tor  0.4.0.1-alpha
rendcommon.c
Go to the documentation of this file.
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2  * Copyright (c) 2007-2019, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4 
11 #define RENDCOMMON_PRIVATE
12 
13 #include "core/or/or.h"
14 #include "core/or/circuitbuild.h"
15 #include "core/or/circuitlist.h"
16 #include "core/or/circuituse.h"
17 #include "app/config/config.h"
21 #include "feature/hs/hs_client.h"
22 #include "feature/hs/hs_common.h"
27 #include "feature/rend/rendmid.h"
28 #include "feature/rend/rendparse.h"
30 #include "feature/stats/rephist.h"
32 #include "feature/relay/router.h"
35 
36 #include "core/or/cpath_build_state_st.h"
37 #include "core/or/crypt_path_st.h"
38 #include "core/or/extend_info_st.h"
39 #include "feature/nodelist/networkstatus_st.h"
40 #include "core/or/origin_circuit_st.h"
41 #include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
42 #include "feature/rend/rend_intro_point_st.h"
43 #include "feature/rend/rend_service_descriptor_st.h"
44 #include "feature/nodelist/routerstatus_st.h"
45 
47 int
48 rend_cmp_service_ids(const char *one, const char *two)
49 {
50  return strcasecmp(one,two);
51 }
52 
55 void
57 {
58  if (!desc)
59  return;
60  if (desc->pk)
61  crypto_pk_free(desc->pk);
62  if (desc->intro_nodes) {
64  rend_intro_point_free(intro););
65  smartlist_free(desc->intro_nodes);
66  }
67  if (desc->successful_uploads) {
68  SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c););
69  smartlist_free(desc->successful_uploads);
70  }
71  tor_free(desc);
72 }
73 
76 #define REND_DESC_COOKIE_LEN 16
77 
80 #define REND_REPLICA_LEN 1
81 
86 void
87 rend_get_descriptor_id_bytes(char *descriptor_id_out,
88  const char *service_id,
89  const char *secret_id_part)
90 {
92  crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
93  crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
94  crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
95  crypto_digest_free(digest);
96 }
97 
103 static void
104 get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
105  const char *descriptor_cookie, uint8_t replica)
106 {
108  time_period = htonl(time_period);
109  crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t));
110  if (descriptor_cookie) {
111  crypto_digest_add_bytes(digest, descriptor_cookie,
113  }
114  crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN);
115  crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN);
116  crypto_digest_free(digest);
117 }
118 
122 static uint32_t
123 get_time_period(time_t now, uint8_t deviation, const char *service_id)
124 {
125  /* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY
126  * intervals that have passed since the epoch, offset slightly so that
127  * each service's time periods start and end at a fraction of that
128  * period based on their first byte. */
129  return (uint32_t)
130  (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
131  / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation;
132 }
133 
136 static uint32_t
137 get_seconds_valid(time_t now, const char *service_id)
138 {
139  uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY -
140  ((uint32_t)
141  (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
143  return result;
144 }
145 
152 int
153 rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
154  const char *descriptor_cookie, time_t now,
155  uint8_t replica)
156 {
157  char service_id_binary[REND_SERVICE_ID_LEN];
158  char secret_id_part[DIGEST_LEN];
159  uint32_t time_period;
160  if (!service_id ||
161  strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
162  log_warn(LD_REND, "Could not compute v2 descriptor ID: "
163  "Illegal service ID: %s",
164  safe_str(service_id));
165  return -1;
166  }
168  log_warn(LD_REND, "Could not compute v2 descriptor ID: "
169  "Replica number out of range: %d", replica);
170  return -1;
171  }
172  /* Convert service ID to binary. */
173  if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN,
174  service_id, REND_SERVICE_ID_LEN_BASE32) < 0) {
175  log_warn(LD_REND, "Could not compute v2 descriptor ID: "
176  "Illegal characters in service ID: %s",
177  safe_str_client(service_id));
178  return -1;
179  }
180  /* Calculate current time-period. */
181  time_period = get_time_period(now, 0, service_id_binary);
182  /* Calculate secret-id-part = h(time-period | desc-cookie | replica). */
183  get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
184  replica);
185  /* Calculate descriptor ID: H(permanent-id | secret-id-part) */
186  rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part);
187  return 0;
188 }
189 
193 static int
195 {
196  size_t unenc_len;
197  char *unenc = NULL;
198  size_t unenc_written = 0;
199  int i;
200  int r = -1;
201  /* Assemble unencrypted list of introduction points. */
202  unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */
203  unenc = tor_malloc_zero(unenc_len);
204  for (i = 0; i < smartlist_len(desc->intro_nodes); i++) {
205  char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1];
206  char *onion_key = NULL;
207  size_t onion_key_len;
208  crypto_pk_t *intro_key;
209  char *service_key = NULL;
210  char *address = NULL;
211  size_t service_key_len;
212  int res;
213  rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
214  /* Obtain extend info with introduction point details. */
215  extend_info_t *info = intro->extend_info;
216  /* Encode introduction point ID. */
217  base32_encode(id_base32, sizeof(id_base32),
218  info->identity_digest, DIGEST_LEN);
219  /* Encode onion key. */
220  if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key,
221  &onion_key_len) < 0) {
222  log_warn(LD_REND, "Could not write onion key.");
223  goto done;
224  }
225  /* Encode intro key. */
226  intro_key = intro->intro_key;
227  if (!intro_key ||
228  crypto_pk_write_public_key_to_string(intro_key, &service_key,
229  &service_key_len) < 0) {
230  log_warn(LD_REND, "Could not write intro key.");
231  tor_free(onion_key);
232  goto done;
233  }
234  /* Assemble everything for this introduction point. */
235  address = tor_addr_to_str_dup(&info->addr);
236  res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written,
237  "introduction-point %s\n"
238  "ip-address %s\n"
239  "onion-port %d\n"
240  "onion-key\n%s"
241  "service-key\n%s",
242  id_base32,
243  address,
244  info->port,
245  onion_key,
246  service_key);
247  tor_free(address);
248  tor_free(onion_key);
249  tor_free(service_key);
250  if (res < 0) {
251  log_warn(LD_REND, "Not enough space for writing introduction point "
252  "string.");
253  goto done;
254  }
255  /* Update total number of written bytes for unencrypted intro points. */
256  unenc_written += res;
257  }
258  /* Finalize unencrypted introduction points. */
259  if (unenc_len < unenc_written + 2) {
260  log_warn(LD_REND, "Not enough space for finalizing introduction point "
261  "string.");
262  goto done;
263  }
264  unenc[unenc_written++] = '\n';
265  unenc[unenc_written++] = 0;
266  *encoded = unenc;
267  r = 0;
268  done:
269  if (r<0)
270  tor_free(unenc);
271  return r;
272 }
273 
278 static int
280  size_t *encrypted_len_out,
281  const char *encoded,
282  smartlist_t *client_cookies)
283 {
284  int r = -1, i, pos, enclen, client_blocks;
285  size_t len, client_entries_len;
286  char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL,
287  session_key[CIPHER_KEY_LEN];
288  smartlist_t *encrypted_session_keys = NULL;
289  crypto_digest_t *digest;
290  crypto_cipher_t *cipher;
291  tor_assert(encoded);
292  tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
293 
294  /* Generate session key. */
295  crypto_rand(session_key, CIPHER_KEY_LEN);
296 
297  /* Determine length of encrypted introduction points including session
298  * keys. */
299  client_blocks = 1 + ((smartlist_len(client_cookies) - 1) /
301  client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
303  len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded);
304  if (client_blocks >= 256) {
305  log_warn(LD_REND, "Too many clients in introduction point string.");
306  goto done;
307  }
308  enc = tor_malloc_zero(len);
309  enc[0] = 0x01; /* type of authorization. */
310  enc[1] = (uint8_t)client_blocks;
311 
312  /* Encrypt with random session key. */
313  enclen = crypto_cipher_encrypt_with_iv(session_key,
314  enc + 2 + client_entries_len,
315  CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
316 
317  if (enclen < 0) {
318  log_warn(LD_REND, "Could not encrypt introduction point string.");
319  goto done;
320  }
321  memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN);
322 
323  /* Encrypt session key for cookies, determine client IDs, and put both
324  * in a smartlist. */
325  encrypted_session_keys = smartlist_new();
326  SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
327  client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
328  /* Encrypt session key. */
329  cipher = crypto_cipher_new(cookie);
330  if (crypto_cipher_encrypt(cipher, client_part +
332  session_key, CIPHER_KEY_LEN) < 0) {
333  log_warn(LD_REND, "Could not encrypt session key for client.");
334  crypto_cipher_free(cipher);
335  tor_free(client_part);
336  goto done;
337  }
338  crypto_cipher_free(cipher);
339 
340  /* Determine client ID. */
341  digest = crypto_digest_new();
344  crypto_digest_get_digest(digest, client_part,
346  crypto_digest_free(digest);
347 
348  /* Put both together. */
349  smartlist_add(encrypted_session_keys, client_part);
350  } SMARTLIST_FOREACH_END(cookie);
351 
352  /* Add some fake client IDs and encrypted session keys. */
353  for (i = (smartlist_len(client_cookies) - 1) %
355  i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) {
356  client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
357  crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
358  smartlist_add(encrypted_session_keys, client_part);
359  }
360  /* Sort smartlist and put elements in result in order. */
361  smartlist_sort_digests(encrypted_session_keys);
362  pos = 2;
363  SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, {
364  memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
366  });
367  *encrypted_out = enc;
368  *encrypted_len_out = len;
369  enc = NULL; /* prevent free. */
370  r = 0;
371  done:
372  tor_free(enc);
373  if (encrypted_session_keys) {
374  SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d););
375  smartlist_free(encrypted_session_keys);
376  }
377  return r;
378 }
379 
385 static int
387  size_t *encrypted_len_out,
388  const char *encoded,
389  const char *descriptor_cookie)
390 {
391  int r = -1, enclen;
392  char *enc;
393  tor_assert(encoded);
394  tor_assert(descriptor_cookie);
395 
396  enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded));
397  enc[0] = 0x02; /* Auth type */
398  enclen = crypto_cipher_encrypt_with_iv(descriptor_cookie,
399  enc + 1,
400  CIPHER_IV_LEN+strlen(encoded),
401  encoded, strlen(encoded));
402  if (enclen < 0) {
403  log_warn(LD_REND, "Could not encrypt introduction point string.");
404  goto done;
405  }
406  *encrypted_out = enc;
407  *encrypted_len_out = enclen;
408  enc = NULL; /* prevent free */
409  r = 0;
410  done:
411  tor_free(enc);
412  return r;
413 }
414 
417 STATIC int
419 {
420  rend_service_descriptor_t *test_parsed = NULL;
421  char test_desc_id[DIGEST_LEN];
422  char *test_intro_content = NULL;
423  size_t test_intro_size;
424  size_t test_encoded_size;
425  const char *test_next;
426  int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id,
427  &test_intro_content,
428  &test_intro_size,
429  &test_encoded_size,
430  &test_next, desc->desc_str, 1);
431  rend_service_descriptor_free(test_parsed);
432  tor_free(test_intro_content);
433  return (res >= 0);
434 }
435 
437 void
440 {
441  if (!desc)
442  return;
443  tor_free(desc->desc_str);
444  tor_free(desc);
445 }
446 
448 void
450 {
451  if (!intro)
452  return;
453 
454  extend_info_free(intro->extend_info);
455  crypto_pk_free(intro->intro_key);
456 
457  if (intro->accepted_intro_rsa_parts != NULL) {
458  replaycache_free(intro->accepted_intro_rsa_parts);
459  }
460 
461  tor_free(intro);
462 }
463 
472 int
474  rend_service_descriptor_t *desc, time_t now,
475  uint8_t period, rend_auth_type_t auth_type,
476  crypto_pk_t *client_key,
477  smartlist_t *client_cookies)
478 {
479  char service_id[DIGEST_LEN];
480  char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1];
481  uint32_t time_period;
482  char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL,
483  *descriptor_cookie = NULL;
484  size_t ipos_len = 0, ipos_encrypted_len = 0;
485  int k;
486  uint32_t seconds_valid;
487  crypto_pk_t *service_key;
488  if (!desc) {
489  log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
490  return -1;
491  }
492  service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk;
493  tor_assert(service_key);
494  if (auth_type == REND_STEALTH_AUTH) {
495  descriptor_cookie = smartlist_get(client_cookies, 0);
496  tor_assert(descriptor_cookie);
497  }
498  /* Obtain service_id from public key. */
499  if (crypto_pk_get_digest(service_key, service_id) < 0) {
500  log_warn(LD_BUG, "Couldn't compute service key digest.");
501  return -1;
502  }
503  /* Calculate current time-period. */
504  time_period = get_time_period(now, period, service_id);
505  /* Determine how many seconds the descriptor will be valid. */
506  seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY +
507  get_seconds_valid(now, service_id);
508  /* Assemble, possibly encrypt, and encode introduction points. */
509  if (smartlist_len(desc->intro_nodes) > 0) {
510  if (rend_encode_v2_intro_points(&ipos, desc) < 0) {
511  log_warn(LD_REND, "Encoding of introduction points did not succeed.");
512  return -1;
513  }
514  switch (auth_type) {
515  case REND_NO_AUTH:
516  ipos_len = strlen(ipos);
517  break;
518  case REND_BASIC_AUTH:
519  if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted,
520  &ipos_encrypted_len, ipos,
521  client_cookies) < 0) {
522  log_warn(LD_REND, "Encrypting of introduction points did not "
523  "succeed.");
524  tor_free(ipos);
525  return -1;
526  }
527  tor_free(ipos);
528  ipos = ipos_encrypted;
529  ipos_len = ipos_encrypted_len;
530  break;
531  case REND_STEALTH_AUTH:
532  if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted,
533  &ipos_encrypted_len, ipos,
534  descriptor_cookie) < 0) {
535  log_warn(LD_REND, "Encrypting of introduction points did not "
536  "succeed.");
537  tor_free(ipos);
538  return -1;
539  }
540  tor_free(ipos);
541  ipos = ipos_encrypted;
542  ipos_len = ipos_encrypted_len;
543  break;
544  default:
545  log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d",
546  (int)auth_type);
547  tor_free(ipos);
548  return -1;
549  }
550  /* Base64-encode introduction points. */
551  ipos_base64 = tor_calloc(ipos_len, 2);
552  if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len,
553  BASE64_ENCODE_MULTILINE)<0) {
554  log_warn(LD_REND, "Could not encode introduction point string to "
555  "base64. length=%d", (int)ipos_len);
556  tor_free(ipos_base64);
557  tor_free(ipos);
558  return -1;
559  }
560  tor_free(ipos);
561  }
562  /* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */
563  for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) {
564  char secret_id_part[DIGEST_LEN];
565  char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1];
566  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
567  char *permanent_key = NULL;
568  size_t permanent_key_len;
569  char published[ISO_TIME_LEN+1];
570  int i;
571  char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */
572  size_t protocol_versions_written;
573  size_t desc_len;
574  char *desc_str = NULL;
575  int result = 0;
576  size_t written = 0;
577  char desc_digest[DIGEST_LEN];
579  tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
580  /* Calculate secret-id-part = h(time-period | cookie | replica). */
581  get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
582  k);
583  base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32),
584  secret_id_part, DIGEST_LEN);
585  /* Calculate descriptor ID. */
586  rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part);
587  base32_encode(desc_id_base32, sizeof(desc_id_base32),
588  enc->desc_id, DIGEST_LEN);
589  /* PEM-encode the public key */
590  if (crypto_pk_write_public_key_to_string(service_key, &permanent_key,
591  &permanent_key_len) < 0) {
592  log_warn(LD_BUG, "Could not write public key to string.");
593  rend_encoded_v2_service_descriptor_free(enc);
594  goto err;
595  }
596  /* Encode timestamp. */
597  format_iso_time(published, desc->timestamp);
598  /* Write protocol-versions bitmask to comma-separated value string. */
599  protocol_versions_written = 0;
600  for (i = 0; i < 8; i++) {
601  if (desc->protocols & 1 << i) {
602  tor_snprintf(protocol_versions_string + protocol_versions_written,
603  16 - protocol_versions_written, "%d,", i);
604  protocol_versions_written += 2;
605  }
606  }
607  if (protocol_versions_written)
608  protocol_versions_string[protocol_versions_written - 1] = '\0';
609  else
610  protocol_versions_string[0]= '\0';
611  /* Assemble complete descriptor. */
612  desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long,
613  but okay.*/
614  enc->desc_str = desc_str = tor_malloc_zero(desc_len);
615  result = tor_snprintf(desc_str, desc_len,
616  "rendezvous-service-descriptor %s\n"
617  "version 2\n"
618  "permanent-key\n%s"
619  "secret-id-part %s\n"
620  "publication-time %s\n"
621  "protocol-versions %s\n",
622  desc_id_base32,
623  permanent_key,
624  secret_id_part_base32,
625  published,
626  protocol_versions_string);
627  tor_free(permanent_key);
628  if (result < 0) {
629  log_warn(LD_BUG, "Descriptor ran out of room.");
630  rend_encoded_v2_service_descriptor_free(enc);
631  goto err;
632  }
633  written = result;
634  /* Add introduction points. */
635  if (ipos_base64) {
636  result = tor_snprintf(desc_str + written, desc_len - written,
637  "introduction-points\n"
638  "-----BEGIN MESSAGE-----\n%s"
639  "-----END MESSAGE-----\n",
640  ipos_base64);
641  if (result < 0) {
642  log_warn(LD_BUG, "could not write introduction points.");
643  rend_encoded_v2_service_descriptor_free(enc);
644  goto err;
645  }
646  written += result;
647  }
648  /* Add signature. */
649  strlcpy(desc_str + written, "signature\n", desc_len - written);
650  written += strlen(desc_str + written);
651  if (crypto_digest(desc_digest, desc_str, written) < 0) {
652  log_warn(LD_BUG, "could not create digest.");
653  rend_encoded_v2_service_descriptor_free(enc);
654  goto err;
655  }
656  if (router_append_dirobj_signature(desc_str + written,
657  desc_len - written,
658  desc_digest, DIGEST_LEN,
659  service_key) < 0) {
660  log_warn(LD_BUG, "Couldn't sign desc.");
661  rend_encoded_v2_service_descriptor_free(enc);
662  goto err;
663  }
664  written += strlen(desc_str+written);
665  if (written+2 > desc_len) {
666  log_warn(LD_BUG, "Could not finish desc.");
667  rend_encoded_v2_service_descriptor_free(enc);
668  goto err;
669  }
670  desc_str[written++] = 0;
671  /* Check if we can parse our own descriptor. */
672  if (!rend_desc_v2_is_parsable(enc)) {
673  log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str);
674  rend_encoded_v2_service_descriptor_free(enc);
675  goto err;
676  }
677  smartlist_add(descs_out, enc);
678  /* Add the uploaded descriptor to the local service's descriptor cache */
680  base32_encode(service_id_base32, sizeof(service_id_base32),
681  service_id, REND_SERVICE_ID_LEN);
682  control_event_hs_descriptor_created(service_id_base32, desc_id_base32, k);
683  }
684 
685  log_info(LD_REND, "Successfully encoded a v2 descriptor and "
686  "confirmed that it is parsable.");
687  goto done;
688 
689  err:
691  rend_encoded_v2_service_descriptor_free(d););
692  smartlist_clear(descs_out);
693  seconds_valid = -1;
694 
695  done:
696  tor_free(ipos_base64);
697  return seconds_valid;
698 }
699 
704 int
706 {
707  char buf[DIGEST_LEN];
708  tor_assert(pk);
709  if (crypto_pk_get_digest(pk, buf) < 0)
710  return -1;
712  return 0;
713 }
714 
717 int
718 rend_valid_v2_service_id(const char *query)
719 {
720  if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
721  return 0;
722 
723  if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
724  return 0;
725 
726  return 1;
727 }
728 
731 int
732 rend_valid_descriptor_id(const char *query)
733 {
734  if (strlen(query) != REND_DESC_ID_V2_LEN_BASE32) {
735  goto invalid;
736  }
737  if (strspn(query, BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) {
738  goto invalid;
739  }
740 
741  return 1;
742 
743  invalid:
744  return 0;
745 }
746 
749 int
750 rend_valid_client_name(const char *client_name)
751 {
752  size_t len = strlen(client_name);
753  if (len < 1 || len > REND_CLIENTNAME_MAX_LEN) {
754  return 0;
755  }
756  if (strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) {
757  return 0;
758  }
759 
760  return 1;
761 }
762 
765 void
767  int command, size_t length,
768  const uint8_t *payload)
769 {
770  or_circuit_t *or_circ = NULL;
771  origin_circuit_t *origin_circ = NULL;
772  int r = -2;
773  if (CIRCUIT_IS_ORIGIN(circ)) {
774  origin_circ = TO_ORIGIN_CIRCUIT(circ);
775  if (!layer_hint || layer_hint != origin_circ->cpath->prev) {
776  log_fn(LOG_PROTOCOL_WARN, LD_APP,
777  "Relay cell (rend purpose %d) from wrong hop on origin circ",
778  command);
779  origin_circ = NULL;
780  }
781  } else {
782  or_circ = TO_OR_CIRCUIT(circ);
783  }
784 
785  switch (command) {
786  case RELAY_COMMAND_ESTABLISH_INTRO:
787  if (or_circ)
788  r = hs_intro_received_establish_intro(or_circ,payload,length);
789  break;
790  case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
791  if (or_circ)
792  r = rend_mid_establish_rendezvous(or_circ,payload,length);
793  break;
794  case RELAY_COMMAND_INTRODUCE1:
795  if (or_circ)
796  r = hs_intro_received_introduce1(or_circ,payload,length);
797  break;
798  case RELAY_COMMAND_INTRODUCE2:
799  if (origin_circ)
800  r = hs_service_receive_introduce2(origin_circ,payload,length);
801  break;
802  case RELAY_COMMAND_INTRODUCE_ACK:
803  if (origin_circ)
804  r = hs_client_receive_introduce_ack(origin_circ,payload,length);
805  break;
806  case RELAY_COMMAND_RENDEZVOUS1:
807  if (or_circ)
808  r = rend_mid_rendezvous(or_circ,payload,length);
809  break;
810  case RELAY_COMMAND_RENDEZVOUS2:
811  if (origin_circ)
812  r = hs_client_receive_rendezvous2(origin_circ,payload,length);
813  break;
814  case RELAY_COMMAND_INTRO_ESTABLISHED:
815  if (origin_circ)
816  r = hs_service_receive_intro_established(origin_circ,payload,length);
817  break;
818  case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
819  if (origin_circ)
820  r = hs_client_receive_rendezvous_acked(origin_circ,payload,length);
821  break;
822  default:
824  }
825 
826  if (r == 0 && origin_circ) {
827  /* This was a valid cell. Count it as delivered + overhead. */
828  circuit_read_valid_data(origin_circ, length);
829  }
830 
831  if (r == -2)
832  log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
833  command);
834 }
835 
840 int
842  const char *id)
843 {
844  int start, found, n_added = 0, i;
845  networkstatus_t *c = networkstatus_get_latest_consensus();
846  if (!c || !smartlist_len(c->routerstatus_list)) {
847  log_info(LD_REND, "We don't have a consensus, so we can't perform v2 "
848  "rendezvous operations.");
849  return -1;
850  }
851  tor_assert(id);
852  start = networkstatus_vote_find_entry_idx(c, id, &found);
853  if (start == smartlist_len(c->routerstatus_list)) start = 0;
854  i = start;
855  do {
856  routerstatus_t *r = smartlist_get(c->routerstatus_list, i);
857  if (r->is_hs_dir) {
858  smartlist_add(responsible_dirs, r);
859  if (++n_added == REND_NUMBER_OF_CONSECUTIVE_REPLICAS)
860  return 0;
861  }
862  if (++i == smartlist_len(c->routerstatus_list))
863  i = 0;
864  } while (i != start);
865 
866  /* Even though we don't have the desired number of hidden service
867  * directories, be happy if we got any. */
868  return smartlist_len(responsible_dirs) ? 0 : -1;
869 }
870 
871 /* Length of the 'extended' auth cookie used to encode auth type before
872  * base64 encoding. */
873 #define REND_DESC_COOKIE_LEN_EXT (REND_DESC_COOKIE_LEN + 1)
874 /* Length of the zero-padded auth cookie when base64 encoded. These two
875  * padding bytes always (A=) are stripped off of the returned cookie. */
876 #define REND_DESC_COOKIE_LEN_EXT_BASE64 (REND_DESC_COOKIE_LEN_BASE64 + 2)
877 
886 char *
887 rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type)
888 {
889  uint8_t extended_cookie[REND_DESC_COOKIE_LEN_EXT];
890  char *cookie_out = tor_malloc_zero(REND_DESC_COOKIE_LEN_EXT_BASE64 + 1);
891  int re;
892 
893  tor_assert(cookie_in);
894 
895  memcpy(extended_cookie, cookie_in, REND_DESC_COOKIE_LEN);
896  extended_cookie[REND_DESC_COOKIE_LEN] = ((int)auth_type - 1) << 4;
897  re = base64_encode(cookie_out, REND_DESC_COOKIE_LEN_EXT_BASE64 + 1,
898  (const char *) extended_cookie, REND_DESC_COOKIE_LEN_EXT,
899  0);
900  tor_assert(re == REND_DESC_COOKIE_LEN_EXT_BASE64);
901 
902  /* Remove the trailing 'A='. Auth type is encoded in the high bits
903  * of the last byte, so the last base64 character will always be zero
904  * (A). This is subtly different behavior from base64_encode_nopad. */
905  cookie_out[REND_DESC_COOKIE_LEN_BASE64] = '\0';
906  memwipe(extended_cookie, 0, sizeof(extended_cookie));
907  return cookie_out;
908 }
909 
922 int
923 rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out,
924  rend_auth_type_t *auth_type_out, char **err_msg_out)
925 {
926  uint8_t descriptor_cookie_decoded[REND_DESC_COOKIE_LEN_EXT + 1] = { 0 };
927  char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_EXT_BASE64 + 1];
928  const char *descriptor_cookie = cookie_in;
929  char *err_msg = NULL;
930  int auth_type_val = 0;
931  int res = -1;
932  int decoded_len;
933 
934  size_t len = strlen(descriptor_cookie);
935  if (len == REND_DESC_COOKIE_LEN_BASE64) {
936  /* Add a trailing zero byte to make base64-decoding happy. */
937  tor_snprintf(descriptor_cookie_base64ext,
938  sizeof(descriptor_cookie_base64ext),
939  "%sA=", descriptor_cookie);
940  descriptor_cookie = descriptor_cookie_base64ext;
941  } else if (len != REND_DESC_COOKIE_LEN_EXT_BASE64) {
942  tor_asprintf(&err_msg, "Authorization cookie has wrong length: %s",
943  escaped(cookie_in));
944  goto err;
945  }
946 
947  decoded_len = base64_decode((char *) descriptor_cookie_decoded,
948  sizeof(descriptor_cookie_decoded),
949  descriptor_cookie,
950  REND_DESC_COOKIE_LEN_EXT_BASE64);
951  if (decoded_len != REND_DESC_COOKIE_LEN &&
952  decoded_len != REND_DESC_COOKIE_LEN_EXT) {
953  tor_asprintf(&err_msg, "Authorization cookie has invalid characters: %s",
954  escaped(cookie_in));
955  goto err;
956  }
957 
958  if (auth_type_out) {
959  auth_type_val = (descriptor_cookie_decoded[REND_DESC_COOKIE_LEN] >> 4) + 1;
960  if (auth_type_val < 1 || auth_type_val > 2) {
961  tor_asprintf(&err_msg, "Authorization cookie type is unknown: %s",
962  escaped(cookie_in));
963  goto err;
964  }
965  *auth_type_out = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH;
966  }
967 
968  memcpy(cookie_out, descriptor_cookie_decoded, REND_DESC_COOKIE_LEN);
969  res = 0;
970  err:
971  if (err_msg_out) {
972  *err_msg_out = err_msg;
973  } else {
974  tor_free(err_msg);
975  }
976  memwipe(descriptor_cookie_decoded, 0, sizeof(descriptor_cookie_decoded));
977  memwipe(descriptor_cookie_base64ext, 0, sizeof(descriptor_cookie_base64ext));
978  return res;
979 }
980 
981 /* Is this a rend client or server that allows direct (non-anonymous)
982  * connections?
983  * Onion services can be configured to start in this mode for single onion. */
984 int
985 rend_allow_non_anonymous_connection(const or_options_t* options)
986 {
987  return rend_service_allow_non_anonymous_connection(options);
988 }
989 
990 /* Is this a rend client or server in non-anonymous mode?
991  * Onion services can be configured to start in this mode for single onion. */
992 int
993 rend_non_anonymous_mode_enabled(const or_options_t *options)
994 {
995  return rend_service_non_anonymous_mode_enabled(options);
996 }
997 
998 /* Make sure that tor only builds one-hop circuits when they would not
999  * compromise user anonymity.
1000  *
1001  * One-hop circuits are permitted in Single Onion modes.
1002  *
1003  * Single Onion modes are also allowed to make multi-hop circuits.
1004  * For example, single onion HSDir circuits are 3-hop to prevent denial of
1005  * service.
1006  */
1007 void
1008 assert_circ_anonymity_ok(const origin_circuit_t *circ,
1009  const or_options_t *options)
1010 {
1011  tor_assert(options);
1012  tor_assert(circ);
1013  tor_assert(circ->build_state);
1014 
1015  if (circ->build_state->onehop_tunnel) {
1016  tor_assert(rend_allow_non_anonymous_connection(options));
1017  }
1018 }
1019 
1020 /* Return 1 iff the given <b>digest</b> of a permenanent hidden service key is
1021  * equal to the digest in the origin circuit <b>ocirc</b> of its rend data .
1022  * If the rend data doesn't exist, 0 is returned. This function is agnostic to
1023  * the rend data version. */
1024 int
1025 rend_circuit_pk_digest_eq(const origin_circuit_t *ocirc,
1026  const uint8_t *digest)
1027 {
1028  size_t rend_pk_digest_len;
1029  const uint8_t *rend_pk_digest;
1030 
1031  tor_assert(ocirc);
1032  tor_assert(digest);
1033 
1034  if (ocirc->rend_data == NULL) {
1035  goto no_match;
1036  }
1037 
1038  rend_pk_digest = rend_data_get_pk_digest(ocirc->rend_data,
1039  &rend_pk_digest_len);
1040  if (tor_memeq(rend_pk_digest, digest, rend_pk_digest_len)) {
1041  goto match;
1042  }
1043  no_match:
1044  return 0;
1045  match:
1046  return 1;
1047 }
Header file for rendcommon.c.
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
rend_data_t * rend_data
Header file containing common data for the whole HS subsytem.
#define REND_DESC_COOKIE_LEN
Definition: rendcommon.c:76
static int rend_encrypt_v2_intro_points_basic(char **encrypted_out, size_t *encrypted_len_out, const char *encoded, smartlist_t *client_cookies)
Definition: rendcommon.c:279
void control_event_hs_descriptor_created(const char *onion_address, const char *desc_id, int replica)
Definition: control.c:7221
int rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out, rend_auth_type_t *auth_type_out, char **err_msg_out)
Definition: rendcommon.c:923
Header file for signing.c.
Common functions for using (pseudo-)random number generators.
unsigned int is_hs_dir
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
int rend_valid_descriptor_id(const char *query)
Definition: rendcommon.c:732
static int rend_encrypt_v2_intro_points_stealth(char **encrypted_out, size_t *encrypted_len_out, const char *encoded, const char *descriptor_cookie)
Definition: rendcommon.c:386
Header file containing client data for the HS subsytem.
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:143
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:48
int crypto_cipher_encrypt(crypto_cipher_t *env, char *to, const char *from, size_t fromlen)
Definition: crypto_cipher.c:88
crypt_path_t * cpath
void smartlist_add(smartlist_t *sl, void *element)
crypto_digest_t * crypto_digest_new(void)
#define REND_DESC_COOKIE_LEN_BASE64
Definition: or.h:370
#define REND_SERVICE_ID_LEN
Definition: or.h:337
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, const char *descriptor_cookie, time_t now, uint8_t replica)
Definition: rendcommon.c:153
#define REND_DESC_ID_V2_LEN_BASE32
Definition: or.h:354
const char * safe_str_client(const char *address)
Definition: config.c:1059
Header file for config.c.
static uint32_t get_seconds_valid(time_t now, const char *service_id)
Definition: rendcommon.c:137
int crypto_pk_write_public_key_to_string(crypto_pk_t *env, char **dest, size_t *len)
Definition: crypto_rsa.c:461
#define REND_BASIC_AUTH_CLIENT_ID_LEN
Definition: or.h:374
Header file for replaycache.c.
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
#define tor_free(p)
Definition: malloc.h:52
#define tor_fragile_assert()
Definition: util_bug.h:221
#define CIPHER_KEY_LEN
Definition: crypto_cipher.h:22
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
int rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: rendmid.c:223
#define REND_CLIENTNAME_MAX_LEN
Definition: or.h:395
rend_auth_type_t
Definition: or.h:402
crypto_pk_t * onion_key
static int rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc)
Definition: rendcommon.c:194
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
Header file for rendmid.c.
#define REND_NUMBER_OF_CONSECUTIVE_REPLICAS
Definition: or.h:351
#define CIPHER_IV_LEN
Definition: crypto_cipher.h:24
#define LD_APP
Definition: log.h:74
extend_info_t * extend_info
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:90
Common functions for cryptographic routines.
tor_assert(buffer)
static uint32_t get_time_period(time_t now, uint8_t deviation, const char *service_id)
Definition: rendcommon.c:123
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
#define DIGEST_LEN
Definition: digest_sizes.h:20
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Master header file for Tor-specific functionality.
#define REND_BASIC_AUTH_CLIENT_ENTRY_LEN
Definition: or.h:383
Header file for circuitbuild.c.
#define REND_SECRET_ID_PART_LEN_BASE32
Definition: or.h:358
struct crypto_pk_t * intro_key
Header file for rephist.c.
int rend_valid_v2_service_id(const char *query)
Definition: rendcommon.c:718
static void get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period, const char *descriptor_cookie, uint8_t replica)
Definition: rendcommon.c:104
void rend_get_descriptor_id_bytes(char *descriptor_id_out, const char *service_id, const char *secret_id_part)
Definition: rendcommon.c:87
Header file for circuituse.c.
Header file for hs_intropoint.c.
char * rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type)
Definition: rendcommon.c:887
#define LD_REND
Definition: log.h:80
Header file for circuitlist.c.
Header file for rendservice.c.
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
Definition: or.h:348
int rend_valid_client_name(const char *client_name)
Definition: rendcommon.c:750
#define REND_INTRO_POINT_ID_LEN_BASE32
Definition: or.h:362
smartlist_t * routerstatus_list
STATIC int rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc)
Definition: rendcommon.c:418
int rend_encode_v2_descriptors(smartlist_t *descs_out, rend_service_descriptor_t *desc, time_t now, uint8_t period, rend_auth_type_t auth_type, crypto_pk_t *client_key, smartlist_t *client_cookies)
Definition: rendcommon.c:473
struct crypt_path_t * prev
Definition: crypt_path_st.h:61
cpath_build_state_t * build_state
void rend_encoded_v2_service_descriptor_free_(rend_encoded_v2_service_descriptor_t *desc)
Definition: rendcommon.c:438
#define REND_SERVICE_ID_LEN_BASE32
Definition: or.h:331
#define REND_BASIC_AUTH_CLIENT_MULTIPLE
Definition: or.h:379
crypto_cipher_t * crypto_cipher_new(const char *key)
Definition: crypto_cipher.c:65
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:163
#define BASE32_CHARS
Definition: binascii.h:53
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1122
void format_iso_time(char *buf, time_t t)
Definition: time_fmt.c:291
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:351
int crypto_cipher_encrypt_with_iv(const char *key, char *to, size_t tolen, const char *from, size_t fromlen)
int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:394
char identity_digest[DIGEST_LEN]
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Header file for router.c.
const char * escaped(const char *s)
Definition: escape.c:126
int networkstatus_vote_find_entry_idx(networkstatus_t *ns, const char *digest, int *found_out)
#define log_fn(severity, domain, args,...)
Definition: log.h:255
int rend_get_service_id(crypto_pk_t *pk, char *out)
Definition: rendcommon.c:705
#define REND_TIME_PERIOD_V2_DESC_VALIDITY
Definition: or.h:340
#define REND_REPLICA_LEN
Definition: rendcommon.c:80
int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs, const char *id)
Definition: rendcommon.c:841
void rend_intro_point_free_(rend_intro_point_t *intro)
Definition: rendcommon.c:449
void smartlist_sort_digests(smartlist_t *sl)
Definition: smartlist.c:824
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:151
void rend_service_descriptor_free_(rend_service_descriptor_t *desc)
Definition: rendcommon.c:56
#define REND_LEGAL_CLIENTNAME_CHARACTERS
Definition: or.h:391
Header file for control.c.
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload)
Definition: rendcommon.c:766
struct replaycache_t * accepted_intro_rsa_parts
int router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest, size_t digest_len, crypto_pk_t *private_key)
Definition: signing.c:79
int rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, char *desc_id_out, char **intro_points_encrypted_out, size_t *intro_points_encrypted_size_out, size_t *encoded_size_out, const char **next_out, const char *desc, int as_hsdir)
Definition: rendparse.c:72
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3129
int rend_cache_store_v2_desc_as_service(const char *desc)
Definition: rendcache.c:734
tor_addr_t addr
int rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len)
Definition: rendmid.c:296
Header file for rendclient.c.
#define LD_PROTOCOL
Definition: log.h:68
void smartlist_clear(smartlist_t *sl)
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:82
const char * safe_str(const char *address)
Definition: config.c:1076
Header file for routerlist.c.