search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Send control port events for timeouts.
[tor.git] / src / or / rendcommon.c
blobec6680b1e66e18395f8f51cf6803542aae6e1f0a
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2010, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4
5 /**
6 * \file rendcommon.c
7 * \brief Rendezvous implementation: shared code between
8 * introducers, services, clients, and rendezvous points.
9 **/
10
11 #include "or.h"
12 #include "circuitbuild.h"
13 #include "config.h"
14 #include "rendclient.h"
15 #include "rendcommon.h"
16 #include "rendmid.h"
17 #include "rendservice.h"
18 #include "rephist.h"
19 #include "routerlist.h"
20 #include "routerparse.h"
21
22 /** Return 0 if one and two are the same service ids, else -1 or 1 */
23 int
24 rend_cmp_service_ids(const char *one, const char *two)
25 {
26 return strcasecmp(one,two);
27 }
28
29 /** Free the storage held by the service descriptor <b>desc</b>.
30 */
31 void
32 rend_service_descriptor_free(rend_service_descriptor_t *desc)
33 {
34 if (!desc)
35 return;
36 if (desc->pk)
37 crypto_free_pk_env(desc->pk);
38 if (desc->intro_nodes) {
39 SMARTLIST_FOREACH(desc->intro_nodes, rend_intro_point_t *, intro,
40 rend_intro_point_free(intro););
41 smartlist_free(desc->intro_nodes);
42 }
43 if (desc->successful_uploads) {
44 SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c););
45 smartlist_free(desc->successful_uploads);
46 }
47 tor_free(desc);
48 }
49
50 /** Length of the descriptor cookie that is used for versioned hidden
51 * service descriptors. */
52 #define REND_DESC_COOKIE_LEN 16
53
54 /** Length of the replica number that is used to determine the secret ID
55 * part of versioned hidden service descriptors. */
56 #define REND_REPLICA_LEN 1
57
58 /** Compute the descriptor ID for <b>service_id</b> of length
59 * <b>REND_SERVICE_ID_LEN</b> and <b>secret_id_part</b> of length
60 * <b>DIGEST_LEN</b>, and write it to <b>descriptor_id_out</b> of length
61 * <b>DIGEST_LEN</b>. */
62 void
63 rend_get_descriptor_id_bytes(char *descriptor_id_out,
64 const char *service_id,
65 const char *secret_id_part)
66 {
67 crypto_digest_env_t *digest = crypto_new_digest_env();
68 crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
69 crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
70 crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
71 crypto_free_digest_env(digest);
72 }
73
74 /** Compute the secret ID part for time_period,
75 * a <b>descriptor_cookie</b> of length
76 * <b>REND_DESC_COOKIE_LEN</b> which may also be <b>NULL</b> if no
77 * descriptor_cookie shall be used, and <b>replica</b>, and write it to
78 * <b>secret_id_part</b> of length DIGEST_LEN. */
79 static void
80 get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
81 const char *descriptor_cookie, uint8_t replica)
82 {
83 crypto_digest_env_t *digest = crypto_new_digest_env();
84 time_period = htonl(time_period);
85 crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t));
86 if (descriptor_cookie) {
87 crypto_digest_add_bytes(digest, descriptor_cookie,
88 REND_DESC_COOKIE_LEN);
89 }
90 crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN);
91 crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN);
92 crypto_free_digest_env(digest);
93 }
94
95 /** Return the time period for time <b>now</b> plus a potentially
96 * intended <b>deviation</b> of one or more periods, based on the first byte
97 * of <b>service_id</b>. */
98 static uint32_t
99 get_time_period(time_t now, uint8_t deviation, const char *service_id)
100 {
101 /* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY
102 * intervals that have passed since the epoch, offset slightly so that
103 * each service's time periods start and end at a fraction of that
104 * period based on their first byte. */
105 return (uint32_t)
106 (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
107 / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation;
108 }
109
110 /** Compute the time in seconds that a descriptor that is generated
111 * <b>now</b> for <b>service_id</b> will be valid. */
112 static uint32_t
113 get_seconds_valid(time_t now, const char *service_id)
114 {
115 uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY -
116 ((uint32_t)
117 (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256)
118 % REND_TIME_PERIOD_V2_DESC_VALIDITY);
119 return result;
120 }
121
122 /** Compute the binary <b>desc_id_out</b> (DIGEST_LEN bytes long) for a given
123 * base32-encoded <b>service_id</b> and optional unencoded
124 * <b>descriptor_cookie</b> of length REND_DESC_COOKIE_LEN,
125 * at time <b>now</b> for replica number
126 * <b>replica</b>. <b>desc_id</b> needs to have <b>DIGEST_LEN</b> bytes
127 * free. Return 0 for success, -1 otherwise. */
128 int
129 rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
130 const char *descriptor_cookie, time_t now,
131 uint8_t replica)
132 {
133 char service_id_binary[REND_SERVICE_ID_LEN];
134 char secret_id_part[DIGEST_LEN];
135 uint32_t time_period;
136 if (!service_id ||
137 strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
138 log_warn(LD_REND, "Could not compute v2 descriptor ID: "
139 "Illegal service ID: %s",
140 safe_str(service_id));
141 return -1;
142 }
143 if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) {
144 log_warn(LD_REND, "Could not compute v2 descriptor ID: "
145 "Replica number out of range: %d", replica);
146 return -1;
147 }
148 /* Convert service ID to binary. */
149 if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN,
150 service_id, REND_SERVICE_ID_LEN_BASE32) < 0) {
151 log_warn(LD_REND, "Could not compute v2 descriptor ID: "
152 "Illegal characters in service ID: %s",
153 safe_str_client(service_id));
154 return -1;
155 }
156 /* Calculate current time-period. */
157 time_period = get_time_period(now, 0, service_id_binary);
158 /* Calculate secret-id-part = h(time-period + replica). */
159 get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
160 replica);
161 /* Calculate descriptor ID. */
162 rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part);
163 return 0;
164 }
165
166 /** Encode the introduction points in <b>desc</b> and write the result to a
167 * newly allocated string pointed to by <b>encoded</b>. Return 0 for
168 * success, -1 otherwise. */
169 static int
170 rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc)
171 {
172 size_t unenc_len;
173 char *unenc = NULL;
174 size_t unenc_written = 0;
175 int i;
176 int r = -1;
177 /* Assemble unencrypted list of introduction points. */
178 unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */
179 unenc = tor_malloc_zero(unenc_len);
180 for (i = 0; i < smartlist_len(desc->intro_nodes); i++) {
181 char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1];
182 char *onion_key = NULL;
183 size_t onion_key_len;
184 crypto_pk_env_t *intro_key;
185 char *service_key = NULL;
186 char *address = NULL;
187 size_t service_key_len;
188 int res;
189 rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i);
190 /* Obtain extend info with introduction point details. */
191 extend_info_t *info = intro->extend_info;
192 /* Encode introduction point ID. */
193 base32_encode(id_base32, sizeof(id_base32),
194 info->identity_digest, DIGEST_LEN);
195 /* Encode onion key. */
196 if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key,
197 &onion_key_len) < 0) {
198 log_warn(LD_REND, "Could not write onion key.");
199 goto done;
200 }
201 /* Encode intro key. */
202 intro_key = intro->intro_key;
203 if (!intro_key ||
204 crypto_pk_write_public_key_to_string(intro_key, &service_key,
205 &service_key_len) < 0) {
206 log_warn(LD_REND, "Could not write intro key.");
207 tor_free(onion_key);
208 goto done;
209 }
210 /* Assemble everything for this introduction point. */
211 address = tor_dup_addr(&info->addr);
212 res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written,
213 "introduction-point %s\n"
214 "ip-address %s\n"
215 "onion-port %d\n"
216 "onion-key\n%s"
217 "service-key\n%s",
218 id_base32,
219 address,
220 info->port,
221 onion_key,
222 service_key);
223 tor_free(address);
224 tor_free(onion_key);
225 tor_free(service_key);
226 if (res < 0) {
227 log_warn(LD_REND, "Not enough space for writing introduction point "
228 "string.");
229 goto done;
230 }
231 /* Update total number of written bytes for unencrypted intro points. */
232 unenc_written += res;
233 }
234 /* Finalize unencrypted introduction points. */
235 if (unenc_len < unenc_written + 2) {
236 log_warn(LD_REND, "Not enough space for finalizing introduction point "
237 "string.");
238 goto done;
239 }
240 unenc[unenc_written++] = '\n';
241 unenc[unenc_written++] = 0;
242 *encoded = unenc;
243 r = 0;
244 done:
245 if (r<0)
246 tor_free(unenc);
247 return r;
248 }
249
250 /** Encrypt the encoded introduction points in <b>encoded</b> using
251 * authorization type 'basic' with <b>client_cookies</b> and write the
252 * result to a newly allocated string pointed to by <b>encrypted_out</b> of
253 * length <b>encrypted_len_out</b>. Return 0 for success, -1 otherwise. */
254 static int
255 rend_encrypt_v2_intro_points_basic(char **encrypted_out,
256 size_t *encrypted_len_out,
257 const char *encoded,
258 smartlist_t *client_cookies)
259 {
260 int r = -1, i, pos, enclen, client_blocks;
261 size_t len, client_entries_len;
262 char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL,
263 session_key[CIPHER_KEY_LEN];
264 smartlist_t *encrypted_session_keys = NULL;
265 crypto_digest_env_t *digest;
266 crypto_cipher_env_t *cipher;
267 tor_assert(encoded);
268 tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
269
270 /* Generate session key. */
271 if (crypto_rand(session_key, CIPHER_KEY_LEN) < 0) {
272 log_warn(LD_REND, "Unable to generate random session key to encrypt "
273 "introduction point string.");
274 goto done;
275 }
276
277 /* Determine length of encrypted introduction points including session
278 * keys. */
279 client_blocks = 1 + ((smartlist_len(client_cookies) - 1) /
280 REND_BASIC_AUTH_CLIENT_MULTIPLE);
281 client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
282 REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
283 len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded);
284 if (client_blocks >= 256) {
285 log_warn(LD_REND, "Too many clients in introduction point string.");
286 goto done;
287 }
288 enc = tor_malloc_zero(len);
289 enc[0] = 0x01; /* type of authorization. */
290 enc[1] = (uint8_t)client_blocks;
291
292 /* Encrypt with random session key. */
293 cipher = crypto_create_init_cipher(session_key, 1);
294 enclen = crypto_cipher_encrypt_with_iv(cipher,
295 enc + 2 + client_entries_len,
296 CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
297 crypto_free_cipher_env(cipher);
298 if (enclen < 0) {
299 log_warn(LD_REND, "Could not encrypt introduction point string.");
300 goto done;
301 }
302 memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN);
303
304 /* Encrypt session key for cookies, determine client IDs, and put both
305 * in a smartlist. */
306 encrypted_session_keys = smartlist_create();
307 SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
308 client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
309 /* Encrypt session key. */
310 cipher = crypto_create_init_cipher(cookie, 1);
311 if (crypto_cipher_encrypt(cipher, client_part +
312 REND_BASIC_AUTH_CLIENT_ID_LEN,
313 session_key, CIPHER_KEY_LEN) < 0) {
314 log_warn(LD_REND, "Could not encrypt session key for client.");
315 crypto_free_cipher_env(cipher);
316 tor_free(client_part);
317 goto done;
318 }
319 crypto_free_cipher_env(cipher);
320
321 /* Determine client ID. */
322 digest = crypto_new_digest_env();
323 crypto_digest_add_bytes(digest, cookie, REND_DESC_COOKIE_LEN);
324 crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
325 crypto_digest_get_digest(digest, client_part,
326 REND_BASIC_AUTH_CLIENT_ID_LEN);
327 crypto_free_digest_env(digest);
328
329 /* Put both together. */
330 smartlist_add(encrypted_session_keys, client_part);
331 } SMARTLIST_FOREACH_END(cookie);
332
333 /* Add some fake client IDs and encrypted session keys. */
334 for (i = (smartlist_len(client_cookies) - 1) %
335 REND_BASIC_AUTH_CLIENT_MULTIPLE;
336 i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) {
337 client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
338 if (crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN) < 0) {
339 log_warn(LD_REND, "Unable to generate fake client entry.");
340 tor_free(client_part);
341 goto done;
342 }
343 smartlist_add(encrypted_session_keys, client_part);
344 }
345 /* Sort smartlist and put elements in result in order. */
346 smartlist_sort_digests(encrypted_session_keys);
347 pos = 2;
348 SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, {
349 memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
350 pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
351 });
352 *encrypted_out = enc;
353 *encrypted_len_out = len;
354 enc = NULL; /* prevent free. */
355 r = 0;
356 done:
357 tor_free(enc);
358 if (encrypted_session_keys) {
359 SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d););
360 smartlist_free(encrypted_session_keys);
361 }
362 return r;
363 }
364
365 /** Encrypt the encoded introduction points in <b>encoded</b> using
366 * authorization type 'stealth' with <b>descriptor_cookie</b> of length
367 * REND_DESC_COOKIE_LEN and write the result to a newly allocated string
368 * pointed to by <b>encrypted_out</b> of length <b>encrypted_len_out</b>.
369 * Return 0 for success, -1 otherwise. */
370 static int
371 rend_encrypt_v2_intro_points_stealth(char **encrypted_out,
372 size_t *encrypted_len_out,
373 const char *encoded,
374 const char *descriptor_cookie)
375 {
376 int r = -1, enclen;
377 crypto_cipher_env_t *cipher;
378 char *enc;
379 tor_assert(encoded);
380 tor_assert(descriptor_cookie);
381
382 enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded));
383 enc[0] = 0x02; /* Auth type */
384 cipher = crypto_create_init_cipher(descriptor_cookie, 1);
385 enclen = crypto_cipher_encrypt_with_iv(cipher, enc + 1,
386 CIPHER_IV_LEN+strlen(encoded),
387 encoded, strlen(encoded));
388 crypto_free_cipher_env(cipher);
389 if (enclen < 0) {
390 log_warn(LD_REND, "Could not encrypt introduction point string.");
391 goto done;
392 }
393 *encrypted_out = enc;
394 *encrypted_len_out = enclen;
395 enc = NULL; /* prevent free */
396 r = 0;
397 done:
398 tor_free(enc);
399 return r;
400 }
401
402 /** Attempt to parse the given <b>desc_str</b> and return true if this
403 * succeeds, false otherwise. */
404 static int
405 rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc)
406 {
407 rend_service_descriptor_t *test_parsed = NULL;
408 char test_desc_id[DIGEST_LEN];
409 char *test_intro_content = NULL;
410 size_t test_intro_size;
411 size_t test_encoded_size;
412 const char *test_next;
413 int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id,
414 &test_intro_content,
415 &test_intro_size,
416 &test_encoded_size,
417 &test_next, desc->desc_str);
418 rend_service_descriptor_free(test_parsed);
419 tor_free(test_intro_content);
420 return (res >= 0);
421 }
422
423 /** Free the storage held by an encoded v2 service descriptor. */
424 void
425 rend_encoded_v2_service_descriptor_free(
426 rend_encoded_v2_service_descriptor_t *desc)
427 {
428 if (!desc)
429 return;
430 tor_free(desc->desc_str);
431 tor_free(desc);
432 }
433
434 /** Free the storage held by an introduction point info. */
435 void
436 rend_intro_point_free(rend_intro_point_t *intro)
437 {
438 if (!intro)
439 return;
440
441 extend_info_free(intro->extend_info);
442 crypto_free_pk_env(intro->intro_key);
443 tor_free(intro);
444 }
445
446 /** Encode a set of rend_encoded_v2_service_descriptor_t's for <b>desc</b>
447 * at time <b>now</b> using <b>service_key</b>, depending on
448 * <b>auth_type</b> a <b>descriptor_cookie</b> and a list of
449 * <b>client_cookies</b> (which are both <b>NULL</b> if no client
450 * authorization is performed), and <b>period</b> (e.g. 0 for the current
451 * period, 1 for the next period, etc.) and add them to the existing list
452 * <b>descs_out</b>; return the number of seconds that the descriptors will
453 * be found by clients, or -1 if the encoding was not successful. */
454 int
455 rend_encode_v2_descriptors(smartlist_t *descs_out,
456 rend_service_descriptor_t *desc, time_t now,
457 uint8_t period, rend_auth_type_t auth_type,
458 crypto_pk_env_t *client_key,
459 smartlist_t *client_cookies)
460 {
461 char service_id[DIGEST_LEN];
462 uint32_t time_period;
463 char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL,
464 *descriptor_cookie = NULL;
465 size_t ipos_len = 0, ipos_encrypted_len = 0;
466 int k;
467 uint32_t seconds_valid;
468 crypto_pk_env_t *service_key;
469 if (!desc) {
470 log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
471 return -1;
472 }
473 service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk;
474 tor_assert(service_key);
475 if (auth_type == REND_STEALTH_AUTH) {
476 descriptor_cookie = smartlist_get(client_cookies, 0);
477 tor_assert(descriptor_cookie);
478 }
479 /* Obtain service_id from public key. */
480 crypto_pk_get_digest(service_key, service_id);
481 /* Calculate current time-period. */
482 time_period = get_time_period(now, period, service_id);
483 /* Determine how many seconds the descriptor will be valid. */
484 seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY +
485 get_seconds_valid(now, service_id);
486 /* Assemble, possibly encrypt, and encode introduction points. */
487 if (smartlist_len(desc->intro_nodes) > 0) {
488 if (rend_encode_v2_intro_points(&ipos, desc) < 0) {
489 log_warn(LD_REND, "Encoding of introduction points did not succeed.");
490 return -1;
491 }
492 switch (auth_type) {
493 case REND_NO_AUTH:
494 ipos_len = strlen(ipos);
495 break;
496 case REND_BASIC_AUTH:
497 if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted,
498 &ipos_encrypted_len, ipos,
499 client_cookies) < 0) {
500 log_warn(LD_REND, "Encrypting of introduction points did not "
501 "succeed.");
502 tor_free(ipos);
503 return -1;
504 }
505 tor_free(ipos);
506 ipos = ipos_encrypted;
507 ipos_len = ipos_encrypted_len;
508 break;
509 case REND_STEALTH_AUTH:
510 if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted,
511 &ipos_encrypted_len, ipos,
512 descriptor_cookie) < 0) {
513 log_warn(LD_REND, "Encrypting of introduction points did not "
514 "succeed.");
515 tor_free(ipos);
516 return -1;
517 }
518 tor_free(ipos);
519 ipos = ipos_encrypted;
520 ipos_len = ipos_encrypted_len;
521 break;
522 default:
523 log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d",
524 (int)auth_type);
525 tor_free(ipos);
526 return -1;
527 }
528 /* Base64-encode introduction points. */
529 ipos_base64 = tor_malloc_zero(ipos_len * 2);
530 if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len)<0) {
531 log_warn(LD_REND, "Could not encode introduction point string to "
532 "base64. length=%d", (int)ipos_len);
533 tor_free(ipos_base64);
534 tor_free(ipos);
535 return -1;
536 }
537 tor_free(ipos);
538 }
539 /* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */
540 for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) {
541 char secret_id_part[DIGEST_LEN];
542 char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1];
543 char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
544 char *permanent_key = NULL;
545 size_t permanent_key_len;
546 char published[ISO_TIME_LEN+1];
547 int i;
548 char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */
549 size_t protocol_versions_written;
550 size_t desc_len;
551 char *desc_str = NULL;
552 int result = 0;
553 size_t written = 0;
554 char desc_digest[DIGEST_LEN];
555 rend_encoded_v2_service_descriptor_t *enc =
556 tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
557 /* Calculate secret-id-part = h(time-period + cookie + replica). */
558 get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
559 k);
560 base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32),
561 secret_id_part, DIGEST_LEN);
562 /* Calculate descriptor ID. */
563 rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part);
564 base32_encode(desc_id_base32, sizeof(desc_id_base32),
565 enc->desc_id, DIGEST_LEN);
566 /* PEM-encode the public key */
567 if (crypto_pk_write_public_key_to_string(service_key, &permanent_key,
568 &permanent_key_len) < 0) {
569 log_warn(LD_BUG, "Could not write public key to string.");
570 rend_encoded_v2_service_descriptor_free(enc);
571 goto err;
572 }
573 /* Encode timestamp. */
574 format_iso_time(published, desc->timestamp);
575 /* Write protocol-versions bitmask to comma-separated value string. */
576 protocol_versions_written = 0;
577 for (i = 0; i < 8; i++) {
578 if (desc->protocols & 1 << i) {
579 tor_snprintf(protocol_versions_string + protocol_versions_written,
580 16 - protocol_versions_written, "%d,", i);
581 protocol_versions_written += 2;
582 }
583 }
584 if (protocol_versions_written)
585 protocol_versions_string[protocol_versions_written - 1] = '\0';
586 else
587 protocol_versions_string[0]= '\0';
588 /* Assemble complete descriptor. */
589 desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long,
590 but okay.*/
591 enc->desc_str = desc_str = tor_malloc_zero(desc_len);
592 result = tor_snprintf(desc_str, desc_len,
593 "rendezvous-service-descriptor %s\n"
594 "version 2\n"
595 "permanent-key\n%s"
596 "secret-id-part %s\n"
597 "publication-time %s\n"
598 "protocol-versions %s\n",
599 desc_id_base32,
600 permanent_key,
601 secret_id_part_base32,
602 published,
603 protocol_versions_string);
604 tor_free(permanent_key);
605 if (result < 0) {
606 log_warn(LD_BUG, "Descriptor ran out of room.");
607 rend_encoded_v2_service_descriptor_free(enc);
608 goto err;
609 }
610 written = result;
611 /* Add introduction points. */
612 if (ipos_base64) {
613 result = tor_snprintf(desc_str + written, desc_len - written,
614 "introduction-points\n"
615 "-----BEGIN MESSAGE-----\n%s"
616 "-----END MESSAGE-----\n",
617 ipos_base64);
618 if (result < 0) {
619 log_warn(LD_BUG, "could not write introduction points.");
620 rend_encoded_v2_service_descriptor_free(enc);
621 goto err;
622 }
623 written += result;
624 }
625 /* Add signature. */
626 strlcpy(desc_str + written, "signature\n", desc_len - written);
627 written += strlen(desc_str + written);
628 if (crypto_digest(desc_digest, desc_str, written) < 0) {
629 log_warn(LD_BUG, "could not create digest.");
630 rend_encoded_v2_service_descriptor_free(enc);
631 goto err;
632 }
633 if (router_append_dirobj_signature(desc_str + written,
634 desc_len - written,
635 desc_digest, DIGEST_LEN,
636 service_key) < 0) {
637 log_warn(LD_BUG, "Couldn't sign desc.");
638 rend_encoded_v2_service_descriptor_free(enc);
639 goto err;
640 }
641 written += strlen(desc_str+written);
642 if (written+2 > desc_len) {
643 log_warn(LD_BUG, "Could not finish desc.");
644 rend_encoded_v2_service_descriptor_free(enc);
645 goto err;
646 }
647 desc_str[written++] = '\n';
648 desc_str[written++] = 0;
649 /* Check if we can parse our own descriptor. */
650 if (!rend_desc_v2_is_parsable(enc)) {
651 log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str);
652 rend_encoded_v2_service_descriptor_free(enc);
653 goto err;
654 }
655 smartlist_add(descs_out, enc);
656 }
657
658 log_info(LD_REND, "Successfully encoded a v2 descriptor and "
659 "confirmed that it is parsable.");
660 goto done;
661
662 err:
663 SMARTLIST_FOREACH(descs_out, rend_encoded_v2_service_descriptor_t *, d,
664 rend_encoded_v2_service_descriptor_free(d););
665 smartlist_clear(descs_out);
666 seconds_valid = -1;
667
668 done:
669 tor_free(ipos_base64);
670 return seconds_valid;
671 }
672
673 /** Parse a service descriptor at <b>str</b> (<b>len</b> bytes). On
674 * success, return a newly alloced service_descriptor_t. On failure,
675 * return NULL.
676 */
677 rend_service_descriptor_t *
678 rend_parse_service_descriptor(const char *str, size_t len)
679 {
680 rend_service_descriptor_t *result = NULL;
681 int i, n_intro_points;
682 size_t keylen, asn1len;
683 const char *end, *cp, *eos;
684 rend_intro_point_t *intro;
685
686 result = tor_malloc_zero(sizeof(rend_service_descriptor_t));
687 cp = str;
688 end = str+len;
689 if (end-cp<2) goto truncated;
690 result->version = 0;
691 if (end-cp < 2) goto truncated;
692 asn1len = ntohs(get_uint16(cp));
693 cp += 2;
694 if ((size_t)(end-cp) < asn1len) goto truncated;
695 result->pk = crypto_pk_asn1_decode(cp, asn1len);
696 if (!result->pk) goto truncated;
697 cp += asn1len;
698 if (end-cp < 4) goto truncated;
699 result->timestamp = (time_t) ntohl(get_uint32(cp));
700 cp += 4;
701 result->protocols = 1<<2; /* always use intro format 2 */
702 if (end-cp < 2) goto truncated;
703 n_intro_points = ntohs(get_uint16(cp));
704 cp += 2;
705
706 result->intro_nodes = smartlist_create();
707 for (i=0;i<n_intro_points;++i) {
708 if (end-cp < 2) goto truncated;
709 eos = (const char *)memchr(cp,'\0',end-cp);
710 if (!eos) goto truncated;
711 /* Write nickname to extend info, but postpone the lookup whether
712 * we know that router. It's not part of the parsing process. */
713 intro = tor_malloc_zero(sizeof(rend_intro_point_t));
714 intro->extend_info = tor_malloc_zero(sizeof(extend_info_t));
715 strlcpy(intro->extend_info->nickname, cp,
716 sizeof(intro->extend_info->nickname));
717 smartlist_add(result->intro_nodes, intro);
718 cp = eos+1;
719 }
720 keylen = crypto_pk_keysize(result->pk);
721 tor_assert(end-cp >= 0);
722 if ((size_t)(end-cp) < keylen) goto truncated;
723 if ((size_t)(end-cp) > keylen) {
724 log_warn(LD_PROTOCOL,
725 "Signature is %d bytes too long on service descriptor.",
726 (int)((size_t)(end-cp) - keylen));
727 goto error;
728 }
729 note_crypto_pk_op(REND_CLIENT);
730 if (crypto_pk_public_checksig_digest(result->pk,
731 (char*)str,cp-str, /* data */
732 (char*)cp,end-cp /* signature*/
733 )<0) {
734 log_warn(LD_PROTOCOL, "Bad signature on service descriptor.");
735 goto error;
736 }
737
738 return result;
739 truncated:
740 log_warn(LD_PROTOCOL, "Truncated service descriptor.");
741 error:
742 rend_service_descriptor_free(result);
743 return NULL;
744 }
745
746 /** Sets <b>out</b> to the first 10 bytes of the digest of <b>pk</b>,
747 * base32 encoded. NUL-terminates out. (We use this string to
748 * identify services in directory requests and .onion URLs.)
749 */
750 int
751 rend_get_service_id(crypto_pk_env_t *pk, char *out)
752 {
753 char buf[DIGEST_LEN];
754 tor_assert(pk);
755 if (crypto_pk_get_digest(pk, buf) < 0)
756 return -1;
757 base32_encode(out, REND_SERVICE_ID_LEN_BASE32+1, buf, REND_SERVICE_ID_LEN);
758 return 0;
759 }
760
761 /* ==== Rendezvous service descriptor cache. */
762
763 /** How old do we let hidden service descriptors get before discarding
764 * them as too old? */
765 #define REND_CACHE_MAX_AGE (2*24*60*60)
766 /** How wrong do we assume our clock may be when checking whether hidden
767 * services are too old or too new? */
768 #define REND_CACHE_MAX_SKEW (24*60*60)
769
770 /** Map from service id (as generated by rend_get_service_id) to
771 * rend_cache_entry_t. */
772 static strmap_t *rend_cache = NULL;
773
774 /** Map from descriptor id to rend_cache_entry_t; only for hidden service
775 * directories. */
776 static digestmap_t *rend_cache_v2_dir = NULL;
777
778 /** Initializes the service descriptor cache.
779 */
780 void
781 rend_cache_init(void)
782 {
783 rend_cache = strmap_new();
784 rend_cache_v2_dir = digestmap_new();
785 }
786
787 /** Helper: free storage held by a single service descriptor cache entry. */
788 static void
789 rend_cache_entry_free(rend_cache_entry_t *e)
790 {
791 if (!e)
792 return;
793 rend_service_descriptor_free(e->parsed);
794 tor_free(e->desc);
795 tor_free(e);
796 }
797
798 static void
799 _rend_cache_entry_free(void *p)
800 {
801 rend_cache_entry_free(p);
802 }
803
804 /** Free all storage held by the service descriptor cache. */
805 void
806 rend_cache_free_all(void)
807 {
808 strmap_free(rend_cache, _rend_cache_entry_free);
809 digestmap_free(rend_cache_v2_dir, _rend_cache_entry_free);
810 rend_cache = NULL;
811 rend_cache_v2_dir = NULL;
812 }
813
814 /** Removes all old entries from the service descriptor cache.
815 */
816 void
817 rend_cache_clean(void)
818 {
819 strmap_iter_t *iter;
820 const char *key;
821 void *val;
822 rend_cache_entry_t *ent;
823 time_t cutoff;
824 cutoff = time(NULL) - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
825 for (iter = strmap_iter_init(rend_cache); !strmap_iter_done(iter); ) {
826 strmap_iter_get(iter, &key, &val);
827 ent = (rend_cache_entry_t*)val;
828 if (ent->parsed->timestamp < cutoff) {
829 iter = strmap_iter_next_rmv(rend_cache, iter);
830 rend_cache_entry_free(ent);
831 } else {
832 iter = strmap_iter_next(rend_cache, iter);
833 }
834 }
835 }
836
837 /** Remove all old v2 descriptors and those for which this hidden service
838 * directory is not responsible for any more. */
839 void
840 rend_cache_clean_v2_descs_as_dir(void)
841 {
842 digestmap_iter_t *iter;
843 time_t cutoff = time(NULL) - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
844 for (iter = digestmap_iter_init(rend_cache_v2_dir);
845 !digestmap_iter_done(iter); ) {
846 const char *key;
847 void *val;
848 rend_cache_entry_t *ent;
849 digestmap_iter_get(iter, &key, &val);
850 ent = val;
851 if (ent->parsed->timestamp < cutoff ||
852 !hid_serv_responsible_for_desc_id(key)) {
853 char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
854 base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
855 log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
856 safe_str_client(key_base32));
857 iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
858 rend_cache_entry_free(ent);
859 } else {
860 iter = digestmap_iter_next(rend_cache_v2_dir, iter);
861 }
862 }
863 }
864
865 /** Determines whether <b>a</b> is in the interval of <b>b</b> (excluded) and
866 * <b>c</b> (included) in a circular digest ring; returns 1 if this is the
867 * case, and 0 otherwise.
868 */
869 int
870 rend_id_is_in_interval(const char *a, const char *b, const char *c)
871 {
872 int a_b, b_c, c_a;
873 tor_assert(a);
874 tor_assert(b);
875 tor_assert(c);
876
877 /* There are five cases in which a is outside the interval ]b,c]: */
878 a_b = memcmp(a,b,DIGEST_LEN);
879 if (a_b == 0)
880 return 0; /* 1. a == b (b is excluded) */
881 b_c = memcmp(b,c,DIGEST_LEN);
882 if (b_c == 0)
883 return 0; /* 2. b == c (interval is empty) */
884 else if (a_b <= 0 && b_c < 0)
885 return 0; /* 3. a b c */
886 c_a = memcmp(c,a,DIGEST_LEN);
887 if (c_a < 0 && a_b <= 0)
888 return 0; /* 4. c a b */
889 else if (b_c < 0 && c_a < 0)
890 return 0; /* 5. b c a */
891
892 /* In the other cases (a c b; b a c; c b a), a is inside the interval. */
893 return 1;
894 }
895
896 /** Return true iff <b>query</b> is a syntactically valid service ID (as
897 * generated by rend_get_service_id). */
898 int
899 rend_valid_service_id(const char *query)
900 {
901 if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
902 return 0;
903
904 if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
905 return 0;
906
907 return 1;
908 }
909
910 /** If we have a cached rend_cache_entry_t for the service ID <b>query</b>
911 * with <b>version</b>, set *<b>e</b> to that entry and return 1.
912 * Else return 0. If <b>version</b> is nonnegative, only return an entry
913 * in that descriptor format version. Otherwise (if <b>version</b> is
914 * negative), return the most recent format we have.
915 */
916 int
917 rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
918 {
919 char key[REND_SERVICE_ID_LEN_BASE32+2]; /* <version><query>\0 */
920 tor_assert(rend_cache);
921 if (!rend_valid_service_id(query))
922 return -1;
923 *e = NULL;
924 if (version != 0) {
925 tor_snprintf(key, sizeof(key), "2%s", query);
926 *e = strmap_get_lc(rend_cache, key);
927 }
928 if (!*e && version != 2) {
929 tor_snprintf(key, sizeof(key), "0%s", query);
930 *e = strmap_get_lc(rend_cache, key);
931 }
932 if (!*e)
933 return 0;
934 tor_assert((*e)->parsed && (*e)->parsed->intro_nodes);
935 /* XXX022 hack for now, to return "not found" if there are no intro
936 * points remaining. See bug 997. */
937 if (smartlist_len((*e)->parsed->intro_nodes) == 0)
938 return 0;
939 return 1;
940 }
941
942 /** <b>query</b> is a base-32'ed service id. If it's malformed, return -1.
943 * Else look it up.
944 * - If it is found, point *desc to it, and write its length into
945 * *desc_len, and return 1.
946 * - If it is not found, return 0.
947 * Note: calls to rend_cache_clean or rend_cache_store may invalidate
948 * *desc.
949 */
950 int
951 rend_cache_lookup_desc(const char *query, int version, const char **desc,
952 size_t *desc_len)
953 {
954 rend_cache_entry_t *e;
955 int r;
956 r = rend_cache_lookup_entry(query,version,&e);
957 if (r <= 0) return r;
958 *desc = e->desc;
959 *desc_len = e->len;
960 return 1;
961 }
962
963 /** Lookup the v2 service descriptor with base32-encoded <b>desc_id</b> and
964 * copy the pointer to it to *<b>desc</b>. Return 1 on success, 0 on
965 * well-formed-but-not-found, and -1 on failure.
966 */
967 int
968 rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
969 {
970 rend_cache_entry_t *e;
971 char desc_id_digest[DIGEST_LEN];
972 tor_assert(rend_cache_v2_dir);
973 if (base32_decode(desc_id_digest, DIGEST_LEN,
974 desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) {
975 log_warn(LD_REND, "Descriptor ID contains illegal characters: %s",
976 safe_str(desc_id));
977 return -1;
978 }
979 /* Determine if we are responsible. */
980 if (hid_serv_responsible_for_desc_id(desc_id_digest) < 0) {
981 log_info(LD_REND, "Could not answer fetch request for v2 descriptor; "
982 "either we are no hidden service directory, or we are "
983 "not responsible for the requested ID.");
984 return -1;
985 }
986 /* Lookup descriptor and return. */
987 e = digestmap_get(rend_cache_v2_dir, desc_id_digest);
988 if (e) {
989 *desc = e->desc;
990 return 1;
991 }
992 return 0;
993 }
994
995 /** Parse *desc, calculate its service id, and store it in the cache.
996 * If we have a newer v0 descriptor with the same ID, ignore this one.
997 * If we have an older descriptor with the same ID, replace it.
998 * If we are acting as client due to the published flag and have any v2
999 * descriptor with the same ID, reject this one in order to not get
1000 * confused with having both versions for the same service.
1001 *
1002 * Return -2 if it's malformed or otherwise rejected; return -1 if we
1003 * already have a v2 descriptor here; return 0 if it's the same or older
1004 * than one we've already got; return 1 if it's novel.
1005 *
1006 * The published flag tells us if we store the descriptor
1007 * in our role as directory (1) or if we cache it as client (0).
1008 */
1009 int
1010 rend_cache_store(const char *desc, size_t desc_len, int published)
1011 {
1012 rend_cache_entry_t *e;
1013 rend_service_descriptor_t *parsed;
1014 char query[REND_SERVICE_ID_LEN_BASE32+1];
1015 char key[REND_SERVICE_ID_LEN_BASE32+2]; /* 0<query>\0 */
1016 time_t now;
1017 tor_assert(rend_cache);
1018 parsed = rend_parse_service_descriptor(desc,desc_len);
1019 if (!parsed) {
1020 log_warn(LD_PROTOCOL,"Couldn't parse service descriptor.");
1021 return -2;
1022 }
1023 if (rend_get_service_id(parsed->pk, query)<0) {
1024 log_warn(LD_BUG,"Couldn't compute service ID.");
1025 rend_service_descriptor_free(parsed);
1026 return -2;
1027 }
1028 now = time(NULL);
1029 if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
1030 log_fn(LOG_PROTOCOL_WARN, LD_REND,
1031 "Service descriptor %s is too old.",
1032 safe_str_client(query));
1033 rend_service_descriptor_free(parsed);
1034 return -2;
1035 }
1036 if (parsed->timestamp > now+REND_CACHE_MAX_SKEW) {
1037 log_fn(LOG_PROTOCOL_WARN, LD_REND,
1038 "Service descriptor %s is too far in the future.",
1039 safe_str_client(query));
1040 rend_service_descriptor_free(parsed);
1041 return -2;
1042 }
1043 /* Do we have a v2 descriptor and fetched this descriptor as a client? */
1044 tor_snprintf(key, sizeof(key), "2%s", query);
1045 if (!published && strmap_get_lc(rend_cache, key)) {
1046 log_info(LD_REND, "We already have a v2 descriptor for service %s.",
1047 safe_str_client(query));
1048 rend_service_descriptor_free(parsed);
1049 return -1;
1050 }
1051 tor_snprintf(key, sizeof(key), "0%s", query);
1052 e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
1053 if (e && e->parsed->timestamp > parsed->timestamp) {
1054 log_info(LD_REND,"We already have a newer service descriptor %s with the "
1055 "same ID and version.",
1056 safe_str_client(query));
1057 rend_service_descriptor_free(parsed);
1058 return 0;
1059 }
1060 if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) {
1061 log_info(LD_REND,"We already have this service descriptor %s.",
1062 safe_str_client(query));
1063 e->received = time(NULL);
1064 rend_service_descriptor_free(parsed);
1065 return 0;
1066 }
1067 if (!e) {
1068 e = tor_malloc_zero(sizeof(rend_cache_entry_t));
1069 strmap_set_lc(rend_cache, key, e);
1070 } else {
1071 rend_service_descriptor_free(e->parsed);
1072 tor_free(e->desc);
1073 }
1074 e->received = time(NULL);
1075 e->parsed = parsed;
1076 e->len = desc_len;
1077 e->desc = tor_malloc(desc_len);
1078 memcpy(e->desc, desc, desc_len);
1079
1080 log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
1081 safe_str_client(query), (int)desc_len);
1082 return 1;
1083 }
1084
1085 /** Parse the v2 service descriptor(s) in <b>desc</b> and store it/them to the
1086 * local rend cache. Don't attempt to decrypt the included list of introduction
1087 * points (as we don't have a descriptor cookie for it).
1088 *
1089 * If we have a newer descriptor with the same ID, ignore this one.
1090 * If we have an older descriptor with the same ID, replace it.
1091 * Return -2 if we are not acting as hidden service directory;
1092 * return -1 if the descriptor(s) were not parsable; return 0 if all
1093 * descriptors are the same or older than those we've already got;
1094 * return a positive number for the number of novel stored descriptors.
1095 */
1096 int
1097 rend_cache_store_v2_desc_as_dir(const char *desc)
1098 {
1099 rend_service_descriptor_t *parsed;
1100 char desc_id[DIGEST_LEN];
1101 char *intro_content;
1102 size_t intro_size;
1103 size_t encoded_size;
1104 char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
1105 int number_parsed = 0, number_stored = 0;
1106 const char *current_desc = desc;
1107 const char *next_desc;
1108 rend_cache_entry_t *e;
1109 time_t now = time(NULL);
1110 tor_assert(rend_cache_v2_dir);
1111 tor_assert(desc);
1112 if (!hid_serv_acting_as_directory()) {
1113 /* Cannot store descs, because we are (currently) not acting as
1114 * hidden service directory. */
1115 log_info(LD_REND, "Cannot store descs: Not acting as hs dir");
1116 return -2;
1117 }
1118 while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
1119 &intro_size, &encoded_size,
1120 &next_desc, current_desc) >= 0) {
1121 number_parsed++;
1122 /* We don't care about the introduction points. */
1123 tor_free(intro_content);
1124 /* For pretty log statements. */
1125 base32_encode(desc_id_base32, sizeof(desc_id_base32),
1126 desc_id, DIGEST_LEN);
1127 /* Is desc ID in the range that we are (directly or indirectly) responsible
1128 * for? */
1129 if (!hid_serv_responsible_for_desc_id(desc_id)) {
1130 log_info(LD_REND, "Service descriptor with desc ID %s is not in "
1131 "interval that we are responsible for.",
1132 safe_str_client(desc_id_base32));
1133 goto skip;
1134 }
1135 /* Is descriptor too old? */
1136 if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
1137 log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
1138 safe_str(desc_id_base32));
1139 goto skip;
1140 }
1141 /* Is descriptor too far in the future? */
1142 if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
1143 log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
1144 "future.",
1145 safe_str(desc_id_base32));
1146 goto skip;
1147 }
1148 /* Do we already have a newer descriptor? */
1149 e = digestmap_get(rend_cache_v2_dir, desc_id);
1150 if (e && e->parsed->timestamp > parsed->timestamp) {
1151 log_info(LD_REND, "We already have a newer service descriptor with the "
1152 "same desc ID %s and version.",
1153 safe_str(desc_id_base32));
1154 goto skip;
1155 }
1156 /* Do we already have this descriptor? */
1157 if (e && !strcmp(desc, e->desc)) {
1158 log_info(LD_REND, "We already have this service descriptor with desc "
1159 "ID %s.", safe_str(desc_id_base32));
1160 e->received = time(NULL);
1161 goto skip;
1162 }
1163 /* Store received descriptor. */
1164 if (!e) {
1165 e = tor_malloc_zero(sizeof(rend_cache_entry_t));
1166 digestmap_set(rend_cache_v2_dir, desc_id, e);
1167 } else {
1168 rend_service_descriptor_free(e->parsed);
1169 tor_free(e->desc);
1170 }
1171 e->received = time(NULL);
1172 e->parsed = parsed;
1173 e->desc = tor_strndup(current_desc, encoded_size);
1174 e->len = encoded_size;
1175 log_info(LD_REND, "Successfully stored service descriptor with desc ID "
1176 "'%s' and len %d.",
1177 safe_str(desc_id_base32), (int)encoded_size);
1178 number_stored++;
1179 goto advance;
1180 skip:
1181 rend_service_descriptor_free(parsed);
1182 advance:
1183 /* advance to next descriptor, if available. */
1184 current_desc = next_desc;
1185 /* check if there is a next descriptor. */
1186 if (!current_desc ||
1187 strcmpstart(current_desc, "rendezvous-service-descriptor "))
1188 break;
1189 }
1190 if (!number_parsed) {
1191 log_info(LD_REND, "Could not parse any descriptor.");
1192 return -1;
1193 }
1194 log_info(LD_REND, "Parsed %d and added %d descriptor%s.",
1195 number_parsed, number_stored, number_stored != 1 ? "s" : "");
1196 return number_stored;
1197 }
1198
1199 /** Parse the v2 service descriptor in <b>desc</b>, decrypt the included list
1200 * of introduction points with <b>descriptor_cookie</b> (which may also be
1201 * <b>NULL</b> if decryption is not necessary), and store the descriptor to
1202 * the local cache under its version and service id.
1203 *
1204 * If we have a newer v2 descriptor with the same ID, ignore this one.
1205 * If we have an older descriptor with the same ID, replace it.
1206 * If we have any v0 descriptor with the same ID, reject this one in order
1207 * to not get confused with having both versions for the same service.
1208 * Return -2 if it's malformed or otherwise rejected; return -1 if we
1209 * already have a v0 descriptor here; return 0 if it's the same or older
1210 * than one we've already got; return 1 if it's novel.
1211 */
1212 int
1213 rend_cache_store_v2_desc_as_client(const char *desc,
1214 const rend_data_t *rend_query)
1215 {
1216 /*XXXX this seems to have a bit of duplicate code with
1217 * rend_cache_store_v2_desc_as_dir(). Fix that. */
1218 /* Though having similar elements, both functions were separated on
1219 * purpose:
1220 * - dirs don't care about encoded/encrypted introduction points, clients
1221 * do.
1222 * - dirs store descriptors in a separate cache by descriptor ID, whereas
1223 * clients store them by service ID; both caches are different data
1224 * structures and have different access methods.
1225 * - dirs store a descriptor only if they are responsible for its ID,
1226 * clients do so in every way (because they have requested it before).
1227 * - dirs can process multiple concatenated descriptors which is required
1228 * for replication, whereas clients only accept a single descriptor.
1229 * Thus, combining both methods would result in a lot of if statements
1230 * which probably would not improve, but worsen code readability. -KL */
1231 rend_service_descriptor_t *parsed = NULL;
1232 char desc_id[DIGEST_LEN];
1233 char *intro_content = NULL;
1234 size_t intro_size;
1235 size_t encoded_size;
1236 const char *next_desc;
1237 time_t now = time(NULL);
1238 char key[REND_SERVICE_ID_LEN_BASE32+2];
1239 char service_id[REND_SERVICE_ID_LEN_BASE32+1];
1240 rend_cache_entry_t *e;
1241 int retval;
1242 tor_assert(rend_cache);
1243 tor_assert(desc);
1244 /* Parse the descriptor. */
1245 if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
1246 &intro_size, &encoded_size,
1247 &next_desc, desc) < 0) {
1248 log_warn(LD_REND, "Could not parse descriptor.");
1249 retval = -2;
1250 goto err;
1251 }
1252 /* Compute service ID from public key. */
1253 if (rend_get_service_id(parsed->pk, service_id)<0) {
1254 log_warn(LD_REND, "Couldn't compute service ID.");
1255 retval = -2;
1256 goto err;
1257 }
1258 /* Decode/decrypt introduction points. */
1259 if (intro_content) {
1260 if (rend_query->auth_type != REND_NO_AUTH &&
1261 !tor_mem_is_zero(rend_query->descriptor_cookie,
1262 sizeof(rend_query->descriptor_cookie))) {
1263 char *ipos_decrypted = NULL;
1264 size_t ipos_decrypted_size;
1265 if (rend_decrypt_introduction_points(&ipos_decrypted,
1266 &ipos_decrypted_size,
1267 rend_query->descriptor_cookie,
1268 intro_content,
1269 intro_size) < 0) {
1270 log_warn(LD_REND, "Failed to decrypt introduction points. We are "
1271 "probably unable to parse the encoded introduction points.");
1272 } else {
1273 /* Replace encrypted with decrypted introduction points. */
1274 log_info(LD_REND, "Successfully decrypted introduction points.");
1275 tor_free(intro_content);
1276 intro_content = ipos_decrypted;
1277 intro_size = ipos_decrypted_size;
1278 }
1279 }
1280 if (rend_parse_introduction_points(parsed, intro_content,
1281 intro_size) <= 0) {
1282 log_warn(LD_REND, "Failed to parse introduction points. Either the "
1283 "service has published a corrupt descriptor or you have "
1284 "provided invalid authorization data.");
1285 retval = -2;
1286 goto err;
1287 }
1288 } else {
1289 log_info(LD_REND, "Descriptor does not contain any introduction points.");
1290 parsed->intro_nodes = smartlist_create();
1291 }
1292 /* We don't need the encoded/encrypted introduction points any longer. */
1293 tor_free(intro_content);
1294 /* Is descriptor too old? */
1295 if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
1296 log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
1297 safe_str_client(service_id));
1298 retval = -2;
1299 goto err;
1300 }
1301 /* Is descriptor too far in the future? */
1302 if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
1303 log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
1304 "the future.", safe_str_client(service_id));
1305 retval = -2;
1306 goto err;
1307 }
1308 /* Do we have a v0 descriptor? */
1309 tor_snprintf(key, sizeof(key), "0%s", service_id);
1310 if (strmap_get_lc(rend_cache, key)) {
1311 log_info(LD_REND, "We already have a v0 descriptor for service ID %s.",
1312 safe_str_client(service_id));
1313 retval = -1;
1314 goto err;
1315 }
1316 /* Do we already have a newer descriptor? */
1317 tor_snprintf(key, sizeof(key), "2%s", service_id);
1318 e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
1319 if (e && e->parsed->timestamp > parsed->timestamp) {
1320 log_info(LD_REND, "We already have a newer service descriptor for "
1321 "service ID %s with the same desc ID and version.",
1322 safe_str_client(service_id));
1323 retval = 0;
1324 goto err;
1325 }
1326 /* Do we already have this descriptor? */
1327 if (e && !strcmp(desc, e->desc)) {
1328 log_info(LD_REND,"We already have this service descriptor %s.",
1329 safe_str_client(service_id));
1330 e->received = time(NULL);
1331 retval = 0;
1332 goto err;
1333 }
1334 if (!e) {
1335 e = tor_malloc_zero(sizeof(rend_cache_entry_t));
1336 strmap_set_lc(rend_cache, key, e);
1337 } else {
1338 rend_service_descriptor_free(e->parsed);
1339 tor_free(e->desc);
1340 }
1341 e->received = time(NULL);
1342 e->parsed = parsed;
1343 e->desc = tor_malloc_zero(encoded_size + 1);
1344 strlcpy(e->desc, desc, encoded_size + 1);
1345 e->len = encoded_size;
1346 log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
1347 safe_str_client(service_id), (int)encoded_size);
1348 return 1;
1349
1350 err:
1351 rend_service_descriptor_free(parsed);
1352 tor_free(intro_content);
1353 return retval;
1354 }
1355
1356 /** Called when we get a rendezvous-related relay cell on circuit
1357 * <b>circ</b>. Dispatch on rendezvous relay command. */
1358 void
1359 rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
1360 int command, size_t length,
1361 const char *payload)
1362 {
1363 or_circuit_t *or_circ = NULL;
1364 origin_circuit_t *origin_circ = NULL;
1365 int r = -2;
1366 if (CIRCUIT_IS_ORIGIN(circ)) {
1367 origin_circ = TO_ORIGIN_CIRCUIT(circ);
1368 if (!layer_hint || layer_hint != origin_circ->cpath->prev) {
1369 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1370 "Relay cell (rend purpose %d) from wrong hop on origin circ",
1371 command);
1372 origin_circ = NULL;
1373 }
1374 } else {
1375 or_circ = TO_OR_CIRCUIT(circ);
1376 }
1377
1378 switch (command) {
1379 case RELAY_COMMAND_ESTABLISH_INTRO:
1380 if (or_circ)
1381 r = rend_mid_establish_intro(or_circ,payload,length);
1382 break;
1383 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
1384 if (or_circ)
1385 r = rend_mid_establish_rendezvous(or_circ,payload,length);
1386 break;
1387 case RELAY_COMMAND_INTRODUCE1:
1388 if (or_circ)
1389 r = rend_mid_introduce(or_circ,payload,length);
1390 break;
1391 case RELAY_COMMAND_INTRODUCE2:
1392 if (origin_circ)
1393 r = rend_service_introduce(origin_circ,payload,length);
1394 break;
1395 case RELAY_COMMAND_INTRODUCE_ACK:
1396 if (origin_circ)
1397 r = rend_client_introduction_acked(origin_circ,payload,length);
1398 break;
1399 case RELAY_COMMAND_RENDEZVOUS1:
1400 if (or_circ)
1401 r = rend_mid_rendezvous(or_circ,payload,length);
1402 break;
1403 case RELAY_COMMAND_RENDEZVOUS2:
1404 if (origin_circ)
1405 r = rend_client_receive_rendezvous(origin_circ,payload,length);
1406 break;
1407 case RELAY_COMMAND_INTRO_ESTABLISHED:
1408 if (origin_circ)
1409 r = rend_service_intro_established(origin_circ,payload,length);
1410 break;
1411 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
1412 if (origin_circ)
1413 r = rend_client_rendezvous_acked(origin_circ,payload,length);
1414 break;
1415 default:
1416 tor_fragile_assert();
1417 }
1418
1419 if (r == -2)
1420 log_info(LD_PROTOCOL, "Dropping cell (type %d) for wrong circuit type.",
1421 command);
1422 }
1423
1424 /** Return the number of entries in our rendezvous descriptor cache. */
1425 int
1426 rend_cache_size(void)
1427 {
1428 return strmap_size(rend_cache);
1429 }
1430
1431 /** Allocate and return a new rend_data_t with the same
1432 * contents as <b>query</b>. */
1433 rend_data_t *
1434 rend_data_dup(const rend_data_t *data)
1435 {
1436 tor_assert(data);
1437 return tor_memdup(data, sizeof(rend_data_t));
1438 }
1439
The Onion Router