Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 02e2edeb33
Branches Tags
tor
/
src
/
or
/
hs_service.c

hs_service.c 8.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259 
  1. /* Copyright (c) 2016-2017, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. /**
    5. 

  5.  * \file hs_service.c
    6. 

  6.  * \brief Implement next generation hidden service functionality
    7. 

  7.  **/
    8. 

  8. 

  9. #include "or.h"
    10. 

  10. #include "relay.h"
    11. 

  11. #include "rendservice.h"
    12. 

  12. #include "circuitlist.h"
    13. 

  13. #include "circpathbias.h"
    14. 

  14. 

  15. #include "hs_intropoint.h"
    16. 

  16. #include "hs_service.h"
    17. 

  17. #include "hs_common.h"
    18. 

  18. 

  19. #include "hs/cell_establish_intro.h"
    20. 

  20. #include "hs/cell_common.h"
    21. 

  21. 

  22. /* Set the default values for a service configuration object <b>c</b>. */
    23. 

  23. static void
    24. 

  24. set_service_default_config(hs_service_config_t *c,
    25. 

  25.                            const or_options_t *options)
    26. 

  26. {
    27. 

  27.   tor_assert(c);
    28. 

  28.   c->ports = smartlist_new();
    29. 

  29.   c->directory_path = NULL;
    30. 

  30.   c->descriptor_post_period = options->RendPostPeriod;
    31. 

  31.   c->max_streams_per_rdv_circuit = 0;
    32. 

  32.   c->max_streams_close_circuit = 0;
    33. 

  33.   c->num_intro_points = NUM_INTRO_POINTS_DEFAULT;
    34. 

  34.   c->allow_unknown_ports = 0;
    35. 

  35.   c->is_single_onion = 0;
    36. 

  36.   c->dir_group_readable = 0;
    37. 

  37.   c->is_ephemeral = 0;
    38. 

  38. }
    39. 

  39. 

  40. /* Allocate and initilize a service object. The service configuration will
    41. 

  41.  * contain the default values. Return the newly allocated object pointer. This
    42. 

  42.  * function can't fail. */
    43. 

  43. hs_service_t *
    44. 

  44. hs_service_new(const or_options_t *options)
    45. 

  45. {
    46. 

  46.   hs_service_t *service = tor_malloc_zero(sizeof(hs_service_t));
    47. 

  47.   /* Set default configuration value. */
    48. 

  48.   set_service_default_config(&service->config, options);
    49. 

  49.   /* Set the default service version. */
    50. 

  50.   service->version = HS_SERVICE_DEFAULT_VERSION;
    51. 

  51.   return service;
    52. 

  52. }
    53. 

  53. 

  54. /* Free the given <b>service</b> object and all its content. This function
    55. 

  55.  * also takes care of wiping service keys from memory. It is safe to pass a
    56. 

  56.  * NULL pointer. */
    57. 

  57. void
    58. 

  58. hs_service_free(hs_service_t *service)
    59. 

  59. {
    60. 

  60.   if (service == NULL) {
    61. 

  61.     return;
    62. 

  62.   }
    63. 

  63. 

  64.   /* Free descriptors. */
    65. 

  65.   if (service->desc_current) {
    66. 

  66.     hs_descriptor_free(service->desc_current->desc);
    67. 

  67.     /* Wipe keys. */
    68. 

  68.     memwipe(&service->desc_current->signing_kp, 0,
    69. 

  69.             sizeof(service->desc_current->signing_kp));
    70. 

  70.     memwipe(&service->desc_current->blinded_kp, 0,
    71. 

  71.             sizeof(service->desc_current->blinded_kp));
    72. 

  72.     /* XXX: Free intro points. */
    73. 

  73.     tor_free(service->desc_current);
    74. 

  74.   }
    75. 

  75.   if (service->desc_next) {
    76. 

  76.     hs_descriptor_free(service->desc_next->desc);
    77. 

  77.     /* Wipe keys. */
    78. 

  78.     memwipe(&service->desc_next->signing_kp, 0,
    79. 

  79.             sizeof(service->desc_next->signing_kp));
    80. 

  80.     memwipe(&service->desc_next->blinded_kp, 0,
    81. 

  81.             sizeof(service->desc_next->blinded_kp));
    82. 

  82.     /* XXX: Free intro points. */
    83. 

  83.     tor_free(service->desc_next);
    84. 

  84.   }
    85. 

  85. 

  86.   /* Free service configuration. */
    87. 

  87.   tor_free(service->config.directory_path);
    88. 

  88.   if (service->config.ports) {
    89. 

  89.     SMARTLIST_FOREACH(service->config.ports, rend_service_port_config_t *, p,
    90. 

  90.                       rend_service_port_config_free(p););
    91. 

  91.     smartlist_free(service->config.ports);
    92. 

  92.   }
    93. 

  93. 

  94.   /* Wipe service keys. */
    95. 

  95.   memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk));
    96. 

  96. 

  97.   tor_free(service);
    98. 

  98. }
    99. 

  99. 

  100. /* Release all global the storage of hidden service subsystem. */
    101. 

  101. void
    102. 

  102. hs_service_free_all(void)
    103. 

  103. {
    104. 

  104.   rend_service_free_all();
    105. 

  105. }
    106. 

  106. 

  107. /* XXX We don't currently use these functions, apart from generating unittest
    108. 

  108.    data. When we start implementing the service-side support for prop224 we
    109. 

  109.    should revisit these functions and use them. */
    110. 

  110. 

  111. /** Given an ESTABLISH_INTRO <b>cell</b>, encode it and place its payload in
    112. 

  112.  *  <b>buf_out</b> which has size <b>buf_out_len</b>. Return the number of
    113. 

  113.  *  bytes written, or a negative integer if there was an error. */
    114. 

  114. ssize_t
    115. 

  115. get_establish_intro_payload(uint8_t *buf_out, size_t buf_out_len,
    116. 

  116.                             const trn_cell_establish_intro_t *cell)
    117. 

  117. {
    118. 

  118.   ssize_t bytes_used = 0;
    119. 

  119. 

  120.   if (buf_out_len < RELAY_PAYLOAD_SIZE) {
    121. 

  121.     return -1;
    122. 

  122.   }
    123. 

  123. 

  124.   bytes_used = trn_cell_establish_intro_encode(buf_out, buf_out_len,
    125. 

  125.                                               cell);
    126. 

  126.   return bytes_used;
    127. 

  127. }
    128. 

  128. 

  129. /* Set the cell extensions of <b>cell</b>. */
    130. 

  130. static void
    131. 

  131. set_trn_cell_extensions(trn_cell_establish_intro_t *cell)
    132. 

  132. {
    133. 

  133.   trn_cell_extension_t *trn_cell_extensions = trn_cell_extension_new();
    134. 

  134. 

  135.   /* For now, we don't use extensions at all. */
    136. 

  136.   trn_cell_extensions->num = 0; /* It's already zeroed, but be explicit. */
    137. 

  137.   trn_cell_establish_intro_set_extensions(cell, trn_cell_extensions);
    138. 

  138. }
    139. 

  139. 

  140. /** Given the circuit handshake info in <b>circuit_key_material</b>, create and
    141. 

  141.  *  return an ESTABLISH_INTRO cell. Return NULL if something went wrong.  The
    142. 

  142.  *  returned cell is allocated on the heap and it's the responsibility of the
    143. 

  143.  *  caller to free it. */
    144. 

  144. trn_cell_establish_intro_t *
    145. 

  145. generate_establish_intro_cell(const uint8_t *circuit_key_material,
    146. 

  146.                               size_t circuit_key_material_len)
    147. 

  147. {
    148. 

  148.   trn_cell_establish_intro_t *cell = NULL;
    149. 

  149.   ssize_t encoded_len;
    150. 

  150. 

  151.   log_warn(LD_GENERAL,
    152. 

  152.            "Generating ESTABLISH_INTRO cell (key_material_len: %u)",
    153. 

  153.            (unsigned) circuit_key_material_len);
    154. 

  154. 

  155.   /* Generate short-term keypair for use in ESTABLISH_INTRO */
    156. 

  156.   ed25519_keypair_t key_struct;
    157. 

  157.   if (ed25519_keypair_generate(&key_struct, 0) < 0) {
    158. 

  158.     goto err;
    159. 

  159.   }
    160. 

  160. 

  161.   cell = trn_cell_establish_intro_new();
    162. 

  162. 

  163.   /* Set AUTH_KEY_TYPE: 2 means ed25519 */
    164. 

  164.   trn_cell_establish_intro_set_auth_key_type(cell,
    165. 

  165.                                              HS_INTRO_AUTH_KEY_TYPE_ED25519);
    166. 

  166. 

  167.   /* Set AUTH_KEY_LEN field */
    168. 

  168.   /* Must also set byte-length of AUTH_KEY to match */
    169. 

  169.   int auth_key_len = ED25519_PUBKEY_LEN;
    170. 

  170.   trn_cell_establish_intro_set_auth_key_len(cell, auth_key_len);
    171. 

  171.   trn_cell_establish_intro_setlen_auth_key(cell, auth_key_len);
    172. 

  172. 

  173.   /* Set AUTH_KEY field */
    174. 

  174.   uint8_t *auth_key_ptr = trn_cell_establish_intro_getarray_auth_key(cell);
    175. 

  175.   memcpy(auth_key_ptr, key_struct.pubkey.pubkey, auth_key_len);
    176. 

  176. 

  177.   /* No cell extensions needed */
    178. 

  178.   set_trn_cell_extensions(cell);
    179. 

  179. 

  180.   /* Set signature size.
    181. 

  181.      We need to do this up here, because _encode() needs it and we need to call
    182. 

  182.      _encode() to calculate the MAC and signature.
    183. 

  183.   */
    184. 

  184.   int sig_len = ED25519_SIG_LEN;
    185. 

  185.   trn_cell_establish_intro_set_sig_len(cell, sig_len);
    186. 

  186.   trn_cell_establish_intro_setlen_sig(cell, sig_len);
    187. 

  187. 

  188.   /* XXX How to make this process easier and nicer? */
    189. 

  189. 

  190.   /* Calculate the cell MAC (aka HANDSHAKE_AUTH). */
    191. 

  191.   {
    192. 

  192.     /* To calculate HANDSHAKE_AUTH, we dump the cell in bytes, and then derive
    193. 

  193.        the MAC from it. */
    194. 

  194.     uint8_t cell_bytes_tmp[RELAY_PAYLOAD_SIZE] = {0};
    195. 

  195.     uint8_t mac[TRUNNEL_SHA3_256_LEN];
    196. 

  196. 

  197.     encoded_len = trn_cell_establish_intro_encode(cell_bytes_tmp,
    198. 

  198.                                                  sizeof(cell_bytes_tmp),
    199. 

  199.                                                  cell);
    200. 

  200.     if (encoded_len < 0) {
    201. 

  201.       log_warn(LD_OR, "Unable to pre-encode ESTABLISH_INTRO cell.");
    202. 

  202.       goto err;
    203. 

  203.     }
    204. 

  204. 

  205.     /* sanity check */
    206. 

  206.     tor_assert(encoded_len > ED25519_SIG_LEN + 2 + TRUNNEL_SHA3_256_LEN);
    207. 

  207. 

  208.     /* Calculate MAC of all fields before HANDSHAKE_AUTH */
    209. 

  209.     crypto_mac_sha3_256(mac, sizeof(mac),
    210. 

  210.                         circuit_key_material, circuit_key_material_len,
    211. 

  211.                         cell_bytes_tmp,
    212. 

  212.                         encoded_len -
    213. 

  213.                           (ED25519_SIG_LEN + 2 + TRUNNEL_SHA3_256_LEN));
    214. 

  214.     /* Write the MAC to the cell */
    215. 

  215.     uint8_t *handshake_ptr =
    216. 

  216.       trn_cell_establish_intro_getarray_handshake_mac(cell);
    217. 

  217.     memcpy(handshake_ptr, mac, sizeof(mac));
    218. 

  218.   }
    219. 

  219. 

  220.   /* Calculate the cell signature */
    221. 

  221.   {
    222. 

  222.     /* To calculate the sig we follow the same procedure as above. We first
    223. 

  223.        dump the cell up to the sig, and then calculate the sig */
    224. 

  224.     uint8_t cell_bytes_tmp[RELAY_PAYLOAD_SIZE] = {0};
    225. 

  225.     ed25519_signature_t sig;
    226. 

  226. 

  227.     encoded_len = trn_cell_establish_intro_encode(cell_bytes_tmp,
    228. 

  228.                                                  sizeof(cell_bytes_tmp),
    229. 

  229.                                                  cell);
    230. 

  230.     if (encoded_len < 0) {
    231. 

  231.       log_warn(LD_OR, "Unable to pre-encode ESTABLISH_INTRO cell (2).");
    232. 

  232.       goto err;
    233. 

  233.     }
    234. 

  234. 

  235.     tor_assert(encoded_len > ED25519_SIG_LEN);
    236. 

  236. 

  237.     if (ed25519_sign_prefixed(&sig,
    238. 

  238.                               cell_bytes_tmp,
    239. 

  239.                               encoded_len -
    240. 

  240.                                 (ED25519_SIG_LEN + sizeof(cell->sig_len)),
    241. 

  241.                               ESTABLISH_INTRO_SIG_PREFIX,
    242. 

  242.                               &key_struct)) {
    243. 

  243.       log_warn(LD_BUG, "Unable to gen signature for ESTABLISH_INTRO cell.");
    244. 

  244.       goto err;
    245. 

  245.     }
    246. 

  246. 

  247.     /* And write the signature to the cell */
    248. 

  248.     uint8_t *sig_ptr = trn_cell_establish_intro_getarray_sig(cell);
    249. 

  249.     memcpy(sig_ptr, sig.sig, sig_len);
    250. 

  250.   }
    251. 

  251. 

  252.   /* We are done! Return the cell! */
    253. 

  253.   return cell;
    254. 

  254. 

  255.  err:
    256. 

  256.   trn_cell_establish_intro_free(cell);
    257. 

  257.   return NULL;
    258. 

  258. }
    259. 

  259.