tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE

hs_cache.h (6431B)

      1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
      2 /* See LICENSE for licensing information */
      3 
      4 /**
      5 * \file hs_cache.h
      6 * \brief Header file for hs_cache.c
      7 **/
      8 
      9 #ifndef TOR_HS_CACHE_H
     10 #define TOR_HS_CACHE_H
     11 
     12 #include <stdint.h>
     13 
     14 #include "feature/hs/hs_common.h"
     15 #include "feature/hs/hs_descriptor.h"
     16 #include "feature/hs/hs_ident.h"
     17 #include "feature/rend/rendcommon.h"
     18 #include "feature/nodelist/torcert.h"
     19 
     20 struct ed25519_public_key_t;
     21 
     22 /** This is the maximum time an introduction point state object can stay in the
     23 * client cache in seconds (2 mins or 120 seconds). */
     24 #define HS_CACHE_CLIENT_INTRO_STATE_MAX_AGE (2 * 60)
     25 /** How old do we let hidden service descriptors get before discarding
     26 * them as too old? */
     27 #define HS_CACHE_MAX_AGE (2*24*60*60)
     28 /** How wrong do we assume our clock may be when checking whether hidden
     29 * services are too old or too new? */
     30 #define HS_CACHE_MAX_SKEW (24*60*60)
     31 /** How old do we keep an intro point failure entry in the failure cache? */
     32 #define HS_CACHE_FAILURE_MAX_AGE (5*60)
     33 
     34 /** Introduction point state. */
     35 typedef struct hs_cache_intro_state_t {
     36  /** When this entry was created and put in the cache. */
     37  time_t created_ts;
     38 
     39  /** Did it suffered a generic error? */
     40  unsigned int error : 1;
     41 
     42  /** Did it timed out? */
     43  unsigned int timed_out : 1;
     44 
     45  /** How many times we tried to reached it and it was unreachable. */
     46  uint32_t unreachable_count;
     47 } hs_cache_intro_state_t;
     48 
     49 typedef struct hs_cache_client_intro_state_t {
     50  /** Contains hs_cache_intro_state_t object indexed by introduction point
     51   * authentication key. */
     52  digest256map_t *intro_points;
     53 } hs_cache_client_intro_state_t;
     54 
     55 /** Descriptor representation on the directory side which is a subset of
     56 * information that the HSDir can decode and serve it. */
     57 typedef struct hs_cache_dir_descriptor_t {
     58  /** This object is indexed using the blinded pubkey located in the plaintext
     59   * data which is populated only once the descriptor has been successfully
     60   * decoded and validated. This simply points to that pubkey. */
     61  const uint8_t *key;
     62 
     63  /** When does this entry has been created. Used to expire entries. */
     64  time_t created_ts;
     65 
     66  /** Descriptor plaintext information. Obviously, we can't decrypt the
     67   * encrypted part of the descriptor. */
     68  hs_desc_plaintext_data_t *plaintext_data;
     69  /** Encoded descriptor which is basically in text form. It's a NUL terminated
     70   * string thus safe to strlen(). */
     71  char *encoded_desc;
     72  /** How many times this descriptor has been downloaded. We use this as an
     73   * heuristic for the OOM cache cleaning. It is very large so we avoid an kind
     74   * of possible wrapping. */
     75  uint64_t n_downloaded;
     76 } hs_cache_dir_descriptor_t;
     77 
     78 /* Public API */
     79 
     80 /* Return maximum lifetime in seconds of a cache entry. */
     81 static inline time_t
     82 hs_cache_max_entry_lifetime(void)
     83 {
     84  return HS_CACHE_MAX_AGE + HS_CACHE_MAX_SKEW;
     85 }
     86 
     87 void hs_cache_init(void);
     88 void hs_cache_free_all(void);
     89 void hs_cache_clean_as_dir(time_t now);
     90 size_t hs_cache_handle_oom(size_t min_remove_bytes);
     91 
     92 unsigned int hs_cache_get_max_descriptor_size(void);
     93 
     94 /* Store and Lookup function. They are version agnostic that is depending on
     95 * the requested version of the descriptor, it will be re-routed to the
     96 * right function. */
     97 int hs_cache_store_as_dir(const char *desc);
     98 int hs_cache_lookup_as_dir(uint32_t version, const char *query,
     99                           const char **desc_out);
    100 void hs_cache_mark_dowloaded_as_dir(const hs_ident_dir_conn_t *ident);
    101 
    102 const hs_descriptor_t *
    103 hs_cache_lookup_as_client(const struct ed25519_public_key_t *key);
    104 const char *
    105 hs_cache_lookup_encoded_as_client(const struct ed25519_public_key_t *key);
    106 hs_desc_decode_status_t hs_cache_store_as_client(const char *desc_str,
    107                           const struct ed25519_public_key_t *identity_pk);
    108 void hs_cache_remove_as_client(const struct ed25519_public_key_t *key);
    109 void hs_cache_clean_as_client(time_t now);
    110 void hs_cache_purge_as_client(void);
    111 
    112 /* Client failure cache. */
    113 void hs_cache_client_intro_state_note(
    114                              const struct ed25519_public_key_t *service_pk,
    115                              const struct ed25519_public_key_t *auth_key,
    116                              rend_intro_point_failure_t failure);
    117 const hs_cache_intro_state_t *hs_cache_client_intro_state_find(
    118                              const struct ed25519_public_key_t *service_pk,
    119                              const struct ed25519_public_key_t *auth_key);
    120 void hs_cache_client_intro_state_clean(time_t now);
    121 void hs_cache_client_intro_state_purge(void);
    122 
    123 bool hs_cache_client_new_auth_parse(const ed25519_public_key_t *service_pk);
    124 
    125 uint64_t hs_cache_get_max_bytes(void);
    126 size_t hs_cache_get_total_allocation(void);
    127 void hs_cache_decrement_allocation(size_t n);
    128 void hs_cache_increment_allocation(size_t n);
    129 
    130 #ifdef HS_CACHE_PRIVATE
    131 #include "lib/crypt_ops/crypto_ed25519.h"
    132 
    133 /** Represents a locally cached HS descriptor on a hidden service client. */
    134 typedef struct hs_cache_client_descriptor_t {
    135  /** This object is indexed using the service identity public key */
    136  struct ed25519_public_key_t key;
    137 
    138  /** When will this entry expire? We expire cached client descriptors in the
    139   * start of the next time period, since that's when clients need to start
    140   * using the next blinded key of the service. */
    141  time_t expiration_ts;
    142 
    143  /** The cached decoded descriptor, this object is the owner. This can be
    144   * NULL if the descriptor couldn't be decoded due to missing or bad client
    145   * authorization. It can be decoded later from the encoded_desc object if
    146   * the proper client authorization is given tor. */
    147  hs_descriptor_t *desc;
    148 
    149  /** Encoded descriptor in string form. Can't be NULL. */
    150  char *encoded_desc;
    151 } hs_cache_client_descriptor_t;
    152 
    153 STATIC size_t cache_clean_v3_as_dir(time_t now, time_t global_cutoff);
    154 STATIC size_t cache_clean_v3_by_downloaded_as_dir(const uint64_t target,
    155                                           const size_t min_remove_bytes,
    156                                           uint64_t *next_lowest);
    157 STATIC hs_cache_dir_descriptor_t *lookup_v3_desc_as_dir(const uint8_t *key);
    158 
    159 STATIC hs_cache_client_descriptor_t *
    160 lookup_v3_desc_as_client(const uint8_t *key);
    161 
    162 #ifdef TOR_UNIT_TESTS
    163 void dir_set_downloaded(const ed25519_public_key_t *pk, uint64_t value);
    164 #endif /* TOR_UNIT_TESTS */
    165 
    166 #endif /* defined(HS_CACHE_PRIVATE) */
    167 
    168 #endif /* !defined(TOR_HS_CACHE_H) */