2007-12-12 22:09:01 +01:00
|
|
|
/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2010-02-27 23:13:37 +01:00
|
|
|
* Copyright (c) 2007-2010, The Tor Project, Inc. */
|
2004-03-31 04:07:38 +02:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/**
|
|
|
|
* \file rendcommon.c
|
|
|
|
* \brief Rendezvous implementation: shared code between
|
2004-05-05 23:32:43 +02:00
|
|
|
* introducers, services, clients, and rendezvous points.
|
2004-05-09 18:47:25 +02:00
|
|
|
**/
|
2004-05-05 23:32:43 +02:00
|
|
|
|
2004-03-31 04:07:38 +02:00
|
|
|
#include "or.h"
|
|
|
|
|
2004-05-12 22:58:27 +02:00
|
|
|
/** Return 0 if one and two are the same service ids, else -1 or 1 */
|
2005-09-30 03:09:52 +02:00
|
|
|
int
|
|
|
|
rend_cmp_service_ids(const char *one, const char *two)
|
|
|
|
{
|
2004-05-12 22:58:27 +02:00
|
|
|
return strcasecmp(one,two);
|
|
|
|
}
|
|
|
|
|
2004-05-10 06:34:48 +02:00
|
|
|
/** Free the storage held by the service descriptor <b>desc</b>.
|
2004-04-06 05:44:36 +02:00
|
|
|
*/
|
2005-09-30 03:09:52 +02:00
|
|
|
void
|
|
|
|
rend_service_descriptor_free(rend_service_descriptor_t *desc)
|
2004-03-31 04:07:38 +02:00
|
|
|
{
|
|
|
|
if (desc->pk)
|
|
|
|
crypto_free_pk_env(desc->pk);
|
2007-12-21 10:28:22 +01:00
|
|
|
if (desc->intro_nodes) {
|
|
|
|
SMARTLIST_FOREACH(desc->intro_nodes, rend_intro_point_t *, intro,
|
|
|
|
rend_intro_point_free(intro););
|
|
|
|
smartlist_free(desc->intro_nodes);
|
2007-10-28 20:48:16 +01:00
|
|
|
}
|
2008-09-09 10:41:58 +02:00
|
|
|
if (desc->successful_uploads) {
|
|
|
|
SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c););
|
|
|
|
smartlist_free(desc->successful_uploads);
|
|
|
|
}
|
2004-03-31 04:07:38 +02:00
|
|
|
tor_free(desc);
|
|
|
|
}
|
|
|
|
|
2007-10-28 20:48:16 +01:00
|
|
|
/** Length of the descriptor cookie that is used for versioned hidden
|
2007-10-28 20:48:14 +01:00
|
|
|
* service descriptors. */
|
2007-10-29 20:10:42 +01:00
|
|
|
#define REND_DESC_COOKIE_LEN 16
|
2007-10-28 20:48:14 +01:00
|
|
|
|
2007-10-28 20:48:16 +01:00
|
|
|
/** Length of the replica number that is used to determine the secret ID
|
2007-10-28 20:48:14 +01:00
|
|
|
* part of versioned hidden service descriptors. */
|
2007-10-29 20:10:42 +01:00
|
|
|
#define REND_REPLICA_LEN 1
|
2007-10-28 20:48:14 +01:00
|
|
|
|
2007-10-28 20:48:16 +01:00
|
|
|
/** Compute the descriptor ID for <b>service_id</b> of length
|
2007-11-29 16:25:04 +01:00
|
|
|
* <b>REND_SERVICE_ID_LEN</b> and <b>secret_id_part</b> of length
|
2007-10-28 20:48:14 +01:00
|
|
|
* <b>DIGEST_LEN</b>, and write it to <b>descriptor_id_out</b> of length
|
|
|
|
* <b>DIGEST_LEN</b>. */
|
|
|
|
void
|
|
|
|
rend_get_descriptor_id_bytes(char *descriptor_id_out,
|
|
|
|
const char *service_id,
|
|
|
|
const char *secret_id_part)
|
|
|
|
{
|
|
|
|
crypto_digest_env_t *digest = crypto_new_digest_env();
|
2007-11-29 16:25:04 +01:00
|
|
|
crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
|
2007-10-28 20:48:14 +01:00
|
|
|
crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
|
|
|
|
crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
|
|
|
|
crypto_free_digest_env(digest);
|
|
|
|
}
|
|
|
|
|
2007-10-28 20:48:16 +01:00
|
|
|
/** Compute the secret ID part for time_period,
|
|
|
|
* a <b>descriptor_cookie</b> of length
|
2007-10-29 20:10:42 +01:00
|
|
|
* <b>REND_DESC_COOKIE_LEN</b> which may also be <b>NULL</b> if no
|
2007-10-28 20:48:14 +01:00
|
|
|
* descriptor_cookie shall be used, and <b>replica</b>, and write it to
|
|
|
|
* <b>secret_id_part</b> of length DIGEST_LEN. */
|
|
|
|
static void
|
2007-10-28 20:48:16 +01:00
|
|
|
get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
|
2007-10-28 20:48:14 +01:00
|
|
|
const char *descriptor_cookie, uint8_t replica)
|
|
|
|
{
|
|
|
|
crypto_digest_env_t *digest = crypto_new_digest_env();
|
2007-10-28 20:48:16 +01:00
|
|
|
time_period = htonl(time_period);
|
|
|
|
crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t));
|
2007-10-28 20:48:14 +01:00
|
|
|
if (descriptor_cookie) {
|
|
|
|
crypto_digest_add_bytes(digest, descriptor_cookie,
|
2007-10-29 20:10:42 +01:00
|
|
|
REND_DESC_COOKIE_LEN);
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
2007-10-29 20:10:42 +01:00
|
|
|
crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN);
|
2007-10-28 20:48:14 +01:00
|
|
|
crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN);
|
|
|
|
crypto_free_digest_env(digest);
|
|
|
|
}
|
|
|
|
|
2007-10-28 20:48:16 +01:00
|
|
|
/** Return the time period for time <b>now</b> plus a potentially
|
|
|
|
* intended <b>deviation</b> of one or more periods, based on the first byte
|
|
|
|
* of <b>service_id</b>. */
|
|
|
|
static uint32_t
|
|
|
|
get_time_period(time_t now, uint8_t deviation, const char *service_id)
|
2007-10-28 20:48:14 +01:00
|
|
|
{
|
2007-10-28 20:48:16 +01:00
|
|
|
/* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY
|
|
|
|
* intervals that have passed since the epoch, offset slightly so that
|
|
|
|
* each service's time periods start and end at a fraction of that
|
|
|
|
* period based on their first byte. */
|
|
|
|
return (uint32_t)
|
2007-10-28 20:48:14 +01:00
|
|
|
(now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
|
|
|
|
/ REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation;
|
|
|
|
}
|
|
|
|
|
2007-10-28 20:48:16 +01:00
|
|
|
/** Compute the time in seconds that a descriptor that is generated
|
2007-10-28 20:48:14 +01:00
|
|
|
* <b>now</b> for <b>service_id</b> will be valid. */
|
|
|
|
static uint32_t
|
|
|
|
get_seconds_valid(time_t now, const char *service_id)
|
|
|
|
{
|
|
|
|
uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY -
|
2007-10-28 20:48:16 +01:00
|
|
|
((uint32_t)
|
|
|
|
(now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
|
|
|
|
% REND_TIME_PERIOD_V2_DESC_VALIDITY);
|
2007-10-28 20:48:14 +01:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2007-10-28 20:48:16 +01:00
|
|
|
/** Compute the binary <b>desc_id_out</b> (DIGEST_LEN bytes long) for a given
|
|
|
|
* base32-encoded <b>service_id</b> and optional unencoded
|
2007-10-29 20:10:42 +01:00
|
|
|
* <b>descriptor_cookie</b> of length REND_DESC_COOKIE_LEN,
|
2007-10-28 20:48:16 +01:00
|
|
|
* at time <b>now</b> for replica number
|
2007-10-28 20:48:14 +01:00
|
|
|
* <b>replica</b>. <b>desc_id</b> needs to have <b>DIGEST_LEN</b> bytes
|
|
|
|
* free. Return 0 for success, -1 otherwise. */
|
|
|
|
int
|
|
|
|
rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
|
|
|
|
const char *descriptor_cookie, time_t now,
|
|
|
|
uint8_t replica)
|
|
|
|
{
|
2007-11-29 16:25:04 +01:00
|
|
|
char service_id_binary[REND_SERVICE_ID_LEN];
|
2007-10-28 20:48:14 +01:00
|
|
|
char secret_id_part[DIGEST_LEN];
|
2007-10-28 20:48:16 +01:00
|
|
|
uint32_t time_period;
|
2007-10-28 20:48:14 +01:00
|
|
|
if (!service_id ||
|
2007-11-29 16:25:04 +01:00
|
|
|
strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
|
2007-10-28 20:48:14 +01:00
|
|
|
log_warn(LD_REND, "Could not compute v2 descriptor ID: "
|
2008-02-13 17:34:00 +01:00
|
|
|
"Illegal service ID: %s", safe_str(service_id));
|
2007-10-28 20:48:14 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) {
|
|
|
|
log_warn(LD_REND, "Could not compute v2 descriptor ID: "
|
|
|
|
"Replica number out of range: %d", replica);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/* Convert service ID to binary. */
|
2007-11-29 16:25:04 +01:00
|
|
|
if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN,
|
|
|
|
service_id, REND_SERVICE_ID_LEN_BASE32) < 0) {
|
2007-10-28 20:48:14 +01:00
|
|
|
log_warn(LD_REND, "Could not compute v2 descriptor ID: "
|
|
|
|
"Illegal characters in service ID: %s",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(service_id));
|
2007-10-28 20:48:14 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/* Calculate current time-period. */
|
2007-10-28 20:48:16 +01:00
|
|
|
time_period = get_time_period(now, 0, service_id_binary);
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Calculate secret-id-part = h(time-period + replica). */
|
|
|
|
get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
|
|
|
|
replica);
|
|
|
|
/* Calculate descriptor ID. */
|
|
|
|
rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-08-19 17:41:28 +02:00
|
|
|
/** Encode the introduction points in <b>desc</b> and write the result to a
|
|
|
|
* newly allocated string pointed to by <b>encoded</b>. Return 0 for
|
|
|
|
* success, -1 otherwise. */
|
2007-10-28 20:48:14 +01:00
|
|
|
static int
|
2008-08-19 17:41:28 +02:00
|
|
|
rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc)
|
2007-10-28 20:48:14 +01:00
|
|
|
{
|
|
|
|
size_t unenc_len;
|
2007-10-28 20:48:16 +01:00
|
|
|
char *unenc = NULL;
|
2007-10-28 20:48:14 +01:00
|
|
|
size_t unenc_written = 0;
|
|
|
|
int i;
|
2007-10-28 20:48:16 +01:00
|
|
|
int r = -1;
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Assemble unencrypted list of introduction points. */
|
2007-12-21 10:28:22 +01:00
|
|
|
unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */
|
2007-10-28 20:48:14 +01:00
|
|
|
unenc = tor_malloc_zero(unenc_len);
|
2007-12-21 10:28:22 +01:00
|
|
|
for (i = 0; i < smartlist_len(desc->intro_nodes); i++) {
|
2007-10-29 20:10:42 +01:00
|
|
|
char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1];
|
2007-10-28 20:48:16 +01:00
|
|
|
char *onion_key = NULL;
|
2007-10-28 20:48:14 +01:00
|
|
|
size_t onion_key_len;
|
|
|
|
crypto_pk_env_t *intro_key;
|
2007-10-28 20:48:16 +01:00
|
|
|
char *service_key = NULL;
|
2007-11-27 22:17:43 +01:00
|
|
|
char *address = NULL;
|
2007-10-28 20:48:14 +01:00
|
|
|
size_t service_key_len;
|
|
|
|
int res;
|
2007-12-21 10:28:22 +01:00
|
|
|
rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Obtain extend info with introduction point details. */
|
2007-12-21 10:28:22 +01:00
|
|
|
extend_info_t *info = intro->extend_info;
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Encode introduction point ID. */
|
2007-10-28 20:48:16 +01:00
|
|
|
base32_encode(id_base32, sizeof(id_base32),
|
|
|
|
info->identity_digest, DIGEST_LEN);
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Encode onion key. */
|
|
|
|
if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key,
|
|
|
|
&onion_key_len) < 0) {
|
|
|
|
log_warn(LD_REND, "Could not write onion key.");
|
2007-10-28 20:48:16 +01:00
|
|
|
goto done;
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
|
|
|
/* Encode intro key. */
|
2007-12-21 10:28:22 +01:00
|
|
|
intro_key = intro->intro_key;
|
2007-10-28 20:48:14 +01:00
|
|
|
if (!intro_key ||
|
|
|
|
crypto_pk_write_public_key_to_string(intro_key, &service_key,
|
|
|
|
&service_key_len) < 0) {
|
|
|
|
log_warn(LD_REND, "Could not write intro key.");
|
|
|
|
tor_free(onion_key);
|
2007-10-28 20:48:16 +01:00
|
|
|
goto done;
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
|
|
|
/* Assemble everything for this introduction point. */
|
2008-08-05 22:08:19 +02:00
|
|
|
address = tor_dup_addr(&info->addr);
|
2007-10-28 20:48:14 +01:00
|
|
|
res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written,
|
|
|
|
"introduction-point %s\n"
|
|
|
|
"ip-address %s\n"
|
|
|
|
"onion-port %d\n"
|
|
|
|
"onion-key\n%s"
|
|
|
|
"service-key\n%s",
|
|
|
|
id_base32,
|
2007-11-27 22:17:43 +01:00
|
|
|
address,
|
2007-10-28 20:48:14 +01:00
|
|
|
info->port,
|
|
|
|
onion_key,
|
|
|
|
service_key);
|
2007-11-27 22:17:43 +01:00
|
|
|
tor_free(address);
|
2007-10-28 20:48:14 +01:00
|
|
|
tor_free(onion_key);
|
|
|
|
tor_free(service_key);
|
|
|
|
if (res < 0) {
|
|
|
|
log_warn(LD_REND, "Not enough space for writing introduction point "
|
|
|
|
"string.");
|
2007-10-28 20:48:16 +01:00
|
|
|
goto done;
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
|
|
|
/* Update total number of written bytes for unencrypted intro points. */
|
|
|
|
unenc_written += res;
|
|
|
|
}
|
|
|
|
/* Finalize unencrypted introduction points. */
|
|
|
|
if (unenc_len < unenc_written + 2) {
|
|
|
|
log_warn(LD_REND, "Not enough space for finalizing introduction point "
|
|
|
|
"string.");
|
2007-10-28 20:48:16 +01:00
|
|
|
goto done;
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
|
|
|
unenc[unenc_written++] = '\n';
|
|
|
|
unenc[unenc_written++] = 0;
|
2008-08-19 17:41:28 +02:00
|
|
|
*encoded = unenc;
|
|
|
|
r = 0;
|
|
|
|
done:
|
|
|
|
if (r<0)
|
|
|
|
tor_free(unenc);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Encrypt the encoded introduction points in <b>encoded</b> using
|
|
|
|
* authorization type 'basic' with <b>client_cookies</b> and write the
|
|
|
|
* result to a newly allocated string pointed to by <b>encrypted_out</b> of
|
2008-08-19 21:01:41 +02:00
|
|
|
* length <b>encrypted_len_out</b>. Return 0 for success, -1 otherwise. */
|
2008-08-19 17:41:28 +02:00
|
|
|
static int
|
|
|
|
rend_encrypt_v2_intro_points_basic(char **encrypted_out,
|
|
|
|
size_t *encrypted_len_out,
|
|
|
|
const char *encoded,
|
|
|
|
smartlist_t *client_cookies)
|
|
|
|
{
|
|
|
|
int r = -1, i, pos, enclen, client_blocks;
|
|
|
|
size_t len, client_entries_len;
|
|
|
|
char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL,
|
|
|
|
session_key[CIPHER_KEY_LEN];
|
|
|
|
smartlist_t *encrypted_session_keys = NULL;
|
|
|
|
crypto_digest_env_t *digest;
|
|
|
|
crypto_cipher_env_t *cipher;
|
|
|
|
tor_assert(encoded);
|
|
|
|
tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
|
|
|
|
|
|
|
|
/* Generate session key. */
|
|
|
|
if (crypto_rand(session_key, CIPHER_KEY_LEN) < 0) {
|
|
|
|
log_warn(LD_REND, "Unable to generate random session key to encrypt "
|
|
|
|
"introduction point string.");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Determine length of encrypted introduction points including session
|
|
|
|
* keys. */
|
|
|
|
client_blocks = 1 + ((smartlist_len(client_cookies) - 1) /
|
|
|
|
REND_BASIC_AUTH_CLIENT_MULTIPLE);
|
|
|
|
client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
|
|
|
|
REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
|
|
|
|
len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded);
|
|
|
|
if (client_blocks >= 256) {
|
|
|
|
log_warn(LD_REND, "Too many clients in introduction point string.");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
enc = tor_malloc_zero(len);
|
|
|
|
enc[0] = 0x01; /* type of authorization. */
|
|
|
|
enc[1] = (uint8_t)client_blocks;
|
|
|
|
|
|
|
|
/* Encrypt with random session key. */
|
|
|
|
cipher = crypto_create_init_cipher(session_key, 1);
|
|
|
|
enclen = crypto_cipher_encrypt_with_iv(cipher,
|
|
|
|
enc + 2 + client_entries_len,
|
|
|
|
CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
|
|
|
|
crypto_free_cipher_env(cipher);
|
|
|
|
if (enclen < 0) {
|
|
|
|
log_warn(LD_REND, "Could not encrypt introduction point string.");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN);
|
|
|
|
|
|
|
|
/* Encrypt session key for cookies, determine client IDs, and put both
|
|
|
|
* in a smartlist. */
|
|
|
|
encrypted_session_keys = smartlist_create();
|
|
|
|
SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
|
|
|
|
client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
|
|
|
|
/* Encrypt session key. */
|
|
|
|
cipher = crypto_create_init_cipher(cookie, 1);
|
|
|
|
if (crypto_cipher_encrypt(cipher, client_part +
|
|
|
|
REND_BASIC_AUTH_CLIENT_ID_LEN,
|
|
|
|
session_key, CIPHER_KEY_LEN) < 0) {
|
|
|
|
log_warn(LD_REND, "Could not encrypt session key for client.");
|
|
|
|
crypto_free_cipher_env(cipher);
|
|
|
|
tor_free(client_part);
|
|
|
|
goto done;
|
|
|
|
}
|
2007-10-28 20:48:14 +01:00
|
|
|
crypto_free_cipher_env(cipher);
|
2008-08-19 17:41:28 +02:00
|
|
|
|
|
|
|
/* Determine client ID. */
|
|
|
|
digest = crypto_new_digest_env();
|
|
|
|
crypto_digest_add_bytes(digest, cookie, REND_DESC_COOKIE_LEN);
|
|
|
|
crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
|
|
|
|
crypto_digest_get_digest(digest, client_part,
|
|
|
|
REND_BASIC_AUTH_CLIENT_ID_LEN);
|
|
|
|
crypto_free_digest_env(digest);
|
|
|
|
|
|
|
|
/* Put both together. */
|
|
|
|
smartlist_add(encrypted_session_keys, client_part);
|
|
|
|
} SMARTLIST_FOREACH_END(cookie);
|
|
|
|
|
|
|
|
/* Add some fake client IDs and encrypted session keys. */
|
|
|
|
for (i = (smartlist_len(client_cookies) - 1) %
|
|
|
|
REND_BASIC_AUTH_CLIENT_MULTIPLE;
|
|
|
|
i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) {
|
|
|
|
client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
|
|
|
|
if (crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN) < 0) {
|
|
|
|
log_warn(LD_REND, "Unable to generate fake client entry.");
|
|
|
|
tor_free(client_part);
|
2007-10-28 20:48:16 +01:00
|
|
|
goto done;
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
2008-08-19 17:41:28 +02:00
|
|
|
smartlist_add(encrypted_session_keys, client_part);
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
2008-08-19 17:41:28 +02:00
|
|
|
/* Sort smartlist and put elements in result in order. */
|
|
|
|
smartlist_sort_digests(encrypted_session_keys);
|
|
|
|
pos = 2;
|
|
|
|
SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, {
|
|
|
|
memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
|
|
|
|
pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
|
|
|
|
});
|
|
|
|
*encrypted_out = enc;
|
|
|
|
*encrypted_len_out = len;
|
|
|
|
enc = NULL; /* prevent free. */
|
|
|
|
r = 0;
|
|
|
|
done:
|
|
|
|
tor_free(enc);
|
|
|
|
if (encrypted_session_keys) {
|
|
|
|
SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d););
|
|
|
|
smartlist_free(encrypted_session_keys);
|
|
|
|
}
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Encrypt the encoded introduction points in <b>encoded</b> using
|
|
|
|
* authorization type 'stealth' with <b>descriptor_cookie</b> of length
|
|
|
|
* REND_DESC_COOKIE_LEN and write the result to a newly allocated string
|
2008-08-19 21:01:41 +02:00
|
|
|
* pointed to by <b>encrypted_out</b> of length <b>encrypted_len_out</b>.
|
|
|
|
* Return 0 for success, -1 otherwise. */
|
2008-08-19 17:41:28 +02:00
|
|
|
static int
|
|
|
|
rend_encrypt_v2_intro_points_stealth(char **encrypted_out,
|
|
|
|
size_t *encrypted_len_out,
|
|
|
|
const char *encoded,
|
|
|
|
const char *descriptor_cookie)
|
|
|
|
{
|
|
|
|
int r = -1, enclen;
|
|
|
|
crypto_cipher_env_t *cipher;
|
|
|
|
char *enc;
|
|
|
|
tor_assert(encoded);
|
|
|
|
tor_assert(descriptor_cookie);
|
|
|
|
|
|
|
|
enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded));
|
|
|
|
enc[0] = 0x02; /* Auth type */
|
|
|
|
cipher = crypto_create_init_cipher(descriptor_cookie, 1);
|
|
|
|
enclen = crypto_cipher_encrypt_with_iv(cipher, enc + 1,
|
|
|
|
CIPHER_IV_LEN+strlen(encoded),
|
|
|
|
encoded, strlen(encoded));
|
|
|
|
crypto_free_cipher_env(cipher);
|
|
|
|
if (enclen < 0) {
|
|
|
|
log_warn(LD_REND, "Could not encrypt introduction point string.");
|
2007-10-28 20:48:16 +01:00
|
|
|
goto done;
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
2008-08-19 17:41:28 +02:00
|
|
|
*encrypted_out = enc;
|
|
|
|
*encrypted_len_out = enclen;
|
|
|
|
enc = NULL; /* prevent free */
|
2007-10-28 20:48:16 +01:00
|
|
|
r = 0;
|
|
|
|
done:
|
2008-08-19 17:41:28 +02:00
|
|
|
tor_free(enc);
|
2007-10-28 20:48:16 +01:00
|
|
|
return r;
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/** Attempt to parse the given <b>desc_str</b> and return true if this
|
|
|
|
* succeeds, false otherwise. */
|
|
|
|
static int
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc)
|
2007-10-28 20:48:14 +01:00
|
|
|
{
|
2007-10-28 20:48:16 +01:00
|
|
|
rend_service_descriptor_t *test_parsed = NULL;
|
2007-10-28 20:48:14 +01:00
|
|
|
char test_desc_id[DIGEST_LEN];
|
2007-10-28 20:48:16 +01:00
|
|
|
char *test_intro_content = NULL;
|
2007-10-28 20:48:14 +01:00
|
|
|
size_t test_intro_size;
|
|
|
|
size_t test_encoded_size;
|
|
|
|
const char *test_next;
|
|
|
|
int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id,
|
|
|
|
&test_intro_content,
|
|
|
|
&test_intro_size,
|
|
|
|
&test_encoded_size,
|
2007-12-15 21:28:09 +01:00
|
|
|
&test_next, desc->desc_str);
|
2007-10-28 20:48:16 +01:00
|
|
|
if (test_parsed)
|
|
|
|
rend_service_descriptor_free(test_parsed);
|
2007-10-28 20:48:14 +01:00
|
|
|
tor_free(test_intro_content);
|
|
|
|
return (res >= 0);
|
|
|
|
}
|
|
|
|
|
2007-12-15 21:28:09 +01:00
|
|
|
/** Free the storage held by an encoded v2 service descriptor. */
|
|
|
|
void
|
|
|
|
rend_encoded_v2_service_descriptor_free(
|
|
|
|
rend_encoded_v2_service_descriptor_t *desc)
|
|
|
|
{
|
2007-12-15 21:50:56 +01:00
|
|
|
tor_free(desc->desc_str);
|
2007-12-15 21:28:09 +01:00
|
|
|
tor_free(desc);
|
|
|
|
}
|
|
|
|
|
2007-12-21 10:28:22 +01:00
|
|
|
/** Free the storage held by an introduction point info. */
|
|
|
|
void
|
|
|
|
rend_intro_point_free(rend_intro_point_t *intro)
|
|
|
|
{
|
|
|
|
if (intro->extend_info)
|
|
|
|
extend_info_free(intro->extend_info);
|
|
|
|
if (intro->intro_key)
|
|
|
|
crypto_free_pk_env(intro->intro_key);
|
|
|
|
tor_free(intro);
|
|
|
|
}
|
|
|
|
|
2007-12-15 21:28:09 +01:00
|
|
|
/** Encode a set of rend_encoded_v2_service_descriptor_t's for <b>desc</b>
|
2008-08-19 17:41:28 +02:00
|
|
|
* at time <b>now</b> using <b>service_key</b>, depending on
|
|
|
|
* <b>auth_type</b> a <b>descriptor_cookie</b> and a list of
|
|
|
|
* <b>client_cookies</b> (which are both <b>NULL</b> if no client
|
|
|
|
* authorization is performed), and <b>period</b> (e.g. 0 for the current
|
|
|
|
* period, 1 for the next period, etc.) and add them to the existing list
|
|
|
|
* <b>descs_out</b>; return the number of seconds that the descriptors will
|
|
|
|
* be found by clients, or -1 if the encoding was not successful. */
|
2007-10-28 20:48:14 +01:00
|
|
|
int
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encode_v2_descriptors(smartlist_t *descs_out,
|
2007-10-28 20:48:14 +01:00
|
|
|
rend_service_descriptor_t *desc, time_t now,
|
2008-08-19 17:41:28 +02:00
|
|
|
uint8_t period, rend_auth_type_t auth_type,
|
|
|
|
crypto_pk_env_t *client_key,
|
|
|
|
smartlist_t *client_cookies)
|
2007-10-28 20:48:14 +01:00
|
|
|
{
|
|
|
|
char service_id[DIGEST_LEN];
|
2007-10-28 20:48:16 +01:00
|
|
|
uint32_t time_period;
|
2008-08-19 17:41:28 +02:00
|
|
|
char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL,
|
|
|
|
*descriptor_cookie = NULL;
|
|
|
|
size_t ipos_len = 0, ipos_encrypted_len = 0;
|
2007-10-28 20:48:14 +01:00
|
|
|
int k;
|
|
|
|
uint32_t seconds_valid;
|
2010-02-23 17:09:02 +01:00
|
|
|
crypto_pk_env_t *service_key;
|
|
|
|
if (!desc) {
|
|
|
|
log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk;
|
2008-08-19 17:41:28 +02:00
|
|
|
tor_assert(service_key);
|
|
|
|
if (auth_type == REND_STEALTH_AUTH) {
|
|
|
|
descriptor_cookie = smartlist_get(client_cookies, 0);
|
|
|
|
tor_assert(descriptor_cookie);
|
|
|
|
}
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Obtain service_id from public key. */
|
2008-08-19 17:41:28 +02:00
|
|
|
crypto_pk_get_digest(service_key, service_id);
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Calculate current time-period. */
|
2007-10-28 20:48:16 +01:00
|
|
|
time_period = get_time_period(now, period, service_id);
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Determine how many seconds the descriptor will be valid. */
|
|
|
|
seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY +
|
|
|
|
get_seconds_valid(now, service_id);
|
|
|
|
/* Assemble, possibly encrypt, and encode introduction points. */
|
2008-08-19 17:41:28 +02:00
|
|
|
if (smartlist_len(desc->intro_nodes) > 0) {
|
|
|
|
if (rend_encode_v2_intro_points(&ipos, desc) < 0) {
|
|
|
|
log_warn(LD_REND, "Encoding of introduction points did not succeed.");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
switch (auth_type) {
|
|
|
|
case REND_NO_AUTH:
|
|
|
|
ipos_len = strlen(ipos);
|
|
|
|
break;
|
|
|
|
case REND_BASIC_AUTH:
|
|
|
|
if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted,
|
|
|
|
&ipos_encrypted_len, ipos,
|
|
|
|
client_cookies) < 0) {
|
|
|
|
log_warn(LD_REND, "Encrypting of introduction points did not "
|
|
|
|
"succeed.");
|
|
|
|
tor_free(ipos);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
tor_free(ipos);
|
|
|
|
ipos = ipos_encrypted;
|
|
|
|
ipos_len = ipos_encrypted_len;
|
|
|
|
break;
|
|
|
|
case REND_STEALTH_AUTH:
|
|
|
|
if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted,
|
|
|
|
&ipos_encrypted_len, ipos,
|
|
|
|
descriptor_cookie) < 0) {
|
|
|
|
log_warn(LD_REND, "Encrypting of introduction points did not "
|
|
|
|
"succeed.");
|
|
|
|
tor_free(ipos);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
tor_free(ipos);
|
|
|
|
ipos = ipos_encrypted;
|
|
|
|
ipos_len = ipos_encrypted_len;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d",
|
|
|
|
(int)auth_type);
|
|
|
|
tor_free(ipos);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/* Base64-encode introduction points. */
|
|
|
|
ipos_base64 = tor_malloc_zero(ipos_len * 2);
|
|
|
|
if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len)<0) {
|
|
|
|
log_warn(LD_REND, "Could not encode introduction point string to "
|
2008-08-20 07:15:08 +02:00
|
|
|
"base64. length=%d", (int)ipos_len);
|
2008-08-19 17:41:28 +02:00
|
|
|
tor_free(ipos_base64);
|
|
|
|
tor_free(ipos);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
tor_free(ipos);
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
|
|
|
/* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */
|
|
|
|
for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) {
|
|
|
|
char secret_id_part[DIGEST_LEN];
|
2007-10-29 20:10:42 +01:00
|
|
|
char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1];
|
2007-10-31 21:48:06 +01:00
|
|
|
char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
|
2007-10-28 20:48:16 +01:00
|
|
|
char *permanent_key = NULL;
|
2007-10-28 20:48:14 +01:00
|
|
|
size_t permanent_key_len;
|
|
|
|
char published[ISO_TIME_LEN+1];
|
|
|
|
int i;
|
|
|
|
char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */
|
|
|
|
size_t protocol_versions_written;
|
|
|
|
size_t desc_len;
|
2007-10-28 20:48:16 +01:00
|
|
|
char *desc_str = NULL;
|
2007-10-28 20:48:14 +01:00
|
|
|
int result = 0;
|
|
|
|
size_t written = 0;
|
|
|
|
char desc_digest[DIGEST_LEN];
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encoded_v2_service_descriptor_t *enc =
|
|
|
|
tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Calculate secret-id-part = h(time-period + cookie + replica). */
|
|
|
|
get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
|
|
|
|
k);
|
2007-10-29 20:10:47 +01:00
|
|
|
base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32),
|
2007-10-28 20:48:14 +01:00
|
|
|
secret_id_part, DIGEST_LEN);
|
|
|
|
/* Calculate descriptor ID. */
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part);
|
2007-10-31 21:48:06 +01:00
|
|
|
base32_encode(desc_id_base32, sizeof(desc_id_base32),
|
2007-12-15 21:28:09 +01:00
|
|
|
enc->desc_id, DIGEST_LEN);
|
2007-10-28 20:48:14 +01:00
|
|
|
/* PEM-encode the public key */
|
2008-08-19 17:41:28 +02:00
|
|
|
if (crypto_pk_write_public_key_to_string(service_key, &permanent_key,
|
2007-10-28 20:48:14 +01:00
|
|
|
&permanent_key_len) < 0) {
|
|
|
|
log_warn(LD_BUG, "Could not write public key to string.");
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encoded_v2_service_descriptor_free(enc);
|
2007-10-28 20:48:14 +01:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
/* Encode timestamp. */
|
|
|
|
format_iso_time(published, desc->timestamp);
|
|
|
|
/* Write protocol-versions bitmask to comma-separated value string. */
|
|
|
|
protocol_versions_written = 0;
|
|
|
|
for (i = 0; i < 8; i++) {
|
|
|
|
if (desc->protocols & 1 << i) {
|
|
|
|
tor_snprintf(protocol_versions_string + protocol_versions_written,
|
|
|
|
16 - protocol_versions_written, "%d,", i);
|
|
|
|
protocol_versions_written += 2;
|
|
|
|
}
|
|
|
|
}
|
2007-10-28 20:48:16 +01:00
|
|
|
if (protocol_versions_written)
|
|
|
|
protocol_versions_string[protocol_versions_written - 1] = '\0';
|
|
|
|
else
|
|
|
|
protocol_versions_string[0]= '\0';
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Assemble complete descriptor. */
|
2007-12-21 10:28:22 +01:00
|
|
|
desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long,
|
|
|
|
but okay.*/
|
2007-12-15 21:28:09 +01:00
|
|
|
enc->desc_str = desc_str = tor_malloc_zero(desc_len);
|
2007-10-28 20:48:14 +01:00
|
|
|
result = tor_snprintf(desc_str, desc_len,
|
|
|
|
"rendezvous-service-descriptor %s\n"
|
|
|
|
"version 2\n"
|
|
|
|
"permanent-key\n%s"
|
|
|
|
"secret-id-part %s\n"
|
|
|
|
"publication-time %s\n"
|
2007-11-27 22:06:34 +01:00
|
|
|
"protocol-versions %s\n",
|
2007-10-28 20:48:14 +01:00
|
|
|
desc_id_base32,
|
|
|
|
permanent_key,
|
|
|
|
secret_id_part_base32,
|
|
|
|
published,
|
2007-11-27 22:06:34 +01:00
|
|
|
protocol_versions_string);
|
2007-10-28 20:48:14 +01:00
|
|
|
tor_free(permanent_key);
|
|
|
|
if (result < 0) {
|
|
|
|
log_warn(LD_BUG, "Descriptor ran out of room.");
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encoded_v2_service_descriptor_free(enc);
|
2007-10-28 20:48:14 +01:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
written = result;
|
2007-11-27 22:06:34 +01:00
|
|
|
/* Add introduction points. */
|
|
|
|
if (ipos_base64) {
|
|
|
|
result = tor_snprintf(desc_str + written, desc_len - written,
|
|
|
|
"introduction-points\n"
|
|
|
|
"-----BEGIN MESSAGE-----\n%s"
|
|
|
|
"-----END MESSAGE-----\n",
|
|
|
|
ipos_base64);
|
|
|
|
if (result < 0) {
|
|
|
|
log_warn(LD_BUG, "could not write introduction points.");
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encoded_v2_service_descriptor_free(enc);
|
2007-11-27 22:06:34 +01:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
written += result;
|
|
|
|
}
|
2007-10-28 20:48:14 +01:00
|
|
|
/* Add signature. */
|
|
|
|
strlcpy(desc_str + written, "signature\n", desc_len - written);
|
|
|
|
written += strlen(desc_str + written);
|
|
|
|
if (crypto_digest(desc_digest, desc_str, written) < 0) {
|
|
|
|
log_warn(LD_BUG, "could not create digest.");
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encoded_v2_service_descriptor_free(enc);
|
2007-10-28 20:48:14 +01:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
if (router_append_dirobj_signature(desc_str + written,
|
|
|
|
desc_len - written,
|
2008-08-19 17:41:28 +02:00
|
|
|
desc_digest, service_key) < 0) {
|
2007-10-28 20:48:14 +01:00
|
|
|
log_warn(LD_BUG, "Couldn't sign desc.");
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encoded_v2_service_descriptor_free(enc);
|
2007-10-28 20:48:14 +01:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
written += strlen(desc_str+written);
|
|
|
|
if (written+2 > desc_len) {
|
|
|
|
log_warn(LD_BUG, "Could not finish desc.");
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encoded_v2_service_descriptor_free(enc);
|
2007-10-28 20:48:14 +01:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
desc_str[written++] = '\n';
|
|
|
|
desc_str[written++] = 0;
|
|
|
|
/* Check if we can parse our own descriptor. */
|
2007-12-15 21:28:09 +01:00
|
|
|
if (!rend_desc_v2_is_parsable(enc)) {
|
2007-10-28 20:48:14 +01:00
|
|
|
log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str);
|
2007-12-15 21:28:09 +01:00
|
|
|
rend_encoded_v2_service_descriptor_free(enc);
|
2007-10-28 20:48:14 +01:00
|
|
|
goto err;
|
|
|
|
}
|
2007-12-15 21:28:09 +01:00
|
|
|
smartlist_add(descs_out, enc);
|
2007-10-28 20:48:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
log_info(LD_REND, "Successfully encoded a v2 descriptor and "
|
2007-11-27 22:17:43 +01:00
|
|
|
"confirmed that it is parsable.");
|
2007-10-28 20:48:14 +01:00
|
|
|
goto done;
|
|
|
|
|
|
|
|
err:
|
2007-12-15 21:28:09 +01:00
|
|
|
SMARTLIST_FOREACH(descs_out, rend_encoded_v2_service_descriptor_t *, d,
|
|
|
|
rend_encoded_v2_service_descriptor_free(d););
|
|
|
|
smartlist_clear(descs_out);
|
2007-10-28 20:48:14 +01:00
|
|
|
seconds_valid = -1;
|
|
|
|
|
|
|
|
done:
|
|
|
|
tor_free(ipos_base64);
|
|
|
|
return seconds_valid;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Encode a service descriptor for <b>desc</b>, and sign it with
|
2004-05-10 06:34:48 +02:00
|
|
|
* <b>key</b>. Store the descriptor in *<b>str_out</b>, and set
|
|
|
|
* *<b>len_out</b> to its length.
|
2004-04-06 05:44:36 +02:00
|
|
|
*/
|
2004-03-31 04:07:38 +02:00
|
|
|
int
|
|
|
|
rend_encode_service_descriptor(rend_service_descriptor_t *desc,
|
2004-04-02 00:12:00 +02:00
|
|
|
crypto_pk_env_t *key,
|
2004-10-14 04:47:09 +02:00
|
|
|
char **str_out, size_t *len_out)
|
2004-03-31 04:07:38 +02:00
|
|
|
{
|
2005-06-29 23:46:55 +02:00
|
|
|
char *cp;
|
|
|
|
char *end;
|
2008-02-20 00:59:16 +01:00
|
|
|
int i, r;
|
2005-06-29 23:46:55 +02:00
|
|
|
size_t asn1len;
|
2007-12-21 10:28:22 +01:00
|
|
|
size_t buflen =
|
|
|
|
PK_BYTES*2*(smartlist_len(desc->intro_nodes)+2);/*Too long, but ok*/
|
2005-12-14 03:19:27 +01:00
|
|
|
cp = *str_out = tor_malloc(buflen);
|
2007-12-21 10:28:22 +01:00
|
|
|
end = cp + PK_BYTES*2*(smartlist_len(desc->intro_nodes)+1);
|
2008-02-20 00:59:16 +01:00
|
|
|
r = crypto_pk_asn1_encode(desc->pk, cp+2, end-(cp+2));
|
|
|
|
if (r < 0) {
|
|
|
|
tor_free(*str_out);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
asn1len = r;
|
2004-04-08 06:47:39 +02:00
|
|
|
set_uint16(cp, htons((uint16_t)asn1len));
|
2005-06-29 23:46:55 +02:00
|
|
|
cp += 2+asn1len;
|
2004-04-08 06:47:39 +02:00
|
|
|
set_uint32(cp, htonl((uint32_t)desc->timestamp));
|
2004-03-31 04:07:38 +02:00
|
|
|
cp += 4;
|
2007-12-21 10:28:22 +01:00
|
|
|
set_uint16(cp, htons((uint16_t)smartlist_len(desc->intro_nodes)));
|
2004-03-31 04:07:38 +02:00
|
|
|
cp += 2;
|
2007-12-21 10:28:22 +01:00
|
|
|
for (i=0; i < smartlist_len(desc->intro_nodes); ++i) {
|
|
|
|
rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
|
|
|
|
char ipoint[HEX_DIGEST_LEN+2];
|
2008-12-29 20:57:08 +01:00
|
|
|
const size_t ipoint_len = HEX_DIGEST_LEN+1;
|
2007-12-21 10:28:22 +01:00
|
|
|
ipoint[0] = '$';
|
|
|
|
base16_encode(ipoint+1, HEX_DIGEST_LEN+1,
|
|
|
|
intro->extend_info->identity_digest,
|
|
|
|
DIGEST_LEN);
|
2008-12-29 20:57:08 +01:00
|
|
|
tor_assert(strlen(ipoint) == ipoint_len);
|
2008-12-31 15:19:57 +01:00
|
|
|
/* Assert that appending ipoint and its NUL won't over overrun the
|
2008-12-29 20:57:08 +01:00
|
|
|
* buffer. */
|
|
|
|
tor_assert(cp + ipoint_len+1 < *str_out + buflen);
|
|
|
|
memcpy(cp, ipoint, ipoint_len+1);
|
|
|
|
cp += ipoint_len+1;
|
2004-03-31 04:07:38 +02:00
|
|
|
}
|
2006-10-31 20:17:07 +01:00
|
|
|
note_crypto_pk_op(REND_SERVER);
|
2008-02-20 00:59:16 +01:00
|
|
|
r = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out);
|
|
|
|
if (r<0) {
|
2004-03-31 04:07:38 +02:00
|
|
|
tor_free(*str_out);
|
|
|
|
return -1;
|
|
|
|
}
|
2008-02-20 00:59:16 +01:00
|
|
|
cp += r;
|
2005-06-29 23:46:55 +02:00
|
|
|
*len_out = (size_t)(cp-*str_out);
|
2004-03-31 04:07:38 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-05-10 06:34:48 +02:00
|
|
|
/** Parse a service descriptor at <b>str</b> (<b>len</b> bytes). On
|
|
|
|
* success, return a newly alloced service_descriptor_t. On failure,
|
|
|
|
* return NULL.
|
2004-05-05 23:32:43 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
rend_service_descriptor_t *
|
|
|
|
rend_parse_service_descriptor(const char *str, size_t len)
|
2004-03-31 04:07:38 +02:00
|
|
|
{
|
|
|
|
rend_service_descriptor_t *result = NULL;
|
2007-12-21 10:28:22 +01:00
|
|
|
int i, n_intro_points;
|
2004-10-14 04:47:09 +02:00
|
|
|
size_t keylen, asn1len;
|
2004-03-31 04:07:38 +02:00
|
|
|
const char *end, *cp, *eos;
|
2007-12-21 10:28:22 +01:00
|
|
|
rend_intro_point_t *intro;
|
2004-04-02 00:12:00 +02:00
|
|
|
|
2004-03-31 04:07:38 +02:00
|
|
|
result = tor_malloc_zero(sizeof(rend_service_descriptor_t));
|
|
|
|
cp = str;
|
|
|
|
end = str+len;
|
2005-06-29 23:46:55 +02:00
|
|
|
if (end-cp<2) goto truncated;
|
2007-09-18 23:17:45 +02:00
|
|
|
result->version = 0;
|
2004-03-31 04:07:38 +02:00
|
|
|
if (end-cp < 2) goto truncated;
|
2004-04-08 06:47:39 +02:00
|
|
|
asn1len = ntohs(get_uint16(cp));
|
2004-03-31 04:07:38 +02:00
|
|
|
cp += 2;
|
2004-10-14 04:47:09 +02:00
|
|
|
if ((size_t)(end-cp) < asn1len) goto truncated;
|
2004-03-31 04:07:38 +02:00
|
|
|
result->pk = crypto_pk_asn1_decode(cp, asn1len);
|
|
|
|
if (!result->pk) goto truncated;
|
|
|
|
cp += asn1len;
|
|
|
|
if (end-cp < 4) goto truncated;
|
2004-04-08 06:47:39 +02:00
|
|
|
result->timestamp = (time_t) ntohl(get_uint32(cp));
|
2004-03-31 04:07:38 +02:00
|
|
|
cp += 4;
|
2007-09-19 01:48:39 +02:00
|
|
|
result->protocols = 1<<2; /* always use intro format 2 */
|
2004-03-31 04:07:38 +02:00
|
|
|
if (end-cp < 2) goto truncated;
|
2007-12-21 10:28:22 +01:00
|
|
|
n_intro_points = ntohs(get_uint16(cp));
|
2004-03-31 04:07:38 +02:00
|
|
|
cp += 2;
|
2005-07-22 02:14:58 +02:00
|
|
|
|
2007-12-21 10:28:22 +01:00
|
|
|
result->intro_nodes = smartlist_create();
|
|
|
|
for (i=0;i<n_intro_points;++i) {
|
|
|
|
if (end-cp < 2) goto truncated;
|
|
|
|
eos = (const char *)memchr(cp,'\0',end-cp);
|
|
|
|
if (!eos) goto truncated;
|
|
|
|
/* Write nickname to extend info, but postpone the lookup whether
|
|
|
|
* we know that router. It's not part of the parsing process. */
|
|
|
|
intro = tor_malloc_zero(sizeof(rend_intro_point_t));
|
|
|
|
intro->extend_info = tor_malloc_zero(sizeof(extend_info_t));
|
|
|
|
strlcpy(intro->extend_info->nickname, cp,
|
|
|
|
sizeof(intro->extend_info->nickname));
|
|
|
|
smartlist_add(result->intro_nodes, intro);
|
|
|
|
cp = eos+1;
|
2004-03-31 04:07:38 +02:00
|
|
|
}
|
|
|
|
keylen = crypto_pk_keysize(result->pk);
|
2004-10-14 04:47:09 +02:00
|
|
|
tor_assert(end-cp >= 0);
|
|
|
|
if ((size_t)(end-cp) < keylen) goto truncated;
|
|
|
|
if ((size_t)(end-cp) > keylen) {
|
2006-02-13 11:33:00 +01:00
|
|
|
log_warn(LD_PROTOCOL,
|
|
|
|
"Signature is %d bytes too long on service descriptor.",
|
|
|
|
(int)((size_t)(end-cp) - keylen));
|
2004-04-03 05:37:11 +02:00
|
|
|
goto error;
|
|
|
|
}
|
2006-10-31 20:17:07 +01:00
|
|
|
note_crypto_pk_op(REND_CLIENT);
|
2004-04-02 00:12:00 +02:00
|
|
|
if (crypto_pk_public_checksig_digest(result->pk,
|
2004-04-03 04:14:20 +02:00
|
|
|
(char*)str,cp-str, /* data */
|
|
|
|
(char*)cp,end-cp /* signature*/
|
|
|
|
)<0) {
|
2006-02-13 11:33:00 +01:00
|
|
|
log_warn(LD_PROTOCOL, "Bad signature on service descriptor.");
|
2004-03-31 04:07:38 +02:00
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
return result;
|
|
|
|
truncated:
|
2006-02-13 11:33:00 +01:00
|
|
|
log_warn(LD_PROTOCOL, "Truncated service descriptor.");
|
2004-03-31 04:07:38 +02:00
|
|
|
error:
|
|
|
|
rend_service_descriptor_free(result);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2004-05-10 06:34:48 +02:00
|
|
|
/** Sets <b>out</b> to the first 10 bytes of the digest of <b>pk</b>,
|
|
|
|
* base32 encoded. NUL-terminates out. (We use this string to
|
|
|
|
* identify services in directory requests and .onion URLs.)
|
2004-04-06 05:44:36 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
|
|
|
rend_get_service_id(crypto_pk_env_t *pk, char *out)
|
2004-03-31 05:42:56 +02:00
|
|
|
{
|
2004-04-03 04:40:30 +02:00
|
|
|
char buf[DIGEST_LEN];
|
2004-04-25 22:37:37 +02:00
|
|
|
tor_assert(pk);
|
2004-03-31 05:42:56 +02:00
|
|
|
if (crypto_pk_get_digest(pk, buf) < 0)
|
|
|
|
return -1;
|
2007-11-29 16:25:04 +01:00
|
|
|
base32_encode(out, REND_SERVICE_ID_LEN_BASE32+1, buf, REND_SERVICE_ID_LEN);
|
2004-03-31 05:42:56 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-03-31 06:10:10 +02:00
|
|
|
/* ==== Rendezvous service descriptor cache. */
|
2004-05-09 18:47:25 +02:00
|
|
|
|
2007-05-04 09:24:01 +02:00
|
|
|
/** How old do we let hidden service descriptors get before discarding
|
|
|
|
* them as too old? */
|
2006-03-13 00:31:16 +01:00
|
|
|
#define REND_CACHE_MAX_AGE (2*24*60*60)
|
2006-06-06 02:05:39 +02:00
|
|
|
/** How wrong do we assume our clock may be when checking whether hidden
|
2006-03-12 23:48:18 +01:00
|
|
|
* services are too old or too new? */
|
2005-04-03 07:36:23 +02:00
|
|
|
#define REND_CACHE_MAX_SKEW (24*60*60)
|
2004-03-31 05:42:56 +02:00
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Map from service id (as generated by rend_get_service_id) to
|
2004-05-05 23:32:43 +02:00
|
|
|
* rend_cache_entry_t. */
|
2004-03-31 06:10:10 +02:00
|
|
|
static strmap_t *rend_cache = NULL;
|
2004-03-31 05:42:56 +02:00
|
|
|
|
2007-10-29 20:10:42 +01:00
|
|
|
/** Map from descriptor id to rend_cache_entry_t; only for hidden service
|
|
|
|
* directories. */
|
|
|
|
static digestmap_t *rend_cache_v2_dir = NULL;
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Initializes the service descriptor cache.
|
2004-04-06 05:44:36 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
void
|
|
|
|
rend_cache_init(void)
|
2004-03-31 05:42:56 +02:00
|
|
|
{
|
2004-03-31 06:10:10 +02:00
|
|
|
rend_cache = strmap_new();
|
2007-10-29 20:10:42 +01:00
|
|
|
rend_cache_v2_dir = digestmap_new();
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
|
|
|
|
2005-06-11 20:52:12 +02:00
|
|
|
/** Helper: free storage held by a single service descriptor cache entry. */
|
2005-02-28 23:38:00 +01:00
|
|
|
static void
|
|
|
|
_rend_cache_entry_free(void *p)
|
|
|
|
{
|
|
|
|
rend_cache_entry_t *e = p;
|
|
|
|
rend_service_descriptor_free(e->parsed);
|
|
|
|
tor_free(e->desc);
|
|
|
|
tor_free(e);
|
|
|
|
}
|
|
|
|
|
2005-06-11 20:52:12 +02:00
|
|
|
/** Free all storage held by the service descriptor cache. */
|
2005-02-28 23:38:00 +01:00
|
|
|
void
|
|
|
|
rend_cache_free_all(void)
|
|
|
|
{
|
2008-09-09 22:43:31 +02:00
|
|
|
if (rend_cache)
|
|
|
|
strmap_free(rend_cache, _rend_cache_entry_free);
|
|
|
|
if (rend_cache_v2_dir)
|
|
|
|
digestmap_free(rend_cache_v2_dir, _rend_cache_entry_free);
|
2005-02-28 23:38:00 +01:00
|
|
|
rend_cache = NULL;
|
2007-10-29 20:10:42 +01:00
|
|
|
rend_cache_v2_dir = NULL;
|
2005-02-28 23:38:00 +01:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Removes all old entries from the service descriptor cache.
|
2004-04-06 05:44:36 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
void
|
|
|
|
rend_cache_clean(void)
|
2004-03-31 05:42:56 +02:00
|
|
|
{
|
|
|
|
strmap_iter_t *iter;
|
|
|
|
const char *key;
|
|
|
|
void *val;
|
2004-03-31 06:10:10 +02:00
|
|
|
rend_cache_entry_t *ent;
|
2004-03-31 05:42:56 +02:00
|
|
|
time_t cutoff;
|
2005-04-03 07:36:23 +02:00
|
|
|
cutoff = time(NULL) - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
|
2004-03-31 06:10:10 +02:00
|
|
|
for (iter = strmap_iter_init(rend_cache); !strmap_iter_done(iter); ) {
|
2004-03-31 05:42:56 +02:00
|
|
|
strmap_iter_get(iter, &key, &val);
|
2004-03-31 06:10:10 +02:00
|
|
|
ent = (rend_cache_entry_t*)val;
|
2004-03-31 05:42:56 +02:00
|
|
|
if (ent->parsed->timestamp < cutoff) {
|
2004-03-31 06:10:10 +02:00
|
|
|
iter = strmap_iter_next_rmv(rend_cache, iter);
|
2005-02-28 23:38:00 +01:00
|
|
|
_rend_cache_entry_free(ent);
|
2004-03-31 05:42:56 +02:00
|
|
|
} else {
|
2004-03-31 06:10:10 +02:00
|
|
|
iter = strmap_iter_next(rend_cache, iter);
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-11-02 03:25:28 +01:00
|
|
|
/** Remove all old v2 descriptors and those for which this hidden service
|
|
|
|
* directory is not responsible for any more. */
|
2007-10-29 20:10:42 +01:00
|
|
|
void
|
2007-11-02 03:25:28 +01:00
|
|
|
rend_cache_clean_v2_descs_as_dir(void)
|
2007-10-29 20:10:42 +01:00
|
|
|
{
|
|
|
|
digestmap_iter_t *iter;
|
2007-11-02 03:25:28 +01:00
|
|
|
time_t cutoff = time(NULL) - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
|
2007-10-29 20:10:42 +01:00
|
|
|
for (iter = digestmap_iter_init(rend_cache_v2_dir);
|
|
|
|
!digestmap_iter_done(iter); ) {
|
2007-11-02 03:25:28 +01:00
|
|
|
const char *key;
|
|
|
|
void *val;
|
|
|
|
rend_cache_entry_t *ent;
|
2007-10-29 20:10:42 +01:00
|
|
|
digestmap_iter_get(iter, &key, &val);
|
2007-10-29 20:10:47 +01:00
|
|
|
ent = val;
|
2007-11-02 03:25:28 +01:00
|
|
|
if (ent->parsed->timestamp < cutoff ||
|
2007-11-03 21:12:41 +01:00
|
|
|
!hid_serv_responsible_for_desc_id(key)) {
|
2007-10-31 21:48:06 +01:00
|
|
|
char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
|
2007-10-29 20:10:47 +01:00
|
|
|
base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
|
2007-11-02 03:25:28 +01:00
|
|
|
log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(key_base32));
|
2007-10-29 20:10:42 +01:00
|
|
|
iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
|
|
|
|
_rend_cache_entry_free(ent);
|
|
|
|
} else {
|
|
|
|
iter = digestmap_iter_next(rend_cache_v2_dir, iter);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Determines whether <b>a</b> is in the interval of <b>b</b> (excluded) and
|
|
|
|
* <b>c</b> (included) in a circular digest ring; returns 1 if this is the
|
|
|
|
* case, and 0 otherwise.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
rend_id_is_in_interval(const char *a, const char *b, const char *c)
|
|
|
|
{
|
2007-10-29 20:10:47 +01:00
|
|
|
int a_b, b_c, c_a;
|
2007-10-29 20:10:42 +01:00
|
|
|
tor_assert(a);
|
|
|
|
tor_assert(b);
|
|
|
|
tor_assert(c);
|
2007-10-29 20:10:47 +01:00
|
|
|
|
2007-10-29 20:10:42 +01:00
|
|
|
/* There are five cases in which a is outside the interval ]b,c]: */
|
2007-10-29 20:10:47 +01:00
|
|
|
a_b = memcmp(a,b,DIGEST_LEN);
|
|
|
|
if (a_b == 0)
|
|
|
|
return 0; /* 1. a == b (b is excluded) */
|
|
|
|
b_c = memcmp(b,c,DIGEST_LEN);
|
|
|
|
if (b_c == 0)
|
|
|
|
return 0; /* 2. b == c (interval is empty) */
|
|
|
|
else if (a_b <= 0 && b_c < 0)
|
|
|
|
return 0; /* 3. a b c */
|
|
|
|
c_a = memcmp(c,a,DIGEST_LEN);
|
|
|
|
if (c_a < 0 && a_b <= 0)
|
|
|
|
return 0; /* 4. c a b */
|
|
|
|
else if (b_c < 0 && c_a < 0)
|
|
|
|
return 0; /* 5. b c a */
|
|
|
|
|
|
|
|
/* In the other cases (a c b; b a c; c b a), a is inside the interval. */
|
|
|
|
return 1;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
|
2004-05-10 06:34:48 +02:00
|
|
|
/** Return true iff <b>query</b> is a syntactically valid service ID (as
|
2004-05-05 23:32:43 +02:00
|
|
|
* generated by rend_get_service_id). */
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
|
|
|
rend_valid_service_id(const char *query)
|
|
|
|
{
|
2007-11-29 16:25:04 +01:00
|
|
|
if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
|
2004-04-01 21:39:11 +02:00
|
|
|
return 0;
|
|
|
|
|
2007-11-29 16:25:04 +01:00
|
|
|
if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
|
2004-04-03 01:30:54 +02:00
|
|
|
return 0;
|
|
|
|
|
2004-04-01 21:39:11 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2007-09-18 23:17:45 +02:00
|
|
|
/** If we have a cached rend_cache_entry_t for the service ID <b>query</b>
|
|
|
|
* with <b>version</b>, set *<b>e</b> to that entry and return 1.
|
2007-11-01 04:43:02 +01:00
|
|
|
* Else return 0. If <b>version</b> is nonnegative, only return an entry
|
|
|
|
* in that descriptor format version. Otherwise (if <b>version</b> is
|
|
|
|
* negative), return the most recent format we have.
|
2004-05-05 23:32:43 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2005-06-29 23:46:55 +02:00
|
|
|
rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
|
2004-04-08 00:00:54 +02:00
|
|
|
{
|
2007-11-29 16:25:04 +01:00
|
|
|
char key[REND_SERVICE_ID_LEN_BASE32+2]; /* <version><query>\0 */
|
2004-04-25 22:37:37 +02:00
|
|
|
tor_assert(rend_cache);
|
2004-04-08 00:00:54 +02:00
|
|
|
if (!rend_valid_service_id(query))
|
|
|
|
return -1;
|
2007-11-01 04:43:02 +01:00
|
|
|
*e = NULL;
|
|
|
|
if (version != 0) {
|
|
|
|
tor_snprintf(key, sizeof(key), "2%s", query);
|
|
|
|
*e = strmap_get_lc(rend_cache, key);
|
|
|
|
}
|
|
|
|
if (!*e && version != 2) {
|
|
|
|
tor_snprintf(key, sizeof(key), "0%s", query);
|
|
|
|
*e = strmap_get_lc(rend_cache, key);
|
|
|
|
}
|
2004-04-08 00:00:54 +02:00
|
|
|
if (!*e)
|
|
|
|
return 0;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2004-05-10 06:34:48 +02:00
|
|
|
/** <b>query</b> is a base-32'ed service id. If it's malformed, return -1.
|
2004-04-01 21:39:11 +02:00
|
|
|
* Else look it up.
|
2004-05-10 06:34:48 +02:00
|
|
|
* - If it is found, point *desc to it, and write its length into
|
|
|
|
* *desc_len, and return 1.
|
|
|
|
* - If it is not found, return 0.
|
2004-05-05 23:32:43 +02:00
|
|
|
* Note: calls to rend_cache_clean or rend_cache_store may invalidate
|
|
|
|
* *desc.
|
2004-04-01 21:39:11 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2005-12-14 21:40:40 +01:00
|
|
|
rend_cache_lookup_desc(const char *query, int version, const char **desc,
|
|
|
|
size_t *desc_len)
|
2004-03-31 05:42:56 +02:00
|
|
|
{
|
2004-03-31 06:10:10 +02:00
|
|
|
rend_cache_entry_t *e;
|
2004-04-08 00:00:54 +02:00
|
|
|
int r;
|
2005-06-29 23:46:55 +02:00
|
|
|
r = rend_cache_lookup_entry(query,version,&e);
|
2004-04-08 00:00:54 +02:00
|
|
|
if (r <= 0) return r;
|
2004-03-31 05:42:56 +02:00
|
|
|
*desc = e->desc;
|
|
|
|
*desc_len = e->len;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2007-10-29 20:10:42 +01:00
|
|
|
/** Lookup the v2 service descriptor with base32-encoded <b>desc_id</b> and
|
2007-10-29 20:10:47 +01:00
|
|
|
* copy the pointer to it to *<b>desc</b>. Return 1 on success, 0 on
|
|
|
|
* well-formed-but-not-found, and -1 on failure.
|
2007-10-29 20:10:42 +01:00
|
|
|
*/
|
|
|
|
int
|
2007-10-31 21:48:06 +01:00
|
|
|
rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
|
2007-10-29 20:10:42 +01:00
|
|
|
{
|
|
|
|
rend_cache_entry_t *e;
|
|
|
|
char desc_id_digest[DIGEST_LEN];
|
|
|
|
tor_assert(rend_cache_v2_dir);
|
|
|
|
if (base32_decode(desc_id_digest, DIGEST_LEN,
|
2007-10-31 21:48:06 +01:00
|
|
|
desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) {
|
2007-10-29 20:10:42 +01:00
|
|
|
log_warn(LD_REND, "Descriptor ID contains illegal characters: %s",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(desc_id));
|
2007-10-29 20:10:42 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/* Determine if we are responsible. */
|
2007-11-03 21:12:41 +01:00
|
|
|
if (hid_serv_responsible_for_desc_id(desc_id_digest) < 0) {
|
2007-10-29 20:10:42 +01:00
|
|
|
log_info(LD_REND, "Could not answer fetch request for v2 descriptor; "
|
|
|
|
"either we are no hidden service directory, or we are "
|
|
|
|
"not responsible for the requested ID.");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/* Lookup descriptor and return. */
|
2007-10-29 20:10:47 +01:00
|
|
|
e = digestmap_get(rend_cache_v2_dir, desc_id_digest);
|
2007-10-29 20:10:42 +01:00
|
|
|
if (e) {
|
|
|
|
*desc = e->desc;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Parse *desc, calculate its service id, and store it in the cache.
|
2008-01-24 23:49:14 +01:00
|
|
|
* If we have a newer v0 descriptor with the same ID, ignore this one.
|
2004-05-05 23:32:43 +02:00
|
|
|
* If we have an older descriptor with the same ID, replace it.
|
2008-01-24 23:49:14 +01:00
|
|
|
* If we are acting as client due to the published flag and have any v2
|
|
|
|
* descriptor with the same ID, reject this one in order to not get
|
|
|
|
* confused with having both versions for the same service.
|
2008-10-02 09:32:13 +02:00
|
|
|
*
|
|
|
|
* Return -2 if it's malformed or otherwise rejected; return -1 if we
|
|
|
|
* already have a v2 descriptor here; return 0 if it's the same or older
|
|
|
|
* than one we've already got; return 1 if it's novel.
|
|
|
|
*
|
|
|
|
* The published flag tells us if we store the descriptor
|
2007-04-30 19:46:19 +02:00
|
|
|
* in our role as directory (1) or if we cache it as client (0).
|
2004-04-01 21:39:11 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2007-04-30 19:46:13 +02:00
|
|
|
rend_cache_store(const char *desc, size_t desc_len, int published)
|
2004-03-31 05:42:56 +02:00
|
|
|
{
|
2004-03-31 06:10:10 +02:00
|
|
|
rend_cache_entry_t *e;
|
2004-03-31 05:42:56 +02:00
|
|
|
rend_service_descriptor_t *parsed;
|
2007-11-29 16:25:04 +01:00
|
|
|
char query[REND_SERVICE_ID_LEN_BASE32+1];
|
|
|
|
char key[REND_SERVICE_ID_LEN_BASE32+2]; /* 0<query>\0 */
|
2004-03-31 05:42:56 +02:00
|
|
|
time_t now;
|
2007-04-30 19:46:13 +02:00
|
|
|
or_options_t *options = get_options();
|
2004-04-25 22:37:37 +02:00
|
|
|
tor_assert(rend_cache);
|
2004-03-31 05:42:56 +02:00
|
|
|
parsed = rend_parse_service_descriptor(desc,desc_len);
|
|
|
|
if (!parsed) {
|
2006-02-13 11:33:00 +01:00
|
|
|
log_warn(LD_PROTOCOL,"Couldn't parse service descriptor.");
|
2008-10-02 09:32:13 +02:00
|
|
|
return -2;
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
|
|
|
if (rend_get_service_id(parsed->pk, query)<0) {
|
2006-02-13 11:33:00 +01:00
|
|
|
log_warn(LD_BUG,"Couldn't compute service ID.");
|
2004-03-31 05:42:56 +02:00
|
|
|
rend_service_descriptor_free(parsed);
|
2008-10-02 09:32:13 +02:00
|
|
|
return -2;
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
|
|
|
now = time(NULL);
|
2005-04-03 07:36:23 +02:00
|
|
|
if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
|
2006-02-21 07:23:57 +01:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_REND,
|
|
|
|
"Service descriptor %s is too old.", safe_str(query));
|
2004-03-31 05:42:56 +02:00
|
|
|
rend_service_descriptor_free(parsed);
|
2008-10-02 09:32:13 +02:00
|
|
|
return -2;
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
2004-03-31 06:10:10 +02:00
|
|
|
if (parsed->timestamp > now+REND_CACHE_MAX_SKEW) {
|
2006-02-21 07:23:57 +01:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_REND,
|
|
|
|
"Service descriptor %s is too far in the future.", safe_str(query));
|
2004-03-31 05:42:56 +02:00
|
|
|
rend_service_descriptor_free(parsed);
|
2008-10-02 09:32:13 +02:00
|
|
|
return -2;
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
2008-01-24 23:49:14 +01:00
|
|
|
/* Do we have a v2 descriptor and fetched this descriptor as a client? */
|
|
|
|
tor_snprintf(key, sizeof(key), "2%s", query);
|
|
|
|
if (!published && strmap_get_lc(rend_cache, key)) {
|
|
|
|
log_info(LD_REND, "We already have a v2 descriptor for service %s.",
|
|
|
|
safe_str(query));
|
2008-09-05 22:52:15 +02:00
|
|
|
rend_service_descriptor_free(parsed);
|
2008-01-24 23:49:14 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2007-04-30 19:46:19 +02:00
|
|
|
/* report novel publication to statistics */
|
2007-04-30 19:46:13 +02:00
|
|
|
if (published && options->HSAuthorityRecordStats) {
|
2007-05-01 01:25:22 +02:00
|
|
|
hs_usage_note_publish_total(query, now);
|
2007-04-30 19:46:13 +02:00
|
|
|
}
|
2008-01-24 23:49:14 +01:00
|
|
|
tor_snprintf(key, sizeof(key), "0%s", query);
|
2005-06-29 23:46:55 +02:00
|
|
|
e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
|
2004-03-31 05:42:56 +02:00
|
|
|
if (e && e->parsed->timestamp > parsed->timestamp) {
|
2006-02-13 11:33:00 +01:00
|
|
|
log_info(LD_REND,"We already have a newer service descriptor %s with the "
|
|
|
|
"same ID and version.", safe_str(query));
|
2004-03-31 05:42:56 +02:00
|
|
|
rend_service_descriptor_free(parsed);
|
2004-04-08 07:08:27 +02:00
|
|
|
return 0;
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
|
|
|
if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) {
|
2006-02-13 11:33:00 +01:00
|
|
|
log_info(LD_REND,"We already have this service descriptor %s.",
|
|
|
|
safe_str(query));
|
2004-04-08 00:00:54 +02:00
|
|
|
e->received = time(NULL);
|
2004-03-31 05:42:56 +02:00
|
|
|
rend_service_descriptor_free(parsed);
|
2004-04-08 07:08:27 +02:00
|
|
|
return 0;
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
|
|
|
if (!e) {
|
2004-03-31 06:10:10 +02:00
|
|
|
e = tor_malloc_zero(sizeof(rend_cache_entry_t));
|
2005-06-29 23:46:55 +02:00
|
|
|
strmap_set_lc(rend_cache, key, e);
|
2007-04-30 19:46:19 +02:00
|
|
|
/* report novel publication to statistics */
|
2007-04-30 19:46:13 +02:00
|
|
|
if (published && options->HSAuthorityRecordStats) {
|
2007-05-01 01:25:22 +02:00
|
|
|
hs_usage_note_publish_novel(query, now);
|
2007-04-30 19:46:13 +02:00
|
|
|
}
|
2004-03-31 05:42:56 +02:00
|
|
|
} else {
|
|
|
|
rend_service_descriptor_free(e->parsed);
|
|
|
|
tor_free(e->desc);
|
|
|
|
}
|
2004-04-08 00:00:54 +02:00
|
|
|
e->received = time(NULL);
|
2004-03-31 05:42:56 +02:00
|
|
|
e->parsed = parsed;
|
|
|
|
e->len = desc_len;
|
2004-04-03 05:39:31 +02:00
|
|
|
e->desc = tor_malloc(desc_len);
|
|
|
|
memcpy(e->desc, desc, desc_len);
|
2004-03-31 05:42:56 +02:00
|
|
|
|
2006-02-13 11:33:00 +01:00
|
|
|
log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
|
|
|
|
safe_str(query), (int)desc_len);
|
2005-01-20 00:15:59 +01:00
|
|
|
return 1;
|
2004-03-31 05:42:56 +02:00
|
|
|
}
|
|
|
|
|
2007-10-29 20:10:42 +01:00
|
|
|
/** Parse the v2 service descriptor(s) in <b>desc</b> and store it/them to the
|
|
|
|
* local rend cache. Don't attempt to decrypt the included list of introduction
|
|
|
|
* points (as we don't have a descriptor cookie for it).
|
|
|
|
*
|
|
|
|
* If we have a newer descriptor with the same ID, ignore this one.
|
|
|
|
* If we have an older descriptor with the same ID, replace it.
|
2008-01-06 02:54:09 +01:00
|
|
|
* Return -2 if we are not acting as hidden service directory;
|
|
|
|
* return -1 if the descriptor(s) were not parsable; return 0 if all
|
|
|
|
* descriptors are the same or older than those we've already got;
|
|
|
|
* return a positive number for the number of novel stored descriptors.
|
2007-10-29 20:10:42 +01:00
|
|
|
*/
|
|
|
|
int
|
2007-10-29 20:10:47 +01:00
|
|
|
rend_cache_store_v2_desc_as_dir(const char *desc)
|
2007-10-29 20:10:42 +01:00
|
|
|
{
|
|
|
|
rend_service_descriptor_t *parsed;
|
|
|
|
char desc_id[DIGEST_LEN];
|
|
|
|
char *intro_content;
|
|
|
|
size_t intro_size;
|
|
|
|
size_t encoded_size;
|
2007-10-31 21:48:06 +01:00
|
|
|
char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
|
2008-01-06 02:54:09 +01:00
|
|
|
int number_parsed = 0, number_stored = 0;
|
2007-10-29 20:10:42 +01:00
|
|
|
const char *current_desc = desc;
|
|
|
|
const char *next_desc;
|
|
|
|
rend_cache_entry_t *e;
|
|
|
|
time_t now = time(NULL);
|
|
|
|
tor_assert(rend_cache_v2_dir);
|
|
|
|
tor_assert(desc);
|
2007-11-03 21:12:41 +01:00
|
|
|
if (!hid_serv_acting_as_directory()) {
|
2007-10-29 20:10:42 +01:00
|
|
|
/* Cannot store descs, because we are (currently) not acting as
|
|
|
|
* hidden service directory. */
|
|
|
|
log_info(LD_REND, "Cannot store descs: Not acting as hs dir");
|
2008-01-06 02:54:09 +01:00
|
|
|
return -2;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
|
|
|
|
&intro_size, &encoded_size,
|
|
|
|
&next_desc, current_desc) >= 0) {
|
2008-01-06 02:54:09 +01:00
|
|
|
number_parsed++;
|
2007-10-29 20:10:42 +01:00
|
|
|
/* We don't care about the introduction points. */
|
|
|
|
tor_free(intro_content);
|
|
|
|
/* For pretty log statements. */
|
2007-10-29 20:10:47 +01:00
|
|
|
base32_encode(desc_id_base32, sizeof(desc_id_base32),
|
2007-10-29 20:10:42 +01:00
|
|
|
desc_id, DIGEST_LEN);
|
|
|
|
/* Is desc ID in the range that we are (directly or indirectly) responsible
|
|
|
|
* for? */
|
2007-11-03 21:12:41 +01:00
|
|
|
if (!hid_serv_responsible_for_desc_id(desc_id)) {
|
2007-10-29 20:10:42 +01:00
|
|
|
log_info(LD_REND, "Service descriptor with desc ID %s is not in "
|
|
|
|
"interval that we are responsible for.",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(desc_id_base32));
|
2007-10-29 20:10:42 +01:00
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
/* Is descriptor too old? */
|
|
|
|
if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
|
|
|
|
log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(desc_id_base32));
|
2007-10-29 20:10:42 +01:00
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
/* Is descriptor too far in the future? */
|
|
|
|
if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
|
|
|
|
log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
|
|
|
|
"future.",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(desc_id_base32));
|
2007-10-29 20:10:42 +01:00
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
/* Do we already have a newer descriptor? */
|
2007-10-29 20:10:47 +01:00
|
|
|
e = digestmap_get(rend_cache_v2_dir, desc_id);
|
2007-10-29 20:10:42 +01:00
|
|
|
if (e && e->parsed->timestamp > parsed->timestamp) {
|
|
|
|
log_info(LD_REND, "We already have a newer service descriptor with the "
|
2008-02-13 17:34:00 +01:00
|
|
|
"same desc ID %s and version.",
|
|
|
|
safe_str(desc_id_base32));
|
2007-10-29 20:10:42 +01:00
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
/* Do we already have this descriptor? */
|
|
|
|
if (e && !strcmp(desc, e->desc)) {
|
|
|
|
log_info(LD_REND, "We already have this service descriptor with desc "
|
2008-02-13 17:34:00 +01:00
|
|
|
"ID %s.", safe_str(desc_id_base32));
|
2007-10-29 20:10:42 +01:00
|
|
|
e->received = time(NULL);
|
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
/* Store received descriptor. */
|
|
|
|
if (!e) {
|
|
|
|
e = tor_malloc_zero(sizeof(rend_cache_entry_t));
|
|
|
|
digestmap_set(rend_cache_v2_dir, desc_id, e);
|
|
|
|
} else {
|
|
|
|
rend_service_descriptor_free(e->parsed);
|
|
|
|
tor_free(e->desc);
|
|
|
|
}
|
|
|
|
e->received = time(NULL);
|
|
|
|
e->parsed = parsed;
|
2007-10-29 20:10:47 +01:00
|
|
|
e->desc = tor_strndup(current_desc, encoded_size);
|
2007-10-29 20:10:42 +01:00
|
|
|
e->len = encoded_size;
|
|
|
|
log_info(LD_REND, "Successfully stored service descriptor with desc ID "
|
2008-02-13 17:34:00 +01:00
|
|
|
"'%s' and len %d.",
|
|
|
|
safe_str(desc_id_base32), (int)encoded_size);
|
2007-10-29 20:10:42 +01:00
|
|
|
number_stored++;
|
2007-10-29 20:10:47 +01:00
|
|
|
goto advance;
|
|
|
|
skip:
|
|
|
|
rend_service_descriptor_free(parsed);
|
|
|
|
advance:
|
2007-10-29 20:10:42 +01:00
|
|
|
/* advance to next descriptor, if available. */
|
|
|
|
current_desc = next_desc;
|
|
|
|
/* check if there is a next descriptor. */
|
2007-10-29 20:10:47 +01:00
|
|
|
if (!current_desc ||
|
|
|
|
strcmpstart(current_desc, "rendezvous-service-descriptor "))
|
2007-10-29 20:10:42 +01:00
|
|
|
break;
|
|
|
|
}
|
2008-01-06 02:54:09 +01:00
|
|
|
if (!number_parsed) {
|
|
|
|
log_info(LD_REND, "Could not parse any descriptor.");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
log_info(LD_REND, "Parsed %d and added %d descriptor%s.",
|
|
|
|
number_parsed, number_stored, number_stored != 1 ? "s" : "");
|
2007-10-29 20:10:42 +01:00
|
|
|
return number_stored;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Parse the v2 service descriptor in <b>desc</b>, decrypt the included list
|
|
|
|
* of introduction points with <b>descriptor_cookie</b> (which may also be
|
|
|
|
* <b>NULL</b> if decryption is not necessary), and store the descriptor to
|
|
|
|
* the local cache under its version and service id.
|
|
|
|
*
|
2008-01-24 23:49:14 +01:00
|
|
|
* If we have a newer v2 descriptor with the same ID, ignore this one.
|
2007-10-29 20:10:42 +01:00
|
|
|
* If we have an older descriptor with the same ID, replace it.
|
2008-01-24 23:49:14 +01:00
|
|
|
* If we have any v0 descriptor with the same ID, reject this one in order
|
|
|
|
* to not get confused with having both versions for the same service.
|
|
|
|
* Return -2 if it's malformed or otherwise rejected; return -1 if we
|
|
|
|
* already have a v0 descriptor here; return 0 if it's the same or older
|
|
|
|
* than one we've already got; return 1 if it's novel.
|
2007-10-29 20:10:42 +01:00
|
|
|
*/
|
|
|
|
int
|
2007-10-29 20:10:47 +01:00
|
|
|
rend_cache_store_v2_desc_as_client(const char *desc,
|
2008-09-24 16:44:29 +02:00
|
|
|
const rend_data_t *rend_query)
|
2007-10-29 20:10:42 +01:00
|
|
|
{
|
2007-10-29 20:10:47 +01:00
|
|
|
/*XXXX this seems to have a bit of duplicate code with
|
|
|
|
* rend_cache_store_v2_desc_as_dir(). Fix that. */
|
2007-11-02 03:25:28 +01:00
|
|
|
/* Though having similar elements, both functions were separated on
|
|
|
|
* purpose:
|
|
|
|
* - dirs don't care about encoded/encrypted introduction points, clients
|
|
|
|
* do.
|
|
|
|
* - dirs store descriptors in a separate cache by descriptor ID, whereas
|
|
|
|
* clients store them by service ID; both caches are different data
|
|
|
|
* structures and have different access methods.
|
|
|
|
* - dirs store a descriptor only if they are responsible for its ID,
|
|
|
|
* clients do so in every way (because they have requested it before).
|
|
|
|
* - dirs can process multiple concatenated descriptors which is required
|
|
|
|
* for replication, whereas clients only accept a single descriptor.
|
|
|
|
* Thus, combining both methods would result in a lot of if statements
|
|
|
|
* which probably would not improve, but worsen code readability. -KL */
|
2007-10-29 20:10:42 +01:00
|
|
|
rend_service_descriptor_t *parsed = NULL;
|
|
|
|
char desc_id[DIGEST_LEN];
|
|
|
|
char *intro_content = NULL;
|
|
|
|
size_t intro_size;
|
|
|
|
size_t encoded_size;
|
|
|
|
const char *next_desc;
|
|
|
|
time_t now = time(NULL);
|
2007-11-29 16:25:04 +01:00
|
|
|
char key[REND_SERVICE_ID_LEN_BASE32+2];
|
|
|
|
char service_id[REND_SERVICE_ID_LEN_BASE32+1];
|
2007-10-29 20:10:42 +01:00
|
|
|
rend_cache_entry_t *e;
|
2008-12-18 01:11:49 +01:00
|
|
|
int retval;
|
2007-10-29 20:10:42 +01:00
|
|
|
tor_assert(rend_cache);
|
|
|
|
tor_assert(desc);
|
|
|
|
/* Parse the descriptor. */
|
|
|
|
if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
|
|
|
|
&intro_size, &encoded_size,
|
|
|
|
&next_desc, desc) < 0) {
|
|
|
|
log_warn(LD_REND, "Could not parse descriptor.");
|
2008-12-18 01:11:49 +01:00
|
|
|
retval = -2;
|
|
|
|
goto err;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
/* Compute service ID from public key. */
|
|
|
|
if (rend_get_service_id(parsed->pk, service_id)<0) {
|
|
|
|
log_warn(LD_REND, "Couldn't compute service ID.");
|
2008-12-18 01:11:49 +01:00
|
|
|
retval = -2;
|
|
|
|
goto err;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
/* Decode/decrypt introduction points. */
|
2007-12-01 00:45:16 +01:00
|
|
|
if (intro_content) {
|
2008-09-24 16:44:29 +02:00
|
|
|
if (rend_query->auth_type != REND_NO_AUTH &&
|
|
|
|
rend_query->descriptor_cookie) {
|
2008-12-18 01:11:49 +01:00
|
|
|
char *ipos_decrypted = NULL;
|
2008-09-24 16:44:29 +02:00
|
|
|
size_t ipos_decrypted_size;
|
|
|
|
if (rend_decrypt_introduction_points(&ipos_decrypted,
|
|
|
|
&ipos_decrypted_size,
|
|
|
|
rend_query->descriptor_cookie,
|
|
|
|
intro_content,
|
|
|
|
intro_size) < 0) {
|
|
|
|
log_warn(LD_REND, "Failed to decrypt introduction points. We are "
|
|
|
|
"probably unable to parse the encoded introduction points.");
|
|
|
|
} else {
|
|
|
|
/* Replace encrypted with decrypted introduction points. */
|
|
|
|
log_info(LD_REND, "Successfully decrypted introduction points.");
|
|
|
|
tor_free(intro_content);
|
|
|
|
intro_content = ipos_decrypted;
|
|
|
|
intro_size = ipos_decrypted_size;
|
|
|
|
}
|
|
|
|
}
|
2008-08-19 17:41:28 +02:00
|
|
|
if (rend_parse_introduction_points(parsed, intro_content,
|
2008-09-24 16:44:29 +02:00
|
|
|
intro_size) <= 0) {
|
|
|
|
log_warn(LD_REND, "Failed to parse introduction points. Either the "
|
|
|
|
"service has published a corrupt descriptor or you have "
|
|
|
|
"provided invalid authorization data.");
|
2008-12-18 01:11:49 +01:00
|
|
|
retval = -2;
|
|
|
|
goto err;
|
2007-12-01 00:45:16 +01:00
|
|
|
}
|
2007-11-27 22:06:34 +01:00
|
|
|
} else {
|
2008-09-24 16:44:29 +02:00
|
|
|
log_info(LD_REND, "Descriptor does not contain any introduction points.");
|
2007-12-21 10:28:22 +01:00
|
|
|
parsed->intro_nodes = smartlist_create();
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
/* We don't need the encoded/encrypted introduction points any longer. */
|
|
|
|
tor_free(intro_content);
|
|
|
|
/* Is descriptor too old? */
|
|
|
|
if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
|
|
|
|
log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(service_id));
|
2008-12-18 01:11:49 +01:00
|
|
|
retval = -2;
|
|
|
|
goto err;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
/* Is descriptor too far in the future? */
|
|
|
|
if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
|
|
|
|
log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
|
2008-02-13 17:34:00 +01:00
|
|
|
"the future.", safe_str(service_id));
|
2008-12-18 01:11:49 +01:00
|
|
|
retval = -2;
|
|
|
|
goto err;
|
2008-01-24 23:49:14 +01:00
|
|
|
}
|
|
|
|
/* Do we have a v0 descriptor? */
|
|
|
|
tor_snprintf(key, sizeof(key), "0%s", service_id);
|
|
|
|
if (strmap_get_lc(rend_cache, key)) {
|
|
|
|
log_info(LD_REND, "We already have a v0 descriptor for service ID %s.",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(service_id));
|
2008-12-18 01:11:49 +01:00
|
|
|
retval = -1;
|
|
|
|
goto err;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
/* Do we already have a newer descriptor? */
|
|
|
|
tor_snprintf(key, sizeof(key), "2%s", service_id);
|
|
|
|
e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
|
|
|
|
if (e && e->parsed->timestamp > parsed->timestamp) {
|
|
|
|
log_info(LD_REND, "We already have a newer service descriptor for "
|
|
|
|
"service ID %s with the same desc ID and version.",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(service_id));
|
2008-12-18 01:11:49 +01:00
|
|
|
retval = 0;
|
|
|
|
goto err;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
/* Do we already have this descriptor? */
|
|
|
|
if (e && !strcmp(desc, e->desc)) {
|
|
|
|
log_info(LD_REND,"We already have this service descriptor %s.",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(service_id));
|
2007-10-29 20:10:42 +01:00
|
|
|
e->received = time(NULL);
|
2008-12-18 01:11:49 +01:00
|
|
|
retval = 0;
|
|
|
|
goto err;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
if (!e) {
|
|
|
|
e = tor_malloc_zero(sizeof(rend_cache_entry_t));
|
|
|
|
strmap_set_lc(rend_cache, key, e);
|
|
|
|
} else {
|
|
|
|
rend_service_descriptor_free(e->parsed);
|
|
|
|
tor_free(e->desc);
|
|
|
|
}
|
|
|
|
e->received = time(NULL);
|
|
|
|
e->parsed = parsed;
|
|
|
|
e->desc = tor_malloc_zero(encoded_size + 1);
|
|
|
|
strlcpy(e->desc, desc, encoded_size + 1);
|
|
|
|
e->len = encoded_size;
|
|
|
|
log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
|
2008-02-13 17:34:00 +01:00
|
|
|
safe_str(service_id), (int)encoded_size);
|
2007-10-29 20:10:42 +01:00
|
|
|
return 1;
|
2008-12-18 01:11:49 +01:00
|
|
|
|
|
|
|
err:
|
|
|
|
if (parsed)
|
|
|
|
rend_service_descriptor_free(parsed);
|
|
|
|
tor_free(intro_content);
|
|
|
|
return retval;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Called when we get a rendezvous-related relay cell on circuit
|
2004-05-10 06:34:48 +02:00
|
|
|
* <b>circ</b>. Dispatch on rendezvous relay command. */
|
2005-06-11 20:52:12 +02:00
|
|
|
void
|
2008-10-27 17:46:45 +01:00
|
|
|
rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
|
|
|
|
int command, size_t length,
|
2010-12-14 01:34:01 +01:00
|
|
|
const uint8_t *payload)
|
2004-04-03 05:37:11 +02:00
|
|
|
{
|
2006-07-23 09:37:35 +02:00
|
|
|
or_circuit_t *or_circ = NULL;
|
|
|
|
origin_circuit_t *origin_circ = NULL;
|
2007-08-31 16:20:44 +02:00
|
|
|
int r = -2;
|
2008-10-27 17:46:45 +01:00
|
|
|
if (CIRCUIT_IS_ORIGIN(circ)) {
|
2006-07-23 09:37:35 +02:00
|
|
|
origin_circ = TO_ORIGIN_CIRCUIT(circ);
|
2008-10-27 17:57:18 +01:00
|
|
|
if (!layer_hint || layer_hint != origin_circ->cpath->prev) {
|
2008-10-27 17:46:45 +01:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_APP,
|
|
|
|
"Relay cell (rend purpose %d) from wrong hop on origin circ",
|
|
|
|
command);
|
|
|
|
origin_circ = NULL;
|
|
|
|
}
|
|
|
|
} else {
|
2006-07-23 09:37:35 +02:00
|
|
|
or_circ = TO_OR_CIRCUIT(circ);
|
2008-10-27 17:46:45 +01:00
|
|
|
}
|
2006-07-23 09:37:35 +02:00
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
switch (command) {
|
2004-04-03 05:37:11 +02:00
|
|
|
case RELAY_COMMAND_ESTABLISH_INTRO:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (or_circ)
|
|
|
|
r = rend_mid_establish_intro(or_circ,payload,length);
|
2004-04-03 05:37:11 +02:00
|
|
|
break;
|
|
|
|
case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (or_circ)
|
|
|
|
r = rend_mid_establish_rendezvous(or_circ,payload,length);
|
2004-04-03 05:37:11 +02:00
|
|
|
break;
|
|
|
|
case RELAY_COMMAND_INTRODUCE1:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (or_circ)
|
|
|
|
r = rend_mid_introduce(or_circ,payload,length);
|
2004-04-03 05:37:11 +02:00
|
|
|
break;
|
|
|
|
case RELAY_COMMAND_INTRODUCE2:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (origin_circ)
|
|
|
|
r = rend_service_introduce(origin_circ,payload,length);
|
2004-04-03 05:37:11 +02:00
|
|
|
break;
|
2004-04-13 01:33:47 +02:00
|
|
|
case RELAY_COMMAND_INTRODUCE_ACK:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (origin_circ)
|
|
|
|
r = rend_client_introduction_acked(origin_circ,payload,length);
|
2004-04-13 01:33:47 +02:00
|
|
|
break;
|
2004-04-03 05:37:11 +02:00
|
|
|
case RELAY_COMMAND_RENDEZVOUS1:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (or_circ)
|
|
|
|
r = rend_mid_rendezvous(or_circ,payload,length);
|
2004-04-03 05:37:11 +02:00
|
|
|
break;
|
|
|
|
case RELAY_COMMAND_RENDEZVOUS2:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (origin_circ)
|
|
|
|
r = rend_client_receive_rendezvous(origin_circ,payload,length);
|
2004-04-03 05:37:11 +02:00
|
|
|
break;
|
2004-04-03 06:55:22 +02:00
|
|
|
case RELAY_COMMAND_INTRO_ESTABLISHED:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (origin_circ)
|
|
|
|
r = rend_service_intro_established(origin_circ,payload,length);
|
2004-04-03 06:55:22 +02:00
|
|
|
break;
|
|
|
|
case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
|
2007-08-31 16:20:44 +02:00
|
|
|
if (origin_circ)
|
|
|
|
r = rend_client_rendezvous_acked(origin_circ,payload,length);
|
2004-04-03 06:55:22 +02:00
|
|
|
break;
|
2004-04-03 05:37:11 +02:00
|
|
|
default:
|
2007-08-31 16:20:44 +02:00
|
|
|
tor_fragile_assert();
|
2004-04-03 05:37:11 +02:00
|
|
|
}
|
2006-10-09 04:35:51 +02:00
|
|
|
|
2007-08-31 16:20:44 +02:00
|
|
|
if (r == -2)
|
|
|
|
log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
|
|
|
|
command);
|
2004-04-03 05:37:11 +02:00
|
|
|
}
|
2005-06-09 21:03:31 +02:00
|
|
|
|
2007-04-30 19:46:19 +02:00
|
|
|
/** Return the number of entries in our rendezvous descriptor cache. */
|
2007-04-30 19:46:13 +02:00
|
|
|
int
|
|
|
|
rend_cache_size(void)
|
|
|
|
{
|
|
|
|
return strmap_size(rend_cache);
|
|
|
|
}
|
|
|
|
|
2008-09-24 16:44:29 +02:00
|
|
|
/** Allocate and return a new rend_data_t with the same
|
|
|
|
* contents as <b>query</b>. */
|
|
|
|
rend_data_t *
|
|
|
|
rend_data_dup(const rend_data_t *data)
|
|
|
|
{
|
|
|
|
tor_assert(data);
|
|
|
|
return tor_memdup(data, sizeof(rend_data_t));
|
|
|
|
}
|
|
|
|
|