Loading src/or/hs_cache.c +13 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ #include "config.h" #include "hs_common.h" #include "hs_descriptor.h" #include "networkstatus.h" #include "rendcache.h" /* Directory descriptor cache. Map indexed by blinded key. */ Loading Loading @@ -366,6 +367,18 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes) return bytes_removed; } /** * Return the maximum size of an HS descriptor we are willing to accept as an * HSDir. */ unsigned int hs_cache_get_max_descriptor_size(void) { return (unsigned) networkstatus_get_param(NULL, "HSV3MaxDescriptorSize", HS_DESC_MAX_LEN, 1, INT32_MAX); } /* Initialize the hidden service cache subsystem. */ void hs_cache_init(void) Loading src/or/hs_cache.h +2 −0 Original line number Diff line number Diff line Loading @@ -44,6 +44,8 @@ void hs_cache_free_all(void); void hs_cache_clean_as_dir(time_t now); size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes); unsigned int hs_cache_get_max_descriptor_size(void); /* Store and Lookup function. They are version agnostic that is depending on * the requested version of the descriptor, it will be re-routed to the * right function. */ Loading src/or/hs_descriptor.c +9 −7 Original line number Diff line number Diff line Loading @@ -15,13 +15,14 @@ #include "ed25519_cert.h" /* Trunnel interface. */ #include "parsecommon.h" #include "rendcache.h" #include "hs_cache.h" #include "torcert.h" /* tor_cert_encode_ed22519() */ /* Constant string value used for the descriptor format. */ #define str_hs_desc "hs-descriptor" #define str_desc_cert "descriptor-signing-key-cert" #define str_rev_counter "revision-counter" #define str_encrypted "encrypted" #define str_superencrypted "superencrypted" #define str_signature "signature" #define str_lifetime "descriptor-lifetime" /* Constant string value for the encrypted part of the descriptor. */ Loading @@ -35,7 +36,7 @@ #define str_intro_point_start "\n" str_intro_point " " /* Constant string value for the construction to encrypt the encrypted data * section. */ #define str_enc_hsdir_data "hsdir-encrypted-data" #define str_enc_hsdir_data "hsdir-superencrypted-data" /* Prefix required to compute/verify HS desc signatures */ #define str_desc_sig_prefix "Tor onion service descriptor sig v3" Loading @@ -56,7 +57,7 @@ static token_rule_t hs_desc_v3_token_table[] = { T1(str_lifetime, R3_DESC_LIFETIME, EQ(1), NO_OBJ), T1(str_desc_cert, R3_DESC_SIGNING_CERT, NO_ARGS, NEED_OBJ), T1(str_rev_counter, R3_REVISION_COUNTER, EQ(1), NO_OBJ), T1(str_encrypted, R3_ENCRYPTED, NO_ARGS, NEED_OBJ), T1(str_superencrypted, R3_SUPERENCRYPTED, NO_ARGS, NEED_OBJ), T1_END(str_signature, R3_SIGNATURE, EQ(1), NO_OBJ), END_OF_TABLE }; Loading Loading @@ -751,7 +752,7 @@ desc_encode_v3(const hs_descriptor_t *desc, desc->plaintext_data.revision_counter); } /* Build the encrypted data section. */ /* Build the superencrypted data section. */ { char *enc_b64_blob=NULL; if (encode_encrypted_data(desc, &enc_b64_blob) < 0) { Loading @@ -762,7 +763,7 @@ desc_encode_v3(const hs_descriptor_t *desc, "-----BEGIN MESSAGE-----\n" "%s" "-----END MESSAGE-----", str_encrypted, enc_b64_blob); str_superencrypted, enc_b64_blob); tor_free(enc_b64_blob); } Loading Loading @@ -1492,7 +1493,7 @@ desc_decode_plaintext_v3(smartlist_t *tokens, } /* Extract the encrypted data section. */ tok = find_by_keyword(tokens, R3_ENCRYPTED); tok = find_by_keyword(tokens, R3_SUPERENCRYPTED); tor_assert(tok->object_body); if (strcmp(tok->object_type, "MESSAGE") != 0) { log_warn(LD_REND, "Service descriptor encrypted data section is invalid"); Loading Loading @@ -1701,8 +1702,9 @@ hs_desc_decode_plaintext(const char *encoded, tor_assert(encoded); tor_assert(plaintext); /* Check that descriptor is within size limits. */ encoded_len = strlen(encoded); if (encoded_len >= HS_DESC_MAX_LEN) { if (encoded_len >= hs_cache_get_max_descriptor_size()) { log_warn(LD_REND, "Service descriptor is too big (%lu bytes)", (unsigned long) encoded_len); goto err; Loading src/or/hs_descriptor.h +1 −1 Original line number Diff line number Diff line Loading @@ -54,7 +54,7 @@ HS_DESC_ENCRYPTED_SALT_LEN + \ HS_DESC_PLAINTEXT_PADDING_MULTIPLE + DIGEST256_LEN /* Maximum length in bytes of a full hidden service descriptor. */ #define HS_DESC_MAX_LEN 32768 // XXX justify #define HS_DESC_MAX_LEN 50000 /* 50kb max size */ /* The minimum amount of fields a descriptor should contain. The parsing of * the fields are version specific so the only required field, as a generic * view of a descriptor, is 1 that is the version field. */ Loading src/or/parsecommon.h +1 −1 Original line number Diff line number Diff line Loading @@ -154,7 +154,7 @@ typedef enum { R3_DESC_LIFETIME, R3_DESC_SIGNING_CERT, R3_REVISION_COUNTER, R3_ENCRYPTED, R3_SUPERENCRYPTED, R3_SIGNATURE, R3_CREATE2_FORMATS, R3_AUTHENTICATION_REQUIRED, Loading Loading
src/or/hs_cache.c +13 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ #include "config.h" #include "hs_common.h" #include "hs_descriptor.h" #include "networkstatus.h" #include "rendcache.h" /* Directory descriptor cache. Map indexed by blinded key. */ Loading Loading @@ -366,6 +367,18 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes) return bytes_removed; } /** * Return the maximum size of an HS descriptor we are willing to accept as an * HSDir. */ unsigned int hs_cache_get_max_descriptor_size(void) { return (unsigned) networkstatus_get_param(NULL, "HSV3MaxDescriptorSize", HS_DESC_MAX_LEN, 1, INT32_MAX); } /* Initialize the hidden service cache subsystem. */ void hs_cache_init(void) Loading
src/or/hs_cache.h +2 −0 Original line number Diff line number Diff line Loading @@ -44,6 +44,8 @@ void hs_cache_free_all(void); void hs_cache_clean_as_dir(time_t now); size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes); unsigned int hs_cache_get_max_descriptor_size(void); /* Store and Lookup function. They are version agnostic that is depending on * the requested version of the descriptor, it will be re-routed to the * right function. */ Loading
src/or/hs_descriptor.c +9 −7 Original line number Diff line number Diff line Loading @@ -15,13 +15,14 @@ #include "ed25519_cert.h" /* Trunnel interface. */ #include "parsecommon.h" #include "rendcache.h" #include "hs_cache.h" #include "torcert.h" /* tor_cert_encode_ed22519() */ /* Constant string value used for the descriptor format. */ #define str_hs_desc "hs-descriptor" #define str_desc_cert "descriptor-signing-key-cert" #define str_rev_counter "revision-counter" #define str_encrypted "encrypted" #define str_superencrypted "superencrypted" #define str_signature "signature" #define str_lifetime "descriptor-lifetime" /* Constant string value for the encrypted part of the descriptor. */ Loading @@ -35,7 +36,7 @@ #define str_intro_point_start "\n" str_intro_point " " /* Constant string value for the construction to encrypt the encrypted data * section. */ #define str_enc_hsdir_data "hsdir-encrypted-data" #define str_enc_hsdir_data "hsdir-superencrypted-data" /* Prefix required to compute/verify HS desc signatures */ #define str_desc_sig_prefix "Tor onion service descriptor sig v3" Loading @@ -56,7 +57,7 @@ static token_rule_t hs_desc_v3_token_table[] = { T1(str_lifetime, R3_DESC_LIFETIME, EQ(1), NO_OBJ), T1(str_desc_cert, R3_DESC_SIGNING_CERT, NO_ARGS, NEED_OBJ), T1(str_rev_counter, R3_REVISION_COUNTER, EQ(1), NO_OBJ), T1(str_encrypted, R3_ENCRYPTED, NO_ARGS, NEED_OBJ), T1(str_superencrypted, R3_SUPERENCRYPTED, NO_ARGS, NEED_OBJ), T1_END(str_signature, R3_SIGNATURE, EQ(1), NO_OBJ), END_OF_TABLE }; Loading Loading @@ -751,7 +752,7 @@ desc_encode_v3(const hs_descriptor_t *desc, desc->plaintext_data.revision_counter); } /* Build the encrypted data section. */ /* Build the superencrypted data section. */ { char *enc_b64_blob=NULL; if (encode_encrypted_data(desc, &enc_b64_blob) < 0) { Loading @@ -762,7 +763,7 @@ desc_encode_v3(const hs_descriptor_t *desc, "-----BEGIN MESSAGE-----\n" "%s" "-----END MESSAGE-----", str_encrypted, enc_b64_blob); str_superencrypted, enc_b64_blob); tor_free(enc_b64_blob); } Loading Loading @@ -1492,7 +1493,7 @@ desc_decode_plaintext_v3(smartlist_t *tokens, } /* Extract the encrypted data section. */ tok = find_by_keyword(tokens, R3_ENCRYPTED); tok = find_by_keyword(tokens, R3_SUPERENCRYPTED); tor_assert(tok->object_body); if (strcmp(tok->object_type, "MESSAGE") != 0) { log_warn(LD_REND, "Service descriptor encrypted data section is invalid"); Loading Loading @@ -1701,8 +1702,9 @@ hs_desc_decode_plaintext(const char *encoded, tor_assert(encoded); tor_assert(plaintext); /* Check that descriptor is within size limits. */ encoded_len = strlen(encoded); if (encoded_len >= HS_DESC_MAX_LEN) { if (encoded_len >= hs_cache_get_max_descriptor_size()) { log_warn(LD_REND, "Service descriptor is too big (%lu bytes)", (unsigned long) encoded_len); goto err; Loading
src/or/hs_descriptor.h +1 −1 Original line number Diff line number Diff line Loading @@ -54,7 +54,7 @@ HS_DESC_ENCRYPTED_SALT_LEN + \ HS_DESC_PLAINTEXT_PADDING_MULTIPLE + DIGEST256_LEN /* Maximum length in bytes of a full hidden service descriptor. */ #define HS_DESC_MAX_LEN 32768 // XXX justify #define HS_DESC_MAX_LEN 50000 /* 50kb max size */ /* The minimum amount of fields a descriptor should contain. The parsing of * the fields are version specific so the only required field, as a generic * view of a descriptor, is 1 that is the version field. */ Loading
src/or/parsecommon.h +1 −1 Original line number Diff line number Diff line Loading @@ -154,7 +154,7 @@ typedef enum { R3_DESC_LIFETIME, R3_DESC_SIGNING_CERT, R3_REVISION_COUNTER, R3_ENCRYPTED, R3_SUPERENCRYPTED, R3_SIGNATURE, R3_CREATE2_FORMATS, R3_AUTHENTICATION_REQUIRED, Loading
