diff options
author | Nick Mathewson <nickm@torproject.org> | 2018-07-05 16:31:38 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2018-07-05 17:15:50 -0400 |
commit | 63b4ea22af8e8314dd718f02046de5f4b91edf9d (patch) | |
tree | af52b6fba37f22c86447fd5267dd5eb557807c8b /src/feature/rend/rendcommon.c | |
parent | ce84200542f48a92e8b56a8d032401ecd153e90c (diff) | |
download | tor-63b4ea22af8e8314dd718f02046de5f4b91edf9d.tar.gz tor-63b4ea22af8e8314dd718f02046de5f4b91edf9d.zip |
Move literally everything out of src/or
This commit won't build yet -- it just puts everything in a slightly
more logical place.
The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature". The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.
This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all. That
will have to come in the future.
We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.
Diffstat (limited to 'src/feature/rend/rendcommon.c')
-rw-r--r-- | src/feature/rend/rendcommon.c | 1056 |
1 files changed, 1056 insertions, 0 deletions
diff --git a/src/feature/rend/rendcommon.c b/src/feature/rend/rendcommon.c new file mode 100644 index 0000000000..928dda0128 --- /dev/null +++ b/src/feature/rend/rendcommon.c @@ -0,0 +1,1056 @@ +/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file rendcommon.c + * \brief Rendezvous implementation: shared code between + * introducers, services, clients, and rendezvous points. + **/ + +#define RENDCOMMON_PRIVATE + +#include "or/or.h" +#include "or/circuitbuild.h" +#include "or/circuitlist.h" +#include "or/circuituse.h" +#include "or/config.h" +#include "or/control.h" +#include "lib/crypt_ops/crypto_rand.h" +#include "lib/crypt_ops/crypto_util.h" +#include "or/hs_client.h" +#include "or/hs_common.h" +#include "or/hs_intropoint.h" +#include "or/networkstatus.h" +#include "or/rendclient.h" +#include "or/rendcommon.h" +#include "or/rendmid.h" +#include "or/rendservice.h" +#include "or/rephist.h" +#include "or/replaycache.h" +#include "or/router.h" +#include "or/routerlist.h" +#include "or/routerparse.h" + +#include "or/cpath_build_state_st.h" +#include "or/crypt_path_st.h" +#include "or/extend_info_st.h" +#include "or/networkstatus_st.h" +#include "or/origin_circuit_st.h" +#include "or/rend_encoded_v2_service_descriptor_st.h" +#include "or/rend_intro_point_st.h" +#include "or/rend_service_descriptor_st.h" +#include "or/routerstatus_st.h" + +/** Return 0 if one and two are the same service ids, else -1 or 1 */ +int +rend_cmp_service_ids(const char *one, const char *two) +{ + return strcasecmp(one,two); +} + +/** Free the storage held by the service descriptor <b>desc</b>. + */ +void +rend_service_descriptor_free_(rend_service_descriptor_t *desc) +{ + if (!desc) + return; + if (desc->pk) + crypto_pk_free(desc->pk); + if (desc->intro_nodes) { + SMARTLIST_FOREACH(desc->intro_nodes, rend_intro_point_t *, intro, + rend_intro_point_free(intro);); + smartlist_free(desc->intro_nodes); + } + if (desc->successful_uploads) { + SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c);); + smartlist_free(desc->successful_uploads); + } + tor_free(desc); +} + +/** Length of the descriptor cookie that is used for versioned hidden + * service descriptors. */ +#define REND_DESC_COOKIE_LEN 16 + +/** Length of the replica number that is used to determine the secret ID + * part of versioned hidden service descriptors. */ +#define REND_REPLICA_LEN 1 + +/** Compute the descriptor ID for <b>service_id</b> of length + * <b>REND_SERVICE_ID_LEN</b> and <b>secret_id_part</b> of length + * <b>DIGEST_LEN</b>, and write it to <b>descriptor_id_out</b> of length + * <b>DIGEST_LEN</b>. */ +void +rend_get_descriptor_id_bytes(char *descriptor_id_out, + const char *service_id, + const char *secret_id_part) +{ + crypto_digest_t *digest = crypto_digest_new(); + crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN); + crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN); + crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN); + crypto_digest_free(digest); +} + +/** Compute the secret ID part for time_period, + * a <b>descriptor_cookie</b> of length + * <b>REND_DESC_COOKIE_LEN</b> which may also be <b>NULL</b> if no + * descriptor_cookie shall be used, and <b>replica</b>, and write it to + * <b>secret_id_part</b> of length DIGEST_LEN. */ +static void +get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period, + const char *descriptor_cookie, uint8_t replica) +{ + crypto_digest_t *digest = crypto_digest_new(); + time_period = htonl(time_period); + crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t)); + if (descriptor_cookie) { + crypto_digest_add_bytes(digest, descriptor_cookie, + REND_DESC_COOKIE_LEN); + } + crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN); + crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN); + crypto_digest_free(digest); +} + +/** Return the time period for time <b>now</b> plus a potentially + * intended <b>deviation</b> of one or more periods, based on the first byte + * of <b>service_id</b>. */ +static uint32_t +get_time_period(time_t now, uint8_t deviation, const char *service_id) +{ + /* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY + * intervals that have passed since the epoch, offset slightly so that + * each service's time periods start and end at a fraction of that + * period based on their first byte. */ + return (uint32_t) + (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256) + / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation; +} + +/** Compute the time in seconds that a descriptor that is generated + * <b>now</b> for <b>service_id</b> will be valid. */ +static uint32_t +get_seconds_valid(time_t now, const char *service_id) +{ + uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY - + ((uint32_t) + (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256) + % REND_TIME_PERIOD_V2_DESC_VALIDITY); + return result; +} + +/** Compute the binary <b>desc_id_out</b> (DIGEST_LEN bytes long) for a given + * base32-encoded <b>service_id</b> and optional unencoded + * <b>descriptor_cookie</b> of length REND_DESC_COOKIE_LEN, + * at time <b>now</b> for replica number + * <b>replica</b>. <b>desc_id</b> needs to have <b>DIGEST_LEN</b> bytes + * free. Return 0 for success, -1 otherwise. */ +int +rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, + const char *descriptor_cookie, time_t now, + uint8_t replica) +{ + char service_id_binary[REND_SERVICE_ID_LEN]; + char secret_id_part[DIGEST_LEN]; + uint32_t time_period; + if (!service_id || + strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) { + log_warn(LD_REND, "Could not compute v2 descriptor ID: " + "Illegal service ID: %s", + safe_str(service_id)); + return -1; + } + if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) { + log_warn(LD_REND, "Could not compute v2 descriptor ID: " + "Replica number out of range: %d", replica); + return -1; + } + /* Convert service ID to binary. */ + if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN, + service_id, REND_SERVICE_ID_LEN_BASE32) < 0) { + log_warn(LD_REND, "Could not compute v2 descriptor ID: " + "Illegal characters in service ID: %s", + safe_str_client(service_id)); + return -1; + } + /* Calculate current time-period. */ + time_period = get_time_period(now, 0, service_id_binary); + /* Calculate secret-id-part = h(time-period | desc-cookie | replica). */ + get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie, + replica); + /* Calculate descriptor ID: H(permanent-id | secret-id-part) */ + rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part); + return 0; +} + +/** Encode the introduction points in <b>desc</b> and write the result to a + * newly allocated string pointed to by <b>encoded</b>. Return 0 for + * success, -1 otherwise. */ +static int +rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc) +{ + size_t unenc_len; + char *unenc = NULL; + size_t unenc_written = 0; + int i; + int r = -1; + /* Assemble unencrypted list of introduction points. */ + unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */ + unenc = tor_malloc_zero(unenc_len); + for (i = 0; i < smartlist_len(desc->intro_nodes); i++) { + char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1]; + char *onion_key = NULL; + size_t onion_key_len; + crypto_pk_t *intro_key; + char *service_key = NULL; + char *address = NULL; + size_t service_key_len; + int res; + rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i); + /* Obtain extend info with introduction point details. */ + extend_info_t *info = intro->extend_info; + /* Encode introduction point ID. */ + base32_encode(id_base32, sizeof(id_base32), + info->identity_digest, DIGEST_LEN); + /* Encode onion key. */ + if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key, + &onion_key_len) < 0) { + log_warn(LD_REND, "Could not write onion key."); + goto done; + } + /* Encode intro key. */ + intro_key = intro->intro_key; + if (!intro_key || + crypto_pk_write_public_key_to_string(intro_key, &service_key, + &service_key_len) < 0) { + log_warn(LD_REND, "Could not write intro key."); + tor_free(onion_key); + goto done; + } + /* Assemble everything for this introduction point. */ + address = tor_addr_to_str_dup(&info->addr); + res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written, + "introduction-point %s\n" + "ip-address %s\n" + "onion-port %d\n" + "onion-key\n%s" + "service-key\n%s", + id_base32, + address, + info->port, + onion_key, + service_key); + tor_free(address); + tor_free(onion_key); + tor_free(service_key); + if (res < 0) { + log_warn(LD_REND, "Not enough space for writing introduction point " + "string."); + goto done; + } + /* Update total number of written bytes for unencrypted intro points. */ + unenc_written += res; + } + /* Finalize unencrypted introduction points. */ + if (unenc_len < unenc_written + 2) { + log_warn(LD_REND, "Not enough space for finalizing introduction point " + "string."); + goto done; + } + unenc[unenc_written++] = '\n'; + unenc[unenc_written++] = 0; + *encoded = unenc; + r = 0; + done: + if (r<0) + tor_free(unenc); + return r; +} + +/** Encrypt the encoded introduction points in <b>encoded</b> using + * authorization type 'basic' with <b>client_cookies</b> and write the + * result to a newly allocated string pointed to by <b>encrypted_out</b> of + * length <b>encrypted_len_out</b>. Return 0 for success, -1 otherwise. */ +static int +rend_encrypt_v2_intro_points_basic(char **encrypted_out, + size_t *encrypted_len_out, + const char *encoded, + smartlist_t *client_cookies) +{ + int r = -1, i, pos, enclen, client_blocks; + size_t len, client_entries_len; + char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL, + session_key[CIPHER_KEY_LEN]; + smartlist_t *encrypted_session_keys = NULL; + crypto_digest_t *digest; + crypto_cipher_t *cipher; + tor_assert(encoded); + tor_assert(client_cookies && smartlist_len(client_cookies) > 0); + + /* Generate session key. */ + crypto_rand(session_key, CIPHER_KEY_LEN); + + /* Determine length of encrypted introduction points including session + * keys. */ + client_blocks = 1 + ((smartlist_len(client_cookies) - 1) / + REND_BASIC_AUTH_CLIENT_MULTIPLE); + client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE * + REND_BASIC_AUTH_CLIENT_ENTRY_LEN; + len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded); + if (client_blocks >= 256) { + log_warn(LD_REND, "Too many clients in introduction point string."); + goto done; + } + enc = tor_malloc_zero(len); + enc[0] = 0x01; /* type of authorization. */ + enc[1] = (uint8_t)client_blocks; + + /* Encrypt with random session key. */ + enclen = crypto_cipher_encrypt_with_iv(session_key, + enc + 2 + client_entries_len, + CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded)); + + if (enclen < 0) { + log_warn(LD_REND, "Could not encrypt introduction point string."); + goto done; + } + memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN); + + /* Encrypt session key for cookies, determine client IDs, and put both + * in a smartlist. */ + encrypted_session_keys = smartlist_new(); + SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) { + client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN); + /* Encrypt session key. */ + cipher = crypto_cipher_new(cookie); + if (crypto_cipher_encrypt(cipher, client_part + + REND_BASIC_AUTH_CLIENT_ID_LEN, + session_key, CIPHER_KEY_LEN) < 0) { + log_warn(LD_REND, "Could not encrypt session key for client."); + crypto_cipher_free(cipher); + tor_free(client_part); + goto done; + } + crypto_cipher_free(cipher); + + /* Determine client ID. */ + digest = crypto_digest_new(); + crypto_digest_add_bytes(digest, cookie, REND_DESC_COOKIE_LEN); + crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN); + crypto_digest_get_digest(digest, client_part, + REND_BASIC_AUTH_CLIENT_ID_LEN); + crypto_digest_free(digest); + + /* Put both together. */ + smartlist_add(encrypted_session_keys, client_part); + } SMARTLIST_FOREACH_END(cookie); + + /* Add some fake client IDs and encrypted session keys. */ + for (i = (smartlist_len(client_cookies) - 1) % + REND_BASIC_AUTH_CLIENT_MULTIPLE; + i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) { + client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN); + crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN); + smartlist_add(encrypted_session_keys, client_part); + } + /* Sort smartlist and put elements in result in order. */ + smartlist_sort_digests(encrypted_session_keys); + pos = 2; + SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, { + memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN); + pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN; + }); + *encrypted_out = enc; + *encrypted_len_out = len; + enc = NULL; /* prevent free. */ + r = 0; + done: + tor_free(enc); + if (encrypted_session_keys) { + SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d);); + smartlist_free(encrypted_session_keys); + } + return r; +} + +/** Encrypt the encoded introduction points in <b>encoded</b> using + * authorization type 'stealth' with <b>descriptor_cookie</b> of length + * REND_DESC_COOKIE_LEN and write the result to a newly allocated string + * pointed to by <b>encrypted_out</b> of length <b>encrypted_len_out</b>. + * Return 0 for success, -1 otherwise. */ +static int +rend_encrypt_v2_intro_points_stealth(char **encrypted_out, + size_t *encrypted_len_out, + const char *encoded, + const char *descriptor_cookie) +{ + int r = -1, enclen; + char *enc; + tor_assert(encoded); + tor_assert(descriptor_cookie); + + enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded)); + enc[0] = 0x02; /* Auth type */ + enclen = crypto_cipher_encrypt_with_iv(descriptor_cookie, + enc + 1, + CIPHER_IV_LEN+strlen(encoded), + encoded, strlen(encoded)); + if (enclen < 0) { + log_warn(LD_REND, "Could not encrypt introduction point string."); + goto done; + } + *encrypted_out = enc; + *encrypted_len_out = enclen; + enc = NULL; /* prevent free */ + r = 0; + done: + tor_free(enc); + return r; +} + +/** Attempt to parse the given <b>desc_str</b> and return true if this + * succeeds, false otherwise. */ +STATIC int +rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc) +{ + rend_service_descriptor_t *test_parsed = NULL; + char test_desc_id[DIGEST_LEN]; + char *test_intro_content = NULL; + size_t test_intro_size; + size_t test_encoded_size; + const char *test_next; + int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id, + &test_intro_content, + &test_intro_size, + &test_encoded_size, + &test_next, desc->desc_str, 1); + rend_service_descriptor_free(test_parsed); + tor_free(test_intro_content); + return (res >= 0); +} + +/** Free the storage held by an encoded v2 service descriptor. */ +void +rend_encoded_v2_service_descriptor_free_( + rend_encoded_v2_service_descriptor_t *desc) +{ + if (!desc) + return; + tor_free(desc->desc_str); + tor_free(desc); +} + +/** Free the storage held by an introduction point info. */ +void +rend_intro_point_free_(rend_intro_point_t *intro) +{ + if (!intro) + return; + + extend_info_free(intro->extend_info); + crypto_pk_free(intro->intro_key); + + if (intro->accepted_intro_rsa_parts != NULL) { + replaycache_free(intro->accepted_intro_rsa_parts); + } + + tor_free(intro); +} + +/** Encode a set of rend_encoded_v2_service_descriptor_t's for <b>desc</b> + * at time <b>now</b> using <b>service_key</b>, depending on + * <b>auth_type</b> a <b>descriptor_cookie</b> and a list of + * <b>client_cookies</b> (which are both <b>NULL</b> if no client + * authorization is performed), and <b>period</b> (e.g. 0 for the current + * period, 1 for the next period, etc.) and add them to the existing list + * <b>descs_out</b>; return the number of seconds that the descriptors will + * be found by clients, or -1 if the encoding was not successful. */ +int +rend_encode_v2_descriptors(smartlist_t *descs_out, + rend_service_descriptor_t *desc, time_t now, + uint8_t period, rend_auth_type_t auth_type, + crypto_pk_t *client_key, + smartlist_t *client_cookies) +{ + char service_id[DIGEST_LEN]; + char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1]; + uint32_t time_period; + char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL, + *descriptor_cookie = NULL; + size_t ipos_len = 0, ipos_encrypted_len = 0; + int k; + uint32_t seconds_valid; + crypto_pk_t *service_key; + if (!desc) { + log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given."); + return -1; + } + service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk; + tor_assert(service_key); + if (auth_type == REND_STEALTH_AUTH) { + descriptor_cookie = smartlist_get(client_cookies, 0); + tor_assert(descriptor_cookie); + } + /* Obtain service_id from public key. */ + if (crypto_pk_get_digest(service_key, service_id) < 0) { + log_warn(LD_BUG, "Couldn't compute service key digest."); + return -1; + } + /* Calculate current time-period. */ + time_period = get_time_period(now, period, service_id); + /* Determine how many seconds the descriptor will be valid. */ + seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY + + get_seconds_valid(now, service_id); + /* Assemble, possibly encrypt, and encode introduction points. */ + if (smartlist_len(desc->intro_nodes) > 0) { + if (rend_encode_v2_intro_points(&ipos, desc) < 0) { + log_warn(LD_REND, "Encoding of introduction points did not succeed."); + return -1; + } + switch (auth_type) { + case REND_NO_AUTH: + ipos_len = strlen(ipos); + break; + case REND_BASIC_AUTH: + if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted, + &ipos_encrypted_len, ipos, + client_cookies) < 0) { + log_warn(LD_REND, "Encrypting of introduction points did not " + "succeed."); + tor_free(ipos); + return -1; + } + tor_free(ipos); + ipos = ipos_encrypted; + ipos_len = ipos_encrypted_len; + break; + case REND_STEALTH_AUTH: + if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted, + &ipos_encrypted_len, ipos, + descriptor_cookie) < 0) { + log_warn(LD_REND, "Encrypting of introduction points did not " + "succeed."); + tor_free(ipos); + return -1; + } + tor_free(ipos); + ipos = ipos_encrypted; + ipos_len = ipos_encrypted_len; + break; + default: + log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d", + (int)auth_type); + tor_free(ipos); + return -1; + } + /* Base64-encode introduction points. */ + ipos_base64 = tor_calloc(ipos_len, 2); + if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len, + BASE64_ENCODE_MULTILINE)<0) { + log_warn(LD_REND, "Could not encode introduction point string to " + "base64. length=%d", (int)ipos_len); + tor_free(ipos_base64); + tor_free(ipos); + return -1; + } + tor_free(ipos); + } + /* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */ + for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) { + char secret_id_part[DIGEST_LEN]; + char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1]; + char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; + char *permanent_key = NULL; + size_t permanent_key_len; + char published[ISO_TIME_LEN+1]; + int i; + char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */ + size_t protocol_versions_written; + size_t desc_len; + char *desc_str = NULL; + int result = 0; + size_t written = 0; + char desc_digest[DIGEST_LEN]; + rend_encoded_v2_service_descriptor_t *enc = + tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t)); + /* Calculate secret-id-part = h(time-period | cookie | replica). */ + get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie, + k); + base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32), + secret_id_part, DIGEST_LEN); + /* Calculate descriptor ID. */ + rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part); + base32_encode(desc_id_base32, sizeof(desc_id_base32), + enc->desc_id, DIGEST_LEN); + /* PEM-encode the public key */ + if (crypto_pk_write_public_key_to_string(service_key, &permanent_key, + &permanent_key_len) < 0) { + log_warn(LD_BUG, "Could not write public key to string."); + rend_encoded_v2_service_descriptor_free(enc); + goto err; + } + /* Encode timestamp. */ + format_iso_time(published, desc->timestamp); + /* Write protocol-versions bitmask to comma-separated value string. */ + protocol_versions_written = 0; + for (i = 0; i < 8; i++) { + if (desc->protocols & 1 << i) { + tor_snprintf(protocol_versions_string + protocol_versions_written, + 16 - protocol_versions_written, "%d,", i); + protocol_versions_written += 2; + } + } + if (protocol_versions_written) + protocol_versions_string[protocol_versions_written - 1] = '\0'; + else + protocol_versions_string[0]= '\0'; + /* Assemble complete descriptor. */ + desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long, + but okay.*/ + enc->desc_str = desc_str = tor_malloc_zero(desc_len); + result = tor_snprintf(desc_str, desc_len, + "rendezvous-service-descriptor %s\n" + "version 2\n" + "permanent-key\n%s" + "secret-id-part %s\n" + "publication-time %s\n" + "protocol-versions %s\n", + desc_id_base32, + permanent_key, + secret_id_part_base32, + published, + protocol_versions_string); + tor_free(permanent_key); + if (result < 0) { + log_warn(LD_BUG, "Descriptor ran out of room."); + rend_encoded_v2_service_descriptor_free(enc); + goto err; + } + written = result; + /* Add introduction points. */ + if (ipos_base64) { + result = tor_snprintf(desc_str + written, desc_len - written, + "introduction-points\n" + "-----BEGIN MESSAGE-----\n%s" + "-----END MESSAGE-----\n", + ipos_base64); + if (result < 0) { + log_warn(LD_BUG, "could not write introduction points."); + rend_encoded_v2_service_descriptor_free(enc); + goto err; + } + written += result; + } + /* Add signature. */ + strlcpy(desc_str + written, "signature\n", desc_len - written); + written += strlen(desc_str + written); + if (crypto_digest(desc_digest, desc_str, written) < 0) { + log_warn(LD_BUG, "could not create digest."); + rend_encoded_v2_service_descriptor_free(enc); + goto err; + } + if (router_append_dirobj_signature(desc_str + written, + desc_len - written, + desc_digest, DIGEST_LEN, + service_key) < 0) { + log_warn(LD_BUG, "Couldn't sign desc."); + rend_encoded_v2_service_descriptor_free(enc); + goto err; + } + written += strlen(desc_str+written); + if (written+2 > desc_len) { + log_warn(LD_BUG, "Could not finish desc."); + rend_encoded_v2_service_descriptor_free(enc); + goto err; + } + desc_str[written++] = 0; + /* Check if we can parse our own descriptor. */ + if (!rend_desc_v2_is_parsable(enc)) { + log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str); + rend_encoded_v2_service_descriptor_free(enc); + goto err; + } + smartlist_add(descs_out, enc); + /* Add the uploaded descriptor to the local service's descriptor cache */ + rend_cache_store_v2_desc_as_service(enc->desc_str); + base32_encode(service_id_base32, sizeof(service_id_base32), + service_id, REND_SERVICE_ID_LEN); + control_event_hs_descriptor_created(service_id_base32, desc_id_base32, k); + } + + log_info(LD_REND, "Successfully encoded a v2 descriptor and " + "confirmed that it is parsable."); + goto done; + + err: + SMARTLIST_FOREACH(descs_out, rend_encoded_v2_service_descriptor_t *, d, + rend_encoded_v2_service_descriptor_free(d);); + smartlist_clear(descs_out); + seconds_valid = -1; + + done: + tor_free(ipos_base64); + return seconds_valid; +} + +/** Sets <b>out</b> to the first 10 bytes of the digest of <b>pk</b>, + * base32 encoded. NUL-terminates out. (We use this string to + * identify services in directory requests and .onion URLs.) + */ +int +rend_get_service_id(crypto_pk_t *pk, char *out) +{ + char buf[DIGEST_LEN]; + tor_assert(pk); + if (crypto_pk_get_digest(pk, buf) < 0) + return -1; + base32_encode(out, REND_SERVICE_ID_LEN_BASE32+1, buf, REND_SERVICE_ID_LEN); + return 0; +} + +/** Return true iff <b>query</b> is a syntactically valid service ID (as + * generated by rend_get_service_id). */ +int +rend_valid_v2_service_id(const char *query) +{ + if (strlen(query) != REND_SERVICE_ID_LEN_BASE32) + return 0; + + if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32) + return 0; + + return 1; +} + +/** Return true iff <b>query</b> is a syntactically valid descriptor ID. + * (as generated by rend_get_descriptor_id_bytes). */ +int +rend_valid_descriptor_id(const char *query) +{ + if (strlen(query) != REND_DESC_ID_V2_LEN_BASE32) { + goto invalid; + } + if (strspn(query, BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) { + goto invalid; + } + + return 1; + + invalid: + return 0; +} + +/** Return true iff <b>client_name</b> is a syntactically valid name + * for rendezvous client authentication. */ +int +rend_valid_client_name(const char *client_name) +{ + size_t len = strlen(client_name); + if (len < 1 || len > REND_CLIENTNAME_MAX_LEN) { + return 0; + } + if (strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) { + return 0; + } + + return 1; +} + +/** Called when we get a rendezvous-related relay cell on circuit + * <b>circ</b>. Dispatch on rendezvous relay command. */ +void +rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, + int command, size_t length, + const uint8_t *payload) +{ + or_circuit_t *or_circ = NULL; + origin_circuit_t *origin_circ = NULL; + int r = -2; + if (CIRCUIT_IS_ORIGIN(circ)) { + origin_circ = TO_ORIGIN_CIRCUIT(circ); + if (!layer_hint || layer_hint != origin_circ->cpath->prev) { + log_fn(LOG_PROTOCOL_WARN, LD_APP, + "Relay cell (rend purpose %d) from wrong hop on origin circ", + command); + origin_circ = NULL; + } + } else { + or_circ = TO_OR_CIRCUIT(circ); + } + + switch (command) { + case RELAY_COMMAND_ESTABLISH_INTRO: + if (or_circ) + r = hs_intro_received_establish_intro(or_circ,payload,length); + break; + case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: + if (or_circ) + r = rend_mid_establish_rendezvous(or_circ,payload,length); + break; + case RELAY_COMMAND_INTRODUCE1: + if (or_circ) + r = hs_intro_received_introduce1(or_circ,payload,length); + break; + case RELAY_COMMAND_INTRODUCE2: + if (origin_circ) + r = hs_service_receive_introduce2(origin_circ,payload,length); + break; + case RELAY_COMMAND_INTRODUCE_ACK: + if (origin_circ) + r = hs_client_receive_introduce_ack(origin_circ,payload,length); + break; + case RELAY_COMMAND_RENDEZVOUS1: + if (or_circ) + r = rend_mid_rendezvous(or_circ,payload,length); + break; + case RELAY_COMMAND_RENDEZVOUS2: + if (origin_circ) + r = hs_client_receive_rendezvous2(origin_circ,payload,length); + break; + case RELAY_COMMAND_INTRO_ESTABLISHED: + if (origin_circ) + r = hs_service_receive_intro_established(origin_circ,payload,length); + break; + case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED: + if (origin_circ) + r = hs_client_receive_rendezvous_acked(origin_circ,payload,length); + break; + default: + tor_fragile_assert(); + } + + if (r == 0 && origin_circ) { + /* This was a valid cell. Count it as delivered + overhead. */ + circuit_read_valid_data(origin_circ, length); + } + + if (r == -2) + log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.", + command); +} + +/** Determine the routers that are responsible for <b>id</b> (binary) and + * add pointers to those routers' routerstatus_t to <b>responsible_dirs</b>. + * Return -1 if we're returning an empty smartlist, else return 0. + */ +int +hid_serv_get_responsible_directories(smartlist_t *responsible_dirs, + const char *id) +{ + int start, found, n_added = 0, i; + networkstatus_t *c = networkstatus_get_latest_consensus(); + if (!c || !smartlist_len(c->routerstatus_list)) { + log_warn(LD_REND, "We don't have a consensus, so we can't perform v2 " + "rendezvous operations."); + return -1; + } + tor_assert(id); + start = networkstatus_vote_find_entry_idx(c, id, &found); + if (start == smartlist_len(c->routerstatus_list)) start = 0; + i = start; + do { + routerstatus_t *r = smartlist_get(c->routerstatus_list, i); + if (r->is_hs_dir) { + smartlist_add(responsible_dirs, r); + if (++n_added == REND_NUMBER_OF_CONSECUTIVE_REPLICAS) + return 0; + } + if (++i == smartlist_len(c->routerstatus_list)) + i = 0; + } while (i != start); + + /* Even though we don't have the desired number of hidden service + * directories, be happy if we got any. */ + return smartlist_len(responsible_dirs) ? 0 : -1; +} + +/* Length of the 'extended' auth cookie used to encode auth type before + * base64 encoding. */ +#define REND_DESC_COOKIE_LEN_EXT (REND_DESC_COOKIE_LEN + 1) +/* Length of the zero-padded auth cookie when base64 encoded. These two + * padding bytes always (A=) are stripped off of the returned cookie. */ +#define REND_DESC_COOKIE_LEN_EXT_BASE64 (REND_DESC_COOKIE_LEN_BASE64 + 2) + +/** Encode a client authorization descriptor cookie. + * The result of this function is suitable for use in the HidServAuth + * option. The trailing padding characters are removed, and the + * auth type is encoded into the cookie. + * + * Returns a new base64-encoded cookie. This function cannot fail. + * The caller is responsible for freeing the returned value. + */ +char * +rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type) +{ + uint8_t extended_cookie[REND_DESC_COOKIE_LEN_EXT]; + char *cookie_out = tor_malloc_zero(REND_DESC_COOKIE_LEN_EXT_BASE64 + 1); + int re; + + tor_assert(cookie_in); + + memcpy(extended_cookie, cookie_in, REND_DESC_COOKIE_LEN); + extended_cookie[REND_DESC_COOKIE_LEN] = ((int)auth_type - 1) << 4; + re = base64_encode(cookie_out, REND_DESC_COOKIE_LEN_EXT_BASE64 + 1, + (const char *) extended_cookie, REND_DESC_COOKIE_LEN_EXT, + 0); + tor_assert(re == REND_DESC_COOKIE_LEN_EXT_BASE64); + + /* Remove the trailing 'A='. Auth type is encoded in the high bits + * of the last byte, so the last base64 character will always be zero + * (A). This is subtly different behavior from base64_encode_nopad. */ + cookie_out[REND_DESC_COOKIE_LEN_BASE64] = '\0'; + memwipe(extended_cookie, 0, sizeof(extended_cookie)); + return cookie_out; +} + +/** Decode a base64-encoded client authorization descriptor cookie. + * The descriptor_cookie can be truncated to REND_DESC_COOKIE_LEN_BASE64 + * characters (as given to clients), or may include the two padding + * characters (as stored by the service). + * + * The result is stored in REND_DESC_COOKIE_LEN bytes of cookie_out. + * The rend_auth_type_t decoded from the cookie is stored in the + * optional auth_type_out parameter. + * + * Return 0 on success, or -1 on error. The caller is responsible for + * freeing the returned err_msg. + */ +int +rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out, + rend_auth_type_t *auth_type_out, char **err_msg_out) +{ + uint8_t descriptor_cookie_decoded[REND_DESC_COOKIE_LEN_EXT + 1] = { 0 }; + char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_EXT_BASE64 + 1]; + const char *descriptor_cookie = cookie_in; + char *err_msg = NULL; + int auth_type_val = 0; + int res = -1; + int decoded_len; + + size_t len = strlen(descriptor_cookie); + if (len == REND_DESC_COOKIE_LEN_BASE64) { + /* Add a trailing zero byte to make base64-decoding happy. */ + tor_snprintf(descriptor_cookie_base64ext, + sizeof(descriptor_cookie_base64ext), + "%sA=", descriptor_cookie); + descriptor_cookie = descriptor_cookie_base64ext; + } else if (len != REND_DESC_COOKIE_LEN_EXT_BASE64) { + tor_asprintf(&err_msg, "Authorization cookie has wrong length: %s", + escaped(cookie_in)); + goto err; + } + + decoded_len = base64_decode((char *) descriptor_cookie_decoded, + sizeof(descriptor_cookie_decoded), + descriptor_cookie, + REND_DESC_COOKIE_LEN_EXT_BASE64); + if (decoded_len != REND_DESC_COOKIE_LEN && + decoded_len != REND_DESC_COOKIE_LEN_EXT) { + tor_asprintf(&err_msg, "Authorization cookie has invalid characters: %s", + escaped(cookie_in)); + goto err; + } + + if (auth_type_out) { + auth_type_val = (descriptor_cookie_decoded[REND_DESC_COOKIE_LEN] >> 4) + 1; + if (auth_type_val < 1 || auth_type_val > 2) { + tor_asprintf(&err_msg, "Authorization cookie type is unknown: %s", + escaped(cookie_in)); + goto err; + } + *auth_type_out = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH; + } + + memcpy(cookie_out, descriptor_cookie_decoded, REND_DESC_COOKIE_LEN); + res = 0; + err: + if (err_msg_out) { + *err_msg_out = err_msg; + } else { + tor_free(err_msg); + } + memwipe(descriptor_cookie_decoded, 0, sizeof(descriptor_cookie_decoded)); + memwipe(descriptor_cookie_base64ext, 0, sizeof(descriptor_cookie_base64ext)); + return res; +} + +/* Is this a rend client or server that allows direct (non-anonymous) + * connections? + * Clients must be specifically compiled and configured in this mode. + * Onion services can be configured to start in this mode. + * Prefer rend_client_allow_non_anonymous_connection() or + * rend_service_allow_non_anonymous_connection() whenever possible, so that + * checks are specific to Single Onion Services or Tor2web. */ +int +rend_allow_non_anonymous_connection(const or_options_t* options) +{ + return (rend_client_allow_non_anonymous_connection(options) + || rend_service_allow_non_anonymous_connection(options)); +} + +/* Is this a rend client or server in non-anonymous mode? + * Clients must be specifically compiled in this mode. + * Onion services can be configured to start in this mode. + * Prefer rend_client_non_anonymous_mode_enabled() or + * rend_service_non_anonymous_mode_enabled() whenever possible, so that checks + * are specific to Single Onion Services or Tor2web. */ +int +rend_non_anonymous_mode_enabled(const or_options_t *options) +{ + return (rend_client_non_anonymous_mode_enabled(options) + || rend_service_non_anonymous_mode_enabled(options)); +} + +/* Make sure that tor only builds one-hop circuits when they would not + * compromise user anonymity. + * + * One-hop circuits are permitted in Tor2web or Single Onion modes. + * + * Tor2web or Single Onion modes are also allowed to make multi-hop circuits. + * For example, single onion HSDir circuits are 3-hop to prevent denial of + * service. + */ +void +assert_circ_anonymity_ok(const origin_circuit_t *circ, + const or_options_t *options) +{ + tor_assert(options); + tor_assert(circ); + tor_assert(circ->build_state); + + if (circ->build_state->onehop_tunnel) { + tor_assert(rend_allow_non_anonymous_connection(options)); + } +} + +/* Return 1 iff the given <b>digest</b> of a permenanent hidden service key is + * equal to the digest in the origin circuit <b>ocirc</b> of its rend data . + * If the rend data doesn't exist, 0 is returned. This function is agnostic to + * the rend data version. */ +int +rend_circuit_pk_digest_eq(const origin_circuit_t *ocirc, + const uint8_t *digest) +{ + size_t rend_pk_digest_len; + const uint8_t *rend_pk_digest; + + tor_assert(ocirc); + tor_assert(digest); + + if (ocirc->rend_data == NULL) { + goto no_match; + } + + rend_pk_digest = rend_data_get_pk_digest(ocirc->rend_data, + &rend_pk_digest_len); + if (tor_memeq(rend_pk_digest, digest, rend_pk_digest_len)) { + goto match; + } + no_match: + return 0; + match: + return 1; +} |