Tor  0.4.5.0-alpha-dev
hs_common.c
Go to the documentation of this file.
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_common.c
6  * \brief Contains code shared between different HS protocol version as well
7  * as useful data structures and accessors used by other subsystems.
8  * The rendcommon.c should only contains code relating to the v2
9  * protocol.
10  **/
11 
12 #define HS_COMMON_PRIVATE
13 
14 #include "core/or/or.h"
15 
16 #include "app/config/config.h"
17 #include "core/or/circuitbuild.h"
18 #include "core/or/policies.h"
19 #include "core/or/extendinfo.h"
21 #include "feature/hs/hs_cache.h"
23 #include "feature/hs/hs_client.h"
24 #include "feature/hs/hs_common.h"
25 #include "feature/hs/hs_dos.h"
26 #include "feature/hs/hs_ob.h"
27 #include "feature/hs/hs_ident.h"
28 #include "feature/hs/hs_service.h"
39 
45 
46 /* Trunnel */
47 #include "trunnel/ed25519_cert.h"
48 
49 /** Ed25519 Basepoint value. Taken from section 5 of
50  * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
51 static const char *str_ed25519_basepoint =
52  "(15112221349535400772501151409588531511"
53  "454012693041857206046113283949847762202, "
54  "463168356949264781694283940034751631413"
55  "07993866256225615783033603165251855960)";
56 
57 #ifdef HAVE_SYS_UN_H
58 
59 /** Given <b>ports</b>, a smarlist containing rend_service_port_config_t,
60  * add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success
61  * else return -ENOSYS if AF_UNIX is not supported (see function in the
62  * #else statement below). */
63 static int
64 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
65 {
66  tor_assert(ports);
67  tor_assert(p);
69 
70  smartlist_add(ports, p);
71  return 0;
72 }
73 
74 /** Given <b>conn</b> set it to use the given port <b>p</b> values. Return 0
75  * on success else return -ENOSYS if AF_UNIX is not supported (see function
76  * in the #else statement below). */
77 static int
78 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
79 {
80  tor_assert(conn);
81  tor_assert(p);
83 
84  conn->base_.socket_family = AF_UNIX;
85  tor_addr_make_unspec(&conn->base_.addr);
86  conn->base_.port = 1;
87  conn->base_.address = tor_strdup(p->unix_addr);
88  return 0;
89 }
90 
91 #else /* !defined(HAVE_SYS_UN_H) */
92 
93 static int
94 set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
95 {
96  (void) conn;
97  (void) p;
98  return -ENOSYS;
99 }
100 
101 static int
102 add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
103 {
104  (void) ports;
105  (void) p;
106  return -ENOSYS;
107 }
108 
109 #endif /* defined(HAVE_SYS_UN_H) */
110 
111 /** Helper function: The key is a digest that we compare to a node_t object
112  * current hsdir_index. */
113 static int
114 compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
115 {
116  const char *key = _key;
117  const node_t *node = *_member;
118  return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
119 }
120 
121 /** Helper function: The key is a digest that we compare to a node_t object
122  * next hsdir_index. */
123 static int
125  const void **_member)
126 {
127  const char *key = _key;
128  const node_t *node = *_member;
129  return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
130 }
131 
132 /** Helper function: The key is a digest that we compare to a node_t object
133  * next hsdir_index. */
134 static int
136  const void **_member)
137 {
138  const char *key = _key;
139  const node_t *node = *_member;
140  return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
141 }
142 
143 /** Helper function: Compare two node_t objects current hsdir_index. */
144 static int
145 compare_node_fetch_hsdir_index(const void **a, const void **b)
146 {
147  const node_t *node1= *a;
148  const node_t *node2 = *b;
149  return tor_memcmp(node1->hsdir_index.fetch,
150  node2->hsdir_index.fetch,
151  DIGEST256_LEN);
152 }
153 
154 /** Helper function: Compare two node_t objects next hsdir_index. */
155 static int
156 compare_node_store_first_hsdir_index(const void **a, const void **b)
157 {
158  const node_t *node1= *a;
159  const node_t *node2 = *b;
160  return tor_memcmp(node1->hsdir_index.store_first,
161  node2->hsdir_index.store_first,
162  DIGEST256_LEN);
163 }
164 
165 /** Helper function: Compare two node_t objects next hsdir_index. */
166 static int
167 compare_node_store_second_hsdir_index(const void **a, const void **b)
168 {
169  const node_t *node1= *a;
170  const node_t *node2 = *b;
171  return tor_memcmp(node1->hsdir_index.store_second,
172  node2->hsdir_index.store_second,
173  DIGEST256_LEN);
174 }
175 
176 /** Allocate and return a string containing the path to filename in directory.
177  * This function will never return NULL. The caller must free this path. */
178 char *
179 hs_path_from_filename(const char *directory, const char *filename)
180 {
181  char *file_path = NULL;
182 
183  tor_assert(directory);
184  tor_assert(filename);
185 
186  tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
187  return file_path;
188 }
189 
190 /** Make sure that the directory for <b>service</b> is private, using the
191  * config <b>username</b>.
192  *
193  * If <b>create</b> is true:
194  * - if the directory exists, change permissions if needed,
195  * - if the directory does not exist, create it with the correct permissions.
196  * If <b>create</b> is false:
197  * - if the directory exists, check permissions,
198  * - if the directory does not exist, check if we think we can create it.
199  * Return 0 on success, -1 on failure. */
200 int
201 hs_check_service_private_dir(const char *username, const char *path,
202  unsigned int dir_group_readable,
203  unsigned int create)
204 {
205  cpd_check_t check_opts = CPD_NONE;
206 
207  tor_assert(path);
208 
209  if (create) {
210  check_opts |= CPD_CREATE;
211  } else {
212  check_opts |= CPD_CHECK_MODE_ONLY;
213  check_opts |= CPD_CHECK;
214  }
215  if (dir_group_readable) {
216  check_opts |= CPD_GROUP_READ;
217  }
218  /* Check/create directory */
219  if (check_private_dir(path, check_opts, username) < 0) {
220  return -1;
221  }
222  return 0;
223 }
224 
225 /* Default, minimum, and maximum values for the maximum rendezvous failures
226  * consensus parameter. */
227 #define MAX_REND_FAILURES_DEFAULT 2
228 #define MAX_REND_FAILURES_MIN 1
229 #define MAX_REND_FAILURES_MAX 10
230 
231 /** How many times will a hidden service operator attempt to connect to
232  * a requested rendezvous point before giving up? */
233 int
235 {
236  return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
237  MAX_REND_FAILURES_DEFAULT,
238  MAX_REND_FAILURES_MIN,
239  MAX_REND_FAILURES_MAX);
240 }
241 
242 /** Get the default HS time period length in minutes from the consensus. */
243 STATIC uint64_t
245 {
246  /* If we are on a test network, make the time period smaller than normal so
247  that we actually see it rotate. Specifically, make it the same length as
248  an SRV protocol run. */
249  if (get_options()->TestingTorNetwork) {
250  unsigned run_duration = sr_state_get_protocol_run_duration();
251  /* An SRV run should take more than a minute (it's 24 rounds) */
252  tor_assert_nonfatal(run_duration > 60);
253  /* Turn it from seconds to minutes before returning: */
255  }
256 
257  int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
261  /* Make sure it's a positive value. */
262  tor_assert(time_period_length > 0);
263  /* uint64_t will always be able to contain a positive int32_t */
264  return (uint64_t) time_period_length;
265 }
266 
267 /** Get the HS time period number at time <b>now</b>. If <b>now</b> is not set,
268  * we try to get the time ourselves from a live consensus. */
269 uint64_t
271 {
272  uint64_t time_period_num;
273  time_t current_time;
274 
275  /* If no time is specified, set current time based on consensus time, and
276  * only fall back to system time if that fails. */
277  if (now != 0) {
278  current_time = now;
279  } else {
281  current_time = ns ? ns->valid_after : approx_time();
282  }
283 
284  /* Start by calculating minutes since the epoch */
285  uint64_t time_period_length = get_time_period_length();
286  uint64_t minutes_since_epoch = current_time / 60;
287 
288  /* Apply the rotation offset as specified by prop224 (section
289  * [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
290  * publication */
291  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
292  time_period_rotation_offset /= 60; /* go from seconds to minutes */
293  tor_assert(minutes_since_epoch > time_period_rotation_offset);
294  minutes_since_epoch -= time_period_rotation_offset;
295 
296  /* Calculate the time period */
297  time_period_num = minutes_since_epoch / time_period_length;
298  return time_period_num;
299 }
300 
301 /** Get the number of the _upcoming_ HS time period, given that the current
302  * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
303  * live consensus. */
304 uint64_t
306 {
307  return hs_get_time_period_num(now) + 1;
308 }
309 
310 /** Get the number of the _previous_ HS time period, given that the current
311  * time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
312  * live consensus. */
313 uint64_t
315 {
316  return hs_get_time_period_num(now) - 1;
317 }
318 
319 /** Return the start time of the upcoming time period based on <b>now</b>. If
320  * <b>now</b> is not set, we try to get the time ourselves from a live
321  * consensus. */
322 time_t
324 {
325  uint64_t time_period_length = get_time_period_length();
326 
327  /* Get start time of next time period */
328  uint64_t next_time_period_num = hs_get_next_time_period_num(now);
329  uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
330 
331  /* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
332  unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
333  return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
334 }
335 
336 /** Create a new rend_data_t for a specific given <b>version</b>.
337  * Return a pointer to the newly allocated data structure. */
338 static rend_data_t *
339 rend_data_alloc(uint32_t version)
340 {
341  rend_data_t *rend_data = NULL;
342 
343  switch (version) {
344  case HS_VERSION_TWO:
345  {
346  rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2));
347  v2->base_.version = HS_VERSION_TWO;
348  v2->base_.hsdirs_fp = smartlist_new();
349  rend_data = &v2->base_;
350  break;
351  }
352  default:
353  tor_assert(0);
354  break;
355  }
356 
357  return rend_data;
358 }
359 
360 /** Free all storage associated with <b>data</b> */
361 void
363 {
364  if (!data) {
365  return;
366  }
367  /* By using our allocation function, this should always be set. */
368  tor_assert(data->hsdirs_fp);
369  /* Cleanup the HSDir identity digest. */
370  SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
371  smartlist_free(data->hsdirs_fp);
372  /* Depending on the version, cleanup. */
373  switch (data->version) {
374  case HS_VERSION_TWO:
375  {
376  rend_data_v2_t *v2_data = TO_REND_DATA_V2(data);
377  tor_free(v2_data);
378  break;
379  }
380  default:
381  tor_assert(0);
382  }
383 }
384 
385 /** Allocate and return a deep copy of <b>data</b>. */
386 rend_data_t *
388 {
389  rend_data_t *data_dup = NULL;
390  smartlist_t *hsdirs_fp = smartlist_new();
391 
392  tor_assert(data);
393  tor_assert(data->hsdirs_fp);
394 
395  SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
396  smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN)));
397 
398  switch (data->version) {
399  case HS_VERSION_TWO:
400  {
401  rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data),
402  sizeof(*v2_data));
403  data_dup = &v2_data->base_;
404  data_dup->hsdirs_fp = hsdirs_fp;
405  break;
406  }
407  default:
408  tor_assert(0);
409  break;
410  }
411 
412  return data_dup;
413 }
414 
415 /** Compute the descriptor ID for each HS descriptor replica and save them. A
416  * valid onion address must be present in the <b>rend_data</b>.
417  *
418  * Return 0 on success else -1. */
419 static int
421 {
422  int ret = 0;
423  unsigned replica;
424  time_t now = time(NULL);
425 
426  tor_assert(rend_data);
427 
428  switch (rend_data->version) {
429  case HS_VERSION_TWO:
430  {
431  rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
432  /* Compute descriptor ID for each replicas. */
433  for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id);
434  replica++) {
435  ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica],
436  v2_data->onion_address,
437  v2_data->descriptor_cookie,
438  now, replica);
439  if (ret < 0) {
440  goto end;
441  }
442  }
443  break;
444  }
445  default:
446  tor_assert(0);
447  }
448 
449  end:
450  return ret;
451 }
452 
453 /** Allocate and initialize a rend_data_t object for a service using the
454  * provided arguments. All arguments are optional (can be NULL), except from
455  * <b>onion_address</b> which MUST be set. The <b>pk_digest</b> is the hash of
456  * the service private key. The <b>cookie</b> is the rendezvous cookie and
457  * <b>auth_type</b> is which authentiation this service is configured with.
458  *
459  * Return a valid rend_data_t pointer. This only returns a version 2 object of
460  * rend_data_t. */
461 rend_data_t *
462 rend_data_service_create(const char *onion_address, const char *pk_digest,
463  const uint8_t *cookie, rend_auth_type_t auth_type)
464 {
465  /* Create a rend_data_t object for version 2. */
467  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
468 
469  /* We need at least one else the call is wrong. */
470  tor_assert(onion_address != NULL);
471 
472  if (pk_digest) {
473  memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest));
474  }
475  if (cookie) {
476  memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie));
477  }
478 
479  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
480  v2->auth_type = auth_type;
481 
482  return rend_data;
483 }
484 
485 /** Allocate and initialize a rend_data_t object for a client request using the
486  * given arguments. Either an onion address or a descriptor ID is needed. Both
487  * can be given but in this case only the onion address will be used to make
488  * the descriptor fetch. The <b>cookie</b> is the rendezvous cookie and
489  * <b>auth_type</b> is which authentiation the service is configured with.
490  *
491  * Return a valid rend_data_t pointer or NULL on error meaning the
492  * descriptor IDs couldn't be computed from the given data. */
493 rend_data_t *
494 rend_data_client_create(const char *onion_address, const char *desc_id,
495  const char *cookie, rend_auth_type_t auth_type)
496 {
497  /* Create a rend_data_t object for version 2. */
499  rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
500 
501  /* We need at least one else the call is wrong. */
502  tor_assert(onion_address != NULL || desc_id != NULL);
503 
504  if (cookie) {
505  memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie));
506  }
507  if (desc_id) {
508  memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch));
509  }
510  if (onion_address) {
511  strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
512  if (compute_desc_id(rend_data) < 0) {
513  goto error;
514  }
515  }
516 
517  v2->auth_type = auth_type;
518 
519  return rend_data;
520 
521  error:
522  rend_data_free(rend_data);
523  return NULL;
524 }
525 
526 /** Return the onion address from the rend data. Depending on the version,
527  * the size of the address can vary but it's always NUL terminated. */
528 const char *
530 {
531  tor_assert(rend_data);
532 
533  switch (rend_data->version) {
534  case HS_VERSION_TWO:
535  return TO_REND_DATA_V2(rend_data)->onion_address;
536  default:
537  /* We should always have a supported version. */
538  tor_assert_unreached();
539  }
540 }
541 
542 /** Return the descriptor ID for a specific replica number from the rend
543  * data. The returned data is a binary digest and depending on the version its
544  * size can vary. The size of the descriptor ID is put in <b>len_out</b> if
545  * non NULL. */
546 const char *
547 rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica,
548  size_t *len_out)
549 {
550  tor_assert(rend_data);
551 
552  switch (rend_data->version) {
553  case HS_VERSION_TWO:
555  if (len_out) {
556  *len_out = DIGEST_LEN;
557  }
558  return TO_REND_DATA_V2(rend_data)->descriptor_id[replica];
559  default:
560  /* We should always have a supported version. */
561  tor_assert_unreached();
562  }
563 }
564 
565 /** Return the public key digest using the given <b>rend_data</b>. The size of
566  * the digest is put in <b>len_out</b> (if set) which can differ depending on
567  * the version. */
568 const uint8_t *
569 rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
570 {
571  tor_assert(rend_data);
572 
573  switch (rend_data->version) {
574  case HS_VERSION_TWO:
575  {
576  const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
577  if (len_out) {
578  *len_out = sizeof(v2_data->rend_pk_digest);
579  }
580  return (const uint8_t *) v2_data->rend_pk_digest;
581  }
582  default:
583  /* We should always have a supported version. */
584  tor_assert_unreached();
585  }
586 }
587 
588 /** Using the given time period number, compute the disaster shared random
589  * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
590 static void
591 compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
592 {
593  crypto_digest_t *digest;
594 
595  tor_assert(srv_out);
596 
597  digest = crypto_digest256_new(DIGEST_SHA3_256);
598 
599  /* Start setting up payload:
600  * H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
602  HS_SRV_DISASTER_PREFIX_LEN);
603 
604  /* Setup INT_8(period_length) | INT_8(period_num) */
605  {
606  uint64_t time_period_length = get_time_period_length();
607  char period_stuff[sizeof(uint64_t)*2];
608  size_t offset = 0;
609  set_uint64(period_stuff, tor_htonll(time_period_length));
610  offset += sizeof(uint64_t);
611  set_uint64(period_stuff+offset, tor_htonll(time_period_num));
612  offset += sizeof(uint64_t);
613  tor_assert(offset == sizeof(period_stuff));
614 
615  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
616  }
617 
618  crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
619  crypto_digest_free(digest);
620 }
621 
622 /** Due to the high cost of computing the disaster SRV and that potentially we
623  * would have to do it thousands of times in a row, we always cache the
624  * computer disaster SRV (and its corresponding time period num) in case we
625  * want to reuse it soon after. We need to cache two SRVs, one for each active
626  * time period.
627  */
629 static uint64_t cached_time_period_nums[2] = {0};
630 
631 /** Compute the disaster SRV value for this <b>time_period_num</b> and put it
632  * in <b>srv_out</b> (of size at least DIGEST256_LEN). First check our caches
633  * to see if we have already computed it. */
634 STATIC void
635 get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
636 {
637  if (time_period_num == cached_time_period_nums[0]) {
638  memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
639  return;
640  } else if (time_period_num == cached_time_period_nums[1]) {
641  memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
642  return;
643  } else {
644  int replace_idx;
645  // Replace the lower period number.
646  if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
647  replace_idx = 0;
648  } else {
649  replace_idx = 1;
650  }
651  cached_time_period_nums[replace_idx] = time_period_num;
652  compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
653  memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
654  return;
655  }
656 }
657 
658 #ifdef TOR_UNIT_TESTS
659 
660 /** Get the first cached disaster SRV. Only used by unittests. */
661 STATIC uint8_t *
662 get_first_cached_disaster_srv(void)
663 {
664  return cached_disaster_srv[0];
665 }
666 
667 /** Get the second cached disaster SRV. Only used by unittests. */
668 STATIC uint8_t *
669 get_second_cached_disaster_srv(void)
670 {
671  return cached_disaster_srv[1];
672 }
673 
674 #endif /* defined(TOR_UNIT_TESTS) */
675 
676 /** When creating a blinded key, we need a parameter which construction is as
677  * follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
678  *
679  * The nonce has a pre-defined format which uses the time period number
680  * period_num and the start of the period in second start_time_period.
681  *
682  * The secret of size secret_len is optional meaning that it can be NULL and
683  * thus will be ignored for the param construction.
684  *
685  * The result is put in param_out. */
686 static void
688  const uint8_t *secret, size_t secret_len,
689  uint64_t period_num, uint64_t period_length,
690  uint8_t *param_out)
691 {
692  size_t offset = 0;
693  const char blind_str[] = "Derive temporary signing key";
694  uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
695  crypto_digest_t *digest;
696 
697  tor_assert(pubkey);
698  tor_assert(param_out);
699 
700  /* Create the nonce N. The construction is as follow:
701  * N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
702  memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
703  offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
704  set_uint64(nonce + offset, tor_htonll(period_num));
705  offset += sizeof(uint64_t);
706  set_uint64(nonce + offset, tor_htonll(period_length));
707  offset += sizeof(uint64_t);
708  tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
709 
710  /* Generate the parameter h and the construction is as follow:
711  * h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
712  digest = crypto_digest256_new(DIGEST_SHA3_256);
713  crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
714  crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
715  /* Optional secret. */
716  if (secret) {
717  crypto_digest_add_bytes(digest, (char *) secret, secret_len);
718  }
720  strlen(str_ed25519_basepoint));
721  crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
722 
723  /* Extract digest and put it in the param. */
724  crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
725  crypto_digest_free(digest);
726 
727  memwipe(nonce, 0, sizeof(nonce));
728 }
729 
730 /** Using an ed25519 public key and version to build the checksum of an
731  * address. Put in checksum_out. Format is:
732  * SHA3-256(".onion checksum" || PUBKEY || VERSION)
733  *
734  * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
735 static void
736 build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
737  uint8_t *checksum_out)
738 {
739  size_t offset = 0;
741 
742  /* Build checksum data. */
743  memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
746  memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
747  offset += ED25519_PUBKEY_LEN;
748  set_uint8(data + offset, version);
749  offset += sizeof(version);
751 
752  /* Hash the data payload to create the checksum. */
753  crypto_digest256((char *) checksum_out, data, sizeof(data),
754  DIGEST_SHA3_256);
755 }
756 
757 /** Using an ed25519 public key, checksum and version to build the binary
758  * representation of a service address. Put in addr_out. Format is:
759  * addr_out = PUBKEY || CHECKSUM || VERSION
760  *
761  * addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
762 static void
763 build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
764  uint8_t version, char *addr_out)
765 {
766  size_t offset = 0;
767 
768  tor_assert(key);
769  tor_assert(checksum);
770 
771  memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
772  offset += ED25519_PUBKEY_LEN;
773  memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
775  set_uint8(addr_out + offset, version);
776  offset += sizeof(uint8_t);
777  tor_assert(offset == HS_SERVICE_ADDR_LEN);
778 }
779 
780 /** Helper for hs_parse_address(): Using a binary representation of a service
781  * address, parse its content into the key_out, checksum_out and version_out.
782  * Any out variable can be NULL in case the caller would want only one field.
783  * checksum_out MUST at least be 2 bytes long. address must be at least
784  * HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
785 static void
786 hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
787  uint8_t *checksum_out, uint8_t *version_out)
788 {
789  size_t offset = 0;
790 
791  tor_assert(address);
792 
793  if (key_out) {
794  /* First is the key. */
795  memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
796  }
797  offset += ED25519_PUBKEY_LEN;
798  if (checksum_out) {
799  /* Followed by a 2 bytes checksum. */
800  memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
801  }
803  if (version_out) {
804  /* Finally, version value is 1 byte. */
805  *version_out = get_uint8(address + offset);
806  }
807  offset += sizeof(uint8_t);
808  /* Extra safety. */
809  tor_assert(offset == HS_SERVICE_ADDR_LEN);
810 }
811 
812 /** Using the given identity public key and a blinded public key, compute the
813  * subcredential and put it in subcred_out.
814  * This can't fail. */
815 void
817  const ed25519_public_key_t *blinded_pk,
818  hs_subcredential_t *subcred_out)
819 {
820  uint8_t credential[DIGEST256_LEN];
821  crypto_digest_t *digest;
822 
823  tor_assert(identity_pk);
824  tor_assert(blinded_pk);
825  tor_assert(subcred_out);
826 
827  /* First, build the credential. Construction is as follow:
828  * credential = H("credential" | public-identity-key) */
829  digest = crypto_digest256_new(DIGEST_SHA3_256);
831  HS_CREDENTIAL_PREFIX_LEN);
832  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
834  crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
835  crypto_digest_free(digest);
836 
837  /* Now, compute the subcredential. Construction is as follow:
838  * subcredential = H("subcredential" | credential | blinded-public-key). */
839  digest = crypto_digest256_new(DIGEST_SHA3_256);
840  crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
841  HS_SUBCREDENTIAL_PREFIX_LEN);
842  crypto_digest_add_bytes(digest, (const char *) credential,
843  sizeof(credential));
844  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
846  crypto_digest_get_digest(digest, (char *) subcred_out->subcred,
847  SUBCRED_LEN);
848  crypto_digest_free(digest);
849 
850  memwipe(credential, 0, sizeof(credential));
851 }
852 
853 /** From the given list of hidden service ports, find the ones that match the
854  * given edge connection conn, pick one at random and use it to set the
855  * connection address. Return 0 on success or -1 if none. */
856 int
858 {
859  rend_service_port_config_t *chosen_port;
860  unsigned int warn_once = 0;
861  smartlist_t *matching_ports;
862 
863  tor_assert(ports);
864  tor_assert(conn);
865 
866  matching_ports = smartlist_new();
868  if (TO_CONN(conn)->port != p->virtual_port) {
869  continue;
870  }
871  if (!(p->is_unix_addr)) {
872  smartlist_add(matching_ports, p);
873  } else {
874  if (add_unix_port(matching_ports, p)) {
875  if (!warn_once) {
876  /* Unix port not supported so warn only once. */
877  log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
878  "which is unsupported on this platform. "
879  "Ignoring it.",
880  TO_CONN(conn)->port);
881  }
882  warn_once++;
883  }
884  }
885  } SMARTLIST_FOREACH_END(p);
886 
887  chosen_port = smartlist_choose(matching_ports);
888  smartlist_free(matching_ports);
889  if (chosen_port) {
890  if (!(chosen_port->is_unix_addr)) {
891  /* save the original destination before we overwrite it */
892  if (conn->hs_ident) {
893  conn->hs_ident->orig_virtual_port = TO_CONN(conn)->port;
894  }
895 
896  /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
897  tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
898  TO_CONN(conn)->port = chosen_port->real_port;
899  } else {
900  if (set_unix_port(conn, chosen_port)) {
901  /* Simply impossible to end up here else we were able to add a Unix
902  * port without AF_UNIX support... ? */
903  tor_assert(0);
904  }
905  }
906  }
907  return (chosen_port) ? 0 : -1;
908 }
909 
910 /** Using a base32 representation of a service address, parse its content into
911  * the key_out, checksum_out and version_out. Any out variable can be NULL in
912  * case the caller would want only one field. checksum_out MUST at least be 2
913  * bytes long.
914  *
915  * Return 0 if parsing went well; return -1 in case of error and if errmsg is
916  * non NULL, a human readable string message is set. */
917 int
918 hs_parse_address_no_log(const char *address, ed25519_public_key_t *key_out,
919  uint8_t *checksum_out, uint8_t *version_out,
920  const char **errmsg)
921 {
922  char decoded[HS_SERVICE_ADDR_LEN];
923 
924  tor_assert(address);
925 
926  if (errmsg) {
927  *errmsg = NULL;
928  }
929 
930  /* Obvious length check. */
931  if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
932  if (errmsg) {
933  *errmsg = "Invalid length";
934  }
935  goto invalid;
936  }
937 
938  /* Decode address so we can extract needed fields. */
939  if (base32_decode(decoded, sizeof(decoded), address, strlen(address))
940  != sizeof(decoded)) {
941  if (errmsg) {
942  *errmsg = "Unable to base32 decode";
943  }
944  goto invalid;
945  }
946 
947  /* Parse the decoded address into the fields we need. */
948  hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
949 
950  return 0;
951  invalid:
952  return -1;
953 }
954 
955 /** Same has hs_parse_address_no_log() but emits a log warning on parsing
956  * failure. */
957 int
958 hs_parse_address(const char *address, ed25519_public_key_t *key_out,
959  uint8_t *checksum_out, uint8_t *version_out)
960 {
961  const char *errmsg = NULL;
962  int ret = hs_parse_address_no_log(address, key_out, checksum_out,
963  version_out, &errmsg);
964  if (ret < 0) {
965  log_warn(LD_REND, "Service address %s failed to be parsed: %s",
966  escaped_safe_str(address), errmsg);
967  }
968  return ret;
969 }
970 
971 /** Validate a given onion address. The length, the base32 decoding, and
972  * checksum are validated. Return 1 if valid else 0. */
973 int
974 hs_address_is_valid(const char *address)
975 {
976  uint8_t version;
977  uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
978  uint8_t target_checksum[DIGEST256_LEN];
979  ed25519_public_key_t service_pubkey;
980 
981  /* Parse the decoded address into the fields we need. */
982  if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
983  goto invalid;
984  }
985 
986  /* Get the checksum it's supposed to be and compare it with what we have
987  * encoded in the address. */
988  build_hs_checksum(&service_pubkey, version, target_checksum);
989  if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
990  log_warn(LD_REND, "Service address %s invalid checksum.",
991  escaped_safe_str(address));
992  goto invalid;
993  }
994 
995  /* Validate that this pubkey does not have a torsion component. We need to do
996  * this on the prop224 client-side so that attackers can't give equivalent
997  * forms of an onion address to users. */
998  if (ed25519_validate_pubkey(&service_pubkey) < 0) {
999  log_warn(LD_REND, "Service address %s has bad pubkey .",
1000  escaped_safe_str(address));
1001  goto invalid;
1002  }
1003 
1004  /* Valid address. */
1005  return 1;
1006  invalid:
1007  return 0;
1008 }
1009 
1010 /** Build a service address using an ed25519 public key and a given version.
1011  * The returned address is base32 encoded and put in addr_out. The caller MUST
1012  * make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
1013  *
1014  * Format is as follows:
1015  * base32(PUBKEY || CHECKSUM || VERSION)
1016  * CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
1017  * */
1018 void
1019 hs_build_address(const ed25519_public_key_t *key, uint8_t version,
1020  char *addr_out)
1021 {
1022  uint8_t checksum[DIGEST256_LEN];
1023  char address[HS_SERVICE_ADDR_LEN];
1024 
1025  tor_assert(key);
1026  tor_assert(addr_out);
1027 
1028  /* Get the checksum of the address. */
1029  build_hs_checksum(key, version, checksum);
1030  /* Get the binary address representation. */
1031  build_hs_address(key, checksum, version, address);
1032 
1033  /* Encode the address. addr_out will be NUL terminated after this. */
1034  base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
1035  sizeof(address));
1036  /* Validate what we just built. */
1037  tor_assert(hs_address_is_valid(addr_out));
1038 }
1039 
1040 /** From a given ed25519 public key pk and an optional secret, compute a
1041  * blinded public key and put it in blinded_pk_out. This is only useful to
1042  * the client side because the client only has access to the identity public
1043  * key of the service. */
1044 void
1046  const uint8_t *secret, size_t secret_len,
1047  uint64_t time_period_num,
1048  ed25519_public_key_t *blinded_pk_out)
1049 {
1050  /* Our blinding key API requires a 32 bytes parameter. */
1051  uint8_t param[DIGEST256_LEN];
1052 
1053  tor_assert(pk);
1054  tor_assert(blinded_pk_out);
1056 
1057  build_blinded_key_param(pk, secret, secret_len,
1058  time_period_num, get_time_period_length(), param);
1059  ed25519_public_blind(blinded_pk_out, pk, param);
1060 
1061  memwipe(param, 0, sizeof(param));
1062 }
1063 
1064 /** From a given ed25519 keypair kp and an optional secret, compute a blinded
1065  * keypair for the current time period and put it in blinded_kp_out. This is
1066  * only useful by the service side because the client doesn't have access to
1067  * the identity secret key. */
1068 void
1070  const uint8_t *secret, size_t secret_len,
1071  uint64_t time_period_num,
1072  ed25519_keypair_t *blinded_kp_out)
1073 {
1074  /* Our blinding key API requires a 32 bytes parameter. */
1075  uint8_t param[DIGEST256_LEN];
1076 
1077  tor_assert(kp);
1078  tor_assert(blinded_kp_out);
1079  /* Extra safety. A zeroed key is bad. */
1080  tor_assert(!fast_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
1081  tor_assert(!fast_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
1082 
1083  build_blinded_key_param(&kp->pubkey, secret, secret_len,
1084  time_period_num, get_time_period_length(), param);
1085  ed25519_keypair_blind(blinded_kp_out, kp, param);
1086 
1087  memwipe(param, 0, sizeof(param));
1088 }
1089 
1090 /** Return true if we are currently in the time segment between a new time
1091  * period and a new SRV (in the real network that happens between 12:00 and
1092  * 00:00 UTC). Here is a diagram showing exactly when this returns true:
1093  *
1094  * +------------------------------------------------------------------+
1095  * | |
1096  * | 00:00 12:00 00:00 12:00 00:00 12:00 |
1097  * | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
1098  * | |
1099  * | $==========|-----------$===========|-----------$===========| |
1100  * | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
1101  * | |
1102  * +------------------------------------------------------------------+
1103  */
1104 MOCK_IMPL(int,
1105 hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
1106 {
1107  time_t valid_after;
1108  time_t srv_start_time, tp_start_time;
1109 
1110  if (!consensus) {
1111  consensus = networkstatus_get_live_consensus(now);
1112  if (!consensus) {
1113  return 0;
1114  }
1115  }
1116 
1117  /* Get start time of next TP and of current SRV protocol run, and check if we
1118  * are between them. */
1119  valid_after = consensus->valid_after;
1121  tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
1122 
1123  if (valid_after >= srv_start_time && valid_after < tp_start_time) {
1124  return 0;
1125  }
1126 
1127  return 1;
1128 }
1129 
1130 /** Return 1 if any virtual port in ports needs a circuit with good uptime.
1131  * Else return 0. */
1132 int
1134 {
1135  tor_assert(ports);
1136 
1138  if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
1139  p->virtual_port)) {
1140  return 1;
1141  }
1142  } SMARTLIST_FOREACH_END(p);
1143  return 0;
1144 }
1145 
1146 /** Build hs_index which is used to find the responsible hsdirs. This index
1147  * value is used to select the responsible HSDir where their hsdir_index is
1148  * closest to this value.
1149  * SHA3-256("store-at-idx" | blinded_public_key |
1150  * INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
1151  *
1152  * hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
1153 void
1154 hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
1155  uint64_t period_num, uint8_t *hs_index_out)
1156 {
1157  crypto_digest_t *digest;
1158 
1159  tor_assert(blinded_pk);
1160  tor_assert(hs_index_out);
1161 
1162  /* Build hs_index. See construction at top of function comment. */
1163  digest = crypto_digest256_new(DIGEST_SHA3_256);
1164  crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
1165  crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
1167 
1168  /* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
1169  {
1170  uint64_t period_length = get_time_period_length();
1171  char buf[sizeof(uint64_t)*3];
1172  size_t offset = 0;
1173  set_uint64(buf, tor_htonll(replica));
1174  offset += sizeof(uint64_t);
1175  set_uint64(buf+offset, tor_htonll(period_length));
1176  offset += sizeof(uint64_t);
1177  set_uint64(buf+offset, tor_htonll(period_num));
1178  offset += sizeof(uint64_t);
1179  tor_assert(offset == sizeof(buf));
1180 
1181  crypto_digest_add_bytes(digest, buf, sizeof(buf));
1182  }
1183 
1184  crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
1185  crypto_digest_free(digest);
1186 }
1187 
1188 /** Build hsdir_index which is used to find the responsible hsdirs. This is the
1189  * index value that is compare to the hs_index when selecting an HSDir.
1190  * SHA3-256("node-idx" | node_identity |
1191  * shared_random_value | INT_8(period_length) | INT_8(period_num) )
1192  *
1193  * hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
1194 void
1196  const uint8_t *srv_value, uint64_t period_num,
1197  uint8_t *hsdir_index_out)
1198 {
1199  crypto_digest_t *digest;
1200 
1201  tor_assert(identity_pk);
1202  tor_assert(srv_value);
1203  tor_assert(hsdir_index_out);
1204 
1205  /* Build hsdir_index. See construction at top of function comment. */
1206  digest = crypto_digest256_new(DIGEST_SHA3_256);
1207  crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
1208  crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
1210  crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
1211 
1212  {
1213  uint64_t time_period_length = get_time_period_length();
1214  char period_stuff[sizeof(uint64_t)*2];
1215  size_t offset = 0;
1216  set_uint64(period_stuff, tor_htonll(period_num));
1217  offset += sizeof(uint64_t);
1218  set_uint64(period_stuff+offset, tor_htonll(time_period_length));
1219  offset += sizeof(uint64_t);
1220  tor_assert(offset == sizeof(period_stuff));
1221 
1222  crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
1223  }
1224 
1225  crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
1226  crypto_digest_free(digest);
1227 }
1228 
1229 /** Return a newly allocated buffer containing the current shared random value
1230  * or if not present, a disaster value is computed using the given time period
1231  * number. If a consensus is provided in <b>ns</b>, use it to get the SRV
1232  * value. This function can't fail. */
1233 uint8_t *
1234 hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
1235 {
1236  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1237  const sr_srv_t *current_srv = sr_get_current(ns);
1238 
1239  if (current_srv) {
1240  memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
1241  } else {
1242  /* Disaster mode. */
1243  get_disaster_srv(time_period_num, sr_value);
1244  }
1245  return sr_value;
1246 }
1247 
1248 /** Return a newly allocated buffer containing the previous shared random
1249  * value or if not present, a disaster value is computed using the given time
1250  * period number. This function can't fail. */
1251 uint8_t *
1252 hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
1253 {
1254  uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
1255  const sr_srv_t *previous_srv = sr_get_previous(ns);
1256 
1257  if (previous_srv) {
1258  memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
1259  } else {
1260  /* Disaster mode. */
1261  get_disaster_srv(time_period_num, sr_value);
1262  }
1263  return sr_value;
1264 }
1265 
1266 /** Return the number of replicas defined by a consensus parameter or the
1267  * default value. */
1268 int32_t
1270 {
1271  /* The [1,16] range is a specification requirement. */
1272  return networkstatus_get_param(NULL, "hsdir_n_replicas",
1274 }
1275 
1276 /** Return the spread fetch value defined by a consensus parameter or the
1277  * default value. */
1278 int32_t
1280 {
1281  /* The [1,128] range is a specification requirement. */
1282  return networkstatus_get_param(NULL, "hsdir_spread_fetch",
1284 }
1285 
1286 /** Return the spread store value defined by a consensus parameter or the
1287  * default value. */
1288 int32_t
1290 {
1291  /* The [1,128] range is a specification requirement. */
1292  return networkstatus_get_param(NULL, "hsdir_spread_store",
1294 }
1295 
1296 /** <b>node</b> is an HSDir so make sure that we have assigned an hsdir index.
1297  * Return 0 if everything is as expected, else return -1. */
1298 static int
1300 {
1302 
1303  /* A node can't have an HSDir index without a descriptor since we need desc
1304  * to get its ed25519 key. for_direct_connect should be zero, since we
1305  * always use the consensus-indexed node's keys to build the hash ring, even
1306  * if some of the consensus-indexed nodes are also bridges. */
1307  if (!node_has_preferred_descriptor(node, 0)) {
1308  return 0;
1309  }
1310 
1311  /* At this point, since the node has a desc, this node must also have an
1312  * hsdir index. If not, something went wrong, so BUG out. */
1313  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.fetch,
1314  DIGEST256_LEN))) {
1315  return 0;
1316  }
1317  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_first,
1318  DIGEST256_LEN))) {
1319  return 0;
1320  }
1321  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_second,
1322  DIGEST256_LEN))) {
1323  return 0;
1324  }
1325 
1326  return 1;
1327 }
1328 
1329 /** For a given blinded key and time period number, get the responsible HSDir
1330  * and put their routerstatus_t object in the responsible_dirs list. If
1331  * 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
1332  * is used. If 'for_fetching' is true, the spread fetch consensus parameter is
1333  * used else the spread store is used which is only for upload. This function
1334  * can't fail but it is possible that the responsible_dirs list contains fewer
1335  * nodes than expected.
1336  *
1337  * This function goes over the latest consensus routerstatus list and sorts it
1338  * by their node_t hsdir_index then does a binary search to find the closest
1339  * node. All of this makes it a bit CPU intensive so use it wisely. */
1340 void
1342  uint64_t time_period_num, int use_second_hsdir_index,
1343  int for_fetching, smartlist_t *responsible_dirs)
1344 {
1345  smartlist_t *sorted_nodes;
1346  /* The compare function used for the smartlist bsearch. We have two
1347  * different depending on is_next_period. */
1348  int (*cmp_fct)(const void *, const void **);
1349 
1350  tor_assert(blinded_pk);
1351  tor_assert(responsible_dirs);
1352 
1353  sorted_nodes = smartlist_new();
1354 
1355  /* Make sure we actually have a live consensus */
1357  if (!c || smartlist_len(c->routerstatus_list) == 0) {
1358  log_warn(LD_REND, "No live consensus so we can't get the responsible "
1359  "hidden service directories.");
1360  goto done;
1361  }
1362 
1363  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
1365 
1366  /* Add every node_t that support HSDir v3 for which we do have a valid
1367  * hsdir_index already computed for them for this consensus. */
1368  {
1370  /* Even though this node_t object won't be modified and should be const,
1371  * we can't add const object in a smartlist_t. */
1372  node_t *n = node_get_mutable_by_id(rs->identity_digest);
1373  tor_assert(n);
1374  if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
1375  if (!node_has_hsdir_index(n)) {
1376  log_info(LD_GENERAL, "Node %s was found without hsdir index.",
1377  node_describe(n));
1378  continue;
1379  }
1380  smartlist_add(sorted_nodes, n);
1381  }
1382  } SMARTLIST_FOREACH_END(rs);
1383  }
1384  if (smartlist_len(sorted_nodes) == 0) {
1385  log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
1386  goto done;
1387  }
1388 
1389  /* First thing we have to do is sort all node_t by hsdir_index. The
1390  * is_next_period tells us if we want the current or the next one. Set the
1391  * bsearch compare function also while we are at it. */
1392  if (for_fetching) {
1395  } else if (use_second_hsdir_index) {
1398  } else {
1401  }
1402 
1403  /* For all replicas, we'll select a set of HSDirs using the consensus
1404  * parameters and the sorted list. The replica starting at value 1 is
1405  * defined by the specification. */
1406  for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
1407  int idx, start, found, n_added = 0;
1408  uint8_t hs_index[DIGEST256_LEN] = {0};
1409  /* Number of node to add to the responsible dirs list depends on if we are
1410  * trying to fetch or store. A client always fetches. */
1411  int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
1413 
1414  /* Get the index that we should use to select the node. */
1415  hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
1416  /* The compare function pointer has been set correctly earlier. */
1417  start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
1418  &found);
1419  /* Getting the length of the list if no member is greater than the key we
1420  * are looking for so start at the first element. */
1421  if (idx == smartlist_len(sorted_nodes)) {
1422  start = idx = 0;
1423  }
1424  while (n_added < n_to_add) {
1425  const node_t *node = smartlist_get(sorted_nodes, idx);
1426  /* If the node has already been selected which is possible between
1427  * replicas, the specification says to skip over. */
1428  if (!smartlist_contains(responsible_dirs, node->rs)) {
1429  smartlist_add(responsible_dirs, node->rs);
1430  ++n_added;
1431  }
1432  if (++idx == smartlist_len(sorted_nodes)) {
1433  /* Wrap if we've reached the end of the list. */
1434  idx = 0;
1435  }
1436  if (idx == start) {
1437  /* We've gone over the whole list, stop and avoid infinite loop. */
1438  break;
1439  }
1440  }
1441  }
1442 
1443  done:
1444  smartlist_free(sorted_nodes);
1445 }
1446 
1447 /*********************** HSDir request tracking ***************************/
1448 
1449 /** Return the period for which a hidden service directory cannot be queried
1450  * for the same descriptor ID again, taking TestingTorNetwork into account. */
1451 time_t
1453 {
1454  tor_assert(options);
1455 
1456  if (options->TestingTorNetwork) {
1457  return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
1458  } else {
1459  return REND_HID_SERV_DIR_REQUERY_PERIOD;
1460  }
1461 }
1462 
1463 /** Tracks requests for fetching hidden service descriptors. It's used by
1464  * hidden service clients, to avoid querying HSDirs that have already failed
1465  * giving back a descriptor. The same data structure is used to track both v2
1466  * and v3 HS descriptor requests.
1467  *
1468  * The string map is a key/value store that contains the last request times to
1469  * hidden service directories for certain queries. Specifically:
1470  *
1471  * key = base32(hsdir_identity) + base32(hs_identity)
1472  * value = time_t of last request for that hs_identity to that HSDir
1473  *
1474  * where 'hsdir_identity' is the identity digest of the HSDir node, and
1475  * 'hs_identity' is the descriptor ID of the HS in the v2 case, or the ed25519
1476  * blinded public key of the HS in the v3 case. */
1477 static strmap_t *last_hid_serv_requests_ = NULL;
1478 
1479 /** Returns last_hid_serv_requests_, initializing it to a new strmap if
1480  * necessary. */
1481 STATIC strmap_t *
1483 {
1485  last_hid_serv_requests_ = strmap_new();
1486  return last_hid_serv_requests_;
1487 }
1488 
1489 /** Look up the last request time to hidden service directory <b>hs_dir</b>
1490  * for descriptor request key <b>req_key_str</b> which is the descriptor ID
1491  * for a v2 service or the blinded key for v3. If <b>set</b> is non-zero,
1492  * assign the current time <b>now</b> and return that. Otherwise, return the
1493  * most recent request time, or 0 if no such request has been sent before. */
1494 time_t
1496  const char *req_key_str,
1497  time_t now, int set)
1498 {
1499  char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
1500  char *hsdir_desc_comb_id = NULL;
1501  time_t *last_request_ptr;
1502  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1503 
1504  /* Create the key */
1505  base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
1506  hs_dir->identity_digest, DIGEST_LEN);
1507  tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
1508 
1509  if (set) {
1510  time_t *oldptr;
1511  last_request_ptr = tor_malloc_zero(sizeof(time_t));
1512  *last_request_ptr = now;
1513  oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
1514  last_request_ptr);
1515  tor_free(oldptr);
1516  } else {
1517  last_request_ptr = strmap_get(last_hid_serv_requests,
1518  hsdir_desc_comb_id);
1519  }
1520 
1521  tor_free(hsdir_desc_comb_id);
1522  return (last_request_ptr) ? *last_request_ptr : 0;
1523 }
1524 
1525 /** Clean the history of request times to hidden service directories, so that
1526  * it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
1527  * seconds any more. */
1528 void
1530 {
1531  strmap_iter_t *iter;
1532  time_t cutoff = now - hs_hsdir_requery_period(get_options());
1533  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1534  for (iter = strmap_iter_init(last_hid_serv_requests);
1535  !strmap_iter_done(iter); ) {
1536  const char *key;
1537  void *val;
1538  time_t *ent;
1539  strmap_iter_get(iter, &key, &val);
1540  ent = (time_t *) val;
1541  if (*ent < cutoff) {
1542  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1543  tor_free(ent);
1544  } else {
1545  iter = strmap_iter_next(last_hid_serv_requests, iter);
1546  }
1547  }
1548 }
1549 
1550 /** Remove all requests related to the descriptor request key string
1551  * <b>req_key_str</b> from the history of times of requests to hidden service
1552  * directories.
1553  *
1554  * This is called from rend_client_note_connection_attempt_ended(), which
1555  * must be idempotent, so any future changes to this function must leave it
1556  * idempotent too. */
1557 void
1559 {
1560  strmap_iter_t *iter;
1561  strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
1562 
1563  for (iter = strmap_iter_init(last_hid_serv_requests);
1564  !strmap_iter_done(iter); ) {
1565  const char *key;
1566  void *val;
1567  strmap_iter_get(iter, &key, &val);
1568 
1569  /* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
1570  * semantic, see #23305. */
1571 
1572  /* This strmap contains variable-sized elements so this is a basic length
1573  * check on the strings we are about to compare. The key is variable sized
1574  * since it's composed as follows:
1575  * key = base32(hsdir_identity) + base32(req_key_str)
1576  * where 'req_key_str' is the descriptor ID of the HS in the v2 case, or
1577  * the ed25519 blinded public key of the HS in the v3 case. */
1578  if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
1579  iter = strmap_iter_next(last_hid_serv_requests, iter);
1580  continue;
1581  }
1582 
1583  /* Check if the tracked request matches our request key */
1584  if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
1585  strlen(req_key_str))) {
1586  iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
1587  tor_free(val);
1588  } else {
1589  iter = strmap_iter_next(last_hid_serv_requests, iter);
1590  }
1591  }
1592 }
1593 
1594 /** Purge the history of request times to hidden service directories,
1595  * so that future lookups of an HS descriptor will not fail because we
1596  * accessed all of the HSDir relays responsible for the descriptor
1597  * recently. */
1598 void
1600 {
1601  /* Don't create the table if it doesn't exist yet (and it may very
1602  * well not exist if the user hasn't accessed any HSes)... */
1603  strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
1604  /* ... and let get_last_hid_serv_requests re-create it for us if
1605  * necessary. */
1606  last_hid_serv_requests_ = NULL;
1607 
1608  if (old_last_hid_serv_requests != NULL) {
1609  log_info(LD_REND, "Purging client last-HS-desc-request-time table");
1610  strmap_free(old_last_hid_serv_requests, tor_free_);
1611  }
1612 }
1613 
1614 /***********************************************************************/
1615 
1616 /** Given the list of responsible HSDirs in <b>responsible_dirs</b>, pick the
1617  * one that we should use to fetch a descriptor right now. Take into account
1618  * previous failed attempts at fetching this descriptor from HSDirs using the
1619  * string identifier <b>req_key_str</b>. We return whether we are rate limited
1620  * into *<b>is_rate_limited_out</b> if it is not NULL.
1621  *
1622  * Steals ownership of <b>responsible_dirs</b>.
1623  *
1624  * Return the routerstatus of the chosen HSDir if successful, otherwise return
1625  * NULL if no HSDirs are worth trying right now. */
1627 hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str,
1628  bool *is_rate_limited_out)
1629 {
1630  smartlist_t *usable_responsible_dirs = smartlist_new();
1631  const or_options_t *options = get_options();
1632  routerstatus_t *hs_dir;
1633  time_t now = time(NULL);
1634  int excluded_some;
1635  bool rate_limited = false;
1636  int rate_limited_count = 0;
1637  int responsible_dirs_count = smartlist_len(responsible_dirs);
1638 
1639  tor_assert(req_key_str);
1640 
1641  /* Clean outdated request history first. */
1643 
1644  /* Only select those hidden service directories to which we did not send a
1645  * request recently and for which we have a router descriptor here.
1646  *
1647  * Use for_direct_connect==0 even if we will be connecting to the node
1648  * directly, since we always use the key information in the
1649  * consensus-indexed node descriptors for building the index.
1650  **/
1651  SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
1652  time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
1653  const node_t *node = node_get_by_id(dir->identity_digest);
1654  if (last + hs_hsdir_requery_period(options) >= now ||
1655  !node || !node_has_preferred_descriptor(node, 0)) {
1656  SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
1657  rate_limited_count++;
1658  continue;
1659  }
1660  if (!routerset_contains_node(options->ExcludeNodes, node)) {
1661  smartlist_add(usable_responsible_dirs, dir);
1662  }
1663  } SMARTLIST_FOREACH_END(dir);
1664 
1665  if (rate_limited_count > 0 || responsible_dirs_count > 0) {
1666  rate_limited = rate_limited_count == responsible_dirs_count;
1667  }
1668 
1669  excluded_some =
1670  smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
1671 
1672  hs_dir = smartlist_choose(usable_responsible_dirs);
1673  if (!hs_dir && !options->StrictNodes) {
1674  hs_dir = smartlist_choose(responsible_dirs);
1675  }
1676 
1677  smartlist_free(responsible_dirs);
1678  smartlist_free(usable_responsible_dirs);
1679  if (!hs_dir) {
1680  const char *warn_str = (rate_limited) ? "we are rate limited." :
1681  "we requested them all recently without success";
1682  log_info(LD_REND, "Could not pick one of the responsible hidden "
1683  "service directories, because %s.", warn_str);
1684  if (options->StrictNodes && excluded_some) {
1685  log_warn(LD_REND, "Could not pick a hidden service directory for the "
1686  "requested hidden service: they are all either down or "
1687  "excluded, and StrictNodes is set.");
1688  }
1689  } else {
1690  /* Remember that we are requesting a descriptor from this hidden service
1691  * directory now. */
1692  hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
1693  }
1694 
1695  if (is_rate_limited_out != NULL) {
1696  *is_rate_limited_out = rate_limited;
1697  }
1698 
1699  return hs_dir;
1700 }
1701 
1702 /** Given a list of link specifiers lspecs, a curve 25519 onion_key, and
1703  * a direct connection boolean direct_conn (true for single onion services),
1704  * return a newly allocated extend_info_t object.
1705  *
1706  * This function always returns an extend info with a valid IP address and
1707  * ORPort, or NULL. If direct_conn is false, the IP address is always IPv4.
1708  *
1709  * It performs the following checks:
1710  * if there is no usable IP address, or legacy ID is missing, return NULL.
1711  * if direct_conn, and we can't reach any IP address, return NULL.
1712  */
1713 extend_info_t *
1715  const curve25519_public_key_t *onion_key,
1716  int direct_conn)
1717 {
1718  int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
1719  char legacy_id[DIGEST_LEN] = {0};
1720  ed25519_public_key_t ed25519_pk;
1721  extend_info_t *info = NULL;
1722  tor_addr_port_t ap;
1723 
1724  tor_addr_make_null(&ap.addr, AF_UNSPEC);
1725  ap.port = 0;
1726 
1727  if (lspecs == NULL) {
1728  log_warn(LD_BUG, "Specified link specifiers is null");
1729  goto done;
1730  }
1731 
1732  if (onion_key == NULL) {
1733  log_warn(LD_BUG, "Specified onion key is null");
1734  goto done;
1735  }
1736 
1737  if (smartlist_len(lspecs) == 0) {
1738  log_fn(LOG_PROTOCOL_WARN, LD_REND, "Empty link specifier list.");
1739  /* Return NULL. */
1740  goto done;
1741  }
1742 
1743  SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
1744  switch (link_specifier_get_ls_type(ls)) {
1745  case LS_IPV4:
1746  /* Skip if we already seen a v4. If direct_conn is true, we skip this
1747  * block because reachable_addr_choose_from_ls() will set ap. If
1748  * direct_conn is false, set ap to the first IPv4 address and port in
1749  * the link specifiers.*/
1750  if (have_v4 || direct_conn) continue;
1751  tor_addr_from_ipv4h(&ap.addr,
1752  link_specifier_get_un_ipv4_addr(ls));
1753  ap.port = link_specifier_get_un_ipv4_port(ls);
1754  have_v4 = 1;
1755  break;
1756  case LS_LEGACY_ID:
1757  /* Make sure we do have enough bytes for the legacy ID. */
1758  if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
1759  break;
1760  }
1761  memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
1762  sizeof(legacy_id));
1763  have_legacy_id = 1;
1764  break;
1765  case LS_ED25519_ID:
1766  memcpy(ed25519_pk.pubkey,
1767  link_specifier_getconstarray_un_ed25519_id(ls),
1769  have_ed25519_id = 1;
1770  break;
1771  default:
1772  /* Ignore unknown. */
1773  break;
1774  }
1775  } SMARTLIST_FOREACH_END(ls);
1776 
1777  /* Choose a preferred address first, but fall back to an allowed address. */
1778  if (direct_conn)
1779  reachable_addr_choose_from_ls(lspecs, 0, &ap);
1780 
1781  /* Legacy ID is mandatory, and we require an IP address. */
1782  if (!tor_addr_port_is_valid_ap(&ap, 0)) {
1783  /* If we're missing the IP address, log a warning and return NULL. */
1784  log_info(LD_NET, "Unreachable or invalid IP address in link state");
1785  goto done;
1786  }
1787  if (!have_legacy_id) {
1788  /* If we're missing the legacy ID, log a warning and return NULL. */
1789  log_warn(LD_PROTOCOL, "Missing Legacy ID in link state");
1790  goto done;
1791  }
1792 
1793  /* We will add support for falling back to a 3-hop path in a later
1794  * release. */
1795 
1796  /* We'll validate now that the address we've picked isn't a private one. If
1797  * it is, are we allowed to extend to private addresses? */
1798  if (!extend_info_addr_is_allowed(&ap.addr)) {
1799  log_fn(LOG_PROTOCOL_WARN, LD_REND,
1800  "Requested address is private and we are not allowed to extend to "
1801  "it: %s:%u", fmt_addr(&ap.addr), ap.port);
1802  goto done;
1803  }
1804 
1805  /* We do have everything for which we think we can connect successfully. */
1806  info = extend_info_new(NULL, legacy_id,
1807  (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
1808  onion_key, &ap.addr, ap.port);
1809  done:
1810  return info;
1811 }
1812 
1813 /***********************************************************************/
1814 
1815 /** Initialize the entire HS subsytem. This is called in tor_init() before any
1816  * torrc options are loaded. Only for >= v3. */
1817 void
1818 hs_init(void)
1819 {
1821  hs_service_init();
1822  hs_cache_init();
1823 }
1824 
1825 /** Release and cleanup all memory of the HS subsystem (all version). This is
1826  * called by tor_free_all(). */
1827 void
1829 {
1834  hs_ob_free_all();
1835 }
1836 
1837 /** For the given origin circuit circ, decrement the number of rendezvous
1838  * stream counter. This handles every hidden service version. */
1839 void
1841 {
1842  tor_assert(circ);
1843 
1844  if (circ->rend_data) {
1845  circ->rend_data->nr_streams--;
1846  } else if (circ->hs_ident) {
1847  circ->hs_ident->num_rdv_streams--;
1848  } else {
1849  /* Should not be called if this circuit is not for hidden service. */
1851  }
1852 }
1853 
1854 /** For the given origin circuit circ, increment the number of rendezvous
1855  * stream counter. This handles every hidden service version. */
1856 void
1858 {
1859  tor_assert(circ);
1860 
1861  if (circ->rend_data) {
1862  circ->rend_data->nr_streams++;
1863  } else if (circ->hs_ident) {
1864  circ->hs_ident->num_rdv_streams++;
1865  } else {
1866  /* Should not be called if this circuit is not for hidden service. */
1868  }
1869 }
1870 
1871 /** Return a newly allocated link specifier object that is a copy of dst. */
1872 link_specifier_t *
1873 link_specifier_dup(const link_specifier_t *src)
1874 {
1875  link_specifier_t *dup = NULL;
1876  uint8_t *buf = NULL;
1877 
1878  if (BUG(!src)) {
1879  goto err;
1880  }
1881 
1882  ssize_t encoded_len_alloc = link_specifier_encoded_len(src);
1883  if (BUG(encoded_len_alloc < 0)) {
1884  goto err;
1885  }
1886 
1887  buf = tor_malloc_zero(encoded_len_alloc);
1888  ssize_t encoded_len_data = link_specifier_encode(buf,
1889  encoded_len_alloc,
1890  src);
1891  if (BUG(encoded_len_data < 0)) {
1892  goto err;
1893  }
1894 
1895  ssize_t parsed_len = link_specifier_parse(&dup, buf, encoded_len_alloc);
1896  if (BUG(parsed_len < 0)) {
1897  goto err;
1898  }
1899 
1900  goto done;
1901 
1902  err:
1903  dup = NULL;
1904 
1905  done:
1906  tor_free(buf);
1907  return dup;
1908 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
routermode.h
Header file for routermode.c.
hs_cache_init
void hs_cache_init(void)
Definition: hs_cache.c:1120
tor_free
#define tor_free(p)
Definition: malloc.h:52
hs_service.h
Header file containing service data for the HS subsytem.
tor_free_
void tor_free_(void *mem)
Definition: malloc.c:227
rend_service_port_config_t::is_unix_addr
unsigned int is_unix_addr
Definition: hs_common.h:157
HS_TIME_PERIOD_LENGTH_MAX
#define HS_TIME_PERIOD_LENGTH_MAX
Definition: hs_common.h:91
tor_addr_make_null
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
HS_VERSION_TWO
#define HS_VERSION_TWO
Definition: hs_common.h:24
hs_ident.h
Header file containing circuit and connection identifier data for the whole HS subsytem.
memwipe
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
build_hs_address
static void build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum, uint8_t version, char *addr_out)
Definition: hs_common.c:763
cpd_check_t
unsigned int cpd_check_t
Definition: dir.h:20
smartlist_contains_int_as_string
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
rend_data_v2_t::desc_id_fetch
char desc_id_fetch[DIGEST_LEN]
Definition: or.h:455
approx_time
time_t approx_time(void)
Definition: approx_time.c:32
ed25519_validate_pubkey
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:796
connection_t::address
char * address
Definition: connection_st.h:166
MOCK_IMPL
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:349
hs_service_init
void hs_service_init(void)
Definition: hs_service.c:4249
rend_data_v2_t::auth_type
rend_auth_type_t auth_type
Definition: or.h:450
hs_set_conn_addr_port
int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
Definition: hs_common.c:857
hs_hsdir_requery_period
time_t hs_hsdir_requery_period(const or_options_t *options)
Definition: hs_common.c:1452
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
LD_BUG
#define LD_BUG
Definition: log.h:86
hs_get_next_time_period_num
uint64_t hs_get_next_time_period_num(time_t now)
Definition: hs_common.c:305
rend_service_port_config_t
Definition: hs_common.h:153
fast_mem_is_zero
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
HS_DEFAULT_HSDIR_SPREAD_FETCH
#define HS_DEFAULT_HSDIR_SPREAD_FETCH
Definition: hs_common.h:126
LD_GENERAL
#define LD_GENERAL
Definition: log.h:62
hs_in_period_between_tp_and_srv
int hs_in_period_between_tp_and_srv(const networkstatus_t *consensus, time_t now)
Definition: hs_common.c:1105
routerset_contains_node
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:352
smartlist_choose
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:590
rend_auth_type_t
rend_auth_type_t
Definition: or.h:403
set_uint8
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
describe.h
Header file for describe.c.
node_get_by_id
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
networkstatus_get_live_consensus
networkstatus_t * networkstatus_get_live_consensus(time_t now)
Definition: networkstatus.c:1416
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
sr_srv_t
Definition: shared_random.h:62
routerstatus_t
Definition: routerstatus_st.h:19
compute_desc_id
static int compute_desc_id(rend_data_t *rend_data)
Definition: hs_common.c:420
hsdir_index_t::fetch
uint8_t fetch[DIGEST256_LEN]
Definition: hsdir_index_st.h:19
hs_build_blinded_keypair
void hs_build_blinded_keypair(const ed25519_keypair_t *kp, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_keypair_t *blinded_kp_out)
Definition: hs_common.c:1069
hs_build_address
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
Definition: hs_common.c:1019
hs_build_hs_index
void hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk, uint64_t period_num, uint8_t *hs_index_out)
Definition: hs_common.c:1154
hs_get_hsdir_spread_fetch
int32_t hs_get_hsdir_spread_fetch(void)
Definition: hs_common.c:1279
HS_SERVICE_ADDR_CHECKSUM_LEN_USED
#define HS_SERVICE_ADDR_CHECKSUM_LEN_USED
Definition: hs_common.h:74
ED25519_PUBKEY_LEN
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
crypto_digest_add_bytes
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
Definition: crypto_digest_nss.c:308
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
rend_data_t::nr_streams
int nr_streams
Definition: or.h:431
tor_addr_make_unspec
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
nodelist_ensure_freshness
void nodelist_ensure_freshness(const networkstatus_t *ns)
Definition: nodelist.c:946
crypto_digest_t
Definition: crypto_digest_nss.c:166
build_hs_checksum
static void build_hs_checksum(const ed25519_public_key_t *key, uint8_t version, uint8_t *checksum_out)
Definition: hs_common.c:736
last_hid_serv_requests_
static strmap_t * last_hid_serv_requests_
Definition: hs_common.c:1477
connection_t::port
uint16_t port
Definition: connection_st.h:146
hs_address_is_valid
int hs_address_is_valid(const char *address)
Definition: hs_common.c:974
hs_init
void hs_init(void)
Definition: hs_common.c:1818
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
rend_data_dup
rend_data_t * rend_data_dup(const rend_data_t *data)
Definition: hs_common.c:387
base32_decode
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
hs_dos.h
Header file containing denial of service defenses for the HS subsystem for all versions.
networkstatus.h
Header file for networkstatus.c.
hsdir_index_t::store_first
uint8_t store_first[DIGEST256_LEN]
Definition: hsdir_index_st.h:24
hs_client.h
Header file containing client data for the HS subsytem.
tor_memeq
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
base32_encode
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
crypto_util.h
Common functions for cryptographic routines.
hs_purge_last_hid_serv_requests
void hs_purge_last_hid_serv_requests(void)
Definition: hs_common.c:1599
hs_cache.h
Header file for hs_cache.c.
REND_DESC_ID_V2_LEN_BASE32
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:355
extend_info_new
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:33
hs_parse_address_impl
static void hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:786
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
hs_pick_hsdir
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
Definition: hs_common.c:1627
hs_lookup_last_hid_serv_request
time_t hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir, const char *req_key_str, time_t now, int set)
Definition: hs_common.c:1495
hs_get_hsdir_spread_store
int32_t hs_get_hsdir_spread_store(void)
Definition: hs_common.c:1289
node_get_mutable_by_id
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:194
hs_circuitmap_init
void hs_circuitmap_init(void)
Definition: hs_circuitmap.c:597
hs_get_previous_srv
uint8_t * hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
Definition: hs_common.c:1252
shared_random_state.h
Header for shared_random_state.c.
rend_service_port_config_t::real_port
uint16_t real_port
Definition: hs_common.h:159
tor_addr_from_ipv4h
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
sr_get_current
const sr_srv_t * sr_get_current(const networkstatus_t *ns)
Definition: shared_random_client.c:142
hs_service_free_all
void hs_service_free_all(void)
Definition: hs_service.c:4266
node_supports_v3_hsdir
bool node_supports_v3_hsdir(const node_t *node)
Definition: nodelist.c:1170
hs_get_previous_time_period_num
uint64_t hs_get_previous_time_period_num(time_t now)
Definition: hs_common.c:314
tor_addr_port_t
Definition: address.h:81
HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN
#define HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN
Definition: hs_common.h:71
hs_path_from_filename
char * hs_path_from_filename(const char *directory, const char *filename)
Definition: hs_common.c:179
HS_DEFAULT_HSDIR_N_REPLICAS
#define HS_DEFAULT_HSDIR_N_REPLICAS
Definition: hs_common.h:122
tor_assert_nonfatal_unreached
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
node_t
Definition: node_st.h:34
origin_circuit_t
Definition: origin_circuit_st.h:79
HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN
#define HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN
Definition: hs_common.h:65
HS_SERVICE_ADDR_LEN
#define HS_SERVICE_ADDR_LEN
Definition: hs_common.h:79
rend_data_v2_t::descriptor_cookie
char descriptor_cookie[REND_DESC_COOKIE_LEN]
Definition: or.h:447
rend_service_port_config_t::real_addr
tor_addr_t real_addr
Definition: hs_common.h:161
ed25519_public_key_t
Definition: crypto_ed25519.h:23
or_options_t::ExcludeNodes
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:120
rend_data_free_
void rend_data_free_(rend_data_t *data)
Definition: hs_common.c:362
hs_check_service_private_dir
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Definition: hs_common.c:201
LD_REND
#define LD_REND
Definition: log.h:84
or_options_t::StrictNodes
int StrictNodes
Definition: or_options_st.h:117
HS_TIME_PERIOD_LENGTH_DEFAULT
#define HS_TIME_PERIOD_LENGTH_DEFAULT
Definition: hs_common.h:87
compare_digest_to_fetch_hsdir_index
static int compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:114
nodelist.h
Header file for nodelist.c.
build_blinded_key_param
static void build_blinded_key_param(const ed25519_public_key_t *pubkey, const uint8_t *secret, size_t secret_len, uint64_t period_num, uint64_t period_length, uint8_t *param_out)
Definition: hs_common.c:687
ED25519_SECKEY_LEN
#define ED25519_SECKEY_LEN
Definition: x25519_sizes.h:29
rend_data_service_create
rend_data_t * rend_data_service_create(const char *onion_address, const char *pk_digest, const uint8_t *cookie, rend_auth_type_t auth_type)
Definition: hs_common.c:462
compare_node_fetch_hsdir_index
static int compare_node_fetch_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:145
ed25519_keypair_blind
int ed25519_keypair_blind(ed25519_keypair_t *out, const ed25519_keypair_t *inp, const uint8_t *param)
Definition: crypto_ed25519.c:514
routerset.h
Header file for routerset.c.
compare_node_store_first_hsdir_index
static int compare_node_store_first_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:156
hs_purge_hid_serv_from_last_hid_serv_requests
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
Definition: hs_common.c:1558
rend_data_get_desc_id
const char * rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica, size_t *len_out)
Definition: hs_common.c:547
extend_info_addr_is_allowed
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Definition: extendinfo.c:224
connection_t::addr
tor_addr_t addr
Definition: connection_st.h:145
rendservice.h
Header file for rendservice.c.
hs_ob_free_all
void hs_ob_free_all(void)
Definition: hs_ob.c:405
DIGEST256_LEN
#define DIGEST256_LEN
Definition: digest_sizes.h:23
extendinfo.h
Header for core/or/extendinfo.c.
hsdir_index_t::store_second
uint8_t store_second[DIGEST256_LEN]
Definition: hsdir_index_st.h:26
networkstatus_t::routerstatus_list
smartlist_t * routerstatus_list
Definition: networkstatus_st.h:96
compute_disaster_srv
static void compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:591
node_has_hsdir_index
static int node_has_hsdir_index(const node_t *node)
Definition: hs_common.c:1299
rend_data_t::rend_cookie
char rend_cookie[REND_COOKIE_LEN]
Definition: or.h:428
HS_INDEX_PREFIX
#define HS_INDEX_PREFIX
Definition: hs_common.h:110
crypto_digest256_new
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:272
ARRAY_LENGTH
#define ARRAY_LENGTH(x)
Definition: compat_compiler.h:222
hs_get_hsdir_n_replicas
int32_t hs_get_hsdir_n_replicas(void)
Definition: hs_common.c:1269
fmt_addr
#define fmt_addr(a)
Definition: address.h:239
crypto_rand.h
Common functions for using (pseudo-)random number generators.
hs_get_service_max_rend_failures
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:234
hs_build_hsdir_index
void hs_build_hsdir_index(const ed25519_public_key_t *identity_pk, const uint8_t *srv_value, uint64_t period_num, uint8_t *hsdir_index_out)
Definition: hs_common.c:1195
get_options
const or_options_t * get_options(void)
Definition: config.c:929
tor_memcmp
int tor_memcmp(const void *a, const void *b, size_t len)
Definition: di_ops.c:31
link_specifier_dup
link_specifier_t * link_specifier_dup(const link_specifier_t *src)
Definition: hs_common.c:1873
circuitbuild.h
Header file for circuitbuild.c.
HS_KEYBLIND_NONCE_PREFIX
#define HS_KEYBLIND_NONCE_PREFIX
Definition: hs_common.h:98
hs_get_responsible_hsdirs
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
Definition: hs_common.c:1341
hs_ident_edge_conn_t::orig_virtual_port
uint16_t orig_virtual_port
Definition: hs_ident.h:111
HS_SERVICE_ADDR_CHECKSUM_PREFIX
#define HS_SERVICE_ADDR_CHECKSUM_PREFIX
Definition: hs_common.h:63
crypto_digest_free
#define crypto_digest_free(d)
Definition: crypto_digest.h:130
routerstatus_st.h
Routerstatus (consensus entry) structure.
sr_srv_t::value
uint8_t value[DIGEST256_LEN]
Definition: shared_random.h:66
node_describe
const char * node_describe(const node_t *node)
Definition: describe.c:142
hs_common.h
Header file containing common data for the whole HS subsytem.
hs_circuitmap_free_all
void hs_circuitmap_free_all(void)
Definition: hs_circuitmap.c:607
curve25519_public_key_t
Definition: crypto_curve25519.h:24
edge_connection_st.h
Edge-connection structure.
HSDIR_INDEX_PREFIX
#define HSDIR_INDEX_PREFIX
Definition: hs_common.h:114
cached_disaster_srv
static uint8_t cached_disaster_srv[2][DIGEST256_LEN]
Definition: hs_common.c:628
hs_get_extend_info_from_lspecs
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
Definition: hs_common.c:1714
HS_SRV_DISASTER_PREFIX
#define HS_SRV_DISASTER_PREFIX
Definition: hs_common.h:118
hs_subcredential_t
Definition: hs_ntor.h:43
get_time_period_length
STATIC uint64_t get_time_period_length(void)
Definition: hs_common.c:244
networkstatus_t::valid_after
time_t valid_after
Definition: networkstatus_st.h:33
tor_htonll
static uint64_t tor_htonll(uint64_t a)
Definition: bytes.h:184
hs_service_requires_uptime_circ
int hs_service_requires_uptime_circ(const smartlist_t *ports)
Definition: hs_common.c:1133
tor_asprintf
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
hs_client_free_all
void hs_client_free_all(void)
Definition: hs_client.c:2580
rend_data_v2_t::descriptor_id
char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN]
Definition: or.h:444
origin_circuit_t::rend_data
rend_data_t * rend_data
Definition: origin_circuit_st.h:132
hs_get_time_period_num
uint64_t hs_get_time_period_num(time_t now)
Definition: hs_common.c:270
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
rend_data_v2_t::onion_address
char onion_address[REND_SERVICE_ID_LEN_BASE32+1]
Definition: or.h:439
or_options_t::TestingTorNetwork
int TestingTorNetwork
Definition: or_options_st.h:811
SMARTLIST_DEL_CURRENT
#define SMARTLIST_DEL_CURRENT(sl, var)
Definition: smartlist_foreach.h:120
compare_digest_to_store_second_hsdir_index
static int compare_digest_to_store_second_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:135
rend_data_client_create
rend_data_t * rend_data_client_create(const char *onion_address, const char *desc_id, const char *cookie, rend_auth_type_t auth_type)
Definition: hs_common.c:494
sr_state_get_start_time_of_current_protocol_run
time_t sr_state_get_start_time_of_current_protocol_run(void)
Definition: shared_random_client.c:239
node_st.h
Node information structure.
sr_get_previous
const sr_srv_t * sr_get_previous(const networkstatus_t *ns)
Definition: shared_random_client.c:165
reachable_addr_choose_from_ls
void reachable_addr_choose_from_ls(const smartlist_t *lspecs, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:908
edge_connection_t
Definition: edge_connection_st.h:21
hs_ident_circuit_t::num_rdv_streams
uint64_t num_rdv_streams
Definition: hs_ident.h:81
hs_ob.h
Header file for the specific code for onion balance.
hs_clean_last_hid_serv_requests
void hs_clean_last_hid_serv_requests(time_t now)
Definition: hs_common.c:1529
get_uint8
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
rend_data_t
Definition: or.h:419
hs_inc_rdv_stream_counter
void hs_inc_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1857
hs_build_blinded_pubkey
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
Definition: hs_common.c:1045
policies.h
Header file for policies.c.
rend_service_port_config_t::unix_addr
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: hs_common.h:163
sr_state_get_protocol_run_duration
unsigned int sr_state_get_protocol_run_duration(void)
Definition: shared_random_client.c:303
hs_circuitmap.h
Header file for hs_circuitmap.c.
connection_t::socket_family
int socket_family
Definition: connection_st.h:111
rend_data_get_address
const char * rend_data_get_address(const rend_data_t *rend_data)
Definition: hs_common.c:529
shared_random_client.h
Header file for shared_random_client.c.
compare_digest_to_store_first_hsdir_index
static int compare_digest_to_store_first_hsdir_index(const void *_key, const void **_member)
Definition: hs_common.c:124
config.h
Header file for config.c.
crypto_digest256
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:121
escaped_safe_str
const char * escaped_safe_str(const char *address)
Definition: config.c:1132
HS_DEFAULT_HSDIR_SPREAD_STORE
#define HS_DEFAULT_HSDIR_SPREAD_STORE
Definition: hs_common.h:124
smartlist_contains
int smartlist_contains(const smartlist_t *sl, const void *element)
Definition: smartlist_core.c:201
hs_parse_address
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:958
str_ed25519_basepoint
static const char * str_ed25519_basepoint
Definition: hs_common.c:51
LD_NET
#define LD_NET
Definition: log.h:66
hs_parse_address_no_log
int hs_parse_address_no_log(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out, const char **errmsg)
Definition: hs_common.c:918
origin_circuit_t::hs_ident
struct hs_ident_circuit_t * hs_ident
Definition: origin_circuit_st.h:136
or_options_t
Definition: or_options_st.h:64
ed25519_public_blind
int ed25519_public_blind(ed25519_public_key_t *out, const ed25519_public_key_t *inp, const uint8_t *param)
Definition: crypto_ed25519.c:541
TO_CONN
#define TO_CONN(c)
Definition: or.h:736
STATIC
#define STATIC
Definition: testsupport.h:32
HS_TIME_PERIOD_LENGTH_MIN
#define HS_TIME_PERIOD_LENGTH_MIN
Definition: hs_common.h:89
rend_data_v2_t::rend_pk_digest
char rend_pk_digest[DIGEST_LEN]
Definition: or.h:458
hs_dec_rdv_stream_counter
void hs_dec_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1840
set_uint64
static void set_uint64(void *cp, uint64_t v)
Definition: bytes.h:96
networkstatus_get_param
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Definition: networkstatus.c:2500
networkstatus_st.h
Networkstatus consensus/vote structure.
rend_data_v2_t
Definition: or.h:434
HS_CREDENTIAL_PREFIX
#define HS_CREDENTIAL_PREFIX
Definition: hs_common.h:104
BASE32_DIGEST_LEN
#define BASE32_DIGEST_LEN
Definition: crypto_digest.h:23
smartlist_sort
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
routerstatus_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: routerstatus_st.h:27
networkstatus_t
Definition: networkstatus_st.h:26
hs_cache_free_all
void hs_cache_free_all(void)
Definition: hs_cache.c:1135
hs_get_subcredential
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
Definition: hs_common.c:816
rend_data_t::hsdirs_fp
smartlist_t * hsdirs_fp
Definition: or.h:425
origin_circuit_st.h
Origin circuit structure.
compare_node_store_second_hsdir_index
static int compare_node_store_second_hsdir_index(const void **a, const void **b)
Definition: hs_common.c:167
rend_data_alloc
static rend_data_t * rend_data_alloc(uint32_t version)
Definition: hs_common.c:339
node_has_preferred_descriptor
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1419
smartlist_t
Definition: smartlist_core.h:26
hs_get_start_time_of_next_time_period
time_t hs_get_start_time_of_next_time_period(time_t now)
Definition: hs_common.c:323
HS_SERVICE_ADDR_LEN_BASE32
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:83
sr_state_get_phase_duration
unsigned int sr_state_get_phase_duration(void)
Definition: shared_random_client.c:296
crypto_digest_get_digest
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Definition: crypto_digest_nss.c:348
smartlist_bsearch_idx
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
rendcommon.h
Header file for rendcommon.c.
rend_data_get_pk_digest
const uint8_t * rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
Definition: hs_common.c:569
check_private_dir
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
extend_info_t
Definition: extend_info_st.h:27
get_last_hid_serv_requests
STATIC strmap_t * get_last_hid_serv_requests(void)
Definition: hs_common.c:1482
hs_free_all
void hs_free_all(void)
Definition: hs_common.c:1828
or.h
Master header file for Tor-specific functionality.
get_disaster_srv
STATIC void get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
Definition: hs_common.c:635
ed25519_keypair_t
Definition: crypto_ed25519.h:39
rend_compute_v2_desc_id
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:154
hs_get_current_srv
uint8_t * hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
Definition: hs_common.c:1234
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72