Tor  0.4.4.0-alpha-dev
hs_common.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_common.c
6  * \brief Contains code shared between different HS protocol version as well
7  * as useful data structures and accessors used by other subsystems.
8  * The rendcommon.c should only contains code relating to the v2
9  * protocol.
10  **/
11 
12 #define HS_COMMON_PRIVATE
13 
14 #include "core/or/or.h"
15 
16 #include "app/config/config.h"
17 #include "core/or/circuitbuild.h"
18 #include "core/or/policies.h"
20 #include "feature/hs/hs_cache.h"
22 #include "feature/hs/hs_client.h"
23 #include "feature/hs/hs_common.h"
24 #include "feature/hs/hs_dos.h"
25 #include "feature/hs/hs_ob.h"
26 #include "feature/hs/hs_ident.h"
27 #include "feature/hs/hs_service.h"
38 
44 
45 /* Trunnel */
46 #include "trunnel/ed25519_cert.h"
47 
48 /** Ed25519 Basepoint value. Taken from section 5 of
49  * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
50 static const char *str_ed25519_basepoint =
51  "(15112221349535400772501151409588531511"
52  "454012693041857206046113283949847762202, "
53  "463168356949264781694283940034751631413"
54  "07993866256225615783033603165251855960)";
55 
56 #ifdef HAVE_SYS_UN_H
57 
58 /** Given <b>ports</b>, a smarlist containing rend_service_port_config_t,
59  * add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success
60  * else return -ENOSYS if AF_UNIX is not supported (see function in the
61  * #else statement below). */
62 static int
63 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
64 {
65  tor_assert(ports);
66  tor_assert(p);
68 
69  smartlist_add(ports, p);
70  return 0;
71 }
72 
73 /** Given <b>conn</b> set it to use the given port <b>p</b> values. Return 0
74  * on success else return -ENOSYS if AF_UNIX is not supported (see function
75  * in the #else statement below). */
76 static int
77 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
78 {
79  tor_assert(conn);
80  tor_assert(p);
82 
83  conn->base_.socket_family = AF_UNIX;
84  tor_addr_make_unspec(&conn->base_.addr);
85  conn->base_.port = 1;
86  conn->base_.address = tor_strdup(p->unix_addr);
87  return 0;
88 }
89 
90 #else /* !defined(HAVE_SYS_UN_H) */
91 
92 static int
93 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
94 {
95  (void) conn;
96  (void) p;
97  return -ENOSYS;
98 }
99 
100 static int
101 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
102 {
103  (void) ports;
104  (void) p;
105  return -ENOSYS;
106 }
107 
108 #endif /* defined(HAVE_SYS_UN_H) */
109 
110 /** Helper function: The key is a digest that we compare to a node_t object
111  * current hsdir_index. */
112 static int
113 compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
114 {
115  const char *key = _key;
116  const node_t *node = *_member;
117  return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
118 }
119 
120 /** Helper function: The key is a digest that we compare to a node_t object
121  * next hsdir_index. */
122 static int
124  const void **_member)
125 {
126  const char *key = _key;
127  const node_t *node = *_member;
128  return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
129 }
130 
131 /** Helper function: The key is a digest that we compare to a node_t object
132  * next hsdir_index. */
133 static int
135  const void **_member)
136 {
137  const char *key = _key;
138  const node_t *node = *_member;
139  return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
140 }
141 
142 /** Helper function: Compare two node_t objects current hsdir_index. */
143 static int
144 compare_node_fetch_hsdir_index(const void **a, const void **b)
145 {
146  const node_t *node1= *a;
147  const node_t *node2 = *b;
148  return tor_memcmp(node1->hsdir_index.fetch,
149  node2->hsdir_index.fetch,
150  DIGEST256_LEN);
151 }
152 
153 /** Helper function: Compare two node_t objects next hsdir_index. */
154 static int
155 compare_node_store_first_hsdir_index(const void **a, const void **b)
156 {
157  const node_t *node1= *a;
158  const node_t *node2 = *b;
159  return tor_memcmp(node1->hsdir_index.store_first,
160  node2->hsdir_index.store_first,
161  DIGEST256_LEN);
162 }
163 
164 /** Helper function: Compare two node_t objects next hsdir_index. */
165 static int
166 compare_node_store_second_hsdir_index(const void **a, const void **b)
167 {
168  const node_t *node1= *a;
169  const node_t *node2 = *b;
170  return tor_memcmp(node1->hsdir_index.store_second,
171  node2->hsdir_index.store_second,
172  DIGEST256_LEN);
173 }
174 
175 /** Allocate and return a string containing the path to filename in directory.
176  * This function will never return NULL. The caller must free this path. */
177 char *
178 hs_path_from_filename(const char *directory, const char *filename)
179 {
180  char *file_path = NULL;
181 
182  tor_assert(directory);
183  tor_assert(filename);
184 
185  tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
186  return file_path;
187 }
188 
189 /** Make sure that the directory for <b>service</b> is private, using the
190  * config <b>username</b>.
191  *
192  * If <b>create</b> is true:
193  * - if the directory exists, change permissions if needed,
194  * - if the directory does not exist, create it with the correct permissions.
195  * If <b>create</b> is false:
196  * - if the directory exists, check permissions,
197  * - if the directory does not exist, check if we think we can create it.
198  * Return 0 on success, -1 on failure. */
199 int
200 hs_check_service_private_dir(const char *username, const char *path,
201  unsigned int dir_group_readable,
202  unsigned int create)
203 {
204  cpd_check_t check_opts = CPD_NONE;
205 
206  tor_assert(path);
207 
208  if (create) {
209  check_opts |= CPD_CREATE;
210  } else {
211  check_opts |= CPD_CHECK_MODE_ONLY;
212  check_opts |= CPD_CHECK;
213  }
214  if (dir_group_readable) {
215  check_opts |= CPD_GROUP_READ;
216  }
217  /* Check/create directory */
218  if (check_private_dir(path, check_opts, username) < 0) {
219  return -1;
220  }
221  return 0;
222 }
223 
224 /* Default, minimum, and maximum values for the maximum rendezvous failures
225  * consensus parameter. */
226 #define MAX_REND_FAILURES_DEFAULT 2
227 #define MAX_REND_FAILURES_MIN 1
228 #define MAX_REND_FAILURES_MAX 10
229 
230 /** How many times will a hidden service operator attempt to connect to
231  * a requested rendezvous point before giving up? */
232 int
234 {
235  return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
236  MAX_REND_FAILURES_DEFAULT,
237  MAX_REND_FAILURES_MIN,
238  MAX_REND_FAILURES_MAX);
239 }
240 
241 /** Get the default HS time period length in minutes from the consensus. */
242 STATIC uint64_t
244 {
245  /* If we are on a test network, make the time period smaller than normal so
246  that we actually see it rotate. Specifically, make it the same length as
247  an SRV protocol run. */
248  if (get_options()->TestingTorNetwork) {
249  unsigned run_duration = sr_state_get_protocol_run_duration();
250  /* An SRV run should take more than a minute (it's 24 rounds) */
251  tor_assert_nonfatal(run_duration > 60);
252  /* Turn it from seconds to minutes before returning: */
254  }
255 
256  int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
260  /* Make sure it's a positive value. */
261  tor_assert(time_period_length > 0);
262  /* uint64_t will always be able to contain a positive int32_t */
263  return (uint64_t) time_period_length;
264 }
265 
266 /** Get the HS time period number at time <b>now</b>. If <b>now</b> is not set,
267  * we try to get the time ourselves from a live consensus. */
268 uint64_t
270 {
271  uint64_t time_period_num;
272  time_t current_time;
273 
274  /* If no time is specified, set current time based on consensus time, and
275  * only fall back to system time if that fails. */
276  if (now != 0) {
277  current_time = now;
278  } else {
280  current_time = ns ? ns->valid_after : approx_time();
281  }
282 
283  /* Start by calculating minutes since the epoch */
284  uint64_t time_period_length = get_time_period_length();
285  uint64_t minutes_since_epoch = current_time / 60;
286 
287  /* Apply the rotation offset as specified by prop224 (section
288  * [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
289  * publication */
290  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
291  time_period_rotation_offset /= 60; /* go from seconds to minutes */
292  tor_assert(minutes_since_epoch > time_period_rotation_offset);
293  minutes_since_epoch -= time_period_rotation_offset;
294 
295  /* Calculate the time period */
296  time_period_num = minutes_since_epoch / time_period_length;
297  return time_period_num;
298 }
299 
300 /** Get the number of the _upcoming_ HS time period, given that the current
301  * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
302  * live consensus. */
303 uint64_t
305 {
306  return hs_get_time_period_num(now) + 1;
307 }
308 
309 /** Get the number of the _previous_ HS time period, given that the current
310  * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
311  * live consensus. */
312 uint64_t
314 {
315  return hs_get_time_period_num(now) - 1;
316 }
317 
318 /** Return the start time of the upcoming time period based on <b>now</b>. If
319  * <b>now</b> is not set, we try to get the time ourselves from a live
320  * consensus. */
321 time_t
323 {
324  uint64_t time_period_length = get_time_period_length();
325 
326  /* Get start time of next time period */
327  uint64_t next_time_period_num = hs_get_next_time_period_num(now);
328  uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
329 
330  /* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
331  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
332  return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
333 }
334 
335 /** Create a new rend_data_t for a specific given <b>version</b>.
336  * Return a pointer to the newly allocated data structure. */
337 static rend_data_t *
338 rend_data_alloc(uint32_t version)
339 {
340  rend_data_t *rend_data = NULL;
341 
342  switch (version) {
343  case HS_VERSION_TWO:
344  {
345  rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2));
346  v2->base_.version = HS_VERSION_TWO;
347  v2->base_.hsdirs_fp = smartlist_new();
348  rend_data = &v2->base_;
349  break;
350  }
351  default:
352  tor_assert(0);
353  break;
354  }
355 
356  return rend_data;
357 }
358 
359 /** Free all storage associated with <b>data</b> */
360 void
362 {
363  if (!data) {
364  return;
365  }
366  /* By using our allocation function, this should always be set. */
367  tor_assert(data->hsdirs_fp);
368  /* Cleanup the HSDir identity digest. */
369  SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
370  smartlist_free(data->hsdirs_fp);
371  /* Depending on the version, cleanup. */
372  switch (data->version) {
373  case HS_VERSION_TWO:
374  {
375  rend_data_v2_t *v2_data = TO_REND_DATA_V2(data);
376  tor_free(v2_data);
377  break;
378  }
379  default:
380  tor_assert(0);
381  }
382 }
383 
384 /** Allocate and return a deep copy of <b>data</b>. */
385 rend_data_t *
387 {
388  rend_data_t *data_dup = NULL;
389  smartlist_t *hsdirs_fp = smartlist_new();
390 
391  tor_assert(data);
392  tor_assert(data->hsdirs_fp);
393 
394  SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
395  smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN)));
396 
397  switch (data->version) {
398  case HS_VERSION_TWO:
399  {
400  rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data),
401  sizeof(*v2_data));
402  data_dup = &v2_data->base_;
403  data_dup->hsdirs_fp = hsdirs_fp;
404  break;
405  }
406  default:
407  tor_assert(0);
408  break;
409  }
410 
411  return data_dup;
412 }
413 
414 /** Compute the descriptor ID for each HS descriptor replica and save them. A
415  * valid onion address must be present in the <b>rend_data</b>.
416  *
417  * Return 0 on success else -1. */
418 static int
420 {
421  int ret = 0;
422  unsigned replica;
423  time_t now = time(NULL);
424 
425  tor_assert(rend_data);
426 
427  switch (rend_data->version) {
428  case HS_VERSION_TWO:
429  {
430  rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
431  /* Compute descriptor ID for each replicas. */
432  for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id);
433  replica++) {
434  ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica],
435  v2_data->onion_address,
436  v2_data->descriptor_cookie,
437  now, replica);
438  if (ret < 0) {
439  goto end;
440  }
441  }
442  break;
443  }
444  default:
445  tor_assert(0);
446  }
447 
448  end:
449  return ret;
450 }
451 
452 /** Allocate and initialize a rend_data_t object for a service using the
453  * provided arguments. All arguments are optional (can be NULL), except from
454  * <b>onion_address</b> which MUST be set. The <b>pk_digest</b> is the hash of
455  * the service private key. The <b>cookie</b> is the rendezvous cookie and
456  * <b>auth_type</b> is which authentiation this service is configured with.
457  *
458  * Return a valid rend_data_t pointer. This only returns a version 2 object of
459  * rend_data_t. */
460 rend_data_t *
461 rend_data_service_create(const char *onion_address, const char *pk_digest,
462  const uint8_t *cookie, rend_auth_type_t auth_type)
463 {
464  /* Create a rend_data_t object for version 2. */
466  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
467 
468  /* We need at least one else the call is wrong. */
469  tor_assert(onion_address != NULL);
470 
471  if (pk_digest) {
472  memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest));
473  }
474  if (cookie) {
475  memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie));
476  }
477 
478  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
479  v2->auth_type = auth_type;
480 
481  return rend_data;
482 }
483 
484 /** Allocate and initialize a rend_data_t object for a client request using the
485  * given arguments. Either an onion address or a descriptor ID is needed. Both
486  * can be given but in this case only the onion address will be used to make
487  * the descriptor fetch. The <b>cookie</b> is the rendezvous cookie and
488  * <b>auth_type</b> is which authentiation the service is configured with.
489  *
490  * Return a valid rend_data_t pointer or NULL on error meaning the
491  * descriptor IDs couldn't be computed from the given data. */
492 rend_data_t *
493 rend_data_client_create(const char *onion_address, const char *desc_id,
494  const char *cookie, rend_auth_type_t auth_type)
495 {
496  /* Create a rend_data_t object for version 2. */
498  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
499 
500  /* We need at least one else the call is wrong. */
501  tor_assert(onion_address != NULL || desc_id != NULL);
502 
503  if (cookie) {
504  memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie));
505  }
506  if (desc_id) {
507  memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch));
508  }
509  if (onion_address) {
510  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
511  if (compute_desc_id(rend_data) < 0) {
512  goto error;
513  }
514  }
515 
516  v2->auth_type = auth_type;
517 
518  return rend_data;
519 
520  error:
521  rend_data_free(rend_data);
522  return NULL;
523 }
524 
525 /** Return the onion address from the rend data. Depending on the version,
526  * the size of the address can vary but it's always NUL terminated. */
527 const char *
529 {
530  tor_assert(rend_data);
531 
532  switch (rend_data->version) {
533  case HS_VERSION_TWO:
534  return TO_REND_DATA_V2(rend_data)->onion_address;
535  default:
536  /* We should always have a supported version. */
537  tor_assert_unreached();
538  }
539 }
540 
541 /** Return the descriptor ID for a specific replica number from the rend
542  * data. The returned data is a binary digest and depending on the version its
543  * size can vary. The size of the descriptor ID is put in <b>len_out</b> if
544  * non NULL. */
545 const char *
546 rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica,
547  size_t *len_out)
548 {
549  tor_assert(rend_data);
550 
551  switch (rend_data->version) {
552  case HS_VERSION_TWO:
554  if (len_out) {
555  *len_out = DIGEST_LEN;
556  }
557  return TO_REND_DATA_V2(rend_data)->descriptor_id[replica];
558  default:
559  /* We should always have a supported version. */
560  tor_assert_unreached();
561  }
562 }
563 
564 /** Return the public key digest using the given <b>rend_data</b>. The size of
565  * the digest is put in <b>len_out</b> (if set) which can differ depending on
566  * the version. */
567 const uint8_t *
568 rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
569 {
570  tor_assert(rend_data);
571 
572  switch (rend_data->version) {
573  case HS_VERSION_TWO:
574  {
575  const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
576  if (len_out) {
577  *len_out = sizeof(v2_data->rend_pk_digest);
578  }
579  return (const uint8_t *) v2_data->rend_pk_digest;
580  }
581  default:
582  /* We should always have a supported version. */
583  tor_assert_unreached();
584  }
585 }
586 
587 /** Using the given time period number, compute the disaster shared random
588  * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
589 static void
590 compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
591 {
592  crypto_digest_t *digest;
593 
594  tor_assert(srv_out);
595 
596  digest = crypto_digest256_new(DIGEST_SHA3_256);
597 
598  /* Start setting up payload:
599  * H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
601  HS_SRV_DISASTER_PREFIX_LEN);
602 
603  /* Setup INT_8(period_length) | INT_8(period_num) */
604  {
605  uint64_t time_period_length = get_time_period_length();
606  char period_stuff[sizeof(uint64_t)*2];
607  size_t offset = 0;
608  set_uint64(period_stuff, tor_htonll(time_period_length));
609  offset += sizeof(uint64_t);
610  set_uint64(period_stuff+offset, tor_htonll(time_period_num));
611  offset += sizeof(uint64_t);
612  tor_assert(offset == sizeof(period_stuff));
613 
614  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
615  }
616 
617  crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
618  crypto_digest_free(digest);
619 }
620 
621 /** Due to the high cost of computing the disaster SRV and that potentially we
622  * would have to do it thousands of times in a row, we always cache the
623  * computer disaster SRV (and its corresponding time period num) in case we
624  * want to reuse it soon after. We need to cache two SRVs, one for each active
625  * time period.
626  */
628 static uint64_t cached_time_period_nums[2] = {0};
629 
630 /** Compute the disaster SRV value for this <b>time_period_num</b> and put it
631  * in <b>srv_out</b> (of size at least DIGEST256_LEN). First check our caches
632  * to see if we have already computed it. */
633 STATIC void
634 get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
635 {
636  if (time_period_num == cached_time_period_nums[0]) {
637  memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
638  return;
639  } else if (time_period_num == cached_time_period_nums[1]) {
640  memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
641  return;
642  } else {
643  int replace_idx;
644  // Replace the lower period number.
645  if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
646  replace_idx = 0;
647  } else {
648  replace_idx = 1;
649  }
650  cached_time_period_nums[replace_idx] = time_period_num;
651  compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
652  memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
653  return;
654  }
655 }
656 
657 #ifdef TOR_UNIT_TESTS
658 
659 /** Get the first cached disaster SRV. Only used by unittests. */
660 STATIC uint8_t *
661 get_first_cached_disaster_srv(void)
662 {
663  return cached_disaster_srv[0];
664 }
665 
666 /** Get the second cached disaster SRV. Only used by unittests. */
667 STATIC uint8_t *
668 get_second_cached_disaster_srv(void)
669 {
670  return cached_disaster_srv[1];
671 }
672 
673 #endif /* defined(TOR_UNIT_TESTS) */
674 
675 /** When creating a blinded key, we need a parameter which construction is as
676  * follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
677  *
678  * The nonce has a pre-defined format which uses the time period number
679  * period_num and the start of the period in second start_time_period.
680  *
681  * The secret of size secret_len is optional meaning that it can be NULL and
682  * thus will be ignored for the param construction.
683  *
684  * The result is put in param_out. */
685 static void
687  const uint8_t *secret, size_t secret_len,
688  uint64_t period_num, uint64_t period_length,
689  uint8_t *param_out)
690 {
691  size_t offset = 0;
692  const char blind_str[] = "Derive temporary signing key";
693  uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
694  crypto_digest_t *digest;
695 
696  tor_assert(pubkey);
697  tor_assert(param_out);
698 
699  /* Create the nonce N. The construction is as follow:
700  * N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
701  memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
702  offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
703  set_uint64(nonce + offset, tor_htonll(period_num));
704  offset += sizeof(uint64_t);
705  set_uint64(nonce + offset, tor_htonll(period_length));
706  offset += sizeof(uint64_t);
707  tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
708 
709  /* Generate the parameter h and the construction is as follow:
710  * h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
711  digest = crypto_digest256_new(DIGEST_SHA3_256);
712  crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
713  crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
714  /* Optional secret. */
715  if (secret) {
716  crypto_digest_add_bytes(digest, (char *) secret, secret_len);
717  }
719  strlen(str_ed25519_basepoint));
720  crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
721 
722  /* Extract digest and put it in the param. */
723  crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
724  crypto_digest_free(digest);
725 
726  memwipe(nonce, 0, sizeof(nonce));
727 }
728 
729 /** Using an ed25519 public key and version to build the checksum of an
730  * address. Put in checksum_out. Format is:
731  * SHA3-256(".onion checksum" || PUBKEY || VERSION)
732  *
733  * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
734 static void
735 build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
736  uint8_t *checksum_out)
737 {
738  size_t offset = 0;
740 
741  /* Build checksum data. */
742  memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
745  memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
746  offset += ED25519_PUBKEY_LEN;
747  set_uint8(data + offset, version);
748  offset += sizeof(version);
750 
751  /* Hash the data payload to create the checksum. */
752  crypto_digest256((char *) checksum_out, data, sizeof(data),
753  DIGEST_SHA3_256);
754 }
755 
756 /** Using an ed25519 public key, checksum and version to build the binary
757  * representation of a service address. Put in addr_out. Format is:
758  * addr_out = PUBKEY || CHECKSUM || VERSION
759  *
760  * addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
761 static void
762 build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
763  uint8_t version, char *addr_out)
764 {
765  size_t offset = 0;
766 
767  tor_assert(key);
768  tor_assert(checksum);
769 
770  memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
771  offset += ED25519_PUBKEY_LEN;
772  memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
774  set_uint8(addr_out + offset, version);
775  offset += sizeof(uint8_t);
776  tor_assert(offset == HS_SERVICE_ADDR_LEN);
777 }
778 
779 /** Helper for hs_parse_address(): Using a binary representation of a service
780  * address, parse its content into the key_out, checksum_out and version_out.
781  * Any out variable can be NULL in case the caller would want only one field.
782  * checksum_out MUST at least be 2 bytes long. address must be at least
783  * HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
784 static void
785 hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
786  uint8_t *checksum_out, uint8_t *version_out)
787 {
788  size_t offset = 0;
789 
790  tor_assert(address);
791 
792  if (key_out) {
793  /* First is the key. */
794  memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
795  }
796  offset += ED25519_PUBKEY_LEN;
797  if (checksum_out) {
798  /* Followed by a 2 bytes checksum. */
799  memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
800  }
802  if (version_out) {
803  /* Finally, version value is 1 byte. */
804  *version_out = get_uint8(address + offset);
805  }
806  offset += sizeof(uint8_t);
807  /* Extra safety. */
808  tor_assert(offset == HS_SERVICE_ADDR_LEN);
809 }
810 
811 /** Using the given identity public key and a blinded public key, compute the
812  * subcredential and put it in subcred_out.
813  * This can't fail. */
814 void
816  const ed25519_public_key_t *blinded_pk,
817  hs_subcredential_t *subcred_out)
818 {
819  uint8_t credential[DIGEST256_LEN];
820  crypto_digest_t *digest;
821 
822  tor_assert(identity_pk);
823  tor_assert(blinded_pk);
824  tor_assert(subcred_out);
825 
826  /* First, build the credential. Construction is as follow:
827  * credential = H("credential" | public-identity-key) */
828  digest = crypto_digest256_new(DIGEST_SHA3_256);
830  HS_CREDENTIAL_PREFIX_LEN);
831  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
833  crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
834  crypto_digest_free(digest);
835 
836  /* Now, compute the subcredential. Construction is as follow:
837  * subcredential = H("subcredential" | credential | blinded-public-key). */
838  digest = crypto_digest256_new(DIGEST_SHA3_256);
839  crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
840  HS_SUBCREDENTIAL_PREFIX_LEN);
841  crypto_digest_add_bytes(digest, (const char *) credential,
842  sizeof(credential));
843  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
845  crypto_digest_get_digest(digest, (char *) subcred_out->subcred,
846  SUBCRED_LEN);
847  crypto_digest_free(digest);
848 
849  memwipe(credential, 0, sizeof(credential));
850 }
851 
852 /** From the given list of hidden service ports, find the ones that match the
853  * given edge connection conn, pick one at random and use it to set the
854  * connection address. Return 0 on success or -1 if none. */
855 int
857 {
858  rend_service_port_config_t *chosen_port;
859  unsigned int warn_once = 0;
860  smartlist_t *matching_ports;
861 
862  tor_assert(ports);
863  tor_assert(conn);
864 
865  matching_ports = smartlist_new();
867  if (TO_CONN(conn)->port != p->virtual_port) {
868  continue;
869  }
870  if (!(p->is_unix_addr)) {
871  smartlist_add(matching_ports, p);
872  } else {
873  if (add_unix_port(matching_ports, p)) {
874  if (!warn_once) {
875  /* Unix port not supported so warn only once. */
876  log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
877  "which is unsupported on this platform. "
878  "Ignoring it.",
879  TO_CONN(conn)->port);
880  }
881  warn_once++;
882  }
883  }
884  } SMARTLIST_FOREACH_END(p);
885 
886  chosen_port = smartlist_choose(matching_ports);
887  smartlist_free(matching_ports);
888  if (chosen_port) {
889  if (!(chosen_port->is_unix_addr)) {
890  /* save the original destination before we overwrite it */
891  if (conn->hs_ident) {
892  conn->hs_ident->orig_virtual_port = TO_CONN(conn)->port;
893  }
894 
895  /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
896  tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
897  TO_CONN(conn)->port = chosen_port->real_port;
898  } else {
899  if (set_unix_port(conn, chosen_port)) {
900  /* Simply impossible to end up here else we were able to add a Unix
901  * port without AF_UNIX support... ? */
902  tor_assert(0);
903  }
904  }
905  }
906  return (chosen_port) ? 0 : -1;
907 }
908 
909 /** Using a base32 representation of a service address, parse its content into
910  * the key_out, checksum_out and version_out. Any out variable can be NULL in
911  * case the caller would want only one field. checksum_out MUST at least be 2
912  * bytes long.
913  *
914  * Return 0 if parsing went well; return -1 in case of error and if errmsg is
915  * non NULL, a human readable string message is set. */
916 int
917 hs_parse_address_no_log(const char *address, ed25519_public_key_t *key_out,
918  uint8_t *checksum_out, uint8_t *version_out,
919  const char **errmsg)
920 {
921  char decoded[HS_SERVICE_ADDR_LEN];
922 
923  tor_assert(address);
924 
925  if (errmsg) {
926  *errmsg = NULL;
927  }
928 
929  /* Obvious length check. */
930  if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
931  if (errmsg) {
932  *errmsg = "Invalid length";
933  }
934  goto invalid;
935  }
936 
937  /* Decode address so we can extract needed fields. */
938  if (base32_decode(decoded, sizeof(decoded), address, strlen(address))
939  != sizeof(decoded)) {
940  if (errmsg) {
941  *errmsg = "Unable to base32 decode";
942  }
943  goto invalid;
944  }
945 
946  /* Parse the decoded address into the fields we need. */
947  hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
948 
949  return 0;
950  invalid:
951  return -1;
952 }
953 
954 /** Same has hs_parse_address_no_log() but emits a log warning on parsing
955  * failure. */
956 int
957 hs_parse_address(const char *address, ed25519_public_key_t *key_out,
958  uint8_t *checksum_out, uint8_t *version_out)
959 {
960  const char *errmsg = NULL;
961  int ret = hs_parse_address_no_log(address, key_out, checksum_out,
962  version_out, &errmsg);
963  if (ret < 0) {
964  log_warn(LD_REND, "Service address %s failed to be parsed: %s",
965  escaped_safe_str(address), errmsg);
966  }
967  return ret;
968 }
969 
970 /** Validate a given onion address. The length, the base32 decoding, and
971  * checksum are validated. Return 1 if valid else 0. */
972 int
973 hs_address_is_valid(const char *address)
974 {
975  uint8_t version;
976  uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
977  uint8_t target_checksum[DIGEST256_LEN];
978  ed25519_public_key_t service_pubkey;
979 
980  /* Parse the decoded address into the fields we need. */
981  if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
982  goto invalid;
983  }
984 
985  /* Get the checksum it's supposed to be and compare it with what we have
986  * encoded in the address. */
987  build_hs_checksum(&service_pubkey, version, target_checksum);
988  if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
989  log_warn(LD_REND, "Service address %s invalid checksum.",
990  escaped_safe_str(address));
991  goto invalid;
992  }
993 
994  /* Validate that this pubkey does not have a torsion component. We need to do
995  * this on the prop224 client-side so that attackers can't give equivalent
996  * forms of an onion address to users. */
997  if (ed25519_validate_pubkey(&service_pubkey) < 0) {
998  log_warn(LD_REND, "Service address %s has bad pubkey .",
999  escaped_safe_str(address));
1000  goto invalid;
1001  }
1002 
1003  /* Valid address. */
1004  return 1;
1005  invalid:
1006  return 0;
1007 }
1008 
1009 /** Build a service address using an ed25519 public key and a given version.
1010  * The returned address is base32 encoded and put in addr_out. The caller MUST
1011  * make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
1012  *
1013  * Format is as follows:
1014  * base32(PUBKEY || CHECKSUM || VERSION)
1015  * CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
1016  * */
1017 void
1018 hs_build_address(const ed25519_public_key_t *key, uint8_t version,
1019  char *addr_out)
1020 {
1021  uint8_t checksum[DIGEST256_LEN];
1022  char address[HS_SERVICE_ADDR_LEN];
1023 
1024  tor_assert(key);
1025  tor_assert(addr_out);
1026 
1027  /* Get the checksum of the address. */
1028  build_hs_checksum(key, version, checksum);
1029  /* Get the binary address representation. */
1030  build_hs_address(key, checksum, version, address);
1031 
1032  /* Encode the address. addr_out will be NUL terminated after this. */
1033  base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
1034  sizeof(address));
1035  /* Validate what we just built. */
1036  tor_assert(hs_address_is_valid(addr_out));
1037 }
1038 
1039 /** From a given ed25519 public key pk and an optional secret, compute a
1040  * blinded public key and put it in blinded_pk_out. This is only useful to
1041  * the client side because the client only has access to the identity public
1042  * key of the service. */
1043 void
1045  const uint8_t *secret, size_t secret_len,
1046  uint64_t time_period_num,
1047  ed25519_public_key_t *blinded_pk_out)
1048 {
1049  /* Our blinding key API requires a 32 bytes parameter. */
1050  uint8_t param[DIGEST256_LEN];
1051 
1052  tor_assert(pk);
1053  tor_assert(blinded_pk_out);
1055 
1056  build_blinded_key_param(pk, secret, secret_len,
1057  time_period_num, get_time_period_length(), param);
1058  ed25519_public_blind(blinded_pk_out, pk, param);
1059 
1060  memwipe(param, 0, sizeof(param));
1061 }
1062 
1063 /** From a given ed25519 keypair kp and an optional secret, compute a blinded
1064  * keypair for the current time period and put it in blinded_kp_out. This is
1065  * only useful by the service side because the client doesn't have access to
1066  * the identity secret key. */
1067 void
1069  const uint8_t *secret, size_t secret_len,
1070  uint64_t time_period_num,
1071  ed25519_keypair_t *blinded_kp_out)
1072 {
1073  /* Our blinding key API requires a 32 bytes parameter. */
1074  uint8_t param[DIGEST256_LEN];
1075 
1076  tor_assert(kp);
1077  tor_assert(blinded_kp_out);
1078  /* Extra safety. A zeroed key is bad. */
1079  tor_assert(!fast_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
1080  tor_assert(!fast_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
1081 
1082  build_blinded_key_param(&kp->pubkey, secret, secret_len,
1083  time_period_num, get_time_period_length(), param);
1084  ed25519_keypair_blind(blinded_kp_out, kp, param);
1085 
1086  memwipe(param, 0, sizeof(param));
1087 }
1088 
1089 /** Return true if we are currently in the time segment between a new time
1090  * period and a new SRV (in the real network that happens between 12:00 and
1091  * 00:00 UTC). Here is a diagram showing exactly when this returns true:
1092  *
1093  * +------------------------------------------------------------------+
1094  * | |
1095  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
1096  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
1097  * | |
1098  * | $==========|-----------$===========|-----------$===========| |
1099  * | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
1100  * | |
1101  * +------------------------------------------------------------------+
1102  */
1103 MOCK_IMPL(int,
1104 hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
1105 {
1106  time_t valid_after;
1107  time_t srv_start_time, tp_start_time;
1108 
1109  if (!consensus) {
1110  consensus = networkstatus_get_live_consensus(now);
1111  if (!consensus) {
1112  return 0;
1113  }
1114  }
1115 
1116  /* Get start time of next TP and of current SRV protocol run, and check if we
1117  * are between them. */
1118  valid_after = consensus->valid_after;
1120  tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
1121 
1122  if (valid_after >= srv_start_time && valid_after < tp_start_time) {
1123  return 0;
1124  }
1125 
1126  return 1;
1127 }
1128 
1129 /** Return 1 if any virtual port in ports needs a circuit with good uptime.
1130  * Else return 0. */
1131 int
1133 {
1134  tor_assert(ports);
1135 
1137  if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
1138  p->virtual_port)) {
1139  return 1;
1140  }
1141  } SMARTLIST_FOREACH_END(p);
1142  return 0;
1143 }
1144 
1145 /** Build hs_index which is used to find the responsible hsdirs. This index
1146  * value is used to select the responsible HSDir where their hsdir_index is
1147  * closest to this value.
1148  * SHA3-256("store-at-idx" | blinded_public_key |
1149  * INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
1150  *
1151  * hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
1152 void
1153 hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
1154  uint64_t period_num, uint8_t *hs_index_out)
1155 {
1156  crypto_digest_t *digest;
1157 
1158  tor_assert(blinded_pk);
1159  tor_assert(hs_index_out);
1160 
1161  /* Build hs_index. See construction at top of function comment. */
1162  digest = crypto_digest256_new(DIGEST_SHA3_256);
1163  crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
1164  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
1166 
1167  /* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
1168  {
1169  uint64_t period_length = get_time_period_length();
1170  char buf[sizeof(uint64_t)*3];
1171  size_t offset = 0;
1172  set_uint64(buf, tor_htonll(replica));
1173  offset += sizeof(uint64_t);
1174  set_uint64(buf+offset, tor_htonll(period_length));
1175  offset += sizeof(uint64_t);
1176  set_uint64(buf+offset, tor_htonll(period_num));
1177  offset += sizeof(uint64_t);
1178  tor_assert(offset == sizeof(buf));
1179 
1180  crypto_digest_add_bytes(digest, buf, sizeof(buf));
1181  }
1182 
1183  crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
1184  crypto_digest_free(digest);
1185 }
1186 
1187 /** Build hsdir_index which is used to find the responsible hsdirs. This is the
1188  * index value that is compare to the hs_index when selecting an HSDir.
1189  * SHA3-256("node-idx" | node_identity |
1190  * shared_random_value | INT_8(period_length) | INT_8(period_num) )
1191  *
1192  * hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
1193 void
1195  const uint8_t *srv_value, uint64_t period_num,
1196  uint8_t *hsdir_index_out)
1197 {
1198  crypto_digest_t *digest;
1199 
1200  tor_assert(identity_pk);
1201  tor_assert(srv_value);
1202  tor_assert(hsdir_index_out);
1203 
1204  /* Build hsdir_index. See construction at top of function comment. */
1205  digest = crypto_digest256_new(DIGEST_SHA3_256);
1206  crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
1207  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
1209  crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
1210 
1211  {
1212  uint64_t time_period_length = get_time_period_length();
1213  char period_stuff[sizeof(uint64_t)*2];
1214  size_t offset = 0;
1215  set_uint64(period_stuff, tor_htonll(period_num));
1216  offset += sizeof(uint64_t);
1217  set_uint64(period_stuff+offset, tor_htonll(time_period_length));
1218  offset += sizeof(uint64_t);
1219  tor_assert(offset == sizeof(period_stuff));
1220 
1221  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
1222  }
1223 
1224  crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
1225  crypto_digest_free(digest);
1226 }
1227 
1228 /** Return a newly allocated buffer containing the current shared random value
1229  * or if not present, a disaster value is computed using the given time period
1230  * number. If a consensus is provided in <b>ns</b>, use it to get the SRV
1231  * value. This function can't fail. */
1232 uint8_t *
1233 hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
1234 {
1235  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1236  const sr_srv_t *current_srv = sr_get_current(ns);
1237 
1238  if (current_srv) {
1239  memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
1240  } else {
1241  /* Disaster mode. */
1242  get_disaster_srv(time_period_num, sr_value);
1243  }
1244  return sr_value;
1245 }
1246 
1247 /** Return a newly allocated buffer containing the previous shared random
1248  * value or if not present, a disaster value is computed using the given time
1249  * period number. This function can't fail. */
1250 uint8_t *
1251 hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
1252 {
1253  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1254  const sr_srv_t *previous_srv = sr_get_previous(ns);
1255 
1256  if (previous_srv) {
1257  memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
1258  } else {
1259  /* Disaster mode. */
1260  get_disaster_srv(time_period_num, sr_value);
1261  }
1262  return sr_value;
1263 }
1264 
1265 /** Return the number of replicas defined by a consensus parameter or the
1266  * default value. */
1267 int32_t
1269 {
1270  /* The [1,16] range is a specification requirement. */
1271  return networkstatus_get_param(NULL, "hsdir_n_replicas",
1273 }
1274 
1275 /** Return the spread fetch value defined by a consensus parameter or the
1276  * default value. */
1277 int32_t
1279 {
1280  /* The [1,128] range is a specification requirement. */
1281  return networkstatus_get_param(NULL, "hsdir_spread_fetch",
1283 }
1284 
1285 /** Return the spread store value defined by a consensus parameter or the
1286  * default value. */
1287 int32_t
1289 {
1290  /* The [1,128] range is a specification requirement. */
1291  return networkstatus_get_param(NULL, "hsdir_spread_store",
1293 }
1294 
1295 /** <b>node</b> is an HSDir so make sure that we have assigned an hsdir index.
1296  * Return 0 if everything is as expected, else return -1. */
1297 static int
1299 {
1301 
1302  /* A node can't have an HSDir index without a descriptor since we need desc
1303  * to get its ed25519 key. for_direct_connect should be zero, since we
1304  * always use the consensus-indexed node's keys to build the hash ring, even
1305  * if some of the consensus-indexed nodes are also bridges. */
1306  if (!node_has_preferred_descriptor(node, 0)) {
1307  return 0;
1308  }
1309 
1310  /* At this point, since the node has a desc, this node must also have an
1311  * hsdir index. If not, something went wrong, so BUG out. */
1312  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.fetch,
1313  DIGEST256_LEN))) {
1314  return 0;
1315  }
1316  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_first,
1317  DIGEST256_LEN))) {
1318  return 0;
1319  }
1320  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_second,
1321  DIGEST256_LEN))) {
1322  return 0;
1323  }
1324 
1325  return 1;
1326 }
1327 
1328 /** For a given blinded key and time period number, get the responsible HSDir
1329  * and put their routerstatus_t object in the responsible_dirs list. If
1330  * 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
1331  * is used. If 'for_fetching' is true, the spread fetch consensus parameter is
1332  * used else the spread store is used which is only for upload. This function
1333  * can't fail but it is possible that the responsible_dirs list contains fewer
1334  * nodes than expected.
1335  *
1336  * This function goes over the latest consensus routerstatus list and sorts it
1337  * by their node_t hsdir_index then does a binary search to find the closest
1338  * node. All of this makes it a bit CPU intensive so use it wisely. */
1339 void
1341  uint64_t time_period_num, int use_second_hsdir_index,
1342  int for_fetching, smartlist_t *responsible_dirs)
1343 {
1344  smartlist_t *sorted_nodes;
1345  /* The compare function used for the smartlist bsearch. We have two
1346  * different depending on is_next_period. */
1347  int (*cmp_fct)(const void *, const void **);
1348 
1349  tor_assert(blinded_pk);
1350  tor_assert(responsible_dirs);
1351 
1352  sorted_nodes = smartlist_new();
1353 
1354  /* Make sure we actually have a live consensus */
1356  if (!c || smartlist_len(c->routerstatus_list) == 0) {
1357  log_warn(LD_REND, "No live consensus so we can't get the responsible "
1358  "hidden service directories.");
1359  goto done;
1360  }
1361 
1362  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
1364 
1365  /* Add every node_t that support HSDir v3 for which we do have a valid
1366  * hsdir_index already computed for them for this consensus. */
1367  {
1369  /* Even though this node_t object won't be modified and should be const,
1370  * we can't add const object in a smartlist_t. */
1371  node_t *n = node_get_mutable_by_id(rs->identity_digest);
1372  tor_assert(n);
1373  if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
1374  if (!node_has_hsdir_index(n)) {
1375  log_info(LD_GENERAL, "Node %s was found without hsdir index.",
1376  node_describe(n));
1377  continue;
1378  }
1379  smartlist_add(sorted_nodes, n);
1380  }
1381  } SMARTLIST_FOREACH_END(rs);
1382  }
1383  if (smartlist_len(sorted_nodes) == 0) {
1384  log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
1385  goto done;
1386  }
1387 
1388  /* First thing we have to do is sort all node_t by hsdir_index. The
1389  * is_next_period tells us if we want the current or the next one. Set the
1390  * bsearch compare function also while we are at it. */
1391  if (for_fetching) {
1394  } else if (use_second_hsdir_index) {
1397  } else {
1400  }
1401 
1402  /* For all replicas, we'll select a set of HSDirs using the consensus
1403  * parameters and the sorted list. The replica starting at value 1 is
1404  * defined by the specification. */
1405  for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
1406  int idx, start, found, n_added = 0;
1407  uint8_t hs_index[DIGEST256_LEN] = {0};
1408  /* Number of node to add to the responsible dirs list depends on if we are
1409  * trying to fetch or store. A client always fetches. */
1410  int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
1412 
1413  /* Get the index that we should use to select the node. */
1414  hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
1415  /* The compare function pointer has been set correctly earlier. */
1416  start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
1417  &found);
1418  /* Getting the length of the list if no member is greater than the key we
1419  * are looking for so start at the first element. */
1420  if (idx == smartlist_len(sorted_nodes)) {
1421  start = idx = 0;
1422  }
1423  while (n_added < n_to_add) {
1424  const node_t *node = smartlist_get(sorted_nodes, idx);
1425  /* If the node has already been selected which is possible between
1426  * replicas, the specification says to skip over. */
1427  if (!smartlist_contains(responsible_dirs, node->rs)) {
1428  smartlist_add(responsible_dirs, node->rs);
1429  ++n_added;
1430  }
1431  if (++idx == smartlist_len(sorted_nodes)) {
1432  /* Wrap if we've reached the end of the list. */
1433  idx = 0;
1434  }
1435  if (idx == start) {
1436  /* We've gone over the whole list, stop and avoid infinite loop. */
1437  break;
1438  }
1439  }
1440  }
1441 
1442  done:
1443  smartlist_free(sorted_nodes);
1444 }
1445 
1446 /*********************** HSDir request tracking ***************************/
1447 
1448 /** Return the period for which a hidden service directory cannot be queried
1449  * for the same descriptor ID again, taking TestingTorNetwork into account. */
1450 time_t
1452 {
1453  tor_assert(options);
1454 
1455  if (options->TestingTorNetwork) {
1456  return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
1457  } else {
1458  return REND_HID_SERV_DIR_REQUERY_PERIOD;
1459  }
1460 }
1461 
1462 /** Tracks requests for fetching hidden service descriptors. It's used by
1463  * hidden service clients, to avoid querying HSDirs that have already failed
1464  * giving back a descriptor. The same data structure is used to track both v2
1465  * and v3 HS descriptor requests.
1466  *
1467  * The string map is a key/value store that contains the last request times to
1468  * hidden service directories for certain queries. Specifically:
1469  *
1470  * key = base32(hsdir_identity) + base32(hs_identity)
1471  * value = time_t of last request for that hs_identity to that HSDir
1472  *
1473  * where 'hsdir_identity' is the identity digest of the HSDir node, and
1474  * 'hs_identity' is the descriptor ID of the HS in the v2 case, or the ed25519
1475  * blinded public key of the HS in the v3 case. */
1476 static strmap_t *last_hid_serv_requests_ = NULL;
1477 
1478 /** Returns last_hid_serv_requests_, initializing it to a new strmap if
1479  * necessary. */
1480 STATIC strmap_t *
1482 {
1484  last_hid_serv_requests_ = strmap_new();
1485  return last_hid_serv_requests_;
1486 }
1487 
1488 /** Look up the last request time to hidden service directory <b>hs_dir</b>
1489  * for descriptor request key <b>req_key_str</b> which is the descriptor ID
1490  * for a v2 service or the blinded key for v3. If <b>set</b> is non-zero,
1491  * assign the current time <b>now</b> and return that. Otherwise, return the
1492  * most recent request time, or 0 if no such request has been sent before. */
1493 time_t
1495  const char *req_key_str,
1496  time_t now, int set)
1497 {
1498  char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
1499  char *hsdir_desc_comb_id = NULL;
1500  time_t *last_request_ptr;
1501  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1502 
1503  /* Create the key */
1504  base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
1505  hs_dir->identity_digest, DIGEST_LEN);
1506  tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
1507 
1508  if (set) {
1509  time_t *oldptr;
1510  last_request_ptr = tor_malloc_zero(sizeof(time_t));
1511  *last_request_ptr = now;
1512  oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
1513  last_request_ptr);
1514  tor_free(oldptr);
1515  } else {
1516  last_request_ptr = strmap_get(last_hid_serv_requests,
1517  hsdir_desc_comb_id);
1518  }
1519 
1520  tor_free(hsdir_desc_comb_id);
1521  return (last_request_ptr) ? *last_request_ptr : 0;
1522 }
1523 
1524 /** Clean the history of request times to hidden service directories, so that
1525  * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
1526  * seconds any more. */
1527 void
1529 {
1530  strmap_iter_t *iter;
1531  time_t cutoff = now - hs_hsdir_requery_period(get_options());
1532  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1533  for (iter = strmap_iter_init(last_hid_serv_requests);
1534  !strmap_iter_done(iter); ) {
1535  const char *key;
1536  void *val;
1537  time_t *ent;
1538  strmap_iter_get(iter, &key, &val);
1539  ent = (time_t *) val;
1540  if (*ent < cutoff) {
1541  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1542  tor_free(ent);
1543  } else {
1544  iter = strmap_iter_next(last_hid_serv_requests, iter);
1545  }
1546  }
1547 }
1548 
1549 /** Remove all requests related to the descriptor request key string
1550  * <b>req_key_str</b> from the history of times of requests to hidden service
1551  * directories.
1552  *
1553  * This is called from rend_client_note_connection_attempt_ended(), which
1554  * must be idempotent, so any future changes to this function must leave it
1555  * idempotent too. */
1556 void
1558 {
1559  strmap_iter_t *iter;
1560  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1561 
1562  for (iter = strmap_iter_init(last_hid_serv_requests);
1563  !strmap_iter_done(iter); ) {
1564  const char *key;
1565  void *val;
1566  strmap_iter_get(iter, &key, &val);
1567 
1568  /* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
1569  * semantic, see #23305. */
1570 
1571  /* This strmap contains variable-sized elements so this is a basic length
1572  * check on the strings we are about to compare. The key is variable sized
1573  * since it's composed as follows:
1574  * key = base32(hsdir_identity) + base32(req_key_str)
1575  * where 'req_key_str' is the descriptor ID of the HS in the v2 case, or
1576  * the ed25519 blinded public key of the HS in the v3 case. */
1577  if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
1578  iter = strmap_iter_next(last_hid_serv_requests, iter);
1579  continue;
1580  }
1581 
1582  /* Check if the tracked request matches our request key */
1583  if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
1584  strlen(req_key_str))) {
1585  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1586  tor_free(val);
1587  } else {
1588  iter = strmap_iter_next(last_hid_serv_requests, iter);
1589  }
1590  }
1591 }
1592 
1593 /** Purge the history of request times to hidden service directories,
1594  * so that future lookups of an HS descriptor will not fail because we
1595  * accessed all of the HSDir relays responsible for the descriptor
1596  * recently. */
1597 void
1599 {
1600  /* Don't create the table if it doesn't exist yet (and it may very
1601  * well not exist if the user hasn't accessed any HSes)... */
1602  strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
1603  /* ... and let get_last_hid_serv_requests re-create it for us if
1604  * necessary. */
1605  last_hid_serv_requests_ = NULL;
1606 
1607  if (old_last_hid_serv_requests != NULL) {
1608  log_info(LD_REND, "Purging client last-HS-desc-request-time table");
1609  strmap_free(old_last_hid_serv_requests, tor_free_);
1610  }
1611 }
1612 
1613 /***********************************************************************/
1614 
1615 /** Given the list of responsible HSDirs in <b>responsible_dirs</b>, pick the
1616  * one that we should use to fetch a descriptor right now. Take into account
1617  * previous failed attempts at fetching this descriptor from HSDirs using the
1618  * string identifier <b>req_key_str</b>. We return whether we are rate limited
1619  * into *<b>is_rate_limited_out</b> if it is not NULL.
1620  *
1621  * Steals ownership of <b>responsible_dirs</b>.
1622  *
1623  * Return the routerstatus of the chosen HSDir if successful, otherwise return
1624  * NULL if no HSDirs are worth trying right now. */
1626 hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str,
1627  bool *is_rate_limited_out)
1628 {
1629  smartlist_t *usable_responsible_dirs = smartlist_new();
1630  const or_options_t *options = get_options();
1631  routerstatus_t *hs_dir;
1632  time_t now = time(NULL);
1633  int excluded_some;
1634  bool rate_limited = false;
1635  int rate_limited_count = 0;
1636  int responsible_dirs_count = smartlist_len(responsible_dirs);
1637 
1638  tor_assert(req_key_str);
1639 
1640  /* Clean outdated request history first. */
1642 
1643  /* Only select those hidden service directories to which we did not send a
1644  * request recently and for which we have a router descriptor here.
1645  *
1646  * Use for_direct_connect==0 even if we will be connecting to the node
1647  * directly, since we always use the key information in the
1648  * consensus-indexed node descriptors for building the index.
1649  **/
1650  SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
1651  time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
1652  const node_t *node = node_get_by_id(dir->identity_digest);
1653  if (last + hs_hsdir_requery_period(options) >= now ||
1654  !node || !node_has_preferred_descriptor(node, 0)) {
1655  SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
1656  rate_limited_count++;
1657  continue;
1658  }
1659  if (!routerset_contains_node(options->ExcludeNodes, node)) {
1660  smartlist_add(usable_responsible_dirs, dir);
1661  }
1662  } SMARTLIST_FOREACH_END(dir);
1663 
1664  if (rate_limited_count > 0 || responsible_dirs_count > 0) {
1665  rate_limited = rate_limited_count == responsible_dirs_count;
1666  }
1667 
1668  excluded_some =
1669  smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
1670 
1671  hs_dir = smartlist_choose(usable_responsible_dirs);
1672  if (!hs_dir && !options->StrictNodes) {
1673  hs_dir = smartlist_choose(responsible_dirs);
1674  }
1675 
1676  smartlist_free(responsible_dirs);
1677  smartlist_free(usable_responsible_dirs);
1678  if (!hs_dir) {
1679  const char *warn_str = (rate_limited) ? "we are rate limited." :
1680  "we requested them all recently without success";
1681  log_info(LD_REND, "Could not pick one of the responsible hidden "
1682  "service directories, because %s.", warn_str);
1683  if (options->StrictNodes && excluded_some) {
1684  log_warn(LD_REND, "Could not pick a hidden service directory for the "
1685  "requested hidden service: they are all either down or "
1686  "excluded, and StrictNodes is set.");
1687  }
1688  } else {
1689  /* Remember that we are requesting a descriptor from this hidden service
1690  * directory now. */
1691  hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
1692  }
1693 
1694  if (is_rate_limited_out != NULL) {
1695  *is_rate_limited_out = rate_limited;
1696  }
1697 
1698  return hs_dir;
1699 }
1700 
1701 /** Given a list of link specifiers lspecs, a curve 25519 onion_key, and
1702  * a direct connection boolean direct_conn (true for single onion services),
1703  * return a newly allocated extend_info_t object.
1704  *
1705  * This function always returns an extend info with a valid IP address and
1706  * ORPort, or NULL. If direct_conn is false, the IP address is always IPv4.
1707  *
1708  * It performs the following checks:
1709  * if there is no usable IP address, or legacy ID is missing, return NULL.
1710  * if direct_conn, and we can't reach any IP address, return NULL.
1711  */
1712 extend_info_t *
1714  const curve25519_public_key_t *onion_key,
1715  int direct_conn)
1716 {
1717  int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
1718  char legacy_id[DIGEST_LEN] = {0};
1719  ed25519_public_key_t ed25519_pk;
1720  extend_info_t *info = NULL;
1721  tor_addr_port_t ap;
1722 
1723  tor_addr_make_null(&ap.addr, AF_UNSPEC);
1724  ap.port = 0;
1725 
1726  if (lspecs == NULL) {
1727  log_warn(LD_BUG, "Specified link specifiers is null");
1728  goto done;
1729  }
1730 
1731  if (onion_key == NULL) {
1732  log_warn(LD_BUG, "Specified onion key is null");
1733  goto done;
1734  }
1735 
1736  if (smartlist_len(lspecs) == 0) {
1737  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Empty link specifier list.");
1738  /* Return NULL. */
1739  goto done;
1740  }
1741 
1742  SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
1743  switch (link_specifier_get_ls_type(ls)) {
1744  case LS_IPV4:
1745  /* Skip if we already seen a v4. If direct_conn is true, we skip this
1746  * block because fascist_firewall_choose_address_ls() will set ap. If
1747  * direct_conn is false, set ap to the first IPv4 address and port in
1748  * the link specifiers.*/
1749  if (have_v4 || direct_conn) continue;
1750  tor_addr_from_ipv4h(&ap.addr,
1751  link_specifier_get_un_ipv4_addr(ls));
1752  ap.port = link_specifier_get_un_ipv4_port(ls);
1753  have_v4 = 1;
1754  break;
1755  case LS_LEGACY_ID:
1756  /* Make sure we do have enough bytes for the legacy ID. */
1757  if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
1758  break;
1759  }
1760  memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
1761  sizeof(legacy_id));
1762  have_legacy_id = 1;
1763  break;
1764  case LS_ED25519_ID:
1765  memcpy(ed25519_pk.pubkey,
1766  link_specifier_getconstarray_un_ed25519_id(ls),
1768  have_ed25519_id = 1;
1769  break;
1770  default:
1771  /* Ignore unknown. */
1772  break;
1773  }
1774  } SMARTLIST_FOREACH_END(ls);
1775 
1776  /* Choose a preferred address first, but fall back to an allowed address. */
1777  if (direct_conn)
1778  fascist_firewall_choose_address_ls(lspecs, 0, &ap);
1779 
1780  /* Legacy ID is mandatory, and we require an IP address. */
1781  if (!tor_addr_port_is_valid_ap(&ap, 0)) {
1782  /* If we're missing the IP address, log a warning and return NULL. */
1783  log_info(LD_NET, "Unreachable or invalid IP address in link state");
1784  goto done;
1785  }
1786  if (!have_legacy_id) {
1787  /* If we're missing the legacy ID, log a warning and return NULL. */
1788  log_warn(LD_PROTOCOL, "Missing Legacy ID in link state");
1789  goto done;
1790  }
1791 
1792  /* We will add support for falling back to a 3-hop path in a later
1793  * release. */
1794 
1795  /* We'll validate now that the address we've picked isn't a private one. If
1796  * it is, are we allowed to extend to private addresses? */
1797  if (!extend_info_addr_is_allowed(&ap.addr)) {
1798  log_fn(LOG_PROTOCOL_WARN, LD_REND,
1799  "Requested address is private and we are not allowed to extend to "
1800  "it: %s:%u", fmt_addr(&ap.addr), ap.port);
1801  goto done;
1802  }
1803 
1804  /* We do have everything for which we think we can connect successfully. */
1805  info = extend_info_new(NULL, legacy_id,
1806  (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
1807  onion_key, &ap.addr, ap.port);
1808  done:
1809  return info;
1810 }
1811 
1812 /***********************************************************************/
1813 
1814 /** Initialize the entire HS subsytem. This is called in tor_init() before any
1815  * torrc options are loaded. Only for >= v3. */
1816 void
1817 hs_init(void)
1818 {
1820  hs_service_init();
1821  hs_cache_init();
1822 }
1823 
1824 /** Release and cleanup all memory of the HS subsystem (all version). This is
1825  * called by tor_free_all(). */
1826 void
1828 {
1833  hs_ob_free_all();
1834 }
1835 
1836 /** For the given origin circuit circ, decrement the number of rendezvous
1837  * stream counter. This handles every hidden service version. */
1838 void
1840 {
1841  tor_assert(circ);
1842 
1843  if (circ->rend_data) {
1844  circ->rend_data->nr_streams--;
1845  } else if (circ->hs_ident) {
1846  circ->hs_ident->num_rdv_streams--;
1847  } else {
1848  /* Should not be called if this circuit is not for hidden service. */
1849  tor_assert_nonfatal_unreached();
1850  }
1851 }
1852 
1853 /** For the given origin circuit circ, increment the number of rendezvous
1854  * stream counter. This handles every hidden service version. */
1855 void
1857 {
1858  tor_assert(circ);
1859 
1860  if (circ->rend_data) {
1861  circ->rend_data->nr_streams++;
1862  } else if (circ->hs_ident) {
1863  circ->hs_ident->num_rdv_streams++;
1864  } else {
1865  /* Should not be called if this circuit is not for hidden service. */
1866  tor_assert_nonfatal_unreached();
1867  }
1868 }
1869 
1870 /** Return a newly allocated link specifier object that is a copy of dst. */
1871 link_specifier_t *
1872 link_specifier_dup(const link_specifier_t *src)
1873 {
1874  link_specifier_t *dup = NULL;
1875  uint8_t *buf = NULL;
1876 
1877  if (BUG(!src)) {
1878  goto err;
1879  }
1880 
1881  ssize_t encoded_len_alloc = link_specifier_encoded_len(src);
1882  if (BUG(encoded_len_alloc < 0)) {
1883  goto err;
1884  }
1885 
1886  buf = tor_malloc_zero(encoded_len_alloc);
1887  ssize_t encoded_len_data = link_specifier_encode(buf,
1888  encoded_len_alloc,
1889  src);
1890  if (BUG(encoded_len_data < 0)) {
1891  goto err;
1892  }
1893 
1894  ssize_t parsed_len = link_specifier_parse(&dup, buf, encoded_len_alloc);
1895  if (BUG(parsed_len < 0)) {
1896  goto err;
1897  }
1898 
1899  goto done;
1900 
1901  err:
1902  dup = NULL;
1903 
1904  done:
1905  tor_free(buf);
1906  return dup;
1907 }
Header file containing denial of service defenses for the HS subsystem for all versions.
static const char * str_ed25519_basepoint
Definition: hs_common.c:50
Header file for rendcommon.c.
unsigned int cpd_check_t
Definition: dir.h:20
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
Definition: hs_common.c:1713
static rend_data_t * rend_data_alloc(uint32_t version)
Definition: hs_common.c:338
#define HS_INDEX_PREFIX
Definition: hs_common.h:110
Header file containing common data for the whole HS subsytem.
#define HSDIR_INDEX_PREFIX
Definition: hs_common.h:114
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:34
void rend_data_free_(rend_data_t *data)
Definition: hs_common.c:361
Header file containing service data for the HS subsytem.
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:856
uint8_t * hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
Definition: hs_common.c:1251
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:957
#define TO_CONN(c)
Definition: or.h:735
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header for shared_random_state.c.
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:338
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: hs_common.h:163
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
uint8_t store_second[DIGEST256_LEN]
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
static int compare_node_store_first_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:155
const char * escaped_safe_str(const char *address)
Definition: config.c:1128
#define HS_TIME_PERIOD_LENGTH_DEFAULT
Definition: hs_common.h:87
Header file containing client data for the HS subsytem.
void hs_init(void)
Definition: hs_common.c:1817
char descriptor_cookie[REND_DESC_COOKIE_LEN]
Definition: or.h:446
static int compare_node_store_second_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:166
STATIC strmap_t * get_last_hid_serv_requests(void)
Definition: hs_common.c:1481
#define LD_GENERAL
Definition: log.h:62
void hs_service_free_all(void)
Definition: hs_service.c:4217
int hs_parse_address_no_log(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out, const char **errmsg)
Definition: hs_common.c:917
#define HS_KEYBLIND_NONCE_PREFIX
Definition: hs_common.h:98
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:815
Header file for describe.c.
Header file for nodelist.c.
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:200
void hs_ob_free_all(void)
Definition: hs_ob.c:405
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
int hs_address_is_valid(const char *address)
Definition: hs_common.c:973
void smartlist_add(smartlist_t *sl, void *element)
time_t sr_state_get_start_time_of_current_protocol_run(void)
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:178
Node information structure.
#define HS_SERVICE_ADDR_LEN
Definition: hs_common.h:79
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:153
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:354
int smartlist_contains(const smartlist_t *sl, const void *element)
void hs_cache_free_all(void)
Definition: hs_cache.c:1135
Header file for config.c.
static void hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:785
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
const or_options_t * get_options(void)
Definition: config.c:925
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define tor_assert(expr)
Definition: util_bug.h:102
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
char rend_pk_digest[DIGEST_LEN]
Definition: or.h:457
static int node_has_hsdir_index(const node_t *node)
Definition: hs_common.c:1298
char desc_id_fetch[DIGEST_LEN]
Definition: or.h:454
#define tor_free(p)
Definition: malloc.h:52
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
const uint8_t * rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
Definition: hs_common.c:568
int node_supports_v3_hsdir(const node_t *node)
Definition: nodelist.c:1179
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1378
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
void hs_circuitmap_init(void)
#define SMARTLIST_DEL_CURRENT(sl, var)
networkstatus_t * networkstatus_get_live_consensus(time_t now)
#define HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN
Definition: hs_common.h:65
time_t hs_hsdir_requery_period(const or_options_t *options)
Definition: hs_common.c:1451
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
static void build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum, uint8_t version, char *addr_out)
Definition: hs_common.c:762
smartlist_t * smartlist_new(void)
const char * rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica, size_t *len_out)
Definition: hs_common.c:546
static int compute_desc_id(rend_data_t *rend_data)
Definition: hs_common.c:419
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:89
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1340
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1598
static int compare_digest_to_store_first_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:123
const sr_srv_t * sr_get_previous(const networkstatus_t *ns)
#define STATIC
Definition: testsupport.h:32
rend_auth_type_t
Definition: or.h:402
void hs_circuitmap_free_all(void)
static void build_hs_checksum(const ed25519_public_key_t *key, uint8_t version, uint8_t *checksum_out)
Definition: hs_common.c:735
Header file for routerset.c.
Routerstatus (consensus entry) structure.
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
#define DIGEST256_LEN
Definition: digest_sizes.h:23
rend_data_t * rend_data_client_create(const char *onion_address, const char *desc_id, const char *cookie, rend_auth_type_t auth_type)
Definition: hs_common.c:493
Header file for policies.c.
void hs_build_hsdir_index(const ed25519_public_key_t *identity_pk, const uint8_t *srv_value, uint64_t period_num, uint8_t *hsdir_index_out)
Definition: hs_common.c:1194
int ed25519_keypair_blind(ed25519_keypair_t *out, const ed25519_keypair_t *inp, const uint8_t *param)
time_t hs_get_start_time_of_next_time_period(time_t now)
Definition: hs_common.c:322
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
void fascist_firewall_choose_address_ls(const smartlist_t *lspecs, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:969
Common functions for cryptographic routines.
static int compare_node_fetch_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:144
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:299
void hs_client_free_all(void)
Definition: hs_client.c:2550
Header file for routermode.c.
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
#define HS_DEFAULT_HSDIR_SPREAD_FETCH
Definition: hs_common.h:126
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
void hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk, uint64_t period_num, uint8_t *hs_index_out)
Definition: hs_common.c:1153
static void set_uint64(void *cp, uint64_t v)
Definition: bytes.h:96
uint8_t value[DIGEST256_LEN]
Definition: shared_random.h:66
static int compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:113
#define DIGEST_LEN
Definition: digest_sizes.h:20
Origin circuit structure.
void hs_service_init(void)
Definition: hs_service.c:4200
const char * node_describe(const node_t *node)
Definition: describe.c:143
void hs_dec_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1839
Master header file for Tor-specific functionality.
static uint8_t cached_disaster_srv[2][DIGEST256_LEN]
Definition: hs_common.c:627
unsigned int sr_state_get_protocol_run_duration(void)
Header file for circuitbuild.c.
STATIC uint64_t get_time_period_length(void)
Definition: hs_common.c:243
#define HS_CREDENTIAL_PREFIX
Definition: hs_common.h:104
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
unsigned int is_unix_addr
Definition: hs_common.h:157
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:1068
#define HS_DEFAULT_HSDIR_SPREAD_STORE
Definition: hs_common.h:124
Header file containing circuit and connection identifier data for the whole HS subsytem.
Header file for shared_random_client.c.
int32_t hs_get_hsdir_n_replicas(void)
Definition: hs_common.c:1268
int nr_streams
Definition: or.h:430
#define HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN
Definition: hs_common.h:71
void tor_free_(void *mem)
Definition: malloc.c:227
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
Definition: hs_common.c:1044
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:184
#define crypto_digest_free(d)
Header file for hs_circuitmap.c.
#define LD_REND
Definition: log.h:84
Header file for rendservice.c.
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:348
rend_data_t * rend_data_dup(const rend_data_t *data)
Definition: hs_common.c:386
int32_t hs_get_hsdir_spread_store(void)
Definition: hs_common.c:1288
char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN]
Definition: or.h:443
#define HS_TIME_PERIOD_LENGTH_MIN
Definition: hs_common.h:89
smartlist_t * hsdirs_fp
Definition: or.h:424
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:1018
static strmap_t * last_hid_serv_requests_
Definition: hs_common.c:1476
static void compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:590
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:313
uint8_t fetch[DIGEST256_LEN]
unsigned int sr_state_get_phase_duration(void)
#define ED25519_SECKEY_LEN
Definition: x25519_sizes.h:29
#define BASE32_DIGEST_LEN
Definition: crypto_digest.h:23
const char * rend_data_get_address(const rend_data_t *rend_data)
Definition: hs_common.c:528
char rend_cookie[REND_COOKIE_LEN]
Definition: or.h:427
void hs_inc_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1856
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:233
static void build_blinded_key_param(const ed25519_public_key_t *pubkey, const uint8_t *secret, size_t secret_len, uint64_t period_num, uint64_t period_length, uint8_t *param_out)
Definition: hs_common.c:686
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1557
time_t hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir, const char *req_key_str, time_t now, int set)
Definition: hs_common.c:1494
uint16_t port
uint8_t * hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
Definition: hs_common.c:1233
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1872
smartlist_t * routerstatus_list
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:83
#define HS_VERSION_TWO
Definition: hs_common.h:24
const sr_srv_t * sr_get_current(const networkstatus_t *ns)
char identity_digest[DIGEST_LEN]
rend_data_t * rend_data
#define fmt_addr(a)
Definition: address.h:216
#define ARRAY_LENGTH(x)
#define log_fn(severity, domain, args,...)
Definition: log.h:287
static int compare_digest_to_store_second_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:134
#define HS_SRV_DISASTER_PREFIX
Definition: hs_common.h:118
char onion_address[REND_SERVICE_ID_LEN_BASE32+1]
Definition: or.h:438
time_t approx_time(void)
Definition: approx_time.c:32
rend_data_t * rend_data_service_create(const char *onion_address, const char *pk_digest, const uint8_t *cookie, rend_auth_type_t auth_type)
Definition: hs_common.c:461
Edge-connection structure.
Header file for hs_cache.c.
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
Definition: hs_common.c:1626
uint8_t store_first[DIGEST256_LEN]
tor_addr_t addr
#define LD_NET
Definition: log.h:66
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:194
Header file for the specific code for onion balance.
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:269
#define HS_SERVICE_ADDR_CHECKSUM_PREFIX
Definition: hs_common.h:63
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:1104
STATIC void get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:634
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:304
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:909
struct hs_ident_circuit_t * hs_ident
#define LD_PROTOCOL
Definition: log.h:72
int hs_service_requires_uptime_circ(const smartlist_t *ports)
Definition: hs_common.c:1132
uint64_t num_rdv_streams
Definition: hs_ident.h:81
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
void hs_clean_last_hid_serv_requests(time_t now)
Definition: hs_common.c:1528
void hs_cache_init(void)
Definition: hs_cache.c:1120
uint16_t orig_virtual_port
Definition: hs_ident.h:111
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:86
void nodelist_ensure_freshness(networkstatus_t *ns)
Definition: nodelist.c:955
rend_auth_type_t auth_type
Definition: or.h:449
int32_t hs_get_hsdir_spread_fetch(void)
Definition: hs_common.c:1278
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
#define HS_TIME_PERIOD_LENGTH_MAX
Definition: hs_common.h:91
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:590
#define HS_SERVICE_ADDR_CHECKSUM_LEN_USED
Definition: hs_common.h:74
#define HS_DEFAULT_HSDIR_N_REPLICAS
Definition: hs_common.h:122
Networkstatus consensus/vote structure.
void hs_free_all(void)
Definition: hs_common.c:1827
int ed25519_public_blind(ed25519_public_key_t *out, const ed25519_public_key_t *inp, const uint8_t *param)