2018-06-20 14:13:28 +02:00
|
|
|
/* Copyright (c) 2016-2018, The Tor Project, Inc. */
|
2016-05-31 20:51:30 +02:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \file hs_common.c
|
|
|
|
* \brief Contains code shared between different HS protocol version as well
|
|
|
|
* as useful data structures and accessors used by other subsystems.
|
|
|
|
* The rendcommon.c should only contains code relating to the v2
|
|
|
|
* protocol.
|
|
|
|
**/
|
|
|
|
|
2017-02-13 14:31:34 +01:00
|
|
|
#define HS_COMMON_PRIVATE
|
|
|
|
|
2018-07-05 22:34:59 +02:00
|
|
|
#include "core/or/or.h"
|
2018-06-20 15:35:05 +02:00
|
|
|
|
2018-07-05 22:34:59 +02:00
|
|
|
#include "app/config/config.h"
|
|
|
|
#include "core/or/circuitbuild.h"
|
2018-06-21 18:47:11 +02:00
|
|
|
#include "lib/crypt_ops/crypto_rand.h"
|
|
|
|
#include "lib/crypt_ops/crypto_util.h"
|
2018-07-05 22:34:59 +02:00
|
|
|
#include "feature/nodelist/networkstatus.h"
|
|
|
|
#include "feature/nodelist/nodelist.h"
|
|
|
|
#include "feature/hs/hs_cache.h"
|
|
|
|
#include "feature/hs/hs_common.h"
|
|
|
|
#include "feature/hs/hs_client.h"
|
|
|
|
#include "feature/hs/hs_ident.h"
|
|
|
|
#include "feature/hs/hs_service.h"
|
|
|
|
#include "feature/hs/hs_circuitmap.h"
|
|
|
|
#include "core/or/policies.h"
|
|
|
|
#include "feature/rend/rendcommon.h"
|
|
|
|
#include "feature/rend/rendservice.h"
|
|
|
|
#include "feature/nodelist/routerset.h"
|
|
|
|
#include "feature/relay/router.h"
|
|
|
|
#include "feature/hs_common/shared_random_client.h"
|
|
|
|
#include "feature/dirauth/shared_random_state.h"
|
|
|
|
|
|
|
|
#include "core/or/edge_connection_st.h"
|
|
|
|
#include "feature/nodelist/networkstatus_st.h"
|
|
|
|
#include "feature/nodelist/node_st.h"
|
|
|
|
#include "core/or/origin_circuit_st.h"
|
|
|
|
#include "feature/nodelist/routerstatus_st.h"
|
2018-06-15 16:07:17 +02:00
|
|
|
|
2017-07-18 21:17:37 +02:00
|
|
|
/* Trunnel */
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "trunnel/ed25519_cert.h"
|
2017-07-18 21:17:37 +02:00
|
|
|
|
2017-02-06 18:26:36 +01:00
|
|
|
/* Ed25519 Basepoint value. Taken from section 5 of
|
|
|
|
* https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 */
|
|
|
|
static const char *str_ed25519_basepoint =
|
|
|
|
"(15112221349535400772501151409588531511"
|
|
|
|
"454012693041857206046113283949847762202, "
|
|
|
|
"463168356949264781694283940034751631413"
|
|
|
|
"07993866256225615783033603165251855960)";
|
|
|
|
|
2017-05-10 21:04:40 +02:00
|
|
|
#ifdef HAVE_SYS_UN_H
|
|
|
|
|
|
|
|
/** Given <b>ports</b>, a smarlist containing rend_service_port_config_t,
|
|
|
|
* add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success
|
|
|
|
* else return -ENOSYS if AF_UNIX is not supported (see function in the
|
|
|
|
* #else statement below). */
|
|
|
|
static int
|
|
|
|
add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
|
|
|
|
{
|
|
|
|
tor_assert(ports);
|
|
|
|
tor_assert(p);
|
|
|
|
tor_assert(p->is_unix_addr);
|
|
|
|
|
|
|
|
smartlist_add(ports, p);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Given <b>conn</b> set it to use the given port <b>p</b> values. Return 0
|
|
|
|
* on success else return -ENOSYS if AF_UNIX is not supported (see function
|
|
|
|
* in the #else statement below). */
|
|
|
|
static int
|
|
|
|
set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
|
|
|
|
{
|
|
|
|
tor_assert(conn);
|
|
|
|
tor_assert(p);
|
|
|
|
tor_assert(p->is_unix_addr);
|
|
|
|
|
|
|
|
conn->base_.socket_family = AF_UNIX;
|
|
|
|
tor_addr_make_unspec(&conn->base_.addr);
|
|
|
|
conn->base_.port = 1;
|
|
|
|
conn->base_.address = tor_strdup(p->unix_addr);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-09-15 22:24:44 +02:00
|
|
|
#else /* !(defined(HAVE_SYS_UN_H)) */
|
2017-05-10 21:04:40 +02:00
|
|
|
|
|
|
|
static int
|
|
|
|
set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
|
|
|
|
{
|
|
|
|
(void) conn;
|
|
|
|
(void) p;
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
|
|
|
|
{
|
|
|
|
(void) ports;
|
|
|
|
(void) p;
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
|
|
|
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* defined(HAVE_SYS_UN_H) */
|
2017-05-10 21:04:40 +02:00
|
|
|
|
2017-04-19 18:23:43 +02:00
|
|
|
/* Helper function: The key is a digest that we compare to a node_t object
|
|
|
|
* current hsdir_index. */
|
|
|
|
static int
|
2017-09-06 16:25:21 +02:00
|
|
|
compare_digest_to_fetch_hsdir_index(const void *_key, const void **_member)
|
2017-04-19 18:23:43 +02:00
|
|
|
{
|
|
|
|
const char *key = _key;
|
|
|
|
const node_t *node = *_member;
|
2018-04-29 01:56:12 +02:00
|
|
|
return tor_memcmp(key, node->hsdir_index.fetch, DIGEST256_LEN);
|
2017-04-19 18:23:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Helper function: The key is a digest that we compare to a node_t object
|
|
|
|
* next hsdir_index. */
|
|
|
|
static int
|
2017-09-06 16:25:21 +02:00
|
|
|
compare_digest_to_store_first_hsdir_index(const void *_key,
|
|
|
|
const void **_member)
|
2017-04-19 18:23:43 +02:00
|
|
|
{
|
|
|
|
const char *key = _key;
|
|
|
|
const node_t *node = *_member;
|
2018-04-29 01:56:12 +02:00
|
|
|
return tor_memcmp(key, node->hsdir_index.store_first, DIGEST256_LEN);
|
2017-09-06 16:25:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Helper function: The key is a digest that we compare to a node_t object
|
|
|
|
* next hsdir_index. */
|
|
|
|
static int
|
|
|
|
compare_digest_to_store_second_hsdir_index(const void *_key,
|
|
|
|
const void **_member)
|
|
|
|
{
|
|
|
|
const char *key = _key;
|
|
|
|
const node_t *node = *_member;
|
2018-04-29 01:56:12 +02:00
|
|
|
return tor_memcmp(key, node->hsdir_index.store_second, DIGEST256_LEN);
|
2017-04-19 18:23:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Helper function: Compare two node_t objects current hsdir_index. */
|
|
|
|
static int
|
2017-09-06 16:25:21 +02:00
|
|
|
compare_node_fetch_hsdir_index(const void **a, const void **b)
|
|
|
|
{
|
|
|
|
const node_t *node1= *a;
|
|
|
|
const node_t *node2 = *b;
|
2018-04-29 01:56:12 +02:00
|
|
|
return tor_memcmp(node1->hsdir_index.fetch,
|
|
|
|
node2->hsdir_index.fetch,
|
2017-09-06 16:25:21 +02:00
|
|
|
DIGEST256_LEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Helper function: Compare two node_t objects next hsdir_index. */
|
|
|
|
static int
|
|
|
|
compare_node_store_first_hsdir_index(const void **a, const void **b)
|
2017-04-19 18:23:43 +02:00
|
|
|
{
|
|
|
|
const node_t *node1= *a;
|
|
|
|
const node_t *node2 = *b;
|
2018-04-29 01:56:12 +02:00
|
|
|
return tor_memcmp(node1->hsdir_index.store_first,
|
|
|
|
node2->hsdir_index.store_first,
|
2017-04-19 18:23:43 +02:00
|
|
|
DIGEST256_LEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Helper function: Compare two node_t objects next hsdir_index. */
|
|
|
|
static int
|
2017-09-06 16:25:21 +02:00
|
|
|
compare_node_store_second_hsdir_index(const void **a, const void **b)
|
2017-04-19 18:23:43 +02:00
|
|
|
{
|
|
|
|
const node_t *node1= *a;
|
|
|
|
const node_t *node2 = *b;
|
2018-04-29 01:56:12 +02:00
|
|
|
return tor_memcmp(node1->hsdir_index.store_second,
|
|
|
|
node2->hsdir_index.store_second,
|
2017-04-19 18:23:43 +02:00
|
|
|
DIGEST256_LEN);
|
|
|
|
}
|
|
|
|
|
2017-02-01 15:18:58 +01:00
|
|
|
/* Allocate and return a string containing the path to filename in directory.
|
|
|
|
* This function will never return NULL. The caller must free this path. */
|
|
|
|
char *
|
|
|
|
hs_path_from_filename(const char *directory, const char *filename)
|
|
|
|
{
|
|
|
|
char *file_path = NULL;
|
|
|
|
|
|
|
|
tor_assert(directory);
|
|
|
|
tor_assert(filename);
|
|
|
|
|
|
|
|
tor_asprintf(&file_path, "%s%s%s", directory, PATH_SEPARATOR, filename);
|
|
|
|
return file_path;
|
|
|
|
}
|
|
|
|
|
2016-12-22 22:40:21 +01:00
|
|
|
/* Make sure that the directory for <b>service</b> is private, using the config
|
|
|
|
* <b>username</b>.
|
|
|
|
* If <b>create</b> is true:
|
|
|
|
* - if the directory exists, change permissions if needed,
|
|
|
|
* - if the directory does not exist, create it with the correct permissions.
|
|
|
|
* If <b>create</b> is false:
|
|
|
|
* - if the directory exists, check permissions,
|
|
|
|
* - if the directory does not exist, check if we think we can create it.
|
|
|
|
* Return 0 on success, -1 on failure. */
|
|
|
|
int
|
|
|
|
hs_check_service_private_dir(const char *username, const char *path,
|
|
|
|
unsigned int dir_group_readable,
|
|
|
|
unsigned int create)
|
|
|
|
{
|
|
|
|
cpd_check_t check_opts = CPD_NONE;
|
|
|
|
|
|
|
|
tor_assert(path);
|
|
|
|
|
|
|
|
if (create) {
|
|
|
|
check_opts |= CPD_CREATE;
|
|
|
|
} else {
|
|
|
|
check_opts |= CPD_CHECK_MODE_ONLY;
|
|
|
|
check_opts |= CPD_CHECK;
|
|
|
|
}
|
|
|
|
if (dir_group_readable) {
|
|
|
|
check_opts |= CPD_GROUP_READ;
|
|
|
|
}
|
|
|
|
/* Check/create directory */
|
|
|
|
if (check_private_dir(path, check_opts, username) < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-01-20 00:42:53 +01:00
|
|
|
/* Default, minimum, and maximum values for the maximum rendezvous failures
|
2018-01-19 22:26:26 +01:00
|
|
|
* consensus parameter. */
|
|
|
|
#define MAX_REND_FAILURES_DEFAULT 2
|
|
|
|
#define MAX_REND_FAILURES_MIN 1
|
|
|
|
#define MAX_REND_FAILURES_MAX 10
|
|
|
|
|
|
|
|
/** How many times will a hidden service operator attempt to connect to
|
|
|
|
* a requested rendezvous point before giving up? */
|
|
|
|
int
|
|
|
|
hs_get_service_max_rend_failures(void)
|
|
|
|
{
|
|
|
|
return networkstatus_get_param(NULL, "hs_service_max_rdv_failures",
|
|
|
|
MAX_REND_FAILURES_DEFAULT,
|
|
|
|
MAX_REND_FAILURES_MIN,
|
|
|
|
MAX_REND_FAILURES_MAX);
|
|
|
|
}
|
|
|
|
|
2017-02-13 14:31:34 +01:00
|
|
|
/** Get the default HS time period length in minutes from the consensus. */
|
|
|
|
STATIC uint64_t
|
|
|
|
get_time_period_length(void)
|
|
|
|
{
|
2017-07-18 17:10:26 +02:00
|
|
|
/* If we are on a test network, make the time period smaller than normal so
|
|
|
|
that we actually see it rotate. Specifically, make it the same length as
|
|
|
|
an SRV protocol run. */
|
|
|
|
if (get_options()->TestingTorNetwork) {
|
|
|
|
unsigned run_duration = sr_state_get_protocol_run_duration();
|
|
|
|
/* An SRV run should take more than a minute (it's 24 rounds) */
|
|
|
|
tor_assert_nonfatal(run_duration > 60);
|
|
|
|
/* Turn it from seconds to minutes before returning: */
|
|
|
|
return sr_state_get_protocol_run_duration() / 60;
|
|
|
|
}
|
|
|
|
|
2017-11-13 17:48:56 +01:00
|
|
|
int32_t time_period_length = networkstatus_get_param(NULL, "hsdir_interval",
|
2017-02-13 14:31:34 +01:00
|
|
|
HS_TIME_PERIOD_LENGTH_DEFAULT,
|
|
|
|
HS_TIME_PERIOD_LENGTH_MIN,
|
|
|
|
HS_TIME_PERIOD_LENGTH_MAX);
|
|
|
|
/* Make sure it's a positive value. */
|
2018-07-20 17:02:05 +02:00
|
|
|
tor_assert(time_period_length > 0);
|
|
|
|
/* uint64_t will always be able to contain a positive int32_t */
|
2017-02-13 14:31:34 +01:00
|
|
|
return (uint64_t) time_period_length;
|
|
|
|
}
|
|
|
|
|
2017-09-01 22:18:50 +02:00
|
|
|
/** Get the HS time period number at time <b>now</b>. If <b>now</b> is not set,
|
2017-09-12 11:24:10 +02:00
|
|
|
* we try to get the time ourselves from a live consensus. */
|
2017-02-06 18:26:36 +01:00
|
|
|
uint64_t
|
|
|
|
hs_get_time_period_num(time_t now)
|
2017-02-13 14:31:34 +01:00
|
|
|
{
|
|
|
|
uint64_t time_period_num;
|
2017-09-01 22:18:50 +02:00
|
|
|
time_t current_time;
|
|
|
|
|
|
|
|
/* If no time is specified, set current time based on consensus time, and
|
|
|
|
* only fall back to system time if that fails. */
|
|
|
|
if (now != 0) {
|
|
|
|
current_time = now;
|
|
|
|
} else {
|
|
|
|
networkstatus_t *ns = networkstatus_get_live_consensus(approx_time());
|
|
|
|
current_time = ns ? ns->valid_after : approx_time();
|
|
|
|
}
|
2017-07-24 12:31:17 +02:00
|
|
|
|
|
|
|
/* Start by calculating minutes since the epoch */
|
2017-02-13 14:31:34 +01:00
|
|
|
uint64_t time_period_length = get_time_period_length();
|
2017-09-01 22:18:50 +02:00
|
|
|
uint64_t minutes_since_epoch = current_time / 60;
|
2017-02-13 14:31:34 +01:00
|
|
|
|
2017-07-24 12:31:17 +02:00
|
|
|
/* Apply the rotation offset as specified by prop224 (section
|
|
|
|
* [TIME-PERIODS]), so that new time periods synchronize nicely with SRV
|
|
|
|
* publication */
|
|
|
|
unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
|
|
|
|
time_period_rotation_offset /= 60; /* go from seconds to minutes */
|
|
|
|
tor_assert(minutes_since_epoch > time_period_rotation_offset);
|
|
|
|
minutes_since_epoch -= time_period_rotation_offset;
|
2017-02-13 14:31:34 +01:00
|
|
|
|
|
|
|
/* Calculate the time period */
|
|
|
|
time_period_num = minutes_since_epoch / time_period_length;
|
|
|
|
return time_period_num;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Get the number of the _upcoming_ HS time period, given that the current
|
2017-09-12 11:24:10 +02:00
|
|
|
* time is <b>now</b>. If <b>now</b> is not set, we try to get the time from a
|
|
|
|
* live consensus. */
|
2017-02-13 14:31:34 +01:00
|
|
|
uint64_t
|
|
|
|
hs_get_next_time_period_num(time_t now)
|
|
|
|
{
|
2017-02-06 18:26:36 +01:00
|
|
|
return hs_get_time_period_num(now) + 1;
|
2017-02-13 14:31:34 +01:00
|
|
|
}
|
|
|
|
|
2017-09-12 11:24:10 +02:00
|
|
|
/* Get the number of the _previous_ HS time period, given that the current time
|
|
|
|
* is <b>now</b>. If <b>now</b> is not set, we try to get the time from a live
|
|
|
|
* consensus. */
|
2017-09-05 21:52:05 +02:00
|
|
|
uint64_t
|
|
|
|
hs_get_previous_time_period_num(time_t now)
|
|
|
|
{
|
|
|
|
return hs_get_time_period_num(now) - 1;
|
|
|
|
}
|
|
|
|
|
2017-09-12 11:24:10 +02:00
|
|
|
/* Return the start time of the upcoming time period based on <b>now</b>. If
|
|
|
|
<b>now</b> is not set, we try to get the time ourselves from a live
|
|
|
|
consensus. */
|
2017-07-18 15:44:03 +02:00
|
|
|
time_t
|
|
|
|
hs_get_start_time_of_next_time_period(time_t now)
|
|
|
|
{
|
|
|
|
uint64_t time_period_length = get_time_period_length();
|
|
|
|
|
|
|
|
/* Get start time of next time period */
|
|
|
|
uint64_t next_time_period_num = hs_get_next_time_period_num(now);
|
|
|
|
uint64_t start_of_next_tp_in_mins = next_time_period_num *time_period_length;
|
|
|
|
|
|
|
|
/* Apply rotation offset as specified by prop224 section [TIME-PERIODS] */
|
|
|
|
unsigned int time_period_rotation_offset = sr_state_get_phase_duration();
|
2017-08-09 14:31:44 +02:00
|
|
|
return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset);
|
2017-07-18 15:44:03 +02:00
|
|
|
}
|
|
|
|
|
2016-05-31 20:51:30 +02:00
|
|
|
/* Create a new rend_data_t for a specific given <b>version</b>.
|
|
|
|
* Return a pointer to the newly allocated data structure. */
|
|
|
|
static rend_data_t *
|
|
|
|
rend_data_alloc(uint32_t version)
|
|
|
|
{
|
|
|
|
rend_data_t *rend_data = NULL;
|
|
|
|
|
|
|
|
switch (version) {
|
|
|
|
case HS_VERSION_TWO:
|
|
|
|
{
|
|
|
|
rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2));
|
|
|
|
v2->base_.version = HS_VERSION_TWO;
|
|
|
|
v2->base_.hsdirs_fp = smartlist_new();
|
|
|
|
rend_data = &v2->base_;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
tor_assert(0);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return rend_data;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Free all storage associated with <b>data</b> */
|
|
|
|
void
|
2017-11-21 15:37:47 +01:00
|
|
|
rend_data_free_(rend_data_t *data)
|
2016-05-31 20:51:30 +02:00
|
|
|
{
|
|
|
|
if (!data) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
/* By using our allocation function, this should always be set. */
|
|
|
|
tor_assert(data->hsdirs_fp);
|
|
|
|
/* Cleanup the HSDir identity digest. */
|
|
|
|
SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
|
|
|
|
smartlist_free(data->hsdirs_fp);
|
|
|
|
/* Depending on the version, cleanup. */
|
|
|
|
switch (data->version) {
|
|
|
|
case HS_VERSION_TWO:
|
|
|
|
{
|
|
|
|
rend_data_v2_t *v2_data = TO_REND_DATA_V2(data);
|
|
|
|
tor_free(v2_data);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
tor_assert(0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Allocate and return a deep copy of <b>data</b>. */
|
|
|
|
rend_data_t *
|
|
|
|
rend_data_dup(const rend_data_t *data)
|
|
|
|
{
|
|
|
|
rend_data_t *data_dup = NULL;
|
|
|
|
smartlist_t *hsdirs_fp = smartlist_new();
|
|
|
|
|
|
|
|
tor_assert(data);
|
|
|
|
tor_assert(data->hsdirs_fp);
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
|
|
|
|
smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN)));
|
|
|
|
|
|
|
|
switch (data->version) {
|
|
|
|
case HS_VERSION_TWO:
|
|
|
|
{
|
|
|
|
rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data),
|
|
|
|
sizeof(*v2_data));
|
|
|
|
data_dup = &v2_data->base_;
|
|
|
|
data_dup->hsdirs_fp = hsdirs_fp;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
tor_assert(0);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return data_dup;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Compute the descriptor ID for each HS descriptor replica and save them. A
|
|
|
|
* valid onion address must be present in the <b>rend_data</b>.
|
|
|
|
*
|
|
|
|
* Return 0 on success else -1. */
|
|
|
|
static int
|
|
|
|
compute_desc_id(rend_data_t *rend_data)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
unsigned replica;
|
|
|
|
time_t now = time(NULL);
|
|
|
|
|
|
|
|
tor_assert(rend_data);
|
|
|
|
|
|
|
|
switch (rend_data->version) {
|
|
|
|
case HS_VERSION_TWO:
|
|
|
|
{
|
|
|
|
rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
|
|
|
|
/* Compute descriptor ID for each replicas. */
|
|
|
|
for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id);
|
|
|
|
replica++) {
|
|
|
|
ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica],
|
|
|
|
v2_data->onion_address,
|
|
|
|
v2_data->descriptor_cookie,
|
|
|
|
now, replica);
|
|
|
|
if (ret < 0) {
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
tor_assert(0);
|
|
|
|
}
|
|
|
|
|
2016-08-25 00:44:34 +02:00
|
|
|
end:
|
2016-05-31 20:51:30 +02:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Allocate and initialize a rend_data_t object for a service using the
|
|
|
|
* provided arguments. All arguments are optional (can be NULL), except from
|
2016-11-07 20:03:32 +01:00
|
|
|
* <b>onion_address</b> which MUST be set. The <b>pk_digest</b> is the hash of
|
|
|
|
* the service private key. The <b>cookie</b> is the rendezvous cookie and
|
|
|
|
* <b>auth_type</b> is which authentiation this service is configured with.
|
2016-05-31 20:51:30 +02:00
|
|
|
*
|
|
|
|
* Return a valid rend_data_t pointer. This only returns a version 2 object of
|
|
|
|
* rend_data_t. */
|
|
|
|
rend_data_t *
|
|
|
|
rend_data_service_create(const char *onion_address, const char *pk_digest,
|
|
|
|
const uint8_t *cookie, rend_auth_type_t auth_type)
|
|
|
|
{
|
|
|
|
/* Create a rend_data_t object for version 2. */
|
|
|
|
rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
|
|
|
|
rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
|
|
|
|
|
|
|
|
/* We need at least one else the call is wrong. */
|
|
|
|
tor_assert(onion_address != NULL);
|
|
|
|
|
|
|
|
if (pk_digest) {
|
|
|
|
memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest));
|
|
|
|
}
|
|
|
|
if (cookie) {
|
|
|
|
memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie));
|
|
|
|
}
|
|
|
|
|
|
|
|
strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
|
|
|
|
v2->auth_type = auth_type;
|
|
|
|
|
|
|
|
return rend_data;
|
|
|
|
}
|
|
|
|
|
2016-11-07 20:03:32 +01:00
|
|
|
/* Allocate and initialize a rend_data_t object for a client request using the
|
|
|
|
* given arguments. Either an onion address or a descriptor ID is needed. Both
|
|
|
|
* can be given but in this case only the onion address will be used to make
|
|
|
|
* the descriptor fetch. The <b>cookie</b> is the rendezvous cookie and
|
|
|
|
* <b>auth_type</b> is which authentiation the service is configured with.
|
2016-05-31 20:51:30 +02:00
|
|
|
*
|
|
|
|
* Return a valid rend_data_t pointer or NULL on error meaning the
|
|
|
|
* descriptor IDs couldn't be computed from the given data. */
|
|
|
|
rend_data_t *
|
|
|
|
rend_data_client_create(const char *onion_address, const char *desc_id,
|
|
|
|
const char *cookie, rend_auth_type_t auth_type)
|
|
|
|
{
|
|
|
|
/* Create a rend_data_t object for version 2. */
|
|
|
|
rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO);
|
|
|
|
rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data);
|
|
|
|
|
|
|
|
/* We need at least one else the call is wrong. */
|
|
|
|
tor_assert(onion_address != NULL || desc_id != NULL);
|
|
|
|
|
|
|
|
if (cookie) {
|
|
|
|
memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie));
|
|
|
|
}
|
|
|
|
if (desc_id) {
|
|
|
|
memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch));
|
|
|
|
}
|
|
|
|
if (onion_address) {
|
|
|
|
strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address));
|
|
|
|
if (compute_desc_id(rend_data) < 0) {
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
v2->auth_type = auth_type;
|
|
|
|
|
|
|
|
return rend_data;
|
|
|
|
|
|
|
|
error:
|
|
|
|
rend_data_free(rend_data);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return the onion address from the rend data. Depending on the version,
|
|
|
|
* the size of the address can vary but it's always NUL terminated. */
|
|
|
|
const char *
|
|
|
|
rend_data_get_address(const rend_data_t *rend_data)
|
|
|
|
{
|
|
|
|
tor_assert(rend_data);
|
|
|
|
|
|
|
|
switch (rend_data->version) {
|
|
|
|
case HS_VERSION_TWO:
|
|
|
|
return TO_REND_DATA_V2(rend_data)->onion_address;
|
|
|
|
default:
|
|
|
|
/* We should always have a supported version. */
|
|
|
|
tor_assert(0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return the descriptor ID for a specific replica number from the rend
|
|
|
|
* data. The returned data is a binary digest and depending on the version its
|
|
|
|
* size can vary. The size of the descriptor ID is put in <b>len_out</b> if
|
|
|
|
* non NULL. */
|
|
|
|
const char *
|
|
|
|
rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica,
|
|
|
|
size_t *len_out)
|
|
|
|
{
|
|
|
|
tor_assert(rend_data);
|
|
|
|
|
|
|
|
switch (rend_data->version) {
|
|
|
|
case HS_VERSION_TWO:
|
|
|
|
tor_assert(replica < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS);
|
|
|
|
if (len_out) {
|
|
|
|
*len_out = DIGEST_LEN;
|
|
|
|
}
|
|
|
|
return TO_REND_DATA_V2(rend_data)->descriptor_id[replica];
|
|
|
|
default:
|
|
|
|
/* We should always have a supported version. */
|
|
|
|
tor_assert(0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return the public key digest using the given <b>rend_data</b>. The size of
|
|
|
|
* the digest is put in <b>len_out</b> (if set) which can differ depending on
|
|
|
|
* the version. */
|
|
|
|
const uint8_t *
|
|
|
|
rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
|
|
|
|
{
|
|
|
|
tor_assert(rend_data);
|
|
|
|
|
|
|
|
switch (rend_data->version) {
|
|
|
|
case HS_VERSION_TWO:
|
|
|
|
{
|
|
|
|
const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data);
|
|
|
|
if (len_out) {
|
|
|
|
*len_out = sizeof(v2_data->rend_pk_digest);
|
|
|
|
}
|
|
|
|
return (const uint8_t *) v2_data->rend_pk_digest;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
/* We should always have a supported version. */
|
|
|
|
tor_assert(0);
|
|
|
|
}
|
|
|
|
}
|
2016-12-23 16:46:14 +01:00
|
|
|
|
2017-04-18 21:06:44 +02:00
|
|
|
/* Using the given time period number, compute the disaster shared random
|
|
|
|
* value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */
|
|
|
|
static void
|
2017-08-08 10:45:45 +02:00
|
|
|
compute_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
|
2017-04-18 21:06:44 +02:00
|
|
|
{
|
|
|
|
crypto_digest_t *digest;
|
|
|
|
|
|
|
|
tor_assert(srv_out);
|
|
|
|
|
|
|
|
digest = crypto_digest256_new(DIGEST_SHA3_256);
|
2017-08-03 11:01:52 +02:00
|
|
|
|
|
|
|
/* Start setting up payload:
|
|
|
|
* H("shared-random-disaster" | INT_8(period_length) | INT_8(period_num)) */
|
2017-04-18 21:06:44 +02:00
|
|
|
crypto_digest_add_bytes(digest, HS_SRV_DISASTER_PREFIX,
|
|
|
|
HS_SRV_DISASTER_PREFIX_LEN);
|
2017-08-03 11:01:52 +02:00
|
|
|
|
|
|
|
/* Setup INT_8(period_length) | INT_8(period_num) */
|
|
|
|
{
|
|
|
|
uint64_t time_period_length = get_time_period_length();
|
|
|
|
char period_stuff[sizeof(uint64_t)*2];
|
|
|
|
size_t offset = 0;
|
2017-08-04 21:02:28 +02:00
|
|
|
set_uint64(period_stuff, tor_htonll(time_period_length));
|
2017-08-03 11:01:52 +02:00
|
|
|
offset += sizeof(uint64_t);
|
2017-08-04 21:02:28 +02:00
|
|
|
set_uint64(period_stuff+offset, tor_htonll(time_period_num));
|
2017-08-03 11:01:52 +02:00
|
|
|
offset += sizeof(uint64_t);
|
|
|
|
tor_assert(offset == sizeof(period_stuff));
|
|
|
|
|
|
|
|
crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
|
|
|
|
}
|
|
|
|
|
2017-04-18 21:06:44 +02:00
|
|
|
crypto_digest_get_digest(digest, (char *) srv_out, DIGEST256_LEN);
|
|
|
|
crypto_digest_free(digest);
|
|
|
|
}
|
|
|
|
|
2017-08-08 10:45:45 +02:00
|
|
|
/** Due to the high cost of computing the disaster SRV and that potentially we
|
|
|
|
* would have to do it thousands of times in a row, we always cache the
|
|
|
|
* computer disaster SRV (and its corresponding time period num) in case we
|
|
|
|
* want to reuse it soon after. We need to cache two SRVs, one for each active
|
2017-09-06 17:12:28 +02:00
|
|
|
* time period.
|
2017-08-08 10:45:45 +02:00
|
|
|
*/
|
|
|
|
static uint8_t cached_disaster_srv[2][DIGEST256_LEN];
|
|
|
|
static uint64_t cached_time_period_nums[2] = {0};
|
|
|
|
|
|
|
|
/** Compute the disaster SRV value for this <b>time_period_num</b> and put it
|
|
|
|
* in <b>srv_out</b> (of size at least DIGEST256_LEN). First check our caches
|
|
|
|
* to see if we have already computed it. */
|
|
|
|
STATIC void
|
|
|
|
get_disaster_srv(uint64_t time_period_num, uint8_t *srv_out)
|
|
|
|
{
|
|
|
|
if (time_period_num == cached_time_period_nums[0]) {
|
|
|
|
memcpy(srv_out, cached_disaster_srv[0], DIGEST256_LEN);
|
|
|
|
return;
|
|
|
|
} else if (time_period_num == cached_time_period_nums[1]) {
|
|
|
|
memcpy(srv_out, cached_disaster_srv[1], DIGEST256_LEN);
|
|
|
|
return;
|
|
|
|
} else {
|
|
|
|
int replace_idx;
|
|
|
|
// Replace the lower period number.
|
|
|
|
if (cached_time_period_nums[0] <= cached_time_period_nums[1]) {
|
|
|
|
replace_idx = 0;
|
|
|
|
} else {
|
|
|
|
replace_idx = 1;
|
|
|
|
}
|
|
|
|
cached_time_period_nums[replace_idx] = time_period_num;
|
|
|
|
compute_disaster_srv(time_period_num, cached_disaster_srv[replace_idx]);
|
|
|
|
memcpy(srv_out, cached_disaster_srv[replace_idx], DIGEST256_LEN);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef TOR_UNIT_TESTS
|
|
|
|
|
|
|
|
/** Get the first cached disaster SRV. Only used by unittests. */
|
|
|
|
STATIC uint8_t *
|
|
|
|
get_first_cached_disaster_srv(void)
|
|
|
|
{
|
|
|
|
return cached_disaster_srv[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Get the second cached disaster SRV. Only used by unittests. */
|
|
|
|
STATIC uint8_t *
|
|
|
|
get_second_cached_disaster_srv(void)
|
|
|
|
{
|
|
|
|
return cached_disaster_srv[1];
|
|
|
|
}
|
|
|
|
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* defined(TOR_UNIT_TESTS) */
|
2017-08-08 10:45:45 +02:00
|
|
|
|
2017-02-06 18:26:36 +01:00
|
|
|
/* When creating a blinded key, we need a parameter which construction is as
|
|
|
|
* follow: H(pubkey | [secret] | ed25519-basepoint | nonce).
|
|
|
|
*
|
|
|
|
* The nonce has a pre-defined format which uses the time period number
|
|
|
|
* period_num and the start of the period in second start_time_period.
|
|
|
|
*
|
|
|
|
* The secret of size secret_len is optional meaning that it can be NULL and
|
|
|
|
* thus will be ignored for the param construction.
|
|
|
|
*
|
|
|
|
* The result is put in param_out. */
|
|
|
|
static void
|
|
|
|
build_blinded_key_param(const ed25519_public_key_t *pubkey,
|
|
|
|
const uint8_t *secret, size_t secret_len,
|
2017-08-03 11:01:52 +02:00
|
|
|
uint64_t period_num, uint64_t period_length,
|
2017-02-06 18:26:36 +01:00
|
|
|
uint8_t *param_out)
|
|
|
|
{
|
|
|
|
size_t offset = 0;
|
2017-08-04 11:37:48 +02:00
|
|
|
const char blind_str[] = "Derive temporary signing key";
|
2017-02-06 18:26:36 +01:00
|
|
|
uint8_t nonce[HS_KEYBLIND_NONCE_LEN];
|
|
|
|
crypto_digest_t *digest;
|
|
|
|
|
|
|
|
tor_assert(pubkey);
|
|
|
|
tor_assert(param_out);
|
|
|
|
|
|
|
|
/* Create the nonce N. The construction is as follow:
|
2017-08-03 11:01:52 +02:00
|
|
|
* N = "key-blind" || INT_8(period_num) || INT_8(period_length) */
|
2017-02-06 18:26:36 +01:00
|
|
|
memcpy(nonce, HS_KEYBLIND_NONCE_PREFIX, HS_KEYBLIND_NONCE_PREFIX_LEN);
|
|
|
|
offset += HS_KEYBLIND_NONCE_PREFIX_LEN;
|
2017-08-03 11:01:52 +02:00
|
|
|
set_uint64(nonce + offset, tor_htonll(period_num));
|
2017-02-06 18:26:36 +01:00
|
|
|
offset += sizeof(uint64_t);
|
2017-08-03 11:01:52 +02:00
|
|
|
set_uint64(nonce + offset, tor_htonll(period_length));
|
2017-02-06 18:26:36 +01:00
|
|
|
offset += sizeof(uint64_t);
|
|
|
|
tor_assert(offset == HS_KEYBLIND_NONCE_LEN);
|
|
|
|
|
|
|
|
/* Generate the parameter h and the construction is as follow:
|
2017-08-04 11:37:48 +02:00
|
|
|
* h = H(BLIND_STRING | pubkey | [secret] | ed25519-basepoint | N) */
|
2017-02-06 18:26:36 +01:00
|
|
|
digest = crypto_digest256_new(DIGEST_SHA3_256);
|
2017-08-04 11:37:48 +02:00
|
|
|
crypto_digest_add_bytes(digest, blind_str, sizeof(blind_str));
|
2017-02-06 18:26:36 +01:00
|
|
|
crypto_digest_add_bytes(digest, (char *) pubkey, ED25519_PUBKEY_LEN);
|
|
|
|
/* Optional secret. */
|
|
|
|
if (secret) {
|
|
|
|
crypto_digest_add_bytes(digest, (char *) secret, secret_len);
|
|
|
|
}
|
|
|
|
crypto_digest_add_bytes(digest, str_ed25519_basepoint,
|
|
|
|
strlen(str_ed25519_basepoint));
|
|
|
|
crypto_digest_add_bytes(digest, (char *) nonce, sizeof(nonce));
|
|
|
|
|
|
|
|
/* Extract digest and put it in the param. */
|
|
|
|
crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
|
|
|
|
crypto_digest_free(digest);
|
2017-08-03 14:42:30 +02:00
|
|
|
|
|
|
|
memwipe(nonce, 0, sizeof(nonce));
|
2017-02-06 18:26:36 +01:00
|
|
|
}
|
|
|
|
|
2017-01-30 23:33:18 +01:00
|
|
|
/* Using an ed25519 public key and version to build the checksum of an
|
|
|
|
* address. Put in checksum_out. Format is:
|
|
|
|
* SHA3-256(".onion checksum" || PUBKEY || VERSION)
|
|
|
|
*
|
|
|
|
* checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
|
|
|
|
static void
|
|
|
|
build_hs_checksum(const ed25519_public_key_t *key, uint8_t version,
|
2017-07-12 19:41:33 +02:00
|
|
|
uint8_t *checksum_out)
|
2017-01-30 23:33:18 +01:00
|
|
|
{
|
|
|
|
size_t offset = 0;
|
|
|
|
char data[HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN];
|
|
|
|
|
|
|
|
/* Build checksum data. */
|
|
|
|
memcpy(data, HS_SERVICE_ADDR_CHECKSUM_PREFIX,
|
|
|
|
HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN);
|
|
|
|
offset += HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN;
|
|
|
|
memcpy(data + offset, key->pubkey, ED25519_PUBKEY_LEN);
|
|
|
|
offset += ED25519_PUBKEY_LEN;
|
|
|
|
set_uint8(data + offset, version);
|
|
|
|
offset += sizeof(version);
|
|
|
|
tor_assert(offset == HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN);
|
|
|
|
|
|
|
|
/* Hash the data payload to create the checksum. */
|
2017-07-12 19:41:33 +02:00
|
|
|
crypto_digest256((char *) checksum_out, data, sizeof(data),
|
|
|
|
DIGEST_SHA3_256);
|
2017-01-30 23:33:18 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Using an ed25519 public key, checksum and version to build the binary
|
|
|
|
* representation of a service address. Put in addr_out. Format is:
|
|
|
|
* addr_out = PUBKEY || CHECKSUM || VERSION
|
|
|
|
*
|
|
|
|
* addr_out must be large enough to receive HS_SERVICE_ADDR_LEN bytes. */
|
|
|
|
static void
|
2017-07-12 19:41:33 +02:00
|
|
|
build_hs_address(const ed25519_public_key_t *key, const uint8_t *checksum,
|
2017-01-30 23:33:18 +01:00
|
|
|
uint8_t version, char *addr_out)
|
|
|
|
{
|
|
|
|
size_t offset = 0;
|
|
|
|
|
|
|
|
tor_assert(key);
|
|
|
|
tor_assert(checksum);
|
|
|
|
|
|
|
|
memcpy(addr_out, key->pubkey, ED25519_PUBKEY_LEN);
|
|
|
|
offset += ED25519_PUBKEY_LEN;
|
|
|
|
memcpy(addr_out + offset, checksum, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
|
|
|
|
offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
|
|
|
|
set_uint8(addr_out + offset, version);
|
|
|
|
offset += sizeof(uint8_t);
|
|
|
|
tor_assert(offset == HS_SERVICE_ADDR_LEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Helper for hs_parse_address(): Using a binary representation of a service
|
|
|
|
* address, parse its content into the key_out, checksum_out and version_out.
|
|
|
|
* Any out variable can be NULL in case the caller would want only one field.
|
|
|
|
* checksum_out MUST at least be 2 bytes long. address must be at least
|
|
|
|
* HS_SERVICE_ADDR_LEN bytes but doesn't need to be NUL terminated. */
|
|
|
|
static void
|
|
|
|
hs_parse_address_impl(const char *address, ed25519_public_key_t *key_out,
|
2017-07-12 19:41:33 +02:00
|
|
|
uint8_t *checksum_out, uint8_t *version_out)
|
2017-01-30 23:33:18 +01:00
|
|
|
{
|
|
|
|
size_t offset = 0;
|
|
|
|
|
|
|
|
tor_assert(address);
|
|
|
|
|
|
|
|
if (key_out) {
|
|
|
|
/* First is the key. */
|
|
|
|
memcpy(key_out->pubkey, address, ED25519_PUBKEY_LEN);
|
|
|
|
}
|
|
|
|
offset += ED25519_PUBKEY_LEN;
|
|
|
|
if (checksum_out) {
|
|
|
|
/* Followed by a 2 bytes checksum. */
|
|
|
|
memcpy(checksum_out, address + offset, HS_SERVICE_ADDR_CHECKSUM_LEN_USED);
|
|
|
|
}
|
|
|
|
offset += HS_SERVICE_ADDR_CHECKSUM_LEN_USED;
|
|
|
|
if (version_out) {
|
|
|
|
/* Finally, version value is 1 byte. */
|
|
|
|
*version_out = get_uint8(address + offset);
|
|
|
|
}
|
|
|
|
offset += sizeof(uint8_t);
|
|
|
|
/* Extra safety. */
|
|
|
|
tor_assert(offset == HS_SERVICE_ADDR_LEN);
|
|
|
|
}
|
|
|
|
|
2017-05-11 16:16:28 +02:00
|
|
|
/* Using the given identity public key and a blinded public key, compute the
|
2017-08-03 15:02:51 +02:00
|
|
|
* subcredential and put it in subcred_out (must be of size DIGEST256_LEN).
|
|
|
|
* This can't fail. */
|
2017-05-11 16:16:28 +02:00
|
|
|
void
|
|
|
|
hs_get_subcredential(const ed25519_public_key_t *identity_pk,
|
|
|
|
const ed25519_public_key_t *blinded_pk,
|
|
|
|
uint8_t *subcred_out)
|
|
|
|
{
|
|
|
|
uint8_t credential[DIGEST256_LEN];
|
|
|
|
crypto_digest_t *digest;
|
|
|
|
|
|
|
|
tor_assert(identity_pk);
|
|
|
|
tor_assert(blinded_pk);
|
|
|
|
tor_assert(subcred_out);
|
|
|
|
|
|
|
|
/* First, build the credential. Construction is as follow:
|
|
|
|
* credential = H("credential" | public-identity-key) */
|
|
|
|
digest = crypto_digest256_new(DIGEST_SHA3_256);
|
|
|
|
crypto_digest_add_bytes(digest, HS_CREDENTIAL_PREFIX,
|
|
|
|
HS_CREDENTIAL_PREFIX_LEN);
|
|
|
|
crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
|
|
|
|
ED25519_PUBKEY_LEN);
|
|
|
|
crypto_digest_get_digest(digest, (char *) credential, DIGEST256_LEN);
|
|
|
|
crypto_digest_free(digest);
|
|
|
|
|
|
|
|
/* Now, compute the subcredential. Construction is as follow:
|
|
|
|
* subcredential = H("subcredential" | credential | blinded-public-key). */
|
|
|
|
digest = crypto_digest256_new(DIGEST_SHA3_256);
|
|
|
|
crypto_digest_add_bytes(digest, HS_SUBCREDENTIAL_PREFIX,
|
|
|
|
HS_SUBCREDENTIAL_PREFIX_LEN);
|
|
|
|
crypto_digest_add_bytes(digest, (const char *) credential,
|
|
|
|
sizeof(credential));
|
|
|
|
crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
|
|
|
|
ED25519_PUBKEY_LEN);
|
|
|
|
crypto_digest_get_digest(digest, (char *) subcred_out, DIGEST256_LEN);
|
|
|
|
crypto_digest_free(digest);
|
2017-08-03 14:42:30 +02:00
|
|
|
|
|
|
|
memwipe(credential, 0, sizeof(credential));
|
2017-05-11 16:16:28 +02:00
|
|
|
}
|
|
|
|
|
2018-07-31 04:35:33 +02:00
|
|
|
/* From the given list of hidden service ports, find the ones that match the
|
2017-08-03 15:02:51 +02:00
|
|
|
* given edge connection conn, pick one at random and use it to set the
|
|
|
|
* connection address. Return 0 on success or -1 if none. */
|
2017-05-10 21:04:40 +02:00
|
|
|
int
|
|
|
|
hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn)
|
|
|
|
{
|
|
|
|
rend_service_port_config_t *chosen_port;
|
|
|
|
unsigned int warn_once = 0;
|
|
|
|
smartlist_t *matching_ports;
|
|
|
|
|
|
|
|
tor_assert(ports);
|
|
|
|
tor_assert(conn);
|
|
|
|
|
|
|
|
matching_ports = smartlist_new();
|
|
|
|
SMARTLIST_FOREACH_BEGIN(ports, rend_service_port_config_t *, p) {
|
|
|
|
if (TO_CONN(conn)->port != p->virtual_port) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (!(p->is_unix_addr)) {
|
|
|
|
smartlist_add(matching_ports, p);
|
|
|
|
} else {
|
|
|
|
if (add_unix_port(matching_ports, p)) {
|
|
|
|
if (!warn_once) {
|
|
|
|
/* Unix port not supported so warn only once. */
|
|
|
|
log_warn(LD_REND, "Saw AF_UNIX virtual port mapping for port %d "
|
|
|
|
"which is unsupported on this platform. "
|
|
|
|
"Ignoring it.",
|
|
|
|
TO_CONN(conn)->port);
|
|
|
|
}
|
|
|
|
warn_once++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(p);
|
|
|
|
|
|
|
|
chosen_port = smartlist_choose(matching_ports);
|
|
|
|
smartlist_free(matching_ports);
|
|
|
|
if (chosen_port) {
|
|
|
|
if (!(chosen_port->is_unix_addr)) {
|
2018-09-12 14:52:41 +02:00
|
|
|
/* save the original destination before we overwrite it */
|
|
|
|
if (conn->hs_ident) {
|
|
|
|
conn->hs_ident->orig_virtual_port = TO_CONN(conn)->port;
|
|
|
|
}
|
|
|
|
|
2017-05-10 21:04:40 +02:00
|
|
|
/* Get a non-AF_UNIX connection ready for connection_exit_connect() */
|
|
|
|
tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr);
|
|
|
|
TO_CONN(conn)->port = chosen_port->real_port;
|
|
|
|
} else {
|
|
|
|
if (set_unix_port(conn, chosen_port)) {
|
|
|
|
/* Simply impossible to end up here else we were able to add a Unix
|
|
|
|
* port without AF_UNIX support... ? */
|
|
|
|
tor_assert(0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (chosen_port) ? 0 : -1;
|
|
|
|
}
|
|
|
|
|
2017-01-30 23:33:18 +01:00
|
|
|
/* Using a base32 representation of a service address, parse its content into
|
|
|
|
* the key_out, checksum_out and version_out. Any out variable can be NULL in
|
|
|
|
* case the caller would want only one field. checksum_out MUST at least be 2
|
|
|
|
* bytes long.
|
|
|
|
*
|
|
|
|
* Return 0 if parsing went well; return -1 in case of error. */
|
|
|
|
int
|
|
|
|
hs_parse_address(const char *address, ed25519_public_key_t *key_out,
|
2017-07-12 19:41:33 +02:00
|
|
|
uint8_t *checksum_out, uint8_t *version_out)
|
2017-01-30 23:33:18 +01:00
|
|
|
{
|
|
|
|
char decoded[HS_SERVICE_ADDR_LEN];
|
|
|
|
|
|
|
|
tor_assert(address);
|
|
|
|
|
|
|
|
/* Obvious length check. */
|
|
|
|
if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) {
|
|
|
|
log_warn(LD_REND, "Service address %s has an invalid length. "
|
2017-07-14 17:33:12 +02:00
|
|
|
"Expected %lu but got %lu.",
|
|
|
|
escaped_safe_str(address),
|
|
|
|
(unsigned long) HS_SERVICE_ADDR_LEN_BASE32,
|
|
|
|
(unsigned long) strlen(address));
|
2017-01-30 23:33:18 +01:00
|
|
|
goto invalid;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Decode address so we can extract needed fields. */
|
|
|
|
if (base32_decode(decoded, sizeof(decoded), address, strlen(address)) < 0) {
|
|
|
|
log_warn(LD_REND, "Service address %s can't be decoded.",
|
|
|
|
escaped_safe_str(address));
|
|
|
|
goto invalid;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Parse the decoded address into the fields we need. */
|
|
|
|
hs_parse_address_impl(decoded, key_out, checksum_out, version_out);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
invalid:
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Validate a given onion address. The length, the base32 decoding and
|
|
|
|
* checksum are validated. Return 1 if valid else 0. */
|
|
|
|
int
|
|
|
|
hs_address_is_valid(const char *address)
|
|
|
|
{
|
|
|
|
uint8_t version;
|
2017-07-12 19:41:33 +02:00
|
|
|
uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED];
|
|
|
|
uint8_t target_checksum[DIGEST256_LEN];
|
2017-09-13 20:06:25 +02:00
|
|
|
ed25519_public_key_t service_pubkey;
|
2017-01-30 23:33:18 +01:00
|
|
|
|
|
|
|
/* Parse the decoded address into the fields we need. */
|
2017-09-13 20:06:25 +02:00
|
|
|
if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) {
|
2017-01-30 23:33:18 +01:00
|
|
|
goto invalid;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the checksum it's suppose to be and compare it with what we have
|
|
|
|
* encoded in the address. */
|
2017-09-13 20:06:25 +02:00
|
|
|
build_hs_checksum(&service_pubkey, version, target_checksum);
|
2017-01-30 23:33:18 +01:00
|
|
|
if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) {
|
|
|
|
log_warn(LD_REND, "Service address %s invalid checksum.",
|
|
|
|
escaped_safe_str(address));
|
|
|
|
goto invalid;
|
|
|
|
}
|
|
|
|
|
2017-09-13 20:06:25 +02:00
|
|
|
/* Validate that this pubkey does not have a torsion component. We need to do
|
|
|
|
* this on the prop224 client-side so that attackers can't give equivalent
|
|
|
|
* forms of an onion address to users. */
|
|
|
|
if (ed25519_validate_pubkey(&service_pubkey) < 0) {
|
|
|
|
log_warn(LD_REND, "Service address %s has bad pubkey .",
|
|
|
|
escaped_safe_str(address));
|
|
|
|
goto invalid;
|
|
|
|
}
|
|
|
|
|
2017-01-30 23:33:18 +01:00
|
|
|
/* Valid address. */
|
|
|
|
return 1;
|
|
|
|
invalid:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Build a service address using an ed25519 public key and a given version.
|
|
|
|
* The returned address is base32 encoded and put in addr_out. The caller MUST
|
|
|
|
* make sure the addr_out is at least HS_SERVICE_ADDR_LEN_BASE32 + 1 long.
|
|
|
|
*
|
|
|
|
* Format is as follow:
|
|
|
|
* base32(PUBKEY || CHECKSUM || VERSION)
|
|
|
|
* CHECKSUM = H(".onion checksum" || PUBKEY || VERSION)
|
|
|
|
* */
|
|
|
|
void
|
|
|
|
hs_build_address(const ed25519_public_key_t *key, uint8_t version,
|
|
|
|
char *addr_out)
|
|
|
|
{
|
2017-07-12 19:41:33 +02:00
|
|
|
uint8_t checksum[DIGEST256_LEN];
|
|
|
|
char address[HS_SERVICE_ADDR_LEN];
|
2017-01-30 23:33:18 +01:00
|
|
|
|
|
|
|
tor_assert(key);
|
|
|
|
tor_assert(addr_out);
|
|
|
|
|
|
|
|
/* Get the checksum of the address. */
|
|
|
|
build_hs_checksum(key, version, checksum);
|
|
|
|
/* Get the binary address representation. */
|
|
|
|
build_hs_address(key, checksum, version, address);
|
|
|
|
|
|
|
|
/* Encode the address. addr_out will be NUL terminated after this. */
|
|
|
|
base32_encode(addr_out, HS_SERVICE_ADDR_LEN_BASE32 + 1, address,
|
|
|
|
sizeof(address));
|
|
|
|
/* Validate what we just built. */
|
|
|
|
tor_assert(hs_address_is_valid(addr_out));
|
|
|
|
}
|
|
|
|
|
2017-07-23 16:43:16 +02:00
|
|
|
/* Return a newly allocated copy of lspec. */
|
|
|
|
link_specifier_t *
|
|
|
|
hs_link_specifier_dup(const link_specifier_t *lspec)
|
|
|
|
{
|
2018-01-03 15:13:00 +01:00
|
|
|
link_specifier_t *result = link_specifier_new();
|
|
|
|
memcpy(result, lspec, sizeof(*result));
|
2017-07-23 16:43:16 +02:00
|
|
|
/* The unrecognized field is a dynamic array so make sure to copy its
|
|
|
|
* content and not the pointer. */
|
|
|
|
link_specifier_setlen_un_unrecognized(
|
2018-01-03 15:13:00 +01:00
|
|
|
result, link_specifier_getlen_un_unrecognized(lspec));
|
|
|
|
if (link_specifier_getlen_un_unrecognized(result)) {
|
|
|
|
memcpy(link_specifier_getarray_un_unrecognized(result),
|
2017-07-23 16:43:16 +02:00
|
|
|
link_specifier_getconstarray_un_unrecognized(lspec),
|
2018-01-03 15:13:00 +01:00
|
|
|
link_specifier_getlen_un_unrecognized(result));
|
2017-07-23 16:43:16 +02:00
|
|
|
}
|
2018-01-03 15:13:00 +01:00
|
|
|
return result;
|
2017-07-23 16:43:16 +02:00
|
|
|
}
|
|
|
|
|
2017-02-06 18:26:36 +01:00
|
|
|
/* From a given ed25519 public key pk and an optional secret, compute a
|
|
|
|
* blinded public key and put it in blinded_pk_out. This is only useful to
|
|
|
|
* the client side because the client only has access to the identity public
|
|
|
|
* key of the service. */
|
|
|
|
void
|
|
|
|
hs_build_blinded_pubkey(const ed25519_public_key_t *pk,
|
|
|
|
const uint8_t *secret, size_t secret_len,
|
|
|
|
uint64_t time_period_num,
|
|
|
|
ed25519_public_key_t *blinded_pk_out)
|
|
|
|
{
|
|
|
|
/* Our blinding key API requires a 32 bytes parameter. */
|
|
|
|
uint8_t param[DIGEST256_LEN];
|
|
|
|
|
|
|
|
tor_assert(pk);
|
|
|
|
tor_assert(blinded_pk_out);
|
|
|
|
tor_assert(!tor_mem_is_zero((char *) pk, ED25519_PUBKEY_LEN));
|
|
|
|
|
|
|
|
build_blinded_key_param(pk, secret, secret_len,
|
|
|
|
time_period_num, get_time_period_length(), param);
|
|
|
|
ed25519_public_blind(blinded_pk_out, pk, param);
|
2017-08-03 14:42:30 +02:00
|
|
|
|
|
|
|
memwipe(param, 0, sizeof(param));
|
2017-02-06 18:26:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* From a given ed25519 keypair kp and an optional secret, compute a blinded
|
|
|
|
* keypair for the current time period and put it in blinded_kp_out. This is
|
|
|
|
* only useful by the service side because the client doesn't have access to
|
|
|
|
* the identity secret key. */
|
|
|
|
void
|
|
|
|
hs_build_blinded_keypair(const ed25519_keypair_t *kp,
|
|
|
|
const uint8_t *secret, size_t secret_len,
|
|
|
|
uint64_t time_period_num,
|
|
|
|
ed25519_keypair_t *blinded_kp_out)
|
|
|
|
{
|
|
|
|
/* Our blinding key API requires a 32 bytes parameter. */
|
|
|
|
uint8_t param[DIGEST256_LEN];
|
|
|
|
|
|
|
|
tor_assert(kp);
|
|
|
|
tor_assert(blinded_kp_out);
|
|
|
|
/* Extra safety. A zeroed key is bad. */
|
|
|
|
tor_assert(!tor_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
|
|
|
|
tor_assert(!tor_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
|
|
|
|
|
|
|
|
build_blinded_key_param(&kp->pubkey, secret, secret_len,
|
|
|
|
time_period_num, get_time_period_length(), param);
|
|
|
|
ed25519_keypair_blind(blinded_kp_out, kp, param);
|
2017-08-03 14:42:30 +02:00
|
|
|
|
|
|
|
memwipe(param, 0, sizeof(param));
|
2017-02-06 18:26:36 +01:00
|
|
|
}
|
|
|
|
|
2017-09-06 17:12:28 +02:00
|
|
|
/* Return true if we are currently in the time segment between a new time
|
|
|
|
* period and a new SRV (in the real network that happens between 12:00 and
|
|
|
|
* 00:00 UTC). Here is a diagram showing exactly when this returns true:
|
|
|
|
*
|
|
|
|
* +------------------------------------------------------------------+
|
|
|
|
* | |
|
|
|
|
* | 00:00 12:00 00:00 12:00 00:00 12:00 |
|
|
|
|
* | SRV#1 TP#1 SRV#2 TP#2 SRV#3 TP#3 |
|
|
|
|
* | |
|
|
|
|
* | $==========|-----------$===========|-----------$===========| |
|
|
|
|
* | ^^^^^^^^^^^^ ^^^^^^^^^^^^ |
|
|
|
|
* | |
|
|
|
|
* +------------------------------------------------------------------+
|
|
|
|
*/
|
2017-05-05 20:55:26 +02:00
|
|
|
MOCK_IMPL(int,
|
2017-09-08 18:06:20 +02:00
|
|
|
hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now))
|
2017-02-13 14:32:13 +01:00
|
|
|
{
|
2017-07-18 15:06:12 +02:00
|
|
|
time_t valid_after;
|
|
|
|
time_t srv_start_time, tp_start_time;
|
2017-02-13 14:32:13 +01:00
|
|
|
|
|
|
|
if (!consensus) {
|
|
|
|
consensus = networkstatus_get_live_consensus(now);
|
|
|
|
if (!consensus) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-06 17:12:28 +02:00
|
|
|
/* Get start time of next TP and of current SRV protocol run, and check if we
|
|
|
|
* are between them. */
|
2017-07-18 15:06:12 +02:00
|
|
|
valid_after = consensus->valid_after;
|
2018-07-17 17:00:18 +02:00
|
|
|
srv_start_time = sr_state_get_start_time_of_current_protocol_run();
|
2017-07-18 15:06:12 +02:00
|
|
|
tp_start_time = hs_get_start_time_of_next_time_period(srv_start_time);
|
2017-02-13 14:32:13 +01:00
|
|
|
|
2017-07-18 15:06:12 +02:00
|
|
|
if (valid_after >= srv_start_time && valid_after < tp_start_time) {
|
2017-09-06 17:12:28 +02:00
|
|
|
return 0;
|
2017-02-13 14:32:13 +01:00
|
|
|
}
|
2017-07-18 15:06:12 +02:00
|
|
|
|
2017-09-06 17:12:28 +02:00
|
|
|
return 1;
|
2017-03-08 23:31:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Return 1 if any virtual port in ports needs a circuit with good uptime.
|
|
|
|
* Else return 0. */
|
|
|
|
int
|
|
|
|
hs_service_requires_uptime_circ(const smartlist_t *ports)
|
|
|
|
{
|
|
|
|
tor_assert(ports);
|
2017-02-13 14:32:13 +01:00
|
|
|
|
2017-03-08 23:31:36 +01:00
|
|
|
SMARTLIST_FOREACH_BEGIN(ports, rend_service_port_config_t *, p) {
|
|
|
|
if (smartlist_contains_int_as_string(get_options()->LongLivedPorts,
|
|
|
|
p->virtual_port)) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(p);
|
2017-02-13 14:32:13 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-04-18 21:06:44 +02:00
|
|
|
/* Build hs_index which is used to find the responsible hsdirs. This index
|
|
|
|
* value is used to select the responsible HSDir where their hsdir_index is
|
|
|
|
* closest to this value.
|
|
|
|
* SHA3-256("store-at-idx" | blinded_public_key |
|
2017-08-03 11:01:52 +02:00
|
|
|
* INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) )
|
2017-04-18 21:06:44 +02:00
|
|
|
*
|
|
|
|
* hs_index_out must be large enough to receive DIGEST256_LEN bytes. */
|
|
|
|
void
|
|
|
|
hs_build_hs_index(uint64_t replica, const ed25519_public_key_t *blinded_pk,
|
|
|
|
uint64_t period_num, uint8_t *hs_index_out)
|
|
|
|
{
|
|
|
|
crypto_digest_t *digest;
|
|
|
|
|
|
|
|
tor_assert(blinded_pk);
|
|
|
|
tor_assert(hs_index_out);
|
|
|
|
|
|
|
|
/* Build hs_index. See construction at top of function comment. */
|
|
|
|
digest = crypto_digest256_new(DIGEST_SHA3_256);
|
|
|
|
crypto_digest_add_bytes(digest, HS_INDEX_PREFIX, HS_INDEX_PREFIX_LEN);
|
|
|
|
crypto_digest_add_bytes(digest, (const char *) blinded_pk->pubkey,
|
|
|
|
ED25519_PUBKEY_LEN);
|
2017-08-03 11:01:52 +02:00
|
|
|
|
|
|
|
/* Now setup INT_8(replicanum) | INT_8(period_length) | INT_8(period_num) */
|
|
|
|
{
|
|
|
|
uint64_t period_length = get_time_period_length();
|
|
|
|
char buf[sizeof(uint64_t)*3];
|
|
|
|
size_t offset = 0;
|
|
|
|
set_uint64(buf, tor_htonll(replica));
|
|
|
|
offset += sizeof(uint64_t);
|
2017-08-07 17:58:13 +02:00
|
|
|
set_uint64(buf+offset, tor_htonll(period_length));
|
2017-08-03 11:01:52 +02:00
|
|
|
offset += sizeof(uint64_t);
|
2017-08-07 17:58:13 +02:00
|
|
|
set_uint64(buf+offset, tor_htonll(period_num));
|
2017-08-03 11:01:52 +02:00
|
|
|
offset += sizeof(uint64_t);
|
|
|
|
tor_assert(offset == sizeof(buf));
|
|
|
|
|
|
|
|
crypto_digest_add_bytes(digest, buf, sizeof(buf));
|
|
|
|
}
|
|
|
|
|
2017-04-18 21:06:44 +02:00
|
|
|
crypto_digest_get_digest(digest, (char *) hs_index_out, DIGEST256_LEN);
|
|
|
|
crypto_digest_free(digest);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Build hsdir_index which is used to find the responsible hsdirs. This is the
|
|
|
|
* index value that is compare to the hs_index when selecting an HSDir.
|
|
|
|
* SHA3-256("node-idx" | node_identity |
|
2017-08-03 11:01:52 +02:00
|
|
|
* shared_random_value | INT_8(period_length) | INT_8(period_num) )
|
2017-04-18 21:06:44 +02:00
|
|
|
*
|
|
|
|
* hsdir_index_out must be large enough to receive DIGEST256_LEN bytes. */
|
|
|
|
void
|
|
|
|
hs_build_hsdir_index(const ed25519_public_key_t *identity_pk,
|
|
|
|
const uint8_t *srv_value, uint64_t period_num,
|
|
|
|
uint8_t *hsdir_index_out)
|
|
|
|
{
|
|
|
|
crypto_digest_t *digest;
|
|
|
|
|
|
|
|
tor_assert(identity_pk);
|
|
|
|
tor_assert(srv_value);
|
|
|
|
tor_assert(hsdir_index_out);
|
|
|
|
|
|
|
|
/* Build hsdir_index. See construction at top of function comment. */
|
|
|
|
digest = crypto_digest256_new(DIGEST_SHA3_256);
|
|
|
|
crypto_digest_add_bytes(digest, HSDIR_INDEX_PREFIX, HSDIR_INDEX_PREFIX_LEN);
|
|
|
|
crypto_digest_add_bytes(digest, (const char *) identity_pk->pubkey,
|
|
|
|
ED25519_PUBKEY_LEN);
|
|
|
|
crypto_digest_add_bytes(digest, (const char *) srv_value, DIGEST256_LEN);
|
2017-08-03 11:01:52 +02:00
|
|
|
|
|
|
|
{
|
|
|
|
uint64_t time_period_length = get_time_period_length();
|
|
|
|
char period_stuff[sizeof(uint64_t)*2];
|
|
|
|
size_t offset = 0;
|
|
|
|
set_uint64(period_stuff, tor_htonll(period_num));
|
|
|
|
offset += sizeof(uint64_t);
|
|
|
|
set_uint64(period_stuff+offset, tor_htonll(time_period_length));
|
|
|
|
offset += sizeof(uint64_t);
|
|
|
|
tor_assert(offset == sizeof(period_stuff));
|
|
|
|
|
|
|
|
crypto_digest_add_bytes(digest, period_stuff, sizeof(period_stuff));
|
|
|
|
}
|
|
|
|
|
2017-04-18 21:06:44 +02:00
|
|
|
crypto_digest_get_digest(digest, (char *) hsdir_index_out, DIGEST256_LEN);
|
|
|
|
crypto_digest_free(digest);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return a newly allocated buffer containing the current shared random value
|
|
|
|
* or if not present, a disaster value is computed using the given time period
|
2017-08-04 11:21:14 +02:00
|
|
|
* number. If a consensus is provided in <b>ns</b>, use it to get the SRV
|
|
|
|
* value. This function can't fail. */
|
2017-04-18 21:06:44 +02:00
|
|
|
uint8_t *
|
2017-08-04 11:21:14 +02:00
|
|
|
hs_get_current_srv(uint64_t time_period_num, const networkstatus_t *ns)
|
2017-04-18 21:06:44 +02:00
|
|
|
{
|
|
|
|
uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
|
2017-08-04 11:21:14 +02:00
|
|
|
const sr_srv_t *current_srv = sr_get_current(ns);
|
2017-04-18 21:06:44 +02:00
|
|
|
|
|
|
|
if (current_srv) {
|
|
|
|
memcpy(sr_value, current_srv->value, sizeof(current_srv->value));
|
|
|
|
} else {
|
|
|
|
/* Disaster mode. */
|
|
|
|
get_disaster_srv(time_period_num, sr_value);
|
|
|
|
}
|
|
|
|
return sr_value;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return a newly allocated buffer containing the previous shared random
|
|
|
|
* value or if not present, a disaster value is computed using the given time
|
|
|
|
* period number. This function can't fail. */
|
|
|
|
uint8_t *
|
2017-08-04 11:21:14 +02:00
|
|
|
hs_get_previous_srv(uint64_t time_period_num, const networkstatus_t *ns)
|
2017-04-18 21:06:44 +02:00
|
|
|
{
|
|
|
|
uint8_t *sr_value = tor_malloc_zero(DIGEST256_LEN);
|
2017-08-04 11:21:14 +02:00
|
|
|
const sr_srv_t *previous_srv = sr_get_previous(ns);
|
2017-04-18 21:06:44 +02:00
|
|
|
|
|
|
|
if (previous_srv) {
|
|
|
|
memcpy(sr_value, previous_srv->value, sizeof(previous_srv->value));
|
|
|
|
} else {
|
|
|
|
/* Disaster mode. */
|
|
|
|
get_disaster_srv(time_period_num, sr_value);
|
|
|
|
}
|
|
|
|
return sr_value;
|
|
|
|
}
|
|
|
|
|
2017-04-19 17:06:19 +02:00
|
|
|
/* Return the number of replicas defined by a consensus parameter or the
|
|
|
|
* default value. */
|
|
|
|
int32_t
|
|
|
|
hs_get_hsdir_n_replicas(void)
|
|
|
|
{
|
|
|
|
/* The [1,16] range is a specification requirement. */
|
|
|
|
return networkstatus_get_param(NULL, "hsdir_n_replicas",
|
|
|
|
HS_DEFAULT_HSDIR_N_REPLICAS, 1, 16);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return the spread fetch value defined by a consensus parameter or the
|
|
|
|
* default value. */
|
|
|
|
int32_t
|
|
|
|
hs_get_hsdir_spread_fetch(void)
|
|
|
|
{
|
|
|
|
/* The [1,128] range is a specification requirement. */
|
|
|
|
return networkstatus_get_param(NULL, "hsdir_spread_fetch",
|
|
|
|
HS_DEFAULT_HSDIR_SPREAD_FETCH, 1, 128);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return the spread store value defined by a consensus parameter or the
|
|
|
|
* default value. */
|
|
|
|
int32_t
|
|
|
|
hs_get_hsdir_spread_store(void)
|
|
|
|
{
|
|
|
|
/* The [1,128] range is a specification requirement. */
|
|
|
|
return networkstatus_get_param(NULL, "hsdir_spread_store",
|
|
|
|
HS_DEFAULT_HSDIR_SPREAD_STORE, 1, 128);
|
|
|
|
}
|
|
|
|
|
2017-08-02 15:50:15 +02:00
|
|
|
/** <b>node</b> is an HSDir so make sure that we have assigned an hsdir index.
|
|
|
|
* Return 0 if everything is as expected, else return -1. */
|
|
|
|
static int
|
2017-09-06 16:25:21 +02:00
|
|
|
node_has_hsdir_index(const node_t *node)
|
2017-08-02 15:50:15 +02:00
|
|
|
{
|
|
|
|
tor_assert(node_supports_v3_hsdir(node));
|
|
|
|
|
|
|
|
/* A node can't have an HSDir index without a descriptor since we need desc
|
2018-04-16 16:38:55 +02:00
|
|
|
* to get its ed25519 key. for_direct_connect should be zero, since we
|
|
|
|
* always use the consensus-indexed node's keys to build the hash ring, even
|
|
|
|
* if some of the consensus-indexed nodes are also bridges. */
|
|
|
|
if (!node_has_preferred_descriptor(node, 0)) {
|
2017-08-02 15:50:15 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* At this point, since the node has a desc, this node must also have an
|
|
|
|
* hsdir index. If not, something went wrong, so BUG out. */
|
2018-04-29 01:56:12 +02:00
|
|
|
if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.fetch,
|
2017-08-02 15:50:15 +02:00
|
|
|
DIGEST256_LEN))) {
|
|
|
|
return 0;
|
|
|
|
}
|
2018-04-29 01:56:12 +02:00
|
|
|
if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.store_first,
|
2017-09-06 16:25:21 +02:00
|
|
|
DIGEST256_LEN))) {
|
|
|
|
return 0;
|
|
|
|
}
|
2018-04-29 01:56:12 +02:00
|
|
|
if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.store_second,
|
2017-08-12 12:05:25 +02:00
|
|
|
DIGEST256_LEN))) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-08-02 15:50:15 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2017-04-19 18:23:43 +02:00
|
|
|
/* For a given blinded key and time period number, get the responsible HSDir
|
|
|
|
* and put their routerstatus_t object in the responsible_dirs list. If
|
2017-09-08 11:51:30 +02:00
|
|
|
* 'use_second_hsdir_index' is true, use the second hsdir_index of the node_t
|
|
|
|
* is used. If 'for_fetching' is true, the spread fetch consensus parameter is
|
|
|
|
* used else the spread store is used which is only for upload. This function
|
|
|
|
* can't fail but it is possible that the responsible_dirs list contains fewer
|
|
|
|
* nodes than expected.
|
2017-04-19 18:23:43 +02:00
|
|
|
*
|
|
|
|
* This function goes over the latest consensus routerstatus list and sorts it
|
|
|
|
* by their node_t hsdir_index then does a binary search to find the closest
|
|
|
|
* node. All of this makes it a bit CPU intensive so use it wisely. */
|
|
|
|
void
|
|
|
|
hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,
|
2017-09-08 11:51:30 +02:00
|
|
|
uint64_t time_period_num, int use_second_hsdir_index,
|
2017-09-06 17:12:28 +02:00
|
|
|
int for_fetching, smartlist_t *responsible_dirs)
|
2017-04-19 18:23:43 +02:00
|
|
|
{
|
|
|
|
smartlist_t *sorted_nodes;
|
|
|
|
/* The compare function used for the smartlist bsearch. We have two
|
|
|
|
* different depending on is_next_period. */
|
|
|
|
int (*cmp_fct)(const void *, const void **);
|
|
|
|
|
|
|
|
tor_assert(blinded_pk);
|
|
|
|
tor_assert(responsible_dirs);
|
|
|
|
|
|
|
|
sorted_nodes = smartlist_new();
|
|
|
|
|
2018-06-13 12:27:00 +02:00
|
|
|
/* Make sure we actually have a live consensus */
|
|
|
|
networkstatus_t *c = networkstatus_get_live_consensus(approx_time());
|
|
|
|
if (!c || smartlist_len(c->routerstatus_list) == 0) {
|
|
|
|
log_warn(LD_REND, "No live consensus so we can't get the responsible "
|
|
|
|
"hidden service directories.");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2018-06-13 12:28:39 +02:00
|
|
|
/* Ensure the nodelist is fresh, since it contains the HSDir indices. */
|
|
|
|
nodelist_ensure_freshness(c);
|
|
|
|
|
2017-04-19 18:23:43 +02:00
|
|
|
/* Add every node_t that support HSDir v3 for which we do have a valid
|
|
|
|
* hsdir_index already computed for them for this consensus. */
|
|
|
|
{
|
|
|
|
SMARTLIST_FOREACH_BEGIN(c->routerstatus_list, const routerstatus_t *, rs) {
|
|
|
|
/* Even though this node_t object won't be modified and should be const,
|
|
|
|
* we can't add const object in a smartlist_t. */
|
|
|
|
node_t *n = node_get_mutable_by_id(rs->identity_digest);
|
|
|
|
tor_assert(n);
|
|
|
|
if (node_supports_v3_hsdir(n) && rs->is_hs_dir) {
|
2017-09-06 16:25:21 +02:00
|
|
|
if (!node_has_hsdir_index(n)) {
|
2017-08-02 15:50:15 +02:00
|
|
|
log_info(LD_GENERAL, "Node %s was found without hsdir index.",
|
|
|
|
node_describe(n));
|
2017-04-19 18:23:43 +02:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
smartlist_add(sorted_nodes, n);
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(rs);
|
|
|
|
}
|
|
|
|
if (smartlist_len(sorted_nodes) == 0) {
|
|
|
|
log_warn(LD_REND, "No nodes found to be HSDir or supporting v3.");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* First thing we have to do is sort all node_t by hsdir_index. The
|
|
|
|
* is_next_period tells us if we want the current or the next one. Set the
|
|
|
|
* bsearch compare function also while we are at it. */
|
2017-09-06 17:12:28 +02:00
|
|
|
if (for_fetching) {
|
2017-09-06 16:25:21 +02:00
|
|
|
smartlist_sort(sorted_nodes, compare_node_fetch_hsdir_index);
|
|
|
|
cmp_fct = compare_digest_to_fetch_hsdir_index;
|
2017-09-08 11:51:30 +02:00
|
|
|
} else if (use_second_hsdir_index) {
|
2017-09-06 16:25:21 +02:00
|
|
|
smartlist_sort(sorted_nodes, compare_node_store_second_hsdir_index);
|
|
|
|
cmp_fct = compare_digest_to_store_second_hsdir_index;
|
2017-04-19 18:23:43 +02:00
|
|
|
} else {
|
2017-09-06 16:25:21 +02:00
|
|
|
smartlist_sort(sorted_nodes, compare_node_store_first_hsdir_index);
|
|
|
|
cmp_fct = compare_digest_to_store_first_hsdir_index;
|
2017-04-19 18:23:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* For all replicas, we'll select a set of HSDirs using the consensus
|
|
|
|
* parameters and the sorted list. The replica starting at value 1 is
|
|
|
|
* defined by the specification. */
|
|
|
|
for (int replica = 1; replica <= hs_get_hsdir_n_replicas(); replica++) {
|
|
|
|
int idx, start, found, n_added = 0;
|
|
|
|
uint8_t hs_index[DIGEST256_LEN] = {0};
|
|
|
|
/* Number of node to add to the responsible dirs list depends on if we are
|
|
|
|
* trying to fetch or store. A client always fetches. */
|
2017-09-06 17:12:28 +02:00
|
|
|
int n_to_add = (for_fetching) ? hs_get_hsdir_spread_fetch() :
|
|
|
|
hs_get_hsdir_spread_store();
|
2017-04-19 18:23:43 +02:00
|
|
|
|
|
|
|
/* Get the index that we should use to select the node. */
|
|
|
|
hs_build_hs_index(replica, blinded_pk, time_period_num, hs_index);
|
|
|
|
/* The compare function pointer has been set correctly earlier. */
|
|
|
|
start = idx = smartlist_bsearch_idx(sorted_nodes, hs_index, cmp_fct,
|
|
|
|
&found);
|
|
|
|
/* Getting the length of the list if no member is greater than the key we
|
|
|
|
* are looking for so start at the first element. */
|
|
|
|
if (idx == smartlist_len(sorted_nodes)) {
|
|
|
|
start = idx = 0;
|
|
|
|
}
|
|
|
|
while (n_added < n_to_add) {
|
|
|
|
const node_t *node = smartlist_get(sorted_nodes, idx);
|
|
|
|
/* If the node has already been selected which is possible between
|
|
|
|
* replicas, the specification says to skip over. */
|
|
|
|
if (!smartlist_contains(responsible_dirs, node->rs)) {
|
|
|
|
smartlist_add(responsible_dirs, node->rs);
|
|
|
|
++n_added;
|
|
|
|
}
|
|
|
|
if (++idx == smartlist_len(sorted_nodes)) {
|
|
|
|
/* Wrap if we've reached the end of the list. */
|
|
|
|
idx = 0;
|
|
|
|
}
|
|
|
|
if (idx == start) {
|
|
|
|
/* We've gone over the whole list, stop and avoid infinite loop. */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
done:
|
|
|
|
smartlist_free(sorted_nodes);
|
|
|
|
}
|
|
|
|
|
2017-06-01 12:48:03 +02:00
|
|
|
/*********************** HSDir request tracking ***************************/
|
|
|
|
|
|
|
|
/** Return the period for which a hidden service directory cannot be queried
|
|
|
|
* for the same descriptor ID again, taking TestingTorNetwork into account. */
|
2017-06-01 12:56:43 +02:00
|
|
|
time_t
|
|
|
|
hs_hsdir_requery_period(const or_options_t *options)
|
2017-06-01 12:48:03 +02:00
|
|
|
{
|
|
|
|
tor_assert(options);
|
|
|
|
|
|
|
|
if (options->TestingTorNetwork) {
|
|
|
|
return REND_HID_SERV_DIR_REQUERY_PERIOD_TESTING;
|
|
|
|
} else {
|
|
|
|
return REND_HID_SERV_DIR_REQUERY_PERIOD;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-06-01 12:56:43 +02:00
|
|
|
/** Tracks requests for fetching hidden service descriptors. It's used by
|
|
|
|
* hidden service clients, to avoid querying HSDirs that have already failed
|
|
|
|
* giving back a descriptor. The same data structure is used to track both v2
|
|
|
|
* and v3 HS descriptor requests.
|
|
|
|
*
|
|
|
|
* The string map is a key/value store that contains the last request times to
|
|
|
|
* hidden service directories for certain queries. Specifically:
|
|
|
|
*
|
|
|
|
* key = base32(hsdir_identity) + base32(hs_identity)
|
|
|
|
* value = time_t of last request for that hs_identity to that HSDir
|
|
|
|
*
|
|
|
|
* where 'hsdir_identity' is the identity digest of the HSDir node, and
|
|
|
|
* 'hs_identity' is the descriptor ID of the HS in the v2 case, or the ed25519
|
2017-08-28 18:55:26 +02:00
|
|
|
* blinded public key of the HS in the v3 case. */
|
2017-06-01 12:48:03 +02:00
|
|
|
static strmap_t *last_hid_serv_requests_ = NULL;
|
|
|
|
|
|
|
|
/** Returns last_hid_serv_requests_, initializing it to a new strmap if
|
|
|
|
* necessary. */
|
2017-06-01 12:56:43 +02:00
|
|
|
STATIC strmap_t *
|
2017-06-01 12:48:03 +02:00
|
|
|
get_last_hid_serv_requests(void)
|
|
|
|
{
|
|
|
|
if (!last_hid_serv_requests_)
|
|
|
|
last_hid_serv_requests_ = strmap_new();
|
|
|
|
return last_hid_serv_requests_;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Look up the last request time to hidden service directory <b>hs_dir</b>
|
2017-06-01 12:56:43 +02:00
|
|
|
* for descriptor request key <b>req_key_str</b> which is the descriptor ID
|
|
|
|
* for a v2 service or the blinded key for v3. If <b>set</b> is non-zero,
|
|
|
|
* assign the current time <b>now</b> and return that. Otherwise, return the
|
|
|
|
* most recent request time, or 0 if no such request has been sent before. */
|
|
|
|
time_t
|
|
|
|
hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir,
|
|
|
|
const char *req_key_str,
|
|
|
|
time_t now, int set)
|
2017-06-01 12:48:03 +02:00
|
|
|
{
|
2017-09-19 18:33:04 +02:00
|
|
|
char hsdir_id_base32[BASE32_DIGEST_LEN + 1];
|
2017-06-01 12:56:43 +02:00
|
|
|
char *hsdir_desc_comb_id = NULL;
|
2017-06-01 12:48:03 +02:00
|
|
|
time_t *last_request_ptr;
|
|
|
|
strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
|
2017-06-01 12:56:43 +02:00
|
|
|
|
|
|
|
/* Create the key */
|
2017-06-01 12:48:03 +02:00
|
|
|
base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
|
|
|
|
hs_dir->identity_digest, DIGEST_LEN);
|
2017-06-01 12:56:43 +02:00
|
|
|
tor_asprintf(&hsdir_desc_comb_id, "%s%s", hsdir_id_base32, req_key_str);
|
|
|
|
|
2017-06-01 12:48:03 +02:00
|
|
|
if (set) {
|
|
|
|
time_t *oldptr;
|
|
|
|
last_request_ptr = tor_malloc_zero(sizeof(time_t));
|
|
|
|
*last_request_ptr = now;
|
|
|
|
oldptr = strmap_set(last_hid_serv_requests, hsdir_desc_comb_id,
|
|
|
|
last_request_ptr);
|
|
|
|
tor_free(oldptr);
|
2017-06-01 12:56:43 +02:00
|
|
|
} else {
|
|
|
|
last_request_ptr = strmap_get(last_hid_serv_requests,
|
|
|
|
hsdir_desc_comb_id);
|
|
|
|
}
|
|
|
|
|
|
|
|
tor_free(hsdir_desc_comb_id);
|
2017-06-01 12:48:03 +02:00
|
|
|
return (last_request_ptr) ? *last_request_ptr : 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Clean the history of request times to hidden service directories, so that
|
|
|
|
* it does not contain requests older than REND_HID_SERV_DIR_REQUERY_PERIOD
|
|
|
|
* seconds any more. */
|
2017-06-01 12:56:43 +02:00
|
|
|
void
|
|
|
|
hs_clean_last_hid_serv_requests(time_t now)
|
2017-06-01 12:48:03 +02:00
|
|
|
{
|
|
|
|
strmap_iter_t *iter;
|
2017-06-01 12:56:43 +02:00
|
|
|
time_t cutoff = now - hs_hsdir_requery_period(get_options());
|
2017-06-01 12:48:03 +02:00
|
|
|
strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
|
|
|
|
for (iter = strmap_iter_init(last_hid_serv_requests);
|
|
|
|
!strmap_iter_done(iter); ) {
|
|
|
|
const char *key;
|
|
|
|
void *val;
|
|
|
|
time_t *ent;
|
|
|
|
strmap_iter_get(iter, &key, &val);
|
|
|
|
ent = (time_t *) val;
|
|
|
|
if (*ent < cutoff) {
|
|
|
|
iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
|
|
|
|
tor_free(ent);
|
|
|
|
} else {
|
|
|
|
iter = strmap_iter_next(last_hid_serv_requests, iter);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-06-01 12:56:43 +02:00
|
|
|
/** Remove all requests related to the descriptor request key string
|
|
|
|
* <b>req_key_str</b> from the history of times of requests to hidden service
|
|
|
|
* directories.
|
2017-06-01 12:48:03 +02:00
|
|
|
*
|
|
|
|
* This is called from rend_client_note_connection_attempt_ended(), which
|
|
|
|
* must be idempotent, so any future changes to this function must leave it
|
|
|
|
* idempotent too. */
|
|
|
|
void
|
2017-06-01 12:56:43 +02:00
|
|
|
hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
|
2017-06-01 12:48:03 +02:00
|
|
|
{
|
|
|
|
strmap_iter_t *iter;
|
|
|
|
strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
|
|
|
|
|
|
|
|
for (iter = strmap_iter_init(last_hid_serv_requests);
|
|
|
|
!strmap_iter_done(iter); ) {
|
|
|
|
const char *key;
|
|
|
|
void *val;
|
|
|
|
strmap_iter_get(iter, &key, &val);
|
2017-06-01 12:56:43 +02:00
|
|
|
|
|
|
|
/* XXX: The use of REND_DESC_ID_V2_LEN_BASE32 is very wrong in terms of
|
|
|
|
* semantic, see #23305. */
|
|
|
|
|
2017-08-28 15:30:51 +02:00
|
|
|
/* This strmap contains variable-sized elements so this is a basic length
|
2017-08-28 18:55:26 +02:00
|
|
|
* check on the strings we are about to compare. The key is variable sized
|
|
|
|
* since it's composed as follows:
|
|
|
|
* key = base32(hsdir_identity) + base32(req_key_str)
|
|
|
|
* where 'req_key_str' is the descriptor ID of the HS in the v2 case, or
|
|
|
|
* the ed25519 blinded public key of the HS in the v3 case. */
|
2017-08-28 15:30:51 +02:00
|
|
|
if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) {
|
2017-06-01 12:56:43 +02:00
|
|
|
iter = strmap_iter_next(last_hid_serv_requests, iter);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Check if the tracked request matches our request key */
|
|
|
|
if (tor_memeq(key + REND_DESC_ID_V2_LEN_BASE32, req_key_str,
|
|
|
|
strlen(req_key_str))) {
|
2017-06-01 12:48:03 +02:00
|
|
|
iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
|
|
|
|
tor_free(val);
|
|
|
|
} else {
|
|
|
|
iter = strmap_iter_next(last_hid_serv_requests, iter);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Purge the history of request times to hidden service directories,
|
|
|
|
* so that future lookups of an HS descriptor will not fail because we
|
|
|
|
* accessed all of the HSDir relays responsible for the descriptor
|
|
|
|
* recently. */
|
|
|
|
void
|
2017-06-01 12:56:43 +02:00
|
|
|
hs_purge_last_hid_serv_requests(void)
|
2017-06-01 12:48:03 +02:00
|
|
|
{
|
2017-06-01 12:56:43 +02:00
|
|
|
/* Don't create the table if it doesn't exist yet (and it may very
|
2017-06-01 12:48:03 +02:00
|
|
|
* well not exist if the user hasn't accessed any HSes)... */
|
|
|
|
strmap_t *old_last_hid_serv_requests = last_hid_serv_requests_;
|
|
|
|
/* ... and let get_last_hid_serv_requests re-create it for us if
|
|
|
|
* necessary. */
|
|
|
|
last_hid_serv_requests_ = NULL;
|
|
|
|
|
|
|
|
if (old_last_hid_serv_requests != NULL) {
|
|
|
|
log_info(LD_REND, "Purging client last-HS-desc-request-time table");
|
|
|
|
strmap_free(old_last_hid_serv_requests, tor_free_);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/***********************************************************************/
|
|
|
|
|
2017-06-01 13:07:53 +02:00
|
|
|
/** Given the list of responsible HSDirs in <b>responsible_dirs</b>, pick the
|
|
|
|
* one that we should use to fetch a descriptor right now. Take into account
|
|
|
|
* previous failed attempts at fetching this descriptor from HSDirs using the
|
|
|
|
* string identifier <b>req_key_str</b>.
|
|
|
|
*
|
|
|
|
* Steals ownership of <b>responsible_dirs</b>.
|
2017-06-01 12:48:03 +02:00
|
|
|
*
|
2017-06-01 13:07:53 +02:00
|
|
|
* Return the routerstatus of the chosen HSDir if successful, otherwise return
|
|
|
|
* NULL if no HSDirs are worth trying right now. */
|
2017-06-01 12:48:03 +02:00
|
|
|
routerstatus_t *
|
2017-06-01 13:07:53 +02:00
|
|
|
hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str)
|
2017-06-01 12:48:03 +02:00
|
|
|
{
|
|
|
|
smartlist_t *usable_responsible_dirs = smartlist_new();
|
|
|
|
const or_options_t *options = get_options();
|
|
|
|
routerstatus_t *hs_dir;
|
|
|
|
time_t now = time(NULL);
|
|
|
|
int excluded_some;
|
|
|
|
|
2017-06-01 13:07:53 +02:00
|
|
|
tor_assert(req_key_str);
|
2017-06-01 12:48:03 +02:00
|
|
|
|
2017-06-01 13:07:53 +02:00
|
|
|
/* Clean outdated request history first. */
|
2017-06-01 12:56:43 +02:00
|
|
|
hs_clean_last_hid_serv_requests(now);
|
2017-06-01 12:48:03 +02:00
|
|
|
|
|
|
|
/* Only select those hidden service directories to which we did not send a
|
2018-04-16 16:38:55 +02:00
|
|
|
* request recently and for which we have a router descriptor here.
|
|
|
|
*
|
|
|
|
* Use for_direct_connect==0 even if we will be connecting to the node
|
|
|
|
* directly, since we always use the key information in the
|
|
|
|
* consensus-indexed node descriptors for building the index.
|
|
|
|
**/
|
2017-06-01 12:48:03 +02:00
|
|
|
SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
|
2017-06-01 13:07:53 +02:00
|
|
|
time_t last = hs_lookup_last_hid_serv_request(dir, req_key_str, 0, 0);
|
2017-06-01 12:48:03 +02:00
|
|
|
const node_t *node = node_get_by_id(dir->identity_digest);
|
2017-06-01 12:56:43 +02:00
|
|
|
if (last + hs_hsdir_requery_period(options) >= now ||
|
2018-04-16 16:38:55 +02:00
|
|
|
!node || !node_has_preferred_descriptor(node, 0)) {
|
2017-06-01 12:48:03 +02:00
|
|
|
SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (!routerset_contains_node(options->ExcludeNodes, node)) {
|
|
|
|
smartlist_add(usable_responsible_dirs, dir);
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(dir);
|
|
|
|
|
|
|
|
excluded_some =
|
|
|
|
smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
|
|
|
|
|
|
|
|
hs_dir = smartlist_choose(usable_responsible_dirs);
|
|
|
|
if (!hs_dir && !options->StrictNodes) {
|
|
|
|
hs_dir = smartlist_choose(responsible_dirs);
|
|
|
|
}
|
|
|
|
|
|
|
|
smartlist_free(responsible_dirs);
|
|
|
|
smartlist_free(usable_responsible_dirs);
|
|
|
|
if (!hs_dir) {
|
|
|
|
log_info(LD_REND, "Could not pick one of the responsible hidden "
|
|
|
|
"service directories, because we requested them all "
|
|
|
|
"recently without success.");
|
|
|
|
if (options->StrictNodes && excluded_some) {
|
|
|
|
log_warn(LD_REND, "Could not pick a hidden service directory for the "
|
|
|
|
"requested hidden service: they are all either down or "
|
|
|
|
"excluded, and StrictNodes is set.");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* Remember that we are requesting a descriptor from this hidden service
|
|
|
|
* directory now. */
|
2017-06-01 13:07:53 +02:00
|
|
|
hs_lookup_last_hid_serv_request(hs_dir, req_key_str, now, 1);
|
2017-06-01 12:48:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return hs_dir;
|
|
|
|
}
|
|
|
|
|
2017-07-18 21:17:37 +02:00
|
|
|
/* From a list of link specifier, an onion key and if we are requesting a
|
|
|
|
* direct connection (ex: single onion service), return a newly allocated
|
2017-10-26 05:38:06 +02:00
|
|
|
* extend_info_t object. This function always returns an extend info with
|
|
|
|
* an IPv4 address, or NULL.
|
2017-07-18 21:17:37 +02:00
|
|
|
*
|
2017-10-26 05:38:06 +02:00
|
|
|
* It performs the following checks:
|
|
|
|
* if either IPv4 or legacy ID is missing, return NULL.
|
|
|
|
* if direct_conn, and we can't reach the IPv4 address, return NULL.
|
|
|
|
*/
|
2017-07-18 21:17:37 +02:00
|
|
|
extend_info_t *
|
|
|
|
hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
|
|
|
|
const curve25519_public_key_t *onion_key,
|
|
|
|
int direct_conn)
|
|
|
|
{
|
2017-10-26 05:38:06 +02:00
|
|
|
int have_v4 = 0, have_legacy_id = 0, have_ed25519_id = 0;
|
2017-07-18 21:17:37 +02:00
|
|
|
char legacy_id[DIGEST_LEN] = {0};
|
2017-10-26 05:38:06 +02:00
|
|
|
uint16_t port_v4 = 0;
|
|
|
|
tor_addr_t addr_v4;
|
2017-07-18 21:17:37 +02:00
|
|
|
ed25519_public_key_t ed25519_pk;
|
|
|
|
extend_info_t *info = NULL;
|
|
|
|
|
|
|
|
tor_assert(lspecs);
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
|
|
|
|
switch (link_specifier_get_ls_type(ls)) {
|
|
|
|
case LS_IPV4:
|
|
|
|
/* Skip if we already seen a v4. */
|
|
|
|
if (have_v4) continue;
|
|
|
|
tor_addr_from_ipv4h(&addr_v4,
|
|
|
|
link_specifier_get_un_ipv4_addr(ls));
|
|
|
|
port_v4 = link_specifier_get_un_ipv4_port(ls);
|
|
|
|
have_v4 = 1;
|
|
|
|
break;
|
|
|
|
case LS_LEGACY_ID:
|
|
|
|
/* Make sure we do have enough bytes for the legacy ID. */
|
|
|
|
if (link_specifier_getlen_un_legacy_id(ls) < sizeof(legacy_id)) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
memcpy(legacy_id, link_specifier_getconstarray_un_legacy_id(ls),
|
|
|
|
sizeof(legacy_id));
|
|
|
|
have_legacy_id = 1;
|
|
|
|
break;
|
|
|
|
case LS_ED25519_ID:
|
|
|
|
memcpy(ed25519_pk.pubkey,
|
|
|
|
link_specifier_getconstarray_un_ed25519_id(ls),
|
|
|
|
ED25519_PUBKEY_LEN);
|
|
|
|
have_ed25519_id = 1;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* Ignore unknown. */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(ls);
|
|
|
|
|
2017-10-26 05:38:06 +02:00
|
|
|
/* Legacy ID is mandatory, and we require IPv4. */
|
2017-07-18 21:17:37 +02:00
|
|
|
if (!have_v4 || !have_legacy_id) {
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2017-10-26 05:38:06 +02:00
|
|
|
/* We know we have IPv4, because we just checked. */
|
2017-07-18 21:17:37 +02:00
|
|
|
if (!direct_conn) {
|
2017-10-26 05:38:06 +02:00
|
|
|
/* All clients can extend to any IPv4 via a 3-hop path. */
|
2017-07-18 21:17:37 +02:00
|
|
|
goto validate;
|
2017-10-26 05:38:06 +02:00
|
|
|
} else if (direct_conn &&
|
|
|
|
fascist_firewall_allows_address_addr(&addr_v4, port_v4,
|
|
|
|
FIREWALL_OR_CONNECTION,
|
|
|
|
0, 0)) {
|
2017-07-18 21:17:37 +02:00
|
|
|
/* Direct connection and we can reach it in IPv4 so go for it. */
|
|
|
|
goto validate;
|
2017-10-26 05:38:06 +02:00
|
|
|
|
|
|
|
/* We will add support for falling back to a 3-hop path in a later
|
|
|
|
* release. */
|
|
|
|
} else {
|
|
|
|
/* If we can't reach IPv4, return NULL. */
|
|
|
|
goto done;
|
2017-07-18 21:17:37 +02:00
|
|
|
}
|
|
|
|
|
2017-10-26 05:38:06 +02:00
|
|
|
/* We will add support for IPv6 in a later release. */
|
|
|
|
|
2017-07-18 21:17:37 +02:00
|
|
|
validate:
|
|
|
|
/* We'll validate now that the address we've picked isn't a private one. If
|
|
|
|
* it is, are we allowing to extend to private address? */
|
2017-10-26 05:38:06 +02:00
|
|
|
if (!extend_info_addr_is_allowed(&addr_v4)) {
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_REND,
|
|
|
|
"Requested address is private and we are not allowed to extend to "
|
|
|
|
"it: %s:%u", fmt_addr(&addr_v4), port_v4);
|
2017-07-18 21:17:37 +02:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* We do have everything for which we think we can connect successfully. */
|
|
|
|
info = extend_info_new(NULL, legacy_id,
|
|
|
|
(have_ed25519_id) ? &ed25519_pk : NULL, NULL,
|
2017-10-26 05:38:06 +02:00
|
|
|
onion_key, &addr_v4, port_v4);
|
2017-07-18 21:17:37 +02:00
|
|
|
done:
|
|
|
|
return info;
|
|
|
|
}
|
|
|
|
|
2017-06-01 12:48:03 +02:00
|
|
|
/***********************************************************************/
|
|
|
|
|
2017-01-16 19:29:03 +01:00
|
|
|
/* Initialize the entire HS subsytem. This is called in tor_init() before any
|
|
|
|
* torrc options are loaded. Only for >= v3. */
|
|
|
|
void
|
|
|
|
hs_init(void)
|
|
|
|
{
|
|
|
|
hs_circuitmap_init();
|
|
|
|
hs_service_init();
|
|
|
|
hs_cache_init();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Release and cleanup all memory of the HS subsystem (all version). This is
|
|
|
|
* called by tor_free_all(). */
|
|
|
|
void
|
|
|
|
hs_free_all(void)
|
|
|
|
{
|
|
|
|
hs_circuitmap_free_all();
|
|
|
|
hs_service_free_all();
|
|
|
|
hs_cache_free_all();
|
2017-08-29 22:02:13 +02:00
|
|
|
hs_client_free_all();
|
2017-01-16 19:29:03 +01:00
|
|
|
}
|
|
|
|
|
2017-07-31 16:59:12 +02:00
|
|
|
/* For the given origin circuit circ, decrement the number of rendezvous
|
|
|
|
* stream counter. This handles every hidden service version. */
|
|
|
|
void
|
|
|
|
hs_dec_rdv_stream_counter(origin_circuit_t *circ)
|
|
|
|
{
|
|
|
|
tor_assert(circ);
|
|
|
|
|
|
|
|
if (circ->rend_data) {
|
|
|
|
circ->rend_data->nr_streams--;
|
|
|
|
} else if (circ->hs_ident) {
|
|
|
|
circ->hs_ident->num_rdv_streams--;
|
|
|
|
} else {
|
|
|
|
/* Should not be called if this circuit is not for hidden service. */
|
|
|
|
tor_assert_nonfatal_unreached();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* For the given origin circuit circ, increment the number of rendezvous
|
|
|
|
* stream counter. This handles every hidden service version. */
|
|
|
|
void
|
|
|
|
hs_inc_rdv_stream_counter(origin_circuit_t *circ)
|
|
|
|
{
|
|
|
|
tor_assert(circ);
|
|
|
|
|
|
|
|
if (circ->rend_data) {
|
|
|
|
circ->rend_data->nr_streams++;
|
|
|
|
} else if (circ->hs_ident) {
|
|
|
|
circ->hs_ident->num_rdv_streams++;
|
|
|
|
} else {
|
|
|
|
/* Should not be called if this circuit is not for hidden service. */
|
|
|
|
tor_assert_nonfatal_unreached();
|
|
|
|
}
|
|
|
|
}
|