/* Copyright 2004-2006 Roger Dingledine, Nick Mathewson. */
/* See LICENSE for licensing information */
/* $Id$ */
const char rendcommon_c_id[] =
"$Id$";
/**
* \file rendcommon.c
* \brief Rendezvous implementation: shared code between
* introducers, services, clients, and rendezvous points.
**/
#include "or.h"
/** Return 0 if one and two are the same service ids, else -1 or 1 */
int
rend_cmp_service_ids(const char *one, const char *two)
{
return strcasecmp(one,two);
}
/** Free the storage held by the service descriptor desc.
*/
void
rend_service_descriptor_free(rend_service_descriptor_t *desc)
{
int i;
if (desc->pk)
crypto_free_pk_env(desc->pk);
if (desc->intro_points) {
for (i=0; i < desc->n_intro_points; ++i) {
tor_free(desc->intro_points[i]);
}
tor_free(desc->intro_points);
}
if (desc->intro_point_extend_info) {
for (i=0; i < desc->n_intro_points; ++i) {
if (desc->intro_point_extend_info[i])
extend_info_free(desc->intro_point_extend_info[i]);
}
tor_free(desc->intro_point_extend_info);
}
tor_free(desc);
}
/** Encode a service descriptor for desc, and sign it with
* key. Store the descriptor in *str_out, and set
* *len_out to its length.
*/
int
rend_encode_service_descriptor(rend_service_descriptor_t *desc,
int version,
crypto_pk_env_t *key,
char **str_out, size_t *len_out)
{
char *cp;
char *end;
int i;
size_t asn1len;
size_t buflen = PK_BYTES*2*(desc->n_intro_points+2);/*Too long, but ok*/
cp = *str_out = tor_malloc(buflen);
end = cp + PK_BYTES*2*(desc->n_intro_points+1);
if (version) {
*(uint8_t*)cp = (uint8_t)0xff;
*(uint8_t*)(cp+1) = (uint8_t)version;
cp += 2;
}
asn1len = crypto_pk_asn1_encode(desc->pk, cp+2, end-(cp+2));
set_uint16(cp, htons((uint16_t)asn1len));
cp += 2+asn1len;
set_uint32(cp, htonl((uint32_t)desc->timestamp));
cp += 4;
if (version == 1) {
set_uint16(cp, htons(desc->protocols));
cp += 2;
}
set_uint16(cp, htons((uint16_t)desc->n_intro_points));
cp += 2;
if (version == 0) {
for (i=0; i < desc->n_intro_points; ++i) {
char *ipoint = (char*)desc->intro_points[i];
strlcpy(cp, ipoint, buflen-(cp-*str_out));
cp += strlen(ipoint)+1;
}
} else {
if (desc->n_intro_points)
tor_assert(desc->intro_point_extend_info);
for (i=0; i < desc->n_intro_points; ++i) {
extend_info_t *info = desc->intro_point_extend_info[i];
int klen;
set_uint32(cp, htonl(info->addr));
set_uint16(cp+4, htons(info->port));
memcpy(cp+6, info->identity_digest, DIGEST_LEN);
klen = crypto_pk_asn1_encode(info->onion_key, cp+6+DIGEST_LEN+2,
(end-(cp+6+DIGEST_LEN+2)));
set_uint16(cp+6+DIGEST_LEN, htons((uint16_t)klen));
cp += 6+DIGEST_LEN+2+klen;
}
}
i = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out);
if (i<0) {
tor_free(*str_out);
return -1;
}
cp += i;
*len_out = (size_t)(cp-*str_out);
return 0;
}
/** Parse a service descriptor at str (len bytes). On
* success, return a newly alloced service_descriptor_t. On failure,
* return NULL.
*/
rend_service_descriptor_t *
rend_parse_service_descriptor(const char *str, size_t len)
{
rend_service_descriptor_t *result = NULL;
int i;
size_t keylen, asn1len;
const char *end, *cp, *eos;
int version = 0;
result = tor_malloc_zero(sizeof(rend_service_descriptor_t));
cp = str;
end = str+len;
if (end-cp<2) goto truncated;
if (*(uint8_t*)cp == 0xff) {
result->version = version = *(uint8_t*)(cp+1);
cp += 2;
} else {
result->version = version = 0;
}
if (end-cp < 2) goto truncated;
asn1len = ntohs(get_uint16(cp));
cp += 2;
if ((size_t)(end-cp) < asn1len) goto truncated;
result->pk = crypto_pk_asn1_decode(cp, asn1len);
if (!result->pk) goto truncated;
cp += asn1len;
if (end-cp < 4) goto truncated;
result->timestamp = (time_t) ntohl(get_uint32(cp));
cp += 4;
if (version == 1) {
if (end-cp < 2) goto truncated;
result->protocols = ntohs(get_uint16(cp));
cp += 2;
} else {
result->protocols = 1;
}
if (end-cp < 2) goto truncated;
result->n_intro_points = ntohs(get_uint16(cp));
cp += 2;
if (version == 0 && result->n_intro_points != 0) {
result->intro_points =
tor_malloc_zero(sizeof(char*)*result->n_intro_points);
for (i=0;in_intro_points;++i) {
if (end-cp < 2) goto truncated;
eos = (const char *)memchr(cp,'\0',end-cp);
if (!eos) goto truncated;
result->intro_points[i] = tor_strdup(cp);
cp = eos+1;
}
} else if (version != 0 && result->n_intro_points != 0) {
result->intro_point_extend_info =
tor_malloc_zero(sizeof(extend_info_t*)*result->n_intro_points);
result->intro_points =
tor_malloc_zero(sizeof(char*)*result->n_intro_points);
for (i=0;in_intro_points;++i) {
extend_info_t *info = result->intro_point_extend_info[i] =
tor_malloc_zero(sizeof(extend_info_t));
int klen;
if (end-cp < 8+DIGEST_LEN) goto truncated;
info->addr = ntohl(get_uint32(cp));
info->port = ntohs(get_uint16(cp+4));
memcpy(info->identity_digest, cp+6, DIGEST_LEN);
info->nickname[0] = '$';
base16_encode(info->nickname+1, sizeof(info->nickname)-1,
info->identity_digest, DIGEST_LEN);
result->intro_points[i] = tor_strdup(info->nickname);
klen = ntohs(get_uint16(cp+6+DIGEST_LEN));
cp += 8+DIGEST_LEN;
if (end-cp < klen) goto truncated;
if (!(info->onion_key = crypto_pk_asn1_decode(cp,klen))) {
log_warn(LD_PROTOCOL,
"Internal error decoding onion key for intro point.");
goto error;
}
cp += klen;
}
}
keylen = crypto_pk_keysize(result->pk);
tor_assert(end-cp >= 0);
if ((size_t)(end-cp) < keylen) goto truncated;
if ((size_t)(end-cp) > keylen) {
log_warn(LD_PROTOCOL,
"Signature is %d bytes too long on service descriptor.",
(int)((size_t)(end-cp) - keylen));
goto error;
}
if (crypto_pk_public_checksig_digest(result->pk,
(char*)str,cp-str, /* data */
(char*)cp,end-cp /* signature*/
)<0) {
log_warn(LD_PROTOCOL, "Bad signature on service descriptor.");
goto error;
}
return result;
truncated:
log_warn(LD_PROTOCOL, "Truncated service descriptor.");
error:
rend_service_descriptor_free(result);
return NULL;
}
/** Sets out to the first 10 bytes of the digest of pk,
* base32 encoded. NUL-terminates out. (We use this string to
* identify services in directory requests and .onion URLs.)
*/
int
rend_get_service_id(crypto_pk_env_t *pk, char *out)
{
char buf[DIGEST_LEN];
tor_assert(pk);
if (crypto_pk_get_digest(pk, buf) < 0)
return -1;
base32_encode(out, REND_SERVICE_ID_LEN+1, buf, 10);
return 0;
}
/* ==== Rendezvous service descriptor cache. */
/** How old do we let hidden service descriptors get discarding them as too
* old? */
#define REND_CACHE_MAX_AGE (2*24*60*60)
/** How wrong do we assume our clock may be when checking whether hidden
* services are too old or too new? */
#define REND_CACHE_MAX_SKEW (24*60*60)
/** Map from service id (as generated by rend_get_service_id) to
* rend_cache_entry_t. */
static strmap_t *rend_cache = NULL;
/** Initializes the service descriptor cache.
*/
void
rend_cache_init(void)
{
rend_cache = strmap_new();
}
/** Helper: free storage held by a single service descriptor cache entry. */
static void
_rend_cache_entry_free(void *p)
{
rend_cache_entry_t *e = p;
rend_service_descriptor_free(e->parsed);
tor_free(e->desc);
tor_free(e);
}
/** Free all storage held by the service descriptor cache. */
void
rend_cache_free_all(void)
{
strmap_free(rend_cache, _rend_cache_entry_free);
rend_cache = NULL;
}
/** Removes all old entries from the service descriptor cache.
*/
void
rend_cache_clean(void)
{
strmap_iter_t *iter;
const char *key;
void *val;
rend_cache_entry_t *ent;
time_t cutoff;
cutoff = time(NULL) - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
for (iter = strmap_iter_init(rend_cache); !strmap_iter_done(iter); ) {
strmap_iter_get(iter, &key, &val);
ent = (rend_cache_entry_t*)val;
if (ent->parsed->timestamp < cutoff) {
iter = strmap_iter_next_rmv(rend_cache, iter);
_rend_cache_entry_free(ent);
} else {
iter = strmap_iter_next(rend_cache, iter);
}
}
}
/** Return true iff query is a syntactically valid service ID (as
* generated by rend_get_service_id). */
int
rend_valid_service_id(const char *query)
{
if (strlen(query) != REND_SERVICE_ID_LEN)
return 0;
if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN)
return 0;
return 1;
}
/** If we have a cached rend_cache_entry_t for the service ID query,
* set *e to that entry and return 1. Else return 0. If
* version is nonnegative, only return an entry in that descriptor
* format version. Otherwise (if version is negative), return the most
* recent format we have.
*/
int
rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
{
char key[REND_SERVICE_ID_LEN+2]; /* 1\0 or 0\0 */
tor_assert(rend_cache);
if (!rend_valid_service_id(query))
return -1;
*e = NULL;
if (version != 0) {
tor_snprintf(key, sizeof(key), "1%s", query);
*e = strmap_get_lc(rend_cache, key);
}
if (!*e && version != 1) {
tor_snprintf(key, sizeof(key), "0%s", query);
*e = strmap_get_lc(rend_cache, key);
}
if (!*e)
return 0;
return 1;
}
/** query is a base-32'ed service id. If it's malformed, return -1.
* Else look it up.
* - If it is found, point *desc to it, and write its length into
* *desc_len, and return 1.
* - If it is not found, return 0.
* Note: calls to rend_cache_clean or rend_cache_store may invalidate
* *desc.
*/
int
rend_cache_lookup_desc(const char *query, int version, const char **desc,
size_t *desc_len)
{
rend_cache_entry_t *e;
int r;
r = rend_cache_lookup_entry(query,version,&e);
if (r <= 0) return r;
*desc = e->desc;
*desc_len = e->len;
return 1;
}
/** Parse *desc, calculate its service id, and store it in the cache.
* If we have a newer descriptor with the same ID, ignore this one.
* If we have an older descriptor with the same ID, replace it.
* Return -1 if it's malformed or otherwise rejected; return 0 if
* it's the same or older than one we've already got; return 1 if
* it's novel.
*/
int
rend_cache_store(const char *desc, size_t desc_len)
{
rend_cache_entry_t *e;
rend_service_descriptor_t *parsed;
char query[REND_SERVICE_ID_LEN+1];
char key[REND_SERVICE_ID_LEN+2]; /* 1\0 or 0\0 */
time_t now;
tor_assert(rend_cache);
parsed = rend_parse_service_descriptor(desc,desc_len);
if (!parsed) {
log_warn(LD_PROTOCOL,"Couldn't parse service descriptor.");
return -1;
}
if (rend_get_service_id(parsed->pk, query)<0) {
log_warn(LD_BUG,"Couldn't compute service ID.");
rend_service_descriptor_free(parsed);
return -1;
}
tor_snprintf(key, sizeof(key), "%c%s", parsed->version?'1':'0', query);
now = time(NULL);
if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Service descriptor %s is too old.", safe_str(query));
rend_service_descriptor_free(parsed);
return -1;
}
if (parsed->timestamp > now+REND_CACHE_MAX_SKEW) {
log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Service descriptor %s is too far in the future.", safe_str(query));
rend_service_descriptor_free(parsed);
return -1;
}
e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
if (e && e->parsed->timestamp > parsed->timestamp) {
log_info(LD_REND,"We already have a newer service descriptor %s with the "
"same ID and version.", safe_str(query));
rend_service_descriptor_free(parsed);
return 0;
}
if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) {
log_info(LD_REND,"We already have this service descriptor %s.",
safe_str(query));
e->received = time(NULL);
rend_service_descriptor_free(parsed);
return 0;
}
if (!e) {
e = tor_malloc_zero(sizeof(rend_cache_entry_t));
strmap_set_lc(rend_cache, key, e);
} else {
rend_service_descriptor_free(e->parsed);
tor_free(e->desc);
}
e->received = time(NULL);
e->parsed = parsed;
e->len = desc_len;
e->desc = tor_malloc(desc_len);
memcpy(e->desc, desc, desc_len);
log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
safe_str(query), (int)desc_len);
return 1;
}
/** Called when we get a rendezvous-related relay cell on circuit
* circ. Dispatch on rendezvous relay command. */
void
rend_process_relay_cell(circuit_t *circ, int command, size_t length,
const char *payload)
{
or_circuit_t *or_circ = NULL;
origin_circuit_t *origin_circ = NULL;
int r;
if (CIRCUIT_IS_ORIGIN(circ))
origin_circ = TO_ORIGIN_CIRCUIT(circ);
else
or_circ = TO_OR_CIRCUIT(circ);
switch (command) {
case RELAY_COMMAND_ESTABLISH_INTRO:
r = rend_mid_establish_intro(or_circ,payload,length);
break;
case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
r = rend_mid_establish_rendezvous(or_circ,payload,length);
break;
case RELAY_COMMAND_INTRODUCE1:
r = rend_mid_introduce(or_circ,payload,length);
break;
case RELAY_COMMAND_INTRODUCE2:
r = rend_service_introduce(origin_circ,payload,length);
break;
case RELAY_COMMAND_INTRODUCE_ACK:
r = rend_client_introduction_acked(origin_circ,payload,length);
break;
case RELAY_COMMAND_RENDEZVOUS1:
r = rend_mid_rendezvous(or_circ,payload,length);
break;
case RELAY_COMMAND_RENDEZVOUS2:
r = rend_client_receive_rendezvous(origin_circ,payload,length);
break;
case RELAY_COMMAND_INTRO_ESTABLISHED:
r = rend_service_intro_established(origin_circ,payload,length);
break;
case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
r = rend_client_rendezvous_acked(origin_circ,payload,length);
break;
default:
tor_assert(0);
}
(void)r;
}