Tor  0.4.5.0-alpha-dev
rendcommon.c
Go to the documentation of this file.
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2  * Copyright (c) 2007-2020, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4 
5 /**
6  * \file rendcommon.c
7  * \brief Rendezvous implementation: shared code between
8  * introducers, services, clients, and rendezvous points.
9  **/
10 
11 #define RENDCOMMON_PRIVATE
12 
13 #include "core/or/or.h"
14 #include "core/or/circuitbuild.h"
15 #include "core/or/circuitlist.h"
16 #include "core/or/circuituse.h"
17 #include "core/or/extendinfo.h"
18 #include "app/config/config.h"
22 #include "feature/hs/hs_client.h"
23 #include "feature/hs/hs_common.h"
28 #include "feature/rend/rendmid.h"
29 #include "feature/rend/rendparse.h"
31 #include "feature/stats/rephist.h"
33 #include "feature/relay/router.h"
36 
38 #include "core/or/crypt_path_st.h"
39 #include "core/or/extend_info_st.h"
46 
47 /** Return 0 if one and two are the same service ids, else -1 or 1 */
48 int
49 rend_cmp_service_ids(const char *one, const char *two)
50 {
51  return strcasecmp(one,two);
52 }
53 
54 /** Free the storage held by the service descriptor <b>desc</b>.
55  */
56 void
58 {
59  if (!desc)
60  return;
61  if (desc->pk)
62  crypto_pk_free(desc->pk);
63  if (desc->intro_nodes) {
65  rend_intro_point_free(intro););
66  smartlist_free(desc->intro_nodes);
67  }
68  if (desc->successful_uploads) {
69  SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c););
70  smartlist_free(desc->successful_uploads);
71  }
72  tor_free(desc);
73 }
74 
75 /** Length of the descriptor cookie that is used for versioned hidden
76  * service descriptors. */
77 #define REND_DESC_COOKIE_LEN 16
78 
79 /** Length of the replica number that is used to determine the secret ID
80  * part of versioned hidden service descriptors. */
81 #define REND_REPLICA_LEN 1
82 
83 /** Compute the descriptor ID for <b>service_id</b> of length
84  * <b>REND_SERVICE_ID_LEN</b> and <b>secret_id_part</b> of length
85  * <b>DIGEST_LEN</b>, and write it to <b>descriptor_id_out</b> of length
86  * <b>DIGEST_LEN</b>. */
87 void
88 rend_get_descriptor_id_bytes(char *descriptor_id_out,
89  const char *service_id,
90  const char *secret_id_part)
91 {
93  crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
94  crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
95  crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
96  crypto_digest_free(digest);
97 }
98 
99 /** Compute the secret ID part for time_period,
100  * a <b>descriptor_cookie</b> of length
101  * <b>REND_DESC_COOKIE_LEN</b> which may also be <b>NULL</b> if no
102  * descriptor_cookie shall be used, and <b>replica</b>, and write it to
103  * <b>secret_id_part</b> of length DIGEST_LEN. */
104 static void
105 get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
106  const char *descriptor_cookie, uint8_t replica)
107 {
109  time_period = htonl(time_period);
110  crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t));
111  if (descriptor_cookie) {
112  crypto_digest_add_bytes(digest, descriptor_cookie,
114  }
115  crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN);
116  crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN);
117  crypto_digest_free(digest);
118 }
119 
120 /** Return the time period for time <b>now</b> plus a potentially
121  * intended <b>deviation</b> of one or more periods, based on the first byte
122  * of <b>service_id</b>. */
123 static uint32_t
124 get_time_period(time_t now, uint8_t deviation, const char *service_id)
125 {
126  /* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY
127  * intervals that have passed since the epoch, offset slightly so that
128  * each service's time periods start and end at a fraction of that
129  * period based on their first byte. */
130  return (uint32_t)
131  (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
132  / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation;
133 }
134 
135 /** Compute the time in seconds that a descriptor that is generated
136  * <b>now</b> for <b>service_id</b> will be valid. */
137 static uint32_t
138 get_seconds_valid(time_t now, const char *service_id)
139 {
140  uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY -
141  ((uint32_t)
142  (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
144  return result;
145 }
146 
147 /** Compute the binary <b>desc_id_out</b> (DIGEST_LEN bytes long) for a given
148  * base32-encoded <b>service_id</b> and optional unencoded
149  * <b>descriptor_cookie</b> of length REND_DESC_COOKIE_LEN,
150  * at time <b>now</b> for replica number
151  * <b>replica</b>. <b>desc_id</b> needs to have <b>DIGEST_LEN</b> bytes
152  * free. Return 0 for success, -1 otherwise. */
153 int
154 rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
155  const char *descriptor_cookie, time_t now,
156  uint8_t replica)
157 {
158  char service_id_binary[REND_SERVICE_ID_LEN];
159  char secret_id_part[DIGEST_LEN];
160  uint32_t time_period;
161  if (!service_id ||
162  strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
163  log_warn(LD_REND, "Could not compute v2 descriptor ID: "
164  "Illegal service ID: %s",
165  safe_str(service_id));
166  return -1;
167  }
169  log_warn(LD_REND, "Could not compute v2 descriptor ID: "
170  "Replica number out of range: %d", replica);
171  return -1;
172  }
173  /* Convert service ID to binary. */
174  if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN,
175  service_id, REND_SERVICE_ID_LEN_BASE32) !=
177  log_warn(LD_REND, "Could not compute v2 descriptor ID: "
178  "Illegal characters or wrong length for service ID: %s",
179  safe_str_client(service_id));
180  return -1;
181  }
182  /* Calculate current time-period. */
183  time_period = get_time_period(now, 0, service_id_binary);
184  /* Calculate secret-id-part = h(time-period | desc-cookie | replica). */
185  get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
186  replica);
187  /* Calculate descriptor ID: H(permanent-id | secret-id-part) */
188  rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part);
189  return 0;
190 }
191 
192 /** Encode the introduction points in <b>desc</b> and write the result to a
193  * newly allocated string pointed to by <b>encoded</b>. Return 0 for
194  * success, -1 otherwise. */
195 static int
197 {
198  size_t unenc_len;
199  char *unenc = NULL;
200  size_t unenc_written = 0;
201  int i;
202  int r = -1;
203  /* Assemble unencrypted list of introduction points. */
204  unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */
205  unenc = tor_malloc_zero(unenc_len);
206  for (i = 0; i < smartlist_len(desc->intro_nodes); i++) {
207  char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1];
208  char *onion_key = NULL;
209  size_t onion_key_len;
210  crypto_pk_t *intro_key;
211  char *service_key = NULL;
212  char *address = NULL;
213  size_t service_key_len;
214  int res;
215  rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
216  /* Obtain extend info with introduction point details. */
217  extend_info_t *info = intro->extend_info;
218  /* Encode introduction point ID. */
219  base32_encode(id_base32, sizeof(id_base32),
220  info->identity_digest, DIGEST_LEN);
221  /* Encode onion key. */
222  if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key,
223  &onion_key_len) < 0) {
224  log_warn(LD_REND, "Could not write onion key.");
225  goto done;
226  }
227  /* Encode intro key. */
228  intro_key = intro->intro_key;
229  if (!intro_key ||
230  crypto_pk_write_public_key_to_string(intro_key, &service_key,
231  &service_key_len) < 0) {
232  log_warn(LD_REND, "Could not write intro key.");
233  tor_free(onion_key);
234  goto done;
235  }
236  /* Assemble everything for this introduction point. */
237  const tor_addr_port_t *orport = extend_info_get_orport(info, AF_INET);
238  IF_BUG_ONCE(!orport) {
239  /* There must be an IPv4 address for v2 hs. */
240  goto done;
241  }
242  address = tor_addr_to_str_dup(&orport->addr);
243  res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written,
244  "introduction-point %s\n"
245  "ip-address %s\n"
246  "onion-port %d\n"
247  "onion-key\n%s"
248  "service-key\n%s",
249  id_base32,
250  address,
251  orport->port,
252  onion_key,
253  service_key);
254  tor_free(address);
255  tor_free(onion_key);
256  tor_free(service_key);
257  if (res < 0) {
258  log_warn(LD_REND, "Not enough space for writing introduction point "
259  "string.");
260  goto done;
261  }
262  /* Update total number of written bytes for unencrypted intro points. */
263  unenc_written += res;
264  }
265  /* Finalize unencrypted introduction points. */
266  if (unenc_len < unenc_written + 2) {
267  log_warn(LD_REND, "Not enough space for finalizing introduction point "
268  "string.");
269  goto done;
270  }
271  unenc[unenc_written++] = '\n';
272  unenc[unenc_written++] = 0;
273  *encoded = unenc;
274  r = 0;
275  done:
276  if (r<0)
277  tor_free(unenc);
278  return r;
279 }
280 
281 /** Encrypt the encoded introduction points in <b>encoded</b> using
282  * authorization type 'basic' with <b>client_cookies</b> and write the
283  * result to a newly allocated string pointed to by <b>encrypted_out</b> of
284  * length <b>encrypted_len_out</b>. Return 0 for success, -1 otherwise. */
285 static int
287  size_t *encrypted_len_out,
288  const char *encoded,
289  smartlist_t *client_cookies)
290 {
291  int r = -1, i, pos, enclen, client_blocks;
292  size_t len, client_entries_len;
293  char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL,
294  session_key[CIPHER_KEY_LEN];
295  smartlist_t *encrypted_session_keys = NULL;
296  crypto_digest_t *digest;
297  crypto_cipher_t *cipher;
298  tor_assert(encoded);
299  tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
300 
301  /* Generate session key. */
302  crypto_rand(session_key, CIPHER_KEY_LEN);
303 
304  /* Determine length of encrypted introduction points including session
305  * keys. */
306  client_blocks = 1 + ((smartlist_len(client_cookies) - 1) /
308  client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
310  len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded);
311  if (client_blocks >= 256) {
312  log_warn(LD_REND, "Too many clients in introduction point string.");
313  goto done;
314  }
315  enc = tor_malloc_zero(len);
316  enc[0] = 0x01; /* type of authorization. */
317  enc[1] = (uint8_t)client_blocks;
318 
319  /* Encrypt with random session key. */
320  enclen = crypto_cipher_encrypt_with_iv(session_key,
321  enc + 2 + client_entries_len,
322  CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
323 
324  if (enclen < 0) {
325  log_warn(LD_REND, "Could not encrypt introduction point string.");
326  goto done;
327  }
328  memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN);
329 
330  /* Encrypt session key for cookies, determine client IDs, and put both
331  * in a smartlist. */
332  encrypted_session_keys = smartlist_new();
333  SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
334  client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
335  /* Encrypt session key. */
336  cipher = crypto_cipher_new(cookie);
337  if (crypto_cipher_encrypt(cipher, client_part +
339  session_key, CIPHER_KEY_LEN) < 0) {
340  log_warn(LD_REND, "Could not encrypt session key for client.");
341  crypto_cipher_free(cipher);
342  tor_free(client_part);
343  goto done;
344  }
345  crypto_cipher_free(cipher);
346 
347  /* Determine client ID. */
348  digest = crypto_digest_new();
351  crypto_digest_get_digest(digest, client_part,
353  crypto_digest_free(digest);
354 
355  /* Put both together. */
356  smartlist_add(encrypted_session_keys, client_part);
357  } SMARTLIST_FOREACH_END(cookie);
358 
359  /* Add some fake client IDs and encrypted session keys. */
360  for (i = (smartlist_len(client_cookies) - 1) %
362  i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) {
363  client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
365  smartlist_add(encrypted_session_keys, client_part);
366  }
367  /* Sort smartlist and put elements in result in order. */
368  smartlist_sort_digests(encrypted_session_keys);
369  pos = 2;
370  SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, {
371  memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
373  });
374  *encrypted_out = enc;
375  *encrypted_len_out = len;
376  enc = NULL; /* prevent free. */
377  r = 0;
378  done:
379  tor_free(enc);
380  if (encrypted_session_keys) {
381  SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d););
382  smartlist_free(encrypted_session_keys);
383  }
384  return r;
385 }
386 
387 /** Encrypt the encoded introduction points in <b>encoded</b> using
388  * authorization type 'stealth' with <b>descriptor_cookie</b> of length
389  * REND_DESC_COOKIE_LEN and write the result to a newly allocated string
390  * pointed to by <b>encrypted_out</b> of length <b>encrypted_len_out</b>.
391  * Return 0 for success, -1 otherwise. */
392 static int
394  size_t *encrypted_len_out,
395  const char *encoded,
396  const char *descriptor_cookie)
397 {
398  int r = -1, enclen;
399  char *enc;
400  tor_assert(encoded);
401  tor_assert(descriptor_cookie);
402 
403  enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded));
404  enc[0] = 0x02; /* Auth type */
405  enclen = crypto_cipher_encrypt_with_iv(descriptor_cookie,
406  enc + 1,
407  CIPHER_IV_LEN+strlen(encoded),
408  encoded, strlen(encoded));
409  if (enclen < 0) {
410  log_warn(LD_REND, "Could not encrypt introduction point string.");
411  goto done;
412  }
413  *encrypted_out = enc;
414  *encrypted_len_out = enclen;
415  enc = NULL; /* prevent free */
416  r = 0;
417  done:
418  tor_free(enc);
419  return r;
420 }
421 
422 /** Attempt to parse the given <b>desc_str</b> and return true if this
423  * succeeds, false otherwise. */
424 STATIC int
426 {
427  rend_service_descriptor_t *test_parsed = NULL;
428  char test_desc_id[DIGEST_LEN];
429  char *test_intro_content = NULL;
430  size_t test_intro_size;
431  size_t test_encoded_size;
432  const char *test_next;
433  int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id,
434  &test_intro_content,
435  &test_intro_size,
436  &test_encoded_size,
437  &test_next, desc->desc_str, 1);
438  rend_service_descriptor_free(test_parsed);
439  tor_free(test_intro_content);
440  return (res >= 0);
441 }
442 
443 /** Free the storage held by an encoded v2 service descriptor. */
444 void
447 {
448  if (!desc)
449  return;
450  tor_free(desc->desc_str);
451  tor_free(desc);
452 }
453 
454 /** Free the storage held by an introduction point info. */
455 void
457 {
458  if (!intro)
459  return;
460 
461  extend_info_free(intro->extend_info);
462  crypto_pk_free(intro->intro_key);
463 
464  if (intro->accepted_intro_rsa_parts != NULL) {
466  }
467 
468  tor_free(intro);
469 }
470 
471 /** Encode a set of rend_encoded_v2_service_descriptor_t's for <b>desc</b>
472  * at time <b>now</b> using <b>service_key</b>, depending on
473  * <b>auth_type</b> a <b>descriptor_cookie</b> and a list of
474  * <b>client_cookies</b> (which are both <b>NULL</b> if no client
475  * authorization is performed), and <b>period</b> (e.g. 0 for the current
476  * period, 1 for the next period, etc.) and add them to the existing list
477  * <b>descs_out</b>; return the number of seconds that the descriptors will
478  * be found by clients, or -1 if the encoding was not successful. */
479 int
481  rend_service_descriptor_t *desc, time_t now,
482  uint8_t period, rend_auth_type_t auth_type,
483  crypto_pk_t *client_key,
484  smartlist_t *client_cookies)
485 {
486  char service_id[DIGEST_LEN];
487  char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1];
488  uint32_t time_period;
489  char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL,
490  *descriptor_cookie = NULL;
491  size_t ipos_len = 0, ipos_encrypted_len = 0;
492  int k;
493  uint32_t seconds_valid;
494  crypto_pk_t *service_key;
495  if (!desc) {
496  log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
497  return -1;
498  }
499  service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk;
500  tor_assert(service_key);
501  if (auth_type == REND_STEALTH_AUTH) {
502  descriptor_cookie = smartlist_get(client_cookies, 0);
503  tor_assert(descriptor_cookie);
504  }
505  /* Obtain service_id from public key. */
506  if (crypto_pk_get_digest(service_key, service_id) < 0) {
507  log_warn(LD_BUG, "Couldn't compute service key digest.");
508  return -1;
509  }
510  /* Calculate current time-period. */
511  time_period = get_time_period(now, period, service_id);
512  /* Determine how many seconds the descriptor will be valid. */
513  seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY +
514  get_seconds_valid(now, service_id);
515  /* Assemble, possibly encrypt, and encode introduction points. */
516  if (smartlist_len(desc->intro_nodes) > 0) {
517  if (rend_encode_v2_intro_points(&ipos, desc) < 0) {
518  log_warn(LD_REND, "Encoding of introduction points did not succeed.");
519  return -1;
520  }
521  switch (auth_type) {
522  case REND_NO_AUTH:
523  ipos_len = strlen(ipos);
524  break;
525  case REND_BASIC_AUTH:
526  if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted,
527  &ipos_encrypted_len, ipos,
528  client_cookies) < 0) {
529  log_warn(LD_REND, "Encrypting of introduction points did not "
530  "succeed.");
531  tor_free(ipos);
532  return -1;
533  }
534  tor_free(ipos);
535  ipos = ipos_encrypted;
536  ipos_len = ipos_encrypted_len;
537  break;
538  case REND_STEALTH_AUTH:
539  if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted,
540  &ipos_encrypted_len, ipos,
541  descriptor_cookie) < 0) {
542  log_warn(LD_REND, "Encrypting of introduction points did not "
543  "succeed.");
544  tor_free(ipos);
545  return -1;
546  }
547  tor_free(ipos);
548  ipos = ipos_encrypted;
549  ipos_len = ipos_encrypted_len;
550  break;
551  default:
552  log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d",
553  (int)auth_type);
554  tor_free(ipos);
555  return -1;
556  }
557  /* Base64-encode introduction points. */
558  ipos_base64 = tor_calloc(ipos_len, 2);
559  if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len,
560  BASE64_ENCODE_MULTILINE)<0) {
561  log_warn(LD_REND, "Could not encode introduction point string to "
562  "base64. length=%d", (int)ipos_len);
563  tor_free(ipos_base64);
564  tor_free(ipos);
565  return -1;
566  }
567  tor_free(ipos);
568  }
569  /* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */
570  for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) {
571  char secret_id_part[DIGEST_LEN];
572  char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1];
573  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
574  char *permanent_key = NULL;
575  size_t permanent_key_len;
576  char published[ISO_TIME_LEN+1];
577  int i;
578  char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */
579  size_t protocol_versions_written;
580  size_t desc_len;
581  char *desc_str = NULL;
582  int result = 0;
583  size_t written = 0;
584  char desc_digest[DIGEST_LEN];
586  tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
587  /* Calculate secret-id-part = h(time-period | cookie | replica). */
588  get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
589  k);
590  base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32),
591  secret_id_part, DIGEST_LEN);
592  /* Calculate descriptor ID. */
593  rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part);
594  base32_encode(desc_id_base32, sizeof(desc_id_base32),
595  enc->desc_id, DIGEST_LEN);
596  /* PEM-encode the public key */
597  if (crypto_pk_write_public_key_to_string(service_key, &permanent_key,
598  &permanent_key_len) < 0) {
599  log_warn(LD_BUG, "Could not write public key to string.");
600  rend_encoded_v2_service_descriptor_free(enc);
601  goto err;
602  }
603  /* Encode timestamp. */
604  format_iso_time(published, desc->timestamp);
605  /* Write protocol-versions bitmask to comma-separated value string. */
606  protocol_versions_written = 0;
607  for (i = 0; i < 8; i++) {
608  if (desc->protocols & 1 << i) {
609  tor_snprintf(protocol_versions_string + protocol_versions_written,
610  16 - protocol_versions_written, "%d,", i);
611  protocol_versions_written += 2;
612  }
613  }
614  if (protocol_versions_written)
615  protocol_versions_string[protocol_versions_written - 1] = '\0';
616  else
617  protocol_versions_string[0]= '\0';
618  /* Assemble complete descriptor. */
619  desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long,
620  but okay.*/
621  enc->desc_str = desc_str = tor_malloc_zero(desc_len);
622  result = tor_snprintf(desc_str, desc_len,
623  "rendezvous-service-descriptor %s\n"
624  "version 2\n"
625  "permanent-key\n%s"
626  "secret-id-part %s\n"
627  "publication-time %s\n"
628  "protocol-versions %s\n",
629  desc_id_base32,
630  permanent_key,
631  secret_id_part_base32,
632  published,
633  protocol_versions_string);
634  tor_free(permanent_key);
635  if (result < 0) {
636  log_warn(LD_BUG, "Descriptor ran out of room.");
637  rend_encoded_v2_service_descriptor_free(enc);
638  goto err;
639  }
640  written = result;
641  /* Add introduction points. */
642  if (ipos_base64) {
643  result = tor_snprintf(desc_str + written, desc_len - written,
644  "introduction-points\n"
645  "-----BEGIN MESSAGE-----\n%s"
646  "-----END MESSAGE-----\n",
647  ipos_base64);
648  if (result < 0) {
649  log_warn(LD_BUG, "could not write introduction points.");
650  rend_encoded_v2_service_descriptor_free(enc);
651  goto err;
652  }
653  written += result;
654  }
655  /* Add signature. */
656  strlcpy(desc_str + written, "signature\n", desc_len - written);
657  written += strlen(desc_str + written);
658  if (crypto_digest(desc_digest, desc_str, written) < 0) {
659  log_warn(LD_BUG, "could not create digest.");
660  rend_encoded_v2_service_descriptor_free(enc);
661  goto err;
662  }
663  if (router_append_dirobj_signature(desc_str + written,
664  desc_len - written,
665  desc_digest, DIGEST_LEN,
666  service_key) < 0) {
667  log_warn(LD_BUG, "Couldn't sign desc.");
668  rend_encoded_v2_service_descriptor_free(enc);
669  goto err;
670  }
671  written += strlen(desc_str+written);
672  if (written+2 > desc_len) {
673  log_warn(LD_BUG, "Could not finish desc.");
674  rend_encoded_v2_service_descriptor_free(enc);
675  goto err;
676  }
677  desc_str[written++] = 0;
678  /* Check if we can parse our own descriptor. */
679  if (!rend_desc_v2_is_parsable(enc)) {
680  log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str);
681  rend_encoded_v2_service_descriptor_free(enc);
682  goto err;
683  }
684  smartlist_add(descs_out, enc);
685  /* Add the uploaded descriptor to the local service's descriptor cache */
687  base32_encode(service_id_base32, sizeof(service_id_base32),
688  service_id, REND_SERVICE_ID_LEN);
689  control_event_hs_descriptor_created(service_id_base32, desc_id_base32, k);
690  }
691 
692  log_info(LD_REND, "Successfully encoded a v2 descriptor and "
693  "confirmed that it is parsable.");
694  goto done;
695 
696  err:
698  rend_encoded_v2_service_descriptor_free(d););
699  smartlist_clear(descs_out);
700  seconds_valid = -1;
701 
702  done:
703  tor_free(ipos_base64);
704  return seconds_valid;
705 }
706 
707 /** Sets <b>out</b> to the first 10 bytes of the digest of <b>pk</b>,
708  * base32 encoded. NUL-terminates out. (We use this string to
709  * identify services in directory requests and .onion URLs.)
710  */
711 int
713 {
714  char buf[DIGEST_LEN];
715  tor_assert(pk);
716  if (crypto_pk_get_digest(pk, buf) < 0)
717  return -1;
719  return 0;
720 }
721 
722 /** Return true iff <b>query</b> is a syntactically valid service ID (as
723  * generated by rend_get_service_id). */
724 int
725 rend_valid_v2_service_id(const char *query)
726 {
727  if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
728  return 0;
729 
730  if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
731  return 0;
732 
733  return 1;
734 }
735 
736 /** Return true iff <b>query</b> is a syntactically valid descriptor ID.
737  * (as generated by rend_get_descriptor_id_bytes). */
738 int
739 rend_valid_descriptor_id(const char *query)
740 {
741  if (strlen(query) != REND_DESC_ID_V2_LEN_BASE32) {
742  goto invalid;
743  }
744  if (strspn(query, BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) {
745  goto invalid;
746  }
747 
748  return 1;
749 
750  invalid:
751  return 0;
752 }
753 
754 /** Return true iff <b>client_name</b> is a syntactically valid name
755  * for rendezvous client authentication. */
756 int
757 rend_valid_client_name(const char *client_name)
758 {
759  size_t len = strlen(client_name);
760  if (len < 1 || len > REND_CLIENTNAME_MAX_LEN) {
761  return 0;
762  }
763  if (strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) {
764  return 0;
765  }
766 
767  return 1;
768 }
769 
770 /** Called when we get a rendezvous-related relay cell on circuit
771  * <b>circ</b>. Dispatch on rendezvous relay command. */
772 void
774  int command, size_t length,
775  const uint8_t *payload)
776 {
777  or_circuit_t *or_circ = NULL;
778  origin_circuit_t *origin_circ = NULL;
779  int r = -2;
780  if (CIRCUIT_IS_ORIGIN(circ)) {
781  origin_circ = TO_ORIGIN_CIRCUIT(circ);
782  if (!layer_hint || layer_hint != origin_circ->cpath->prev) {
783  log_fn(LOG_PROTOCOL_WARN, LD_APP,
784  "Relay cell (rend purpose %d) from wrong hop on origin circ",
785  command);
786  origin_circ = NULL;
787  }
788  } else {
789  or_circ = TO_OR_CIRCUIT(circ);
790  }
791 
792  switch (command) {
793  case RELAY_COMMAND_ESTABLISH_INTRO:
794  if (or_circ)
795  r = hs_intro_received_establish_intro(or_circ, payload, length);
796  break;
797  case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
798  if (or_circ)
799  r = rend_mid_establish_rendezvous(or_circ, payload, length);
800  break;
801  case RELAY_COMMAND_INTRODUCE1:
802  if (or_circ)
803  r = hs_intro_received_introduce1(or_circ, payload, length);
804  break;
805  case RELAY_COMMAND_INTRODUCE2:
806  if (origin_circ)
807  r = hs_service_receive_introduce2(origin_circ, payload, length);
808  break;
809  case RELAY_COMMAND_INTRODUCE_ACK:
810  if (origin_circ)
811  r = hs_client_receive_introduce_ack(origin_circ, payload, length);
812  break;
813  case RELAY_COMMAND_RENDEZVOUS1:
814  if (or_circ)
815  r = rend_mid_rendezvous(or_circ, payload, length);
816  break;
817  case RELAY_COMMAND_RENDEZVOUS2:
818  if (origin_circ)
819  r = hs_client_receive_rendezvous2(origin_circ, payload, length);
820  break;
821  case RELAY_COMMAND_INTRO_ESTABLISHED:
822  if (origin_circ)
823  r = hs_service_receive_intro_established(origin_circ, payload, length);
824  break;
825  case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
826  if (origin_circ)
827  r = hs_client_receive_rendezvous_acked(origin_circ, payload, length);
828  break;
829  default:
831  }
832 
833  if (r == 0 && origin_circ) {
834  /* This was a valid cell. Count it as delivered + overhead. */
835  circuit_read_valid_data(origin_circ, length);
836  }
837 
838  if (r == -2)
839  log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
840  command);
841 }
842 
843 /** Determine the routers that are responsible for <b>id</b> (binary) and
844  * add pointers to those routers' routerstatus_t to <b>responsible_dirs</b>.
845  * Return -1 if we're returning an empty smartlist, else return 0.
846  */
847 int
849  const char *id)
850 {
851  int start, found, n_added = 0, i;
853  if (!c || !smartlist_len(c->routerstatus_list)) {
854  log_info(LD_REND, "We don't have a consensus, so we can't perform v2 "
855  "rendezvous operations.");
856  return -1;
857  }
858  tor_assert(id);
859  start = networkstatus_vote_find_entry_idx(c, id, &found);
860  if (start == smartlist_len(c->routerstatus_list)) start = 0;
861  i = start;
862  do {
863  routerstatus_t *r = smartlist_get(c->routerstatus_list, i);
864  if (r->is_hs_dir) {
865  smartlist_add(responsible_dirs, r);
866  if (++n_added == REND_NUMBER_OF_CONSECUTIVE_REPLICAS)
867  return 0;
868  }
869  if (++i == smartlist_len(c->routerstatus_list))
870  i = 0;
871  } while (i != start);
872 
873  /* Even though we don't have the desired number of hidden service
874  * directories, be happy if we got any. */
875  return smartlist_len(responsible_dirs) ? 0 : -1;
876 }
877 
878 /* Length of the 'extended' auth cookie used to encode auth type before
879  * base64 encoding. */
880 #define REND_DESC_COOKIE_LEN_EXT (REND_DESC_COOKIE_LEN + 1)
881 /* Length of the zero-padded auth cookie when base64 encoded. These two
882  * padding bytes always (A=) are stripped off of the returned cookie. */
883 #define REND_DESC_COOKIE_LEN_EXT_BASE64 (REND_DESC_COOKIE_LEN_BASE64 + 2)
884 
885 /** Encode a client authorization descriptor cookie.
886  * The result of this function is suitable for use in the HidServAuth
887  * option. The trailing padding characters are removed, and the
888  * auth type is encoded into the cookie.
889  *
890  * Returns a new base64-encoded cookie. This function cannot fail.
891  * The caller is responsible for freeing the returned value.
892  */
893 char *
894 rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type)
895 {
896  uint8_t extended_cookie[REND_DESC_COOKIE_LEN_EXT];
897  char *cookie_out = tor_malloc_zero(REND_DESC_COOKIE_LEN_EXT_BASE64 + 1);
898  int re;
899 
900  tor_assert(cookie_in);
901 
902  memcpy(extended_cookie, cookie_in, REND_DESC_COOKIE_LEN);
903  extended_cookie[REND_DESC_COOKIE_LEN] = ((int)auth_type - 1) << 4;
904  re = base64_encode(cookie_out, REND_DESC_COOKIE_LEN_EXT_BASE64 + 1,
905  (const char *) extended_cookie, REND_DESC_COOKIE_LEN_EXT,
906  0);
907  tor_assert(re == REND_DESC_COOKIE_LEN_EXT_BASE64);
908 
909  /* Remove the trailing 'A='. Auth type is encoded in the high bits
910  * of the last byte, so the last base64 character will always be zero
911  * (A). This is subtly different behavior from base64_encode_nopad. */
912  cookie_out[REND_DESC_COOKIE_LEN_BASE64] = '\0';
913  memwipe(extended_cookie, 0, sizeof(extended_cookie));
914  return cookie_out;
915 }
916 
917 /** Decode a base64-encoded client authorization descriptor cookie.
918  * The descriptor_cookie can be truncated to REND_DESC_COOKIE_LEN_BASE64
919  * characters (as given to clients), or may include the two padding
920  * characters (as stored by the service).
921  *
922  * The result is stored in REND_DESC_COOKIE_LEN bytes of cookie_out.
923  * The rend_auth_type_t decoded from the cookie is stored in the
924  * optional auth_type_out parameter.
925  *
926  * Return 0 on success, or -1 on error. The caller is responsible for
927  * freeing the returned err_msg.
928  */
929 int
930 rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out,
931  rend_auth_type_t *auth_type_out, char **err_msg_out)
932 {
933  uint8_t descriptor_cookie_decoded[REND_DESC_COOKIE_LEN_EXT + 1] = { 0 };
934  char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_EXT_BASE64 + 1];
935  const char *descriptor_cookie = cookie_in;
936  char *err_msg = NULL;
937  int auth_type_val = 0;
938  int res = -1;
939  int decoded_len;
940 
941  size_t len = strlen(descriptor_cookie);
942  if (len == REND_DESC_COOKIE_LEN_BASE64) {
943  /* Add a trailing zero byte to make base64-decoding happy. */
944  tor_snprintf(descriptor_cookie_base64ext,
945  sizeof(descriptor_cookie_base64ext),
946  "%sA=", descriptor_cookie);
947  descriptor_cookie = descriptor_cookie_base64ext;
948  } else if (len != REND_DESC_COOKIE_LEN_EXT_BASE64) {
949  tor_asprintf(&err_msg, "Authorization cookie has wrong length: %s",
950  escaped(cookie_in));
951  goto err;
952  }
953 
954  decoded_len = base64_decode((char *) descriptor_cookie_decoded,
955  sizeof(descriptor_cookie_decoded),
956  descriptor_cookie,
957  REND_DESC_COOKIE_LEN_EXT_BASE64);
958  if (decoded_len != REND_DESC_COOKIE_LEN &&
959  decoded_len != REND_DESC_COOKIE_LEN_EXT) {
960  tor_asprintf(&err_msg, "Authorization cookie has invalid characters: %s",
961  escaped(cookie_in));
962  goto err;
963  }
964 
965  if (auth_type_out) {
966  auth_type_val = (descriptor_cookie_decoded[REND_DESC_COOKIE_LEN] >> 4) + 1;
967  if (auth_type_val < 1 || auth_type_val > 2) {
968  tor_asprintf(&err_msg, "Authorization cookie type is unknown: %s",
969  escaped(cookie_in));
970  goto err;
971  }
972  *auth_type_out = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH;
973  }
974 
975  memcpy(cookie_out, descriptor_cookie_decoded, REND_DESC_COOKIE_LEN);
976  res = 0;
977  err:
978  if (err_msg_out) {
979  *err_msg_out = err_msg;
980  } else {
981  tor_free(err_msg);
982  }
983  memwipe(descriptor_cookie_decoded, 0, sizeof(descriptor_cookie_decoded));
984  memwipe(descriptor_cookie_base64ext, 0, sizeof(descriptor_cookie_base64ext));
985  return res;
986 }
987 
988 /* Is this a rend client or server that allows direct (non-anonymous)
989  * connections?
990  * Onion services can be configured to start in this mode for single onion. */
991 int
992 rend_allow_non_anonymous_connection(const or_options_t* options)
993 {
994  return rend_service_allow_non_anonymous_connection(options);
995 }
996 
997 /* Is this a rend client or server in non-anonymous mode?
998  * Onion services can be configured to start in this mode for single onion. */
999 int
1000 rend_non_anonymous_mode_enabled(const or_options_t *options)
1001 {
1002  return rend_service_non_anonymous_mode_enabled(options);
1003 }
1004 
1005 /* Make sure that tor only builds one-hop circuits when they would not
1006  * compromise user anonymity.
1007  *
1008  * One-hop circuits are permitted in Single Onion modes.
1009  *
1010  * Single Onion modes are also allowed to make multi-hop circuits.
1011  * For example, single onion HSDir circuits are 3-hop to prevent denial of
1012  * service.
1013  */
1014 void
1015 assert_circ_anonymity_ok(const origin_circuit_t *circ,
1016  const or_options_t *options)
1017 {
1018  tor_assert(options);
1019  tor_assert(circ);
1020  tor_assert(circ->build_state);
1021 
1022  if (circ->build_state->onehop_tunnel) {
1023  tor_assert(rend_allow_non_anonymous_connection(options));
1024  }
1025 }
1026 
1027 /* Return 1 iff the given <b>digest</b> of a permenanent hidden service key is
1028  * equal to the digest in the origin circuit <b>ocirc</b> of its rend data .
1029  * If the rend data doesn't exist, 0 is returned. This function is agnostic to
1030  * the rend data version. */
1031 int
1032 rend_circuit_pk_digest_eq(const origin_circuit_t *ocirc,
1033  const uint8_t *digest)
1034 {
1035  size_t rend_pk_digest_len;
1036  const uint8_t *rend_pk_digest;
1037 
1038  tor_assert(ocirc);
1039  tor_assert(digest);
1040 
1041  if (ocirc->rend_data == NULL) {
1042  goto no_match;
1043  }
1044 
1045  rend_pk_digest = rend_data_get_pk_digest(ocirc->rend_data,
1046  &rend_pk_digest_len);
1047  if (tor_memeq(rend_pk_digest, digest, rend_pk_digest_len)) {
1048  goto match;
1049  }
1050  no_match:
1051  return 0;
1052  match:
1053  return 1;
1054 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:287
tor_free
#define tor_free(p)
Definition: malloc.h:52
rend_intro_point_t::intro_key
struct crypto_pk_t * intro_key
Definition: rend_intro_point_st.h:24
get_secret_id_part_bytes
static void get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period, const char *descriptor_cookie, uint8_t replica)
Definition: rendcommon.c:105
rend_encoded_v2_service_descriptor_t::desc_str
char * desc_str
Definition: rend_encoded_v2_service_descriptor_st.h:18
hs_service_receive_introduce2
int hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3951
memwipe
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
extend_info_t::onion_key
crypto_pk_t * onion_key
Definition: extend_info_st.h:38
REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:349
hs_client_receive_introduce_ack
int hs_client_receive_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2438
rend_valid_client_name
int rend_valid_client_name(const char *client_name)
Definition: rendcommon.c:757
rend_service_descriptor_st.h
Parsed v2 HS descriptor structure.
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
rendparse.h
Header file for rendparse.c.
LD_BUG
#define LD_BUG
Definition: log.h:86
router.h
Header file for router.c.
cpath_build_state_st.h
Circuit-build-stse structure.
format_iso_time
void format_iso_time(char *buf, time_t t)
Definition: time_fmt.c:295
rend_process_relay_cell
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload)
Definition: rendcommon.c:773
circuituse.h
Header file for circuituse.c.
REND_TIME_PERIOD_V2_DESC_VALIDITY
#define REND_TIME_PERIOD_V2_DESC_VALIDITY
Definition: or.h:341
tor_fragile_assert
#define tor_fragile_assert()
Definition: util_bug.h:259
rend_encrypt_v2_intro_points_stealth
static int rend_encrypt_v2_intro_points_stealth(char **encrypted_out, size_t *encrypted_len_out, const char *encoded, const char *descriptor_cookie)
Definition: rendcommon.c:393
rend_auth_type_t
rend_auth_type_t
Definition: or.h:403
REND_LEGAL_CLIENTNAME_CHARACTERS
#define REND_LEGAL_CLIENTNAME_CHARACTERS
Definition: or.h:392
hs_service_receive_intro_established
int hs_service_receive_intro_established(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_service.c:3983
REND_SERVICE_ID_LEN_BASE32
#define REND_SERVICE_ID_LEN_BASE32
Definition: or.h:332
rend_encrypt_v2_intro_points_basic
static int rend_encrypt_v2_intro_points_basic(char **encrypted_out, size_t *encrypted_len_out, const char *encoded, smartlist_t *client_cookies)
Definition: rendcommon.c:286
rend_cache_store_v2_desc_as_service
int rend_cache_store_v2_desc_as_service(const char *desc)
Definition: rendcache.c:755
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
rend_encoded_v2_service_descriptor_st.h
Encoded v2 HS descriptor structure.
rend_mid_establish_rendezvous
int rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: rendmid.c:234
REND_CLIENTNAME_MAX_LEN
#define REND_CLIENTNAME_MAX_LEN
Definition: or.h:396
routerstatus_t
Definition: routerstatus_st.h:19
rend_auth_encode_cookie
char * rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type)
Definition: rendcommon.c:894
crypto_cipher_encrypt
int crypto_cipher_encrypt(crypto_cipher_t *env, char *to, const char *from, size_t fromlen)
Definition: crypto_cipher.c:88
rend_service_descriptor_t
Definition: rend_service_descriptor_st.h:19
REND_BASIC_AUTH_CLIENT_ID_LEN
#define REND_BASIC_AUTH_CLIENT_ID_LEN
Definition: or.h:375
crypto_digest_add_bytes
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
Definition: crypto_digest_nss.c:308
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
REND_BASIC_AUTH_CLIENT_MULTIPLE
#define REND_BASIC_AUTH_CLIENT_MULTIPLE
Definition: or.h:380
base64_encode
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
crypto_digest_t
Definition: crypto_digest_nss.c:166
crypto_digest
int crypto_digest(char *digest, const char *m, size_t len)
Definition: crypto_digest_nss.c:110
tor_snprintf
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
CIRCUIT_IS_ORIGIN
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:146
rend_intro_point_st.h
v2 hidden service introduction point structure.
crypt_path_t
Definition: crypt_path_st.h:47
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
hs_client_receive_rendezvous2
int hs_client_receive_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2467
base32_decode
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
networkstatus.h
Header file for networkstatus.c.
hs_client.h
Header file containing client data for the HS subsytem.
replaycache_free
#define replaycache_free(r)
Definition: replaycache.h:42
tor_memeq
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
base32_encode
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
crypto_util.h
Common functions for cryptographic routines.
hs_client_receive_rendezvous_acked
int hs_client_receive_rendezvous_acked(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_client.c:2127
rend_intro_point_t::accepted_intro_rsa_parts
struct replaycache_t * accepted_intro_rsa_parts
Definition: rend_intro_point_st.h:46
REND_DESC_ID_V2_LEN_BASE32
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:355
REND_REPLICA_LEN
#define REND_REPLICA_LEN
Definition: rendcommon.c:81
rend_intro_point_t::extend_info
extend_info_t * extend_info
Definition: rend_intro_point_st.h:22
circuitlist.h
Header file for circuitlist.c.
crypt_path_st.h
Path structures for origin circuits.
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
get_seconds_valid
static uint32_t get_seconds_valid(time_t now, const char *service_id)
Definition: rendcommon.c:138
rend_cmp_service_ids
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:49
get_time_period
static uint32_t get_time_period(time_t now, uint8_t deviation, const char *service_id)
Definition: rendcommon.c:124
replaycache.h
Header file for replaycache.c.
rend_get_descriptor_id_bytes
void rend_get_descriptor_id_bytes(char *descriptor_id_out, const char *service_id, const char *secret_id_part)
Definition: rendcommon.c:88
tor_addr_port_t
Definition: address.h:81
REND_INTRO_POINT_ID_LEN_BASE32
#define REND_INTRO_POINT_ID_LEN_BASE32
Definition: or.h:363
networkstatus_get_latest_consensus
networkstatus_t * networkstatus_get_latest_consensus(void)
Definition: networkstatus.c:1390
origin_circuit_t
Definition: origin_circuit_st.h:79
rend_desc_v2_is_parsable
STATIC int rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc)
Definition: rendcommon.c:425
cpath_build_state_t::onehop_tunnel
unsigned int onehop_tunnel
Definition: cpath_build_state_st.h:32
REND_DESC_COOKIE_LEN
#define REND_DESC_COOKIE_LEN
Definition: rendcommon.c:77
crypto_pk_get_digest
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
rend_service_descriptor_t::pk
crypto_pk_t * pk
Definition: rend_service_descriptor_st.h:20
LD_REND
#define LD_REND
Definition: log.h:84
escaped
const char * escaped(const char *s)
Definition: escape.c:126
rendmid.h
Header file for rendmid.c.
circuit_t
Definition: circuit_st.h:61
rend_valid_v2_service_id
int rend_valid_v2_service_id(const char *query)
Definition: rendcommon.c:725
hs_intro_received_introduce1
int hs_intro_received_introduce1(or_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: hs_intropoint.c:772
routerlist.h
Header file for routerlist.c.
rend_valid_descriptor_id
int rend_valid_descriptor_id(const char *query)
Definition: rendcommon.c:739
rend_encoded_v2_service_descriptor_free_
void rend_encoded_v2_service_descriptor_free_(rend_encoded_v2_service_descriptor_t *desc)
Definition: rendcommon.c:445
rendservice.h
Header file for rendservice.c.
BASE32_CHARS
#define BASE32_CHARS
Definition: binascii.h:53
extendinfo.h
Header for core/or/extendinfo.c.
rend_service_descriptor_free_
void rend_service_descriptor_free_(rend_service_descriptor_t *desc)
Definition: rendcommon.c:57
tor_addr_to_str_dup
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1164
control_event_hs_descriptor_created
void control_event_hs_descriptor_created(const char *onion_address, const char *desc_id, int replica)
Definition: control_events.c:1984
networkstatus_t::routerstatus_list
smartlist_t * routerstatus_list
Definition: networkstatus_st.h:96
REND_DESC_COOKIE_LEN_BASE64
#define REND_DESC_COOKIE_LEN_BASE64
Definition: or.h:371
command
tor_cmdline_mode_t command
Definition: config.c:2447
crypto_rand.h
Common functions for using (pseudo-)random number generators.
rend_encode_v2_intro_points
static int rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc)
Definition: rendcommon.c:196
control_events.h
Header file for control_events.c.
origin_circuit_t::build_state
cpath_build_state_t * build_state
Definition: origin_circuit_st.h:123
rend_intro_point_t
Definition: rend_intro_point_st.h:21
REND_BASIC_AUTH_CLIENT_ENTRY_LEN
#define REND_BASIC_AUTH_CLIENT_ENTRY_LEN
Definition: or.h:384
circuitbuild.h
Header file for circuitbuild.c.
crypto_cipher_new
crypto_cipher_t * crypto_cipher_new(const char *key)
Definition: crypto_cipher.c:65
rend_service_descriptor_t::intro_nodes
smartlist_t * intro_nodes
Definition: rend_service_descriptor_st.h:28
smartlist_clear
void smartlist_clear(smartlist_t *sl)
Definition: smartlist_core.c:50
rend_encoded_v2_service_descriptor_t
Definition: rend_encoded_v2_service_descriptor_st.h:16
rend_service_descriptor_t::timestamp
time_t timestamp
Definition: rend_service_descriptor_st.h:22
crypto_digest_free
#define crypto_digest_free(d)
Definition: crypto_digest.h:130
REND_SERVICE_ID_LEN
#define REND_SERVICE_ID_LEN
Definition: or.h:338
extend_info_st.h
Extend-info structure.
routerstatus_st.h
Routerstatus (consensus entry) structure.
hs_common.h
Header file containing common data for the whole HS subsytem.
signing.h
Header file for signing.c.
origin_circuit_t::cpath
crypt_path_t * cpath
Definition: origin_circuit_st.h:129
hs_intro_received_establish_intro
int hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: hs_intropoint.c:500
IF_BUG_ONCE
#define IF_BUG_ONCE(cond)
Definition: util_bug.h:246
TO_ORIGIN_CIRCUIT
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:168
rend_parse_v2_service_descriptor
int rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, char *desc_id_out, char **intro_points_encrypted_out, size_t *intro_points_encrypted_size_out, size_t *encoded_size_out, const char **next_out, const char *desc, int as_hsdir)
Definition: rendparse.c:73
extend_info_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: extend_info_st.h:31
rend_intro_point_free_
void rend_intro_point_free_(rend_intro_point_t *intro)
Definition: rendcommon.c:456
crypt_path_t::prev
struct crypt_path_t * prev
Definition: crypt_path_st.h:75
crypto_cipher_encrypt_with_iv
int crypto_cipher_encrypt_with_iv(const char *key, char *to, size_t tolen, const char *from, size_t fromlen)
Definition: crypto_cipher.c:138
rend_auth_decode_cookie
int rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out, rend_auth_type_t *auth_type_out, char **err_msg_out)
Definition: rendcommon.c:930
tor_asprintf
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
origin_circuit_t::rend_data
rend_data_t * rend_data
Definition: origin_circuit_st.h:132
rend_encode_v2_descriptors
int rend_encode_v2_descriptors(smartlist_t *descs_out, rend_service_descriptor_t *desc, time_t now, uint8_t period, rend_auth_type_t auth_type, crypto_pk_t *client_key, smartlist_t *client_cookies)
Definition: rendcommon.c:480
smartlist_sort_digests
void smartlist_sort_digests(smartlist_t *sl)
Definition: smartlist.c:824
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
crypto_pk_t
Definition: crypto_rsa_nss.c:37
circuit_read_valid_data
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3208
networkstatus_vote_find_entry_idx
int networkstatus_vote_find_entry_idx(networkstatus_t *ns, const char *digest, int *found_out)
Definition: networkstatus.c:735
hs_intropoint.h
Header file for hs_intropoint.c.
base64_decode
int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:396
crypto_pk_write_public_key_to_string
int crypto_pk_write_public_key_to_string(crypto_pk_t *env, char **dest, size_t *len)
Definition: crypto_rsa.c:466
or_circuit_t
Definition: or_circuit_st.h:21
LD_APP
#define LD_APP
Definition: log.h:78
rend_encoded_v2_service_descriptor_t::desc_id
char desc_id[DIGEST_LEN]
Definition: rend_encoded_v2_service_descriptor_st.h:17
config.h
Header file for config.c.
crypto_digest_new
crypto_digest_t * crypto_digest_new(void)
Definition: crypto_digest_nss.c:260
REND_SECRET_ID_PART_LEN_BASE32
#define REND_SECRET_ID_PART_LEN_BASE32
Definition: or.h:359
hid_serv_get_responsible_directories
int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs, const char *id)
Definition: rendcommon.c:848
rend_mid_rendezvous
int rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: rendmid.c:307
CIPHER_KEY_LEN
#define CIPHER_KEY_LEN
Definition: crypto_cipher.h:22
extend_info_get_orport
const tor_addr_port_t * extend_info_get_orport(const extend_info_t *ei, int family)
Definition: extendinfo.c:263
or_options_t
Definition: or_options_st.h:45
crypto_rand
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:477
STATIC
#define STATIC
Definition: testsupport.h:32
routerstatus_t::is_hs_dir
unsigned int is_hs_dir
Definition: routerstatus_st.h:54
router_append_dirobj_signature
int router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest, size_t digest_len, crypto_pk_t *private_key)
Definition: signing.c:79
rend_service_descriptor_t::successful_uploads
smartlist_t * successful_uploads
Definition: rend_service_descriptor_st.h:35
REND_NUMBER_OF_CONSECUTIVE_REPLICAS
#define REND_NUMBER_OF_CONSECUTIVE_REPLICAS
Definition: or.h:352
networkstatus_st.h
Networkstatus consensus/vote structure.
TO_OR_CIRCUIT
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:156
networkstatus_t
Definition: networkstatus_st.h:26
origin_circuit_st.h
Origin circuit structure.
smartlist_t
Definition: smartlist_core.h:26
rendclient.h
Header file for rendclient.c.
crypto_digest_get_digest
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Definition: crypto_digest_nss.c:348
rendcommon.h
Header file for rendcommon.c.
rend_data_get_pk_digest
const uint8_t * rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
Definition: hs_common.c:569
rephist.h
Header file for rephist.c.
rend_service_descriptor_t::protocols
unsigned protocols
Definition: rend_service_descriptor_st.h:25
CIPHER_IV_LEN
#define CIPHER_IV_LEN
Definition: crypto_cipher.h:24
extend_info_t
Definition: extend_info_st.h:27
rend_get_service_id
int rend_get_service_id(crypto_pk_t *pk, char *out)
Definition: rendcommon.c:712
or.h
Master header file for Tor-specific functionality.
rend_compute_v2_desc_id
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:154
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72