tor  0.4.1.0-alpha-dev
hs_common.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
12 #define HS_COMMON_PRIVATE
13 
14 #include "core/or/or.h"
15 
16 #include "app/config/config.h"
17 #include "core/or/circuitbuild.h"
18 #include "core/or/policies.h"
19 #include "feature/dirauth/shared_random_state.h"
20 #include "feature/hs/hs_cache.h"
22 #include "feature/hs/hs_client.h"
23 #include "feature/hs/hs_common.h"
24 #include "feature/hs/hs_ident.h"
25 #include "feature/hs/hs_service.h"
30 #include "feature/nodelist/routerset.h"
35 
36 #include "core/or/edge_connection_st.h"
37 #include "feature/nodelist/networkstatus_st.h"
38 #include "feature/nodelist/node_st.h"
39 #include "core/or/origin_circuit_st.h"
40 #include "feature/nodelist/routerstatus_st.h"
41 
42 /* Trunnel */
43 #include "trunnel/ed25519_cert.h"
44 
45 /* Ed25519 Basepoint value. Taken from section 5 of
46  * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
47 static const char *str_ed25519_basepoint =
48  "(15112221349535400772501151409588531511"
49  "454012693041857206046113283949847762202, "
50  "463168356949264781694283940034751631413"
51  "07993866256225615783033603165251855960)";
52 
53 #ifdef HAVE_SYS_UN_H
54 
59 static int
60 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
61 {
62  tor_assert(ports);
63  tor_assert(p);
64  tor_assert(p->is_unix_addr);
65 
66  smartlist_add(ports, p);
67  return 0;
68 }
69 
73 static int
74 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
75 {
76  tor_assert(conn);
77  tor_assert(p);
78  tor_assert(p->is_unix_addr);
79 
80  conn->base_.socket_family = AF_UNIX;
81  tor_addr_make_unspec(&conn->base_.addr);
82  conn->base_.port = 1;
83  conn->base_.address = tor_strdup(p->unix_addr);
84  return 0;
85 }
86 
87 #else /* !(defined(HAVE_SYS_UN_H)) */
88 
89 static int
90 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
91 {
92  (void) conn;
93  (void) p;
94  return -ENOSYS;
95 }
96 
97 static int
98 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
99 {
100  (void) ports;
101  (void) p;
102  return -ENOSYS;
103 }
104 
105 #endif /* defined(HAVE_SYS_UN_H) */
106 
107 /* Helper function: The key is a digest that we compare to a node_t object
108  * current hsdir_index. */
109 static int
110 compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
111 {
112  const char *key = _key;
113  const node_t *node = *_member;
114  return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
115 }
116 
117 /* Helper function: The key is a digest that we compare to a node_t object
118  * next hsdir_index. */
119 static int
120 compare_digest_to_store_first_hsdir_index(const void *_key,
121  const void **_member)
122 {
123  const char *key = _key;
124  const node_t *node = *_member;
125  return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
126 }
127 
128 /* Helper function: The key is a digest that we compare to a node_t object
129  * next hsdir_index. */
130 static int
131 compare_digest_to_store_second_hsdir_index(const void *_key,
132  const void **_member)
133 {
134  const char *key = _key;
135  const node_t *node = *_member;
136  return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
137 }
138 
139 /* Helper function: Compare two node_t objects current hsdir_index. */
140 static int
141 compare_node_fetch_hsdir_index(const void **a, const void **b)
142 {
143  const node_t *node1= *a;
144  const node_t *node2 = *b;
145  return tor_memcmp(node1->hsdir_index.fetch,
146  node2->hsdir_index.fetch,
147  DIGEST256_LEN);
148 }
149 
150 /* Helper function: Compare two node_t objects next hsdir_index. */
151 static int
152 compare_node_store_first_hsdir_index(const void **a, const void **b)
153 {
154  const node_t *node1= *a;
155  const node_t *node2 = *b;
156  return tor_memcmp(node1->hsdir_index.store_first,
157  node2->hsdir_index.store_first,
158  DIGEST256_LEN);
159 }
160 
161 /* Helper function: Compare two node_t objects next hsdir_index. */
162 static int
163 compare_node_store_second_hsdir_index(const void **a, const void **b)
164 {
165  const node_t *node1= *a;
166  const node_t *node2 = *b;
167  return tor_memcmp(node1->hsdir_index.store_second,
168  node2->hsdir_index.store_second,
169  DIGEST256_LEN);
170 }
171 
172 /* Allocate and return a string containing the path to filename in directory.
173  * This function will never return NULL. The caller must free this path. */
174 char *
175 hs_path_from_filename(const char *directory, const char *filename)
176 {
177  char *file_path = NULL;
178 
179  tor_assert(directory);
180  tor_assert(filename);
181 
182  tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
183  return file_path;
184 }
185 
186 /* Make sure that the directory for <b>service</b> is private, using the config
187  * <b>username</b>.
188  * If <b>create</b> is true:
189  * - if the directory exists, change permissions if needed,
190  * - if the directory does not exist, create it with the correct permissions.
191  * If <b>create</b> is false:
192  * - if the directory exists, check permissions,
193  * - if the directory does not exist, check if we think we can create it.
194  * Return 0 on success, -1 on failure. */
195 int
196 hs_check_service_private_dir(const char *username, const char *path,
197  unsigned int dir_group_readable,
198  unsigned int create)
199 {
200  cpd_check_t check_opts = CPD_NONE;
201 
202  tor_assert(path);
203 
204  if (create) {
205  check_opts |= CPD_CREATE;
206  } else {
207  check_opts |= CPD_CHECK_MODE_ONLY;
208  check_opts |= CPD_CHECK;
209  }
210  if (dir_group_readable) {
211  check_opts |= CPD_GROUP_READ;
212  }
213  /* Check/create directory */
214  if (check_private_dir(path, check_opts, username) < 0) {
215  return -1;
216  }
217  return 0;
218 }
219 
220 /* Default, minimum, and maximum values for the maximum rendezvous failures
221  * consensus parameter. */
222 #define MAX_REND_FAILURES_DEFAULT 2
223 #define MAX_REND_FAILURES_MIN 1
224 #define MAX_REND_FAILURES_MAX 10
225 
228 int
230 {
231  return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
232  MAX_REND_FAILURES_DEFAULT,
233  MAX_REND_FAILURES_MIN,
234  MAX_REND_FAILURES_MAX);
235 }
236 
238 STATIC uint64_t
240 {
241  /* If we are on a test network, make the time period smaller than normal so
242  that we actually see it rotate. Specifically, make it the same length as
243  an SRV protocol run. */
244  if (get_options()->TestingTorNetwork) {
245  unsigned run_duration = sr_state_get_protocol_run_duration();
246  /* An SRV run should take more than a minute (it's 24 rounds) */
247  tor_assert_nonfatal(run_duration > 60);
248  /* Turn it from seconds to minutes before returning: */
250  }
251 
252  int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
253  HS_TIME_PERIOD_LENGTH_DEFAULT,
254  HS_TIME_PERIOD_LENGTH_MIN,
255  HS_TIME_PERIOD_LENGTH_MAX);
256  /* Make sure it's a positive value. */
257  tor_assert(time_period_length > 0);
258  /* uint64_t will always be able to contain a positive int32_t */
259  return (uint64_t) time_period_length;
260 }
261 
264 uint64_t
266 {
267  uint64_t time_period_num;
268  time_t current_time;
269 
270  /* If no time is specified, set current time based on consensus time, and
271  * only fall back to system time if that fails. */
272  if (now != 0) {
273  current_time = now;
274  } else {
275  networkstatus_t *ns = networkstatus_get_live_consensus(approx_time());
276  current_time = ns ? ns->valid_after : approx_time();
277  }
278 
279  /* Start by calculating minutes since the epoch */
280  uint64_t time_period_length = get_time_period_length();
281  uint64_t minutes_since_epoch = current_time / 60;
282 
283  /* Apply the rotation offset as specified by prop224 (section
284  * [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
285  * publication */
286  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
287  time_period_rotation_offset /= 60; /* go from seconds to minutes */
288  tor_assert(minutes_since_epoch > time_period_rotation_offset);
289  minutes_since_epoch -= time_period_rotation_offset;
290 
291  /* Calculate the time period */
292  time_period_num = minutes_since_epoch / time_period_length;
293  return time_period_num;
294 }
295 
299 uint64_t
301 {
302  return hs_get_time_period_num(now) + 1;
303 }
304 
305 /* Get the number of the _previous_ HS time period, given that the current time
306  * is <b>now</b>. If <b>now</b> is not set, we try to get the time from a live
307  * consensus. */
308 uint64_t
309 hs_get_previous_time_period_num(time_t now)
310 {
311  return hs_get_time_period_num(now) - 1;
312 }
313 
314 /* Return the start time of the upcoming time period based on <b>now</b>. If
315  <b>now</b> is not set, we try to get the time ourselves from a live
316  consensus. */
317 time_t
318 hs_get_start_time_of_next_time_period(time_t now)
319 {
320  uint64_t time_period_length = get_time_period_length();
321 
322  /* Get start time of next time period */
323  uint64_t next_time_period_num = hs_get_next_time_period_num(now);
324  uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
325 
326  /* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
327  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
328  return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
329 }
330 
331 /* Create a new rend_data_t for a specific given <b>version</b>.
332  * Return a pointer to the newly allocated data structure. */
333 static rend_data_t *
334 rend_data_alloc(uint32_t version)
335 {
336  rend_data_t *rend_data = NULL;
337 
338  switch (version) {
339  case HS_VERSION_TWO:
340  {
341  rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2));
342  v2->base_.version = HS_VERSION_TWO;
343  v2->base_.hsdirs_fp = smartlist_new();
344  rend_data = &v2->base_;
345  break;
346  }
347  default:
348  tor_assert(0);
349  break;
350  }
351 
352  return rend_data;
353 }
354 
356 void
358 {
359  if (!data) {
360  return;
361  }
362  /* By using our allocation function, this should always be set. */
363  tor_assert(data->hsdirs_fp);
364  /* Cleanup the HSDir identity digest. */
365  SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
366  smartlist_free(data->hsdirs_fp);
367  /* Depending on the version, cleanup. */
368  switch (data->version) {
369  case HS_VERSION_TWO:
370  {
371  rend_data_v2_t *v2_data = TO_REND_DATA_V2(data);
372  tor_free(v2_data);
373  break;
374  }
375  default:
376  tor_assert(0);
377  }
378 }
379 
380 /* Allocate and return a deep copy of <b>data</b>. */
381 rend_data_t *
382 rend_data_dup(const rend_data_t *data)
383 {
384  rend_data_t *data_dup = NULL;
385  smartlist_t *hsdirs_fp = smartlist_new();
386 
387  tor_assert(data);
388  tor_assert(data->hsdirs_fp);
389 
390  SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
391  smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN)));
392 
393  switch (data->version) {
394  case HS_VERSION_TWO:
395  {
396  rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data),
397  sizeof(*v2_data));
398  data_dup = &v2_data->base_;
399  data_dup->hsdirs_fp = hsdirs_fp;
400  break;
401  }
402  default:
403  tor_assert(0);
404  break;
405  }
406 
407  return data_dup;
408 }
409 
410 /* Compute the descriptor ID for each HS descriptor replica and save them. A
411  * valid onion address must be present in the <b>rend_data</b>.
412  *
413  * Return 0 on success else -1. */
414 static int
415 compute_desc_id(rend_data_t *rend_data)
416 {
417  int ret = 0;
418  unsigned replica;
419  time_t now = time(NULL);
420 
421  tor_assert(rend_data);
422 
423  switch (rend_data->version) {
424  case HS_VERSION_TWO:
425  {
426  rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
427  /* Compute descriptor ID for each replicas. */
428  for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id);
429  replica++) {
430  ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica],
431  v2_data->onion_address,
432  v2_data->descriptor_cookie,
433  now, replica);
434  if (ret < 0) {
435  goto end;
436  }
437  }
438  break;
439  }
440  default:
441  tor_assert(0);
442  }
443 
444  end:
445  return ret;
446 }
447 
448 /* Allocate and initialize a rend_data_t object for a service using the
449  * provided arguments. All arguments are optional (can be NULL), except from
450  * <b>onion_address</b> which MUST be set. The <b>pk_digest</b> is the hash of
451  * the service private key. The <b>cookie</b> is the rendezvous cookie and
452  * <b>auth_type</b> is which authentiation this service is configured with.
453  *
454  * Return a valid rend_data_t pointer. This only returns a version 2 object of
455  * rend_data_t. */
456 rend_data_t *
457 rend_data_service_create(const char *onion_address, const char *pk_digest,
458  const uint8_t *cookie, rend_auth_type_t auth_type)
459 {
460  /* Create a rend_data_t object for version 2. */
461  rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
462  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
463 
464  /* We need at least one else the call is wrong. */
465  tor_assert(onion_address != NULL);
466 
467  if (pk_digest) {
468  memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest));
469  }
470  if (cookie) {
471  memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie));
472  }
473 
474  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
475  v2->auth_type = auth_type;
476 
477  return rend_data;
478 }
479 
480 /* Allocate and initialize a rend_data_t object for a client request using the
481  * given arguments. Either an onion address or a descriptor ID is needed. Both
482  * can be given but in this case only the onion address will be used to make
483  * the descriptor fetch. The <b>cookie</b> is the rendezvous cookie and
484  * <b>auth_type</b> is which authentiation the service is configured with.
485  *
486  * Return a valid rend_data_t pointer or NULL on error meaning the
487  * descriptor IDs couldn't be computed from the given data. */
488 rend_data_t *
489 rend_data_client_create(const char *onion_address, const char *desc_id,
490  const char *cookie, rend_auth_type_t auth_type)
491 {
492  /* Create a rend_data_t object for version 2. */
493  rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
494  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
495 
496  /* We need at least one else the call is wrong. */
497  tor_assert(onion_address != NULL || desc_id != NULL);
498 
499  if (cookie) {
500  memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie));
501  }
502  if (desc_id) {
503  memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch));
504  }
505  if (onion_address) {
506  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
507  if (compute_desc_id(rend_data) < 0) {
508  goto error;
509  }
510  }
511 
512  v2->auth_type = auth_type;
513 
514  return rend_data;
515 
516  error:
517  rend_data_free(rend_data);
518  return NULL;
519 }
520 
521 /* Return the onion address from the rend data. Depending on the version,
522  * the size of the address can vary but it's always NUL terminated. */
523 const char *
524 rend_data_get_address(const rend_data_t *rend_data)
525 {
526  tor_assert(rend_data);
527 
528  switch (rend_data->version) {
529  case HS_VERSION_TWO:
530  return TO_REND_DATA_V2(rend_data)->onion_address;
531  default:
532  /* We should always have a supported version. */
533  tor_assert_unreached();
534  }
535 }
536 
537 /* Return the descriptor ID for a specific replica number from the rend
538  * data. The returned data is a binary digest and depending on the version its
539  * size can vary. The size of the descriptor ID is put in <b>len_out</b> if
540  * non NULL. */
541 const char *
542 rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica,
543  size_t *len_out)
544 {
545  tor_assert(rend_data);
546 
547  switch (rend_data->version) {
548  case HS_VERSION_TWO:
550  if (len_out) {
551  *len_out = DIGEST_LEN;
552  }
553  return TO_REND_DATA_V2(rend_data)->descriptor_id[replica];
554  default:
555  /* We should always have a supported version. */
556  tor_assert_unreached();
557  }
558 }
559 
560 /* Return the public key digest using the given <b>rend_data</b>. The size of
561  * the digest is put in <b>len_out</b> (if set) which can differ depending on
562  * the version. */
563 const uint8_t *
564 rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
565 {
566  tor_assert(rend_data);
567 
568  switch (rend_data->version) {
569  case HS_VERSION_TWO:
570  {
571  const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
572  if (len_out) {
573  *len_out = sizeof(v2_data->rend_pk_digest);
574  }
575  return (const uint8_t *) v2_data->rend_pk_digest;
576  }
577  default:
578  /* We should always have a supported version. */
579  tor_assert_unreached();
580  }
581 }
582 
583 /* Using the given time period number, compute the disaster shared random
584  * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
585 static void
586 compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
587 {
588  crypto_digest_t *digest;
589 
590  tor_assert(srv_out);
591 
592  digest = crypto_digest256_new(DIGEST_SHA3_256);
593 
594  /* Start setting up payload:
595  * H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
596  crypto_digest_add_bytes(digest, HS_SRV_DISASTER_PREFIX,
597  HS_SRV_DISASTER_PREFIX_LEN);
598 
599  /* Setup INT_8(period_length) | INT_8(period_num) */
600  {
601  uint64_t time_period_length = get_time_period_length();
602  char period_stuff[sizeof(uint64_t)*2];
603  size_t offset = 0;
604  set_uint64(period_stuff, tor_htonll(time_period_length));
605  offset += sizeof(uint64_t);
606  set_uint64(period_stuff+offset, tor_htonll(time_period_num));
607  offset += sizeof(uint64_t);
608  tor_assert(offset == sizeof(period_stuff));
609 
610  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
611  }
612 
613  crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
614  crypto_digest_free(digest);
615 }
616 
624 static uint64_t cached_time_period_nums[2] = {0};
625 
629 STATIC void
630 get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
631 {
632  if (time_period_num == cached_time_period_nums[0]) {
633  memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
634  return;
635  } else if (time_period_num == cached_time_period_nums[1]) {
636  memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
637  return;
638  } else {
639  int replace_idx;
640  // Replace the lower period number.
641  if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
642  replace_idx = 0;
643  } else {
644  replace_idx = 1;
645  }
646  cached_time_period_nums[replace_idx] = time_period_num;
647  compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
648  memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
649  return;
650  }
651 }
652 
653 #ifdef TOR_UNIT_TESTS
654 
656 STATIC uint8_t *
657 get_first_cached_disaster_srv(void)
658 {
659  return cached_disaster_srv[0];
660 }
661 
663 STATIC uint8_t *
664 get_second_cached_disaster_srv(void)
665 {
666  return cached_disaster_srv[1];
667 }
668 
669 #endif /* defined(TOR_UNIT_TESTS) */
670 
671 /* When creating a blinded key, we need a parameter which construction is as
672  * follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
673  *
674  * The nonce has a pre-defined format which uses the time period number
675  * period_num and the start of the period in second start_time_period.
676  *
677  * The secret of size secret_len is optional meaning that it can be NULL and
678  * thus will be ignored for the param construction.
679  *
680  * The result is put in param_out. */
681 static void
682 build_blinded_key_param(const ed25519_public_key_t *pubkey,
683  const uint8_t *secret, size_t secret_len,
684  uint64_t period_num, uint64_t period_length,
685  uint8_t *param_out)
686 {
687  size_t offset = 0;
688  const char blind_str[] = "Derive temporary signing key";
689  uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
690  crypto_digest_t *digest;
691 
692  tor_assert(pubkey);
693  tor_assert(param_out);
694 
695  /* Create the nonce N. The construction is as follow:
696  * N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
697  memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
698  offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
699  set_uint64(nonce + offset, tor_htonll(period_num));
700  offset += sizeof(uint64_t);
701  set_uint64(nonce + offset, tor_htonll(period_length));
702  offset += sizeof(uint64_t);
703  tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
704 
705  /* Generate the parameter h and the construction is as follow:
706  * h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
707  digest = crypto_digest256_new(DIGEST_SHA3_256);
708  crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
709  crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
710  /* Optional secret. */
711  if (secret) {
712  crypto_digest_add_bytes(digest, (char *) secret, secret_len);
713  }
714  crypto_digest_add_bytes(digest, str_ed25519_basepoint,
715  strlen(str_ed25519_basepoint));
716  crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
717 
718  /* Extract digest and put it in the param. */
719  crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
720  crypto_digest_free(digest);
721 
722  memwipe(nonce, 0, sizeof(nonce));
723 }
724 
725 /* Using an ed25519 public key and version to build the checksum of an
726  * address. Put in checksum_out. Format is:
727  * SHA3-256(".onion checksum" || PUBKEY || VERSION)
728  *
729  * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
730 static void
731 build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
732  uint8_t *checksum_out)
733 {
734  size_t offset = 0;
735  char data[HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN];
736 
737  /* Build checksum data. */
738  memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
739  HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN);
740  offset += HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN;
741  memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
742  offset += ED25519_PUBKEY_LEN;
743  set_uint8(data + offset, version);
744  offset += sizeof(version);
745  tor_assert(offset == HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN);
746 
747  /* Hash the data payload to create the checksum. */
748  crypto_digest256((char *) checksum_out, data, sizeof(data),
749  DIGEST_SHA3_256);
750 }
751 
752 /* Using an ed25519 public key, checksum and version to build the binary
753  * representation of a service address. Put in addr_out. Format is:
754  * addr_out = PUBKEY || CHECKSUM || VERSION
755  *
756  * addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
757 static void
758 build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
759  uint8_t version, char *addr_out)
760 {
761  size_t offset = 0;
762 
763  tor_assert(key);
764  tor_assert(checksum);
765 
766  memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
767  offset += ED25519_PUBKEY_LEN;
768  memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
769  offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
770  set_uint8(addr_out + offset, version);
771  offset += sizeof(uint8_t);
772  tor_assert(offset == HS_SERVICE_ADDR_LEN);
773 }
774 
775 /* Helper for hs_parse_address(): Using a binary representation of a service
776  * address, parse its content into the key_out, checksum_out and version_out.
777  * Any out variable can be NULL in case the caller would want only one field.
778  * checksum_out MUST at least be 2 bytes long. address must be at least
779  * HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
780 static void
781 hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
782  uint8_t *checksum_out, uint8_t *version_out)
783 {
784  size_t offset = 0;
785 
786  tor_assert(address);
787 
788  if (key_out) {
789  /* First is the key. */
790  memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
791  }
792  offset += ED25519_PUBKEY_LEN;
793  if (checksum_out) {
794  /* Followed by a 2 bytes checksum. */
795  memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
796  }
797  offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
798  if (version_out) {
799  /* Finally, version value is 1 byte. */
800  *version_out = get_uint8(address + offset);
801  }
802  offset += sizeof(uint8_t);
803  /* Extra safety. */
804  tor_assert(offset == HS_SERVICE_ADDR_LEN);
805 }
806 
807 /* Using the given identity public key and a blinded public key, compute the
808  * subcredential and put it in subcred_out (must be of size DIGEST256_LEN).
809  * This can't fail. */
810 void
811 hs_get_subcredential(const ed25519_public_key_t *identity_pk,
812  const ed25519_public_key_t *blinded_pk,
813  uint8_t *subcred_out)
814 {
815  uint8_t credential[DIGEST256_LEN];
816  crypto_digest_t *digest;
817 
818  tor_assert(identity_pk);
819  tor_assert(blinded_pk);
820  tor_assert(subcred_out);
821 
822  /* First, build the credential. Construction is as follow:
823  * credential = H("credential" | public-identity-key) */
824  digest = crypto_digest256_new(DIGEST_SHA3_256);
825  crypto_digest_add_bytes(digest, HS_CREDENTIAL_PREFIX,
826  HS_CREDENTIAL_PREFIX_LEN);
827  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
828  ED25519_PUBKEY_LEN);
829  crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
830  crypto_digest_free(digest);
831 
832  /* Now, compute the subcredential. Construction is as follow:
833  * subcredential = H("subcredential" | credential | blinded-public-key). */
834  digest = crypto_digest256_new(DIGEST_SHA3_256);
835  crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
836  HS_SUBCREDENTIAL_PREFIX_LEN);
837  crypto_digest_add_bytes(digest, (const char *) credential,
838  sizeof(credential));
839  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
840  ED25519_PUBKEY_LEN);
841  crypto_digest_get_digest(digest, (char *) subcred_out, DIGEST256_LEN);
842  crypto_digest_free(digest);
843 
844  memwipe(credential, 0, sizeof(credential));
845 }
846 
847 /* From the given list of hidden service ports, find the ones that match the
848  * given edge connection conn, pick one at random and use it to set the
849  * connection address. Return 0 on success or -1 if none. */
850 int
851 hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
852 {
853  rend_service_port_config_t *chosen_port;
854  unsigned int warn_once = 0;
855  smartlist_t *matching_ports;
856 
857  tor_assert(ports);
858  tor_assert(conn);
859 
860  matching_ports = smartlist_new();
862  if (TO_CONN(conn)->port != p->virtual_port) {
863  continue;
864  }
865  if (!(p->is_unix_addr)) {
866  smartlist_add(matching_ports, p);
867  } else {
868  if (add_unix_port(matching_ports, p)) {
869  if (!warn_once) {
870  /* Unix port not supported so warn only once. */
871  log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
872  "which is unsupported on this platform. "
873  "Ignoring it.",
874  TO_CONN(conn)->port);
875  }
876  warn_once++;
877  }
878  }
879  } SMARTLIST_FOREACH_END(p);
880 
881  chosen_port = smartlist_choose(matching_ports);
882  smartlist_free(matching_ports);
883  if (chosen_port) {
884  if (!(chosen_port->is_unix_addr)) {
885  /* save the original destination before we overwrite it */
886  if (conn->hs_ident) {
887  conn->hs_ident->orig_virtual_port = TO_CONN(conn)->port;
888  }
889 
890  /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
891  tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
892  TO_CONN(conn)->port = chosen_port->real_port;
893  } else {
894  if (set_unix_port(conn, chosen_port)) {
895  /* Simply impossible to end up here else we were able to add a Unix
896  * port without AF_UNIX support... ? */
897  tor_assert(0);
898  }
899  }
900  }
901  return (chosen_port) ? 0 : -1;
902 }
903 
904 /* Using a base32 representation of a service address, parse its content into
905  * the key_out, checksum_out and version_out. Any out variable can be NULL in
906  * case the caller would want only one field. checksum_out MUST at least be 2
907  * bytes long.
908  *
909  * Return 0 if parsing went well; return -1 in case of error. */
910 int
911 hs_parse_address(const char *address, ed25519_public_key_t *key_out,
912  uint8_t *checksum_out, uint8_t *version_out)
913 {
914  char decoded[HS_SERVICE_ADDR_LEN];
915 
916  tor_assert(address);
917 
918  /* Obvious length check. */
919  if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
920  log_warn(LD_REND, "Service address %s has an invalid length. "
921  "Expected %lu but got %lu.",
922  escaped_safe_str(address),
923  (unsigned long) HS_SERVICE_ADDR_LEN_BASE32,
924  (unsigned long) strlen(address));
925  goto invalid;
926  }
927 
928  /* Decode address so we can extract needed fields. */
929  if (base32_decode(decoded, sizeof(decoded), address, strlen(address))
930  != sizeof(decoded)) {
931  log_warn(LD_REND, "Service address %s can't be decoded.",
932  escaped_safe_str(address));
933  goto invalid;
934  }
935 
936  /* Parse the decoded address into the fields we need. */
937  hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
938 
939  return 0;
940  invalid:
941  return -1;
942 }
943 
944 /* Validate a given onion address. The length, the base32 decoding and
945  * checksum are validated. Return 1 if valid else 0. */
946 int
947 hs_address_is_valid(const char *address)
948 {
949  uint8_t version;
950  uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
951  uint8_t target_checksum[DIGEST256_LEN];
952  ed25519_public_key_t service_pubkey;
953 
954  /* Parse the decoded address into the fields we need. */
955  if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
956  goto invalid;
957  }
958 
959  /* Get the checksum it's suppose to be and compare it with what we have
960  * encoded in the address. */
961  build_hs_checksum(&service_pubkey, version, target_checksum);
962  if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
963  log_warn(LD_REND, "Service address %s invalid checksum.",
964  escaped_safe_str(address));
965  goto invalid;
966  }
967 
968  /* Validate that this pubkey does not have a torsion component. We need to do
969  * this on the prop224 client-side so that attackers can't give equivalent
970  * forms of an onion address to users. */
971  if (ed25519_validate_pubkey(&service_pubkey) < 0) {
972  log_warn(LD_REND, "Service address %s has bad pubkey .",
973  escaped_safe_str(address));
974  goto invalid;
975  }
976 
977  /* Valid address. */
978  return 1;
979  invalid:
980  return 0;
981 }
982 
983 /* Build a service address using an ed25519 public key and a given version.
984  * The returned address is base32 encoded and put in addr_out. The caller MUST
985  * make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
986  *
987  * Format is as follow:
988  * base32(PUBKEY || CHECKSUM || VERSION)
989  * CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
990  * */
991 void
992 hs_build_address(const ed25519_public_key_t *key, uint8_t version,
993  char *addr_out)
994 {
995  uint8_t checksum[DIGEST256_LEN];
996  char address[HS_SERVICE_ADDR_LEN];
997 
998  tor_assert(key);
999  tor_assert(addr_out);
1000 
1001  /* Get the checksum of the address. */
1002  build_hs_checksum(key, version, checksum);
1003  /* Get the binary address representation. */
1004  build_hs_address(key, checksum, version, address);
1005 
1006  /* Encode the address. addr_out will be NUL terminated after this. */
1007  base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
1008  sizeof(address));
1009  /* Validate what we just built. */
1010  tor_assert(hs_address_is_valid(addr_out));
1011 }
1012 
1013 /* From a given ed25519 public key pk and an optional secret, compute a
1014  * blinded public key and put it in blinded_pk_out. This is only useful to
1015  * the client side because the client only has access to the identity public
1016  * key of the service. */
1017 void
1018 hs_build_blinded_pubkey(const ed25519_public_key_t *pk,
1019  const uint8_t *secret, size_t secret_len,
1020  uint64_t time_period_num,
1021  ed25519_public_key_t *blinded_pk_out)
1022 {
1023  /* Our blinding key API requires a 32 bytes parameter. */
1024  uint8_t param[DIGEST256_LEN];
1025 
1026  tor_assert(pk);
1027  tor_assert(blinded_pk_out);
1028  tor_assert(!tor_mem_is_zero((char *) pk, ED25519_PUBKEY_LEN));
1029 
1030  build_blinded_key_param(pk, secret, secret_len,
1031  time_period_num, get_time_period_length(), param);
1032  ed25519_public_blind(blinded_pk_out, pk, param);
1033 
1034  memwipe(param, 0, sizeof(param));
1035 }
1036 
1037 /* From a given ed25519 keypair kp and an optional secret, compute a blinded
1038  * keypair for the current time period and put it in blinded_kp_out. This is
1039  * only useful by the service side because the client doesn't have access to
1040  * the identity secret key. */
1041 void
1042 hs_build_blinded_keypair(const ed25519_keypair_t *kp,
1043  const uint8_t *secret, size_t secret_len,
1044  uint64_t time_period_num,
1045  ed25519_keypair_t *blinded_kp_out)
1046 {
1047  /* Our blinding key API requires a 32 bytes parameter. */
1048  uint8_t param[DIGEST256_LEN];
1049 
1050  tor_assert(kp);
1051  tor_assert(blinded_kp_out);
1052  /* Extra safety. A zeroed key is bad. */
1053  tor_assert(!tor_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
1054  tor_assert(!tor_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
1055 
1056  build_blinded_key_param(&kp->pubkey, secret, secret_len,
1057  time_period_num, get_time_period_length(), param);
1058  ed25519_keypair_blind(blinded_kp_out, kp, param);
1059 
1060  memwipe(param, 0, sizeof(param));
1061 }
1062 
1063 /* Return true if we are currently in the time segment between a new time
1064  * period and a new SRV (in the real network that happens between 12:00 and
1065  * 00:00 UTC). Here is a diagram showing exactly when this returns true:
1066  *
1067  * +------------------------------------------------------------------+
1068  * | |
1069  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
1070  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
1071  * | |
1072  * | $==========|-----------$===========|-----------$===========| |
1073  * | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
1074  * | |
1075  * +------------------------------------------------------------------+
1076  */
1077 MOCK_IMPL(int,
1078 hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
1079 {
1080  time_t valid_after;
1081  time_t srv_start_time, tp_start_time;
1082 
1083  if (!consensus) {
1084  consensus = networkstatus_get_live_consensus(now);
1085  if (!consensus) {
1086  return 0;
1087  }
1088  }
1089 
1090  /* Get start time of next TP and of current SRV protocol run, and check if we
1091  * are between them. */
1092  valid_after = consensus->valid_after;
1094  tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
1095 
1096  if (valid_after >= srv_start_time && valid_after < tp_start_time) {
1097  return 0;
1098  }
1099 
1100  return 1;
1101 }
1102 
1103 /* Return 1 if any virtual port in ports needs a circuit with good uptime.
1104  * Else return 0. */
1105 int
1106 hs_service_requires_uptime_circ(const smartlist_t *ports)
1107 {
1108  tor_assert(ports);
1109 
1111  if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
1112  p->virtual_port)) {
1113  return 1;
1114  }
1115  } SMARTLIST_FOREACH_END(p);
1116  return 0;
1117 }
1118 
1119 /* Build hs_index which is used to find the responsible hsdirs. This index
1120  * value is used to select the responsible HSDir where their hsdir_index is
1121  * closest to this value.
1122  * SHA3-256("store-at-idx" | blinded_public_key |
1123  * INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
1124  *
1125  * hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
1126 void
1127 hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
1128  uint64_t period_num, uint8_t *hs_index_out)
1129 {
1130  crypto_digest_t *digest;
1131 
1132  tor_assert(blinded_pk);
1133  tor_assert(hs_index_out);
1134 
1135  /* Build hs_index. See construction at top of function comment. */
1136  digest = crypto_digest256_new(DIGEST_SHA3_256);
1137  crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
1138  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
1139  ED25519_PUBKEY_LEN);
1140 
1141  /* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
1142  {
1143  uint64_t period_length = get_time_period_length();
1144  char buf[sizeof(uint64_t)*3];
1145  size_t offset = 0;
1146  set_uint64(buf, tor_htonll(replica));
1147  offset += sizeof(uint64_t);
1148  set_uint64(buf+offset, tor_htonll(period_length));
1149  offset += sizeof(uint64_t);
1150  set_uint64(buf+offset, tor_htonll(period_num));
1151  offset += sizeof(uint64_t);
1152  tor_assert(offset == sizeof(buf));
1153 
1154  crypto_digest_add_bytes(digest, buf, sizeof(buf));
1155  }
1156 
1157  crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
1158  crypto_digest_free(digest);
1159 }
1160 
1161 /* Build hsdir_index which is used to find the responsible hsdirs. This is the
1162  * index value that is compare to the hs_index when selecting an HSDir.
1163  * SHA3-256("node-idx" | node_identity |
1164  * shared_random_value | INT_8(period_length) | INT_8(period_num) )
1165  *
1166  * hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
1167 void
1168 hs_build_hsdir_index(const ed25519_public_key_t *identity_pk,
1169  const uint8_t *srv_value, uint64_t period_num,
1170  uint8_t *hsdir_index_out)
1171 {
1172  crypto_digest_t *digest;
1173 
1174  tor_assert(identity_pk);
1175  tor_assert(srv_value);
1176  tor_assert(hsdir_index_out);
1177 
1178  /* Build hsdir_index. See construction at top of function comment. */
1179  digest = crypto_digest256_new(DIGEST_SHA3_256);
1180  crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
1181  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
1182  ED25519_PUBKEY_LEN);
1183  crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
1184 
1185  {
1186  uint64_t time_period_length = get_time_period_length();
1187  char period_stuff[sizeof(uint64_t)*2];
1188  size_t offset = 0;
1189  set_uint64(period_stuff, tor_htonll(period_num));
1190  offset += sizeof(uint64_t);
1191  set_uint64(period_stuff+offset, tor_htonll(time_period_length));
1192  offset += sizeof(uint64_t);
1193  tor_assert(offset == sizeof(period_stuff));
1194 
1195  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
1196  }
1197 
1198  crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
1199  crypto_digest_free(digest);
1200 }
1201 
1202 /* Return a newly allocated buffer containing the current shared random value
1203  * or if not present, a disaster value is computed using the given time period
1204  * number. If a consensus is provided in <b>ns</b>, use it to get the SRV
1205  * value. This function can't fail. */
1206 uint8_t *
1207 hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
1208 {
1209  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1210  const sr_srv_t *current_srv = sr_get_current(ns);
1211 
1212  if (current_srv) {
1213  memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
1214  } else {
1215  /* Disaster mode. */
1216  get_disaster_srv(time_period_num, sr_value);
1217  }
1218  return sr_value;
1219 }
1220 
1221 /* Return a newly allocated buffer containing the previous shared random
1222  * value or if not present, a disaster value is computed using the given time
1223  * period number. This function can't fail. */
1224 uint8_t *
1225 hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
1226 {
1227  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1228  const sr_srv_t *previous_srv = sr_get_previous(ns);
1229 
1230  if (previous_srv) {
1231  memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
1232  } else {
1233  /* Disaster mode. */
1234  get_disaster_srv(time_period_num, sr_value);
1235  }
1236  return sr_value;
1237 }
1238 
1239 /* Return the number of replicas defined by a consensus parameter or the
1240  * default value. */
1241 int32_t
1242 hs_get_hsdir_n_replicas(void)
1243 {
1244  /* The [1,16] range is a specification requirement. */
1245  return networkstatus_get_param(NULL, "hsdir_n_replicas",
1246  HS_DEFAULT_HSDIR_N_REPLICAS, 1, 16);
1247 }
1248 
1249 /* Return the spread fetch value defined by a consensus parameter or the
1250  * default value. */
1251 int32_t
1252 hs_get_hsdir_spread_fetch(void)
1253 {
1254  /* The [1,128] range is a specification requirement. */
1255  return networkstatus_get_param(NULL, "hsdir_spread_fetch",
1256  HS_DEFAULT_HSDIR_SPREAD_FETCH, 1, 128);
1257 }
1258 
1259 /* Return the spread store value defined by a consensus parameter or the
1260  * default value. */
1261 int32_t
1262 hs_get_hsdir_spread_store(void)
1263 {
1264  /* The [1,128] range is a specification requirement. */
1265  return networkstatus_get_param(NULL, "hsdir_spread_store",
1266  HS_DEFAULT_HSDIR_SPREAD_STORE, 1, 128);
1267 }
1268 
1271 static int
1273 {
1275 
1276  /* A node can't have an HSDir index without a descriptor since we need desc
1277  * to get its ed25519 key. for_direct_connect should be zero, since we
1278  * always use the consensus-indexed node's keys to build the hash ring, even
1279  * if some of the consensus-indexed nodes are also bridges. */
1280  if (!node_has_preferred_descriptor(node, 0)) {
1281  return 0;
1282  }
1283 
1284  /* At this point, since the node has a desc, this node must also have an
1285  * hsdir index. If not, something went wrong, so BUG out. */
1286  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.fetch,
1287  DIGEST256_LEN))) {
1288  return 0;
1289  }
1290  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.store_first,
1291  DIGEST256_LEN))) {
1292  return 0;
1293  }
1294  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.store_second,
1295  DIGEST256_LEN))) {
1296  return 0;
1297  }
1298 
1299  return 1;
1300 }
1301 
1302 /* For a given blinded key and time period number, get the responsible HSDir
1303  * and put their routerstatus_t object in the responsible_dirs list. If
1304  * 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
1305  * is used. If 'for_fetching' is true, the spread fetch consensus parameter is
1306  * used else the spread store is used which is only for upload. This function
1307  * can't fail but it is possible that the responsible_dirs list contains fewer
1308  * nodes than expected.
1309  *
1310  * This function goes over the latest consensus routerstatus list and sorts it
1311  * by their node_t hsdir_index then does a binary search to find the closest
1312  * node. All of this makes it a bit CPU intensive so use it wisely. */
1313 void
1314 hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,
1315  uint64_t time_period_num, int use_second_hsdir_index,
1316  int for_fetching, smartlist_t *responsible_dirs)
1317 {
1318  smartlist_t *sorted_nodes;
1319  /* The compare function used for the smartlist bsearch. We have two
1320  * different depending on is_next_period. */
1321  int (*cmp_fct)(const void *, const void **);
1322 
1323  tor_assert(blinded_pk);
1324  tor_assert(responsible_dirs);
1325 
1326  sorted_nodes = smartlist_new();
1327 
1328  /* Make sure we actually have a live consensus */
1329  networkstatus_t *c = networkstatus_get_live_consensus(approx_time());
1330  if (!c || smartlist_len(c->routerstatus_list) == 0) {
1331  log_warn(LD_REND, "No live consensus so we can't get the responsible "
1332  "hidden service directories.");
1333  goto done;
1334  }
1335 
1336  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
1338 
1339  /* Add every node_t that support HSDir v3 for which we do have a valid
1340  * hsdir_index already computed for them for this consensus. */
1341  {
1343  /* Even though this node_t object won't be modified and should be const,
1344  * we can't add const object in a smartlist_t. */
1345  node_t *n = node_get_mutable_by_id(rs->identity_digest);
1346  tor_assert(n);
1347  if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
1348  if (!node_has_hsdir_index(n)) {
1349  log_info(LD_GENERAL, "Node %s was found without hsdir index.",
1350  node_describe(n));
1351  continue;
1352  }
1353  smartlist_add(sorted_nodes, n);
1354  }
1355  } SMARTLIST_FOREACH_END(rs);
1356  }
1357  if (smartlist_len(sorted_nodes) == 0) {
1358  log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
1359  goto done;
1360  }
1361 
1362  /* First thing we have to do is sort all node_t by hsdir_index. The
1363  * is_next_period tells us if we want the current or the next one. Set the
1364  * bsearch compare function also while we are at it. */
1365  if (for_fetching) {
1366  smartlist_sort(sorted_nodes, compare_node_fetch_hsdir_index);
1367  cmp_fct = compare_digest_to_fetch_hsdir_index;
1368  } else if (use_second_hsdir_index) {
1369  smartlist_sort(sorted_nodes, compare_node_store_second_hsdir_index);
1370  cmp_fct = compare_digest_to_store_second_hsdir_index;
1371  } else {
1372  smartlist_sort(sorted_nodes, compare_node_store_first_hsdir_index);
1373  cmp_fct = compare_digest_to_store_first_hsdir_index;
1374  }
1375 
1376  /* For all replicas, we'll select a set of HSDirs using the consensus
1377  * parameters and the sorted list. The replica starting at value 1 is
1378  * defined by the specification. */
1379  for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
1380  int idx, start, found, n_added = 0;
1381  uint8_t hs_index[DIGEST256_LEN] = {0};
1382  /* Number of node to add to the responsible dirs list depends on if we are
1383  * trying to fetch or store. A client always fetches. */
1384  int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
1385  hs_get_hsdir_spread_store();
1386 
1387  /* Get the index that we should use to select the node. */
1388  hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
1389  /* The compare function pointer has been set correctly earlier. */
1390  start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
1391  &found);
1392  /* Getting the length of the list if no member is greater than the key we
1393  * are looking for so start at the first element. */
1394  if (idx == smartlist_len(sorted_nodes)) {
1395  start = idx = 0;
1396  }
1397  while (n_added < n_to_add) {
1398  const node_t *node = smartlist_get(sorted_nodes, idx);
1399  /* If the node has already been selected which is possible between
1400  * replicas, the specification says to skip over. */
1401  if (!smartlist_contains(responsible_dirs, node->rs)) {
1402  smartlist_add(responsible_dirs, node->rs);
1403  ++n_added;
1404  }
1405  if (++idx == smartlist_len(sorted_nodes)) {
1406  /* Wrap if we've reached the end of the list. */
1407  idx = 0;
1408  }
1409  if (idx == start) {
1410  /* We've gone over the whole list, stop and avoid infinite loop. */
1411  break;
1412  }
1413  }
1414  }
1415 
1416  done:
1417  smartlist_free(sorted_nodes);
1418 }
1419 
1420 /*********************** HSDir request tracking ***************************/
1421 
1424 time_t
1426 {
1427  tor_assert(options);
1428 
1429  if (options->TestingTorNetwork) {
1430  return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
1431  } else {
1432  return REND_HID_SERV_DIR_REQUERY_PERIOD;
1433  }
1434 }
1435 
1450 static strmap_t *last_hid_serv_requests_ = NULL;
1451 
1454 STATIC strmap_t *
1456 {
1458  last_hid_serv_requests_ = strmap_new();
1459  return last_hid_serv_requests_;
1460 }
1461 
1467 time_t
1469  const char *req_key_str,
1470  time_t now, int set)
1471 {
1472  char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
1473  char *hsdir_desc_comb_id = NULL;
1474  time_t *last_request_ptr;
1475  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1476 
1477  /* Create the key */
1478  base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
1479  hs_dir->identity_digest, DIGEST_LEN);
1480  tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
1481 
1482  if (set) {
1483  time_t *oldptr;
1484  last_request_ptr = tor_malloc_zero(sizeof(time_t));
1485  *last_request_ptr = now;
1486  oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
1487  last_request_ptr);
1488  tor_free(oldptr);
1489  } else {
1490  last_request_ptr = strmap_get(last_hid_serv_requests,
1491  hsdir_desc_comb_id);
1492  }
1493 
1494  tor_free(hsdir_desc_comb_id);
1495  return (last_request_ptr) ? *last_request_ptr : 0;
1496 }
1497 
1501 void
1503 {
1504  strmap_iter_t *iter;
1505  time_t cutoff = now - hs_hsdir_requery_period(get_options());
1506  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1507  for (iter = strmap_iter_init(last_hid_serv_requests);
1508  !strmap_iter_done(iter); ) {
1509  const char *key;
1510  void *val;
1511  time_t *ent;
1512  strmap_iter_get(iter, &key, &val);
1513  ent = (time_t *) val;
1514  if (*ent < cutoff) {
1515  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1516  tor_free(ent);
1517  } else {
1518  iter = strmap_iter_next(last_hid_serv_requests, iter);
1519  }
1520  }
1521 }
1522 
1530 void
1532 {
1533  strmap_iter_t *iter;
1534  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1535 
1536  for (iter = strmap_iter_init(last_hid_serv_requests);
1537  !strmap_iter_done(iter); ) {
1538  const char *key;
1539  void *val;
1540  strmap_iter_get(iter, &key, &val);
1541 
1542  /* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
1543  * semantic, see #23305. */
1544 
1545  /* This strmap contains variable-sized elements so this is a basic length
1546  * check on the strings we are about to compare. The key is variable sized
1547  * since it's composed as follows:
1548  * key = base32(hsdir_identity) + base32(req_key_str)
1549  * where 'req_key_str' is the descriptor ID of the HS in the v2 case, or
1550  * the ed25519 blinded public key of the HS in the v3 case. */
1551  if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
1552  iter = strmap_iter_next(last_hid_serv_requests, iter);
1553  continue;
1554  }
1555 
1556  /* Check if the tracked request matches our request key */
1557  if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
1558  strlen(req_key_str))) {
1559  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1560  tor_free(val);
1561  } else {
1562  iter = strmap_iter_next(last_hid_serv_requests, iter);
1563  }
1564  }
1565 }
1566 
1571 void
1573 {
1574  /* Don't create the table if it doesn't exist yet (and it may very
1575  * well not exist if the user hasn't accessed any HSes)... */
1576  strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
1577  /* ... and let get_last_hid_serv_requests re-create it for us if
1578  * necessary. */
1579  last_hid_serv_requests_ = NULL;
1580 
1581  if (old_last_hid_serv_requests != NULL) {
1582  log_info(LD_REND, "Purging client last-HS-desc-request-time table");
1583  strmap_free(old_last_hid_serv_requests, tor_free_);
1584  }
1585 }
1586 
1587 /***********************************************************************/
1588 
1599 hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str)
1600 {
1601  smartlist_t *usable_responsible_dirs = smartlist_new();
1602  const or_options_t *options = get_options();
1603  routerstatus_t *hs_dir;
1604  time_t now = time(NULL);
1605  int excluded_some;
1606 
1607  tor_assert(req_key_str);
1608 
1609  /* Clean outdated request history first. */
1611 
1612  /* Only select those hidden service directories to which we did not send a
1613  * request recently and for which we have a router descriptor here.
1614  *
1615  * Use for_direct_connect==0 even if we will be connecting to the node
1616  * directly, since we always use the key information in the
1617  * consensus-indexed node descriptors for building the index.
1618  **/
1619  SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
1620  time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
1621  const node_t *node = node_get_by_id(dir->identity_digest);
1622  if (last + hs_hsdir_requery_period(options) >= now ||
1623  !node || !node_has_preferred_descriptor(node, 0)) {
1624  SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
1625  continue;
1626  }
1627  if (!routerset_contains_node(options->ExcludeNodes, node)) {
1628  smartlist_add(usable_responsible_dirs, dir);
1629  }
1630  } SMARTLIST_FOREACH_END(dir);
1631 
1632  excluded_some =
1633  smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
1634 
1635  hs_dir = smartlist_choose(usable_responsible_dirs);
1636  if (!hs_dir && !options->StrictNodes) {
1637  hs_dir = smartlist_choose(responsible_dirs);
1638  }
1639 
1640  smartlist_free(responsible_dirs);
1641  smartlist_free(usable_responsible_dirs);
1642  if (!hs_dir) {
1643  log_info(LD_REND, "Could not pick one of the responsible hidden "
1644  "service directories, because we requested them all "
1645  "recently without success.");
1646  if (options->StrictNodes && excluded_some) {
1647  log_warn(LD_REND, "Could not pick a hidden service directory for the "
1648  "requested hidden service: they are all either down or "
1649  "excluded, and StrictNodes is set.");
1650  }
1651  } else {
1652  /* Remember that we are requesting a descriptor from this hidden service
1653  * directory now. */
1654  hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
1655  }
1656 
1657  return hs_dir;
1658 }
1659 
1660 /* From a list of link specifier, an onion key and if we are requesting a
1661  * direct connection (ex: single onion service), return a newly allocated
1662  * extend_info_t object. This function always returns an extend info with
1663  * an IPv4 address, or NULL.
1664  *
1665  * It performs the following checks:
1666  * if either IPv4 or legacy ID is missing, return NULL.
1667  * if direct_conn, and we can't reach the IPv4 address, return NULL.
1668  */
1669 extend_info_t *
1670 hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
1671  const curve25519_public_key_t *onion_key,
1672  int direct_conn)
1673 {
1674  int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
1675  char legacy_id[DIGEST_LEN] = {0};
1676  uint16_t port_v4 = 0;
1677  tor_addr_t addr_v4;
1678  ed25519_public_key_t ed25519_pk;
1679  extend_info_t *info = NULL;
1680 
1681  tor_assert(lspecs);
1682 
1683  if (smartlist_len(lspecs) == 0) {
1684  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Empty link specifier list.");
1685  /* Return NULL. */
1686  goto done;
1687  }
1688 
1689  SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
1690  switch (link_specifier_get_ls_type(ls)) {
1691  case LS_IPV4:
1692  /* Skip if we already seen a v4. */
1693  if (have_v4) continue;
1694  tor_addr_from_ipv4h(&addr_v4,
1695  link_specifier_get_un_ipv4_addr(ls));
1696  port_v4 = link_specifier_get_un_ipv4_port(ls);
1697  have_v4 = 1;
1698  break;
1699  case LS_LEGACY_ID:
1700  /* Make sure we do have enough bytes for the legacy ID. */
1701  if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
1702  break;
1703  }
1704  memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
1705  sizeof(legacy_id));
1706  have_legacy_id = 1;
1707  break;
1708  case LS_ED25519_ID:
1709  memcpy(ed25519_pk.pubkey,
1710  link_specifier_getconstarray_un_ed25519_id(ls),
1711  ED25519_PUBKEY_LEN);
1712  have_ed25519_id = 1;
1713  break;
1714  default:
1715  /* Ignore unknown. */
1716  break;
1717  }
1718  } SMARTLIST_FOREACH_END(ls);
1719 
1720  /* Legacy ID is mandatory, and we require IPv4. */
1721  if (!have_v4 || !have_legacy_id) {
1722  bool both = !have_v4 && !have_legacy_id;
1723  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Missing %s%s%s link specifier%s.",
1724  !have_v4 ? "IPv4" : "",
1725  both ? " and " : "",
1726  !have_legacy_id ? "legacy ID" : "",
1727  both ? "s" : "");
1728  goto done;
1729  }
1730 
1731  /* We know we have IPv4, because we just checked. */
1732  if (!direct_conn) {
1733  /* All clients can extend to any IPv4 via a 3-hop path. */
1734  goto validate;
1735  } else if (direct_conn &&
1736  fascist_firewall_allows_address_addr(&addr_v4, port_v4,
1737  FIREWALL_OR_CONNECTION,
1738  0, 0)) {
1739  /* Direct connection and we can reach it in IPv4 so go for it. */
1740  goto validate;
1741 
1742  /* We will add support for falling back to a 3-hop path in a later
1743  * release. */
1744  } else {
1745  /* If we can't reach IPv4, return NULL. */
1746  log_fn(LOG_PROTOCOL_WARN, LD_REND,
1747  "Received an IPv4 link specifier, "
1748  "but the address is not reachable: %s:%u",
1749  fmt_addr(&addr_v4), port_v4);
1750  goto done;
1751  }
1752 
1753  /* We will add support for IPv6 in a later release. */
1754 
1755  validate:
1756  /* We'll validate now that the address we've picked isn't a private one. If
1757  * it is, are we allowed to extend to private addresses? */
1758  if (!extend_info_addr_is_allowed(&addr_v4)) {
1759  log_fn(LOG_PROTOCOL_WARN, LD_REND,
1760  "Requested address is private and we are not allowed to extend to "
1761  "it: %s:%u", fmt_addr(&addr_v4), port_v4);
1762  goto done;
1763  }
1764 
1765  /* We do have everything for which we think we can connect successfully. */
1766  info = extend_info_new(NULL, legacy_id,
1767  (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
1768  onion_key, &addr_v4, port_v4);
1769  done:
1770  return info;
1771 }
1772 
1773 /***********************************************************************/
1774 
1775 /* Initialize the entire HS subsytem. This is called in tor_init() before any
1776  * torrc options are loaded. Only for >= v3. */
1777 void
1778 hs_init(void)
1779 {
1780  hs_circuitmap_init();
1781  hs_service_init();
1782  hs_cache_init();
1783 }
1784 
1785 /* Release and cleanup all memory of the HS subsystem (all version). This is
1786  * called by tor_free_all(). */
1787 void
1788 hs_free_all(void)
1789 {
1790  hs_circuitmap_free_all();
1791  hs_service_free_all();
1792  hs_cache_free_all();
1793  hs_client_free_all();
1794 }
1795 
1796 /* For the given origin circuit circ, decrement the number of rendezvous
1797  * stream counter. This handles every hidden service version. */
1798 void
1799 hs_dec_rdv_stream_counter(origin_circuit_t *circ)
1800 {
1801  tor_assert(circ);
1802 
1803  if (circ->rend_data) {
1804  circ->rend_data->nr_streams--;
1805  } else if (circ->hs_ident) {
1806  circ->hs_ident->num_rdv_streams--;
1807  } else {
1808  /* Should not be called if this circuit is not for hidden service. */
1809  tor_assert_nonfatal_unreached();
1810  }
1811 }
1812 
1813 /* For the given origin circuit circ, increment the number of rendezvous
1814  * stream counter. This handles every hidden service version. */
1815 void
1816 hs_inc_rdv_stream_counter(origin_circuit_t *circ)
1817 {
1818  tor_assert(circ);
1819 
1820  if (circ->rend_data) {
1821  circ->rend_data->nr_streams++;
1822  } else if (circ->hs_ident) {
1823  circ->hs_ident->num_rdv_streams++;
1824  } else {
1825  /* Should not be called if this circuit is not for hidden service. */
1826  tor_assert_nonfatal_unreached();
1827  }
1828 }
1829 
1830 /* Return a newly allocated link specifier object that is a copy of dst. */
1831 link_specifier_t *
1832 link_specifier_dup(const link_specifier_t *src)
1833 {
1834  link_specifier_t *dup = NULL;
1835  uint8_t *buf = NULL;
1836 
1837  if (BUG(!src)) {
1838  goto err;
1839  }
1840 
1841  ssize_t encoded_len_alloc = link_specifier_encoded_len(src);
1842  if (BUG(encoded_len_alloc < 0)) {
1843  goto err;
1844  }
1845 
1846  buf = tor_malloc_zero(encoded_len_alloc);
1847  ssize_t encoded_len_data = link_specifier_encode(buf,
1848  encoded_len_alloc,
1849  src);
1850  if (BUG(encoded_len_data < 0)) {
1851  goto err;
1852  }
1853 
1854  ssize_t parsed_len = link_specifier_parse(&dup, buf, encoded_len_alloc);
1855  if (BUG(parsed_len < 0)) {
1856  goto err;
1857  }
1858 
1859  goto done;
1860 
1861  err:
1862  dup = NULL;
1863 
1864  done:
1865  tor_free(buf);
1866  return dup;
1867 }
Header file for rendcommon.c.
rend_data_t * rend_data
char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN]
Definition: or.h:443
unsigned int cpd_check_t
Definition: dir.h:20
Header file containing common data for the whole HS subsytem.
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:28
void rend_data_free_(rend_data_t *data)
Definition: hs_common.c:357
Header file containing service data for the HS subsytem.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define TO_CONN(c)
Definition: or.h:735
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:334
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
const char * escaped_safe_str(const char *address)
Definition: config.c:1112
Header file containing client data for the HS subsytem.
tor_addr_t addr
int tor_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
STATIC strmap_t * get_last_hid_serv_requests(void)
Definition: hs_common.c:1455
#define LD_GENERAL
Definition: log.h:59
char descriptor_cookie[REND_DESC_COOKIE_LEN]
Definition: or.h:446
int nr_streams
Definition: or.h:430
char identity_digest[DIGEST_LEN]
Header file for describe.c.
Header file for nodelist.c.
void smartlist_add(smartlist_t *sl, void *element)
time_t sr_state_get_start_time_of_current_protocol_run(void)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:153
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:354
int smartlist_contains(const smartlist_t *sl, const void *element)
Header file for config.c.
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
smartlist_t * hsdirs_fp
Definition: or.h:424
static int node_has_hsdir_index(const node_t *node)
Definition: hs_common.c:1272
uint16_t port
#define tor_free(p)
Definition: malloc.h:52
int node_supports_v3_hsdir(const node_t *node)
Definition: nodelist.c:1152
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1340
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
#define SMARTLIST_DEL_CURRENT(sl, var)
time_t hs_hsdir_requery_period(const or_options_t *options)
Definition: hs_common.c:1425
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1572
rend_auth_type_t
Definition: or.h:402
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header file for policies.c.
char rend_pk_digest[DIGEST_LEN]
Definition: or.h:457
int ed25519_keypair_blind(ed25519_keypair_t *out, const ed25519_keypair_t *inp, const uint8_t *param)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
Common functions for cryptographic routines.
tor_assert(buffer)
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:287
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
routerset_t * ExcludeNodes
Definition: or_options_st.h:84
static void set_uint64(void *cp, uint64_t v)
Definition: bytes.h:91
#define DIGEST_LEN
Definition: digest_sizes.h:20
const char * node_describe(const node_t *node)
Definition: describe.c:101
Master header file for Tor-specific functionality.
static uint8_t cached_disaster_srv[2][DIGEST256_LEN]
Definition: hs_common.c:623
unsigned int sr_state_get_protocol_run_duration(void)
Header file for circuitbuild.c.
STATIC uint64_t get_time_period_length(void)
Definition: hs_common.c:239
Header file containing circuit and connection identifier data for the whole HS subsytem.
Header file for shared_random_client.c.
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:556
void tor_free_(void *mem)
Definition: malloc.c:227
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:167
Header file for hs_circuitmap.c.
#define LD_REND
Definition: log.h:81
Header file for rendservice.c.
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:348
smartlist_t * routerstatus_list
static strmap_t * last_hid_serv_requests_
Definition: hs_common.c:1450
unsigned int sr_state_get_phase_duration(void)
rend_auth_type_t auth_type
Definition: or.h:449
#define BASE32_DIGEST_LEN
Definition: crypto_digest.h:23
struct hs_ident_circuit_t * hs_ident
char rend_cookie[REND_COOKIE_LEN]
Definition: or.h:427
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:229
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1531
char desc_id_fetch[DIGEST_LEN]
Definition: or.h:454
time_t hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir, const char *req_key_str, time_t now, int set)
Definition: hs_common.c:1468
#define fmt_addr(a)
Definition: address.h:211
#define ARRAY_LENGTH(x)
#define log_fn(severity, domain, args,...)
Definition: log.h:266
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str)
Definition: hs_common.c:1599
time_t approx_time(void)
Definition: approx_time.c:32
Header file for hs_cache.c.
char onion_address[REND_SERVICE_ID_LEN_BASE32+1]
Definition: or.h:438
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:265
STATIC void get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:630
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:300
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:903
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
void hs_clean_last_hid_serv_requests(time_t now)
Definition: hs_common.c:1502
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Header file for networkstatus.c.
void nodelist_ensure_freshness(networkstatus_t *ns)
Definition: nodelist.c:928
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:589
int ed25519_public_blind(ed25519_public_key_t *out, const ed25519_public_key_t *inp, const uint8_t *param)