rendcommon.c 52 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477
  1. /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  2. * Copyright (c) 2007-2011, The Tor Project, Inc. */
  3. /* See LICENSE for licensing information */
  4. /**
  5. * \file rendcommon.c
  6. * \brief Rendezvous implementation: shared code between
  7. * introducers, services, clients, and rendezvous points.
  8. **/
  9. #include "or.h"
  10. /** Return 0 if one and two are the same service ids, else -1 or 1 */
  11. int
  12. rend_cmp_service_ids(const char *one, const char *two)
  13. {
  14. return strcasecmp(one,two);
  15. }
  16. /** Free the storage held by the service descriptor <b>desc</b>.
  17. */
  18. void
  19. rend_service_descriptor_free(rend_service_descriptor_t *desc)
  20. {
  21. if (desc->pk)
  22. crypto_free_pk_env(desc->pk);
  23. if (desc->intro_nodes) {
  24. SMARTLIST_FOREACH(desc->intro_nodes, rend_intro_point_t *, intro,
  25. rend_intro_point_free(intro););
  26. smartlist_free(desc->intro_nodes);
  27. }
  28. if (desc->successful_uploads) {
  29. SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c););
  30. smartlist_free(desc->successful_uploads);
  31. }
  32. tor_free(desc);
  33. }
  34. /** Length of the descriptor cookie that is used for versioned hidden
  35. * service descriptors. */
  36. #define REND_DESC_COOKIE_LEN 16
  37. /** Length of the replica number that is used to determine the secret ID
  38. * part of versioned hidden service descriptors. */
  39. #define REND_REPLICA_LEN 1
  40. /** Compute the descriptor ID for <b>service_id</b> of length
  41. * <b>REND_SERVICE_ID_LEN</b> and <b>secret_id_part</b> of length
  42. * <b>DIGEST_LEN</b>, and write it to <b>descriptor_id_out</b> of length
  43. * <b>DIGEST_LEN</b>. */
  44. void
  45. rend_get_descriptor_id_bytes(char *descriptor_id_out,
  46. const char *service_id,
  47. const char *secret_id_part)
  48. {
  49. crypto_digest_env_t *digest = crypto_new_digest_env();
  50. crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
  51. crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
  52. crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
  53. crypto_free_digest_env(digest);
  54. }
  55. /** Compute the secret ID part for time_period,
  56. * a <b>descriptor_cookie</b> of length
  57. * <b>REND_DESC_COOKIE_LEN</b> which may also be <b>NULL</b> if no
  58. * descriptor_cookie shall be used, and <b>replica</b>, and write it to
  59. * <b>secret_id_part</b> of length DIGEST_LEN. */
  60. static void
  61. get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
  62. const char *descriptor_cookie, uint8_t replica)
  63. {
  64. crypto_digest_env_t *digest = crypto_new_digest_env();
  65. time_period = htonl(time_period);
  66. crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t));
  67. if (descriptor_cookie) {
  68. crypto_digest_add_bytes(digest, descriptor_cookie,
  69. REND_DESC_COOKIE_LEN);
  70. }
  71. crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN);
  72. crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN);
  73. crypto_free_digest_env(digest);
  74. }
  75. /** Return the time period for time <b>now</b> plus a potentially
  76. * intended <b>deviation</b> of one or more periods, based on the first byte
  77. * of <b>service_id</b>. */
  78. static uint32_t
  79. get_time_period(time_t now, uint8_t deviation, const char *service_id)
  80. {
  81. /* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY
  82. * intervals that have passed since the epoch, offset slightly so that
  83. * each service's time periods start and end at a fraction of that
  84. * period based on their first byte. */
  85. return (uint32_t)
  86. (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
  87. / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation;
  88. }
  89. /** Compute the time in seconds that a descriptor that is generated
  90. * <b>now</b> for <b>service_id</b> will be valid. */
  91. static uint32_t
  92. get_seconds_valid(time_t now, const char *service_id)
  93. {
  94. uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY -
  95. ((uint32_t)
  96. (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
  97. % REND_TIME_PERIOD_V2_DESC_VALIDITY);
  98. return result;
  99. }
  100. /** Compute the binary <b>desc_id_out</b> (DIGEST_LEN bytes long) for a given
  101. * base32-encoded <b>service_id</b> and optional unencoded
  102. * <b>descriptor_cookie</b> of length REND_DESC_COOKIE_LEN,
  103. * at time <b>now</b> for replica number
  104. * <b>replica</b>. <b>desc_id</b> needs to have <b>DIGEST_LEN</b> bytes
  105. * free. Return 0 for success, -1 otherwise. */
  106. int
  107. rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
  108. const char *descriptor_cookie, time_t now,
  109. uint8_t replica)
  110. {
  111. char service_id_binary[REND_SERVICE_ID_LEN];
  112. char secret_id_part[DIGEST_LEN];
  113. uint32_t time_period;
  114. if (!service_id ||
  115. strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
  116. log_warn(LD_REND, "Could not compute v2 descriptor ID: "
  117. "Illegal service ID: %s", safe_str(service_id));
  118. return -1;
  119. }
  120. if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) {
  121. log_warn(LD_REND, "Could not compute v2 descriptor ID: "
  122. "Replica number out of range: %d", replica);
  123. return -1;
  124. }
  125. /* Convert service ID to binary. */
  126. if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN,
  127. service_id, REND_SERVICE_ID_LEN_BASE32) < 0) {
  128. log_warn(LD_REND, "Could not compute v2 descriptor ID: "
  129. "Illegal characters in service ID: %s",
  130. safe_str(service_id));
  131. return -1;
  132. }
  133. /* Calculate current time-period. */
  134. time_period = get_time_period(now, 0, service_id_binary);
  135. /* Calculate secret-id-part = h(time-period + replica). */
  136. get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
  137. replica);
  138. /* Calculate descriptor ID. */
  139. rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part);
  140. return 0;
  141. }
  142. /** Encode the introduction points in <b>desc</b> and write the result to a
  143. * newly allocated string pointed to by <b>encoded</b>. Return 0 for
  144. * success, -1 otherwise. */
  145. static int
  146. rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc)
  147. {
  148. size_t unenc_len;
  149. char *unenc = NULL;
  150. size_t unenc_written = 0;
  151. int i;
  152. int r = -1;
  153. /* Assemble unencrypted list of introduction points. */
  154. unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */
  155. unenc = tor_malloc_zero(unenc_len);
  156. for (i = 0; i < smartlist_len(desc->intro_nodes); i++) {
  157. char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1];
  158. char *onion_key = NULL;
  159. size_t onion_key_len;
  160. crypto_pk_env_t *intro_key;
  161. char *service_key = NULL;
  162. char *address = NULL;
  163. size_t service_key_len;
  164. int res;
  165. rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
  166. /* Obtain extend info with introduction point details. */
  167. extend_info_t *info = intro->extend_info;
  168. /* Encode introduction point ID. */
  169. base32_encode(id_base32, sizeof(id_base32),
  170. info->identity_digest, DIGEST_LEN);
  171. /* Encode onion key. */
  172. if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key,
  173. &onion_key_len) < 0) {
  174. log_warn(LD_REND, "Could not write onion key.");
  175. goto done;
  176. }
  177. /* Encode intro key. */
  178. intro_key = intro->intro_key;
  179. if (!intro_key ||
  180. crypto_pk_write_public_key_to_string(intro_key, &service_key,
  181. &service_key_len) < 0) {
  182. log_warn(LD_REND, "Could not write intro key.");
  183. tor_free(onion_key);
  184. goto done;
  185. }
  186. /* Assemble everything for this introduction point. */
  187. address = tor_dup_addr(&info->addr);
  188. res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written,
  189. "introduction-point %s\n"
  190. "ip-address %s\n"
  191. "onion-port %d\n"
  192. "onion-key\n%s"
  193. "service-key\n%s",
  194. id_base32,
  195. address,
  196. info->port,
  197. onion_key,
  198. service_key);
  199. tor_free(address);
  200. tor_free(onion_key);
  201. tor_free(service_key);
  202. if (res < 0) {
  203. log_warn(LD_REND, "Not enough space for writing introduction point "
  204. "string.");
  205. goto done;
  206. }
  207. /* Update total number of written bytes for unencrypted intro points. */
  208. unenc_written += res;
  209. }
  210. /* Finalize unencrypted introduction points. */
  211. if (unenc_len < unenc_written + 2) {
  212. log_warn(LD_REND, "Not enough space for finalizing introduction point "
  213. "string.");
  214. goto done;
  215. }
  216. unenc[unenc_written++] = '\n';
  217. unenc[unenc_written++] = 0;
  218. *encoded = unenc;
  219. r = 0;
  220. done:
  221. if (r<0)
  222. tor_free(unenc);
  223. return r;
  224. }
  225. /** Encrypt the encoded introduction points in <b>encoded</b> using
  226. * authorization type 'basic' with <b>client_cookies</b> and write the
  227. * result to a newly allocated string pointed to by <b>encrypted_out</b> of
  228. * length <b>encrypted_len_out</b>. Return 0 for success, -1 otherwise. */
  229. static int
  230. rend_encrypt_v2_intro_points_basic(char **encrypted_out,
  231. size_t *encrypted_len_out,
  232. const char *encoded,
  233. smartlist_t *client_cookies)
  234. {
  235. int r = -1, i, pos, enclen, client_blocks;
  236. size_t len, client_entries_len;
  237. char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL,
  238. session_key[CIPHER_KEY_LEN];
  239. smartlist_t *encrypted_session_keys = NULL;
  240. crypto_digest_env_t *digest;
  241. crypto_cipher_env_t *cipher;
  242. tor_assert(encoded);
  243. tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
  244. /* Generate session key. */
  245. if (crypto_rand(session_key, CIPHER_KEY_LEN) < 0) {
  246. log_warn(LD_REND, "Unable to generate random session key to encrypt "
  247. "introduction point string.");
  248. goto done;
  249. }
  250. /* Determine length of encrypted introduction points including session
  251. * keys. */
  252. client_blocks = 1 + ((smartlist_len(client_cookies) - 1) /
  253. REND_BASIC_AUTH_CLIENT_MULTIPLE);
  254. client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
  255. REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
  256. len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded);
  257. if (client_blocks >= 256) {
  258. log_warn(LD_REND, "Too many clients in introduction point string.");
  259. goto done;
  260. }
  261. enc = tor_malloc_zero(len);
  262. enc[0] = 0x01; /* type of authorization. */
  263. enc[1] = (uint8_t)client_blocks;
  264. /* Encrypt with random session key. */
  265. cipher = crypto_create_init_cipher(session_key, 1);
  266. enclen = crypto_cipher_encrypt_with_iv(cipher,
  267. enc + 2 + client_entries_len,
  268. CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
  269. crypto_free_cipher_env(cipher);
  270. if (enclen < 0) {
  271. log_warn(LD_REND, "Could not encrypt introduction point string.");
  272. goto done;
  273. }
  274. memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN);
  275. /* Encrypt session key for cookies, determine client IDs, and put both
  276. * in a smartlist. */
  277. encrypted_session_keys = smartlist_create();
  278. SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
  279. client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
  280. /* Encrypt session key. */
  281. cipher = crypto_create_init_cipher(cookie, 1);
  282. if (crypto_cipher_encrypt(cipher, client_part +
  283. REND_BASIC_AUTH_CLIENT_ID_LEN,
  284. session_key, CIPHER_KEY_LEN) < 0) {
  285. log_warn(LD_REND, "Could not encrypt session key for client.");
  286. crypto_free_cipher_env(cipher);
  287. tor_free(client_part);
  288. goto done;
  289. }
  290. crypto_free_cipher_env(cipher);
  291. /* Determine client ID. */
  292. digest = crypto_new_digest_env();
  293. crypto_digest_add_bytes(digest, cookie, REND_DESC_COOKIE_LEN);
  294. crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
  295. crypto_digest_get_digest(digest, client_part,
  296. REND_BASIC_AUTH_CLIENT_ID_LEN);
  297. crypto_free_digest_env(digest);
  298. /* Put both together. */
  299. smartlist_add(encrypted_session_keys, client_part);
  300. } SMARTLIST_FOREACH_END(cookie);
  301. /* Add some fake client IDs and encrypted session keys. */
  302. for (i = (smartlist_len(client_cookies) - 1) %
  303. REND_BASIC_AUTH_CLIENT_MULTIPLE;
  304. i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) {
  305. client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
  306. if (crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN) < 0) {
  307. log_warn(LD_REND, "Unable to generate fake client entry.");
  308. tor_free(client_part);
  309. goto done;
  310. }
  311. smartlist_add(encrypted_session_keys, client_part);
  312. }
  313. /* Sort smartlist and put elements in result in order. */
  314. smartlist_sort_digests(encrypted_session_keys);
  315. pos = 2;
  316. SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, {
  317. memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
  318. pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
  319. });
  320. *encrypted_out = enc;
  321. *encrypted_len_out = len;
  322. enc = NULL; /* prevent free. */
  323. r = 0;
  324. done:
  325. tor_free(enc);
  326. if (encrypted_session_keys) {
  327. SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d););
  328. smartlist_free(encrypted_session_keys);
  329. }
  330. return r;
  331. }
  332. /** Encrypt the encoded introduction points in <b>encoded</b> using
  333. * authorization type 'stealth' with <b>descriptor_cookie</b> of length
  334. * REND_DESC_COOKIE_LEN and write the result to a newly allocated string
  335. * pointed to by <b>encrypted_out</b> of length <b>encrypted_len_out</b>.
  336. * Return 0 for success, -1 otherwise. */
  337. static int
  338. rend_encrypt_v2_intro_points_stealth(char **encrypted_out,
  339. size_t *encrypted_len_out,
  340. const char *encoded,
  341. const char *descriptor_cookie)
  342. {
  343. int r = -1, enclen;
  344. crypto_cipher_env_t *cipher;
  345. char *enc;
  346. tor_assert(encoded);
  347. tor_assert(descriptor_cookie);
  348. enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded));
  349. enc[0] = 0x02; /* Auth type */
  350. cipher = crypto_create_init_cipher(descriptor_cookie, 1);
  351. enclen = crypto_cipher_encrypt_with_iv(cipher, enc + 1,
  352. CIPHER_IV_LEN+strlen(encoded),
  353. encoded, strlen(encoded));
  354. crypto_free_cipher_env(cipher);
  355. if (enclen < 0) {
  356. log_warn(LD_REND, "Could not encrypt introduction point string.");
  357. goto done;
  358. }
  359. *encrypted_out = enc;
  360. *encrypted_len_out = enclen;
  361. enc = NULL; /* prevent free */
  362. r = 0;
  363. done:
  364. tor_free(enc);
  365. return r;
  366. }
  367. /** Attempt to parse the given <b>desc_str</b> and return true if this
  368. * succeeds, false otherwise. */
  369. static int
  370. rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc)
  371. {
  372. rend_service_descriptor_t *test_parsed = NULL;
  373. char test_desc_id[DIGEST_LEN];
  374. char *test_intro_content = NULL;
  375. size_t test_intro_size;
  376. size_t test_encoded_size;
  377. const char *test_next;
  378. int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id,
  379. &test_intro_content,
  380. &test_intro_size,
  381. &test_encoded_size,
  382. &test_next, desc->desc_str);
  383. if (test_parsed)
  384. rend_service_descriptor_free(test_parsed);
  385. tor_free(test_intro_content);
  386. return (res >= 0);
  387. }
  388. /** Free the storage held by an encoded v2 service descriptor. */
  389. void
  390. rend_encoded_v2_service_descriptor_free(
  391. rend_encoded_v2_service_descriptor_t *desc)
  392. {
  393. tor_free(desc->desc_str);
  394. tor_free(desc);
  395. }
  396. /** Free the storage held by an introduction point info. */
  397. void
  398. rend_intro_point_free(rend_intro_point_t *intro)
  399. {
  400. if (intro->extend_info)
  401. extend_info_free(intro->extend_info);
  402. if (intro->intro_key)
  403. crypto_free_pk_env(intro->intro_key);
  404. tor_free(intro);
  405. }
  406. /** Encode a set of rend_encoded_v2_service_descriptor_t's for <b>desc</b>
  407. * at time <b>now</b> using <b>service_key</b>, depending on
  408. * <b>auth_type</b> a <b>descriptor_cookie</b> and a list of
  409. * <b>client_cookies</b> (which are both <b>NULL</b> if no client
  410. * authorization is performed), and <b>period</b> (e.g. 0 for the current
  411. * period, 1 for the next period, etc.) and add them to the existing list
  412. * <b>descs_out</b>; return the number of seconds that the descriptors will
  413. * be found by clients, or -1 if the encoding was not successful. */
  414. int
  415. rend_encode_v2_descriptors(smartlist_t *descs_out,
  416. rend_service_descriptor_t *desc, time_t now,
  417. uint8_t period, rend_auth_type_t auth_type,
  418. crypto_pk_env_t *client_key,
  419. smartlist_t *client_cookies)
  420. {
  421. char service_id[DIGEST_LEN];
  422. uint32_t time_period;
  423. char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL,
  424. *descriptor_cookie = NULL;
  425. size_t ipos_len = 0, ipos_encrypted_len = 0;
  426. int k;
  427. uint32_t seconds_valid;
  428. crypto_pk_env_t *service_key;
  429. if (!desc) {
  430. log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
  431. return -1;
  432. }
  433. service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk;
  434. tor_assert(service_key);
  435. if (auth_type == REND_STEALTH_AUTH) {
  436. descriptor_cookie = smartlist_get(client_cookies, 0);
  437. tor_assert(descriptor_cookie);
  438. }
  439. /* Obtain service_id from public key. */
  440. crypto_pk_get_digest(service_key, service_id);
  441. /* Calculate current time-period. */
  442. time_period = get_time_period(now, period, service_id);
  443. /* Determine how many seconds the descriptor will be valid. */
  444. seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY +
  445. get_seconds_valid(now, service_id);
  446. /* Assemble, possibly encrypt, and encode introduction points. */
  447. if (smartlist_len(desc->intro_nodes) > 0) {
  448. if (rend_encode_v2_intro_points(&ipos, desc) < 0) {
  449. log_warn(LD_REND, "Encoding of introduction points did not succeed.");
  450. return -1;
  451. }
  452. switch (auth_type) {
  453. case REND_NO_AUTH:
  454. ipos_len = strlen(ipos);
  455. break;
  456. case REND_BASIC_AUTH:
  457. if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted,
  458. &ipos_encrypted_len, ipos,
  459. client_cookies) < 0) {
  460. log_warn(LD_REND, "Encrypting of introduction points did not "
  461. "succeed.");
  462. tor_free(ipos);
  463. return -1;
  464. }
  465. tor_free(ipos);
  466. ipos = ipos_encrypted;
  467. ipos_len = ipos_encrypted_len;
  468. break;
  469. case REND_STEALTH_AUTH:
  470. if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted,
  471. &ipos_encrypted_len, ipos,
  472. descriptor_cookie) < 0) {
  473. log_warn(LD_REND, "Encrypting of introduction points did not "
  474. "succeed.");
  475. tor_free(ipos);
  476. return -1;
  477. }
  478. tor_free(ipos);
  479. ipos = ipos_encrypted;
  480. ipos_len = ipos_encrypted_len;
  481. break;
  482. default:
  483. log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d",
  484. (int)auth_type);
  485. tor_free(ipos);
  486. return -1;
  487. }
  488. /* Base64-encode introduction points. */
  489. ipos_base64 = tor_malloc_zero(ipos_len * 2);
  490. if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len)<0) {
  491. log_warn(LD_REND, "Could not encode introduction point string to "
  492. "base64. length=%d", (int)ipos_len);
  493. tor_free(ipos_base64);
  494. tor_free(ipos);
  495. return -1;
  496. }
  497. tor_free(ipos);
  498. }
  499. /* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */
  500. for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) {
  501. char secret_id_part[DIGEST_LEN];
  502. char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1];
  503. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  504. char *permanent_key = NULL;
  505. size_t permanent_key_len;
  506. char published[ISO_TIME_LEN+1];
  507. int i;
  508. char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */
  509. size_t protocol_versions_written;
  510. size_t desc_len;
  511. char *desc_str = NULL;
  512. int result = 0;
  513. size_t written = 0;
  514. char desc_digest[DIGEST_LEN];
  515. rend_encoded_v2_service_descriptor_t *enc =
  516. tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
  517. /* Calculate secret-id-part = h(time-period + cookie + replica). */
  518. get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
  519. k);
  520. base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32),
  521. secret_id_part, DIGEST_LEN);
  522. /* Calculate descriptor ID. */
  523. rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part);
  524. base32_encode(desc_id_base32, sizeof(desc_id_base32),
  525. enc->desc_id, DIGEST_LEN);
  526. /* PEM-encode the public key */
  527. if (crypto_pk_write_public_key_to_string(service_key, &permanent_key,
  528. &permanent_key_len) < 0) {
  529. log_warn(LD_BUG, "Could not write public key to string.");
  530. rend_encoded_v2_service_descriptor_free(enc);
  531. goto err;
  532. }
  533. /* Encode timestamp. */
  534. format_iso_time(published, desc->timestamp);
  535. /* Write protocol-versions bitmask to comma-separated value string. */
  536. protocol_versions_written = 0;
  537. for (i = 0; i < 8; i++) {
  538. if (desc->protocols & 1 << i) {
  539. tor_snprintf(protocol_versions_string + protocol_versions_written,
  540. 16 - protocol_versions_written, "%d,", i);
  541. protocol_versions_written += 2;
  542. }
  543. }
  544. if (protocol_versions_written)
  545. protocol_versions_string[protocol_versions_written - 1] = '\0';
  546. else
  547. protocol_versions_string[0]= '\0';
  548. /* Assemble complete descriptor. */
  549. desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long,
  550. but okay.*/
  551. enc->desc_str = desc_str = tor_malloc_zero(desc_len);
  552. result = tor_snprintf(desc_str, desc_len,
  553. "rendezvous-service-descriptor %s\n"
  554. "version 2\n"
  555. "permanent-key\n%s"
  556. "secret-id-part %s\n"
  557. "publication-time %s\n"
  558. "protocol-versions %s\n",
  559. desc_id_base32,
  560. permanent_key,
  561. secret_id_part_base32,
  562. published,
  563. protocol_versions_string);
  564. tor_free(permanent_key);
  565. if (result < 0) {
  566. log_warn(LD_BUG, "Descriptor ran out of room.");
  567. rend_encoded_v2_service_descriptor_free(enc);
  568. goto err;
  569. }
  570. written = result;
  571. /* Add introduction points. */
  572. if (ipos_base64) {
  573. result = tor_snprintf(desc_str + written, desc_len - written,
  574. "introduction-points\n"
  575. "-----BEGIN MESSAGE-----\n%s"
  576. "-----END MESSAGE-----\n",
  577. ipos_base64);
  578. if (result < 0) {
  579. log_warn(LD_BUG, "could not write introduction points.");
  580. rend_encoded_v2_service_descriptor_free(enc);
  581. goto err;
  582. }
  583. written += result;
  584. }
  585. /* Add signature. */
  586. strlcpy(desc_str + written, "signature\n", desc_len - written);
  587. written += strlen(desc_str + written);
  588. if (crypto_digest(desc_digest, desc_str, written) < 0) {
  589. log_warn(LD_BUG, "could not create digest.");
  590. rend_encoded_v2_service_descriptor_free(enc);
  591. goto err;
  592. }
  593. if (router_append_dirobj_signature(desc_str + written,
  594. desc_len - written,
  595. desc_digest, service_key) < 0) {
  596. log_warn(LD_BUG, "Couldn't sign desc.");
  597. rend_encoded_v2_service_descriptor_free(enc);
  598. goto err;
  599. }
  600. written += strlen(desc_str+written);
  601. if (written+2 > desc_len) {
  602. log_warn(LD_BUG, "Could not finish desc.");
  603. rend_encoded_v2_service_descriptor_free(enc);
  604. goto err;
  605. }
  606. desc_str[written++] = '\n';
  607. desc_str[written++] = 0;
  608. /* Check if we can parse our own descriptor. */
  609. if (!rend_desc_v2_is_parsable(enc)) {
  610. log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str);
  611. rend_encoded_v2_service_descriptor_free(enc);
  612. goto err;
  613. }
  614. smartlist_add(descs_out, enc);
  615. }
  616. log_info(LD_REND, "Successfully encoded a v2 descriptor and "
  617. "confirmed that it is parsable.");
  618. goto done;
  619. err:
  620. SMARTLIST_FOREACH(descs_out, rend_encoded_v2_service_descriptor_t *, d,
  621. rend_encoded_v2_service_descriptor_free(d););
  622. smartlist_clear(descs_out);
  623. seconds_valid = -1;
  624. done:
  625. tor_free(ipos_base64);
  626. return seconds_valid;
  627. }
  628. /** Encode a service descriptor for <b>desc</b>, and sign it with
  629. * <b>key</b>. Store the descriptor in *<b>str_out</b>, and set
  630. * *<b>len_out</b> to its length.
  631. */
  632. int
  633. rend_encode_service_descriptor(rend_service_descriptor_t *desc,
  634. crypto_pk_env_t *key,
  635. char **str_out, size_t *len_out)
  636. {
  637. char *cp;
  638. char *end;
  639. int i, r;
  640. size_t asn1len;
  641. size_t buflen =
  642. PK_BYTES*2*(smartlist_len(desc->intro_nodes)+2);/*Too long, but ok*/
  643. cp = *str_out = tor_malloc(buflen);
  644. end = cp + PK_BYTES*2*(smartlist_len(desc->intro_nodes)+1);
  645. r = crypto_pk_asn1_encode(desc->pk, cp+2, end-(cp+2));
  646. if (r < 0) {
  647. tor_free(*str_out);
  648. return -1;
  649. }
  650. asn1len = r;
  651. set_uint16(cp, htons((uint16_t)asn1len));
  652. cp += 2+asn1len;
  653. set_uint32(cp, htonl((uint32_t)desc->timestamp));
  654. cp += 4;
  655. set_uint16(cp, htons((uint16_t)smartlist_len(desc->intro_nodes)));
  656. cp += 2;
  657. for (i=0; i < smartlist_len(desc->intro_nodes); ++i) {
  658. rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
  659. char ipoint[HEX_DIGEST_LEN+2];
  660. const size_t ipoint_len = HEX_DIGEST_LEN+1;
  661. ipoint[0] = '$';
  662. base16_encode(ipoint+1, HEX_DIGEST_LEN+1,
  663. intro->extend_info->identity_digest,
  664. DIGEST_LEN);
  665. tor_assert(strlen(ipoint) == ipoint_len);
  666. /* Assert that appending ipoint and its NUL won't over overrun the
  667. * buffer. */
  668. tor_assert(cp + ipoint_len+1 < *str_out + buflen);
  669. memcpy(cp, ipoint, ipoint_len+1);
  670. cp += ipoint_len+1;
  671. }
  672. note_crypto_pk_op(REND_SERVER);
  673. r = crypto_pk_private_sign_digest(key,
  674. cp, buflen - (cp - *str_out),
  675. *str_out, cp-*str_out);
  676. if (r<0) {
  677. tor_free(*str_out);
  678. return -1;
  679. }
  680. cp += r;
  681. *len_out = (size_t)(cp-*str_out);
  682. return 0;
  683. }
  684. /** Parse a service descriptor at <b>str</b> (<b>len</b> bytes). On
  685. * success, return a newly alloced service_descriptor_t. On failure,
  686. * return NULL.
  687. */
  688. rend_service_descriptor_t *
  689. rend_parse_service_descriptor(const char *str, size_t len)
  690. {
  691. rend_service_descriptor_t *result = NULL;
  692. int i, n_intro_points;
  693. size_t keylen, asn1len;
  694. const char *end, *cp, *eos;
  695. rend_intro_point_t *intro;
  696. result = tor_malloc_zero(sizeof(rend_service_descriptor_t));
  697. cp = str;
  698. end = str+len;
  699. if (end-cp<2) goto truncated;
  700. result->version = 0;
  701. if (end-cp < 2) goto truncated;
  702. asn1len = ntohs(get_uint16(cp));
  703. cp += 2;
  704. if ((size_t)(end-cp) < asn1len) goto truncated;
  705. result->pk = crypto_pk_asn1_decode(cp, asn1len);
  706. if (!result->pk) goto truncated;
  707. cp += asn1len;
  708. if (end-cp < 4) goto truncated;
  709. result->timestamp = (time_t) ntohl(get_uint32(cp));
  710. cp += 4;
  711. result->protocols = 1<<2; /* always use intro format 2 */
  712. if (end-cp < 2) goto truncated;
  713. n_intro_points = ntohs(get_uint16(cp));
  714. cp += 2;
  715. result->intro_nodes = smartlist_create();
  716. for (i=0;i<n_intro_points;++i) {
  717. if (end-cp < 2) goto truncated;
  718. eos = (const char *)memchr(cp,'\0',end-cp);
  719. if (!eos) goto truncated;
  720. /* Write nickname to extend info, but postpone the lookup whether
  721. * we know that router. It's not part of the parsing process. */
  722. intro = tor_malloc_zero(sizeof(rend_intro_point_t));
  723. intro->extend_info = tor_malloc_zero(sizeof(extend_info_t));
  724. strlcpy(intro->extend_info->nickname, cp,
  725. sizeof(intro->extend_info->nickname));
  726. smartlist_add(result->intro_nodes, intro);
  727. cp = eos+1;
  728. }
  729. keylen = crypto_pk_keysize(result->pk);
  730. tor_assert(end-cp >= 0);
  731. if ((size_t)(end-cp) < keylen) goto truncated;
  732. if ((size_t)(end-cp) > keylen) {
  733. log_warn(LD_PROTOCOL,
  734. "Signature is %d bytes too long on service descriptor.",
  735. (int)((size_t)(end-cp) - keylen));
  736. goto error;
  737. }
  738. note_crypto_pk_op(REND_CLIENT);
  739. if (crypto_pk_public_checksig_digest(result->pk,
  740. (char*)str,cp-str, /* data */
  741. (char*)cp,end-cp /* signature*/
  742. )<0) {
  743. log_warn(LD_PROTOCOL, "Bad signature on service descriptor.");
  744. goto error;
  745. }
  746. return result;
  747. truncated:
  748. log_warn(LD_PROTOCOL, "Truncated service descriptor.");
  749. error:
  750. rend_service_descriptor_free(result);
  751. return NULL;
  752. }
  753. /** Sets <b>out</b> to the first 10 bytes of the digest of <b>pk</b>,
  754. * base32 encoded. NUL-terminates out. (We use this string to
  755. * identify services in directory requests and .onion URLs.)
  756. */
  757. int
  758. rend_get_service_id(crypto_pk_env_t *pk, char *out)
  759. {
  760. char buf[DIGEST_LEN];
  761. tor_assert(pk);
  762. if (crypto_pk_get_digest(pk, buf) < 0)
  763. return -1;
  764. base32_encode(out, REND_SERVICE_ID_LEN_BASE32+1, buf, REND_SERVICE_ID_LEN);
  765. return 0;
  766. }
  767. /* ==== Rendezvous service descriptor cache. */
  768. /** How old do we let hidden service descriptors get before discarding
  769. * them as too old? */
  770. #define REND_CACHE_MAX_AGE (2*24*60*60)
  771. /** How wrong do we assume our clock may be when checking whether hidden
  772. * services are too old or too new? */
  773. #define REND_CACHE_MAX_SKEW (24*60*60)
  774. /** Map from service id (as generated by rend_get_service_id) to
  775. * rend_cache_entry_t. */
  776. static strmap_t *rend_cache = NULL;
  777. /** Map from descriptor id to rend_cache_entry_t; only for hidden service
  778. * directories. */
  779. static digestmap_t *rend_cache_v2_dir = NULL;
  780. /** Initializes the service descriptor cache.
  781. */
  782. void
  783. rend_cache_init(void)
  784. {
  785. rend_cache = strmap_new();
  786. rend_cache_v2_dir = digestmap_new();
  787. }
  788. /** Helper: free storage held by a single service descriptor cache entry. */
  789. static void
  790. _rend_cache_entry_free(void *p)
  791. {
  792. rend_cache_entry_t *e = p;
  793. rend_service_descriptor_free(e->parsed);
  794. tor_free(e->desc);
  795. tor_free(e);
  796. }
  797. /** Free all storage held by the service descriptor cache. */
  798. void
  799. rend_cache_free_all(void)
  800. {
  801. if (rend_cache)
  802. strmap_free(rend_cache, _rend_cache_entry_free);
  803. if (rend_cache_v2_dir)
  804. digestmap_free(rend_cache_v2_dir, _rend_cache_entry_free);
  805. rend_cache = NULL;
  806. rend_cache_v2_dir = NULL;
  807. }
  808. /** Removes all old entries from the service descriptor cache.
  809. */
  810. void
  811. rend_cache_clean(void)
  812. {
  813. strmap_iter_t *iter;
  814. const char *key;
  815. void *val;
  816. rend_cache_entry_t *ent;
  817. time_t cutoff;
  818. cutoff = time(NULL) - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
  819. for (iter = strmap_iter_init(rend_cache); !strmap_iter_done(iter); ) {
  820. strmap_iter_get(iter, &key, &val);
  821. ent = (rend_cache_entry_t*)val;
  822. if (ent->parsed->timestamp < cutoff) {
  823. iter = strmap_iter_next_rmv(rend_cache, iter);
  824. _rend_cache_entry_free(ent);
  825. } else {
  826. iter = strmap_iter_next(rend_cache, iter);
  827. }
  828. }
  829. }
  830. /** Remove all old v2 descriptors and those for which this hidden service
  831. * directory is not responsible for any more. */
  832. void
  833. rend_cache_clean_v2_descs_as_dir(void)
  834. {
  835. digestmap_iter_t *iter;
  836. time_t cutoff = time(NULL) - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
  837. for (iter = digestmap_iter_init(rend_cache_v2_dir);
  838. !digestmap_iter_done(iter); ) {
  839. const char *key;
  840. void *val;
  841. rend_cache_entry_t *ent;
  842. digestmap_iter_get(iter, &key, &val);
  843. ent = val;
  844. if (ent->parsed->timestamp < cutoff ||
  845. !hid_serv_responsible_for_desc_id(key)) {
  846. char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  847. base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
  848. log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
  849. safe_str(key_base32));
  850. iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
  851. _rend_cache_entry_free(ent);
  852. } else {
  853. iter = digestmap_iter_next(rend_cache_v2_dir, iter);
  854. }
  855. }
  856. }
  857. /** Determines whether <b>a</b> is in the interval of <b>b</b> (excluded) and
  858. * <b>c</b> (included) in a circular digest ring; returns 1 if this is the
  859. * case, and 0 otherwise.
  860. */
  861. int
  862. rend_id_is_in_interval(const char *a, const char *b, const char *c)
  863. {
  864. int a_b, b_c, c_a;
  865. tor_assert(a);
  866. tor_assert(b);
  867. tor_assert(c);
  868. /* There are five cases in which a is outside the interval ]b,c]: */
  869. a_b = memcmp(a,b,DIGEST_LEN);
  870. if (a_b == 0)
  871. return 0; /* 1. a == b (b is excluded) */
  872. b_c = memcmp(b,c,DIGEST_LEN);
  873. if (b_c == 0)
  874. return 0; /* 2. b == c (interval is empty) */
  875. else if (a_b <= 0 && b_c < 0)
  876. return 0; /* 3. a b c */
  877. c_a = memcmp(c,a,DIGEST_LEN);
  878. if (c_a < 0 && a_b <= 0)
  879. return 0; /* 4. c a b */
  880. else if (b_c < 0 && c_a < 0)
  881. return 0; /* 5. b c a */
  882. /* In the other cases (a c b; b a c; c b a), a is inside the interval. */
  883. return 1;
  884. }
  885. /** Return true iff <b>query</b> is a syntactically valid service ID (as
  886. * generated by rend_get_service_id). */
  887. int
  888. rend_valid_service_id(const char *query)
  889. {
  890. if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
  891. return 0;
  892. if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
  893. return 0;
  894. return 1;
  895. }
  896. /** If we have a cached rend_cache_entry_t for the service ID <b>query</b>
  897. * with <b>version</b>, set *<b>e</b> to that entry and return 1.
  898. * Else return 0. If <b>version</b> is nonnegative, only return an entry
  899. * in that descriptor format version. Otherwise (if <b>version</b> is
  900. * negative), return the most recent format we have.
  901. */
  902. int
  903. rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
  904. {
  905. char key[REND_SERVICE_ID_LEN_BASE32+2]; /* <version><query>\0 */
  906. tor_assert(rend_cache);
  907. if (!rend_valid_service_id(query))
  908. return -1;
  909. *e = NULL;
  910. if (version != 0) {
  911. tor_snprintf(key, sizeof(key), "2%s", query);
  912. *e = strmap_get_lc(rend_cache, key);
  913. }
  914. if (!*e && version != 2) {
  915. tor_snprintf(key, sizeof(key), "0%s", query);
  916. *e = strmap_get_lc(rend_cache, key);
  917. }
  918. if (!*e)
  919. return 0;
  920. return 1;
  921. }
  922. /** <b>query</b> is a base-32'ed service id. If it's malformed, return -1.
  923. * Else look it up.
  924. * - If it is found, point *desc to it, and write its length into
  925. * *desc_len, and return 1.
  926. * - If it is not found, return 0.
  927. * Note: calls to rend_cache_clean or rend_cache_store may invalidate
  928. * *desc.
  929. */
  930. int
  931. rend_cache_lookup_desc(const char *query, int version, const char **desc,
  932. size_t *desc_len)
  933. {
  934. rend_cache_entry_t *e;
  935. int r;
  936. r = rend_cache_lookup_entry(query,version,&e);
  937. if (r <= 0) return r;
  938. *desc = e->desc;
  939. *desc_len = e->len;
  940. return 1;
  941. }
  942. /** Lookup the v2 service descriptor with base32-encoded <b>desc_id</b> and
  943. * copy the pointer to it to *<b>desc</b>. Return 1 on success, 0 on
  944. * well-formed-but-not-found, and -1 on failure.
  945. */
  946. int
  947. rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
  948. {
  949. rend_cache_entry_t *e;
  950. char desc_id_digest[DIGEST_LEN];
  951. tor_assert(rend_cache_v2_dir);
  952. if (base32_decode(desc_id_digest, DIGEST_LEN,
  953. desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) {
  954. log_warn(LD_REND, "Descriptor ID contains illegal characters: %s",
  955. safe_str(desc_id));
  956. return -1;
  957. }
  958. /* Determine if we are responsible. */
  959. if (hid_serv_responsible_for_desc_id(desc_id_digest) < 0) {
  960. log_info(LD_REND, "Could not answer fetch request for v2 descriptor; "
  961. "either we are no hidden service directory, or we are "
  962. "not responsible for the requested ID.");
  963. return -1;
  964. }
  965. /* Lookup descriptor and return. */
  966. e = digestmap_get(rend_cache_v2_dir, desc_id_digest);
  967. if (e) {
  968. *desc = e->desc;
  969. return 1;
  970. }
  971. return 0;
  972. }
  973. /** Parse *desc, calculate its service id, and store it in the cache.
  974. * If we have a newer v0 descriptor with the same ID, ignore this one.
  975. * If we have an older descriptor with the same ID, replace it.
  976. * If we are acting as client due to the published flag and have any v2
  977. * descriptor with the same ID, reject this one in order to not get
  978. * confused with having both versions for the same service.
  979. *
  980. * Return -2 if it's malformed or otherwise rejected; return -1 if we
  981. * already have a v2 descriptor here; return 0 if it's the same or older
  982. * than one we've already got; return 1 if it's novel.
  983. *
  984. * The published flag tells us if we store the descriptor
  985. * in our role as directory (1) or if we cache it as client (0).
  986. */
  987. int
  988. rend_cache_store(const char *desc, size_t desc_len, int published)
  989. {
  990. rend_cache_entry_t *e;
  991. rend_service_descriptor_t *parsed;
  992. char query[REND_SERVICE_ID_LEN_BASE32+1];
  993. char key[REND_SERVICE_ID_LEN_BASE32+2]; /* 0<query>\0 */
  994. time_t now;
  995. or_options_t *options = get_options();
  996. tor_assert(rend_cache);
  997. parsed = rend_parse_service_descriptor(desc,desc_len);
  998. if (!parsed) {
  999. log_warn(LD_PROTOCOL,"Couldn't parse service descriptor.");
  1000. return -2;
  1001. }
  1002. if (rend_get_service_id(parsed->pk, query)<0) {
  1003. log_warn(LD_BUG,"Couldn't compute service ID.");
  1004. rend_service_descriptor_free(parsed);
  1005. return -2;
  1006. }
  1007. now = time(NULL);
  1008. if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
  1009. log_fn(LOG_PROTOCOL_WARN, LD_REND,
  1010. "Service descriptor %s is too old.", safe_str(query));
  1011. rend_service_descriptor_free(parsed);
  1012. return -2;
  1013. }
  1014. if (parsed->timestamp > now+REND_CACHE_MAX_SKEW) {
  1015. log_fn(LOG_PROTOCOL_WARN, LD_REND,
  1016. "Service descriptor %s is too far in the future.", safe_str(query));
  1017. rend_service_descriptor_free(parsed);
  1018. return -2;
  1019. }
  1020. /* Do we have a v2 descriptor and fetched this descriptor as a client? */
  1021. tor_snprintf(key, sizeof(key), "2%s", query);
  1022. if (!published && strmap_get_lc(rend_cache, key)) {
  1023. log_info(LD_REND, "We already have a v2 descriptor for service %s.",
  1024. safe_str(query));
  1025. rend_service_descriptor_free(parsed);
  1026. return -1;
  1027. }
  1028. /* report novel publication to statistics */
  1029. if (published && options->HSAuthorityRecordStats) {
  1030. hs_usage_note_publish_total(query, now);
  1031. }
  1032. tor_snprintf(key, sizeof(key), "0%s", query);
  1033. e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
  1034. if (e && e->parsed->timestamp > parsed->timestamp) {
  1035. log_info(LD_REND,"We already have a newer service descriptor %s with the "
  1036. "same ID and version.", safe_str(query));
  1037. rend_service_descriptor_free(parsed);
  1038. return 0;
  1039. }
  1040. if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) {
  1041. log_info(LD_REND,"We already have this service descriptor %s.",
  1042. safe_str(query));
  1043. e->received = time(NULL);
  1044. rend_service_descriptor_free(parsed);
  1045. return 0;
  1046. }
  1047. if (!e) {
  1048. e = tor_malloc_zero(sizeof(rend_cache_entry_t));
  1049. strmap_set_lc(rend_cache, key, e);
  1050. /* report novel publication to statistics */
  1051. if (published && options->HSAuthorityRecordStats) {
  1052. hs_usage_note_publish_novel(query, now);
  1053. }
  1054. } else {
  1055. rend_service_descriptor_free(e->parsed);
  1056. tor_free(e->desc);
  1057. }
  1058. e->received = time(NULL);
  1059. e->parsed = parsed;
  1060. e->len = desc_len;
  1061. e->desc = tor_malloc(desc_len);
  1062. memcpy(e->desc, desc, desc_len);
  1063. log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
  1064. safe_str(query), (int)desc_len);
  1065. return 1;
  1066. }
  1067. /** Parse the v2 service descriptor(s) in <b>desc</b> and store it/them to the
  1068. * local rend cache. Don't attempt to decrypt the included list of introduction
  1069. * points (as we don't have a descriptor cookie for it).
  1070. *
  1071. * If we have a newer descriptor with the same ID, ignore this one.
  1072. * If we have an older descriptor with the same ID, replace it.
  1073. * Return -2 if we are not acting as hidden service directory;
  1074. * return -1 if the descriptor(s) were not parsable; return 0 if all
  1075. * descriptors are the same or older than those we've already got;
  1076. * return a positive number for the number of novel stored descriptors.
  1077. */
  1078. int
  1079. rend_cache_store_v2_desc_as_dir(const char *desc)
  1080. {
  1081. rend_service_descriptor_t *parsed;
  1082. char desc_id[DIGEST_LEN];
  1083. char *intro_content;
  1084. size_t intro_size;
  1085. size_t encoded_size;
  1086. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  1087. int number_parsed = 0, number_stored = 0;
  1088. const char *current_desc = desc;
  1089. const char *next_desc;
  1090. rend_cache_entry_t *e;
  1091. time_t now = time(NULL);
  1092. tor_assert(rend_cache_v2_dir);
  1093. tor_assert(desc);
  1094. if (!hid_serv_acting_as_directory()) {
  1095. /* Cannot store descs, because we are (currently) not acting as
  1096. * hidden service directory. */
  1097. log_info(LD_REND, "Cannot store descs: Not acting as hs dir");
  1098. return -2;
  1099. }
  1100. while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
  1101. &intro_size, &encoded_size,
  1102. &next_desc, current_desc) >= 0) {
  1103. number_parsed++;
  1104. /* We don't care about the introduction points. */
  1105. tor_free(intro_content);
  1106. /* For pretty log statements. */
  1107. base32_encode(desc_id_base32, sizeof(desc_id_base32),
  1108. desc_id, DIGEST_LEN);
  1109. /* Is desc ID in the range that we are (directly or indirectly) responsible
  1110. * for? */
  1111. if (!hid_serv_responsible_for_desc_id(desc_id)) {
  1112. log_info(LD_REND, "Service descriptor with desc ID %s is not in "
  1113. "interval that we are responsible for.",
  1114. safe_str(desc_id_base32));
  1115. goto skip;
  1116. }
  1117. /* Is descriptor too old? */
  1118. if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
  1119. log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
  1120. safe_str(desc_id_base32));
  1121. goto skip;
  1122. }
  1123. /* Is descriptor too far in the future? */
  1124. if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
  1125. log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
  1126. "future.",
  1127. safe_str(desc_id_base32));
  1128. goto skip;
  1129. }
  1130. /* Do we already have a newer descriptor? */
  1131. e = digestmap_get(rend_cache_v2_dir, desc_id);
  1132. if (e && e->parsed->timestamp > parsed->timestamp) {
  1133. log_info(LD_REND, "We already have a newer service descriptor with the "
  1134. "same desc ID %s and version.",
  1135. safe_str(desc_id_base32));
  1136. goto skip;
  1137. }
  1138. /* Do we already have this descriptor? */
  1139. if (e && !strcmp(desc, e->desc)) {
  1140. log_info(LD_REND, "We already have this service descriptor with desc "
  1141. "ID %s.", safe_str(desc_id_base32));
  1142. e->received = time(NULL);
  1143. goto skip;
  1144. }
  1145. /* Store received descriptor. */
  1146. if (!e) {
  1147. e = tor_malloc_zero(sizeof(rend_cache_entry_t));
  1148. digestmap_set(rend_cache_v2_dir, desc_id, e);
  1149. } else {
  1150. rend_service_descriptor_free(e->parsed);
  1151. tor_free(e->desc);
  1152. }
  1153. e->received = time(NULL);
  1154. e->parsed = parsed;
  1155. e->desc = tor_strndup(current_desc, encoded_size);
  1156. e->len = encoded_size;
  1157. log_info(LD_REND, "Successfully stored service descriptor with desc ID "
  1158. "'%s' and len %d.",
  1159. safe_str(desc_id_base32), (int)encoded_size);
  1160. number_stored++;
  1161. goto advance;
  1162. skip:
  1163. rend_service_descriptor_free(parsed);
  1164. advance:
  1165. /* advance to next descriptor, if available. */
  1166. current_desc = next_desc;
  1167. /* check if there is a next descriptor. */
  1168. if (!current_desc ||
  1169. strcmpstart(current_desc, "rendezvous-service-descriptor "))
  1170. break;
  1171. }
  1172. if (!number_parsed) {
  1173. log_info(LD_REND, "Could not parse any descriptor.");
  1174. return -1;
  1175. }
  1176. log_info(LD_REND, "Parsed %d and added %d descriptor%s.",
  1177. number_parsed, number_stored, number_stored != 1 ? "s" : "");
  1178. return number_stored;
  1179. }
  1180. /** Parse the v2 service descriptor in <b>desc</b>, decrypt the included list
  1181. * of introduction points with <b>descriptor_cookie</b> (which may also be
  1182. * <b>NULL</b> if decryption is not necessary), and store the descriptor to
  1183. * the local cache under its version and service id.
  1184. *
  1185. * If we have a newer v2 descriptor with the same ID, ignore this one.
  1186. * If we have an older descriptor with the same ID, replace it.
  1187. * If we have any v0 descriptor with the same ID, reject this one in order
  1188. * to not get confused with having both versions for the same service.
  1189. * Return -2 if it's malformed or otherwise rejected; return -1 if we
  1190. * already have a v0 descriptor here; return 0 if it's the same or older
  1191. * than one we've already got; return 1 if it's novel.
  1192. */
  1193. int
  1194. rend_cache_store_v2_desc_as_client(const char *desc,
  1195. const rend_data_t *rend_query)
  1196. {
  1197. /*XXXX this seems to have a bit of duplicate code with
  1198. * rend_cache_store_v2_desc_as_dir(). Fix that. */
  1199. /* Though having similar elements, both functions were separated on
  1200. * purpose:
  1201. * - dirs don't care about encoded/encrypted introduction points, clients
  1202. * do.
  1203. * - dirs store descriptors in a separate cache by descriptor ID, whereas
  1204. * clients store them by service ID; both caches are different data
  1205. * structures and have different access methods.
  1206. * - dirs store a descriptor only if they are responsible for its ID,
  1207. * clients do so in every way (because they have requested it before).
  1208. * - dirs can process multiple concatenated descriptors which is required
  1209. * for replication, whereas clients only accept a single descriptor.
  1210. * Thus, combining both methods would result in a lot of if statements
  1211. * which probably would not improve, but worsen code readability. -KL */
  1212. rend_service_descriptor_t *parsed = NULL;
  1213. char desc_id[DIGEST_LEN];
  1214. char *intro_content = NULL;
  1215. size_t intro_size;
  1216. size_t encoded_size;
  1217. const char *next_desc;
  1218. time_t now = time(NULL);
  1219. char key[REND_SERVICE_ID_LEN_BASE32+2];
  1220. char service_id[REND_SERVICE_ID_LEN_BASE32+1];
  1221. rend_cache_entry_t *e;
  1222. int retval;
  1223. tor_assert(rend_cache);
  1224. tor_assert(desc);
  1225. /* Parse the descriptor. */
  1226. if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
  1227. &intro_size, &encoded_size,
  1228. &next_desc, desc) < 0) {
  1229. log_warn(LD_REND, "Could not parse descriptor.");
  1230. retval = -2;
  1231. goto err;
  1232. }
  1233. /* Compute service ID from public key. */
  1234. if (rend_get_service_id(parsed->pk, service_id)<0) {
  1235. log_warn(LD_REND, "Couldn't compute service ID.");
  1236. retval = -2;
  1237. goto err;
  1238. }
  1239. /* Decode/decrypt introduction points. */
  1240. if (intro_content) {
  1241. if (rend_query->auth_type != REND_NO_AUTH &&
  1242. rend_query->descriptor_cookie) {
  1243. char *ipos_decrypted = NULL;
  1244. size_t ipos_decrypted_size;
  1245. if (rend_decrypt_introduction_points(&ipos_decrypted,
  1246. &ipos_decrypted_size,
  1247. rend_query->descriptor_cookie,
  1248. intro_content,
  1249. intro_size) < 0) {
  1250. log_warn(LD_REND, "Failed to decrypt introduction points. We are "
  1251. "probably unable to parse the encoded introduction points.");
  1252. } else {
  1253. /* Replace encrypted with decrypted introduction points. */
  1254. log_info(LD_REND, "Successfully decrypted introduction points.");
  1255. tor_free(intro_content);
  1256. intro_content = ipos_decrypted;
  1257. intro_size = ipos_decrypted_size;
  1258. }
  1259. }
  1260. if (rend_parse_introduction_points(parsed, intro_content,
  1261. intro_size) <= 0) {
  1262. log_warn(LD_REND, "Failed to parse introduction points. Either the "
  1263. "service has published a corrupt descriptor or you have "
  1264. "provided invalid authorization data.");
  1265. retval = -2;
  1266. goto err;
  1267. }
  1268. } else {
  1269. log_info(LD_REND, "Descriptor does not contain any introduction points.");
  1270. parsed->intro_nodes = smartlist_create();
  1271. }
  1272. /* We don't need the encoded/encrypted introduction points any longer. */
  1273. tor_free(intro_content);
  1274. /* Is descriptor too old? */
  1275. if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
  1276. log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
  1277. safe_str(service_id));
  1278. retval = -2;
  1279. goto err;
  1280. }
  1281. /* Is descriptor too far in the future? */
  1282. if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
  1283. log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
  1284. "the future.", safe_str(service_id));
  1285. retval = -2;
  1286. goto err;
  1287. }
  1288. /* Do we have a v0 descriptor? */
  1289. tor_snprintf(key, sizeof(key), "0%s", service_id);
  1290. if (strmap_get_lc(rend_cache, key)) {
  1291. log_info(LD_REND, "We already have a v0 descriptor for service ID %s.",
  1292. safe_str(service_id));
  1293. retval = -1;
  1294. goto err;
  1295. }
  1296. /* Do we already have a newer descriptor? */
  1297. tor_snprintf(key, sizeof(key), "2%s", service_id);
  1298. e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
  1299. if (e && e->parsed->timestamp > parsed->timestamp) {
  1300. log_info(LD_REND, "We already have a newer service descriptor for "
  1301. "service ID %s with the same desc ID and version.",
  1302. safe_str(service_id));
  1303. retval = 0;
  1304. goto err;
  1305. }
  1306. /* Do we already have this descriptor? */
  1307. if (e && !strcmp(desc, e->desc)) {
  1308. log_info(LD_REND,"We already have this service descriptor %s.",
  1309. safe_str(service_id));
  1310. e->received = time(NULL);
  1311. retval = 0;
  1312. goto err;
  1313. }
  1314. if (!e) {
  1315. e = tor_malloc_zero(sizeof(rend_cache_entry_t));
  1316. strmap_set_lc(rend_cache, key, e);
  1317. } else {
  1318. rend_service_descriptor_free(e->parsed);
  1319. tor_free(e->desc);
  1320. }
  1321. e->received = time(NULL);
  1322. e->parsed = parsed;
  1323. e->desc = tor_malloc_zero(encoded_size + 1);
  1324. strlcpy(e->desc, desc, encoded_size + 1);
  1325. e->len = encoded_size;
  1326. log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
  1327. safe_str(service_id), (int)encoded_size);
  1328. return 1;
  1329. err:
  1330. if (parsed)
  1331. rend_service_descriptor_free(parsed);
  1332. tor_free(intro_content);
  1333. return retval;
  1334. }
  1335. /** Called when we get a rendezvous-related relay cell on circuit
  1336. * <b>circ</b>. Dispatch on rendezvous relay command. */
  1337. void
  1338. rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
  1339. int command, size_t length,
  1340. const uint8_t *payload)
  1341. {
  1342. or_circuit_t *or_circ = NULL;
  1343. origin_circuit_t *origin_circ = NULL;
  1344. int r = -2;
  1345. if (CIRCUIT_IS_ORIGIN(circ)) {
  1346. origin_circ = TO_ORIGIN_CIRCUIT(circ);
  1347. if (!layer_hint || layer_hint != origin_circ->cpath->prev) {
  1348. log_fn(LOG_PROTOCOL_WARN, LD_APP,
  1349. "Relay cell (rend purpose %d) from wrong hop on origin circ",
  1350. command);
  1351. origin_circ = NULL;
  1352. }
  1353. } else {
  1354. or_circ = TO_OR_CIRCUIT(circ);
  1355. }
  1356. switch (command) {
  1357. case RELAY_COMMAND_ESTABLISH_INTRO:
  1358. if (or_circ)
  1359. r = rend_mid_establish_intro(or_circ,payload,length);
  1360. break;
  1361. case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
  1362. if (or_circ)
  1363. r = rend_mid_establish_rendezvous(or_circ,payload,length);
  1364. break;
  1365. case RELAY_COMMAND_INTRODUCE1:
  1366. if (or_circ)
  1367. r = rend_mid_introduce(or_circ,payload,length);
  1368. break;
  1369. case RELAY_COMMAND_INTRODUCE2:
  1370. if (origin_circ)
  1371. r = rend_service_introduce(origin_circ,payload,length);
  1372. break;
  1373. case RELAY_COMMAND_INTRODUCE_ACK:
  1374. if (origin_circ)
  1375. r = rend_client_introduction_acked(origin_circ,payload,length);
  1376. break;
  1377. case RELAY_COMMAND_RENDEZVOUS1:
  1378. if (or_circ)
  1379. r = rend_mid_rendezvous(or_circ,payload,length);
  1380. break;
  1381. case RELAY_COMMAND_RENDEZVOUS2:
  1382. if (origin_circ)
  1383. r = rend_client_receive_rendezvous(origin_circ,payload,length);
  1384. break;
  1385. case RELAY_COMMAND_INTRO_ESTABLISHED:
  1386. if (origin_circ)
  1387. r = rend_service_intro_established(origin_circ,payload,length);
  1388. break;
  1389. case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
  1390. if (origin_circ)
  1391. r = rend_client_rendezvous_acked(origin_circ,payload,length);
  1392. break;
  1393. default:
  1394. tor_fragile_assert();
  1395. }
  1396. if (r == -2)
  1397. log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
  1398. command);
  1399. }
  1400. /** Return the number of entries in our rendezvous descriptor cache. */
  1401. int
  1402. rend_cache_size(void)
  1403. {
  1404. return strmap_size(rend_cache);
  1405. }
  1406. /** Allocate and return a new rend_data_t with the same
  1407. * contents as <b>query</b>. */
  1408. rend_data_t *
  1409. rend_data_dup(const rend_data_t *data)
  1410. {
  1411. tor_assert(data);
  1412. return tor_memdup(data, sizeof(rend_data_t));
  1413. }