[or-cvs] r11408: fixed return code of storing v2 descs to hs dirs to avoid fa (in tor/branches/114-dist-storage/src: common or)
kloesing at seul.org
kloesing at seul.org
Mon Sep 10 08:23:19 UTC 2007
Author: kloesing
Date: 2007-09-10 04:23:18 -0400 (Mon, 10 Sep 2007)
New Revision: 11408
Modified:
tor/branches/114-dist-storage/src/common/crypto.c
tor/branches/114-dist-storage/src/or/directory.c
tor/branches/114-dist-storage/src/or/or.h
tor/branches/114-dist-storage/src/or/rendcommon.c
tor/branches/114-dist-storage/src/or/routerlist.c
tor/branches/114-dist-storage/src/or/routerparse.c
tor/branches/114-dist-storage/src/or/test.c
Log:
fixed return code of storing v2 descs to hs dirs to avoid false negatives; store only correct substring when storing replicas of v2 descs; return correct validity in seconds when encoding v2 descs for future time periods; update hs dir routing table after every network status change
Modified: tor/branches/114-dist-storage/src/common/crypto.c
===================================================================
--- tor/branches/114-dist-storage/src/common/crypto.c 2007-09-08 20:25:57 UTC (rev 11407)
+++ tor/branches/114-dist-storage/src/common/crypto.c 2007-09-10 08:23:18 UTC (rev 11408)
@@ -1232,8 +1232,8 @@
* symmetric key <b>key</b> of 16 bytes length to <b>to</b> of length
* <b>tolen</b> which may be <b>fromlen</b> minus 16 for the initialization
* vector (the size of padding cannot be determined in advance). On success,
- * return the number of bytes written, on failure (including providing the
- * wrong key), return -1.
+ * return the number of bytes written, on failure (NOT including providing
+ * the wrong key, which occasionally returns the correct length!), return -1.
*/
int
crypto_cipher_decrypt_cbc(const char *key, char *to, size_t tolen,
Modified: tor/branches/114-dist-storage/src/or/directory.c
===================================================================
--- tor/branches/114-dist-storage/src/or/directory.c 2007-09-08 20:25:57 UTC (rev 11407)
+++ tor/branches/114-dist-storage/src/or/directory.c 2007-09-10 08:23:18 UTC (rev 11408)
@@ -2256,7 +2256,7 @@
if (options->HidServDirectoryV2 &&
!strcmpstart(url,"/tor/rendezvous2/publish")) {
log_info(LD_REND, "Handling v2 rendezvous descriptor post");
- if (rend_cache_store_v2_dir(body) <= 0) {
+ if (rend_cache_store_v2_dir(body) < 0) {
log_warn(LD_REND, "Rejected rend descriptor (length %d) from %s.",
(int)body_len, conn->_base.address);
write_http_status_line(conn, 400, "Invalid service descriptor rejected");
@@ -2722,10 +2722,9 @@
ROUTER_PURPOSE_GENERAL, 0,
request, NULL, 0);
log_info(LD_REND, "Sending replication request for v2 descriptors in "
- "interval '%s' to '%s' from hidden service "
+ "interval '%s' from hidden service "
"directory '%s' on port %d.",
- from_id,
- to_id,
+ request,
hs_dir->nickname,
hs_dir->dir_port);
}
@@ -2781,7 +2780,7 @@
base32_encode(to_id_base32, REND_DESC_ID_V2_LEN + 1, predecessor0,
DIGEST_LEN);
log_info(LD_REND, "Requesting descriptors in interval %s to %s as "
- "replicas from predecessor.",
+ "replicas from predecessor.",
from_id_base32,
to_id_base32);
hs_dir_fetch_replicas(pred_status, from_id_base32, to_id_base32);
@@ -2789,6 +2788,10 @@
/* Get descriptors for which I am primarily responsible from
* NUMBER_OF_CONSECUTIVE_REPLICAS - 1 successors. */
direct_predecessor = previous_hs_dir(me);
+ base32_encode(from_id_base32, REND_DESC_ID_V2_LEN + 1,
+ direct_predecessor, DIGEST_LEN);
+if (!predecessor1) log_warn(LD_REND, "direct_predecessor is NULL!");
+ base32_encode(to_id_base32, REND_DESC_ID_V2_LEN + 1, me, DIGEST_LEN);
successor = next_hs_dir(me);
for (i = 0; i < NUMBER_OF_CONSECUTIVE_REPLICAS - 1;
i++, successor = next_hs_dir(successor)) {
@@ -2804,20 +2807,16 @@
"Skipping router for replication.");
return;
}
- base32_encode(from_id_base32, REND_DESC_ID_V2_LEN + 1,
- direct_predecessor, DIGEST_LEN);
- base32_encode(to_id_base32, REND_DESC_ID_V2_LEN + 1,
- me, DIGEST_LEN);
- log_debug(LD_REND, "Requesting descriptors in interval %s to %s for "
- "which I am primarily responsible from successor.",
+ log_info(LD_REND, "Requesting descriptors in interval %s to %s for "
+ "which I am primarily responsible from successor.",
from_id_base32,
to_id_base32);
hs_dir_fetch_replicas(succ_status, from_id_base32, to_id_base32);
}
/* Clean up descriptors for which I am not reponsible (neither primarily
* nor for replication). */
- log_debug(LD_REND, "Cleaning up all descriptors that are not (any more) "
- "in the interval for which i am responsible.");
+ log_info(LD_REND, "Cleaning up all descriptors that are not (any more) "
+ "in the interval for which I am responsible.");
rend_cache_clean_up();
}
Modified: tor/branches/114-dist-storage/src/or/or.h
===================================================================
--- tor/branches/114-dist-storage/src/or/or.h 2007-09-08 20:25:57 UTC (rev 11407)
+++ tor/branches/114-dist-storage/src/or/or.h 2007-09-10 08:23:18 UTC (rev 11408)
@@ -3649,6 +3649,7 @@
char *desc_id,
char **intro_points_encrypted,
size_t *intro_points_encrypted_size,
+ size_t *encoded_size,
const char **next, const char *desc);
int rend_decrypt_introduction_points(rend_service_descriptor_t *parsed,
const char *secret_cookie,
Modified: tor/branches/114-dist-storage/src/or/rendcommon.c
===================================================================
--- tor/branches/114-dist-storage/src/or/rendcommon.c 2007-09-08 20:25:57 UTC (rev 11407)
+++ tor/branches/114-dist-storage/src/or/rendcommon.c 2007-09-10 08:23:18 UTC (rev 11408)
@@ -245,10 +245,12 @@
char test_desc_id[DIGEST_LEN];
char *test_intro_content;
size_t test_intro_size;
+ size_t test_encoded_size;
const char *test_next;
int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id,
&test_intro_content,
&test_intro_size,
+ &test_encoded_size,
&test_next, desc_str);
tor_free(test_parsed);
tor_free(test_intro_content);
@@ -293,7 +295,8 @@
/* Calculate current time-period. */
get_time_period_bytes(time_period, now, period, service_id);
/* Determine how many seconds the descriptor will be valid. */
- seconds_valid = get_seconds_valid(now, service_id);
+ seconds_valid = period * TIME_PERIOD_LENGTH +
+ get_seconds_valid(now, service_id);
/* Encode and encrypt introduction points. */
rend_encode_v2_intro_points(&ipos_base64, desc, secret_cookie);
/* Encode NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */
@@ -597,6 +600,11 @@
digestmap_iter_get(iter, &key, &val);
ent = (rend_cache_entry_t*)val;
if (ent->parsed->timestamp < cutoff) {
+ char key_base32[REND_DESC_ID_V2_LEN+1];
+ base32_encode(key_base32, REND_DESC_ID_V2_LEN+1, key, DIGEST_LEN);
+ log_info(LD_REND, "Removing descriptor with ID '%s' from cache, "
+ "because it is too old!",
+ key_base32);
iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
_rend_cache_entry_free(ent);
} else {
@@ -643,6 +651,10 @@
digestmap_iter_get(iter, &key, &val);
ent = (rend_cache_entry_t*)val;
if (!responsible_for_desc_id(key)) {
+ char key_base32[REND_DESC_ID_V2_LEN+1];
+ base32_encode(key_base32, REND_DESC_ID_V2_LEN+1, key, DIGEST_LEN);
+ log_info(LD_REND, "Removing descriptor with ID '%s' from cache, "
+ "because we are not reponsible for it!", key_base32);
iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
_rend_cache_entry_free(ent);
} else {
@@ -717,24 +729,8 @@
{
rend_cache_entry_t *e;
char desc_id_digest[20];
-
- digestmap_iter_t *iter;
- const char *key;
- void *val;
-
+ tor_assert(rend_cache_v2_dir);
base32_decode(desc_id_digest, 20, desc_id, 32);
-
- //rend_cache_entry_t *ent;
- for (iter = digestmap_iter_init(rend_cache_v2_dir);
- !digestmap_iter_done(iter); ) {
- char stored[32+1];
- digestmap_iter_get(iter, &key, &val);
- base32_encode(stored, 32+1, key, 20);
- log_info(LD_REND, "stored: %s", stored);
- iter = digestmap_iter_next(rend_cache_v2_dir, iter);
- }
-
- tor_assert(rend_cache_v2_dir);
/* Determine if we are responsible. */
if (responsible_for_desc_id(desc_id_digest) < 0) {
log_info(LD_REND, "Could not answer fetch request for v2 descriptor; "
@@ -818,6 +814,9 @@
written += strlen(*descs + written);
*(*descs + written++) = '\n';
});
+ log_info(LD_REND, "Received fetch request for replicas in interval '%s'. "
+ "Answering with %d descriptors.",
+ query, results->num_used);
smartlist_free(results);
return 0;
}
@@ -921,6 +920,7 @@
char desc_id[DIGEST_LEN];
char *intro_content;
size_t intro_size;
+ size_t encoded_size;
char desc_id_base32[REND_DESC_ID_V2_LEN+1];
int number_stored = 0;
const char *current_desc = desc;
@@ -936,8 +936,8 @@
return -1;
}
while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
- &intro_size, &next_desc,
- current_desc) >= 0) {
+ &intro_size, &encoded_size,
+ &next_desc, current_desc) >= 0) {
tor_assert(parsed);
/* We don't care about the introduction points. */
tor_free(intro_content);
@@ -994,15 +994,19 @@
}
e->received = time(NULL);
e->parsed = parsed;
- e->desc = tor_malloc(strlen(desc) + 1);
- strcpy(e->desc, desc);
- e->len = strlen(desc);
+ e->desc = tor_malloc(encoded_size + 1);
+ strlcpy(e->desc, desc, encoded_size + 1);
+ e->len = encoded_size;
log_info(LD_REND, "Successfully stored service descriptor with desc ID "
- "'%s' and len %d.", desc_id_base32, strlen(desc));
+ "'%s' and len %d.", desc_id_base32, encoded_size);
number_stored++;
skip:
/* advance to next descriptor, if available. */
current_desc = next_desc;
+ /* check if there is a next descriptor. */
+ if (strncmp(current_desc, "rendezvous-service-descriptor ",
+ strlen("rendezvous-service-descriptor ")))
+ break;
}
log_info(LD_REND, "Parsed and added %d descriptor%s.",
number_stored, number_stored != 1 ? "s" : "");
@@ -1026,7 +1030,7 @@
char desc_id[DIGEST_LEN];
char *intro_content = NULL;
size_t intro_size;
- //const char **first_desc = (const char **)(&desc);
+ size_t encoded_size;
const char *next_desc;
time_t now = time(NULL);
char key[REND_SERVICE_ID_LEN+2];
@@ -1038,8 +1042,8 @@
tor_assert(strlen(secret_cookie) == REND_SECRET_COOKIE_LEN);
/* Parse the descriptor. */
if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
- &intro_size, &next_desc,
- desc) < 0) {
+ &intro_size, &encoded_size,
+ &next_desc, desc) < 0) {
log_warn(LD_REND, "Could not parse descriptor.");
return -1;
}
@@ -1101,10 +1105,11 @@
}
e->received = time(NULL);
e->parsed = parsed;
- e->desc = tor_malloc_zero(strlen(desc) + 1);
- strncpy(e->desc, desc, strlen(desc));
+ e->desc = tor_malloc_zero(encoded_size + 1);
+ strlcpy(e->desc, desc, encoded_size + 1);
+ e->len = encoded_size;
log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
- service_id, strlen(desc));
+ service_id, encoded_size);
return 1;
}
Modified: tor/branches/114-dist-storage/src/or/routerlist.c
===================================================================
--- tor/branches/114-dist-storage/src/or/routerlist.c 2007-09-08 20:25:57 UTC (rev 11407)
+++ tor/branches/114-dist-storage/src/or/routerlist.c 2007-09-10 08:23:18 UTC (rev 11408)
@@ -3991,6 +3991,8 @@
routers_update_status_from_networkstatus(routerlist->routers, 0);
+ update_hs_dir_routing_table();
+
me = router_get_my_routerinfo();
if (me && !have_warned_about_invalid_status &&
have_tried_downloading_all_statuses(N_NS_ATTEMPTS_TO_SET_ROUTERS)) {
@@ -5703,14 +5705,30 @@
{
const char *me = router_get_my_routerinfo()->cache_info.identity_digest;
if (!get_options()->HidServDirectoryV2) {
+ log_info(LD_REND, "We are not acting as hidden service directory, "
+ "because we have not been configured as such.");
return 0;
}
+ if (!routerlist->hs_dirs) {
+ /* routing table is NULL */
+ log_info(LD_REND, "We are not acting as hidden service directory, "
+ "because our own routing table is NULL.");
+ }
if (!smartlist_digest_isin(routerlist->hs_dirs, me)) {
/* not acting as HS Dir */
+ char me_base32[REND_DESC_ID_V2_LEN + 1];
+ base32_encode(me_base32, REND_DESC_ID_V2_LEN + 1, me, DIGEST_LEN);
+ log_info(LD_REND, "We are not acting as hidden service directory, "
+ "because we are not listed as such in our own "
+ "routing table. me=%s, num entries in RT=%d",
+ me_base32, routerlist->hs_dirs->num_used);
return 0;
}
if (routerlist->hs_dirs->num_used <= NUMBER_OF_CONSECUTIVE_REPLICAS) {
/* too few HS Dirs -- that won't work */
+ log_info(LD_REND, "We are not acting as hidden service directory, "
+ "because there are too few hidden service "
+ "directories in the routing table.");
return 0;
}
return 1;
Modified: tor/branches/114-dist-storage/src/or/routerparse.c
===================================================================
--- tor/branches/114-dist-storage/src/or/routerparse.c 2007-09-08 20:25:57 UTC (rev 11407)
+++ tor/branches/114-dist-storage/src/or/routerparse.c 2007-09-10 08:23:18 UTC (rev 11408)
@@ -2986,7 +2986,8 @@
* binary descriptor ID of length DIGEST_LEN to <b>desc_id</b>, the
* encrypted introduction points to the newly allocated
* <b>intro_points_encrypted</b>, their encrypted size to
- * <b>intro_points_encrypted_size</b>, and a pointer to the possibly next
+ * <b>intro_points_encrypted_size</b>, the size of the encoded descriptor
+ * to <b>encoded_size</b>, and a pointer to the possibly next
* descriptor to <b>next</b>; return 0 for success (including validation)
* and -1 for failure.
*/
@@ -2995,6 +2996,7 @@
char *desc_id,
char **intro_points_encrypted,
size_t *intro_points_encrypted_size,
+ size_t *encoded_size,
const char **next, const char *desc)
{
rend_service_descriptor_t *result =
@@ -3034,6 +3036,8 @@
}
/* Set next to next descriptor, if available. */
*next = eos;
+ /* Set length of encoded descriptor. */
+ *encoded_size = eos - desc;
/* Check min allowed length of token list. */
if (smartlist_len(tokens) < 8) {
log_warn(LD_REND, "Impossibly short descriptor.");
Modified: tor/branches/114-dist-storage/src/or/test.c
===================================================================
--- tor/branches/114-dist-storage/src/or/test.c 2007-09-08 20:25:57 UTC (rev 11407)
+++ tor/branches/114-dist-storage/src/or/test.c 2007-09-10 08:23:18 UTC (rev 11408)
@@ -3109,7 +3109,7 @@
/* Decrypt with the wrong key. */
decrypted_size = crypto_cipher_decrypt_cbc(key2, decrypted2, 4095 + 1,
encrypted1, encrypted_size);
- test_eq(decrypted_size, -1);
+ test_memneq(plain, decrypted2, encrypted_size);
/* Alter the initialization vector. */
encrypted1[0] += 42;
decrypted_size = crypto_cipher_decrypt_cbc(key1, decrypted1, 4095 + 1,
@@ -3195,6 +3195,7 @@
char secret_cookie_base32[24 + 1];
char *intro_points_encrypted;
size_t intro_points_size;
+ size_t encoded_size;
int i;
pk1 = pk_generate(0);
crypto_rand(secret_cookie_bin, 15);
@@ -3235,6 +3236,7 @@
test_assert(rend_parse_v2_service_descriptor(&parsed, parsed_desc_id,
&intro_points_encrypted,
&intro_points_size,
+ &encoded_size,
&next_desc,
desc_strs->list[0]) == 0);
test_assert(parsed);
More information about the tor-commits
mailing list