Get ready to stop sending timestamps in INTRODUCE cells

For now, round down to the nearest 10 minutes.  Later, eliminate entirely by
setting a consensus parameter.

(This rounding is safe because, in 0.2.2, where the timestamp mattered,
REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.)

changes/no_client_timestamps_024

@@ -1,5 +1,10 @@
-  o Minor features (security):
+  o Minor features (security, timestamp avoidance, proposal 222):
     - Clients no longer send timestamps in their NETINFO cells.  These were
       not used for anything, and they provided one small way for clients
       to be distinguished from each other as they moved from network to
-      network or behind NAT.
+      network or behind NAT. Implements part of proposal 222.
+    - Clients now round timestamps in INTRODUCE2 cells to the nearest
+      10 minutes.  If a new Support022HiddenServices option is set to 0,
+      or if it's set to "auto" and the feature is disabled in the consensus,
+      the timestamp is sent as 0 instead.
+

doc/tor.1.txt

@@ -1338,6 +1338,15 @@ The following options are useful only for clients (that is, if
     Tor will use a default value chosen by the directory
     authorities. (Default: -1.)
 
+**Support022HiddenServices** **0**|**1**|**auto**::
+    Tor hidden services running versions before 0.2.3.x required clients to
+    send timestamps, which can potentially be used to distinguish clients
+    whose view of the current time is skewed. If this option is set to 0, we
+    do not send this timestamp, and hidden services on obsolete Tor versions
+    will not work.  If this option is set to 1, we send the timestamp.  If
+    this optoin is "auto", we take a recommendation from the latest consensus
+    document. (Default: auto)
+
 
 SERVER OPTIONS
 --------------

src/or/config.c

@@ -388,6 +388,7 @@ static config_var_t option_vars_[] = {
   V(SSLKeyLifetime,              INTERVAL, "0"),
   OBSOLETE("StatusFetchPeriod"),
   V(StrictNodes,                 BOOL,     "0"),
+  V(Support022HiddenServices,    AUTOBOOL, "auto"),
   OBSOLETE("SysLog"),
   V(TestSocks,                   BOOL,     "0"),
   OBSOLETE("TestVia"),

src/or/or.h

@@ -4099,6 +4099,9 @@ typedef struct {
 
   /** How long (seconds) do we keep a guard before picking a new one? */
   int GuardLifetime;
+
+  /** Should we send the timestamps that pre-023 hidden services want? */
+  int Support022HiddenServices;
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */

src/or/rendclient.c

@@ -16,6 +16,7 @@
 #include "connection_edge.h"
 #include "directory.h"
 #include "main.h"
+#include "networkstatus.h"
 #include "nodelist.h"
 #include "relay.h"
 #include "rendclient.h"
@@ -127,6 +128,16 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ)
   return result;
 }
 
+/** Return true iff we should send timestamps in our INTRODUCE1 cells */
+static int
+rend_client_should_send_timestamp(void)
+{
+  if (get_options()->Support022HiddenServices >= 0)
+    return get_options()->Support022HiddenServices;
+
+  return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1);
+}
+
 /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
  * down introcirc if possible.
  */
@@ -238,7 +249,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
              REND_DESC_COOKIE_LEN);
       v3_shift += 2+REND_DESC_COOKIE_LEN;
     }
-    set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
+    if (rend_client_should_send_timestamp()) {
+      time_t now = (uint32_t)time(NULL);
+      now += 300;
+      now -= now % 600;
+      set_uint32(tmp+v3_shift+1, htonl(now));
+    } else {
+      set_uint32(tmp+v3_shift+1, 0);
+    }
     v3_shift += 4;
   } /* if version 2 only write version number */
   else if (entry->parsed->protocols & (1<<2)) {