Line data Source code
1 : /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 : /* See LICENSE for licensing information */
3 :
4 : /**
5 : * \file hs_common.c
6 : * \brief Contains code shared between different HS protocol version as well
7 : * as useful data structures and accessors used by other subsystems.
8 : **/
9 :
10 : #define HS_COMMON_PRIVATE
11 :
12 : #include "core/or/or.h"
13 :
14 : #include "app/config/config.h"
15 : #include "core/or/circuitbuild.h"
16 : #include "core/or/policies.h"
17 : #include "core/or/extendinfo.h"
18 : #include "feature/dirauth/shared_random_state.h"
19 : #include "feature/hs/hs_cache.h"
20 : #include "feature/hs/hs_circuitmap.h"
21 : #include "feature/hs/hs_client.h"
22 : #include "feature/hs/hs_common.h"
23 : #include "feature/hs/hs_dos.h"
24 : #include "feature/hs/hs_ob.h"
25 : #include "feature/hs/hs_ident.h"
26 : #include "feature/hs/hs_service.h"
27 : #include "feature/hs_common/shared_random_client.h"
28 : #include "feature/nodelist/describe.h"
29 : #include "feature/nodelist/microdesc.h"
30 : #include "feature/nodelist/networkstatus.h"
31 : #include "feature/nodelist/nodelist.h"
32 : #include "feature/nodelist/routerset.h"
33 : #include "feature/rend/rendcommon.h"
34 : #include "feature/relay/routermode.h"
35 : #include "lib/crypt_ops/crypto_rand.h"
36 : #include "lib/crypt_ops/crypto_util.h"
37 : #include "lib/net/resolve.h"
38 :
39 : #include "core/or/edge_connection_st.h"
40 : #include "feature/nodelist/networkstatus_st.h"
41 : #include "feature/nodelist/node_st.h"
42 : #include "core/or/origin_circuit_st.h"
43 : #include "feature/nodelist/routerstatus_st.h"
44 :
45 : /* Trunnel */
46 : #include "trunnel/ed25519_cert.h"
47 :
48 : /** Ed25519 Basepoint value. Taken from section 5 of
49 : * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
50 : static const char *str_ed25519_basepoint =
51 : "(15112221349535400772501151409588531511"
52 : "454012693041857206046113283949847762202, "
53 : "463168356949264781694283940034751631413"
54 : "07993866256225615783033603165251855960)";
55 :
56 : #ifdef HAVE_SYS_UN_H
57 :
58 : /** Given <b>ports</b>, a smartlist containing hs_port_config_t,
59 : * add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success
60 : * else return -ENOSYS if AF_UNIX is not supported (see function in the
61 : * #else statement below). */
62 : static int
63 0 : add_unix_port(smartlist_t *ports, hs_port_config_t *p)
64 : {
65 0 : tor_assert(ports);
66 0 : tor_assert(p);
67 0 : tor_assert(p->is_unix_addr);
68 :
69 0 : smartlist_add(ports, p);
70 0 : return 0;
71 : }
72 :
73 : /** Given <b>conn</b> set it to use the given port <b>p</b> values. Return 0
74 : * on success else return -ENOSYS if AF_UNIX is not supported (see function
75 : * in the #else statement below). */
76 : static int
77 0 : set_unix_port(edge_connection_t *conn, hs_port_config_t *p)
78 : {
79 0 : tor_assert(conn);
80 0 : tor_assert(p);
81 0 : tor_assert(p->is_unix_addr);
82 :
83 0 : conn->base_.socket_family = AF_UNIX;
84 0 : tor_addr_make_unspec(&conn->base_.addr);
85 0 : conn->base_.port = 1;
86 0 : conn->base_.address = tor_strdup(p->unix_addr);
87 0 : return 0;
88 : }
89 :
90 : #else /* !defined(HAVE_SYS_UN_H) */
91 :
92 : static int
93 : set_unix_port(edge_connection_t *conn, hs_port_config_t *p)
94 : {
95 : (void) conn;
96 : (void) p;
97 : return -ENOSYS;
98 : }
99 :
100 : static int
101 : add_unix_port(smartlist_t *ports, hs_port_config_t *p)
102 : {
103 : (void) ports;
104 : (void) p;
105 : return -ENOSYS;
106 : }
107 :
108 : #endif /* defined(HAVE_SYS_UN_H) */
109 :
110 : /** Helper function: The key is a digest that we compare to a node_t object
111 : * current hsdir_index. */
112 : static int
113 864 : compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
114 : {
115 864 : const char *key = _key;
116 864 : const node_t *node = *_member;
117 864 : return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
118 : }
119 :
120 : /** Helper function: The key is a digest that we compare to a node_t object
121 : * next hsdir_index. */
122 : static int
123 154 : compare_digest_to_store_first_hsdir_index(const void *_key,
124 : const void **_member)
125 : {
126 154 : const char *key = _key;
127 154 : const node_t *node = *_member;
128 154 : return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
129 : }
130 :
131 : /** Helper function: The key is a digest that we compare to a node_t object
132 : * next hsdir_index. */
133 : static int
134 108 : compare_digest_to_store_second_hsdir_index(const void *_key,
135 : const void **_member)
136 : {
137 108 : const char *key = _key;
138 108 : const node_t *node = *_member;
139 108 : return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
140 : }
141 :
142 : /** Helper function: Compare two node_t objects current hsdir_index. */
143 : static int
144 80735 : compare_node_fetch_hsdir_index(const void **a, const void **b)
145 : {
146 80735 : const node_t *node1= *a;
147 80735 : const node_t *node2 = *b;
148 161470 : return tor_memcmp(node1->hsdir_index.fetch,
149 80735 : node2->hsdir_index.fetch,
150 : DIGEST256_LEN);
151 : }
152 :
153 : /** Helper function: Compare two node_t objects next hsdir_index. */
154 : static int
155 10150 : compare_node_store_first_hsdir_index(const void **a, const void **b)
156 : {
157 10150 : const node_t *node1= *a;
158 10150 : const node_t *node2 = *b;
159 20300 : return tor_memcmp(node1->hsdir_index.store_first,
160 10150 : node2->hsdir_index.store_first,
161 : DIGEST256_LEN);
162 : }
163 :
164 : /** Helper function: Compare two node_t objects next hsdir_index. */
165 : static int
166 10096 : compare_node_store_second_hsdir_index(const void **a, const void **b)
167 : {
168 10096 : const node_t *node1= *a;
169 10096 : const node_t *node2 = *b;
170 20192 : return tor_memcmp(node1->hsdir_index.store_second,
171 10096 : node2->hsdir_index.store_second,
172 : DIGEST256_LEN);
173 : }
174 :
175 : /** Allocate and return a string containing the path to filename in directory.
176 : * This function will never return NULL. The caller must free this path. */
177 : char *
178 38 : hs_path_from_filename(const char *directory, const char *filename)
179 : {
180 38 : char *file_path = NULL;
181 :
182 38 : tor_assert(directory);
183 38 : tor_assert(filename);
184 :
185 38 : tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
186 38 : return file_path;
187 : }
188 :
189 : /** Make sure that the directory for <b>service</b> is private, using the
190 : * config <b>username</b>.
191 : *
192 : * If <b>create</b> is true:
193 : * - if the directory exists, change permissions if needed,
194 : * - if the directory does not exist, create it with the correct permissions.
195 : * If <b>create</b> is false:
196 : * - if the directory exists, check permissions,
197 : * - if the directory does not exist, check if we think we can create it.
198 : * Return 0 on success, -1 on failure. */
199 : int
200 33 : hs_check_service_private_dir(const char *username, const char *path,
201 : unsigned int dir_group_readable,
202 : unsigned int create)
203 : {
204 33 : cpd_check_t check_opts = CPD_NONE;
205 :
206 33 : tor_assert(path);
207 :
208 33 : if (create) {
209 : check_opts |= CPD_CREATE;
210 : } else {
211 25 : check_opts |= CPD_CHECK_MODE_ONLY;
212 25 : check_opts |= CPD_CHECK;
213 : }
214 33 : if (dir_group_readable) {
215 3 : check_opts |= CPD_GROUP_READ;
216 : }
217 : /* Check/create directory */
218 33 : if (check_private_dir(path, check_opts, username) < 0) {
219 0 : return -1;
220 : }
221 : return 0;
222 : }
223 :
224 : /* Default, minimum, and maximum values for the maximum rendezvous failures
225 : * consensus parameter. */
226 : #define MAX_REND_FAILURES_DEFAULT 2
227 : #define MAX_REND_FAILURES_MIN 1
228 : #define MAX_REND_FAILURES_MAX 10
229 :
230 : /** How many times will a hidden service operator attempt to connect to
231 : * a requested rendezvous point before giving up? */
232 : int
233 0 : hs_get_service_max_rend_failures(void)
234 : {
235 0 : return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
236 : MAX_REND_FAILURES_DEFAULT,
237 : MAX_REND_FAILURES_MIN,
238 : MAX_REND_FAILURES_MAX);
239 : }
240 :
241 : /** Get the default HS time period length in minutes from the consensus. */
242 : STATIC uint64_t
243 64807 : get_time_period_length(void)
244 : {
245 : /* If we are on a test network, make the time period smaller than normal so
246 : that we actually see it rotate. Specifically, make it the same length as
247 : an SRV protocol run. */
248 64807 : if (get_options()->TestingTorNetwork) {
249 4 : unsigned run_duration = sr_state_get_protocol_run_duration();
250 : /* An SRV run should take more than a minute (it's 24 rounds) */
251 4 : tor_assert_nonfatal(run_duration > 60);
252 : /* Turn it from seconds to minutes before returning: */
253 4 : return sr_state_get_protocol_run_duration() / 60;
254 : }
255 :
256 64803 : int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
257 : HS_TIME_PERIOD_LENGTH_DEFAULT,
258 : HS_TIME_PERIOD_LENGTH_MIN,
259 : HS_TIME_PERIOD_LENGTH_MAX);
260 : /* Make sure it's a positive value. */
261 64803 : tor_assert(time_period_length > 0);
262 : /* uint64_t will always be able to contain a positive int32_t */
263 64803 : return (uint64_t) time_period_length;
264 : }
265 :
266 : /** Get the HS time period number at time <b>now</b>. If <b>now</b> is not set,
267 : * we try to get the time ourselves from a live consensus. */
268 : uint64_t
269 33334 : hs_get_time_period_num(time_t now)
270 : {
271 33334 : uint64_t time_period_num;
272 33334 : time_t current_time;
273 :
274 : /* If no time is specified, set current time based on consensus time, and
275 : * only fall back to system time if that fails. */
276 33334 : if (now != 0) {
277 : current_time = now;
278 : } else {
279 15216 : networkstatus_t *ns =
280 15216 : networkstatus_get_reasonably_live_consensus(approx_time(),
281 : usable_consensus_flavor());
282 15216 : current_time = ns ? ns->valid_after : approx_time();
283 : }
284 :
285 : /* Start by calculating minutes since the epoch */
286 33334 : uint64_t time_period_length = get_time_period_length();
287 33334 : uint64_t minutes_since_epoch = current_time / 60;
288 :
289 : /* Apply the rotation offset as specified by prop224 (section
290 : * [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
291 : * publication */
292 33334 : unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
293 33334 : time_period_rotation_offset /= 60; /* go from seconds to minutes */
294 33334 : tor_assert(minutes_since_epoch > time_period_rotation_offset);
295 33334 : minutes_since_epoch -= time_period_rotation_offset;
296 :
297 : /* Calculate the time period */
298 33334 : time_period_num = minutes_since_epoch / time_period_length;
299 33334 : return time_period_num;
300 : }
301 :
302 : /** Get the number of the _upcoming_ HS time period, given that the current
303 : * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
304 : * live consensus. */
305 : uint64_t
306 24164 : hs_get_next_time_period_num(time_t now)
307 : {
308 24164 : return hs_get_time_period_num(now) + 1;
309 : }
310 :
311 : /** Get the number of the _previous_ HS time period, given that the current
312 : * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
313 : * live consensus. */
314 : uint64_t
315 3009 : hs_get_previous_time_period_num(time_t now)
316 : {
317 3009 : return hs_get_time_period_num(now) - 1;
318 : }
319 :
320 : /** Return the start time of the upcoming time period based on <b>now</b>. If
321 : * <b>now</b> is not set, we try to get the time ourselves from a live
322 : * consensus. */
323 : time_t
324 18121 : hs_get_start_time_of_next_time_period(time_t now)
325 : {
326 18121 : uint64_t time_period_length = get_time_period_length();
327 :
328 : /* Get start time of next time period */
329 18121 : uint64_t next_time_period_num = hs_get_next_time_period_num(now);
330 18121 : uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
331 :
332 : /* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
333 18121 : unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
334 18121 : return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
335 : }
336 :
337 : /** Using the given time period number, compute the disaster shared random
338 : * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
339 : static void
340 1013 : compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
341 : {
342 1013 : crypto_digest_t *digest;
343 :
344 1013 : tor_assert(srv_out);
345 :
346 1013 : digest = crypto_digest256_new(DIGEST_SHA3_256);
347 :
348 : /* Start setting up payload:
349 : * H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
350 1013 : crypto_digest_add_bytes(digest, HS_SRV_DISASTER_PREFIX,
351 : HS_SRV_DISASTER_PREFIX_LEN);
352 :
353 : /* Setup INT_8(period_length) | INT_8(period_num) */
354 : {
355 1013 : uint64_t time_period_length = get_time_period_length();
356 1013 : char period_stuff[sizeof(uint64_t)*2];
357 1013 : size_t offset = 0;
358 1013 : set_uint64(period_stuff, tor_htonll(time_period_length));
359 1013 : offset += sizeof(uint64_t);
360 1013 : set_uint64(period_stuff+offset, tor_htonll(time_period_num));
361 1013 : offset += sizeof(uint64_t);
362 1013 : tor_assert(offset == sizeof(period_stuff));
363 :
364 1013 : crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
365 : }
366 :
367 1013 : crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
368 1013 : crypto_digest_free(digest);
369 1013 : }
370 :
371 : /** Due to the high cost of computing the disaster SRV and that potentially we
372 : * would have to do it thousands of times in a row, we always cache the
373 : * computer disaster SRV (and its corresponding time period num) in case we
374 : * want to reuse it soon after. We need to cache two SRVs, one for each active
375 : * time period.
376 : */
377 : static uint8_t cached_disaster_srv[2][DIGEST256_LEN];
378 : static uint64_t cached_time_period_nums[2] = {0};
379 :
380 : /** Compute the disaster SRV value for this <b>time_period_num</b> and put it
381 : * in <b>srv_out</b> (of size at least DIGEST256_LEN). First check our caches
382 : * to see if we have already computed it. */
383 : STATIC void
384 10069 : get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
385 : {
386 10069 : if (time_period_num == cached_time_period_nums[0]) {
387 4537 : memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
388 4537 : return;
389 5532 : } else if (time_period_num == cached_time_period_nums[1]) {
390 4519 : memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
391 4519 : return;
392 : } else {
393 1013 : int replace_idx;
394 : // Replace the lower period number.
395 1013 : if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
396 : replace_idx = 0;
397 : } else {
398 1005 : replace_idx = 1;
399 : }
400 1013 : cached_time_period_nums[replace_idx] = time_period_num;
401 1013 : compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
402 1013 : memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
403 1013 : return;
404 : }
405 : }
406 :
407 : #ifdef TOR_UNIT_TESTS
408 :
409 : /** Get the first cached disaster SRV. Only used by unittests. */
410 : STATIC uint8_t *
411 1 : get_first_cached_disaster_srv(void)
412 : {
413 1 : return cached_disaster_srv[0];
414 : }
415 :
416 : /** Get the second cached disaster SRV. Only used by unittests. */
417 : STATIC uint8_t *
418 1 : get_second_cached_disaster_srv(void)
419 : {
420 1 : return cached_disaster_srv[1];
421 : }
422 :
423 : #endif /* defined(TOR_UNIT_TESTS) */
424 :
425 : /** When creating a blinded key, we need a parameter which construction is as
426 : * follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
427 : *
428 : * The nonce has a pre-defined format which uses the time period number
429 : * period_num and the start of the period in second start_time_period.
430 : *
431 : * The secret of size secret_len is optional meaning that it can be NULL and
432 : * thus will be ignored for the param construction.
433 : *
434 : * The result is put in param_out. */
435 : static void
436 163 : build_blinded_key_param(const ed25519_public_key_t *pubkey,
437 : const uint8_t *secret, size_t secret_len,
438 : uint64_t period_num, uint64_t period_length,
439 : uint8_t *param_out)
440 : {
441 163 : size_t offset = 0;
442 163 : const char blind_str[] = "Derive temporary signing key";
443 163 : uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
444 163 : crypto_digest_t *digest;
445 :
446 163 : tor_assert(pubkey);
447 163 : tor_assert(param_out);
448 :
449 : /* Create the nonce N. The construction is as follow:
450 : * N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
451 163 : memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
452 163 : offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
453 163 : set_uint64(nonce + offset, tor_htonll(period_num));
454 163 : offset += sizeof(uint64_t);
455 163 : set_uint64(nonce + offset, tor_htonll(period_length));
456 163 : offset += sizeof(uint64_t);
457 163 : tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
458 :
459 : /* Generate the parameter h and the construction is as follow:
460 : * h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
461 163 : digest = crypto_digest256_new(DIGEST_SHA3_256);
462 163 : crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
463 163 : crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
464 : /* Optional secret. */
465 163 : if (secret) {
466 0 : crypto_digest_add_bytes(digest, (char *) secret, secret_len);
467 : }
468 163 : crypto_digest_add_bytes(digest, str_ed25519_basepoint,
469 : strlen(str_ed25519_basepoint));
470 163 : crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
471 :
472 : /* Extract digest and put it in the param. */
473 163 : crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
474 163 : crypto_digest_free(digest);
475 :
476 163 : memwipe(nonce, 0, sizeof(nonce));
477 163 : }
478 :
479 : /** Using an ed25519 public key and version to build the checksum of an
480 : * address. Put in checksum_out. Format is:
481 : * SHA3-256(".onion checksum" || PUBKEY || VERSION)
482 : *
483 : * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
484 : static void
485 228 : build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
486 : uint8_t *checksum_out)
487 : {
488 228 : size_t offset = 0;
489 228 : char data[HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN];
490 :
491 : /* Build checksum data. */
492 228 : memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
493 : HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN);
494 228 : offset += HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN;
495 228 : memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
496 228 : offset += ED25519_PUBKEY_LEN;
497 228 : set_uint8(data + offset, version);
498 228 : offset += sizeof(version);
499 228 : tor_assert(offset == HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN);
500 :
501 : /* Hash the data payload to create the checksum. */
502 228 : crypto_digest256((char *) checksum_out, data, sizeof(data),
503 : DIGEST_SHA3_256);
504 228 : }
505 :
506 : /** Using an ed25519 public key, checksum and version to build the binary
507 : * representation of a service address. Put in addr_out. Format is:
508 : * addr_out = PUBKEY || CHECKSUM || VERSION
509 : *
510 : * addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
511 : static void
512 102 : build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
513 : uint8_t version, char *addr_out)
514 : {
515 102 : size_t offset = 0;
516 :
517 102 : tor_assert(key);
518 102 : tor_assert(checksum);
519 :
520 102 : memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
521 102 : offset += ED25519_PUBKEY_LEN;
522 102 : memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
523 102 : offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
524 102 : set_uint8(addr_out + offset, version);
525 102 : offset += sizeof(uint8_t);
526 102 : tor_assert(offset == HS_SERVICE_ADDR_LEN);
527 102 : }
528 :
529 : /** Helper for hs_parse_address(): Using a binary representation of a service
530 : * address, parse its content into the key_out, checksum_out and version_out.
531 : * Any out variable can be NULL in case the caller would want only one field.
532 : * checksum_out MUST at least be 2 bytes long. address must be at least
533 : * HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
534 : static void
535 153 : hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
536 : uint8_t *checksum_out, uint8_t *version_out)
537 : {
538 153 : size_t offset = 0;
539 :
540 153 : tor_assert(address);
541 :
542 153 : if (key_out) {
543 : /* First is the key. */
544 153 : memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
545 : }
546 153 : offset += ED25519_PUBKEY_LEN;
547 153 : if (checksum_out) {
548 : /* Followed by a 2 bytes checksum. */
549 126 : memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
550 : }
551 153 : offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
552 153 : if (version_out) {
553 : /* Finally, version value is 1 byte. */
554 126 : *version_out = get_uint8(address + offset);
555 : }
556 153 : offset += sizeof(uint8_t);
557 : /* Extra safety. */
558 153 : tor_assert(offset == HS_SERVICE_ADDR_LEN);
559 153 : }
560 :
561 : /** Using the given identity public key and a blinded public key, compute the
562 : * subcredential and put it in subcred_out.
563 : * This can't fail. */
564 : void
565 104 : hs_get_subcredential(const ed25519_public_key_t *identity_pk,
566 : const ed25519_public_key_t *blinded_pk,
567 : hs_subcredential_t *subcred_out)
568 : {
569 104 : uint8_t credential[DIGEST256_LEN];
570 104 : crypto_digest_t *digest;
571 :
572 104 : tor_assert(identity_pk);
573 104 : tor_assert(blinded_pk);
574 104 : tor_assert(subcred_out);
575 :
576 : /* First, build the credential. Construction is as follow:
577 : * credential = H("credential" | public-identity-key) */
578 104 : digest = crypto_digest256_new(DIGEST_SHA3_256);
579 104 : crypto_digest_add_bytes(digest, HS_CREDENTIAL_PREFIX,
580 : HS_CREDENTIAL_PREFIX_LEN);
581 104 : crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
582 : ED25519_PUBKEY_LEN);
583 104 : crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
584 104 : crypto_digest_free(digest);
585 :
586 : /* Now, compute the subcredential. Construction is as follow:
587 : * subcredential = H("subcredential" | credential | blinded-public-key). */
588 104 : digest = crypto_digest256_new(DIGEST_SHA3_256);
589 104 : crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
590 : HS_SUBCREDENTIAL_PREFIX_LEN);
591 104 : crypto_digest_add_bytes(digest, (const char *) credential,
592 : sizeof(credential));
593 104 : crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
594 : ED25519_PUBKEY_LEN);
595 104 : crypto_digest_get_digest(digest, (char *) subcred_out->subcred,
596 : SUBCRED_LEN);
597 104 : crypto_digest_free(digest);
598 :
599 104 : memwipe(credential, 0, sizeof(credential));
600 104 : }
601 :
602 : /** From the given list of hidden service ports, find the ones that match the
603 : * given edge connection conn, pick one at random and use it to set the
604 : * connection address. Return 0 on success or -1 if none. */
605 : int
606 0 : hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
607 : {
608 0 : hs_port_config_t *chosen_port;
609 0 : unsigned int warn_once = 0;
610 0 : smartlist_t *matching_ports;
611 :
612 0 : tor_assert(ports);
613 0 : tor_assert(conn);
614 :
615 0 : matching_ports = smartlist_new();
616 0 : SMARTLIST_FOREACH_BEGIN(ports, hs_port_config_t *, p) {
617 0 : if (TO_CONN(conn)->port != p->virtual_port) {
618 0 : continue;
619 : }
620 0 : if (!(p->is_unix_addr)) {
621 0 : smartlist_add(matching_ports, p);
622 : } else {
623 0 : if (add_unix_port(matching_ports, p)) {
624 0 : if (!warn_once) {
625 : /* Unix port not supported so warn only once. */
626 0 : log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
627 : "which is unsupported on this platform. "
628 : "Ignoring it.",
629 : TO_CONN(conn)->port);
630 : }
631 0 : warn_once++;
632 : }
633 : }
634 0 : } SMARTLIST_FOREACH_END(p);
635 :
636 0 : chosen_port = smartlist_choose(matching_ports);
637 0 : smartlist_free(matching_ports);
638 0 : if (chosen_port) {
639 0 : if (conn->hs_ident) {
640 : /* There is always a connection identifier at this point. Regardless of a
641 : * Unix or TCP port, note the virtual port. */
642 0 : conn->hs_ident->orig_virtual_port = chosen_port->virtual_port;
643 : }
644 :
645 0 : if (!(chosen_port->is_unix_addr)) {
646 : /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
647 0 : tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
648 0 : TO_CONN(conn)->port = chosen_port->real_port;
649 : } else {
650 0 : if (set_unix_port(conn, chosen_port)) {
651 : /* Simply impossible to end up here else we were able to add a Unix
652 : * port without AF_UNIX support... ? */
653 0 : tor_assert(0);
654 : }
655 : }
656 : }
657 0 : return (chosen_port) ? 0 : -1;
658 : }
659 :
660 : /** Return a new hs_port_config_t with its path set to
661 : * <b>socket_path</b> or empty if <b>socket_path</b> is NULL */
662 : static hs_port_config_t *
663 41 : hs_port_config_new(const char *socket_path)
664 : {
665 41 : if (!socket_path)
666 36 : return tor_malloc_zero(sizeof(hs_port_config_t) + 1);
667 :
668 5 : const size_t pathlen = strlen(socket_path) + 1;
669 5 : hs_port_config_t *conf =
670 5 : tor_malloc_zero(sizeof(hs_port_config_t) + pathlen);
671 5 : memcpy(conf->unix_addr, socket_path, pathlen);
672 5 : conf->is_unix_addr = 1;
673 5 : return conf;
674 : }
675 :
676 : /** Parses a virtual-port to real-port/socket mapping separated by
677 : * the provided separator and returns a new hs_port_config_t,
678 : * or NULL and an optional error string on failure.
679 : *
680 : * The format is: VirtualPort SEP (IP|RealPort|IP:RealPort|'socket':path)?
681 : *
682 : * IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
683 : */
684 : hs_port_config_t *
685 49 : hs_parse_port_config(const char *string, const char *sep,
686 : char **err_msg_out)
687 : {
688 49 : smartlist_t *sl;
689 49 : int virtport;
690 49 : int realport = 0;
691 49 : uint16_t p;
692 49 : tor_addr_t addr;
693 49 : hs_port_config_t *result = NULL;
694 49 : unsigned int is_unix_addr = 0;
695 49 : const char *socket_path = NULL;
696 49 : char *err_msg = NULL;
697 49 : char *addrport = NULL;
698 :
699 49 : sl = smartlist_new();
700 49 : smartlist_split_string(sl, string, sep,
701 : SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
702 49 : if (smartlist_len(sl) < 1 || BUG(smartlist_len(sl) > 2)) {
703 1 : err_msg = tor_strdup("Bad syntax in hidden service port configuration.");
704 1 : goto err;
705 : }
706 48 : virtport = (int)tor_parse_long(smartlist_get(sl,0), 10, 1, 65535, NULL,NULL);
707 48 : if (!virtport) {
708 2 : tor_asprintf(&err_msg, "Missing or invalid port %s in hidden service "
709 2 : "port configuration", escaped(smartlist_get(sl,0)));
710 :
711 2 : goto err;
712 : }
713 46 : if (smartlist_len(sl) == 1) {
714 : /* No addr:port part; use default. */
715 17 : realport = virtport;
716 17 : tor_addr_from_ipv4h(&addr, 0x7F000001u); /* 127.0.0.1 */
717 : } else {
718 29 : int ret;
719 :
720 29 : const char *addrport_element = smartlist_get(sl,1);
721 29 : const char *rest = NULL;
722 29 : int is_unix;
723 29 : ret = port_cfg_line_extract_addrport(addrport_element, &addrport,
724 : &is_unix, &rest);
725 :
726 29 : if (ret < 0) {
727 1 : tor_asprintf(&err_msg, "Couldn't process address <%s> from hidden "
728 : "service configuration", addrport_element);
729 5 : goto err;
730 : }
731 :
732 28 : if (rest && strlen(rest)) {
733 2 : err_msg = tor_strdup("HiddenServicePort parse error: invalid port "
734 : "mapping");
735 2 : goto err;
736 : }
737 :
738 26 : if (is_unix) {
739 5 : socket_path = addrport;
740 5 : is_unix_addr = 1;
741 21 : } else if (strchr(addrport, ':') || strchr(addrport, '.')) {
742 : /* else try it as an IP:port pair if it has a : or . in it */
743 19 : if (tor_addr_port_lookup(addrport, &addr, &p)<0) {
744 1 : err_msg = tor_strdup("Unparseable address in hidden service port "
745 : "configuration.");
746 1 : goto err;
747 : }
748 18 : realport = p?p:virtport;
749 : } else {
750 : /* No addr:port, no addr -- must be port. */
751 2 : realport = (int)tor_parse_long(addrport, 10, 1, 65535, NULL, NULL);
752 2 : if (!realport) {
753 1 : tor_asprintf(&err_msg, "Unparseable or out-of-range port %s in "
754 : "hidden service port configuration.",
755 : escaped(addrport));
756 1 : goto err;
757 : }
758 1 : tor_addr_from_ipv4h(&addr, 0x7F000001u); /* Default to 127.0.0.1 */
759 : }
760 : }
761 :
762 : /* Allow room for unix_addr */
763 41 : result = hs_port_config_new(socket_path);
764 41 : result->virtual_port = virtport;
765 41 : result->is_unix_addr = is_unix_addr;
766 41 : if (!is_unix_addr) {
767 36 : result->real_port = realport;
768 36 : tor_addr_copy(&result->real_addr, &addr);
769 36 : result->unix_addr[0] = '\0';
770 : }
771 :
772 5 : err:
773 49 : tor_free(addrport);
774 49 : if (err_msg_out != NULL) {
775 45 : *err_msg_out = err_msg;
776 : } else {
777 4 : tor_free(err_msg);
778 : }
779 126 : SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
780 49 : smartlist_free(sl);
781 :
782 49 : return result;
783 : }
784 :
785 : /** Release all storage held in a hs_port_config_t. */
786 : void
787 42 : hs_port_config_free_(hs_port_config_t *p)
788 : {
789 42 : tor_free(p);
790 42 : }
791 :
792 : /** Using a base32 representation of a service address, parse its content into
793 : * the key_out, checksum_out and version_out. Any out variable can be NULL in
794 : * case the caller would want only one field. checksum_out MUST at least be 2
795 : * bytes long.
796 : *
797 : * Return 0 if parsing went well; return -1 in case of error and if errmsg is
798 : * non NULL, a human readable string message is set. */
799 : int
800 161 : hs_parse_address_no_log(const char *address, ed25519_public_key_t *key_out,
801 : uint8_t *checksum_out, uint8_t *version_out,
802 : const char **errmsg)
803 : {
804 161 : char decoded[HS_SERVICE_ADDR_LEN];
805 :
806 161 : tor_assert(address);
807 :
808 161 : if (errmsg) {
809 158 : *errmsg = NULL;
810 : }
811 :
812 : /* Obvious length check. */
813 161 : if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
814 6 : if (errmsg) {
815 5 : *errmsg = "Invalid length";
816 : }
817 6 : goto invalid;
818 : }
819 :
820 : /* Decode address so we can extract needed fields. */
821 155 : if (base32_decode(decoded, sizeof(decoded), address, strlen(address))
822 : != sizeof(decoded)) {
823 2 : if (errmsg) {
824 2 : *errmsg = "Unable to base32 decode";
825 : }
826 2 : goto invalid;
827 : }
828 :
829 : /* Parse the decoded address into the fields we need. */
830 153 : hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
831 :
832 153 : return 0;
833 : invalid:
834 : return -1;
835 : }
836 :
837 : /** Same has hs_parse_address_no_log() but emits a log warning on parsing
838 : * failure. */
839 : int
840 158 : hs_parse_address(const char *address, ed25519_public_key_t *key_out,
841 : uint8_t *checksum_out, uint8_t *version_out)
842 : {
843 158 : const char *errmsg = NULL;
844 158 : int ret = hs_parse_address_no_log(address, key_out, checksum_out,
845 : version_out, &errmsg);
846 158 : if (ret < 0) {
847 7 : log_warn(LD_REND, "Service address %s failed to be parsed: %s",
848 : escaped_safe_str(address), errmsg);
849 : }
850 158 : return ret;
851 : }
852 :
853 : /** Validate a given onion address. The length, the base32 decoding, and
854 : * checksum are validated. Return 1 if valid else 0. */
855 : int
856 133 : hs_address_is_valid(const char *address)
857 : {
858 133 : uint8_t version;
859 133 : uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
860 133 : uint8_t target_checksum[DIGEST256_LEN];
861 133 : ed25519_public_key_t service_pubkey;
862 :
863 : /* Parse the decoded address into the fields we need. */
864 133 : if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
865 7 : goto invalid;
866 : }
867 :
868 : /* Get the checksum it's supposed to be and compare it with what we have
869 : * encoded in the address. */
870 126 : build_hs_checksum(&service_pubkey, version, target_checksum);
871 126 : if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
872 2 : log_warn(LD_REND, "Service address %s invalid checksum.",
873 : escaped_safe_str(address));
874 2 : goto invalid;
875 : }
876 :
877 : /* Validate that this pubkey does not have a torsion component. We need to do
878 : * this on the prop224 client-side so that attackers can't give equivalent
879 : * forms of an onion address to users. */
880 124 : if (ed25519_validate_pubkey(&service_pubkey) < 0) {
881 0 : log_warn(LD_REND, "Service address %s has bad pubkey .",
882 : escaped_safe_str(address));
883 0 : goto invalid;
884 : }
885 :
886 : /* Valid address. */
887 : return 1;
888 : invalid:
889 : return 0;
890 : }
891 :
892 : /** Build a service address using an ed25519 public key and a given version.
893 : * The returned address is base32 encoded and put in addr_out. The caller MUST
894 : * make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
895 : *
896 : * Format is as follows:
897 : * base32(PUBKEY || CHECKSUM || VERSION)
898 : * CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
899 : * */
900 : void
901 102 : hs_build_address(const ed25519_public_key_t *key, uint8_t version,
902 : char *addr_out)
903 : {
904 102 : uint8_t checksum[DIGEST256_LEN];
905 102 : char address[HS_SERVICE_ADDR_LEN];
906 :
907 102 : tor_assert(key);
908 102 : tor_assert(addr_out);
909 :
910 : /* Get the checksum of the address. */
911 102 : build_hs_checksum(key, version, checksum);
912 : /* Get the binary address representation. */
913 102 : build_hs_address(key, checksum, version, address);
914 :
915 : /* Encode the address. addr_out will be NUL terminated after this. */
916 102 : base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
917 : sizeof(address));
918 : /* Validate what we just built. */
919 102 : tor_assert(hs_address_is_valid(addr_out));
920 102 : }
921 :
922 : /** From a given ed25519 public key pk and an optional secret, compute a
923 : * blinded public key and put it in blinded_pk_out. This is only useful to
924 : * the client side because the client only has access to the identity public
925 : * key of the service. */
926 : void
927 90 : hs_build_blinded_pubkey(const ed25519_public_key_t *pk,
928 : const uint8_t *secret, size_t secret_len,
929 : uint64_t time_period_num,
930 : ed25519_public_key_t *blinded_pk_out)
931 : {
932 : /* Our blinding key API requires a 32 bytes parameter. */
933 90 : uint8_t param[DIGEST256_LEN];
934 :
935 90 : tor_assert(pk);
936 90 : tor_assert(blinded_pk_out);
937 90 : tor_assert(!fast_mem_is_zero((char *) pk, ED25519_PUBKEY_LEN));
938 :
939 90 : build_blinded_key_param(pk, secret, secret_len,
940 : time_period_num, get_time_period_length(), param);
941 90 : ed25519_public_blind(blinded_pk_out, pk, param);
942 :
943 90 : memwipe(param, 0, sizeof(param));
944 90 : }
945 :
946 : /** From a given ed25519 keypair kp and an optional secret, compute a blinded
947 : * keypair for the current time period and put it in blinded_kp_out. This is
948 : * only useful by the service side because the client doesn't have access to
949 : * the identity secret key. */
950 : void
951 73 : hs_build_blinded_keypair(const ed25519_keypair_t *kp,
952 : const uint8_t *secret, size_t secret_len,
953 : uint64_t time_period_num,
954 : ed25519_keypair_t *blinded_kp_out)
955 : {
956 : /* Our blinding key API requires a 32 bytes parameter. */
957 73 : uint8_t param[DIGEST256_LEN];
958 :
959 73 : tor_assert(kp);
960 73 : tor_assert(blinded_kp_out);
961 : /* Extra safety. A zeroed key is bad. */
962 73 : tor_assert(!fast_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
963 73 : tor_assert(!fast_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
964 :
965 73 : build_blinded_key_param(&kp->pubkey, secret, secret_len,
966 : time_period_num, get_time_period_length(), param);
967 73 : ed25519_keypair_blind(blinded_kp_out, kp, param);
968 :
969 73 : memwipe(param, 0, sizeof(param));
970 73 : }
971 :
972 : /** Return true if we are currently in the time segment between a new time
973 : * period and a new SRV (in the real network that happens between 12:00 and
974 : * 00:00 UTC). Here is a diagram showing exactly when this returns true:
975 : *
976 : * +------------------------------------------------------------------+
977 : * | |
978 : * | 00:00 12:00 00:00 12:00 00:00 12:00 |
979 : * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
980 : * | |
981 : * | $==========|-----------$===========|-----------$===========| |
982 : * | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
983 : * | |
984 : * +------------------------------------------------------------------+
985 : */
986 18101 : MOCK_IMPL(int,
987 : hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
988 : {
989 18101 : time_t valid_after;
990 18101 : time_t srv_start_time, tp_start_time;
991 :
992 18101 : if (!consensus) {
993 21 : consensus = networkstatus_get_reasonably_live_consensus(now,
994 : usable_consensus_flavor());
995 21 : if (!consensus) {
996 : return 0;
997 : }
998 : }
999 :
1000 : /* Get start time of next TP and of current SRV protocol run, and check if we
1001 : * are between them. */
1002 18095 : valid_after = consensus->valid_after;
1003 18095 : srv_start_time = sr_state_get_start_time_of_current_protocol_run();
1004 18095 : tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
1005 :
1006 18095 : if (valid_after >= srv_start_time && valid_after < tp_start_time) {
1007 9080 : return 0;
1008 : }
1009 :
1010 : return 1;
1011 : }
1012 :
1013 : /** Return 1 if any virtual port in ports needs a circuit with good uptime.
1014 : * Else return 0. */
1015 : int
1016 0 : hs_service_requires_uptime_circ(const smartlist_t *ports)
1017 : {
1018 0 : tor_assert(ports);
1019 :
1020 0 : SMARTLIST_FOREACH_BEGIN(ports, hs_port_config_t *, p) {
1021 0 : if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
1022 0 : p->virtual_port)) {
1023 : return 1;
1024 : }
1025 0 : } SMARTLIST_FOREACH_END(p);
1026 : return 0;
1027 : }
1028 :
1029 : /** Build hs_index which is used to find the responsible hsdirs. This index
1030 : * value is used to select the responsible HSDir where their hsdir_index is
1031 : * closest to this value.
1032 : * SHA3-256("store-at-idx" | blinded_public_key |
1033 : * INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
1034 : *
1035 : * hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
1036 : void
1037 133 : hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
1038 : uint64_t period_num, uint8_t *hs_index_out)
1039 : {
1040 133 : crypto_digest_t *digest;
1041 :
1042 133 : tor_assert(blinded_pk);
1043 133 : tor_assert(hs_index_out);
1044 :
1045 : /* Build hs_index. See construction at top of function comment. */
1046 133 : digest = crypto_digest256_new(DIGEST_SHA3_256);
1047 133 : crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
1048 133 : crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
1049 : ED25519_PUBKEY_LEN);
1050 :
1051 : /* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
1052 : {
1053 133 : uint64_t period_length = get_time_period_length();
1054 133 : char buf[sizeof(uint64_t)*3];
1055 133 : size_t offset = 0;
1056 133 : set_uint64(buf, tor_htonll(replica));
1057 133 : offset += sizeof(uint64_t);
1058 133 : set_uint64(buf+offset, tor_htonll(period_length));
1059 133 : offset += sizeof(uint64_t);
1060 133 : set_uint64(buf+offset, tor_htonll(period_num));
1061 133 : offset += sizeof(uint64_t);
1062 133 : tor_assert(offset == sizeof(buf));
1063 :
1064 133 : crypto_digest_add_bytes(digest, buf, sizeof(buf));
1065 : }
1066 :
1067 133 : crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
1068 133 : crypto_digest_free(digest);
1069 133 : }
1070 :
1071 : /** Build hsdir_index which is used to find the responsible hsdirs. This is the
1072 : * index value that is compare to the hs_index when selecting an HSDir.
1073 : * SHA3-256("node-idx" | node_identity |
1074 : * shared_random_value | INT_8(period_length) | INT_8(period_num) )
1075 : *
1076 : * hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
1077 : void
1078 12043 : hs_build_hsdir_index(const ed25519_public_key_t *identity_pk,
1079 : const uint8_t *srv_value, uint64_t period_num,
1080 : uint8_t *hsdir_index_out)
1081 : {
1082 12043 : crypto_digest_t *digest;
1083 :
1084 12043 : tor_assert(identity_pk);
1085 12043 : tor_assert(srv_value);
1086 12043 : tor_assert(hsdir_index_out);
1087 :
1088 : /* Build hsdir_index. See construction at top of function comment. */
1089 12043 : digest = crypto_digest256_new(DIGEST_SHA3_256);
1090 12043 : crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
1091 12043 : crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
1092 : ED25519_PUBKEY_LEN);
1093 12043 : crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
1094 :
1095 : {
1096 12043 : uint64_t time_period_length = get_time_period_length();
1097 12043 : char period_stuff[sizeof(uint64_t)*2];
1098 12043 : size_t offset = 0;
1099 12043 : set_uint64(period_stuff, tor_htonll(period_num));
1100 12043 : offset += sizeof(uint64_t);
1101 12043 : set_uint64(period_stuff+offset, tor_htonll(time_period_length));
1102 12043 : offset += sizeof(uint64_t);
1103 12043 : tor_assert(offset == sizeof(period_stuff));
1104 :
1105 12043 : crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
1106 : }
1107 :
1108 12043 : crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
1109 12043 : crypto_digest_free(digest);
1110 12043 : }
1111 :
1112 : /** Return a newly allocated buffer containing the current shared random value
1113 : * or if not present, a disaster value is computed using the given time period
1114 : * number. If a consensus is provided in <b>ns</b>, use it to get the SRV
1115 : * value. This function can't fail. */
1116 : uint8_t *
1117 9021 : hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
1118 : {
1119 9021 : uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1120 9021 : const sr_srv_t *current_srv = sr_get_current(ns);
1121 :
1122 9021 : if (current_srv) {
1123 4500 : memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
1124 : } else {
1125 : /* Disaster mode. */
1126 4521 : get_disaster_srv(time_period_num, sr_value);
1127 : }
1128 9021 : return sr_value;
1129 : }
1130 :
1131 : /** Return a newly allocated buffer containing the previous shared random
1132 : * value or if not present, a disaster value is computed using the given time
1133 : * period number. This function can't fail. */
1134 : uint8_t *
1135 9042 : hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
1136 : {
1137 9042 : uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1138 9042 : const sr_srv_t *previous_srv = sr_get_previous(ns);
1139 :
1140 9042 : if (previous_srv) {
1141 3500 : memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
1142 : } else {
1143 : /* Disaster mode. */
1144 5542 : get_disaster_srv(time_period_num, sr_value);
1145 : }
1146 9042 : return sr_value;
1147 : }
1148 :
1149 : /** Return the number of replicas defined by a consensus parameter or the
1150 : * default value. */
1151 : int32_t
1152 198 : hs_get_hsdir_n_replicas(void)
1153 : {
1154 : /* The [1,16] range is a specification requirement. */
1155 198 : return networkstatus_get_param(NULL, "hsdir_n_replicas",
1156 : HS_DEFAULT_HSDIR_N_REPLICAS, 1, 16);
1157 : }
1158 :
1159 : /** Return the spread fetch value defined by a consensus parameter or the
1160 : * default value. */
1161 : int32_t
1162 96 : hs_get_hsdir_spread_fetch(void)
1163 : {
1164 : /* The [1,128] range is a specification requirement. */
1165 96 : return networkstatus_get_param(NULL, "hsdir_spread_fetch",
1166 : HS_DEFAULT_HSDIR_SPREAD_FETCH, 1, 128);
1167 : }
1168 :
1169 : /** Return the spread store value defined by a consensus parameter or the
1170 : * default value. */
1171 : int32_t
1172 36 : hs_get_hsdir_spread_store(void)
1173 : {
1174 : /* The [1,128] range is a specification requirement. */
1175 36 : return networkstatus_get_param(NULL, "hsdir_spread_store",
1176 : HS_DEFAULT_HSDIR_SPREAD_STORE, 1, 128);
1177 : }
1178 :
1179 : /** <b>node</b> is an HSDir so make sure that we have assigned an hsdir index.
1180 : * Return 0 if everything is as expected, else return -1. */
1181 : static int
1182 15032 : node_has_hsdir_index(const node_t *node)
1183 : {
1184 15032 : tor_assert(node_supports_v3_hsdir(node));
1185 :
1186 : /* A node can't have an HSDir index without a descriptor since we need desc
1187 : * to get its ed25519 key. for_direct_connect should be zero, since we
1188 : * always use the consensus-indexed node's keys to build the hash ring, even
1189 : * if some of the consensus-indexed nodes are also bridges. */
1190 15032 : if (!node_has_preferred_descriptor(node, 0)) {
1191 : return 0;
1192 : }
1193 :
1194 : /* At this point, since the node has a desc, this node must also have an
1195 : * hsdir index. If not, something went wrong, so BUG out. */
1196 15032 : if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.fetch,
1197 : DIGEST256_LEN))) {
1198 0 : return 0;
1199 : }
1200 15032 : if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_first,
1201 : DIGEST256_LEN))) {
1202 0 : return 0;
1203 : }
1204 15032 : if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_second,
1205 : DIGEST256_LEN))) {
1206 0 : return 0;
1207 : }
1208 :
1209 : return 1;
1210 : }
1211 :
1212 : /** For a given blinded key and time period number, get the responsible HSDir
1213 : * and put their routerstatus_t object in the responsible_dirs list. If
1214 : * 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
1215 : * is used. If 'for_fetching' is true, the spread fetch consensus parameter is
1216 : * used else the spread store is used which is only for upload. This function
1217 : * can't fail but it is possible that the responsible_dirs list contains fewer
1218 : * nodes than expected.
1219 : *
1220 : * This function goes over the latest consensus routerstatus list and sorts it
1221 : * by their node_t hsdir_index then does a binary search to find the closest
1222 : * node. All of this makes it a bit CPU intensive so use it wisely. */
1223 : void
1224 66 : hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,
1225 : uint64_t time_period_num, int use_second_hsdir_index,
1226 : int for_fetching, smartlist_t *responsible_dirs)
1227 : {
1228 66 : smartlist_t *sorted_nodes;
1229 : /* The compare function used for the smartlist bsearch. We have two
1230 : * different depending on is_next_period. */
1231 66 : int (*cmp_fct)(const void *, const void **);
1232 :
1233 66 : tor_assert(blinded_pk);
1234 66 : tor_assert(responsible_dirs);
1235 :
1236 66 : sorted_nodes = smartlist_new();
1237 :
1238 : /* Make sure we actually have a live consensus */
1239 66 : networkstatus_t *c =
1240 66 : networkstatus_get_reasonably_live_consensus(approx_time(),
1241 : usable_consensus_flavor());
1242 66 : if (!c || smartlist_len(c->routerstatus_list) == 0) {
1243 0 : log_warn(LD_REND, "No live consensus so we can't get the responsible "
1244 : "hidden service directories.");
1245 0 : goto done;
1246 : }
1247 :
1248 : /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
1249 66 : nodelist_ensure_freshness(c);
1250 :
1251 : /* Add every node_t that support HSDir v3 for which we do have a valid
1252 : * hsdir_index already computed for them for this consensus. */
1253 : {
1254 15099 : SMARTLIST_FOREACH_BEGIN(c->routerstatus_list, const routerstatus_t *, rs) {
1255 : /* Even though this node_t object won't be modified and should be const,
1256 : * we can't add const object in a smartlist_t. */
1257 15033 : node_t *n = node_get_mutable_by_id(rs->identity_digest);
1258 15033 : tor_assert(n);
1259 15033 : if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
1260 15032 : if (!node_has_hsdir_index(n)) {
1261 0 : log_info(LD_GENERAL, "Node %s was found without hsdir index.",
1262 : node_describe(n));
1263 0 : continue;
1264 : }
1265 15032 : smartlist_add(sorted_nodes, n);
1266 : }
1267 15033 : } SMARTLIST_FOREACH_END(rs);
1268 : }
1269 66 : if (smartlist_len(sorted_nodes) == 0) {
1270 0 : log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
1271 0 : goto done;
1272 : }
1273 :
1274 : /* First thing we have to do is sort all node_t by hsdir_index. The
1275 : * is_next_period tells us if we want the current or the next one. Set the
1276 : * bsearch compare function also while we are at it. */
1277 66 : if (for_fetching) {
1278 48 : smartlist_sort(sorted_nodes, compare_node_fetch_hsdir_index);
1279 48 : cmp_fct = compare_digest_to_fetch_hsdir_index;
1280 18 : } else if (use_second_hsdir_index) {
1281 6 : smartlist_sort(sorted_nodes, compare_node_store_second_hsdir_index);
1282 6 : cmp_fct = compare_digest_to_store_second_hsdir_index;
1283 : } else {
1284 12 : smartlist_sort(sorted_nodes, compare_node_store_first_hsdir_index);
1285 12 : cmp_fct = compare_digest_to_store_first_hsdir_index;
1286 : }
1287 :
1288 : /* For all replicas, we'll select a set of HSDirs using the consensus
1289 : * parameters and the sorted list. The replica starting at value 1 is
1290 : * defined by the specification. */
1291 198 : for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
1292 132 : int idx, start, found, n_added = 0;
1293 132 : uint8_t hs_index[DIGEST256_LEN] = {0};
1294 : /* Number of node to add to the responsible dirs list depends on if we are
1295 : * trying to fetch or store. A client always fetches. */
1296 132 : int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
1297 36 : hs_get_hsdir_spread_store();
1298 :
1299 : /* Get the index that we should use to select the node. */
1300 132 : hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
1301 : /* The compare function pointer has been set correctly earlier. */
1302 132 : start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
1303 : &found);
1304 : /* Getting the length of the list if no member is greater than the key we
1305 : * are looking for so start at the first element. */
1306 132 : if (idx == smartlist_len(sorted_nodes)) {
1307 1 : start = idx = 0;
1308 : }
1309 563 : while (n_added < n_to_add) {
1310 438 : const node_t *node = smartlist_get(sorted_nodes, idx);
1311 : /* If the node has already been selected which is possible between
1312 : * replicas, the specification says to skip over. */
1313 438 : if (!smartlist_contains(responsible_dirs, node->rs)) {
1314 416 : smartlist_add(responsible_dirs, node->rs);
1315 416 : ++n_added;
1316 : }
1317 438 : if (++idx == smartlist_len(sorted_nodes)) {
1318 : /* Wrap if we've reached the end of the list. */
1319 13 : idx = 0;
1320 : }
1321 438 : if (idx == start) {
1322 : /* We've gone over the whole list, stop and avoid infinite loop. */
1323 : break;
1324 : }
1325 : }
1326 : }
1327 :
1328 66 : done:
1329 66 : smartlist_free(sorted_nodes);
1330 66 : }
1331 :
1332 : /*********************** HSDir request tracking ***************************/
1333 :
1334 : /** Return the period for which a hidden service directory cannot be queried
1335 : * for the same descriptor ID again, taking TestingTorNetwork into account. */
1336 : time_t
1337 295 : hs_hsdir_requery_period(const or_options_t *options)
1338 : {
1339 295 : tor_assert(options);
1340 :
1341 295 : if (options->TestingTorNetwork) {
1342 : return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
1343 : } else {
1344 295 : return REND_HID_SERV_DIR_REQUERY_PERIOD;
1345 : }
1346 : }
1347 :
1348 : /** Tracks requests for fetching hidden service descriptors. It's used by
1349 : * hidden service clients, to avoid querying HSDirs that have already failed
1350 : * giving back a descriptor. The same data structure is used to track v3 HS
1351 : * descriptor requests.
1352 : *
1353 : * The string map is a key/value store that contains the last request times to
1354 : * hidden service directories for certain queries. Specifically:
1355 : *
1356 : * key = base32(hsdir_identity) + base32(hs_identity)
1357 : * value = time_t of last request for that hs_identity to that HSDir
1358 : *
1359 : * where 'hsdir_identity' is the identity digest of the HSDir node, and
1360 : * 'hs_identity' is the ed25519 blinded public key of the HS for v3. */
1361 : static strmap_t *last_hid_serv_requests_ = NULL;
1362 :
1363 : /** Returns last_hid_serv_requests_, initializing it to a new strmap if
1364 : * necessary. */
1365 : STATIC strmap_t *
1366 350 : get_last_hid_serv_requests(void)
1367 : {
1368 350 : if (!last_hid_serv_requests_)
1369 7 : last_hid_serv_requests_ = strmap_new();
1370 350 : return last_hid_serv_requests_;
1371 : }
1372 :
1373 : /** Look up the last request time to hidden service directory <b>hs_dir</b>
1374 : * for descriptor request key <b>req_key_str</b> which is the blinded key for
1375 : * v3. If <b>set</b> is non-zero, assign the current time <b>now</b> and
1376 : * return that. Otherwise, return the most recent request time, or 0 if no
1377 : * such request has been sent before. */
1378 : time_t
1379 295 : hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir,
1380 : const char *req_key_str,
1381 : time_t now, int set)
1382 : {
1383 295 : char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
1384 295 : char *hsdir_desc_comb_id = NULL;
1385 295 : time_t *last_request_ptr;
1386 295 : strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1387 :
1388 : /* Create the key */
1389 295 : base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
1390 295 : hs_dir->identity_digest, DIGEST_LEN);
1391 295 : tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
1392 :
1393 295 : if (set) {
1394 40 : time_t *oldptr;
1395 40 : last_request_ptr = tor_malloc_zero(sizeof(time_t));
1396 40 : *last_request_ptr = now;
1397 40 : oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
1398 : last_request_ptr);
1399 40 : tor_free(oldptr);
1400 : } else {
1401 255 : last_request_ptr = strmap_get(last_hid_serv_requests,
1402 : hsdir_desc_comb_id);
1403 : }
1404 :
1405 295 : tor_free(hsdir_desc_comb_id);
1406 295 : return (last_request_ptr) ? *last_request_ptr : 0;
1407 : }
1408 :
1409 : /** Clean the history of request times to hidden service directories, so that
1410 : * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
1411 : * seconds any more. */
1412 : void
1413 43 : hs_clean_last_hid_serv_requests(time_t now)
1414 : {
1415 43 : strmap_iter_t *iter;
1416 43 : time_t cutoff = now - hs_hsdir_requery_period(get_options());
1417 43 : strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1418 43 : for (iter = strmap_iter_init(last_hid_serv_requests);
1419 801 : !strmap_iter_done(iter); ) {
1420 758 : const char *key;
1421 758 : void *val;
1422 758 : time_t *ent;
1423 758 : strmap_iter_get(iter, &key, &val);
1424 758 : ent = (time_t *) val;
1425 758 : if (*ent < cutoff) {
1426 1 : iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1427 1 : tor_free(ent);
1428 : } else {
1429 757 : iter = strmap_iter_next(last_hid_serv_requests, iter);
1430 : }
1431 : }
1432 43 : }
1433 :
1434 : /** Remove all requests related to the descriptor request key string
1435 : * <b>req_key_str</b> from the history of times of requests to hidden service
1436 : * directories.
1437 : *
1438 : * This is called from purge_hid_serv_request(), which must be idempotent, so
1439 : * any future changes to this function must leave it idempotent too. */
1440 : void
1441 10 : hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
1442 : {
1443 10 : strmap_iter_t *iter;
1444 10 : strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1445 :
1446 10 : for (iter = strmap_iter_init(last_hid_serv_requests);
1447 22 : !strmap_iter_done(iter); ) {
1448 12 : const char *key;
1449 12 : void *val;
1450 12 : strmap_iter_get(iter, &key, &val);
1451 :
1452 : /* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
1453 : * semantic, see #23305. */
1454 :
1455 : /* This strmap contains variable-sized elements so this is a basic length
1456 : * check on the strings we are about to compare. The key is variable sized
1457 : * since it's composed as follows:
1458 : * key = base32(hsdir_identity) + base32(req_key_str)
1459 : * where 'req_key_str' is the ed25519 blinded public key of the HS v3. */
1460 12 : if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
1461 7 : iter = strmap_iter_next(last_hid_serv_requests, iter);
1462 7 : continue;
1463 : }
1464 :
1465 : /* Check if the tracked request matches our request key */
1466 5 : if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
1467 : strlen(req_key_str))) {
1468 1 : iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1469 1 : tor_free(val);
1470 : } else {
1471 4 : iter = strmap_iter_next(last_hid_serv_requests, iter);
1472 : }
1473 : }
1474 10 : }
1475 :
1476 : /** Purge the history of request times to hidden service directories,
1477 : * so that future lookups of an HS descriptor will not fail because we
1478 : * accessed all of the HSDir relays responsible for the descriptor
1479 : * recently. */
1480 : void
1481 283 : hs_purge_last_hid_serv_requests(void)
1482 : {
1483 : /* Don't create the table if it doesn't exist yet (and it may very
1484 : * well not exist if the user hasn't accessed any HSes)... */
1485 283 : strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
1486 : /* ... and let get_last_hid_serv_requests re-create it for us if
1487 : * necessary. */
1488 283 : last_hid_serv_requests_ = NULL;
1489 :
1490 283 : if (old_last_hid_serv_requests != NULL) {
1491 5 : log_info(LD_REND, "Purging client last-HS-desc-request-time table");
1492 5 : strmap_free(old_last_hid_serv_requests, tor_free_);
1493 : }
1494 283 : }
1495 :
1496 : /***********************************************************************/
1497 :
1498 : /** Given the list of responsible HSDirs in <b>responsible_dirs</b>, pick the
1499 : * one that we should use to fetch a descriptor right now. Take into account
1500 : * previous failed attempts at fetching this descriptor from HSDirs using the
1501 : * string identifier <b>req_key_str</b>. We return whether we are rate limited
1502 : * into *<b>is_rate_limited_out</b> if it is not NULL.
1503 : *
1504 : * Steals ownership of <b>responsible_dirs</b>.
1505 : *
1506 : * Return the routerstatus of the chosen HSDir if successful, otherwise return
1507 : * NULL if no HSDirs are worth trying right now. */
1508 : routerstatus_t *
1509 42 : hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str,
1510 : bool *is_rate_limited_out)
1511 : {
1512 42 : smartlist_t *usable_responsible_dirs = smartlist_new();
1513 42 : const or_options_t *options = get_options();
1514 42 : routerstatus_t *hs_dir;
1515 42 : time_t now = time(NULL);
1516 42 : int excluded_some;
1517 42 : bool rate_limited = false;
1518 42 : int rate_limited_count = 0;
1519 42 : int responsible_dirs_count = smartlist_len(responsible_dirs);
1520 :
1521 42 : tor_assert(req_key_str);
1522 :
1523 : /* Clean outdated request history first. */
1524 42 : hs_clean_last_hid_serv_requests(now);
1525 :
1526 : /* Only select those hidden service directories to which we did not send a
1527 : * request recently and for which we have a router descriptor here.
1528 : *
1529 : * Use for_direct_connect==0 even if we will be connecting to the node
1530 : * directly, since we always use the key information in the
1531 : * consensus-indexed node descriptors for building the index.
1532 : **/
1533 294 : SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
1534 252 : time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
1535 252 : const node_t *node = node_get_by_id(dir->identity_digest);
1536 252 : if (last + hs_hsdir_requery_period(options) >= now ||
1537 126 : !node || !node_has_preferred_descriptor(node, 0)) {
1538 126 : SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
1539 126 : rate_limited_count++;
1540 126 : continue;
1541 : }
1542 126 : if (!routerset_contains_node(options->ExcludeNodes, node)) {
1543 126 : smartlist_add(usable_responsible_dirs, dir);
1544 : }
1545 252 : } SMARTLIST_FOREACH_END(dir);
1546 :
1547 42 : if (rate_limited_count > 0 || responsible_dirs_count > 0) {
1548 42 : rate_limited = rate_limited_count == responsible_dirs_count;
1549 : }
1550 :
1551 42 : excluded_some =
1552 42 : smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
1553 :
1554 42 : hs_dir = smartlist_choose(usable_responsible_dirs);
1555 42 : if (!hs_dir && !options->StrictNodes) {
1556 6 : hs_dir = smartlist_choose(responsible_dirs);
1557 : }
1558 :
1559 42 : smartlist_free(responsible_dirs);
1560 42 : smartlist_free(usable_responsible_dirs);
1561 42 : if (!hs_dir) {
1562 6 : const char *warn_str = (rate_limited) ? "we are rate limited." :
1563 : "we requested them all recently without success";
1564 6 : log_info(LD_REND, "Could not pick one of the responsible hidden "
1565 : "service directories, because %s.", warn_str);
1566 6 : if (options->StrictNodes && excluded_some) {
1567 0 : log_warn(LD_REND, "Could not pick a hidden service directory for the "
1568 : "requested hidden service: they are all either down or "
1569 : "excluded, and StrictNodes is set.");
1570 : }
1571 : } else {
1572 : /* Remember that we are requesting a descriptor from this hidden service
1573 : * directory now. */
1574 36 : hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
1575 : }
1576 :
1577 42 : if (is_rate_limited_out != NULL) {
1578 0 : *is_rate_limited_out = rate_limited;
1579 : }
1580 :
1581 42 : return hs_dir;
1582 : }
1583 :
1584 : /** Given a list of link specifiers lspecs, a curve 25519 onion_key, and
1585 : * a direct connection boolean direct_conn (true for single onion services),
1586 : * return a newly allocated extend_info_t object.
1587 : *
1588 : * This function always returns an extend info with a valid IP address and
1589 : * ORPort, or NULL. If direct_conn is false, the IP address is always IPv4.
1590 : *
1591 : * It performs the following checks:
1592 : * if there is no usable IP address, or legacy ID is missing, return NULL.
1593 : * if direct_conn, and we can't reach any IP address, return NULL.
1594 : */
1595 : extend_info_t *
1596 93 : hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
1597 : const curve25519_public_key_t *onion_key,
1598 : int direct_conn)
1599 : {
1600 93 : int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
1601 93 : char legacy_id[DIGEST_LEN] = {0};
1602 93 : ed25519_public_key_t ed25519_pk;
1603 93 : extend_info_t *info = NULL;
1604 93 : tor_addr_port_t ap;
1605 :
1606 93 : tor_addr_make_null(&ap.addr, AF_UNSPEC);
1607 93 : ap.port = 0;
1608 :
1609 93 : if (lspecs == NULL) {
1610 1 : log_warn(LD_BUG, "Specified link specifiers is null");
1611 1 : goto done;
1612 : }
1613 :
1614 92 : if (onion_key == NULL) {
1615 1 : log_warn(LD_BUG, "Specified onion key is null");
1616 1 : goto done;
1617 : }
1618 :
1619 91 : if (smartlist_len(lspecs) == 0) {
1620 1 : log_fn(LOG_PROTOCOL_WARN, LD_REND, "Empty link specifier list.");
1621 : /* Return NULL. */
1622 1 : goto done;
1623 : }
1624 :
1625 276 : SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
1626 186 : switch (link_specifier_get_ls_type(ls)) {
1627 82 : case LS_IPV4:
1628 : /* Skip if we already seen a v4. If direct_conn is true, we skip this
1629 : * block because reachable_addr_choose_from_ls() will set ap. If
1630 : * direct_conn is false, set ap to the first IPv4 address and port in
1631 : * the link specifiers.*/
1632 82 : if (have_v4 || direct_conn) continue;
1633 77 : tor_addr_from_ipv4h(&ap.addr,
1634 : link_specifier_get_un_ipv4_addr(ls));
1635 77 : ap.port = link_specifier_get_un_ipv4_port(ls);
1636 77 : have_v4 = 1;
1637 77 : break;
1638 89 : case LS_LEGACY_ID:
1639 : /* Make sure we do have enough bytes for the legacy ID. */
1640 89 : if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
1641 : break;
1642 : }
1643 89 : memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
1644 : sizeof(legacy_id));
1645 89 : have_legacy_id = 1;
1646 89 : break;
1647 0 : case LS_ED25519_ID:
1648 0 : memcpy(ed25519_pk.pubkey,
1649 0 : link_specifier_getconstarray_un_ed25519_id(ls),
1650 : ED25519_PUBKEY_LEN);
1651 0 : have_ed25519_id = 1;
1652 0 : break;
1653 : default:
1654 : /* Ignore unknown. */
1655 : break;
1656 : }
1657 186 : } SMARTLIST_FOREACH_END(ls);
1658 :
1659 : /* Choose a preferred address first, but fall back to an allowed address. */
1660 90 : if (direct_conn)
1661 7 : reachable_addr_choose_from_ls(lspecs, 0, &ap);
1662 :
1663 : /* Legacy ID is mandatory, and we require an IP address. */
1664 90 : if (!tor_addr_port_is_valid_ap(&ap, 0)) {
1665 : /* If we're missing the IP address, log a warning and return NULL. */
1666 8 : log_info(LD_NET, "Unreachable or invalid IP address in link state");
1667 8 : goto done;
1668 : }
1669 82 : if (!have_legacy_id) {
1670 : /* If we're missing the legacy ID, log a warning and return NULL. */
1671 1 : log_warn(LD_PROTOCOL, "Missing Legacy ID in link state");
1672 1 : goto done;
1673 : }
1674 :
1675 : /* We will add support for falling back to a 3-hop path in a later
1676 : * release. */
1677 :
1678 : /* We'll validate now that the address we've picked isn't a private one. If
1679 : * it is, are we allowed to extend to private addresses? */
1680 81 : if (!extend_info_addr_is_allowed(&ap.addr)) {
1681 0 : log_fn(LOG_PROTOCOL_WARN, LD_REND,
1682 : "Requested address is private and we are not allowed to extend to "
1683 : "it: %s:%u", fmt_addr(&ap.addr), ap.port);
1684 0 : goto done;
1685 : }
1686 :
1687 : /* We do have everything for which we think we can connect successfully. */
1688 81 : info = extend_info_new(NULL, legacy_id,
1689 : (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
1690 81 : onion_key, &ap.addr, ap.port);
1691 93 : done:
1692 93 : return info;
1693 : }
1694 :
1695 : /***********************************************************************/
1696 :
1697 : /** Initialize the entire HS subsystem. This is called in tor_init() before any
1698 : * torrc options are loaded. Only for >= v3. */
1699 : void
1700 283 : hs_init(void)
1701 : {
1702 283 : hs_circuitmap_init();
1703 283 : hs_service_init();
1704 283 : hs_cache_init();
1705 283 : }
1706 :
1707 : /** Release and cleanup all memory of the HS subsystem (all version). This is
1708 : * called by tor_free_all(). */
1709 : void
1710 278 : hs_free_all(void)
1711 : {
1712 278 : hs_circuitmap_free_all();
1713 278 : hs_service_free_all();
1714 278 : hs_cache_free_all();
1715 278 : hs_client_free_all();
1716 278 : hs_ob_free_all();
1717 278 : }
1718 :
1719 : /** For the given origin circuit circ, decrement the number of rendezvous
1720 : * stream counter. This handles every hidden service version. */
1721 : void
1722 0 : hs_dec_rdv_stream_counter(origin_circuit_t *circ)
1723 : {
1724 0 : tor_assert(circ);
1725 :
1726 0 : if (circ->hs_ident) {
1727 0 : circ->hs_ident->num_rdv_streams--;
1728 : } else {
1729 : /* Should not be called if this circuit is not for hidden service. */
1730 0 : tor_assert_nonfatal_unreached();
1731 : }
1732 0 : }
1733 :
1734 : /** For the given origin circuit circ, increment the number of rendezvous
1735 : * stream counter. This handles every hidden service version. */
1736 : void
1737 0 : hs_inc_rdv_stream_counter(origin_circuit_t *circ)
1738 : {
1739 0 : tor_assert(circ);
1740 :
1741 0 : if (circ->hs_ident) {
1742 0 : circ->hs_ident->num_rdv_streams++;
1743 : } else {
1744 : /* Should not be called if this circuit is not for hidden service. */
1745 0 : tor_assert_nonfatal_unreached();
1746 : }
1747 0 : }
1748 :
1749 : /** Return a newly allocated link specifier object that is a copy of dst. */
1750 : link_specifier_t *
1751 501 : link_specifier_dup(const link_specifier_t *src)
1752 : {
1753 501 : link_specifier_t *dup = NULL;
1754 501 : uint8_t *buf = NULL;
1755 :
1756 501 : if (BUG(!src)) {
1757 0 : goto err;
1758 : }
1759 :
1760 501 : ssize_t encoded_len_alloc = link_specifier_encoded_len(src);
1761 501 : if (BUG(encoded_len_alloc < 0)) {
1762 0 : goto err;
1763 : }
1764 :
1765 501 : buf = tor_malloc_zero(encoded_len_alloc);
1766 501 : ssize_t encoded_len_data = link_specifier_encode(buf,
1767 : encoded_len_alloc,
1768 : src);
1769 501 : if (BUG(encoded_len_data < 0)) {
1770 0 : goto err;
1771 : }
1772 :
1773 501 : ssize_t parsed_len = link_specifier_parse(&dup, buf, encoded_len_alloc);
1774 501 : if (BUG(parsed_len < 0)) {
1775 0 : goto err;
1776 : }
1777 :
1778 501 : goto done;
1779 :
1780 0 : err:
1781 0 : dup = NULL;
1782 :
1783 501 : done:
1784 501 : tor_free(buf);
1785 501 : return dup;
1786 : }
|
