Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 91b5d0789f
Branches Tags
tor
/
src
/
or
/
hs_descriptor.h

hs_descriptor.h 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. /* Copyright (c) 2016, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. /**
    5. 

  5.  * \file hs_descriptor.h
    6. 

  6.  * \brief Header file for hs_descriptor.c
    7. 

  7.  **/
    8. 

  8. 

  9. #ifndef TOR_HS_DESCRIPTOR_H
    10. 

  10. #define TOR_HS_DESCRIPTOR_H
    11. 

  11. 

  12. #include <stdint.h>
    13. 

  13. 

  14. #include "address.h"
    15. 

  15. #include "container.h"
    16. 

  16. #include "crypto.h"
    17. 

  17. #include "crypto_ed25519.h"
    18. 

  18. #include "torcert.h"
    19. 

  19. 

  20. /* The earliest descriptor format version we support. */
    21. 

  21. #define HS_DESC_SUPPORTED_FORMAT_VERSION_MIN 3
    22. 

  22. /* The latest descriptor format version we support. */
    23. 

  23. #define HS_DESC_SUPPORTED_FORMAT_VERSION_MAX 3
    24. 

  24. 

  25. /* Lifetime of certificate in the descriptor. This defines the lifetime of the
    26. 

  26.  * descriptor signing key and the cross certification cert of that key. */
    27. 

  27. #define HS_DESC_CERT_LIFETIME (24 * 60 * 60)
    28. 

  28. /* Length of the salt needed for the encrypted section of a descriptor. */
    29. 

  29. #define HS_DESC_ENCRYPTED_SALT_LEN 16
    30. 

  30. /* Length of the secret input needed for the KDF construction which derives
    31. 

  31.  * the encryption key for the encrypted data section of the descriptor. This
    32. 

  32.  * adds up to 68 bytes being the blinded key, hashed subcredential and
    33. 

  33.  * revision counter. */
    34. 

  34. #define HS_DESC_ENCRYPTED_SECRET_INPUT_LEN \
    35. 

  35.   ED25519_PUBKEY_LEN + DIGEST256_LEN + sizeof(uint64_t)
    36. 

  36. /* Length of the KDF output value which is the length of the secret key,
    37. 

  37.  * the secret IV and MAC key length which is the length of H() output. */
    38. 

  38. #define HS_DESC_ENCRYPTED_KDF_OUTPUT_LEN \
    39. 

  39.   CIPHER_KEY_LEN + CIPHER_IV_LEN + DIGEST256_LEN
    40. 

  40. /* We need to pad the plaintext version of the encrypted data section before
    41. 

  41.  * encryption and it has to be a multiple of this value. */
    42. 

  42. #define HS_DESC_PLAINTEXT_PADDING_MULTIPLE 128
    43. 

  43. /* XXX: Let's make sure this makes sense as an upper limit for the padded
    44. 

  44.  * plaintext section. Then we should enforce it as now only an assert will be
    45. 

  45.  * triggered if we are above it. */
    46. 

  46. /* Once padded, this is the maximum length in bytes for the plaintext. */
    47. 

  47. #define HS_DESC_PADDED_PLAINTEXT_MAX_LEN 8192
    48. 

  48. 

  49. /* Type of encryption key in the descriptor. */
    50. 

  50. typedef enum {
    51. 

  51.   HS_DESC_KEY_TYPE_LEGACY     = 1,
    52. 

  52.   HS_DESC_KEY_TYPE_CURVE25519 = 2,
    53. 

  53. } hs_desc_key_type_t;
    54. 

  54. 

  55. /* Link specifier object that contains information on how to extend to the
    56. 

  56.  * relay that is the address, port and handshake type. */
    57. 

  57. typedef struct hs_desc_link_specifier_t {
    58. 

  58.   /* Indicate the type of link specifier. See trunnel ed25519_cert
    59. 

  59.    * specification. */
    60. 

  60.   uint8_t type;
    61. 

  61. 

  62.   /* It's either an address/port or a legacy identity fingerprint. */
    63. 

  63.   union {
    64. 

  64.     /* IP address and port of the relay use to extend. */
    65. 

  65.     tor_addr_port_t ap;
    66. 

  66.     /* Legacy identity. A 20-byte SHA1 identity fingerprint. */
    67. 

  67.     uint8_t legacy_id[DIGEST_LEN];
    68. 

  68.   } u;
    69. 

  69. } hs_desc_link_specifier_t;
    70. 

  70. 

  71. /* Introduction point information located in a descriptor. */
    72. 

  72. typedef struct hs_desc_intro_point_t {
    73. 

  73.   /* Link specifier(s) which details how to extend to the relay. This list
    74. 

  74.    * contains hs_desc_link_specifier_t object. It MUST have at least one. */
    75. 

  75.   smartlist_t *link_specifiers;
    76. 

  76. 

  77.   /* Authentication key used to establish the introduction point circuit and
    78. 

  78.    * cross-certifies the blinded public key for the replica thus signed by
    79. 

  79.    * the blinded key and in turn signs it. */
    80. 

  80.   tor_cert_t *auth_key_cert;
    81. 

  81. 

  82.   /* Encryption key type so we know which one to use in the union below. */
    83. 

  83.   hs_desc_key_type_t enc_key_type;
    84. 

  84. 

  85.   /* Keys are mutually exclusive thus the union. */
    86. 

  86.   union {
    87. 

  87.     /* Encryption key used to encrypt request to hidden service. */
    88. 

  88.     curve25519_keypair_t curve25519;
    89. 

  89. 

  90.     /* Backward compat: RSA 1024 encryption key for legacy purposes.
    91. 

  91.      * Mutually exclusive with enc_key. */
    92. 

  92.     crypto_pk_t *legacy;
    93. 

  93.   } enc_key;
    94. 

  94. } hs_desc_intro_point_t;
    95. 

  95. 

  96. /* The encrypted data section of a descriptor. Obviously the data in this is
    97. 

  97.  * in plaintext but encrypted once encoded. */
    98. 

  98. typedef struct hs_desc_encrypted_data_t {
    99. 

  99.   /* Bitfield of CREATE2 cell supported formats. The only currently supported
    100. 

  100.    * format is ntor. */
    101. 

  101.   unsigned int create2_ntor : 1;
    102. 

  102. 

  103.   /* A list of authentication types that a client must at least support one
    104. 

  104.    * in order to contact the service. Contains NULL terminated strings. */
    105. 

  105.   smartlist_t *auth_types;
    106. 

  106. 

  107.   /* A list of intro points. Contains hs_desc_intro_point_t objects. */
    108. 

  108.   smartlist_t *intro_points;
    109. 

  109. } hs_desc_encrypted_data_t;
    110. 

  110. 

  111. /* Plaintext data that is unencrypted information of the descriptor. */
    112. 

  112. typedef struct hs_desc_plaintext_data_t {
    113. 

  113.   /* Version of the descriptor format. Spec specifies this field as a
    114. 

  114.    * positive integer. */
    115. 

  115.   uint32_t version;
    116. 

  116. 

  117.   /* The lifetime of the descriptor in seconds. */
    118. 

  118.   uint32_t lifetime_sec;
    119. 

  119. 

  120.   /* Certificate with the short-term ed22519 descriptor signing key for the
    121. 

  121.    * replica which is signed by the blinded public key for that replica. */
    122. 

  122.   tor_cert_t *signing_key_cert;
    123. 

  123. 

  124.   /* Signing keypair which is used to sign the descriptor. Same public key
    125. 

  125.    * as in the signing key certificate. */
    126. 

  126.   ed25519_keypair_t signing_kp;
    127. 

  127. 

  128.   /* Blinded keypair used for this descriptor derived from the master
    129. 

  129.    * identity key and generated for a specific replica number. */
    130. 

  130.   ed25519_keypair_t blinded_kp;
    131. 

  131. 

  132.   /* Revision counter is incremented at each upload, regardless of whether
    133. 

  133.    * the descriptor has changed. This avoids leaking whether the descriptor
    134. 

  134.    * has changed. Spec specifies this as a 8 bytes positive integer. */
    135. 

  135.   uint64_t revision_counter;
    136. 

  136. } hs_desc_plaintext_data_t;
    137. 

  137. 

  138. /* Service descriptor in its decoded form. */
    139. 

  139. typedef struct hs_descriptor_t {
    140. 

  140.   /* Contains the plaintext part of the descriptor. */
    141. 

  141.   hs_desc_plaintext_data_t plaintext_data;
    142. 

  142. 

  143.   /* The following contains what's in the encrypted part of the descriptor.
    144. 

  144.    * It's only encrypted in the encoded version of the descriptor thus the
    145. 

  145.    * data contained in that object is in plaintext. */
    146. 

  146.   hs_desc_encrypted_data_t encrypted_data;
    147. 

  147. 

  148.   /* Subcredentials of a service, used by the client and service to decrypt
    149. 

  149.    * the encrypted data. */
    150. 

  150.   uint8_t subcredential[DIGEST256_LEN];
    151. 

  151. } hs_descriptor_t;
    152. 

  152. 

  153. /* Return true iff the given descriptor format version is supported. */
    154. 

  154. static inline int
    155. 

  155. hs_desc_is_supported_version(uint32_t version)
    156. 

  156. {
    157. 

  157.   if (version < HS_DESC_SUPPORTED_FORMAT_VERSION_MIN ||
    158. 

  158.       version > HS_DESC_SUPPORTED_FORMAT_VERSION_MAX) {
    159. 

  159.     return 0;
    160. 

  160.   }
    161. 

  161.   return 1;
    162. 

  162. }
    163. 

  163. 

  164. /* Public API. */
    165. 

  165. 

  166. int hs_desc_encode_descriptor(const hs_descriptor_t *desc,
    167. 

  167.                               char **encoded_out);
    168. 

  168. 

  169. #endif /* TOR_HS_DESCRIPTOR_H */
    170.