tor  0.4.1.0-alpha-dev
hs_common.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
12 #define HS_COMMON_PRIVATE
13 
14 #include "core/or/or.h"
15 
16 #include "app/config/config.h"
17 #include "core/or/circuitbuild.h"
18 #include "core/or/policies.h"
19 #include "feature/dirauth/shared_random_state.h"
20 #include "feature/hs/hs_cache.h"
22 #include "feature/hs/hs_client.h"
23 #include "feature/hs/hs_common.h"
24 #include "feature/hs/hs_ident.h"
25 #include "feature/hs/hs_service.h"
30 #include "feature/nodelist/routerset.h"
35 
36 #include "core/or/edge_connection_st.h"
37 #include "feature/nodelist/networkstatus_st.h"
38 #include "feature/nodelist/node_st.h"
39 #include "core/or/origin_circuit_st.h"
40 #include "feature/nodelist/routerstatus_st.h"
41 
42 /* Trunnel */
43 #include "trunnel/ed25519_cert.h"
44 
45 /* Ed25519 Basepoint value. Taken from section 5 of
46  * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
47 static const char *str_ed25519_basepoint =
48  "(15112221349535400772501151409588531511"
49  "454012693041857206046113283949847762202, "
50  "463168356949264781694283940034751631413"
51  "07993866256225615783033603165251855960)";
52 
53 #ifdef HAVE_SYS_UN_H
54 
59 static int
60 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
61 {
62  tor_assert(ports);
63  tor_assert(p);
64  tor_assert(p->is_unix_addr);
65 
66  smartlist_add(ports, p);
67  return 0;
68 }
69 
73 static int
74 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
75 {
76  tor_assert(conn);
77  tor_assert(p);
78  tor_assert(p->is_unix_addr);
79 
80  conn->base_.socket_family = AF_UNIX;
81  tor_addr_make_unspec(&conn->base_.addr);
82  conn->base_.port = 1;
83  conn->base_.address = tor_strdup(p->unix_addr);
84  return 0;
85 }
86 
87 #else /* !(defined(HAVE_SYS_UN_H)) */
88 
89 static int
90 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
91 {
92  (void) conn;
93  (void) p;
94  return -ENOSYS;
95 }
96 
97 static int
98 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
99 {
100  (void) ports;
101  (void) p;
102  return -ENOSYS;
103 }
104 
105 #endif /* defined(HAVE_SYS_UN_H) */
106 
107 /* Helper function: The key is a digest that we compare to a node_t object
108  * current hsdir_index. */
109 static int
110 compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
111 {
112  const char *key = _key;
113  const node_t *node = *_member;
114  return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
115 }
116 
117 /* Helper function: The key is a digest that we compare to a node_t object
118  * next hsdir_index. */
119 static int
120 compare_digest_to_store_first_hsdir_index(const void *_key,
121  const void **_member)
122 {
123  const char *key = _key;
124  const node_t *node = *_member;
125  return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
126 }
127 
128 /* Helper function: The key is a digest that we compare to a node_t object
129  * next hsdir_index. */
130 static int
131 compare_digest_to_store_second_hsdir_index(const void *_key,
132  const void **_member)
133 {
134  const char *key = _key;
135  const node_t *node = *_member;
136  return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
137 }
138 
139 /* Helper function: Compare two node_t objects current hsdir_index. */
140 static int
141 compare_node_fetch_hsdir_index(const void **a, const void **b)
142 {
143  const node_t *node1= *a;
144  const node_t *node2 = *b;
145  return tor_memcmp(node1->hsdir_index.fetch,
146  node2->hsdir_index.fetch,
147  DIGEST256_LEN);
148 }
149 
150 /* Helper function: Compare two node_t objects next hsdir_index. */
151 static int
152 compare_node_store_first_hsdir_index(const void **a, const void **b)
153 {
154  const node_t *node1= *a;
155  const node_t *node2 = *b;
156  return tor_memcmp(node1->hsdir_index.store_first,
157  node2->hsdir_index.store_first,
158  DIGEST256_LEN);
159 }
160 
161 /* Helper function: Compare two node_t objects next hsdir_index. */
162 static int
163 compare_node_store_second_hsdir_index(const void **a, const void **b)
164 {
165  const node_t *node1= *a;
166  const node_t *node2 = *b;
167  return tor_memcmp(node1->hsdir_index.store_second,
168  node2->hsdir_index.store_second,
169  DIGEST256_LEN);
170 }
171 
172 /* Allocate and return a string containing the path to filename in directory.
173  * This function will never return NULL. The caller must free this path. */
174 char *
175 hs_path_from_filename(const char *directory, const char *filename)
176 {
177  char *file_path = NULL;
178 
179  tor_assert(directory);
180  tor_assert(filename);
181 
182  tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
183  return file_path;
184 }
185 
186 /* Make sure that the directory for <b>service</b> is private, using the config
187  * <b>username</b>.
188  * If <b>create</b> is true:
189  * - if the directory exists, change permissions if needed,
190  * - if the directory does not exist, create it with the correct permissions.
191  * If <b>create</b> is false:
192  * - if the directory exists, check permissions,
193  * - if the directory does not exist, check if we think we can create it.
194  * Return 0 on success, -1 on failure. */
195 int
196 hs_check_service_private_dir(const char *username, const char *path,
197  unsigned int dir_group_readable,
198  unsigned int create)
199 {
200  cpd_check_t check_opts = CPD_NONE;
201 
202  tor_assert(path);
203 
204  if (create) {
205  check_opts |= CPD_CREATE;
206  } else {
207  check_opts |= CPD_CHECK_MODE_ONLY;
208  check_opts |= CPD_CHECK;
209  }
210  if (dir_group_readable) {
211  check_opts |= CPD_GROUP_READ;
212  }
213  /* Check/create directory */
214  if (check_private_dir(path, check_opts, username) < 0) {
215  return -1;
216  }
217  return 0;
218 }
219 
220 /* Default, minimum, and maximum values for the maximum rendezvous failures
221  * consensus parameter. */
222 #define MAX_REND_FAILURES_DEFAULT 2
223 #define MAX_REND_FAILURES_MIN 1
224 #define MAX_REND_FAILURES_MAX 10
225 
228 int
230 {
231  return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
232  MAX_REND_FAILURES_DEFAULT,
233  MAX_REND_FAILURES_MIN,
234  MAX_REND_FAILURES_MAX);
235 }
236 
238 STATIC uint64_t
240 {
241  /* If we are on a test network, make the time period smaller than normal so
242  that we actually see it rotate. Specifically, make it the same length as
243  an SRV protocol run. */
244  if (get_options()->TestingTorNetwork) {
245  unsigned run_duration = sr_state_get_protocol_run_duration();
246  /* An SRV run should take more than a minute (it's 24 rounds) */
247  tor_assert_nonfatal(run_duration > 60);
248  /* Turn it from seconds to minutes before returning: */
250  }
251 
252  int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
253  HS_TIME_PERIOD_LENGTH_DEFAULT,
254  HS_TIME_PERIOD_LENGTH_MIN,
255  HS_TIME_PERIOD_LENGTH_MAX);
256  /* Make sure it's a positive value. */
257  tor_assert(time_period_length > 0);
258  /* uint64_t will always be able to contain a positive int32_t */
259  return (uint64_t) time_period_length;
260 }
261 
264 uint64_t
266 {
267  uint64_t time_period_num;
268  time_t current_time;
269 
270  /* If no time is specified, set current time based on consensus time, and
271  * only fall back to system time if that fails. */
272  if (now != 0) {
273  current_time = now;
274  } else {
275  networkstatus_t *ns = networkstatus_get_live_consensus(approx_time());
276  current_time = ns ? ns->valid_after : approx_time();
277  }
278 
279  /* Start by calculating minutes since the epoch */
280  uint64_t time_period_length = get_time_period_length();
281  uint64_t minutes_since_epoch = current_time / 60;
282 
283  /* Apply the rotation offset as specified by prop224 (section
284  * [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
285  * publication */
286  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
287  time_period_rotation_offset /= 60; /* go from seconds to minutes */
288  tor_assert(minutes_since_epoch > time_period_rotation_offset);
289  minutes_since_epoch -= time_period_rotation_offset;
290 
291  /* Calculate the time period */
292  time_period_num = minutes_since_epoch / time_period_length;
293  return time_period_num;
294 }
295 
299 uint64_t
301 {
302  return hs_get_time_period_num(now) + 1;
303 }
304 
305 /* Get the number of the _previous_ HS time period, given that the current time
306  * is <b>now</b>. If <b>now</b> is not set, we try to get the time from a live
307  * consensus. */
308 uint64_t
309 hs_get_previous_time_period_num(time_t now)
310 {
311  return hs_get_time_period_num(now) - 1;
312 }
313 
314 /* Return the start time of the upcoming time period based on <b>now</b>. If
315  <b>now</b> is not set, we try to get the time ourselves from a live
316  consensus. */
317 time_t
318 hs_get_start_time_of_next_time_period(time_t now)
319 {
320  uint64_t time_period_length = get_time_period_length();
321 
322  /* Get start time of next time period */
323  uint64_t next_time_period_num = hs_get_next_time_period_num(now);
324  uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
325 
326  /* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
327  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
328  return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
329 }
330 
331 /* Create a new rend_data_t for a specific given <b>version</b>.
332  * Return a pointer to the newly allocated data structure. */
333 static rend_data_t *
334 rend_data_alloc(uint32_t version)
335 {
336  rend_data_t *rend_data = NULL;
337 
338  switch (version) {
339  case HS_VERSION_TWO:
340  {
341  rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2));
342  v2->base_.version = HS_VERSION_TWO;
343  v2->base_.hsdirs_fp = smartlist_new();
344  rend_data = &v2->base_;
345  break;
346  }
347  default:
348  tor_assert(0);
349  break;
350  }
351 
352  return rend_data;
353 }
354 
356 void
358 {
359  if (!data) {
360  return;
361  }
362  /* By using our allocation function, this should always be set. */
363  tor_assert(data->hsdirs_fp);
364  /* Cleanup the HSDir identity digest. */
365  SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
366  smartlist_free(data->hsdirs_fp);
367  /* Depending on the version, cleanup. */
368  switch (data->version) {
369  case HS_VERSION_TWO:
370  {
371  rend_data_v2_t *v2_data = TO_REND_DATA_V2(data);
372  tor_free(v2_data);
373  break;
374  }
375  default:
376  tor_assert(0);
377  }
378 }
379 
380 /* Allocate and return a deep copy of <b>data</b>. */
381 rend_data_t *
382 rend_data_dup(const rend_data_t *data)
383 {
384  rend_data_t *data_dup = NULL;
385  smartlist_t *hsdirs_fp = smartlist_new();
386 
387  tor_assert(data);
388  tor_assert(data->hsdirs_fp);
389 
390  SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
391  smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN)));
392 
393  switch (data->version) {
394  case HS_VERSION_TWO:
395  {
396  rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data),
397  sizeof(*v2_data));
398  data_dup = &v2_data->base_;
399  data_dup->hsdirs_fp = hsdirs_fp;
400  break;
401  }
402  default:
403  tor_assert(0);
404  break;
405  }
406 
407  return data_dup;
408 }
409 
410 /* Compute the descriptor ID for each HS descriptor replica and save them. A
411  * valid onion address must be present in the <b>rend_data</b>.
412  *
413  * Return 0 on success else -1. */
414 static int
415 compute_desc_id(rend_data_t *rend_data)
416 {
417  int ret = 0;
418  unsigned replica;
419  time_t now = time(NULL);
420 
421  tor_assert(rend_data);
422 
423  switch (rend_data->version) {
424  case HS_VERSION_TWO:
425  {
426  rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
427  /* Compute descriptor ID for each replicas. */
428  for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id);
429  replica++) {
430  ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica],
431  v2_data->onion_address,
432  v2_data->descriptor_cookie,
433  now, replica);
434  if (ret < 0) {
435  goto end;
436  }
437  }
438  break;
439  }
440  default:
441  tor_assert(0);
442  }
443 
444  end:
445  return ret;
446 }
447 
448 /* Allocate and initialize a rend_data_t object for a service using the
449  * provided arguments. All arguments are optional (can be NULL), except from
450  * <b>onion_address</b> which MUST be set. The <b>pk_digest</b> is the hash of
451  * the service private key. The <b>cookie</b> is the rendezvous cookie and
452  * <b>auth_type</b> is which authentiation this service is configured with.
453  *
454  * Return a valid rend_data_t pointer. This only returns a version 2 object of
455  * rend_data_t. */
456 rend_data_t *
457 rend_data_service_create(const char *onion_address, const char *pk_digest,
458  const uint8_t *cookie, rend_auth_type_t auth_type)
459 {
460  /* Create a rend_data_t object for version 2. */
461  rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
462  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
463 
464  /* We need at least one else the call is wrong. */
465  tor_assert(onion_address != NULL);
466 
467  if (pk_digest) {
468  memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest));
469  }
470  if (cookie) {
471  memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie));
472  }
473 
474  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
475  v2->auth_type = auth_type;
476 
477  return rend_data;
478 }
479 
480 /* Allocate and initialize a rend_data_t object for a client request using the
481  * given arguments. Either an onion address or a descriptor ID is needed. Both
482  * can be given but in this case only the onion address will be used to make
483  * the descriptor fetch. The <b>cookie</b> is the rendezvous cookie and
484  * <b>auth_type</b> is which authentiation the service is configured with.
485  *
486  * Return a valid rend_data_t pointer or NULL on error meaning the
487  * descriptor IDs couldn't be computed from the given data. */
488 rend_data_t *
489 rend_data_client_create(const char *onion_address, const char *desc_id,
490  const char *cookie, rend_auth_type_t auth_type)
491 {
492  /* Create a rend_data_t object for version 2. */
493  rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
494  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
495 
496  /* We need at least one else the call is wrong. */
497  tor_assert(onion_address != NULL || desc_id != NULL);
498 
499  if (cookie) {
500  memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie));
501  }
502  if (desc_id) {
503  memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch));
504  }
505  if (onion_address) {
506  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
507  if (compute_desc_id(rend_data) < 0) {
508  goto error;
509  }
510  }
511 
512  v2->auth_type = auth_type;
513 
514  return rend_data;
515 
516  error:
517  rend_data_free(rend_data);
518  return NULL;
519 }
520 
521 /* Return the onion address from the rend data. Depending on the version,
522  * the size of the address can vary but it's always NUL terminated. */
523 const char *
524 rend_data_get_address(const rend_data_t *rend_data)
525 {
526  tor_assert(rend_data);
527 
528  switch (rend_data->version) {
529  case HS_VERSION_TWO:
530  return TO_REND_DATA_V2(rend_data)->onion_address;
531  default:
532  /* We should always have a supported version. */
533  tor_assert_unreached();
534  }
535 }
536 
537 /* Return the descriptor ID for a specific replica number from the rend
538  * data. The returned data is a binary digest and depending on the version its
539  * size can vary. The size of the descriptor ID is put in <b>len_out</b> if
540  * non NULL. */
541 const char *
542 rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica,
543  size_t *len_out)
544 {
545  tor_assert(rend_data);
546 
547  switch (rend_data->version) {
548  case HS_VERSION_TWO:
550  if (len_out) {
551  *len_out = DIGEST_LEN;
552  }
553  return TO_REND_DATA_V2(rend_data)->descriptor_id[replica];
554  default:
555  /* We should always have a supported version. */
556  tor_assert_unreached();
557  }
558 }
559 
560 /* Return the public key digest using the given <b>rend_data</b>. The size of
561  * the digest is put in <b>len_out</b> (if set) which can differ depending on
562  * the version. */
563 const uint8_t *
564 rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
565 {
566  tor_assert(rend_data);
567 
568  switch (rend_data->version) {
569  case HS_VERSION_TWO:
570  {
571  const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
572  if (len_out) {
573  *len_out = sizeof(v2_data->rend_pk_digest);
574  }
575  return (const uint8_t *) v2_data->rend_pk_digest;
576  }
577  default:
578  /* We should always have a supported version. */
579  tor_assert_unreached();
580  }
581 }
582 
583 /* Using the given time period number, compute the disaster shared random
584  * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
585 static void
586 compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
587 {
588  crypto_digest_t *digest;
589 
590  tor_assert(srv_out);
591 
592  digest = crypto_digest256_new(DIGEST_SHA3_256);
593 
594  /* Start setting up payload:
595  * H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
596  crypto_digest_add_bytes(digest, HS_SRV_DISASTER_PREFIX,
597  HS_SRV_DISASTER_PREFIX_LEN);
598 
599  /* Setup INT_8(period_length) | INT_8(period_num) */
600  {
601  uint64_t time_period_length = get_time_period_length();
602  char period_stuff[sizeof(uint64_t)*2];
603  size_t offset = 0;
604  set_uint64(period_stuff, tor_htonll(time_period_length));
605  offset += sizeof(uint64_t);
606  set_uint64(period_stuff+offset, tor_htonll(time_period_num));
607  offset += sizeof(uint64_t);
608  tor_assert(offset == sizeof(period_stuff));
609 
610  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
611  }
612 
613  crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
614  crypto_digest_free(digest);
615 }
616 
624 static uint64_t cached_time_period_nums[2] = {0};
625 
629 STATIC void
630 get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
631 {
632  if (time_period_num == cached_time_period_nums[0]) {
633  memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
634  return;
635  } else if (time_period_num == cached_time_period_nums[1]) {
636  memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
637  return;
638  } else {
639  int replace_idx;
640  // Replace the lower period number.
641  if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
642  replace_idx = 0;
643  } else {
644  replace_idx = 1;
645  }
646  cached_time_period_nums[replace_idx] = time_period_num;
647  compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
648  memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
649  return;
650  }
651 }
652 
653 #ifdef TOR_UNIT_TESTS
654 
656 STATIC uint8_t *
657 get_first_cached_disaster_srv(void)
658 {
659  return cached_disaster_srv[0];
660 }
661 
663 STATIC uint8_t *
664 get_second_cached_disaster_srv(void)
665 {
666  return cached_disaster_srv[1];
667 }
668 
669 #endif /* defined(TOR_UNIT_TESTS) */
670 
671 /* When creating a blinded key, we need a parameter which construction is as
672  * follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
673  *
674  * The nonce has a pre-defined format which uses the time period number
675  * period_num and the start of the period in second start_time_period.
676  *
677  * The secret of size secret_len is optional meaning that it can be NULL and
678  * thus will be ignored for the param construction.
679  *
680  * The result is put in param_out. */
681 static void
682 build_blinded_key_param(const ed25519_public_key_t *pubkey,
683  const uint8_t *secret, size_t secret_len,
684  uint64_t period_num, uint64_t period_length,
685  uint8_t *param_out)
686 {
687  size_t offset = 0;
688  const char blind_str[] = "Derive temporary signing key";
689  uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
690  crypto_digest_t *digest;
691 
692  tor_assert(pubkey);
693  tor_assert(param_out);
694 
695  /* Create the nonce N. The construction is as follow:
696  * N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
697  memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
698  offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
699  set_uint64(nonce + offset, tor_htonll(period_num));
700  offset += sizeof(uint64_t);
701  set_uint64(nonce + offset, tor_htonll(period_length));
702  offset += sizeof(uint64_t);
703  tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
704 
705  /* Generate the parameter h and the construction is as follow:
706  * h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
707  digest = crypto_digest256_new(DIGEST_SHA3_256);
708  crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
709  crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
710  /* Optional secret. */
711  if (secret) {
712  crypto_digest_add_bytes(digest, (char *) secret, secret_len);
713  }
714  crypto_digest_add_bytes(digest, str_ed25519_basepoint,
715  strlen(str_ed25519_basepoint));
716  crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
717 
718  /* Extract digest and put it in the param. */
719  crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
720  crypto_digest_free(digest);
721 
722  memwipe(nonce, 0, sizeof(nonce));
723 }
724 
725 /* Using an ed25519 public key and version to build the checksum of an
726  * address. Put in checksum_out. Format is:
727  * SHA3-256(".onion checksum" || PUBKEY || VERSION)
728  *
729  * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
730 static void
731 build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
732  uint8_t *checksum_out)
733 {
734  size_t offset = 0;
735  char data[HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN];
736 
737  /* Build checksum data. */
738  memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
739  HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN);
740  offset += HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN;
741  memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
742  offset += ED25519_PUBKEY_LEN;
743  set_uint8(data + offset, version);
744  offset += sizeof(version);
745  tor_assert(offset == HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN);
746 
747  /* Hash the data payload to create the checksum. */
748  crypto_digest256((char *) checksum_out, data, sizeof(data),
749  DIGEST_SHA3_256);
750 }
751 
752 /* Using an ed25519 public key, checksum and version to build the binary
753  * representation of a service address. Put in addr_out. Format is:
754  * addr_out = PUBKEY || CHECKSUM || VERSION
755  *
756  * addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
757 static void
758 build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
759  uint8_t version, char *addr_out)
760 {
761  size_t offset = 0;
762 
763  tor_assert(key);
764  tor_assert(checksum);
765 
766  memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
767  offset += ED25519_PUBKEY_LEN;
768  memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
769  offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
770  set_uint8(addr_out + offset, version);
771  offset += sizeof(uint8_t);
772  tor_assert(offset == HS_SERVICE_ADDR_LEN);
773 }
774 
775 /* Helper for hs_parse_address(): Using a binary representation of a service
776  * address, parse its content into the key_out, checksum_out and version_out.
777  * Any out variable can be NULL in case the caller would want only one field.
778  * checksum_out MUST at least be 2 bytes long. address must be at least
779  * HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
780 static void
781 hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
782  uint8_t *checksum_out, uint8_t *version_out)
783 {
784  size_t offset = 0;
785 
786  tor_assert(address);
787 
788  if (key_out) {
789  /* First is the key. */
790  memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
791  }
792  offset += ED25519_PUBKEY_LEN;
793  if (checksum_out) {
794  /* Followed by a 2 bytes checksum. */
795  memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
796  }
797  offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
798  if (version_out) {
799  /* Finally, version value is 1 byte. */
800  *version_out = get_uint8(address + offset);
801  }
802  offset += sizeof(uint8_t);
803  /* Extra safety. */
804  tor_assert(offset == HS_SERVICE_ADDR_LEN);
805 }
806 
807 /* Using the given identity public key and a blinded public key, compute the
808  * subcredential and put it in subcred_out (must be of size DIGEST256_LEN).
809  * This can't fail. */
810 void
811 hs_get_subcredential(const ed25519_public_key_t *identity_pk,
812  const ed25519_public_key_t *blinded_pk,
813  uint8_t *subcred_out)
814 {
815  uint8_t credential[DIGEST256_LEN];
816  crypto_digest_t *digest;
817 
818  tor_assert(identity_pk);
819  tor_assert(blinded_pk);
820  tor_assert(subcred_out);
821 
822  /* First, build the credential. Construction is as follow:
823  * credential = H("credential" | public-identity-key) */
824  digest = crypto_digest256_new(DIGEST_SHA3_256);
825  crypto_digest_add_bytes(digest, HS_CREDENTIAL_PREFIX,
826  HS_CREDENTIAL_PREFIX_LEN);
827  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
828  ED25519_PUBKEY_LEN);
829  crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
830  crypto_digest_free(digest);
831 
832  /* Now, compute the subcredential. Construction is as follow:
833  * subcredential = H("subcredential" | credential | blinded-public-key). */
834  digest = crypto_digest256_new(DIGEST_SHA3_256);
835  crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
836  HS_SUBCREDENTIAL_PREFIX_LEN);
837  crypto_digest_add_bytes(digest, (const char *) credential,
838  sizeof(credential));
839  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
840  ED25519_PUBKEY_LEN);
841  crypto_digest_get_digest(digest, (char *) subcred_out, DIGEST256_LEN);
842  crypto_digest_free(digest);
843 
844  memwipe(credential, 0, sizeof(credential));
845 }
846 
847 /* From the given list of hidden service ports, find the ones that match the
848  * given edge connection conn, pick one at random and use it to set the
849  * connection address. Return 0 on success or -1 if none. */
850 int
851 hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
852 {
853  rend_service_port_config_t *chosen_port;
854  unsigned int warn_once = 0;
855  smartlist_t *matching_ports;
856 
857  tor_assert(ports);
858  tor_assert(conn);
859 
860  matching_ports = smartlist_new();
862  if (TO_CONN(conn)->port != p->virtual_port) {
863  continue;
864  }
865  if (!(p->is_unix_addr)) {
866  smartlist_add(matching_ports, p);
867  } else {
868  if (add_unix_port(matching_ports, p)) {
869  if (!warn_once) {
870  /* Unix port not supported so warn only once. */
871  log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
872  "which is unsupported on this platform. "
873  "Ignoring it.",
874  TO_CONN(conn)->port);
875  }
876  warn_once++;
877  }
878  }
879  } SMARTLIST_FOREACH_END(p);
880 
881  chosen_port = smartlist_choose(matching_ports);
882  smartlist_free(matching_ports);
883  if (chosen_port) {
884  if (!(chosen_port->is_unix_addr)) {
885  /* save the original destination before we overwrite it */
886  if (conn->hs_ident) {
887  conn->hs_ident->orig_virtual_port = TO_CONN(conn)->port;
888  }
889 
890  /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
891  tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
892  TO_CONN(conn)->port = chosen_port->real_port;
893  } else {
894  if (set_unix_port(conn, chosen_port)) {
895  /* Simply impossible to end up here else we were able to add a Unix
896  * port without AF_UNIX support... ? */
897  tor_assert(0);
898  }
899  }
900  }
901  return (chosen_port) ? 0 : -1;
902 }
903 
904 /* Using a base32 representation of a service address, parse its content into
905  * the key_out, checksum_out and version_out. Any out variable can be NULL in
906  * case the caller would want only one field. checksum_out MUST at least be 2
907  * bytes long.
908  *
909  * Return 0 if parsing went well; return -1 in case of error. */
910 int
911 hs_parse_address(const char *address, ed25519_public_key_t *key_out,
912  uint8_t *checksum_out, uint8_t *version_out)
913 {
914  char decoded[HS_SERVICE_ADDR_LEN];
915 
916  tor_assert(address);
917 
918  /* Obvious length check. */
919  if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
920  log_warn(LD_REND, "Service address %s has an invalid length. "
921  "Expected %lu but got %lu.",
922  escaped_safe_str(address),
923  (unsigned long) HS_SERVICE_ADDR_LEN_BASE32,
924  (unsigned long) strlen(address));
925  goto invalid;
926  }
927 
928  /* Decode address so we can extract needed fields. */
929  if (base32_decode(decoded, sizeof(decoded), address, strlen(address)) < 0) {
930  log_warn(LD_REND, "Service address %s can't be decoded.",
931  escaped_safe_str(address));
932  goto invalid;
933  }
934 
935  /* Parse the decoded address into the fields we need. */
936  hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
937 
938  return 0;
939  invalid:
940  return -1;
941 }
942 
943 /* Validate a given onion address. The length, the base32 decoding and
944  * checksum are validated. Return 1 if valid else 0. */
945 int
946 hs_address_is_valid(const char *address)
947 {
948  uint8_t version;
949  uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
950  uint8_t target_checksum[DIGEST256_LEN];
951  ed25519_public_key_t service_pubkey;
952 
953  /* Parse the decoded address into the fields we need. */
954  if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
955  goto invalid;
956  }
957 
958  /* Get the checksum it's suppose to be and compare it with what we have
959  * encoded in the address. */
960  build_hs_checksum(&service_pubkey, version, target_checksum);
961  if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
962  log_warn(LD_REND, "Service address %s invalid checksum.",
963  escaped_safe_str(address));
964  goto invalid;
965  }
966 
967  /* Validate that this pubkey does not have a torsion component. We need to do
968  * this on the prop224 client-side so that attackers can't give equivalent
969  * forms of an onion address to users. */
970  if (ed25519_validate_pubkey(&service_pubkey) < 0) {
971  log_warn(LD_REND, "Service address %s has bad pubkey .",
972  escaped_safe_str(address));
973  goto invalid;
974  }
975 
976  /* Valid address. */
977  return 1;
978  invalid:
979  return 0;
980 }
981 
982 /* Build a service address using an ed25519 public key and a given version.
983  * The returned address is base32 encoded and put in addr_out. The caller MUST
984  * make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
985  *
986  * Format is as follow:
987  * base32(PUBKEY || CHECKSUM || VERSION)
988  * CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
989  * */
990 void
991 hs_build_address(const ed25519_public_key_t *key, uint8_t version,
992  char *addr_out)
993 {
994  uint8_t checksum[DIGEST256_LEN];
995  char address[HS_SERVICE_ADDR_LEN];
996 
997  tor_assert(key);
998  tor_assert(addr_out);
999 
1000  /* Get the checksum of the address. */
1001  build_hs_checksum(key, version, checksum);
1002  /* Get the binary address representation. */
1003  build_hs_address(key, checksum, version, address);
1004 
1005  /* Encode the address. addr_out will be NUL terminated after this. */
1006  base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
1007  sizeof(address));
1008  /* Validate what we just built. */
1009  tor_assert(hs_address_is_valid(addr_out));
1010 }
1011 
1012 /* Return a newly allocated copy of lspec. */
1013 link_specifier_t *
1014 hs_link_specifier_dup(const link_specifier_t *lspec)
1015 {
1016  link_specifier_t *result = link_specifier_new();
1017  memcpy(result, lspec, sizeof(*result));
1018  /* The unrecognized field is a dynamic array so make sure to copy its
1019  * content and not the pointer. */
1020  link_specifier_setlen_un_unrecognized(
1021  result, link_specifier_getlen_un_unrecognized(lspec));
1022  if (link_specifier_getlen_un_unrecognized(result)) {
1023  memcpy(link_specifier_getarray_un_unrecognized(result),
1024  link_specifier_getconstarray_un_unrecognized(lspec),
1025  link_specifier_getlen_un_unrecognized(result));
1026  }
1027  return result;
1028 }
1029 
1030 /* From a given ed25519 public key pk and an optional secret, compute a
1031  * blinded public key and put it in blinded_pk_out. This is only useful to
1032  * the client side because the client only has access to the identity public
1033  * key of the service. */
1034 void
1035 hs_build_blinded_pubkey(const ed25519_public_key_t *pk,
1036  const uint8_t *secret, size_t secret_len,
1037  uint64_t time_period_num,
1038  ed25519_public_key_t *blinded_pk_out)
1039 {
1040  /* Our blinding key API requires a 32 bytes parameter. */
1041  uint8_t param[DIGEST256_LEN];
1042 
1043  tor_assert(pk);
1044  tor_assert(blinded_pk_out);
1045  tor_assert(!tor_mem_is_zero((char *) pk, ED25519_PUBKEY_LEN));
1046 
1047  build_blinded_key_param(pk, secret, secret_len,
1048  time_period_num, get_time_period_length(), param);
1049  ed25519_public_blind(blinded_pk_out, pk, param);
1050 
1051  memwipe(param, 0, sizeof(param));
1052 }
1053 
1054 /* From a given ed25519 keypair kp and an optional secret, compute a blinded
1055  * keypair for the current time period and put it in blinded_kp_out. This is
1056  * only useful by the service side because the client doesn't have access to
1057  * the identity secret key. */
1058 void
1059 hs_build_blinded_keypair(const ed25519_keypair_t *kp,
1060  const uint8_t *secret, size_t secret_len,
1061  uint64_t time_period_num,
1062  ed25519_keypair_t *blinded_kp_out)
1063 {
1064  /* Our blinding key API requires a 32 bytes parameter. */
1065  uint8_t param[DIGEST256_LEN];
1066 
1067  tor_assert(kp);
1068  tor_assert(blinded_kp_out);
1069  /* Extra safety. A zeroed key is bad. */
1070  tor_assert(!tor_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
1071  tor_assert(!tor_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
1072 
1073  build_blinded_key_param(&kp->pubkey, secret, secret_len,
1074  time_period_num, get_time_period_length(), param);
1075  ed25519_keypair_blind(blinded_kp_out, kp, param);
1076 
1077  memwipe(param, 0, sizeof(param));
1078 }
1079 
1080 /* Return true if we are currently in the time segment between a new time
1081  * period and a new SRV (in the real network that happens between 12:00 and
1082  * 00:00 UTC). Here is a diagram showing exactly when this returns true:
1083  *
1084  * +------------------------------------------------------------------+
1085  * | |
1086  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
1087  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
1088  * | |
1089  * | $==========|-----------$===========|-----------$===========| |
1090  * | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
1091  * | |
1092  * +------------------------------------------------------------------+
1093  */
1094 MOCK_IMPL(int,
1095 hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
1096 {
1097  time_t valid_after;
1098  time_t srv_start_time, tp_start_time;
1099 
1100  if (!consensus) {
1101  consensus = networkstatus_get_live_consensus(now);
1102  if (!consensus) {
1103  return 0;
1104  }
1105  }
1106 
1107  /* Get start time of next TP and of current SRV protocol run, and check if we
1108  * are between them. */
1109  valid_after = consensus->valid_after;
1111  tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
1112 
1113  if (valid_after >= srv_start_time && valid_after < tp_start_time) {
1114  return 0;
1115  }
1116 
1117  return 1;
1118 }
1119 
1120 /* Return 1 if any virtual port in ports needs a circuit with good uptime.
1121  * Else return 0. */
1122 int
1123 hs_service_requires_uptime_circ(const smartlist_t *ports)
1124 {
1125  tor_assert(ports);
1126 
1128  if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
1129  p->virtual_port)) {
1130  return 1;
1131  }
1132  } SMARTLIST_FOREACH_END(p);
1133  return 0;
1134 }
1135 
1136 /* Build hs_index which is used to find the responsible hsdirs. This index
1137  * value is used to select the responsible HSDir where their hsdir_index is
1138  * closest to this value.
1139  * SHA3-256("store-at-idx" | blinded_public_key |
1140  * INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
1141  *
1142  * hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
1143 void
1144 hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
1145  uint64_t period_num, uint8_t *hs_index_out)
1146 {
1147  crypto_digest_t *digest;
1148 
1149  tor_assert(blinded_pk);
1150  tor_assert(hs_index_out);
1151 
1152  /* Build hs_index. See construction at top of function comment. */
1153  digest = crypto_digest256_new(DIGEST_SHA3_256);
1154  crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
1155  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
1156  ED25519_PUBKEY_LEN);
1157 
1158  /* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
1159  {
1160  uint64_t period_length = get_time_period_length();
1161  char buf[sizeof(uint64_t)*3];
1162  size_t offset = 0;
1163  set_uint64(buf, tor_htonll(replica));
1164  offset += sizeof(uint64_t);
1165  set_uint64(buf+offset, tor_htonll(period_length));
1166  offset += sizeof(uint64_t);
1167  set_uint64(buf+offset, tor_htonll(period_num));
1168  offset += sizeof(uint64_t);
1169  tor_assert(offset == sizeof(buf));
1170 
1171  crypto_digest_add_bytes(digest, buf, sizeof(buf));
1172  }
1173 
1174  crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
1175  crypto_digest_free(digest);
1176 }
1177 
1178 /* Build hsdir_index which is used to find the responsible hsdirs. This is the
1179  * index value that is compare to the hs_index when selecting an HSDir.
1180  * SHA3-256("node-idx" | node_identity |
1181  * shared_random_value | INT_8(period_length) | INT_8(period_num) )
1182  *
1183  * hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
1184 void
1185 hs_build_hsdir_index(const ed25519_public_key_t *identity_pk,
1186  const uint8_t *srv_value, uint64_t period_num,
1187  uint8_t *hsdir_index_out)
1188 {
1189  crypto_digest_t *digest;
1190 
1191  tor_assert(identity_pk);
1192  tor_assert(srv_value);
1193  tor_assert(hsdir_index_out);
1194 
1195  /* Build hsdir_index. See construction at top of function comment. */
1196  digest = crypto_digest256_new(DIGEST_SHA3_256);
1197  crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
1198  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
1199  ED25519_PUBKEY_LEN);
1200  crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
1201 
1202  {
1203  uint64_t time_period_length = get_time_period_length();
1204  char period_stuff[sizeof(uint64_t)*2];
1205  size_t offset = 0;
1206  set_uint64(period_stuff, tor_htonll(period_num));
1207  offset += sizeof(uint64_t);
1208  set_uint64(period_stuff+offset, tor_htonll(time_period_length));
1209  offset += sizeof(uint64_t);
1210  tor_assert(offset == sizeof(period_stuff));
1211 
1212  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
1213  }
1214 
1215  crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
1216  crypto_digest_free(digest);
1217 }
1218 
1219 /* Return a newly allocated buffer containing the current shared random value
1220  * or if not present, a disaster value is computed using the given time period
1221  * number. If a consensus is provided in <b>ns</b>, use it to get the SRV
1222  * value. This function can't fail. */
1223 uint8_t *
1224 hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
1225 {
1226  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1227  const sr_srv_t *current_srv = sr_get_current(ns);
1228 
1229  if (current_srv) {
1230  memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
1231  } else {
1232  /* Disaster mode. */
1233  get_disaster_srv(time_period_num, sr_value);
1234  }
1235  return sr_value;
1236 }
1237 
1238 /* Return a newly allocated buffer containing the previous shared random
1239  * value or if not present, a disaster value is computed using the given time
1240  * period number. This function can't fail. */
1241 uint8_t *
1242 hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
1243 {
1244  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1245  const sr_srv_t *previous_srv = sr_get_previous(ns);
1246 
1247  if (previous_srv) {
1248  memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
1249  } else {
1250  /* Disaster mode. */
1251  get_disaster_srv(time_period_num, sr_value);
1252  }
1253  return sr_value;
1254 }
1255 
1256 /* Return the number of replicas defined by a consensus parameter or the
1257  * default value. */
1258 int32_t
1259 hs_get_hsdir_n_replicas(void)
1260 {
1261  /* The [1,16] range is a specification requirement. */
1262  return networkstatus_get_param(NULL, "hsdir_n_replicas",
1263  HS_DEFAULT_HSDIR_N_REPLICAS, 1, 16);
1264 }
1265 
1266 /* Return the spread fetch value defined by a consensus parameter or the
1267  * default value. */
1268 int32_t
1269 hs_get_hsdir_spread_fetch(void)
1270 {
1271  /* The [1,128] range is a specification requirement. */
1272  return networkstatus_get_param(NULL, "hsdir_spread_fetch",
1273  HS_DEFAULT_HSDIR_SPREAD_FETCH, 1, 128);
1274 }
1275 
1276 /* Return the spread store value defined by a consensus parameter or the
1277  * default value. */
1278 int32_t
1279 hs_get_hsdir_spread_store(void)
1280 {
1281  /* The [1,128] range is a specification requirement. */
1282  return networkstatus_get_param(NULL, "hsdir_spread_store",
1283  HS_DEFAULT_HSDIR_SPREAD_STORE, 1, 128);
1284 }
1285 
1288 static int
1290 {
1292 
1293  /* A node can't have an HSDir index without a descriptor since we need desc
1294  * to get its ed25519 key. for_direct_connect should be zero, since we
1295  * always use the consensus-indexed node's keys to build the hash ring, even
1296  * if some of the consensus-indexed nodes are also bridges. */
1297  if (!node_has_preferred_descriptor(node, 0)) {
1298  return 0;
1299  }
1300 
1301  /* At this point, since the node has a desc, this node must also have an
1302  * hsdir index. If not, something went wrong, so BUG out. */
1303  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.fetch,
1304  DIGEST256_LEN))) {
1305  return 0;
1306  }
1307  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.store_first,
1308  DIGEST256_LEN))) {
1309  return 0;
1310  }
1311  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.store_second,
1312  DIGEST256_LEN))) {
1313  return 0;
1314  }
1315 
1316  return 1;
1317 }
1318 
1319 /* For a given blinded key and time period number, get the responsible HSDir
1320  * and put their routerstatus_t object in the responsible_dirs list. If
1321  * 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
1322  * is used. If 'for_fetching' is true, the spread fetch consensus parameter is
1323  * used else the spread store is used which is only for upload. This function
1324  * can't fail but it is possible that the responsible_dirs list contains fewer
1325  * nodes than expected.
1326  *
1327  * This function goes over the latest consensus routerstatus list and sorts it
1328  * by their node_t hsdir_index then does a binary search to find the closest
1329  * node. All of this makes it a bit CPU intensive so use it wisely. */
1330 void
1331 hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,
1332  uint64_t time_period_num, int use_second_hsdir_index,
1333  int for_fetching, smartlist_t *responsible_dirs)
1334 {
1335  smartlist_t *sorted_nodes;
1336  /* The compare function used for the smartlist bsearch. We have two
1337  * different depending on is_next_period. */
1338  int (*cmp_fct)(const void *, const void **);
1339 
1340  tor_assert(blinded_pk);
1341  tor_assert(responsible_dirs);
1342 
1343  sorted_nodes = smartlist_new();
1344 
1345  /* Make sure we actually have a live consensus */
1346  networkstatus_t *c = networkstatus_get_live_consensus(approx_time());
1347  if (!c || smartlist_len(c->routerstatus_list) == 0) {
1348  log_warn(LD_REND, "No live consensus so we can't get the responsible "
1349  "hidden service directories.");
1350  goto done;
1351  }
1352 
1353  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
1355 
1356  /* Add every node_t that support HSDir v3 for which we do have a valid
1357  * hsdir_index already computed for them for this consensus. */
1358  {
1360  /* Even though this node_t object won't be modified and should be const,
1361  * we can't add const object in a smartlist_t. */
1362  node_t *n = node_get_mutable_by_id(rs->identity_digest);
1363  tor_assert(n);
1364  if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
1365  if (!node_has_hsdir_index(n)) {
1366  log_info(LD_GENERAL, "Node %s was found without hsdir index.",
1367  node_describe(n));
1368  continue;
1369  }
1370  smartlist_add(sorted_nodes, n);
1371  }
1372  } SMARTLIST_FOREACH_END(rs);
1373  }
1374  if (smartlist_len(sorted_nodes) == 0) {
1375  log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
1376  goto done;
1377  }
1378 
1379  /* First thing we have to do is sort all node_t by hsdir_index. The
1380  * is_next_period tells us if we want the current or the next one. Set the
1381  * bsearch compare function also while we are at it. */
1382  if (for_fetching) {
1383  smartlist_sort(sorted_nodes, compare_node_fetch_hsdir_index);
1384  cmp_fct = compare_digest_to_fetch_hsdir_index;
1385  } else if (use_second_hsdir_index) {
1386  smartlist_sort(sorted_nodes, compare_node_store_second_hsdir_index);
1387  cmp_fct = compare_digest_to_store_second_hsdir_index;
1388  } else {
1389  smartlist_sort(sorted_nodes, compare_node_store_first_hsdir_index);
1390  cmp_fct = compare_digest_to_store_first_hsdir_index;
1391  }
1392 
1393  /* For all replicas, we'll select a set of HSDirs using the consensus
1394  * parameters and the sorted list. The replica starting at value 1 is
1395  * defined by the specification. */
1396  for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
1397  int idx, start, found, n_added = 0;
1398  uint8_t hs_index[DIGEST256_LEN] = {0};
1399  /* Number of node to add to the responsible dirs list depends on if we are
1400  * trying to fetch or store. A client always fetches. */
1401  int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
1402  hs_get_hsdir_spread_store();
1403 
1404  /* Get the index that we should use to select the node. */
1405  hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
1406  /* The compare function pointer has been set correctly earlier. */
1407  start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
1408  &found);
1409  /* Getting the length of the list if no member is greater than the key we
1410  * are looking for so start at the first element. */
1411  if (idx == smartlist_len(sorted_nodes)) {
1412  start = idx = 0;
1413  }
1414  while (n_added < n_to_add) {
1415  const node_t *node = smartlist_get(sorted_nodes, idx);
1416  /* If the node has already been selected which is possible between
1417  * replicas, the specification says to skip over. */
1418  if (!smartlist_contains(responsible_dirs, node->rs)) {
1419  smartlist_add(responsible_dirs, node->rs);
1420  ++n_added;
1421  }
1422  if (++idx == smartlist_len(sorted_nodes)) {
1423  /* Wrap if we've reached the end of the list. */
1424  idx = 0;
1425  }
1426  if (idx == start) {
1427  /* We've gone over the whole list, stop and avoid infinite loop. */
1428  break;
1429  }
1430  }
1431  }
1432 
1433  done:
1434  smartlist_free(sorted_nodes);
1435 }
1436 
1437 /*********************** HSDir request tracking ***************************/
1438 
1441 time_t
1443 {
1444  tor_assert(options);
1445 
1446  if (options->TestingTorNetwork) {
1447  return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
1448  } else {
1449  return REND_HID_SERV_DIR_REQUERY_PERIOD;
1450  }
1451 }
1452 
1467 static strmap_t *last_hid_serv_requests_ = NULL;
1468 
1471 STATIC strmap_t *
1473 {
1475  last_hid_serv_requests_ = strmap_new();
1476  return last_hid_serv_requests_;
1477 }
1478 
1484 time_t
1486  const char *req_key_str,
1487  time_t now, int set)
1488 {
1489  char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
1490  char *hsdir_desc_comb_id = NULL;
1491  time_t *last_request_ptr;
1492  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1493 
1494  /* Create the key */
1495  base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
1496  hs_dir->identity_digest, DIGEST_LEN);
1497  tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
1498 
1499  if (set) {
1500  time_t *oldptr;
1501  last_request_ptr = tor_malloc_zero(sizeof(time_t));
1502  *last_request_ptr = now;
1503  oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
1504  last_request_ptr);
1505  tor_free(oldptr);
1506  } else {
1507  last_request_ptr = strmap_get(last_hid_serv_requests,
1508  hsdir_desc_comb_id);
1509  }
1510 
1511  tor_free(hsdir_desc_comb_id);
1512  return (last_request_ptr) ? *last_request_ptr : 0;
1513 }
1514 
1518 void
1520 {
1521  strmap_iter_t *iter;
1522  time_t cutoff = now - hs_hsdir_requery_period(get_options());
1523  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1524  for (iter = strmap_iter_init(last_hid_serv_requests);
1525  !strmap_iter_done(iter); ) {
1526  const char *key;
1527  void *val;
1528  time_t *ent;
1529  strmap_iter_get(iter, &key, &val);
1530  ent = (time_t *) val;
1531  if (*ent < cutoff) {
1532  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1533  tor_free(ent);
1534  } else {
1535  iter = strmap_iter_next(last_hid_serv_requests, iter);
1536  }
1537  }
1538 }
1539 
1547 void
1549 {
1550  strmap_iter_t *iter;
1551  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1552 
1553  for (iter = strmap_iter_init(last_hid_serv_requests);
1554  !strmap_iter_done(iter); ) {
1555  const char *key;
1556  void *val;
1557  strmap_iter_get(iter, &key, &val);
1558 
1559  /* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
1560  * semantic, see #23305. */
1561 
1562  /* This strmap contains variable-sized elements so this is a basic length
1563  * check on the strings we are about to compare. The key is variable sized
1564  * since it's composed as follows:
1565  * key = base32(hsdir_identity) + base32(req_key_str)
1566  * where 'req_key_str' is the descriptor ID of the HS in the v2 case, or
1567  * the ed25519 blinded public key of the HS in the v3 case. */
1568  if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
1569  iter = strmap_iter_next(last_hid_serv_requests, iter);
1570  continue;
1571  }
1572 
1573  /* Check if the tracked request matches our request key */
1574  if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
1575  strlen(req_key_str))) {
1576  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1577  tor_free(val);
1578  } else {
1579  iter = strmap_iter_next(last_hid_serv_requests, iter);
1580  }
1581  }
1582 }
1583 
1588 void
1590 {
1591  /* Don't create the table if it doesn't exist yet (and it may very
1592  * well not exist if the user hasn't accessed any HSes)... */
1593  strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
1594  /* ... and let get_last_hid_serv_requests re-create it for us if
1595  * necessary. */
1596  last_hid_serv_requests_ = NULL;
1597 
1598  if (old_last_hid_serv_requests != NULL) {
1599  log_info(LD_REND, "Purging client last-HS-desc-request-time table");
1600  strmap_free(old_last_hid_serv_requests, tor_free_);
1601  }
1602 }
1603 
1604 /***********************************************************************/
1605 
1616 hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str)
1617 {
1618  smartlist_t *usable_responsible_dirs = smartlist_new();
1619  const or_options_t *options = get_options();
1620  routerstatus_t *hs_dir;
1621  time_t now = time(NULL);
1622  int excluded_some;
1623 
1624  tor_assert(req_key_str);
1625 
1626  /* Clean outdated request history first. */
1628 
1629  /* Only select those hidden service directories to which we did not send a
1630  * request recently and for which we have a router descriptor here.
1631  *
1632  * Use for_direct_connect==0 even if we will be connecting to the node
1633  * directly, since we always use the key information in the
1634  * consensus-indexed node descriptors for building the index.
1635  **/
1636  SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
1637  time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
1638  const node_t *node = node_get_by_id(dir->identity_digest);
1639  if (last + hs_hsdir_requery_period(options) >= now ||
1640  !node || !node_has_preferred_descriptor(node, 0)) {
1641  SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
1642  continue;
1643  }
1644  if (!routerset_contains_node(options->ExcludeNodes, node)) {
1645  smartlist_add(usable_responsible_dirs, dir);
1646  }
1647  } SMARTLIST_FOREACH_END(dir);
1648 
1649  excluded_some =
1650  smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
1651 
1652  hs_dir = smartlist_choose(usable_responsible_dirs);
1653  if (!hs_dir && !options->StrictNodes) {
1654  hs_dir = smartlist_choose(responsible_dirs);
1655  }
1656 
1657  smartlist_free(responsible_dirs);
1658  smartlist_free(usable_responsible_dirs);
1659  if (!hs_dir) {
1660  log_info(LD_REND, "Could not pick one of the responsible hidden "
1661  "service directories, because we requested them all "
1662  "recently without success.");
1663  if (options->StrictNodes && excluded_some) {
1664  log_warn(LD_REND, "Could not pick a hidden service directory for the "
1665  "requested hidden service: they are all either down or "
1666  "excluded, and StrictNodes is set.");
1667  }
1668  } else {
1669  /* Remember that we are requesting a descriptor from this hidden service
1670  * directory now. */
1671  hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
1672  }
1673 
1674  return hs_dir;
1675 }
1676 
1677 /* From a list of link specifier, an onion key and if we are requesting a
1678  * direct connection (ex: single onion service), return a newly allocated
1679  * extend_info_t object. This function always returns an extend info with
1680  * an IPv4 address, or NULL.
1681  *
1682  * It performs the following checks:
1683  * if either IPv4 or legacy ID is missing, return NULL.
1684  * if direct_conn, and we can't reach the IPv4 address, return NULL.
1685  */
1686 extend_info_t *
1687 hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
1688  const curve25519_public_key_t *onion_key,
1689  int direct_conn)
1690 {
1691  int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
1692  char legacy_id[DIGEST_LEN] = {0};
1693  uint16_t port_v4 = 0;
1694  tor_addr_t addr_v4;
1695  ed25519_public_key_t ed25519_pk;
1696  extend_info_t *info = NULL;
1697 
1698  tor_assert(lspecs);
1699 
1700  SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
1701  switch (link_specifier_get_ls_type(ls)) {
1702  case LS_IPV4:
1703  /* Skip if we already seen a v4. */
1704  if (have_v4) continue;
1705  tor_addr_from_ipv4h(&addr_v4,
1706  link_specifier_get_un_ipv4_addr(ls));
1707  port_v4 = link_specifier_get_un_ipv4_port(ls);
1708  have_v4 = 1;
1709  break;
1710  case LS_LEGACY_ID:
1711  /* Make sure we do have enough bytes for the legacy ID. */
1712  if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
1713  break;
1714  }
1715  memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
1716  sizeof(legacy_id));
1717  have_legacy_id = 1;
1718  break;
1719  case LS_ED25519_ID:
1720  memcpy(ed25519_pk.pubkey,
1721  link_specifier_getconstarray_un_ed25519_id(ls),
1722  ED25519_PUBKEY_LEN);
1723  have_ed25519_id = 1;
1724  break;
1725  default:
1726  /* Ignore unknown. */
1727  break;
1728  }
1729  } SMARTLIST_FOREACH_END(ls);
1730 
1731  /* Legacy ID is mandatory, and we require IPv4. */
1732  if (!have_v4 || !have_legacy_id) {
1733  goto done;
1734  }
1735 
1736  /* We know we have IPv4, because we just checked. */
1737  if (!direct_conn) {
1738  /* All clients can extend to any IPv4 via a 3-hop path. */
1739  goto validate;
1740  } else if (direct_conn &&
1741  fascist_firewall_allows_address_addr(&addr_v4, port_v4,
1742  FIREWALL_OR_CONNECTION,
1743  0, 0)) {
1744  /* Direct connection and we can reach it in IPv4 so go for it. */
1745  goto validate;
1746 
1747  /* We will add support for falling back to a 3-hop path in a later
1748  * release. */
1749  } else {
1750  /* If we can't reach IPv4, return NULL. */
1751  goto done;
1752  }
1753 
1754  /* We will add support for IPv6 in a later release. */
1755 
1756  validate:
1757  /* We'll validate now that the address we've picked isn't a private one. If
1758  * it is, are we allowing to extend to private address? */
1759  if (!extend_info_addr_is_allowed(&addr_v4)) {
1760  log_fn(LOG_PROTOCOL_WARN, LD_REND,
1761  "Requested address is private and we are not allowed to extend to "
1762  "it: %s:%u", fmt_addr(&addr_v4), port_v4);
1763  goto done;
1764  }
1765 
1766  /* We do have everything for which we think we can connect successfully. */
1767  info = extend_info_new(NULL, legacy_id,
1768  (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
1769  onion_key, &addr_v4, port_v4);
1770  done:
1771  return info;
1772 }
1773 
1774 /***********************************************************************/
1775 
1776 /* Initialize the entire HS subsytem. This is called in tor_init() before any
1777  * torrc options are loaded. Only for >= v3. */
1778 void
1779 hs_init(void)
1780 {
1781  hs_circuitmap_init();
1782  hs_service_init();
1783  hs_cache_init();
1784 }
1785 
1786 /* Release and cleanup all memory of the HS subsystem (all version). This is
1787  * called by tor_free_all(). */
1788 void
1789 hs_free_all(void)
1790 {
1791  hs_circuitmap_free_all();
1792  hs_service_free_all();
1793  hs_cache_free_all();
1794  hs_client_free_all();
1795 }
1796 
1797 /* For the given origin circuit circ, decrement the number of rendezvous
1798  * stream counter. This handles every hidden service version. */
1799 void
1800 hs_dec_rdv_stream_counter(origin_circuit_t *circ)
1801 {
1802  tor_assert(circ);
1803 
1804  if (circ->rend_data) {
1805  circ->rend_data->nr_streams--;
1806  } else if (circ->hs_ident) {
1807  circ->hs_ident->num_rdv_streams--;
1808  } else {
1809  /* Should not be called if this circuit is not for hidden service. */
1810  tor_assert_nonfatal_unreached();
1811  }
1812 }
1813 
1814 /* For the given origin circuit circ, increment the number of rendezvous
1815  * stream counter. This handles every hidden service version. */
1816 void
1817 hs_inc_rdv_stream_counter(origin_circuit_t *circ)
1818 {
1819  tor_assert(circ);
1820 
1821  if (circ->rend_data) {
1822  circ->rend_data->nr_streams++;
1823  } else if (circ->hs_ident) {
1824  circ->hs_ident->num_rdv_streams++;
1825  } else {
1826  /* Should not be called if this circuit is not for hidden service. */
1827  tor_assert_nonfatal_unreached();
1828  }
1829 }
Header file for rendcommon.c.
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
rend_data_t * rend_data
char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN]
Definition: or.h:443
unsigned int cpd_check_t
Definition: dir.h:20
Header file containing common data for the whole HS subsytem.
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:28
void rend_data_free_(rend_data_t *data)
Definition: hs_common.c:357
Header file containing service data for the HS subsytem.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define TO_CONN(c)
Definition: or.h:735
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:334
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
const char * escaped_safe_str(const char *address)
Definition: config.c:1109
Header file containing client data for the HS subsytem.
tor_addr_t addr
int tor_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
STATIC strmap_t * get_last_hid_serv_requests(void)
Definition: hs_common.c:1472
#define LD_GENERAL
Definition: log.h:58
char descriptor_cookie[REND_DESC_COOKIE_LEN]
Definition: or.h:446
int nr_streams
Definition: or.h:430
char identity_digest[DIGEST_LEN]
Header file for describe.c.
Header file for nodelist.c.
void smartlist_add(smartlist_t *sl, void *element)
time_t sr_state_get_start_time_of_current_protocol_run(void)
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:153
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:354
int smartlist_contains(const smartlist_t *sl, const void *element)
Header file for config.c.
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
smartlist_t * hsdirs_fp
Definition: or.h:424
static int node_has_hsdir_index(const node_t *node)
Definition: hs_common.c:1289
uint16_t port
#define tor_free(p)
Definition: malloc.h:52
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
int node_supports_v3_hsdir(const node_t *node)
Definition: nodelist.c:1152
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1244
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
#define SMARTLIST_DEL_CURRENT(sl, var)
time_t hs_hsdir_requery_period(const or_options_t *options)
Definition: hs_common.c:1442
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1589
rend_auth_type_t
Definition: or.h:402
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header file for policies.c.
char rend_pk_digest[DIGEST_LEN]
Definition: or.h:457
int ed25519_keypair_blind(ed25519_keypair_t *out, const ed25519_keypair_t *inp, const uint8_t *param)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
Common functions for cryptographic routines.
tor_assert(buffer)
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:287
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
routerset_t * ExcludeNodes
Definition: or_options_st.h:84
static void set_uint64(void *cp, uint64_t v)
Definition: bytes.h:91
#define DIGEST_LEN
Definition: digest_sizes.h:20
const char * node_describe(const node_t *node)
Definition: describe.c:101
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Master header file for Tor-specific functionality.
static uint8_t cached_disaster_srv[2][DIGEST256_LEN]
Definition: hs_common.c:623
unsigned int sr_state_get_protocol_run_duration(void)
Header file for circuitbuild.c.
STATIC uint64_t get_time_period_length(void)
Definition: hs_common.c:239
Header file containing circuit and connection identifier data for the whole HS subsytem.
Header file for shared_random_client.c.
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:556
void tor_free_(void *mem)
Definition: malloc.c:227
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:167
Header file for hs_circuitmap.c.
#define LD_REND
Definition: log.h:80
Header file for rendservice.c.
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:348
smartlist_t * routerstatus_list
static strmap_t * last_hid_serv_requests_
Definition: hs_common.c:1467
unsigned int sr_state_get_phase_duration(void)
rend_auth_type_t auth_type
Definition: or.h:449
#define BASE32_DIGEST_LEN
Definition: crypto_digest.h:23
struct hs_ident_circuit_t * hs_ident
char rend_cookie[REND_COOKIE_LEN]
Definition: or.h:427
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:229
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1548
char desc_id_fetch[DIGEST_LEN]
Definition: or.h:454
time_t hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir, const char *req_key_str, time_t now, int set)
Definition: hs_common.c:1485
#define fmt_addr(a)
Definition: address.h:211
#define ARRAY_LENGTH(x)
#define log_fn(severity, domain, args,...)
Definition: log.h:255
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str)
Definition: hs_common.c:1616
time_t approx_time(void)
Definition: approx_time.c:32
Header file for hs_cache.c.
char onion_address[REND_SERVICE_ID_LEN_BASE32+1]
Definition: or.h:438
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:265
STATIC void get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:630
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:300
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:892
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
void hs_clean_last_hid_serv_requests(time_t now)
Definition: hs_common.c:1519
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Header file for networkstatus.c.
void nodelist_ensure_freshness(networkstatus_t *ns)
Definition: nodelist.c:928
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:589
int ed25519_public_blind(ed25519_public_key_t *out, const ed25519_public_key_t *inp, const uint8_t *param)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)