend_circuit(circ, hop, 0);
-
- return 0;
-}
-
/** Given the introduction circuit intro_circ, the rendezvous circuit
* rend_circ, a descriptor intro point object ip and the service's
* subcredential, send an INTRODUCE1 cell on intro_circ.
@@ -1381,31 +1271,20 @@ hs_circ_is_rend_sent_in_intro1(const origin_circuit_t *circ)
* confirmed rendezsvous circuit but without an introduction ACK. */
tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_REND_READY);
- /* The v2 and v3 circuit are handled differently:
- *
- * v2: A circ's pending_final_cpath field is non-NULL iff it is a rend circ
- * and we have tried to send an INTRODUCE1 cell specifying it. Thus, if the
- * pending_final_cpath field *is* NULL, then we want to not spare it.
- *
- * v3: When the INTRODUCE1 cell is sent, the introduction encryption public
+ /* When the INTRODUCE1 cell is sent, the introduction encryption public
* key is copied in the rendezvous circuit hs identifier. If it is a valid
* key, we know that this circuit is waiting the ACK on the introduction
* circuit. We want to _not_ spare the circuit if the key was never set. */
- if (circ->rend_data) {
- /* v2. */
- if (circ->build_state && circ->build_state->pending_final_cpath != NULL) {
- return true;
- }
- } else if (circ->hs_ident) {
+ if (circ->hs_ident) {
/* v3. */
if (curve25519_public_key_is_ok(&circ->hs_ident->intro_enc_pk)) {
return true;
}
} else {
- /* A circuit with an HS purpose without an hs_ident or rend_data in theory
- * can not happen. In case, scream loudly and return false to the caller
- * that the rendezvous was not sent in the INTRO1 cell. */
+ /* A circuit with an HS purpose without an hs_ident in theory can not
+ * happen. In case, scream loudly and return false to the caller that the
+ * rendezvous was not sent in the INTRO1 cell. */
tor_assert_nonfatal_unreached();
}
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 28bbe72459..f1c17f4f90 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1950,11 +1950,6 @@ hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn)
{
tor_assert(connection_edge_is_rendezvous_stream(conn));
- if (BUG(conn->rend_data && conn->hs_ident)) {
- log_warn(LD_BUG, "Stream had both rend_data and hs_ident..."
- "Prioritizing hs_ident");
- }
-
if (conn->hs_ident) { /* It's v3: pass it to the prop224 handler */
note_connection_attempt_succeeded(conn->hs_ident);
return;
@@ -2094,8 +2089,6 @@ hs_client_circuit_has_opened(origin_circuit_t *circ)
{
tor_assert(circ);
- /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
- * identifier hs_ident. Can't be both. */
switch (TO_CIRCUIT(circ)->purpose) {
case CIRCUIT_PURPOSE_C_INTRODUCING:
if (circ->hs_ident) {
diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c
index 55cc4d5518..ae4a9cd970 100644
--- a/src/feature/hs/hs_common.c
+++ b/src/feature/hs/hs_common.c
@@ -33,7 +33,6 @@
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerset.h"
#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendservice.h"
#include "feature/relay/routermode.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
@@ -337,258 +336,6 @@ hs_get_start_time_of_next_time_period(time_t now)
return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
}
-/** Create a new rend_data_t for a specific given version.
- * Return a pointer to the newly allocated data structure. */
-static rend_data_t *
-rend_data_alloc(uint32_t version)
-{
- rend_data_t *rend_data = NULL;
-
- switch (version) {
- case HS_VERSION_TWO:
- {
- rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2));
- v2->base_.version = HS_VERSION_TWO;
- v2->base_.hsdirs_fp = smartlist_new();
- rend_data = &v2->base_;
- break;
- }
- default:
- tor_assert(0);
- break;
- }
-
- return rend_data;
-}
-
-/** Free all storage associated with data */
-void
-rend_data_free_(rend_data_t *data)
-{
- if (!data) {
- return;
- }
- /* By using our allocation function, this should always be set. */
- tor_assert(data->hsdirs_fp);
- /* Cleanup the HSDir identity digest. */
- SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
- smartlist_free(data->hsdirs_fp);
- /* Depending on the version, cleanup. */
- switch (data->version) {
- case HS_VERSION_TWO:
- {
- rend_data_v2_t *v2_data = TO_REND_DATA_V2(data);
- tor_free(v2_data);
- break;
- }
- default:
- tor_assert(0);
- }
-}
-
-/** Allocate and return a deep copy of data. */
-rend_data_t *
-rend_data_dup(const rend_data_t *data)
-{
- rend_data_t *data_dup = NULL;
- smartlist_t *hsdirs_fp = smartlist_new();
-
- tor_assert(data);
- tor_assert(data->hsdirs_fp);
-
- SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
- smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN)));
-
- switch (data->version) {
- case HS_VERSION_TWO:
- {
- rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data),
- sizeof(*v2_data));
- data_dup = &v2_data->base_;
- data_dup->hsdirs_fp = hsdirs_fp;
- break;
- }
- default:
- tor_assert(0);
- break;
- }
-
- return data_dup;
-}
-
-/** Compute the descriptor ID for each HS descriptor replica and save them. A
- * valid onion address must be present in the rend_data.
- *
- * Return 0 on success else -1. */
-static int
-compute_desc_id(rend_data_t *rend_data)
-{
- int ret = 0;
- unsigned replica;
- time_t now = time(NULL);
-
- tor_assert(rend_data);
-
- switch (rend_data->version) {
- case HS_VERSION_TWO:
- {
- rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
- /* Compute descriptor ID for each replicas. */
- for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id);
- replica++) {
- ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica],
- v2_data->onion_address,
- v2_data->descriptor_cookie,
- now, replica);
- if (ret < 0) {
- goto end;
- }
- }
- break;
- }
- default:
- tor_assert(0);
- }
-
- end:
- return ret;
-}
-
-/** Allocate and initialize a rend_data_t object for a service using the
- * provided arguments. All arguments are optional (can be NULL), except from
- * onion_address which MUST be set. The pk_digest is the hash of
- * the service private key. The cookie is the rendezvous cookie and
- * auth_type is which authentiation this service is configured with.
- *
- * Return a valid rend_data_t pointer. This only returns a version 2 object of
- * rend_data_t. */
-rend_data_t *
-rend_data_service_create(const char *onion_address, const char *pk_digest,
- const uint8_t *cookie, rend_auth_type_t auth_type)
-{
- /* Create a rend_data_t object for version 2. */
- rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
- rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
-
- /* We need at least one else the call is wrong. */
- tor_assert(onion_address != NULL);
-
- if (pk_digest) {
- memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest));
- }
- if (cookie) {
- memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie));
- }
-
- strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
- v2->auth_type = auth_type;
-
- return rend_data;
-}
-
-/** Allocate and initialize a rend_data_t object for a client request using the
- * given arguments. Either an onion address or a descriptor ID is needed. Both
- * can be given but in this case only the onion address will be used to make
- * the descriptor fetch. The cookie is the rendezvous cookie and
- * auth_type is which authentiation the service is configured with.
- *
- * Return a valid rend_data_t pointer or NULL on error meaning the
- * descriptor IDs couldn't be computed from the given data. */
-rend_data_t *
-rend_data_client_create(const char *onion_address, const char *desc_id,
- const char *cookie, rend_auth_type_t auth_type)
-{
- /* Create a rend_data_t object for version 2. */
- rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
- rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
-
- /* We need at least one else the call is wrong. */
- tor_assert(onion_address != NULL || desc_id != NULL);
-
- if (cookie) {
- memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie));
- }
- if (desc_id) {
- memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch));
- }
- if (onion_address) {
- strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
- if (compute_desc_id(rend_data) < 0) {
- goto error;
- }
- }
-
- v2->auth_type = auth_type;
-
- return rend_data;
-
- error:
- rend_data_free(rend_data);
- return NULL;
-}
-
-/** Return the onion address from the rend data. Depending on the version,
- * the size of the address can vary but it's always NUL terminated. */
-const char *
-rend_data_get_address(const rend_data_t *rend_data)
-{
- tor_assert(rend_data);
-
- switch (rend_data->version) {
- case HS_VERSION_TWO:
- return TO_REND_DATA_V2(rend_data)->onion_address;
- default:
- /* We should always have a supported version. */
- tor_assert_unreached();
- }
-}
-
-/** Return the descriptor ID for a specific replica number from the rend
- * data. The returned data is a binary digest and depending on the version its
- * size can vary. The size of the descriptor ID is put in len_out if
- * non NULL. */
-const char *
-rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica,
- size_t *len_out)
-{
- tor_assert(rend_data);
-
- switch (rend_data->version) {
- case HS_VERSION_TWO:
- tor_assert(replica < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS);
- if (len_out) {
- *len_out = DIGEST_LEN;
- }
- return TO_REND_DATA_V2(rend_data)->descriptor_id[replica];
- default:
- /* We should always have a supported version. */
- tor_assert_unreached();
- }
-}
-
-/** Return the public key digest using the given rend_data. The size of
- * the digest is put in len_out (if set) which can differ depending on
- * the version. */
-const uint8_t *
-rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
-{
- tor_assert(rend_data);
-
- switch (rend_data->version) {
- case HS_VERSION_TWO:
- {
- const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
- if (len_out) {
- *len_out = sizeof(v2_data->rend_pk_digest);
- }
- return (const uint8_t *) v2_data->rend_pk_digest;
- }
- default:
- /* We should always have a supported version. */
- tor_assert_unreached();
- }
-}
-
/** Using the given time period number, compute the disaster shared random
* value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
static void
@@ -1981,9 +1728,7 @@ hs_dec_rdv_stream_counter(origin_circuit_t *circ)
{
tor_assert(circ);
- if (circ->rend_data) {
- circ->rend_data->nr_streams--;
- } else if (circ->hs_ident) {
+ if (circ->hs_ident) {
circ->hs_ident->num_rdv_streams--;
} else {
/* Should not be called if this circuit is not for hidden service. */
@@ -1998,9 +1743,7 @@ hs_inc_rdv_stream_counter(origin_circuit_t *circ)
{
tor_assert(circ);
- if (circ->rend_data) {
- circ->rend_data->nr_streams++;
- } else if (circ->hs_ident) {
+ if (circ->hs_ident) {
circ->hs_ident->num_rdv_streams++;
} else {
/* Should not be called if this circuit is not for hidden service. */
diff --git a/src/feature/hs/hs_common.h b/src/feature/hs/hs_common.h
index 894b0e4844..5ddc6fd2d8 100644
--- a/src/feature/hs/hs_common.h
+++ b/src/feature/hs/hs_common.h
@@ -19,13 +19,10 @@ struct ed25519_keypair_t;
/* Trunnel */
#include "trunnel/ed25519_cert.h"
-/** Protocol version 2. Use this instead of hardcoding "2" in the code base,
- * this adds a clearer semantic to the value when used. */
-#define HS_VERSION_TWO 2
/** Version 3 of the protocol (prop224). */
#define HS_VERSION_THREE 3
/** Earliest version we support. */
-#define HS_VERSION_MIN HS_VERSION_TWO
+#define HS_VERSION_MIN HS_VERSION_THREE
/** Latest version we support. */
#define HS_VERSION_MAX HS_VERSION_THREE
@@ -194,24 +191,6 @@ void hs_build_blinded_keypair(const struct ed25519_keypair_t *kp,
struct ed25519_keypair_t *kp_out);
int hs_service_requires_uptime_circ(const smartlist_t *ports);
-void rend_data_free_(rend_data_t *data);
-#define rend_data_free(data) \
- FREE_AND_NULL(rend_data_t, rend_data_free_, (data))
-rend_data_t *rend_data_dup(const rend_data_t *data);
-rend_data_t *rend_data_client_create(const char *onion_address,
- const char *desc_id,
- const char *cookie,
- rend_auth_type_t auth_type);
-rend_data_t *rend_data_service_create(const char *onion_address,
- const char *pk_digest,
- const uint8_t *cookie,
- rend_auth_type_t auth_type);
-const char *rend_data_get_address(const rend_data_t *rend_data);
-const char *rend_data_get_desc_id(const rend_data_t *rend_data,
- uint8_t replica, size_t *len_out);
-const uint8_t *rend_data_get_pk_digest(const rend_data_t *rend_data,
- size_t *len_out);
-
routerstatus_t *pick_hsdir(const char *desc_id, const char *desc_id_base32);
struct hs_subcredential_t;
diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c
index b100acfcd4..e2e1756f21 100644
--- a/src/feature/hs/hs_config.c
+++ b/src/feature/hs/hs_config.c
@@ -28,7 +28,6 @@
#include "feature/hs/hs_client.h"
#include "feature/hs/hs_ob.h"
#include "feature/hs/hs_service.h"
-#include "feature/rend/rendservice.h"
#include "lib/encoding/confline.h"
#include "lib/conf/confdecl.h"
#include "lib/confmgt/confmgt.h"
@@ -101,23 +100,6 @@ stage_services(smartlist_t *service_list)
{
tor_assert(service_list);
- /* This is v2 specific. Trigger service pruning which will make sure the
- * just configured services end up in the main global list. It should only
- * be done in non validation mode because v2 subsystem handles service
- * object differently. */
- rend_service_prune_list();
-
- /* Cleanup v2 service from the list, we don't need those object anymore
- * because we validated them all against the others and we want to stage
- * only >= v3 service. And remember, v2 has a different object type which is
- * shadow copied from an hs_service_t type. */
- SMARTLIST_FOREACH_BEGIN(service_list, hs_service_t *, s) {
- if (s->config.version == HS_VERSION_TWO) {
- SMARTLIST_DEL_CURRENT(service_list, s);
- hs_service_free(s);
- }
- } SMARTLIST_FOREACH_END(s);
-
/* This is >= v3 specific. Using the newly configured service list, stage
* them into our global state. Every object ownership is lost after. */
hs_service_stage_services(service_list);
@@ -145,8 +127,7 @@ service_is_duplicate_in_list(const smartlist_t *service_list,
/* XXX: Validate if we have any service that has the given service dir path.
* This has two problems:
*
- * a) It's O(n^2), but the same comment from the bottom of
- * rend_config_services() should apply.
+ * a) It's O(n^2)
*
* b) We only compare directory paths as strings, so we can't
* detect two distinct paths that specify the same directory
@@ -269,15 +250,6 @@ config_has_invalid_options(const config_line_t *line_,
NULL /* End marker. */
};
- const char *opts_exclude_v2[] = {
- "HiddenServiceExportCircuitID",
- "HiddenServiceEnableIntroDoSDefense",
- "HiddenServiceEnableIntroDoSRatePerSec",
- "HiddenServiceEnableIntroDoSBurstPerSec",
- "HiddenServiceOnionBalanceInstance",
- NULL /* End marker. */
- };
-
/* Defining the size explicitly allows us to take advantage of the compiler
* which warns us if we ever bump the max version but forget to grow this
* array. The plus one is because we have a version 0 :). */
@@ -286,7 +258,7 @@ config_has_invalid_options(const config_line_t *line_,
} exclude_lists[HS_VERSION_MAX + 1] = {
{ NULL }, /* v0. */
{ NULL }, /* v1. */
- { opts_exclude_v2 }, /* v2 */
+ { NULL }, /* v2. */
{ opts_exclude_v3 }, /* v3. */
};
@@ -310,16 +282,6 @@ config_has_invalid_options(const config_line_t *line_,
"version %" PRIu32 " of service in %s",
opt, service->config.version,
service->config.directory_path);
-
- if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) {
- /* Special case this v2 option so that we can offer alternatives.
- * If more such special cases appear, it would be good to
- * generalize the exception mechanism here. */
- log_warn(LD_CONFIG, "For v3 onion service client authorization, "
- "please read the 'CLIENT AUTHORIZATION' section in the "
- "manual.");
- }
-
ret = 1;
/* Continue the loop so we can find all possible options. */
continue;
@@ -521,7 +483,7 @@ config_generic_service(const hs_opts_t *hs_opts,
/* Check if we are configured in non anonymous mode meaning every service
* becomes a single onion service. */
- if (rend_service_non_anonymous_mode_enabled(options)) {
+ if (hs_service_non_anonymous_mode_enabled(options)) {
config->is_single_onion = 1;
}
@@ -594,8 +556,7 @@ config_service(config_line_t *line, const or_options_t *options,
service->config.version = config_learn_service_version(service);
}
- /* We make sure that this set of options for a service are valid that is for
- * instance an option only for v2 is not used for v3. */
+ /* We make sure that this set of options for a service are valid. */
if (config_has_invalid_options(line->next, service)) {
goto err;
}
@@ -604,9 +565,6 @@ config_service(config_line_t *line, const or_options_t *options,
* start just after the service directory line so once we hit another
* directory line, the function knows that it has to stop parsing. */
switch (service->config.version) {
- case HS_VERSION_TWO:
- ret = rend_config_service(hs_opts, options, &service->config);
- break;
case HS_VERSION_THREE:
ret = config_service_v3(hs_opts, &service->config);
break;
@@ -687,11 +645,6 @@ hs_config_service_all(const or_options_t *options, int validate_only)
* services. We don't need those objects anymore. */
SMARTLIST_FOREACH(new_service_list, hs_service_t *, s,
hs_service_free(s));
- /* For the v2 subsystem, the configuration function adds the service
- * object to the staging list and it is transferred in the main list
- * through the prunning process. In validation mode, we thus have to purge
- * the staging list so it's not kept in memory as valid service. */
- rend_service_free_staging_list();
}
/* Success. Note that the service list has no ownership of its content. */
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index 0656224e48..0faa91f871 100644
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -64,7 +64,6 @@
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "feature/dirparse/parsecommon.h"
-#include "feature/rend/rendcache.h"
#include "feature/hs/hs_cache.h"
#include "feature/hs/hs_config.h"
#include "feature/nodelist/torcert.h" /* tor_cert_encode_ed22519() */
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index b33013ba1f..79734a67d5 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -29,7 +29,6 @@
#include "feature/nodelist/nickname.h"
#include "feature/nodelist/node_select.h"
#include "feature/nodelist/nodelist.h"
-#include "feature/rend/rendservice.h"
#include "lib/crypt_ops/crypto_ope.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
@@ -2666,8 +2665,6 @@ run_housekeeping_event(time_t now)
static void
run_build_descriptor_event(time_t now)
{
- /* For v2 services, this step happens in the upload event. */
-
/* Run v3+ events. */
/* We start by rotating the descriptors only if needed. */
rotate_all_descriptors(now);
@@ -2840,11 +2837,6 @@ run_build_circuit_event(time_t now)
return;
}
- /* Run v2 check. */
- if (rend_num_services() > 0) {
- rend_consider_services_intro_points(now);
- }
-
/* Run v3+ check. */
FOR_EACH_SERVICE_BEGIN(service) {
/* For introduction circuit, we need to make sure we don't stress too much
@@ -3280,13 +3272,6 @@ refresh_service_descriptor(const hs_service_t *service,
STATIC void
run_upload_descriptor_event(time_t now)
{
- /* v2 services use the same function for descriptor creation and upload so
- * we do everything here because the intro circuits were checked before. */
- if (rend_num_services() > 0) {
- rend_consider_services_upload(now);
- rend_consider_descriptor_republication();
- }
-
/* Run v3+ check. */
FOR_EACH_SERVICE_BEGIN(service) {
FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
@@ -3615,6 +3600,54 @@ service_encode_descriptor(const hs_service_t *service,
/* Public API */
/* ========== */
+/* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent?
+ */
+static int
+hs_service_non_anonymous_mode_consistent(const or_options_t *options)
+{
+ /* !! is used to make these options boolean */
+ return (!! options->HiddenServiceSingleHopMode ==
+ !! options->HiddenServiceNonAnonymousMode);
+}
+
+/* Do the options allow onion services to make direct (non-anonymous)
+ * connections to introduction or rendezvous points?
+ * Must only be called after options_validate_single_onion() has successfully
+ * checked onion service option consistency.
+ * Returns true if tor is in HiddenServiceSingleHopMode. */
+int
+hs_service_allow_non_anonymous_connection(const or_options_t *options)
+{
+ tor_assert(hs_service_non_anonymous_mode_consistent(options));
+ return options->HiddenServiceSingleHopMode ? 1 : 0;
+}
+
+/* Do the options allow us to reveal the exact startup time of the onion
+ * service?
+ * Single Onion Services prioritise availability over hiding their
+ * startup time, as their IP address is publicly discoverable anyway.
+ * Must only be called after options_validate_single_onion() has successfully
+ * checked onion service option consistency.
+ * Returns true if tor is in non-anonymous hidden service mode. */
+int
+hs_service_reveal_startup_time(const or_options_t *options)
+{
+ tor_assert(hs_service_non_anonymous_mode_consistent(options));
+ return hs_service_non_anonymous_mode_enabled(options);
+}
+
+/* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode
+ * config option?
+ * Must only be called after options_validate_single_onion() has successfully
+ * checked onion service option consistency.
+ */
+int
+hs_service_non_anonymous_mode_enabled(const or_options_t *options)
+{
+ tor_assert(hs_service_non_anonymous_mode_consistent(options));
+ return options->HiddenServiceNonAnonymousMode ? 1 : 0;
+}
+
/** Called when a circuit was just cleaned up. This is done right before the
* circuit is marked for close. */
void
@@ -3641,7 +3674,7 @@ hs_service_circuit_cleanup_on_close(const circuit_t *circ)
}
}
-/** This is called every time the service map (v2 or v3) changes that is if an
+/** This is called every time the service map changes that is if an
* element is added or removed. */
void
hs_service_map_has_changed(void)
@@ -3992,9 +4025,6 @@ hs_service_lists_fnames_for_sandbox(smartlist_t *file_list,
tor_assert(file_list);
tor_assert(dir_list);
- /* Add files and dirs for legacy services. */
- rend_services_add_filenames_to_lists(file_list, dir_list);
-
/* Add files and dirs for v3+. */
FOR_EACH_SERVICE_BEGIN(service) {
/* Skip ephemeral service, they don't touch the disk. */
@@ -4046,9 +4076,6 @@ hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload,
if (circ->hs_ident) {
ret = service_handle_introduce2(circ, payload, payload_len);
hs_stats_note_introduce2_cell(1);
- } else {
- ret = rend_service_receive_introduction(circ, payload, payload_len);
- hs_stats_note_introduce2_cell(0);
}
done:
@@ -4075,12 +4102,8 @@ hs_service_receive_intro_established(origin_circuit_t *circ,
goto err;
}
- /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
- * identifier hs_ident. Can't be both. */
if (circ->hs_ident) {
ret = service_handle_intro_established(circ, payload, payload_len);
- } else {
- ret = rend_service_intro_established(circ, payload, payload_len);
}
if (ret < 0) {
@@ -4099,21 +4122,15 @@ hs_service_circuit_has_opened(origin_circuit_t *circ)
{
tor_assert(circ);
- /* Handle both version. v2 uses rend_data and v3 uses the hs circuit
- * identifier hs_ident. Can't be both. */
switch (TO_CIRCUIT(circ)->purpose) {
case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
if (circ->hs_ident) {
service_intro_circ_has_opened(circ);
- } else {
- rend_service_intro_has_opened(circ);
}
break;
case CIRCUIT_PURPOSE_S_CONNECT_REND:
if (circ->hs_ident) {
service_rendezvous_circ_has_opened(circ);
- } else {
- rend_service_rendezvous_has_opened(circ);
}
break;
default:
@@ -4141,11 +4158,6 @@ hs_service_get_version_from_key(const hs_service_t *service)
version = HS_VERSION_THREE;
goto end;
}
- /* Version 2 check. */
- if (rend_service_key_on_disk(directory_path)) {
- version = HS_VERSION_TWO;
- goto end;
- }
end:
return version;
@@ -4156,13 +4168,6 @@ hs_service_get_version_from_key(const hs_service_t *service)
int
hs_service_load_all_keys(void)
{
- /* Load v2 service keys if we have v2. */
- if (rend_num_services() != 0) {
- if (rend_service_load_all_keys(NULL) < 0) {
- goto err;
- }
- }
-
/* Load or/and generate them for v3+. */
SMARTLIST_FOREACH_BEGIN(hs_service_staging_list, hs_service_t *, service) {
/* Ignore ephemeral service, they already have their keys set. */
@@ -4362,9 +4367,6 @@ hs_service_init(void)
tor_assert(!hs_service_map);
tor_assert(!hs_service_staging_list);
- /* v2 specific. */
- rend_service_init();
-
hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht));
HT_INIT(hs_service_ht, hs_service_map);
@@ -4375,7 +4377,6 @@ hs_service_init(void)
void
hs_service_free_all(void)
{
- rend_service_free_all();
service_free_all();
hs_config_free_all();
}
diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h
index 54d646d3e4..be01ce3cfb 100644
--- a/src/feature/hs/hs_service.h
+++ b/src/feature/hs/hs_service.h
@@ -398,6 +398,11 @@ service_authorized_client_free_(hs_service_authorized_client_t *client);
FREE_AND_NULL(hs_service_authorized_client_t, \
service_authorized_client_free_, (c))
+/* Config options. */
+int hs_service_allow_non_anonymous_connection(const or_options_t *options);
+int hs_service_non_anonymous_mode_enabled(const or_options_t *options);
+int hs_service_reveal_startup_time(const or_options_t *options);
+
#ifdef HS_SERVICE_PRIVATE
#ifdef TOR_UNIT_TESTS
diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c
index 7387f0d1d3..f807a34449 100644
--- a/src/feature/nodelist/nodelist.c
+++ b/src/feature/nodelist/nodelist.c
@@ -64,7 +64,6 @@
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerset.h"
#include "feature/nodelist/torcert.h"
-#include "feature/rend/rendservice.h"
#include "lib/encoding/binascii.h"
#include "lib/err/backtrace.h"
#include "lib/geoip/geoip.h"
@@ -2471,7 +2470,6 @@ void
router_dir_info_changed(void)
{
need_to_update_have_min_dir_info = 1;
- rend_hsdir_routers_changed();
hs_service_dir_info_changed();
hs_client_dir_info_changed();
}
diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c
index 137c478fef..1b438b0330 100644
--- a/src/feature/relay/selftest.c
+++ b/src/feature/relay/selftest.c
@@ -526,8 +526,8 @@ router_perform_bandwidth_test(int num_circs, time_t now)
origin_circuit_t *circ = NULL;
log_notice(LD_OR,"Performing bandwidth self-test...done.");
- while ((circ = circuit_get_next_by_pk_and_purpose(circ, NULL,
- CIRCUIT_PURPOSE_TESTING))) {
+ while ((circ = circuit_get_next_by_purpose(circ,
+ CIRCUIT_PURPOSE_TESTING))) {
/* dump cells_per_circuit drop cells onto this circ */
int i = cells_per_circuit;
if (circ->base_.state != CIRCUIT_STATE_OPEN)
diff --git a/src/feature/rend/feature_rend.md b/src/feature/rend/feature_rend.md
deleted file mode 100644
index bfd8ae3dbc..0000000000
--- a/src/feature/rend/feature_rend.md
+++ /dev/null
@@ -1,7 +0,0 @@
-@dir /feature/rend
-@brief feature/rend: version 2 (old) hidden services
-
-This directory implements the v2 onion service protocol,
-as specified in
-[rend-spec-v2.txt](https://gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt).
-
diff --git a/src/feature/rend/include.am b/src/feature/rend/include.am
index 8ad85bd7b1..d338869b5b 100644
--- a/src/feature/rend/include.am
+++ b/src/feature/rend/include.am
@@ -1,20 +1,10 @@
# ADD_C_FILE: INSERT SOURCES HERE.
LIBTOR_APP_A_SOURCES += \
- src/feature/rend/rendcache.c \
src/feature/rend/rendcommon.c \
- src/feature/rend/rendmid.c \
- src/feature/rend/rendparse.c \
- src/feature/rend/rendservice.c
+ src/feature/rend/rendmid.c
# ADD_C_FILE: INSERT HEADERS HERE.
noinst_HEADERS += \
- src/feature/rend/rend_authorized_client_st.h \
- src/feature/rend/rend_encoded_v2_service_descriptor_st.h \
- src/feature/rend/rend_intro_point_st.h \
- src/feature/rend/rend_service_descriptor_st.h \
- src/feature/rend/rendcache.h \
src/feature/rend/rendcommon.h \
- src/feature/rend/rendmid.h \
- src/feature/rend/rendparse.h \
- src/feature/rend/rendservice.h
+ src/feature/rend/rendmid.h
diff --git a/src/feature/rend/rend_authorized_client_st.h b/src/feature/rend/rend_authorized_client_st.h
deleted file mode 100644
index c6a6676da9..0000000000
--- a/src/feature/rend/rend_authorized_client_st.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * @file rend_authorized_client_st.h
- * @brief Hidden-service authorized client structure.
- **/
-
-#ifndef REND_AUTHORIZED_CLIENT_ST_H
-#define REND_AUTHORIZED_CLIENT_ST_H
-
-/** Hidden-service side configuration of client authorization. */
-struct rend_authorized_client_t {
- char *client_name;
- uint8_t descriptor_cookie[REND_DESC_COOKIE_LEN];
- crypto_pk_t *client_key;
-};
-
-#endif /* !defined(REND_AUTHORIZED_CLIENT_ST_H) */
diff --git a/src/feature/rend/rend_encoded_v2_service_descriptor_st.h b/src/feature/rend/rend_encoded_v2_service_descriptor_st.h
deleted file mode 100644
index fea91b876a..0000000000
--- a/src/feature/rend/rend_encoded_v2_service_descriptor_st.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * @file rend_encoded_v2_service_descriptor_st.h
- * @brief Encoded v2 HS descriptor structure.
- **/
-
-#ifndef REND_ENCODED_V2_SERVICE_DESCRIPTOR_ST_H
-#define REND_ENCODED_V2_SERVICE_DESCRIPTOR_ST_H
-
-/** ASCII-encoded v2 hidden service descriptor. */
-struct rend_encoded_v2_service_descriptor_t {
- char desc_id[DIGEST_LEN]; /**< Descriptor ID. */
- char *desc_str; /**< Descriptor string. */
-};
-
-#endif /* !defined(REND_ENCODED_V2_SERVICE_DESCRIPTOR_ST_H) */
diff --git a/src/feature/rend/rend_intro_point_st.h b/src/feature/rend/rend_intro_point_st.h
deleted file mode 100644
index 4f0aa01523..0000000000
--- a/src/feature/rend/rend_intro_point_st.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * @file rend_intro_point_st.h
- * @brief v2 hidden service introduction point structure.
- **/
-
-#ifndef REND_INTRO_POINT_ST_H
-#define REND_INTRO_POINT_ST_H
-
-struct replaycache_t;
-struct crypto_pk_t;
-
-/** Introduction point information. Used both in rend_service_t (on
- * the service side) and in rend_service_descriptor_t (on both the
- * client and service side). */
-struct rend_intro_point_t {
- extend_info_t *extend_info; /**< Extend info for connecting to this
- * introduction point via a multi-hop path. */
- struct crypto_pk_t *intro_key; /**< Introduction key that replaces the
- * service key, if this descriptor is V2. */
-
- /** (Client side only) Flag indicating that a timeout has occurred
- * after sending an INTRODUCE cell to this intro point. After a
- * timeout, an intro point should not be tried again during the same
- * hidden service connection attempt, but it may be tried again
- * during a future connection attempt. */
- unsigned int timed_out : 1;
-
- /** (Client side only) The number of times we have failed to build a
- * circuit to this intro point for some reason other than our
- * circuit-build timeout. See also MAX_INTRO_POINT_REACHABILITY_FAILURES. */
- unsigned int unreachable_count : 3;
-
- /** (Service side only) Flag indicating that this intro point was
- * included in the last HS descriptor we generated. */
- unsigned int listed_in_last_desc : 1;
-
- /** (Service side only) A replay cache recording the RSA-encrypted parts
- * of INTRODUCE2 cells this intro point's circuit has received. This is
- * used to prevent replay attacks. */
- struct replaycache_t *accepted_intro_rsa_parts;
-
- /** (Service side only) Count of INTRODUCE2 cells accepted from this
- * intro point.
- */
- int accepted_introduce2_count;
-
- /** (Service side only) Maximum number of INTRODUCE2 cells that this IP
- * will accept. This is a random value between
- * INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS and
- * INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS. */
- int max_introductions;
-
- /** (Service side only) The time at which this intro point was first
- * published, or -1 if this intro point has not yet been
- * published. */
- time_t time_published;
-
- /** (Service side only) The time at which this intro point should
- * (start to) expire, or -1 if we haven't decided when this intro
- * point should expire. */
- time_t time_to_expire;
-
- /** (Service side only) The amount of circuit creation we've made to this
- * intro point. This is incremented every time we do a circuit relaunch on
- * this object which is triggered when the circuit dies but the node is
- * still in the consensus. After MAX_INTRO_POINT_CIRCUIT_RETRIES, we give
- * up on it. */
- unsigned int circuit_retries;
-
- /** (Service side only) Set if this intro point has an established circuit
- * and unset if it doesn't. */
- unsigned int circuit_established:1;
-};
-
-#endif /* !defined(REND_INTRO_POINT_ST_H) */
diff --git a/src/feature/rend/rend_service_descriptor_st.h b/src/feature/rend/rend_service_descriptor_st.h
deleted file mode 100644
index 80c8034f46..0000000000
--- a/src/feature/rend/rend_service_descriptor_st.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * @file rend_service_descriptor_st.h
- * @brief Parsed v2 HS descriptor structure.
- **/
-
-#ifndef REND_SERVICE_DESCRIPTOR_ST_H
-#define REND_SERVICE_DESCRIPTOR_ST_H
-
-#define REND_PROTOCOL_VERSION_BITMASK_WIDTH 16
-
-/** Information used to connect to a hidden service. Used on both the
- * service side and the client side. */
-struct rend_service_descriptor_t {
- crypto_pk_t *pk; /**< This service's public key. */
- int version; /**< Version of the descriptor format: 0 or 2. */
- time_t timestamp; /**< Time when the descriptor was generated. */
- /** Bitmask: which introduce/rendezvous protocols are supported?
- * (We allow bits '0', '1', '2' and '3' to be set.) */
- unsigned protocols : REND_PROTOCOL_VERSION_BITMASK_WIDTH;
- /** List of the service's introduction points. Elements are removed if
- * introduction attempts fail. */
- smartlist_t *intro_nodes;
- /** Has descriptor been uploaded to all hidden service directories? */
- int all_uploads_performed;
- /** List of hidden service directories to which an upload request for
- * this descriptor could be sent. Smartlist exists only when at least one
- * of the previous upload requests failed (otherwise it's not important
- * to know which uploads succeeded and which not). */
- smartlist_t *successful_uploads;
-};
-
-#endif /* !defined(REND_SERVICE_DESCRIPTOR_ST_H) */
diff --git a/src/feature/rend/rendcache.c b/src/feature/rend/rendcache.c
deleted file mode 100644
index a471c8f463..0000000000
--- a/src/feature/rend/rendcache.c
+++ /dev/null
@@ -1,1029 +0,0 @@
-/* Copyright (c) 2015-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file rendcache.c
- * \brief Hidden service descriptor cache.
- **/
-
-#define RENDCACHE_PRIVATE
-#include "feature/rend/rendcache.h"
-
-#include "app/config/config.h"
-#include "feature/stats/rephist.h"
-#include "feature/nodelist/routerlist.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendparse.h"
-
-#include "core/or/extend_info_st.h"
-#include "feature/rend/rend_intro_point_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
-
-#include "lib/ctime/di_ops.h"
-
-/** Map from service id (as generated by rend_get_service_id) to
- * rend_cache_entry_t. */
-STATIC strmap_t *rend_cache = NULL;
-
-/** Map from service id to rend_cache_entry_t; only for hidden services. */
-static strmap_t *rend_cache_local_service = NULL;
-
-/** Map from descriptor id to rend_cache_entry_t; only for hidden service
- * directories. */
-STATIC digestmap_t *rend_cache_v2_dir = NULL;
-
-/** (Client side only) Map from service id to rend_cache_failure_t. This
- * cache is used to track intro point(IP) failures so we know when to keep
- * or discard a new descriptor we just fetched. Here is a description of the
- * cache behavior.
- *
- * Every time tor discards an IP (ex: receives a NACK), we add an entry to
- * this cache noting the identity digest of the IP and it's failure type for
- * the service ID. The reason we indexed this cache by service ID is to
- * differentiate errors that can occur only for a specific service like a
- * NACK for instance. It applies for one but maybe not for the others.
- *
- * Once a service descriptor is fetched and considered valid, each IP is
- * looked up in this cache and if present, it is discarded from the fetched
- * descriptor. At the end, all IP(s) in the cache, for a specific service
- * ID, that were NOT present in the descriptor are removed from this cache.
- * Which means that if at least one IP was not in this cache, thus usable,
- * it's considered a new descriptor so we keep it. Else, if all IPs were in
- * this cache, we discard the descriptor as it's considered unusable.
- *
- * Once a descriptor is removed from the rend cache or expires, the entry
- * in this cache is also removed for the service ID.
- *
- * This scheme allows us to not rely on the descriptor's timestamp (which
- * is rounded down to the hour) to know if we have a newer descriptor. We
- * only rely on the usability of intro points from an internal state. */
-STATIC strmap_t *rend_cache_failure = NULL;
-
-/* DOCDOC */
-STATIC size_t rend_cache_total_allocation = 0;
-
-/** Initializes the service descriptor cache.
-*/
-void
-rend_cache_init(void)
-{
- rend_cache = strmap_new();
- rend_cache_v2_dir = digestmap_new();
- rend_cache_local_service = strmap_new();
- rend_cache_failure = strmap_new();
-}
-
-/** Return the approximate number of bytes needed to hold e. */
-STATIC size_t
-rend_cache_entry_allocation(const rend_cache_entry_t *e)
-{
- if (!e)
- return 0;
-
- /* This doesn't count intro_nodes or key size */
- return sizeof(*e) + e->len + sizeof(*e->parsed);
-}
-
-/* DOCDOC */
-size_t
-rend_cache_get_total_allocation(void)
-{
- return rend_cache_total_allocation;
-}
-
-/** Decrement the total bytes attributed to the rendezvous cache by n. */
-void
-rend_cache_decrement_allocation(size_t n)
-{
- static int have_underflowed = 0;
-
- if (rend_cache_total_allocation >= n) {
- rend_cache_total_allocation -= n;
- } else {
- rend_cache_total_allocation = 0;
- if (! have_underflowed) {
- have_underflowed = 1;
- log_warn(LD_BUG, "Underflow in rend_cache_decrement_allocation");
- }
- }
-}
-
-/** Increase the total bytes attributed to the rendezvous cache by n. */
-void
-rend_cache_increment_allocation(size_t n)
-{
- static int have_overflowed = 0;
- if (rend_cache_total_allocation <= SIZE_MAX - n) {
- rend_cache_total_allocation += n;
- } else {
- rend_cache_total_allocation = SIZE_MAX;
- if (! have_overflowed) {
- have_overflowed = 1;
- log_warn(LD_BUG, "Overflow in rend_cache_increment_allocation");
- }
- }
-}
-
-/** Helper: free a rend cache failure intro object. */
-STATIC void
-rend_cache_failure_intro_entry_free_(rend_cache_failure_intro_t *entry)
-{
- if (entry == NULL) {
- return;
- }
- tor_free(entry);
-}
-
-static void
-rend_cache_failure_intro_entry_free_void(void *entry)
-{
- rend_cache_failure_intro_entry_free_(entry);
-}
-
-/** Allocate a rend cache failure intro object and return it. failure
- * is set into the object. This function can not fail. */
-STATIC rend_cache_failure_intro_t *
-rend_cache_failure_intro_entry_new(rend_intro_point_failure_t failure)
-{
- rend_cache_failure_intro_t *entry = tor_malloc(sizeof(*entry));
- entry->failure_type = failure;
- entry->created_ts = time(NULL);
- return entry;
-}
-
-/** Helper: free a rend cache failure object. */
-STATIC void
-rend_cache_failure_entry_free_(rend_cache_failure_t *entry)
-{
- if (entry == NULL) {
- return;
- }
-
- /* Free and remove every intro failure object. */
- digestmap_free(entry->intro_failures,
- rend_cache_failure_intro_entry_free_void);
-
- tor_free(entry);
-}
-
-/** Helper: deallocate a rend_cache_failure_t. (Used with strmap_free(),
- * which requires a function pointer whose argument is void*). */
-STATIC void
-rend_cache_failure_entry_free_void(void *entry)
-{
- rend_cache_failure_entry_free_(entry);
-}
-
-/** Allocate a rend cache failure object and return it. This function can
- * not fail. */
-STATIC rend_cache_failure_t *
-rend_cache_failure_entry_new(void)
-{
- rend_cache_failure_t *entry = tor_malloc(sizeof(*entry));
- entry->intro_failures = digestmap_new();
- return entry;
-}
-
-/** Remove failure cache entry for the service ID in the given descriptor
- * desc. */
-STATIC void
-rend_cache_failure_remove(rend_service_descriptor_t *desc)
-{
- char service_id[REND_SERVICE_ID_LEN_BASE32 + 1];
- rend_cache_failure_t *entry;
-
- if (desc == NULL) {
- return;
- }
- if (rend_get_service_id(desc->pk, service_id) < 0) {
- return;
- }
- entry = strmap_get_lc(rend_cache_failure, service_id);
- if (entry != NULL) {
- strmap_remove_lc(rend_cache_failure, service_id);
- rend_cache_failure_entry_free(entry);
- }
-}
-
-/** Helper: free storage held by a single service descriptor cache entry. */
-STATIC void
-rend_cache_entry_free_(rend_cache_entry_t *e)
-{
- if (!e)
- return;
- rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
- /* We are about to remove a descriptor from the cache so remove the entry
- * in the failure cache. */
- rend_cache_failure_remove(e->parsed);
- rend_service_descriptor_free(e->parsed);
- tor_free(e->desc);
- tor_free(e);
-}
-
-/** Helper: deallocate a rend_cache_entry_t. (Used with strmap_free(), which
- * requires a function pointer whose argument is void*). */
-static void
-rend_cache_entry_free_void(void *p)
-{
- rend_cache_entry_free_(p);
-}
-
-/** Check if a failure cache entry exists for the given intro point. */
-bool
-rend_cache_intro_failure_exists(const char *service_id,
- const uint8_t *intro_identity)
-{
- tor_assert(service_id);
- tor_assert(intro_identity);
-
- return cache_failure_intro_lookup(intro_identity, service_id, NULL);
-}
-
-/** Free all storage held by the service descriptor cache. */
-void
-rend_cache_free_all(void)
-{
- strmap_free(rend_cache, rend_cache_entry_free_void);
- digestmap_free(rend_cache_v2_dir, rend_cache_entry_free_void);
- strmap_free(rend_cache_local_service, rend_cache_entry_free_void);
- strmap_free(rend_cache_failure, rend_cache_failure_entry_free_void);
- rend_cache = NULL;
- rend_cache_v2_dir = NULL;
- rend_cache_local_service = NULL;
- rend_cache_failure = NULL;
- rend_cache_total_allocation = 0;
-}
-
-/** Remove all entries that re REND_CACHE_FAILURE_MAX_AGE old. This is
- * called every second.
- *
- * We have to clean these regularly else if for whatever reasons an hidden
- * service goes offline and a client tries to connect to it during that
- * time, a failure entry is created and the client will be unable to connect
- * for a while even though the service has return online. */
-void
-rend_cache_failure_clean(time_t now)
-{
- time_t cutoff = now - REND_CACHE_FAILURE_MAX_AGE;
- STRMAP_FOREACH_MODIFY(rend_cache_failure, key,
- rend_cache_failure_t *, ent) {
- /* Free and remove every intro failure object that match the cutoff. */
- DIGESTMAP_FOREACH_MODIFY(ent->intro_failures, ip_key,
- rend_cache_failure_intro_t *, ip_ent) {
- if (ip_ent->created_ts < cutoff) {
- rend_cache_failure_intro_entry_free(ip_ent);
- MAP_DEL_CURRENT(ip_key);
- }
- } DIGESTMAP_FOREACH_END;
- /* If the entry is now empty of intro point failures, remove it. */
- if (digestmap_isempty(ent->intro_failures)) {
- rend_cache_failure_entry_free(ent);
- MAP_DEL_CURRENT(key);
- }
- } STRMAP_FOREACH_END;
-}
-
-/** Removes all old entries from the client or service descriptor cache.
-*/
-void
-rend_cache_clean(time_t now, rend_cache_type_t cache_type)
-{
- strmap_iter_t *iter;
- const char *key;
- void *val;
- rend_cache_entry_t *ent;
- time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
- strmap_t *cache = NULL;
-
- if (cache_type == REND_CACHE_TYPE_CLIENT) {
- cache = rend_cache;
- } else if (cache_type == REND_CACHE_TYPE_SERVICE) {
- cache = rend_cache_local_service;
- }
- tor_assert(cache);
-
- for (iter = strmap_iter_init(cache); !strmap_iter_done(iter); ) {
- strmap_iter_get(iter, &key, &val);
- ent = (rend_cache_entry_t*)val;
- if (ent->parsed->timestamp < cutoff) {
- iter = strmap_iter_next_rmv(cache, iter);
- rend_cache_entry_free(ent);
- } else {
- iter = strmap_iter_next(cache, iter);
- }
- }
-}
-
-/** Remove ALL entries from the rendezvous service descriptor cache.
-*/
-void
-rend_cache_purge(void)
-{
- if (rend_cache) {
- log_info(LD_REND, "Purging HS v2 descriptor cache");
- strmap_free(rend_cache, rend_cache_entry_free_void);
- }
- rend_cache = strmap_new();
-}
-
-/** Remove ALL entries from the failure cache. This is also called when a
- * NEWNYM signal is received. */
-void
-rend_cache_failure_purge(void)
-{
- if (rend_cache_failure) {
- log_info(LD_REND, "Purging HS v2 failure cache");
- strmap_free(rend_cache_failure, rend_cache_failure_entry_free_void);
- }
- rend_cache_failure = strmap_new();
-}
-
-/** Lookup the rend failure cache using a relay identity digest in
- * identity which has DIGEST_LEN bytes and service ID service_id
- * which is a null-terminated string. If @a intro_entry is provided, then it
- * is set to the entry on success, and to NULL on failure.
- * Return 1 iff found else 0. */
-STATIC int
-cache_failure_intro_lookup(const uint8_t *identity, const char *service_id,
- rend_cache_failure_intro_t **intro_entry)
-{
- rend_cache_failure_t *elem;
- rend_cache_failure_intro_t *intro_elem;
-
- tor_assert(rend_cache_failure);
-
- if (intro_entry) {
- *intro_entry = NULL;
- }
-
- /* Lookup descriptor and return it. */
- elem = strmap_get_lc(rend_cache_failure, service_id);
- if (elem == NULL) {
- goto not_found;
- }
- intro_elem = digestmap_get(elem->intro_failures, (char *) identity);
- if (intro_elem == NULL) {
- goto not_found;
- }
- if (intro_entry) {
- *intro_entry = intro_elem;
- }
- return 1;
- not_found:
- return 0;
-}
-
-/** Allocate a new cache failure intro object and copy the content from
- * entry to this newly allocated object. Return it. */
-static rend_cache_failure_intro_t *
-cache_failure_intro_dup(const rend_cache_failure_intro_t *entry)
-{
- rend_cache_failure_intro_t *ent_dup =
- rend_cache_failure_intro_entry_new(entry->failure_type);
- ent_dup->created_ts = entry->created_ts;
- return ent_dup;
-}
-
-/** Add an intro point failure to the failure cache using the relay
- * identity and service ID service_id. Record the
- * failure in that object. */
-STATIC void
-cache_failure_intro_add(const uint8_t *identity, const char *service_id,
- rend_intro_point_failure_t failure)
-{
- rend_cache_failure_t *fail_entry;
- rend_cache_failure_intro_t *entry, *old_entry;
-
- /* Make sure we have a failure object for this service ID and if not,
- * create it with this new intro failure entry. */
- fail_entry = strmap_get_lc(rend_cache_failure, service_id);
- if (fail_entry == NULL) {
- fail_entry = rend_cache_failure_entry_new();
- /* Add failure entry to global rend failure cache. */
- strmap_set_lc(rend_cache_failure, service_id, fail_entry);
- }
- entry = rend_cache_failure_intro_entry_new(failure);
- old_entry = digestmap_set(fail_entry->intro_failures,
- (char *) identity, entry);
- /* This _should_ be NULL, but in case it isn't, free it. */
- rend_cache_failure_intro_entry_free(old_entry);
-}
-
-/** Using a parsed descriptor desc, check if the introduction points
- * are present in the failure cache and if so they are removed from the
- * descriptor and kept into the failure cache. Then, each intro points that
- * are NOT in the descriptor but in the failure cache for the given
- * service_id are removed from the failure cache. */
-STATIC void
-validate_intro_point_failure(const rend_service_descriptor_t *desc,
- const char *service_id)
-{
- rend_cache_failure_t *new_entry, *cur_entry;
- /* New entry for the service ID that will be replacing the one in the
- * failure cache since we have a new descriptor. In the case where all
- * intro points are removed, we are assured that the new entry is the same
- * as the current one. */
- new_entry = tor_malloc(sizeof(*new_entry));
- new_entry->intro_failures = digestmap_new();
-
- tor_assert(desc);
-
- SMARTLIST_FOREACH_BEGIN(desc->intro_nodes, rend_intro_point_t *, intro) {
- int found;
- rend_cache_failure_intro_t *entry;
- const uint8_t *identity =
- (uint8_t *) intro->extend_info->identity_digest;
-
- found = cache_failure_intro_lookup(identity, service_id, &entry);
- if (found) {
- /* Dup here since it will be freed at the end when removing the
- * original entry in the cache. */
- rend_cache_failure_intro_t *ent_dup = cache_failure_intro_dup(entry);
- /* This intro point is in our cache, discard it from the descriptor
- * because chances are that it's unusable. */
- SMARTLIST_DEL_CURRENT(desc->intro_nodes, intro);
- /* Keep it for our new entry. */
- digestmap_set(new_entry->intro_failures, (char *) identity, ent_dup);
- /* Only free it when we're done looking at it. */
- rend_intro_point_free(intro);
- continue;
- }
- } SMARTLIST_FOREACH_END(intro);
-
- /* Swap the failure entry in the cache and free the current one. */
- cur_entry = strmap_get_lc(rend_cache_failure, service_id);
- if (cur_entry != NULL) {
- rend_cache_failure_entry_free(cur_entry);
- }
- strmap_set_lc(rend_cache_failure, service_id, new_entry);
-}
-
-/** Note down an intro failure in the rend failure cache using the type of
- * failure in failure for the relay identity digest in
- * identity and service ID service_id. If an entry already
- * exists in the cache, the failure type is changed with failure. */
-void
-rend_cache_intro_failure_note(rend_intro_point_failure_t failure,
- const uint8_t *identity,
- const char *service_id)
-{
- int found;
- rend_cache_failure_intro_t *entry;
-
- found = cache_failure_intro_lookup(identity, service_id, &entry);
- if (!found) {
- cache_failure_intro_add(identity, service_id, failure);
- } else {
- /* Replace introduction point failure with this one. */
- entry->failure_type = failure;
- }
-}
-
-/** Remove all old v2 descriptors and those for which this hidden service
- * directory is not responsible for any more. The cutoff is the time limit for
- * which we want to keep the cache entry. In other words, any entry created
- * before will be removed. */
-size_t
-rend_cache_clean_v2_descs_as_dir(time_t cutoff)
-{
- digestmap_iter_t *iter;
- size_t bytes_removed = 0;
-
- for (iter = digestmap_iter_init(rend_cache_v2_dir);
- !digestmap_iter_done(iter); ) {
- const char *key;
- void *val;
- rend_cache_entry_t *ent;
- digestmap_iter_get(iter, &key, &val);
- ent = val;
- if (ent->parsed->timestamp < cutoff) {
- char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
- log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
- safe_str_client(key_base32));
- bytes_removed += rend_cache_entry_allocation(ent);
- iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
- rend_cache_entry_free(ent);
- } else {
- iter = digestmap_iter_next(rend_cache_v2_dir, iter);
- }
- }
-
- return bytes_removed;
-}
-
-/** Lookup in the client cache the given service ID query for
- * version.
- *
- * Return 0 if found and if e is non NULL, set it with the entry
- * found. Else, a negative value is returned and e is untouched.
- * -EINVAL means that query is not a valid service id.
- * -ENOENT means that no entry in the cache was found. */
-int
-rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
-{
- int ret = 0;
- char key[REND_SERVICE_ID_LEN_BASE32 + 2]; /* \0 */
- rend_cache_entry_t *entry = NULL;
- static const int default_version = 2;
-
- tor_assert(query);
-
- /* This is possible if we are in the shutdown process and the cache was
- * freed while some other subsystem might do a lookup to the cache for
- * cleanup reasons such HS circuit cleanup for instance. */
- if (!rend_cache) {
- ret = -ENOENT;
- goto end;
- }
-
- if (!rend_valid_v2_service_id(query)) {
- ret = -EINVAL;
- goto end;
- }
-
- switch (version) {
- case 0:
- log_warn(LD_REND, "Cache lookup of a v0 renddesc is deprecated.");
- break;
- case 2:
- /* Default is version 2. */
- default:
- tor_snprintf(key, sizeof(key), "%d%s", default_version, query);
- entry = strmap_get_lc(rend_cache, key);
- break;
- }
- if (!entry) {
- ret = -ENOENT;
- goto end;
- }
- tor_assert(entry->parsed && entry->parsed->intro_nodes);
-
- if (e) {
- *e = entry;
- }
-
- end:
- return ret;
-}
-
-/*
- * Lookup the v2 service descriptor with the service ID query in the
- * local service descriptor cache. Return 0 if found and if e is
- * non NULL, set it with the entry found. Else, a negative value is returned
- * and e is untouched.
- * -EINVAL means that query is not a valid service id.
- * -ENOENT means that no entry in the cache was found. */
-int
-rend_cache_lookup_v2_desc_as_service(const char *query, rend_cache_entry_t **e)
-{
- int ret = 0;
- rend_cache_entry_t *entry = NULL;
-
- tor_assert(rend_cache_local_service);
- tor_assert(query);
-
- if (!rend_valid_v2_service_id(query)) {
- ret = -EINVAL;
- goto end;
- }
-
- /* Lookup descriptor and return. */
- entry = strmap_get_lc(rend_cache_local_service, query);
- if (!entry) {
- ret = -ENOENT;
- goto end;
- }
-
- if (e) {
- *e = entry;
- }
-
- end:
- return ret;
-}
-
-/** Lookup the v2 service descriptor with base32-encoded desc_id and
- * copy the pointer to it to *desc. Return 1 on success, 0 on
- * well-formed-but-not-found, and -1 on failure.
- */
-int
-rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
-{
- rend_cache_entry_t *e;
- char desc_id_digest[DIGEST_LEN];
- tor_assert(rend_cache_v2_dir);
- if (base32_decode(desc_id_digest, DIGEST_LEN,
- desc_id, REND_DESC_ID_V2_LEN_BASE32) != DIGEST_LEN) {
- log_fn(LOG_PROTOCOL_WARN, LD_REND,
- "Rejecting v2 rendezvous descriptor request -- descriptor ID "
- "has wrong length or illegal characters: %s",
- safe_str(desc_id));
- return -1;
- }
- /* Lookup descriptor and return. */
- e = digestmap_get(rend_cache_v2_dir, desc_id_digest);
- if (e) {
- *desc = e->desc;
- e->last_served = approx_time();
- return 1;
- }
- return 0;
-}
-
-/** Parse the v2 service descriptor(s) in desc and store it/them to the
- * local rend cache. Don't attempt to decrypt the included list of introduction
- * points (as we don't have a descriptor cookie for it).
- *
- * If we have a newer descriptor with the same ID, ignore this one.
- * If we have an older descriptor with the same ID, replace it.
- *
- * Return 0 on success, or -1 if we couldn't parse any of them.
- *
- * We should only call this function for public (e.g. non bridge) relays.
- */
-int
-rend_cache_store_v2_desc_as_dir(const char *desc)
-{
- const or_options_t *options = get_options();
- rend_service_descriptor_t *parsed;
- char desc_id[DIGEST_LEN];
- char *intro_content;
- size_t intro_size;
- size_t encoded_size;
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- int number_parsed = 0, number_stored = 0;
- const char *current_desc = desc;
- const char *next_desc;
- rend_cache_entry_t *e;
- time_t now = time(NULL);
- tor_assert(rend_cache_v2_dir);
- tor_assert(desc);
- while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
- &intro_size, &encoded_size,
- &next_desc, current_desc, 1) >= 0) {
- number_parsed++;
- /* We don't care about the introduction points. */
- tor_free(intro_content);
- /* For pretty log statements. */
- base32_encode(desc_id_base32, sizeof(desc_id_base32),
- desc_id, DIGEST_LEN);
- /* Is descriptor too old? */
- if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
- log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
- safe_str(desc_id_base32));
- goto skip;
- }
- /* Is descriptor too far in the future? */
- if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
- log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
- "future.",
- safe_str(desc_id_base32));
- goto skip;
- }
- /* Do we already have a newer descriptor? */
- e = digestmap_get(rend_cache_v2_dir, desc_id);
- if (e && e->parsed->timestamp > parsed->timestamp) {
- log_info(LD_REND, "We already have a newer service descriptor with the "
- "same desc ID %s and version.",
- safe_str(desc_id_base32));
- goto skip;
- }
- /* Do we already have this descriptor? */
- if (e && !strcmp(desc, e->desc)) {
- log_info(LD_REND, "We already have this service descriptor with desc "
- "ID %s.", safe_str(desc_id_base32));
- goto skip;
- }
- /* Store received descriptor. */
- if (!e) {
- e = tor_malloc_zero(sizeof(rend_cache_entry_t));
- digestmap_set(rend_cache_v2_dir, desc_id, e);
- /* Treat something just uploaded as having been served a little
- * while ago, so that flooding with new descriptors doesn't help
- * too much.
- */
- e->last_served = approx_time() - 3600;
- } else {
- rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
- rend_service_descriptor_free(e->parsed);
- tor_free(e->desc);
- }
- e->parsed = parsed;
- e->desc = tor_strndup(current_desc, encoded_size);
- e->len = encoded_size;
- rend_cache_increment_allocation(rend_cache_entry_allocation(e));
- log_info(LD_REND, "Successfully stored service descriptor with desc ID "
- "'%s' and len %d.",
- safe_str(desc_id_base32), (int)encoded_size);
- /* Statistics: Note down this potentially new HS. */
- if (options->HiddenServiceStatistics) {
- rep_hist_hsdir_stored_maybe_new_v2_onion(e->parsed->pk);
- }
-
- number_stored++;
- goto advance;
- skip:
- rend_service_descriptor_free(parsed);
- advance:
- /* advance to next descriptor, if available. */
- current_desc = next_desc;
- /* check if there is a next descriptor. */
- if (!current_desc ||
- strcmpstart(current_desc, "rendezvous-service-descriptor "))
- break;
- }
- if (!number_parsed) {
- log_info(LD_REND, "Could not parse any descriptor.");
- return -1;
- }
- log_info(LD_REND, "Parsed %d and added %d descriptor%s.",
- number_parsed, number_stored, number_stored != 1 ? "s" : "");
- return 0;
-}
-
-/** Parse the v2 service descriptor in desc and store it to the
-* local service rend cache. Don't attempt to decrypt the included list of
-* introduction points.
-*
-* If we have a newer descriptor with the same ID, ignore this one.
-* If we have an older descriptor with the same ID, replace it.
-*
-* Return 0 on success, or -1 if we couldn't understand the descriptor.
-*/
-int
-rend_cache_store_v2_desc_as_service(const char *desc)
-{
- rend_service_descriptor_t *parsed = NULL;
- char desc_id[DIGEST_LEN];
- char *intro_content = NULL;
- size_t intro_size;
- size_t encoded_size;
- const char *next_desc;
- char service_id[REND_SERVICE_ID_LEN_BASE32+1];
- rend_cache_entry_t *e;
- int retval = -1;
- tor_assert(rend_cache_local_service);
- tor_assert(desc);
-
- /* Parse the descriptor. */
- if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
- &intro_size, &encoded_size,
- &next_desc, desc, 0) < 0) {
- log_warn(LD_REND, "Could not parse descriptor.");
- goto err;
- }
- /* Compute service ID from public key. */
- if (rend_get_service_id(parsed->pk, service_id)<0) {
- log_warn(LD_REND, "Couldn't compute service ID.");
- goto err;
- }
-
- /* Do we already have a newer descriptor? Allow new descriptors with a
- rounded timestamp equal to or newer than the current descriptor */
- e = (rend_cache_entry_t*) strmap_get_lc(rend_cache_local_service,
- service_id);
- if (e && e->parsed->timestamp > parsed->timestamp) {
- log_info(LD_REND, "We already have a newer service descriptor for "
- "service ID %s.", safe_str_client(service_id));
- goto okay;
- }
- /* We don't care about the introduction points. */
- tor_free(intro_content);
- if (!e) {
- e = tor_malloc_zero(sizeof(rend_cache_entry_t));
- strmap_set_lc(rend_cache_local_service, service_id, e);
- } else {
- rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
- rend_service_descriptor_free(e->parsed);
- tor_free(e->desc);
- }
- e->parsed = parsed;
- e->desc = tor_malloc_zero(encoded_size + 1);
- strlcpy(e->desc, desc, encoded_size + 1);
- e->len = encoded_size;
- rend_cache_increment_allocation(rend_cache_entry_allocation(e));
- log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
- safe_str_client(service_id), (int)encoded_size);
- return 0;
-
- okay:
- retval = 0;
-
- err:
- rend_service_descriptor_free(parsed);
- tor_free(intro_content);
- return retval;
-}
-
-/** Parse the v2 service descriptor in desc, decrypt the included list
- * of introduction points with descriptor_cookie (which may also be
- * NULL if decryption is not necessary), and store the descriptor to
- * the local cache under its version and service id.
- *
- * If we have a newer v2 descriptor with the same ID, ignore this one.
- * If we have an older descriptor with the same ID, replace it.
- * If the descriptor's service ID does not match
- * rend_query-\>onion_address, reject it.
- *
- * If the descriptor's descriptor ID doesn't match desc_id_base32,
- * reject it.
- *
- * Return 0 on success, or -1 if we rejected the descriptor.
- * If entry is not NULL, set it with the cache entry pointer of the descriptor.
- */
-int
-rend_cache_store_v2_desc_as_client(const char *desc,
- const char *desc_id_base32,
- const rend_data_t *rend_query,
- rend_cache_entry_t **entry)
-{
- /*XXXX this seems to have a bit of duplicate code with
- * rend_cache_store_v2_desc_as_dir(). Fix that. */
- /* Though having similar elements, both functions were separated on
- * purpose:
- * - dirs don't care about encoded/encrypted introduction points, clients
- * do.
- * - dirs store descriptors in a separate cache by descriptor ID, whereas
- * clients store them by service ID; both caches are different data
- * structures and have different access methods.
- * - dirs store a descriptor only if they are responsible for its ID,
- * clients do so in every way (because they have requested it before).
- * - dirs can process multiple concatenated descriptors which is required
- * for replication, whereas clients only accept a single descriptor.
- * Thus, combining both methods would result in a lot of if statements
- * which probably would not improve, but worsen code readability. -KL */
- rend_service_descriptor_t *parsed = NULL;
- char desc_id[DIGEST_LEN];
- char *intro_content = NULL;
- size_t intro_size;
- size_t encoded_size;
- const char *next_desc;
- time_t now = time(NULL);
- char key[REND_SERVICE_ID_LEN_BASE32+2];
- char service_id[REND_SERVICE_ID_LEN_BASE32+1];
- char want_desc_id[DIGEST_LEN];
- rend_cache_entry_t *e;
- int retval = -1;
- rend_data_v2_t *rend_data = TO_REND_DATA_V2(rend_query);
-
- tor_assert(rend_cache);
- tor_assert(desc);
- tor_assert(desc_id_base32);
- memset(want_desc_id, 0, sizeof(want_desc_id));
- if (entry) {
- *entry = NULL;
- }
- if (base32_decode(want_desc_id, sizeof(want_desc_id),
- desc_id_base32, strlen(desc_id_base32)) !=
- sizeof(want_desc_id)) {
- log_warn(LD_BUG, "Couldn't decode base32 %s for descriptor id.",
- escaped_safe_str_client(desc_id_base32));
- goto err;
- }
- /* Parse the descriptor. */
- if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
- &intro_size, &encoded_size,
- &next_desc, desc, 0) < 0) {
- log_warn(LD_REND, "Could not parse descriptor.");
- goto err;
- }
- /* Compute service ID from public key. */
- if (rend_get_service_id(parsed->pk, service_id)<0) {
- log_warn(LD_REND, "Couldn't compute service ID.");
- goto err;
- }
- if (rend_data->onion_address[0] != '\0' &&
- strcmp(rend_data->onion_address, service_id)) {
- log_warn(LD_REND, "Received service descriptor for service ID %s; "
- "expected descriptor for service ID %s.",
- service_id, safe_str(rend_data->onion_address));
- goto err;
- }
- if (tor_memneq(desc_id, want_desc_id, DIGEST_LEN)) {
- log_warn(LD_REND, "Received service descriptor for %s with incorrect "
- "descriptor ID.", service_id);
- goto err;
- }
-
- /* Decode/decrypt introduction points. */
- if (intro_content && intro_size > 0) {
- int n_intro_points;
- if (rend_data->auth_type != REND_NO_AUTH &&
- !safe_mem_is_zero(rend_data->descriptor_cookie,
- sizeof(rend_data->descriptor_cookie))) {
- char *ipos_decrypted = NULL;
- size_t ipos_decrypted_size;
- if (rend_decrypt_introduction_points(&ipos_decrypted,
- &ipos_decrypted_size,
- rend_data->descriptor_cookie,
- intro_content,
- intro_size) < 0) {
- log_warn(LD_REND, "Failed to decrypt introduction points. We are "
- "probably unable to parse the encoded introduction points.");
- } else {
- /* Replace encrypted with decrypted introduction points. */
- log_info(LD_REND, "Successfully decrypted introduction points.");
- tor_free(intro_content);
- intro_content = ipos_decrypted;
- intro_size = ipos_decrypted_size;
- }
- }
- n_intro_points = rend_parse_introduction_points(parsed, intro_content,
- intro_size);
- if (n_intro_points <= 0) {
- log_warn(LD_REND, "Failed to parse introduction points. Either the "
- "service has published a corrupt descriptor or you have "
- "provided invalid authorization data.");
- goto err;
- } else if (n_intro_points > MAX_INTRO_POINTS) {
- log_warn(LD_REND, "Found too many introduction points on a hidden "
- "service descriptor for %s. This is probably a (misguided) "
- "attempt to improve reliability, but it could also be an "
- "attempt to do a guard enumeration attack. Rejecting.",
- safe_str_client(service_id));
-
- goto err;
- }
- } else {
- log_info(LD_REND, "Descriptor does not contain any introduction points.");
- parsed->intro_nodes = smartlist_new();
- }
- /* We don't need the encoded/encrypted introduction points any longer. */
- tor_free(intro_content);
- /* Is descriptor too old? */
- if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
- log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
- safe_str_client(service_id));
- goto err;
- }
- /* Is descriptor too far in the future? */
- if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
- log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
- "the future.", safe_str_client(service_id));
- goto err;
- }
- /* Do we have the same exact copy already in our cache? */
- tor_snprintf(key, sizeof(key), "2%s", service_id);
- e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
- if (e && !strcmp(desc, e->desc)) {
- log_info(LD_REND,"We already have this service descriptor %s.",
- safe_str_client(service_id));
- goto okay;
- }
- /* Verify that we are not replacing an older descriptor. It's important to
- * avoid an evil HSDir serving old descriptor. We validate if the
- * timestamp is greater than and not equal because it's a rounded down
- * timestamp to the hour so if the descriptor changed in the same hour,
- * the rend cache failure will tell us if we have a new descriptor. */
- if (e && e->parsed->timestamp > parsed->timestamp) {
- log_info(LD_REND, "We already have a new enough service descriptor for "
- "service ID %s with the same desc ID and version.",
- safe_str_client(service_id));
- goto okay;
- }
- /* Lookup our failure cache for intro point that might be unusable. */
- validate_intro_point_failure(parsed, service_id);
- /* It's now possible that our intro point list is empty, which means that
- * this descriptor is useless to us because intro points have all failed
- * somehow before. Discard the descriptor. */
- if (smartlist_len(parsed->intro_nodes) == 0) {
- log_info(LD_REND, "Service descriptor with service ID %s has no "
- "usable intro points. Discarding it.",
- safe_str_client(service_id));
- goto err;
- }
- /* Now either purge the current one and replace its content or create a
- * new one and add it to the rend cache. */
- if (!e) {
- e = tor_malloc_zero(sizeof(rend_cache_entry_t));
- strmap_set_lc(rend_cache, key, e);
- } else {
- rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
- rend_cache_failure_remove(e->parsed);
- rend_service_descriptor_free(e->parsed);
- tor_free(e->desc);
- }
- e->parsed = parsed;
- e->desc = tor_malloc_zero(encoded_size + 1);
- strlcpy(e->desc, desc, encoded_size + 1);
- e->len = encoded_size;
- rend_cache_increment_allocation(rend_cache_entry_allocation(e));
- log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
- safe_str_client(service_id), (int)encoded_size);
- if (entry) {
- *entry = e;
- }
- return 0;
-
- okay:
- if (entry) {
- *entry = e;
- }
- retval = 0;
-
- err:
- rend_service_descriptor_free(parsed);
- tor_free(intro_content);
- return retval;
-}
diff --git a/src/feature/rend/rendcache.h b/src/feature/rend/rendcache.h
deleted file mode 100644
index 45410610b4..0000000000
--- a/src/feature/rend/rendcache.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/* Copyright (c) 2015-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file rendcache.h
- * \brief Header file for rendcache.c
- **/
-
-#ifndef TOR_RENDCACHE_H
-#define TOR_RENDCACHE_H
-
-#include "core/or/or.h"
-#include "feature/rend/rendcommon.h"
-
-/** How old do we let hidden service descriptors get before discarding
- * them as too old? */
-#define REND_CACHE_MAX_AGE (2*24*60*60)
-/** How wrong do we assume our clock may be when checking whether hidden
- * services are too old or too new? */
-#define REND_CACHE_MAX_SKEW (24*60*60)
-/** How old do we keep an intro point failure entry in the failure cache? */
-#define REND_CACHE_FAILURE_MAX_AGE (5*60)
-
-/* Do not allow more than this many introduction points in a hidden service
- * descriptor */
-#define MAX_INTRO_POINTS 10
-
-/** A cached rendezvous descriptor. */
-typedef struct rend_cache_entry_t {
- size_t len; /**< Length of desc */
- time_t last_served; /**< When did we last write this one to somebody?
- * (HSDir only) */
- char *desc; /**< Service descriptor */
- rend_service_descriptor_t *parsed; /**< Parsed value of 'desc' */
-} rend_cache_entry_t;
-
-/* Introduction point failure type. */
-typedef struct rend_cache_failure_intro_t {
- /* When this intro point failure occurred thus we allocated this object and
- * cache it. */
- time_t created_ts;
- rend_intro_point_failure_t failure_type;
-} rend_cache_failure_intro_t;
-
-/** Cache failure object indexed by service ID. */
-typedef struct rend_cache_failure_t {
- /* Contains rend_cache_failure_intro_t indexed by identity digest. */
- digestmap_t *intro_failures;
-} rend_cache_failure_t;
-
-typedef enum {
- REND_CACHE_TYPE_CLIENT = 1,
- REND_CACHE_TYPE_SERVICE = 2,
-} rend_cache_type_t;
-
-/* Return maximum lifetime in seconds of a cache entry. */
-static inline time_t
-rend_cache_max_entry_lifetime(void)
-{
- return REND_CACHE_MAX_AGE + REND_CACHE_MAX_SKEW;
-}
-
-void rend_cache_init(void);
-void rend_cache_clean(time_t now, rend_cache_type_t cache_type);
-void rend_cache_failure_clean(time_t now);
-size_t rend_cache_clean_v2_descs_as_dir(time_t cutoff);
-void rend_cache_purge(void);
-void rend_cache_free_all(void);
-int rend_cache_lookup_entry(const char *query, int version,
- rend_cache_entry_t **entry_out);
-int rend_cache_lookup_v2_desc_as_service(const char *query,
- rend_cache_entry_t **entry_out);
-int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc);
-
-int rend_cache_store_v2_desc_as_dir(const char *desc);
-int rend_cache_store_v2_desc_as_service(const char *desc);
-int rend_cache_store_v2_desc_as_client(const char *desc,
- const char *desc_id_base32,
- const rend_data_t *rend_query,
- rend_cache_entry_t **entry);
-size_t rend_cache_get_total_allocation(void);
-
-bool rend_cache_intro_failure_exists(const char *service_id,
- const uint8_t *intro_identity);
-void rend_cache_intro_failure_note(rend_intro_point_failure_t failure,
- const uint8_t *identity,
- const char *service_id);
-void rend_cache_failure_purge(void);
-void rend_cache_decrement_allocation(size_t n);
-void rend_cache_increment_allocation(size_t n);
-
-#ifdef RENDCACHE_PRIVATE
-
-STATIC size_t rend_cache_entry_allocation(const rend_cache_entry_t *e);
-STATIC void rend_cache_entry_free_(rend_cache_entry_t *e);
-#define rend_cache_entry_free(e) \
- FREE_AND_NULL(rend_cache_entry_t, rend_cache_entry_free_, (e))
-STATIC void rend_cache_failure_intro_entry_free_(rend_cache_failure_intro_t
- *entry);
-#define rend_cache_failure_intro_entry_free(e) \
- FREE_AND_NULL(rend_cache_failure_intro_t, \
- rend_cache_failure_intro_entry_free_, (e))
-STATIC void rend_cache_failure_entry_free_(rend_cache_failure_t *entry);
-#define rend_cache_failure_entry_free(e) \
- FREE_AND_NULL(rend_cache_failure_t, \
- rend_cache_failure_entry_free_, (e))
-STATIC int cache_failure_intro_lookup(const uint8_t *identity,
- const char *service_id,
- rend_cache_failure_intro_t
- **intro_entry);
-STATIC rend_cache_failure_intro_t *rend_cache_failure_intro_entry_new(
- rend_intro_point_failure_t failure);
-STATIC rend_cache_failure_t *rend_cache_failure_entry_new(void);
-STATIC void rend_cache_failure_remove(rend_service_descriptor_t *desc);
-STATIC void cache_failure_intro_add(const uint8_t *identity,
- const char *service_id,
- rend_intro_point_failure_t failure);
-STATIC void validate_intro_point_failure(const rend_service_descriptor_t *desc,
- const char *service_id);
-
-STATIC void rend_cache_failure_entry_free_void(void *entry);
-
-#ifdef TOR_UNIT_TESTS
-extern strmap_t *rend_cache;
-extern strmap_t *rend_cache_failure;
-extern digestmap_t *rend_cache_v2_dir;
-extern size_t rend_cache_total_allocation;
-#endif /* defined(TOR_UNIT_TESTS) */
-#endif /* defined(RENDCACHE_PRIVATE) */
-
-#endif /* !defined(TOR_RENDCACHE_H) */
-
diff --git a/src/feature/rend/rendcommon.c b/src/feature/rend/rendcommon.c
index 275ee52968..c512e3e670 100644
--- a/src/feature/rend/rendcommon.c
+++ b/src/feature/rend/rendcommon.c
@@ -11,763 +11,22 @@
#define RENDCOMMON_PRIVATE
#include "core/or/or.h"
-#include "core/or/circuitbuild.h"
+
+#include "app/config/config.h"
+
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
-#include "core/or/extendinfo.h"
-#include "app/config/config.h"
-#include "feature/control/control_events.h"
-#include "lib/crypt_ops/crypto_rand.h"
-#include "lib/crypt_ops/crypto_util.h"
+
#include "feature/hs/hs_client.h"
#include "feature/hs/hs_common.h"
#include "feature/hs/hs_intropoint.h"
-#include "feature/nodelist/networkstatus.h"
-#include "feature/rend/rendcache.h"
#include "feature/rend/rendcommon.h"
#include "feature/rend/rendmid.h"
-#include "feature/rend/rendparse.h"
-#include "feature/rend/rendservice.h"
-#include "feature/stats/rephist.h"
-#include "feature/hs_common/replaycache.h"
-#include "feature/relay/router.h"
-#include "feature/nodelist/routerlist.h"
-#include "feature/dirparse/signing.h"
+#include "core/or/circuit_st.h"
#include "core/or/cpath_build_state_st.h"
#include "core/or/crypt_path_st.h"
-#include "core/or/extend_info_st.h"
-#include "feature/nodelist/networkstatus_st.h"
#include "core/or/origin_circuit_st.h"
-#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
-#include "feature/rend/rend_intro_point_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
-#include "feature/nodelist/routerstatus_st.h"
-
-/** Return 0 if one and two are the same service ids, else -1 or 1 */
-int
-rend_cmp_service_ids(const char *one, const char *two)
-{
- return strcasecmp(one,two);
-}
-
-/** Free the storage held by the service descriptor desc.
- */
-void
-rend_service_descriptor_free_(rend_service_descriptor_t *desc)
-{
- if (!desc)
- return;
- if (desc->pk)
- crypto_pk_free(desc->pk);
- if (desc->intro_nodes) {
- SMARTLIST_FOREACH(desc->intro_nodes, rend_intro_point_t *, intro,
- rend_intro_point_free(intro););
- smartlist_free(desc->intro_nodes);
- }
- if (desc->successful_uploads) {
- SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c););
- smartlist_free(desc->successful_uploads);
- }
- tor_free(desc);
-}
-
-/** Length of the descriptor cookie that is used for versioned hidden
- * service descriptors. */
-#define REND_DESC_COOKIE_LEN 16
-
-/** Length of the replica number that is used to determine the secret ID
- * part of versioned hidden service descriptors. */
-#define REND_REPLICA_LEN 1
-
-/** Compute the descriptor ID for service_id of length
- * REND_SERVICE_ID_LEN and secret_id_part of length
- * DIGEST_LEN, and write it to descriptor_id_out of length
- * DIGEST_LEN. */
-void
-rend_get_descriptor_id_bytes(char *descriptor_id_out,
- const char *service_id,
- const char *secret_id_part)
-{
- crypto_digest_t *digest = crypto_digest_new();
- crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
- crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
- crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
- crypto_digest_free(digest);
-}
-
-/** Compute the secret ID part for time_period,
- * a descriptor_cookie of length
- * REND_DESC_COOKIE_LEN which may also be NULL if no
- * descriptor_cookie shall be used, and replica, and write it to
- * secret_id_part of length DIGEST_LEN. */
-static void
-get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
- const char *descriptor_cookie, uint8_t replica)
-{
- crypto_digest_t *digest = crypto_digest_new();
- time_period = htonl(time_period);
- crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t));
- if (descriptor_cookie) {
- crypto_digest_add_bytes(digest, descriptor_cookie,
- REND_DESC_COOKIE_LEN);
- }
- crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN);
- crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN);
- crypto_digest_free(digest);
-}
-
-/** Return the time period for time now plus a potentially
- * intended deviation of one or more periods, based on the first byte
- * of service_id. */
-static uint32_t
-get_time_period(time_t now, uint8_t deviation, const char *service_id)
-{
- /* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY
- * intervals that have passed since the epoch, offset slightly so that
- * each service's time periods start and end at a fraction of that
- * period based on their first byte. */
- return (uint32_t)
- (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
- / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation;
-}
-
-/** Compute the time in seconds that a descriptor that is generated
- * now for service_id will be valid. */
-static uint32_t
-get_seconds_valid(time_t now, const char *service_id)
-{
- uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY -
- ((uint32_t)
- (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
- % REND_TIME_PERIOD_V2_DESC_VALIDITY);
- return result;
-}
-
-/** Compute the binary desc_id_out (DIGEST_LEN bytes long) for a given
- * base32-encoded service_id and optional unencoded
- * descriptor_cookie of length REND_DESC_COOKIE_LEN,
- * at time now for replica number
- * replica. desc_id needs to have DIGEST_LEN bytes
- * free. Return 0 for success, -1 otherwise. */
-int
-rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
- const char *descriptor_cookie, time_t now,
- uint8_t replica)
-{
- char service_id_binary[REND_SERVICE_ID_LEN];
- char secret_id_part[DIGEST_LEN];
- uint32_t time_period;
- if (!service_id ||
- strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
- log_warn(LD_REND, "Could not compute v2 descriptor ID: "
- "Illegal service ID: %s",
- safe_str(service_id));
- return -1;
- }
- if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) {
- log_warn(LD_REND, "Could not compute v2 descriptor ID: "
- "Replica number out of range: %d", replica);
- return -1;
- }
- /* Convert service ID to binary. */
- if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN,
- service_id, REND_SERVICE_ID_LEN_BASE32) !=
- REND_SERVICE_ID_LEN) {
- log_warn(LD_REND, "Could not compute v2 descriptor ID: "
- "Illegal characters or wrong length for service ID: %s",
- safe_str_client(service_id));
- return -1;
- }
- /* Calculate current time-period. */
- time_period = get_time_period(now, 0, service_id_binary);
- /* Calculate secret-id-part = h(time-period | desc-cookie | replica). */
- get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
- replica);
- /* Calculate descriptor ID: H(permanent-id | secret-id-part) */
- rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part);
- return 0;
-}
-
-/** Encode the introduction points in desc and write the result to a
- * newly allocated string pointed to by encoded. Return 0 for
- * success, -1 otherwise. */
-static int
-rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc)
-{
- size_t unenc_len;
- char *unenc = NULL;
- size_t unenc_written = 0;
- int i;
- int r = -1;
- /* Assemble unencrypted list of introduction points. */
- unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */
- unenc = tor_malloc_zero(unenc_len);
- for (i = 0; i < smartlist_len(desc->intro_nodes); i++) {
- char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1];
- char *onion_key = NULL;
- size_t onion_key_len;
- crypto_pk_t *intro_key;
- char *service_key = NULL;
- char *address = NULL;
- size_t service_key_len;
- int res;
- rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
- /* Obtain extend info with introduction point details. */
- extend_info_t *info = intro->extend_info;
- /* Encode introduction point ID. */
- base32_encode(id_base32, sizeof(id_base32),
- info->identity_digest, DIGEST_LEN);
- /* Encode onion key. */
- if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key,
- &onion_key_len) < 0) {
- log_warn(LD_REND, "Could not write onion key.");
- goto done;
- }
- /* Encode intro key. */
- intro_key = intro->intro_key;
- if (!intro_key ||
- crypto_pk_write_public_key_to_string(intro_key, &service_key,
- &service_key_len) < 0) {
- log_warn(LD_REND, "Could not write intro key.");
- tor_free(onion_key);
- goto done;
- }
- /* Assemble everything for this introduction point. */
- const tor_addr_port_t *orport = extend_info_get_orport(info, AF_INET);
- IF_BUG_ONCE(!orport) {
- /* There must be an IPv4 address for v2 hs. */
- goto done;
- }
- address = tor_addr_to_str_dup(&orport->addr);
- res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written,
- "introduction-point %s\n"
- "ip-address %s\n"
- "onion-port %d\n"
- "onion-key\n%s"
- "service-key\n%s",
- id_base32,
- address,
- orport->port,
- onion_key,
- service_key);
- tor_free(address);
- tor_free(onion_key);
- tor_free(service_key);
- if (res < 0) {
- log_warn(LD_REND, "Not enough space for writing introduction point "
- "string.");
- goto done;
- }
- /* Update total number of written bytes for unencrypted intro points. */
- unenc_written += res;
- }
- /* Finalize unencrypted introduction points. */
- if (unenc_len < unenc_written + 2) {
- log_warn(LD_REND, "Not enough space for finalizing introduction point "
- "string.");
- goto done;
- }
- unenc[unenc_written++] = '\n';
- unenc[unenc_written++] = 0;
- *encoded = unenc;
- r = 0;
- done:
- if (r<0)
- tor_free(unenc);
- return r;
-}
-
-/** Encrypt the encoded introduction points in encoded using
- * authorization type 'basic' with client_cookies and write the
- * result to a newly allocated string pointed to by encrypted_out of
- * length encrypted_len_out. Return 0 for success, -1 otherwise. */
-static int
-rend_encrypt_v2_intro_points_basic(char **encrypted_out,
- size_t *encrypted_len_out,
- const char *encoded,
- smartlist_t *client_cookies)
-{
- int r = -1, i, pos, enclen, client_blocks;
- size_t len, client_entries_len;
- char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL,
- session_key[CIPHER_KEY_LEN];
- smartlist_t *encrypted_session_keys = NULL;
- crypto_digest_t *digest;
- crypto_cipher_t *cipher;
- tor_assert(encoded);
- tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
-
- /* Generate session key. */
- crypto_rand(session_key, CIPHER_KEY_LEN);
-
- /* Determine length of encrypted introduction points including session
- * keys. */
- client_blocks = 1 + ((smartlist_len(client_cookies) - 1) /
- REND_BASIC_AUTH_CLIENT_MULTIPLE);
- client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
- REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
- len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded);
- if (client_blocks >= 256) {
- log_warn(LD_REND, "Too many clients in introduction point string.");
- goto done;
- }
- enc = tor_malloc_zero(len);
- enc[0] = 0x01; /* type of authorization. */
- enc[1] = (uint8_t)client_blocks;
-
- /* Encrypt with random session key. */
- enclen = crypto_cipher_encrypt_with_iv(session_key,
- enc + 2 + client_entries_len,
- CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
-
- if (enclen < 0) {
- log_warn(LD_REND, "Could not encrypt introduction point string.");
- goto done;
- }
- memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN);
-
- /* Encrypt session key for cookies, determine client IDs, and put both
- * in a smartlist. */
- encrypted_session_keys = smartlist_new();
- SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
- client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
- /* Encrypt session key. */
- cipher = crypto_cipher_new(cookie);
- if (crypto_cipher_encrypt(cipher, client_part +
- REND_BASIC_AUTH_CLIENT_ID_LEN,
- session_key, CIPHER_KEY_LEN) < 0) {
- log_warn(LD_REND, "Could not encrypt session key for client.");
- crypto_cipher_free(cipher);
- tor_free(client_part);
- goto done;
- }
- crypto_cipher_free(cipher);
-
- /* Determine client ID. */
- digest = crypto_digest_new();
- crypto_digest_add_bytes(digest, cookie, REND_DESC_COOKIE_LEN);
- crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
- crypto_digest_get_digest(digest, client_part,
- REND_BASIC_AUTH_CLIENT_ID_LEN);
- crypto_digest_free(digest);
-
- /* Put both together. */
- smartlist_add(encrypted_session_keys, client_part);
- } SMARTLIST_FOREACH_END(cookie);
-
- /* Add some fake client IDs and encrypted session keys. */
- for (i = (smartlist_len(client_cookies) - 1) %
- REND_BASIC_AUTH_CLIENT_MULTIPLE;
- i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) {
- client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
- crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
- smartlist_add(encrypted_session_keys, client_part);
- }
- /* Sort smartlist and put elements in result in order. */
- smartlist_sort_digests(encrypted_session_keys);
- pos = 2;
- SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, {
- memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
- pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
- });
- *encrypted_out = enc;
- *encrypted_len_out = len;
- enc = NULL; /* prevent free. */
- r = 0;
- done:
- tor_free(enc);
- if (encrypted_session_keys) {
- SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d););
- smartlist_free(encrypted_session_keys);
- }
- return r;
-}
-
-/** Encrypt the encoded introduction points in encoded using
- * authorization type 'stealth' with descriptor_cookie of length
- * REND_DESC_COOKIE_LEN and write the result to a newly allocated string
- * pointed to by encrypted_out of length encrypted_len_out.
- * Return 0 for success, -1 otherwise. */
-static int
-rend_encrypt_v2_intro_points_stealth(char **encrypted_out,
- size_t *encrypted_len_out,
- const char *encoded,
- const char *descriptor_cookie)
-{
- int r = -1, enclen;
- char *enc;
- tor_assert(encoded);
- tor_assert(descriptor_cookie);
-
- enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded));
- enc[0] = 0x02; /* Auth type */
- enclen = crypto_cipher_encrypt_with_iv(descriptor_cookie,
- enc + 1,
- CIPHER_IV_LEN+strlen(encoded),
- encoded, strlen(encoded));
- if (enclen < 0) {
- log_warn(LD_REND, "Could not encrypt introduction point string.");
- goto done;
- }
- *encrypted_out = enc;
- *encrypted_len_out = enclen;
- enc = NULL; /* prevent free */
- r = 0;
- done:
- tor_free(enc);
- return r;
-}
-
-/** Attempt to parse the given desc_str and return true if this
- * succeeds, false otherwise. */
-STATIC int
-rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc)
-{
- rend_service_descriptor_t *test_parsed = NULL;
- char test_desc_id[DIGEST_LEN];
- char *test_intro_content = NULL;
- size_t test_intro_size;
- size_t test_encoded_size;
- const char *test_next;
- int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id,
- &test_intro_content,
- &test_intro_size,
- &test_encoded_size,
- &test_next, desc->desc_str, 1);
- rend_service_descriptor_free(test_parsed);
- tor_free(test_intro_content);
- return (res >= 0);
-}
-
-/** Free the storage held by an encoded v2 service descriptor. */
-void
-rend_encoded_v2_service_descriptor_free_(
- rend_encoded_v2_service_descriptor_t *desc)
-{
- if (!desc)
- return;
- tor_free(desc->desc_str);
- tor_free(desc);
-}
-
-/** Free the storage held by an introduction point info. */
-void
-rend_intro_point_free_(rend_intro_point_t *intro)
-{
- if (!intro)
- return;
-
- extend_info_free(intro->extend_info);
- crypto_pk_free(intro->intro_key);
-
- if (intro->accepted_intro_rsa_parts != NULL) {
- replaycache_free(intro->accepted_intro_rsa_parts);
- }
-
- tor_free(intro);
-}
-
-/** Encode a set of rend_encoded_v2_service_descriptor_t's for desc
- * at time now using service_key, depending on
- * auth_type a descriptor_cookie and a list of
- * client_cookies (which are both NULL if no client
- * authorization is performed), and period (e.g. 0 for the current
- * period, 1 for the next period, etc.) and add them to the existing list
- * descs_out; return the number of seconds that the descriptors will
- * be found by clients, or -1 if the encoding was not successful. */
-int
-rend_encode_v2_descriptors(smartlist_t *descs_out,
- rend_service_descriptor_t *desc, time_t now,
- uint8_t period, rend_auth_type_t auth_type,
- crypto_pk_t *client_key,
- smartlist_t *client_cookies)
-{
- char service_id[DIGEST_LEN];
- char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1];
- uint32_t time_period;
- char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL,
- *descriptor_cookie = NULL;
- size_t ipos_len = 0, ipos_encrypted_len = 0;
- int k;
- uint32_t seconds_valid;
- crypto_pk_t *service_key;
- if (!desc) {
- log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
- return -1;
- }
- service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk;
- tor_assert(service_key);
- if (auth_type == REND_STEALTH_AUTH) {
- descriptor_cookie = smartlist_get(client_cookies, 0);
- tor_assert(descriptor_cookie);
- }
- /* Obtain service_id from public key. */
- if (crypto_pk_get_digest(service_key, service_id) < 0) {
- log_warn(LD_BUG, "Couldn't compute service key digest.");
- return -1;
- }
- /* Calculate current time-period. */
- time_period = get_time_period(now, period, service_id);
- /* Determine how many seconds the descriptor will be valid. */
- seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY +
- get_seconds_valid(now, service_id);
- /* Assemble, possibly encrypt, and encode introduction points. */
- if (smartlist_len(desc->intro_nodes) > 0) {
- if (rend_encode_v2_intro_points(&ipos, desc) < 0) {
- log_warn(LD_REND, "Encoding of introduction points did not succeed.");
- return -1;
- }
- switch (auth_type) {
- case REND_NO_AUTH:
- ipos_len = strlen(ipos);
- break;
- case REND_BASIC_AUTH:
- if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted,
- &ipos_encrypted_len, ipos,
- client_cookies) < 0) {
- log_warn(LD_REND, "Encrypting of introduction points did not "
- "succeed.");
- tor_free(ipos);
- return -1;
- }
- tor_free(ipos);
- ipos = ipos_encrypted;
- ipos_len = ipos_encrypted_len;
- break;
- case REND_STEALTH_AUTH:
- if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted,
- &ipos_encrypted_len, ipos,
- descriptor_cookie) < 0) {
- log_warn(LD_REND, "Encrypting of introduction points did not "
- "succeed.");
- tor_free(ipos);
- return -1;
- }
- tor_free(ipos);
- ipos = ipos_encrypted;
- ipos_len = ipos_encrypted_len;
- break;
- case REND_V3_AUTH:
- break; /* v3 service, break. */
- default:
- log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d",
- (int)auth_type);
- tor_free(ipos);
- return -1;
- }
- /* Base64-encode introduction points. */
- ipos_base64 = tor_calloc(ipos_len, 2);
- if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len,
- BASE64_ENCODE_MULTILINE)<0) {
- log_warn(LD_REND, "Could not encode introduction point string to "
- "base64. length=%d", (int)ipos_len);
- tor_free(ipos_base64);
- tor_free(ipos);
- return -1;
- }
- tor_free(ipos);
- }
- /* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */
- for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) {
- char secret_id_part[DIGEST_LEN];
- char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1];
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- char *permanent_key = NULL;
- size_t permanent_key_len;
- char published[ISO_TIME_LEN+1];
- int i;
- char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */
- size_t protocol_versions_written;
- size_t desc_len;
- char *desc_str = NULL;
- int result = 0;
- size_t written = 0;
- char desc_digest[DIGEST_LEN];
- rend_encoded_v2_service_descriptor_t *enc =
- tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
- /* Calculate secret-id-part = h(time-period | cookie | replica). */
- get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
- k);
- base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32),
- secret_id_part, DIGEST_LEN);
- /* Calculate descriptor ID. */
- rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part);
- base32_encode(desc_id_base32, sizeof(desc_id_base32),
- enc->desc_id, DIGEST_LEN);
- /* PEM-encode the public key */
- if (crypto_pk_write_public_key_to_string(service_key, &permanent_key,
- &permanent_key_len) < 0) {
- log_warn(LD_BUG, "Could not write public key to string.");
- rend_encoded_v2_service_descriptor_free(enc);
- goto err;
- }
- /* Encode timestamp. */
- format_iso_time(published, desc->timestamp);
- /* Write protocol-versions bitmask to comma-separated value string. */
- protocol_versions_written = 0;
- for (i = 0; i < 8; i++) {
- if (desc->protocols & 1 << i) {
- tor_snprintf(protocol_versions_string + protocol_versions_written,
- 16 - protocol_versions_written, "%d,", i);
- protocol_versions_written += 2;
- }
- }
- if (protocol_versions_written)
- protocol_versions_string[protocol_versions_written - 1] = '\0';
- else
- protocol_versions_string[0]= '\0';
- /* Assemble complete descriptor. */
- desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long,
- but okay.*/
- enc->desc_str = desc_str = tor_malloc_zero(desc_len);
- result = tor_snprintf(desc_str, desc_len,
- "rendezvous-service-descriptor %s\n"
- "version 2\n"
- "permanent-key\n%s"
- "secret-id-part %s\n"
- "publication-time %s\n"
- "protocol-versions %s\n",
- desc_id_base32,
- permanent_key,
- secret_id_part_base32,
- published,
- protocol_versions_string);
- tor_free(permanent_key);
- if (result < 0) {
- log_warn(LD_BUG, "Descriptor ran out of room.");
- rend_encoded_v2_service_descriptor_free(enc);
- goto err;
- }
- written = result;
- /* Add introduction points. */
- if (ipos_base64) {
- result = tor_snprintf(desc_str + written, desc_len - written,
- "introduction-points\n"
- "-----BEGIN MESSAGE-----\n%s"
- "-----END MESSAGE-----\n",
- ipos_base64);
- if (result < 0) {
- log_warn(LD_BUG, "could not write introduction points.");
- rend_encoded_v2_service_descriptor_free(enc);
- goto err;
- }
- written += result;
- }
- /* Add signature. */
- strlcpy(desc_str + written, "signature\n", desc_len - written);
- written += strlen(desc_str + written);
- if (crypto_digest(desc_digest, desc_str, written) < 0) {
- log_warn(LD_BUG, "could not create digest.");
- rend_encoded_v2_service_descriptor_free(enc);
- goto err;
- }
- if (router_append_dirobj_signature(desc_str + written,
- desc_len - written,
- desc_digest, DIGEST_LEN,
- service_key) < 0) {
- log_warn(LD_BUG, "Couldn't sign desc.");
- rend_encoded_v2_service_descriptor_free(enc);
- goto err;
- }
- written += strlen(desc_str+written);
- if (written+2 > desc_len) {
- log_warn(LD_BUG, "Could not finish desc.");
- rend_encoded_v2_service_descriptor_free(enc);
- goto err;
- }
- desc_str[written++] = 0;
- /* Check if we can parse our own descriptor. */
- if (!rend_desc_v2_is_parsable(enc)) {
- log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str);
- rend_encoded_v2_service_descriptor_free(enc);
- goto err;
- }
- smartlist_add(descs_out, enc);
- /* Add the uploaded descriptor to the local service's descriptor cache */
- rend_cache_store_v2_desc_as_service(enc->desc_str);
- base32_encode(service_id_base32, sizeof(service_id_base32),
- service_id, REND_SERVICE_ID_LEN);
- control_event_hs_descriptor_created(service_id_base32, desc_id_base32, k);
- }
-
- log_info(LD_REND, "Successfully encoded a v2 descriptor and "
- "confirmed that it is parsable.");
- goto done;
-
- err:
- SMARTLIST_FOREACH(descs_out, rend_encoded_v2_service_descriptor_t *, d,
- rend_encoded_v2_service_descriptor_free(d););
- smartlist_clear(descs_out);
- seconds_valid = -1;
-
- done:
- tor_free(ipos_base64);
- return seconds_valid;
-}
-
-/** Sets out to the first 10 bytes of the digest of pk,
- * base32 encoded. NUL-terminates out. (We use this string to
- * identify services in directory requests and .onion URLs.)
- */
-int
-rend_get_service_id(crypto_pk_t *pk, char *out)
-{
- char buf[DIGEST_LEN];
- tor_assert(pk);
- if (crypto_pk_get_digest(pk, buf) < 0)
- return -1;
- base32_encode(out, REND_SERVICE_ID_LEN_BASE32+1, buf, REND_SERVICE_ID_LEN);
- return 0;
-}
-
-/** Return true iff query is a syntactically valid service ID (as
- * generated by rend_get_service_id). */
-int
-rend_valid_v2_service_id(const char *query)
-{
- if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
- return 0;
-
- if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
- return 0;
-
- return 1;
-}
-
-/** Return true iff query is a syntactically valid descriptor ID.
- * (as generated by rend_get_descriptor_id_bytes). */
-int
-rend_valid_descriptor_id(const char *query)
-{
- if (strlen(query) != REND_DESC_ID_V2_LEN_BASE32) {
- goto invalid;
- }
- if (strspn(query, BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) {
- goto invalid;
- }
-
- return 1;
-
- invalid:
- return 0;
-}
-
-/** Return true iff client_name is a syntactically valid name
- * for rendezvous client authentication. */
-int
-rend_valid_client_name(const char *client_name)
-{
- size_t len = strlen(client_name);
- if (len < 1 || len > REND_CLIENTNAME_MAX_LEN) {
- return 0;
- }
- if (strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) {
- return 0;
- }
-
- return 1;
-}
/** Called when we get a rendezvous-related relay cell on circuit
* circ. Dispatch on rendezvous relay command. */
@@ -842,168 +101,6 @@ rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
command);
}
-/** Determine the routers that are responsible for id (binary) and
- * add pointers to those routers' routerstatus_t to responsible_dirs.
- * Return -1 if we're returning an empty smartlist, else return 0.
- */
-int
-hid_serv_get_responsible_directories(smartlist_t *responsible_dirs,
- const char *id)
-{
- int start, found, n_added = 0, i;
- networkstatus_t *c = networkstatus_get_latest_consensus();
- if (!c || !smartlist_len(c->routerstatus_list)) {
- log_info(LD_REND, "We don't have a consensus, so we can't perform v2 "
- "rendezvous operations.");
- return -1;
- }
- tor_assert(id);
- start = networkstatus_vote_find_entry_idx(c, id, &found);
- if (start == smartlist_len(c->routerstatus_list)) start = 0;
- i = start;
- do {
- routerstatus_t *r = smartlist_get(c->routerstatus_list, i);
- if (r->is_hs_dir) {
- smartlist_add(responsible_dirs, r);
- if (++n_added == REND_NUMBER_OF_CONSECUTIVE_REPLICAS)
- return 0;
- }
- if (++i == smartlist_len(c->routerstatus_list))
- i = 0;
- } while (i != start);
-
- /* Even though we don't have the desired number of hidden service
- * directories, be happy if we got any. */
- return smartlist_len(responsible_dirs) ? 0 : -1;
-}
-
-/* Length of the 'extended' auth cookie used to encode auth type before
- * base64 encoding. */
-#define REND_DESC_COOKIE_LEN_EXT (REND_DESC_COOKIE_LEN + 1)
-/* Length of the zero-padded auth cookie when base64 encoded. These two
- * padding bytes always (A=) are stripped off of the returned cookie. */
-#define REND_DESC_COOKIE_LEN_EXT_BASE64 (REND_DESC_COOKIE_LEN_BASE64 + 2)
-
-/** Encode a client authorization descriptor cookie.
- * The result of this function is suitable for use in the HidServAuth
- * option. The trailing padding characters are removed, and the
- * auth type is encoded into the cookie.
- *
- * Returns a new base64-encoded cookie. This function cannot fail.
- * The caller is responsible for freeing the returned value.
- */
-char *
-rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type)
-{
- uint8_t extended_cookie[REND_DESC_COOKIE_LEN_EXT];
- char *cookie_out = tor_malloc_zero(REND_DESC_COOKIE_LEN_EXT_BASE64 + 1);
- int re;
-
- tor_assert(cookie_in);
-
- memcpy(extended_cookie, cookie_in, REND_DESC_COOKIE_LEN);
- extended_cookie[REND_DESC_COOKIE_LEN] = ((int)auth_type - 1) << 4;
- re = base64_encode(cookie_out, REND_DESC_COOKIE_LEN_EXT_BASE64 + 1,
- (const char *) extended_cookie, REND_DESC_COOKIE_LEN_EXT,
- 0);
- tor_assert(re == REND_DESC_COOKIE_LEN_EXT_BASE64);
-
- /* Remove the trailing 'A='. Auth type is encoded in the high bits
- * of the last byte, so the last base64 character will always be zero
- * (A). This is subtly different behavior from base64_encode_nopad. */
- cookie_out[REND_DESC_COOKIE_LEN_BASE64] = '\0';
- memwipe(extended_cookie, 0, sizeof(extended_cookie));
- return cookie_out;
-}
-
-/** Decode a base64-encoded client authorization descriptor cookie.
- * The descriptor_cookie can be truncated to REND_DESC_COOKIE_LEN_BASE64
- * characters (as given to clients), or may include the two padding
- * characters (as stored by the service).
- *
- * The result is stored in REND_DESC_COOKIE_LEN bytes of cookie_out.
- * The rend_auth_type_t decoded from the cookie is stored in the
- * optional auth_type_out parameter.
- *
- * Return 0 on success, or -1 on error. The caller is responsible for
- * freeing the returned err_msg.
- */
-int
-rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out,
- rend_auth_type_t *auth_type_out, char **err_msg_out)
-{
- uint8_t descriptor_cookie_decoded[REND_DESC_COOKIE_LEN_EXT + 1] = { 0 };
- char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_EXT_BASE64 + 1];
- const char *descriptor_cookie = cookie_in;
- char *err_msg = NULL;
- int auth_type_val = 0;
- int res = -1;
- int decoded_len;
-
- size_t len = strlen(descriptor_cookie);
- if (len == REND_DESC_COOKIE_LEN_BASE64) {
- /* Add a trailing zero byte to make base64-decoding happy. */
- tor_snprintf(descriptor_cookie_base64ext,
- sizeof(descriptor_cookie_base64ext),
- "%sA=", descriptor_cookie);
- descriptor_cookie = descriptor_cookie_base64ext;
- } else if (len != REND_DESC_COOKIE_LEN_EXT_BASE64) {
- tor_asprintf(&err_msg, "Authorization cookie has wrong length: %s",
- escaped(cookie_in));
- goto err;
- }
-
- decoded_len = base64_decode((char *) descriptor_cookie_decoded,
- sizeof(descriptor_cookie_decoded),
- descriptor_cookie,
- REND_DESC_COOKIE_LEN_EXT_BASE64);
- if (decoded_len != REND_DESC_COOKIE_LEN &&
- decoded_len != REND_DESC_COOKIE_LEN_EXT) {
- tor_asprintf(&err_msg, "Authorization cookie has invalid characters: %s",
- escaped(cookie_in));
- goto err;
- }
-
- if (auth_type_out) {
- auth_type_val = (descriptor_cookie_decoded[REND_DESC_COOKIE_LEN] >> 4) + 1;
- if (auth_type_val < 1 || auth_type_val > 2) {
- tor_asprintf(&err_msg, "Authorization cookie type is unknown: %s",
- escaped(cookie_in));
- goto err;
- }
- *auth_type_out = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH;
- }
-
- memcpy(cookie_out, descriptor_cookie_decoded, REND_DESC_COOKIE_LEN);
- res = 0;
- err:
- if (err_msg_out) {
- *err_msg_out = err_msg;
- } else {
- tor_free(err_msg);
- }
- memwipe(descriptor_cookie_decoded, 0, sizeof(descriptor_cookie_decoded));
- memwipe(descriptor_cookie_base64ext, 0, sizeof(descriptor_cookie_base64ext));
- return res;
-}
-
-/* Is this a rend client or server that allows direct (non-anonymous)
- * connections?
- * Onion services can be configured to start in this mode for single onion. */
-int
-rend_allow_non_anonymous_connection(const or_options_t* options)
-{
- return rend_service_allow_non_anonymous_connection(options);
-}
-
-/* Is this a rend client or server in non-anonymous mode?
- * Onion services can be configured to start in this mode for single onion. */
-int
-rend_non_anonymous_mode_enabled(const or_options_t *options)
-{
- return rend_service_non_anonymous_mode_enabled(options);
-}
-
/* Make sure that tor only builds one-hop circuits when they would not
* compromise user anonymity.
*
@@ -1022,35 +119,6 @@ assert_circ_anonymity_ok(const origin_circuit_t *circ,
tor_assert(circ->build_state);
if (circ->build_state->onehop_tunnel) {
- tor_assert(rend_allow_non_anonymous_connection(options));
+ tor_assert(hs_service_allow_non_anonymous_connection(options));
}
}
-
-/* Return 1 iff the given digest of a permenanent hidden service key is
- * equal to the digest in the origin circuit ocirc of its rend data .
- * If the rend data doesn't exist, 0 is returned. This function is agnostic to
- * the rend data version. */
-int
-rend_circuit_pk_digest_eq(const origin_circuit_t *ocirc,
- const uint8_t *digest)
-{
- size_t rend_pk_digest_len;
- const uint8_t *rend_pk_digest;
-
- tor_assert(ocirc);
- tor_assert(digest);
-
- if (ocirc->rend_data == NULL) {
- goto no_match;
- }
-
- rend_pk_digest = rend_data_get_pk_digest(ocirc->rend_data,
- &rend_pk_digest_len);
- if (tor_memeq(rend_pk_digest, digest, rend_pk_digest_len)) {
- goto match;
- }
- no_match:
- return 0;
- match:
- return 1;
-}
diff --git a/src/feature/rend/rendcommon.h b/src/feature/rend/rendcommon.h
index d8281e0578..502d594940 100644
--- a/src/feature/rend/rendcommon.h
+++ b/src/feature/rend/rendcommon.h
@@ -18,65 +18,12 @@ typedef enum rend_intro_point_failure_t {
INTRO_POINT_FAILURE_UNREACHABLE = 2,
} rend_intro_point_failure_t;
-int rend_cmp_service_ids(const char *one, const char *two);
-
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
int command, size_t length,
const uint8_t *payload);
-void rend_service_descriptor_free_(rend_service_descriptor_t *desc);
-#define rend_service_descriptor_free(desc) \
- FREE_AND_NULL(rend_service_descriptor_t, rend_service_descriptor_free_, \
- (desc))
-int rend_get_service_id(crypto_pk_t *pk, char *out);
-void rend_encoded_v2_service_descriptor_free_(
- rend_encoded_v2_service_descriptor_t *desc);
-#define rend_encoded_v2_service_descriptor_free(desc) \
- FREE_AND_NULL(rend_encoded_v2_service_descriptor_t, \
- rend_encoded_v2_service_descriptor_free_, (desc))
-void rend_intro_point_free_(rend_intro_point_t *intro);
-#define rend_intro_point_free(intro) \
- FREE_AND_NULL(rend_intro_point_t, rend_intro_point_free_, (intro))
-
-int rend_valid_v2_service_id(const char *query);
-int rend_valid_descriptor_id(const char *query);
-int rend_valid_client_name(const char *client_name);
-int rend_encode_v2_descriptors(smartlist_t *descs_out,
- rend_service_descriptor_t *desc, time_t now,
- uint8_t period, rend_auth_type_t auth_type,
- crypto_pk_t *client_key,
- smartlist_t *client_cookies);
-int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
- const char *descriptor_cookie,
- time_t now, uint8_t replica);
-void rend_get_descriptor_id_bytes(char *descriptor_id_out,
- const char *service_id,
- const char *secret_id_part);
-int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs,
- const char *id);
-
-int rend_circuit_pk_digest_eq(const origin_circuit_t *ocirc,
- const uint8_t *digest);
-
-char *rend_auth_encode_cookie(const uint8_t *cookie_in,
- rend_auth_type_t auth_type);
-int rend_auth_decode_cookie(const char *cookie_in,
- uint8_t *cookie_out,
- rend_auth_type_t *auth_type_out,
- char **err_msg_out);
-
-int rend_allow_non_anonymous_connection(const or_options_t* options);
-int rend_non_anonymous_mode_enabled(const or_options_t *options);
-
void assert_circ_anonymity_ok(const origin_circuit_t *circ,
const or_options_t *options);
-#ifdef RENDCOMMON_PRIVATE
-
-STATIC int
-rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc);
-
-#endif /* defined(RENDCOMMON_PRIVATE) */
-
#endif /* !defined(TOR_RENDCOMMON_H) */
diff --git a/src/feature/rend/rendparse.c b/src/feature/rend/rendparse.c
deleted file mode 100644
index c28add5ca9..0000000000
--- a/src/feature/rend/rendparse.c
+++ /dev/null
@@ -1,612 +0,0 @@
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file rendparse.c
- * \brief Code to parse and validate v2 hidden service descriptors.
- **/
-
-#include "core/or/or.h"
-#include "core/or/extendinfo.h"
-#include "feature/dirparse/parsecommon.h"
-#include "feature/dirparse/sigcommon.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendparse.h"
-#include "lib/memarea/memarea.h"
-
-#include "core/or/extend_info_st.h"
-#include "feature/rend/rend_authorized_client_st.h"
-#include "feature/rend/rend_intro_point_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
-
-/** List of tokens recognized in rendezvous service descriptors */
-static token_rule_t desc_token_table[] = {
- T1_START("rendezvous-service-descriptor", R_RENDEZVOUS_SERVICE_DESCRIPTOR,
- EQ(1), NO_OBJ),
- T1("version", R_VERSION, EQ(1), NO_OBJ),
- T1("permanent-key", R_PERMANENT_KEY, NO_ARGS, NEED_KEY_1024),
- T1("secret-id-part", R_SECRET_ID_PART, EQ(1), NO_OBJ),
- T1("publication-time", R_PUBLICATION_TIME, CONCAT_ARGS, NO_OBJ),
- T1("protocol-versions", R_PROTOCOL_VERSIONS, EQ(1), NO_OBJ),
- T01("introduction-points", R_INTRODUCTION_POINTS, NO_ARGS, NEED_OBJ),
- T1_END("signature", R_SIGNATURE, NO_ARGS, NEED_OBJ),
- END_OF_TABLE
-};
-
-/** List of tokens recognized in the (encrypted) list of introduction points of
- * rendezvous service descriptors */
-static token_rule_t ipo_token_table[] = {
- T1_START("introduction-point", R_IPO_IDENTIFIER, EQ(1), NO_OBJ),
- T1("ip-address", R_IPO_IP_ADDRESS, EQ(1), NO_OBJ),
- T1("onion-port", R_IPO_ONION_PORT, EQ(1), NO_OBJ),
- T1("onion-key", R_IPO_ONION_KEY, NO_ARGS, NEED_KEY_1024),
- T1("service-key", R_IPO_SERVICE_KEY, NO_ARGS, NEED_KEY_1024),
- END_OF_TABLE
-};
-
-/** List of tokens recognized in the (possibly encrypted) list of introduction
- * points of rendezvous service descriptors */
-static token_rule_t client_keys_token_table[] = {
- T1_START("client-name", C_CLIENT_NAME, CONCAT_ARGS, NO_OBJ),
- T1("descriptor-cookie", C_DESCRIPTOR_COOKIE, EQ(1), NO_OBJ),
- T01("client-key", C_CLIENT_KEY, NO_ARGS, NEED_SKEY_1024),
- END_OF_TABLE
-};
-
-/** Parse and validate the ASCII-encoded v2 descriptor in desc,
- * write the parsed descriptor to the newly allocated *parsed_out, the
- * binary descriptor ID of length DIGEST_LEN to desc_id_out, the
- * encrypted introduction points to the newly allocated
- * *intro_points_encrypted_out, their encrypted size to
- * *intro_points_encrypted_size_out, the size of the encoded descriptor
- * to *encoded_size_out, and a pointer to the possibly next
- * descriptor to *next_out; return 0 for success (including validation)
- * and -1 for failure.
- *
- * If as_hsdir is 1, we're parsing this as an HSDir, and we should
- * be strict about time formats.
- */
-int
-rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
- char *desc_id_out,
- char **intro_points_encrypted_out,
- size_t *intro_points_encrypted_size_out,
- size_t *encoded_size_out,
- const char **next_out, const char *desc,
- int as_hsdir)
-{
- rend_service_descriptor_t *result =
- tor_malloc_zero(sizeof(rend_service_descriptor_t));
- char desc_hash[DIGEST_LEN];
- const char *eos;
- smartlist_t *tokens = smartlist_new();
- directory_token_t *tok;
- char secret_id_part[DIGEST_LEN];
- int i, version, num_ok=1;
- smartlist_t *versions;
- char public_key_hash[DIGEST_LEN];
- char test_desc_id[DIGEST_LEN];
- memarea_t *area = NULL;
- const int strict_time_fmt = as_hsdir;
-
- tor_assert(desc);
- /* Check if desc starts correctly. */
- if (strcmpstart(desc, "rendezvous-service-descriptor ")) {
- log_info(LD_REND, "Descriptor does not start correctly.");
- goto err;
- }
- /* Compute descriptor hash for later validation. */
- if (router_get_hash_impl(desc, strlen(desc), desc_hash,
- "rendezvous-service-descriptor ",
- "\nsignature", '\n', DIGEST_SHA1) < 0) {
- log_warn(LD_REND, "Couldn't compute descriptor hash.");
- goto err;
- }
- /* Determine end of string. */
- eos = strstr(desc, "\nrendezvous-service-descriptor ");
- if (!eos)
- eos = desc + strlen(desc);
- else
- eos = eos + 1;
- /* Check length. */
- if (eos-desc > REND_DESC_MAX_SIZE) {
- /* XXXX+ If we are parsing this descriptor as a server, this
- * should be a protocol warning. */
- log_warn(LD_REND, "Descriptor length is %d which exceeds "
- "maximum rendezvous descriptor size of %d bytes.",
- (int)(eos-desc), REND_DESC_MAX_SIZE);
- goto err;
- }
- /* Tokenize descriptor. */
- area = memarea_new();
- if (tokenize_string(area, desc, eos, tokens, desc_token_table, 0)) {
- log_warn(LD_REND, "Error tokenizing descriptor.");
- goto err;
- }
- /* Set next to next descriptor, if available. */
- *next_out = eos;
- /* Set length of encoded descriptor. */
- *encoded_size_out = eos - desc;
- /* Check min allowed length of token list. */
- if (smartlist_len(tokens) < 7) {
- log_warn(LD_REND, "Impossibly short descriptor.");
- goto err;
- }
- /* Parse base32-encoded descriptor ID. */
- tok = find_by_keyword(tokens, R_RENDEZVOUS_SERVICE_DESCRIPTOR);
- tor_assert(tok == smartlist_get(tokens, 0));
- tor_assert(tok->n_args == 1);
- if (!rend_valid_descriptor_id(tok->args[0])) {
- log_warn(LD_REND, "Invalid descriptor ID: '%s'", tok->args[0]);
- goto err;
- }
- if (base32_decode(desc_id_out, DIGEST_LEN,
- tok->args[0], REND_DESC_ID_V2_LEN_BASE32) != DIGEST_LEN) {
- log_warn(LD_REND,
- "Descriptor ID has wrong length or illegal characters: %s",
- tok->args[0]);
- goto err;
- }
- /* Parse descriptor version. */
- tok = find_by_keyword(tokens, R_VERSION);
- tor_assert(tok->n_args == 1);
- result->version =
- (int) tor_parse_long(tok->args[0], 10, 0, INT_MAX, &num_ok, NULL);
- if (result->version != 2 || !num_ok) {
- /* If it's <2, it shouldn't be under this format. If the number
- * is greater than 2, we bumped it because we broke backward
- * compatibility. See how version numbers in our other formats
- * work. */
- log_warn(LD_REND, "Unrecognized descriptor version: %s",
- escaped(tok->args[0]));
- goto err;
- }
- /* Parse public key. */
- tok = find_by_keyword(tokens, R_PERMANENT_KEY);
- result->pk = tok->key;
- tok->key = NULL; /* Prevent free */
- /* Parse secret ID part. */
- tok = find_by_keyword(tokens, R_SECRET_ID_PART);
- tor_assert(tok->n_args == 1);
- if (strlen(tok->args[0]) != REND_SECRET_ID_PART_LEN_BASE32 ||
- strspn(tok->args[0], BASE32_CHARS) != REND_SECRET_ID_PART_LEN_BASE32) {
- log_warn(LD_REND, "Invalid secret ID part: '%s'", tok->args[0]);
- goto err;
- }
- if (base32_decode(secret_id_part, DIGEST_LEN, tok->args[0], 32) !=
- DIGEST_LEN) {
- log_warn(LD_REND,
- "Secret ID part has wrong length or illegal characters: %s",
- tok->args[0]);
- goto err;
- }
- /* Parse publication time -- up-to-date check is done when storing the
- * descriptor. */
- tok = find_by_keyword(tokens, R_PUBLICATION_TIME);
- tor_assert(tok->n_args == 1);
- if (parse_iso_time_(tok->args[0], &result->timestamp,
- strict_time_fmt, 0) < 0) {
- log_warn(LD_REND, "Invalid publication time: '%s'", tok->args[0]);
- goto err;
- }
- /* Parse protocol versions. */
- tok = find_by_keyword(tokens, R_PROTOCOL_VERSIONS);
- tor_assert(tok->n_args == 1);
- versions = smartlist_new();
- smartlist_split_string(versions, tok->args[0], ",",
- SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
- for (i = 0; i < smartlist_len(versions); i++) {
- version = (int) tor_parse_long(smartlist_get(versions, i),
- 10, 0, INT_MAX, &num_ok, NULL);
- if (!num_ok) /* It's a string; let's ignore it. */
- continue;
- if (version >= REND_PROTOCOL_VERSION_BITMASK_WIDTH)
- /* Avoid undefined left-shift behaviour. */
- continue;
- result->protocols |= 1 << version;
- }
- SMARTLIST_FOREACH(versions, char *, cp, tor_free(cp));
- smartlist_free(versions);
- /* Parse encrypted introduction points. Don't verify. */
- tok = find_opt_by_keyword(tokens, R_INTRODUCTION_POINTS);
- if (tok) {
- if (strcmp(tok->object_type, "MESSAGE")) {
- log_warn(LD_DIR, "Bad object type: introduction points should be of "
- "type MESSAGE");
- goto err;
- }
- *intro_points_encrypted_out = tor_memdup(tok->object_body,
- tok->object_size);
- *intro_points_encrypted_size_out = tok->object_size;
- } else {
- *intro_points_encrypted_out = NULL;
- *intro_points_encrypted_size_out = 0;
- }
- /* Parse and verify signature. */
- tok = find_by_keyword(tokens, R_SIGNATURE);
- if (check_signature_token(desc_hash, DIGEST_LEN, tok, result->pk, 0,
- "v2 rendezvous service descriptor") < 0)
- goto err;
- /* Verify that descriptor ID belongs to public key and secret ID part. */
- if (crypto_pk_get_digest(result->pk, public_key_hash) < 0) {
- log_warn(LD_REND, "Unable to compute rend descriptor public key digest");
- goto err;
- }
- rend_get_descriptor_id_bytes(test_desc_id, public_key_hash,
- secret_id_part);
- if (tor_memneq(desc_id_out, test_desc_id, DIGEST_LEN)) {
- log_warn(LD_REND, "Parsed descriptor ID does not match "
- "computed descriptor ID.");
- goto err;
- }
- goto done;
- err:
- rend_service_descriptor_free(result);
- result = NULL;
- done:
- if (tokens) {
- SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
- smartlist_free(tokens);
- }
- if (area)
- memarea_drop_all(area);
- *parsed_out = result;
- if (result)
- return 0;
- return -1;
-}
-
-/** Decrypt the encrypted introduction points in ipos_encrypted of
- * length ipos_encrypted_size using descriptor_cookie and
- * write the result to a newly allocated string that is pointed to by
- * ipos_decrypted and its length to ipos_decrypted_size.
- * Return 0 if decryption was successful and -1 otherwise. */
-int
-rend_decrypt_introduction_points(char **ipos_decrypted,
- size_t *ipos_decrypted_size,
- const char *descriptor_cookie,
- const char *ipos_encrypted,
- size_t ipos_encrypted_size)
-{
- tor_assert(ipos_encrypted);
- tor_assert(descriptor_cookie);
- if (ipos_encrypted_size < 2) {
- log_warn(LD_REND, "Size of encrypted introduction points is too "
- "small.");
- return -1;
- }
- if (ipos_encrypted[0] == (int)REND_BASIC_AUTH) {
- char iv[CIPHER_IV_LEN], client_id[REND_BASIC_AUTH_CLIENT_ID_LEN],
- session_key[CIPHER_KEY_LEN], *dec;
- int declen, client_blocks;
- size_t pos = 0, len, client_entries_len;
- crypto_digest_t *digest;
- crypto_cipher_t *cipher;
- client_blocks = (int) ipos_encrypted[1];
- client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
- REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
- if (ipos_encrypted_size < 2 + client_entries_len + CIPHER_IV_LEN + 1) {
- log_warn(LD_REND, "Size of encrypted introduction points is too "
- "small.");
- return -1;
- }
- memcpy(iv, ipos_encrypted + 2 + client_entries_len, CIPHER_IV_LEN);
- digest = crypto_digest_new();
- crypto_digest_add_bytes(digest, descriptor_cookie, REND_DESC_COOKIE_LEN);
- crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
- crypto_digest_get_digest(digest, client_id,
- REND_BASIC_AUTH_CLIENT_ID_LEN);
- crypto_digest_free(digest);
- for (pos = 2; pos < 2 + client_entries_len;
- pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN) {
- if (tor_memeq(ipos_encrypted + pos, client_id,
- REND_BASIC_AUTH_CLIENT_ID_LEN)) {
- /* Attempt to decrypt introduction points. */
- cipher = crypto_cipher_new(descriptor_cookie);
- if (crypto_cipher_decrypt(cipher, session_key, ipos_encrypted
- + pos + REND_BASIC_AUTH_CLIENT_ID_LEN,
- CIPHER_KEY_LEN) < 0) {
- log_warn(LD_REND, "Could not decrypt session key for client.");
- crypto_cipher_free(cipher);
- return -1;
- }
- crypto_cipher_free(cipher);
-
- len = ipos_encrypted_size - 2 - client_entries_len - CIPHER_IV_LEN;
- dec = tor_malloc_zero(len + 1);
- declen = crypto_cipher_decrypt_with_iv(session_key, dec, len,
- ipos_encrypted + 2 + client_entries_len,
- ipos_encrypted_size - 2 - client_entries_len);
-
- if (declen < 0) {
- log_warn(LD_REND, "Could not decrypt introduction point string.");
- tor_free(dec);
- return -1;
- }
- if (fast_memcmpstart(dec, declen, "introduction-point ")) {
- log_warn(LD_REND, "Decrypted introduction points don't "
- "look like we could parse them.");
- tor_free(dec);
- continue;
- }
- *ipos_decrypted = dec;
- *ipos_decrypted_size = declen;
- return 0;
- }
- }
- log_warn(LD_REND, "Could not decrypt introduction points. Please "
- "check your authorization for this service!");
- return -1;
- } else if (ipos_encrypted[0] == (int)REND_STEALTH_AUTH) {
- char *dec;
- int declen;
- if (ipos_encrypted_size < CIPHER_IV_LEN + 2) {
- log_warn(LD_REND, "Size of encrypted introduction points is too "
- "small.");
- return -1;
- }
- dec = tor_malloc_zero(ipos_encrypted_size - CIPHER_IV_LEN - 1 + 1);
-
- declen = crypto_cipher_decrypt_with_iv(descriptor_cookie, dec,
- ipos_encrypted_size -
- CIPHER_IV_LEN - 1,
- ipos_encrypted + 1,
- ipos_encrypted_size - 1);
-
- if (declen < 0) {
- log_warn(LD_REND, "Decrypting introduction points failed!");
- tor_free(dec);
- return -1;
- }
- *ipos_decrypted = dec;
- *ipos_decrypted_size = declen;
- return 0;
- } else {
- log_warn(LD_REND, "Unknown authorization type number: %d",
- ipos_encrypted[0]);
- return -1;
- }
-}
-
-/** Parse the encoded introduction points in intro_points_encoded of
- * length intro_points_encoded_size and write the result to the
- * descriptor in parsed; return the number of successfully parsed
- * introduction points or -1 in case of a failure. */
-int
-rend_parse_introduction_points(rend_service_descriptor_t *parsed,
- const char *intro_points_encoded,
- size_t intro_points_encoded_size)
-{
- const char *current_ipo, *end_of_intro_points;
- smartlist_t *tokens = NULL;
- directory_token_t *tok;
- rend_intro_point_t *intro;
- extend_info_t *info;
- int result, num_ok=1;
- memarea_t *area = NULL;
- tor_assert(parsed);
- /** Function may only be invoked once. */
- tor_assert(!parsed->intro_nodes);
- if (!intro_points_encoded || intro_points_encoded_size == 0) {
- log_warn(LD_REND, "Empty or zero size introduction point list");
- goto err;
- }
- /* Consider one intro point after the other. */
- current_ipo = intro_points_encoded;
- end_of_intro_points = intro_points_encoded + intro_points_encoded_size;
- tokens = smartlist_new();
- parsed->intro_nodes = smartlist_new();
- area = memarea_new();
-
- while (!fast_memcmpstart(current_ipo, end_of_intro_points-current_ipo,
- "introduction-point ")) {
- /* Determine end of string. */
- const char *eos = tor_memstr(current_ipo, end_of_intro_points-current_ipo,
- "\nintroduction-point ");
- if (!eos)
- eos = end_of_intro_points;
- else
- eos = eos+1;
- tor_assert(eos <= intro_points_encoded+intro_points_encoded_size);
- /* Free tokens and clear token list. */
- SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
- smartlist_clear(tokens);
- memarea_clear(area);
- /* Tokenize string. */
- if (tokenize_string(area, current_ipo, eos, tokens, ipo_token_table, 0)) {
- log_warn(LD_REND, "Error tokenizing introduction point");
- goto err;
- }
- /* Advance to next introduction point, if available. */
- current_ipo = eos;
- /* Check minimum allowed length of introduction point. */
- if (smartlist_len(tokens) < 5) {
- log_warn(LD_REND, "Impossibly short introduction point.");
- goto err;
- }
- /* Allocate new intro point and extend info. */
- intro = tor_malloc_zero(sizeof(rend_intro_point_t));
- info = intro->extend_info =
- extend_info_new(NULL, NULL, NULL, NULL, NULL, NULL, 0);
- /* Parse identifier. */
- tok = find_by_keyword(tokens, R_IPO_IDENTIFIER);
- if (base32_decode(info->identity_digest, DIGEST_LEN,
- tok->args[0], REND_INTRO_POINT_ID_LEN_BASE32) !=
- DIGEST_LEN) {
- log_warn(LD_REND,
- "Identity digest has wrong length or illegal characters: %s",
- tok->args[0]);
- rend_intro_point_free(intro);
- goto err;
- }
- /* Write identifier to nickname. */
- info->nickname[0] = '$';
- base16_encode(info->nickname + 1, sizeof(info->nickname) - 1,
- info->identity_digest, DIGEST_LEN);
- /* Parse IP address. */
- tok = find_by_keyword(tokens, R_IPO_IP_ADDRESS);
- tor_addr_t addr;
- if (tor_addr_parse(&addr, tok->args[0])<0) {
- log_warn(LD_REND, "Could not parse introduction point address.");
- rend_intro_point_free(intro);
- goto err;
- }
- if (tor_addr_family(&addr) != AF_INET) {
- log_warn(LD_REND, "Introduction point address was not ipv4.");
- rend_intro_point_free(intro);
- goto err;
- }
-
- /* Parse onion port. */
- tok = find_by_keyword(tokens, R_IPO_ONION_PORT);
- uint16_t port = (uint16_t) tor_parse_long(tok->args[0],10,1,65535,
- &num_ok,NULL);
- if (!port || !num_ok) {
- log_warn(LD_REND, "Introduction point onion port %s is invalid",
- escaped(tok->args[0]));
- rend_intro_point_free(intro);
- goto err;
- }
-
- /* Add the address and port. */
- extend_info_add_orport(info, &addr, port);
-
- /* Parse onion key. */
- tok = find_by_keyword(tokens, R_IPO_ONION_KEY);
- if (!crypto_pk_public_exponent_ok(tok->key)) {
- log_warn(LD_REND,
- "Introduction point's onion key had invalid exponent.");
- rend_intro_point_free(intro);
- goto err;
- }
- info->onion_key = tok->key;
- tok->key = NULL; /* Prevent free */
- /* Parse service key. */
- tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY);
- if (!crypto_pk_public_exponent_ok(tok->key)) {
- log_warn(LD_REND,
- "Introduction point key had invalid exponent.");
- rend_intro_point_free(intro);
- goto err;
- }
- intro->intro_key = tok->key;
- tok->key = NULL; /* Prevent free */
- /* Add extend info to list of introduction points. */
- smartlist_add(parsed->intro_nodes, intro);
- }
- result = smartlist_len(parsed->intro_nodes);
- goto done;
-
- err:
- result = -1;
-
- done:
- /* Free tokens and clear token list. */
- if (tokens) {
- SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
- smartlist_free(tokens);
- }
- if (area)
- memarea_drop_all(area);
-
- return result;
-}
-
-/** Parse the content of a client_key file in ckstr and add
- * rend_authorized_client_t's for each parsed client to
- * parsed_clients. Return the number of parsed clients as result
- * or -1 for failure. */
-int
-rend_parse_client_keys(strmap_t *parsed_clients, const char *ckstr)
-{
- int result = -1;
- smartlist_t *tokens;
- directory_token_t *tok;
- const char *current_entry = NULL;
- memarea_t *area = NULL;
- char *err_msg = NULL;
- if (!ckstr || strlen(ckstr) == 0)
- return -1;
- tokens = smartlist_new();
- /* Begin parsing with first entry, skipping comments or whitespace at the
- * beginning. */
- area = memarea_new();
- current_entry = eat_whitespace(ckstr);
- while (!strcmpstart(current_entry, "client-name ")) {
- rend_authorized_client_t *parsed_entry;
- /* Determine end of string. */
- const char *eos = strstr(current_entry, "\nclient-name ");
- if (!eos)
- eos = current_entry + strlen(current_entry);
- else
- eos = eos + 1;
- /* Free tokens and clear token list. */
- SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
- smartlist_clear(tokens);
- memarea_clear(area);
- /* Tokenize string. */
- if (tokenize_string(area, current_entry, eos, tokens,
- client_keys_token_table, 0)) {
- log_warn(LD_REND, "Error tokenizing client keys file.");
- goto err;
- }
- /* Advance to next entry, if available. */
- current_entry = eos;
- /* Check minimum allowed length of token list. */
- if (smartlist_len(tokens) < 2) {
- log_warn(LD_REND, "Impossibly short client key entry.");
- goto err;
- }
- /* Parse client name. */
- tok = find_by_keyword(tokens, C_CLIENT_NAME);
- tor_assert(tok == smartlist_get(tokens, 0));
- tor_assert(tok->n_args == 1);
-
- if (!rend_valid_client_name(tok->args[0])) {
- log_warn(LD_CONFIG, "Illegal client name: %s. (Length must be "
- "between 1 and %d, and valid characters are "
- "[A-Za-z0-9+-_].)", tok->args[0], REND_CLIENTNAME_MAX_LEN);
- goto err;
- }
- /* Check if client name is duplicate. */
- if (strmap_get(parsed_clients, tok->args[0])) {
- log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains a "
- "duplicate client name: '%s'. Ignoring.", tok->args[0]);
- goto err;
- }
- parsed_entry = tor_malloc_zero(sizeof(rend_authorized_client_t));
- parsed_entry->client_name = tor_strdup(tok->args[0]);
- strmap_set(parsed_clients, parsed_entry->client_name, parsed_entry);
- /* Parse client key. */
- tok = find_opt_by_keyword(tokens, C_CLIENT_KEY);
- if (tok) {
- parsed_entry->client_key = tok->key;
- tok->key = NULL; /* Prevent free */
- }
-
- /* Parse descriptor cookie. */
- tok = find_by_keyword(tokens, C_DESCRIPTOR_COOKIE);
- tor_assert(tok->n_args == 1);
- if (rend_auth_decode_cookie(tok->args[0], parsed_entry->descriptor_cookie,
- NULL, &err_msg) < 0) {
- tor_assert(err_msg);
- log_warn(LD_REND, "%s", err_msg);
- tor_free(err_msg);
- goto err;
- }
- }
- result = strmap_size(parsed_clients);
- goto done;
- err:
- result = -1;
- done:
- /* Free tokens and clear token list. */
- SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
- smartlist_free(tokens);
- if (area)
- memarea_drop_all(area);
- return result;
-}
diff --git a/src/feature/rend/rendparse.h b/src/feature/rend/rendparse.h
deleted file mode 100644
index 75109c204d..0000000000
--- a/src/feature/rend/rendparse.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file rendparse.h
- * \brief Header file for rendparse.c.
- **/
-
-#ifndef TOR_REND_PARSE_H
-#define TOR_REND_PARSE_H
-
-int rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
- char *desc_id_out,
- char **intro_points_encrypted_out,
- size_t *intro_points_encrypted_size_out,
- size_t *encoded_size_out,
- const char **next_out, const char *desc,
- int as_hsdir);
-int rend_decrypt_introduction_points(char **ipos_decrypted,
- size_t *ipos_decrypted_size,
- const char *descriptor_cookie,
- const char *ipos_encrypted,
- size_t ipos_encrypted_size);
-int rend_parse_introduction_points(rend_service_descriptor_t *parsed,
- const char *intro_points_encoded,
- size_t intro_points_encoded_size);
-int rend_parse_client_keys(strmap_t *parsed_clients, const char *str);
-
-#endif /* !defined(TOR_REND_PARSE_H) */
diff --git a/src/feature/rend/rendservice.c b/src/feature/rend/rendservice.c
deleted file mode 100644
index a744f6f93a..0000000000
--- a/src/feature/rend/rendservice.c
+++ /dev/null
@@ -1,4403 +0,0 @@
-/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file rendservice.c
- * \brief The hidden-service side of rendezvous functionality.
- **/
-
-#define RENDSERVICE_PRIVATE
-
-#include "core/or/or.h"
-
-#include "app/config/config.h"
-#include "core/mainloop/mainloop.h"
-#include "core/or/circuitbuild.h"
-#include "core/or/circuitlist.h"
-#include "core/or/circuituse.h"
-#include "core/or/extendinfo.h"
-#include "core/or/policies.h"
-#include "core/or/relay.h"
-#include "core/or/crypt_path.h"
-#include "feature/client/circpathbias.h"
-#include "feature/control/control_events.h"
-#include "feature/dirclient/dirclient.h"
-#include "feature/dircommon/directory.h"
-#include "feature/hs/hs_common.h"
-#include "feature/hs/hs_config.h"
-#include "feature/hs_common/replaycache.h"
-#include "feature/keymgt/loadkey.h"
-#include "feature/nodelist/describe.h"
-#include "feature/nodelist/networkstatus.h"
-#include "feature/nodelist/nickname.h"
-#include "feature/nodelist/node_select.h"
-#include "feature/nodelist/nodelist.h"
-#include "feature/nodelist/routerset.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendparse.h"
-#include "feature/rend/rendservice.h"
-#include "feature/stats/predict_ports.h"
-#include "lib/crypt_ops/crypto_dh.h"
-#include "lib/crypt_ops/crypto_rand.h"
-#include "lib/crypt_ops/crypto_util.h"
-#include "lib/encoding/confline.h"
-#include "lib/net/resolve.h"
-
-#include "core/or/cpath_build_state_st.h"
-#include "core/or/crypt_path_st.h"
-#include "core/or/crypt_path_reference_st.h"
-#include "core/or/edge_connection_st.h"
-#include "core/or/extend_info_st.h"
-#include "feature/hs/hs_opts_st.h"
-#include "feature/nodelist/networkstatus_st.h"
-#include "core/or/origin_circuit_st.h"
-#include "feature/rend/rend_authorized_client_st.h"
-#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
-#include "feature/rend/rend_intro_point_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
-#include "feature/nodelist/routerstatus_st.h"
-
-#ifdef HAVE_FCNTL_H
-#include
-#endif
-#ifdef HAVE_UNISTD_H
-#include
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include
-#endif
-
-struct rend_service_t;
-static origin_circuit_t *find_intro_circuit(rend_intro_point_t *intro,
- const char *pk_digest);
-static rend_intro_point_t *find_intro_point(origin_circuit_t *circ);
-static rend_intro_point_t *find_expiring_intro_point(
- struct rend_service_t *service, origin_circuit_t *circ);
-
-static extend_info_t *find_rp_for_intro(
- const rend_intro_cell_t *intro,
- char **err_msg_out);
-
-static int intro_point_accepted_intro_count(rend_intro_point_t *intro);
-static int intro_point_should_expire_now(rend_intro_point_t *intro,
- time_t now);
-static int rend_service_derive_key_digests(struct rend_service_t *s);
-static int rend_service_load_keys(struct rend_service_t *s);
-static int rend_service_load_auth_keys(struct rend_service_t *s,
- const char *hfname);
-static struct rend_service_t *rend_service_get_by_pk_digest(
- const char* digest);
-static struct rend_service_t *rend_service_get_by_service_id(const char *id);
-static const char *rend_service_escaped_dir(
- const struct rend_service_t *s);
-
-static ssize_t rend_service_parse_intro_for_v0_or_v1(
- rend_intro_cell_t *intro,
- const uint8_t *buf,
- size_t plaintext_len,
- char **err_msg_out);
-static ssize_t rend_service_parse_intro_for_v2(
- rend_intro_cell_t *intro,
- const uint8_t *buf,
- size_t plaintext_len,
- char **err_msg_out);
-static ssize_t rend_service_parse_intro_for_v3(
- rend_intro_cell_t *intro,
- const uint8_t *buf,
- size_t plaintext_len,
- char **err_msg_out);
-
-static int rend_service_check_private_dir(const or_options_t *options,
- const rend_service_t *s,
- int create);
-static const smartlist_t* rend_get_service_list(
- const smartlist_t* substitute_service_list);
-static smartlist_t* rend_get_service_list_mutable(
- smartlist_t* substitute_service_list);
-static int rend_max_intro_circs_per_period(unsigned int n_intro_points_wanted);
-
-/* Hidden service directory file names:
- * new file names should be added to rend_service_add_filenames_to_list()
- * for sandboxing purposes. */
-static const char *private_key_fname = "private_key";
-static const char *hostname_fname = "hostname";
-static const char *client_keys_fname = "client_keys";
-static const char *sos_poison_fname = "onion_service_non_anonymous";
-
-/** A list of rend_service_t's for services run on this OP. */
-static smartlist_t *rend_service_list = NULL;
-/** A list of rend_service_t's for services run on this OP which is used as a
- * staging area before they are put in the main list in order to prune dying
- * service on config reload. */
-static smartlist_t *rend_service_staging_list = NULL;
-
-/** Helper: log the deprecation warning for version 2 only once. */
-static void
-log_once_deprecation_warning(void)
-{
- static bool logged_once = false;
- if (!logged_once) {
- log_warn(LD_REND, "DEPRECATED: Onion service version 2 are deprecated. "
- "Please use version 3 which is the default now. "
- "Currently, version 2 is planned to be obsolete in "
- "the Tor version 0.4.6 stable series.");
- logged_once = true;
- }
-}
-/** Macro to make it very explicit that we are warning about deprecation. */
-#define WARN_ONCE_DEPRECATION() log_once_deprecation_warning()
-
-/* Like rend_get_service_list_mutable, but returns a read-only list. */
-static const smartlist_t*
-rend_get_service_list(const smartlist_t* substitute_service_list)
-{
- /* It is safe to cast away the const here, because
- * rend_get_service_list_mutable does not actually modify the list */
- return rend_get_service_list_mutable((smartlist_t*)substitute_service_list);
-}
-
-/* Return a mutable list of hidden services.
- * If substitute_service_list is not NULL, return it.
- * Otherwise, check if the global rend_service_list is non-NULL, and if so,
- * return it.
- * Otherwise, log a BUG message and return NULL.
- * */
-static smartlist_t*
-rend_get_service_list_mutable(smartlist_t* substitute_service_list)
-{
- if (substitute_service_list) {
- return substitute_service_list;
- }
-
- /* If no special service list is provided, then just use the global one. */
-
- if (BUG(!rend_service_list)) {
- /* No global HS list, which is a programmer error. */
- return NULL;
- }
-
- return rend_service_list;
-}
-
-/** Tells if onion service s is ephemeral.
- */
-static unsigned int
-rend_service_is_ephemeral(const struct rend_service_t *s)
-{
- return (s->directory == NULL);
-}
-
-/** Returns a escaped string representation of the service, s.
- */
-static const char *
-rend_service_escaped_dir(const struct rend_service_t *s)
-{
- return rend_service_is_ephemeral(s) ? "[EPHEMERAL]" : escaped(s->directory);
-}
-
-/** Return the number of rendezvous services we have configured. */
-int
-rend_num_services(void)
-{
- if (!rend_service_list)
- return 0;
- return smartlist_len(rend_service_list);
-}
-
-/** Helper: free storage held by a single service authorized client entry. */
-void
-rend_authorized_client_free_(rend_authorized_client_t *client)
-{
- if (!client)
- return;
- if (client->client_key)
- crypto_pk_free(client->client_key);
- if (client->client_name)
- memwipe(client->client_name, 0, strlen(client->client_name));
- tor_free(client->client_name);
- memwipe(client->descriptor_cookie, 0, sizeof(client->descriptor_cookie));
- tor_free(client);
-}
-
-/** Helper for strmap_free. */
-static void
-rend_authorized_client_free_void(void *authorized_client)
-{
- rend_authorized_client_free_(authorized_client);
-}
-
-/** Release the storage held by service.
- */
-STATIC void
-rend_service_free_(rend_service_t *service)
-{
- if (!service)
- return;
-
- tor_free(service->directory);
- if (service->ports) {
- SMARTLIST_FOREACH(service->ports, hs_port_config_t*, p,
- hs_port_config_free(p));
- smartlist_free(service->ports);
- }
- if (service->private_key)
- crypto_pk_free(service->private_key);
- if (service->intro_nodes) {
- SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro,
- rend_intro_point_free(intro););
- smartlist_free(service->intro_nodes);
- }
- if (service->expiring_nodes) {
- SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *, intro,
- rend_intro_point_free(intro););
- smartlist_free(service->expiring_nodes);
- }
-
- rend_service_descriptor_free(service->desc);
- if (service->clients) {
- SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, c,
- rend_authorized_client_free(c););
- smartlist_free(service->clients);
- }
- if (service->accepted_intro_dh_parts) {
- replaycache_free(service->accepted_intro_dh_parts);
- }
- tor_free(service);
-}
-
-/* Release all the storage held in rend_service_staging_list. */
-void
-rend_service_free_staging_list(void)
-{
- if (rend_service_staging_list) {
- SMARTLIST_FOREACH(rend_service_staging_list, rend_service_t*, ptr,
- rend_service_free(ptr));
- smartlist_free(rend_service_staging_list);
- rend_service_staging_list = NULL;
- }
-}
-
-/** Release all the storage held in both rend_service_list and
- * rend_service_staging_list. */
-void
-rend_service_free_all(void)
-{
- if (rend_service_list) {
- SMARTLIST_FOREACH(rend_service_list, rend_service_t*, ptr,
- rend_service_free(ptr));
- smartlist_free(rend_service_list);
- rend_service_list = NULL;
- }
- rend_service_free_staging_list();
-}
-
-/* Initialize the subsystem. */
-void
-rend_service_init(void)
-{
- tor_assert(!rend_service_list);
- tor_assert(!rend_service_staging_list);
-
- rend_service_list = smartlist_new();
- rend_service_staging_list = smartlist_new();
-}
-
-/* Validate a service. Use the service_list to make sure there
- * is no duplicate entry for the given service object. Return 0 if valid else
- * -1 if not.*/
-static int
-rend_validate_service(const smartlist_t *service_list,
- const rend_service_t *service)
-{
- tor_assert(service_list);
- tor_assert(service);
-
- if (service->max_streams_per_circuit < 0) {
- log_warn(LD_CONFIG, "Hidden service (%s) configured with negative max "
- "streams per circuit.",
- rend_service_escaped_dir(service));
- goto invalid;
- }
-
- if (service->max_streams_close_circuit < 0 ||
- service->max_streams_close_circuit > 1) {
- log_warn(LD_CONFIG, "Hidden service (%s) configured with invalid "
- "max streams handling.",
- rend_service_escaped_dir(service));
- goto invalid;
- }
-
- if (service->auth_type != REND_NO_AUTH &&
- (!service->clients || smartlist_len(service->clients) == 0)) {
- log_warn(LD_CONFIG, "Hidden service (%s) with client authorization but "
- "no clients.",
- rend_service_escaped_dir(service));
- goto invalid;
- }
-
- if (!service->ports || !smartlist_len(service->ports)) {
- log_warn(LD_CONFIG, "Hidden service (%s) with no ports configured.",
- rend_service_escaped_dir(service));
- goto invalid;
- }
-
- /* Valid. */
- return 0;
- invalid:
- return -1;
-}
-
-/** Add it to service_list, or to the global rend_service_list if
- * service_list is NULL. Return 0 on success. On failure, free
- * service and return -1. Takes ownership of service. */
-static int
-rend_add_service(smartlist_t *service_list, rend_service_t *service)
-{
- int i;
- hs_port_config_t *p;
-
- tor_assert(service);
-
- smartlist_t *s_list = rend_get_service_list_mutable(service_list);
- /* We must have a service list, even if it's a temporary one, so we can
- * check for duplicate services */
- if (BUG(!s_list)) {
- rend_service_free(service);
- return -1;
- }
-
- service->intro_nodes = smartlist_new();
- service->expiring_nodes = smartlist_new();
-
- log_debug(LD_REND,"Configuring service with directory %s",
- rend_service_escaped_dir(service));
- for (i = 0; i < smartlist_len(service->ports); ++i) {
- p = smartlist_get(service->ports, i);
- if (!(p->is_unix_addr)) {
- log_debug(LD_REND,
- "Service maps port %d to %s",
- p->virtual_port,
- fmt_addrport(&p->real_addr, p->real_port));
- } else {
-#ifdef HAVE_SYS_UN_H
- log_debug(LD_REND,
- "Service maps port %d to socket at \"%s\"",
- p->virtual_port, p->unix_addr);
-#else
- log_warn(LD_BUG,
- "Service maps port %d to an AF_UNIX socket, but we "
- "have no AF_UNIX support on this platform. This is "
- "probably a bug.",
- p->virtual_port);
- rend_service_free(service);
- return -1;
-#endif /* defined(HAVE_SYS_UN_H) */
- }
- }
- /* The service passed all the checks */
- tor_assert(s_list);
- smartlist_add(s_list, service);
-
- /* Notify that our global service list has changed only if this new service
- * went into our global list. If not, when we move service from the staging
- * list to the new list, a notify is triggered. */
- if (s_list == rend_service_list) {
- hs_service_map_has_changed();
- }
- return 0;
-}
-
-/* Copy relevant data from service src to dst while pruning the service lists.
- * This should only be called during the pruning process which takes existing
- * services and copy their data to the newly configured services. The src
- * service replaycache will be set to NULL after this call. */
-static void
-copy_service_on_prunning(rend_service_t *dst, rend_service_t *src)
-{
- tor_assert(dst);
- tor_assert(src);
-
- /* Keep the timestamps for when the content changed and the next upload
- * time so we can properly upload the descriptor if needed for the new
- * service object. */
- dst->desc_is_dirty = src->desc_is_dirty;
- dst->next_upload_time = src->next_upload_time;
- /* Move the replaycache to the new object. */
- dst->accepted_intro_dh_parts = src->accepted_intro_dh_parts;
- src->accepted_intro_dh_parts = NULL;
- /* Copy intro point information to destination service. */
- dst->intro_period_started = src->intro_period_started;
- dst->n_intro_circuits_launched = src->n_intro_circuits_launched;
- dst->n_intro_points_wanted = src->n_intro_points_wanted;
-}
-
-/* Helper: Actual implementation of the pruning on reload which we've
- * decoupled in order to make the unit test workeable without ugly hacks.
- * Furthermore, this function does NOT free any memory but will nullify the
- * temporary list pointer whatever happens. */
-STATIC void
-rend_service_prune_list_impl_(void)
-{
- origin_circuit_t *ocirc = NULL;
- smartlist_t *surviving_services, *old_service_list, *new_service_list;
-
- /* When pruning our current service list, we must have a staging list that
- * contains what we want to check else it's a code flow error. */
- tor_assert(rend_service_staging_list);
-
- /* We are about to prune the current list of its dead service so set the
- * semantic for that list to be the "old" one. */
- old_service_list = rend_service_list;
- /* The staging list is now the "new" list so set this semantic. */
- new_service_list = rend_service_staging_list;
- /* After this, whatever happens, we'll use our new list. */
- rend_service_list = new_service_list;
- /* Finally, nullify the staging list pointer as we don't need it anymore
- * and it needs to be NULL before the next reload. */
- rend_service_staging_list = NULL;
- /* Nothing to prune if we have no service list so stop right away. */
- if (!old_service_list) {
- return;
- }
-
- /* This contains all _existing_ services that survives the relaod that is
- * that haven't been removed from the configuration. The difference between
- * this list and the new service list is that the new list can possibly
- * contain newly configured service that have no introduction points opened
- * yet nor key material loaded or generated. */
- surviving_services = smartlist_new();
-
- /* Preserve the existing ephemeral services.
- *
- * This is the ephemeral service equivalent of the "Copy introduction
- * points to new services" block, except there's no copy required since
- * the service structure isn't regenerated.
- *
- * After this is done, all ephemeral services will be:
- * * Removed from old_service_list, so the equivalent non-ephemeral code
- * will not attempt to preserve them.
- * * Added to the new_service_list (that previously only had the
- * services listed in the configuration).
- * * Added to surviving_services, which is the list of services that
- * will NOT have their intro point closed.
- */
- SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) {
- if (rend_service_is_ephemeral(old)) {
- SMARTLIST_DEL_CURRENT(old_service_list, old);
- smartlist_add(surviving_services, old);
- smartlist_add(new_service_list, old);
- }
- } SMARTLIST_FOREACH_END(old);
-
- /* Copy introduction points to new services. This is O(n^2), but it's only
- * called on reconfigure, so it's ok performance wise. */
- SMARTLIST_FOREACH_BEGIN(new_service_list, rend_service_t *, new) {
- SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) {
- /* Skip ephemeral services as we only want to copy introduction points
- * from current services to newly configured one that already exists.
- * The same directory means it's the same service. */
- if (rend_service_is_ephemeral(new) || rend_service_is_ephemeral(old) ||
- strcmp(old->directory, new->directory)) {
- continue;
- }
- smartlist_add_all(new->intro_nodes, old->intro_nodes);
- smartlist_clear(old->intro_nodes);
- smartlist_add_all(new->expiring_nodes, old->expiring_nodes);
- smartlist_clear(old->expiring_nodes);
-
- /* Copy needed information from old to new. */
- copy_service_on_prunning(new, old);
-
- /* This regular service will survive the closing IPs step after. */
- smartlist_add(surviving_services, old);
- break;
- } SMARTLIST_FOREACH_END(old);
- } SMARTLIST_FOREACH_END(new);
-
- /* For every service introduction circuit we can find, see if we have a
- * matching surviving configured service. If not, close the circuit. */
- while ((ocirc = circuit_get_next_intro_circ(ocirc, false))) {
- int keep_it = 0;
- if (ocirc->rend_data == NULL) {
- /* This is a v3 circuit, ignore it. */
- continue;
- }
- SMARTLIST_FOREACH_BEGIN(surviving_services, const rend_service_t *, s) {
- if (rend_circuit_pk_digest_eq(ocirc, (uint8_t *) s->pk_digest)) {
- /* Keep this circuit as we have a matching configured service. */
- keep_it = 1;
- break;
- }
- } SMARTLIST_FOREACH_END(s);
- if (keep_it) {
- continue;
- }
- log_info(LD_REND, "Closing intro point %s for service %s.",
- safe_str_client(extend_info_describe(
- ocirc->build_state->chosen_exit)),
- safe_str_client(rend_data_get_address(ocirc->rend_data)));
- /* Reason is FINISHED because service has been removed and thus the
- * circuit is considered old/unneeded. */
- circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
- }
- smartlist_free(surviving_services);
- /* Notify that our global service list has changed. */
- hs_service_map_has_changed();
-}
-
-/* Try to prune our main service list using the temporary one that we just
- * loaded and parsed successfully. The pruning process decides which onion
- * services to keep and which to discard after a reload. */
-void
-rend_service_prune_list(void)
-{
- smartlist_t *old_service_list = rend_service_list;
-
- if (!rend_service_staging_list) {
- rend_service_staging_list = smartlist_new();
- }
-
- rend_service_prune_list_impl_();
- if (old_service_list) {
- /* Every remaining service in the old list have been removed from the
- * configuration so clean them up safely. */
- SMARTLIST_FOREACH(old_service_list, rend_service_t *, s,
- rend_service_free(s));
- smartlist_free(old_service_list);
- }
-}
-
-/* Copy all the relevant data that the hs_service object contains over to the
- * rend_service_t object. The reason to do so is because when configuring a
- * service, we go through a generic handler that creates an hs_service_t
- * object which so we have to copy the parsed values to a rend service object
- * which is version 2 specific. */
-static void
-service_config_shadow_copy(rend_service_t *service,
- hs_service_config_t *config)
-{
- tor_assert(service);
- tor_assert(config);
-
- service->directory = tor_strdup(config->directory_path);
- service->dir_group_readable = config->dir_group_readable;
- service->allow_unknown_ports = config->allow_unknown_ports;
- /* This value can't go above HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT (65535)
- * if the code flow is right so this cast is safe. But just in case, we'll
- * check it. */
- service->max_streams_per_circuit = (int) config->max_streams_per_rdv_circuit;
- if (BUG(config->max_streams_per_rdv_circuit >
- HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT)) {
- service->max_streams_per_circuit = HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT;
- }
- service->max_streams_close_circuit = config->max_streams_close_circuit;
- service->n_intro_points_wanted = config->num_intro_points;
- /* Switching ownership of the ports to the rend service object. */
- smartlist_add_all(service->ports, config->ports);
- smartlist_free(config->ports);
- config->ports = NULL;
-}
-
-/* Parse the hidden service configuration from hs_opts using the
- * already configured generic service configuration in config. This
- * function will translate the config object to a rend_service_t and add it to
- * the temporary list if valid. If validate_only is set, parse, warn
- * and return as normal but don't actually add the service to the list. */
-int
-rend_config_service(const hs_opts_t *hs_opts,
- const or_options_t *options,
- hs_service_config_t *config)
-{
- rend_service_t *service = NULL;
-
- tor_assert(options);
- tor_assert(hs_opts);
- tor_assert(config);
-
- /* We are about to configure a version 2 service. Warn of deprecation. */
- WARN_ONCE_DEPRECATION();
-
- /* Use the staging service list so that we can check then do the pruning
- * process using the main list at the end. */
- if (rend_service_staging_list == NULL) {
- rend_service_staging_list = smartlist_new();
- }
-
- /* Initialize service. */
- service = tor_malloc_zero(sizeof(rend_service_t));
- service->intro_period_started = time(NULL);
- service->ports = smartlist_new();
- /* From the hs_service object which has been used to load the generic
- * options, we'll copy over the useful data to the rend_service_t object. */
- service_config_shadow_copy(service, config);
-
- /* Number of introduction points. */
- if (hs_opts->HiddenServiceNumIntroductionPoints > NUM_INTRO_POINTS_MAX) {
- log_warn(LD_CONFIG, "HiddenServiceNumIntroductionPoints must be "
- "between 0 and %d, not %d.",
- NUM_INTRO_POINTS_MAX,
- hs_opts->HiddenServiceNumIntroductionPoints);
- goto err;
- }
- service->n_intro_points_wanted = hs_opts->HiddenServiceNumIntroductionPoints;
- log_info(LD_CONFIG, "HiddenServiceNumIntroductionPoints=%d for %s",
- service->n_intro_points_wanted, escaped(service->directory));
-
- /* Client authorization */
- if (hs_opts->HiddenServiceAuthorizeClient) {
- /* Parse auth type and comma-separated list of client names and add a
- * rend_authorized_client_t for each client to the service's list
- * of authorized clients. */
- smartlist_t *type_names_split, *clients;
- const char *authname;
- type_names_split = smartlist_new();
- smartlist_split_string(type_names_split,
- hs_opts->HiddenServiceAuthorizeClient, " ", 0, 2);
- if (smartlist_len(type_names_split) < 1) {
- log_warn(LD_BUG, "HiddenServiceAuthorizeClient has no value. This "
- "should have been prevented when parsing the "
- "configuration.");
- smartlist_free(type_names_split);
- goto err;
- }
- authname = smartlist_get(type_names_split, 0);
- if (!strcasecmp(authname, "basic")) {
- service->auth_type = REND_BASIC_AUTH;
- } else if (!strcasecmp(authname, "stealth")) {
- service->auth_type = REND_STEALTH_AUTH;
- } else {
- log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
- "unrecognized auth-type '%s'. Only 'basic' or 'stealth' "
- "are recognized.",
- (char *) smartlist_get(type_names_split, 0));
- SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
- smartlist_free(type_names_split);
- goto err;
- }
- service->clients = smartlist_new();
- if (smartlist_len(type_names_split) < 2) {
- log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
- "auth-type '%s', but no client names.",
- service->auth_type == REND_BASIC_AUTH ? "basic" : "stealth");
- SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
- smartlist_free(type_names_split);
- goto err;
- }
- clients = smartlist_new();
- smartlist_split_string(clients, smartlist_get(type_names_split, 1),
- ",", SPLIT_SKIP_SPACE, 0);
- SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
- smartlist_free(type_names_split);
- /* Remove duplicate client names. */
- {
- int num_clients = smartlist_len(clients);
- smartlist_sort_strings(clients);
- smartlist_uniq_strings(clients);
- if (smartlist_len(clients) < num_clients) {
- log_info(LD_CONFIG, "HiddenServiceAuthorizeClient contains %d "
- "duplicate client name(s); removing.",
- num_clients - smartlist_len(clients));
- }
- }
- SMARTLIST_FOREACH_BEGIN(clients, const char *, client_name) {
- rend_authorized_client_t *client;
- if (!rend_valid_client_name(client_name)) {
- log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains an "
- "illegal client name: '%s'. Names must be "
- "between 1 and %d characters and contain "
- "only [A-Za-z0-9+_-].",
- client_name, REND_CLIENTNAME_MAX_LEN);
- SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp));
- smartlist_free(clients);
- goto err;
- }
- client = tor_malloc_zero(sizeof(rend_authorized_client_t));
- client->client_name = tor_strdup(client_name);
- smartlist_add(service->clients, client);
- log_debug(LD_REND, "Adding client name '%s'", client_name);
- } SMARTLIST_FOREACH_END(client_name);
- SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp));
- smartlist_free(clients);
- /* Ensure maximum number of clients. */
- if ((service->auth_type == REND_BASIC_AUTH &&
- smartlist_len(service->clients) > 512) ||
- (service->auth_type == REND_STEALTH_AUTH &&
- smartlist_len(service->clients) > 16)) {
- log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains %d "
- "client authorization entries, but only a "
- "maximum of %d entries is allowed for "
- "authorization type '%s'.",
- smartlist_len(service->clients),
- service->auth_type == REND_BASIC_AUTH ? 512 : 16,
- service->auth_type == REND_BASIC_AUTH ? "basic" : "stealth");
- goto err;
- }
- }
-
- /* Validate the service just parsed. */
- if (rend_validate_service(rend_service_staging_list, service) < 0) {
- /* Service is in the staging list so don't try to free it. */
- goto err;
- }
-
- /* Add it to the temporary list which we will use to prune our current
- * list if any after configuring all services. */
- if (rend_add_service(rend_service_staging_list, service) < 0) {
- /* The object has been freed on error already. */
- service = NULL;
- goto err;
- }
-
- return 0;
- err:
- rend_service_free(service);
- return -1;
-}
-
-/** Add the ephemeral service pk/ports if possible, using
- * client authorization auth_type and an optional list of
- * rend_authorized_client_t in auth_clients, with
- * max_streams_per_circuit streams allowed per rendezvous circuit,
- * and circuit closure on max streams being exceeded set by
- * max_streams_close_circuit.
- *
- * Ownership of pk, ports, and auth_clients is passed to this routine.
- * Regardless of success/failure, callers should not touch these values
- * after calling this routine, and may assume that correct cleanup has
- * been done on failure.
- *
- * Return an appropriate hs_service_add_ephemeral_status_t.
- */
-hs_service_add_ephemeral_status_t
-rend_service_add_ephemeral(crypto_pk_t *pk,
- smartlist_t *ports,
- int max_streams_per_circuit,
- int max_streams_close_circuit,
- rend_auth_type_t auth_type,
- smartlist_t *auth_clients,
- char **service_id_out)
-{
- *service_id_out = NULL;
- /* Allocate the service structure, and initialize the key, and key derived
- * parameters.
- */
- rend_service_t *s = tor_malloc_zero(sizeof(rend_service_t));
- s->directory = NULL; /* This indicates the service is ephemeral. */
- s->private_key = pk;
- s->auth_type = auth_type;
- s->clients = auth_clients;
- s->ports = ports;
- s->intro_period_started = time(NULL);
- s->n_intro_points_wanted = NUM_INTRO_POINTS_DEFAULT;
- s->max_streams_per_circuit = max_streams_per_circuit;
- s->max_streams_close_circuit = max_streams_close_circuit;
- if (rend_service_derive_key_digests(s) < 0) {
- rend_service_free(s);
- return RSAE_BADPRIVKEY;
- }
-
- if (!s->ports || smartlist_len(s->ports) == 0) {
- log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified.");
- rend_service_free(s);
- return RSAE_BADVIRTPORT;
- }
- if (s->auth_type != REND_NO_AUTH &&
- (!s->clients || smartlist_len(s->clients) == 0)) {
- log_warn(LD_CONFIG, "At least one authorized client must be specified.");
- rend_service_free(s);
- return RSAE_BADAUTH;
- }
-
- /* Enforcing pk/id uniqueness should be done by rend_service_load_keys(), but
- * it's not, see #14828.
- */
- if (rend_service_get_by_pk_digest(s->pk_digest)) {
- log_warn(LD_CONFIG, "Onion Service private key collides with an "
- "existing service.");
- rend_service_free(s);
- return RSAE_ADDREXISTS;
- }
- if (rend_service_get_by_service_id(s->service_id)) {
- log_warn(LD_CONFIG, "Onion Service id collides with an existing service.");
- rend_service_free(s);
- return RSAE_ADDREXISTS;
- }
-
- /* Initialize the service. */
- if (rend_add_service(NULL, s)) {
- return RSAE_INTERNAL;
- }
- *service_id_out = tor_strdup(s->service_id);
-
- log_debug(LD_CONFIG, "Added ephemeral Onion Service: %s", s->service_id);
- return RSAE_OKAY;
-}
-
-/** Remove the ephemeral service service_id if possible. Returns 0 on
- * success, and -1 on failure.
- */
-int
-rend_service_del_ephemeral(const char *service_id)
-{
- rend_service_t *s;
- if (!rend_valid_v2_service_id(service_id)) {
- log_warn(LD_CONFIG, "Requested malformed Onion Service id for removal.");
- return -1;
- }
- if ((s = rend_service_get_by_service_id(service_id)) == NULL) {
- log_warn(LD_CONFIG, "Requested non-existent Onion Service id for "
- "removal.");
- return -1;
- }
- if (!rend_service_is_ephemeral(s)) {
- log_warn(LD_CONFIG, "Requested non-ephemeral Onion Service for removal.");
- return -1;
- }
-
- /* Kill the intro point circuit for the Onion Service, and remove it from
- * the list. Closing existing connections is the application's problem.
- *
- * XXX: As with the comment in rend_config_services(), a nice abstraction
- * would be ideal here, but for now just duplicate the code.
- */
- SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
- if (!circ->marked_for_close &&
- (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
- circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) {
- origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
- if (oc->rend_data == NULL ||
- !rend_circuit_pk_digest_eq(oc, (uint8_t *) s->pk_digest)) {
- continue;
- }
- log_debug(LD_REND, "Closing intro point %s for service %s.",
- safe_str_client(extend_info_describe(
- oc->build_state->chosen_exit)),
- rend_data_get_address(oc->rend_data));
- circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
- }
- } SMARTLIST_FOREACH_END(circ);
- smartlist_remove(rend_service_list, s);
- /* Notify that we just removed a service from our global list. */
- hs_service_map_has_changed();
- rend_service_free(s);
-
- log_debug(LD_CONFIG, "Removed ephemeral Onion Service: %s", service_id);
-
- return 0;
-}
-
-/* There can be 1 second's delay due to second_elapsed_callback, and perhaps
- * another few seconds due to blocking calls. */
-#define INTRO_CIRC_RETRY_PERIOD_SLOP 10
-
-/** Log information about the intro point creation rate and current intro
- * points for service, upgrading the log level from min_severity to warn if
- * we have stopped launching new intro point circuits. */
-static void
-rend_log_intro_limit(const rend_service_t *service, int min_severity)
-{
- int exceeded_limit = (service->n_intro_circuits_launched >=
- rend_max_intro_circs_per_period(
- service->n_intro_points_wanted));
- int severity = min_severity;
- /* We stopped creating circuits */
- if (exceeded_limit) {
- severity = LOG_WARN;
- }
- time_t intro_period_elapsed = time(NULL) - service->intro_period_started;
- tor_assert_nonfatal(intro_period_elapsed >= 0);
- {
- char *msg;
- static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD);
- if ((msg = rate_limit_log(&rlimit, approx_time()))) {
- log_fn(severity, LD_REND,
- "Hidden service %s %s %d intro points in the last %d seconds. "
- "Intro circuit launches are limited to %d per %d seconds.%s",
- service->service_id,
- exceeded_limit ? "exceeded launch limit with" : "launched",
- service->n_intro_circuits_launched,
- (int)intro_period_elapsed,
- rend_max_intro_circs_per_period(service->n_intro_points_wanted),
- INTRO_CIRC_RETRY_PERIOD, msg);
- rend_service_dump_stats(severity);
- tor_free(msg);
- }
- }
-}
-
-/** Replace the old value of service-\>desc with one that reflects
- * the other fields in service.
- */
-static void
-rend_service_update_descriptor(rend_service_t *service)
-{
- rend_service_descriptor_t *d;
- int i;
-
- rend_service_descriptor_free(service->desc);
- service->desc = NULL;
-
- d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- d->pk = crypto_pk_dup_key(service->private_key);
- d->timestamp = time(NULL);
- d->timestamp -= d->timestamp % 3600; /* Round down to nearest hour */
- d->intro_nodes = smartlist_new();
- /* Support intro protocols 2 and 3. */
- d->protocols = (1 << 2) + (1 << 3);
-
- for (i = 0; i < smartlist_len(service->intro_nodes); ++i) {
- rend_intro_point_t *intro_svc = smartlist_get(service->intro_nodes, i);
- rend_intro_point_t *intro_desc;
-
- /* This intro point won't be listed in the descriptor... */
- intro_svc->listed_in_last_desc = 0;
-
- /* circuit_established is set in rend_service_intro_established(), and
- * checked every second in rend_consider_services_intro_points(), so it's
- * safe to use it here */
- if (!intro_svc->circuit_established) {
- continue;
- }
-
- /* ...unless this intro point is listed in the descriptor. */
- intro_svc->listed_in_last_desc = 1;
-
- /* We have an entirely established intro circuit. Publish it in
- * our descriptor. */
- intro_desc = tor_malloc_zero(sizeof(rend_intro_point_t));
- intro_desc->extend_info = extend_info_dup(intro_svc->extend_info);
- if (intro_svc->intro_key)
- intro_desc->intro_key = crypto_pk_dup_key(intro_svc->intro_key);
- smartlist_add(d->intro_nodes, intro_desc);
-
- if (intro_svc->time_published == -1) {
- /* We are publishing this intro point in a descriptor for the
- * first time -- note the current time in the service's copy of
- * the intro point. */
- intro_svc->time_published = time(NULL);
- }
- }
-
- /* Check that we have the right number of intro points */
- unsigned int have_intro = (unsigned int)smartlist_len(d->intro_nodes);
- if (have_intro != service->n_intro_points_wanted) {
- int severity;
- /* Getting less than we wanted or more than we're allowed is serious */
- if (have_intro < service->n_intro_points_wanted ||
- have_intro > NUM_INTRO_POINTS_MAX) {
- severity = LOG_WARN;
- } else {
- /* Getting more than we wanted is weird, but less of a problem */
- severity = LOG_NOTICE;
- }
- log_fn(severity, LD_REND, "Hidden service %s wanted %d intro points, but "
- "descriptor was updated with %d instead.",
- service->service_id,
- service->n_intro_points_wanted, have_intro);
- /* Now log an informative message about how we might have got here. */
- rend_log_intro_limit(service, severity);
- }
-}
-
-/* Allocate and return a string containing the path to file_name in
- * service->directory. Asserts that service has a directory.
- * This function will never return NULL.
- * The caller must free this path. */
-static char *
-rend_service_path(const rend_service_t *service, const char *file_name)
-{
- tor_assert(service->directory);
- return hs_path_from_filename(service->directory, file_name);
-}
-
-/* Allocate and return a string containing the path to the single onion
- * service poison file in service->directory. Asserts that service has a
- * directory.
- * The caller must free this path. */
-STATIC char *
-rend_service_sos_poison_path(const rend_service_t *service)
-{
- return rend_service_path(service, sos_poison_fname);
-}
-
-/** Return True if hidden services service has been poisoned by single
- * onion mode. */
-static int
-service_is_single_onion_poisoned(const rend_service_t *service)
-{
- char *poison_fname = NULL;
- file_status_t fstatus;
-
- /* Passing a NULL service is a bug */
- if (BUG(!service)) {
- return 0;
- }
-
- if (rend_service_is_ephemeral(service)) {
- return 0;
- }
-
- poison_fname = rend_service_sos_poison_path(service);
-
- fstatus = file_status(poison_fname);
- tor_free(poison_fname);
-
- /* If this fname is occupied, the hidden service has been poisoned.
- * fstatus can be FN_ERROR if the service directory does not exist, in that
- * case, there is obviously no private key. */
- if (fstatus == FN_FILE || fstatus == FN_EMPTY) {
- return 1;
- }
-
- return 0;
-}
-
-/* Return 1 if the private key file for service exists and has a non-zero size,
- * and 0 otherwise. */
-static int
-rend_service_private_key_exists(const rend_service_t *service)
-{
- char *private_key_path = rend_service_path(service, private_key_fname);
- const file_status_t private_key_status = file_status(private_key_path);
- tor_free(private_key_path);
- /* Only non-empty regular private key files could have been used before.
- * fstatus can be FN_ERROR if the service directory does not exist, in that
- * case, there is obviously no private key. */
- return private_key_status == FN_FILE;
-}
-
-/** Check the single onion service poison state of the directory for s:
- * - If the service is poisoned, and we are in Single Onion Mode,
- * return 0,
- * - If the service is not poisoned, and we are not in Single Onion Mode,
- * return 0,
- * - Otherwise, the poison state is invalid: the service was created in one
- * mode, and is being used in the other, return -1.
- * Hidden service directories without keys are always considered consistent.
- * They will be poisoned after their directory is created (if needed). */
-STATIC int
-rend_service_verify_single_onion_poison(const rend_service_t* s,
- const or_options_t* options)
-{
- /* Passing a NULL service is a bug */
- if (BUG(!s)) {
- return -1;
- }
-
- /* Ephemeral services are checked at ADD_ONION time */
- if (BUG(rend_service_is_ephemeral(s))) {
- return -1;
- }
-
- /* Service is expected to have a directory */
- if (BUG(!s->directory)) {
- return -1;
- }
-
- /* Services without keys are always ok - their keys will only ever be used
- * in the current mode */
- if (!rend_service_private_key_exists(s)) {
- return 0;
- }
-
- /* The key has been used before in a different mode */
- if (service_is_single_onion_poisoned(s) !=
- rend_service_non_anonymous_mode_enabled(options)) {
- return -1;
- }
-
- /* The key exists and is consistent with the current mode */
- return 0;
-}
-
-/*** Helper for rend_service_poison_new_single_onion_dir(). Add a file to
- * the hidden service directory for s that marks it as a single onion service.
- * Tor must be in single onion mode before calling this function, and the
- * service directory must already have been created.
- * Returns 0 when a directory is successfully poisoned, or if it is already
- * poisoned. Returns -1 on a failure to read the directory or write the poison
- * file, or if there is an existing private key file in the directory. (The
- * service should have been poisoned when the key was created.) */
-static int
-poison_new_single_onion_hidden_service_dir_impl(const rend_service_t *service,
- const or_options_t* options)
-{
- /* Passing a NULL service is a bug */
- if (BUG(!service)) {
- return -1;
- }
-
- /* We must only poison directories if we're in Single Onion mode */
- tor_assert(rend_service_non_anonymous_mode_enabled(options));
-
- int fd;
- int retval = -1;
- char *poison_fname = NULL;
-
- if (rend_service_is_ephemeral(service)) {
- log_info(LD_REND, "Ephemeral HS started in non-anonymous mode.");
- return 0;
- }
-
- /* Make sure we're only poisoning new hidden service directories */
- if (rend_service_private_key_exists(service)) {
- log_warn(LD_BUG, "Tried to single onion poison a service directory after "
- "the private key was created.");
- return -1;
- }
-
- /* Make sure the directory was created before calling this function. */
- if (BUG(hs_check_service_private_dir(options->User, service->directory,
- service->dir_group_readable, 0) < 0))
- return -1;
-
- poison_fname = rend_service_sos_poison_path(service);
-
- switch (file_status(poison_fname)) {
- case FN_DIR:
- case FN_ERROR:
- log_warn(LD_FS, "Can't read single onion poison file \"%s\"",
- poison_fname);
- goto done;
- case FN_FILE: /* single onion poison file already exists. NOP. */
- case FN_EMPTY: /* single onion poison file already exists. NOP. */
- log_debug(LD_FS, "Tried to re-poison a single onion poisoned file \"%s\"",
- poison_fname);
- break;
- case FN_NOENT:
- fd = tor_open_cloexec(poison_fname, O_RDWR|O_CREAT|O_TRUNC, 0600);
- if (fd < 0) {
- log_warn(LD_FS, "Could not create single onion poison file %s",
- poison_fname);
- goto done;
- }
- close(fd);
- break;
- default:
- tor_assert(0);
- }
-
- retval = 0;
-
- done:
- tor_free(poison_fname);
-
- return retval;
-}
-
-/** We just got launched in Single Onion Mode. That's a non-anonymous mode for
- * hidden services. If s is new, we should mark its hidden service
- * directory appropriately so that it is never launched as a location-private
- * hidden service. (New directories don't have private key files.)
- * Return 0 on success, -1 on fail. */
-STATIC int
-rend_service_poison_new_single_onion_dir(const rend_service_t *s,
- const or_options_t* options)
-{
- /* Passing a NULL service is a bug */
- if (BUG(!s)) {
- return -1;
- }
-
- /* We must only poison directories if we're in Single Onion mode */
- tor_assert(rend_service_non_anonymous_mode_enabled(options));
-
- /* Ephemeral services aren't allowed in non-anonymous mode */
- if (BUG(rend_service_is_ephemeral(s))) {
- return -1;
- }
-
- /* Service is expected to have a directory */
- if (BUG(!s->directory)) {
- return -1;
- }
-
- if (!rend_service_private_key_exists(s)) {
- if (poison_new_single_onion_hidden_service_dir_impl(s, options)
- < 0) {
- return -1;
- }
- }
-
- return 0;
-}
-
-/* Return true iff the given service identity key is present on disk. This is
- * used to try to learn the service version during configuration time. */
-int
-rend_service_key_on_disk(const char *directory_path)
-{
- int ret = 0;
- char *fname;
- crypto_pk_t *pk = NULL;
-
- tor_assert(directory_path);
-
- /* Load key */
- fname = hs_path_from_filename(directory_path, private_key_fname);
- pk = init_key_from_file(fname, 0, LOG_DEBUG, NULL);
- if (pk) {
- ret = 1;
- }
-
- crypto_pk_free(pk);
- tor_free(fname);
- return ret;
-}
-
-/** Load and/or generate private keys for all hidden services, possibly
- * including keys for client authorization.
- * If a service_list is provided, treat it as the list of hidden
- * services (used in unittests). Otherwise, require that rend_service_list is
- * not NULL.
- * Return 0 on success, -1 on failure. */
-int
-rend_service_load_all_keys(const smartlist_t *service_list)
-{
- /* Use service_list for unit tests */
- const smartlist_t *s_list = rend_get_service_list(service_list);
- if (BUG(!s_list)) {
- return -1;
- }
-
- SMARTLIST_FOREACH_BEGIN(s_list, rend_service_t *, s) {
- if (s->private_key)
- continue;
- log_info(LD_REND, "Loading hidden-service keys from %s",
- rend_service_escaped_dir(s));
-
- if (rend_service_load_keys(s) < 0)
- return -1;
- } SMARTLIST_FOREACH_END(s);
-
- return 0;
-}
-
-/** Add to lst every filename used by s. */
-static void
-rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
-{
- tor_assert(lst);
- tor_assert(s);
- tor_assert(s->directory);
- smartlist_add(lst, rend_service_path(s, private_key_fname));
- smartlist_add(lst, rend_service_path(s, hostname_fname));
- smartlist_add(lst, rend_service_path(s, client_keys_fname));
- smartlist_add(lst, rend_service_sos_poison_path(s));
-}
-
-/** Add to open_lst every filename used by a configured hidden service,
- * and to stat_lst every directory used by a configured hidden
- * service */
-void
-rend_services_add_filenames_to_lists(smartlist_t *open_lst,
- smartlist_t *stat_lst)
-{
- if (!rend_service_list)
- return;
- SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
- if (!rend_service_is_ephemeral(s)) {
- rend_service_add_filenames_to_list(open_lst, s);
- smartlist_add_strdup(stat_lst, s->directory);
- }
- } SMARTLIST_FOREACH_END(s);
-}
-
-/** Derive all rend_service_t internal material based on the service's key.
- * Returns 0 on success, -1 on failure.
- */
-static int
-rend_service_derive_key_digests(struct rend_service_t *s)
-{
- if (rend_get_service_id(s->private_key, s->service_id)<0) {
- log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
- return -1;
- }
- if (crypto_pk_get_digest(s->private_key, s->pk_digest)<0) {
- log_warn(LD_BUG, "Couldn't compute hash of public key.");
- return -1;
- }
-
- return 0;
-}
-
-/** Make sure that the directory for s is private, using the config in
- * options.
- * If create is true:
- * - if the directory exists, change permissions if needed,
- * - if the directory does not exist, create it with the correct permissions.
- * If create is false:
- * - if the directory exists, check permissions,
- * - if the directory does not exist, check if we think we can create it.
- * Return 0 on success, -1 on failure. */
-static int
-rend_service_check_private_dir(const or_options_t *options,
- const rend_service_t *s,
- int create)
-{
- /* Passing a NULL service is a bug */
- if (BUG(!s)) {
- return -1;
- }
-
- /* Check/create directory */
- if (hs_check_service_private_dir(options->User, s->directory,
- s->dir_group_readable, create) < 0) {
- return -1;
- }
-
- /* Check if the hidden service key exists, and was created in a different
- * single onion service mode, and refuse to launch if it has.
- * This is safe to call even when create is false, as it ignores missing
- * keys and directories: they are always valid.
- */
- if (rend_service_verify_single_onion_poison(s, options) < 0) {
- /* We can't use s->service_id here, as the key may not have been loaded */
- log_warn(LD_GENERAL, "We are configured with "
- "HiddenServiceNonAnonymousMode %d, but the hidden "
- "service key in directory %s was created in %s mode. "
- "This is not allowed.",
- rend_service_non_anonymous_mode_enabled(options) ? 1 : 0,
- rend_service_escaped_dir(s),
- rend_service_non_anonymous_mode_enabled(options) ?
- "an anonymous" : "a non-anonymous"
- );
- return -1;
- }
-
- /* Poison new single onion directories immediately after they are created,
- * so that we never accidentally launch non-anonymous hidden services
- * thinking they are anonymous. Any keys created later will end up with the
- * correct poisoning state.
- */
- if (create && rend_service_non_anonymous_mode_enabled(options)) {
- static int logged_warning = 0;
-
- if (rend_service_poison_new_single_onion_dir(s, options) < 0) {
- log_warn(LD_GENERAL,"Failed to mark new hidden services as non-anonymous"
- ".");
- return -1;
- }
-
- if (!logged_warning) {
- /* The keys for these services are linked to the server IP address */
- log_notice(LD_REND, "The configured onion service directories have been "
- "used in single onion mode. They can not be used for "
- "anonymous hidden services.");
- logged_warning = 1;
- }
- }
-
- return 0;
-}
-
-/** Load and/or generate private keys for the hidden service s,
- * possibly including keys for client authorization. Return 0 on success, -1
- * on failure. */
-static int
-rend_service_load_keys(rend_service_t *s)
-{
- char *fname = NULL;
- char buf[128];
-
- /* Create the directory if needed which will also poison it in case of
- * single onion service. */
- if (rend_service_check_private_dir(get_options(), s, 1) < 0)
- goto err;
-
- /* Load key */
- fname = rend_service_path(s, private_key_fname);
- s->private_key = init_key_from_file(fname, 1, LOG_ERR, NULL);
-
- if (!s->private_key)
- goto err;
-
- if (rend_service_derive_key_digests(s) < 0)
- goto err;
-
- tor_free(fname);
- /* Create service file */
- fname = rend_service_path(s, hostname_fname);
-
- tor_snprintf(buf, sizeof(buf),"%s.onion\n", s->service_id);
- if (write_str_to_file_if_not_equal(fname, buf)) {
- log_warn(LD_CONFIG, "Could not write onion address to hostname file.");
- goto err;
- }
-#ifndef _WIN32
- if (s->dir_group_readable) {
- /* Also verify hostname file created with group read. */
- if (chmod(fname, 0640))
- log_warn(LD_FS,"Unable to make hidden hostname file %s group-readable.",
- fname);
- }
-#endif /* !defined(_WIN32) */
-
- /* If client authorization is configured, load or generate keys. */
- if (s->auth_type != REND_NO_AUTH) {
- if (rend_service_load_auth_keys(s, fname) < 0) {
- goto err;
- }
- }
-
- int r = 0;
- goto done;
- err:
- r = -1;
- done:
- memwipe(buf, 0, sizeof(buf));
- tor_free(fname);
- return r;
-}
-
-/** Load and/or generate client authorization keys for the hidden service
- * s, which stores its hostname in hfname. Return 0 on success,
- * -1 on failure. */
-static int
-rend_service_load_auth_keys(rend_service_t *s, const char *hfname)
-{
- int r = 0;
- char *cfname = NULL;
- char *client_keys_str = NULL;
- strmap_t *parsed_clients = strmap_new();
- FILE *cfile, *hfile;
- open_file_t *open_cfile = NULL, *open_hfile = NULL;
- char desc_cook_out[3*REND_DESC_COOKIE_LEN_BASE64+1];
- char service_id[16+1];
- char buf[1500];
-
- /* Load client keys and descriptor cookies, if available. */
- cfname = rend_service_path(s, client_keys_fname);
- client_keys_str = read_file_to_str(cfname, RFTS_IGNORE_MISSING, NULL);
- if (client_keys_str) {
- if (rend_parse_client_keys(parsed_clients, client_keys_str) < 0) {
- log_warn(LD_CONFIG, "Previously stored client_keys file could not "
- "be parsed.");
- goto err;
- } else {
- log_info(LD_CONFIG, "Parsed %d previously stored client entries.",
- strmap_size(parsed_clients));
- }
- }
-
- /* Prepare client_keys and hostname files. */
- if (!(cfile = start_writing_to_stdio_file(cfname,
- OPEN_FLAGS_REPLACE | O_TEXT,
- 0600, &open_cfile))) {
- log_warn(LD_CONFIG, "Could not open client_keys file %s",
- escaped(cfname));
- goto err;
- }
-
- if (!(hfile = start_writing_to_stdio_file(hfname,
- OPEN_FLAGS_REPLACE | O_TEXT,
- 0600, &open_hfile))) {
- log_warn(LD_CONFIG, "Could not open hostname file %s", escaped(hfname));
- goto err;
- }
-
- /* Either use loaded keys for configured clients or generate new
- * ones if a client is new. */
- SMARTLIST_FOREACH_BEGIN(s->clients, rend_authorized_client_t *, client) {
- rend_authorized_client_t *parsed =
- strmap_get(parsed_clients, client->client_name);
- int written;
- size_t len;
- /* Copy descriptor cookie from parsed entry or create new one. */
- if (parsed) {
- memcpy(client->descriptor_cookie, parsed->descriptor_cookie,
- REND_DESC_COOKIE_LEN);
- } else {
- crypto_rand((char *) client->descriptor_cookie, REND_DESC_COOKIE_LEN);
- }
- /* For compatibility with older tor clients, this does not
- * truncate the padding characters, unlike rend_auth_encode_cookie. */
- if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
- (char *) client->descriptor_cookie,
- REND_DESC_COOKIE_LEN, 0) < 0) {
- log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
- goto err;
- }
- /* Copy client key from parsed entry or create new one if required. */
- if (parsed && parsed->client_key) {
- client->client_key = crypto_pk_dup_key(parsed->client_key);
- } else if (s->auth_type == REND_STEALTH_AUTH) {
- /* Create private key for client. */
- crypto_pk_t *prkey = NULL;
- if (!(prkey = crypto_pk_new())) {
- log_warn(LD_BUG,"Error constructing client key");
- goto err;
- }
- if (crypto_pk_generate_key(prkey)) {
- log_warn(LD_BUG,"Error generating client key");
- crypto_pk_free(prkey);
- goto err;
- }
- if (! crypto_pk_is_valid_private_key(prkey)) {
- log_warn(LD_BUG,"Generated client key seems invalid");
- crypto_pk_free(prkey);
- goto err;
- }
- client->client_key = prkey;
- }
- /* Add entry to client_keys file. */
- written = tor_snprintf(buf, sizeof(buf),
- "client-name %s\ndescriptor-cookie %s\n",
- client->client_name, desc_cook_out);
- if (written < 0) {
- log_warn(LD_BUG, "Could not write client entry.");
- goto err;
- }
- if (client->client_key) {
- char *client_key_out = NULL;
- if (crypto_pk_write_private_key_to_string(client->client_key,
- &client_key_out, &len) != 0) {
- log_warn(LD_BUG, "Internal error: "
- "crypto_pk_write_private_key_to_string() failed.");
- goto err;
- }
- if (rend_get_service_id(client->client_key, service_id)<0) {
- log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
- /*
- * len is string length, not buffer length, but last byte is NUL
- * anyway.
- */
- memwipe(client_key_out, 0, len);
- tor_free(client_key_out);
- goto err;
- }
- written = tor_snprintf(buf + written, sizeof(buf) - written,
- "client-key\n%s", client_key_out);
- memwipe(client_key_out, 0, len);
- tor_free(client_key_out);
- if (written < 0) {
- log_warn(LD_BUG, "Could not write client entry.");
- goto err;
- }
- } else {
- strlcpy(service_id, s->service_id, sizeof(service_id));
- }
-
- if (fputs(buf, cfile) < 0) {
- log_warn(LD_FS, "Could not append client entry to file: %s",
- strerror(errno));
- goto err;
- }
-
- /* Add line to hostname file. This is not the same encoding as in
- * client_keys. */
- char *encoded_cookie = rend_auth_encode_cookie(client->descriptor_cookie,
- s->auth_type);
- if (!encoded_cookie) {
- log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
- goto err;
- }
- tor_snprintf(buf, sizeof(buf), "%s.onion %s # client: %s\n",
- service_id, encoded_cookie, client->client_name);
- memwipe(encoded_cookie, 0, strlen(encoded_cookie));
- tor_free(encoded_cookie);
-
- if (fputs(buf, hfile)<0) {
- log_warn(LD_FS, "Could not append host entry to file: %s",
- strerror(errno));
- goto err;
- }
- } SMARTLIST_FOREACH_END(client);
-
- finish_writing_to_file(open_cfile);
- finish_writing_to_file(open_hfile);
-
- goto done;
- err:
- r = -1;
- if (open_cfile)
- abort_writing_to_file(open_cfile);
- if (open_hfile)
- abort_writing_to_file(open_hfile);
- done:
- if (client_keys_str) {
- memwipe(client_keys_str, 0, strlen(client_keys_str));
- tor_free(client_keys_str);
- }
- strmap_free(parsed_clients, rend_authorized_client_free_void);
-
- if (cfname) {
- memwipe(cfname, 0, strlen(cfname));
- tor_free(cfname);
- }
-
- /* Clear stack buffers that held key-derived material. */
- memwipe(buf, 0, sizeof(buf));
- memwipe(desc_cook_out, 0, sizeof(desc_cook_out));
- memwipe(service_id, 0, sizeof(service_id));
-
- return r;
-}
-
-/** Return the service whose public key has a digest of digest, or
- * NULL if no such service exists.
- */
-static rend_service_t *
-rend_service_get_by_pk_digest(const char* digest)
-{
- SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s,
- if (tor_memeq(s->pk_digest,digest,DIGEST_LEN))
- return s);
- return NULL;
-}
-
-/** Return the service whose service id is id, or NULL if no such
- * service exists.
- */
-static struct rend_service_t *
-rend_service_get_by_service_id(const char *id)
-{
- tor_assert(strlen(id) == REND_SERVICE_ID_LEN_BASE32);
- SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s, {
- if (tor_memeq(s->service_id, id, REND_SERVICE_ID_LEN_BASE32))
- return s;
- });
- return NULL;
-}
-
-/** Check client authorization of a given descriptor_cookie of
- * length cookie_len for service. Return 1 for success
- * and 0 for failure. */
-static int
-rend_check_authorization(rend_service_t *service,
- const char *descriptor_cookie,
- size_t cookie_len)
-{
- rend_authorized_client_t *auth_client = NULL;
- tor_assert(service);
- tor_assert(descriptor_cookie);
- if (!service->clients) {
- log_warn(LD_BUG, "Can't check authorization for a service that has no "
- "authorized clients configured.");
- return 0;
- }
-
- if (cookie_len != REND_DESC_COOKIE_LEN) {
- log_info(LD_REND, "Descriptor cookie is %lu bytes, but we expected "
- "%lu bytes. Dropping cell.",
- (unsigned long)cookie_len, (unsigned long)REND_DESC_COOKIE_LEN);
- return 0;
- }
-
- /* Look up client authorization by descriptor cookie. */
- SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, client, {
- if (tor_memeq(client->descriptor_cookie, descriptor_cookie,
- REND_DESC_COOKIE_LEN)) {
- auth_client = client;
- break;
- }
- });
- if (!auth_client) {
- char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
- base64_encode(descriptor_cookie_base64, sizeof(descriptor_cookie_base64),
- descriptor_cookie, REND_DESC_COOKIE_LEN, 0);
- log_info(LD_REND, "No authorization found for descriptor cookie '%s'! "
- "Dropping cell!",
- descriptor_cookie_base64);
- return 0;
- }
-
- /* Allow the request. */
- log_info(LD_REND, "Client %s authorized for service %s.",
- auth_client->client_name, service->service_id);
- return 1;
-}
-
-/* Can this service make a direct connection to ei?
- * It must be a single onion service, and the firewall rules must allow ei. */
-static int
-rend_service_use_direct_connection(const or_options_t* options,
- const extend_info_t* ei)
-{
- /* We'll connect directly all reachable addresses, whether preferred or not.
- * The prefer_ipv6 argument to reachable_addr_allows_addr is
- * ignored, because pref_only is 0. */
- const tor_addr_port_t *ap = extend_info_get_orport(ei, AF_INET);
- if (!ap)
- return 0;
- return (rend_service_allow_non_anonymous_connection(options) &&
- reachable_addr_allows_addr(&ap->addr, ap->port,
- FIREWALL_OR_CONNECTION, 0, 0));
-}
-
-/* Like rend_service_use_direct_connection, but to a node. */
-static int
-rend_service_use_direct_connection_node(const or_options_t* options,
- const node_t* node)
-{
- /* We'll connect directly all reachable addresses, whether preferred or not.
- */
- return (rend_service_allow_non_anonymous_connection(options) &&
- reachable_addr_allows_node(node, FIREWALL_OR_CONNECTION, 0));
-}
-
-/******
- * Handle cells
- ******/
-
-/** Respond to an INTRODUCE2 cell by launching a circuit to the chosen
- * rendezvous point.
- */
-int
-rend_service_receive_introduction(origin_circuit_t *circuit,
- const uint8_t *request,
- size_t request_len)
-{
- /* Global status stuff */
- int status = 0, result;
- const or_options_t *options = get_options();
- char *err_msg = NULL;
- int err_msg_severity = LOG_WARN;
- const char *stage_descr = NULL, *rend_pk_digest;
- int reason = END_CIRC_REASON_TORPROTOCOL;
- /* Service/circuit/key stuff we can learn before parsing */
- char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
- rend_service_t *service = NULL;
- rend_intro_point_t *intro_point = NULL;
- crypto_pk_t *intro_key = NULL;
- /* Parsed cell */
- rend_intro_cell_t *parsed_req = NULL;
- /* Rendezvous point */
- extend_info_t *rp = NULL;
- /* XXX not handled yet */
- char buf[RELAY_PAYLOAD_SIZE];
- char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
- int i;
- crypto_dh_t *dh = NULL;
- origin_circuit_t *launched = NULL;
- crypt_path_t *cpath = NULL;
- char hexcookie[9];
- int circ_needs_uptime;
- time_t now = time(NULL);
- time_t elapsed;
- int replay;
- ssize_t keylen;
-
- /* Do some initial validation and logging before we parse the cell */
- if (circuit->base_.purpose != CIRCUIT_PURPOSE_S_INTRO) {
- log_warn(LD_PROTOCOL,
- "Got an INTRODUCE2 over a non-introduction circuit %u.",
- (unsigned) circuit->base_.n_circ_id);
- goto err;
- }
-
- assert_circ_anonymity_ok(circuit, options);
- tor_assert(circuit->rend_data);
- /* XXX: This is version 2 specific (only one supported). */
- rend_pk_digest = (char *) rend_data_get_pk_digest(circuit->rend_data, NULL);
-
- /* We'll use this in a bazillion log messages */
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
- rend_pk_digest, REND_SERVICE_ID_LEN);
-
- /* look up service depending on circuit. */
- service = rend_service_get_by_pk_digest(rend_pk_digest);
- if (!service) {
- log_warn(LD_BUG,
- "Internal error: Got an INTRODUCE2 cell on an intro "
- "circ for an unrecognized service %s.",
- escaped(serviceid));
- goto err;
- }
-
- intro_point = find_intro_point(circuit);
- if (intro_point == NULL) {
- intro_point = find_expiring_intro_point(service, circuit);
- if (intro_point == NULL) {
- log_warn(LD_BUG,
- "Internal error: Got an INTRODUCE2 cell on an "
- "intro circ (for service %s) with no corresponding "
- "rend_intro_point_t.",
- escaped(serviceid));
- goto err;
- }
- }
-
- log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %u.",
- escaped(serviceid), (unsigned)circuit->base_.n_circ_id);
-
- /* use intro key instead of service key. */
- intro_key = circuit->intro_key;
-
- tor_free(err_msg);
- stage_descr = NULL;
-
- stage_descr = "early parsing";
- /* Early parsing pass (get pk, ciphertext); type 2 is INTRODUCE2 */
- parsed_req =
- rend_service_begin_parse_intro(request, request_len, 2, &err_msg);
- if (!parsed_req) {
- goto log_error;
- } else if (err_msg) {
- log_info(LD_REND, "%s on circ %u.", err_msg,
- (unsigned)circuit->base_.n_circ_id);
- tor_free(err_msg);
- }
-
- /* make sure service replay caches are present */
- if (!service->accepted_intro_dh_parts) {
- service->accepted_intro_dh_parts =
- replaycache_new(REND_REPLAY_TIME_INTERVAL,
- REND_REPLAY_TIME_INTERVAL);
- }
-
- if (!intro_point->accepted_intro_rsa_parts) {
- intro_point->accepted_intro_rsa_parts = replaycache_new(0, 0);
- }
-
- /* check for replay of PK-encrypted portion. */
- keylen = crypto_pk_keysize(intro_key);
- replay = replaycache_add_test_and_elapsed(
- intro_point->accepted_intro_rsa_parts,
- parsed_req->ciphertext, MIN(parsed_req->ciphertext_len, keylen),
- &elapsed);
-
- if (replay) {
- log_warn(LD_REND,
- "Possible replay detected! We received an "
- "INTRODUCE2 cell with same PK-encrypted part %d "
- "seconds ago. Dropping cell.",
- (int)elapsed);
- goto err;
- }
-
- stage_descr = "decryption";
- /* Now try to decrypt it */
- result = rend_service_decrypt_intro(parsed_req, intro_key, &err_msg);
- if (result < 0) {
- goto log_error;
- } else if (err_msg) {
- log_info(LD_REND, "%s on circ %u.", err_msg,
- (unsigned)circuit->base_.n_circ_id);
- tor_free(err_msg);
- }
-
- stage_descr = "late parsing";
- /* Parse the plaintext */
- result = rend_service_parse_intro_plaintext(parsed_req, &err_msg);
- if (result < 0) {
- goto log_error;
- } else if (err_msg) {
- log_info(LD_REND, "%s on circ %u.", err_msg,
- (unsigned)circuit->base_.n_circ_id);
- tor_free(err_msg);
- }
-
- stage_descr = "late validation";
- /* Validate the parsed plaintext parts */
- result = rend_service_validate_intro_late(parsed_req, &err_msg);
- if (result < 0) {
- goto log_error;
- } else if (err_msg) {
- log_info(LD_REND, "%s on circ %u.", err_msg,
- (unsigned)circuit->base_.n_circ_id);
- tor_free(err_msg);
- }
- stage_descr = NULL;
-
- /* Increment INTRODUCE2 counter */
- ++(intro_point->accepted_introduce2_count);
-
- /* Find the rendezvous point */
- rp = find_rp_for_intro(parsed_req, &err_msg);
- if (!rp) {
- err_msg_severity = LOG_PROTOCOL_WARN;
- goto log_error;
- }
-
- /* Check if we'd refuse to talk to this router */
- if (options->StrictNodes &&
- routerset_contains_extendinfo(options->ExcludeNodes, rp)) {
- log_warn(LD_REND, "Client asked to rendezvous at a relay that we "
- "exclude, and StrictNodes is set. Refusing service.");
- reason = END_CIRC_REASON_INTERNAL; /* XXX might leak why we refused */
- goto err;
- }
-
- base16_encode(hexcookie, 9, (const char *)(parsed_req->rc), 4);
-
- /* Check whether there is a past request with the same Diffie-Hellman,
- * part 1. */
- replay = replaycache_add_test_and_elapsed(
- service->accepted_intro_dh_parts,
- parsed_req->dh, DH1024_KEY_LEN,
- &elapsed);
-
- if (replay) {
- /* A Tor client will send a new INTRODUCE1 cell with the same rend
- * cookie and DH public key as its previous one if its intro circ
- * times out while in state CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT .
- * If we received the first INTRODUCE1 cell (the intro-point relay
- * converts it into an INTRODUCE2 cell), we are already trying to
- * connect to that rend point (and may have already succeeded);
- * drop this cell. */
- log_info(LD_REND, "We received an "
- "INTRODUCE2 cell with same first part of "
- "Diffie-Hellman handshake %d seconds ago. Dropping "
- "cell.",
- (int) elapsed);
- goto err;
- }
-
- /* If the service performs client authorization, check included auth data. */
- if (service->clients) {
- if (parsed_req->version == 3 && parsed_req->u.v3.auth_len > 0) {
- if (rend_check_authorization(service,
- (const char*)parsed_req->u.v3.auth_data,
- parsed_req->u.v3.auth_len)) {
- log_info(LD_REND, "Authorization data in INTRODUCE2 cell are valid.");
- } else {
- log_info(LD_REND, "The authorization data that are contained in "
- "the INTRODUCE2 cell are invalid. Dropping cell.");
- reason = END_CIRC_REASON_CONNECTFAILED;
- goto err;
- }
- } else {
- log_info(LD_REND, "INTRODUCE2 cell does not contain authentication "
- "data, but we require client authorization. Dropping cell.");
- reason = END_CIRC_REASON_CONNECTFAILED;
- goto err;
- }
- }
-
- /* Try DH handshake... */
- dh = crypto_dh_new(DH_TYPE_REND);
- if (!dh || crypto_dh_generate_public(dh)<0) {
- log_warn(LD_BUG,"Internal error: couldn't build DH state "
- "or generate public key.");
- reason = END_CIRC_REASON_INTERNAL;
- goto err;
- }
- if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh,
- (char *)(parsed_req->dh),
- DH1024_KEY_LEN, keys,
- DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
- log_warn(LD_BUG, "Internal error: couldn't complete DH handshake");
- reason = END_CIRC_REASON_INTERNAL;
- goto err;
- }
-
- circ_needs_uptime = hs_service_requires_uptime_circ(service->ports);
-
- /* help predict this next time */
- rep_hist_note_used_internal(now, circ_needs_uptime, 1);
-
- /* Launch a circuit to the client's chosen rendezvous point.
- */
- int max_rend_failures=hs_get_service_max_rend_failures();
- for (i=0;ibuild_state);
- /* Fill in the circuit's state. */
-
- launched->rend_data =
- rend_data_service_create(service->service_id, rend_pk_digest,
- parsed_req->rc, service->auth_type);
-
- launched->build_state->service_pending_final_cpath_ref =
- tor_malloc_zero(sizeof(crypt_path_reference_t));
- launched->build_state->service_pending_final_cpath_ref->refcount = 1;
-
- launched->build_state->service_pending_final_cpath_ref->cpath = cpath =
- tor_malloc_zero(sizeof(crypt_path_t));
- cpath->magic = CRYPT_PATH_MAGIC;
- launched->build_state->expiry_time = now + MAX_REND_TIMEOUT;
-
- cpath->rend_dh_handshake_state = dh;
- dh = NULL;
- if (cpath_init_circuit_crypto(cpath,
- keys+DIGEST_LEN, sizeof(keys)-DIGEST_LEN,
- 1, 0)<0)
- goto err;
- memcpy(cpath->rend_circ_nonce, keys, DIGEST_LEN);
-
- goto done;
-
- log_error:
- if (!err_msg) {
- if (stage_descr) {
- tor_asprintf(&err_msg,
- "unknown %s error for INTRODUCE2", stage_descr);
- } else {
- err_msg = tor_strdup("unknown error for INTRODUCE2");
- }
- }
-
- log_fn(err_msg_severity, LD_REND, "%s on circ %u", err_msg,
- (unsigned)circuit->base_.n_circ_id);
- err:
- status = -1;
- if (dh) crypto_dh_free(dh);
- if (launched) {
- circuit_mark_for_close(TO_CIRCUIT(launched), reason);
- }
- tor_free(err_msg);
-
- done:
- memwipe(keys, 0, sizeof(keys));
- memwipe(buf, 0, sizeof(buf));
- memwipe(serviceid, 0, sizeof(serviceid));
- memwipe(hexcookie, 0, sizeof(hexcookie));
-
- /* Free the parsed cell */
- rend_service_free_intro(parsed_req);
-
- /* Free rp */
- extend_info_free(rp);
-
- return status;
-}
-
-/** Given a parsed and decrypted INTRODUCE2, find the rendezvous point or
- * return NULL and an error string if we can't. Return a newly allocated
- * extend_info_t* for the rendezvous point. */
-static extend_info_t *
-find_rp_for_intro(const rend_intro_cell_t *intro,
- char **err_msg_out)
-{
- extend_info_t *rp = NULL;
- char *err_msg = NULL;
- const char *rp_nickname = NULL;
- const node_t *node = NULL;
-
- if (!intro) {
- if (err_msg_out)
- err_msg = tor_strdup("Bad parameters to find_rp_for_intro()");
-
- goto err;
- }
-
- if (intro->version == 0 || intro->version == 1) {
- rp_nickname = (const char *)(intro->u.v0_v1.rp);
-
- node = node_get_by_nickname(rp_nickname, NNF_NO_WARN_UNNAMED);
- if (!node) {
- if (err_msg_out) {
- tor_asprintf(&err_msg,
- "Couldn't find router %s named in INTRODUCE2 cell",
- escaped_safe_str_client(rp_nickname));
- }
-
- goto err;
- }
-
- /* Are we in single onion mode? */
- const int allow_direct = rend_service_allow_non_anonymous_connection(
- get_options());
- rp = extend_info_from_node(node, allow_direct);
- if (!rp) {
- if (err_msg_out) {
- tor_asprintf(&err_msg,
- "Couldn't build extend_info_t for router %s named "
- "in INTRODUCE2 cell",
- escaped_safe_str_client(rp_nickname));
- }
-
- goto err;
- }
- } else if (intro->version == 2) {
- rp = extend_info_dup(intro->u.v2.extend_info);
- } else if (intro->version == 3) {
- rp = extend_info_dup(intro->u.v3.extend_info);
- } else {
- if (err_msg_out) {
- tor_asprintf(&err_msg,
- "Unknown version %d in INTRODUCE2 cell",
- (int)(intro->version));
- }
-
- goto err;
- }
-
- /* rp is always set here: extend_info_dup guarantees a non-NULL result, and
- * the other cases goto err. */
- tor_assert(rp);
-
- /* Make sure the RP we are being asked to connect to is _not_ a private
- * address unless it's allowed. Let's avoid to build a circuit to our
- * second middle node and fail right after when extending to the RP. */
- const tor_addr_port_t *orport = extend_info_get_orport(rp, AF_INET);
- if (! orport || !extend_info_addr_is_allowed(&orport->addr)) {
- if (err_msg_out) {
- tor_asprintf(&err_msg,
- "Relay IP in INTRODUCE2 cell is private address.");
- }
- extend_info_free(rp);
- rp = NULL;
- goto err;
- }
- goto done;
-
- err:
- if (err_msg_out)
- *err_msg_out = err_msg;
- else
- tor_free(err_msg);
-
- done:
- return rp;
-}
-
-/** Free a parsed INTRODUCE1 or INTRODUCE2 cell that was allocated by
- * rend_service_parse_intro().
- */
-void
-rend_service_free_intro_(rend_intro_cell_t *request)
-{
- if (!request) {
- return;
- }
-
- /* Free ciphertext */
- tor_free(request->ciphertext);
- request->ciphertext_len = 0;
-
- /* Have plaintext? */
- if (request->plaintext) {
- /* Zero it out just to be safe */
- memwipe(request->plaintext, 0, request->plaintext_len);
- tor_free(request->plaintext);
- request->plaintext_len = 0;
- }
-
- /* Have parsed plaintext? */
- if (request->parsed) {
- switch (request->version) {
- case 0:
- case 1:
- /*
- * Nothing more to do; these formats have no further pointers
- * in them.
- */
- break;
- case 2:
- extend_info_free(request->u.v2.extend_info);
- request->u.v2.extend_info = NULL;
- break;
- case 3:
- if (request->u.v3.auth_data) {
- memwipe(request->u.v3.auth_data, 0, request->u.v3.auth_len);
- tor_free(request->u.v3.auth_data);
- }
-
- extend_info_free(request->u.v3.extend_info);
- request->u.v3.extend_info = NULL;
- break;
- default:
- log_info(LD_BUG,
- "rend_service_free_intro() saw unknown protocol "
- "version %d.",
- request->version);
- }
- }
-
- /* Zero it out to make sure sensitive stuff doesn't hang around in memory */
- memwipe(request, 0, sizeof(*request));
-
- tor_free(request);
-}
-
-/** Parse an INTRODUCE1 or INTRODUCE2 cell into a newly allocated
- * rend_intro_cell_t structure. Free it with rend_service_free_intro()
- * when finished. The type parameter should be 1 or 2 to indicate whether
- * this is INTRODUCE1 or INTRODUCE2. This parses only the non-encrypted
- * parts; after this, call rend_service_decrypt_intro() with a key, then
- * rend_service_parse_intro_plaintext() to finish parsing. The optional
- * err_msg_out parameter is set to a string suitable for log output
- * if parsing fails. This function does some validation, but only
- * that which depends solely on the contents of the cell and the
- * key; it can be unit-tested. Further validation is done in
- * rend_service_validate_intro().
- */
-
-rend_intro_cell_t *
-rend_service_begin_parse_intro(const uint8_t *request,
- size_t request_len,
- uint8_t type,
- char **err_msg_out)
-{
- rend_intro_cell_t *rv = NULL;
- char *err_msg = NULL;
-
- if (!request || request_len <= 0) goto err;
- if (!(type == 1 || type == 2)) goto err;
-
- /* First, check that the cell is long enough to be a sensible INTRODUCE */
-
- /* min key length plus digest length plus nickname length */
- if (request_len <
- (DIGEST_LEN + REND_COOKIE_LEN + (MAX_NICKNAME_LEN + 1) +
- DH1024_KEY_LEN + 42)) {
- if (err_msg_out) {
- tor_asprintf(&err_msg,
- "got a truncated INTRODUCE%d cell",
- (int)type);
- }
- goto err;
- }
-
- /* Allocate a new parsed cell structure */
- rv = tor_malloc_zero(sizeof(*rv));
-
- /* Set the type */
- rv->type = type;
-
- /* Copy in the ID */
- memcpy(rv->pk, request, DIGEST_LEN);
-
- /* Copy in the ciphertext */
- rv->ciphertext = tor_malloc(request_len - DIGEST_LEN);
- memcpy(rv->ciphertext, request + DIGEST_LEN, request_len - DIGEST_LEN);
- rv->ciphertext_len = request_len - DIGEST_LEN;
-
- goto done;
-
- err:
- rend_service_free_intro(rv);
- rv = NULL;
-
- if (err_msg_out && !err_msg) {
- tor_asprintf(&err_msg,
- "unknown INTRODUCE%d error",
- (int)type);
- }
-
- done:
- if (err_msg_out) *err_msg_out = err_msg;
- else tor_free(err_msg);
-
- return rv;
-}
-
-/** Parse the version-specific parts of a v0 or v1 INTRODUCE1 or INTRODUCE2
- * cell
- */
-
-static ssize_t
-rend_service_parse_intro_for_v0_or_v1(
- rend_intro_cell_t *intro,
- const uint8_t *buf,
- size_t plaintext_len,
- char **err_msg_out)
-{
- const char *rp_nickname, *endptr;
- size_t nickname_field_len, ver_specific_len;
-
- if (intro->version == 1) {
- ver_specific_len = MAX_HEX_NICKNAME_LEN + 2;
- rp_nickname = ((const char *)buf) + 1;
- nickname_field_len = MAX_HEX_NICKNAME_LEN + 1;
- } else if (intro->version == 0) {
- ver_specific_len = MAX_NICKNAME_LEN + 1;
- rp_nickname = (const char *)buf;
- nickname_field_len = MAX_NICKNAME_LEN + 1;
- } else {
- if (err_msg_out)
- tor_asprintf(err_msg_out,
- "rend_service_parse_intro_for_v0_or_v1() called with "
- "bad version %d on INTRODUCE%d cell (this is a bug)",
- intro->version,
- (int)(intro->type));
- goto err;
- }
-
- if (plaintext_len < ver_specific_len) {
- if (err_msg_out)
- tor_asprintf(err_msg_out,
- "short plaintext of encrypted part in v1 INTRODUCE%d "
- "cell (%lu bytes, needed %lu)",
- (int)(intro->type),
- (unsigned long)plaintext_len,
- (unsigned long)ver_specific_len);
- goto err;
- }
-
- endptr = memchr(rp_nickname, 0, nickname_field_len);
- if (!endptr || endptr == rp_nickname) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "couldn't find a nul-padded nickname in "
- "INTRODUCE%d cell",
- (int)(intro->type));
- }
- goto err;
- }
-
- if ((intro->version == 0 &&
- !is_legal_nickname(rp_nickname)) ||
- (intro->version == 1 &&
- !is_legal_nickname_or_hexdigest(rp_nickname))) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "bad nickname in INTRODUCE%d cell",
- (int)(intro->type));
- }
- goto err;
- }
-
- memcpy(intro->u.v0_v1.rp, rp_nickname, endptr - rp_nickname + 1);
-
- return ver_specific_len;
-
- err:
- return -1;
-}
-
-/** Parse the version-specific parts of a v2 INTRODUCE1 or INTRODUCE2 cell
- */
-
-static ssize_t
-rend_service_parse_intro_for_v2(
- rend_intro_cell_t *intro,
- const uint8_t *buf,
- size_t plaintext_len,
- char **err_msg_out)
-{
- unsigned int klen;
- extend_info_t *extend_info = NULL;
- ssize_t ver_specific_len;
-
- /*
- * We accept version 3 too so that the v3 parser can call this with
- * an adjusted buffer for the latter part of a v3 cell, which is
- * identical to a v2 cell.
- */
- if (!(intro->version == 2 ||
- intro->version == 3)) {
- if (err_msg_out)
- tor_asprintf(err_msg_out,
- "rend_service_parse_intro_for_v2() called with "
- "bad version %d on INTRODUCE%d cell (this is a bug)",
- intro->version,
- (int)(intro->type));
- goto err;
- }
-
- /* 7 == version, IP and port, DIGEST_LEN == id, 2 == key length */
- if (plaintext_len < 7 + DIGEST_LEN + 2) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "truncated plaintext of encrypted parted of "
- "version %d INTRODUCE%d cell",
- intro->version,
- (int)(intro->type));
- }
-
- goto err;
- }
-
- extend_info = extend_info_new(NULL, NULL, NULL, NULL, NULL, NULL, 0);
- tor_addr_t addr;
- tor_addr_from_ipv4n(&addr, get_uint32(buf + 1));
- uint16_t port = ntohs(get_uint16(buf + 5));
- extend_info_add_orport(extend_info, &addr, port);
- memcpy(extend_info->identity_digest, buf + 7, DIGEST_LEN);
- extend_info->nickname[0] = '$';
- base16_encode(extend_info->nickname + 1, sizeof(extend_info->nickname) - 1,
- extend_info->identity_digest, DIGEST_LEN);
- klen = ntohs(get_uint16(buf + 7 + DIGEST_LEN));
-
- /* 7 == version, IP and port, DIGEST_LEN == id, 2 == key length */
- if (plaintext_len < 7 + DIGEST_LEN + 2 + klen) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "truncated plaintext of encrypted parted of "
- "version %d INTRODUCE%d cell",
- intro->version,
- (int)(intro->type));
- }
-
- goto err;
- }
-
- extend_info->onion_key =
- crypto_pk_asn1_decode((const char *)(buf + 7 + DIGEST_LEN + 2), klen);
- if (!extend_info->onion_key) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "error decoding onion key in version %d "
- "INTRODUCE%d cell",
- intro->version,
- (intro->type));
- }
-
- goto err;
- }
- if (128 != crypto_pk_keysize(extend_info->onion_key)) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "invalid onion key size in version %d INTRODUCE%d cell",
- intro->version,
- (intro->type));
- }
-
- goto err;
- }
-
- ver_specific_len = 7+DIGEST_LEN+2+klen;
-
- if (intro->version == 2) intro->u.v2.extend_info = extend_info;
- else intro->u.v3.extend_info = extend_info;
-
- return ver_specific_len;
-
- err:
- extend_info_free(extend_info);
-
- return -1;
-}
-
-/** Parse the version-specific parts of a v3 INTRODUCE1 or INTRODUCE2 cell
- */
-
-static ssize_t
-rend_service_parse_intro_for_v3(
- rend_intro_cell_t *intro,
- const uint8_t *buf,
- size_t plaintext_len,
- char **err_msg_out)
-{
- ssize_t adjust, v2_ver_specific_len, ts_offset;
-
- /* This should only be called on v3 cells */
- if (intro->version != 3) {
- if (err_msg_out)
- tor_asprintf(err_msg_out,
- "rend_service_parse_intro_for_v3() called with "
- "bad version %d on INTRODUCE%d cell (this is a bug)",
- intro->version,
- (int)(intro->type));
- goto err;
- }
-
- /*
- * Check that we have at least enough to get auth_len:
- *
- * 1 octet for version, 1 for auth_type, 2 for auth_len
- */
- if (plaintext_len < 4) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "truncated plaintext of encrypted parted of "
- "version %d INTRODUCE%d cell",
- intro->version,
- (int)(intro->type));
- }
-
- goto err;
- }
-
- /*
- * The rend_client_send_introduction() function over in rendclient.c is
- * broken (i.e., fails to match the spec) in such a way that we can't
- * change it without breaking the protocol. Specifically, it doesn't
- * emit auth_len when auth-type is REND_NO_AUTH, so everything is off
- * by two bytes after that. Calculate ts_offset and do everything from
- * the timestamp on relative to that to handle this dain bramage.
- */
-
- intro->u.v3.auth_type = buf[1];
- if (intro->u.v3.auth_type != REND_NO_AUTH) {
- intro->u.v3.auth_len = ntohs(get_uint16(buf + 2));
- ts_offset = 4 + intro->u.v3.auth_len;
- } else {
- intro->u.v3.auth_len = 0;
- ts_offset = 2;
- }
-
- /* Check that auth len makes sense for this auth type */
- if (intro->u.v3.auth_type == REND_BASIC_AUTH ||
- intro->u.v3.auth_type == REND_STEALTH_AUTH) {
- if (intro->u.v3.auth_len != REND_DESC_COOKIE_LEN) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "wrong auth data size %d for INTRODUCE%d cell, "
- "should be %d",
- (int)(intro->u.v3.auth_len),
- (int)(intro->type),
- REND_DESC_COOKIE_LEN);
- }
-
- goto err;
- }
- }
-
- /* Check that we actually have everything up through the timestamp */
- if (plaintext_len < (size_t)(ts_offset)+4) {
- if (err_msg_out) {
- tor_asprintf(err_msg_out,
- "truncated plaintext of encrypted parted of "
- "version %d INTRODUCE%d cell",
- intro->version,
- (int)(intro->type));
- }
-
- goto err;
- }
-
- if (intro->u.v3.auth_type != REND_NO_AUTH &&
- intro->u.v3.auth_len > 0) {
- /* Okay, we can go ahead and copy auth_data */
- intro->u.v3.auth_data = tor_malloc(intro->u.v3.auth_len);
- /*
- * We know we had an auth_len field in this case, so 4 is
- * always right.
- */
- memcpy(intro->u.v3.auth_data, buf + 4, intro->u.v3.auth_len);
- }
-
- /*
- * From here on, the format is as in v2, so we call the v2 parser with
- * adjusted buffer and length. We are 4 + ts_offset octets in, but the
- * v2 parser expects to skip over a version byte at the start, so we
- * adjust by 3 + ts_offset.
- */
- adjust = 3 + ts_offset;
-
- v2_ver_specific_len =
- rend_service_parse_intro_for_v2(intro,
- buf + adjust, plaintext_len - adjust,
- err_msg_out);
-
- /* Success in v2 parser */
- if (v2_ver_specific_len >= 0) return v2_ver_specific_len + adjust;
- /* Failure in v2 parser; it will have provided an err_msg */
- else return v2_ver_specific_len;
-
- err:
- return -1;
-}
-
-/** Table of parser functions for version-specific parts of an INTRODUCE2
- * cell.
- */
-
-static ssize_t
- (*intro_version_handlers[])(
- rend_intro_cell_t *,
- const uint8_t *,
- size_t,
- char **) =
-{ rend_service_parse_intro_for_v0_or_v1,
- rend_service_parse_intro_for_v0_or_v1,
- rend_service_parse_intro_for_v2,
- rend_service_parse_intro_for_v3 };
-
-/** Decrypt the encrypted part of an INTRODUCE1 or INTRODUCE2 cell,
- * return 0 if successful, or < 0 and write an error message to
- * *err_msg_out if provided.
- */
-
-int
-rend_service_decrypt_intro(
- rend_intro_cell_t *intro,
- crypto_pk_t *key,
- char **err_msg_out)
-{
- char *err_msg = NULL;
- uint8_t key_digest[DIGEST_LEN];
- char service_id[REND_SERVICE_ID_LEN_BASE32+1];
- ssize_t key_len;
- uint8_t buf[RELAY_PAYLOAD_SIZE];
- int result, status = -1;
-
- if (!intro || !key) {
- if (err_msg_out) {
- err_msg =
- tor_strdup("rend_service_decrypt_intro() called with bad "
- "parameters");
- }
-
- status = -2;
- goto err;
- }
-
- /* Make sure we have ciphertext */
- if (!(intro->ciphertext) || intro->ciphertext_len <= 0) {
- if (err_msg_out) {
- tor_asprintf(&err_msg,
- "rend_intro_cell_t was missing ciphertext for "
- "INTRODUCE%d cell",
- (int)(intro->type));
- }
- status = -3;
- goto err;
- }
-
- /* Check that this cell actually matches this service key */
-
- /* first DIGEST_LEN bytes of request is intro or service pk digest */
- if (crypto_pk_get_digest(key, (char *)key_digest) < 0) {
- if (err_msg_out)
- *err_msg_out = tor_strdup("Couldn't compute RSA digest.");
- log_warn(LD_BUG, "Couldn't compute key digest.");
- status = -7;
- goto err;
- }
-
- if (tor_memneq(key_digest, intro->pk, DIGEST_LEN)) {
- if (err_msg_out) {
- base32_encode(service_id, REND_SERVICE_ID_LEN_BASE32 + 1,
- (char*)(intro->pk), REND_SERVICE_ID_LEN);
- tor_asprintf(&err_msg,
- "got an INTRODUCE%d cell for the wrong service (%s)",
- (int)(intro->type),
- escaped(service_id));
- }
-
- status = -4;
- goto err;
- }
-
- /* Make sure the encrypted part is long enough to decrypt */
-
- key_len = crypto_pk_keysize(key);
- if (intro->ciphertext_len < key_len) {
- if (err_msg_out) {
- tor_asprintf(&err_msg,
- "got an INTRODUCE%d cell with a truncated PK-encrypted "
- "part",
- (int)(intro->type));
- }
-
- status = -5;
- goto err;
- }
-
- /* Decrypt the encrypted part */
- result =
- crypto_pk_obsolete_private_hybrid_decrypt(
- key, (char *)buf, sizeof(buf),
- (const char *)(intro->ciphertext), intro->ciphertext_len,
- PK_PKCS1_OAEP_PADDING, 1);
- if (result < 0) {
- if (err_msg_out) {
- tor_asprintf(&err_msg,
- "couldn't decrypt INTRODUCE%d cell",
- (int)(intro->type));
- }
- status = -6;
- goto err;
- }
- intro->plaintext_len = result;
- intro->plaintext = tor_malloc(intro->plaintext_len);
- memcpy(intro->plaintext, buf, intro->plaintext_len);
-
- status = 0;
-
- goto done;
-
- err:
- if (err_msg_out && !err_msg) {
- tor_asprintf(&err_msg,
- "unknown INTRODUCE%d error decrypting encrypted part",
- intro ? (int)(intro->type) : -1);
- }
-
- done:
- if (err_msg_out) *err_msg_out = err_msg;
- else tor_free(err_msg);
-
- /* clean up potentially sensitive material */
- memwipe(buf, 0, sizeof(buf));
- memwipe(key_digest, 0, sizeof(key_digest));
- memwipe(service_id, 0, sizeof(service_id));
-
- return status;
-}
-
-/** Parse the plaintext of the encrypted part of an INTRODUCE1 or
- * INTRODUCE2 cell, return 0 if successful, or < 0 and write an error
- * message to *err_msg_out if provided.
- */
-
-int
-rend_service_parse_intro_plaintext(
- rend_intro_cell_t *intro,
- char **err_msg_out)
-{
- char *err_msg = NULL;
- ssize_t ver_specific_len, ver_invariant_len;
- uint8_t version;
- int status = -1;
-
- if (!intro) {
- if (err_msg_out) {
- err_msg =
- tor_strdup("rend_service_parse_intro_plaintext() called with NULL "
- "rend_intro_cell_t");
- }
-
- status = -2;
- goto err;
- }
-
- /* Check that we have plaintext */
- if (!(intro->plaintext) || intro->plaintext_len <= 0) {
- if (err_msg_out) {
- err_msg = tor_strdup("rend_intro_cell_t was missing plaintext");
- }
- status = -3;
- goto err;
- }
-
- /* In all formats except v0, the first byte is a version number */
- version = intro->plaintext[0];
-
- /* v0 has no version byte (stupid...), so handle it as a fallback */
- if (version > 3) version = 0;
-
- /* Copy the version into the parsed cell structure */
- intro->version = version;
-
- /* Call the version-specific parser from the table */
- ver_specific_len =
- intro_version_handlers[version](intro,
- intro->plaintext, intro->plaintext_len,
- &err_msg);
- if (ver_specific_len < 0) {
- status = -4;
- goto err;
- }
-
- /** The rendezvous cookie and Diffie-Hellman stuff are version-invariant
- * and at the end of the plaintext of the encrypted part of the cell.
- */
-
- ver_invariant_len = intro->plaintext_len - ver_specific_len;
- if (ver_invariant_len < REND_COOKIE_LEN + DH1024_KEY_LEN) {
- tor_asprintf(&err_msg,
- "decrypted plaintext of INTRODUCE%d cell was truncated (%ld bytes)",
- (int)(intro->type),
- (long)(intro->plaintext_len));
- status = -5;
- goto err;
- } else if (ver_invariant_len > REND_COOKIE_LEN + DH1024_KEY_LEN) {
- tor_asprintf(&err_msg,
- "decrypted plaintext of INTRODUCE%d cell was too long (%ld bytes)",
- (int)(intro->type),
- (long)(intro->plaintext_len));
- status = -6;
- goto err;
- } else {
- memcpy(intro->rc,
- intro->plaintext + ver_specific_len,
- REND_COOKIE_LEN);
- memcpy(intro->dh,
- intro->plaintext + ver_specific_len + REND_COOKIE_LEN,
- DH1024_KEY_LEN);
- }
-
- /* Flag it as being fully parsed */
- intro->parsed = 1;
-
- status = 0;
- goto done;
-
- err:
- if (err_msg_out && !err_msg) {
- tor_asprintf(&err_msg,
- "unknown INTRODUCE%d error parsing encrypted part",
- intro ? (int)(intro->type) : -1);
- }
-
- done:
- if (err_msg_out) *err_msg_out = err_msg;
- else tor_free(err_msg);
-
- return status;
-}
-
-/** Do validity checks on a parsed intro cell after decryption; some of
- * these are not done in rend_service_parse_intro_plaintext() itself because
- * they depend on a lot of other state and would make it hard to unit test.
- * Returns >= 0 if successful or < 0 if the intro cell is invalid, and
- * optionally writes out an error message for logging. If an err_msg
- * pointer is provided, it is the caller's responsibility to free any
- * provided message.
- */
-
-int
-rend_service_validate_intro_late(const rend_intro_cell_t *intro,
- char **err_msg_out)
-{
- int status = 0;
-
- if (!intro) {
- if (err_msg_out)
- *err_msg_out =
- tor_strdup("NULL intro cell passed to "
- "rend_service_validate_intro_late()");
-
- status = -1;
- goto err;
- }
-
- if (intro->version == 3 && intro->parsed) {
- if (!(intro->u.v3.auth_type == REND_NO_AUTH ||
- intro->u.v3.auth_type == REND_BASIC_AUTH ||
- intro->u.v3.auth_type == REND_STEALTH_AUTH)) {
- /* This is an informative message, not an error, as in the old code */
- if (err_msg_out)
- tor_asprintf(err_msg_out,
- "unknown authorization type %d",
- intro->u.v3.auth_type);
- }
- }
-
- err:
- return status;
-}
-
-/** Called when we fail building a rendezvous circuit at some point other
- * than the last hop: launches a new circuit to the same rendezvous point.
- */
-void
-rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc)
-{
- origin_circuit_t *newcirc;
- cpath_build_state_t *newstate, *oldstate;
- const char *rend_pk_digest;
- rend_service_t *service = NULL;
-
- int flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL;
-
- tor_assert(oldcirc->base_.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
- oldstate = oldcirc->build_state;
- tor_assert(oldstate);
-
- if (oldstate->service_pending_final_cpath_ref == NULL) {
- log_info(LD_REND,"Skipping relaunch of circ that failed on its first hop. "
- "Initiator will retry.");
- return;
- }
-
- log_info(LD_REND,"Reattempting rendezvous circuit to '%s'",
- safe_str(extend_info_describe(oldstate->chosen_exit)));
-
- /* Look up the service. */
- rend_pk_digest = (char *) rend_data_get_pk_digest(oldcirc->rend_data, NULL);
- service = rend_service_get_by_pk_digest(rend_pk_digest);
-
- if (!service) {
- char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
- rend_pk_digest, REND_SERVICE_ID_LEN);
-
- log_warn(LD_BUG, "Internal error: Trying to relaunch a rendezvous circ "
- "for an unrecognized service %s.",
- safe_str_client(serviceid));
- return;
- }
-
- if (hs_service_requires_uptime_circ(service->ports)) {
- flags |= CIRCLAUNCH_NEED_UPTIME;
- }
-
- /* You'd think Single Onion Services would want to retry the rendezvous
- * using a direct connection. But if it's blocked by a firewall, or the
- * service is IPv6-only, or the rend point avoiding becoming a one-hop
- * proxy, we need a 3-hop connection. */
- newcirc = circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_CONNECT_REND,
- oldstate->chosen_exit, flags);
-
- if (!newcirc) {
- log_warn(LD_REND,"Couldn't relaunch rendezvous circuit to '%s'.",
- safe_str(extend_info_describe(oldstate->chosen_exit)));
- return;
- }
- newstate = newcirc->build_state;
- tor_assert(newstate);
- newstate->failure_count = oldstate->failure_count+1;
- newstate->expiry_time = oldstate->expiry_time;
- newstate->service_pending_final_cpath_ref =
- oldstate->service_pending_final_cpath_ref;
- ++(newstate->service_pending_final_cpath_ref->refcount);
-
- newcirc->rend_data = rend_data_dup(oldcirc->rend_data);
-}
-
-/** Launch a circuit to serve as an introduction point for the service
- * service at the introduction point nickname
- */
-static int
-rend_service_launch_establish_intro(rend_service_t *service,
- rend_intro_point_t *intro)
-{
- origin_circuit_t *launched;
- int flags = CIRCLAUNCH_NEED_UPTIME|CIRCLAUNCH_IS_INTERNAL;
- const or_options_t *options = get_options();
- extend_info_t *launch_ei = intro->extend_info;
- extend_info_t *direct_ei = NULL;
-
- /* Are we in single onion mode?
- *
- * We only use a one-hop path on the first attempt. If the first attempt
- * fails, we use a 3-hop path for reachability / reliability.
- * (Unlike v3, retries is incremented by the caller after it calls this
- * function.)
- */
- if (rend_service_allow_non_anonymous_connection(options) &&
- intro->circuit_retries == 0) {
- /* Do we have a descriptor for the node?
- * We've either just chosen it from the consensus, or we've just reviewed
- * our intro points to see which ones are still valid, and deleted the ones
- * that aren't in the consensus any more. */
- const node_t *node = node_get_by_id(launch_ei->identity_digest);
- if (BUG(!node)) {
- /* The service has kept an intro point after it went missing from the
- * consensus. If we did anything else here, it would be a consensus
- * distinguisher. Which are less of an issue for single onion services,
- * but still a bug. */
- return -1;
- }
- /* Can we connect to the node directly? If so, replace launch_ei
- * (a multi-hop extend_info) with one suitable for direct connection. */
- if (rend_service_use_direct_connection_node(options, node)) {
- direct_ei = extend_info_from_node(node, 1);
- if (BUG(!direct_ei)) {
- /* rend_service_use_direct_connection_node and extend_info_from_node
- * disagree about which addresses on this node are permitted. This
- * should never happen. Avoiding the connection is a safe response. */
- return -1;
- }
- flags = flags | CIRCLAUNCH_ONEHOP_TUNNEL;
- launch_ei = direct_ei;
- }
- }
- /* launch_ei is either intro->extend_info, or has been replaced with a valid
- * extend_info for single onion service direct connection. */
- tor_assert(launch_ei);
- /* We must have the same intro when making a direct connection. */
- tor_assert(tor_memeq(intro->extend_info->identity_digest,
- launch_ei->identity_digest,
- DIGEST_LEN));
-
- log_info(LD_REND,
- "Launching circuit to introduction point %s%s%s for service %s",
- safe_str_client(extend_info_describe(intro->extend_info)),
- direct_ei ? " via direct address " : "",
- direct_ei ? safe_str_client(extend_info_describe(direct_ei)) : "",
- service->service_id);
-
- rep_hist_note_used_internal(time(NULL), 1, 0);
-
- ++service->n_intro_circuits_launched;
- launched = circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_ESTABLISH_INTRO,
- launch_ei, flags);
-
- if (!launched) {
- log_info(LD_REND,
- "Can't launch circuit to establish introduction at %s%s%s.",
- safe_str_client(extend_info_describe(intro->extend_info)),
- direct_ei ? " via direct address " : "",
- direct_ei ? safe_str_client(extend_info_describe(direct_ei)) : ""
- );
- extend_info_free(direct_ei);
- return -1;
- }
- /* We must have the same exit node even if cannibalized or direct connection.
- */
- tor_assert(tor_memeq(intro->extend_info->identity_digest,
- launched->build_state->chosen_exit->identity_digest,
- DIGEST_LEN));
-
- launched->rend_data = rend_data_service_create(service->service_id,
- service->pk_digest, NULL,
- service->auth_type);
- launched->intro_key = crypto_pk_dup_key(intro->intro_key);
- if (launched->base_.state == CIRCUIT_STATE_OPEN)
- rend_service_intro_has_opened(launched);
- extend_info_free(direct_ei);
- return 0;
-}
-
-/** Return the number of introduction points that are established for the
- * given service. */
-static unsigned int
-count_established_intro_points(const rend_service_t *service)
-{
- unsigned int num = 0;
-
- SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro,
- num += intro->circuit_established
- );
- return num;
-}
-
-/** Return the number of introduction points that are or are being
- * established for the given service. This function iterates over all
- * circuit and count those that are linked to the service and are waiting
- * for the intro point to respond. */
-static unsigned int
-count_intro_point_circuits(const rend_service_t *service)
-{
- unsigned int num_ipos = 0;
- SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
- if (!circ->marked_for_close &&
- circ->state == CIRCUIT_STATE_OPEN &&
- (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
- circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) {
- origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
- if (oc->rend_data &&
- rend_circuit_pk_digest_eq(oc, (uint8_t *) service->pk_digest)) {
- num_ipos++;
- }
- }
- }
- SMARTLIST_FOREACH_END(circ);
- return num_ipos;
-}
-
-/* Given a buffer of at least RELAY_PAYLOAD_SIZE bytes in cell_body_out,
- write the body of a legacy ESTABLISH_INTRO cell in it. Use intro_key
- as the intro point auth key, and rend_circ_nonce as the circuit
- crypto material. On success, fill cell_body_out and return the number
- of bytes written. On fail, return -1.
- */
-ssize_t
-rend_service_encode_establish_intro_cell(char *cell_body_out,
- size_t cell_body_out_len,
- crypto_pk_t *intro_key,
- const char *rend_circ_nonce)
-{
- int retval = -1;
- int r;
- int len = 0;
- char auth[DIGEST_LEN + 9];
-
- tor_assert(intro_key);
- tor_assert(rend_circ_nonce);
-
- /* Build the payload for a RELAY_ESTABLISH_INTRO cell. */
- r = crypto_pk_asn1_encode(intro_key, cell_body_out+2,
- RELAY_PAYLOAD_SIZE-2);
- if (r < 0) {
- log_warn(LD_BUG, "Internal error; failed to establish intro point.");
- goto err;
- }
- len = r;
- set_uint16(cell_body_out, htons((uint16_t)len));
- len += 2;
- memcpy(auth, rend_circ_nonce, DIGEST_LEN);
- memcpy(auth+DIGEST_LEN, "INTRODUCE", 9);
- if (crypto_digest(cell_body_out+len, auth, DIGEST_LEN+9))
- goto err;
- len += 20;
- r = crypto_pk_private_sign_digest(intro_key, cell_body_out+len,
- cell_body_out_len - len,
- cell_body_out, len);
- if (r<0) {
- log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");
- goto err;
- }
- len += r;
-
- retval = len;
-
- err:
- memwipe(auth, 0, sizeof(auth));
-
- return retval;
-}
-
-/** Called when we're done building a circuit to an introduction point:
- * sends a RELAY_ESTABLISH_INTRO cell.
- */
-void
-rend_service_intro_has_opened(origin_circuit_t *circuit)
-{
- rend_service_t *service;
- char buf[RELAY_PAYLOAD_SIZE];
- char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
- unsigned int expiring_nodes_len, num_ip_circuits, valid_ip_circuits = 0;
- int reason = END_CIRC_REASON_TORPROTOCOL;
- const char *rend_pk_digest;
-
- tor_assert(circuit->base_.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
- assert_circ_anonymity_ok(circuit, get_options());
- tor_assert(circuit->cpath);
- tor_assert(circuit->rend_data);
- /* XXX: This is version 2 specific (only on supported). */
- rend_pk_digest = (char *) rend_data_get_pk_digest(circuit->rend_data, NULL);
-
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
- rend_pk_digest, REND_SERVICE_ID_LEN);
-
- service = rend_service_get_by_pk_digest(rend_pk_digest);
- if (!service) {
- log_warn(LD_REND, "Unrecognized service ID %s on introduction circuit %u.",
- safe_str_client(serviceid), (unsigned)circuit->base_.n_circ_id);
- reason = END_CIRC_REASON_NOSUCHSERVICE;
- goto err;
- }
-
- /* Take the current amount of expiring nodes and the current amount of IP
- * circuits and compute how many valid IP circuits we have. */
- expiring_nodes_len = (unsigned int) smartlist_len(service->expiring_nodes);
- num_ip_circuits = count_intro_point_circuits(service);
- /* Let's avoid an underflow. The valid_ip_circuits is initialized to 0 in
- * case this condition turns out false because it means that all circuits
- * are expiring so we need to keep this circuit. */
- if (num_ip_circuits > expiring_nodes_len) {
- valid_ip_circuits = num_ip_circuits - expiring_nodes_len;
- }
-
- /* If we already have enough introduction circuits for this service,
- * redefine this one as a general circuit or close it, depending.
- * Subtract the amount of expiring nodes here because the circuits are
- * still opened. */
- if (valid_ip_circuits > service->n_intro_points_wanted) {
- const or_options_t *options = get_options();
- /* Remove the intro point associated with this circuit, it's being
- * repurposed or closed thus cleanup memory. */
- rend_intro_point_t *intro = find_intro_point(circuit);
- if (intro != NULL) {
- smartlist_remove(service->intro_nodes, intro);
- rend_intro_point_free(intro);
- }
-
- if (options->ExcludeNodes) {
- /* XXXX in some future version, we can test whether the transition is
- allowed or not given the actual nodes in the circuit. But for now,
- this case, we might as well close the thing. */
- log_info(LD_CIRC|LD_REND, "We have just finished an introduction "
- "circuit, but we already have enough. Closing it.");
- reason = END_CIRC_REASON_NONE;
- goto err;
- } else {
- tor_assert(circuit->build_state->is_internal);
- log_info(LD_CIRC|LD_REND, "We have just finished an introduction "
- "circuit, but we already have enough. Redefining purpose to "
- "general; leaving as internal.");
-
- if (circuit_should_use_vanguards(TO_CIRCUIT(circuit)->purpose)) {
- circuit_change_purpose(TO_CIRCUIT(circuit),
- CIRCUIT_PURPOSE_HS_VANGUARDS);
- } else {
- circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_C_GENERAL);
- }
-
- {
- rend_data_free(circuit->rend_data);
- circuit->rend_data = NULL;
- }
- {
- crypto_pk_t *intro_key = circuit->intro_key;
- circuit->intro_key = NULL;
- crypto_pk_free(intro_key);
- }
-
- circuit_has_opened(circuit);
- goto done;
- }
- }
-
- log_info(LD_REND,
- "Established circuit %u as introduction point for service %s",
- (unsigned)circuit->base_.n_circ_id, serviceid);
- circuit_log_path(LOG_INFO, LD_REND, circuit);
-
- /* Send the ESTABLISH_INTRO cell */
- {
- ssize_t len;
- len = rend_service_encode_establish_intro_cell(buf, sizeof(buf),
- circuit->intro_key,
- circuit->cpath->prev->rend_circ_nonce);
- if (len < 0) {
- reason = END_CIRC_REASON_INTERNAL;
- goto err;
- }
-
- if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit),
- RELAY_COMMAND_ESTABLISH_INTRO,
- buf, len, circuit->cpath->prev)<0) {
- log_info(LD_GENERAL,
- "Couldn't send introduction request for service %s on circuit %u",
- serviceid, (unsigned)circuit->base_.n_circ_id);
- goto done;
- }
- }
-
- /* We've attempted to use this circuit */
- pathbias_count_use_attempt(circuit);
-
- goto done;
-
- err:
- circuit_mark_for_close(TO_CIRCUIT(circuit), reason);
- done:
- memwipe(buf, 0, sizeof(buf));
- memwipe(serviceid, 0, sizeof(serviceid));
-
- return;
-}
-
-/** Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a
- * live introduction point, and note that the service descriptor is
- * now out-of-date. */
-int
-rend_service_intro_established(origin_circuit_t *circuit,
- const uint8_t *request,
- size_t request_len)
-{
- rend_service_t *service;
- rend_intro_point_t *intro;
- char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
- (void) request;
- (void) request_len;
- tor_assert(circuit->rend_data);
- /* XXX: This is version 2 specific (only supported one for now). */
- const char *rend_pk_digest =
- (char *) rend_data_get_pk_digest(circuit->rend_data, NULL);
-
- if (circuit->base_.purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
- log_warn(LD_PROTOCOL,
- "received INTRO_ESTABLISHED cell on non-intro circuit.");
- goto err;
- }
- service = rend_service_get_by_pk_digest(rend_pk_digest);
- if (!service) {
- log_warn(LD_REND, "Unknown service on introduction circuit %u.",
- (unsigned)circuit->base_.n_circ_id);
- goto err;
- }
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
- rend_pk_digest, REND_SERVICE_ID_LEN);
- /* We've just successfully established a intro circuit to one of our
- * introduction point, account for it. */
- intro = find_intro_point(circuit);
- if (intro == NULL) {
- log_warn(LD_REND,
- "Introduction circuit established without a rend_intro_point_t "
- "object for service %s on circuit %u",
- safe_str_client(serviceid), (unsigned)circuit->base_.n_circ_id);
- goto err;
- }
- intro->circuit_established = 1;
- /* We might not have every introduction point ready but at this point we
- * know that the descriptor needs to be uploaded. */
- service->desc_is_dirty = time(NULL);
- circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);
-
- log_info(LD_REND,
- "Received INTRO_ESTABLISHED cell on circuit %u for service %s",
- (unsigned)circuit->base_.n_circ_id, serviceid);
-
- /* Getting a valid INTRODUCE_ESTABLISHED means we've successfully
- * used the circ */
- pathbias_mark_use_success(circuit);
-
- return 0;
- err:
- circuit_mark_for_close(TO_CIRCUIT(circuit), END_CIRC_REASON_TORPROTOCOL);
- return -1;
-}
-
-/** Called once a circuit to a rendezvous point is established: sends a
- * RELAY_COMMAND_RENDEZVOUS1 cell.
- */
-void
-rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
-{
- rend_service_t *service;
- char buf[RELAY_PAYLOAD_SIZE];
- crypt_path_t *hop;
- char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
- char hexcookie[9];
- int reason;
- const char *rend_cookie, *rend_pk_digest;
-
- tor_assert(circuit->base_.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
- tor_assert(circuit->cpath);
- tor_assert(circuit->build_state);
- assert_circ_anonymity_ok(circuit, get_options());
- tor_assert(circuit->rend_data);
-
- /* XXX: This is version 2 specific (only one supported). */
- rend_pk_digest = (char *) rend_data_get_pk_digest(circuit->rend_data,
- NULL);
- rend_cookie = circuit->rend_data->rend_cookie;
-
- /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the
- * timestamp regardless of its content because that circuit could have been
- * cannibalized so in any cases, we are about to use that circuit more. */
- circuit->base_.timestamp_dirty = time(NULL);
-
- /* This may be redundant */
- pathbias_count_use_attempt(circuit);
-
- hop = circuit->build_state->service_pending_final_cpath_ref->cpath;
-
- base16_encode(hexcookie,9, rend_cookie,4);
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
- rend_pk_digest, REND_SERVICE_ID_LEN);
-
- log_info(LD_REND,
- "Done building circuit %u to rendezvous with "
- "cookie %s for service %s",
- (unsigned)circuit->base_.n_circ_id, hexcookie, serviceid);
- circuit_log_path(LOG_INFO, LD_REND, circuit);
-
- /* Clear the 'in-progress HS circ has timed out' flag for
- * consistency with what happens on the client side; this line has
- * no effect on Tor's behaviour. */
- circuit->hs_circ_has_timed_out = 0;
-
- /* If hop is NULL, another rend circ has already connected to this
- * rend point. Close this circ. */
- if (hop == NULL) {
- log_info(LD_REND, "Another rend circ has already reached this rend point; "
- "closing this rend circ.");
- reason = END_CIRC_REASON_NONE;
- goto err;
- }
-
- /* Remove our final cpath element from the reference, so that no
- * other circuit will try to use it. Store it in
- * pending_final_cpath for now to ensure that it will be freed if
- * our rendezvous attempt fails. */
- circuit->build_state->pending_final_cpath = hop;
- circuit->build_state->service_pending_final_cpath_ref->cpath = NULL;
-
- service = rend_service_get_by_pk_digest(rend_pk_digest);
- if (!service) {
- log_warn(LD_GENERAL, "Internal error: unrecognized service ID on "
- "rendezvous circuit.");
- reason = END_CIRC_REASON_INTERNAL;
- goto err;
- }
-
- /* All we need to do is send a RELAY_RENDEZVOUS1 cell... */
- memcpy(buf, rend_cookie, REND_COOKIE_LEN);
- if (crypto_dh_get_public(hop->rend_dh_handshake_state,
- buf+REND_COOKIE_LEN, DH1024_KEY_LEN)<0) {
- log_warn(LD_GENERAL,"Couldn't get DH public key.");
- reason = END_CIRC_REASON_INTERNAL;
- goto err;
- }
- memcpy(buf+REND_COOKIE_LEN+DH1024_KEY_LEN, hop->rend_circ_nonce,
- DIGEST_LEN);
-
- /* Send the cell */
- if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit),
- RELAY_COMMAND_RENDEZVOUS1,
- buf, HS_LEGACY_RENDEZVOUS_CELL_SIZE,
- circuit->cpath->prev)<0) {
- log_warn(LD_GENERAL, "Couldn't send RENDEZVOUS1 cell.");
- goto done;
- }
-
- crypto_dh_free(hop->rend_dh_handshake_state);
- hop->rend_dh_handshake_state = NULL;
-
- /* Append the cpath entry. */
- hop->state = CPATH_STATE_OPEN;
- /* set the windows to default. these are the windows
- * that the service thinks the client has.
- */
- hop->package_window = circuit_initial_package_window();
- hop->deliver_window = CIRCWINDOW_START;
-
- cpath_extend_linked_list(&circuit->cpath, hop);
- circuit->build_state->pending_final_cpath = NULL; /* prevent double-free */
-
- /* Change the circuit purpose. */
- circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_REND_JOINED);
-
- goto done;
-
- err:
- circuit_mark_for_close(TO_CIRCUIT(circuit), reason);
- done:
- memwipe(buf, 0, sizeof(buf));
- memwipe(serviceid, 0, sizeof(serviceid));
- memwipe(hexcookie, 0, sizeof(hexcookie));
-
- return;
-}
-
-/*
- * Manage introduction points
- */
-
-/** Return the (possibly non-open) introduction circuit ending at
- * intro for the service whose public key is pk_digest.
- * (desc_version is ignored). Return NULL if no such service is
- * found.
- */
-static origin_circuit_t *
-find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest)
-{
- origin_circuit_t *circ = NULL;
-
- tor_assert(intro);
- while ((circ = circuit_get_next_by_pk_and_purpose(circ,
- (uint8_t *) pk_digest, CIRCUIT_PURPOSE_S_INTRO))) {
- if (tor_memeq(circ->build_state->chosen_exit->identity_digest,
- intro->extend_info->identity_digest, DIGEST_LEN) &&
- circ->rend_data) {
- return circ;
- }
- }
-
- circ = NULL;
- while ((circ = circuit_get_next_by_pk_and_purpose(circ,
- (uint8_t *) pk_digest,
- CIRCUIT_PURPOSE_S_ESTABLISH_INTRO))) {
- if (tor_memeq(circ->build_state->chosen_exit->identity_digest,
- intro->extend_info->identity_digest, DIGEST_LEN) &&
- circ->rend_data) {
- return circ;
- }
- }
- return NULL;
-}
-
-/** Return the corresponding introdution point using the circuit circ
- * found in the service. NULL is returned if not found. */
-static rend_intro_point_t *
-find_expiring_intro_point(rend_service_t *service, origin_circuit_t *circ)
-{
- tor_assert(service);
- tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
- TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
-
- SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *,
- intro_point,
- if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) {
- return intro_point;
- });
-
- return NULL;
-}
-
-/** Return a pointer to the rend_intro_point_t corresponding to the
- * service-side introduction circuit circ. */
-static rend_intro_point_t *
-find_intro_point(origin_circuit_t *circ)
-{
- const char *serviceid;
- rend_service_t *service = NULL;
-
- tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
- TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
- tor_assert(circ->rend_data);
- serviceid = rend_data_get_address(circ->rend_data);
-
- SMARTLIST_FOREACH(rend_service_list, rend_service_t *, s,
- if (tor_memeq(s->service_id, serviceid, REND_SERVICE_ID_LEN_BASE32)) {
- service = s;
- break;
- });
-
- if (service == NULL) return NULL;
-
- SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro_point,
- if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) {
- return intro_point;
- });
-
- return NULL;
-}
-
-/** Upload the rend_encoded_v2_service_descriptor_t's in descs
- * associated with the rend_service_descriptor_t renddesc to
- * the responsible hidden service directories OR the hidden service
- * directories specified by hs_dirs; service_id and
- * seconds_valid are only passed for logging purposes.
- */
-void
-directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
- smartlist_t *descs, smartlist_t *hs_dirs,
- const char *service_id, int seconds_valid)
-{
- int i, j, failed_upload = 0;
- smartlist_t *responsible_dirs = smartlist_new();
- smartlist_t *successful_uploads = smartlist_new();
- routerstatus_t *hs_dir;
- for (i = 0; i < smartlist_len(descs); i++) {
- rend_encoded_v2_service_descriptor_t *desc = smartlist_get(descs, i);
- /** If any HSDirs are specified, they should be used instead of
- * the responsible directories */
- if (hs_dirs && smartlist_len(hs_dirs) > 0) {
- smartlist_add_all(responsible_dirs, hs_dirs);
- } else {
- /* Determine responsible dirs. */
- if (hid_serv_get_responsible_directories(responsible_dirs,
- desc->desc_id) < 0) {
- log_warn(LD_REND, "Could not determine the responsible hidden service "
- "directories to post descriptors to.");
- control_event_hs_descriptor_upload(service_id,
- "UNKNOWN",
- "UNKNOWN", NULL);
- goto done;
- }
- }
- for (j = 0; j < smartlist_len(responsible_dirs); j++) {
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- char *hs_dir_ip;
- const node_t *node;
- rend_data_t *rend_data;
- hs_dir = smartlist_get(responsible_dirs, j);
- if (smartlist_contains_digest(renddesc->successful_uploads,
- hs_dir->identity_digest))
- /* Don't upload descriptor if we succeeded in doing so last time. */
- continue;
- node = node_get_by_id(hs_dir->identity_digest);
- if (!node || !node_has_preferred_descriptor(node,0)) {
- log_info(LD_REND, "Not launching upload for for v2 descriptor to "
- "hidden service directory %s; we don't have its "
- "router descriptor. Queuing for later upload.",
- safe_str_client(routerstatus_describe(hs_dir)));
- failed_upload = -1;
- continue;
- }
- /* Send publish request. */
-
- /* We need the service ID to identify which service did the upload
- * request. Lookup is made in rend_service_desc_has_uploaded(). */
- rend_data = rend_data_client_create(service_id, desc->desc_id, NULL,
- REND_NO_AUTH);
- directory_request_t *req =
- directory_request_new(DIR_PURPOSE_UPLOAD_RENDDESC_V2);
- directory_request_set_routerstatus(req, hs_dir);
- directory_request_set_indirection(req, DIRIND_ANONYMOUS);
- directory_request_set_payload(req,
- desc->desc_str, strlen(desc->desc_str));
- directory_request_set_rend_query(req, rend_data);
- directory_initiate_request(req);
- directory_request_free(req);
-
- rend_data_free(rend_data);
- base32_encode(desc_id_base32, sizeof(desc_id_base32),
- desc->desc_id, DIGEST_LEN);
- hs_dir_ip = tor_addr_to_str_dup(&hs_dir->ipv4_addr);
- if (hs_dir_ip) {
- log_info(LD_REND, "Launching upload for v2 descriptor for "
- "service '%s' with descriptor ID '%s' with validity "
- "of %d seconds to hidden service directory '%s' on "
- "%s:%d.",
- safe_str_client(service_id),
- safe_str_client(desc_id_base32),
- seconds_valid,
- hs_dir->nickname,
- hs_dir_ip,
- hs_dir->ipv4_orport);
- tor_free(hs_dir_ip);
- }
-
- control_event_hs_descriptor_upload(service_id,
- hs_dir->identity_digest,
- desc_id_base32, NULL);
- /* Remember successful upload to this router for next time. */
- if (!smartlist_contains_digest(successful_uploads,
- hs_dir->identity_digest))
- smartlist_add(successful_uploads, hs_dir->identity_digest);
- }
- smartlist_clear(responsible_dirs);
- }
- if (!failed_upload) {
- if (renddesc->successful_uploads) {
- SMARTLIST_FOREACH(renddesc->successful_uploads, char *, c, tor_free(c););
- smartlist_free(renddesc->successful_uploads);
- renddesc->successful_uploads = NULL;
- }
- renddesc->all_uploads_performed = 1;
- } else {
- /* Remember which routers worked this time, so that we don't upload the
- * descriptor to them again. */
- if (!renddesc->successful_uploads)
- renddesc->successful_uploads = smartlist_new();
- SMARTLIST_FOREACH(successful_uploads, const char *, c, {
- if (!smartlist_contains_digest(renddesc->successful_uploads, c)) {
- char *hsdir_id = tor_memdup(c, DIGEST_LEN);
- smartlist_add(renddesc->successful_uploads, hsdir_id);
- }
- });
- }
- done:
- smartlist_free(responsible_dirs);
- smartlist_free(successful_uploads);
-}
-
-/** Encode and sign an up-to-date service descriptor for service,
- * and upload it/them to the responsible hidden service directories.
- */
-static void
-upload_service_descriptor(rend_service_t *service)
-{
- time_t now = time(NULL);
- int rendpostperiod;
- char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
- int uploaded = 0;
-
- rendpostperiod = get_options()->RendPostPeriod;
-
- networkstatus_t *c = networkstatus_get_latest_consensus();
- if (c && smartlist_len(c->routerstatus_list) > 0) {
- int seconds_valid, i, j, num_descs;
- smartlist_t *descs = smartlist_new();
- smartlist_t *client_cookies = smartlist_new();
- /* Either upload a single descriptor (including replicas) or one
- * descriptor for each authorized client in case of authorization
- * type 'stealth'. */
- num_descs = service->auth_type == REND_STEALTH_AUTH ?
- smartlist_len(service->clients) : 1;
- for (j = 0; j < num_descs; j++) {
- crypto_pk_t *client_key = NULL;
- rend_authorized_client_t *client = NULL;
- smartlist_clear(client_cookies);
- switch (service->auth_type) {
- case REND_NO_AUTH:
- case REND_V3_AUTH:
- /* Do nothing here. */
- break;
- case REND_BASIC_AUTH:
- SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *,
- cl, smartlist_add(client_cookies, cl->descriptor_cookie));
- break;
- case REND_STEALTH_AUTH:
- client = smartlist_get(service->clients, j);
- client_key = client->client_key;
- smartlist_add(client_cookies, client->descriptor_cookie);
- break;
- }
- /* Encode the current descriptor. */
- seconds_valid = rend_encode_v2_descriptors(descs, service->desc,
- now, 0,
- service->auth_type,
- client_key,
- client_cookies);
- if (seconds_valid < 0) {
- log_warn(LD_BUG, "Internal error: couldn't encode service "
- "descriptor; not uploading.");
- smartlist_free(descs);
- smartlist_free(client_cookies);
- return;
- }
- rend_get_service_id(service->desc->pk, serviceid);
- if (get_options()->PublishHidServDescriptors) {
- /* Post the current descriptors to the hidden service directories. */
- /* This log message is used by Chutney as part of its bootstrap
- * detection mechanism. Please don't change without first checking
- * Chutney. */
- log_info(LD_REND, "Launching upload for hidden service %s",
- serviceid);
- directory_post_to_hs_dir(service->desc, descs, NULL, serviceid,
- seconds_valid);
- }
- /* Free memory for descriptors. */
- for (i = 0; i < smartlist_len(descs); i++)
- rend_encoded_v2_service_descriptor_free_(smartlist_get(descs, i));
- smartlist_clear(descs);
- /* Update next upload time. */
- if (seconds_valid - REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
- > rendpostperiod)
- service->next_upload_time = now + rendpostperiod;
- else if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS)
- service->next_upload_time = now + seconds_valid + 1;
- else
- service->next_upload_time = now + seconds_valid -
- REND_TIME_PERIOD_OVERLAPPING_V2_DESCS + 1;
- /* Post also the next descriptors, if necessary. */
- if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS) {
- seconds_valid = rend_encode_v2_descriptors(descs, service->desc,
- now, 1,
- service->auth_type,
- client_key,
- client_cookies);
- if (seconds_valid < 0) {
- log_warn(LD_BUG, "Internal error: couldn't encode service "
- "descriptor; not uploading.");
- smartlist_free(descs);
- smartlist_free(client_cookies);
- return;
- }
- if (get_options()->PublishHidServDescriptors) {
- directory_post_to_hs_dir(service->desc, descs, NULL, serviceid,
- seconds_valid);
- }
- /* Free memory for descriptors. */
- for (i = 0; i < smartlist_len(descs); i++)
- rend_encoded_v2_service_descriptor_free_(smartlist_get(descs, i));
- smartlist_clear(descs);
- }
- }
- smartlist_free(descs);
- smartlist_free(client_cookies);
- uploaded = 1;
- if (get_options()->PublishHidServDescriptors) {
- log_info(LD_REND, "Successfully uploaded v2 rend descriptors!");
- } else {
- log_info(LD_REND, "Successfully stored created v2 rend descriptors!");
- }
- }
-
- /* If not uploaded, try again in one minute. */
- if (!uploaded)
- service->next_upload_time = now + 60;
-
- /* Unmark dirty flag of this service. */
- service->desc_is_dirty = 0;
-}
-
-/** Return the number of INTRODUCE2 cells this hidden service has received
- * from this intro point. */
-static int
-intro_point_accepted_intro_count(rend_intro_point_t *intro)
-{
- return intro->accepted_introduce2_count;
-}
-
-/** Return non-zero iff intro should 'expire' now (i.e. we
- * should stop publishing it in new descriptors and eventually close
- * it). */
-static int
-intro_point_should_expire_now(rend_intro_point_t *intro,
- time_t now)
-{
- tor_assert(intro != NULL);
-
- if (intro->time_published == -1) {
- /* Don't expire an intro point if we haven't even published it yet. */
- return 0;
- }
-
- if (intro_point_accepted_intro_count(intro) >=
- intro->max_introductions) {
- /* This intro point has been used too many times. Expire it now. */
- return 1;
- }
-
- if (intro->time_to_expire == -1) {
- /* This intro point has been published, but we haven't picked an
- * expiration time for it. Pick one now. */
- int intro_point_lifetime_seconds =
- crypto_rand_int_range(INTRO_POINT_LIFETIME_MIN_SECONDS,
- INTRO_POINT_LIFETIME_MAX_SECONDS);
-
- /* Start the expiration timer now, rather than when the intro
- * point was first published. There shouldn't be much of a time
- * difference. */
- intro->time_to_expire = now + intro_point_lifetime_seconds;
-
- return 0;
- }
-
- /* This intro point has a time to expire set already. Use it. */
- return (now >= intro->time_to_expire);
-}
-
-/** Iterate over intro points in the given service and remove the invalid
- * ones. For an intro point object to be considered invalid, the circuit
- * _and_ node need to have disappeared.
- *
- * If the intro point should expire, it's placed into the expiring_nodes
- * list of the service and removed from the active intro nodes list.
- *
- * If exclude_nodes is not NULL, add the valid nodes to it.
- *
- * If retry_nodes is not NULL, add the valid node to it if the
- * circuit disappeared but the node is still in the consensus. */
-static void
-remove_invalid_intro_points(rend_service_t *service,
- smartlist_t *exclude_nodes,
- smartlist_t *retry_nodes, time_t now)
-{
- tor_assert(service);
-
- /* Remove any expired nodes that doesn't have a circuit. */
- SMARTLIST_FOREACH_BEGIN(service->expiring_nodes, rend_intro_point_t *,
- intro) {
- origin_circuit_t *intro_circ =
- find_intro_circuit(intro, service->pk_digest);
- if (intro_circ) {
- continue;
- }
- /* No more circuit, cleanup the into point object. */
- SMARTLIST_DEL_CURRENT(service->expiring_nodes, intro);
- rend_intro_point_free(intro);
- } SMARTLIST_FOREACH_END(intro);
-
- SMARTLIST_FOREACH_BEGIN(service->intro_nodes, rend_intro_point_t *,
- intro) {
- /* Find the introduction point node object. */
- const node_t *node =
- node_get_by_id(intro->extend_info->identity_digest);
- /* Find the intro circuit, this might be NULL. */
- origin_circuit_t *intro_circ =
- find_intro_circuit(intro, service->pk_digest);
-
- /* Add the valid node to the exclusion list so we don't try to establish
- * an introduction point to it again. */
- if (node && exclude_nodes) {
- smartlist_add(exclude_nodes, (void*) node);
- }
-
- /* First, make sure we still have a valid circuit for this intro point.
- * If we dont, we'll give up on it and make a new one. */
- if (intro_circ == NULL) {
- log_info(LD_REND, "Attempting to retry on %s as intro point for %s"
- " (circuit disappeared).",
- safe_str_client(extend_info_describe(intro->extend_info)),
- safe_str_client(service->service_id));
- /* We've lost the circuit for this intro point, flag it so it can be
- * accounted for when considiring uploading a descriptor. */
- intro->circuit_established = 0;
-
- /* Node is gone or we've reached our maximum circuit creation retry
- * count, clean up everything, we'll find a new one. */
- if (node == NULL ||
- intro->circuit_retries >= MAX_INTRO_POINT_CIRCUIT_RETRIES) {
- rend_intro_point_free(intro);
- SMARTLIST_DEL_CURRENT(service->intro_nodes, intro);
- /* We've just killed the intro point, nothing left to do. */
- continue;
- }
-
- /* The intro point is still alive so let's try to use it again because
- * we have a published descriptor containing it. Keep the intro point
- * in the intro_nodes list because it's still valid, we are rebuilding
- * a circuit to it. */
- if (retry_nodes) {
- smartlist_add(retry_nodes, intro);
- }
- }
- /* else, the circuit is valid so in both cases, node being alive or not,
- * we leave the circuit and intro point object as is. Closing the
- * circuit here would leak new consensus timing and freeing the intro
- * point object would make the intro circuit unusable. */
-
- /* Now, check if intro point should expire. If it does, queue it so
- * it can be cleaned up once it has been replaced properly. */
- if (intro_point_should_expire_now(intro, now)) {
- log_info(LD_REND, "Expiring %s as intro point for %s.",
- safe_str_client(extend_info_describe(intro->extend_info)),
- safe_str_client(service->service_id));
- /* We might have put it in the retry list if so, undo. */
- if (retry_nodes) {
- smartlist_remove(retry_nodes, intro);
- }
- smartlist_add(service->expiring_nodes, intro);
- SMARTLIST_DEL_CURRENT(service->intro_nodes, intro);
- /* Intro point is expired, we need a new one thus don't consider it
- * anymore has a valid established intro point. */
- intro->circuit_established = 0;
- }
- } SMARTLIST_FOREACH_END(intro);
-}
-
-/** A new descriptor has been successfully uploaded for the given
- * rend_data. Remove and free the expiring nodes from the associated
- * service. */
-void
-rend_service_desc_has_uploaded(const rend_data_t *rend_data)
-{
- rend_service_t *service;
- const char *onion_address;
-
- tor_assert(rend_data);
-
- onion_address = rend_data_get_address(rend_data);
-
- service = rend_service_get_by_service_id(onion_address);
- if (service == NULL) {
- return;
- }
-
- SMARTLIST_FOREACH_BEGIN(service->expiring_nodes, rend_intro_point_t *,
- intro) {
- origin_circuit_t *intro_circ =
- find_intro_circuit(intro, service->pk_digest);
- if (intro_circ != NULL) {
- circuit_mark_for_close(TO_CIRCUIT(intro_circ),
- END_CIRC_REASON_FINISHED);
- }
- SMARTLIST_DEL_CURRENT(service->expiring_nodes, intro);
- rend_intro_point_free(intro);
- } SMARTLIST_FOREACH_END(intro);
-}
-
-/** Don't try to build more than this many circuits before giving up
- * for a while. Dynamically calculated based on the configured number of
- * introduction points for the service, n_intro_points_wanted. */
-static int
-rend_max_intro_circs_per_period(unsigned int n_intro_points_wanted)
-{
- /* Allow all but one of the initial connections to fail and be
- * retried. (If all fail, we *want* to wait, because something is broken.) */
- tor_assert(n_intro_points_wanted <= NUM_INTRO_POINTS_MAX);
-
- /* For the normal use case, 3 intro points plus 2 extra for performance and
- * allow that twice because once every 24h or so, we can do it twice for two
- * descriptors that is the current one and the next one. So (3 + 2) * 2 ==
- * 12 allowed attempts for one period. */
- return ((n_intro_points_wanted + NUM_INTRO_POINTS_EXTRA) * 2);
-}
-
-/** For every service, check how many intro points it currently has, and:
- * - Invalidate introdution points based on specific criteria, see
- * remove_invalid_intro_points comments.
- * - Pick new intro points as necessary.
- * - Launch circuits to any new intro points.
- *
- * This is called once a second by the main loop.
- */
-void
-rend_consider_services_intro_points(time_t now)
-{
- int i;
- const or_options_t *options = get_options();
- /* Are we in single onion mode? */
- const int allow_direct = rend_service_allow_non_anonymous_connection(
- get_options());
- /* List of nodes we need to _exclude_ when choosing a new node to
- * establish an intro point to. */
- smartlist_t *exclude_nodes;
- /* List of nodes we need to retry to build a circuit on them because the
- * node is valid but circuit died. */
- smartlist_t *retry_nodes;
-
- if (!have_completed_a_circuit())
- return;
-
- exclude_nodes = smartlist_new();
- retry_nodes = smartlist_new();
-
- SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, service) {
- int r;
- /* Number of intro points we want to open and add to the intro nodes
- * list of the service. */
- unsigned int n_intro_points_to_open;
- /* Have an unsigned len so we can use it to compare values else gcc is
- * not happy with unmatching signed comparison. */
- unsigned int intro_nodes_len;
- /* Different service are allowed to have the same introduction point as
- * long as they are on different circuit thus why we clear this list. */
- smartlist_clear(exclude_nodes);
- smartlist_clear(retry_nodes);
-
- /* Cleanup the invalid intro points and save the node objects, if any,
- * in the exclude_nodes and retry_nodes lists. */
- remove_invalid_intro_points(service, exclude_nodes, retry_nodes, now);
-
- /* This retry period is important here so we don't stress circuit
- * creation. */
-
- if (now > service->intro_period_started + INTRO_CIRC_RETRY_PERIOD) {
- /* One period has elapsed:
- * - if we stopped, we can try building circuits again,
- * - if we haven't, we reset the circuit creation counts. */
- rend_log_intro_limit(service, LOG_INFO);
- service->intro_period_started = now;
- service->n_intro_circuits_launched = 0;
- } else if (service->n_intro_circuits_launched >=
- rend_max_intro_circs_per_period(
- service->n_intro_points_wanted)) {
- /* We have failed too many times in this period; wait for the next
- * one before we try to initiate any more connections. */
- rend_log_intro_limit(service, LOG_WARN);
- continue;
- }
-
- /* Let's try to rebuild circuit on the nodes we want to retry on. */
- SMARTLIST_FOREACH_BEGIN(retry_nodes, rend_intro_point_t *, intro) {
- r = rend_service_launch_establish_intro(service, intro);
- if (r < 0) {
- log_warn(LD_REND, "Error launching circuit to node %s for service %s.",
- safe_str_client(extend_info_describe(intro->extend_info)),
- safe_str_client(service->service_id));
- /* Unable to launch a circuit to that intro point, remove it from
- * the valid list so we can create a new one. */
- smartlist_remove(service->intro_nodes, intro);
- rend_intro_point_free(intro);
- continue;
- }
- intro->circuit_retries++;
- } SMARTLIST_FOREACH_END(intro);
-
- /* Avoid mismatched signed comparison below. */
- intro_nodes_len = (unsigned int) smartlist_len(service->intro_nodes);
-
- /* Quiescent state, we have more or the equal amount of wanted node for
- * this service. Proceed to the next service. We can have more nodes
- * because we launch extra preemptive circuits if our intro nodes list was
- * originally empty for performance reasons. */
- if (intro_nodes_len >= service->n_intro_points_wanted) {
- continue;
- }
-
- /* Number of intro points we want to open which is the wanted amount minus
- * the current amount of valid nodes. We know that this won't underflow
- * because of the check above. */
- n_intro_points_to_open = service->n_intro_points_wanted - intro_nodes_len;
- if (intro_nodes_len == 0) {
- /* We want to end up with n_intro_points_wanted intro points, but if
- * we have no intro points at all (chances are they all cycled or we
- * are starting up), we launch NUM_INTRO_POINTS_EXTRA extra circuits
- * and use the first n_intro_points_wanted that complete. See proposal
- * #155, section 4 for the rationale of this which is purely for
- * performance.
- *
- * The ones after the first n_intro_points_to_open will be converted
- * to 'general' internal circuits in rend_service_intro_has_opened(),
- * and then we'll drop them from the list of intro points. */
- n_intro_points_to_open += NUM_INTRO_POINTS_EXTRA;
- }
-
- for (i = 0; i < (int) n_intro_points_to_open; i++) {
- const node_t *node;
- rend_intro_point_t *intro;
- router_crn_flags_t flags = CRN_NEED_UPTIME|CRN_NEED_DESC;
- router_crn_flags_t direct_flags = flags;
- direct_flags |= CRN_PREF_ADDR;
- direct_flags |= CRN_DIRECT_CONN;
-
- node = router_choose_random_node(exclude_nodes,
- options->ExcludeNodes,
- allow_direct ? direct_flags : flags);
- /* If we are in single onion mode, retry node selection for a 3-hop
- * path */
- if (allow_direct && !node) {
- log_info(LD_REND,
- "Unable to find an intro point that we can connect to "
- "directly for %s, falling back to a 3-hop path.",
- safe_str_client(service->service_id));
- node = router_choose_random_node(exclude_nodes,
- options->ExcludeNodes, flags);
- }
-
- if (!node) {
- log_warn(LD_REND,
- "We only have %d introduction points established for %s; "
- "wanted %u.",
- smartlist_len(service->intro_nodes),
- safe_str_client(service->service_id),
- n_intro_points_to_open);
- break;
- }
- /* Add the chosen node to the exclusion list in order to avoid picking
- * it again in the next iteration. */
- smartlist_add(exclude_nodes, (void*)node);
- intro = tor_malloc_zero(sizeof(rend_intro_point_t));
- /* extend_info is for clients, so we want the multi-hop primary ORPort,
- * even if we are a single onion service and intend to connect to it
- * directly ourselves. */
- intro->extend_info = extend_info_from_node(node, 0);
- if (BUG(intro->extend_info == NULL)) {
- tor_free(intro);
- break;
- }
- intro->intro_key = crypto_pk_new();
- const int fail = crypto_pk_generate_key(intro->intro_key);
- tor_assert(!fail);
- intro->time_published = -1;
- intro->time_to_expire = -1;
- intro->max_introductions =
- crypto_rand_int_range(INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS,
- INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS);
- smartlist_add(service->intro_nodes, intro);
- log_info(LD_REND, "Picked router %s as an intro point for %s.",
- safe_str_client(node_describe(node)),
- safe_str_client(service->service_id));
- /* Establish new introduction circuit to our chosen intro point. */
- r = rend_service_launch_establish_intro(service, intro);
- if (r < 0) {
- log_warn(LD_REND, "Error launching circuit to node %s for service %s.",
- safe_str_client(extend_info_describe(intro->extend_info)),
- safe_str_client(service->service_id));
- /* This function will be called again by the main loop so this intro
- * point without a intro circuit will be retried on or removed after
- * a maximum number of attempts. */
- }
- }
- } SMARTLIST_FOREACH_END(service);
- smartlist_free(exclude_nodes);
- smartlist_free(retry_nodes);
-}
-
-#define MIN_REND_INITIAL_POST_DELAY (30)
-#define MIN_REND_INITIAL_POST_DELAY_TESTING (5)
-
-/** Regenerate and upload rendezvous service descriptors for all
- * services, if necessary. If the descriptor has been dirty enough
- * for long enough, definitely upload; else only upload when the
- * periodic timeout has expired.
- *
- * For the first upload, pick a random time between now and two periods
- * from now, and pick it independently for each service.
- */
-void
-rend_consider_services_upload(time_t now)
-{
- int i;
- rend_service_t *service;
- const or_options_t *options = get_options();
- int rendpostperiod = options->RendPostPeriod;
- int rendinitialpostdelay = (options->TestingTorNetwork ?
- MIN_REND_INITIAL_POST_DELAY_TESTING :
- MIN_REND_INITIAL_POST_DELAY);
-
- for (i=0; i < smartlist_len(rend_service_list); ++i) {
- service = smartlist_get(rend_service_list, i);
- if (!service->next_upload_time) { /* never been uploaded yet */
- /* The fixed lower bound of rendinitialpostdelay seconds ensures that
- * the descriptor is stable before being published. See comment below. */
- service->next_upload_time =
- now + rendinitialpostdelay + crypto_rand_int(2*rendpostperiod);
- /* Single Onion Services prioritise availability over hiding their
- * startup time, as their IP address is publicly discoverable anyway.
- */
- if (rend_service_reveal_startup_time(options)) {
- service->next_upload_time = now + rendinitialpostdelay;
- }
- }
- /* Does every introduction points have been established? */
- unsigned int intro_points_ready =
- count_established_intro_points(service) >=
- service->n_intro_points_wanted;
- if (intro_points_ready &&
- (service->next_upload_time < now ||
- (service->desc_is_dirty &&
- service->desc_is_dirty < now-rendinitialpostdelay))) {
- /* if it's time, or if the directory servers have a wrong service
- * descriptor and ours has been stable for rendinitialpostdelay seconds,
- * upload a new one of each format. */
- rend_service_update_descriptor(service);
- upload_service_descriptor(service);
- }
- }
-}
-
-/** True if the list of available router descriptors might have changed so
- * that we should have a look whether we can republish previously failed
- * rendezvous service descriptors. */
-static int consider_republishing_rend_descriptors = 1;
-
-/** Called when our internal view of the directory has changed, so that we
- * might have router descriptors of hidden service directories available that
- * we did not have before. */
-void
-rend_hsdir_routers_changed(void)
-{
- consider_republishing_rend_descriptors = 1;
-}
-
-/** Consider republication of v2 rendezvous service descriptors that failed
- * previously, but without regenerating descriptor contents.
- */
-void
-rend_consider_descriptor_republication(void)
-{
- int i;
- rend_service_t *service;
-
- if (!consider_republishing_rend_descriptors)
- return;
- consider_republishing_rend_descriptors = 0;
-
- if (!get_options()->PublishHidServDescriptors)
- return;
-
- for (i=0; i < smartlist_len(rend_service_list); ++i) {
- service = smartlist_get(rend_service_list, i);
- if (service->desc && !service->desc->all_uploads_performed) {
- /* If we failed in uploading a descriptor last time, try again *without*
- * updating the descriptor's contents. */
- upload_service_descriptor(service);
- }
- }
-}
-
-/** Log the status of introduction points for all rendezvous services
- * at log severity severity.
- */
-void
-rend_service_dump_stats(int severity)
-{
- rend_service_t *service;
- rend_intro_point_t *intro;
- const char *safe_name;
- origin_circuit_t *circ;
-
- for (int i = 0; i < smartlist_len(rend_service_list); ++i) {
- service = smartlist_get(rend_service_list, i);
- tor_log(severity, LD_GENERAL, "Service configured in %s:",
- rend_service_escaped_dir(service));
- for (int j = 0; j < smartlist_len(service->intro_nodes); ++j) {
- intro = smartlist_get(service->intro_nodes, j);
- safe_name = safe_str_client(intro->extend_info->nickname);
-
- circ = find_intro_circuit(intro, service->pk_digest);
- if (!circ) {
- tor_log(severity, LD_GENERAL, " Intro point %d at %s: no circuit",
- j, safe_name);
- continue;
- }
- tor_log(severity, LD_GENERAL, " Intro point %d at %s: circuit is %s",
- j, safe_name, circuit_state_to_string(circ->base_.state));
- }
- }
-}
-
-/** Given conn, a rendezvous exit stream, look up the hidden service for
- * circ, and look up the port and address based on conn-\>port.
- * Assign the actual conn-\>addr and conn-\>port. Return -2 on failure
- * for which the circuit should be closed, -1 on other failure,
- * or 0 for success.
- */
-int
-rend_service_set_connection_addr_port(edge_connection_t *conn,
- origin_circuit_t *circ)
-{
- rend_service_t *service;
- char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
- const char *rend_pk_digest;
-
- tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_S_REND_JOINED);
- tor_assert(circ->rend_data);
- log_debug(LD_REND,"beginning to hunt for addr/port");
- rend_pk_digest = (char *) rend_data_get_pk_digest(circ->rend_data, NULL);
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
- rend_pk_digest, REND_SERVICE_ID_LEN);
- service = rend_service_get_by_pk_digest(rend_pk_digest);
- if (!service) {
- log_warn(LD_REND, "Couldn't find any service associated with pk %s on "
- "rendezvous circuit %u; closing.",
- serviceid, (unsigned)circ->base_.n_circ_id);
- return -2;
- }
- if (service->max_streams_per_circuit > 0) {
- /* Enforce the streams-per-circuit limit, and refuse to provide a
- * mapping if this circuit will exceed the limit. */
-#define MAX_STREAM_WARN_INTERVAL 600
- static struct ratelim_t stream_ratelim =
- RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
- if (circ->rend_data->nr_streams >= service->max_streams_per_circuit) {
- log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
- "Maximum streams per circuit limit reached on rendezvous "
- "circuit %u; %s. Circuit has %d out of %d streams.",
- (unsigned)circ->base_.n_circ_id,
- service->max_streams_close_circuit ?
- "closing circuit" :
- "ignoring open stream request",
- circ->rend_data->nr_streams,
- service->max_streams_per_circuit);
- return service->max_streams_close_circuit ? -2 : -1;
- }
- }
-
- if (hs_set_conn_addr_port(service->ports, conn) == 0) {
- /* Successfully set the port to the connection. We are done. */
- return 0;
- }
-
- log_info(LD_REND,
- "No virtual port mapping exists for port %d on service %s",
- conn->base_.port, serviceid);
-
- if (service->allow_unknown_ports)
- return -1;
- else
- return -2;
-}
-
-/* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent?
- */
-static int
-rend_service_non_anonymous_mode_consistent(const or_options_t *options)
-{
- /* !! is used to make these options boolean */
- return (!! options->HiddenServiceSingleHopMode ==
- !! options->HiddenServiceNonAnonymousMode);
-}
-
-/* Do the options allow onion services to make direct (non-anonymous)
- * connections to introduction or rendezvous points?
- * Must only be called after options_validate_single_onion() has successfully
- * checked onion service option consistency.
- * Returns true if tor is in HiddenServiceSingleHopMode. */
-int
-rend_service_allow_non_anonymous_connection(const or_options_t *options)
-{
- tor_assert(rend_service_non_anonymous_mode_consistent(options));
- return options->HiddenServiceSingleHopMode ? 1 : 0;
-}
-
-/* Do the options allow us to reveal the exact startup time of the onion
- * service?
- * Single Onion Services prioritise availability over hiding their
- * startup time, as their IP address is publicly discoverable anyway.
- * Must only be called after options_validate_single_onion() has successfully
- * checked onion service option consistency.
- * Returns true if tor is in non-anonymous hidden service mode. */
-int
-rend_service_reveal_startup_time(const or_options_t *options)
-{
- tor_assert(rend_service_non_anonymous_mode_consistent(options));
- return rend_service_non_anonymous_mode_enabled(options);
-}
-
-/* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode
- * config option?
- * Must only be called after options_validate_single_onion() has successfully
- * checked onion service option consistency.
- */
-int
-rend_service_non_anonymous_mode_enabled(const or_options_t *options)
-{
- tor_assert(rend_service_non_anonymous_mode_consistent(options));
- return options->HiddenServiceNonAnonymousMode ? 1 : 0;
-}
-
-#ifdef TOR_UNIT_TESTS
-
-STATIC void
-set_rend_service_list(smartlist_t *new_list)
-{
- rend_service_list = new_list;
-}
-
-STATIC void
-set_rend_rend_service_staging_list(smartlist_t *new_list)
-{
- rend_service_staging_list = new_list;
-}
-
-#endif /* defined(TOR_UNIT_TESTS) */
diff --git a/src/feature/rend/rendservice.h b/src/feature/rend/rendservice.h
deleted file mode 100644
index cd44787ce2..0000000000
--- a/src/feature/rend/rendservice.h
+++ /dev/null
@@ -1,215 +0,0 @@
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file rendservice.h
- * \brief Header file for rendservice.c.
- **/
-
-#ifndef TOR_RENDSERVICE_H
-#define TOR_RENDSERVICE_H
-
-#include "core/or/or.h"
-#include "feature/hs/hs_service.h"
-
-typedef struct rend_intro_cell_t rend_intro_cell_t;
-struct config_line_t;
-
-/* This can be used for both INTRODUCE1 and INTRODUCE2 */
-
-struct rend_intro_cell_t {
- /* Is this an INTRODUCE1 or INTRODUCE2? (set to 1 or 2) */
- uint8_t type;
- /* Public key digest */
- uint8_t pk[DIGEST_LEN];
- /* Optionally, store ciphertext here */
- uint8_t *ciphertext;
- ssize_t ciphertext_len;
- /* Optionally, store plaintext */
- uint8_t *plaintext;
- ssize_t plaintext_len;
- /* Have we parsed the plaintext? */
- uint8_t parsed;
- /* intro protocol version (0, 1, 2 or 3) */
- uint8_t version;
- /* Version-specific parts */
- union {
- struct {
- /* Rendezvous point nickname or hex-encoded key digest */
- uint8_t rp[42];
- } v0_v1;
- struct {
- /* The extend_info_t struct has everything v2 uses */
- extend_info_t *extend_info;
- } v2;
- struct {
- /* Auth type used */
- uint8_t auth_type;
- /* Length of auth data */
- uint16_t auth_len;
- /* Auth data */
- uint8_t *auth_data;
- /* Rendezvous point's IP address/port, identity digest and onion key */
- extend_info_t *extend_info;
- } v3;
- } u;
- /* Rendezvous cookie */
- uint8_t rc[REND_COOKIE_LEN];
- /* Diffie-Hellman data */
- uint8_t dh[DH1024_KEY_LEN];
-};
-
-#ifdef RENDSERVICE_PRIVATE
-
-/** Represents a single hidden service running at this OP. */
-typedef struct rend_service_t {
- /* Fields specified in config file */
- char *directory; /**< where in the filesystem it stores it. Will be NULL if
- * this service is ephemeral. */
- int dir_group_readable; /**< if 1, allow group read
- permissions on directory */
- smartlist_t *ports; /**< List of hs_port_config_t */
- rend_auth_type_t auth_type; /**< Client authorization type or 0 if no client
- * authorization is performed. */
- smartlist_t *clients; /**< List of rend_authorized_client_t's of
- * clients that may access our service. Can be NULL
- * if no client authorization is performed. */
- /* Other fields */
- crypto_pk_t *private_key; /**< Permanent hidden-service key. */
- char service_id[REND_SERVICE_ID_LEN_BASE32+1]; /**< Onion address without
- * '.onion' */
- char pk_digest[DIGEST_LEN]; /**< Hash of permanent hidden-service key. */
- smartlist_t *intro_nodes; /**< List of rend_intro_point_t's we have,
- * or are trying to establish. */
- /** List of rend_intro_point_t that are expiring. They are removed once
- * the new descriptor is successfully uploaded. A node in this list CAN
- * NOT appear in the intro_nodes list. */
- smartlist_t *expiring_nodes;
- time_t intro_period_started; /**< Start of the current period to build
- * introduction points. */
- int n_intro_circuits_launched; /**< Count of intro circuits we have
- * established in this period. */
- unsigned int n_intro_points_wanted; /**< Number of intro points this
- * service wants to have open. */
- rend_service_descriptor_t *desc; /**< Current hidden service descriptor. */
- time_t desc_is_dirty; /**< Time at which changes to the hidden service
- * descriptor content occurred, or 0 if it's
- * up-to-date. */
- time_t next_upload_time; /**< Scheduled next hidden service descriptor
- * upload time. */
- /** Replay cache for Diffie-Hellman values of INTRODUCE2 cells, to
- * detect repeats. Clients may send INTRODUCE1 cells for the same
- * rendezvous point through two or more different introduction points;
- * when they do, this keeps us from launching multiple simultaneous attempts
- * to connect to the same rend point. */
- replaycache_t *accepted_intro_dh_parts;
- /** If true, we don't close circuits for making requests to unsupported
- * ports. */
- int allow_unknown_ports;
- /** The maximum number of simultaneous streams-per-circuit that are allowed
- * to be established, or 0 if no limit is set.
- */
- int max_streams_per_circuit;
- /** If true, we close circuits that exceed the max_streams_per_circuit
- * limit. */
- int max_streams_close_circuit;
-} rend_service_t;
-
-STATIC void rend_service_free_(rend_service_t *service);
-#define rend_service_free(s) \
- FREE_AND_NULL(rend_service_t, rend_service_free_, (s))
-STATIC char *rend_service_sos_poison_path(const rend_service_t *service);
-STATIC int rend_service_verify_single_onion_poison(
- const rend_service_t *s,
- const or_options_t *options);
-STATIC int rend_service_poison_new_single_onion_dir(
- const rend_service_t *s,
- const or_options_t* options);
-#ifdef TOR_UNIT_TESTS
-
-STATIC void set_rend_service_list(smartlist_t *new_list);
-STATIC void set_rend_rend_service_staging_list(smartlist_t *new_list);
-STATIC void rend_service_prune_list_impl_(void);
-
-#endif /* defined(TOR_UNIT_TESTS) */
-
-#endif /* defined(RENDSERVICE_PRIVATE) */
-
-int rend_num_services(void);
-struct hs_opts_t;
-int rend_config_service(const struct hs_opts_t *hs_opts,
- const or_options_t *options,
- hs_service_config_t *config);
-void rend_service_prune_list(void);
-void rend_service_free_staging_list(void);
-int rend_service_load_all_keys(const smartlist_t *service_list);
-int rend_service_key_on_disk(const char *directory_path);
-void rend_services_add_filenames_to_lists(smartlist_t *open_lst,
- smartlist_t *stat_lst);
-void rend_consider_services_intro_points(time_t now);
-void rend_consider_services_upload(time_t now);
-void rend_hsdir_routers_changed(void);
-void rend_consider_descriptor_republication(void);
-
-void rend_service_intro_has_opened(origin_circuit_t *circuit);
-int rend_service_intro_established(origin_circuit_t *circuit,
- const uint8_t *request,
- size_t request_len);
-void rend_service_rendezvous_has_opened(origin_circuit_t *circuit);
-int rend_service_receive_introduction(origin_circuit_t *circuit,
- const uint8_t *request,
- size_t request_len);
-int rend_service_decrypt_intro(rend_intro_cell_t *request,
- crypto_pk_t *key,
- char **err_msg_out);
-void rend_service_free_intro_(rend_intro_cell_t *request);
-#define rend_service_free_intro(req) do { \
- rend_service_free_intro_(req); \
- (req) = NULL; \
- } while (0)
-rend_intro_cell_t * rend_service_begin_parse_intro(const uint8_t *request,
- size_t request_len,
- uint8_t type,
- char **err_msg_out);
-int rend_service_parse_intro_plaintext(rend_intro_cell_t *intro,
- char **err_msg_out);
-ssize_t rend_service_encode_establish_intro_cell(char *cell_body_out,
- size_t cell_body_out_len,
- crypto_pk_t *intro_key,
- const char *rend_circ_nonce);
-int rend_service_validate_intro_late(const rend_intro_cell_t *intro,
- char **err_msg_out);
-void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc);
-int rend_service_set_connection_addr_port(edge_connection_t *conn,
- origin_circuit_t *circ);
-void rend_service_dump_stats(int severity);
-void rend_service_free_all(void);
-void rend_service_init(void);
-
-void rend_authorized_client_free_(rend_authorized_client_t *client);
-#define rend_authorized_client_free(client) \
- FREE_AND_NULL(rend_authorized_client_t, rend_authorized_client_free_, \
- (client))
-
-hs_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk,
- smartlist_t *ports,
- int max_streams_per_circuit,
- int max_streams_close_circuit,
- rend_auth_type_t auth_type,
- smartlist_t *auth_clients,
- char **service_id_out);
-int rend_service_del_ephemeral(const char *service_id);
-
-void directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
- smartlist_t *descs, smartlist_t *hs_dirs,
- const char *service_id, int seconds_valid);
-void rend_service_desc_has_uploaded(const rend_data_t *rend_data);
-
-int rend_service_allow_non_anonymous_connection(const or_options_t *options);
-int rend_service_reveal_startup_time(const or_options_t *options);
-int rend_service_non_anonymous_mode_enabled(const or_options_t *options);
-
-#endif /* !defined(TOR_RENDSERVICE_H) */
diff --git a/src/test/fuzz/fuzz_hsdescv2.c b/src/test/fuzz/fuzz_hsdescv2.c
deleted file mode 100644
index 81d9e5f00e..0000000000
--- a/src/test/fuzz/fuzz_hsdescv2.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/* Copyright (c) 2016-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-#include "core/or/or.h"
-#include "feature/dirparse/unparseable.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendparse.h"
-#include "lib/crypt_ops/crypto_ed25519.h"
-#include "test/fuzz/fuzzing.h"
-
-static void
-mock_dump_desc__nodump(const char *desc, const char *type)
-{
- (void)desc;
- (void)type;
-}
-
-int
-fuzz_init(void)
-{
- disable_signature_checking();
- MOCK(dump_desc, mock_dump_desc__nodump);
- ed25519_init();
- return 0;
-}
-
-int
-fuzz_cleanup(void)
-{
- return 0;
-}
-
-int
-fuzz_main(const uint8_t *data, size_t sz)
-{
- rend_service_descriptor_t *desc = NULL;
- char desc_id[64];
- char *ipts = NULL;
- size_t ipts_size, esize;
- const char *next;
- char *str = tor_memdup_nulterm(data, sz);
- (void) rend_parse_v2_service_descriptor(&desc, desc_id, &ipts, &ipts_size,
- &esize, &next, str, 1);
- if (desc) {
- log_debug(LD_GENERAL, "Parsing okay");
- rend_service_descriptor_free(desc);
- } else {
- log_debug(LD_GENERAL, "Parsing failed");
- }
- tor_free(ipts);
- tor_free(str);
- return 0;
-}
diff --git a/src/test/fuzz/include.am b/src/test/fuzz/include.am
index ef952c3812..9bdced9e6f 100644
--- a/src/test/fuzz/include.am
+++ b/src/test/fuzz/include.am
@@ -83,16 +83,6 @@ src_test_fuzz_fuzz_extrainfo_LDFLAGS = $(FUZZING_LDFLAG)
src_test_fuzz_fuzz_extrainfo_LDADD = $(FUZZING_LIBS)
endif
-if UNITTESTS_ENABLED
-src_test_fuzz_fuzz_hsdescv2_SOURCES = \
- src/test/fuzz/fuzzing_common.c \
- src/test/fuzz/fuzz_hsdescv2.c
-src_test_fuzz_fuzz_hsdescv2_CPPFLAGS = $(FUZZING_CPPFLAGS)
-src_test_fuzz_fuzz_hsdescv2_CFLAGS = $(FUZZING_CFLAGS)
-src_test_fuzz_fuzz_hsdescv2_LDFLAGS = $(FUZZING_LDFLAG)
-src_test_fuzz_fuzz_hsdescv2_LDADD = $(FUZZING_LIBS)
-endif
-
if UNITTESTS_ENABLED
src_test_fuzz_fuzz_hsdescv3_SOURCES = \
src/test/fuzz/fuzzing_common.c \
@@ -123,16 +113,6 @@ src_test_fuzz_fuzz_http_connect_LDFLAGS = $(FUZZING_LDFLAG)
src_test_fuzz_fuzz_http_connect_LDADD = $(FUZZING_LIBS)
endif
-if UNITTESTS_ENABLED
-src_test_fuzz_fuzz_iptsv2_SOURCES = \
- src/test/fuzz/fuzzing_common.c \
- src/test/fuzz/fuzz_iptsv2.c
-src_test_fuzz_fuzz_iptsv2_CPPFLAGS = $(FUZZING_CPPFLAGS)
-src_test_fuzz_fuzz_iptsv2_CFLAGS = $(FUZZING_CFLAGS)
-src_test_fuzz_fuzz_iptsv2_LDFLAGS = $(FUZZING_LDFLAG)
-src_test_fuzz_fuzz_iptsv2_LDADD = $(FUZZING_LIBS)
-endif
-
if UNITTESTS_ENABLED
src_test_fuzz_fuzz_microdesc_SOURCES = \
src/test/fuzz/fuzzing_common.c \
@@ -180,11 +160,9 @@ FUZZERS = \
src/test/fuzz/fuzz-diff \
src/test/fuzz/fuzz-diff-apply \
src/test/fuzz/fuzz-extrainfo \
- src/test/fuzz/fuzz-hsdescv2 \
src/test/fuzz/fuzz-hsdescv3 \
src/test/fuzz/fuzz-http \
src/test/fuzz/fuzz-http-connect \
- src/test/fuzz/fuzz-iptsv2 \
src/test/fuzz/fuzz-microdesc \
src/test/fuzz/fuzz-socks \
src/test/fuzz/fuzz-strops \
@@ -239,15 +217,6 @@ src_test_fuzz_lf_fuzz_extrainfo_LDFLAGS = $(LIBFUZZER_LDFLAG)
src_test_fuzz_lf_fuzz_extrainfo_LDADD = $(LIBFUZZER_LIBS)
endif
-if UNITTESTS_ENABLED
-src_test_fuzz_lf_fuzz_hsdescv2_SOURCES = \
- $(src_test_fuzz_fuzz_hsdescv2_SOURCES)
-src_test_fuzz_lf_fuzz_hsdescv2_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
-src_test_fuzz_lf_fuzz_hsdescv2_CFLAGS = $(LIBFUZZER_CFLAGS)
-src_test_fuzz_lf_fuzz_hsdescv2_LDFLAGS = $(LIBFUZZER_LDFLAG)
-src_test_fuzz_lf_fuzz_hsdescv2_LDADD = $(LIBFUZZER_LIBS)
-endif
-
if UNITTESTS_ENABLED
src_test_fuzz_lf_fuzz_hsdescv3_SOURCES = \
$(src_test_fuzz_fuzz_hsdescv3_SOURCES)
@@ -275,15 +244,6 @@ src_test_fuzz_lf_fuzz_http_connect_LDFLAGS = $(LIBFUZZER_LDFLAG)
src_test_fuzz_lf_fuzz_http_connect_LDADD = $(LIBFUZZER_LIBS)
endif
-if UNITTESTS_ENABLED
-src_test_fuzz_lf_fuzz_iptsv2_SOURCES = \
- $(src_test_fuzz_fuzz_iptsv2_SOURCES)
-src_test_fuzz_lf_fuzz_iptsv2_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
-src_test_fuzz_lf_fuzz_iptsv2_CFLAGS = $(LIBFUZZER_CFLAGS)
-src_test_fuzz_lf_fuzz_iptsv2_LDFLAGS = $(LIBFUZZER_LDFLAG)
-src_test_fuzz_lf_fuzz_iptsv2_LDADD = $(LIBFUZZER_LIBS)
-endif
-
if UNITTESTS_ENABLED
src_test_fuzz_lf_fuzz_microdesc_SOURCES = \
$(src_test_fuzz_fuzz_microdesc_SOURCES)
@@ -326,11 +286,9 @@ LIBFUZZER_FUZZERS = \
src/test/fuzz/lf-fuzz-diff \
src/test/fuzz/lf-fuzz-diff-apply \
src/test/fuzz/lf-fuzz-extrainfo \
- src/test/fuzz/lf-fuzz-hsdescv2 \
src/test/fuzz/lf-fuzz-hsdescv3 \
src/test/fuzz/lf-fuzz-http \
src/test/fuzz/lf-fuzz-http-connect \
- src/test/fuzz/lf-fuzz-iptsv2 \
src/test/fuzz/lf-fuzz-microdesc \
src/test/fuzz/lf-fuzz-socks \
src/test/fuzz/lf-fuzz-strops \
@@ -378,13 +336,6 @@ src_test_fuzz_liboss_fuzz_extrainfo_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
src_test_fuzz_liboss_fuzz_extrainfo_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
endif
-if UNITTESTS_ENABLED
-src_test_fuzz_liboss_fuzz_hsdescv2_a_SOURCES = \
- $(src_test_fuzz_fuzz_hsdescv2_SOURCES)
-src_test_fuzz_liboss_fuzz_hsdescv2_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
-src_test_fuzz_liboss_fuzz_hsdescv2_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
-endif
-
if UNITTESTS_ENABLED
src_test_fuzz_liboss_fuzz_hsdescv3_a_SOURCES = \
$(src_test_fuzz_fuzz_hsdescv3_SOURCES)
@@ -406,13 +357,6 @@ src_test_fuzz_liboss_fuzz_http_connect_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
src_test_fuzz_liboss_fuzz_http_connect_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
endif
-if UNITTESTS_ENABLED
-src_test_fuzz_liboss_fuzz_iptsv2_a_SOURCES = \
- $(src_test_fuzz_fuzz_iptsv2_SOURCES)
-src_test_fuzz_liboss_fuzz_iptsv2_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
-src_test_fuzz_liboss_fuzz_iptsv2_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
-endif
-
if UNITTESTS_ENABLED
src_test_fuzz_liboss_fuzz_microdesc_a_SOURCES = \
$(src_test_fuzz_fuzz_microdesc_SOURCES)
@@ -447,11 +391,9 @@ OSS_FUZZ_FUZZERS = \
src/test/fuzz/liboss-fuzz-diff.a \
src/test/fuzz/liboss-fuzz-diff-apply.a \
src/test/fuzz/liboss-fuzz-extrainfo.a \
- src/test/fuzz/liboss-fuzz-hsdescv2.a \
src/test/fuzz/liboss-fuzz-hsdescv3.a \
src/test/fuzz/liboss-fuzz-http.a \
src/test/fuzz/liboss-fuzz-http-connect.a \
- src/test/fuzz/liboss-fuzz-iptsv2.a \
src/test/fuzz/liboss-fuzz-microdesc.a \
src/test/fuzz/liboss-fuzz-socks.a \
src/test/fuzz/liboss-fuzz-strops.a \
diff --git a/src/test/include.am b/src/test/include.am
index cdf3b20c48..9372b796f8 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -130,7 +130,6 @@ src_test_test_SOURCES += \
src/test/log_test_helpers.c \
src/test/hs_test_helpers.c \
src/test/opts_test_helpers.c \
- src/test/rend_test_helpers.c \
src/test/resolve_test_helpers.c \
src/test/rng_test_helpers.c \
src/test/test.c \
@@ -181,7 +180,6 @@ src_test_test_SOURCES += \
src/test/test_geoip.c \
src/test/test_guardfraction.c \
src/test/test_extorport.c \
- src/test/test_hs.c \
src/test/test_hs_common.c \
src/test/test_hs_config.c \
src/test/test_hs_cell.c \
@@ -196,7 +194,6 @@ src_test_test_SOURCES += \
src/test/test_hs_descriptor.c \
src/test/test_hs_dos.c \
src/test/test_hs_metrics.c \
- src/test/test_introduce.c \
src/test/test_keypin.c \
src/test/test_link_handshake.c \
src/test/test_logging.c \
@@ -227,7 +224,6 @@ src_test_test_SOURCES += \
src/test/test_relay.c \
src/test/test_relaycell.c \
src/test/test_relaycrypt.c \
- src/test/test_rendcache.c \
src/test/test_replay.c \
src/test/test_router.c \
src/test/test_routerkeys.c \
@@ -380,7 +376,6 @@ noinst_HEADERS+= \
src/test/hs_test_helpers.h \
src/test/log_test_helpers.h \
src/test/opts_test_helpers.h \
- src/test/rend_test_helpers.h \
src/test/resolve_test_helpers.h \
src/test/rng_test_helpers.h \
src/test/test.h \
diff --git a/src/test/rend_test_helpers.c b/src/test/rend_test_helpers.c
deleted file mode 100644
index 8e40167aeb..0000000000
--- a/src/test/rend_test_helpers.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* Copyright (c) 2014-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-#include "core/or/or.h"
-#include "core/or/extendinfo.h"
-#include "lib/crypt_ops/crypto_rand.h"
-#include "test/test.h"
-#include "feature/rend/rendcommon.h"
-#include "test/rend_test_helpers.h"
-
-#include "core/or/extend_info_st.h"
-#include "feature/rend/rend_intro_point_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
-
-void
-generate_desc(int time_diff, rend_encoded_v2_service_descriptor_t **desc,
- char **service_id, int intro_points)
-{
- rend_service_descriptor_t *generated = NULL;
- smartlist_t *descs = smartlist_new();
- time_t now;
-
- now = time(NULL) + time_diff;
- create_descriptor(&generated, service_id, intro_points);
- generated->timestamp = now;
-
- rend_encode_v2_descriptors(descs, generated, now, 0, REND_NO_AUTH, NULL,
- NULL);
- tor_assert(smartlist_len(descs) > 1);
- *desc = smartlist_get(descs, 0);
- smartlist_set(descs, 0, NULL);
-
- SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
- rend_encoded_v2_service_descriptor_free(d));
- smartlist_free(descs);
- rend_service_descriptor_free(generated);
-}
-
-void
-create_descriptor(rend_service_descriptor_t **generated, char **service_id,
- int intro_points)
-{
- crypto_pk_t *pk1 = NULL;
- crypto_pk_t *pk2 = NULL;
- int i;
-
- *service_id = tor_malloc(REND_SERVICE_ID_LEN_BASE32+1);
- pk1 = pk_generate(0);
- pk2 = pk_generate(1);
-
- *generated = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- (*generated)->pk = crypto_pk_dup_key(pk1);
- rend_get_service_id((*generated)->pk, *service_id);
-
- (*generated)->version = 2;
- (*generated)->protocols = 42;
- (*generated)->intro_nodes = smartlist_new();
-
- for (i = 0; i < intro_points; i++) {
- rend_intro_point_t *intro = tor_malloc_zero(sizeof(rend_intro_point_t));
- crypto_pk_t *okey = pk_generate(2 + i);
- intro->extend_info =
- extend_info_new(NULL, NULL, NULL, NULL, NULL, NULL, 0);
- intro->extend_info->onion_key = okey;
- crypto_pk_get_digest(intro->extend_info->onion_key,
- intro->extend_info->identity_digest);
- intro->extend_info->nickname[0] = '$';
- base16_encode(intro->extend_info->nickname + 1,
- sizeof(intro->extend_info->nickname) - 1,
- intro->extend_info->identity_digest, DIGEST_LEN);
- tor_addr_t addr;
- uint16_t port;
- /* Does not cover all IP addresses. */
- tor_addr_from_ipv4h(&addr, crypto_rand_int(65536) + 1);
- port = 1 + crypto_rand_int(65535);
- extend_info_add_orport(intro->extend_info, &addr, port);
- intro->intro_key = crypto_pk_dup_key(pk2);
- smartlist_add((*generated)->intro_nodes, intro);
- }
-
- crypto_pk_free(pk1);
- crypto_pk_free(pk2);
-}
-
-rend_data_t *
-mock_rend_data(const char *onion_address)
-{
- rend_data_v2_t *v2_data = tor_malloc_zero(sizeof(*v2_data));
- rend_data_t *rend_query = &v2_data->base_;
- rend_query->version = 2;
-
- strlcpy(v2_data->onion_address, onion_address,
- sizeof(v2_data->onion_address));
- v2_data->auth_type = REND_NO_AUTH;
- rend_query->hsdirs_fp = smartlist_new();
- smartlist_add(rend_query->hsdirs_fp, tor_memdup("aaaaaaaaaaaaaaaaaaaaaaaa",
- DIGEST_LEN));
- return rend_query;
-}
diff --git a/src/test/rend_test_helpers.h b/src/test/rend_test_helpers.h
deleted file mode 100644
index b1078ce866..0000000000
--- a/src/test/rend_test_helpers.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* Copyright (c) 2014-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-#include "core/or/or.h"
-
-#ifndef TOR_REND_TEST_HELPERS_H
-#define TOR_REND_TEST_HELPERS_H
-
-void generate_desc(int time_diff, rend_encoded_v2_service_descriptor_t **desc,
- char **service_id, int intro_points);
-void create_descriptor(rend_service_descriptor_t **generated,
- char **service_id, int intro_points);
-rend_data_t *mock_rend_data(const char *onion_address);
-
-#endif /* !defined(TOR_REND_TEST_HELPERS_H) */
-
diff --git a/src/test/test.c b/src/test/test.c
index 0d6c0a0d4a..fd9ce230ea 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -45,9 +45,6 @@
#include "app/config/config.h"
#include "core/or/connection_edge.h"
#include "core/or/extendinfo.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendcache.h"
-#include "feature/rend/rendparse.h"
#include "test/test.h"
#include "core/mainloop/mainloop.h"
#include "lib/memarea/memarea.h"
@@ -62,9 +59,6 @@
#include "core/or/extend_info_st.h"
#include "core/or/or_circuit_st.h"
-#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
-#include "feature/rend/rend_intro_point_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
#include "feature/relay/onion_queue.h"
/** Run unit tests for the onion handshake code. */
@@ -619,127 +613,6 @@ test_circuit_timeout(void *arg)
testing_disable_deterministic_rng();
}
-/** Test encoding and parsing of rendezvous service descriptors. */
-static void
-test_rend_fns(void *arg)
-{
- rend_service_descriptor_t *generated = NULL, *parsed = NULL;
- char service_id[DIGEST_LEN];
- char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1];
- const char *next_desc;
- smartlist_t *descs = smartlist_new();
- char computed_desc_id[DIGEST_LEN];
- char parsed_desc_id[DIGEST_LEN];
- crypto_pk_t *pk1 = NULL, *pk2 = NULL;
- time_t now;
- char *intro_points_encrypted = NULL;
- size_t intro_points_size;
- size_t encoded_size;
- int i;
-
- (void)arg;
-
- /* Initialize the service cache. */
- rend_cache_init();
-
- pk1 = pk_generate(0);
- pk2 = pk_generate(1);
- generated = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- generated->pk = crypto_pk_dup_key(pk1);
- crypto_pk_get_digest(generated->pk, service_id);
- base32_encode(service_id_base32, REND_SERVICE_ID_LEN_BASE32+1,
- service_id, REND_SERVICE_ID_LEN);
- now = time(NULL);
- generated->timestamp = now;
- generated->version = 2;
- generated->protocols = 42;
- generated->intro_nodes = smartlist_new();
-
- for (i = 0; i < 3; i++) {
- rend_intro_point_t *intro = tor_malloc_zero(sizeof(rend_intro_point_t));
- crypto_pk_t *okey = pk_generate(2 + i);
- intro->extend_info =
- extend_info_new(NULL, NULL, NULL, NULL, NULL, NULL, 0);
- intro->extend_info->onion_key = okey;
- crypto_pk_get_digest(intro->extend_info->onion_key,
- intro->extend_info->identity_digest);
- //crypto_rand(info->identity_digest, DIGEST_LEN); /* Would this work? */
- intro->extend_info->nickname[0] = '$';
- base16_encode(intro->extend_info->nickname + 1,
- sizeof(intro->extend_info->nickname) - 1,
- intro->extend_info->identity_digest, DIGEST_LEN);
- tor_addr_t addr;
- uint16_t port;
- /* Does not cover all IP addresses. */
- tor_addr_from_ipv4h(&addr, crypto_rand_int(65536) + 1);
- port = 1 + crypto_rand_int(65535);
- extend_info_add_orport(intro->extend_info, &addr, port);
- intro->intro_key = crypto_pk_dup_key(pk2);
- smartlist_add(generated->intro_nodes, intro);
- }
- int rv = rend_encode_v2_descriptors(descs, generated, now, 0,
- REND_NO_AUTH, NULL, NULL);
- tt_int_op(rv, OP_GT, 0);
- rv = rend_compute_v2_desc_id(computed_desc_id, service_id_base32, NULL,
- now, 0);
- tt_int_op(rv, OP_EQ, 0);
- tt_mem_op(((rend_encoded_v2_service_descriptor_t *)
- smartlist_get(descs, 0))->desc_id, OP_EQ,
- computed_desc_id, DIGEST_LEN);
- rv = rend_parse_v2_service_descriptor(&parsed, parsed_desc_id,
- &intro_points_encrypted, &intro_points_size, &encoded_size,
- &next_desc,
- ((rend_encoded_v2_service_descriptor_t *)smartlist_get(descs, 0))
- ->desc_str, 1);
- tt_int_op(rv, OP_EQ, 0);
- tt_assert(parsed);
- tt_mem_op(((rend_encoded_v2_service_descriptor_t *)
- smartlist_get(descs, 0))->desc_id,OP_EQ, parsed_desc_id, DIGEST_LEN);
- tt_int_op(rend_parse_introduction_points(parsed, intro_points_encrypted,
- intro_points_size),OP_EQ, 3);
- tt_assert(!crypto_pk_cmp_keys(generated->pk, parsed->pk));
- tt_int_op(parsed->timestamp,OP_EQ, now);
- tt_int_op(parsed->version,OP_EQ, 2);
- tt_int_op(parsed->protocols,OP_EQ, 42);
- tt_int_op(smartlist_len(parsed->intro_nodes),OP_EQ, 3);
- for (i = 0; i < smartlist_len(parsed->intro_nodes); i++) {
- rend_intro_point_t *par_intro = smartlist_get(parsed->intro_nodes, i),
- *gen_intro = smartlist_get(generated->intro_nodes, i);
- extend_info_t *par_info = par_intro->extend_info;
- extend_info_t *gen_info = gen_intro->extend_info;
- tt_assert(!crypto_pk_cmp_keys(gen_info->onion_key, par_info->onion_key));
- tt_mem_op(gen_info->identity_digest,OP_EQ, par_info->identity_digest,
- DIGEST_LEN);
- tt_str_op(gen_info->nickname,OP_EQ, par_info->nickname);
- const tor_addr_port_t *a1, *a2;
- a1 = extend_info_get_orport(gen_info, AF_INET);
- a2 = extend_info_get_orport(par_info, AF_INET);
- tt_assert(a1 && a2);
- tt_assert(tor_addr_eq(&a1->addr, &a2->addr));
- tt_int_op(a2->port,OP_EQ, a2->port);
- }
-
- rend_service_descriptor_free(parsed);
- rend_service_descriptor_free(generated);
- parsed = generated = NULL;
-
- done:
- if (descs) {
- for (i = 0; i < smartlist_len(descs); i++)
- rend_encoded_v2_service_descriptor_free_(smartlist_get(descs, i));
- smartlist_free(descs);
- }
- if (parsed)
- rend_service_descriptor_free(parsed);
- if (generated)
- rend_service_descriptor_free(generated);
- if (pk1)
- crypto_pk_free(pk1);
- if (pk2)
- crypto_pk_free(pk2);
- tor_free(intro_points_encrypted);
-}
-
#define ENT(name) \
{ #name, test_ ## name , 0, NULL, NULL }
#define FORK(name) \
@@ -753,7 +626,6 @@ static struct testcase_t test_array[] = {
{ "fast_handshake", test_fast_handshake, 0, NULL, NULL },
FORK(circuit_timeout),
FORK(circuit_timeout_xm_alpha),
- FORK(rend_fns),
END_OF_TESTCASES
};
@@ -828,9 +700,7 @@ struct testgroup_t testgroups[] = {
{ "hs_ntor/", hs_ntor_tests },
{ "hs_ob/", hs_ob_tests },
{ "hs_service/", hs_service_tests },
- { "introduce/", introduce_tests },
{ "keypin/", keypin_tests },
- { "legacy_hs/", hs_tests },
{ "link-handshake/", link_handshake_tests },
{ "mainloop/", mainloop_tests },
{ "metrics/", metrics_tests },
@@ -856,7 +726,6 @@ struct testgroup_t testgroups[] = {
{ "relay/" , relay_tests },
{ "relaycell/", relaycell_tests },
{ "relaycrypt/", relaycrypt_tests },
- { "rend_cache/", rend_cache_tests },
{ "replaycache/", replaycache_tests },
{ "router/", router_tests },
{ "routerkeys/", routerkeys_tests },
diff --git a/src/test/test.h b/src/test/test.h
index 56037648d3..bdbbe25cb9 100644
--- a/src/test/test.h
+++ b/src/test/test.h
@@ -145,8 +145,6 @@ extern struct testcase_t hs_metrics_tests[];
extern struct testcase_t hs_ntor_tests[];
extern struct testcase_t hs_ob_tests[];
extern struct testcase_t hs_service_tests[];
-extern struct testcase_t hs_tests[];
-extern struct testcase_t introduce_tests[];
extern struct testcase_t keypin_tests[];
extern struct testcase_t link_handshake_tests[];
extern struct testcase_t logging_tests[];
@@ -179,7 +177,6 @@ extern struct testcase_t pubsub_msg_tests[];
extern struct testcase_t relay_tests[];
extern struct testcase_t relaycell_tests[];
extern struct testcase_t relaycrypt_tests[];
-extern struct testcase_t rend_cache_tests[];
extern struct testcase_t replaycache_tests[];
extern struct testcase_t router_tests[];
extern struct testcase_t routerkeys_tests[];
diff --git a/src/test/test_config.c b/src/test/test_config.c
index 5bca3e04fc..710336cb28 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -41,7 +41,6 @@
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "core/or/policies.h"
-#include "feature/rend/rendservice.h"
#include "feature/relay/relay_find_addr.h"
#include "feature/relay/router.h"
#include "feature/relay/routermode.h"
diff --git a/src/test/test_connection.c b/src/test/test_connection.c
index cf5626ead7..2ebe9afbe2 100644
--- a/src/test/test_connection.c
+++ b/src/test/test_connection.c
@@ -19,7 +19,6 @@
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/networkstatus.h"
-#include "feature/rend/rendcache.h"
#include "feature/dircommon/directory.h"
#include "core/or/connection_or.h"
#include "lib/net/resolve.h"
@@ -38,10 +37,6 @@ static void * test_conn_get_basic_setup(const struct testcase_t *tc);
static int test_conn_get_basic_teardown(const struct testcase_t *tc,
void *arg);
-static void * test_conn_get_rend_setup(const struct testcase_t *tc);
-static int test_conn_get_rend_teardown(const struct testcase_t *tc,
- void *arg);
-
static void * test_conn_get_rsrc_setup(const struct testcase_t *tc);
static int test_conn_get_rsrc_teardown(const struct testcase_t *tc,
void *arg);
@@ -179,52 +174,6 @@ test_conn_get_basic_teardown(const struct testcase_t *tc, void *arg)
return 0;
}
-static void *
-test_conn_get_rend_setup(const struct testcase_t *tc)
-{
- dir_connection_t *conn = DOWNCAST(dir_connection_t,
- test_conn_get_connection(
- TEST_CONN_STATE,
- TEST_CONN_TYPE,
- TEST_CONN_REND_PURPOSE));
- tt_assert(conn);
- assert_connection_ok(&conn->base_, time(NULL));
-
- rend_cache_init();
-
- /* TODO: use directory_initiate_request() to do this - maybe? */
- tor_assert(strlen(TEST_CONN_REND_ADDR) == REND_SERVICE_ID_LEN_BASE32);
- conn->rend_data = rend_data_client_create(TEST_CONN_REND_ADDR, NULL, NULL,
- REND_NO_AUTH);
- assert_connection_ok(&conn->base_, time(NULL));
- return conn;
-
- /* On failure */
- done:
- test_conn_get_rend_teardown(tc, conn);
- /* Returning NULL causes the unit test to fail */
- return NULL;
-}
-
-static int
-test_conn_get_rend_teardown(const struct testcase_t *tc, void *arg)
-{
- dir_connection_t *conn = DOWNCAST(dir_connection_t, arg);
- int rv = 0;
-
- tt_assert(conn);
- assert_connection_ok(&conn->base_, time(NULL));
-
- /* avoid a last-ditch attempt to refetch the descriptor */
- conn->base_.purpose = TEST_CONN_REND_PURPOSE_SUCCESSFUL;
-
- /* connection_free_() cleans up rend_data */
- rv = test_conn_get_basic_teardown(tc, arg);
- done:
- rend_cache_free_all();
- return rv;
-}
-
static dir_connection_t *
test_conn_download_status_add_a_connection(const char *resource)
{
@@ -369,10 +318,6 @@ static struct testcase_setup_t test_conn_get_basic_st = {
test_conn_get_basic_setup, test_conn_get_basic_teardown
};
-static struct testcase_setup_t test_conn_get_rend_st = {
- test_conn_get_rend_setup, test_conn_get_rend_teardown
-};
-
static struct testcase_setup_t test_conn_get_rsrc_st = {
test_conn_get_rsrc_setup, test_conn_get_rsrc_teardown
};
@@ -489,37 +434,6 @@ test_conn_get_basic(void *arg)
;
}
-static void
-test_conn_get_rend(void *arg)
-{
- dir_connection_t *conn = DOWNCAST(dir_connection_t, arg);
- tt_assert(conn);
- assert_connection_ok(&conn->base_, time(NULL));
-
- tt_assert(connection_get_by_type_state_rendquery(
- conn->base_.type,
- conn->base_.state,
- rend_data_get_address(
- conn->rend_data))
- == TO_CONN(conn));
- tt_assert(connection_get_by_type_state_rendquery(
- TEST_CONN_TYPE,
- TEST_CONN_STATE,
- TEST_CONN_REND_ADDR)
- == TO_CONN(conn));
- tt_assert(connection_get_by_type_state_rendquery(TEST_CONN_REND_TYPE_2,
- !conn->base_.state,
- "")
- == NULL);
- tt_assert(connection_get_by_type_state_rendquery(TEST_CONN_REND_TYPE_2,
- !TEST_CONN_STATE,
- TEST_CONN_REND_ADDR_2)
- == NULL);
-
- done:
- ;
-}
-
#define sl_is_conn_assert(sl_input, conn) \
do { \
the_sl = (sl_input); \
@@ -1091,7 +1005,6 @@ static const unsigned int PROXY_HAPROXY_ARG = PROXY_HAPROXY;
struct testcase_t connection_tests[] = {
CONNECTION_TESTCASE(get_basic, TT_FORK, test_conn_get_basic_st),
- CONNECTION_TESTCASE(get_rend, TT_FORK, test_conn_get_rend_st),
CONNECTION_TESTCASE(get_rsrc, TT_FORK, test_conn_get_rsrc_st),
CONNECTION_TESTCASE_ARG(download_status, TT_FORK,
diff --git a/src/test/test_controller.c b/src/test/test_controller.c
index 0745651aca..4737a35939 100644
--- a/src/test/test_controller.c
+++ b/src/test/test_controller.c
@@ -16,7 +16,6 @@
#include "feature/dircache/dirserv.h"
#include "feature/hs/hs_common.h"
#include "feature/nodelist/networkstatus.h"
-#include "feature/rend/rendservice.h"
#include "feature/nodelist/authcert.h"
#include "feature/nodelist/nodelist.h"
#include "feature/stats/rephist.h"
@@ -316,110 +315,6 @@ test_add_onion_helper_keyarg_v3(void *arg)
UNMOCK(control_write_reply);
}
-static void
-test_add_onion_helper_keyarg_v2(void *arg)
-{
- int ret, hs_version;
- add_onion_secret_key_t pk;
- crypto_pk_t *pk1 = NULL;
- const char *key_new_alg = NULL;
- char *key_new_blob = NULL;
- char *encoded = NULL;
- char *arg_str = NULL;
-
- (void) arg;
- MOCK(control_write_reply, mock_control_write_reply);
-
- memset(&pk, 0, sizeof(pk));
-
- /* Test explicit RSA1024 key generation. */
- tor_free(reply_str);
- ret = add_onion_helper_keyarg("NEW:RSA1024", 0, &key_new_alg, &key_new_blob,
- &pk, &hs_version, NULL);
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO);
- tt_assert(pk.v2);
- tt_str_op(key_new_alg, OP_EQ, "RSA1024");
- tt_assert(key_new_blob);
- tt_ptr_op(reply_str, OP_EQ, NULL);
-
- /* Test discarding the private key. */
- crypto_pk_free(pk.v2); pk.v2 = NULL;
- tor_free(key_new_blob);
- ret = add_onion_helper_keyarg("NEW:RSA1024", 1, &key_new_alg, &key_new_blob,
- &pk, &hs_version, NULL);
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO);
- tt_assert(pk.v2);
- tt_ptr_op(key_new_alg, OP_EQ, NULL);
- tt_ptr_op(key_new_blob, OP_EQ, NULL);
- tt_ptr_op(reply_str, OP_EQ, NULL);
-
- /* Test generating a invalid key type. */
- crypto_pk_free(pk.v2); pk.v2 = NULL;
- ret = add_onion_helper_keyarg("NEW:RSA512", 0, &key_new_alg, &key_new_blob,
- &pk, &hs_version, NULL);
- tt_int_op(ret, OP_EQ, -1);
- tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO);
- tt_assert(!pk.v2);
- tt_ptr_op(key_new_alg, OP_EQ, NULL);
- tt_ptr_op(key_new_blob, OP_EQ, NULL);
- tt_assert(reply_str);
-
- /* Test loading a RSA1024 key. */
- tor_free(reply_str);
- pk1 = pk_generate(0);
- tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
- tor_asprintf(&arg_str, "RSA1024:%s", encoded);
- ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
- &pk, &hs_version, NULL);
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO);
- tt_assert(pk.v2);
- tt_ptr_op(key_new_alg, OP_EQ, NULL);
- tt_ptr_op(key_new_blob, OP_EQ, NULL);
- tt_ptr_op(reply_str, OP_EQ, NULL);
- tt_int_op(crypto_pk_cmp_keys(pk1, pk.v2), OP_EQ, 0);
-
- /* Test loading a invalid key type. */
- tor_free(arg_str);
- crypto_pk_free(pk1); pk1 = NULL;
- crypto_pk_free(pk.v2); pk.v2 = NULL;
- tor_asprintf(&arg_str, "RSA512:%s", encoded);
- ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
- &pk, &hs_version, NULL);
- tt_int_op(ret, OP_EQ, -1);
- tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO);
- tt_assert(!pk.v2);
- tt_ptr_op(key_new_alg, OP_EQ, NULL);
- tt_ptr_op(key_new_blob, OP_EQ, NULL);
- tt_assert(reply_str);
-
- /* Test loading a invalid key. */
- tor_free(arg_str);
- crypto_pk_free(pk.v2); pk.v2 = NULL;
- tor_free(reply_str);
- encoded[strlen(encoded)/2] = '\0';
- tor_asprintf(&arg_str, "RSA1024:%s", encoded);
- ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
- &pk, &hs_version, NULL);
- tt_int_op(ret, OP_EQ, -1);
- tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO);
- tt_assert(!pk.v2);
- tt_ptr_op(key_new_alg, OP_EQ, NULL);
- tt_ptr_op(key_new_blob, OP_EQ, NULL);
- tt_assert(reply_str);
-
- done:
- crypto_pk_free(pk1);
- crypto_pk_free(pk.v2);
- tor_free(key_new_blob);
- tor_free(reply_str);
- tor_free(encoded);
- tor_free(arg_str);
- UNMOCK(control_write_reply);
-}
-
static void
test_getinfo_helper_onion(void *arg)
{
@@ -567,58 +462,6 @@ test_hs_parse_port_config(void *arg)
tor_free(err_msg);
}
-static void
-test_add_onion_helper_clientauth(void *arg)
-{
- rend_authorized_client_t *client = NULL;
- int created = 0;
-
- (void)arg;
-
- MOCK(control_write_reply, mock_control_write_reply);
- /* Test "ClientName" only. */
- tor_free(reply_str);
- client = add_onion_helper_clientauth("alice", &created, NULL);
- tt_assert(client);
- tt_assert(created);
- tt_ptr_op(reply_str, OP_EQ, NULL);
- rend_authorized_client_free(client);
-
- /* Test "ClientName:Blob" */
- tor_free(reply_str);
- client = add_onion_helper_clientauth("alice:475hGBHPlq7Mc0cRZitK/B",
- &created, NULL);
- tt_assert(client);
- tt_assert(!created);
- tt_ptr_op(reply_str, OP_EQ, NULL);
- rend_authorized_client_free(client);
-
- /* Test invalid client names */
- tor_free(reply_str);
- client = add_onion_helper_clientauth("no*asterisks*allowed", &created,
- NULL);
- tt_ptr_op(client, OP_EQ, NULL);
- tt_assert(reply_str);
-
- /* Test invalid auth cookie */
- tor_free(reply_str);
- client = add_onion_helper_clientauth("alice:12345", &created, NULL);
- tt_ptr_op(client, OP_EQ, NULL);
- tt_assert(reply_str);
-
- /* Test invalid syntax */
- tor_free(reply_str);
- client = add_onion_helper_clientauth(":475hGBHPlq7Mc0cRZitK/B", &created,
- NULL);
- tt_ptr_op(client, OP_EQ, NULL);
- tt_assert(reply_str);
-
- done:
- rend_authorized_client_free(client);
- tor_free(reply_str);
- UNMOCK(control_write_reply);
-}
-
/* Mocks and data/variables used for GETINFO download status tests */
static const download_status_t dl_status_default =
@@ -2209,15 +2052,11 @@ struct testcase_t controller_tests[] = {
PARSER_TEST(no_args_one_obj),
PARSER_TEST(no_args_kwargs),
PARSER_TEST(one_arg_kwargs),
- { "add_onion_helper_keyarg_v2", test_add_onion_helper_keyarg_v2, 0,
- NULL, NULL },
{ "add_onion_helper_keyarg_v3", test_add_onion_helper_keyarg_v3, 0,
NULL, NULL },
{ "getinfo_helper_onion", test_getinfo_helper_onion, 0, NULL, NULL },
{ "hs_parse_port_config", test_hs_parse_port_config, 0,
NULL, NULL },
- { "add_onion_helper_clientauth", test_add_onion_helper_clientauth, 0, NULL,
- NULL },
{ "download_status_consensus", test_download_status_consensus, 0, NULL,
NULL },
{"getinfo_helper_current_consensus_from_cache",
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index d62dd3fb9e..bb2bc6ad21 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -4848,9 +4848,6 @@ test_dir_purpose_needs_anonymity_returns_true_for_bridges(void *arg)
tt_int_op(1, OP_EQ, purpose_needs_anonymity(0, ROUTER_PURPOSE_BRIDGE, NULL));
tt_int_op(1, OP_EQ, purpose_needs_anonymity(0, ROUTER_PURPOSE_BRIDGE,
"foobar"));
- tt_int_op(1, OP_EQ,
- purpose_needs_anonymity(DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2,
- ROUTER_PURPOSE_BRIDGE, NULL));
done: ;
}
@@ -4864,21 +4861,6 @@ test_dir_purpose_needs_anonymity_returns_false_for_own_bridge_desc(void *arg)
done: ;
}
-static void
-test_dir_purpose_needs_anonymity_returns_true_for_sensitive_purpose(void *arg)
-{
- (void)arg;
-
- tt_int_op(1, OP_EQ, purpose_needs_anonymity(
- DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2,
- ROUTER_PURPOSE_GENERAL, NULL));
- tt_int_op(1, OP_EQ, purpose_needs_anonymity(
- DIR_PURPOSE_UPLOAD_RENDDESC_V2, 0, NULL));
- tt_int_op(1, OP_EQ, purpose_needs_anonymity(
- DIR_PURPOSE_FETCH_RENDDESC_V2, 0, NULL));
- done: ;
-}
-
static void
test_dir_purpose_needs_anonymity_ret_false_for_non_sensitive_conn(void *arg)
{
@@ -4937,12 +4919,6 @@ test_dir_fetch_type(void *arg)
tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_MICRODESC, ROUTER_PURPOSE_GENERAL,
NULL), OP_EQ, MICRODESC_DIRINFO);
- /* This will give a warning, because this function isn't supposed to be
- * used for HS descriptors. */
- setup_full_capture_of_logs(LOG_WARN);
- tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_RENDDESC_V2,
- ROUTER_PURPOSE_GENERAL, NULL), OP_EQ, NO_DIRINFO);
- expect_single_log_msg_containing("Unexpected purpose");
done:
teardown_capture_of_logs();
}
@@ -5300,10 +5276,6 @@ test_dir_conn_purpose_to_string(void *data)
EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_STATUS_VOTE, "status vote fetch");
EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_DETACHED_SIGNATURES,
"consensus signature fetch");
- EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_RENDDESC_V2,
- "hidden-service v2 descriptor fetch");
- EXPECT_CONN_PURPOSE(DIR_PURPOSE_UPLOAD_RENDDESC_V2,
- "hidden-service v2 descriptor upload");
EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_MICRODESC, "microdescriptor fetch");
/* This will give a warning, because there is no purpose 1024. */
@@ -7311,7 +7283,6 @@ struct testcase_t dir_tests[] = {
DIR(purpose_needs_anonymity_returns_true_for_bridges, 0),
DIR(purpose_needs_anonymity_returns_false_for_own_bridge_desc, 0),
DIR(purpose_needs_anonymity_returns_true_by_default, 0),
- DIR(purpose_needs_anonymity_returns_true_for_sensitive_purpose, 0),
DIR(purpose_needs_anonymity_ret_false_for_non_sensitive_conn, 0),
DIR(post_parsing, 0),
DIR(fetch_type, 0),
diff --git a/src/test/test_dir_handle_get.c b/src/test/test_dir_handle_get.c
index 28f07efbe8..06ab309362 100644
--- a/src/test/test_dir_handle_get.c
+++ b/src/test/test_dir_handle_get.c
@@ -18,14 +18,11 @@
#include "feature/dircache/dircache.h"
#include "test/test.h"
#include "lib/compress/compress.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendcache.h"
#include "feature/relay/relay_config.h"
#include "feature/relay/router.h"
#include "feature/nodelist/authcert.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/routerlist.h"
-#include "test/rend_test_helpers.h"
#include "feature/nodelist/microdesc.h"
#include "test/test_helpers.h"
#include "feature/nodelist/nodelist.h"
@@ -44,7 +41,6 @@
#include "feature/dircommon/dir_connection_st.h"
#include "feature/dirclient/dir_server_st.h"
#include "feature/nodelist/networkstatus_st.h"
-#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerlist_st.h"
@@ -261,125 +257,6 @@ test_dir_handle_get_robots_txt(void *data)
tor_free(body);
}
-#define RENDEZVOUS2_GET(descid) GET("/tor/rendezvous2/" descid)
-static void
-test_dir_handle_get_rendezvous2_not_found_if_not_encrypted(void *data)
-{
- dir_connection_t *conn = NULL;
- char *header = NULL;
- (void) data;
-
- MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
-
- conn = new_dir_conn();
-
- // connection is not encrypted
- tt_assert(!connection_dir_is_encrypted(conn));
-
- tt_int_op(directory_handle_command_get(conn, RENDEZVOUS2_GET(), NULL, 0),
- OP_EQ, 0);
- fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
- NULL, NULL, 1, 0);
-
- tt_str_op(NOT_FOUND, OP_EQ, header);
-
- done:
- UNMOCK(connection_write_to_buf_impl_);
- connection_free_minimal(TO_CONN(conn));
- tor_free(header);
-}
-
-static void
-test_dir_handle_get_rendezvous2_on_encrypted_conn_with_invalid_desc_id(
- void *data)
-{
- dir_connection_t *conn = NULL;
- char *header = NULL;
- (void) data;
-
- MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
- conn = new_dir_conn();
-
- // connection is encrypted
- TO_CONN(conn)->linked = 1;
- tt_assert(connection_dir_is_encrypted(conn));
-
- tt_int_op(directory_handle_command_get(conn,
- RENDEZVOUS2_GET("invalid-desc-id"), NULL, 0), OP_EQ, 0);
- fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
- NULL, NULL, 1, 0);
-
- tt_str_op(header, OP_EQ, BAD_REQUEST);
-
- done:
- UNMOCK(connection_write_to_buf_impl_);
- connection_free_minimal(TO_CONN(conn));
- tor_free(header);
-}
-
-static void
-test_dir_handle_get_rendezvous2_on_encrypted_conn_not_well_formed(void *data)
-{
- dir_connection_t *conn = NULL;
- char *header = NULL;
- (void) data;
-
- MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
- conn = new_dir_conn();
-
- // connection is encrypted
- TO_CONN(conn)->linked = 1;
- tt_assert(connection_dir_is_encrypted(conn));
-
- //TODO: this can't be reached because rend_valid_descriptor_id() prevents
- //this case to happen. This test is the same as
- //test_dir_handle_get_rendezvous2_on_encrypted_conn_with_invalid_desc_id We
- //should refactor to remove the case from the switch.
-
- const char *req = RENDEZVOUS2_GET("1bababababababababababababababab");
- tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
-
- fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
- NULL, NULL, 1, 0);
-
- tt_str_op(header, OP_EQ, BAD_REQUEST);
-
- done:
- UNMOCK(connection_write_to_buf_impl_);
- connection_free_minimal(TO_CONN(conn));
- tor_free(header);
-}
-
-static void
-test_dir_handle_get_rendezvous2_not_found(void *data)
-{
- dir_connection_t *conn = NULL;
- char *header = NULL;
- (void) data;
-
- MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
- conn = new_dir_conn();
-
- rend_cache_init();
-
- // connection is encrypted
- TO_CONN(conn)->linked = 1;
- tt_assert(connection_dir_is_encrypted(conn));
-
- const char *req = RENDEZVOUS2_GET("3xqunszqnaolrrfmtzgaki7mxelgvkje");
- tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
- fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
- NULL, NULL, 1, 0);
-
- tt_str_op(NOT_FOUND, OP_EQ, header);
-
- done:
- UNMOCK(connection_write_to_buf_impl_);
- connection_free_minimal(TO_CONN(conn));
- tor_free(header);
- rend_cache_free_all();
-}
-
static const routerinfo_t * dhg_tests_router_get_my_routerinfo(void);
ATTR_UNUSED static int dhg_tests_router_get_my_routerinfo_called = 0;
@@ -395,76 +272,6 @@ dhg_tests_router_get_my_routerinfo(void)
return mock_routerinfo;
}
-static void
-test_dir_handle_get_rendezvous2_on_encrypted_conn_success(void *data)
-{
- dir_connection_t *conn = NULL;
- char *header = NULL;
- char *body = NULL;
- size_t body_used = 0;
- char buff[30];
- char req[70];
- rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
- char *service_id = NULL;
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- size_t body_len = 0;
- (void) data;
-
- MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
- MOCK(router_get_my_routerinfo,
- dhg_tests_router_get_my_routerinfo);
-
- rend_cache_init();
-
- /* create a valid rend service descriptor */
- #define RECENT_TIME -10
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
-
- tt_int_op(rend_cache_store_v2_desc_as_dir(desc_holder->desc_str),
- OP_EQ, 0);
-
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
-
- conn = new_dir_conn();
-
- // connection is encrypted
- TO_CONN(conn)->linked = 1;
- tt_assert(connection_dir_is_encrypted(conn));
-
- tor_snprintf(req, sizeof(req), RENDEZVOUS2_GET("%s"), desc_id_base32);
-
- tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
-
- body_len = strlen(desc_holder->desc_str);
- fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
- &body, &body_used, body_len+1, 0);
-
- tt_assert(header);
- tt_assert(body);
-
- tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
- tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
- tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
- tt_assert(strstr(header, "Pragma: no-cache\r\n"));
- tor_snprintf(buff, sizeof(buff), "Content-Length: %ld\r\n", (long) body_len);
- tt_assert(strstr(header, buff));
-
- tt_int_op(body_used, OP_EQ, strlen(body));
- tt_str_op(body, OP_EQ, desc_holder->desc_str);
-
- done:
- UNMOCK(connection_write_to_buf_impl_);
- UNMOCK(router_get_my_routerinfo);
-
- connection_free_minimal(TO_CONN(conn));
- tor_free(header);
- tor_free(body);
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_cache_free_all();
-}
-
#define MICRODESC_GET(digest) GET("/tor/micro/d/" digest)
static void
test_dir_handle_get_micro_d_not_found(void *data)
@@ -2934,11 +2741,6 @@ struct testcase_t dir_handle_get_tests[] = {
DIR_HANDLE_CMD(v1_command_not_found, 0),
DIR_HANDLE_CMD(v1_command, 0),
DIR_HANDLE_CMD(robots_txt, 0),
- DIR_HANDLE_CMD(rendezvous2_not_found_if_not_encrypted, 0),
- DIR_HANDLE_CMD(rendezvous2_not_found, 0),
- DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_with_invalid_desc_id, 0),
- DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_not_well_formed, 0),
- DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_success, 0),
DIR_HANDLE_CMD(micro_d_not_found, 0),
DIR_HANDLE_CMD(micro_d_server_busy, 0),
DIR_HANDLE_CMD(micro_d, 0),
diff --git a/src/test/test_entryconn.c b/src/test/test_entryconn.c
index 11840b2c4f..d426934882 100644
--- a/src/test/test_entryconn.c
+++ b/src/test/test_entryconn.c
@@ -17,7 +17,6 @@
#include "feature/nodelist/nodelist.h"
#include "feature/hs/hs_cache.h"
-#include "feature/rend/rendcache.h"
#include "core/or/entry_connection_st.h"
#include "core/or/socks_request_st.h"
@@ -748,7 +747,6 @@ test_entryconn_rewrite_onion_v3(void *arg)
/* Make an onion connection using the SOCKS request */
conn->entry_cfg.onion_traffic = 1;
ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_SOCKS_WAIT;
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
tt_assert(!ENTRY_TO_EDGE_CONN(conn)->hs_ident);
/* Handle SOCKS and rewrite! */
@@ -763,7 +761,6 @@ test_entryconn_rewrite_onion_v3(void *arg)
"25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid");
/* check that HS information got attached to the connection */
tt_assert(ENTRY_TO_EDGE_CONN(conn)->hs_ident);
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
done:
hs_free_all();
diff --git a/src/test/test_hs.c b/src/test/test_hs.c
deleted file mode 100644
index 42e663330a..0000000000
--- a/src/test/test_hs.c
+++ /dev/null
@@ -1,1003 +0,0 @@
-/* Copyright (c) 2007-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file test_hs.c
- * \brief Unit tests for hidden service.
- **/
-
-#define CONTROL_EVENTS_PRIVATE
-#define CIRCUITBUILD_PRIVATE
-#define RENDCOMMON_PRIVATE
-#define RENDSERVICE_PRIVATE
-#define HS_SERVICE_PRIVATE
-
-#include "core/or/or.h"
-#include "test/test.h"
-#include "feature/control/control.h"
-#include "feature/control/control_events.h"
-#include "feature/control/control_fmt.h"
-#include "app/config/config.h"
-#include "feature/hs/hs_common.h"
-#include "feature/rend/rendcommon.h"
-#include "feature/rend/rendservice.h"
-#include "feature/nodelist/routerlist.h"
-#include "feature/nodelist/routerset.h"
-#include "core/or/circuitbuild.h"
-
-#include "feature/nodelist/node_st.h"
-#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
-#include "feature/rend/rend_intro_point_st.h"
-#include "feature/nodelist/routerinfo_st.h"
-
-#include "test/test_helpers.h"
-
-#ifdef HAVE_UNISTD_H
-#include
-#endif
-
-/* mock ID digest and longname for node that's in nodelist */
-#define HSDIR_EXIST_ID "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" \
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-#define STR_HSDIR_EXIST_LONGNAME \
- "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=TestDir"
-/* mock ID digest and longname for node that's not in nodelist */
-#define HSDIR_NONE_EXIST_ID "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB" \
- "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB"
-#define STR_HSDIR_NONE_EXIST_LONGNAME \
- "$BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
-
-/* DuckDuckGo descriptor as an example. This one has extra "\r" at the end so
- * the control port is happy. */
-static const char *hs_desc_content_control = "\
-rendezvous-service-descriptor g5ojobzupf275beh5ra72uyhb3dkpxwg\r\n\
-version 2\r\n\
-permanent-key\r\n\
------BEGIN RSA PUBLIC KEY-----\r\n\
-MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE\r\n\
-aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg\r\n\
-I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=\r\n\
------END RSA PUBLIC KEY-----\r\n\
-secret-id-part anmjoxxwiupreyajjt5yasimfmwcnxlf\r\n\
-publication-time 2015-03-11 19:00:00\r\n\
-protocol-versions 2,3\r\n\
-introduction-points\r\n\
------BEGIN MESSAGE-----\r\n\
-aW50cm9kdWN0aW9uLXBvaW50IDd1bnd4cmg2dG5kNGh6eWt1Z3EzaGZzdHduc2ll\r\n\
-cmhyCmlwLWFkZHJlc3MgMTg4LjEzOC4xMjEuMTE4Cm9uaW9uLXBvcnQgOTAwMQpv\r\n\
-bmlvbi1rZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dC\r\n\
-QUxGRVVyeVpDbk9ROEhURmV5cDVjMTRObWVqL1BhekFLTTBxRENTNElKUWh0Y3g1\r\n\
-NXpRSFdOVWIKQ2hHZ0JqR1RjV3ZGRnA0N3FkdGF6WUZhVXE2c0lQKzVqeWZ5b0Q4\r\n\
-UmJ1bzBwQmFWclJjMmNhYUptWWM0RDh6Vgpuby9sZnhzOVVaQnZ1cWY4eHIrMDB2\r\n\
-S0JJNmFSMlA2OE1WeDhrMExqcUpUU2RKOE9idm9yQWdNQkFBRT0KLS0tLS1FTkQg\r\n\
-UlNBIFBVQkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQ\r\n\
-VUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTnJHb0ozeTlHNXQzN2F2ekI1cTlwN1hG\r\n\
-VUplRUVYMUNOaExnWmJXWGJhVk5OcXpoZFhyL0xTUQppM1Z6dW5OaUs3cndUVnE2\r\n\
-K2QyZ1lRckhMMmIvMXBBY3ZKWjJiNSs0bTRRc0NibFpjRENXTktRbHJnRWN5WXRJ\r\n\
-CkdscXJTbFFEaXA0ZnNrUFMvNDVkWTI0QmJsQ3NGU1k3RzVLVkxJck4zZFpGbmJr\r\n\
-NEZIS1hBZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJv\r\n\
-ZHVjdGlvbi1wb2ludCBiNGM3enlxNXNheGZzN2prNXFibG1wN3I1b3pwdHRvagpp\r\n\
-cC1hZGRyZXNzIDEwOS4xNjkuNDUuMjI2Cm9uaW9uLXBvcnQgOTAwMQpvbmlvbi1r\r\n\
-ZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dCQU8xSXpw\r\n\
-WFFUTUY3RXZUb1NEUXpzVnZiRVFRQUQrcGZ6NzczMVRXZzVaUEJZY1EyUkRaeVp4\r\n\
-OEQKNUVQSU1FeUE1RE83cGd0ak5LaXJvYXJGMC8yempjMkRXTUlSaXZyU29YUWVZ\r\n\
-ZXlMM1pzKzFIajJhMDlCdkYxZAp6MEswblRFdVhoNVR5V3lyMHdsbGI1SFBnTlI0\r\n\
-MS9oYkprZzkwZitPVCtIeGhKL1duUml2QWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBV\r\n\
-QkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQVUJMSUMg\r\n\
-S0VZLS0tLS0KTUlHSkFvR0JBSzNWZEJ2ajFtQllLL3JrcHNwcm9Ub0llNUtHVmth\r\n\
-QkxvMW1tK1I2YUVJek1VZFE1SjkwNGtyRwpCd3k5NC8rV0lGNFpGYXh5Z2phejl1\r\n\
-N2pKY1k3ZGJhd1pFeG1hYXFCRlRwL2h2ZG9rcHQ4a1ByRVk4OTJPRHJ1CmJORUox\r\n\
-N1FPSmVMTVZZZk5Kcjl4TWZCQ3JQai8zOGh2RUdrbWVRNmRVWElvbVFNaUJGOVRB\r\n\
-Z01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJvZHVjdGlv\r\n\
-bi1wb2ludCBhdjVtcWl0Y2Q3cjJkandsYmN0c2Jlc2R3eGt0ZWtvegppcC1hZGRy\r\n\
-ZXNzIDE0NC43Ni44LjczCm9uaW9uLXBvcnQgNDQzCm9uaW9uLWtleQotLS0tLUJF\r\n\
-R0lOIFJTQSBQVUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTzVweVZzQmpZQmNmMXBE\r\n\
-dklHUlpmWXUzQ05nNldka0ZLMGlvdTBXTGZtejZRVDN0NWhzd3cyVwpjejlHMXhx\r\n\
-MmN0Nkd6VWkrNnVkTDlITTRVOUdHTi9BbW8wRG9GV1hKWHpBQkFXd2YyMVdsd1lW\r\n\
-eFJQMHRydi9WCkN6UDkzcHc5OG5vSmdGUGRUZ05iMjdKYmVUZENLVFBrTEtscXFt\r\n\
-b3NveUN2RitRa25vUS9BZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0t\r\n\
-LS0tCnNlcnZpY2Uta2V5Ci0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLQpN\r\n\
-SUdKQW9HQkFMVjNKSmtWN3lTNU9jc1lHMHNFYzFQOTVRclFRR3ZzbGJ6Wi9zRGxl\r\n\
-RlpKYXFSOUYvYjRUVERNClNGcFMxcU1GbldkZDgxVmRGMEdYRmN2WVpLamRJdHU2\r\n\
-SndBaTRJeEhxeXZtdTRKdUxrcXNaTEFLaXRLVkx4eGsKeERlMjlDNzRWMmJrOTRJ\r\n\
-MEgybTNKS2tzTHVwc3VxWWRVUmhOVXN0SElKZmgyZmNIalF0bEFnTUJBQUU9Ci0t\r\n\
-LS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0KCg==\r\n\
------END MESSAGE-----\r\n\
-signature\r\n\
------BEGIN SIGNATURE-----\r\n\
-d4OuCE5OLAOnRB6cQN6WyMEmg/BHem144Vec+eYgeWoKwx3MxXFplUjFxgnMlmwN\r\n\
-PcftsZf2ztN0sbNCtPgDL3d0PqvxY3iHTQAI8EbaGq/IAJUZ8U4y963dD5+Bn6JQ\r\n\
-myE3ctmh0vy5+QxSiRjmQBkuEpCyks7LvWvHYrhnmcg=\r\n\
------END SIGNATURE-----";
-
-/* DuckDuckGo descriptor as an example. */
-static const char *hs_desc_content = "\
-rendezvous-service-descriptor g5ojobzupf275beh5ra72uyhb3dkpxwg\n\
-version 2\n\
-permanent-key\n\
------BEGIN RSA PUBLIC KEY-----\n\
-MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE\n\
-aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg\n\
-I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=\n\
------END RSA PUBLIC KEY-----\n\
-secret-id-part anmjoxxwiupreyajjt5yasimfmwcnxlf\n\
-publication-time 2015-03-11 19:00:00\n\
-protocol-versions 2,3\n\
-introduction-points\n\
------BEGIN MESSAGE-----\n\
-aW50cm9kdWN0aW9uLXBvaW50IDd1bnd4cmg2dG5kNGh6eWt1Z3EzaGZzdHduc2ll\n\
-cmhyCmlwLWFkZHJlc3MgMTg4LjEzOC4xMjEuMTE4Cm9uaW9uLXBvcnQgOTAwMQpv\n\
-bmlvbi1rZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dC\n\
-QUxGRVVyeVpDbk9ROEhURmV5cDVjMTRObWVqL1BhekFLTTBxRENTNElKUWh0Y3g1\n\
-NXpRSFdOVWIKQ2hHZ0JqR1RjV3ZGRnA0N3FkdGF6WUZhVXE2c0lQKzVqeWZ5b0Q4\n\
-UmJ1bzBwQmFWclJjMmNhYUptWWM0RDh6Vgpuby9sZnhzOVVaQnZ1cWY4eHIrMDB2\n\
-S0JJNmFSMlA2OE1WeDhrMExqcUpUU2RKOE9idm9yQWdNQkFBRT0KLS0tLS1FTkQg\n\
-UlNBIFBVQkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQ\n\
-VUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTnJHb0ozeTlHNXQzN2F2ekI1cTlwN1hG\n\
-VUplRUVYMUNOaExnWmJXWGJhVk5OcXpoZFhyL0xTUQppM1Z6dW5OaUs3cndUVnE2\n\
-K2QyZ1lRckhMMmIvMXBBY3ZKWjJiNSs0bTRRc0NibFpjRENXTktRbHJnRWN5WXRJ\n\
-CkdscXJTbFFEaXA0ZnNrUFMvNDVkWTI0QmJsQ3NGU1k3RzVLVkxJck4zZFpGbmJr\n\
-NEZIS1hBZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJv\n\
-ZHVjdGlvbi1wb2ludCBiNGM3enlxNXNheGZzN2prNXFibG1wN3I1b3pwdHRvagpp\n\
-cC1hZGRyZXNzIDEwOS4xNjkuNDUuMjI2Cm9uaW9uLXBvcnQgOTAwMQpvbmlvbi1r\n\
-ZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dCQU8xSXpw\n\
-WFFUTUY3RXZUb1NEUXpzVnZiRVFRQUQrcGZ6NzczMVRXZzVaUEJZY1EyUkRaeVp4\n\
-OEQKNUVQSU1FeUE1RE83cGd0ak5LaXJvYXJGMC8yempjMkRXTUlSaXZyU29YUWVZ\n\
-ZXlMM1pzKzFIajJhMDlCdkYxZAp6MEswblRFdVhoNVR5V3lyMHdsbGI1SFBnTlI0\n\
-MS9oYkprZzkwZitPVCtIeGhKL1duUml2QWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBV\n\
-QkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQVUJMSUMg\n\
-S0VZLS0tLS0KTUlHSkFvR0JBSzNWZEJ2ajFtQllLL3JrcHNwcm9Ub0llNUtHVmth\n\
-QkxvMW1tK1I2YUVJek1VZFE1SjkwNGtyRwpCd3k5NC8rV0lGNFpGYXh5Z2phejl1\n\
-N2pKY1k3ZGJhd1pFeG1hYXFCRlRwL2h2ZG9rcHQ4a1ByRVk4OTJPRHJ1CmJORUox\n\
-N1FPSmVMTVZZZk5Kcjl4TWZCQ3JQai8zOGh2RUdrbWVRNmRVWElvbVFNaUJGOVRB\n\
-Z01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJvZHVjdGlv\n\
-bi1wb2ludCBhdjVtcWl0Y2Q3cjJkandsYmN0c2Jlc2R3eGt0ZWtvegppcC1hZGRy\n\
-ZXNzIDE0NC43Ni44LjczCm9uaW9uLXBvcnQgNDQzCm9uaW9uLWtleQotLS0tLUJF\n\
-R0lOIFJTQSBQVUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTzVweVZzQmpZQmNmMXBE\n\
-dklHUlpmWXUzQ05nNldka0ZLMGlvdTBXTGZtejZRVDN0NWhzd3cyVwpjejlHMXhx\n\
-MmN0Nkd6VWkrNnVkTDlITTRVOUdHTi9BbW8wRG9GV1hKWHpBQkFXd2YyMVdsd1lW\n\
-eFJQMHRydi9WCkN6UDkzcHc5OG5vSmdGUGRUZ05iMjdKYmVUZENLVFBrTEtscXFt\n\
-b3NveUN2RitRa25vUS9BZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0t\n\
-LS0tCnNlcnZpY2Uta2V5Ci0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLQpN\n\
-SUdKQW9HQkFMVjNKSmtWN3lTNU9jc1lHMHNFYzFQOTVRclFRR3ZzbGJ6Wi9zRGxl\n\
-RlpKYXFSOUYvYjRUVERNClNGcFMxcU1GbldkZDgxVmRGMEdYRmN2WVpLamRJdHU2\n\
-SndBaTRJeEhxeXZtdTRKdUxrcXNaTEFLaXRLVkx4eGsKeERlMjlDNzRWMmJrOTRJ\n\
-MEgybTNKS2tzTHVwc3VxWWRVUmhOVXN0SElKZmgyZmNIalF0bEFnTUJBQUU9Ci0t\n\
-LS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0KCg==\n\
------END MESSAGE-----\n\
-signature\n\
------BEGIN SIGNATURE-----\n\
-d4OuCE5OLAOnRB6cQN6WyMEmg/BHem144Vec+eYgeWoKwx3MxXFplUjFxgnMlmwN\n\
-PcftsZf2ztN0sbNCtPgDL3d0PqvxY3iHTQAI8EbaGq/IAJUZ8U4y963dD5+Bn6JQ\n\
-myE3ctmh0vy5+QxSiRjmQBkuEpCyks7LvWvHYrhnmcg=\n\
------END SIGNATURE-----";
-
-/* Helper global variable for hidden service descriptor event test.
- * It's used as a pointer to dynamically created message buffer in
- * send_control_event_string_replacement function, which mocks
- * send_control_event_string function.
- *
- * Always free it after use! */
-static char *received_msg = NULL;
-
-/** Mock function for send_control_event_string
- */
-static void
-queue_control_event_string_replacement(uint16_t event, char *msg)
-{
- (void) event;
- tor_free(received_msg);
- received_msg = msg;
-}
-
-/** Mock function for node_describe_longname_by_id, it returns either
- * STR_HSDIR_EXIST_LONGNAME or STR_HSDIR_NONE_EXIST_LONGNAME
- */
-static const char *
-node_describe_longname_by_id_replacement(const char *id_digest)
-{
- if (!strcmp(id_digest, HSDIR_EXIST_ID)) {
- return STR_HSDIR_EXIST_LONGNAME;
- } else {
- return STR_HSDIR_NONE_EXIST_LONGNAME;
- }
-}
-
-/** Test that we can parse a hardcoded v2 HS desc. */
-static void
-test_hs_parse_static_v2_desc(void *arg)
-{
- int ret;
- rend_encoded_v2_service_descriptor_t desc;
-
- (void) arg;
-
- /* Test an obviously not parseable string */
- desc.desc_str = tor_strdup("ceci n'est pas un HS descriptor");
- ret = rend_desc_v2_is_parsable(&desc);
- tor_free(desc.desc_str);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Test an actual descriptor */
- desc.desc_str = tor_strdup(hs_desc_content);
- ret = rend_desc_v2_is_parsable(&desc);
- tor_free(desc.desc_str);
- tt_int_op(ret, OP_EQ, 1);
-
- done: ;
-}
-
-/** Make sure each hidden service descriptor async event generation
- *
- * function generates the message in expected format.
- */
-static void
-test_hs_desc_event(void *arg)
-{
- #define STR_HS_ADDR "ajhb7kljbiru65qo"
- #define STR_HS_CONTENT_DESC_ID "g5ojobzupf275beh5ra72uyhb3dkpxwg"
- #define STR_DESC_ID_BASE32 "hba3gmcgpfivzfhx5rtfqkfdhv65yrj3"
-
- int ret;
- rend_data_v2_t rend_query;
- const char *expected_msg;
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
-
- (void) arg;
- MOCK(queue_control_event_string,
- queue_control_event_string_replacement);
- MOCK(node_describe_longname_by_id,
- node_describe_longname_by_id_replacement);
-
- /* setup rend_query struct */
- memset(&rend_query, 0, sizeof(rend_query));
- rend_query.base_.version = 2;
- strncpy(rend_query.onion_address, STR_HS_ADDR,
- REND_SERVICE_ID_LEN_BASE32+1);
- rend_query.auth_type = REND_NO_AUTH;
- rend_query.base_.hsdirs_fp = smartlist_new();
- smartlist_add(rend_query.base_.hsdirs_fp, tor_memdup(HSDIR_EXIST_ID,
- DIGEST_LEN));
-
- /* Compute descriptor ID for replica 0, should be STR_DESC_ID_BASE32. */
- ret = rend_compute_v2_desc_id(rend_query.descriptor_id[0],
- rend_query.onion_address,
- NULL, 0, 0);
- tt_int_op(ret, OP_EQ, 0);
- base32_encode(desc_id_base32, sizeof(desc_id_base32),
- rend_query.descriptor_id[0], DIGEST_LEN);
- /* Make sure rend_compute_v2_desc_id works properly. */
- tt_mem_op(desc_id_base32, OP_EQ, STR_DESC_ID_BASE32,
- sizeof(desc_id_base32));
-
- /* test request event */
- control_event_hs_descriptor_requested(rend_query.onion_address,
- rend_query.auth_type, HSDIR_EXIST_ID,
- STR_DESC_ID_BASE32, NULL);
- expected_msg = "650 HS_DESC REQUESTED "STR_HS_ADDR" NO_AUTH "\
- STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32 "\r\n";
- tt_assert(received_msg);
- tt_str_op(received_msg,OP_EQ, expected_msg);
- tor_free(received_msg);
-
- /* test received event */
- rend_query.auth_type = REND_BASIC_AUTH;
- control_event_hsv2_descriptor_received(rend_query.onion_address,
- &rend_query.base_, HSDIR_EXIST_ID);
- expected_msg = "650 HS_DESC RECEIVED "STR_HS_ADDR" BASIC_AUTH "\
- STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32"\r\n";
- tt_assert(received_msg);
- tt_str_op(received_msg,OP_EQ, expected_msg);
- tor_free(received_msg);
-
- /* test failed event */
- rend_query.auth_type = REND_STEALTH_AUTH;
- control_event_hsv2_descriptor_failed(&rend_query.base_,
- HSDIR_NONE_EXIST_ID,
- "QUERY_REJECTED");
- expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" STEALTH_AUTH "\
- STR_HSDIR_NONE_EXIST_LONGNAME" REASON=QUERY_REJECTED\r\n";
- tt_assert(received_msg);
- tt_str_op(received_msg,OP_EQ, expected_msg);
- tor_free(received_msg);
-
- /* test invalid auth type */
- rend_query.auth_type = 999;
- control_event_hsv2_descriptor_failed(&rend_query.base_,
- HSDIR_EXIST_ID,
- "QUERY_REJECTED");
- expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" UNKNOWN "\
- STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32\
- " REASON=QUERY_REJECTED\r\n";
- tt_assert(received_msg);
- tt_str_op(received_msg,OP_EQ, expected_msg);
- tor_free(received_msg);
-
- /* test no HSDir fingerprint type */
- rend_query.auth_type = REND_NO_AUTH;
- control_event_hsv2_descriptor_failed(&rend_query.base_, NULL,
- "QUERY_NO_HSDIR");
- expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" NO_AUTH " \
- "UNKNOWN REASON=QUERY_NO_HSDIR\r\n";
- tt_assert(received_msg);
- tt_str_op(received_msg,OP_EQ, expected_msg);
- tor_free(received_msg);
-
- /* test HSDir rate limited */
- rend_query.auth_type = REND_NO_AUTH;
- control_event_hsv2_descriptor_failed(&rend_query.base_, NULL,
- "QUERY_RATE_LIMITED");
- expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" NO_AUTH " \
- "UNKNOWN REASON=QUERY_RATE_LIMITED\r\n";
- tt_assert(received_msg);
- tt_str_op(received_msg,OP_EQ, expected_msg);
- tor_free(received_msg);
-
- /* Test invalid content with no HSDir fingerprint. */
- char *exp_msg;
- control_event_hs_descriptor_content(rend_query.onion_address,
- STR_HS_CONTENT_DESC_ID, NULL, NULL);
- tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\
- STR_HS_CONTENT_DESC_ID " UNKNOWN" \
- "\r\n\r\n.\r\n650 OK\r\n");
- tt_assert(received_msg);
- tt_str_op(received_msg, OP_EQ, exp_msg);
- tor_free(received_msg);
- tor_free(exp_msg);
-
- /* test valid content. */
- control_event_hs_descriptor_content(rend_query.onion_address,
- STR_HS_CONTENT_DESC_ID, HSDIR_EXIST_ID,
- hs_desc_content_control);
- tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\
- STR_HS_CONTENT_DESC_ID " " STR_HSDIR_EXIST_LONGNAME\
- "\r\n%s\r\n.\r\n650 OK\r\n", hs_desc_content_control);
-
- tt_assert(received_msg);
- tt_str_op(received_msg, OP_EQ, exp_msg);
- tor_free(received_msg);
- tor_free(exp_msg);
- SMARTLIST_FOREACH(rend_query.base_.hsdirs_fp, char *, d, tor_free(d));
- smartlist_free(rend_query.base_.hsdirs_fp);
-
- done:
- UNMOCK(queue_control_event_string);
- UNMOCK(node_describe_longname_by_id);
- tor_free(received_msg);
-}
-
-/* Make sure rend_data_t is valid at creation, destruction and when
- * duplicated. */
-static void
-test_hs_rend_data(void *arg)
-{
- int rep;
- rend_data_t *client = NULL, *client_dup = NULL;
- /* Binary format of a descriptor ID. */
- char desc_id[DIGEST_LEN];
- char client_cookie[REND_DESC_COOKIE_LEN];
- time_t now = time(NULL);
- rend_data_t *service_dup = NULL;
- rend_data_t *service = NULL;
-
- (void)arg;
-
- base32_decode(desc_id, sizeof(desc_id), STR_DESC_ID_BASE32,
- REND_DESC_ID_V2_LEN_BASE32);
- memset(client_cookie, 'e', sizeof(client_cookie));
-
- client = rend_data_client_create(STR_HS_ADDR, desc_id, client_cookie,
- REND_NO_AUTH);
- tt_assert(client);
- rend_data_v2_t *client_v2 = TO_REND_DATA_V2(client);
- tt_int_op(client_v2->auth_type, OP_EQ, REND_NO_AUTH);
- tt_str_op(client_v2->onion_address, OP_EQ, STR_HS_ADDR);
- tt_mem_op(client_v2->desc_id_fetch, OP_EQ, desc_id, sizeof(desc_id));
- tt_mem_op(client_v2->descriptor_cookie, OP_EQ, client_cookie,
- sizeof(client_cookie));
- tt_assert(client->hsdirs_fp);
- tt_int_op(smartlist_len(client->hsdirs_fp), OP_EQ, 0);
- for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
- int ret = rend_compute_v2_desc_id(desc_id, client_v2->onion_address,
- client_v2->descriptor_cookie, now, rep);
- /* That shouldn't never fail. */
- tt_int_op(ret, OP_EQ, 0);
- tt_mem_op(client_v2->descriptor_id[rep], OP_EQ, desc_id,
- sizeof(desc_id));
- }
- /* The rest should be zeroed because this is a client request. */
- tt_int_op(tor_digest_is_zero(client_v2->rend_pk_digest), OP_EQ, 1);
- tt_int_op(tor_digest_is_zero(client->rend_cookie), OP_EQ, 1);
-
- /* Test dup(). */
- client_dup = rend_data_dup(client);
- tt_assert(client_dup);
- rend_data_v2_t *client_dup_v2 = TO_REND_DATA_V2(client_dup);
- tt_int_op(client_dup_v2->auth_type, OP_EQ, client_v2->auth_type);
- tt_str_op(client_dup_v2->onion_address, OP_EQ, client_v2->onion_address);
- tt_mem_op(client_dup_v2->desc_id_fetch, OP_EQ, client_v2->desc_id_fetch,
- sizeof(client_dup_v2->desc_id_fetch));
- tt_mem_op(client_dup_v2->descriptor_cookie, OP_EQ,
- client_v2->descriptor_cookie,
- sizeof(client_dup_v2->descriptor_cookie));
-
- tt_assert(client_dup->hsdirs_fp);
- tt_int_op(smartlist_len(client_dup->hsdirs_fp), OP_EQ, 0);
- for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
- tt_mem_op(client_dup_v2->descriptor_id[rep], OP_EQ,
- client_v2->descriptor_id[rep], DIGEST_LEN);
- }
- /* The rest should be zeroed because this is a client request. */
- tt_int_op(tor_digest_is_zero(client_dup_v2->rend_pk_digest), OP_EQ, 1);
- tt_int_op(tor_digest_is_zero(client_dup->rend_cookie), OP_EQ, 1);
- rend_data_free(client);
- client = NULL;
- rend_data_free(client_dup);
- client_dup = NULL;
-
- /* Reset state. */
- base32_decode(desc_id, sizeof(desc_id), STR_DESC_ID_BASE32,
- REND_DESC_ID_V2_LEN_BASE32);
- memset(client_cookie, 'e', sizeof(client_cookie));
-
- /* Try with different parameters here for which some content should be
- * zeroed out. */
- client = rend_data_client_create(NULL, desc_id, NULL, REND_BASIC_AUTH);
- tt_assert(client);
- client_v2 = TO_REND_DATA_V2(client);
- tt_int_op(client_v2->auth_type, OP_EQ, REND_BASIC_AUTH);
- tt_int_op(strlen(client_v2->onion_address), OP_EQ, 0);
- tt_mem_op(client_v2->desc_id_fetch, OP_EQ, desc_id, sizeof(desc_id));
- tt_int_op(fast_mem_is_zero(client_v2->descriptor_cookie,
- sizeof(client_v2->descriptor_cookie)), OP_EQ, 1);
- tt_assert(client->hsdirs_fp);
- tt_int_op(smartlist_len(client->hsdirs_fp), OP_EQ, 0);
- for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
- tt_int_op(tor_digest_is_zero(client_v2->descriptor_id[rep]), OP_EQ, 1);
- }
- /* The rest should be zeroed because this is a client request. */
- tt_int_op(tor_digest_is_zero(client_v2->rend_pk_digest), OP_EQ, 1);
- tt_int_op(tor_digest_is_zero(client->rend_cookie), OP_EQ, 1);
- rend_data_free(client);
- client = NULL;
-
- /* Let's test the service object now. */
- char rend_pk_digest[DIGEST_LEN];
- uint8_t rend_cookie[DIGEST_LEN];
- memset(rend_pk_digest, 'f', sizeof(rend_pk_digest));
- memset(rend_cookie, 'g', sizeof(rend_cookie));
-
- service = rend_data_service_create(STR_HS_ADDR, rend_pk_digest,
- rend_cookie, REND_NO_AUTH);
- tt_assert(service);
- rend_data_v2_t *service_v2 = TO_REND_DATA_V2(service);
- tt_int_op(service_v2->auth_type, OP_EQ, REND_NO_AUTH);
- tt_str_op(service_v2->onion_address, OP_EQ, STR_HS_ADDR);
- tt_mem_op(service_v2->rend_pk_digest, OP_EQ, rend_pk_digest,
- sizeof(rend_pk_digest));
- tt_mem_op(service->rend_cookie, OP_EQ, rend_cookie, sizeof(rend_cookie));
- tt_assert(service->hsdirs_fp);
- tt_int_op(smartlist_len(service->hsdirs_fp), OP_EQ, 0);
- for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
- tt_int_op(tor_digest_is_zero(service_v2->descriptor_id[rep]), OP_EQ, 1);
- }
- /* The rest should be zeroed because this is a service request. */
- tt_int_op(tor_digest_is_zero(service_v2->descriptor_cookie), OP_EQ, 1);
- tt_int_op(tor_digest_is_zero(service_v2->desc_id_fetch), OP_EQ, 1);
-
- /* Test dup(). */
- service_dup = rend_data_dup(service);
- rend_data_v2_t *service_dup_v2 = TO_REND_DATA_V2(service_dup);
- tt_assert(service_dup);
- tt_int_op(service_dup_v2->auth_type, OP_EQ, service_v2->auth_type);
- tt_str_op(service_dup_v2->onion_address, OP_EQ, service_v2->onion_address);
- tt_mem_op(service_dup_v2->rend_pk_digest, OP_EQ, service_v2->rend_pk_digest,
- sizeof(service_dup_v2->rend_pk_digest));
- tt_mem_op(service_dup->rend_cookie, OP_EQ, service->rend_cookie,
- sizeof(service_dup->rend_cookie));
- tt_assert(service_dup->hsdirs_fp);
- tt_int_op(smartlist_len(service_dup->hsdirs_fp), OP_EQ, 0);
- for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
- tt_assert(tor_digest_is_zero(service_dup_v2->descriptor_id[rep]));
- }
- /* The rest should be zeroed because this is a service request. */
- tt_int_op(tor_digest_is_zero(service_dup_v2->descriptor_cookie), OP_EQ, 1);
- tt_int_op(tor_digest_is_zero(service_dup_v2->desc_id_fetch), OP_EQ, 1);
-
- done:
- rend_data_free(service);
- rend_data_free(service_dup);
- rend_data_free(client);
- rend_data_free(client_dup);
-}
-
-/* Test encoding and decoding service authorization cookies */
-static void
-test_hs_auth_cookies(void *arg)
-{
-#define TEST_COOKIE_RAW ((const uint8_t *) "abcdefghijklmnop")
-#define TEST_COOKIE_ENCODED "YWJjZGVmZ2hpamtsbW5vcA"
-#define TEST_COOKIE_ENCODED_STEALTH "YWJjZGVmZ2hpamtsbW5vcB"
-#define TEST_COOKIE_ENCODED_INVALID "YWJjZGVmZ2hpamtsbW5vcD"
-
- char *encoded_cookie = NULL;
- uint8_t raw_cookie[REND_DESC_COOKIE_LEN];
- rend_auth_type_t auth_type;
- char *err_msg = NULL;
- int re;
-
- (void)arg;
-
- /* Test that encoding gives the expected result */
- encoded_cookie = rend_auth_encode_cookie(TEST_COOKIE_RAW, REND_BASIC_AUTH);
- tt_str_op(encoded_cookie, OP_EQ, TEST_COOKIE_ENCODED);
- tor_free(encoded_cookie);
-
- encoded_cookie = rend_auth_encode_cookie(TEST_COOKIE_RAW, REND_STEALTH_AUTH);
- tt_str_op(encoded_cookie, OP_EQ, TEST_COOKIE_ENCODED_STEALTH);
- tor_free(encoded_cookie);
-
- /* Decoding should give the original value */
- re = rend_auth_decode_cookie(TEST_COOKIE_ENCODED, raw_cookie, &auth_type,
- &err_msg);
- tt_assert(!re);
- tt_ptr_op(err_msg, OP_EQ, NULL);
- tt_mem_op(raw_cookie, OP_EQ, TEST_COOKIE_RAW, REND_DESC_COOKIE_LEN);
- tt_int_op(auth_type, OP_EQ, REND_BASIC_AUTH);
- memset(raw_cookie, 0, sizeof(raw_cookie));
-
- re = rend_auth_decode_cookie(TEST_COOKIE_ENCODED_STEALTH, raw_cookie,
- &auth_type, &err_msg);
- tt_assert(!re);
- tt_ptr_op(err_msg, OP_EQ, NULL);
- tt_mem_op(raw_cookie, OP_EQ, TEST_COOKIE_RAW, REND_DESC_COOKIE_LEN);
- tt_int_op(auth_type, OP_EQ, REND_STEALTH_AUTH);
- memset(raw_cookie, 0, sizeof(raw_cookie));
-
- /* Decoding with padding characters should also work */
- re = rend_auth_decode_cookie(TEST_COOKIE_ENCODED "==", raw_cookie, NULL,
- &err_msg);
- tt_assert(!re);
- tt_ptr_op(err_msg, OP_EQ, NULL);
- tt_mem_op(raw_cookie, OP_EQ, TEST_COOKIE_RAW, REND_DESC_COOKIE_LEN);
-
- /* Decoding with an unknown type should fail */
- re = rend_auth_decode_cookie(TEST_COOKIE_ENCODED_INVALID, raw_cookie,
- &auth_type, &err_msg);
- tt_int_op(re, OP_LT, 0);
- tt_assert(err_msg);
- tor_free(err_msg);
-
- done:
- tor_free(encoded_cookie);
- tor_free(err_msg);
-
- return;
-}
-
-static int mock_get_options_calls = 0;
-static or_options_t *mock_options = NULL;
-
-static void
-reset_options(or_options_t *options, int *get_options_calls)
-{
- memset(options, 0, sizeof(or_options_t));
- options->TestingTorNetwork = 1;
-
- *get_options_calls = 0;
-}
-
-static const or_options_t *
-mock_get_options(void)
-{
- ++mock_get_options_calls;
- tor_assert(mock_options);
- return mock_options;
-}
-
-/* arg can't be 0 (the test fails) or 2 (the test is skipped) */
-#define CREATE_HS_DIR_NONE ((intptr_t)0x04)
-#define CREATE_HS_DIR1 ((intptr_t)0x08)
-#define CREATE_HS_DIR2 ((intptr_t)0x10)
-
-/* Test that single onion poisoning works. */
-static void
-test_single_onion_poisoning(void *arg)
-{
- or_options_t opt;
- mock_options = &opt;
- reset_options(mock_options, &mock_get_options_calls);
- MOCK(get_options, mock_get_options);
-
- int ret = -1;
- intptr_t create_dir_mask = (intptr_t)arg;
- /* Get directories with a random suffix so we can repeat the tests */
- mock_options->DataDirectory = tor_strdup(get_fname_rnd("test_data_dir"));
- rend_service_t *service_1 = tor_malloc_zero(sizeof(rend_service_t));
- char *dir1 = tor_strdup(get_fname_rnd("test_hs_dir1"));
- rend_service_t *service_2 = tor_malloc_zero(sizeof(rend_service_t));
- char *dir2 = tor_strdup(get_fname_rnd("test_hs_dir2"));
- smartlist_t *services = smartlist_new();
- char *poison_path = NULL;
- char *err_msg = NULL;
-
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
-
- /* Create the data directory, and, if the correct bit in arg is set,
- * create a directory for that service.
- * The data directory is required for the lockfile, which is used when
- * loading keys. */
- ret = check_private_dir(mock_options->DataDirectory, CPD_CREATE, NULL);
- tt_int_op(ret, OP_EQ, 0);
- if (create_dir_mask & CREATE_HS_DIR1) {
- ret = check_private_dir(dir1, CPD_CREATE, NULL);
- tt_int_op(ret, OP_EQ, 0);
- }
- if (create_dir_mask & CREATE_HS_DIR2) {
- ret = check_private_dir(dir2, CPD_CREATE, NULL);
- tt_int_op(ret, OP_EQ, 0);
- }
-
- service_1->directory = dir1;
- service_2->directory = dir2;
- /* The services own the directory pointers now */
- dir1 = dir2 = NULL;
- /* Add port to service 1 */
- service_1->ports = smartlist_new();
- service_2->ports = smartlist_new();
- hs_port_config_t *port1 = hs_parse_port_config("80", " ", &err_msg);
- tt_assert(port1);
- tt_ptr_op(err_msg, OP_EQ, NULL);
- smartlist_add(service_1->ports, port1);
-
- hs_port_config_t *port2 = hs_parse_port_config("90", " ", &err_msg);
- /* Add port to service 2 */
- tt_assert(port2);
- tt_ptr_op(err_msg, OP_EQ, NULL);
- smartlist_add(service_2->ports, port2);
-
- /* No services, a service to verify, no problem! */
- mock_options->HiddenServiceSingleHopMode = 0;
- mock_options->HiddenServiceNonAnonymousMode = 0;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Either way, no problem. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Add the first service */
- ret = hs_check_service_private_dir(mock_options->User, service_1->directory,
- service_1->dir_group_readable, 1);
- tt_int_op(ret, OP_EQ, 0);
- smartlist_add(services, service_1);
- /* But don't add the second service yet. */
-
- /* Service directories, but no previous keys, no problem! */
- mock_options->HiddenServiceSingleHopMode = 0;
- mock_options->HiddenServiceNonAnonymousMode = 0;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Either way, no problem. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Poison! Poison! Poison!
- * This can only be done in HiddenServiceSingleHopMode. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- /* Poisoning twice is a no-op. */
- ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Poisoned service directories, but no previous keys, no problem! */
- mock_options->HiddenServiceSingleHopMode = 0;
- mock_options->HiddenServiceNonAnonymousMode = 0;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Either way, no problem. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Now add some keys, and we'll have a problem. */
- ret = rend_service_load_all_keys(services);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Poisoned service directories with previous keys are not allowed. */
- mock_options->HiddenServiceSingleHopMode = 0;
- mock_options->HiddenServiceNonAnonymousMode = 0;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_LT, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* But they are allowed if we're in non-anonymous mode. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Re-poisoning directories with existing keys is a no-op, because
- * directories with existing keys are ignored. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- /* And it keeps the poison. */
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Now add the second service: it has no key and no poison file */
- ret = hs_check_service_private_dir(mock_options->User, service_2->directory,
- service_2->dir_group_readable, 1);
- tt_int_op(ret, OP_EQ, 0);
- smartlist_add(services, service_2);
-
- /* A new service, and an existing poisoned service. Not ok. */
- mock_options->HiddenServiceSingleHopMode = 0;
- mock_options->HiddenServiceNonAnonymousMode = 0;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_LT, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* But ok to add in non-anonymous mode. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Now remove the poisoning from the first service, and we have the opposite
- * problem. */
- poison_path = rend_service_sos_poison_path(service_1);
- tt_assert(poison_path);
- ret = unlink(poison_path);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Unpoisoned service directories with previous keys are ok, as are empty
- * directories. */
- mock_options->HiddenServiceSingleHopMode = 0;
- mock_options->HiddenServiceNonAnonymousMode = 0;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* But the existing unpoisoned key is not ok in non-anonymous mode, even if
- * there is an empty service. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_LT, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Poisoning directories with existing keys is a no-op, because directories
- * with existing keys are ignored. But the new directory should poison. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_poison_new_single_onion_dir(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- /* And the old directory remains unpoisoned. */
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_LT, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* And the new directory should be ignored, because it has no key. */
- mock_options->HiddenServiceSingleHopMode = 0;
- mock_options->HiddenServiceNonAnonymousMode = 0;
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- /* Re-poisoning directories without existing keys is a no-op. */
- mock_options->HiddenServiceSingleHopMode = 1;
- mock_options->HiddenServiceNonAnonymousMode = 1;
- ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- ret = rend_service_poison_new_single_onion_dir(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
- /* And the old directory remains unpoisoned. */
- ret = rend_service_verify_single_onion_poison(service_1, mock_options);
- tt_int_op(ret, OP_LT, 0);
- ret = rend_service_verify_single_onion_poison(service_2, mock_options);
- tt_int_op(ret, OP_EQ, 0);
-
- done:
- /* The test harness deletes the directories at exit */
- tor_free(poison_path);
- tor_free(dir1);
- tor_free(dir2);
- smartlist_free(services);
- rend_service_free(service_1);
- rend_service_free(service_2);
- UNMOCK(get_options);
- tor_free(mock_options->DataDirectory);
- tor_free(err_msg);
-}
-
-static rend_service_t *
-helper_create_rend_service(const char *path)
-{
- rend_service_t *s = tor_malloc_zero(sizeof(rend_service_t));
- s->ports = smartlist_new();
- s->intro_nodes = smartlist_new();
- s->expiring_nodes = smartlist_new();
- if (path) {
- s->directory = tor_strdup(path);
- }
- return s;
-}
-
-static void
-test_prune_services_on_reload(void *arg)
-{
- smartlist_t *new = smartlist_new(), *old = smartlist_new();
- /* Non ephemeral service. */
- rend_service_t *s1 = helper_create_rend_service("SomePath");
- /* Create a non ephemeral service with the _same_ path as so we can test the
- * transfer of introduction point between the same services on reload. */
- rend_service_t *s2 = helper_create_rend_service(s1->directory);
- /* Ephemeral service (directory is NULL). */
- rend_service_t *e1 = helper_create_rend_service(NULL);
- rend_service_t *e2 = helper_create_rend_service(NULL);
-
- (void) arg;
-
- {
- /* Add both services to the old list. */
- smartlist_add(old, s1);
- smartlist_add(old, e1);
- /* Only put the non ephemeral in the new list. */
- smartlist_add(new, s1);
- set_rend_service_list(old);
- set_rend_rend_service_staging_list(new);
- rend_service_prune_list_impl_();
- /* We expect that the ephemeral one is in the new list but removed from
- * the old one. */
- tt_int_op(smartlist_len(old), OP_EQ, 1);
- tt_assert(smartlist_get(old, 0) == s1);
- tt_int_op(smartlist_len(new), OP_EQ, 2);
- tt_assert(smartlist_get(new, 0) == s1);
- tt_assert(smartlist_get(new, 1) == e1);
- /* Cleanup for next test. */
- smartlist_clear(new);
- smartlist_clear(old);
- }
-
- {
- /* This test will make sure that only the ephemeral service is kept if the
- * new list is empty. The old list should contain only the non ephemeral
- * one. */
- smartlist_add(old, s1);
- smartlist_add(old, e1);
- set_rend_service_list(old);
- set_rend_rend_service_staging_list(new);
- rend_service_prune_list_impl_();
- tt_int_op(smartlist_len(old), OP_EQ, 1);
- tt_assert(smartlist_get(old, 0) == s1);
- tt_int_op(smartlist_len(new), OP_EQ, 1);
- tt_assert(smartlist_get(new, 0) == e1);
- /* Cleanup for next test. */
- smartlist_clear(new);
- smartlist_clear(old);
- }
-
- {
- /* This test makes sure that the new list stays the same even from the old
- * list being completely different. */
- smartlist_add(new, s1);
- smartlist_add(new, e1);
- set_rend_service_list(old);
- set_rend_rend_service_staging_list(new);
- rend_service_prune_list_impl_();
- tt_int_op(smartlist_len(old), OP_EQ, 0);
- tt_int_op(smartlist_len(new), OP_EQ, 2);
- tt_assert(smartlist_get(new, 0) == s1);
- tt_assert(smartlist_get(new, 1) == e1);
- /* Cleanup for next test. */
- smartlist_clear(new);
- }
-
- {
- rend_intro_point_t ip1;
- /* This IP should be found in the s2 service after pruning. */
- smartlist_add(s1->intro_nodes, &ip1);
- /* Setup our list. */
- smartlist_add(old, s1);
- smartlist_add(new, s2);
- set_rend_service_list(old);
- set_rend_rend_service_staging_list(new);
- rend_service_prune_list_impl_();
- tt_int_op(smartlist_len(old), OP_EQ, 1);
- /* Intro nodes have been moved to the s2 in theory so it must be empty. */
- tt_int_op(smartlist_len(s1->intro_nodes), OP_EQ, 0);
- tt_int_op(smartlist_len(new), OP_EQ, 1);
- rend_service_t *elem = smartlist_get(new, 0);
- tt_assert(elem);
- tt_assert(elem == s2);
- tt_int_op(smartlist_len(elem->intro_nodes), OP_EQ, 1);
- tt_assert(smartlist_get(elem->intro_nodes, 0) == &ip1);
- smartlist_clear(s1->intro_nodes);
- smartlist_clear(s2->intro_nodes);
- /* Cleanup for next test. */
- smartlist_clear(new);
- smartlist_clear(old);
- }
-
- {
- /* Test two ephemeral services. */
- smartlist_add(old, e1);
- smartlist_add(old, e2);
- set_rend_service_list(old);
- set_rend_rend_service_staging_list(new);
- rend_service_prune_list_impl_();
- /* Check if they've all been transferred. */
- tt_int_op(smartlist_len(old), OP_EQ, 0);
- tt_int_op(smartlist_len(new), OP_EQ, 2);
- }
-
- done:
- rend_service_free(s1);
- rend_service_free(s2);
- rend_service_free(e1);
- rend_service_free(e2);
- smartlist_free(new);
- smartlist_free(old);
-}
-
-struct testcase_t hs_tests[] = {
- { "hs_rend_data", test_hs_rend_data, TT_FORK,
- NULL, NULL },
- { "hs_parse_static_v2_desc", test_hs_parse_static_v2_desc, TT_FORK,
- NULL, NULL },
- { "hs_desc_event", test_hs_desc_event, TT_FORK,
- NULL, NULL },
- { "hs_auth_cookies", test_hs_auth_cookies, TT_FORK,
- NULL, NULL },
- { "single_onion_poisoning_create_dir_none", test_single_onion_poisoning,
- TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR_NONE) },
- { "single_onion_poisoning_create_dir1", test_single_onion_poisoning,
- TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR1) },
- { "single_onion_poisoning_create_dir2", test_single_onion_poisoning,
- TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR2) },
- { "single_onion_poisoning_create_dir_both", test_single_onion_poisoning,
- TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR1 | CREATE_HS_DIR2) },
- { "prune_services_on_reload", test_prune_services_on_reload, TT_FORK,
- NULL, NULL },
-
- END_OF_TESTCASES
-};
diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c
index df96b2c791..c3e0eee691 100644
--- a/src/test/test_hs_cache.c
+++ b/src/test/test_hs_cache.c
@@ -14,7 +14,6 @@
#include "trunnel/ed25519_cert.h"
#include "feature/hs/hs_cache.h"
-#include "feature/rend/rendcache.h"
#include "feature/dircache/dircache.h"
#include "feature/dirclient/dirclient.h"
#include "feature/nodelist/networkstatus.h"
@@ -51,8 +50,6 @@ init_test(void)
{
/* Always needed. Initialize the subsystem. */
hs_cache_init();
- /* We need the v2 cache since our OOM and cache cleanup does poke at it. */
- rend_cache_init();
}
static void
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index f59b3a59cd..7df9fc5d31 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -19,7 +19,6 @@
#include "test/test.h"
#include "test/test_helpers.h"
#include "test/log_test_helpers.h"
-#include "test/rend_test_helpers.h"
#include "test/hs_test_helpers.h"
#include "app/config/config.h"
@@ -38,7 +37,6 @@
#include "feature/hs/hs_config.h"
#include "feature/hs/hs_ident.h"
#include "feature/hs/hs_cache.h"
-#include "feature/rend/rendcache.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitbuild.h"
#include "core/or/extendinfo.h"
@@ -137,12 +135,9 @@ helper_add_random_client_auth(const ed25519_public_key_t *service_pk)
* hidden service. */
static int
helper_get_circ_and_stream_for_test(origin_circuit_t **circ_out,
- connection_t **conn_out,
- int is_legacy)
+ connection_t **conn_out)
{
- int retval;
channel_tls_t *n_chan=NULL;
- rend_data_t *conn_rend_data = NULL;
origin_circuit_t *or_circ = NULL;
connection_t *conn = NULL;
ed25519_public_key_t service_pk;
@@ -151,20 +146,13 @@ helper_get_circ_and_stream_for_test(origin_circuit_t **circ_out,
conn = test_conn_get_connection(AP_CONN_STATE_CIRCUIT_WAIT,
CONN_TYPE_AP /* ??? */,
0);
- if (is_legacy) {
- /* Legacy: Setup rend_data of stream */
- char service_id[REND_SERVICE_ID_LEN_BASE32+1] = {0};
- TO_EDGE_CONN(conn)->rend_data = mock_rend_data(service_id);
- conn_rend_data = TO_EDGE_CONN(conn)->rend_data;
- } else {
- /* prop224: Setup hs conn identifier on the stream */
- ed25519_secret_key_t sk;
- tt_int_op(0, OP_EQ, ed25519_secret_key_generate(&sk, 0));
- tt_int_op(0, OP_EQ, ed25519_public_key_generate(&service_pk, &sk));
+ /* prop224: Setup hs conn identifier on the stream */
+ ed25519_secret_key_t sk;
+ tt_int_op(0, OP_EQ, ed25519_secret_key_generate(&sk, 0));
+ tt_int_op(0, OP_EQ, ed25519_public_key_generate(&service_pk, &sk));
- /* Setup hs_conn_identifier of stream */
- TO_EDGE_CONN(conn)->hs_ident = hs_ident_edge_conn_new(&service_pk);
- }
+ /* Setup hs_conn_identifier of stream */
+ TO_EDGE_CONN(conn)->hs_ident = hs_ident_edge_conn_new(&service_pk);
/* Make it wait for circuit */
connection_ap_mark_as_pending_circuit(TO_ENTRY_CONN(conn));
@@ -184,23 +172,8 @@ helper_get_circ_and_stream_for_test(origin_circuit_t **circ_out,
or_circ->build_state = tor_malloc_zero(sizeof(cpath_build_state_t));
or_circ->build_state->is_internal = 1;
- if (is_legacy) {
- /* Legacy: Setup rend data and final cpath */
- or_circ->build_state->pending_final_cpath =
- tor_malloc_zero(sizeof(crypt_path_t));
- or_circ->build_state->pending_final_cpath->magic = CRYPT_PATH_MAGIC;
- or_circ->build_state->pending_final_cpath->rend_dh_handshake_state =
- crypto_dh_new(DH_TYPE_REND);
- tt_assert(
- or_circ->build_state->pending_final_cpath->rend_dh_handshake_state);
- retval = crypto_dh_generate_public(
- or_circ->build_state->pending_final_cpath->rend_dh_handshake_state);
- tt_int_op(retval, OP_EQ, 0);
- or_circ->rend_data = rend_data_dup(conn_rend_data);
- } else {
- /* prop224: Setup hs ident on the circuit */
- or_circ->hs_ident = hs_ident_circuit_new(&service_pk);
- }
+ /* prop224: Setup hs ident on the circuit */
+ or_circ->hs_ident = hs_ident_circuit_new(&service_pk);
TO_CIRCUIT(or_circ)->state = CIRCUIT_STATE_OPEN;
@@ -219,91 +192,6 @@ helper_get_circ_and_stream_for_test(origin_circuit_t **circ_out,
return -1;
}
-/* Test: Ensure that setting up legacy e2e rendezvous circuits works
- * correctly. */
-static void
-test_e2e_rend_circuit_setup_legacy(void *arg)
-{
- ssize_t retval;
- origin_circuit_t *or_circ = NULL;
- connection_t *conn = NULL;
-
- (void) arg;
-
- /** In this test we create a v2 legacy HS stream and a circuit with the same
- * hidden service destination. We make the stream wait for circuits to be
- * established to the hidden service, and then we complete the circuit using
- * the hs_circuit_setup_e2e_rend_circ_legacy_client() function. We then
- * check that the end-to-end cpath was setup correctly and that the stream
- * was attached to the circuit as expected. */
-
- MOCK(connection_ap_handshake_send_begin,
- mock_connection_ap_handshake_send_begin);
-
- /* Setup */
- retval = helper_get_circ_and_stream_for_test( &or_circ, &conn, 1);
- tt_int_op(retval, OP_EQ, 0);
- tt_assert(or_circ);
- tt_assert(conn);
-
- /* Check number of hops */
- retval = cpath_get_n_hops(&or_circ->cpath);
- tt_int_op(retval, OP_EQ, 0);
-
- /* Check that our stream is not attached on any circuits */
- tt_ptr_op(TO_EDGE_CONN(conn)->on_circuit, OP_EQ, NULL);
-
- /********************************************** */
-
- /* Make a good RENDEZVOUS1 cell body because it needs to pass key exchange
- * digest verification... */
- uint8_t rend_cell_body[DH1024_KEY_LEN+DIGEST_LEN] = {2};
- {
- char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
- crypto_dh_t *dh_state =
- or_circ->build_state->pending_final_cpath->rend_dh_handshake_state;
- /* compute and overwrite digest of cell body with the right value */
- retval = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh_state,
- (char*)rend_cell_body, DH1024_KEY_LEN,
- keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN);
- tt_int_op(retval, OP_GT, 0);
- memcpy(rend_cell_body+DH1024_KEY_LEN, keys, DIGEST_LEN);
- }
-
- /* Setup the circuit */
- retval = hs_circuit_setup_e2e_rend_circ_legacy_client(or_circ,
- rend_cell_body);
- tt_int_op(retval, OP_EQ, 0);
-
- /**********************************************/
-
- /* See that a hop was added to the circuit's cpath */
- retval = cpath_get_n_hops(&or_circ->cpath);
- tt_int_op(retval, OP_EQ, 1);
-
- /* Check the digest algo */
- tt_int_op(
- crypto_digest_get_algorithm(or_circ->cpath->pvt_crypto.f_digest),
- OP_EQ, DIGEST_SHA1);
- tt_int_op(
- crypto_digest_get_algorithm(or_circ->cpath->pvt_crypto.b_digest),
- OP_EQ, DIGEST_SHA1);
- tt_assert(or_circ->cpath->pvt_crypto.f_crypto);
- tt_assert(or_circ->cpath->pvt_crypto.b_crypto);
-
- /* Ensure that circ purpose was changed */
- tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_C_REND_JOINED);
-
- /* Test that stream got attached */
- tt_ptr_op(TO_EDGE_CONN(conn)->on_circuit, OP_EQ, TO_CIRCUIT(or_circ));
-
- done:
- connection_free_minimal(conn);
- if (or_circ)
- tor_free(TO_CIRCUIT(or_circ)->n_chan);
- circuit_free_(TO_CIRCUIT(or_circ));
-}
-
/* Test: Ensure that setting up v3 rendezvous circuits works correctly. */
static void
test_e2e_rend_circuit_setup(void *arg)
@@ -326,7 +214,7 @@ test_e2e_rend_circuit_setup(void *arg)
mock_connection_ap_handshake_send_begin);
/* Setup */
- retval = helper_get_circ_and_stream_for_test(&or_circ, &conn, 0);
+ retval = helper_get_circ_and_stream_for_test(&or_circ, &conn);
tt_int_op(retval, OP_EQ, 0);
tt_assert(or_circ);
tt_assert(conn);
@@ -974,7 +862,6 @@ test_close_intro_circuits_new_desc(void *arg)
(void) arg;
hs_init();
- rend_cache_init();
/* This is needed because of the client cache expiration timestamp is based
* on having a consensus. See cached_client_descriptor_has_expired(). */
@@ -1120,7 +1007,6 @@ test_close_intro_circuits_cache_clean(void *arg)
(void) arg;
hs_init();
- rend_cache_init();
/* This is needed because of the client cache expiration timestamp is based
* on having a consensus. See cached_client_descriptor_has_expired(). */
@@ -1189,7 +1075,6 @@ test_close_intro_circuits_cache_clean(void *arg)
circuit_free(circ);
hs_descriptor_free(desc1);
hs_free_all();
- rend_cache_free_all();
UNMOCK(networkstatus_get_reasonably_live_consensus);
}
@@ -1554,8 +1439,6 @@ test_purge_ephemeral_client_auth(void *arg)
}
struct testcase_t hs_client_tests[] = {
- { "e2e_rend_circuit_setup_legacy", test_e2e_rend_circuit_setup_legacy,
- TT_FORK, NULL, NULL },
{ "e2e_rend_circuit_setup", test_e2e_rend_circuit_setup,
TT_FORK, NULL, NULL },
{ "client_pick_intro", test_client_pick_intro,
diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c
index dc3b598c34..104e5effbb 100644
--- a/src/test/test_hs_config.c
+++ b/src/test/test_hs_config.c
@@ -18,7 +18,6 @@
#include "feature/hs/hs_common.h"
#include "feature/hs/hs_config.h"
#include "feature/hs/hs_service.h"
-#include "feature/rend/rendservice.h"
static int
helper_config_service(const char *conf, int validate_only)
@@ -49,7 +48,7 @@ test_invalid_service(void *arg)
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("HiddenServiceVersion must be between 2 and 3");
+ expect_log_msg_containing("HiddenServiceVersion must be between 3 and 3");
teardown_capture_of_logs();
}
@@ -57,7 +56,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServiceAllowUnknownPorts 2\n"; /* Should be 0 or 1. */
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -72,7 +71,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServiceDirGroupReadable 2\n"; /* Should be 0 or 1. */
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -87,7 +86,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServiceMaxStreamsCloseCircuit 2\n"; /* Should be 0 or 1. */
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -102,7 +101,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 80\n"
"HiddenServiceMaxStreams 65536\n"; /* One too many. */
setup_full_capture_of_logs(LOG_WARN);
@@ -117,10 +116,10 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 80\n"
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 81\n";
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -134,7 +133,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 65536\n";
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -147,7 +146,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 80 127.0.0.1 8000\n";
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -160,7 +159,7 @@ test_invalid_service(void *arg)
/* Out of order directives. */
{
const char *conf =
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
"HiddenServicePort 80\n";
setup_full_capture_of_logs(LOG_WARN);
@@ -182,18 +181,11 @@ test_valid_service(void *arg)
(void) arg;
- /* Mix of v2 and v3. Still valid. */
{
const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs2\n"
"HiddenServiceVersion 3\n"
- "HiddenServicePort 81\n"
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 82\n";
+ "HiddenServicePort 81\n";
ret = helper_config_service(conf, 1);
tt_int_op(ret, OP_EQ, 0);
}
@@ -202,127 +194,6 @@ test_valid_service(void *arg)
;
}
-static void
-test_invalid_service_v2(void *arg)
-{
- int validate_only = 1, ret;
-
- (void) arg;
-
- /* Try with a missing port configuration. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n";
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("with no ports configured.");
- teardown_capture_of_logs();
- }
-
- /* Too many introduction points. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServiceNumIntroductionPoints 11\n"; /* One too many. */
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("HiddenServiceNumIntroductionPoints must "
- "be between 0 and 10, not 11.");
- teardown_capture_of_logs();
- }
-
- /* Too little introduction points. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServiceNumIntroductionPoints -1\n";
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("Could not parse "
- "HiddenServiceNumIntroductionPoints: "
- "Integer -1 is malformed or out of bounds.");
- teardown_capture_of_logs();
- }
-
- /* Bad authorized client type. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServiceAuthorizeClient blah alice,bob\n"; /* blah is no good. */
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("HiddenServiceAuthorizeClient contains "
- "unrecognized auth-type");
- teardown_capture_of_logs();
- }
-
- done:
- ;
-}
-
-static void
-test_valid_service_v2(void *arg)
-{
- int ret;
-
- (void) arg;
- mock_hostname_resolver();
-
- /* Valid complex configuration. Basic client authorization. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServicePort 22 localhost:22\n"
-#ifdef HAVE_SYS_UN_H
- "HiddenServicePort 42 unix:/path/to/socket\n"
-#endif
- "HiddenServiceAuthorizeClient basic alice,bob,eve\n"
- "HiddenServiceAllowUnknownPorts 1\n"
- "HiddenServiceMaxStreams 42\n"
- "HiddenServiceMaxStreamsCloseCircuit 0\n"
- "HiddenServiceDirGroupReadable 1\n"
- "HiddenServiceNumIntroductionPoints 7\n";
- ret = helper_config_service(conf, 1);
- tt_int_op(ret, OP_EQ, 0);
- }
-
- /* Valid complex configuration. Stealth client authorization. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs2\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 65535\n"
- "HiddenServicePort 22 1.1.1.1:22\n"
-#ifdef HAVE_SYS_UN_H
- "HiddenServicePort 9000 unix:/path/to/socket\n"
-#endif
- "HiddenServiceAuthorizeClient stealth charlie,romeo\n"
- "HiddenServiceAllowUnknownPorts 0\n"
- "HiddenServiceMaxStreams 42\n"
- "HiddenServiceMaxStreamsCloseCircuit 0\n"
- "HiddenServiceDirGroupReadable 1\n"
- "HiddenServiceNumIntroductionPoints 8\n";
- ret = helper_config_service(conf, 1);
- tt_int_op(ret, OP_EQ, 0);
- }
-
- done:
- unmock_hostname_resolver();
-}
-
static void
test_invalid_service_v3(void *arg)
{
@@ -438,22 +309,6 @@ test_valid_service_v3(void *arg)
tt_int_op(ret, OP_EQ, 0);
}
- /* Mix of v2 and v3. Still valid. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs2\n"
- "HiddenServiceVersion 3\n"
- "HiddenServicePort 81\n"
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 82\n";
- ret = helper_config_service(conf, 1);
- tt_int_op(ret, OP_EQ, 0);
- }
-
done:
unmock_hostname_resolver();
}
@@ -489,8 +344,6 @@ test_staging_service_v3(void *arg)
tt_int_op(ret, OP_EQ, 0);
/* Ok, we have a service in our map! Registration went well. */
tt_int_op(get_hs_service_staging_list_size(), OP_EQ, 1);
- /* Make sure we don't have a magic v2 service out of this. */
- tt_int_op(rend_num_services(), OP_EQ, 0);
done:
hs_free_all();
@@ -611,12 +464,6 @@ struct testcase_t hs_config_tests[] = {
{ "valid_service", test_valid_service, TT_FORK,
NULL, NULL },
- /* Test case only for version 2. */
- { "invalid_service_v2", test_invalid_service_v2, TT_FORK,
- NULL, NULL },
- { "valid_service_v2", test_valid_service_v2, TT_FORK,
- NULL, NULL },
-
/* Test case only for version 3. */
{ "invalid_service_v3", test_invalid_service_v3, TT_FORK,
NULL, NULL },
diff --git a/src/test/test_hs_control.c b/src/test/test_hs_control.c
index dfc1e5445e..e4999a4ed5 100644
--- a/src/test/test_hs_control.c
+++ b/src/test/test_hs_control.c
@@ -25,7 +25,6 @@
#include "feature/hs/hs_client.h"
#include "feature/hs/hs_control.h"
#include "feature/nodelist/nodelist.h"
-#include "feature/rend/rendservice.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/routerstatus_st.h"
@@ -797,7 +796,7 @@ test_hs_control_add_onion_helper_add_service(void *arg)
hs_service_authorized_client_t *client_good, *client_bad;
smartlist_t *list_good, *list_bad;
hs_service_ht *global_map;
- rend_service_port_config_t *portcfg;
+ hs_port_config_t *portcfg;
smartlist_t *portcfgs;
char *address_out_good, *address_out_bad;
hs_service_t *service_good = NULL;
@@ -808,7 +807,7 @@ test_hs_control_add_onion_helper_add_service(void *arg)
hs_init();
global_map = get_hs_service_map();
- portcfg = rend_service_parse_port_config("8080", ",", NULL);
+ portcfg = hs_parse_port_config("8080", ",", NULL);
portcfgs = smartlist_new();
smartlist_add(portcfgs, portcfg);
@@ -831,7 +830,7 @@ test_hs_control_add_onion_helper_add_service(void *arg)
smartlist_add(list_good, client_good);
add_onion_helper_add_service(HS_VERSION_THREE, &sk_good, portcfgs, 1, 1,
- REND_V3_AUTH, NULL, list_good, &address_out_good);
+ list_good, &address_out_good);
service_good = find_service(global_map, &pk_good);
tt_int_op(smartlist_len(service_good->config.clients), OP_EQ, 1);
@@ -841,12 +840,12 @@ test_hs_control_add_onion_helper_add_service(void *arg)
list_bad = smartlist_new();
smartlist_add(list_bad, client_bad);
- portcfg = rend_service_parse_port_config("8080", ",", NULL);
+ portcfg = hs_parse_port_config("8080", ",", NULL);
portcfgs = smartlist_new();
smartlist_add(portcfgs, portcfg);
add_onion_helper_add_service(HS_VERSION_THREE, &sk_bad, portcfgs, 1, 1,
- REND_V3_AUTH, NULL, list_bad, &address_out_bad);
+ list_bad, &address_out_bad);
service_bad = find_service(global_map, &pk_bad);
diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c
index e6b27d7a50..d18de775ae 100644
--- a/src/test/test_hs_intropoint.c
+++ b/src/test/test_hs_intropoint.c
@@ -21,7 +21,6 @@
#include "core/or/circuituse.h"
#include "ht.h"
#include "core/or/relay.h"
-#include "feature/rend/rendservice.h"
#include "feature/hs/hs_cell.h"
#include "feature/hs/hs_circuitmap.h"
@@ -517,42 +516,6 @@ helper_establish_intro_v3(or_circuit_t *intro_circ)
return cell;
}
-/* Helper function: Send a well-formed v2 ESTABLISH_INTRO cell to
- * intro_circ. Return the public key advertised in the cell. */
-static crypto_pk_t *
-helper_establish_intro_v2(or_circuit_t *intro_circ)
-{
- crypto_pk_t *key1 = NULL;
- int retval;
- uint8_t cell_body[RELAY_PAYLOAD_SIZE];
- ssize_t cell_len = 0;
- char circ_nonce[DIGEST_LEN] = {0};
-
- tt_assert(intro_circ);
-
- /* Prepare the circuit for the incoming ESTABLISH_INTRO */
- crypto_rand(circ_nonce, sizeof(circ_nonce));
- helper_prepare_circ_for_intro(intro_circ, circ_nonce);
-
- /* Send legacy establish_intro */
- key1 = pk_generate(0);
-
- /* Use old circ_nonce why not */
- cell_len = rend_service_encode_establish_intro_cell(
- (char*)cell_body,
- sizeof(cell_body), key1,
- circ_nonce);
- tt_int_op(cell_len, OP_GT, 0);
-
- /* Receive legacy establish_intro */
- retval = hs_intro_received_establish_intro(intro_circ,
- cell_body, (size_t) cell_len);
- tt_int_op(retval, OP_EQ, 0);
-
- done:
- return key1;
-}
-
/* Helper function: test circuitmap free_all function outside of
* test_intro_point_registration to prevent Coverity from seeing a
* double free if the assertion hypothetically fails.
@@ -571,21 +534,17 @@ test_circuitmap_free_all(void)
;
}
-/** Successfully register a v2 intro point and a v3 intro point. Ensure that HS
+/** Successfully register a v3 intro point. Ensure that HS
* circuitmap is maintained properly. */
static void
test_intro_point_registration(void *arg)
{
- int retval;
hs_circuitmap_ht *the_hs_circuitmap = NULL;
or_circuit_t *intro_circ = NULL;
trn_cell_establish_intro_t *establish_intro_cell = NULL;
ed25519_public_key_t auth_key;
- crypto_pk_t *legacy_auth_key = NULL;
- or_circuit_t *legacy_intro_circ = NULL;
-
or_circuit_t *returned_intro_circ = NULL;
(void) arg;
@@ -621,35 +580,11 @@ test_intro_point_registration(void *arg)
tt_ptr_op(intro_circ, OP_EQ, returned_intro_circ);
}
- /* Create a v2 intro point */
- {
- char key_digest[DIGEST_LEN];
-
- legacy_intro_circ = or_circuit_new(1, NULL);
- tt_assert(legacy_intro_circ);
- legacy_auth_key = helper_establish_intro_v2(legacy_intro_circ);
- tt_assert(legacy_auth_key);
-
- /* Check that the circuitmap now has two elements */
- the_hs_circuitmap = get_hs_circuitmap();
- tt_assert(the_hs_circuitmap);
- tt_int_op(2, OP_EQ, HT_SIZE(the_hs_circuitmap));
-
- /* Check that the new element is our legacy intro circuit. */
- retval = crypto_pk_get_digest(legacy_auth_key, key_digest);
- tt_int_op(retval, OP_EQ, 0);
- returned_intro_circ =
- hs_circuitmap_get_intro_circ_v2_relay_side((uint8_t*)key_digest);
- tt_ptr_op(legacy_intro_circ, OP_EQ, returned_intro_circ);
- }
-
/* XXX Continue test and try to register a second v3 intro point with the
* same auth key. Make sure that old intro circuit gets closed. */
done:
- crypto_pk_free(legacy_auth_key);
circuit_free_(TO_CIRCUIT(intro_circ));
- circuit_free_(TO_CIRCUIT(legacy_intro_circ));
trn_cell_establish_intro_free(establish_intro_cell);
test_circuitmap_free_all();
@@ -719,31 +654,6 @@ test_introduce1_suitable_circuit(void *arg)
;
}
-static void
-test_introduce1_is_legacy(void *arg)
-{
- int ret;
- uint8_t request[256];
-
- (void) arg;
-
- /* For a cell to be considered legacy, according to the specification, the
- * first 20 bytes MUST BE non-zero else it's a v3 cell. */
- memset(request, 'a', DIGEST_LEN);
- memset(request + DIGEST_LEN, 0, sizeof(request) - DIGEST_LEN);
- ret = introduce1_cell_is_legacy(request);
- tt_int_op(ret, OP_EQ, 1);
-
- /* This is a NON legacy cell. */
- memset(request, 0, DIGEST_LEN);
- memset(request + DIGEST_LEN, 'a', sizeof(request) - DIGEST_LEN);
- ret = introduce1_cell_is_legacy(request);
- tt_int_op(ret, OP_EQ, 0);
-
- done:
- ;
-}
-
static void
test_introduce1_validation(void *arg)
{
@@ -757,20 +667,6 @@ test_introduce1_validation(void *arg)
cell = helper_create_introduce1_cell();
tt_assert(cell);
-#ifndef ALL_BUGS_ARE_FATAL
- /* It should NOT be a legacy cell which will trigger a BUG(). */
- memset(cell->legacy_key_id, 'a', sizeof(cell->legacy_key_id));
- tor_capture_bugs_(1);
- ret = validate_introduce1_parsed_cell(cell);
- tor_end_capture_bugs_();
- tt_int_op(ret, OP_EQ, -1);
-#endif /* !defined(ALL_BUGS_ARE_FATAL) */
-
- /* Reset legacy ID and make sure it's correct. */
- memset(cell->legacy_key_id, 0, sizeof(cell->legacy_key_id));
- ret = validate_introduce1_parsed_cell(cell);
- tt_int_op(ret, OP_EQ, 0);
-
/* Non existing auth key type. */
cell->auth_key_type = 42;
ret = validate_introduce1_parsed_cell(cell);
@@ -877,35 +773,6 @@ test_received_introduce1_handling(void *arg)
tt_int_op(ret, OP_EQ, 0);
}
- /* Valid legacy cell. */
- {
- tor_free(request);
- trn_cell_introduce1_free(cell);
- cell = helper_create_introduce1_cell();
- uint8_t *legacy_key_id = trn_cell_introduce1_getarray_legacy_key_id(cell);
- memset(legacy_key_id, 'a', DIGEST_LEN);
- /* Add an arbitrary amount of data for the payload of a v2 cell. */
- size_t request_len = trn_cell_introduce1_encoded_len(cell) + 256;
- tt_size_op(request_len, OP_GT, 0);
- request = tor_malloc_zero(request_len + 256);
- ssize_t encoded_len =
- trn_cell_introduce1_encode(request, request_len, cell);
- tt_int_op((int)encoded_len, OP_GT, 0);
-
- circ = helper_create_intro_circuit();
- or_circuit_t *service_circ = helper_create_intro_circuit();
- circuit_change_purpose(TO_CIRCUIT(service_circ),
- CIRCUIT_PURPOSE_INTRO_POINT);
- /* Register the circuit in the map for the auth key of the cell. */
- uint8_t token[REND_TOKEN_LEN];
- memcpy(token, legacy_key_id, sizeof(token));
- hs_circuitmap_register_intro_circ_v2_relay_side(service_circ, token);
- ret = hs_intro_received_introduce1(circ, request, request_len);
- circuit_free_(TO_CIRCUIT(circ));
- circuit_free_(TO_CIRCUIT(service_circ));
- tt_int_op(ret, OP_EQ, 0);
- }
-
done:
trn_cell_introduce1_free(cell);
tor_free(request);
@@ -1109,9 +976,6 @@ struct testcase_t hs_intropoint_tests[] = {
{ "introduce1_suitable_circuit",
test_introduce1_suitable_circuit, TT_FORK, NULL, &test_setup},
- { "introduce1_is_legacy",
- test_introduce1_is_legacy, TT_FORK, NULL, &test_setup},
-
{ "introduce1_validation",
test_introduce1_validation, TT_FORK, NULL, &test_setup},
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index 66e8e2f473..91d4689848 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -26,7 +26,6 @@
#include "test/test.h"
#include "test/test_helpers.h"
#include "test/log_test_helpers.h"
-#include "test/rend_test_helpers.h"
#include "test/hs_test_helpers.h"
#include "core/or/or.h"
@@ -58,7 +57,6 @@
#include "feature/hs/hs_service.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
-#include "feature/rend/rendservice.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/fs/dir.h"
@@ -383,14 +381,13 @@ test_load_keys(void *arg)
{
int ret;
char *conf = NULL;
- char *hsdir_v2 = tor_strdup(get_fname("hs2"));
char *hsdir_v3 = tor_strdup(get_fname("hs3"));
char addr[HS_SERVICE_ADDR_LEN_BASE32 + 1];
(void) arg;
- /* We'll register two services, a v2 and a v3, then we'll load keys and
- * validate that both are in a correct state. */
+ /* We'll register one service then we'll load keys and validate that both
+ * are in a correct state. */
hs_init();
@@ -399,15 +396,6 @@ test_load_keys(void *arg)
"HiddenServiceVersion %d\n" \
"HiddenServicePort 65535\n"
- /* v2 service. */
- tor_asprintf(&conf, conf_fmt, hsdir_v2, HS_VERSION_TWO);
- ret = helper_config_service(conf);
- tor_free(conf);
- tt_int_op(ret, OP_EQ, 0);
- /* This one should now be registered into the v2 list. */
- tt_int_op(get_hs_service_staging_list_size(), OP_EQ, 0);
- tt_int_op(rend_num_services(), OP_EQ, 1);
-
/* v3 service. */
tor_asprintf(&conf, conf_fmt, hsdir_v3, HS_VERSION_THREE);
ret = helper_config_service(conf);
@@ -441,7 +429,6 @@ test_load_keys(void *arg)
tt_assert(!s->config.is_client_auth_enabled);
done:
- tor_free(hsdir_v2);
tor_free(hsdir_v3);
hs_free_all();
}
@@ -634,8 +621,8 @@ test_access_service(void *arg)
(void) arg;
- /* We'll register two services, a v2 and a v3, then we'll load keys and
- * validate that both are in a correct state. */
+ /* We'll register one service then we'll load keys and validate that both
+ * are in a correct state. */
hs_init();
diff --git a/src/test/test_introduce.c b/src/test/test_introduce.c
deleted file mode 100644
index 0ae78496b2..0000000000
--- a/src/test/test_introduce.c
+++ /dev/null
@@ -1,539 +0,0 @@
-/* Copyright (c) 2012-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-#include "orconfig.h"
-#include "lib/crypt_ops/crypto_cipher.h"
-#include "core/or/or.h"
-#include "test/test.h"
-
-#define RENDSERVICE_PRIVATE
-#include "feature/rend/rendservice.h"
-
-static uint8_t v0_test_plaintext[] =
- /* 20 bytes of rendezvous point nickname */
- { 0x4e, 0x69, 0x63, 0x6b, 0x6e, 0x61, 0x6d, 0x65,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00,
- /* 20 bytes dummy rendezvous cookie */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13,
- /* 128 bytes dummy DH handshake data */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
-
-static uint8_t v1_test_plaintext[] =
- /* Version byte */
- { 0x01,
- /* 42 bytes of dummy rendezvous point hex digest */
- 0x24, 0x30, 0x30, 0x30, 0x31, 0x30, 0x32, 0x30,
- 0x33, 0x30, 0x34, 0x30, 0x35, 0x30, 0x36, 0x30,
- 0x37, 0x30, 0x38, 0x30, 0x39, 0x30, 0x41, 0x30,
- 0x42, 0x30, 0x43, 0x30, 0x44, 0x30, 0x45, 0x30,
- 0x46, 0x31, 0x30, 0x31, 0x31, 0x31, 0x32, 0x31,
- 0x33, 0x00,
- /* 20 bytes dummy rendezvous cookie */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13,
- /* 128 bytes dummy DH handshake data */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
-
-static uint8_t v2_test_plaintext[] =
- /* Version byte */
- { 0x02,
- /* 4 bytes rendezvous point's IP address */
- 0xc0, 0xa8, 0x00, 0x01,
- /* 2 bytes rendezvous point's OR port */
- 0x23, 0x5a,
- /* 20 bytes dummy rendezvous point's identity digest */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13,
- /* 2 bytes length of onion key */
- 0x00, 0x8c,
- /* Onion key (140 bytes taken from live test) */
- 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
- 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
- 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
- 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
- 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
- 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
- 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
- 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
- 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
- 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
- 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
- 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
- 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
- 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
- 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
- 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
- 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
- 0x03, 0x01, 0x00, 0x01,
- /* 20 bytes dummy rendezvous cookie */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13,
- /* 128 bytes dummy DH handshake data */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
-
-static uint8_t v3_no_auth_test_plaintext[] =
- /* Version byte */
- { 0x03,
- /* Auth type (0 for no auth len/auth data) */
- 0x00,
- /* Timestamp */
- 0x50, 0x0b, 0xb5, 0xaa,
- /* 4 bytes rendezvous point's IP address */
- 0xc0, 0xa8, 0x00, 0x01,
- /* 2 bytes rendezvous point's OR port */
- 0x23, 0x5a,
- /* 20 bytes dummy rendezvous point's identity digest */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13,
- /* 2 bytes length of onion key */
- 0x00, 0x8c,
- /* Onion key (140 bytes taken from live test) */
- 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
- 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
- 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
- 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
- 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
- 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
- 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
- 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
- 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
- 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
- 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
- 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
- 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
- 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
- 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
- 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
- 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
- 0x03, 0x01, 0x00, 0x01,
- /* 20 bytes dummy rendezvous cookie */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13,
- /* 128 bytes dummy DH handshake data */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
-
-static uint8_t v3_basic_auth_test_plaintext[] =
- /* Version byte */
- { 0x03,
- /* Auth type (1 for REND_BASIC_AUTH) */
- 0x01,
- /* Auth len (must be 16 bytes for REND_BASIC_AUTH) */
- 0x00, 0x10,
- /* Auth data (a 16-byte dummy descriptor cookie) */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- /* Timestamp */
- 0x50, 0x0b, 0xb5, 0xaa,
- /* 4 bytes rendezvous point's IP address */
- 0xc0, 0xa8, 0x00, 0x01,
- /* 2 bytes rendezvous point's OR port */
- 0x23, 0x5a,
- /* 20 bytes dummy rendezvous point's identity digest */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13,
- /* 2 bytes length of onion key */
- 0x00, 0x8c,
- /* Onion key (140 bytes taken from live test) */
- 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
- 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
- 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
- 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
- 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
- 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
- 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
- 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
- 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
- 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
- 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
- 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
- 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
- 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
- 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
- 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
- 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
- 0x03, 0x01, 0x00, 0x01,
- /* 20 bytes dummy rendezvous cookie */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13,
- /* 128 bytes dummy DH handshake data */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
-
-static void do_decrypt_test(uint8_t *plaintext, size_t plaintext_len);
-static void do_early_parse_test(uint8_t *plaintext, size_t plaintext_len);
-static void do_late_parse_test(uint8_t *plaintext, size_t plaintext_len);
-static void do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase);
-static ssize_t make_intro_from_plaintext(
- void *buf, size_t len, crypto_pk_t *key, void **cell_out);
-
-#define EARLY_PARSE_ONLY 1
-#define DECRYPT_ONLY 2
-#define ALL_PARSING 3
-
-static void
-do_early_parse_test(uint8_t *plaintext, size_t plaintext_len)
-{
- do_parse_test(plaintext, plaintext_len, EARLY_PARSE_ONLY);
-}
-
-static void
-do_decrypt_test(uint8_t *plaintext, size_t plaintext_len)
-{
- do_parse_test(plaintext, plaintext_len, DECRYPT_ONLY);
-}
-
-static void
-do_late_parse_test(uint8_t *plaintext, size_t plaintext_len)
-{
- do_parse_test(plaintext, plaintext_len, ALL_PARSING);
-}
-
-/** Test utility function: checks that the plaintext_len-byte string at
- * plaintext is at least superficially parseable.
- */
-static void
-do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase)
-{
- crypto_pk_t *k = NULL;
- ssize_t r;
- uint8_t *cell = NULL;
- size_t cell_len;
- rend_intro_cell_t *parsed_req = NULL;
- char *err_msg = NULL;
- char digest[DIGEST_LEN];
-
- /* Get a key */
- k = crypto_pk_new();
- tt_assert(k);
- r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_1, -1);
- tt_assert(!r);
-
- /* Get digest for future comparison */
- r = crypto_pk_get_digest(k, digest);
- tt_assert(r >= 0);
-
- /* Make a cell out of it */
- r = make_intro_from_plaintext(
- plaintext, plaintext_len,
- k, (void **)(&cell));
- tt_assert(r > 0);
- tt_assert(cell);
- cell_len = r;
-
- /* Do early parsing */
- parsed_req = rend_service_begin_parse_intro(cell, cell_len, 2, &err_msg);
- tt_assert(parsed_req);
- tt_ptr_op(err_msg, OP_EQ, NULL);
- tt_mem_op(parsed_req->pk,OP_EQ, digest, DIGEST_LEN);
- tt_assert(parsed_req->ciphertext);
- tt_assert(parsed_req->ciphertext_len > 0);
-
- if (phase == EARLY_PARSE_ONLY)
- goto done;
-
- /* Do decryption */
- r = rend_service_decrypt_intro(parsed_req, k, &err_msg);
- tt_assert(!r);
- tt_ptr_op(err_msg, OP_EQ, NULL);
- tt_assert(parsed_req->plaintext);
- tt_assert(parsed_req->plaintext_len > 0);
-
- if (phase == DECRYPT_ONLY)
- goto done;
-
- /* Do late parsing */
- r = rend_service_parse_intro_plaintext(parsed_req, &err_msg);
- tt_assert(!r);
- tt_ptr_op(err_msg, OP_EQ, NULL);
- tt_assert(parsed_req->parsed);
-
- done:
- tor_free(cell);
- crypto_pk_free(k);
- rend_service_free_intro(parsed_req);
- tor_free(err_msg);
-}
-
-/** Given the plaintext of the encrypted part of an INTRODUCE1/2 and a key,
- * construct the encrypted cell for testing.
- */
-
-static ssize_t
-make_intro_from_plaintext(
- void *buf, size_t len, crypto_pk_t *key, void **cell_out)
-{
- char *cell = NULL;
- ssize_t cell_len = -1, r;
- /* Assemble key digest and ciphertext, then construct the cell */
- ssize_t ciphertext_size;
-
- if (!(buf && key && len > 0 && cell_out)) goto done;
-
- /*
- * Figure out an upper bound on how big the ciphertext will be
- * (see crypto_pk_obsolete_public_hybrid_encrypt())
- */
- ciphertext_size = PKCS1_OAEP_PADDING_OVERHEAD;
- ciphertext_size += crypto_pk_keysize(key);
- ciphertext_size += CIPHER_KEY_LEN;
- ciphertext_size += len;
-
- /*
- * Allocate space for the cell
- */
- cell = tor_malloc(DIGEST_LEN + ciphertext_size);
-
- /* Compute key digest (will be first DIGEST_LEN octets of cell) */
- r = crypto_pk_get_digest(key, cell);
- tt_assert(r >= 0);
-
- /* Do encryption */
- r = crypto_pk_obsolete_public_hybrid_encrypt(
- key, cell + DIGEST_LEN, ciphertext_size,
- buf, len,
- PK_PKCS1_OAEP_PADDING, 0);
- tt_assert(r >= 0);
-
- /* Figure out cell length */
- cell_len = DIGEST_LEN + r;
-
- /* Output the cell */
- *cell_out = cell;
- cell = NULL;
-
- done:
- tor_free(cell);
- return cell_len;
-}
-
-/** Test v0 INTRODUCE2 parsing through decryption only
- */
-
-static void
-test_introduce_decrypt_v0(void *arg)
-{
- (void)arg;
- do_decrypt_test(v0_test_plaintext, sizeof(v0_test_plaintext));
-}
-
-/** Test v1 INTRODUCE2 parsing through decryption only
- */
-
-static void
-test_introduce_decrypt_v1(void *arg)
-{
- (void)arg;
- do_decrypt_test(v1_test_plaintext, sizeof(v1_test_plaintext));
-}
-
-/** Test v2 INTRODUCE2 parsing through decryption only
- */
-
-static void
-test_introduce_decrypt_v2(void *arg)
-{
- (void)arg;
- do_decrypt_test(v2_test_plaintext, sizeof(v2_test_plaintext));
-}
-
-/** Test v3 INTRODUCE2 parsing through decryption only
- */
-
-static void
-test_introduce_decrypt_v3(void *arg)
-{
- (void)arg;
- do_decrypt_test(
- v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
- do_decrypt_test(
- v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
-}
-
-/** Test v0 INTRODUCE2 parsing through early parsing only
- */
-
-static void
-test_introduce_early_parse_v0(void *arg)
-{
- (void)arg;
- do_early_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext));
-}
-
-/** Test v1 INTRODUCE2 parsing through early parsing only
- */
-
-static void
-test_introduce_early_parse_v1(void *arg)
-{
- (void)arg;
- do_early_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext));
-}
-
-/** Test v2 INTRODUCE2 parsing through early parsing only
- */
-
-static void
-test_introduce_early_parse_v2(void *arg)
-{
- (void)arg;
- do_early_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext));
-}
-
-/** Test v3 INTRODUCE2 parsing through early parsing only
- */
-
-static void
-test_introduce_early_parse_v3(void *arg)
-{
- (void)arg;
- do_early_parse_test(
- v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
- do_early_parse_test(
- v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
-}
-
-/** Test v0 INTRODUCE2 parsing
- */
-
-static void
-test_introduce_late_parse_v0(void *arg)
-{
- (void)arg;
- do_late_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext));
-}
-
-/** Test v1 INTRODUCE2 parsing
- */
-
-static void
-test_introduce_late_parse_v1(void *arg)
-{
- (void)arg;
- do_late_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext));
-}
-
-/** Test v2 INTRODUCE2 parsing
- */
-
-static void
-test_introduce_late_parse_v2(void *arg)
-{
- (void)arg;
- do_late_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext));
-}
-
-/** Test v3 INTRODUCE2 parsing
- */
-
-static void
-test_introduce_late_parse_v3(void *arg)
-{
- (void)arg;
- do_late_parse_test(
- v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
- do_late_parse_test(
- v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
-}
-
-#define INTRODUCE_LEGACY(name) \
- { #name, test_introduce_ ## name , 0, NULL, NULL }
-
-struct testcase_t introduce_tests[] = {
- INTRODUCE_LEGACY(early_parse_v0),
- INTRODUCE_LEGACY(early_parse_v1),
- INTRODUCE_LEGACY(early_parse_v2),
- INTRODUCE_LEGACY(early_parse_v3),
- INTRODUCE_LEGACY(decrypt_v0),
- INTRODUCE_LEGACY(decrypt_v1),
- INTRODUCE_LEGACY(decrypt_v2),
- INTRODUCE_LEGACY(decrypt_v3),
- INTRODUCE_LEGACY(late_parse_v0),
- INTRODUCE_LEGACY(late_parse_v1),
- INTRODUCE_LEGACY(late_parse_v2),
- INTRODUCE_LEGACY(late_parse_v3),
- END_OF_TESTCASES
-};
diff --git a/src/test/test_rendcache.c b/src/test/test_rendcache.c
deleted file mode 100644
index 06167635c1..0000000000
--- a/src/test/test_rendcache.c
+++ /dev/null
@@ -1,1248 +0,0 @@
-/* Copyright (c) 2010-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-#include "orconfig.h"
-#include "core/or/or.h"
-
-#include "test/test.h"
-#define RENDCACHE_PRIVATE
-#include "feature/rend/rendcache.h"
-#include "feature/relay/router.h"
-#include "feature/nodelist/routerlist.h"
-#include "app/config/config.h"
-#include "feature/hs/hs_common.h"
-
-#include "core/or/extend_info_st.h"
-#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
-#include "feature/rend/rend_intro_point_st.h"
-#include "feature/rend/rend_service_descriptor_st.h"
-#include "feature/nodelist/routerinfo_st.h"
-
-#include "test/rend_test_helpers.h"
-#include "test/log_test_helpers.h"
-
-static const int RECENT_TIME = -10;
-static const int TIME_IN_THE_PAST = -(REND_CACHE_MAX_AGE + \
- REND_CACHE_MAX_SKEW + 60);
-static const int TIME_IN_THE_FUTURE = REND_CACHE_MAX_SKEW + 60;
-
-static void
-test_rend_cache_lookup_entry(void *data)
-{
- int ret;
- rend_data_t *mock_rend_query = NULL;
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- rend_cache_entry_t *entry = NULL;
- rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
- char *service_id = NULL;
- (void)data;
-
- rend_cache_init();
-
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
-
- ret = rend_cache_lookup_entry("abababababababab", 0, NULL);
- tt_int_op(ret, OP_EQ, -ENOENT);
-
- ret = rend_cache_lookup_entry("invalid query", 2, NULL);
- tt_int_op(ret, OP_EQ, -EINVAL);
-
- ret = rend_cache_lookup_entry("abababababababab", 2, NULL);
- tt_int_op(ret, OP_EQ, -ENOENT);
-
- ret = rend_cache_lookup_entry("abababababababab", 4224, NULL);
- tt_int_op(ret, OP_EQ, -ENOENT);
-
- mock_rend_query = mock_rend_data(service_id);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
- rend_cache_store_v2_desc_as_client(desc_holder->desc_str, desc_id_base32,
- mock_rend_query, NULL);
-
- ret = rend_cache_lookup_entry(service_id, 2, NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- ret = rend_cache_lookup_entry(service_id, 2, &entry);
- tt_int_op(ret, OP_EQ, 0);
- tt_assert(entry);
- tt_int_op(entry->len, OP_EQ, strlen(desc_holder->desc_str));
- tt_str_op(entry->desc, OP_EQ, desc_holder->desc_str);
-
- done:
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_cache_free_all();
- rend_data_free(mock_rend_query);
-}
-
-static void
-test_rend_cache_store_v2_desc_as_client(void *data)
-{
- int ret;
- rend_data_t *mock_rend_query;
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- rend_cache_entry_t *entry = NULL;
- rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
- char *service_id = NULL;
- char client_cookie[REND_DESC_COOKIE_LEN];
- (void)data;
-
- rend_cache_init();
-
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
-
- // Test success
- mock_rend_query = mock_rend_data(service_id);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- &entry);
-
- tt_int_op(ret, OP_EQ, 0);
- tt_assert(entry);
- tt_int_op(entry->len, OP_EQ, strlen(desc_holder->desc_str));
- tt_str_op(entry->desc, OP_EQ, desc_holder->desc_str);
-
- // Test various failure modes
-
- // TODO: a too long desc_id_base32 argument crashes the function
- /* ret = rend_cache_store_v2_desc_as_client( */
- /* desc_holder->desc_str, */
- /* "3TOOLONG3TOOLONG3TOOLONG3TOOLONG3TOOLONG3TOOLONG", */
- /* &mock_rend_query, NULL); */
- /* tt_int_op(ret, OP_EQ, -1); */
-
- // Test bad base32 failure
- // This causes an assertion failure if we're running with assertions.
- // But when building without asserts, we can test it.
-#ifdef DISABLE_ASSERTS_IN_UNIT_TESTS
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- "!xqunszqnaolrrfmtzgaki7mxelgvkj", mock_rend_query, NULL);
- tt_int_op(ret, OP_EQ, -1);
-#endif
-
- // Test invalid descriptor
- ret = rend_cache_store_v2_desc_as_client("invalid descriptor",
- "3xqunszqnaolrrfmtzgaki7mxelgvkje", mock_rend_query, NULL);
- tt_int_op(ret, OP_EQ, -1);
-
- // TODO: it doesn't seem to be possible to test invalid service ID condition.
- // that means it is likely not possible to have that condition without
- // earlier conditions failing first (such as signature checking of the desc)
-
- rend_cache_free_all();
-
- // Test mismatch between service ID and onion address
- rend_cache_init();
- strncpy(TO_REND_DATA_V2(mock_rend_query)->onion_address, "abc",
- REND_SERVICE_ID_LEN_BASE32+1);
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32,
- mock_rend_query, NULL);
- tt_int_op(ret, OP_EQ, -1);
- rend_cache_free_all();
- rend_data_free(mock_rend_query);
-
- // Test incorrect descriptor ID
- rend_cache_init();
- mock_rend_query = mock_rend_data(service_id);
- char orig = desc_id_base32[0];
- if (desc_id_base32[0] == 'a')
- desc_id_base32[0] = 'b';
- else
- desc_id_base32[0] = 'a';
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, -1);
- desc_id_base32[0] = orig;
- rend_cache_free_all();
-
- // Test too old descriptor
- rend_cache_init();
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_data_free(mock_rend_query);
-
- generate_desc(TIME_IN_THE_PAST, &desc_holder, &service_id, 3);
- mock_rend_query = mock_rend_data(service_id);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
-
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32,
- mock_rend_query, NULL);
- tt_int_op(ret, OP_EQ, -1);
- rend_cache_free_all();
-
- // Test too new descriptor (in the future)
- rend_cache_init();
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_data_free(mock_rend_query);
-
- generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3);
- mock_rend_query = mock_rend_data(service_id);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
-
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, -1);
- rend_cache_free_all();
-
- // Test when a descriptor is already in the cache
- rend_cache_init();
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_data_free(mock_rend_query);
-
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
- mock_rend_query = mock_rend_data(service_id);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
-
- rend_cache_store_v2_desc_as_client(desc_holder->desc_str, desc_id_base32,
- mock_rend_query, NULL);
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- &entry);
- tt_int_op(ret, OP_EQ, 0);
- tt_assert(entry);
- rend_cache_free_all();
-
- // Test unsuccessful decrypting of introduction points
- rend_cache_init();
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_data_free(mock_rend_query);
-
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
- mock_rend_query = mock_rend_data(service_id);
- TO_REND_DATA_V2(mock_rend_query)->auth_type = REND_BASIC_AUTH;
- client_cookie[0] = 'A';
- memcpy(TO_REND_DATA_V2(mock_rend_query)->descriptor_cookie, client_cookie,
- REND_DESC_COOKIE_LEN);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, 0);
- rend_cache_free_all();
-
- // Test successful run when we have REND_BASIC_AUTH but not cookie
- rend_cache_init();
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_data_free(mock_rend_query);
-
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
- mock_rend_query = mock_rend_data(service_id);
- TO_REND_DATA_V2(mock_rend_query)->auth_type = REND_BASIC_AUTH;
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- rend_cache_free_all();
-
- // Test when we have no introduction points
- rend_cache_init();
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_data_free(mock_rend_query);
-
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 0);
- mock_rend_query = mock_rend_data(service_id);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, -1);
- rend_cache_free_all();
-
- // Test when we have too many intro points
- rend_cache_init();
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_data_free(mock_rend_query);
-
- generate_desc(RECENT_TIME, &desc_holder, &service_id, MAX_INTRO_POINTS+1);
- mock_rend_query = mock_rend_data(service_id);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
- ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, -1);
-
- done:
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_cache_free_all();
- rend_data_free(mock_rend_query);
-}
-
-static void
-test_rend_cache_store_v2_desc_as_client_with_different_time(void *data)
-{
- int ret;
- rend_data_t *mock_rend_query;
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- rend_service_descriptor_t *generated = NULL;
- smartlist_t *descs = smartlist_new();
- time_t t;
- char *service_id = NULL;
- rend_encoded_v2_service_descriptor_t *desc_holder_newer;
- rend_encoded_v2_service_descriptor_t *desc_holder_older;
-
- t = time(NULL);
- rend_cache_init();
-
- create_descriptor(&generated, &service_id, 3);
-
- generated->timestamp = t + RECENT_TIME;
- rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
- REND_NO_AUTH, NULL, NULL);
- desc_holder_newer = ((rend_encoded_v2_service_descriptor_t *)
- smartlist_get(descs, 0));
- smartlist_set(descs, 0, NULL);
-
- SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
- rend_encoded_v2_service_descriptor_free(d));
- smartlist_free(descs);
- descs = smartlist_new();
-
- generated->timestamp = (t + RECENT_TIME) - 20;
- rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
- REND_NO_AUTH, NULL, NULL);
- desc_holder_older = ((rend_encoded_v2_service_descriptor_t *)
- smartlist_get(descs, 0));
- smartlist_set(descs, 0, NULL);
- (void)data;
-
- // Test when a descriptor is already in the cache and it is newer than the
- // one we submit
- mock_rend_query = mock_rend_data(service_id);
- base32_encode(desc_id_base32, sizeof(desc_id_base32),
- desc_holder_newer->desc_id, DIGEST_LEN);
- rend_cache_store_v2_desc_as_client(desc_holder_newer->desc_str,
- desc_id_base32, mock_rend_query, NULL);
- ret = rend_cache_store_v2_desc_as_client(desc_holder_older->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- rend_cache_free_all();
-
- // Test when an old descriptor is in the cache and we submit a newer one
- rend_cache_init();
- rend_cache_store_v2_desc_as_client(desc_holder_older->desc_str,
- desc_id_base32, mock_rend_query, NULL);
- ret = rend_cache_store_v2_desc_as_client(desc_holder_newer->desc_str,
- desc_id_base32, mock_rend_query,
- NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- done:
- rend_encoded_v2_service_descriptor_free(desc_holder_newer);
- rend_encoded_v2_service_descriptor_free(desc_holder_older);
- SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
- rend_encoded_v2_service_descriptor_free(d));
- smartlist_free(descs);
- rend_service_descriptor_free(generated);
- tor_free(service_id);
- rend_cache_free_all();
- rend_data_free(mock_rend_query);
-}
-
-static const routerinfo_t *rcache_lookup_v2_as_dir_get_my_routerinfo(void);
-
-static routerinfo_t *mock_routerinfo;
-
-static const routerinfo_t *
-rcache_lookup_v2_as_dir_get_my_routerinfo(void)
-{
- if (!mock_routerinfo) {
- mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
- }
-
- return mock_routerinfo;
-}
-
-static void
-test_rend_cache_lookup_v2_desc_as_dir(void *data)
-{
- int ret;
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
- char *service_id = NULL;
- const char *ret_desc = NULL;
-
- (void)data;
-
- MOCK(router_get_my_routerinfo,
- rcache_lookup_v2_as_dir_get_my_routerinfo);
-
- rend_cache_init();
-
- // Test invalid base32
- ret = rend_cache_lookup_v2_desc_as_dir("!bababababababab", NULL);
- tt_int_op(ret, OP_EQ, -1);
-
- // Test non-existent descriptor but well formed
- ret = rend_cache_lookup_v2_desc_as_dir("3xqunszqnaolrrfmtzgaki7mxelgvkje",
- NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- // Test existing descriptor
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
- rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
- ret = rend_cache_lookup_v2_desc_as_dir(desc_id_base32, &ret_desc);
- tt_int_op(ret, OP_EQ, 1);
- tt_assert(ret_desc);
-
- done:
- UNMOCK(router_get_my_routerinfo);
- tor_free(mock_routerinfo);
- rend_cache_free_all();
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
-}
-
-static const routerinfo_t *rcache_store_v2_as_dir_get_my_routerinfo(void);
-
-static const routerinfo_t *
-rcache_store_v2_as_dir_get_my_routerinfo(void)
-{
- return mock_routerinfo;
-}
-
-static void
-test_rend_cache_store_v2_desc_as_dir(void *data)
-{
- (void)data;
- int ret;
- rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
- char *service_id = NULL;
-
- MOCK(router_get_my_routerinfo,
- rcache_store_v2_as_dir_get_my_routerinfo);
-
- rend_cache_init();
-
- // Test when we can't parse the descriptor
- mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
- ret = rend_cache_store_v2_desc_as_dir("unparseable");
- tt_int_op(ret, OP_EQ, -1);
-
- // Test when we have an old descriptor
- generate_desc(TIME_IN_THE_PAST, &desc_holder, &service_id, 3);
- ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
- tt_int_op(ret, OP_EQ, 0);
-
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
-
- // Test when we have a descriptor in the future
- generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3);
- ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
- tt_int_op(ret, OP_EQ, 0);
-
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
-
- // Test when two descriptors
- generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3);
- ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
- tt_int_op(ret, OP_EQ, 0);
-
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
-
- // Test when asking for hidden service statistics HiddenServiceStatistics
- rend_cache_purge();
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
- get_options_mutable()->HiddenServiceStatistics = 1;
- ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
- tt_int_op(ret, OP_EQ, 0);
-
- done:
- UNMOCK(router_get_my_routerinfo);
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_cache_free_all();
- tor_free(mock_routerinfo);
-}
-
-static void
-test_rend_cache_store_v2_desc_as_dir_with_different_time(void *data)
-{
- (void)data;
-
- int ret;
- rend_service_descriptor_t *generated = NULL;
- smartlist_t *descs = smartlist_new();
- time_t t;
- char *service_id = NULL;
- rend_encoded_v2_service_descriptor_t *desc_holder_newer;
- rend_encoded_v2_service_descriptor_t *desc_holder_older;
-
- MOCK(router_get_my_routerinfo,
- rcache_store_v2_as_dir_get_my_routerinfo);
-
- rend_cache_init();
-
- t = time(NULL);
-
- create_descriptor(&generated, &service_id, 3);
- generated->timestamp = t + RECENT_TIME;
- rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
- REND_NO_AUTH, NULL, NULL);
- desc_holder_newer = ((rend_encoded_v2_service_descriptor_t *)
- smartlist_get(descs, 0));
- smartlist_set(descs, 0, NULL);
- SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
- rend_encoded_v2_service_descriptor_free(d));
- smartlist_free(descs);
- descs = smartlist_new();
-
- generated->timestamp = (t + RECENT_TIME) - 20;
- rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
- REND_NO_AUTH, NULL, NULL);
- desc_holder_older = ((rend_encoded_v2_service_descriptor_t *)
- smartlist_get(descs, 0));
- smartlist_set(descs, 0, NULL);
-
- // Test when we have a newer descriptor stored
- mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
- rend_cache_store_v2_desc_as_dir(desc_holder_newer->desc_str);
- ret = rend_cache_store_v2_desc_as_dir(desc_holder_older->desc_str);
- tt_int_op(ret, OP_EQ, 0);
-
- // Test when we have an old descriptor stored
- rend_cache_purge();
- rend_cache_store_v2_desc_as_dir(desc_holder_older->desc_str);
- ret = rend_cache_store_v2_desc_as_dir(desc_holder_newer->desc_str);
- tt_int_op(ret, OP_EQ, 0);
-
- done:
- UNMOCK(router_get_my_routerinfo);
- rend_cache_free_all();
- rend_service_descriptor_free(generated);
- tor_free(service_id);
- SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
- rend_encoded_v2_service_descriptor_free(d));
- smartlist_free(descs);
- rend_encoded_v2_service_descriptor_free(desc_holder_newer);
- rend_encoded_v2_service_descriptor_free(desc_holder_older);
- tor_free(mock_routerinfo);
-}
-
-static void
-test_rend_cache_store_v2_desc_as_dir_with_different_content(void *data)
-{
- (void)data;
-
- int ret;
- rend_service_descriptor_t *generated = NULL;
- smartlist_t *descs = smartlist_new();
- time_t t;
- char *service_id = NULL;
- rend_encoded_v2_service_descriptor_t *desc_holder_one = NULL;
- rend_encoded_v2_service_descriptor_t *desc_holder_two = NULL;
-
- MOCK(router_get_my_routerinfo,
- rcache_store_v2_as_dir_get_my_routerinfo);
-
- rend_cache_init();
-
- t = time(NULL);
-
- create_descriptor(&generated, &service_id, 3);
- generated->timestamp = t + RECENT_TIME;
- rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
- REND_NO_AUTH, NULL, NULL);
- desc_holder_one = ((rend_encoded_v2_service_descriptor_t *)
- smartlist_get(descs, 0));
- smartlist_set(descs, 0, NULL);
-
- SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
- rend_encoded_v2_service_descriptor_free(d));
- smartlist_free(descs);
- descs = smartlist_new();
-
- generated->timestamp = t + RECENT_TIME;
- generated->protocols = 41;
- rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
- REND_NO_AUTH, NULL, NULL);
- desc_holder_two = ((rend_encoded_v2_service_descriptor_t *)
- smartlist_get(descs, 0));
- smartlist_set(descs, 0, NULL);
-
- // Test when we have another descriptor stored, with a different descriptor
- mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
- rend_cache_store_v2_desc_as_dir(desc_holder_one->desc_str);
- ret = rend_cache_store_v2_desc_as_dir(desc_holder_two->desc_str);
- tt_int_op(ret, OP_EQ, 0);
-
- done:
- UNMOCK(router_get_my_routerinfo);
- rend_cache_free_all();
- rend_service_descriptor_free(generated);
- tor_free(service_id);
- SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
- rend_encoded_v2_service_descriptor_free(d));
- smartlist_free(descs);
- rend_encoded_v2_service_descriptor_free(desc_holder_one);
- rend_encoded_v2_service_descriptor_free(desc_holder_two);
-}
-
-static void
-test_rend_cache_init(void *data)
-{
- (void)data;
-
- tt_assert_msg(!rend_cache, "rend_cache should be NULL when starting");
- tt_assert_msg(!rend_cache_v2_dir, "rend_cache_v2_dir should be NULL "
- "when starting");
- tt_assert_msg(!rend_cache_failure, "rend_cache_failure should be NULL when "
- "starting");
-
- rend_cache_init();
-
- tt_assert_msg(rend_cache, "rend_cache should not be NULL after initing");
- tt_assert_msg(rend_cache_v2_dir, "rend_cache_v2_dir should not be NULL "
- "after initing");
- tt_assert_msg(rend_cache_failure, "rend_cache_failure should not be NULL "
- "after initing");
-
- tt_int_op(strmap_size(rend_cache), OP_EQ, 0);
- tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0);
- tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_decrement_allocation(void *data)
-{
- (void)data;
-
- // Test when the cache has enough allocations
- rend_cache_total_allocation = 10;
- rend_cache_decrement_allocation(3);
- tt_int_op(rend_cache_total_allocation, OP_EQ, 7);
-
- // Test when there are not enough allocations
- rend_cache_total_allocation = 1;
- setup_full_capture_of_logs(LOG_WARN);
- rend_cache_decrement_allocation(2);
- tt_int_op(rend_cache_total_allocation, OP_EQ, 0);
- expect_single_log_msg_containing(
- "Underflow in rend_cache_decrement_allocation");
- teardown_capture_of_logs();
-
- // And again
- rend_cache_decrement_allocation(2);
- tt_int_op(rend_cache_total_allocation, OP_EQ, 0);
-
- done:
- teardown_capture_of_logs();
-}
-
-static void
-test_rend_cache_increment_allocation(void *data)
-{
- (void)data;
-
- // Test when the cache is not overflowing
- rend_cache_total_allocation = 5;
- rend_cache_increment_allocation(3);
- tt_int_op(rend_cache_total_allocation, OP_EQ, 8);
-
- // Test when there are too many allocations
- rend_cache_total_allocation = SIZE_MAX-1;
- setup_full_capture_of_logs(LOG_WARN);
- rend_cache_increment_allocation(2);
- tt_u64_op(rend_cache_total_allocation, OP_EQ, SIZE_MAX);
- expect_single_log_msg_containing(
- "Overflow in rend_cache_increment_allocation");
- teardown_capture_of_logs();
-
- // And again
- rend_cache_increment_allocation(2);
- tt_u64_op(rend_cache_total_allocation, OP_EQ, SIZE_MAX);
-
- done:
- teardown_capture_of_logs();
-}
-
-static void
-test_rend_cache_failure_intro_entry_new(void *data)
-{
- time_t now;
- rend_cache_failure_intro_t *entry;
- rend_intro_point_failure_t failure;
-
- (void)data;
-
- failure = INTRO_POINT_FAILURE_TIMEOUT;
- now = time(NULL);
- entry = rend_cache_failure_intro_entry_new(failure);
-
- tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_TIMEOUT);
- tt_int_op(entry->created_ts, OP_GE, now-5);
- tt_int_op(entry->created_ts, OP_LE, now+5);
-
- done:
- tor_free(entry);
-}
-
-static void
-test_rend_cache_failure_intro_lookup(void *data)
-{
- (void)data;
- int ret;
- rend_cache_failure_t *failure;
- rend_cache_failure_intro_t *ip;
- rend_cache_failure_intro_t *entry;
- const char key_ip_one[DIGEST_LEN] = "ip1";
- const char key_ip_two[DIGEST_LEN] = "ip2";
- const char key_foo[DIGEST_LEN] = "foo1";
-
- rend_cache_init();
-
- failure = rend_cache_failure_entry_new();
- ip = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
- digestmap_set(failure->intro_failures, key_ip_one, ip);
- strmap_set_lc(rend_cache_failure, "foo1", failure);
-
- // Test not found
- ret = cache_failure_intro_lookup((const uint8_t *) key_foo, "foo2", NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- // Test found with no intro failures in it
- ret = cache_failure_intro_lookup((const uint8_t *) key_ip_two, "foo1", NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- // Test found
- ret = cache_failure_intro_lookup((const uint8_t *) key_ip_one, "foo1", NULL);
- tt_int_op(ret, OP_EQ, 1);
-
- // Test found and asking for entry
- cache_failure_intro_lookup((const uint8_t *) key_ip_one, "foo1", &entry);
- tt_assert(entry);
- tt_assert(entry == ip);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_clean(void *data)
-{
- rend_cache_entry_t *one, *two;
- rend_service_descriptor_t *desc_one, *desc_two;
- strmap_iter_t *iter = NULL;
- const char *key;
- void *val;
-
- (void)data;
-
- rend_cache_init();
-
- // Test with empty rendcache
- rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT);
- tt_int_op(strmap_size(rend_cache), OP_EQ, 0);
-
- // Test with two old entries
- one = tor_malloc_zero(sizeof(rend_cache_entry_t));
- two = tor_malloc_zero(sizeof(rend_cache_entry_t));
- desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- desc_two = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- one->parsed = desc_one;
- two->parsed = desc_two;
-
- desc_one->timestamp = time(NULL) + TIME_IN_THE_PAST;
- desc_two->timestamp = (time(NULL) + TIME_IN_THE_PAST) - 10;
- desc_one->pk = pk_generate(0);
- desc_two->pk = pk_generate(1);
-
- strmap_set_lc(rend_cache, "foo1", one);
- rend_cache_increment_allocation(rend_cache_entry_allocation(one));
- strmap_set_lc(rend_cache, "foo2", two);
- rend_cache_increment_allocation(rend_cache_entry_allocation(two));
-
- rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT);
- tt_int_op(strmap_size(rend_cache), OP_EQ, 0);
-
- // Test with one old entry and one newer entry
- one = tor_malloc_zero(sizeof(rend_cache_entry_t));
- two = tor_malloc_zero(sizeof(rend_cache_entry_t));
- desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- desc_two = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- one->parsed = desc_one;
- two->parsed = desc_two;
-
- desc_one->timestamp = (time(NULL) + TIME_IN_THE_PAST) - 10;
- desc_two->timestamp = time(NULL) - 100;
- desc_one->pk = pk_generate(0);
- desc_two->pk = pk_generate(1);
-
- rend_cache_increment_allocation(rend_cache_entry_allocation(one));
- strmap_set_lc(rend_cache, "foo1", one);
- rend_cache_increment_allocation(rend_cache_entry_allocation(two));
- strmap_set_lc(rend_cache, "foo2", two);
-
- rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT);
- tt_int_op(strmap_size(rend_cache), OP_EQ, 1);
-
- iter = strmap_iter_init(rend_cache);
- strmap_iter_get(iter, &key, &val);
- tt_str_op(key, OP_EQ, "foo2");
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_failure_entry_new(void *data)
-{
- rend_cache_failure_t *failure;
-
- (void)data;
-
- failure = rend_cache_failure_entry_new();
- tt_assert(failure);
- tt_int_op(digestmap_size(failure->intro_failures), OP_EQ, 0);
-
- done:
- rend_cache_failure_entry_free(failure);
-}
-
-static void
-test_rend_cache_failure_entry_free(void *data)
-{
- (void)data;
-
- // Test that it can deal with a NULL argument
- rend_cache_failure_entry_free_(NULL);
-
- /* done: */
- /* (void)0; */
-}
-
-static void
-test_rend_cache_failure_clean(void *data)
-{
- rend_cache_failure_t *failure;
- rend_cache_failure_intro_t *ip_one, *ip_two;
-
- const char key_one[DIGEST_LEN] = "ip1";
- const char key_two[DIGEST_LEN] = "ip2";
-
- (void)data;
-
- rend_cache_init();
-
- // Test with empty failure cache
- rend_cache_failure_clean(time(NULL));
- tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
-
- // Test with one empty failure entry
- failure = rend_cache_failure_entry_new();
- strmap_set_lc(rend_cache_failure, "foo1", failure);
- rend_cache_failure_clean(time(NULL));
- tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
-
- // Test with one new intro point
- failure = rend_cache_failure_entry_new();
- ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
- digestmap_set(failure->intro_failures, key_one, ip_one);
- strmap_set_lc(rend_cache_failure, "foo1", failure);
- rend_cache_failure_clean(time(NULL));
- tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 1);
-
- // Test with one old intro point
- rend_cache_failure_purge();
- failure = rend_cache_failure_entry_new();
- ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
- ip_one->created_ts = time(NULL) - 7*60;
- digestmap_set(failure->intro_failures, key_one, ip_one);
- strmap_set_lc(rend_cache_failure, "foo1", failure);
- rend_cache_failure_clean(time(NULL));
- tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
-
- // Test with one old intro point and one new one
- rend_cache_failure_purge();
- failure = rend_cache_failure_entry_new();
- ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
- ip_one->created_ts = time(NULL) - 7*60;
- digestmap_set(failure->intro_failures, key_one, ip_one);
- ip_two = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
- ip_two->created_ts = time(NULL) - 2*60;
- digestmap_set(failure->intro_failures, key_two, ip_two);
- strmap_set_lc(rend_cache_failure, "foo1", failure);
- rend_cache_failure_clean(time(NULL));
- tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 1);
- tt_int_op(digestmap_size(failure->intro_failures), OP_EQ, 1);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_failure_remove(void *data)
-{
- rend_service_descriptor_t *desc;
- (void)data;
-
- rend_cache_init();
-
- // Test that it deals well with a NULL desc
- rend_cache_failure_remove(NULL);
-
- // Test a descriptor that isn't in the cache
- desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- desc->pk = pk_generate(0);
- rend_cache_failure_remove(desc);
-
- // There seems to not exist any way of getting rend_cache_failure_remove()
- // to fail because of a problem with rend_get_service_id from here
- rend_cache_free_all();
-
- rend_service_descriptor_free(desc);
- /* done: */
- /* (void)0; */
-}
-
-static void
-test_rend_cache_free_all(void *data)
-{
- rend_cache_failure_t *failure;
- rend_cache_entry_t *one;
- rend_service_descriptor_t *desc_one;
-
- (void)data;
-
- rend_cache_init();
-
- failure = rend_cache_failure_entry_new();
- strmap_set_lc(rend_cache_failure, "foo1", failure);
-
- one = tor_malloc_zero(sizeof(rend_cache_entry_t));
- desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- one->parsed = desc_one;
- desc_one->timestamp = time(NULL) + TIME_IN_THE_PAST;
- desc_one->pk = pk_generate(0);
- rend_cache_increment_allocation(rend_cache_entry_allocation(one));
- strmap_set_lc(rend_cache, "foo1", one);
-
- rend_cache_free_all();
-
- tt_ptr_op(rend_cache, OP_EQ, NULL);
- tt_ptr_op(rend_cache_v2_dir, OP_EQ, NULL);
- tt_ptr_op(rend_cache_failure, OP_EQ, NULL);
- tt_assert(!rend_cache_total_allocation);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_entry_free(void *data)
-{
- (void)data;
- rend_cache_entry_t *e;
-
- // Handles NULL correctly
- rend_cache_entry_free_(NULL);
-
- // Handles NULL descriptor correctly
- e = tor_malloc_zero(sizeof(rend_cache_entry_t));
- rend_cache_increment_allocation(rend_cache_entry_allocation(e));
- rend_cache_entry_free(e);
-
- // Handles non-NULL descriptor correctly
- e = tor_malloc_zero(sizeof(rend_cache_entry_t));
- e->desc = tor_malloc(10);
- rend_cache_increment_allocation(rend_cache_entry_allocation(e));
- rend_cache_entry_free(e);
-
- /* done: */
- /* (void)0; */
-}
-
-static void
-test_rend_cache_purge(void *data)
-{
- (void)data;
-
- // Deals with a NULL rend_cache
- rend_cache_purge();
- tt_assert(rend_cache);
- tt_assert(strmap_size(rend_cache) == 0);
-
- // Deals with existing rend_cache
- rend_cache_free_all();
- rend_cache_init();
- tt_assert(rend_cache);
- tt_assert(strmap_size(rend_cache) == 0);
-
- rend_cache_purge();
- tt_assert(rend_cache);
- tt_assert(strmap_size(rend_cache) == 0);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_failure_intro_add(void *data)
-{
- (void)data;
- rend_cache_failure_t *fail_entry;
- rend_cache_failure_intro_t *entry;
- const char identity[DIGEST_LEN] = "foo1";
-
- rend_cache_init();
-
- // Adds non-existing entry
- cache_failure_intro_add((const uint8_t *) identity, "foo2",
- INTRO_POINT_FAILURE_TIMEOUT);
- fail_entry = strmap_get_lc(rend_cache_failure, "foo2");
- tt_assert(fail_entry);
- tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1);
- entry = digestmap_get(fail_entry->intro_failures, identity);
- tt_assert(entry);
-
- // Adds existing entry
- cache_failure_intro_add((const uint8_t *) identity, "foo2",
- INTRO_POINT_FAILURE_TIMEOUT);
- fail_entry = strmap_get_lc(rend_cache_failure, "foo2");
- tt_assert(fail_entry);
- tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1);
- entry = digestmap_get(fail_entry->intro_failures, identity);
- tt_assert(entry);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_intro_failure_note(void *data)
-{
- (void)data;
- rend_cache_failure_t *fail_entry;
- rend_cache_failure_intro_t *entry;
- const char key[DIGEST_LEN] = "foo1";
-
- rend_cache_init();
-
- // Test not found
- rend_cache_intro_failure_note(INTRO_POINT_FAILURE_TIMEOUT,
- (const uint8_t *) key, "foo2");
- fail_entry = strmap_get_lc(rend_cache_failure, "foo2");
- tt_assert(fail_entry);
- tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1);
- entry = digestmap_get(fail_entry->intro_failures, key);
- tt_assert(entry);
- tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_TIMEOUT);
-
- // Test found
- rend_cache_intro_failure_note(INTRO_POINT_FAILURE_UNREACHABLE,
- (const uint8_t *) key, "foo2");
- tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_UNREACHABLE);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_clean_v2_descs_as_dir(void *data)
-{
- rend_cache_entry_t *e;
- time_t now, cutoff;
- rend_service_descriptor_t *desc;
- now = time(NULL);
- cutoff = now - (REND_CACHE_MAX_AGE + REND_CACHE_MAX_SKEW);
- const char key[DIGEST_LEN] = "abcde";
-
- (void)data;
-
- rend_cache_init();
-
- // Test running with an empty cache
- rend_cache_clean_v2_descs_as_dir(cutoff);
- tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0);
-
- // Test with only one new entry
- e = tor_malloc_zero(sizeof(rend_cache_entry_t));
- e->last_served = now;
- desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
- desc->timestamp = now;
- desc->pk = pk_generate(0);
- e->parsed = desc;
- rend_cache_increment_allocation(rend_cache_entry_allocation(e));
- digestmap_set(rend_cache_v2_dir, key, e);
-
- /* Set the cutoff to minus 10 seconds. */
- rend_cache_clean_v2_descs_as_dir(cutoff - 10);
- tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 1);
-
- // Test with one old entry
- desc->timestamp = cutoff - 1000;
- rend_cache_clean_v2_descs_as_dir(cutoff);
- tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_entry_allocation(void *data)
-{
- (void)data;
-
- size_t ret;
- rend_cache_entry_t *e = NULL;
-
- // Handles a null argument
- ret = rend_cache_entry_allocation(NULL);
- tt_int_op(ret, OP_EQ, 0);
-
- // Handles a non-null argument
- e = tor_malloc_zero(sizeof(rend_cache_entry_t));
- ret = rend_cache_entry_allocation(e);
- tt_int_op(ret, OP_GT, sizeof(rend_cache_entry_t));
-
- done:
- tor_free(e);
-}
-
-static void
-test_rend_cache_failure_intro_entry_free(void *data)
-{
- (void)data;
- rend_cache_failure_intro_t *entry;
-
- // Handles a null argument
- rend_cache_failure_intro_entry_free_(NULL);
-
- // Handles a non-null argument
- entry = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
- rend_cache_failure_intro_entry_free(entry);
-}
-
-static void
-test_rend_cache_failure_purge(void *data)
-{
- (void)data;
-
- // Handles a null failure cache
- strmap_free(rend_cache_failure, rend_cache_failure_entry_free_void);
- rend_cache_failure = NULL;
-
- rend_cache_failure_purge();
-
- tt_ptr_op(rend_cache_failure, OP_NE, NULL);
- tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
-
- done:
- rend_cache_free_all();
-}
-
-static void
-test_rend_cache_validate_intro_point_failure(void *data)
-{
- (void)data;
- rend_service_descriptor_t *desc = NULL;
- char *service_id = NULL;
- rend_intro_point_t *intro = NULL;
- const char *identity = NULL;
- rend_cache_failure_t *failure;
- rend_cache_failure_intro_t *ip;
-
- rend_cache_init();
-
- create_descriptor(&desc, &service_id, 3);
- desc->timestamp = time(NULL) + RECENT_TIME;
-
- intro = (rend_intro_point_t *)smartlist_get(desc->intro_nodes, 0);
- identity = intro->extend_info->identity_digest;
-
- failure = rend_cache_failure_entry_new();
- ip = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
- digestmap_set(failure->intro_failures, identity, ip);
- strmap_set_lc(rend_cache_failure, service_id, failure);
-
- // Test when we have an intro point in our cache
- validate_intro_point_failure(desc, service_id);
- tt_int_op(smartlist_len(desc->intro_nodes), OP_EQ, 2);
-
- done:
- rend_cache_free_all();
- rend_service_descriptor_free(desc);
- tor_free(service_id);
-}
-
-struct testcase_t rend_cache_tests[] = {
- { "init", test_rend_cache_init, 0, NULL, NULL },
- { "decrement_allocation", test_rend_cache_decrement_allocation, 0,
- NULL, NULL },
- { "increment_allocation", test_rend_cache_increment_allocation, 0,
- NULL, NULL },
- { "clean", test_rend_cache_clean, TT_FORK, NULL, NULL },
- { "clean_v2_descs_as_dir", test_rend_cache_clean_v2_descs_as_dir, 0,
- NULL, NULL },
- { "entry_allocation", test_rend_cache_entry_allocation, 0, NULL, NULL },
- { "entry_free", test_rend_cache_entry_free, 0, NULL, NULL },
- { "failure_intro_entry_free", test_rend_cache_failure_intro_entry_free, 0,
- NULL, NULL },
- { "free_all", test_rend_cache_free_all, 0, NULL, NULL },
- { "purge", test_rend_cache_purge, 0, NULL, NULL },
- { "failure_clean", test_rend_cache_failure_clean, 0, NULL, NULL },
- { "failure_entry_new", test_rend_cache_failure_entry_new, 0, NULL, NULL },
- { "failure_entry_free", test_rend_cache_failure_entry_free, 0, NULL, NULL },
- { "failure_intro_add", test_rend_cache_failure_intro_add, 0, NULL, NULL },
- { "failure_intro_entry_new", test_rend_cache_failure_intro_entry_new, 0,
- NULL, NULL },
- { "failure_intro_lookup", test_rend_cache_failure_intro_lookup, 0,
- NULL, NULL },
- { "failure_purge", test_rend_cache_failure_purge, 0, NULL, NULL },
- { "failure_remove", test_rend_cache_failure_remove, 0, NULL, NULL },
- { "intro_failure_note", test_rend_cache_intro_failure_note, 0, NULL, NULL },
- { "lookup", test_rend_cache_lookup_entry, 0, NULL, NULL },
- { "lookup_v2_desc_as_dir", test_rend_cache_lookup_v2_desc_as_dir, 0,
- NULL, NULL },
- { "store_v2_desc_as_client", test_rend_cache_store_v2_desc_as_client, 0,
- NULL, NULL },
- { "store_v2_desc_as_client_with_different_time",
- test_rend_cache_store_v2_desc_as_client_with_different_time, 0,
- NULL, NULL },
- { "store_v2_desc_as_dir", test_rend_cache_store_v2_desc_as_dir, 0,
- NULL, NULL },
- { "store_v2_desc_as_dir_with_different_time",
- test_rend_cache_store_v2_desc_as_dir_with_different_time, 0, NULL, NULL },
- { "store_v2_desc_as_dir_with_different_content",
- test_rend_cache_store_v2_desc_as_dir_with_different_content, 0,
- NULL, NULL },
- { "validate_intro_point_failure",
- test_rend_cache_validate_intro_point_failure, 0, NULL, NULL },
- END_OF_TESTCASES
-};