tor  0.4.2.0-alpha-dev
hs_common.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
12 #define HS_COMMON_PRIVATE
13 
14 #include "core/or/or.h"
15 
16 #include "app/config/config.h"
17 #include "core/or/circuitbuild.h"
18 #include "core/or/policies.h"
19 #include "feature/dirauth/shared_random_state.h"
20 #include "feature/hs/hs_cache.h"
22 #include "feature/hs/hs_client.h"
23 #include "feature/hs/hs_common.h"
24 #include "feature/hs/hs_dos.h"
25 #include "feature/hs/hs_ident.h"
26 #include "feature/hs/hs_service.h"
31 #include "feature/nodelist/routerset.h"
37 
38 #include "core/or/edge_connection_st.h"
39 #include "feature/nodelist/networkstatus_st.h"
40 #include "feature/nodelist/node_st.h"
41 #include "core/or/origin_circuit_st.h"
42 #include "feature/nodelist/routerstatus_st.h"
43 
44 /* Trunnel */
45 #include "trunnel/ed25519_cert.h"
46 
47 /* Ed25519 Basepoint value. Taken from section 5 of
48  * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
49 static const char *str_ed25519_basepoint =
50  "(15112221349535400772501151409588531511"
51  "454012693041857206046113283949847762202, "
52  "463168356949264781694283940034751631413"
53  "07993866256225615783033603165251855960)";
54 
55 #ifdef HAVE_SYS_UN_H
56 
61 static int
62 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
63 {
64  tor_assert(ports);
65  tor_assert(p);
66  tor_assert(p->is_unix_addr);
67 
68  smartlist_add(ports, p);
69  return 0;
70 }
71 
75 static int
76 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
77 {
78  tor_assert(conn);
79  tor_assert(p);
80  tor_assert(p->is_unix_addr);
81 
82  conn->base_.socket_family = AF_UNIX;
83  tor_addr_make_unspec(&conn->base_.addr);
84  conn->base_.port = 1;
85  conn->base_.address = tor_strdup(p->unix_addr);
86  return 0;
87 }
88 
89 #else /* !(defined(HAVE_SYS_UN_H)) */
90 
91 static int
92 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
93 {
94  (void) conn;
95  (void) p;
96  return -ENOSYS;
97 }
98 
99 static int
100 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
101 {
102  (void) ports;
103  (void) p;
104  return -ENOSYS;
105 }
106 
107 #endif /* defined(HAVE_SYS_UN_H) */
108 
109 /* Helper function: The key is a digest that we compare to a node_t object
110  * current hsdir_index. */
111 static int
112 compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
113 {
114  const char *key = _key;
115  const node_t *node = *_member;
116  return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
117 }
118 
119 /* Helper function: The key is a digest that we compare to a node_t object
120  * next hsdir_index. */
121 static int
122 compare_digest_to_store_first_hsdir_index(const void *_key,
123  const void **_member)
124 {
125  const char *key = _key;
126  const node_t *node = *_member;
127  return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
128 }
129 
130 /* Helper function: The key is a digest that we compare to a node_t object
131  * next hsdir_index. */
132 static int
133 compare_digest_to_store_second_hsdir_index(const void *_key,
134  const void **_member)
135 {
136  const char *key = _key;
137  const node_t *node = *_member;
138  return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
139 }
140 
141 /* Helper function: Compare two node_t objects current hsdir_index. */
142 static int
143 compare_node_fetch_hsdir_index(const void **a, const void **b)
144 {
145  const node_t *node1= *a;
146  const node_t *node2 = *b;
147  return tor_memcmp(node1->hsdir_index.fetch,
148  node2->hsdir_index.fetch,
149  DIGEST256_LEN);
150 }
151 
152 /* Helper function: Compare two node_t objects next hsdir_index. */
153 static int
154 compare_node_store_first_hsdir_index(const void **a, const void **b)
155 {
156  const node_t *node1= *a;
157  const node_t *node2 = *b;
158  return tor_memcmp(node1->hsdir_index.store_first,
159  node2->hsdir_index.store_first,
160  DIGEST256_LEN);
161 }
162 
163 /* Helper function: Compare two node_t objects next hsdir_index. */
164 static int
165 compare_node_store_second_hsdir_index(const void **a, const void **b)
166 {
167  const node_t *node1= *a;
168  const node_t *node2 = *b;
169  return tor_memcmp(node1->hsdir_index.store_second,
170  node2->hsdir_index.store_second,
171  DIGEST256_LEN);
172 }
173 
174 /* Allocate and return a string containing the path to filename in directory.
175  * This function will never return NULL. The caller must free this path. */
176 char *
177 hs_path_from_filename(const char *directory, const char *filename)
178 {
179  char *file_path = NULL;
180 
181  tor_assert(directory);
182  tor_assert(filename);
183 
184  tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
185  return file_path;
186 }
187 
188 /* Make sure that the directory for <b>service</b> is private, using the config
189  * <b>username</b>.
190  * If <b>create</b> is true:
191  * - if the directory exists, change permissions if needed,
192  * - if the directory does not exist, create it with the correct permissions.
193  * If <b>create</b> is false:
194  * - if the directory exists, check permissions,
195  * - if the directory does not exist, check if we think we can create it.
196  * Return 0 on success, -1 on failure. */
197 int
198 hs_check_service_private_dir(const char *username, const char *path,
199  unsigned int dir_group_readable,
200  unsigned int create)
201 {
202  cpd_check_t check_opts = CPD_NONE;
203 
204  tor_assert(path);
205 
206  if (create) {
207  check_opts |= CPD_CREATE;
208  } else {
209  check_opts |= CPD_CHECK_MODE_ONLY;
210  check_opts |= CPD_CHECK;
211  }
212  if (dir_group_readable) {
213  check_opts |= CPD_GROUP_READ;
214  }
215  /* Check/create directory */
216  if (check_private_dir(path, check_opts, username) < 0) {
217  return -1;
218  }
219  return 0;
220 }
221 
222 /* Default, minimum, and maximum values for the maximum rendezvous failures
223  * consensus parameter. */
224 #define MAX_REND_FAILURES_DEFAULT 2
225 #define MAX_REND_FAILURES_MIN 1
226 #define MAX_REND_FAILURES_MAX 10
227 
230 int
232 {
233  return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
234  MAX_REND_FAILURES_DEFAULT,
235  MAX_REND_FAILURES_MIN,
236  MAX_REND_FAILURES_MAX);
237 }
238 
240 STATIC uint64_t
242 {
243  /* If we are on a test network, make the time period smaller than normal so
244  that we actually see it rotate. Specifically, make it the same length as
245  an SRV protocol run. */
246  if (get_options()->TestingTorNetwork) {
247  unsigned run_duration = sr_state_get_protocol_run_duration();
248  /* An SRV run should take more than a minute (it's 24 rounds) */
249  tor_assert_nonfatal(run_duration > 60);
250  /* Turn it from seconds to minutes before returning: */
252  }
253 
254  int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
255  HS_TIME_PERIOD_LENGTH_DEFAULT,
256  HS_TIME_PERIOD_LENGTH_MIN,
257  HS_TIME_PERIOD_LENGTH_MAX);
258  /* Make sure it's a positive value. */
259  tor_assert(time_period_length > 0);
260  /* uint64_t will always be able to contain a positive int32_t */
261  return (uint64_t) time_period_length;
262 }
263 
266 uint64_t
268 {
269  uint64_t time_period_num;
270  time_t current_time;
271 
272  /* If no time is specified, set current time based on consensus time, and
273  * only fall back to system time if that fails. */
274  if (now != 0) {
275  current_time = now;
276  } else {
277  networkstatus_t *ns = networkstatus_get_live_consensus(approx_time());
278  current_time = ns ? ns->valid_after : approx_time();
279  }
280 
281  /* Start by calculating minutes since the epoch */
282  uint64_t time_period_length = get_time_period_length();
283  uint64_t minutes_since_epoch = current_time / 60;
284 
285  /* Apply the rotation offset as specified by prop224 (section
286  * [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
287  * publication */
288  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
289  time_period_rotation_offset /= 60; /* go from seconds to minutes */
290  tor_assert(minutes_since_epoch > time_period_rotation_offset);
291  minutes_since_epoch -= time_period_rotation_offset;
292 
293  /* Calculate the time period */
294  time_period_num = minutes_since_epoch / time_period_length;
295  return time_period_num;
296 }
297 
301 uint64_t
303 {
304  return hs_get_time_period_num(now) + 1;
305 }
306 
307 /* Get the number of the _previous_ HS time period, given that the current time
308  * is <b>now</b>. If <b>now</b> is not set, we try to get the time from a live
309  * consensus. */
310 uint64_t
311 hs_get_previous_time_period_num(time_t now)
312 {
313  return hs_get_time_period_num(now) - 1;
314 }
315 
316 /* Return the start time of the upcoming time period based on <b>now</b>. If
317  <b>now</b> is not set, we try to get the time ourselves from a live
318  consensus. */
319 time_t
320 hs_get_start_time_of_next_time_period(time_t now)
321 {
322  uint64_t time_period_length = get_time_period_length();
323 
324  /* Get start time of next time period */
325  uint64_t next_time_period_num = hs_get_next_time_period_num(now);
326  uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
327 
328  /* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
329  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
330  return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
331 }
332 
333 /* Create a new rend_data_t for a specific given <b>version</b>.
334  * Return a pointer to the newly allocated data structure. */
335 static rend_data_t *
336 rend_data_alloc(uint32_t version)
337 {
338  rend_data_t *rend_data = NULL;
339 
340  switch (version) {
341  case HS_VERSION_TWO:
342  {
343  rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2));
344  v2->base_.version = HS_VERSION_TWO;
345  v2->base_.hsdirs_fp = smartlist_new();
346  rend_data = &v2->base_;
347  break;
348  }
349  default:
350  tor_assert(0);
351  break;
352  }
353 
354  return rend_data;
355 }
356 
358 void
360 {
361  if (!data) {
362  return;
363  }
364  /* By using our allocation function, this should always be set. */
365  tor_assert(data->hsdirs_fp);
366  /* Cleanup the HSDir identity digest. */
367  SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
368  smartlist_free(data->hsdirs_fp);
369  /* Depending on the version, cleanup. */
370  switch (data->version) {
371  case HS_VERSION_TWO:
372  {
373  rend_data_v2_t *v2_data = TO_REND_DATA_V2(data);
374  tor_free(v2_data);
375  break;
376  }
377  default:
378  tor_assert(0);
379  }
380 }
381 
382 /* Allocate and return a deep copy of <b>data</b>. */
383 rend_data_t *
384 rend_data_dup(const rend_data_t *data)
385 {
386  rend_data_t *data_dup = NULL;
387  smartlist_t *hsdirs_fp = smartlist_new();
388 
389  tor_assert(data);
390  tor_assert(data->hsdirs_fp);
391 
392  SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
393  smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN)));
394 
395  switch (data->version) {
396  case HS_VERSION_TWO:
397  {
398  rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data),
399  sizeof(*v2_data));
400  data_dup = &v2_data->base_;
401  data_dup->hsdirs_fp = hsdirs_fp;
402  break;
403  }
404  default:
405  tor_assert(0);
406  break;
407  }
408 
409  return data_dup;
410 }
411 
412 /* Compute the descriptor ID for each HS descriptor replica and save them. A
413  * valid onion address must be present in the <b>rend_data</b>.
414  *
415  * Return 0 on success else -1. */
416 static int
417 compute_desc_id(rend_data_t *rend_data)
418 {
419  int ret = 0;
420  unsigned replica;
421  time_t now = time(NULL);
422 
423  tor_assert(rend_data);
424 
425  switch (rend_data->version) {
426  case HS_VERSION_TWO:
427  {
428  rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
429  /* Compute descriptor ID for each replicas. */
430  for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id);
431  replica++) {
432  ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica],
433  v2_data->onion_address,
434  v2_data->descriptor_cookie,
435  now, replica);
436  if (ret < 0) {
437  goto end;
438  }
439  }
440  break;
441  }
442  default:
443  tor_assert(0);
444  }
445 
446  end:
447  return ret;
448 }
449 
450 /* Allocate and initialize a rend_data_t object for a service using the
451  * provided arguments. All arguments are optional (can be NULL), except from
452  * <b>onion_address</b> which MUST be set. The <b>pk_digest</b> is the hash of
453  * the service private key. The <b>cookie</b> is the rendezvous cookie and
454  * <b>auth_type</b> is which authentiation this service is configured with.
455  *
456  * Return a valid rend_data_t pointer. This only returns a version 2 object of
457  * rend_data_t. */
458 rend_data_t *
459 rend_data_service_create(const char *onion_address, const char *pk_digest,
460  const uint8_t *cookie, rend_auth_type_t auth_type)
461 {
462  /* Create a rend_data_t object for version 2. */
463  rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
464  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
465 
466  /* We need at least one else the call is wrong. */
467  tor_assert(onion_address != NULL);
468 
469  if (pk_digest) {
470  memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest));
471  }
472  if (cookie) {
473  memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie));
474  }
475 
476  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
477  v2->auth_type = auth_type;
478 
479  return rend_data;
480 }
481 
482 /* Allocate and initialize a rend_data_t object for a client request using the
483  * given arguments. Either an onion address or a descriptor ID is needed. Both
484  * can be given but in this case only the onion address will be used to make
485  * the descriptor fetch. The <b>cookie</b> is the rendezvous cookie and
486  * <b>auth_type</b> is which authentiation the service is configured with.
487  *
488  * Return a valid rend_data_t pointer or NULL on error meaning the
489  * descriptor IDs couldn't be computed from the given data. */
490 rend_data_t *
491 rend_data_client_create(const char *onion_address, const char *desc_id,
492  const char *cookie, rend_auth_type_t auth_type)
493 {
494  /* Create a rend_data_t object for version 2. */
495  rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
496  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
497 
498  /* We need at least one else the call is wrong. */
499  tor_assert(onion_address != NULL || desc_id != NULL);
500 
501  if (cookie) {
502  memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie));
503  }
504  if (desc_id) {
505  memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch));
506  }
507  if (onion_address) {
508  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
509  if (compute_desc_id(rend_data) < 0) {
510  goto error;
511  }
512  }
513 
514  v2->auth_type = auth_type;
515 
516  return rend_data;
517 
518  error:
519  rend_data_free(rend_data);
520  return NULL;
521 }
522 
523 /* Return the onion address from the rend data. Depending on the version,
524  * the size of the address can vary but it's always NUL terminated. */
525 const char *
526 rend_data_get_address(const rend_data_t *rend_data)
527 {
528  tor_assert(rend_data);
529 
530  switch (rend_data->version) {
531  case HS_VERSION_TWO:
532  return TO_REND_DATA_V2(rend_data)->onion_address;
533  default:
534  /* We should always have a supported version. */
535  tor_assert_unreached();
536  }
537 }
538 
539 /* Return the descriptor ID for a specific replica number from the rend
540  * data. The returned data is a binary digest and depending on the version its
541  * size can vary. The size of the descriptor ID is put in <b>len_out</b> if
542  * non NULL. */
543 const char *
544 rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica,
545  size_t *len_out)
546 {
547  tor_assert(rend_data);
548 
549  switch (rend_data->version) {
550  case HS_VERSION_TWO:
552  if (len_out) {
553  *len_out = DIGEST_LEN;
554  }
555  return TO_REND_DATA_V2(rend_data)->descriptor_id[replica];
556  default:
557  /* We should always have a supported version. */
558  tor_assert_unreached();
559  }
560 }
561 
562 /* Return the public key digest using the given <b>rend_data</b>. The size of
563  * the digest is put in <b>len_out</b> (if set) which can differ depending on
564  * the version. */
565 const uint8_t *
566 rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
567 {
568  tor_assert(rend_data);
569 
570  switch (rend_data->version) {
571  case HS_VERSION_TWO:
572  {
573  const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
574  if (len_out) {
575  *len_out = sizeof(v2_data->rend_pk_digest);
576  }
577  return (const uint8_t *) v2_data->rend_pk_digest;
578  }
579  default:
580  /* We should always have a supported version. */
581  tor_assert_unreached();
582  }
583 }
584 
585 /* Using the given time period number, compute the disaster shared random
586  * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
587 static void
588 compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
589 {
590  crypto_digest_t *digest;
591 
592  tor_assert(srv_out);
593 
594  digest = crypto_digest256_new(DIGEST_SHA3_256);
595 
596  /* Start setting up payload:
597  * H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
598  crypto_digest_add_bytes(digest, HS_SRV_DISASTER_PREFIX,
599  HS_SRV_DISASTER_PREFIX_LEN);
600 
601  /* Setup INT_8(period_length) | INT_8(period_num) */
602  {
603  uint64_t time_period_length = get_time_period_length();
604  char period_stuff[sizeof(uint64_t)*2];
605  size_t offset = 0;
606  set_uint64(period_stuff, tor_htonll(time_period_length));
607  offset += sizeof(uint64_t);
608  set_uint64(period_stuff+offset, tor_htonll(time_period_num));
609  offset += sizeof(uint64_t);
610  tor_assert(offset == sizeof(period_stuff));
611 
612  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
613  }
614 
615  crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
616  crypto_digest_free(digest);
617 }
618 
626 static uint64_t cached_time_period_nums[2] = {0};
627 
631 STATIC void
632 get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
633 {
634  if (time_period_num == cached_time_period_nums[0]) {
635  memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
636  return;
637  } else if (time_period_num == cached_time_period_nums[1]) {
638  memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
639  return;
640  } else {
641  int replace_idx;
642  // Replace the lower period number.
643  if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
644  replace_idx = 0;
645  } else {
646  replace_idx = 1;
647  }
648  cached_time_period_nums[replace_idx] = time_period_num;
649  compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
650  memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
651  return;
652  }
653 }
654 
655 #ifdef TOR_UNIT_TESTS
656 
658 STATIC uint8_t *
659 get_first_cached_disaster_srv(void)
660 {
661  return cached_disaster_srv[0];
662 }
663 
665 STATIC uint8_t *
666 get_second_cached_disaster_srv(void)
667 {
668  return cached_disaster_srv[1];
669 }
670 
671 #endif /* defined(TOR_UNIT_TESTS) */
672 
673 /* When creating a blinded key, we need a parameter which construction is as
674  * follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
675  *
676  * The nonce has a pre-defined format which uses the time period number
677  * period_num and the start of the period in second start_time_period.
678  *
679  * The secret of size secret_len is optional meaning that it can be NULL and
680  * thus will be ignored for the param construction.
681  *
682  * The result is put in param_out. */
683 static void
684 build_blinded_key_param(const ed25519_public_key_t *pubkey,
685  const uint8_t *secret, size_t secret_len,
686  uint64_t period_num, uint64_t period_length,
687  uint8_t *param_out)
688 {
689  size_t offset = 0;
690  const char blind_str[] = "Derive temporary signing key";
691  uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
692  crypto_digest_t *digest;
693 
694  tor_assert(pubkey);
695  tor_assert(param_out);
696 
697  /* Create the nonce N. The construction is as follow:
698  * N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
699  memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
700  offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
701  set_uint64(nonce + offset, tor_htonll(period_num));
702  offset += sizeof(uint64_t);
703  set_uint64(nonce + offset, tor_htonll(period_length));
704  offset += sizeof(uint64_t);
705  tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
706 
707  /* Generate the parameter h and the construction is as follow:
708  * h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
709  digest = crypto_digest256_new(DIGEST_SHA3_256);
710  crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
711  crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
712  /* Optional secret. */
713  if (secret) {
714  crypto_digest_add_bytes(digest, (char *) secret, secret_len);
715  }
716  crypto_digest_add_bytes(digest, str_ed25519_basepoint,
717  strlen(str_ed25519_basepoint));
718  crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
719 
720  /* Extract digest and put it in the param. */
721  crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
722  crypto_digest_free(digest);
723 
724  memwipe(nonce, 0, sizeof(nonce));
725 }
726 
727 /* Using an ed25519 public key and version to build the checksum of an
728  * address. Put in checksum_out. Format is:
729  * SHA3-256(".onion checksum" || PUBKEY || VERSION)
730  *
731  * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
732 static void
733 build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
734  uint8_t *checksum_out)
735 {
736  size_t offset = 0;
737  char data[HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN];
738 
739  /* Build checksum data. */
740  memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
741  HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN);
742  offset += HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN;
743  memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
744  offset += ED25519_PUBKEY_LEN;
745  set_uint8(data + offset, version);
746  offset += sizeof(version);
747  tor_assert(offset == HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN);
748 
749  /* Hash the data payload to create the checksum. */
750  crypto_digest256((char *) checksum_out, data, sizeof(data),
751  DIGEST_SHA3_256);
752 }
753 
754 /* Using an ed25519 public key, checksum and version to build the binary
755  * representation of a service address. Put in addr_out. Format is:
756  * addr_out = PUBKEY || CHECKSUM || VERSION
757  *
758  * addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
759 static void
760 build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
761  uint8_t version, char *addr_out)
762 {
763  size_t offset = 0;
764 
765  tor_assert(key);
766  tor_assert(checksum);
767 
768  memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
769  offset += ED25519_PUBKEY_LEN;
770  memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
771  offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
772  set_uint8(addr_out + offset, version);
773  offset += sizeof(uint8_t);
774  tor_assert(offset == HS_SERVICE_ADDR_LEN);
775 }
776 
777 /* Helper for hs_parse_address(): Using a binary representation of a service
778  * address, parse its content into the key_out, checksum_out and version_out.
779  * Any out variable can be NULL in case the caller would want only one field.
780  * checksum_out MUST at least be 2 bytes long. address must be at least
781  * HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
782 static void
783 hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
784  uint8_t *checksum_out, uint8_t *version_out)
785 {
786  size_t offset = 0;
787 
788  tor_assert(address);
789 
790  if (key_out) {
791  /* First is the key. */
792  memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
793  }
794  offset += ED25519_PUBKEY_LEN;
795  if (checksum_out) {
796  /* Followed by a 2 bytes checksum. */
797  memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
798  }
799  offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
800  if (version_out) {
801  /* Finally, version value is 1 byte. */
802  *version_out = get_uint8(address + offset);
803  }
804  offset += sizeof(uint8_t);
805  /* Extra safety. */
806  tor_assert(offset == HS_SERVICE_ADDR_LEN);
807 }
808 
809 /* Using the given identity public key and a blinded public key, compute the
810  * subcredential and put it in subcred_out (must be of size DIGEST256_LEN).
811  * This can't fail. */
812 void
813 hs_get_subcredential(const ed25519_public_key_t *identity_pk,
814  const ed25519_public_key_t *blinded_pk,
815  uint8_t *subcred_out)
816 {
817  uint8_t credential[DIGEST256_LEN];
818  crypto_digest_t *digest;
819 
820  tor_assert(identity_pk);
821  tor_assert(blinded_pk);
822  tor_assert(subcred_out);
823 
824  /* First, build the credential. Construction is as follow:
825  * credential = H("credential" | public-identity-key) */
826  digest = crypto_digest256_new(DIGEST_SHA3_256);
827  crypto_digest_add_bytes(digest, HS_CREDENTIAL_PREFIX,
828  HS_CREDENTIAL_PREFIX_LEN);
829  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
830  ED25519_PUBKEY_LEN);
831  crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
832  crypto_digest_free(digest);
833 
834  /* Now, compute the subcredential. Construction is as follow:
835  * subcredential = H("subcredential" | credential | blinded-public-key). */
836  digest = crypto_digest256_new(DIGEST_SHA3_256);
837  crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
838  HS_SUBCREDENTIAL_PREFIX_LEN);
839  crypto_digest_add_bytes(digest, (const char *) credential,
840  sizeof(credential));
841  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
842  ED25519_PUBKEY_LEN);
843  crypto_digest_get_digest(digest, (char *) subcred_out, DIGEST256_LEN);
844  crypto_digest_free(digest);
845 
846  memwipe(credential, 0, sizeof(credential));
847 }
848 
849 /* From the given list of hidden service ports, find the ones that match the
850  * given edge connection conn, pick one at random and use it to set the
851  * connection address. Return 0 on success or -1 if none. */
852 int
853 hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
854 {
855  rend_service_port_config_t *chosen_port;
856  unsigned int warn_once = 0;
857  smartlist_t *matching_ports;
858 
859  tor_assert(ports);
860  tor_assert(conn);
861 
862  matching_ports = smartlist_new();
864  if (TO_CONN(conn)->port != p->virtual_port) {
865  continue;
866  }
867  if (!(p->is_unix_addr)) {
868  smartlist_add(matching_ports, p);
869  } else {
870  if (add_unix_port(matching_ports, p)) {
871  if (!warn_once) {
872  /* Unix port not supported so warn only once. */
873  log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
874  "which is unsupported on this platform. "
875  "Ignoring it.",
876  TO_CONN(conn)->port);
877  }
878  warn_once++;
879  }
880  }
881  } SMARTLIST_FOREACH_END(p);
882 
883  chosen_port = smartlist_choose(matching_ports);
884  smartlist_free(matching_ports);
885  if (chosen_port) {
886  if (!(chosen_port->is_unix_addr)) {
887  /* save the original destination before we overwrite it */
888  if (conn->hs_ident) {
889  conn->hs_ident->orig_virtual_port = TO_CONN(conn)->port;
890  }
891 
892  /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
893  tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
894  TO_CONN(conn)->port = chosen_port->real_port;
895  } else {
896  if (set_unix_port(conn, chosen_port)) {
897  /* Simply impossible to end up here else we were able to add a Unix
898  * port without AF_UNIX support... ? */
899  tor_assert(0);
900  }
901  }
902  }
903  return (chosen_port) ? 0 : -1;
904 }
905 
906 /* Using a base32 representation of a service address, parse its content into
907  * the key_out, checksum_out and version_out. Any out variable can be NULL in
908  * case the caller would want only one field. checksum_out MUST at least be 2
909  * bytes long.
910  *
911  * Return 0 if parsing went well; return -1 in case of error. */
912 int
913 hs_parse_address(const char *address, ed25519_public_key_t *key_out,
914  uint8_t *checksum_out, uint8_t *version_out)
915 {
916  char decoded[HS_SERVICE_ADDR_LEN];
917 
918  tor_assert(address);
919 
920  /* Obvious length check. */
921  if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
922  log_warn(LD_REND, "Service address %s has an invalid length. "
923  "Expected %lu but got %lu.",
924  escaped_safe_str(address),
925  (unsigned long) HS_SERVICE_ADDR_LEN_BASE32,
926  (unsigned long) strlen(address));
927  goto invalid;
928  }
929 
930  /* Decode address so we can extract needed fields. */
931  if (base32_decode(decoded, sizeof(decoded), address, strlen(address))
932  != sizeof(decoded)) {
933  log_warn(LD_REND, "Service address %s can't be decoded.",
934  escaped_safe_str(address));
935  goto invalid;
936  }
937 
938  /* Parse the decoded address into the fields we need. */
939  hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
940 
941  return 0;
942  invalid:
943  return -1;
944 }
945 
946 /* Validate a given onion address. The length, the base32 decoding, and
947  * checksum are validated. Return 1 if valid else 0. */
948 int
949 hs_address_is_valid(const char *address)
950 {
951  uint8_t version;
952  uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
953  uint8_t target_checksum[DIGEST256_LEN];
954  ed25519_public_key_t service_pubkey;
955 
956  /* Parse the decoded address into the fields we need. */
957  if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
958  goto invalid;
959  }
960 
961  /* Get the checksum it's supposed to be and compare it with what we have
962  * encoded in the address. */
963  build_hs_checksum(&service_pubkey, version, target_checksum);
964  if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
965  log_warn(LD_REND, "Service address %s invalid checksum.",
966  escaped_safe_str(address));
967  goto invalid;
968  }
969 
970  /* Validate that this pubkey does not have a torsion component. We need to do
971  * this on the prop224 client-side so that attackers can't give equivalent
972  * forms of an onion address to users. */
973  if (ed25519_validate_pubkey(&service_pubkey) < 0) {
974  log_warn(LD_REND, "Service address %s has bad pubkey .",
975  escaped_safe_str(address));
976  goto invalid;
977  }
978 
979  /* Valid address. */
980  return 1;
981  invalid:
982  return 0;
983 }
984 
985 /* Build a service address using an ed25519 public key and a given version.
986  * The returned address is base32 encoded and put in addr_out. The caller MUST
987  * make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
988  *
989  * Format is as follows:
990  * base32(PUBKEY || CHECKSUM || VERSION)
991  * CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
992  * */
993 void
994 hs_build_address(const ed25519_public_key_t *key, uint8_t version,
995  char *addr_out)
996 {
997  uint8_t checksum[DIGEST256_LEN];
998  char address[HS_SERVICE_ADDR_LEN];
999 
1000  tor_assert(key);
1001  tor_assert(addr_out);
1002 
1003  /* Get the checksum of the address. */
1004  build_hs_checksum(key, version, checksum);
1005  /* Get the binary address representation. */
1006  build_hs_address(key, checksum, version, address);
1007 
1008  /* Encode the address. addr_out will be NUL terminated after this. */
1009  base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
1010  sizeof(address));
1011  /* Validate what we just built. */
1012  tor_assert(hs_address_is_valid(addr_out));
1013 }
1014 
1015 /* From a given ed25519 public key pk and an optional secret, compute a
1016  * blinded public key and put it in blinded_pk_out. This is only useful to
1017  * the client side because the client only has access to the identity public
1018  * key of the service. */
1019 void
1020 hs_build_blinded_pubkey(const ed25519_public_key_t *pk,
1021  const uint8_t *secret, size_t secret_len,
1022  uint64_t time_period_num,
1023  ed25519_public_key_t *blinded_pk_out)
1024 {
1025  /* Our blinding key API requires a 32 bytes parameter. */
1026  uint8_t param[DIGEST256_LEN];
1027 
1028  tor_assert(pk);
1029  tor_assert(blinded_pk_out);
1030  tor_assert(!fast_mem_is_zero((char *) pk, ED25519_PUBKEY_LEN));
1031 
1032  build_blinded_key_param(pk, secret, secret_len,
1033  time_period_num, get_time_period_length(), param);
1034  ed25519_public_blind(blinded_pk_out, pk, param);
1035 
1036  memwipe(param, 0, sizeof(param));
1037 }
1038 
1039 /* From a given ed25519 keypair kp and an optional secret, compute a blinded
1040  * keypair for the current time period and put it in blinded_kp_out. This is
1041  * only useful by the service side because the client doesn't have access to
1042  * the identity secret key. */
1043 void
1044 hs_build_blinded_keypair(const ed25519_keypair_t *kp,
1045  const uint8_t *secret, size_t secret_len,
1046  uint64_t time_period_num,
1047  ed25519_keypair_t *blinded_kp_out)
1048 {
1049  /* Our blinding key API requires a 32 bytes parameter. */
1050  uint8_t param[DIGEST256_LEN];
1051 
1052  tor_assert(kp);
1053  tor_assert(blinded_kp_out);
1054  /* Extra safety. A zeroed key is bad. */
1055  tor_assert(!fast_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
1056  tor_assert(!fast_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
1057 
1058  build_blinded_key_param(&kp->pubkey, secret, secret_len,
1059  time_period_num, get_time_period_length(), param);
1060  ed25519_keypair_blind(blinded_kp_out, kp, param);
1061 
1062  memwipe(param, 0, sizeof(param));
1063 }
1064 
1065 /* Return true if we are currently in the time segment between a new time
1066  * period and a new SRV (in the real network that happens between 12:00 and
1067  * 00:00 UTC). Here is a diagram showing exactly when this returns true:
1068  *
1069  * +------------------------------------------------------------------+
1070  * | |
1071  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
1072  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
1073  * | |
1074  * | $==========|-----------$===========|-----------$===========| |
1075  * | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
1076  * | |
1077  * +------------------------------------------------------------------+
1078  */
1079 MOCK_IMPL(int,
1080 hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
1081 {
1082  time_t valid_after;
1083  time_t srv_start_time, tp_start_time;
1084 
1085  if (!consensus) {
1086  consensus = networkstatus_get_live_consensus(now);
1087  if (!consensus) {
1088  return 0;
1089  }
1090  }
1091 
1092  /* Get start time of next TP and of current SRV protocol run, and check if we
1093  * are between them. */
1094  valid_after = consensus->valid_after;
1096  tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
1097 
1098  if (valid_after >= srv_start_time && valid_after < tp_start_time) {
1099  return 0;
1100  }
1101 
1102  return 1;
1103 }
1104 
1105 /* Return 1 if any virtual port in ports needs a circuit with good uptime.
1106  * Else return 0. */
1107 int
1108 hs_service_requires_uptime_circ(const smartlist_t *ports)
1109 {
1110  tor_assert(ports);
1111 
1113  if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
1114  p->virtual_port)) {
1115  return 1;
1116  }
1117  } SMARTLIST_FOREACH_END(p);
1118  return 0;
1119 }
1120 
1121 /* Build hs_index which is used to find the responsible hsdirs. This index
1122  * value is used to select the responsible HSDir where their hsdir_index is
1123  * closest to this value.
1124  * SHA3-256("store-at-idx" | blinded_public_key |
1125  * INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
1126  *
1127  * hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
1128 void
1129 hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
1130  uint64_t period_num, uint8_t *hs_index_out)
1131 {
1132  crypto_digest_t *digest;
1133 
1134  tor_assert(blinded_pk);
1135  tor_assert(hs_index_out);
1136 
1137  /* Build hs_index. See construction at top of function comment. */
1138  digest = crypto_digest256_new(DIGEST_SHA3_256);
1139  crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
1140  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
1141  ED25519_PUBKEY_LEN);
1142 
1143  /* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
1144  {
1145  uint64_t period_length = get_time_period_length();
1146  char buf[sizeof(uint64_t)*3];
1147  size_t offset = 0;
1148  set_uint64(buf, tor_htonll(replica));
1149  offset += sizeof(uint64_t);
1150  set_uint64(buf+offset, tor_htonll(period_length));
1151  offset += sizeof(uint64_t);
1152  set_uint64(buf+offset, tor_htonll(period_num));
1153  offset += sizeof(uint64_t);
1154  tor_assert(offset == sizeof(buf));
1155 
1156  crypto_digest_add_bytes(digest, buf, sizeof(buf));
1157  }
1158 
1159  crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
1160  crypto_digest_free(digest);
1161 }
1162 
1163 /* Build hsdir_index which is used to find the responsible hsdirs. This is the
1164  * index value that is compare to the hs_index when selecting an HSDir.
1165  * SHA3-256("node-idx" | node_identity |
1166  * shared_random_value | INT_8(period_length) | INT_8(period_num) )
1167  *
1168  * hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
1169 void
1170 hs_build_hsdir_index(const ed25519_public_key_t *identity_pk,
1171  const uint8_t *srv_value, uint64_t period_num,
1172  uint8_t *hsdir_index_out)
1173 {
1174  crypto_digest_t *digest;
1175 
1176  tor_assert(identity_pk);
1177  tor_assert(srv_value);
1178  tor_assert(hsdir_index_out);
1179 
1180  /* Build hsdir_index. See construction at top of function comment. */
1181  digest = crypto_digest256_new(DIGEST_SHA3_256);
1182  crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
1183  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
1184  ED25519_PUBKEY_LEN);
1185  crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
1186 
1187  {
1188  uint64_t time_period_length = get_time_period_length();
1189  char period_stuff[sizeof(uint64_t)*2];
1190  size_t offset = 0;
1191  set_uint64(period_stuff, tor_htonll(period_num));
1192  offset += sizeof(uint64_t);
1193  set_uint64(period_stuff+offset, tor_htonll(time_period_length));
1194  offset += sizeof(uint64_t);
1195  tor_assert(offset == sizeof(period_stuff));
1196 
1197  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
1198  }
1199 
1200  crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
1201  crypto_digest_free(digest);
1202 }
1203 
1204 /* Return a newly allocated buffer containing the current shared random value
1205  * or if not present, a disaster value is computed using the given time period
1206  * number. If a consensus is provided in <b>ns</b>, use it to get the SRV
1207  * value. This function can't fail. */
1208 uint8_t *
1209 hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
1210 {
1211  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1212  const sr_srv_t *current_srv = sr_get_current(ns);
1213 
1214  if (current_srv) {
1215  memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
1216  } else {
1217  /* Disaster mode. */
1218  get_disaster_srv(time_period_num, sr_value);
1219  }
1220  return sr_value;
1221 }
1222 
1223 /* Return a newly allocated buffer containing the previous shared random
1224  * value or if not present, a disaster value is computed using the given time
1225  * period number. This function can't fail. */
1226 uint8_t *
1227 hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
1228 {
1229  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1230  const sr_srv_t *previous_srv = sr_get_previous(ns);
1231 
1232  if (previous_srv) {
1233  memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
1234  } else {
1235  /* Disaster mode. */
1236  get_disaster_srv(time_period_num, sr_value);
1237  }
1238  return sr_value;
1239 }
1240 
1241 /* Return the number of replicas defined by a consensus parameter or the
1242  * default value. */
1243 int32_t
1244 hs_get_hsdir_n_replicas(void)
1245 {
1246  /* The [1,16] range is a specification requirement. */
1247  return networkstatus_get_param(NULL, "hsdir_n_replicas",
1248  HS_DEFAULT_HSDIR_N_REPLICAS, 1, 16);
1249 }
1250 
1251 /* Return the spread fetch value defined by a consensus parameter or the
1252  * default value. */
1253 int32_t
1254 hs_get_hsdir_spread_fetch(void)
1255 {
1256  /* The [1,128] range is a specification requirement. */
1257  return networkstatus_get_param(NULL, "hsdir_spread_fetch",
1258  HS_DEFAULT_HSDIR_SPREAD_FETCH, 1, 128);
1259 }
1260 
1261 /* Return the spread store value defined by a consensus parameter or the
1262  * default value. */
1263 int32_t
1264 hs_get_hsdir_spread_store(void)
1265 {
1266  /* The [1,128] range is a specification requirement. */
1267  return networkstatus_get_param(NULL, "hsdir_spread_store",
1268  HS_DEFAULT_HSDIR_SPREAD_STORE, 1, 128);
1269 }
1270 
1273 static int
1275 {
1277 
1278  /* A node can't have an HSDir index without a descriptor since we need desc
1279  * to get its ed25519 key. for_direct_connect should be zero, since we
1280  * always use the consensus-indexed node's keys to build the hash ring, even
1281  * if some of the consensus-indexed nodes are also bridges. */
1282  if (!node_has_preferred_descriptor(node, 0)) {
1283  return 0;
1284  }
1285 
1286  /* At this point, since the node has a desc, this node must also have an
1287  * hsdir index. If not, something went wrong, so BUG out. */
1288  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.fetch,
1289  DIGEST256_LEN))) {
1290  return 0;
1291  }
1292  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_first,
1293  DIGEST256_LEN))) {
1294  return 0;
1295  }
1296  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_second,
1297  DIGEST256_LEN))) {
1298  return 0;
1299  }
1300 
1301  return 1;
1302 }
1303 
1304 /* For a given blinded key and time period number, get the responsible HSDir
1305  * and put their routerstatus_t object in the responsible_dirs list. If
1306  * 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
1307  * is used. If 'for_fetching' is true, the spread fetch consensus parameter is
1308  * used else the spread store is used which is only for upload. This function
1309  * can't fail but it is possible that the responsible_dirs list contains fewer
1310  * nodes than expected.
1311  *
1312  * This function goes over the latest consensus routerstatus list and sorts it
1313  * by their node_t hsdir_index then does a binary search to find the closest
1314  * node. All of this makes it a bit CPU intensive so use it wisely. */
1315 void
1316 hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,
1317  uint64_t time_period_num, int use_second_hsdir_index,
1318  int for_fetching, smartlist_t *responsible_dirs)
1319 {
1320  smartlist_t *sorted_nodes;
1321  /* The compare function used for the smartlist bsearch. We have two
1322  * different depending on is_next_period. */
1323  int (*cmp_fct)(const void *, const void **);
1324 
1325  tor_assert(blinded_pk);
1326  tor_assert(responsible_dirs);
1327 
1328  sorted_nodes = smartlist_new();
1329 
1330  /* Make sure we actually have a live consensus */
1331  networkstatus_t *c = networkstatus_get_live_consensus(approx_time());
1332  if (!c || smartlist_len(c->routerstatus_list) == 0) {
1333  log_warn(LD_REND, "No live consensus so we can't get the responsible "
1334  "hidden service directories.");
1335  goto done;
1336  }
1337 
1338  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
1340 
1341  /* Add every node_t that support HSDir v3 for which we do have a valid
1342  * hsdir_index already computed for them for this consensus. */
1343  {
1345  /* Even though this node_t object won't be modified and should be const,
1346  * we can't add const object in a smartlist_t. */
1347  node_t *n = node_get_mutable_by_id(rs->identity_digest);
1348  tor_assert(n);
1349  if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
1350  if (!node_has_hsdir_index(n)) {
1351  log_info(LD_GENERAL, "Node %s was found without hsdir index.",
1352  node_describe(n));
1353  continue;
1354  }
1355  smartlist_add(sorted_nodes, n);
1356  }
1357  } SMARTLIST_FOREACH_END(rs);
1358  }
1359  if (smartlist_len(sorted_nodes) == 0) {
1360  log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
1361  goto done;
1362  }
1363 
1364  /* First thing we have to do is sort all node_t by hsdir_index. The
1365  * is_next_period tells us if we want the current or the next one. Set the
1366  * bsearch compare function also while we are at it. */
1367  if (for_fetching) {
1368  smartlist_sort(sorted_nodes, compare_node_fetch_hsdir_index);
1369  cmp_fct = compare_digest_to_fetch_hsdir_index;
1370  } else if (use_second_hsdir_index) {
1371  smartlist_sort(sorted_nodes, compare_node_store_second_hsdir_index);
1372  cmp_fct = compare_digest_to_store_second_hsdir_index;
1373  } else {
1374  smartlist_sort(sorted_nodes, compare_node_store_first_hsdir_index);
1375  cmp_fct = compare_digest_to_store_first_hsdir_index;
1376  }
1377 
1378  /* For all replicas, we'll select a set of HSDirs using the consensus
1379  * parameters and the sorted list. The replica starting at value 1 is
1380  * defined by the specification. */
1381  for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
1382  int idx, start, found, n_added = 0;
1383  uint8_t hs_index[DIGEST256_LEN] = {0};
1384  /* Number of node to add to the responsible dirs list depends on if we are
1385  * trying to fetch or store. A client always fetches. */
1386  int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
1387  hs_get_hsdir_spread_store();
1388 
1389  /* Get the index that we should use to select the node. */
1390  hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
1391  /* The compare function pointer has been set correctly earlier. */
1392  start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
1393  &found);
1394  /* Getting the length of the list if no member is greater than the key we
1395  * are looking for so start at the first element. */
1396  if (idx == smartlist_len(sorted_nodes)) {
1397  start = idx = 0;
1398  }
1399  while (n_added < n_to_add) {
1400  const node_t *node = smartlist_get(sorted_nodes, idx);
1401  /* If the node has already been selected which is possible between
1402  * replicas, the specification says to skip over. */
1403  if (!smartlist_contains(responsible_dirs, node->rs)) {
1404  smartlist_add(responsible_dirs, node->rs);
1405  ++n_added;
1406  }
1407  if (++idx == smartlist_len(sorted_nodes)) {
1408  /* Wrap if we've reached the end of the list. */
1409  idx = 0;
1410  }
1411  if (idx == start) {
1412  /* We've gone over the whole list, stop and avoid infinite loop. */
1413  break;
1414  }
1415  }
1416  }
1417 
1418  done:
1419  smartlist_free(sorted_nodes);
1420 }
1421 
1422 /*********************** HSDir request tracking ***************************/
1423 
1426 time_t
1428 {
1429  tor_assert(options);
1430 
1431  if (options->TestingTorNetwork) {
1432  return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
1433  } else {
1434  return REND_HID_SERV_DIR_REQUERY_PERIOD;
1435  }
1436 }
1437 
1452 static strmap_t *last_hid_serv_requests_ = NULL;
1453 
1456 STATIC strmap_t *
1458 {
1460  last_hid_serv_requests_ = strmap_new();
1461  return last_hid_serv_requests_;
1462 }
1463 
1469 time_t
1471  const char *req_key_str,
1472  time_t now, int set)
1473 {
1474  char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
1475  char *hsdir_desc_comb_id = NULL;
1476  time_t *last_request_ptr;
1477  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1478 
1479  /* Create the key */
1480  base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
1481  hs_dir->identity_digest, DIGEST_LEN);
1482  tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
1483 
1484  if (set) {
1485  time_t *oldptr;
1486  last_request_ptr = tor_malloc_zero(sizeof(time_t));
1487  *last_request_ptr = now;
1488  oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
1489  last_request_ptr);
1490  tor_free(oldptr);
1491  } else {
1492  last_request_ptr = strmap_get(last_hid_serv_requests,
1493  hsdir_desc_comb_id);
1494  }
1495 
1496  tor_free(hsdir_desc_comb_id);
1497  return (last_request_ptr) ? *last_request_ptr : 0;
1498 }
1499 
1503 void
1505 {
1506  strmap_iter_t *iter;
1507  time_t cutoff = now - hs_hsdir_requery_period(get_options());
1508  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1509  for (iter = strmap_iter_init(last_hid_serv_requests);
1510  !strmap_iter_done(iter); ) {
1511  const char *key;
1512  void *val;
1513  time_t *ent;
1514  strmap_iter_get(iter, &key, &val);
1515  ent = (time_t *) val;
1516  if (*ent < cutoff) {
1517  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1518  tor_free(ent);
1519  } else {
1520  iter = strmap_iter_next(last_hid_serv_requests, iter);
1521  }
1522  }
1523 }
1524 
1532 void
1534 {
1535  strmap_iter_t *iter;
1536  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1537 
1538  for (iter = strmap_iter_init(last_hid_serv_requests);
1539  !strmap_iter_done(iter); ) {
1540  const char *key;
1541  void *val;
1542  strmap_iter_get(iter, &key, &val);
1543 
1544  /* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
1545  * semantic, see #23305. */
1546 
1547  /* This strmap contains variable-sized elements so this is a basic length
1548  * check on the strings we are about to compare. The key is variable sized
1549  * since it's composed as follows:
1550  * key = base32(hsdir_identity) + base32(req_key_str)
1551  * where 'req_key_str' is the descriptor ID of the HS in the v2 case, or
1552  * the ed25519 blinded public key of the HS in the v3 case. */
1553  if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
1554  iter = strmap_iter_next(last_hid_serv_requests, iter);
1555  continue;
1556  }
1557 
1558  /* Check if the tracked request matches our request key */
1559  if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
1560  strlen(req_key_str))) {
1561  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1562  tor_free(val);
1563  } else {
1564  iter = strmap_iter_next(last_hid_serv_requests, iter);
1565  }
1566  }
1567 }
1568 
1573 void
1575 {
1576  /* Don't create the table if it doesn't exist yet (and it may very
1577  * well not exist if the user hasn't accessed any HSes)... */
1578  strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
1579  /* ... and let get_last_hid_serv_requests re-create it for us if
1580  * necessary. */
1581  last_hid_serv_requests_ = NULL;
1582 
1583  if (old_last_hid_serv_requests != NULL) {
1584  log_info(LD_REND, "Purging client last-HS-desc-request-time table");
1585  strmap_free(old_last_hid_serv_requests, tor_free_);
1586  }
1587 }
1588 
1589 /***********************************************************************/
1590 
1602 hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str,
1603  bool *is_rate_limited_out)
1604 {
1605  smartlist_t *usable_responsible_dirs = smartlist_new();
1606  const or_options_t *options = get_options();
1607  routerstatus_t *hs_dir;
1608  time_t now = time(NULL);
1609  int excluded_some;
1610  bool rate_limited = false;
1611  int rate_limited_count = 0;
1612  int responsible_dirs_count = smartlist_len(responsible_dirs);
1613 
1614  tor_assert(req_key_str);
1615 
1616  /* Clean outdated request history first. */
1618 
1619  /* Only select those hidden service directories to which we did not send a
1620  * request recently and for which we have a router descriptor here.
1621  *
1622  * Use for_direct_connect==0 even if we will be connecting to the node
1623  * directly, since we always use the key information in the
1624  * consensus-indexed node descriptors for building the index.
1625  **/
1626  SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
1627  time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
1628  const node_t *node = node_get_by_id(dir->identity_digest);
1629  if (last + hs_hsdir_requery_period(options) >= now ||
1630  !node || !node_has_preferred_descriptor(node, 0)) {
1631  SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
1632  rate_limited_count++;
1633  continue;
1634  }
1635  if (!routerset_contains_node(options->ExcludeNodes, node)) {
1636  smartlist_add(usable_responsible_dirs, dir);
1637  }
1638  } SMARTLIST_FOREACH_END(dir);
1639 
1640  if (rate_limited_count > 0 || responsible_dirs_count > 0) {
1641  rate_limited = rate_limited_count == responsible_dirs_count;
1642  }
1643 
1644  excluded_some =
1645  smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
1646 
1647  hs_dir = smartlist_choose(usable_responsible_dirs);
1648  if (!hs_dir && !options->StrictNodes) {
1649  hs_dir = smartlist_choose(responsible_dirs);
1650  }
1651 
1652  smartlist_free(responsible_dirs);
1653  smartlist_free(usable_responsible_dirs);
1654  if (!hs_dir) {
1655  const char *warn_str = (rate_limited) ? "we are rate limited." :
1656  "we requested them all recently without success";
1657  log_info(LD_REND, "Could not pick one of the responsible hidden "
1658  "service directories, because %s.", warn_str);
1659  if (options->StrictNodes && excluded_some) {
1660  log_warn(LD_REND, "Could not pick a hidden service directory for the "
1661  "requested hidden service: they are all either down or "
1662  "excluded, and StrictNodes is set.");
1663  }
1664  } else {
1665  /* Remember that we are requesting a descriptor from this hidden service
1666  * directory now. */
1667  hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
1668  }
1669 
1670  if (is_rate_limited_out != NULL) {
1671  *is_rate_limited_out = rate_limited;
1672  }
1673 
1674  return hs_dir;
1675 }
1676 
1677 /* Given a list of link specifiers lspecs, a curve 25519 onion_key, and
1678  * a direct connection boolean direct_conn (true for single onion services),
1679  * return a newly allocated extend_info_t object.
1680  *
1681  * This function always returns an extend info with a valid IP address and
1682  * ORPort, or NULL. If direct_conn is false, the IP address is always IPv4.
1683  *
1684  * It performs the following checks:
1685  * if there is no usable IP address, or legacy ID is missing, return NULL.
1686  * if direct_conn, and we can't reach any IP address, return NULL.
1687  */
1688 extend_info_t *
1689 hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
1690  const curve25519_public_key_t *onion_key,
1691  int direct_conn)
1692 {
1693  int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
1694  char legacy_id[DIGEST_LEN] = {0};
1695  ed25519_public_key_t ed25519_pk;
1696  extend_info_t *info = NULL;
1697  tor_addr_port_t ap;
1698 
1699  tor_addr_make_null(&ap.addr, AF_UNSPEC);
1700  ap.port = 0;
1701 
1702  if (lspecs == NULL) {
1703  log_warn(LD_BUG, "Specified link specifiers is null");
1704  goto done;
1705  }
1706 
1707  if (onion_key == NULL) {
1708  log_warn(LD_BUG, "Specified onion key is null");
1709  goto done;
1710  }
1711 
1712  if (smartlist_len(lspecs) == 0) {
1713  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Empty link specifier list.");
1714  /* Return NULL. */
1715  goto done;
1716  }
1717 
1718  SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
1719  switch (link_specifier_get_ls_type(ls)) {
1720  case LS_IPV4:
1721  /* Skip if we already seen a v4. If direct_conn is true, we skip this
1722  * block because fascist_firewall_choose_address_ls() will set ap. If
1723  * direct_conn is false, set ap to the first IPv4 address and port in
1724  * the link specifiers.*/
1725  if (have_v4 || direct_conn) continue;
1726  tor_addr_from_ipv4h(&ap.addr,
1727  link_specifier_get_un_ipv4_addr(ls));
1728  ap.port = link_specifier_get_un_ipv4_port(ls);
1729  have_v4 = 1;
1730  break;
1731  case LS_LEGACY_ID:
1732  /* Make sure we do have enough bytes for the legacy ID. */
1733  if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
1734  break;
1735  }
1736  memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
1737  sizeof(legacy_id));
1738  have_legacy_id = 1;
1739  break;
1740  case LS_ED25519_ID:
1741  memcpy(ed25519_pk.pubkey,
1742  link_specifier_getconstarray_un_ed25519_id(ls),
1743  ED25519_PUBKEY_LEN);
1744  have_ed25519_id = 1;
1745  break;
1746  default:
1747  /* Ignore unknown. */
1748  break;
1749  }
1750  } SMARTLIST_FOREACH_END(ls);
1751 
1752  /* Choose a preferred address first, but fall back to an allowed address. */
1753  if (direct_conn)
1754  fascist_firewall_choose_address_ls(lspecs, 0, &ap);
1755 
1756  /* Legacy ID is mandatory, and we require an IP address. */
1757  if (!tor_addr_port_is_valid_ap(&ap, 0)) {
1758  /* If we're missing the IP address, log a warning and return NULL. */
1759  log_info(LD_NET, "Unreachable or invalid IP address in link state");
1760  goto done;
1761  }
1762  if (!have_legacy_id) {
1763  /* If we're missing the legacy ID, log a warning and return NULL. */
1764  log_warn(LD_PROTOCOL, "Missing Legacy ID in link state");
1765  goto done;
1766  }
1767 
1768  /* We will add support for falling back to a 3-hop path in a later
1769  * release. */
1770 
1771  /* We'll validate now that the address we've picked isn't a private one. If
1772  * it is, are we allowed to extend to private addresses? */
1773  if (!extend_info_addr_is_allowed(&ap.addr)) {
1774  log_fn(LOG_PROTOCOL_WARN, LD_REND,
1775  "Requested address is private and we are not allowed to extend to "
1776  "it: %s:%u", fmt_addr(&ap.addr), ap.port);
1777  goto done;
1778  }
1779 
1780  /* We do have everything for which we think we can connect successfully. */
1781  info = extend_info_new(NULL, legacy_id,
1782  (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
1783  onion_key, &ap.addr, ap.port);
1784  done:
1785  return info;
1786 }
1787 
1788 /***********************************************************************/
1789 
1790 /* Initialize the entire HS subsytem. This is called in tor_init() before any
1791  * torrc options are loaded. Only for >= v3. */
1792 void
1793 hs_init(void)
1794 {
1795  hs_circuitmap_init();
1796  hs_service_init();
1797  hs_cache_init();
1798 }
1799 
1800 /* Release and cleanup all memory of the HS subsystem (all version). This is
1801  * called by tor_free_all(). */
1802 void
1803 hs_free_all(void)
1804 {
1805  hs_circuitmap_free_all();
1806  hs_service_free_all();
1807  hs_cache_free_all();
1808  hs_client_free_all();
1809 }
1810 
1811 /* For the given origin circuit circ, decrement the number of rendezvous
1812  * stream counter. This handles every hidden service version. */
1813 void
1814 hs_dec_rdv_stream_counter(origin_circuit_t *circ)
1815 {
1816  tor_assert(circ);
1817 
1818  if (circ->rend_data) {
1819  circ->rend_data->nr_streams--;
1820  } else if (circ->hs_ident) {
1821  circ->hs_ident->num_rdv_streams--;
1822  } else {
1823  /* Should not be called if this circuit is not for hidden service. */
1824  tor_assert_nonfatal_unreached();
1825  }
1826 }
1827 
1828 /* For the given origin circuit circ, increment the number of rendezvous
1829  * stream counter. This handles every hidden service version. */
1830 void
1831 hs_inc_rdv_stream_counter(origin_circuit_t *circ)
1832 {
1833  tor_assert(circ);
1834 
1835  if (circ->rend_data) {
1836  circ->rend_data->nr_streams++;
1837  } else if (circ->hs_ident) {
1838  circ->hs_ident->num_rdv_streams++;
1839  } else {
1840  /* Should not be called if this circuit is not for hidden service. */
1841  tor_assert_nonfatal_unreached();
1842  }
1843 }
1844 
1845 /* Return a newly allocated link specifier object that is a copy of dst. */
1846 link_specifier_t *
1847 link_specifier_dup(const link_specifier_t *src)
1848 {
1849  link_specifier_t *dup = NULL;
1850  uint8_t *buf = NULL;
1851 
1852  if (BUG(!src)) {
1853  goto err;
1854  }
1855 
1856  ssize_t encoded_len_alloc = link_specifier_encoded_len(src);
1857  if (BUG(encoded_len_alloc < 0)) {
1858  goto err;
1859  }
1860 
1861  buf = tor_malloc_zero(encoded_len_alloc);
1862  ssize_t encoded_len_data = link_specifier_encode(buf,
1863  encoded_len_alloc,
1864  src);
1865  if (BUG(encoded_len_data < 0)) {
1866  goto err;
1867  }
1868 
1869  ssize_t parsed_len = link_specifier_parse(&dup, buf, encoded_len_alloc);
1870  if (BUG(parsed_len < 0)) {
1871  goto err;
1872  }
1873 
1874  goto done;
1875 
1876  err:
1877  dup = NULL;
1878 
1879  done:
1880  tor_free(buf);
1881  return dup;
1882 }
Header file containing denial of service defenses for the HS subsystem for all versions.
Header file for rendcommon.c.
rend_data_t * rend_data
char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN]
Definition: or.h:443
unsigned int cpd_check_t
Definition: dir.h:20
Header file containing common data for the whole HS subsytem.
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:28
void rend_data_free_(rend_data_t *data)
Definition: hs_common.c:359
Header file containing service data for the HS subsytem.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define TO_CONN(c)
Definition: or.h:735
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:338
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
const char * escaped_safe_str(const char *address)
Definition: config.c:1149
Header file containing client data for the HS subsytem.
tor_addr_t addr
STATIC strmap_t * get_last_hid_serv_requests(void)
Definition: hs_common.c:1457
#define LD_GENERAL
Definition: log.h:60
char descriptor_cookie[REND_DESC_COOKIE_LEN]
Definition: or.h:446
int nr_streams
Definition: or.h:430
char identity_digest[DIGEST_LEN]
Header file for describe.c.
Header file for nodelist.c.
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
void smartlist_add(smartlist_t *sl, void *element)
time_t sr_state_get_start_time_of_current_protocol_run(void)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:153
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:354
int smartlist_contains(const smartlist_t *sl, const void *element)
Header file for config.c.
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
smartlist_t * hsdirs_fp
Definition: or.h:424
static int node_has_hsdir_index(const node_t *node)
Definition: hs_common.c:1274
uint16_t port
#define tor_free(p)
Definition: malloc.h:52
int node_supports_v3_hsdir(const node_t *node)
Definition: nodelist.c:1152
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1351
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
#define SMARTLIST_DEL_CURRENT(sl, var)
time_t hs_hsdir_requery_period(const or_options_t *options)
Definition: hs_common.c:1427
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1574
rend_auth_type_t
Definition: or.h:402
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header file for policies.c.
char rend_pk_digest[DIGEST_LEN]
Definition: or.h:457
int ed25519_keypair_blind(ed25519_keypair_t *out, const ed25519_keypair_t *inp, const uint8_t *param)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
void fascist_firewall_choose_address_ls(const smartlist_t *lspecs, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:1025
Common functions for cryptographic routines.
tor_assert(buffer)
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:287
Header file for routermode.c.
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
routerset_t * ExcludeNodes
Definition: or_options_st.h:85
static void set_uint64(void *cp, uint64_t v)
Definition: bytes.h:91
#define DIGEST_LEN
Definition: digest_sizes.h:20
const char * node_describe(const node_t *node)
Definition: describe.c:143
Master header file for Tor-specific functionality.
static uint8_t cached_disaster_srv[2][DIGEST256_LEN]
Definition: hs_common.c:625
unsigned int sr_state_get_protocol_run_duration(void)
Header file for circuitbuild.c.
STATIC uint64_t get_time_period_length(void)
Definition: hs_common.c:241
Header file containing circuit and connection identifier data for the whole HS subsytem.
Header file for shared_random_client.c.
void tor_free_(void *mem)
Definition: malloc.c:227
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:167
Header file for hs_circuitmap.c.
#define LD_REND
Definition: log.h:82
Header file for rendservice.c.
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:348
smartlist_t * routerstatus_list
static strmap_t * last_hid_serv_requests_
Definition: hs_common.c:1452
unsigned int sr_state_get_phase_duration(void)
rend_auth_type_t auth_type
Definition: or.h:449
#define BASE32_DIGEST_LEN
Definition: crypto_digest.h:23
struct hs_ident_circuit_t * hs_ident
char rend_cookie[REND_COOKIE_LEN]
Definition: or.h:427
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:231
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1533
char desc_id_fetch[DIGEST_LEN]
Definition: or.h:454
time_t hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir, const char *req_key_str, time_t now, int set)
Definition: hs_common.c:1470
#define fmt_addr(a)
Definition: address.h:211
#define ARRAY_LENGTH(x)
#define log_fn(severity, domain, args,...)
Definition: log.h:274
time_t approx_time(void)
Definition: approx_time.c:32
Header file for hs_cache.c.
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
Definition: hs_common.c:1602
#define LD_NET
Definition: log.h:64
char onion_address[REND_SERVICE_ID_LEN_BASE32+1]
Definition: or.h:438
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:267
STATIC void get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:632
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:302
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:904
#define LD_PROTOCOL
Definition: log.h:70
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
void hs_clean_last_hid_serv_requests(time_t now)
Definition: hs_common.c:1504
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:84
void nodelist_ensure_freshness(networkstatus_t *ns)
Definition: nodelist.c:928
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:590
int ed25519_public_blind(ed25519_public_key_t *out, const ed25519_public_key_t *inp, const uint8_t *param)