rendcommon.c 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938
  1. /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  2. * Copyright (c) 2007-2015, The Tor Project, Inc. */
  3. /* See LICENSE for licensing information */
  4. /**
  5. * \file rendcommon.c
  6. * \brief Rendezvous implementation: shared code between
  7. * introducers, services, clients, and rendezvous points.
  8. **/
  9. #include "or.h"
  10. #include "circuitbuild.h"
  11. #include "config.h"
  12. #include "rendclient.h"
  13. #include "rendcommon.h"
  14. #include "rendmid.h"
  15. #include "rendservice.h"
  16. #include "rephist.h"
  17. #include "routerlist.h"
  18. #include "routerparse.h"
  19. /** Return 0 if one and two are the same service ids, else -1 or 1 */
  20. int
  21. rend_cmp_service_ids(const char *one, const char *two)
  22. {
  23. return strcasecmp(one,two);
  24. }
  25. /** Free the storage held by the service descriptor <b>desc</b>.
  26. */
  27. void
  28. rend_service_descriptor_free(rend_service_descriptor_t *desc)
  29. {
  30. if (!desc)
  31. return;
  32. if (desc->pk)
  33. crypto_pk_free(desc->pk);
  34. if (desc->intro_nodes) {
  35. SMARTLIST_FOREACH(desc->intro_nodes, rend_intro_point_t *, intro,
  36. rend_intro_point_free(intro););
  37. smartlist_free(desc->intro_nodes);
  38. }
  39. if (desc->successful_uploads) {
  40. SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c););
  41. smartlist_free(desc->successful_uploads);
  42. }
  43. tor_free(desc);
  44. }
  45. /** Length of the descriptor cookie that is used for versioned hidden
  46. * service descriptors. */
  47. #define REND_DESC_COOKIE_LEN 16
  48. /** Length of the replica number that is used to determine the secret ID
  49. * part of versioned hidden service descriptors. */
  50. #define REND_REPLICA_LEN 1
  51. /** Compute the descriptor ID for <b>service_id</b> of length
  52. * <b>REND_SERVICE_ID_LEN</b> and <b>secret_id_part</b> of length
  53. * <b>DIGEST_LEN</b>, and write it to <b>descriptor_id_out</b> of length
  54. * <b>DIGEST_LEN</b>. */
  55. void
  56. rend_get_descriptor_id_bytes(char *descriptor_id_out,
  57. const char *service_id,
  58. const char *secret_id_part)
  59. {
  60. crypto_digest_t *digest = crypto_digest_new();
  61. crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
  62. crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
  63. crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
  64. crypto_digest_free(digest);
  65. }
  66. /** Compute the secret ID part for time_period,
  67. * a <b>descriptor_cookie</b> of length
  68. * <b>REND_DESC_COOKIE_LEN</b> which may also be <b>NULL</b> if no
  69. * descriptor_cookie shall be used, and <b>replica</b>, and write it to
  70. * <b>secret_id_part</b> of length DIGEST_LEN. */
  71. static void
  72. get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
  73. const char *descriptor_cookie, uint8_t replica)
  74. {
  75. crypto_digest_t *digest = crypto_digest_new();
  76. time_period = htonl(time_period);
  77. crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t));
  78. if (descriptor_cookie) {
  79. crypto_digest_add_bytes(digest, descriptor_cookie,
  80. REND_DESC_COOKIE_LEN);
  81. }
  82. crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN);
  83. crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN);
  84. crypto_digest_free(digest);
  85. }
  86. /** Return the time period for time <b>now</b> plus a potentially
  87. * intended <b>deviation</b> of one or more periods, based on the first byte
  88. * of <b>service_id</b>. */
  89. static uint32_t
  90. get_time_period(time_t now, uint8_t deviation, const char *service_id)
  91. {
  92. /* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY
  93. * intervals that have passed since the epoch, offset slightly so that
  94. * each service's time periods start and end at a fraction of that
  95. * period based on their first byte. */
  96. return (uint32_t)
  97. (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
  98. / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation;
  99. }
  100. /** Compute the time in seconds that a descriptor that is generated
  101. * <b>now</b> for <b>service_id</b> will be valid. */
  102. static uint32_t
  103. get_seconds_valid(time_t now, const char *service_id)
  104. {
  105. uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY -
  106. ((uint32_t)
  107. (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
  108. % REND_TIME_PERIOD_V2_DESC_VALIDITY);
  109. return result;
  110. }
  111. /** Compute the binary <b>desc_id_out</b> (DIGEST_LEN bytes long) for a given
  112. * base32-encoded <b>service_id</b> and optional unencoded
  113. * <b>descriptor_cookie</b> of length REND_DESC_COOKIE_LEN,
  114. * at time <b>now</b> for replica number
  115. * <b>replica</b>. <b>desc_id</b> needs to have <b>DIGEST_LEN</b> bytes
  116. * free. Return 0 for success, -1 otherwise. */
  117. int
  118. rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
  119. const char *descriptor_cookie, time_t now,
  120. uint8_t replica)
  121. {
  122. char service_id_binary[REND_SERVICE_ID_LEN];
  123. char secret_id_part[DIGEST_LEN];
  124. uint32_t time_period;
  125. if (!service_id ||
  126. strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
  127. log_warn(LD_REND, "Could not compute v2 descriptor ID: "
  128. "Illegal service ID: %s",
  129. safe_str(service_id));
  130. return -1;
  131. }
  132. if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) {
  133. log_warn(LD_REND, "Could not compute v2 descriptor ID: "
  134. "Replica number out of range: %d", replica);
  135. return -1;
  136. }
  137. /* Convert service ID to binary. */
  138. if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN,
  139. service_id, REND_SERVICE_ID_LEN_BASE32) < 0) {
  140. log_warn(LD_REND, "Could not compute v2 descriptor ID: "
  141. "Illegal characters in service ID: %s",
  142. safe_str_client(service_id));
  143. return -1;
  144. }
  145. /* Calculate current time-period. */
  146. time_period = get_time_period(now, 0, service_id_binary);
  147. /* Calculate secret-id-part = h(time-period | desc-cookie | replica). */
  148. get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
  149. replica);
  150. /* Calculate descriptor ID: H(permanent-id | secret-id-part) */
  151. rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part);
  152. return 0;
  153. }
  154. /** Encode the introduction points in <b>desc</b> and write the result to a
  155. * newly allocated string pointed to by <b>encoded</b>. Return 0 for
  156. * success, -1 otherwise. */
  157. static int
  158. rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc)
  159. {
  160. size_t unenc_len;
  161. char *unenc = NULL;
  162. size_t unenc_written = 0;
  163. int i;
  164. int r = -1;
  165. /* Assemble unencrypted list of introduction points. */
  166. unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */
  167. unenc = tor_malloc_zero(unenc_len);
  168. for (i = 0; i < smartlist_len(desc->intro_nodes); i++) {
  169. char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1];
  170. char *onion_key = NULL;
  171. size_t onion_key_len;
  172. crypto_pk_t *intro_key;
  173. char *service_key = NULL;
  174. char *address = NULL;
  175. size_t service_key_len;
  176. int res;
  177. rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
  178. /* Obtain extend info with introduction point details. */
  179. extend_info_t *info = intro->extend_info;
  180. /* Encode introduction point ID. */
  181. base32_encode(id_base32, sizeof(id_base32),
  182. info->identity_digest, DIGEST_LEN);
  183. /* Encode onion key. */
  184. if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key,
  185. &onion_key_len) < 0) {
  186. log_warn(LD_REND, "Could not write onion key.");
  187. goto done;
  188. }
  189. /* Encode intro key. */
  190. intro_key = intro->intro_key;
  191. if (!intro_key ||
  192. crypto_pk_write_public_key_to_string(intro_key, &service_key,
  193. &service_key_len) < 0) {
  194. log_warn(LD_REND, "Could not write intro key.");
  195. tor_free(onion_key);
  196. goto done;
  197. }
  198. /* Assemble everything for this introduction point. */
  199. address = tor_dup_addr(&info->addr);
  200. res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written,
  201. "introduction-point %s\n"
  202. "ip-address %s\n"
  203. "onion-port %d\n"
  204. "onion-key\n%s"
  205. "service-key\n%s",
  206. id_base32,
  207. address,
  208. info->port,
  209. onion_key,
  210. service_key);
  211. tor_free(address);
  212. tor_free(onion_key);
  213. tor_free(service_key);
  214. if (res < 0) {
  215. log_warn(LD_REND, "Not enough space for writing introduction point "
  216. "string.");
  217. goto done;
  218. }
  219. /* Update total number of written bytes for unencrypted intro points. */
  220. unenc_written += res;
  221. }
  222. /* Finalize unencrypted introduction points. */
  223. if (unenc_len < unenc_written + 2) {
  224. log_warn(LD_REND, "Not enough space for finalizing introduction point "
  225. "string.");
  226. goto done;
  227. }
  228. unenc[unenc_written++] = '\n';
  229. unenc[unenc_written++] = 0;
  230. *encoded = unenc;
  231. r = 0;
  232. done:
  233. if (r<0)
  234. tor_free(unenc);
  235. return r;
  236. }
  237. /** Encrypt the encoded introduction points in <b>encoded</b> using
  238. * authorization type 'basic' with <b>client_cookies</b> and write the
  239. * result to a newly allocated string pointed to by <b>encrypted_out</b> of
  240. * length <b>encrypted_len_out</b>. Return 0 for success, -1 otherwise. */
  241. static int
  242. rend_encrypt_v2_intro_points_basic(char **encrypted_out,
  243. size_t *encrypted_len_out,
  244. const char *encoded,
  245. smartlist_t *client_cookies)
  246. {
  247. int r = -1, i, pos, enclen, client_blocks;
  248. size_t len, client_entries_len;
  249. char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL,
  250. session_key[CIPHER_KEY_LEN];
  251. smartlist_t *encrypted_session_keys = NULL;
  252. crypto_digest_t *digest;
  253. crypto_cipher_t *cipher;
  254. tor_assert(encoded);
  255. tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
  256. /* Generate session key. */
  257. if (crypto_rand(session_key, CIPHER_KEY_LEN) < 0) {
  258. log_warn(LD_REND, "Unable to generate random session key to encrypt "
  259. "introduction point string.");
  260. goto done;
  261. }
  262. /* Determine length of encrypted introduction points including session
  263. * keys. */
  264. client_blocks = 1 + ((smartlist_len(client_cookies) - 1) /
  265. REND_BASIC_AUTH_CLIENT_MULTIPLE);
  266. client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
  267. REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
  268. len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded);
  269. if (client_blocks >= 256) {
  270. log_warn(LD_REND, "Too many clients in introduction point string.");
  271. goto done;
  272. }
  273. enc = tor_malloc_zero(len);
  274. enc[0] = 0x01; /* type of authorization. */
  275. enc[1] = (uint8_t)client_blocks;
  276. /* Encrypt with random session key. */
  277. enclen = crypto_cipher_encrypt_with_iv(session_key,
  278. enc + 2 + client_entries_len,
  279. CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
  280. if (enclen < 0) {
  281. log_warn(LD_REND, "Could not encrypt introduction point string.");
  282. goto done;
  283. }
  284. memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN);
  285. /* Encrypt session key for cookies, determine client IDs, and put both
  286. * in a smartlist. */
  287. encrypted_session_keys = smartlist_new();
  288. SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
  289. client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
  290. /* Encrypt session key. */
  291. cipher = crypto_cipher_new(cookie);
  292. if (crypto_cipher_encrypt(cipher, client_part +
  293. REND_BASIC_AUTH_CLIENT_ID_LEN,
  294. session_key, CIPHER_KEY_LEN) < 0) {
  295. log_warn(LD_REND, "Could not encrypt session key for client.");
  296. crypto_cipher_free(cipher);
  297. tor_free(client_part);
  298. goto done;
  299. }
  300. crypto_cipher_free(cipher);
  301. /* Determine client ID. */
  302. digest = crypto_digest_new();
  303. crypto_digest_add_bytes(digest, cookie, REND_DESC_COOKIE_LEN);
  304. crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
  305. crypto_digest_get_digest(digest, client_part,
  306. REND_BASIC_AUTH_CLIENT_ID_LEN);
  307. crypto_digest_free(digest);
  308. /* Put both together. */
  309. smartlist_add(encrypted_session_keys, client_part);
  310. } SMARTLIST_FOREACH_END(cookie);
  311. /* Add some fake client IDs and encrypted session keys. */
  312. for (i = (smartlist_len(client_cookies) - 1) %
  313. REND_BASIC_AUTH_CLIENT_MULTIPLE;
  314. i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) {
  315. client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
  316. if (crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN) < 0) {
  317. log_warn(LD_REND, "Unable to generate fake client entry.");
  318. tor_free(client_part);
  319. goto done;
  320. }
  321. smartlist_add(encrypted_session_keys, client_part);
  322. }
  323. /* Sort smartlist and put elements in result in order. */
  324. smartlist_sort_digests(encrypted_session_keys);
  325. pos = 2;
  326. SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, {
  327. memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
  328. pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
  329. });
  330. *encrypted_out = enc;
  331. *encrypted_len_out = len;
  332. enc = NULL; /* prevent free. */
  333. r = 0;
  334. done:
  335. tor_free(enc);
  336. if (encrypted_session_keys) {
  337. SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d););
  338. smartlist_free(encrypted_session_keys);
  339. }
  340. return r;
  341. }
  342. /** Encrypt the encoded introduction points in <b>encoded</b> using
  343. * authorization type 'stealth' with <b>descriptor_cookie</b> of length
  344. * REND_DESC_COOKIE_LEN and write the result to a newly allocated string
  345. * pointed to by <b>encrypted_out</b> of length <b>encrypted_len_out</b>.
  346. * Return 0 for success, -1 otherwise. */
  347. static int
  348. rend_encrypt_v2_intro_points_stealth(char **encrypted_out,
  349. size_t *encrypted_len_out,
  350. const char *encoded,
  351. const char *descriptor_cookie)
  352. {
  353. int r = -1, enclen;
  354. char *enc;
  355. tor_assert(encoded);
  356. tor_assert(descriptor_cookie);
  357. enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded));
  358. enc[0] = 0x02; /* Auth type */
  359. enclen = crypto_cipher_encrypt_with_iv(descriptor_cookie,
  360. enc + 1,
  361. CIPHER_IV_LEN+strlen(encoded),
  362. encoded, strlen(encoded));
  363. if (enclen < 0) {
  364. log_warn(LD_REND, "Could not encrypt introduction point string.");
  365. goto done;
  366. }
  367. *encrypted_out = enc;
  368. *encrypted_len_out = enclen;
  369. enc = NULL; /* prevent free */
  370. r = 0;
  371. done:
  372. tor_free(enc);
  373. return r;
  374. }
  375. /** Attempt to parse the given <b>desc_str</b> and return true if this
  376. * succeeds, false otherwise. */
  377. static int
  378. rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc)
  379. {
  380. rend_service_descriptor_t *test_parsed = NULL;
  381. char test_desc_id[DIGEST_LEN];
  382. char *test_intro_content = NULL;
  383. size_t test_intro_size;
  384. size_t test_encoded_size;
  385. const char *test_next;
  386. int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id,
  387. &test_intro_content,
  388. &test_intro_size,
  389. &test_encoded_size,
  390. &test_next, desc->desc_str, 1);
  391. rend_service_descriptor_free(test_parsed);
  392. tor_free(test_intro_content);
  393. return (res >= 0);
  394. }
  395. /** Free the storage held by an encoded v2 service descriptor. */
  396. void
  397. rend_encoded_v2_service_descriptor_free(
  398. rend_encoded_v2_service_descriptor_t *desc)
  399. {
  400. if (!desc)
  401. return;
  402. tor_free(desc->desc_str);
  403. tor_free(desc);
  404. }
  405. /** Free the storage held by an introduction point info. */
  406. void
  407. rend_intro_point_free(rend_intro_point_t *intro)
  408. {
  409. if (!intro)
  410. return;
  411. extend_info_free(intro->extend_info);
  412. crypto_pk_free(intro->intro_key);
  413. if (intro->accepted_intro_rsa_parts != NULL) {
  414. replaycache_free(intro->accepted_intro_rsa_parts);
  415. }
  416. tor_free(intro);
  417. }
  418. /** Encode a set of rend_encoded_v2_service_descriptor_t's for <b>desc</b>
  419. * at time <b>now</b> using <b>service_key</b>, depending on
  420. * <b>auth_type</b> a <b>descriptor_cookie</b> and a list of
  421. * <b>client_cookies</b> (which are both <b>NULL</b> if no client
  422. * authorization is performed), and <b>period</b> (e.g. 0 for the current
  423. * period, 1 for the next period, etc.) and add them to the existing list
  424. * <b>descs_out</b>; return the number of seconds that the descriptors will
  425. * be found by clients, or -1 if the encoding was not successful. */
  426. int
  427. rend_encode_v2_descriptors(smartlist_t *descs_out,
  428. rend_service_descriptor_t *desc, time_t now,
  429. uint8_t period, rend_auth_type_t auth_type,
  430. crypto_pk_t *client_key,
  431. smartlist_t *client_cookies)
  432. {
  433. char service_id[DIGEST_LEN];
  434. uint32_t time_period;
  435. char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL,
  436. *descriptor_cookie = NULL;
  437. size_t ipos_len = 0, ipos_encrypted_len = 0;
  438. int k;
  439. uint32_t seconds_valid;
  440. crypto_pk_t *service_key;
  441. if (!desc) {
  442. log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
  443. return -1;
  444. }
  445. service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk;
  446. tor_assert(service_key);
  447. if (auth_type == REND_STEALTH_AUTH) {
  448. descriptor_cookie = smartlist_get(client_cookies, 0);
  449. tor_assert(descriptor_cookie);
  450. }
  451. /* Obtain service_id from public key. */
  452. crypto_pk_get_digest(service_key, service_id);
  453. /* Calculate current time-period. */
  454. time_period = get_time_period(now, period, service_id);
  455. /* Determine how many seconds the descriptor will be valid. */
  456. seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY +
  457. get_seconds_valid(now, service_id);
  458. /* Assemble, possibly encrypt, and encode introduction points. */
  459. if (smartlist_len(desc->intro_nodes) > 0) {
  460. if (rend_encode_v2_intro_points(&ipos, desc) < 0) {
  461. log_warn(LD_REND, "Encoding of introduction points did not succeed.");
  462. return -1;
  463. }
  464. switch (auth_type) {
  465. case REND_NO_AUTH:
  466. ipos_len = strlen(ipos);
  467. break;
  468. case REND_BASIC_AUTH:
  469. if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted,
  470. &ipos_encrypted_len, ipos,
  471. client_cookies) < 0) {
  472. log_warn(LD_REND, "Encrypting of introduction points did not "
  473. "succeed.");
  474. tor_free(ipos);
  475. return -1;
  476. }
  477. tor_free(ipos);
  478. ipos = ipos_encrypted;
  479. ipos_len = ipos_encrypted_len;
  480. break;
  481. case REND_STEALTH_AUTH:
  482. if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted,
  483. &ipos_encrypted_len, ipos,
  484. descriptor_cookie) < 0) {
  485. log_warn(LD_REND, "Encrypting of introduction points did not "
  486. "succeed.");
  487. tor_free(ipos);
  488. return -1;
  489. }
  490. tor_free(ipos);
  491. ipos = ipos_encrypted;
  492. ipos_len = ipos_encrypted_len;
  493. break;
  494. default:
  495. log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d",
  496. (int)auth_type);
  497. tor_free(ipos);
  498. return -1;
  499. }
  500. /* Base64-encode introduction points. */
  501. ipos_base64 = tor_calloc(ipos_len, 2);
  502. if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len,
  503. BASE64_ENCODE_MULTILINE)<0) {
  504. log_warn(LD_REND, "Could not encode introduction point string to "
  505. "base64. length=%d", (int)ipos_len);
  506. tor_free(ipos_base64);
  507. tor_free(ipos);
  508. return -1;
  509. }
  510. tor_free(ipos);
  511. }
  512. /* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */
  513. for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) {
  514. char secret_id_part[DIGEST_LEN];
  515. char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1];
  516. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  517. char *permanent_key = NULL;
  518. size_t permanent_key_len;
  519. char published[ISO_TIME_LEN+1];
  520. int i;
  521. char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */
  522. size_t protocol_versions_written;
  523. size_t desc_len;
  524. char *desc_str = NULL;
  525. int result = 0;
  526. size_t written = 0;
  527. char desc_digest[DIGEST_LEN];
  528. rend_encoded_v2_service_descriptor_t *enc =
  529. tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
  530. /* Calculate secret-id-part = h(time-period | cookie | replica). */
  531. get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
  532. k);
  533. base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32),
  534. secret_id_part, DIGEST_LEN);
  535. /* Calculate descriptor ID. */
  536. rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part);
  537. base32_encode(desc_id_base32, sizeof(desc_id_base32),
  538. enc->desc_id, DIGEST_LEN);
  539. /* PEM-encode the public key */
  540. if (crypto_pk_write_public_key_to_string(service_key, &permanent_key,
  541. &permanent_key_len) < 0) {
  542. log_warn(LD_BUG, "Could not write public key to string.");
  543. rend_encoded_v2_service_descriptor_free(enc);
  544. goto err;
  545. }
  546. /* Encode timestamp. */
  547. format_iso_time(published, desc->timestamp);
  548. /* Write protocol-versions bitmask to comma-separated value string. */
  549. protocol_versions_written = 0;
  550. for (i = 0; i < 8; i++) {
  551. if (desc->protocols & 1 << i) {
  552. tor_snprintf(protocol_versions_string + protocol_versions_written,
  553. 16 - protocol_versions_written, "%d,", i);
  554. protocol_versions_written += 2;
  555. }
  556. }
  557. if (protocol_versions_written)
  558. protocol_versions_string[protocol_versions_written - 1] = '\0';
  559. else
  560. protocol_versions_string[0]= '\0';
  561. /* Assemble complete descriptor. */
  562. desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long,
  563. but okay.*/
  564. enc->desc_str = desc_str = tor_malloc_zero(desc_len);
  565. result = tor_snprintf(desc_str, desc_len,
  566. "rendezvous-service-descriptor %s\n"
  567. "version 2\n"
  568. "permanent-key\n%s"
  569. "secret-id-part %s\n"
  570. "publication-time %s\n"
  571. "protocol-versions %s\n",
  572. desc_id_base32,
  573. permanent_key,
  574. secret_id_part_base32,
  575. published,
  576. protocol_versions_string);
  577. tor_free(permanent_key);
  578. if (result < 0) {
  579. log_warn(LD_BUG, "Descriptor ran out of room.");
  580. rend_encoded_v2_service_descriptor_free(enc);
  581. goto err;
  582. }
  583. written = result;
  584. /* Add introduction points. */
  585. if (ipos_base64) {
  586. result = tor_snprintf(desc_str + written, desc_len - written,
  587. "introduction-points\n"
  588. "-----BEGIN MESSAGE-----\n%s"
  589. "-----END MESSAGE-----\n",
  590. ipos_base64);
  591. if (result < 0) {
  592. log_warn(LD_BUG, "could not write introduction points.");
  593. rend_encoded_v2_service_descriptor_free(enc);
  594. goto err;
  595. }
  596. written += result;
  597. }
  598. /* Add signature. */
  599. strlcpy(desc_str + written, "signature\n", desc_len - written);
  600. written += strlen(desc_str + written);
  601. if (crypto_digest(desc_digest, desc_str, written) < 0) {
  602. log_warn(LD_BUG, "could not create digest.");
  603. rend_encoded_v2_service_descriptor_free(enc);
  604. goto err;
  605. }
  606. if (router_append_dirobj_signature(desc_str + written,
  607. desc_len - written,
  608. desc_digest, DIGEST_LEN,
  609. service_key) < 0) {
  610. log_warn(LD_BUG, "Couldn't sign desc.");
  611. rend_encoded_v2_service_descriptor_free(enc);
  612. goto err;
  613. }
  614. written += strlen(desc_str+written);
  615. if (written+2 > desc_len) {
  616. log_warn(LD_BUG, "Could not finish desc.");
  617. rend_encoded_v2_service_descriptor_free(enc);
  618. goto err;
  619. }
  620. desc_str[written++] = 0;
  621. /* Check if we can parse our own descriptor. */
  622. if (!rend_desc_v2_is_parsable(enc)) {
  623. log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str);
  624. rend_encoded_v2_service_descriptor_free(enc);
  625. goto err;
  626. }
  627. smartlist_add(descs_out, enc);
  628. }
  629. log_info(LD_REND, "Successfully encoded a v2 descriptor and "
  630. "confirmed that it is parsable.");
  631. goto done;
  632. err:
  633. SMARTLIST_FOREACH(descs_out, rend_encoded_v2_service_descriptor_t *, d,
  634. rend_encoded_v2_service_descriptor_free(d););
  635. smartlist_clear(descs_out);
  636. seconds_valid = -1;
  637. done:
  638. tor_free(ipos_base64);
  639. return seconds_valid;
  640. }
  641. /** Sets <b>out</b> to the first 10 bytes of the digest of <b>pk</b>,
  642. * base32 encoded. NUL-terminates out. (We use this string to
  643. * identify services in directory requests and .onion URLs.)
  644. */
  645. int
  646. rend_get_service_id(crypto_pk_t *pk, char *out)
  647. {
  648. char buf[DIGEST_LEN];
  649. tor_assert(pk);
  650. if (crypto_pk_get_digest(pk, buf) < 0)
  651. return -1;
  652. base32_encode(out, REND_SERVICE_ID_LEN_BASE32+1, buf, REND_SERVICE_ID_LEN);
  653. return 0;
  654. }
  655. /** Determines whether <b>a</b> is in the interval of <b>b</b> (excluded) and
  656. * <b>c</b> (included) in a circular digest ring; returns 1 if this is the
  657. * case, and 0 otherwise.
  658. */
  659. int
  660. rend_id_is_in_interval(const char *a, const char *b, const char *c)
  661. {
  662. int a_b, b_c, c_a;
  663. tor_assert(a);
  664. tor_assert(b);
  665. tor_assert(c);
  666. /* There are five cases in which a is outside the interval ]b,c]: */
  667. a_b = tor_memcmp(a,b,DIGEST_LEN);
  668. if (a_b == 0)
  669. return 0; /* 1. a == b (b is excluded) */
  670. b_c = tor_memcmp(b,c,DIGEST_LEN);
  671. if (b_c == 0)
  672. return 0; /* 2. b == c (interval is empty) */
  673. else if (a_b <= 0 && b_c < 0)
  674. return 0; /* 3. a b c */
  675. c_a = tor_memcmp(c,a,DIGEST_LEN);
  676. if (c_a < 0 && a_b <= 0)
  677. return 0; /* 4. c a b */
  678. else if (b_c < 0 && c_a < 0)
  679. return 0; /* 5. b c a */
  680. /* In the other cases (a c b; b a c; c b a), a is inside the interval. */
  681. return 1;
  682. }
  683. /** Return true iff <b>query</b> is a syntactically valid service ID (as
  684. * generated by rend_get_service_id). */
  685. int
  686. rend_valid_service_id(const char *query)
  687. {
  688. if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
  689. return 0;
  690. if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
  691. return 0;
  692. return 1;
  693. }
  694. /** Return true iff <b>query</b> is a syntactically valid descriptor ID.
  695. * (as generated by rend_get_descriptor_id_bytes). */
  696. int
  697. rend_valid_descriptor_id(const char *query)
  698. {
  699. if (strlen(query) != REND_DESC_ID_V2_LEN_BASE32) {
  700. goto invalid;
  701. }
  702. if (strspn(query, BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) {
  703. goto invalid;
  704. }
  705. return 1;
  706. invalid:
  707. return 0;
  708. }
  709. /** Called when we get a rendezvous-related relay cell on circuit
  710. * <b>circ</b>. Dispatch on rendezvous relay command. */
  711. void
  712. rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
  713. int command, size_t length,
  714. const uint8_t *payload)
  715. {
  716. or_circuit_t *or_circ = NULL;
  717. origin_circuit_t *origin_circ = NULL;
  718. int r = -2;
  719. if (CIRCUIT_IS_ORIGIN(circ)) {
  720. origin_circ = TO_ORIGIN_CIRCUIT(circ);
  721. if (!layer_hint || layer_hint != origin_circ->cpath->prev) {
  722. log_fn(LOG_PROTOCOL_WARN, LD_APP,
  723. "Relay cell (rend purpose %d) from wrong hop on origin circ",
  724. command);
  725. origin_circ = NULL;
  726. }
  727. } else {
  728. or_circ = TO_OR_CIRCUIT(circ);
  729. }
  730. switch (command) {
  731. case RELAY_COMMAND_ESTABLISH_INTRO:
  732. if (or_circ)
  733. r = rend_mid_establish_intro(or_circ,payload,length);
  734. break;
  735. case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
  736. if (or_circ)
  737. r = rend_mid_establish_rendezvous(or_circ,payload,length);
  738. break;
  739. case RELAY_COMMAND_INTRODUCE1:
  740. if (or_circ)
  741. r = rend_mid_introduce(or_circ,payload,length);
  742. break;
  743. case RELAY_COMMAND_INTRODUCE2:
  744. if (origin_circ)
  745. r = rend_service_receive_introduction(origin_circ,payload,length);
  746. break;
  747. case RELAY_COMMAND_INTRODUCE_ACK:
  748. if (origin_circ)
  749. r = rend_client_introduction_acked(origin_circ,payload,length);
  750. break;
  751. case RELAY_COMMAND_RENDEZVOUS1:
  752. if (or_circ)
  753. r = rend_mid_rendezvous(or_circ,payload,length);
  754. break;
  755. case RELAY_COMMAND_RENDEZVOUS2:
  756. if (origin_circ)
  757. r = rend_client_receive_rendezvous(origin_circ,payload,length);
  758. break;
  759. case RELAY_COMMAND_INTRO_ESTABLISHED:
  760. if (origin_circ)
  761. r = rend_service_intro_established(origin_circ,payload,length);
  762. break;
  763. case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
  764. if (origin_circ)
  765. r = rend_client_rendezvous_acked(origin_circ,payload,length);
  766. break;
  767. default:
  768. tor_fragile_assert();
  769. }
  770. if (r == -2)
  771. log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
  772. command);
  773. }
  774. /** Allocate and return a new rend_data_t with the same
  775. * contents as <b>query</b>. */
  776. rend_data_t *
  777. rend_data_dup(const rend_data_t *data)
  778. {
  779. rend_data_t *data_dup;
  780. tor_assert(data);
  781. data_dup = tor_memdup(data, sizeof(rend_data_t));
  782. data_dup->hsdirs_fp = smartlist_new();
  783. SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
  784. smartlist_add(data_dup->hsdirs_fp,
  785. tor_memdup(fp, DIGEST_LEN)));
  786. return data_dup;
  787. }
  788. /** Compute descriptor ID for each replicas and save them. A valid onion
  789. * address must be present in the <b>rend_data</b>.
  790. *
  791. * Return 0 on success else -1. */
  792. static int
  793. compute_desc_id(rend_data_t *rend_data)
  794. {
  795. int ret = 0;
  796. unsigned replica;
  797. time_t now = time(NULL);
  798. tor_assert(rend_data);
  799. /* Compute descriptor ID for each replicas. */
  800. for (replica = 0; replica < ARRAY_LENGTH(rend_data->descriptor_id);
  801. replica++) {
  802. ret = rend_compute_v2_desc_id(rend_data->descriptor_id[replica],
  803. rend_data->onion_address,
  804. rend_data->descriptor_cookie,
  805. now, replica);
  806. if (ret < 0) {
  807. goto end;
  808. }
  809. }
  810. end:
  811. return ret;
  812. }
  813. /** Allocate and initialize a rend_data_t object for a service using the
  814. * given arguments. Only the <b>onion_address</b> is not optional.
  815. *
  816. * Return a valid rend_data_t pointer. */
  817. rend_data_t *
  818. rend_data_service_create(const char *onion_address, const char *pk_digest,
  819. const uint8_t *cookie, rend_auth_type_t auth_type)
  820. {
  821. rend_data_t *rend_data = tor_malloc_zero(sizeof(*rend_data));
  822. /* We need at least one else the call is wrong. */
  823. tor_assert(onion_address != NULL);
  824. if (pk_digest) {
  825. memcpy(rend_data->rend_pk_digest, pk_digest,
  826. sizeof(rend_data->rend_pk_digest));
  827. }
  828. if (cookie) {
  829. memcpy(rend_data->rend_cookie, cookie,
  830. sizeof(rend_data->rend_cookie));
  831. }
  832. strlcpy(rend_data->onion_address, onion_address,
  833. sizeof(rend_data->onion_address));
  834. rend_data->auth_type = auth_type;
  835. /* Won't be used but still need to initialize it for rend_data dup and
  836. * free. */
  837. rend_data->hsdirs_fp = smartlist_new();
  838. return rend_data;
  839. }
  840. /** Allocate and initialize a rend_data_t object for a client request using
  841. * the given arguments. Either an onion address or a descriptor ID is
  842. * needed. Both can be given but only the onion address will be used to make
  843. * the descriptor fetch.
  844. *
  845. * Return a valid rend_data_t pointer or NULL on error meaning the
  846. * descriptor IDs couldn't be computed from the given data. */
  847. rend_data_t *
  848. rend_data_client_create(const char *onion_address, const char *desc_id,
  849. const char *cookie, rend_auth_type_t auth_type)
  850. {
  851. rend_data_t *rend_data = tor_malloc_zero(sizeof(*rend_data));
  852. /* We need at least one else the call is wrong. */
  853. tor_assert(onion_address != NULL || desc_id != NULL);
  854. if (cookie) {
  855. memcpy(rend_data->descriptor_cookie, cookie,
  856. sizeof(rend_data->descriptor_cookie));
  857. }
  858. if (desc_id) {
  859. memcpy(rend_data->desc_id_fetch, desc_id,
  860. sizeof(rend_data->desc_id_fetch));
  861. }
  862. if (onion_address) {
  863. strlcpy(rend_data->onion_address, onion_address,
  864. sizeof(rend_data->onion_address));
  865. if (compute_desc_id(rend_data) < 0) {
  866. goto error;
  867. }
  868. }
  869. rend_data->auth_type = auth_type;
  870. rend_data->hsdirs_fp = smartlist_new();
  871. return rend_data;
  872. error:
  873. rend_data_free(rend_data);
  874. return NULL;
  875. }