9 #ifndef TOR_HS_DESCRIPTOR_H
10 #define TOR_HS_DESCRIPTOR_H
15 #include "trunnel/ed25519_cert.h"
20 struct link_specifier_t;
23 #define HS_DESC_SUPPORTED_FORMAT_VERSION_MIN 3
25 #define HS_DESC_SUPPORTED_FORMAT_VERSION_MAX 3
29 #define HS_DESC_DEFAULT_LIFETIME (3 * 60 * 60)
32 #define HS_DESC_MAX_LIFETIME (12 * 60 * 60)
38 #define HS_DESC_CERT_LIFETIME (54 * 60 * 60)
40 #define HS_DESC_ENCRYPTED_SALT_LEN 16
43 #define HS_DESC_ENCRYPTED_KDF_OUTPUT_LEN \
44 CIPHER256_KEY_LEN + CIPHER_IV_LEN + DIGEST256_LEN
47 #define HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE 10000
49 #define HS_DESC_MAX_LEN 50000
54 #define HS_DESC_ENCRYPTED_KEY_LEN CIPHER256_KEY_LEN
55 #define HS_DESC_ENCRYPTED_BIT_SIZE (HS_DESC_ENCRYPTED_KEY_LEN * 8)
58 #define HS_DESC_CLIENT_ID_LEN 8
59 #define HS_DESC_DESCRIPTOR_COOKIE_LEN 16
60 #define HS_DESC_COOKIE_KEY_LEN 32
61 #define HS_DESC_COOKIE_KEY_BIT_SIZE (HS_DESC_COOKIE_KEY_LEN * 8)
62 #define HS_DESC_ENCRYPED_COOKIE_LEN HS_DESC_DESCRIPTOR_COOKIE_LEN
66 #define HS_DESC_AUTH_CLIENT_MULTIPLE 16
70 HS_DESC_AUTH_ED25519 = 1
77 HS_DESC_DECODE_BAD_CLIENT_AUTH = -6,
80 HS_DESC_DECODE_NEED_CLIENT_AUTH = -5,
83 HS_DESC_DECODE_ENCRYPTED_ERROR = -4,
86 HS_DESC_DECODE_SUPERENC_ERROR = -3,
89 HS_DESC_DECODE_PLAINTEXT_ERROR = -2,
92 HS_DESC_DECODE_GENERIC_ERROR = -1,
95 HS_DESC_DECODE_OK = 0,
259 #define hs_descriptor_free(desc) \
260 FREE_AND_NULL(hs_descriptor_t, hs_descriptor_free_, (desc))
262 #define hs_desc_plaintext_data_free(desc) \
263 FREE_AND_NULL(hs_desc_plaintext_data_t, hs_desc_plaintext_data_free_, (desc))
265 #define hs_desc_superencrypted_data_free(desc) \
266 FREE_AND_NULL(hs_desc_superencrypted_data_t, \
267 hs_desc_superencrypted_data_free_, (desc))
269 #define hs_desc_encrypted_data_free(desc) \
270 FREE_AND_NULL(hs_desc_encrypted_data_t, hs_desc_encrypted_data_free_, (desc))
277 const uint8_t *descriptor_cookie,
278 char **encoded_out));
297 #define hs_desc_intro_point_free(ip) \
298 FREE_AND_NULL(hs_desc_intro_point_t, hs_desc_intro_point_free_, (ip))
300 #define hs_desc_authorized_client_free(client) \
301 FREE_AND_NULL(hs_desc_authorized_client_t, \
302 hs_desc_authorized_client_free_, (client))
311 const uint8_t *descriptor_cookie,
318 #ifdef HS_DESCRIPTOR_PRIVATE
323 size_t plaintext_len,
324 uint8_t **padded_out);
332 const char *log_obj_type);
335 const char *encoded_desc,
size_t encoded_len);
338 const uint8_t *descriptor_cookie,
339 bool is_superencrypted_layer,
340 char **decrypted_out));
STATIC smartlist_t * decode_link_specifiers(const char *encoded)
STATIC int desc_sig_is_valid(const char *b64_sig, const ed25519_public_key_t *signing_pubkey, const char *encoded_desc, size_t encoded_len)
STATIC size_t decrypt_desc_layer(const hs_descriptor_t *desc, const uint8_t *descriptor_cookie, bool is_superencrypted_layer, char **decrypted_out)
STATIC char * encode_link_specifiers(const smartlist_t *specs)
STATIC size_t build_plaintext_padding(const char *plaintext, size_t plaintext_len, uint8_t **padded_out)
STATIC int encrypted_data_length_is_valid(size_t len)
STATIC int cert_is_valid(tor_cert_t *cert, uint8_t type, const char *log_obj_type)
STATIC hs_desc_intro_point_t * decode_introduction_point(const hs_descriptor_t *desc, const char *start)
hs_desc_intro_point_t * hs_desc_intro_point_new(void)
void hs_desc_superencrypted_data_free_contents(hs_desc_superencrypted_data_t *desc)
hs_desc_authorized_client_t * hs_desc_build_fake_authorized_client(void)
#define HS_DESC_CLIENT_ID_LEN
int hs_desc_encode_descriptor(const hs_descriptor_t *desc, const ed25519_keypair_t *signing_kp, const uint8_t *descriptor_cookie, char **encoded_out)
void hs_desc_plaintext_data_free_(hs_desc_plaintext_data_t *desc)
size_t hs_desc_plaintext_obj_size(const hs_desc_plaintext_data_t *data)
size_t hs_desc_obj_size(const hs_descriptor_t *data)
int hs_desc_decode_superencrypted(const hs_descriptor_t *desc, hs_desc_superencrypted_data_t *desc_out)
int hs_desc_decode_plaintext(const char *encoded, hs_desc_plaintext_data_t *plaintext)
#define HS_DESC_SUPPORTED_FORMAT_VERSION_MAX
void hs_desc_intro_point_free_(hs_desc_intro_point_t *ip)
void hs_descriptor_free_(hs_descriptor_t *desc)
#define HS_DESC_SUPPORTED_FORMAT_VERSION_MIN
void hs_desc_plaintext_data_free_contents(hs_desc_plaintext_data_t *desc)
void hs_desc_encrypted_data_free_contents(hs_desc_encrypted_data_t *desc)
int hs_desc_decode_encrypted(const hs_descriptor_t *desc, const curve25519_secret_key_t *client_auth_sk, hs_desc_encrypted_data_t *desc_out)
void hs_desc_build_authorized_client(const hs_subcredential_t *subcredential, const curve25519_public_key_t *client_auth_pk, const curve25519_secret_key_t *auth_ephemeral_sk, const uint8_t *descriptor_cookie, hs_desc_authorized_client_t *client_out)
static int hs_desc_is_supported_version(uint32_t version)
void hs_desc_superencrypted_data_free_(hs_desc_superencrypted_data_t *desc)
int hs_desc_decode_descriptor(const char *encoded, const hs_subcredential_t *subcredential, const curve25519_secret_key_t *client_auth_sk, hs_descriptor_t **desc_out)
void hs_desc_encrypted_data_free_(hs_desc_encrypted_data_t *desc)
void hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
void hs_desc_authorized_client_free_(hs_desc_authorized_client_t *client)
Master header file for Tor-specific functionality.
uint8_t iv[CIPHER_IV_LEN]
uint8_t encrypted_cookie[HS_DESC_ENCRYPED_COOKIE_LEN]
uint8_t client_id[HS_DESC_CLIENT_ID_LEN]
smartlist_t * intro_auth_types
unsigned int single_onion_service
smartlist_t * intro_points
unsigned int create2_ntor
unsigned int cross_certified
struct hs_desc_intro_point_t::@16 legacy
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * enc_key_cert
tor_cert_t * auth_key_cert
struct hs_desc_intro_point_t::@16::@17 cert
smartlist_t * link_specifiers
uint64_t revision_counter
size_t superencrypted_blob_size
tor_cert_t * signing_key_cert
ed25519_public_key_t signing_pubkey
ed25519_public_key_t blinded_pubkey
uint8_t * superencrypted_blob
curve25519_public_key_t auth_ephemeral_pubkey
size_t encrypted_blob_size
hs_desc_encrypted_data_t encrypted_data
hs_desc_superencrypted_data_t superencrypted_data
hs_subcredential_t subcredential
hs_desc_plaintext_data_t plaintext_data
#define MOCK_DECL(rv, funcname, arglist)