Tor  0.4.7.0-alpha-dev
hs_common.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_common.c
6  * \brief Contains code shared between different HS protocol version as well
7  * as useful data structures and accessors used by other subsystems.
8  **/
9 
10 #define HS_COMMON_PRIVATE
11 
12 #include "core/or/or.h"
13 
14 #include "app/config/config.h"
15 #include "core/or/circuitbuild.h"
16 #include "core/or/policies.h"
17 #include "core/or/extendinfo.h"
19 #include "feature/hs/hs_cache.h"
21 #include "feature/hs/hs_client.h"
22 #include "feature/hs/hs_common.h"
23 #include "feature/hs/hs_dos.h"
24 #include "feature/hs/hs_ob.h"
25 #include "feature/hs/hs_ident.h"
26 #include "feature/hs/hs_service.h"
37 #include "lib/net/resolve.h"
38 
44 
45 /* Trunnel */
46 #include "trunnel/ed25519_cert.h"
47 
48 /** Ed25519 Basepoint value. Taken from section 5 of
49  * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
50 static const char *str_ed25519_basepoint =
51  "(15112221349535400772501151409588531511"
52  "454012693041857206046113283949847762202, "
53  "463168356949264781694283940034751631413"
54  "07993866256225615783033603165251855960)";
55 
56 #ifdef HAVE_SYS_UN_H
57 
58 /** Given <b>ports</b>, a smartlist containing hs_port_config_t,
59  * add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success
60  * else return -ENOSYS if AF_UNIX is not supported (see function in the
61  * #else statement below). */
62 static int
63 add_unix_port(smartlist_t *ports, hs_port_config_t *p)
64 {
65  tor_assert(ports);
66  tor_assert(p);
68 
69  smartlist_add(ports, p);
70  return 0;
71 }
72 
73 /** Given <b>conn</b> set it to use the given port <b>p</b> values. Return 0
74  * on success else return -ENOSYS if AF_UNIX is not supported (see function
75  * in the #else statement below). */
76 static int
77 set_unix_port(edge_connection_t *conn, hs_port_config_t *p)
78 {
79  tor_assert(conn);
80  tor_assert(p);
82 
83  conn->base_.socket_family = AF_UNIX;
84  tor_addr_make_unspec(&conn->base_.addr);
85  conn->base_.port = 1;
86  conn->base_.address = tor_strdup(p->unix_addr);
87  return 0;
88 }
89 
90 #else /* !defined(HAVE_SYS_UN_H) */
91 
92 static int
93 set_unix_port(edge_connection_t *conn, hs_port_config_t *p)
94 {
95  (void) conn;
96  (void) p;
97  return -ENOSYS;
98 }
99 
100 static int
101 add_unix_port(smartlist_t *ports, hs_port_config_t *p)
102 {
103  (void) ports;
104  (void) p;
105  return -ENOSYS;
106 }
107 
108 #endif /* defined(HAVE_SYS_UN_H) */
109 
110 /** Helper function: The key is a digest that we compare to a node_t object
111  * current hsdir_index. */
112 static int
113 compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
114 {
115  const char *key = _key;
116  const node_t *node = *_member;
117  return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
118 }
119 
120 /** Helper function: The key is a digest that we compare to a node_t object
121  * next hsdir_index. */
122 static int
124  const void **_member)
125 {
126  const char *key = _key;
127  const node_t *node = *_member;
128  return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
129 }
130 
131 /** Helper function: The key is a digest that we compare to a node_t object
132  * next hsdir_index. */
133 static int
135  const void **_member)
136 {
137  const char *key = _key;
138  const node_t *node = *_member;
139  return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
140 }
141 
142 /** Helper function: Compare two node_t objects current hsdir_index. */
143 static int
144 compare_node_fetch_hsdir_index(const void **a, const void **b)
145 {
146  const node_t *node1= *a;
147  const node_t *node2 = *b;
148  return tor_memcmp(node1->hsdir_index.fetch,
149  node2->hsdir_index.fetch,
150  DIGEST256_LEN);
151 }
152 
153 /** Helper function: Compare two node_t objects next hsdir_index. */
154 static int
155 compare_node_store_first_hsdir_index(const void **a, const void **b)
156 {
157  const node_t *node1= *a;
158  const node_t *node2 = *b;
159  return tor_memcmp(node1->hsdir_index.store_first,
160  node2->hsdir_index.store_first,
161  DIGEST256_LEN);
162 }
163 
164 /** Helper function: Compare two node_t objects next hsdir_index. */
165 static int
166 compare_node_store_second_hsdir_index(const void **a, const void **b)
167 {
168  const node_t *node1= *a;
169  const node_t *node2 = *b;
170  return tor_memcmp(node1->hsdir_index.store_second,
171  node2->hsdir_index.store_second,
172  DIGEST256_LEN);
173 }
174 
175 /** Allocate and return a string containing the path to filename in directory.
176  * This function will never return NULL. The caller must free this path. */
177 char *
178 hs_path_from_filename(const char *directory, const char *filename)
179 {
180  char *file_path = NULL;
181 
182  tor_assert(directory);
183  tor_assert(filename);
184 
185  tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
186  return file_path;
187 }
188 
189 /** Make sure that the directory for <b>service</b> is private, using the
190  * config <b>username</b>.
191  *
192  * If <b>create</b> is true:
193  * - if the directory exists, change permissions if needed,
194  * - if the directory does not exist, create it with the correct permissions.
195  * If <b>create</b> is false:
196  * - if the directory exists, check permissions,
197  * - if the directory does not exist, check if we think we can create it.
198  * Return 0 on success, -1 on failure. */
199 int
200 hs_check_service_private_dir(const char *username, const char *path,
201  unsigned int dir_group_readable,
202  unsigned int create)
203 {
204  cpd_check_t check_opts = CPD_NONE;
205 
206  tor_assert(path);
207 
208  if (create) {
209  check_opts |= CPD_CREATE;
210  } else {
211  check_opts |= CPD_CHECK_MODE_ONLY;
212  check_opts |= CPD_CHECK;
213  }
214  if (dir_group_readable) {
215  check_opts |= CPD_GROUP_READ;
216  }
217  /* Check/create directory */
218  if (check_private_dir(path, check_opts, username) < 0) {
219  return -1;
220  }
221  return 0;
222 }
223 
224 /* Default, minimum, and maximum values for the maximum rendezvous failures
225  * consensus parameter. */
226 #define MAX_REND_FAILURES_DEFAULT 2
227 #define MAX_REND_FAILURES_MIN 1
228 #define MAX_REND_FAILURES_MAX 10
229 
230 /** How many times will a hidden service operator attempt to connect to
231  * a requested rendezvous point before giving up? */
232 int
234 {
235  return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
236  MAX_REND_FAILURES_DEFAULT,
237  MAX_REND_FAILURES_MIN,
238  MAX_REND_FAILURES_MAX);
239 }
240 
241 /** Get the default HS time period length in minutes from the consensus. */
242 STATIC uint64_t
244 {
245  /* If we are on a test network, make the time period smaller than normal so
246  that we actually see it rotate. Specifically, make it the same length as
247  an SRV protocol run. */
248  if (get_options()->TestingTorNetwork) {
249  unsigned run_duration = sr_state_get_protocol_run_duration();
250  /* An SRV run should take more than a minute (it's 24 rounds) */
251  tor_assert_nonfatal(run_duration > 60);
252  /* Turn it from seconds to minutes before returning: */
254  }
255 
256  int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
260  /* Make sure it's a positive value. */
261  tor_assert(time_period_length > 0);
262  /* uint64_t will always be able to contain a positive int32_t */
263  return (uint64_t) time_period_length;
264 }
265 
266 /** Get the HS time period number at time <b>now</b>. If <b>now</b> is not set,
267  * we try to get the time ourselves from a live consensus. */
268 uint64_t
270 {
271  uint64_t time_period_num;
272  time_t current_time;
273 
274  /* If no time is specified, set current time based on consensus time, and
275  * only fall back to system time if that fails. */
276  if (now != 0) {
277  current_time = now;
278  } else {
279  networkstatus_t *ns =
282  current_time = ns ? ns->valid_after : approx_time();
283  }
284 
285  /* Start by calculating minutes since the epoch */
286  uint64_t time_period_length = get_time_period_length();
287  uint64_t minutes_since_epoch = current_time / 60;
288 
289  /* Apply the rotation offset as specified by prop224 (section
290  * [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
291  * publication */
292  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
293  time_period_rotation_offset /= 60; /* go from seconds to minutes */
294  tor_assert(minutes_since_epoch > time_period_rotation_offset);
295  minutes_since_epoch -= time_period_rotation_offset;
296 
297  /* Calculate the time period */
298  time_period_num = minutes_since_epoch / time_period_length;
299  return time_period_num;
300 }
301 
302 /** Get the number of the _upcoming_ HS time period, given that the current
303  * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
304  * live consensus. */
305 uint64_t
307 {
308  return hs_get_time_period_num(now) + 1;
309 }
310 
311 /** Get the number of the _previous_ HS time period, given that the current
312  * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
313  * live consensus. */
314 uint64_t
316 {
317  return hs_get_time_period_num(now) - 1;
318 }
319 
320 /** Return the start time of the upcoming time period based on <b>now</b>. If
321  * <b>now</b> is not set, we try to get the time ourselves from a live
322  * consensus. */
323 time_t
325 {
326  uint64_t time_period_length = get_time_period_length();
327 
328  /* Get start time of next time period */
329  uint64_t next_time_period_num = hs_get_next_time_period_num(now);
330  uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
331 
332  /* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
333  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
334  return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
335 }
336 
337 /** Using the given time period number, compute the disaster shared random
338  * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
339 static void
340 compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
341 {
342  crypto_digest_t *digest;
343 
344  tor_assert(srv_out);
345 
346  digest = crypto_digest256_new(DIGEST_SHA3_256);
347 
348  /* Start setting up payload:
349  * H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
351  HS_SRV_DISASTER_PREFIX_LEN);
352 
353  /* Setup INT_8(period_length) | INT_8(period_num) */
354  {
355  uint64_t time_period_length = get_time_period_length();
356  char period_stuff[sizeof(uint64_t)*2];
357  size_t offset = 0;
358  set_uint64(period_stuff, tor_htonll(time_period_length));
359  offset += sizeof(uint64_t);
360  set_uint64(period_stuff+offset, tor_htonll(time_period_num));
361  offset += sizeof(uint64_t);
362  tor_assert(offset == sizeof(period_stuff));
363 
364  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
365  }
366 
367  crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
368  crypto_digest_free(digest);
369 }
370 
371 /** Due to the high cost of computing the disaster SRV and that potentially we
372  * would have to do it thousands of times in a row, we always cache the
373  * computer disaster SRV (and its corresponding time period num) in case we
374  * want to reuse it soon after. We need to cache two SRVs, one for each active
375  * time period.
376  */
378 static uint64_t cached_time_period_nums[2] = {0};
379 
380 /** Compute the disaster SRV value for this <b>time_period_num</b> and put it
381  * in <b>srv_out</b> (of size at least DIGEST256_LEN). First check our caches
382  * to see if we have already computed it. */
383 STATIC void
384 get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
385 {
386  if (time_period_num == cached_time_period_nums[0]) {
387  memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
388  return;
389  } else if (time_period_num == cached_time_period_nums[1]) {
390  memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
391  return;
392  } else {
393  int replace_idx;
394  // Replace the lower period number.
395  if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
396  replace_idx = 0;
397  } else {
398  replace_idx = 1;
399  }
400  cached_time_period_nums[replace_idx] = time_period_num;
401  compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
402  memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
403  return;
404  }
405 }
406 
407 #ifdef TOR_UNIT_TESTS
408 
409 /** Get the first cached disaster SRV. Only used by unittests. */
410 STATIC uint8_t *
411 get_first_cached_disaster_srv(void)
412 {
413  return cached_disaster_srv[0];
414 }
415 
416 /** Get the second cached disaster SRV. Only used by unittests. */
417 STATIC uint8_t *
418 get_second_cached_disaster_srv(void)
419 {
420  return cached_disaster_srv[1];
421 }
422 
423 #endif /* defined(TOR_UNIT_TESTS) */
424 
425 /** When creating a blinded key, we need a parameter which construction is as
426  * follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
427  *
428  * The nonce has a pre-defined format which uses the time period number
429  * period_num and the start of the period in second start_time_period.
430  *
431  * The secret of size secret_len is optional meaning that it can be NULL and
432  * thus will be ignored for the param construction.
433  *
434  * The result is put in param_out. */
435 static void
437  const uint8_t *secret, size_t secret_len,
438  uint64_t period_num, uint64_t period_length,
439  uint8_t *param_out)
440 {
441  size_t offset = 0;
442  const char blind_str[] = "Derive temporary signing key";
443  uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
444  crypto_digest_t *digest;
445 
446  tor_assert(pubkey);
447  tor_assert(param_out);
448 
449  /* Create the nonce N. The construction is as follow:
450  * N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
451  memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
452  offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
453  set_uint64(nonce + offset, tor_htonll(period_num));
454  offset += sizeof(uint64_t);
455  set_uint64(nonce + offset, tor_htonll(period_length));
456  offset += sizeof(uint64_t);
457  tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
458 
459  /* Generate the parameter h and the construction is as follow:
460  * h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
461  digest = crypto_digest256_new(DIGEST_SHA3_256);
462  crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
463  crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
464  /* Optional secret. */
465  if (secret) {
466  crypto_digest_add_bytes(digest, (char *) secret, secret_len);
467  }
469  strlen(str_ed25519_basepoint));
470  crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
471 
472  /* Extract digest and put it in the param. */
473  crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
474  crypto_digest_free(digest);
475 
476  memwipe(nonce, 0, sizeof(nonce));
477 }
478 
479 /** Using an ed25519 public key and version to build the checksum of an
480  * address. Put in checksum_out. Format is:
481  * SHA3-256(".onion checksum" || PUBKEY || VERSION)
482  *
483  * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
484 static void
485 build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
486  uint8_t *checksum_out)
487 {
488  size_t offset = 0;
490 
491  /* Build checksum data. */
492  memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
495  memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
496  offset += ED25519_PUBKEY_LEN;
497  set_uint8(data + offset, version);
498  offset += sizeof(version);
500 
501  /* Hash the data payload to create the checksum. */
502  crypto_digest256((char *) checksum_out, data, sizeof(data),
503  DIGEST_SHA3_256);
504 }
505 
506 /** Using an ed25519 public key, checksum and version to build the binary
507  * representation of a service address. Put in addr_out. Format is:
508  * addr_out = PUBKEY || CHECKSUM || VERSION
509  *
510  * addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
511 static void
512 build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
513  uint8_t version, char *addr_out)
514 {
515  size_t offset = 0;
516 
517  tor_assert(key);
518  tor_assert(checksum);
519 
520  memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
521  offset += ED25519_PUBKEY_LEN;
522  memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
524  set_uint8(addr_out + offset, version);
525  offset += sizeof(uint8_t);
526  tor_assert(offset == HS_SERVICE_ADDR_LEN);
527 }
528 
529 /** Helper for hs_parse_address(): Using a binary representation of a service
530  * address, parse its content into the key_out, checksum_out and version_out.
531  * Any out variable can be NULL in case the caller would want only one field.
532  * checksum_out MUST at least be 2 bytes long. address must be at least
533  * HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
534 static void
535 hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
536  uint8_t *checksum_out, uint8_t *version_out)
537 {
538  size_t offset = 0;
539 
540  tor_assert(address);
541 
542  if (key_out) {
543  /* First is the key. */
544  memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
545  }
546  offset += ED25519_PUBKEY_LEN;
547  if (checksum_out) {
548  /* Followed by a 2 bytes checksum. */
549  memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
550  }
552  if (version_out) {
553  /* Finally, version value is 1 byte. */
554  *version_out = get_uint8(address + offset);
555  }
556  offset += sizeof(uint8_t);
557  /* Extra safety. */
558  tor_assert(offset == HS_SERVICE_ADDR_LEN);
559 }
560 
561 /** Using the given identity public key and a blinded public key, compute the
562  * subcredential and put it in subcred_out.
563  * This can't fail. */
564 void
566  const ed25519_public_key_t *blinded_pk,
567  hs_subcredential_t *subcred_out)
568 {
569  uint8_t credential[DIGEST256_LEN];
570  crypto_digest_t *digest;
571 
572  tor_assert(identity_pk);
573  tor_assert(blinded_pk);
574  tor_assert(subcred_out);
575 
576  /* First, build the credential. Construction is as follow:
577  * credential = H("credential" | public-identity-key) */
578  digest = crypto_digest256_new(DIGEST_SHA3_256);
580  HS_CREDENTIAL_PREFIX_LEN);
581  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
583  crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
584  crypto_digest_free(digest);
585 
586  /* Now, compute the subcredential. Construction is as follow:
587  * subcredential = H("subcredential" | credential | blinded-public-key). */
588  digest = crypto_digest256_new(DIGEST_SHA3_256);
589  crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
590  HS_SUBCREDENTIAL_PREFIX_LEN);
591  crypto_digest_add_bytes(digest, (const char *) credential,
592  sizeof(credential));
593  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
595  crypto_digest_get_digest(digest, (char *) subcred_out->subcred,
596  SUBCRED_LEN);
597  crypto_digest_free(digest);
598 
599  memwipe(credential, 0, sizeof(credential));
600 }
601 
602 /** From the given list of hidden service ports, find the ones that match the
603  * given edge connection conn, pick one at random and use it to set the
604  * connection address. Return 0 on success or -1 if none. */
605 int
607 {
608  hs_port_config_t *chosen_port;
609  unsigned int warn_once = 0;
610  smartlist_t *matching_ports;
611 
612  tor_assert(ports);
613  tor_assert(conn);
614 
615  matching_ports = smartlist_new();
617  if (TO_CONN(conn)->port != p->virtual_port) {
618  continue;
619  }
620  if (!(p->is_unix_addr)) {
621  smartlist_add(matching_ports, p);
622  } else {
623  if (add_unix_port(matching_ports, p)) {
624  if (!warn_once) {
625  /* Unix port not supported so warn only once. */
626  log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
627  "which is unsupported on this platform. "
628  "Ignoring it.",
629  TO_CONN(conn)->port);
630  }
631  warn_once++;
632  }
633  }
634  } SMARTLIST_FOREACH_END(p);
635 
636  chosen_port = smartlist_choose(matching_ports);
637  smartlist_free(matching_ports);
638  if (chosen_port) {
639  if (conn->hs_ident) {
640  /* There is always a connection identifier at this point. Regardless of a
641  * Unix or TCP port, note the virtual port. */
642  conn->hs_ident->orig_virtual_port = chosen_port->virtual_port;
643  }
644 
645  if (!(chosen_port->is_unix_addr)) {
646  /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
647  tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
648  TO_CONN(conn)->port = chosen_port->real_port;
649  } else {
650  if (set_unix_port(conn, chosen_port)) {
651  /* Simply impossible to end up here else we were able to add a Unix
652  * port without AF_UNIX support... ? */
653  tor_assert(0);
654  }
655  }
656  }
657  return (chosen_port) ? 0 : -1;
658 }
659 
660 /** Return a new hs_port_config_t with its path set to
661  * <b>socket_path</b> or empty if <b>socket_path</b> is NULL */
662 static hs_port_config_t *
663 hs_port_config_new(const char *socket_path)
664 {
665  if (!socket_path)
666  return tor_malloc_zero(sizeof(hs_port_config_t) + 1);
667 
668  const size_t pathlen = strlen(socket_path) + 1;
669  hs_port_config_t *conf =
670  tor_malloc_zero(sizeof(hs_port_config_t) + pathlen);
671  memcpy(conf->unix_addr, socket_path, pathlen);
672  conf->is_unix_addr = 1;
673  return conf;
674 }
675 
676 /** Parses a virtual-port to real-port/socket mapping separated by
677  * the provided separator and returns a new hs_port_config_t,
678  * or NULL and an optional error string on failure.
679  *
680  * The format is: VirtualPort SEP (IP|RealPort|IP:RealPort|'socket':path)?
681  *
682  * IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
683  */
685 hs_parse_port_config(const char *string, const char *sep,
686  char **err_msg_out)
687 {
688  smartlist_t *sl;
689  int virtport;
690  int realport = 0;
691  uint16_t p;
692  tor_addr_t addr;
693  hs_port_config_t *result = NULL;
694  unsigned int is_unix_addr = 0;
695  const char *socket_path = NULL;
696  char *err_msg = NULL;
697  char *addrport = NULL;
698 
699  sl = smartlist_new();
700  smartlist_split_string(sl, string, sep,
701  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
702  if (smartlist_len(sl) < 1 || BUG(smartlist_len(sl) > 2)) {
703  err_msg = tor_strdup("Bad syntax in hidden service port configuration.");
704  goto err;
705  }
706  virtport = (int)tor_parse_long(smartlist_get(sl,0), 10, 1, 65535, NULL,NULL);
707  if (!virtport) {
708  tor_asprintf(&err_msg, "Missing or invalid port %s in hidden service "
709  "port configuration", escaped(smartlist_get(sl,0)));
710 
711  goto err;
712  }
713  if (smartlist_len(sl) == 1) {
714  /* No addr:port part; use default. */
715  realport = virtport;
716  tor_addr_from_ipv4h(&addr, 0x7F000001u); /* 127.0.0.1 */
717  } else {
718  int ret;
719 
720  const char *addrport_element = smartlist_get(sl,1);
721  const char *rest = NULL;
722  int is_unix;
723  ret = port_cfg_line_extract_addrport(addrport_element, &addrport,
724  &is_unix, &rest);
725 
726  if (ret < 0) {
727  tor_asprintf(&err_msg, "Couldn't process address <%s> from hidden "
728  "service configuration", addrport_element);
729  goto err;
730  }
731 
732  if (rest && strlen(rest)) {
733  err_msg = tor_strdup("HiddenServicePort parse error: invalid port "
734  "mapping");
735  goto err;
736  }
737 
738  if (is_unix) {
739  socket_path = addrport;
740  is_unix_addr = 1;
741  } else if (strchr(addrport, ':') || strchr(addrport, '.')) {
742  /* else try it as an IP:port pair if it has a : or . in it */
743  if (tor_addr_port_lookup(addrport, &addr, &p)<0) {
744  err_msg = tor_strdup("Unparseable address in hidden service port "
745  "configuration.");
746  goto err;
747  }
748  realport = p?p:virtport;
749  } else {
750  /* No addr:port, no addr -- must be port. */
751  realport = (int)tor_parse_long(addrport, 10, 1, 65535, NULL, NULL);
752  if (!realport) {
753  tor_asprintf(&err_msg, "Unparseable or out-of-range port %s in "
754  "hidden service port configuration.",
755  escaped(addrport));
756  goto err;
757  }
758  tor_addr_from_ipv4h(&addr, 0x7F000001u); /* Default to 127.0.0.1 */
759  }
760  }
761 
762  /* Allow room for unix_addr */
763  result = hs_port_config_new(socket_path);
764  result->virtual_port = virtport;
765  result->is_unix_addr = is_unix_addr;
766  if (!is_unix_addr) {
767  result->real_port = realport;
768  tor_addr_copy(&result->real_addr, &addr);
769  result->unix_addr[0] = '\0';
770  }
771 
772  err:
773  tor_free(addrport);
774  if (err_msg_out != NULL) {
775  *err_msg_out = err_msg;
776  } else {
777  tor_free(err_msg);
778  }
779  SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
780  smartlist_free(sl);
781 
782  return result;
783 }
784 
785 /** Release all storage held in a hs_port_config_t. */
786 void
788 {
789  tor_free(p);
790 }
791 
792 /** Using a base32 representation of a service address, parse its content into
793  * the key_out, checksum_out and version_out. Any out variable can be NULL in
794  * case the caller would want only one field. checksum_out MUST at least be 2
795  * bytes long.
796  *
797  * Return 0 if parsing went well; return -1 in case of error and if errmsg is
798  * non NULL, a human readable string message is set. */
799 int
800 hs_parse_address_no_log(const char *address, ed25519_public_key_t *key_out,
801  uint8_t *checksum_out, uint8_t *version_out,
802  const char **errmsg)
803 {
804  char decoded[HS_SERVICE_ADDR_LEN];
805 
806  tor_assert(address);
807 
808  if (errmsg) {
809  *errmsg = NULL;
810  }
811 
812  /* Obvious length check. */
813  if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
814  if (errmsg) {
815  *errmsg = "Invalid length";
816  }
817  goto invalid;
818  }
819 
820  /* Decode address so we can extract needed fields. */
821  if (base32_decode(decoded, sizeof(decoded), address, strlen(address))
822  != sizeof(decoded)) {
823  if (errmsg) {
824  *errmsg = "Unable to base32 decode";
825  }
826  goto invalid;
827  }
828 
829  /* Parse the decoded address into the fields we need. */
830  hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
831 
832  return 0;
833  invalid:
834  return -1;
835 }
836 
837 /** Same has hs_parse_address_no_log() but emits a log warning on parsing
838  * failure. */
839 int
840 hs_parse_address(const char *address, ed25519_public_key_t *key_out,
841  uint8_t *checksum_out, uint8_t *version_out)
842 {
843  const char *errmsg = NULL;
844  int ret = hs_parse_address_no_log(address, key_out, checksum_out,
845  version_out, &errmsg);
846  if (ret < 0) {
847  log_warn(LD_REND, "Service address %s failed to be parsed: %s",
848  escaped_safe_str(address), errmsg);
849  }
850  return ret;
851 }
852 
853 /** Validate a given onion address. The length, the base32 decoding, and
854  * checksum are validated. Return 1 if valid else 0. */
855 int
856 hs_address_is_valid(const char *address)
857 {
858  uint8_t version;
859  uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
860  uint8_t target_checksum[DIGEST256_LEN];
861  ed25519_public_key_t service_pubkey;
862 
863  /* Parse the decoded address into the fields we need. */
864  if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
865  goto invalid;
866  }
867 
868  /* Get the checksum it's supposed to be and compare it with what we have
869  * encoded in the address. */
870  build_hs_checksum(&service_pubkey, version, target_checksum);
871  if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
872  log_warn(LD_REND, "Service address %s invalid checksum.",
873  escaped_safe_str(address));
874  goto invalid;
875  }
876 
877  /* Validate that this pubkey does not have a torsion component. We need to do
878  * this on the prop224 client-side so that attackers can't give equivalent
879  * forms of an onion address to users. */
880  if (ed25519_validate_pubkey(&service_pubkey) < 0) {
881  log_warn(LD_REND, "Service address %s has bad pubkey .",
882  escaped_safe_str(address));
883  goto invalid;
884  }
885 
886  /* Valid address. */
887  return 1;
888  invalid:
889  return 0;
890 }
891 
892 /** Build a service address using an ed25519 public key and a given version.
893  * The returned address is base32 encoded and put in addr_out. The caller MUST
894  * make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
895  *
896  * Format is as follows:
897  * base32(PUBKEY || CHECKSUM || VERSION)
898  * CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
899  * */
900 void
901 hs_build_address(const ed25519_public_key_t *key, uint8_t version,
902  char *addr_out)
903 {
904  uint8_t checksum[DIGEST256_LEN];
905  char address[HS_SERVICE_ADDR_LEN];
906 
907  tor_assert(key);
908  tor_assert(addr_out);
909 
910  /* Get the checksum of the address. */
911  build_hs_checksum(key, version, checksum);
912  /* Get the binary address representation. */
913  build_hs_address(key, checksum, version, address);
914 
915  /* Encode the address. addr_out will be NUL terminated after this. */
916  base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
917  sizeof(address));
918  /* Validate what we just built. */
919  tor_assert(hs_address_is_valid(addr_out));
920 }
921 
922 /** From a given ed25519 public key pk and an optional secret, compute a
923  * blinded public key and put it in blinded_pk_out. This is only useful to
924  * the client side because the client only has access to the identity public
925  * key of the service. */
926 void
928  const uint8_t *secret, size_t secret_len,
929  uint64_t time_period_num,
930  ed25519_public_key_t *blinded_pk_out)
931 {
932  /* Our blinding key API requires a 32 bytes parameter. */
933  uint8_t param[DIGEST256_LEN];
934 
935  tor_assert(pk);
936  tor_assert(blinded_pk_out);
938 
939  build_blinded_key_param(pk, secret, secret_len,
940  time_period_num, get_time_period_length(), param);
941  ed25519_public_blind(blinded_pk_out, pk, param);
942 
943  memwipe(param, 0, sizeof(param));
944 }
945 
946 /** From a given ed25519 keypair kp and an optional secret, compute a blinded
947  * keypair for the current time period and put it in blinded_kp_out. This is
948  * only useful by the service side because the client doesn't have access to
949  * the identity secret key. */
950 void
952  const uint8_t *secret, size_t secret_len,
953  uint64_t time_period_num,
954  ed25519_keypair_t *blinded_kp_out)
955 {
956  /* Our blinding key API requires a 32 bytes parameter. */
957  uint8_t param[DIGEST256_LEN];
958 
959  tor_assert(kp);
960  tor_assert(blinded_kp_out);
961  /* Extra safety. A zeroed key is bad. */
962  tor_assert(!fast_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
963  tor_assert(!fast_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
964 
965  build_blinded_key_param(&kp->pubkey, secret, secret_len,
966  time_period_num, get_time_period_length(), param);
967  ed25519_keypair_blind(blinded_kp_out, kp, param);
968 
969  memwipe(param, 0, sizeof(param));
970 }
971 
972 /** Return true if we are currently in the time segment between a new time
973  * period and a new SRV (in the real network that happens between 12:00 and
974  * 00:00 UTC). Here is a diagram showing exactly when this returns true:
975  *
976  * +------------------------------------------------------------------+
977  * | |
978  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
979  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
980  * | |
981  * | $==========|-----------$===========|-----------$===========| |
982  * | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
983  * | |
984  * +------------------------------------------------------------------+
985  */
986 MOCK_IMPL(int,
987 hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
988 {
989  time_t valid_after;
990  time_t srv_start_time, tp_start_time;
991 
992  if (!consensus) {
995  if (!consensus) {
996  return 0;
997  }
998  }
999 
1000  /* Get start time of next TP and of current SRV protocol run, and check if we
1001  * are between them. */
1002  valid_after = consensus->valid_after;
1004  tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
1005 
1006  if (valid_after >= srv_start_time && valid_after < tp_start_time) {
1007  return 0;
1008  }
1009 
1010  return 1;
1011 }
1012 
1013 /** Return 1 if any virtual port in ports needs a circuit with good uptime.
1014  * Else return 0. */
1015 int
1017 {
1018  tor_assert(ports);
1019 
1021  if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
1022  p->virtual_port)) {
1023  return 1;
1024  }
1025  } SMARTLIST_FOREACH_END(p);
1026  return 0;
1027 }
1028 
1029 /** Build hs_index which is used to find the responsible hsdirs. This index
1030  * value is used to select the responsible HSDir where their hsdir_index is
1031  * closest to this value.
1032  * SHA3-256("store-at-idx" | blinded_public_key |
1033  * INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
1034  *
1035  * hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
1036 void
1037 hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
1038  uint64_t period_num, uint8_t *hs_index_out)
1039 {
1040  crypto_digest_t *digest;
1041 
1042  tor_assert(blinded_pk);
1043  tor_assert(hs_index_out);
1044 
1045  /* Build hs_index. See construction at top of function comment. */
1046  digest = crypto_digest256_new(DIGEST_SHA3_256);
1047  crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
1048  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
1050 
1051  /* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
1052  {
1053  uint64_t period_length = get_time_period_length();
1054  char buf[sizeof(uint64_t)*3];
1055  size_t offset = 0;
1056  set_uint64(buf, tor_htonll(replica));
1057  offset += sizeof(uint64_t);
1058  set_uint64(buf+offset, tor_htonll(period_length));
1059  offset += sizeof(uint64_t);
1060  set_uint64(buf+offset, tor_htonll(period_num));
1061  offset += sizeof(uint64_t);
1062  tor_assert(offset == sizeof(buf));
1063 
1064  crypto_digest_add_bytes(digest, buf, sizeof(buf));
1065  }
1066 
1067  crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
1068  crypto_digest_free(digest);
1069 }
1070 
1071 /** Build hsdir_index which is used to find the responsible hsdirs. This is the
1072  * index value that is compare to the hs_index when selecting an HSDir.
1073  * SHA3-256("node-idx" | node_identity |
1074  * shared_random_value | INT_8(period_length) | INT_8(period_num) )
1075  *
1076  * hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
1077 void
1079  const uint8_t *srv_value, uint64_t period_num,
1080  uint8_t *hsdir_index_out)
1081 {
1082  crypto_digest_t *digest;
1083 
1084  tor_assert(identity_pk);
1085  tor_assert(srv_value);
1086  tor_assert(hsdir_index_out);
1087 
1088  /* Build hsdir_index. See construction at top of function comment. */
1089  digest = crypto_digest256_new(DIGEST_SHA3_256);
1090  crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
1091  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
1093  crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
1094 
1095  {
1096  uint64_t time_period_length = get_time_period_length();
1097  char period_stuff[sizeof(uint64_t)*2];
1098  size_t offset = 0;
1099  set_uint64(period_stuff, tor_htonll(period_num));
1100  offset += sizeof(uint64_t);
1101  set_uint64(period_stuff+offset, tor_htonll(time_period_length));
1102  offset += sizeof(uint64_t);
1103  tor_assert(offset == sizeof(period_stuff));
1104 
1105  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
1106  }
1107 
1108  crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
1109  crypto_digest_free(digest);
1110 }
1111 
1112 /** Return a newly allocated buffer containing the current shared random value
1113  * or if not present, a disaster value is computed using the given time period
1114  * number. If a consensus is provided in <b>ns</b>, use it to get the SRV
1115  * value. This function can't fail. */
1116 uint8_t *
1117 hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
1118 {
1119  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1120  const sr_srv_t *current_srv = sr_get_current(ns);
1121 
1122  if (current_srv) {
1123  memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
1124  } else {
1125  /* Disaster mode. */
1126  get_disaster_srv(time_period_num, sr_value);
1127  }
1128  return sr_value;
1129 }
1130 
1131 /** Return a newly allocated buffer containing the previous shared random
1132  * value or if not present, a disaster value is computed using the given time
1133  * period number. This function can't fail. */
1134 uint8_t *
1135 hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
1136 {
1137  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1138  const sr_srv_t *previous_srv = sr_get_previous(ns);
1139 
1140  if (previous_srv) {
1141  memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
1142  } else {
1143  /* Disaster mode. */
1144  get_disaster_srv(time_period_num, sr_value);
1145  }
1146  return sr_value;
1147 }
1148 
1149 /** Return the number of replicas defined by a consensus parameter or the
1150  * default value. */
1151 int32_t
1153 {
1154  /* The [1,16] range is a specification requirement. */
1155  return networkstatus_get_param(NULL, "hsdir_n_replicas",
1157 }
1158 
1159 /** Return the spread fetch value defined by a consensus parameter or the
1160  * default value. */
1161 int32_t
1163 {
1164  /* The [1,128] range is a specification requirement. */
1165  return networkstatus_get_param(NULL, "hsdir_spread_fetch",
1167 }
1168 
1169 /** Return the spread store value defined by a consensus parameter or the
1170  * default value. */
1171 int32_t
1173 {
1174  /* The [1,128] range is a specification requirement. */
1175  return networkstatus_get_param(NULL, "hsdir_spread_store",
1177 }
1178 
1179 /** <b>node</b> is an HSDir so make sure that we have assigned an hsdir index.
1180  * Return 0 if everything is as expected, else return -1. */
1181 static int
1183 {
1185 
1186  /* A node can't have an HSDir index without a descriptor since we need desc
1187  * to get its ed25519 key. for_direct_connect should be zero, since we
1188  * always use the consensus-indexed node's keys to build the hash ring, even
1189  * if some of the consensus-indexed nodes are also bridges. */
1190  if (!node_has_preferred_descriptor(node, 0)) {
1191  return 0;
1192  }
1193 
1194  /* At this point, since the node has a desc, this node must also have an
1195  * hsdir index. If not, something went wrong, so BUG out. */
1196  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.fetch,
1197  DIGEST256_LEN))) {
1198  return 0;
1199  }
1200  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_first,
1201  DIGEST256_LEN))) {
1202  return 0;
1203  }
1204  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_second,
1205  DIGEST256_LEN))) {
1206  return 0;
1207  }
1208 
1209  return 1;
1210 }
1211 
1212 /** For a given blinded key and time period number, get the responsible HSDir
1213  * and put their routerstatus_t object in the responsible_dirs list. If
1214  * 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
1215  * is used. If 'for_fetching' is true, the spread fetch consensus parameter is
1216  * used else the spread store is used which is only for upload. This function
1217  * can't fail but it is possible that the responsible_dirs list contains fewer
1218  * nodes than expected.
1219  *
1220  * This function goes over the latest consensus routerstatus list and sorts it
1221  * by their node_t hsdir_index then does a binary search to find the closest
1222  * node. All of this makes it a bit CPU intensive so use it wisely. */
1223 void
1225  uint64_t time_period_num, int use_second_hsdir_index,
1226  int for_fetching, smartlist_t *responsible_dirs)
1227 {
1228  smartlist_t *sorted_nodes;
1229  /* The compare function used for the smartlist bsearch. We have two
1230  * different depending on is_next_period. */
1231  int (*cmp_fct)(const void *, const void **);
1232 
1233  tor_assert(blinded_pk);
1234  tor_assert(responsible_dirs);
1235 
1236  sorted_nodes = smartlist_new();
1237 
1238  /* Make sure we actually have a live consensus */
1239  networkstatus_t *c =
1242  if (!c || smartlist_len(c->routerstatus_list) == 0) {
1243  log_warn(LD_REND, "No live consensus so we can't get the responsible "
1244  "hidden service directories.");
1245  goto done;
1246  }
1247 
1248  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
1250 
1251  /* Add every node_t that support HSDir v3 for which we do have a valid
1252  * hsdir_index already computed for them for this consensus. */
1253  {
1255  /* Even though this node_t object won't be modified and should be const,
1256  * we can't add const object in a smartlist_t. */
1257  node_t *n = node_get_mutable_by_id(rs->identity_digest);
1258  tor_assert(n);
1259  if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
1260  if (!node_has_hsdir_index(n)) {
1261  log_info(LD_GENERAL, "Node %s was found without hsdir index.",
1262  node_describe(n));
1263  continue;
1264  }
1265  smartlist_add(sorted_nodes, n);
1266  }
1267  } SMARTLIST_FOREACH_END(rs);
1268  }
1269  if (smartlist_len(sorted_nodes) == 0) {
1270  log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
1271  goto done;
1272  }
1273 
1274  /* First thing we have to do is sort all node_t by hsdir_index. The
1275  * is_next_period tells us if we want the current or the next one. Set the
1276  * bsearch compare function also while we are at it. */
1277  if (for_fetching) {
1280  } else if (use_second_hsdir_index) {
1283  } else {
1286  }
1287 
1288  /* For all replicas, we'll select a set of HSDirs using the consensus
1289  * parameters and the sorted list. The replica starting at value 1 is
1290  * defined by the specification. */
1291  for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
1292  int idx, start, found, n_added = 0;
1293  uint8_t hs_index[DIGEST256_LEN] = {0};
1294  /* Number of node to add to the responsible dirs list depends on if we are
1295  * trying to fetch or store. A client always fetches. */
1296  int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
1298 
1299  /* Get the index that we should use to select the node. */
1300  hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
1301  /* The compare function pointer has been set correctly earlier. */
1302  start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
1303  &found);
1304  /* Getting the length of the list if no member is greater than the key we
1305  * are looking for so start at the first element. */
1306  if (idx == smartlist_len(sorted_nodes)) {
1307  start = idx = 0;
1308  }
1309  while (n_added < n_to_add) {
1310  const node_t *node = smartlist_get(sorted_nodes, idx);
1311  /* If the node has already been selected which is possible between
1312  * replicas, the specification says to skip over. */
1313  if (!smartlist_contains(responsible_dirs, node->rs)) {
1314  smartlist_add(responsible_dirs, node->rs);
1315  ++n_added;
1316  }
1317  if (++idx == smartlist_len(sorted_nodes)) {
1318  /* Wrap if we've reached the end of the list. */
1319  idx = 0;
1320  }
1321  if (idx == start) {
1322  /* We've gone over the whole list, stop and avoid infinite loop. */
1323  break;
1324  }
1325  }
1326  }
1327 
1328  done:
1329  smartlist_free(sorted_nodes);
1330 }
1331 
1332 /*********************** HSDir request tracking ***************************/
1333 
1334 /** Return the period for which a hidden service directory cannot be queried
1335  * for the same descriptor ID again, taking TestingTorNetwork into account. */
1336 time_t
1338 {
1339  tor_assert(options);
1340 
1341  if (options->TestingTorNetwork) {
1342  return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
1343  } else {
1344  return REND_HID_SERV_DIR_REQUERY_PERIOD;
1345  }
1346 }
1347 
1348 /** Tracks requests for fetching hidden service descriptors. It's used by
1349  * hidden service clients, to avoid querying HSDirs that have already failed
1350  * giving back a descriptor. The same data structure is used to track v3 HS
1351  * descriptor requests.
1352  *
1353  * The string map is a key/value store that contains the last request times to
1354  * hidden service directories for certain queries. Specifically:
1355  *
1356  * key = base32(hsdir_identity) + base32(hs_identity)
1357  * value = time_t of last request for that hs_identity to that HSDir
1358  *
1359  * where 'hsdir_identity' is the identity digest of the HSDir node, and
1360  * 'hs_identity' is the ed25519 blinded public key of the HS for v3. */
1361 static strmap_t *last_hid_serv_requests_ = NULL;
1362 
1363 /** Returns last_hid_serv_requests_, initializing it to a new strmap if
1364  * necessary. */
1365 STATIC strmap_t *
1367 {
1369  last_hid_serv_requests_ = strmap_new();
1370  return last_hid_serv_requests_;
1371 }
1372 
1373 /** Look up the last request time to hidden service directory <b>hs_dir</b>
1374  * for descriptor request key <b>req_key_str</b> which is the blinded key for
1375  * v3. If <b>set</b> is non-zero, assign the current time <b>now</b> and
1376  * return that. Otherwise, return the most recent request time, or 0 if no
1377  * such request has been sent before. */
1378 time_t
1380  const char *req_key_str,
1381  time_t now, int set)
1382 {
1383  char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
1384  char *hsdir_desc_comb_id = NULL;
1385  time_t *last_request_ptr;
1386  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1387 
1388  /* Create the key */
1389  base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
1390  hs_dir->identity_digest, DIGEST_LEN);
1391  tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
1392 
1393  if (set) {
1394  time_t *oldptr;
1395  last_request_ptr = tor_malloc_zero(sizeof(time_t));
1396  *last_request_ptr = now;
1397  oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
1398  last_request_ptr);
1399  tor_free(oldptr);
1400  } else {
1401  last_request_ptr = strmap_get(last_hid_serv_requests,
1402  hsdir_desc_comb_id);
1403  }
1404 
1405  tor_free(hsdir_desc_comb_id);
1406  return (last_request_ptr) ? *last_request_ptr : 0;
1407 }
1408 
1409 /** Clean the history of request times to hidden service directories, so that
1410  * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
1411  * seconds any more. */
1412 void
1414 {
1415  strmap_iter_t *iter;
1416  time_t cutoff = now - hs_hsdir_requery_period(get_options());
1417  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1418  for (iter = strmap_iter_init(last_hid_serv_requests);
1419  !strmap_iter_done(iter); ) {
1420  const char *key;
1421  void *val;
1422  time_t *ent;
1423  strmap_iter_get(iter, &key, &val);
1424  ent = (time_t *) val;
1425  if (*ent < cutoff) {
1426  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1427  tor_free(ent);
1428  } else {
1429  iter = strmap_iter_next(last_hid_serv_requests, iter);
1430  }
1431  }
1432 }
1433 
1434 /** Remove all requests related to the descriptor request key string
1435  * <b>req_key_str</b> from the history of times of requests to hidden service
1436  * directories.
1437  *
1438  * This is called from purge_hid_serv_request(), which must be idempotent, so
1439  * any future changes to this function must leave it idempotent too. */
1440 void
1442 {
1443  strmap_iter_t *iter;
1444  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1445 
1446  for (iter = strmap_iter_init(last_hid_serv_requests);
1447  !strmap_iter_done(iter); ) {
1448  const char *key;
1449  void *val;
1450  strmap_iter_get(iter, &key, &val);
1451 
1452  /* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
1453  * semantic, see #23305. */
1454 
1455  /* This strmap contains variable-sized elements so this is a basic length
1456  * check on the strings we are about to compare. The key is variable sized
1457  * since it's composed as follows:
1458  * key = base32(hsdir_identity) + base32(req_key_str)
1459  * where 'req_key_str' is the ed25519 blinded public key of the HS v3. */
1460  if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
1461  iter = strmap_iter_next(last_hid_serv_requests, iter);
1462  continue;
1463  }
1464 
1465  /* Check if the tracked request matches our request key */
1466  if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
1467  strlen(req_key_str))) {
1468  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1469  tor_free(val);
1470  } else {
1471  iter = strmap_iter_next(last_hid_serv_requests, iter);
1472  }
1473  }
1474 }
1475 
1476 /** Purge the history of request times to hidden service directories,
1477  * so that future lookups of an HS descriptor will not fail because we
1478  * accessed all of the HSDir relays responsible for the descriptor
1479  * recently. */
1480 void
1482 {
1483  /* Don't create the table if it doesn't exist yet (and it may very
1484  * well not exist if the user hasn't accessed any HSes)... */
1485  strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
1486  /* ... and let get_last_hid_serv_requests re-create it for us if
1487  * necessary. */
1488  last_hid_serv_requests_ = NULL;
1489 
1490  if (old_last_hid_serv_requests != NULL) {
1491  log_info(LD_REND, "Purging client last-HS-desc-request-time table");
1492  strmap_free(old_last_hid_serv_requests, tor_free_);
1493  }
1494 }
1495 
1496 /***********************************************************************/
1497 
1498 /** Given the list of responsible HSDirs in <b>responsible_dirs</b>, pick the
1499  * one that we should use to fetch a descriptor right now. Take into account
1500  * previous failed attempts at fetching this descriptor from HSDirs using the
1501  * string identifier <b>req_key_str</b>. We return whether we are rate limited
1502  * into *<b>is_rate_limited_out</b> if it is not NULL.
1503  *
1504  * Steals ownership of <b>responsible_dirs</b>.
1505  *
1506  * Return the routerstatus of the chosen HSDir if successful, otherwise return
1507  * NULL if no HSDirs are worth trying right now. */
1509 hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str,
1510  bool *is_rate_limited_out)
1511 {
1512  smartlist_t *usable_responsible_dirs = smartlist_new();
1513  const or_options_t *options = get_options();
1514  routerstatus_t *hs_dir;
1515  time_t now = time(NULL);
1516  int excluded_some;
1517  bool rate_limited = false;
1518  int rate_limited_count = 0;
1519  int responsible_dirs_count = smartlist_len(responsible_dirs);
1520 
1521  tor_assert(req_key_str);
1522 
1523  /* Clean outdated request history first. */
1525 
1526  /* Only select those hidden service directories to which we did not send a
1527  * request recently and for which we have a router descriptor here.
1528  *
1529  * Use for_direct_connect==0 even if we will be connecting to the node
1530  * directly, since we always use the key information in the
1531  * consensus-indexed node descriptors for building the index.
1532  **/
1533  SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
1534  time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
1535  const node_t *node = node_get_by_id(dir->identity_digest);
1536  if (last + hs_hsdir_requery_period(options) >= now ||
1537  !node || !node_has_preferred_descriptor(node, 0)) {
1538  SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
1539  rate_limited_count++;
1540  continue;
1541  }
1542  if (!routerset_contains_node(options->ExcludeNodes, node)) {
1543  smartlist_add(usable_responsible_dirs, dir);
1544  }
1545  } SMARTLIST_FOREACH_END(dir);
1546 
1547  if (rate_limited_count > 0 || responsible_dirs_count > 0) {
1548  rate_limited = rate_limited_count == responsible_dirs_count;
1549  }
1550 
1551  excluded_some =
1552  smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
1553 
1554  hs_dir = smartlist_choose(usable_responsible_dirs);
1555  if (!hs_dir && !options->StrictNodes) {
1556  hs_dir = smartlist_choose(responsible_dirs);
1557  }
1558 
1559  smartlist_free(responsible_dirs);
1560  smartlist_free(usable_responsible_dirs);
1561  if (!hs_dir) {
1562  const char *warn_str = (rate_limited) ? "we are rate limited." :
1563  "we requested them all recently without success";
1564  log_info(LD_REND, "Could not pick one of the responsible hidden "
1565  "service directories, because %s.", warn_str);
1566  if (options->StrictNodes && excluded_some) {
1567  log_warn(LD_REND, "Could not pick a hidden service directory for the "
1568  "requested hidden service: they are all either down or "
1569  "excluded, and StrictNodes is set.");
1570  }
1571  } else {
1572  /* Remember that we are requesting a descriptor from this hidden service
1573  * directory now. */
1574  hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
1575  }
1576 
1577  if (is_rate_limited_out != NULL) {
1578  *is_rate_limited_out = rate_limited;
1579  }
1580 
1581  return hs_dir;
1582 }
1583 
1584 /** Given a list of link specifiers lspecs, a curve 25519 onion_key, and
1585  * a direct connection boolean direct_conn (true for single onion services),
1586  * return a newly allocated extend_info_t object.
1587  *
1588  * This function always returns an extend info with a valid IP address and
1589  * ORPort, or NULL. If direct_conn is false, the IP address is always IPv4.
1590  *
1591  * It performs the following checks:
1592  * if there is no usable IP address, or legacy ID is missing, return NULL.
1593  * if direct_conn, and we can't reach any IP address, return NULL.
1594  */
1595 extend_info_t *
1597  const curve25519_public_key_t *onion_key,
1598  int direct_conn)
1599 {
1600  int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
1601  char legacy_id[DIGEST_LEN] = {0};
1602  ed25519_public_key_t ed25519_pk;
1603  extend_info_t *info = NULL;
1604  tor_addr_port_t ap;
1605 
1606  tor_addr_make_null(&ap.addr, AF_UNSPEC);
1607  ap.port = 0;
1608 
1609  if (lspecs == NULL) {
1610  log_warn(LD_BUG, "Specified link specifiers is null");
1611  goto done;
1612  }
1613 
1614  if (onion_key == NULL) {
1615  log_warn(LD_BUG, "Specified onion key is null");
1616  goto done;
1617  }
1618 
1619  if (smartlist_len(lspecs) == 0) {
1620  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Empty link specifier list.");
1621  /* Return NULL. */
1622  goto done;
1623  }
1624 
1625  SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
1626  switch (link_specifier_get_ls_type(ls)) {
1627  case LS_IPV4:
1628  /* Skip if we already seen a v4. If direct_conn is true, we skip this
1629  * block because reachable_addr_choose_from_ls() will set ap. If
1630  * direct_conn is false, set ap to the first IPv4 address and port in
1631  * the link specifiers.*/
1632  if (have_v4 || direct_conn) continue;
1633  tor_addr_from_ipv4h(&ap.addr,
1634  link_specifier_get_un_ipv4_addr(ls));
1635  ap.port = link_specifier_get_un_ipv4_port(ls);
1636  have_v4 = 1;
1637  break;
1638  case LS_LEGACY_ID:
1639  /* Make sure we do have enough bytes for the legacy ID. */
1640  if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
1641  break;
1642  }
1643  memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
1644  sizeof(legacy_id));
1645  have_legacy_id = 1;
1646  break;
1647  case LS_ED25519_ID:
1648  memcpy(ed25519_pk.pubkey,
1649  link_specifier_getconstarray_un_ed25519_id(ls),
1651  have_ed25519_id = 1;
1652  break;
1653  default:
1654  /* Ignore unknown. */
1655  break;
1656  }
1657  } SMARTLIST_FOREACH_END(ls);
1658 
1659  /* Choose a preferred address first, but fall back to an allowed address. */
1660  if (direct_conn)
1661  reachable_addr_choose_from_ls(lspecs, 0, &ap);
1662 
1663  /* Legacy ID is mandatory, and we require an IP address. */
1664  if (!tor_addr_port_is_valid_ap(&ap, 0)) {
1665  /* If we're missing the IP address, log a warning and return NULL. */
1666  log_info(LD_NET, "Unreachable or invalid IP address in link state");
1667  goto done;
1668  }
1669  if (!have_legacy_id) {
1670  /* If we're missing the legacy ID, log a warning and return NULL. */
1671  log_warn(LD_PROTOCOL, "Missing Legacy ID in link state");
1672  goto done;
1673  }
1674 
1675  /* We will add support for falling back to a 3-hop path in a later
1676  * release. */
1677 
1678  /* We'll validate now that the address we've picked isn't a private one. If
1679  * it is, are we allowed to extend to private addresses? */
1680  if (!extend_info_addr_is_allowed(&ap.addr)) {
1681  log_fn(LOG_PROTOCOL_WARN, LD_REND,
1682  "Requested address is private and we are not allowed to extend to "
1683  "it: %s:%u", fmt_addr(&ap.addr), ap.port);
1684  goto done;
1685  }
1686 
1687  /* We do have everything for which we think we can connect successfully. */
1688  info = extend_info_new(NULL, legacy_id,
1689  (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
1690  onion_key, &ap.addr, ap.port);
1691  done:
1692  return info;
1693 }
1694 
1695 /***********************************************************************/
1696 
1697 /** Initialize the entire HS subsystem. This is called in tor_init() before any
1698  * torrc options are loaded. Only for >= v3. */
1699 void
1700 hs_init(void)
1701 {
1703  hs_service_init();
1704  hs_cache_init();
1705 }
1706 
1707 /** Release and cleanup all memory of the HS subsystem (all version). This is
1708  * called by tor_free_all(). */
1709 void
1711 {
1716  hs_ob_free_all();
1717 }
1718 
1719 /** For the given origin circuit circ, decrement the number of rendezvous
1720  * stream counter. This handles every hidden service version. */
1721 void
1723 {
1724  tor_assert(circ);
1725 
1726  if (circ->hs_ident) {
1727  circ->hs_ident->num_rdv_streams--;
1728  } else {
1729  /* Should not be called if this circuit is not for hidden service. */
1731  }
1732 }
1733 
1734 /** For the given origin circuit circ, increment the number of rendezvous
1735  * stream counter. This handles every hidden service version. */
1736 void
1738 {
1739  tor_assert(circ);
1740 
1741  if (circ->hs_ident) {
1742  circ->hs_ident->num_rdv_streams++;
1743  } else {
1744  /* Should not be called if this circuit is not for hidden service. */
1746  }
1747 }
1748 
1749 /** Return a newly allocated link specifier object that is a copy of dst. */
1750 link_specifier_t *
1751 link_specifier_dup(const link_specifier_t *src)
1752 {
1753  link_specifier_t *dup = NULL;
1754  uint8_t *buf = NULL;
1755 
1756  if (BUG(!src)) {
1757  goto err;
1758  }
1759 
1760  ssize_t encoded_len_alloc = link_specifier_encoded_len(src);
1761  if (BUG(encoded_len_alloc < 0)) {
1762  goto err;
1763  }
1764 
1765  buf = tor_malloc_zero(encoded_len_alloc);
1766  ssize_t encoded_len_data = link_specifier_encode(buf,
1767  encoded_len_alloc,
1768  src);
1769  if (BUG(encoded_len_data < 0)) {
1770  goto err;
1771  }
1772 
1773  ssize_t parsed_len = link_specifier_parse(&dup, buf, encoded_len_alloc);
1774  if (BUG(parsed_len < 0)) {
1775  goto err;
1776  }
1777 
1778  goto done;
1779 
1780  err:
1781  dup = NULL;
1782 
1783  done:
1784  tor_free(buf);
1785  return dup;
1786 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
routermode.h
Header file for routermode.c.
hs_cache_init
void hs_cache_init(void)
Definition: hs_cache.c:1115
tor_free
#define tor_free(p)
Definition: malloc.h:52
hs_service.h
Header file containing service data for the HS subsystem.
tor_free_
void tor_free_(void *mem)
Definition: malloc.c:227
smartlist_split_string
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Definition: smartlist_split.c:37
HS_TIME_PERIOD_LENGTH_MAX
#define HS_TIME_PERIOD_LENGTH_MAX
Definition: hs_common.h:88
tor_addr_make_null
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
hs_ident.h
Header file containing circuit and connection identifier data for the whole HS subsystem.
memwipe
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
build_hs_address
static void build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum, uint8_t version, char *addr_out)
Definition: hs_common.c:512
tor_addr_t
Definition: address.h:69
cpd_check_t
unsigned int cpd_check_t
Definition: dir.h:20
smartlist_contains_int_as_string
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
approx_time
time_t approx_time(void)
Definition: approx_time.c:32
ed25519_validate_pubkey
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:796
connection_t::address
char * address
Definition: connection_st.h:166
MOCK_IMPL
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
hs_service_init
void hs_service_init(void)
Definition: hs_service.c:4366
hs_set_conn_addr_port
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:606
hs_hsdir_requery_period
time_t hs_hsdir_requery_period(const or_options_t *options)
Definition: hs_common.c:1337
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
microdesc.h
Header file for microdesc.c.
LD_BUG
#define LD_BUG
Definition: log.h:86
hs_get_next_time_period_num
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:306
fast_mem_is_zero
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
HS_DEFAULT_HSDIR_SPREAD_FETCH
#define HS_DEFAULT_HSDIR_SPREAD_FETCH
Definition: hs_common.h:123
LD_GENERAL
#define LD_GENERAL
Definition: log.h:62
hs_in_period_between_tp_and_srv
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:987
routerset_contains_node
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:353
smartlist_choose
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:590
set_uint8
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
describe.h
Header file for describe.c.
node_get_by_id
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
sr_srv_t
Definition: shared_random.h:62
routerstatus_t
Definition: routerstatus_st.h:19
hsdir_index_t::fetch
uint8_t fetch[DIGEST256_LEN]
Definition: hsdir_index_st.h:19
hs_build_blinded_keypair
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:951
hs_build_address
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:901
hs_build_hs_index
void hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk, uint64_t period_num, uint8_t *hs_index_out)
Definition: hs_common.c:1037
hs_get_hsdir_spread_fetch
int32_t hs_get_hsdir_spread_fetch(void)
Definition: hs_common.c:1162
hs_port_config_t::real_addr
tor_addr_t real_addr
Definition: hs_common.h:158
HS_SERVICE_ADDR_CHECKSUM_LEN_USED
#define HS_SERVICE_ADDR_CHECKSUM_LEN_USED
Definition: hs_common.h:71
ED25519_PUBKEY_LEN
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
hs_port_config_t::virtual_port
uint16_t virtual_port
Definition: hs_common.h:152
crypto_digest_add_bytes
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
Definition: crypto_digest_nss.c:308
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
tor_addr_make_unspec
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
nodelist_ensure_freshness
void nodelist_ensure_freshness(const networkstatus_t *ns)
Definition: nodelist.c:1026
crypto_digest_t
Definition: crypto_digest_nss.c:166
build_hs_checksum
static void build_hs_checksum(const ed25519_public_key_t *key, uint8_t version, uint8_t *checksum_out)
Definition: hs_common.c:485
tor_parse_long
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
last_hid_serv_requests_
static strmap_t * last_hid_serv_requests_
Definition: hs_common.c:1361
connection_t::port
uint16_t port
Definition: connection_st.h:146
hs_address_is_valid
int hs_address_is_valid(const char *address)
Definition: hs_common.c:856
hs_init
void hs_init(void)
Definition: hs_common.c:1700
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
base32_decode
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
hs_dos.h
Header file containing denial of service defenses for the HS subsystem for all versions.
networkstatus.h
Header file for networkstatus.c.
hsdir_index_t::store_first
uint8_t store_first[DIGEST256_LEN]
Definition: hsdir_index_st.h:24
hs_client.h
Header file containing client data for the HS subsystem.
tor_memeq
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
base32_encode
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
crypto_util.h
Common functions for cryptographic routines.
hs_purge_last_hid_serv_requests
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1481
hs_port_config_t::unix_addr
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: hs_common.h:160
hs_cache.h
Header file for hs_cache.c.
REND_DESC_ID_V2_LEN_BASE32
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:334
extend_info_new
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:33
hs_parse_address_impl
static void hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:535
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
hs_pick_hsdir
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
Definition: hs_common.c:1509
hs_lookup_last_hid_serv_request
time_t hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir, const char *req_key_str, time_t now, int set)
Definition: hs_common.c:1379
hs_get_hsdir_spread_store
int32_t hs_get_hsdir_spread_store(void)
Definition: hs_common.c:1172
node_get_mutable_by_id
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
hs_circuitmap_init
void hs_circuitmap_init(void)
Definition: hs_circuitmap.c:541
tor_addr_port_lookup
int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
Definition: resolve.c:252
hs_get_previous_srv
uint8_t * hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
Definition: hs_common.c:1135
resolve.h
Header for resolve.c.
shared_random_state.h
Header for shared_random_state.c.
tor_addr_from_ipv4h
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
sr_get_current
const sr_srv_t * sr_get_current(const networkstatus_t *ns)
Definition: shared_random_client.c:146
hs_service_free_all
void hs_service_free_all(void)
Definition: hs_service.c:4380
node_supports_v3_hsdir
bool node_supports_v3_hsdir(const node_t *node)
Definition: nodelist.c:1251
hs_get_previous_time_period_num
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:315
tor_addr_port_t
Definition: address.h:81
HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN
#define HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN
Definition: hs_common.h:68
hs_path_from_filename
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:178
HS_DEFAULT_HSDIR_N_REPLICAS
#define HS_DEFAULT_HSDIR_N_REPLICAS
Definition: hs_common.h:119
tor_assert_nonfatal_unreached
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
node_t
Definition: node_st.h:34
origin_circuit_t
Definition: origin_circuit_st.h:79
HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN
#define HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN
Definition: hs_common.h:62
HS_SERVICE_ADDR_LEN
#define HS_SERVICE_ADDR_LEN
Definition: hs_common.h:76
hs_parse_port_config
hs_port_config_t * hs_parse_port_config(const char *string, const char *sep, char **err_msg_out)
Definition: hs_common.c:685
ed25519_public_key_t
Definition: crypto_ed25519.h:23
or_options_t::ExcludeNodes
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:120
networkstatus_get_reasonably_live_consensus
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
Definition: networkstatus.c:1477
hs_check_service_private_dir
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:200
LD_REND
#define LD_REND
Definition: log.h:84
escaped
const char * escaped(const char *s)
Definition: escape.c:126
usable_consensus_flavor
int usable_consensus_flavor(void)
Definition: microdesc.c:1086
or_options_t::StrictNodes
int StrictNodes
Definition: or_options_st.h:117
HS_TIME_PERIOD_LENGTH_DEFAULT
#define HS_TIME_PERIOD_LENGTH_DEFAULT
Definition: hs_common.h:84
compare_digest_to_fetch_hsdir_index
static int compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:113
nodelist.h
Header file for nodelist.c.
build_blinded_key_param
static void build_blinded_key_param(const ed25519_public_key_t *pubkey, const uint8_t *secret, size_t secret_len, uint64_t period_num, uint64_t period_length, uint8_t *param_out)
Definition: hs_common.c:436
ED25519_SECKEY_LEN
#define ED25519_SECKEY_LEN
Definition: x25519_sizes.h:29
compare_node_fetch_hsdir_index
static int compare_node_fetch_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:144
ed25519_keypair_blind
int ed25519_keypair_blind(ed25519_keypair_t *out, const ed25519_keypair_t *inp, const uint8_t *param)
Definition: crypto_ed25519.c:514
routerset.h
Header file for routerset.c.
compare_node_store_first_hsdir_index
static int compare_node_store_first_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:155
hs_port_config_t
Definition: hs_common.h:150
hs_purge_hid_serv_from_last_hid_serv_requests
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1441
extend_info_addr_is_allowed
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Definition: extendinfo.c:224
connection_t::addr
tor_addr_t addr
Definition: connection_st.h:145
hs_ob_free_all
void hs_ob_free_all(void)
Definition: hs_ob.c:406
DIGEST256_LEN
#define DIGEST256_LEN
Definition: digest_sizes.h:23
extendinfo.h
Header for core/or/extendinfo.c.
hsdir_index_t::store_second
uint8_t store_second[DIGEST256_LEN]
Definition: hsdir_index_st.h:26
networkstatus_t::routerstatus_list
smartlist_t * routerstatus_list
Definition: networkstatus_st.h:96
compute_disaster_srv
static void compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:340
node_has_hsdir_index
static int node_has_hsdir_index(const node_t *node)
Definition: hs_common.c:1182
HS_INDEX_PREFIX
#define HS_INDEX_PREFIX
Definition: hs_common.h:107
crypto_digest256_new
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:272
hs_get_hsdir_n_replicas
int32_t hs_get_hsdir_n_replicas(void)
Definition: hs_common.c:1152
fmt_addr
#define fmt_addr(a)
Definition: address.h:239
crypto_rand.h
Common functions for using (pseudo-)random number generators.
hs_get_service_max_rend_failures
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:233
hs_build_hsdir_index
void hs_build_hsdir_index(const ed25519_public_key_t *identity_pk, const uint8_t *srv_value, uint64_t period_num, uint8_t *hsdir_index_out)
Definition: hs_common.c:1078
get_options
const or_options_t * get_options(void)
Definition: config.c:919
tor_memcmp
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
link_specifier_dup
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1751
circuitbuild.h
Header file for circuitbuild.c.
HS_KEYBLIND_NONCE_PREFIX
#define HS_KEYBLIND_NONCE_PREFIX
Definition: hs_common.h:95
hs_get_responsible_hsdirs
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1224
hs_ident_edge_conn_t::orig_virtual_port
uint16_t orig_virtual_port
Definition: hs_ident.h:111
HS_SERVICE_ADDR_CHECKSUM_PREFIX
#define HS_SERVICE_ADDR_CHECKSUM_PREFIX
Definition: hs_common.h:60
crypto_digest_free
#define crypto_digest_free(d)
Definition: crypto_digest.h:130
routerstatus_st.h
Routerstatus (consensus entry) structure.
sr_srv_t::value
uint8_t value[DIGEST256_LEN]
Definition: shared_random.h:66
node_describe
const char * node_describe(const node_t *node)
Definition: describe.c:160
hs_common.h
Header file containing common data for the whole HS subsystem.
hs_circuitmap_free_all
void hs_circuitmap_free_all(void)
Definition: hs_circuitmap.c:551
curve25519_public_key_t
Definition: crypto_curve25519.h:24
edge_connection_st.h
Edge-connection structure.
HSDIR_INDEX_PREFIX
#define HSDIR_INDEX_PREFIX
Definition: hs_common.h:111
cached_disaster_srv
static uint8_t cached_disaster_srv[2][DIGEST256_LEN]
Definition: hs_common.c:377
hs_get_extend_info_from_lspecs
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
Definition: hs_common.c:1596
HS_SRV_DISASTER_PREFIX
#define HS_SRV_DISASTER_PREFIX
Definition: hs_common.h:115
hs_subcredential_t
Definition: hs_ntor.h:43
get_time_period_length
STATIC uint64_t get_time_period_length(void)
Definition: hs_common.c:243
networkstatus_t::valid_after
time_t valid_after
Definition: networkstatus_st.h:33
tor_htonll
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:184
hs_service_requires_uptime_circ
int hs_service_requires_uptime_circ(const smartlist_t *ports)
Definition: hs_common.c:1016
tor_asprintf
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
hs_client_free_all
void hs_client_free_all(void)
Definition: hs_client.c:2548
hs_get_time_period_num
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:269
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
or_options_t::TestingTorNetwork
int TestingTorNetwork
Definition: or_options_st.h:814
SMARTLIST_DEL_CURRENT
#define SMARTLIST_DEL_CURRENT(sl, var)
Definition: smartlist_foreach.h:120
compare_digest_to_store_second_hsdir_index
static int compare_digest_to_store_second_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:134
sr_state_get_start_time_of_current_protocol_run
time_t sr_state_get_start_time_of_current_protocol_run(void)
Definition: shared_random_client.c:245
node_st.h
Node information structure.
sr_get_previous
const sr_srv_t * sr_get_previous(const networkstatus_t *ns)
Definition: shared_random_client.c:170
reachable_addr_choose_from_ls
void reachable_addr_choose_from_ls(const smartlist_t *lspecs, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:910
edge_connection_t
Definition: edge_connection_st.h:21
port_cfg_line_extract_addrport
int port_cfg_line_extract_addrport(const char *line, char **addrport_out, int *is_unix_out, const char **rest_out)
Definition: config.c:5852
hs_ident_circuit_t::num_rdv_streams
uint64_t num_rdv_streams
Definition: hs_ident.h:81
hs_ob.h
Header file for the specific code for onion balance.
hs_clean_last_hid_serv_requests
void hs_clean_last_hid_serv_requests(time_t now)
Definition: hs_common.c:1413
get_uint8
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
hs_inc_rdv_stream_counter
void hs_inc_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1737
hs_build_blinded_pubkey
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
Definition: hs_common.c:927
policies.h
Header file for policies.c.
sr_state_get_protocol_run_duration
unsigned int sr_state_get_protocol_run_duration(void)
Definition: shared_random_client.c:310
hs_circuitmap.h
Header file for hs_circuitmap.c.
hs_port_config_free_
void hs_port_config_free_(hs_port_config_t *p)
Definition: hs_common.c:787
connection_t::socket_family
int socket_family
Definition: connection_st.h:111
shared_random_client.h
Header file for shared_random_client.c.
compare_digest_to_store_first_hsdir_index
static int compare_digest_to_store_first_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:123
config.h
Header file for config.c.
crypto_digest256
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:121
escaped_safe_str
const char * escaped_safe_str(const char *address)
Definition: config.c:1122
HS_DEFAULT_HSDIR_SPREAD_STORE
#define HS_DEFAULT_HSDIR_SPREAD_STORE
Definition: hs_common.h:121
smartlist_contains
int smartlist_contains(const smartlist_t *sl, const void *element)
Definition: smartlist_core.c:201
hs_parse_address
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:840
str_ed25519_basepoint
static const char * str_ed25519_basepoint
Definition: hs_common.c:50
LD_NET
#define LD_NET
Definition: log.h:66
hs_parse_address_no_log
int hs_parse_address_no_log(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out, const char **errmsg)
Definition: hs_common.c:800
origin_circuit_t::hs_ident
struct hs_ident_circuit_t * hs_ident
Definition: origin_circuit_st.h:133
or_options_t
Definition: or_options_st.h:64
ed25519_public_blind
int ed25519_public_blind(ed25519_public_key_t *out, const ed25519_public_key_t *inp, const uint8_t *param)
Definition: crypto_ed25519.c:541
TO_CONN
#define TO_CONN(c)
Definition: or.h:616
STATIC
#define STATIC
Definition: testsupport.h:32
HS_TIME_PERIOD_LENGTH_MIN
#define HS_TIME_PERIOD_LENGTH_MIN
Definition: hs_common.h:86
hs_dec_rdv_stream_counter
void hs_dec_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1722
hs_port_config_t::is_unix_addr
unsigned int is_unix_addr
Definition: hs_common.h:154
set_uint64
static void set_uint64(void *cp, uint64_t v)
Definition: bytes.h:96
hs_port_config_new
static hs_port_config_t * hs_port_config_new(const char *socket_path)
Definition: hs_common.c:663
hs_port_config_t::real_port
uint16_t real_port
Definition: hs_common.h:156
networkstatus_get_param
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Definition: networkstatus.c:2500
networkstatus_st.h
Networkstatus consensus/vote structure.
HS_CREDENTIAL_PREFIX
#define HS_CREDENTIAL_PREFIX
Definition: hs_common.h:101
BASE32_DIGEST_LEN
#define BASE32_DIGEST_LEN
Definition: crypto_digest.h:23
smartlist_sort
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
routerstatus_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: routerstatus_st.h:27
networkstatus_t
Definition: networkstatus_st.h:26
hs_cache_free_all
void hs_cache_free_all(void)
Definition: hs_cache.c:1130
hs_get_subcredential
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:565
origin_circuit_st.h
Origin circuit structure.
compare_node_store_second_hsdir_index
static int compare_node_store_second_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:166
node_has_preferred_descriptor
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1500
smartlist_t
Definition: smartlist_core.h:26
hs_get_start_time_of_next_time_period
time_t hs_get_start_time_of_next_time_period(time_t now)
Definition: hs_common.c:324
HS_SERVICE_ADDR_LEN_BASE32
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:80
sr_state_get_phase_duration
unsigned int sr_state_get_phase_duration(void)
Definition: shared_random_client.c:303
crypto_digest_get_digest
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Definition: crypto_digest_nss.c:348
smartlist_bsearch_idx
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
rendcommon.h
Header file for rendcommon.c.
check_private_dir
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
extend_info_t
Definition: extend_info_st.h:27
get_last_hid_serv_requests
STATIC strmap_t * get_last_hid_serv_requests(void)
Definition: hs_common.c:1366
hs_free_all
void hs_free_all(void)
Definition: hs_common.c:1710
or.h
Master header file for Tor-specific functionality.
get_disaster_srv
STATIC void get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:384
ed25519_keypair_t
Definition: crypto_ed25519.h:39
hs_get_current_srv
uint8_t * hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
Definition: hs_common.c:1117
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72