Tor  0.4.3.0-alpha-dev
hs_common.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_common.c
6  * \brief Contains code shared between different HS protocol version as well
7  * as useful data structures and accessors used by other subsystems.
8  * The rendcommon.c should only contains code relating to the v2
9  * protocol.
10  **/
11 
12 #define HS_COMMON_PRIVATE
13 
14 #include "core/or/or.h"
15 
16 #include "app/config/config.h"
17 #include "core/or/circuitbuild.h"
18 #include "core/or/policies.h"
20 #include "feature/hs/hs_cache.h"
22 #include "feature/hs/hs_client.h"
23 #include "feature/hs/hs_common.h"
24 #include "feature/hs/hs_dos.h"
25 #include "feature/hs/hs_ident.h"
26 #include "feature/hs/hs_service.h"
37 
43 
44 /* Trunnel */
45 #include "trunnel/ed25519_cert.h"
46 
47 /** Ed25519 Basepoint value. Taken from section 5 of
48  * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
49 static const char *str_ed25519_basepoint =
50  "(15112221349535400772501151409588531511"
51  "454012693041857206046113283949847762202, "
52  "463168356949264781694283940034751631413"
53  "07993866256225615783033603165251855960)";
54 
55 #ifdef HAVE_SYS_UN_H
56 
57 /** Given <b>ports</b>, a smarlist containing rend_service_port_config_t,
58  * add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success
59  * else return -ENOSYS if AF_UNIX is not supported (see function in the
60  * #else statement below). */
61 static int
62 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
63 {
64  tor_assert(ports);
65  tor_assert(p);
67 
68  smartlist_add(ports, p);
69  return 0;
70 }
71 
72 /** Given <b>conn</b> set it to use the given port <b>p</b> values. Return 0
73  * on success else return -ENOSYS if AF_UNIX is not supported (see function
74  * in the #else statement below). */
75 static int
76 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
77 {
78  tor_assert(conn);
79  tor_assert(p);
81 
82  conn->base_.socket_family = AF_UNIX;
83  tor_addr_make_unspec(&conn->base_.addr);
84  conn->base_.port = 1;
85  conn->base_.address = tor_strdup(p->unix_addr);
86  return 0;
87 }
88 
89 #else /* !defined(HAVE_SYS_UN_H) */
90 
91 static int
92 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
93 {
94  (void) conn;
95  (void) p;
96  return -ENOSYS;
97 }
98 
99 static int
100 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
101 {
102  (void) ports;
103  (void) p;
104  return -ENOSYS;
105 }
106 
107 #endif /* defined(HAVE_SYS_UN_H) */
108 
109 /** Helper function: The key is a digest that we compare to a node_t object
110  * current hsdir_index. */
111 static int
112 compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
113 {
114  const char *key = _key;
115  const node_t *node = *_member;
116  return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
117 }
118 
119 /** Helper function: The key is a digest that we compare to a node_t object
120  * next hsdir_index. */
121 static int
123  const void **_member)
124 {
125  const char *key = _key;
126  const node_t *node = *_member;
127  return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
128 }
129 
130 /** Helper function: The key is a digest that we compare to a node_t object
131  * next hsdir_index. */
132 static int
134  const void **_member)
135 {
136  const char *key = _key;
137  const node_t *node = *_member;
138  return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
139 }
140 
141 /** Helper function: Compare two node_t objects current hsdir_index. */
142 static int
143 compare_node_fetch_hsdir_index(const void **a, const void **b)
144 {
145  const node_t *node1= *a;
146  const node_t *node2 = *b;
147  return tor_memcmp(node1->hsdir_index.fetch,
148  node2->hsdir_index.fetch,
149  DIGEST256_LEN);
150 }
151 
152 /** Helper function: Compare two node_t objects next hsdir_index. */
153 static int
154 compare_node_store_first_hsdir_index(const void **a, const void **b)
155 {
156  const node_t *node1= *a;
157  const node_t *node2 = *b;
158  return tor_memcmp(node1->hsdir_index.store_first,
159  node2->hsdir_index.store_first,
160  DIGEST256_LEN);
161 }
162 
163 /** Helper function: Compare two node_t objects next hsdir_index. */
164 static int
165 compare_node_store_second_hsdir_index(const void **a, const void **b)
166 {
167  const node_t *node1= *a;
168  const node_t *node2 = *b;
169  return tor_memcmp(node1->hsdir_index.store_second,
170  node2->hsdir_index.store_second,
171  DIGEST256_LEN);
172 }
173 
174 /** Allocate and return a string containing the path to filename in directory.
175  * This function will never return NULL. The caller must free this path. */
176 char *
177 hs_path_from_filename(const char *directory, const char *filename)
178 {
179  char *file_path = NULL;
180 
181  tor_assert(directory);
182  tor_assert(filename);
183 
184  tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
185  return file_path;
186 }
187 
188 /** Make sure that the directory for <b>service</b> is private, using the
189  * config <b>username</b>.
190  *
191  * If <b>create</b> is true:
192  * - if the directory exists, change permissions if needed,
193  * - if the directory does not exist, create it with the correct permissions.
194  * If <b>create</b> is false:
195  * - if the directory exists, check permissions,
196  * - if the directory does not exist, check if we think we can create it.
197  * Return 0 on success, -1 on failure. */
198 int
199 hs_check_service_private_dir(const char *username, const char *path,
200  unsigned int dir_group_readable,
201  unsigned int create)
202 {
203  cpd_check_t check_opts = CPD_NONE;
204 
205  tor_assert(path);
206 
207  if (create) {
208  check_opts |= CPD_CREATE;
209  } else {
210  check_opts |= CPD_CHECK_MODE_ONLY;
211  check_opts |= CPD_CHECK;
212  }
213  if (dir_group_readable) {
214  check_opts |= CPD_GROUP_READ;
215  }
216  /* Check/create directory */
217  if (check_private_dir(path, check_opts, username) < 0) {
218  return -1;
219  }
220  return 0;
221 }
222 
223 /* Default, minimum, and maximum values for the maximum rendezvous failures
224  * consensus parameter. */
225 #define MAX_REND_FAILURES_DEFAULT 2
226 #define MAX_REND_FAILURES_MIN 1
227 #define MAX_REND_FAILURES_MAX 10
228 
229 /** How many times will a hidden service operator attempt to connect to
230  * a requested rendezvous point before giving up? */
231 int
233 {
234  return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
235  MAX_REND_FAILURES_DEFAULT,
236  MAX_REND_FAILURES_MIN,
237  MAX_REND_FAILURES_MAX);
238 }
239 
240 /** Get the default HS time period length in minutes from the consensus. */
241 STATIC uint64_t
243 {
244  /* If we are on a test network, make the time period smaller than normal so
245  that we actually see it rotate. Specifically, make it the same length as
246  an SRV protocol run. */
247  if (get_options()->TestingTorNetwork) {
248  unsigned run_duration = sr_state_get_protocol_run_duration();
249  /* An SRV run should take more than a minute (it's 24 rounds) */
250  tor_assert_nonfatal(run_duration > 60);
251  /* Turn it from seconds to minutes before returning: */
253  }
254 
255  int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
259  /* Make sure it's a positive value. */
260  tor_assert(time_period_length > 0);
261  /* uint64_t will always be able to contain a positive int32_t */
262  return (uint64_t) time_period_length;
263 }
264 
265 /** Get the HS time period number at time <b>now</b>. If <b>now</b> is not set,
266  * we try to get the time ourselves from a live consensus. */
267 uint64_t
269 {
270  uint64_t time_period_num;
271  time_t current_time;
272 
273  /* If no time is specified, set current time based on consensus time, and
274  * only fall back to system time if that fails. */
275  if (now != 0) {
276  current_time = now;
277  } else {
279  current_time = ns ? ns->valid_after : approx_time();
280  }
281 
282  /* Start by calculating minutes since the epoch */
283  uint64_t time_period_length = get_time_period_length();
284  uint64_t minutes_since_epoch = current_time / 60;
285 
286  /* Apply the rotation offset as specified by prop224 (section
287  * [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
288  * publication */
289  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
290  time_period_rotation_offset /= 60; /* go from seconds to minutes */
291  tor_assert(minutes_since_epoch > time_period_rotation_offset);
292  minutes_since_epoch -= time_period_rotation_offset;
293 
294  /* Calculate the time period */
295  time_period_num = minutes_since_epoch / time_period_length;
296  return time_period_num;
297 }
298 
299 /** Get the number of the _upcoming_ HS time period, given that the current
300  * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
301  * live consensus. */
302 uint64_t
304 {
305  return hs_get_time_period_num(now) + 1;
306 }
307 
308 /** Get the number of the _previous_ HS time period, given that the current
309  * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
310  * live consensus. */
311 uint64_t
313 {
314  return hs_get_time_period_num(now) - 1;
315 }
316 
317 /** Return the start time of the upcoming time period based on <b>now</b>. If
318  * <b>now</b> is not set, we try to get the time ourselves from a live
319  * consensus. */
320 time_t
322 {
323  uint64_t time_period_length = get_time_period_length();
324 
325  /* Get start time of next time period */
326  uint64_t next_time_period_num = hs_get_next_time_period_num(now);
327  uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
328 
329  /* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
330  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
331  return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
332 }
333 
334 /** Create a new rend_data_t for a specific given <b>version</b>.
335  * Return a pointer to the newly allocated data structure. */
336 static rend_data_t *
337 rend_data_alloc(uint32_t version)
338 {
339  rend_data_t *rend_data = NULL;
340 
341  switch (version) {
342  case HS_VERSION_TWO:
343  {
344  rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2));
345  v2->base_.version = HS_VERSION_TWO;
346  v2->base_.hsdirs_fp = smartlist_new();
347  rend_data = &v2->base_;
348  break;
349  }
350  default:
351  tor_assert(0);
352  break;
353  }
354 
355  return rend_data;
356 }
357 
358 /** Free all storage associated with <b>data</b> */
359 void
361 {
362  if (!data) {
363  return;
364  }
365  /* By using our allocation function, this should always be set. */
366  tor_assert(data->hsdirs_fp);
367  /* Cleanup the HSDir identity digest. */
368  SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
369  smartlist_free(data->hsdirs_fp);
370  /* Depending on the version, cleanup. */
371  switch (data->version) {
372  case HS_VERSION_TWO:
373  {
374  rend_data_v2_t *v2_data = TO_REND_DATA_V2(data);
375  tor_free(v2_data);
376  break;
377  }
378  default:
379  tor_assert(0);
380  }
381 }
382 
383 /** Allocate and return a deep copy of <b>data</b>. */
384 rend_data_t *
386 {
387  rend_data_t *data_dup = NULL;
388  smartlist_t *hsdirs_fp = smartlist_new();
389 
390  tor_assert(data);
391  tor_assert(data->hsdirs_fp);
392 
393  SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
394  smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN)));
395 
396  switch (data->version) {
397  case HS_VERSION_TWO:
398  {
399  rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data),
400  sizeof(*v2_data));
401  data_dup = &v2_data->base_;
402  data_dup->hsdirs_fp = hsdirs_fp;
403  break;
404  }
405  default:
406  tor_assert(0);
407  break;
408  }
409 
410  return data_dup;
411 }
412 
413 /** Compute the descriptor ID for each HS descriptor replica and save them. A
414  * valid onion address must be present in the <b>rend_data</b>.
415  *
416  * Return 0 on success else -1. */
417 static int
419 {
420  int ret = 0;
421  unsigned replica;
422  time_t now = time(NULL);
423 
424  tor_assert(rend_data);
425 
426  switch (rend_data->version) {
427  case HS_VERSION_TWO:
428  {
429  rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
430  /* Compute descriptor ID for each replicas. */
431  for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id);
432  replica++) {
433  ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica],
434  v2_data->onion_address,
435  v2_data->descriptor_cookie,
436  now, replica);
437  if (ret < 0) {
438  goto end;
439  }
440  }
441  break;
442  }
443  default:
444  tor_assert(0);
445  }
446 
447  end:
448  return ret;
449 }
450 
451 /** Allocate and initialize a rend_data_t object for a service using the
452  * provided arguments. All arguments are optional (can be NULL), except from
453  * <b>onion_address</b> which MUST be set. The <b>pk_digest</b> is the hash of
454  * the service private key. The <b>cookie</b> is the rendezvous cookie and
455  * <b>auth_type</b> is which authentiation this service is configured with.
456  *
457  * Return a valid rend_data_t pointer. This only returns a version 2 object of
458  * rend_data_t. */
459 rend_data_t *
460 rend_data_service_create(const char *onion_address, const char *pk_digest,
461  const uint8_t *cookie, rend_auth_type_t auth_type)
462 {
463  /* Create a rend_data_t object for version 2. */
465  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
466 
467  /* We need at least one else the call is wrong. */
468  tor_assert(onion_address != NULL);
469 
470  if (pk_digest) {
471  memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest));
472  }
473  if (cookie) {
474  memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie));
475  }
476 
477  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
478  v2->auth_type = auth_type;
479 
480  return rend_data;
481 }
482 
483 /** Allocate and initialize a rend_data_t object for a client request using the
484  * given arguments. Either an onion address or a descriptor ID is needed. Both
485  * can be given but in this case only the onion address will be used to make
486  * the descriptor fetch. The <b>cookie</b> is the rendezvous cookie and
487  * <b>auth_type</b> is which authentiation the service is configured with.
488  *
489  * Return a valid rend_data_t pointer or NULL on error meaning the
490  * descriptor IDs couldn't be computed from the given data. */
491 rend_data_t *
492 rend_data_client_create(const char *onion_address, const char *desc_id,
493  const char *cookie, rend_auth_type_t auth_type)
494 {
495  /* Create a rend_data_t object for version 2. */
497  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
498 
499  /* We need at least one else the call is wrong. */
500  tor_assert(onion_address != NULL || desc_id != NULL);
501 
502  if (cookie) {
503  memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie));
504  }
505  if (desc_id) {
506  memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch));
507  }
508  if (onion_address) {
509  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
510  if (compute_desc_id(rend_data) < 0) {
511  goto error;
512  }
513  }
514 
515  v2->auth_type = auth_type;
516 
517  return rend_data;
518 
519  error:
520  rend_data_free(rend_data);
521  return NULL;
522 }
523 
524 /** Return the onion address from the rend data. Depending on the version,
525  * the size of the address can vary but it's always NUL terminated. */
526 const char *
528 {
529  tor_assert(rend_data);
530 
531  switch (rend_data->version) {
532  case HS_VERSION_TWO:
533  return TO_REND_DATA_V2(rend_data)->onion_address;
534  default:
535  /* We should always have a supported version. */
536  tor_assert_unreached();
537  }
538 }
539 
540 /** Return the descriptor ID for a specific replica number from the rend
541  * data. The returned data is a binary digest and depending on the version its
542  * size can vary. The size of the descriptor ID is put in <b>len_out</b> if
543  * non NULL. */
544 const char *
545 rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica,
546  size_t *len_out)
547 {
548  tor_assert(rend_data);
549 
550  switch (rend_data->version) {
551  case HS_VERSION_TWO:
553  if (len_out) {
554  *len_out = DIGEST_LEN;
555  }
556  return TO_REND_DATA_V2(rend_data)->descriptor_id[replica];
557  default:
558  /* We should always have a supported version. */
559  tor_assert_unreached();
560  }
561 }
562 
563 /** Return the public key digest using the given <b>rend_data</b>. The size of
564  * the digest is put in <b>len_out</b> (if set) which can differ depending on
565  * the version. */
566 const uint8_t *
567 rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
568 {
569  tor_assert(rend_data);
570 
571  switch (rend_data->version) {
572  case HS_VERSION_TWO:
573  {
574  const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
575  if (len_out) {
576  *len_out = sizeof(v2_data->rend_pk_digest);
577  }
578  return (const uint8_t *) v2_data->rend_pk_digest;
579  }
580  default:
581  /* We should always have a supported version. */
582  tor_assert_unreached();
583  }
584 }
585 
586 /** Using the given time period number, compute the disaster shared random
587  * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
588 static void
589 compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
590 {
591  crypto_digest_t *digest;
592 
593  tor_assert(srv_out);
594 
595  digest = crypto_digest256_new(DIGEST_SHA3_256);
596 
597  /* Start setting up payload:
598  * H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
600  HS_SRV_DISASTER_PREFIX_LEN);
601 
602  /* Setup INT_8(period_length) | INT_8(period_num) */
603  {
604  uint64_t time_period_length = get_time_period_length();
605  char period_stuff[sizeof(uint64_t)*2];
606  size_t offset = 0;
607  set_uint64(period_stuff, tor_htonll(time_period_length));
608  offset += sizeof(uint64_t);
609  set_uint64(period_stuff+offset, tor_htonll(time_period_num));
610  offset += sizeof(uint64_t);
611  tor_assert(offset == sizeof(period_stuff));
612 
613  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
614  }
615 
616  crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
617  crypto_digest_free(digest);
618 }
619 
620 /** Due to the high cost of computing the disaster SRV and that potentially we
621  * would have to do it thousands of times in a row, we always cache the
622  * computer disaster SRV (and its corresponding time period num) in case we
623  * want to reuse it soon after. We need to cache two SRVs, one for each active
624  * time period.
625  */
627 static uint64_t cached_time_period_nums[2] = {0};
628 
629 /** Compute the disaster SRV value for this <b>time_period_num</b> and put it
630  * in <b>srv_out</b> (of size at least DIGEST256_LEN). First check our caches
631  * to see if we have already computed it. */
632 STATIC void
633 get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
634 {
635  if (time_period_num == cached_time_period_nums[0]) {
636  memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
637  return;
638  } else if (time_period_num == cached_time_period_nums[1]) {
639  memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
640  return;
641  } else {
642  int replace_idx;
643  // Replace the lower period number.
644  if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
645  replace_idx = 0;
646  } else {
647  replace_idx = 1;
648  }
649  cached_time_period_nums[replace_idx] = time_period_num;
650  compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
651  memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
652  return;
653  }
654 }
655 
656 #ifdef TOR_UNIT_TESTS
657 
658 /** Get the first cached disaster SRV. Only used by unittests. */
659 STATIC uint8_t *
660 get_first_cached_disaster_srv(void)
661 {
662  return cached_disaster_srv[0];
663 }
664 
665 /** Get the second cached disaster SRV. Only used by unittests. */
666 STATIC uint8_t *
667 get_second_cached_disaster_srv(void)
668 {
669  return cached_disaster_srv[1];
670 }
671 
672 #endif /* defined(TOR_UNIT_TESTS) */
673 
674 /** When creating a blinded key, we need a parameter which construction is as
675  * follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
676  *
677  * The nonce has a pre-defined format which uses the time period number
678  * period_num and the start of the period in second start_time_period.
679  *
680  * The secret of size secret_len is optional meaning that it can be NULL and
681  * thus will be ignored for the param construction.
682  *
683  * The result is put in param_out. */
684 static void
686  const uint8_t *secret, size_t secret_len,
687  uint64_t period_num, uint64_t period_length,
688  uint8_t *param_out)
689 {
690  size_t offset = 0;
691  const char blind_str[] = "Derive temporary signing key";
692  uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
693  crypto_digest_t *digest;
694 
695  tor_assert(pubkey);
696  tor_assert(param_out);
697 
698  /* Create the nonce N. The construction is as follow:
699  * N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
700  memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
701  offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
702  set_uint64(nonce + offset, tor_htonll(period_num));
703  offset += sizeof(uint64_t);
704  set_uint64(nonce + offset, tor_htonll(period_length));
705  offset += sizeof(uint64_t);
706  tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
707 
708  /* Generate the parameter h and the construction is as follow:
709  * h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
710  digest = crypto_digest256_new(DIGEST_SHA3_256);
711  crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
712  crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
713  /* Optional secret. */
714  if (secret) {
715  crypto_digest_add_bytes(digest, (char *) secret, secret_len);
716  }
718  strlen(str_ed25519_basepoint));
719  crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
720 
721  /* Extract digest and put it in the param. */
722  crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
723  crypto_digest_free(digest);
724 
725  memwipe(nonce, 0, sizeof(nonce));
726 }
727 
728 /** Using an ed25519 public key and version to build the checksum of an
729  * address. Put in checksum_out. Format is:
730  * SHA3-256(".onion checksum" || PUBKEY || VERSION)
731  *
732  * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
733 static void
734 build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
735  uint8_t *checksum_out)
736 {
737  size_t offset = 0;
739 
740  /* Build checksum data. */
741  memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
744  memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
745  offset += ED25519_PUBKEY_LEN;
746  set_uint8(data + offset, version);
747  offset += sizeof(version);
749 
750  /* Hash the data payload to create the checksum. */
751  crypto_digest256((char *) checksum_out, data, sizeof(data),
752  DIGEST_SHA3_256);
753 }
754 
755 /** Using an ed25519 public key, checksum and version to build the binary
756  * representation of a service address. Put in addr_out. Format is:
757  * addr_out = PUBKEY || CHECKSUM || VERSION
758  *
759  * addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
760 static void
761 build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
762  uint8_t version, char *addr_out)
763 {
764  size_t offset = 0;
765 
766  tor_assert(key);
767  tor_assert(checksum);
768 
769  memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
770  offset += ED25519_PUBKEY_LEN;
771  memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
773  set_uint8(addr_out + offset, version);
774  offset += sizeof(uint8_t);
775  tor_assert(offset == HS_SERVICE_ADDR_LEN);
776 }
777 
778 /** Helper for hs_parse_address(): Using a binary representation of a service
779  * address, parse its content into the key_out, checksum_out and version_out.
780  * Any out variable can be NULL in case the caller would want only one field.
781  * checksum_out MUST at least be 2 bytes long. address must be at least
782  * HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
783 static void
784 hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
785  uint8_t *checksum_out, uint8_t *version_out)
786 {
787  size_t offset = 0;
788 
789  tor_assert(address);
790 
791  if (key_out) {
792  /* First is the key. */
793  memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
794  }
795  offset += ED25519_PUBKEY_LEN;
796  if (checksum_out) {
797  /* Followed by a 2 bytes checksum. */
798  memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
799  }
801  if (version_out) {
802  /* Finally, version value is 1 byte. */
803  *version_out = get_uint8(address + offset);
804  }
805  offset += sizeof(uint8_t);
806  /* Extra safety. */
807  tor_assert(offset == HS_SERVICE_ADDR_LEN);
808 }
809 
810 /** Using the given identity public key and a blinded public key, compute the
811  * subcredential and put it in subcred_out (must be of size DIGEST256_LEN).
812  * This can't fail. */
813 void
815  const ed25519_public_key_t *blinded_pk,
816  uint8_t *subcred_out)
817 {
818  uint8_t credential[DIGEST256_LEN];
819  crypto_digest_t *digest;
820 
821  tor_assert(identity_pk);
822  tor_assert(blinded_pk);
823  tor_assert(subcred_out);
824 
825  /* First, build the credential. Construction is as follow:
826  * credential = H("credential" | public-identity-key) */
827  digest = crypto_digest256_new(DIGEST_SHA3_256);
829  HS_CREDENTIAL_PREFIX_LEN);
830  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
832  crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
833  crypto_digest_free(digest);
834 
835  /* Now, compute the subcredential. Construction is as follow:
836  * subcredential = H("subcredential" | credential | blinded-public-key). */
837  digest = crypto_digest256_new(DIGEST_SHA3_256);
838  crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
839  HS_SUBCREDENTIAL_PREFIX_LEN);
840  crypto_digest_add_bytes(digest, (const char *) credential,
841  sizeof(credential));
842  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
844  crypto_digest_get_digest(digest, (char *) subcred_out, DIGEST256_LEN);
845  crypto_digest_free(digest);
846 
847  memwipe(credential, 0, sizeof(credential));
848 }
849 
850 /** From the given list of hidden service ports, find the ones that match the
851  * given edge connection conn, pick one at random and use it to set the
852  * connection address. Return 0 on success or -1 if none. */
853 int
855 {
856  rend_service_port_config_t *chosen_port;
857  unsigned int warn_once = 0;
858  smartlist_t *matching_ports;
859 
860  tor_assert(ports);
861  tor_assert(conn);
862 
863  matching_ports = smartlist_new();
865  if (TO_CONN(conn)->port != p->virtual_port) {
866  continue;
867  }
868  if (!(p->is_unix_addr)) {
869  smartlist_add(matching_ports, p);
870  } else {
871  if (add_unix_port(matching_ports, p)) {
872  if (!warn_once) {
873  /* Unix port not supported so warn only once. */
874  log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
875  "which is unsupported on this platform. "
876  "Ignoring it.",
877  TO_CONN(conn)->port);
878  }
879  warn_once++;
880  }
881  }
882  } SMARTLIST_FOREACH_END(p);
883 
884  chosen_port = smartlist_choose(matching_ports);
885  smartlist_free(matching_ports);
886  if (chosen_port) {
887  if (!(chosen_port->is_unix_addr)) {
888  /* save the original destination before we overwrite it */
889  if (conn->hs_ident) {
890  conn->hs_ident->orig_virtual_port = TO_CONN(conn)->port;
891  }
892 
893  /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
894  tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
895  TO_CONN(conn)->port = chosen_port->real_port;
896  } else {
897  if (set_unix_port(conn, chosen_port)) {
898  /* Simply impossible to end up here else we were able to add a Unix
899  * port without AF_UNIX support... ? */
900  tor_assert(0);
901  }
902  }
903  }
904  return (chosen_port) ? 0 : -1;
905 }
906 
907 /** Using a base32 representation of a service address, parse its content into
908  * the key_out, checksum_out and version_out. Any out variable can be NULL in
909  * case the caller would want only one field. checksum_out MUST at least be 2
910  * bytes long.
911  *
912  * Return 0 if parsing went well; return -1 in case of error. */
913 int
914 hs_parse_address(const char *address, ed25519_public_key_t *key_out,
915  uint8_t *checksum_out, uint8_t *version_out)
916 {
917  char decoded[HS_SERVICE_ADDR_LEN];
918 
919  tor_assert(address);
920 
921  /* Obvious length check. */
922  if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
923  log_warn(LD_REND, "Service address %s has an invalid length. "
924  "Expected %lu but got %lu.",
925  escaped_safe_str(address),
926  (unsigned long) HS_SERVICE_ADDR_LEN_BASE32,
927  (unsigned long) strlen(address));
928  goto invalid;
929  }
930 
931  /* Decode address so we can extract needed fields. */
932  if (base32_decode(decoded, sizeof(decoded), address, strlen(address))
933  != sizeof(decoded)) {
934  log_warn(LD_REND, "Service address %s can't be decoded.",
935  escaped_safe_str(address));
936  goto invalid;
937  }
938 
939  /* Parse the decoded address into the fields we need. */
940  hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
941 
942  return 0;
943  invalid:
944  return -1;
945 }
946 
947 /** Validate a given onion address. The length, the base32 decoding, and
948  * checksum are validated. Return 1 if valid else 0. */
949 int
950 hs_address_is_valid(const char *address)
951 {
952  uint8_t version;
953  uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
954  uint8_t target_checksum[DIGEST256_LEN];
955  ed25519_public_key_t service_pubkey;
956 
957  /* Parse the decoded address into the fields we need. */
958  if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
959  goto invalid;
960  }
961 
962  /* Get the checksum it's supposed to be and compare it with what we have
963  * encoded in the address. */
964  build_hs_checksum(&service_pubkey, version, target_checksum);
965  if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
966  log_warn(LD_REND, "Service address %s invalid checksum.",
967  escaped_safe_str(address));
968  goto invalid;
969  }
970 
971  /* Validate that this pubkey does not have a torsion component. We need to do
972  * this on the prop224 client-side so that attackers can't give equivalent
973  * forms of an onion address to users. */
974  if (ed25519_validate_pubkey(&service_pubkey) < 0) {
975  log_warn(LD_REND, "Service address %s has bad pubkey .",
976  escaped_safe_str(address));
977  goto invalid;
978  }
979 
980  /* Valid address. */
981  return 1;
982  invalid:
983  return 0;
984 }
985 
986 /** Build a service address using an ed25519 public key and a given version.
987  * The returned address is base32 encoded and put in addr_out. The caller MUST
988  * make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
989  *
990  * Format is as follows:
991  * base32(PUBKEY || CHECKSUM || VERSION)
992  * CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
993  * */
994 void
995 hs_build_address(const ed25519_public_key_t *key, uint8_t version,
996  char *addr_out)
997 {
998  uint8_t checksum[DIGEST256_LEN];
999  char address[HS_SERVICE_ADDR_LEN];
1000 
1001  tor_assert(key);
1002  tor_assert(addr_out);
1003 
1004  /* Get the checksum of the address. */
1005  build_hs_checksum(key, version, checksum);
1006  /* Get the binary address representation. */
1007  build_hs_address(key, checksum, version, address);
1008 
1009  /* Encode the address. addr_out will be NUL terminated after this. */
1010  base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
1011  sizeof(address));
1012  /* Validate what we just built. */
1013  tor_assert(hs_address_is_valid(addr_out));
1014 }
1015 
1016 /** From a given ed25519 public key pk and an optional secret, compute a
1017  * blinded public key and put it in blinded_pk_out. This is only useful to
1018  * the client side because the client only has access to the identity public
1019  * key of the service. */
1020 void
1022  const uint8_t *secret, size_t secret_len,
1023  uint64_t time_period_num,
1024  ed25519_public_key_t *blinded_pk_out)
1025 {
1026  /* Our blinding key API requires a 32 bytes parameter. */
1027  uint8_t param[DIGEST256_LEN];
1028 
1029  tor_assert(pk);
1030  tor_assert(blinded_pk_out);
1032 
1033  build_blinded_key_param(pk, secret, secret_len,
1034  time_period_num, get_time_period_length(), param);
1035  ed25519_public_blind(blinded_pk_out, pk, param);
1036 
1037  memwipe(param, 0, sizeof(param));
1038 }
1039 
1040 /** From a given ed25519 keypair kp and an optional secret, compute a blinded
1041  * keypair for the current time period and put it in blinded_kp_out. This is
1042  * only useful by the service side because the client doesn't have access to
1043  * the identity secret key. */
1044 void
1046  const uint8_t *secret, size_t secret_len,
1047  uint64_t time_period_num,
1048  ed25519_keypair_t *blinded_kp_out)
1049 {
1050  /* Our blinding key API requires a 32 bytes parameter. */
1051  uint8_t param[DIGEST256_LEN];
1052 
1053  tor_assert(kp);
1054  tor_assert(blinded_kp_out);
1055  /* Extra safety. A zeroed key is bad. */
1056  tor_assert(!fast_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
1057  tor_assert(!fast_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
1058 
1059  build_blinded_key_param(&kp->pubkey, secret, secret_len,
1060  time_period_num, get_time_period_length(), param);
1061  ed25519_keypair_blind(blinded_kp_out, kp, param);
1062 
1063  memwipe(param, 0, sizeof(param));
1064 }
1065 
1066 /** Return true if we are currently in the time segment between a new time
1067  * period and a new SRV (in the real network that happens between 12:00 and
1068  * 00:00 UTC). Here is a diagram showing exactly when this returns true:
1069  *
1070  * +------------------------------------------------------------------+
1071  * | |
1072  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
1073  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
1074  * | |
1075  * | $==========|-----------$===========|-----------$===========| |
1076  * | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
1077  * | |
1078  * +------------------------------------------------------------------+
1079  */
1080 MOCK_IMPL(int,
1081 hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
1082 {
1083  time_t valid_after;
1084  time_t srv_start_time, tp_start_time;
1085 
1086  if (!consensus) {
1087  consensus = networkstatus_get_live_consensus(now);
1088  if (!consensus) {
1089  return 0;
1090  }
1091  }
1092 
1093  /* Get start time of next TP and of current SRV protocol run, and check if we
1094  * are between them. */
1095  valid_after = consensus->valid_after;
1097  tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
1098 
1099  if (valid_after >= srv_start_time && valid_after < tp_start_time) {
1100  return 0;
1101  }
1102 
1103  return 1;
1104 }
1105 
1106 /** Return 1 if any virtual port in ports needs a circuit with good uptime.
1107  * Else return 0. */
1108 int
1110 {
1111  tor_assert(ports);
1112 
1114  if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
1115  p->virtual_port)) {
1116  return 1;
1117  }
1118  } SMARTLIST_FOREACH_END(p);
1119  return 0;
1120 }
1121 
1122 /** Build hs_index which is used to find the responsible hsdirs. This index
1123  * value is used to select the responsible HSDir where their hsdir_index is
1124  * closest to this value.
1125  * SHA3-256("store-at-idx" | blinded_public_key |
1126  * INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
1127  *
1128  * hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
1129 void
1130 hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
1131  uint64_t period_num, uint8_t *hs_index_out)
1132 {
1133  crypto_digest_t *digest;
1134 
1135  tor_assert(blinded_pk);
1136  tor_assert(hs_index_out);
1137 
1138  /* Build hs_index. See construction at top of function comment. */
1139  digest = crypto_digest256_new(DIGEST_SHA3_256);
1140  crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
1141  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
1143 
1144  /* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
1145  {
1146  uint64_t period_length = get_time_period_length();
1147  char buf[sizeof(uint64_t)*3];
1148  size_t offset = 0;
1149  set_uint64(buf, tor_htonll(replica));
1150  offset += sizeof(uint64_t);
1151  set_uint64(buf+offset, tor_htonll(period_length));
1152  offset += sizeof(uint64_t);
1153  set_uint64(buf+offset, tor_htonll(period_num));
1154  offset += sizeof(uint64_t);
1155  tor_assert(offset == sizeof(buf));
1156 
1157  crypto_digest_add_bytes(digest, buf, sizeof(buf));
1158  }
1159 
1160  crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
1161  crypto_digest_free(digest);
1162 }
1163 
1164 /** Build hsdir_index which is used to find the responsible hsdirs. This is the
1165  * index value that is compare to the hs_index when selecting an HSDir.
1166  * SHA3-256("node-idx" | node_identity |
1167  * shared_random_value | INT_8(period_length) | INT_8(period_num) )
1168  *
1169  * hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
1170 void
1172  const uint8_t *srv_value, uint64_t period_num,
1173  uint8_t *hsdir_index_out)
1174 {
1175  crypto_digest_t *digest;
1176 
1177  tor_assert(identity_pk);
1178  tor_assert(srv_value);
1179  tor_assert(hsdir_index_out);
1180 
1181  /* Build hsdir_index. See construction at top of function comment. */
1182  digest = crypto_digest256_new(DIGEST_SHA3_256);
1183  crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
1184  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
1186  crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
1187 
1188  {
1189  uint64_t time_period_length = get_time_period_length();
1190  char period_stuff[sizeof(uint64_t)*2];
1191  size_t offset = 0;
1192  set_uint64(period_stuff, tor_htonll(period_num));
1193  offset += sizeof(uint64_t);
1194  set_uint64(period_stuff+offset, tor_htonll(time_period_length));
1195  offset += sizeof(uint64_t);
1196  tor_assert(offset == sizeof(period_stuff));
1197 
1198  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
1199  }
1200 
1201  crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
1202  crypto_digest_free(digest);
1203 }
1204 
1205 /** Return a newly allocated buffer containing the current shared random value
1206  * or if not present, a disaster value is computed using the given time period
1207  * number. If a consensus is provided in <b>ns</b>, use it to get the SRV
1208  * value. This function can't fail. */
1209 uint8_t *
1210 hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
1211 {
1212  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1213  const sr_srv_t *current_srv = sr_get_current(ns);
1214 
1215  if (current_srv) {
1216  memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
1217  } else {
1218  /* Disaster mode. */
1219  get_disaster_srv(time_period_num, sr_value);
1220  }
1221  return sr_value;
1222 }
1223 
1224 /** Return a newly allocated buffer containing the previous shared random
1225  * value or if not present, a disaster value is computed using the given time
1226  * period number. This function can't fail. */
1227 uint8_t *
1228 hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
1229 {
1230  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1231  const sr_srv_t *previous_srv = sr_get_previous(ns);
1232 
1233  if (previous_srv) {
1234  memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
1235  } else {
1236  /* Disaster mode. */
1237  get_disaster_srv(time_period_num, sr_value);
1238  }
1239  return sr_value;
1240 }
1241 
1242 /** Return the number of replicas defined by a consensus parameter or the
1243  * default value. */
1244 int32_t
1246 {
1247  /* The [1,16] range is a specification requirement. */
1248  return networkstatus_get_param(NULL, "hsdir_n_replicas",
1250 }
1251 
1252 /** Return the spread fetch value defined by a consensus parameter or the
1253  * default value. */
1254 int32_t
1256 {
1257  /* The [1,128] range is a specification requirement. */
1258  return networkstatus_get_param(NULL, "hsdir_spread_fetch",
1260 }
1261 
1262 /** Return the spread store value defined by a consensus parameter or the
1263  * default value. */
1264 int32_t
1266 {
1267  /* The [1,128] range is a specification requirement. */
1268  return networkstatus_get_param(NULL, "hsdir_spread_store",
1270 }
1271 
1272 /** <b>node</b> is an HSDir so make sure that we have assigned an hsdir index.
1273  * Return 0 if everything is as expected, else return -1. */
1274 static int
1276 {
1278 
1279  /* A node can't have an HSDir index without a descriptor since we need desc
1280  * to get its ed25519 key. for_direct_connect should be zero, since we
1281  * always use the consensus-indexed node's keys to build the hash ring, even
1282  * if some of the consensus-indexed nodes are also bridges. */
1283  if (!node_has_preferred_descriptor(node, 0)) {
1284  return 0;
1285  }
1286 
1287  /* At this point, since the node has a desc, this node must also have an
1288  * hsdir index. If not, something went wrong, so BUG out. */
1289  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.fetch,
1290  DIGEST256_LEN))) {
1291  return 0;
1292  }
1293  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_first,
1294  DIGEST256_LEN))) {
1295  return 0;
1296  }
1297  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_second,
1298  DIGEST256_LEN))) {
1299  return 0;
1300  }
1301 
1302  return 1;
1303 }
1304 
1305 /** For a given blinded key and time period number, get the responsible HSDir
1306  * and put their routerstatus_t object in the responsible_dirs list. If
1307  * 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
1308  * is used. If 'for_fetching' is true, the spread fetch consensus parameter is
1309  * used else the spread store is used which is only for upload. This function
1310  * can't fail but it is possible that the responsible_dirs list contains fewer
1311  * nodes than expected.
1312  *
1313  * This function goes over the latest consensus routerstatus list and sorts it
1314  * by their node_t hsdir_index then does a binary search to find the closest
1315  * node. All of this makes it a bit CPU intensive so use it wisely. */
1316 void
1318  uint64_t time_period_num, int use_second_hsdir_index,
1319  int for_fetching, smartlist_t *responsible_dirs)
1320 {
1321  smartlist_t *sorted_nodes;
1322  /* The compare function used for the smartlist bsearch. We have two
1323  * different depending on is_next_period. */
1324  int (*cmp_fct)(const void *, const void **);
1325 
1326  tor_assert(blinded_pk);
1327  tor_assert(responsible_dirs);
1328 
1329  sorted_nodes = smartlist_new();
1330 
1331  /* Make sure we actually have a live consensus */
1333  if (!c || smartlist_len(c->routerstatus_list) == 0) {
1334  log_warn(LD_REND, "No live consensus so we can't get the responsible "
1335  "hidden service directories.");
1336  goto done;
1337  }
1338 
1339  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
1341 
1342  /* Add every node_t that support HSDir v3 for which we do have a valid
1343  * hsdir_index already computed for them for this consensus. */
1344  {
1346  /* Even though this node_t object won't be modified and should be const,
1347  * we can't add const object in a smartlist_t. */
1348  node_t *n = node_get_mutable_by_id(rs->identity_digest);
1349  tor_assert(n);
1350  if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
1351  if (!node_has_hsdir_index(n)) {
1352  log_info(LD_GENERAL, "Node %s was found without hsdir index.",
1353  node_describe(n));
1354  continue;
1355  }
1356  smartlist_add(sorted_nodes, n);
1357  }
1358  } SMARTLIST_FOREACH_END(rs);
1359  }
1360  if (smartlist_len(sorted_nodes) == 0) {
1361  log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
1362  goto done;
1363  }
1364 
1365  /* First thing we have to do is sort all node_t by hsdir_index. The
1366  * is_next_period tells us if we want the current or the next one. Set the
1367  * bsearch compare function also while we are at it. */
1368  if (for_fetching) {
1371  } else if (use_second_hsdir_index) {
1374  } else {
1377  }
1378 
1379  /* For all replicas, we'll select a set of HSDirs using the consensus
1380  * parameters and the sorted list. The replica starting at value 1 is
1381  * defined by the specification. */
1382  for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
1383  int idx, start, found, n_added = 0;
1384  uint8_t hs_index[DIGEST256_LEN] = {0};
1385  /* Number of node to add to the responsible dirs list depends on if we are
1386  * trying to fetch or store. A client always fetches. */
1387  int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
1389 
1390  /* Get the index that we should use to select the node. */
1391  hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
1392  /* The compare function pointer has been set correctly earlier. */
1393  start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
1394  &found);
1395  /* Getting the length of the list if no member is greater than the key we
1396  * are looking for so start at the first element. */
1397  if (idx == smartlist_len(sorted_nodes)) {
1398  start = idx = 0;
1399  }
1400  while (n_added < n_to_add) {
1401  const node_t *node = smartlist_get(sorted_nodes, idx);
1402  /* If the node has already been selected which is possible between
1403  * replicas, the specification says to skip over. */
1404  if (!smartlist_contains(responsible_dirs, node->rs)) {
1405  smartlist_add(responsible_dirs, node->rs);
1406  ++n_added;
1407  }
1408  if (++idx == smartlist_len(sorted_nodes)) {
1409  /* Wrap if we've reached the end of the list. */
1410  idx = 0;
1411  }
1412  if (idx == start) {
1413  /* We've gone over the whole list, stop and avoid infinite loop. */
1414  break;
1415  }
1416  }
1417  }
1418 
1419  done:
1420  smartlist_free(sorted_nodes);
1421 }
1422 
1423 /*********************** HSDir request tracking ***************************/
1424 
1425 /** Return the period for which a hidden service directory cannot be queried
1426  * for the same descriptor ID again, taking TestingTorNetwork into account. */
1427 time_t
1429 {
1430  tor_assert(options);
1431 
1432  if (options->TestingTorNetwork) {
1433  return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
1434  } else {
1435  return REND_HID_SERV_DIR_REQUERY_PERIOD;
1436  }
1437 }
1438 
1439 /** Tracks requests for fetching hidden service descriptors. It's used by
1440  * hidden service clients, to avoid querying HSDirs that have already failed
1441  * giving back a descriptor. The same data structure is used to track both v2
1442  * and v3 HS descriptor requests.
1443  *
1444  * The string map is a key/value store that contains the last request times to
1445  * hidden service directories for certain queries. Specifically:
1446  *
1447  * key = base32(hsdir_identity) + base32(hs_identity)
1448  * value = time_t of last request for that hs_identity to that HSDir
1449  *
1450  * where 'hsdir_identity' is the identity digest of the HSDir node, and
1451  * 'hs_identity' is the descriptor ID of the HS in the v2 case, or the ed25519
1452  * blinded public key of the HS in the v3 case. */
1453 static strmap_t *last_hid_serv_requests_ = NULL;
1454 
1455 /** Returns last_hid_serv_requests_, initializing it to a new strmap if
1456  * necessary. */
1457 STATIC strmap_t *
1459 {
1461  last_hid_serv_requests_ = strmap_new();
1462  return last_hid_serv_requests_;
1463 }
1464 
1465 /** Look up the last request time to hidden service directory <b>hs_dir</b>
1466  * for descriptor request key <b>req_key_str</b> which is the descriptor ID
1467  * for a v2 service or the blinded key for v3. If <b>set</b> is non-zero,
1468  * assign the current time <b>now</b> and return that. Otherwise, return the
1469  * most recent request time, or 0 if no such request has been sent before. */
1470 time_t
1472  const char *req_key_str,
1473  time_t now, int set)
1474 {
1475  char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
1476  char *hsdir_desc_comb_id = NULL;
1477  time_t *last_request_ptr;
1478  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1479 
1480  /* Create the key */
1481  base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
1482  hs_dir->identity_digest, DIGEST_LEN);
1483  tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
1484 
1485  if (set) {
1486  time_t *oldptr;
1487  last_request_ptr = tor_malloc_zero(sizeof(time_t));
1488  *last_request_ptr = now;
1489  oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
1490  last_request_ptr);
1491  tor_free(oldptr);
1492  } else {
1493  last_request_ptr = strmap_get(last_hid_serv_requests,
1494  hsdir_desc_comb_id);
1495  }
1496 
1497  tor_free(hsdir_desc_comb_id);
1498  return (last_request_ptr) ? *last_request_ptr : 0;
1499 }
1500 
1501 /** Clean the history of request times to hidden service directories, so that
1502  * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
1503  * seconds any more. */
1504 void
1506 {
1507  strmap_iter_t *iter;
1508  time_t cutoff = now - hs_hsdir_requery_period(get_options());
1509  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1510  for (iter = strmap_iter_init(last_hid_serv_requests);
1511  !strmap_iter_done(iter); ) {
1512  const char *key;
1513  void *val;
1514  time_t *ent;
1515  strmap_iter_get(iter, &key, &val);
1516  ent = (time_t *) val;
1517  if (*ent < cutoff) {
1518  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1519  tor_free(ent);
1520  } else {
1521  iter = strmap_iter_next(last_hid_serv_requests, iter);
1522  }
1523  }
1524 }
1525 
1526 /** Remove all requests related to the descriptor request key string
1527  * <b>req_key_str</b> from the history of times of requests to hidden service
1528  * directories.
1529  *
1530  * This is called from rend_client_note_connection_attempt_ended(), which
1531  * must be idempotent, so any future changes to this function must leave it
1532  * idempotent too. */
1533 void
1535 {
1536  strmap_iter_t *iter;
1537  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1538 
1539  for (iter = strmap_iter_init(last_hid_serv_requests);
1540  !strmap_iter_done(iter); ) {
1541  const char *key;
1542  void *val;
1543  strmap_iter_get(iter, &key, &val);
1544 
1545  /* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
1546  * semantic, see #23305. */
1547 
1548  /* This strmap contains variable-sized elements so this is a basic length
1549  * check on the strings we are about to compare. The key is variable sized
1550  * since it's composed as follows:
1551  * key = base32(hsdir_identity) + base32(req_key_str)
1552  * where 'req_key_str' is the descriptor ID of the HS in the v2 case, or
1553  * the ed25519 blinded public key of the HS in the v3 case. */
1554  if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
1555  iter = strmap_iter_next(last_hid_serv_requests, iter);
1556  continue;
1557  }
1558 
1559  /* Check if the tracked request matches our request key */
1560  if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
1561  strlen(req_key_str))) {
1562  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1563  tor_free(val);
1564  } else {
1565  iter = strmap_iter_next(last_hid_serv_requests, iter);
1566  }
1567  }
1568 }
1569 
1570 /** Purge the history of request times to hidden service directories,
1571  * so that future lookups of an HS descriptor will not fail because we
1572  * accessed all of the HSDir relays responsible for the descriptor
1573  * recently. */
1574 void
1576 {
1577  /* Don't create the table if it doesn't exist yet (and it may very
1578  * well not exist if the user hasn't accessed any HSes)... */
1579  strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
1580  /* ... and let get_last_hid_serv_requests re-create it for us if
1581  * necessary. */
1582  last_hid_serv_requests_ = NULL;
1583 
1584  if (old_last_hid_serv_requests != NULL) {
1585  log_info(LD_REND, "Purging client last-HS-desc-request-time table");
1586  strmap_free(old_last_hid_serv_requests, tor_free_);
1587  }
1588 }
1589 
1590 /***********************************************************************/
1591 
1592 /** Given the list of responsible HSDirs in <b>responsible_dirs</b>, pick the
1593  * one that we should use to fetch a descriptor right now. Take into account
1594  * previous failed attempts at fetching this descriptor from HSDirs using the
1595  * string identifier <b>req_key_str</b>. We return whether we are rate limited
1596  * into *<b>is_rate_limited_out</b> if it is not NULL.
1597  *
1598  * Steals ownership of <b>responsible_dirs</b>.
1599  *
1600  * Return the routerstatus of the chosen HSDir if successful, otherwise return
1601  * NULL if no HSDirs are worth trying right now. */
1603 hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str,
1604  bool *is_rate_limited_out)
1605 {
1606  smartlist_t *usable_responsible_dirs = smartlist_new();
1607  const or_options_t *options = get_options();
1608  routerstatus_t *hs_dir;
1609  time_t now = time(NULL);
1610  int excluded_some;
1611  bool rate_limited = false;
1612  int rate_limited_count = 0;
1613  int responsible_dirs_count = smartlist_len(responsible_dirs);
1614 
1615  tor_assert(req_key_str);
1616 
1617  /* Clean outdated request history first. */
1619 
1620  /* Only select those hidden service directories to which we did not send a
1621  * request recently and for which we have a router descriptor here.
1622  *
1623  * Use for_direct_connect==0 even if we will be connecting to the node
1624  * directly, since we always use the key information in the
1625  * consensus-indexed node descriptors for building the index.
1626  **/
1627  SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
1628  time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
1629  const node_t *node = node_get_by_id(dir->identity_digest);
1630  if (last + hs_hsdir_requery_period(options) >= now ||
1631  !node || !node_has_preferred_descriptor(node, 0)) {
1632  SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
1633  rate_limited_count++;
1634  continue;
1635  }
1636  if (!routerset_contains_node(options->ExcludeNodes, node)) {
1637  smartlist_add(usable_responsible_dirs, dir);
1638  }
1639  } SMARTLIST_FOREACH_END(dir);
1640 
1641  if (rate_limited_count > 0 || responsible_dirs_count > 0) {
1642  rate_limited = rate_limited_count == responsible_dirs_count;
1643  }
1644 
1645  excluded_some =
1646  smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
1647 
1648  hs_dir = smartlist_choose(usable_responsible_dirs);
1649  if (!hs_dir && !options->StrictNodes) {
1650  hs_dir = smartlist_choose(responsible_dirs);
1651  }
1652 
1653  smartlist_free(responsible_dirs);
1654  smartlist_free(usable_responsible_dirs);
1655  if (!hs_dir) {
1656  const char *warn_str = (rate_limited) ? "we are rate limited." :
1657  "we requested them all recently without success";
1658  log_info(LD_REND, "Could not pick one of the responsible hidden "
1659  "service directories, because %s.", warn_str);
1660  if (options->StrictNodes && excluded_some) {
1661  log_warn(LD_REND, "Could not pick a hidden service directory for the "
1662  "requested hidden service: they are all either down or "
1663  "excluded, and StrictNodes is set.");
1664  }
1665  } else {
1666  /* Remember that we are requesting a descriptor from this hidden service
1667  * directory now. */
1668  hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
1669  }
1670 
1671  if (is_rate_limited_out != NULL) {
1672  *is_rate_limited_out = rate_limited;
1673  }
1674 
1675  return hs_dir;
1676 }
1677 
1678 /** Given a list of link specifiers lspecs, a curve 25519 onion_key, and
1679  * a direct connection boolean direct_conn (true for single onion services),
1680  * return a newly allocated extend_info_t object.
1681  *
1682  * This function always returns an extend info with a valid IP address and
1683  * ORPort, or NULL. If direct_conn is false, the IP address is always IPv4.
1684  *
1685  * It performs the following checks:
1686  * if there is no usable IP address, or legacy ID is missing, return NULL.
1687  * if direct_conn, and we can't reach any IP address, return NULL.
1688  */
1689 extend_info_t *
1691  const curve25519_public_key_t *onion_key,
1692  int direct_conn)
1693 {
1694  int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
1695  char legacy_id[DIGEST_LEN] = {0};
1696  ed25519_public_key_t ed25519_pk;
1697  extend_info_t *info = NULL;
1698  tor_addr_port_t ap;
1699 
1700  tor_addr_make_null(&ap.addr, AF_UNSPEC);
1701  ap.port = 0;
1702 
1703  if (lspecs == NULL) {
1704  log_warn(LD_BUG, "Specified link specifiers is null");
1705  goto done;
1706  }
1707 
1708  if (onion_key == NULL) {
1709  log_warn(LD_BUG, "Specified onion key is null");
1710  goto done;
1711  }
1712 
1713  if (smartlist_len(lspecs) == 0) {
1714  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Empty link specifier list.");
1715  /* Return NULL. */
1716  goto done;
1717  }
1718 
1719  SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
1720  switch (link_specifier_get_ls_type(ls)) {
1721  case LS_IPV4:
1722  /* Skip if we already seen a v4. If direct_conn is true, we skip this
1723  * block because fascist_firewall_choose_address_ls() will set ap. If
1724  * direct_conn is false, set ap to the first IPv4 address and port in
1725  * the link specifiers.*/
1726  if (have_v4 || direct_conn) continue;
1727  tor_addr_from_ipv4h(&ap.addr,
1728  link_specifier_get_un_ipv4_addr(ls));
1729  ap.port = link_specifier_get_un_ipv4_port(ls);
1730  have_v4 = 1;
1731  break;
1732  case LS_LEGACY_ID:
1733  /* Make sure we do have enough bytes for the legacy ID. */
1734  if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
1735  break;
1736  }
1737  memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
1738  sizeof(legacy_id));
1739  have_legacy_id = 1;
1740  break;
1741  case LS_ED25519_ID:
1742  memcpy(ed25519_pk.pubkey,
1743  link_specifier_getconstarray_un_ed25519_id(ls),
1745  have_ed25519_id = 1;
1746  break;
1747  default:
1748  /* Ignore unknown. */
1749  break;
1750  }
1751  } SMARTLIST_FOREACH_END(ls);
1752 
1753  /* Choose a preferred address first, but fall back to an allowed address. */
1754  if (direct_conn)
1755  fascist_firewall_choose_address_ls(lspecs, 0, &ap);
1756 
1757  /* Legacy ID is mandatory, and we require an IP address. */
1758  if (!tor_addr_port_is_valid_ap(&ap, 0)) {
1759  /* If we're missing the IP address, log a warning and return NULL. */
1760  log_info(LD_NET, "Unreachable or invalid IP address in link state");
1761  goto done;
1762  }
1763  if (!have_legacy_id) {
1764  /* If we're missing the legacy ID, log a warning and return NULL. */
1765  log_warn(LD_PROTOCOL, "Missing Legacy ID in link state");
1766  goto done;
1767  }
1768 
1769  /* We will add support for falling back to a 3-hop path in a later
1770  * release. */
1771 
1772  /* We'll validate now that the address we've picked isn't a private one. If
1773  * it is, are we allowed to extend to private addresses? */
1774  if (!extend_info_addr_is_allowed(&ap.addr)) {
1775  log_fn(LOG_PROTOCOL_WARN, LD_REND,
1776  "Requested address is private and we are not allowed to extend to "
1777  "it: %s:%u", fmt_addr(&ap.addr), ap.port);
1778  goto done;
1779  }
1780 
1781  /* We do have everything for which we think we can connect successfully. */
1782  info = extend_info_new(NULL, legacy_id,
1783  (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
1784  onion_key, &ap.addr, ap.port);
1785  done:
1786  return info;
1787 }
1788 
1789 /***********************************************************************/
1790 
1791 /** Initialize the entire HS subsytem. This is called in tor_init() before any
1792  * torrc options are loaded. Only for >= v3. */
1793 void
1794 hs_init(void)
1795 {
1797  hs_service_init();
1798  hs_cache_init();
1799 }
1800 
1801 /** Release and cleanup all memory of the HS subsystem (all version). This is
1802  * called by tor_free_all(). */
1803 void
1805 {
1810 }
1811 
1812 /** For the given origin circuit circ, decrement the number of rendezvous
1813  * stream counter. This handles every hidden service version. */
1814 void
1816 {
1817  tor_assert(circ);
1818 
1819  if (circ->rend_data) {
1820  circ->rend_data->nr_streams--;
1821  } else if (circ->hs_ident) {
1822  circ->hs_ident->num_rdv_streams--;
1823  } else {
1824  /* Should not be called if this circuit is not for hidden service. */
1825  tor_assert_nonfatal_unreached();
1826  }
1827 }
1828 
1829 /** For the given origin circuit circ, increment the number of rendezvous
1830  * stream counter. This handles every hidden service version. */
1831 void
1833 {
1834  tor_assert(circ);
1835 
1836  if (circ->rend_data) {
1837  circ->rend_data->nr_streams++;
1838  } else if (circ->hs_ident) {
1839  circ->hs_ident->num_rdv_streams++;
1840  } else {
1841  /* Should not be called if this circuit is not for hidden service. */
1842  tor_assert_nonfatal_unreached();
1843  }
1844 }
1845 
1846 /** Return a newly allocated link specifier object that is a copy of dst. */
1847 link_specifier_t *
1848 link_specifier_dup(const link_specifier_t *src)
1849 {
1850  link_specifier_t *dup = NULL;
1851  uint8_t *buf = NULL;
1852 
1853  if (BUG(!src)) {
1854  goto err;
1855  }
1856 
1857  ssize_t encoded_len_alloc = link_specifier_encoded_len(src);
1858  if (BUG(encoded_len_alloc < 0)) {
1859  goto err;
1860  }
1861 
1862  buf = tor_malloc_zero(encoded_len_alloc);
1863  ssize_t encoded_len_data = link_specifier_encode(buf,
1864  encoded_len_alloc,
1865  src);
1866  if (BUG(encoded_len_data < 0)) {
1867  goto err;
1868  }
1869 
1870  ssize_t parsed_len = link_specifier_parse(&dup, buf, encoded_len_alloc);
1871  if (BUG(parsed_len < 0)) {
1872  goto err;
1873  }
1874 
1875  goto done;
1876 
1877  err:
1878  dup = NULL;
1879 
1880  done:
1881  tor_free(buf);
1882  return dup;
1883 }
Header file containing denial of service defenses for the HS subsystem for all versions.
static const char * str_ed25519_basepoint
Definition: hs_common.c:49
Header file for rendcommon.c.
unsigned int cpd_check_t
Definition: dir.h:20
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
Definition: hs_common.c:1690
static rend_data_t * rend_data_alloc(uint32_t version)
Definition: hs_common.c:337
#define HS_INDEX_PREFIX
Definition: hs_common.h:110
Header file containing common data for the whole HS subsytem.
#define HSDIR_INDEX_PREFIX
Definition: hs_common.h:114
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:34
void rend_data_free_(rend_data_t *data)
Definition: hs_common.c:360
Header file containing service data for the HS subsytem.
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:854
uint8_t * hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
Definition: hs_common.c:1228
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:914
#define TO_CONN(c)
Definition: or.h:735
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header for shared_random_state.c.
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:338
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: hs_common.h:163
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
uint8_t store_second[DIGEST256_LEN]
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
static int compare_node_store_first_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:154
const char * escaped_safe_str(const char *address)
Definition: config.c:1129
#define HS_TIME_PERIOD_LENGTH_DEFAULT
Definition: hs_common.h:87
Header file containing client data for the HS subsytem.
void hs_init(void)
Definition: hs_common.c:1794
char descriptor_cookie[REND_DESC_COOKIE_LEN]
Definition: or.h:446
static int compare_node_store_second_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:165
STATIC strmap_t * get_last_hid_serv_requests(void)
Definition: hs_common.c:1458
#define LD_GENERAL
Definition: log.h:62
void hs_service_free_all(void)
Definition: hs_service.c:4093
#define HS_KEYBLIND_NONCE_PREFIX
Definition: hs_common.h:98
Header file for describe.c.
Header file for nodelist.c.
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:199
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
int hs_address_is_valid(const char *address)
Definition: hs_common.c:950
void smartlist_add(smartlist_t *sl, void *element)
time_t sr_state_get_start_time_of_current_protocol_run(void)
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:177
Node information structure.
#define HS_SERVICE_ADDR_LEN
Definition: hs_common.h:79
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:153
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:354
int smartlist_contains(const smartlist_t *sl, const void *element)
void hs_cache_free_all(void)
Definition: hs_cache.c:1059
Header file for config.c.
static void hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:784
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
const or_options_t * get_options(void)
Definition: config.c:926
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define tor_assert(expr)
Definition: util_bug.h:102
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
char rend_pk_digest[DIGEST_LEN]
Definition: or.h:457
static int node_has_hsdir_index(const node_t *node)
Definition: hs_common.c:1275
char desc_id_fetch[DIGEST_LEN]
Definition: or.h:454
#define tor_free(p)
Definition: malloc.h:52
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
const uint8_t * rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
Definition: hs_common.c:567
int node_supports_v3_hsdir(const node_t *node)
Definition: nodelist.c:1152
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1351
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
void hs_circuitmap_init(void)
#define SMARTLIST_DEL_CURRENT(sl, var)
networkstatus_t * networkstatus_get_live_consensus(time_t now)
#define HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN
Definition: hs_common.h:65
time_t hs_hsdir_requery_period(const or_options_t *options)
Definition: hs_common.c:1428
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
static void build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum, uint8_t version, char *addr_out)
Definition: hs_common.c:761
smartlist_t * smartlist_new(void)
const char * rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica, size_t *len_out)
Definition: hs_common.c:545
static int compute_desc_id(rend_data_t *rend_data)
Definition: hs_common.c:418
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:89
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1317
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1575
static int compare_digest_to_store_first_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:122
const sr_srv_t * sr_get_previous(const networkstatus_t *ns)
#define STATIC
Definition: testsupport.h:32
rend_auth_type_t
Definition: or.h:402
void hs_circuitmap_free_all(void)
static void build_hs_checksum(const ed25519_public_key_t *key, uint8_t version, uint8_t *checksum_out)
Definition: hs_common.c:734
Header file for routerset.c.
Routerstatus (consensus entry) structure.
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
#define DIGEST256_LEN
Definition: digest_sizes.h:23
rend_data_t * rend_data_client_create(const char *onion_address, const char *desc_id, const char *cookie, rend_auth_type_t auth_type)
Definition: hs_common.c:492
Header file for policies.c.
void hs_build_hsdir_index(const ed25519_public_key_t *identity_pk, const uint8_t *srv_value, uint64_t period_num, uint8_t *hsdir_index_out)
Definition: hs_common.c:1171
int ed25519_keypair_blind(ed25519_keypair_t *out, const ed25519_keypair_t *inp, const uint8_t *param)
time_t hs_get_start_time_of_next_time_period(time_t now)
Definition: hs_common.c:321
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
void fascist_firewall_choose_address_ls(const smartlist_t *lspecs, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:982
Common functions for cryptographic routines.
static int compare_node_fetch_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:143
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:287
void hs_client_free_all(void)
Definition: hs_client.c:2412
Header file for routermode.c.
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
#define HS_DEFAULT_HSDIR_SPREAD_FETCH
Definition: hs_common.h:126
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
void hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk, uint64_t period_num, uint8_t *hs_index_out)
Definition: hs_common.c:1130
static void set_uint64(void *cp, uint64_t v)
Definition: bytes.h:96
uint8_t value[DIGEST256_LEN]
Definition: shared_random.h:66
static int compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:112
#define DIGEST_LEN
Definition: digest_sizes.h:20
Origin circuit structure.
void hs_service_init(void)
Definition: hs_service.c:4076
const char * node_describe(const node_t *node)
Definition: describe.c:143
void hs_dec_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1815
Master header file for Tor-specific functionality.
static uint8_t cached_disaster_srv[2][DIGEST256_LEN]
Definition: hs_common.c:626
unsigned int sr_state_get_protocol_run_duration(void)
Header file for circuitbuild.c.
STATIC uint64_t get_time_period_length(void)
Definition: hs_common.c:242
#define HS_CREDENTIAL_PREFIX
Definition: hs_common.h:104
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
unsigned int is_unix_addr
Definition: hs_common.h:157
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:1045
#define HS_DEFAULT_HSDIR_SPREAD_STORE
Definition: hs_common.h:124
Header file containing circuit and connection identifier data for the whole HS subsytem.
Header file for shared_random_client.c.
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, uint8_t *subcred_out)
Definition: hs_common.c:814
int32_t hs_get_hsdir_n_replicas(void)
Definition: hs_common.c:1245
int nr_streams
Definition: or.h:430
#define HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN
Definition: hs_common.h:71
void tor_free_(void *mem)
Definition: malloc.c:227
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
Definition: hs_common.c:1021
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:184
#define crypto_digest_free(d)
Header file for hs_circuitmap.c.
#define LD_REND
Definition: log.h:84
Header file for rendservice.c.
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:348
rend_data_t * rend_data_dup(const rend_data_t *data)
Definition: hs_common.c:385
int32_t hs_get_hsdir_spread_store(void)
Definition: hs_common.c:1265
char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN]
Definition: or.h:443
#define HS_TIME_PERIOD_LENGTH_MIN
Definition: hs_common.h:89
smartlist_t * hsdirs_fp
Definition: or.h:424
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:995
static strmap_t * last_hid_serv_requests_
Definition: hs_common.c:1453
static void compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:589
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:312
uint8_t fetch[DIGEST256_LEN]
unsigned int sr_state_get_phase_duration(void)
#define ED25519_SECKEY_LEN
Definition: x25519_sizes.h:29
#define BASE32_DIGEST_LEN
Definition: crypto_digest.h:23
const char * rend_data_get_address(const rend_data_t *rend_data)
Definition: hs_common.c:527
char rend_cookie[REND_COOKIE_LEN]
Definition: or.h:427
void hs_inc_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1832
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:232
static void build_blinded_key_param(const ed25519_public_key_t *pubkey, const uint8_t *secret, size_t secret_len, uint64_t period_num, uint64_t period_length, uint8_t *param_out)
Definition: hs_common.c:685
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1534
time_t hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir, const char *req_key_str, time_t now, int set)
Definition: hs_common.c:1471
uint16_t port
uint8_t * hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
Definition: hs_common.c:1210
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1848
smartlist_t * routerstatus_list
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:83
#define HS_VERSION_TWO
Definition: hs_common.h:24
const sr_srv_t * sr_get_current(const networkstatus_t *ns)
char identity_digest[DIGEST_LEN]
rend_data_t * rend_data
#define fmt_addr(a)
Definition: address.h:211
#define ARRAY_LENGTH(x)
#define log_fn(severity, domain, args,...)
Definition: log.h:287
static int compare_digest_to_store_second_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:133
#define HS_SRV_DISASTER_PREFIX
Definition: hs_common.h:118
char onion_address[REND_SERVICE_ID_LEN_BASE32+1]
Definition: or.h:438
time_t approx_time(void)
Definition: approx_time.c:32
rend_data_t * rend_data_service_create(const char *onion_address, const char *pk_digest, const uint8_t *cookie, rend_auth_type_t auth_type)
Definition: hs_common.c:460
Edge-connection structure.
Header file for hs_cache.c.
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
Definition: hs_common.c:1603
uint8_t store_first[DIGEST256_LEN]
tor_addr_t addr
#define LD_NET
Definition: log.h:66
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:194
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:268
#define HS_SERVICE_ADDR_CHECKSUM_PREFIX
Definition: hs_common.h:63
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:1081
STATIC void get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:633
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:303
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:904
struct hs_ident_circuit_t * hs_ident
#define LD_PROTOCOL
Definition: log.h:72
int hs_service_requires_uptime_circ(const smartlist_t *ports)
Definition: hs_common.c:1109
uint64_t num_rdv_streams
Definition: hs_ident.h:81
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
void hs_clean_last_hid_serv_requests(time_t now)
Definition: hs_common.c:1505
void hs_cache_init(void)
Definition: hs_cache.c:1044
uint16_t orig_virtual_port
Definition: hs_ident.h:111
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:86
void nodelist_ensure_freshness(networkstatus_t *ns)
Definition: nodelist.c:928
rend_auth_type_t auth_type
Definition: or.h:449
int32_t hs_get_hsdir_spread_fetch(void)
Definition: hs_common.c:1255
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
#define HS_TIME_PERIOD_LENGTH_MAX
Definition: hs_common.h:91
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:590
#define HS_SERVICE_ADDR_CHECKSUM_LEN_USED
Definition: hs_common.h:74
#define HS_DEFAULT_HSDIR_N_REPLICAS
Definition: hs_common.h:122
Networkstatus consensus/vote structure.
void hs_free_all(void)
Definition: hs_common.c:1804
int ed25519_public_blind(ed25519_public_key_t *out, const ed25519_public_key_t *inp, const uint8_t *param)