Tor
0.4.7.0-alpha-dev
|
Header file for hs_descriptor.c. More...
#include <stdint.h>
#include "core/or/or.h"
#include "trunnel/ed25519_cert.h"
#include "feature/nodelist/torcert.h"
#include "core/crypto/hs_ntor.h"
Go to the source code of this file.
Data Structures | |
struct | hs_desc_intro_point_t |
struct | hs_desc_authorized_client_t |
struct | hs_desc_encrypted_data_t |
struct | hs_desc_superencrypted_data_t |
struct | hs_desc_plaintext_data_t |
struct | hs_descriptor_t |
Macros | |
#define | HS_DESC_SUPPORTED_FORMAT_VERSION_MIN 3 |
#define | HS_DESC_SUPPORTED_FORMAT_VERSION_MAX 3 |
#define | HS_DESC_DEFAULT_LIFETIME (3 * 60 * 60) |
#define | HS_DESC_MAX_LIFETIME (12 * 60 * 60) |
#define | HS_DESC_CERT_LIFETIME (54 * 60 * 60) |
#define | HS_DESC_ENCRYPTED_SALT_LEN 16 |
#define | HS_DESC_ENCRYPTED_KDF_OUTPUT_LEN CIPHER256_KEY_LEN + CIPHER_IV_LEN + DIGEST256_LEN |
#define | HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE 10000 |
#define | HS_DESC_MAX_LEN 50000 /* 50kb max size */ |
#define | HS_DESC_ENCRYPTED_KEY_LEN CIPHER256_KEY_LEN |
#define | HS_DESC_ENCRYPTED_BIT_SIZE (HS_DESC_ENCRYPTED_KEY_LEN * 8) |
#define | HS_DESC_CLIENT_ID_LEN 8 |
#define | HS_DESC_DESCRIPTOR_COOKIE_LEN 16 |
#define | HS_DESC_COOKIE_KEY_LEN 32 |
#define | HS_DESC_COOKIE_KEY_BIT_SIZE (HS_DESC_COOKIE_KEY_LEN * 8) |
#define | HS_DESC_ENCRYPED_COOKIE_LEN HS_DESC_DESCRIPTOR_COOKIE_LEN |
#define | HS_DESC_AUTH_CLIENT_MULTIPLE 16 |
#define | hs_descriptor_free(desc) FREE_AND_NULL(hs_descriptor_t, hs_descriptor_free_, (desc)) |
#define | hs_desc_plaintext_data_free(desc) FREE_AND_NULL(hs_desc_plaintext_data_t, hs_desc_plaintext_data_free_, (desc)) |
#define | hs_desc_superencrypted_data_free(desc) |
#define | hs_desc_encrypted_data_free(desc) FREE_AND_NULL(hs_desc_encrypted_data_t, hs_desc_encrypted_data_free_, (desc)) |
#define | hs_desc_intro_point_free(ip) FREE_AND_NULL(hs_desc_intro_point_t, hs_desc_intro_point_free_, (ip)) |
#define | hs_desc_authorized_client_free(client) |
Enumerations | |
enum | hs_desc_auth_type_t { HS_DESC_AUTH_ED25519 = 1 } |
enum | hs_desc_decode_status_t { HS_DESC_DECODE_BAD_CLIENT_AUTH = -6 , HS_DESC_DECODE_NEED_CLIENT_AUTH = -5 , HS_DESC_DECODE_ENCRYPTED_ERROR = -4 , HS_DESC_DECODE_SUPERENC_ERROR = -3 , HS_DESC_DECODE_PLAINTEXT_ERROR = -2 , HS_DESC_DECODE_GENERIC_ERROR = -1 , HS_DESC_DECODE_OK = 0 } |
Header file for hs_descriptor.c.
Definition in file hs_descriptor.h.
#define HS_DESC_AUTH_CLIENT_MULTIPLE 16 |
The number of auth client entries in the descriptor must be the multiple of this constant.
Definition at line 66 of file hs_descriptor.h.
#define hs_desc_authorized_client_free | ( | client | ) |
Definition at line 300 of file hs_descriptor.h.
#define HS_DESC_CERT_LIFETIME (54 * 60 * 60) |
Lifetime of certificate in the descriptor. This defines the lifetime of the descriptor signing key and the cross certification cert of that key. It is set to 54 hours because a descriptor can be around for 48 hours and because consensuses are used after the hour, add an extra 6 hours to give some time for the service to stop using it.
Definition at line 38 of file hs_descriptor.h.
#define HS_DESC_CLIENT_ID_LEN 8 |
Length of each components in the auth client section in the descriptor.
Definition at line 58 of file hs_descriptor.h.
#define HS_DESC_DEFAULT_LIFETIME (3 * 60 * 60) |
Default lifetime of a descriptor in seconds. The valus is set at 3 hours which is 180 minutes or 10800 seconds.
Definition at line 29 of file hs_descriptor.h.
#define HS_DESC_ENCRYPTED_KDF_OUTPUT_LEN CIPHER256_KEY_LEN + CIPHER_IV_LEN + DIGEST256_LEN |
Length of the KDF output value which is the length of the secret key, the secret IV and MAC key length which is the length of H() output.
Definition at line 43 of file hs_descriptor.h.
#define HS_DESC_ENCRYPTED_KEY_LEN CIPHER256_KEY_LEN |
Key length for the descriptor symmetric encryption. As specified in the protocol, we use AES-256 for the encrypted section of the descriptor. The following is the length in bytes and the bit size.
Definition at line 54 of file hs_descriptor.h.
#define HS_DESC_ENCRYPTED_SALT_LEN 16 |
Length of the salt needed for the encrypted section of a descriptor.
Definition at line 40 of file hs_descriptor.h.
#define HS_DESC_MAX_LEN 50000 /* 50kb max size */ |
Maximum length in bytes of a full hidden service descriptor.
Definition at line 49 of file hs_descriptor.h.
#define HS_DESC_MAX_LIFETIME (12 * 60 * 60) |
Maximum lifetime of a descriptor in seconds. The value is set at 12 hours which is 720 minutes or 43200 seconds.
Definition at line 32 of file hs_descriptor.h.
#define HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE 10000 |
Pad plaintext of superencrypted data section before encryption so that its length is a multiple of this value.
Definition at line 47 of file hs_descriptor.h.
#define hs_desc_superencrypted_data_free | ( | desc | ) |
Definition at line 265 of file hs_descriptor.h.
#define HS_DESC_SUPPORTED_FORMAT_VERSION_MAX 3 |
The latest descriptor format version we support.
Definition at line 25 of file hs_descriptor.h.
#define HS_DESC_SUPPORTED_FORMAT_VERSION_MIN 3 |
The earliest descriptor format version we support.
Definition at line 23 of file hs_descriptor.h.
enum hs_desc_auth_type_t |
Type of authentication in the descriptor.
Definition at line 69 of file hs_descriptor.h.
Error code when decoding a descriptor.
Definition at line 74 of file hs_descriptor.h.
void hs_desc_authorized_client_free_ | ( | hs_desc_authorized_client_t * | client | ) |
Free an authoriezd client object.
Definition at line 2939 of file hs_descriptor.c.
void hs_desc_build_authorized_client | ( | const hs_subcredential_t * | subcredential, |
const curve25519_public_key_t * | client_auth_pk, | ||
const curve25519_secret_key_t * | auth_ephemeral_sk, | ||
const uint8_t * | descriptor_cookie, | ||
hs_desc_authorized_client_t * | client_out | ||
) |
Using the service's subcredential, client public key, auth ephemeral secret key, and descriptor cookie, build the auth client so we can then encode the descriptor for publication. client_out must be already allocated.
Definition at line 2883 of file hs_descriptor.c.
hs_desc_authorized_client_t* hs_desc_build_fake_authorized_client | ( | void | ) |
Allocate and build a new fake client info for the descriptor. Return a newly allocated object. This can't fail.
Definition at line 2864 of file hs_descriptor.c.
int hs_desc_decode_descriptor | ( | const char * | encoded, |
const hs_subcredential_t * | subcredential, | ||
const curve25519_secret_key_t * | client_auth_sk, | ||
hs_descriptor_t ** | desc_out | ||
) |
Fully decode an encoded descriptor and set a newly allocated descriptor object in desc_out. Client secret key is used to decrypt the "encrypted" section if not NULL else it's ignored.
Return 0 on success. A negative value is returned on error and desc_out is set to NULL.
Definition at line 2570 of file hs_descriptor.c.
Referenced by hs_client_decode_descriptor(), and hs_desc_encode_descriptor().
int hs_desc_decode_encrypted | ( | const hs_descriptor_t * | desc, |
const curve25519_secret_key_t * | client_auth_sk, | ||
hs_desc_encrypted_data_t * | desc_encrypted | ||
) |
Decode the encrypted data section of the given descriptor and store the data in the given encrypted data object. Return 0 on success else a negative value on error.
Definition at line 2392 of file hs_descriptor.c.
int hs_desc_decode_plaintext | ( | const char * | encoded, |
hs_desc_plaintext_data_t * | plaintext | ||
) |
Fully decode the given descriptor plaintext and store the data in the plaintext data object.
Definition at line 2493 of file hs_descriptor.c.
int hs_desc_decode_superencrypted | ( | const hs_descriptor_t * | desc, |
hs_desc_superencrypted_data_t * | desc_superencrypted | ||
) |
Decode the superencrypted data section of the given descriptor and store the data in the given superencrypted data object.
Definition at line 2442 of file hs_descriptor.c.
int hs_desc_encode_descriptor | ( | const hs_descriptor_t * | desc, |
const ed25519_keypair_t * | signing_kp, | ||
const uint8_t * | descriptor_cookie, | ||
char ** | encoded_out | ||
) |
Encode the given descriptor desc including signing with the given key pair signing_kp and encrypting with the given descriptor cookie.
If the client authorization is enabled, descriptor_cookie must be the same as the one used to build hs_desc_authorized_client_t in the descriptor. Otherwise, it must be NULL. On success, encoded_out points to a newly allocated NUL terminated string that contains the encoded descriptor as a string.
Return 0 on success and encoded_out is a valid pointer. On error, -1 is returned and encoded_out is set to NULL.
Definition at line 2651 of file hs_descriptor.c.
Referenced by service_encode_descriptor().
void hs_desc_encrypted_data_free_ | ( | hs_desc_encrypted_data_t * | desc | ) |
Free the descriptor encrypted data object.
Definition at line 2768 of file hs_descriptor.c.
void hs_desc_encrypted_data_free_contents | ( | hs_desc_encrypted_data_t * | desc | ) |
Free the content of the encrypted section of a descriptor.
Definition at line 2732 of file hs_descriptor.c.
Referenced by hs_desc_encrypted_data_free_(), and hs_descriptor_free_().
void hs_desc_intro_point_free_ | ( | hs_desc_intro_point_t * | ip | ) |
Free a descriptor intro point object.
Definition at line 2844 of file hs_descriptor.c.
hs_desc_intro_point_t* hs_desc_intro_point_new | ( | void | ) |
Return a newly allocated descriptor intro point.
Definition at line 2835 of file hs_descriptor.c.
|
inlinestatic |
Return true iff the given descriptor format version is supported.
Definition at line 247 of file hs_descriptor.h.
Referenced by hs_cache_lookup_as_dir(), and hs_desc_encode_descriptor().
size_t hs_desc_obj_size | ( | const hs_descriptor_t * | data | ) |
Return the size in bytes of the given descriptor object. Used by OOM subsystem.
Definition at line 2823 of file hs_descriptor.c.
Referenced by cache_get_client_entry_size().
void hs_desc_plaintext_data_free_ | ( | hs_desc_plaintext_data_t * | desc | ) |
Free the descriptor plaintext data object.
Definition at line 2752 of file hs_descriptor.c.
void hs_desc_plaintext_data_free_contents | ( | hs_desc_plaintext_data_t * | desc | ) |
Free the content of the plaintext section of a descriptor.
Definition at line 2696 of file hs_descriptor.c.
Referenced by hs_desc_plaintext_data_free_(), and hs_descriptor_free_().
size_t hs_desc_plaintext_obj_size | ( | const hs_desc_plaintext_data_t * | data | ) |
Return the size in bytes of the given plaintext data object. A sizeof() is not enough because the object contains pointers and the encrypted blob. This is particularly useful for our OOM subsystem that tracks the HSDir cache size for instance.
Definition at line 2793 of file hs_descriptor.c.
Referenced by cache_get_dir_entry_size(), and hs_desc_obj_size().
void hs_desc_superencrypted_data_free_ | ( | hs_desc_superencrypted_data_t * | desc | ) |
Free the descriptor plaintext data object.
Definition at line 2760 of file hs_descriptor.c.
void hs_desc_superencrypted_data_free_contents | ( | hs_desc_superencrypted_data_t * | desc | ) |
Free the content of the superencrypted section of a descriptor.
Definition at line 2712 of file hs_descriptor.c.
Referenced by hs_desc_superencrypted_data_free_(), and hs_descriptor_free_().
void hs_descriptor_clear_intro_points | ( | hs_descriptor_t * | desc | ) |
From the given descriptor, remove and free every introduction point.
Definition at line 2946 of file hs_descriptor.c.
Referenced by build_desc_intro_points().
void hs_descriptor_free_ | ( | hs_descriptor_t * | desc | ) |
Free the given descriptor object.
Definition at line 2776 of file hs_descriptor.c.