mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-23 14:40:51 +01:00
Code Issues Projects Releases Wiki Activity

karsten's second refactoring patch

Browse source 
svn:r12607
This commit is contained in:
Roger Dingledine 2007-11-29 15:25:04 +00:00
parent 0f22c584cd
commit aaf35cccf7
15 changed files with 131 additions and 106 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/or/buffers.c
View file

@ -288,12 +288,17 @@ buf_shrink_freelists(int free_all)
int i, n_to_skip, n_to_free;
char **ptr;
if (free_all) { /* Free every one of them */
log_info(LD_GENERAL, "Freeing all %d elements from %d-byte freelist.",
list->len, (int)list->chunksize);
/* Just a consideration: Is this log statement really useful on
* info level? -KL */
log_debug(LD_GENERAL, "Freeing all %d elements from %d-byte freelist.",
list->len, (int)list->chunksize);
n_to_free = list->len;
} else { /* Skip over the slack and non-lowwater entries */
log_info(LD_GENERAL, "We haven't used %d/%d allocated %d-byte buffer "
"memory chunks since the last call; freeing all but %d of them",
/* Just a consideration: Is this log statement really useful on
* info level? -KL */
log_debug(LD_GENERAL, "We haven't used %d/%d allocated %d-byte buffer "
"memory chunks since the last call; freeing all but %d of "
"them",
list->lowwater, list->len, (int)list->chunksize, list->slack);
n_to_free = list->lowwater - list->slack;
}
@ -374,7 +379,9 @@ buf_resize(buf_t *buf, size_t new_capacity)
if (buf->mem)
raw = tor_realloc(RAW_MEM(buf->mem), ALLOC_LEN(new_capacity));
else {
log_info(LD_GENERAL, "Jumping straight from 0 bytes to %d",
/* Just a consideration: Is this log statement really useful on
* info level? -KL */
log_debug(LD_GENERAL, "Jumping straight from 0 bytes to %d",
(int)new_capacity);
raw = tor_malloc(ALLOC_LEN(new_capacity));
}

9
src/or/config.c
View file

@ -290,8 +290,7 @@ static config_var_t _option_vars[] = {
VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
/*XXXX020 for testing. Maybe remove before -rc. */
V(__MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
{ NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
#undef VAR
@ -2831,10 +2830,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
return -1;
}
if (options->__MinUptimeHidServDirectoryV2 < 0) {
log_warn(LD_CONFIG, "__MinUptimeHidServDirectoryV2 option must be at "
if (options->MinUptimeHidServDirectoryV2 < 0) {
log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at "
"least 0 seconds. Changing to 0.");
options->__MinUptimeHidServDirectoryV2 = 0;
options->MinUptimeHidServDirectoryV2 = 0;
}
if (options->RendPostPeriod < MIN_REND_POST_PERIOD) {

6
src/or/connection_edge.c
View file

@ -2685,7 +2685,7 @@ hostname_type_t
parse_extended_hostname(char *address)
{
char *s;
char query[REND_SERVICE_ID_LEN+1];
char query[REND_SERVICE_ID_LEN_BASE32+1];
s = strrchr(address,'.');
if (!s)
@ -2699,8 +2699,8 @@ parse_extended_hostname(char *address)
/* so it is .onion */
*s = 0; /* nul-terminate it */
if (strlcpy(query, address, REND_SERVICE_ID_LEN+1) >=
REND_SERVICE_ID_LEN+1)
if (strlcpy(query, address, REND_SERVICE_ID_LEN_BASE32+1) >=
REND_SERVICE_ID_LEN_BASE32+1)
goto failed;
if (rend_valid_service_id(query)) {
return ONION_HOSTNAME; /* success */

4
src/or/directory.c
View file

@ -864,7 +864,7 @@ directory_send_command(dir_connection_t *conn,
tor_assert(!payload);
/* this must be true or we wouldn't be doing the lookup */
tor_assert(strlen(resource) <= REND_SERVICE_ID_LEN);
tor_assert(strlen(resource) <= REND_SERVICE_ID_LEN_BASE32);
/* This breaks the function abstraction. */
strlcpy(conn->rend_query, resource, sizeof(conn->rend_query));
@ -3165,7 +3165,7 @@ directory_get_from_hs_dir(const char *desc_id, const char *query)
char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
tor_assert(desc_id);
tor_assert(query);
tor_assert(strlen(query) == REND_SERVICE_ID_LEN);
tor_assert(strlen(query) == REND_SERVICE_ID_LEN_BASE32);
/* Determine responsible dirs. */
if (hid_serv_get_responsible_directories(responsible_dirs, desc_id) < 0) {
/* XXX020 make this louder once we have some v2hidservs */

2
src/or/dirserv.c
View file

@ -1550,7 +1550,7 @@ dirserv_thinks_router_is_hs_dir(routerinfo_t *router, time_t now)
int uptime = real_uptime(router, now);
return (router->wants_to_be_hs_dir &&
uptime > get_options()->__MinUptimeHidServDirectoryV2 &&
uptime > get_options()->MinUptimeHidServDirectoryV2 &&
router->is_running);
}

2
src/or/dns.c
View file

@ -1429,7 +1429,7 @@ launch_wildcard_check(int min_len, int max_len, const char *suffix)
strlcat(name, suffix, sizeof(name));
log_info(LD_EXIT, "Testing whether our DNS server is hijacking nonexistent "
"domains with requrest for bogus hostname \"%s\"", name);
"domains with request for bogus hostname \"%s\"", name);
addr = tor_strdup(name);
r = evdns_resolve_ipv4(name, DNS_QUERY_NO_SEARCH,

22
src/or/or.h
View file

@ -595,7 +595,10 @@ typedef enum {
#define END_CIRC_REASON_FLAG_REMOTE 512
/** Length of 'y' portion of 'y.onion' URL. */
#define REND_SERVICE_ID_LEN 16
#define REND_SERVICE_ID_LEN_BASE32 16
/** Length of a binary-encoded rendezvous service ID. */
#define REND_SERVICE_ID_LEN 10
/** Time period for which a v2 descriptor will be valid. */
#define REND_TIME_PERIOD_V2_DESC_VALIDITY (24*60*60)
@ -984,8 +987,8 @@ typedef struct edge_connection_t {
/** Bytes written since last call to control_event_stream_bandwidth_used() */
uint32_t n_written;
char rend_query[REND_SERVICE_ID_LEN+1]; /**< What rendezvous service are we
* querying for? (AP only) */
/** What rendezvous service are we querying for? (AP only) */
char rend_query[REND_SERVICE_ID_LEN_BASE32+1];
/** Number of times we've reassigned this application connection to
* a new circuit. We keep track because the timeout is longer if we've
@ -1038,8 +1041,8 @@ typedef struct dir_connection_t {
/** The zlib object doing on-the-fly compression for spooled data. */
tor_zlib_state_t *zlib_state;
char rend_query[REND_SERVICE_ID_LEN+1]; /**< What rendezvous service are we
* querying for? */
/** What rendezvous service are we querying for? */
char rend_query[REND_SERVICE_ID_LEN_BASE32+1];
char identity_digest[DIGEST_LEN]; /**< Hash of the public RSA key for
* the directory server's signing key. */
@ -1818,7 +1821,7 @@ typedef struct origin_circuit_t {
* if purpose is C_INTRODUCING or C_ESTABLISH_REND, or is a C_GENERAL
* for a hidden service, or is S_*.
*/
char rend_query[REND_SERVICE_ID_LEN+1];
char rend_query[REND_SERVICE_ID_LEN_BASE32+1];
/** Stores the rendezvous descriptor version if purpose is S_*. Used to
* distinguish introduction and rendezvous points belonging to the same
@ -1830,6 +1833,7 @@ typedef struct origin_circuit_t {
* is incompatible. Would it be clearer to switch to a single version number
* for now and switch back to a bitmap, when the above becomes true? -KL
* Yes. "YAGNI." -NM
* Now it's not a bitmap any more. -KL
*/
uint8_t rend_desc_version;
@ -2088,10 +2092,8 @@ typedef struct {
int FetchHidServDescriptors; /** and hidden service descriptors? */
int HidServDirectoryV2; /**< Do we act as hs dir? */
/*XXXX020 maybe remove these next two testing options. DEFINITELY rename
* them at some point, since I think C says that identifiers beginning with
* __ are implementation-reserved or something. */
int __MinUptimeHidServDirectoryV2; /**< Accept hs dirs after what time? */
int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden
* service directories after what time? */
int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */
int AllDirActionsPrivate; /**< Should every directory action be sent
* through a Tor circuit? */

12
src/or/rendclient.c
View file

@ -87,6 +87,10 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
introcirc->build_state->chosen_exit->identity_digest,
DIGEST_LEN);
intro_key = strmap_get(entry->parsed->intro_keys, hex_digest);
if (!intro_key) {
log_warn(LD_BUG, "Internal error: could not find intro key.");
goto err;
}
}
if (crypto_pk_get_digest(intro_key, payload)<0) {
log_warn(LD_BUG, "Internal error: couldn't hash public key.");
@ -279,9 +283,9 @@ rend_client_refetch_renddesc(const char *query)
}
}
/** If we are not currently fetching a rendezvous service descriptor for the
* base32-encoded service ID <b>query</b>, start a connection to a hidden
* service directory to fetch a new one.
/** Start a connection to a hidden service directory to fetch a v2
* rendezvous service descriptor for the base32-encoded service ID
* <b>query</b>.
*/
void
rend_client_refetch_v2_renddesc(const char *query)
@ -289,7 +293,7 @@ rend_client_refetch_v2_renddesc(const char *query)
char descriptor_id[DIGEST_LEN];
int replica;
tor_assert(query);
tor_assert(strlen(query) == REND_SERVICE_ID_LEN);
tor_assert(strlen(query) == REND_SERVICE_ID_LEN_BASE32);
/* Are we configured to fetch descriptors? */
if (!get_options()->FetchHidServDescriptors) {
log_warn(LD_REND, "We received an onion address for a v2 rendezvous "

34
src/or/rendcommon.c
View file

@ -58,12 +58,6 @@ rend_service_descriptor_free(rend_service_descriptor_t *desc)
tor_free(desc);
}
/** Length of a binary-encoded rendezvous service ID. */
/*XXXX020 Rename to include "len" and maybe not "binary" */
/* Need to change REND_SERVICE_ID_LEN 16 to REND_SERVICE_ID_LEN_BASE32
* before! -KL */
#define REND_SERVICE_ID_BINARY 10
/** Length of the descriptor cookie that is used for versioned hidden
* service descriptors. */
#define REND_DESC_COOKIE_LEN 16
@ -73,7 +67,7 @@ rend_service_descriptor_free(rend_service_descriptor_t *desc)
#define REND_REPLICA_LEN 1
/** Compute the descriptor ID for <b>service_id</b> of length
* <b>REND_SERVICE_ID_BINARY</b> and <b>secret_id_part</b> of length
* <b>REND_SERVICE_ID_LEN</b> and <b>secret_id_part</b> of length
* <b>DIGEST_LEN</b>, and write it to <b>descriptor_id_out</b> of length
* <b>DIGEST_LEN</b>. */
void
@ -82,7 +76,7 @@ rend_get_descriptor_id_bytes(char *descriptor_id_out,
const char *secret_id_part)
{
crypto_digest_env_t *digest = crypto_new_digest_env();
crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_BINARY);
crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
crypto_free_digest_env(digest);
@ -147,11 +141,11 @@ rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
const char *descriptor_cookie, time_t now,
uint8_t replica)
{
char service_id_binary[REND_SERVICE_ID_BINARY];
char service_id_binary[REND_SERVICE_ID_LEN];
char secret_id_part[DIGEST_LEN];
uint32_t time_period;
if (!service_id ||
strlen(service_id) != REND_SERVICE_ID_LEN) {
strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) {
log_warn(LD_REND, "Could not compute v2 descriptor ID: "
"Illegal service ID: %s", service_id);
return -1;
@ -162,8 +156,8 @@ rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
return -1;
}
/* Convert service ID to binary. */
if (base32_decode(service_id_binary, REND_SERVICE_ID_BINARY,
service_id, REND_SERVICE_ID_LEN) < 0) {
if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN,
service_id, REND_SERVICE_ID_LEN_BASE32) < 0) {
log_warn(LD_REND, "Could not compute v2 descriptor ID: "
"Illegal characters in service ID: %s",
service_id);
@ -609,7 +603,7 @@ rend_get_service_id(crypto_pk_env_t *pk, char *out)
tor_assert(pk);
if (crypto_pk_get_digest(pk, buf) < 0)
return -1;
base32_encode(out, REND_SERVICE_ID_LEN+1, buf, 10);
base32_encode(out, REND_SERVICE_ID_LEN_BASE32+1, buf, REND_SERVICE_ID_LEN);
return 0;
}
@ -746,10 +740,10 @@ rend_id_is_in_interval(const char *a, const char *b, const char *c)
int
rend_valid_service_id(const char *query)
{
if (strlen(query) != REND_SERVICE_ID_LEN)
if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
return 0;
if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN)
if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
return 0;
return 1;
@ -764,7 +758,7 @@ rend_valid_service_id(const char *query)
int
rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
{
char key[REND_SERVICE_ID_LEN+2]; /* <version><query>\0 */
char key[REND_SERVICE_ID_LEN_BASE32+2]; /* <version><query>\0 */
tor_assert(rend_cache);
if (!rend_valid_service_id(query))
return -1;
@ -848,8 +842,8 @@ rend_cache_store(const char *desc, size_t desc_len, int published)
{
rend_cache_entry_t *e;
rend_service_descriptor_t *parsed;
char query[REND_SERVICE_ID_LEN+1];
char key[REND_SERVICE_ID_LEN+2]; /* 0<query>\0 */
char query[REND_SERVICE_ID_LEN_BASE32+1];
char key[REND_SERVICE_ID_LEN_BASE32+2]; /* 0<query>\0 */
time_t now;
or_options_t *options = get_options();
tor_assert(rend_cache);
@ -1060,8 +1054,8 @@ rend_cache_store_v2_desc_as_client(const char *desc,
size_t encoded_size;
const char *next_desc;
time_t now = time(NULL);
char key[REND_SERVICE_ID_LEN+2];
char service_id[REND_SERVICE_ID_LEN+1];
char key[REND_SERVICE_ID_LEN_BASE32+2];
char service_id[REND_SERVICE_ID_LEN_BASE32+1];
rend_cache_entry_t *e;
tor_assert(rend_cache);
tor_assert(desc);

10
src/or/rendmid.c
View file

@ -24,7 +24,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
char pk_digest[DIGEST_LEN];
size_t asn1len;
or_circuit_t *c;
char serviceid[REND_SERVICE_ID_LEN+1];
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
int reason = END_CIRC_REASON_INTERNAL;
log_info(LD_REND,
@ -84,7 +84,8 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
crypto_free_pk_env(pk); /* don't need it anymore */
pk = NULL; /* so we don't free it again if err */
base32_encode(serviceid, REND_SERVICE_ID_LEN+1, pk_digest,10);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
pk_digest, REND_SERVICE_ID_LEN);
/* Close any other intro circuits with the same pk. */
c = NULL;
@ -129,7 +130,7 @@ int
rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len)
{
or_circuit_t *intro_circ;
char serviceid[REND_SERVICE_ID_LEN+1];
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
char nak_body[1];
log_info(LD_REND, "Received an INTRODUCE1 request on circuit %d",
@ -154,7 +155,8 @@ rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len)
goto err;
}
base32_encode(serviceid, REND_SERVICE_ID_LEN+1, request,10);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
request, REND_SERVICE_ID_LEN);
/* The first 20 bytes are all we look at: they have a hash of Bob's PK. */
intro_circ = circuit_get_intro_point(request);

98
src/or/rendservice.c
View file

@ -47,7 +47,7 @@ typedef struct rend_service_t {
char *intro_exclude_nodes; /**< comma-separated list of nicknames */
/* Other fields */
crypto_pk_env_t *private_key;
char service_id[REND_SERVICE_ID_LEN+1];
char service_id[REND_SERVICE_ID_LEN_BASE32+1];
char pk_digest[DIGEST_LEN];
smartlist_t *intro_nodes; /**< list of hexdigests for intro points we have,
* or are trying to establish. */
@ -67,8 +67,9 @@ typedef struct rend_service_t {
* Would it be clearer to switch to a single version number for now and
* switch back to a bitmap, when the above becomes true? -KL */
/* Yes. s/when/if/. "YAGNI" -NM. */
int descriptor_versions; /**< bitmask of rendezvous descriptor versions
* that will be published. "0" means "default." */
/* Now it's used as version number, not as bitmask. -KL */
int descriptor_version; /**< rendezvous descriptor version that will be
* published. */
} rend_service_t;
/** A list of rend_service_t's for services run on this OP.
@ -142,14 +143,12 @@ add_service(rend_service_t *service)
service->intro_prefer_nodes = tor_strdup("");
if (!service->intro_exclude_nodes)
service->intro_exclude_nodes = tor_strdup("");
if (service->descriptor_versions == 0)
service->descriptor_versions = 1 + (1<<2); /**< Default is v0 and v2 in
* parallel. */
service->intro_nodes = smartlist_create();
service->intro_keys = strmap_new();
/* If the service is configured to publish unversioned (v0) and versioned
* descriptors (v2 or higher), split it up into two separate services. */
if (service->descriptor_versions > 1 && service->descriptor_versions & 1) {
if (service->descriptor_version == -1) {
rend_service_t *v0_service = tor_malloc_zero(sizeof(rend_service_t));
v0_service->directory = tor_strdup(service->directory);
v0_service->ports = smartlist_create();
@ -163,10 +162,10 @@ add_service(rend_service_t *service)
v0_service->intro_prefer_nodes = tor_strdup(service->intro_prefer_nodes);
v0_service->intro_exclude_nodes = tor_strdup(service->intro_exclude_nodes);
v0_service->intro_period_started = service->intro_period_started;
v0_service->descriptor_versions = 1; /* Unversioned descriptor. */
v0_service->descriptor_version = 0; /* Unversioned descriptor. */
add_service(v0_service);
service->descriptor_versions -= 1; /* Versioned descriptor. */
service->descriptor_version = 2; /* Versioned descriptor. */
}
if (!smartlist_len(service->ports)) {
@ -283,7 +282,7 @@ rend_config_services(or_options_t *options, int validate_only)
service->ports = smartlist_create();
service->intro_nodes = smartlist_create();
service->intro_period_started = time(NULL);
service->descriptor_versions = 0;
service->descriptor_version = -1; /**< All descriptor versions. */
continue;
}
if (!service) {
@ -318,7 +317,7 @@ rend_config_services(or_options_t *options, int validate_only)
} else {
smartlist_t *versions;
char *version_str;
int i, version;
int i, version, versions_bitmask = 0;
tor_assert(!strcasecmp(line->key, "HiddenServiceVersion"));
versions = smartlist_create();
smartlist_split_string(versions, line->value, ",",
@ -331,8 +330,10 @@ rend_config_services(or_options_t *options, int validate_only)
return -1;
}
version = atoi(version_str);
service->descriptor_versions |= 1 << version;
versions_bitmask |= 1 << version;
}
if (versions_bitmask == 1 << 0) service->descriptor_version = 0;
if (versions_bitmask == 1 << 2) service->descriptor_version = 2;
}
}
if (service) {
@ -362,14 +363,14 @@ rend_service_update_descriptor(rend_service_t *service)
d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
d->pk = crypto_pk_dup_key(service->private_key);
d->timestamp = time(NULL);
d->version = 1; /*< XXXX020 this value is ignored by the
* encode functions; do we need to set it at all? */
d->version = service->descriptor_version;
n = smartlist_len(service->intro_nodes);
d->n_intro_points = 0;
d->intro_points = tor_malloc_zero(sizeof(char*)*n);
d->intro_point_extend_info = tor_malloc_zero(sizeof(extend_info_t*)*n);
/* We support intro protocol 2 and protocol 0. */
d->protocols = (1<<2) | (1<<0);
/* XXXX020 Why should we support the old intro protocol 0? Whoever
* understands descriptor version 2 also understands intro protocol 2. */
d->protocols = 1 << 2; /*< We only support intro protocol 2. */
if (service->intro_keys) {
/* We need to copy keys so that they're not deleted when we free the
@ -464,16 +465,16 @@ rend_service_load_keys(void)
}
/** Return the service whose public key has a digest of <b>digest</b> and
* which publishes exactly the descriptor of the given <b>versions</b>
* bitmask. Return NULL if no such service exists.
* which publishes the given descriptor <b>version</b>. Return NULL if no
* such service exists.
*/
static rend_service_t *
rend_service_get_by_pk_digest_and_version(const char* digest,
uint8_t versions)
uint8_t version)
{
SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s,
if (!memcmp(s->pk_digest,digest,DIGEST_LEN) &&
s->descriptor_versions == versions) return s);
s->descriptor_version == version) return s);
return NULL;
}
@ -516,15 +517,15 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
crypto_dh_env_t *dh = NULL;
origin_circuit_t *launched = NULL;
crypt_path_t *cpath = NULL;
char serviceid[REND_SERVICE_ID_LEN+1];
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
char hexcookie[9];
int circ_needs_uptime;
int reason = END_CIRC_REASON_TORPROTOCOL;
crypto_pk_env_t *intro_key;
char intro_key_digest[DIGEST_LEN];
base32_encode(serviceid, REND_SERVICE_ID_LEN+1,
circuit->rend_pk_digest,10);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
circuit->rend_pk_digest, REND_SERVICE_ID_LEN);
log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %d.",
escaped(serviceid), circuit->_base.n_circ_id);
@ -552,8 +553,8 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
return -1;
}
/* if descriptor is versioned, use intro key instead of service key. */
if (circuit->rend_desc_version & 1) {
/* if descriptor version is 2, use intro key instead of service key. */
if (circuit->rend_desc_version == 0) {
intro_key = service->private_key;
} else {
intro_key = circuit->intro_key;
@ -562,7 +563,8 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
/* first DIGEST_LEN bytes of request is intro or service pk digest */
crypto_pk_get_digest(intro_key, intro_key_digest);
if (memcmp(intro_key_digest, request, DIGEST_LEN)) {
base32_encode(serviceid, REND_SERVICE_ID_LEN+1, request, 10);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
request, REND_SERVICE_ID_LEN);
log_warn(LD_REND, "Got an INTRODUCE2 cell for the wrong service (%s).",
escaped(serviceid));
return -1;
@ -710,7 +712,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
memcpy(launched->rend_cookie, r_cookie, REND_COOKIE_LEN);
strlcpy(launched->rend_query, service->service_id,
sizeof(launched->rend_query));
launched->rend_desc_version = service->descriptor_versions;
launched->rend_desc_version = service->descriptor_version;
launched->build_state->pending_final_cpath = cpath =
tor_malloc_zero(sizeof(crypt_path_t));
cpath->magic = CRYPT_PATH_MAGIC;
@ -780,7 +782,8 @@ rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc)
newstate->pending_final_cpath = oldstate->pending_final_cpath;
oldstate->pending_final_cpath = NULL;
memcpy(newcirc->rend_query, oldcirc->rend_query, REND_SERVICE_ID_LEN+1);
memcpy(newcirc->rend_query, oldcirc->rend_query,
REND_SERVICE_ID_LEN_BASE32+1);
memcpy(newcirc->rend_pk_digest, oldcirc->rend_pk_digest,
DIGEST_LEN);
memcpy(newcirc->rend_cookie, oldcirc->rend_cookie,
@ -815,8 +818,8 @@ rend_service_launch_establish_intro(rend_service_t *service,
strlcpy(launched->rend_query, service->service_id,
sizeof(launched->rend_query));
memcpy(launched->rend_pk_digest, service->pk_digest, DIGEST_LEN);
launched->rend_desc_version = service->descriptor_versions;
if (!(service->descriptor_versions & 1)) {
launched->rend_desc_version = service->descriptor_version;
if (service->descriptor_version == 2) {
launched->intro_key = crypto_new_pk_env();
tor_assert(!crypto_pk_generate_key(launched->intro_key));
strmap_set(service->intro_keys, nickname,
@ -838,15 +841,15 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
int r;
char buf[RELAY_PAYLOAD_SIZE];
char auth[DIGEST_LEN + 9];
char serviceid[REND_SERVICE_ID_LEN+1];
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
int reason = END_CIRC_REASON_TORPROTOCOL;
crypto_pk_env_t *intro_key;
tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
tor_assert(circuit->cpath);
base32_encode(serviceid, REND_SERVICE_ID_LEN+1,
circuit->rend_pk_digest,10);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
circuit->rend_pk_digest, REND_SERVICE_ID_LEN);
service = rend_service_get_by_pk_digest_and_version(
circuit->rend_pk_digest, circuit->rend_desc_version);
@ -864,7 +867,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
/* If the introduction point will not be used in an unversioned
* descriptor, use the intro key instead of the service key in
* ESTABLISH_INTRO. */
if (service->descriptor_versions & 1)
if (service->descriptor_version == 0)
intro_key = service->private_key;
else
intro_key = circuit->intro_key;
@ -910,7 +913,7 @@ rend_service_intro_established(origin_circuit_t *circuit, const char *request,
size_t request_len)
{
rend_service_t *service;
char serviceid[REND_SERVICE_ID_LEN+1];
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
(void) request;
(void) request_len;
@ -929,8 +932,8 @@ rend_service_intro_established(origin_circuit_t *circuit, const char *request,
service->desc_is_dirty = time(NULL);
circuit->_base.purpose = CIRCUIT_PURPOSE_S_INTRO;
base32_encode(serviceid, REND_SERVICE_ID_LEN + 1,
circuit->rend_pk_digest, 10);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
circuit->rend_pk_digest, REND_SERVICE_ID_LEN);
log_info(LD_REND,
"Received INTRO_ESTABLISHED cell on circuit %d for service %s",
circuit->_base.n_circ_id, serviceid);
@ -950,7 +953,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
rend_service_t *service;
char buf[RELAY_PAYLOAD_SIZE];
crypt_path_t *hop;
char serviceid[REND_SERVICE_ID_LEN+1];
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
char hexcookie[9];
int reason;
@ -961,8 +964,8 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
tor_assert(hop);
base16_encode(hexcookie,9,circuit->rend_cookie,4);
base32_encode(serviceid, REND_SERVICE_ID_LEN+1,
circuit->rend_pk_digest,10);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
circuit->rend_pk_digest, REND_SERVICE_ID_LEN);
log_info(LD_REND,
"Done building circuit %d to rendezvous with "
@ -1063,7 +1066,7 @@ upload_service_descriptor(rend_service_t *service)
{
time_t now = time(NULL);
int rendpostperiod;
char serviceid[REND_SERVICE_ID_LEN+1];
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
int uploaded = 0;
/* Update the descriptor. */
@ -1072,7 +1075,7 @@ upload_service_descriptor(rend_service_t *service)
rendpostperiod = get_options()->RendPostPeriod;
/* Upload unversioned (v0) descriptor? */
if (service->descriptor_versions & 1 &&
if (service->descriptor_version == 0 &&
get_options()->PublishHidServDescriptors) {
char *desc;
size_t desc_len;
@ -1098,7 +1101,7 @@ upload_service_descriptor(rend_service_t *service)
}
/* Upload v2 descriptor? */
if (service->descriptor_versions & (1 << 2) &&
if (service->descriptor_version == 2 &&
get_options()->PublishHidServDescriptors) {
if (hid_serv_have_enough_directories()) {
int seconds_valid;
@ -1137,7 +1140,8 @@ upload_service_descriptor(rend_service_t *service)
/* Post also the next descriptors, if necessary. */
if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS) {
seconds_valid = rend_encode_v2_descriptors(desc_strs, desc_ids,
service->desc, now, NULL, 1);
service->desc, now,
NULL, 1);
if (seconds_valid < 0) {
log_warn(LD_BUG, "Internal error: couldn't encode service "
"descriptor; not uploading.");
@ -1369,14 +1373,14 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
origin_circuit_t *circ)
{
rend_service_t *service;
char serviceid[REND_SERVICE_ID_LEN+1];
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
smartlist_t *matching_ports;
rend_service_port_config_t *chosen_port;
tor_assert(circ->_base.purpose == CIRCUIT_PURPOSE_S_REND_JOINED);
log_debug(LD_REND,"beginning to hunt for addr/port");
base32_encode(serviceid, REND_SERVICE_ID_LEN+1,
circ->rend_pk_digest,10);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
circ->rend_pk_digest, REND_SERVICE_ID_LEN);
service = rend_service_get_by_pk_digest_and_version(circ->rend_pk_digest,
circ->rend_desc_version);
if (!service) {

2
src/or/rephist.c
View file

@ -1650,7 +1650,7 @@ rep_hist_free_all(void)
/** List element containing a service id and the count. */
typedef struct hs_usage_list_elem_t {
/** Service id of this elem. */
char service_id[REND_SERVICE_ID_LEN+1];
char service_id[REND_SERVICE_ID_LEN_BASE32+1];
/** Number of occurrences for the given service id. */
uint32_t count;
/* Pointer to next list elem */

4
src/or/routerlist.c
View file

@ -4455,7 +4455,9 @@ hid_serv_have_enough_directories(void)
SMARTLIST_FOREACH(c->routerstatus_list, routerstatus_t *, r,
{
if (r->is_hs_dir)
if (++n_hsdirs > REND_NUMBER_OF_CONSECUTIVE_REPLICAS)
/* XXXX020 In fact, REND_NUMBER_OF_CONSECUTIVE_REPLICAS hs dirs
* are enough. */
if (++n_hsdirs >= REND_NUMBER_OF_CONSECUTIVE_REPLICAS)
return 1;
});
return 0;

10
src/or/routerparse.c
View file

@ -3262,6 +3262,9 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
* is greater than 2, we bumped it because we broke backward
* compatibility. See how version numbers in our other formats
* work. */
/* That means that adding optional fields to the descriptor wouldn't
* require a new version number, but the way of verifying it's origin
* would. Okay. -KL */
log_warn(LD_REND, "Wrong descriptor version: %d", result->version);
goto err;
}
@ -3311,6 +3314,12 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
* non-backward-compatible changes. This code doesn't know how to
* parse a v3 descriptor, because a v3 descriptor is by definition not
* compatible with this code. */
/* This refers to the permitted versions of introduction cells which might
* change independently from the descriptor version. If we validated the
* numbers here, a hidden service directory might reject a descriptor that
* would be understood by newer clients. Then we would need a "HSDir3" tag
* only to be able to use a new introduction cell version. I really think
* we should not validate it here. -KL */
version = atoi(smartlist_get(versions, i));
result->protocols |= 1 << version;
}
@ -3467,6 +3476,7 @@ rend_decrypt_introduction_points(rend_service_descriptor_t *parsed,
tok = find_first_by_keyword(tokens, R_IPO_ONION_PORT);
info->port = (uint16_t) atoi(tok->args[0]);
/* XXXX020 this next check fails with ports like 65537. */
/* No, uint16_t only allows numbers in the interval 0..65535. -KL */
if (!info->port) {
log_warn(LD_REND, "Introduction point onion port is out of range: %d",
info->port);

5
src/or/test.c
View file

@ -3275,7 +3275,7 @@ test_rend_fns_v2(void)
{
rend_service_descriptor_t *generated, *parsed;
char service_id[DIGEST_LEN];
char service_id_base32[REND_SERVICE_ID_LEN+1];
char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1];
const char *next_desc;
smartlist_t *desc_strs = smartlist_create();
smartlist_t *desc_ids = smartlist_create();
@ -3292,7 +3292,8 @@ test_rend_fns_v2(void)
generated = tor_malloc_zero(sizeof(rend_service_descriptor_t));
generated->pk = crypto_pk_dup_key(pk1);
crypto_pk_get_digest(generated->pk, service_id);
base32_encode(service_id_base32, REND_SERVICE_ID_LEN+1, service_id, 10);
base32_encode(service_id_base32, REND_SERVICE_ID_LEN_BASE32+1,
service_id, REND_SERVICE_ID_LEN);
now = time(NULL);
generated->timestamp = now;
generated->n_intro_points = 3;