Line data Source code
1 : /* Copyright (c) 2001 Matej Pfajfar.
2 : * Copyright (c) 2001-2004, Roger Dingledine.
3 : * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 : * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 : /* See LICENSE for licensing information */
6 :
7 : /**
8 : * \file or.h
9 : * \brief Master header file for Tor-specific functionality.
10 : **/
11 :
12 : #ifndef TOR_OR_H
13 : #define TOR_OR_H
14 :
15 : #include "orconfig.h"
16 : #include "lib/cc/torint.h"
17 :
18 : #ifdef HAVE_SIGNAL_H
19 : #include <signal.h>
20 : #endif
21 : #ifdef HAVE_TIME_H
22 : #include <time.h>
23 : #endif
24 :
25 : #include "lib/arch/bytes.h"
26 : #include "lib/cc/compat_compiler.h"
27 : #include "lib/container/map.h"
28 : #include "lib/buf/buffers.h"
29 : #include "lib/container/smartlist.h"
30 : #include "lib/crypt_ops/crypto_cipher.h"
31 : #include "lib/crypt_ops/crypto_rsa.h"
32 : #include "lib/ctime/di_ops.h"
33 : #include "lib/defs/dh_sizes.h"
34 : #include "lib/encoding/binascii.h"
35 : #include "lib/encoding/cstring.h"
36 : #include "lib/encoding/time_fmt.h"
37 : #include "lib/err/torerr.h"
38 : #include "lib/fs/dir.h"
39 : #include "lib/fs/files.h"
40 : #include "lib/fs/mmap.h"
41 : #include "lib/fs/path.h"
42 : #include "lib/fs/userdb.h"
43 : #include "lib/geoip/country.h"
44 : #include "lib/intmath/addsub.h"
45 : #include "lib/intmath/bits.h"
46 : #include "lib/intmath/cmp.h"
47 : #include "lib/intmath/logic.h"
48 : #include "lib/intmath/muldiv.h"
49 : #include "lib/log/escape.h"
50 : #include "lib/log/ratelim.h"
51 : #include "lib/log/util_bug.h"
52 : #include "lib/malloc/malloc.h"
53 : #include "lib/net/address.h"
54 : #include "lib/net/inaddr.h"
55 : #include "lib/net/socket.h"
56 : #include "lib/string/compat_ctype.h"
57 : #include "lib/string/compat_string.h"
58 : #include "lib/string/parse_int.h"
59 : #include "lib/string/printf.h"
60 : #include "lib/string/scanf.h"
61 : #include "lib/string/util_string.h"
62 : #include "lib/testsupport/testsupport.h"
63 : #include "lib/thread/threads.h"
64 : #include "lib/time/compat_time.h"
65 : #include "lib/wallclock/approx_time.h"
66 : #include "lib/wallclock/timeval.h"
67 :
68 : #include "ht.h"
69 :
70 : // These, more than other includes, are for keeping the other struct
71 : // definitions working. We should remove them when we minimize our includes.
72 : #include "core/or/entry_port_cfg_st.h"
73 :
74 : struct ed25519_public_key_t;
75 : struct curve25519_public_key_t;
76 :
77 : /* These signals are defined to help handle_control_signal work.
78 : */
79 : #ifndef SIGHUP
80 : #define SIGHUP 1
81 : #endif
82 : #ifndef SIGINT
83 : #define SIGINT 2
84 : #endif
85 : #ifndef SIGUSR1
86 : #define SIGUSR1 10
87 : #endif
88 : #ifndef SIGUSR2
89 : #define SIGUSR2 12
90 : #endif
91 : #ifndef SIGTERM
92 : #define SIGTERM 15
93 : #endif
94 : /* Controller signals start at a high number so we don't
95 : * conflict with system-defined signals. */
96 : #define SIGNEWNYM 129
97 : #define SIGCLEARDNSCACHE 130
98 : #define SIGHEARTBEAT 131
99 : #define SIGACTIVE 132
100 : #define SIGDORMANT 133
101 :
102 : #if (SIZEOF_CELL_T != 0)
103 : /* On Irix, stdlib.h defines a cell_t type, so we need to make sure
104 : * that our stuff always calls cell_t something different. */
105 : #define cell_t tor_cell_t
106 : #endif
107 :
108 : /** Helper macro: Given a pointer to to.base_, of type from*, return &to. */
109 : #define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))
110 :
111 : /** Length of longest allowable configured nickname. */
112 : #define MAX_NICKNAME_LEN 19
113 : /** Length of a router identity encoded as a hexadecimal digest, plus
114 : * possible dollar sign. */
115 : #define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)
116 : /** Maximum length of verbose router identifier: dollar sign, hex ID digest,
117 : * equal sign or tilde, nickname. */
118 : #define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)
119 :
120 : /** For HTTP parsing: Maximum number of bytes we'll accept in the headers
121 : * of an HTTP request or response. */
122 : #define MAX_HEADERS_SIZE 50000
123 :
124 : /** Maximum size, in bytes, of a single router descriptor uploaded to us
125 : * as a directory authority. Caches and clients fetch whatever descriptors
126 : * the authorities tell them to fetch, and don't care about size. */
127 : #define MAX_DESCRIPTOR_UPLOAD_SIZE 20000
128 :
129 : /** Maximum size of a single extrainfo document, as above. */
130 : #define MAX_EXTRAINFO_UPLOAD_SIZE 50000
131 :
132 : /** Minimum lifetime for an onion key in days. */
133 : #define MIN_ONION_KEY_LIFETIME_DAYS (1)
134 :
135 : /** Maximum lifetime for an onion key in days. */
136 : #define MAX_ONION_KEY_LIFETIME_DAYS (90)
137 :
138 : /** Default lifetime for an onion key in days. */
139 : #define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)
140 :
141 : /** Minimum grace period for acceptance of an onion key in days.
142 : * The maximum value is defined in proposal #274 as being the current network
143 : * consensus parameter for "onion-key-rotation-days". */
144 : #define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1)
145 :
146 : /** Default grace period for acceptance of an onion key in days. */
147 : #define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
148 :
149 : /** How often we should check the network consensus if it is time to rotate or
150 : * expire onion keys. */
151 : #define ONION_KEY_CONSENSUS_CHECK_INTERVAL (60*60)
152 :
153 : /** How often do we rotate TLS contexts? */
154 : #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
155 :
156 : /** How old do we allow a router to get before removing it
157 : * from the router list? In seconds. */
158 : #define ROUTER_MAX_AGE (60*60*48)
159 : /** How old can a router get before we (as a server) will no longer
160 : * consider it live? In seconds. */
161 : #define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24)
162 : /** How old do we let a saved descriptor get before force-removing it? */
163 : #define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)
164 :
165 : /* Proxy client types */
166 : #define PROXY_NONE 0
167 : #define PROXY_CONNECT 1
168 : #define PROXY_SOCKS4 2
169 : #define PROXY_SOCKS5 3
170 : #define PROXY_HAPROXY 4
171 : /* !!!! If there is ever a PROXY_* type over 7, we must grow the proxy_type
172 : * field in or_connection_t */
173 :
174 : /* Pluggable transport proxy type. Don't use this in or_connection_t,
175 : * instead use the actual underlying proxy type (see above). */
176 : #define PROXY_PLUGGABLE 5
177 :
178 : /** How many circuits do we want simultaneously in-progress to handle
179 : * a given stream? */
180 : #define MIN_CIRCUITS_HANDLING_STREAM 2
181 :
182 : /* These RELAY_COMMAND constants define values for relay cell commands, and
183 : * must match those defined in tor-spec.txt. */
184 : #define RELAY_COMMAND_BEGIN 1
185 : #define RELAY_COMMAND_DATA 2
186 : #define RELAY_COMMAND_END 3
187 : #define RELAY_COMMAND_CONNECTED 4
188 : #define RELAY_COMMAND_SENDME 5
189 : #define RELAY_COMMAND_EXTEND 6
190 : #define RELAY_COMMAND_EXTENDED 7
191 : #define RELAY_COMMAND_TRUNCATE 8
192 : #define RELAY_COMMAND_TRUNCATED 9
193 : #define RELAY_COMMAND_DROP 10
194 : #define RELAY_COMMAND_RESOLVE 11
195 : #define RELAY_COMMAND_RESOLVED 12
196 : #define RELAY_COMMAND_BEGIN_DIR 13
197 : #define RELAY_COMMAND_EXTEND2 14
198 : #define RELAY_COMMAND_EXTENDED2 15
199 :
200 : #define RELAY_COMMAND_ESTABLISH_INTRO 32
201 : #define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
202 : #define RELAY_COMMAND_INTRODUCE1 34
203 : #define RELAY_COMMAND_INTRODUCE2 35
204 : #define RELAY_COMMAND_RENDEZVOUS1 36
205 : #define RELAY_COMMAND_RENDEZVOUS2 37
206 : #define RELAY_COMMAND_INTRO_ESTABLISHED 38
207 : #define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
208 : #define RELAY_COMMAND_INTRODUCE_ACK 40
209 :
210 : #define RELAY_COMMAND_PADDING_NEGOTIATE 41
211 : #define RELAY_COMMAND_PADDING_NEGOTIATED 42
212 :
213 : /* Reasons why an OR connection is closed. */
214 : #define END_OR_CONN_REASON_DONE 1
215 : #define END_OR_CONN_REASON_REFUSED 2 /* connection refused */
216 : #define END_OR_CONN_REASON_OR_IDENTITY 3
217 : #define END_OR_CONN_REASON_CONNRESET 4 /* connection reset by peer */
218 : #define END_OR_CONN_REASON_TIMEOUT 5
219 : #define END_OR_CONN_REASON_NO_ROUTE 6 /* no route to host/net */
220 : #define END_OR_CONN_REASON_IO_ERROR 7 /* read/write error */
221 : #define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
222 : #define END_OR_CONN_REASON_PT_MISSING 9 /* PT failed or not available */
223 : #define END_OR_CONN_REASON_TLS_ERROR 10 /* Problem in TLS protocol */
224 : #define END_OR_CONN_REASON_MISC 11
225 :
226 : /* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
227 : * documentation of these. The values must match. */
228 : #define END_STREAM_REASON_MISC 1
229 : #define END_STREAM_REASON_RESOLVEFAILED 2
230 : #define END_STREAM_REASON_CONNECTREFUSED 3
231 : #define END_STREAM_REASON_EXITPOLICY 4
232 : #define END_STREAM_REASON_DESTROY 5
233 : #define END_STREAM_REASON_DONE 6
234 : #define END_STREAM_REASON_TIMEOUT 7
235 : #define END_STREAM_REASON_NOROUTE 8
236 : #define END_STREAM_REASON_HIBERNATING 9
237 : #define END_STREAM_REASON_INTERNAL 10
238 : #define END_STREAM_REASON_RESOURCELIMIT 11
239 : #define END_STREAM_REASON_CONNRESET 12
240 : #define END_STREAM_REASON_TORPROTOCOL 13
241 : #define END_STREAM_REASON_NOTDIRECTORY 14
242 : #define END_STREAM_REASON_ENTRYPOLICY 15
243 :
244 : /* These high-numbered end reasons are not part of the official spec,
245 : * and are not intended to be put in relay end cells. They are here
246 : * to be more informative when sending back socks replies to the
247 : * application. */
248 : /* XXXX 256 is no longer used; feel free to reuse it. */
249 : /** We were unable to attach the connection to any circuit at all. */
250 : /* XXXX the ways we use this one don't make a lot of sense. */
251 : #define END_STREAM_REASON_CANT_ATTACH 257
252 : /** We can't connect to any directories at all, so we killed our streams
253 : * before they can time out. */
254 : #define END_STREAM_REASON_NET_UNREACHABLE 258
255 : /** This is a SOCKS connection, and the client used (or misused) the SOCKS
256 : * protocol in a way we couldn't handle. */
257 : #define END_STREAM_REASON_SOCKSPROTOCOL 259
258 : /** This is a transparent proxy connection, but we can't extract the original
259 : * target address:port. */
260 : #define END_STREAM_REASON_CANT_FETCH_ORIG_DEST 260
261 : /** This is a connection on the NATD port, and the destination IP:Port was
262 : * either ill-formed or out-of-range. */
263 : #define END_STREAM_REASON_INVALID_NATD_DEST 261
264 : /** The target address is in a private network (like 127.0.0.1 or 10.0.0.1);
265 : * you don't want to do that over a randomly chosen exit */
266 : #define END_STREAM_REASON_PRIVATE_ADDR 262
267 : /** This is an HTTP tunnel connection and the client used or misused HTTP in a
268 : * way we can't handle.
269 : */
270 : #define END_STREAM_REASON_HTTPPROTOCOL 263
271 :
272 : /** Bitwise-and this value with endreason to mask out all flags. */
273 : #define END_STREAM_REASON_MASK 511
274 :
275 : /** Bitwise-or this with the argument to control_event_stream_status
276 : * to indicate that the reason came from an END cell. */
277 : #define END_STREAM_REASON_FLAG_REMOTE 512
278 : /** Bitwise-or this with the argument to control_event_stream_status
279 : * to indicate that we already sent a CLOSED stream event. */
280 : #define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED 1024
281 : /** Bitwise-or this with endreason to indicate that we already sent
282 : * a socks reply, and no further reply needs to be sent from
283 : * connection_mark_unattached_ap(). */
284 : #define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048
285 :
286 : /* 'type' values to use in RESOLVED cells. Specified in tor-spec.txt. */
287 : #define RESOLVED_TYPE_HOSTNAME 0
288 : #define RESOLVED_TYPE_IPV4 4
289 : #define RESOLVED_TYPE_IPV6 6
290 : #define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
291 : #define RESOLVED_TYPE_ERROR 0xF1
292 :
293 : /* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
294 : * call; they only go to the controller for tracking */
295 :
296 : /* Closing introduction point that were opened in parallel. */
297 : #define END_CIRC_REASON_IP_NOW_REDUNDANT -4
298 :
299 : /** Our post-timeout circuit time measurement period expired.
300 : * We must give up now */
301 : #define END_CIRC_REASON_MEASUREMENT_EXPIRED -3
302 :
303 : /** We couldn't build a path for this circuit. */
304 : #define END_CIRC_REASON_NOPATH -2
305 : /** Catch-all "other" reason for closing origin circuits. */
306 : #define END_CIRC_AT_ORIGIN -1
307 :
308 : /* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt
309 : * section 5.4 for documentation of these. */
310 : #define END_CIRC_REASON_MIN_ 0
311 : #define END_CIRC_REASON_NONE 0
312 : #define END_CIRC_REASON_TORPROTOCOL 1
313 : #define END_CIRC_REASON_INTERNAL 2
314 : #define END_CIRC_REASON_REQUESTED 3
315 : #define END_CIRC_REASON_HIBERNATING 4
316 : #define END_CIRC_REASON_RESOURCELIMIT 5
317 : #define END_CIRC_REASON_CONNECTFAILED 6
318 : #define END_CIRC_REASON_OR_IDENTITY 7
319 : #define END_CIRC_REASON_CHANNEL_CLOSED 8
320 : #define END_CIRC_REASON_FINISHED 9
321 : #define END_CIRC_REASON_TIMEOUT 10
322 : #define END_CIRC_REASON_DESTROYED 11
323 : #define END_CIRC_REASON_NOSUCHSERVICE 12
324 : #define END_CIRC_REASON_MAX_ 12
325 :
326 : /** Bitwise-OR this with the argument to circuit_mark_for_close() or
327 : * control_event_circuit_status() to indicate that the reason was
328 : * passed through from a destroy or truncate cell. */
329 : #define END_CIRC_REASON_FLAG_REMOTE 512
330 :
331 : /** Length of v2 descriptor ID (32 base32 chars = 160 bits).
332 : *
333 : * XXX: It is still used by v3 code but should be renamed or maybe removed. */
334 : #define REND_DESC_ID_V2_LEN_BASE32 BASE32_DIGEST_LEN
335 :
336 : /** Maximum length of authorized client names for a hidden service. */
337 : #define REND_CLIENTNAME_MAX_LEN 16
338 :
339 : /** Length of the rendezvous cookie that is used to connect circuits at the
340 : * rendezvous point. */
341 : #define REND_COOKIE_LEN DIGEST_LEN
342 :
343 : /** Client authorization type that a hidden service performs. */
344 : typedef enum rend_auth_type_t {
345 : REND_NO_AUTH = 0,
346 : REND_V3_AUTH = 1, /* Dummy flag to allow adding v3 services on the
347 : * control port */
348 : } rend_auth_type_t;
349 :
350 : /* Stub because we can't include hs_ident.h. */
351 : struct hs_ident_edge_conn_t;
352 : struct hs_ident_dir_conn_t;
353 : struct hs_ident_circuit_t;
354 :
355 : typedef struct hsdir_index_t hsdir_index_t;
356 :
357 : /** Time interval for tracking replays of DH public keys received in
358 : * INTRODUCE2 cells. Used only to avoid launching multiple
359 : * simultaneous attempts to connect to the same rendezvous point. */
360 : #define REND_REPLAY_TIME_INTERVAL (5 * 60)
361 :
362 : /** Used to indicate which way a cell is going on a circuit. */
363 : typedef enum {
364 : CELL_DIRECTION_IN=1, /**< The cell is moving towards the origin. */
365 : CELL_DIRECTION_OUT=2, /**< The cell is moving away from the origin. */
366 : } cell_direction_t;
367 :
368 : /**
369 : * An enum to allow us to specify which channel in a circuit
370 : * we're interested in.
371 : *
372 : * This is needed because our data structures and other fields
373 : * for channel delivery are disassociated from the channel.
374 : */
375 : typedef enum {
376 : CIRCUIT_N_CHAN = 0,
377 : CIRCUIT_P_CHAN = 1
378 : } circuit_channel_direction_t;
379 :
380 : /** Initial value for both sides of a circuit transmission window when the
381 : * circuit is initialized. Measured in cells. */
382 : #define CIRCWINDOW_START 1000
383 : #define CIRCWINDOW_START_MIN 100
384 : #define CIRCWINDOW_START_MAX 1000
385 : /** Amount to increment a circuit window when we get a circuit SENDME. */
386 : #define CIRCWINDOW_INCREMENT 100
387 : /** Initial value on both sides of a stream transmission window when the
388 : * stream is initialized. Measured in cells. */
389 : #define STREAMWINDOW_START 500
390 : #define STREAMWINDOW_START_MAX 500
391 : /** Amount to increment a stream window when we get a stream SENDME. */
392 : #define STREAMWINDOW_INCREMENT 50
393 :
394 : /** Maximum number of queued cells on a circuit for which we are the
395 : * midpoint before we give up and kill it. This must be >= circwindow
396 : * to avoid killing innocent circuits, and >= circwindow*2 to give
397 : * leaky-pipe a chance of working someday. The ORCIRC_MAX_MIDDLE_KILL_THRESH
398 : * ratio controls the margin of error between emitting a warning and
399 : * killing the circuit.
400 : */
401 : #define ORCIRC_MAX_MIDDLE_CELLS (CIRCWINDOW_START_MAX*2)
402 : /** Ratio of hard (circuit kill) to soft (warning) thresholds for the
403 : * ORCIRC_MAX_MIDDLE_CELLS tests.
404 : */
405 : #define ORCIRC_MAX_MIDDLE_KILL_THRESH (1.1f)
406 :
407 : /* Cell commands. These values are defined in tor-spec.txt. */
408 : #define CELL_PADDING 0
409 : #define CELL_CREATE 1
410 : #define CELL_CREATED 2
411 : #define CELL_RELAY 3
412 : #define CELL_DESTROY 4
413 : #define CELL_CREATE_FAST 5
414 : #define CELL_CREATED_FAST 6
415 : #define CELL_VERSIONS 7
416 : #define CELL_NETINFO 8
417 : #define CELL_RELAY_EARLY 9
418 : #define CELL_CREATE2 10
419 : #define CELL_CREATED2 11
420 : #define CELL_PADDING_NEGOTIATE 12
421 :
422 : #define CELL_VPADDING 128
423 : #define CELL_CERTS 129
424 : #define CELL_AUTH_CHALLENGE 130
425 : #define CELL_AUTHENTICATE 131
426 : #define CELL_AUTHORIZE 132
427 : #define CELL_COMMAND_MAX_ 132
428 :
429 : /** How long to test reachability before complaining to the user. */
430 : #define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)
431 :
432 : /** Legal characters in a nickname. */
433 : #define LEGAL_NICKNAME_CHARACTERS \
434 : "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
435 :
436 : /** Name to use in client TLS certificates if no nickname is given. Once
437 : * Tor 0.1.2.x is obsolete, we can remove this. */
438 : #define DEFAULT_CLIENT_NICKNAME "client"
439 :
440 : /** Name chosen by routers that don't configure nicknames */
441 : #define UNNAMED_ROUTER_NICKNAME "Unnamed"
442 :
443 : /** Number of bytes in a SOCKS4 header. */
444 : #define SOCKS4_NETWORK_LEN 8
445 :
446 : /*
447 : * Relay payload:
448 : * Relay command [1 byte]
449 : * Recognized [2 bytes]
450 : * Stream ID [2 bytes]
451 : * Partial SHA-1 [4 bytes]
452 : * Length [2 bytes]
453 : * Relay payload [498 bytes]
454 : */
455 :
456 : /** Number of bytes in a cell, minus cell header. */
457 : #define CELL_PAYLOAD_SIZE 509
458 : /** Number of bytes in a cell transmitted over the network, in the longest
459 : * form */
460 : #define CELL_MAX_NETWORK_SIZE 514
461 :
462 : /** Maximum length of a header on a variable-length cell. */
463 : #define VAR_CELL_MAX_HEADER_SIZE 7
464 :
465 : static int get_cell_network_size(int wide_circ_ids);
466 12 : static inline int get_cell_network_size(int wide_circ_ids)
467 : {
468 12 : return wide_circ_ids ? CELL_MAX_NETWORK_SIZE : CELL_MAX_NETWORK_SIZE - 2;
469 : }
470 : static int get_var_cell_header_size(int wide_circ_ids);
471 9 : static inline int get_var_cell_header_size(int wide_circ_ids)
472 : {
473 9 : return wide_circ_ids ? VAR_CELL_MAX_HEADER_SIZE :
474 : VAR_CELL_MAX_HEADER_SIZE - 2;
475 : }
476 : static int get_circ_id_size(int wide_circ_ids);
477 9 : static inline int get_circ_id_size(int wide_circ_ids)
478 : {
479 9 : return wide_circ_ids ? 4 : 2;
480 : }
481 :
482 : /** Number of bytes in a relay cell's header (not including general cell
483 : * header). */
484 : #define RELAY_HEADER_SIZE (1+2+2+4+2)
485 : /** Largest number of bytes that can fit in a relay cell payload. */
486 : #define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)
487 :
488 : /** Identifies a circuit on an or_connection */
489 : typedef uint32_t circid_t;
490 : /** Identifies a stream on a circuit */
491 : typedef uint16_t streamid_t;
492 :
493 : /* channel_t typedef; struct channel_t is in channel.h */
494 :
495 : typedef struct channel_t channel_t;
496 :
497 : /* channel_listener_t typedef; struct channel_listener_t is in channel.h */
498 :
499 : typedef struct channel_listener_t channel_listener_t;
500 :
501 : /* TLS channel stuff */
502 :
503 : typedef struct channel_tls_t channel_tls_t;
504 :
505 : /* circuitmux_t typedef; struct circuitmux_t is in circuitmux.h */
506 :
507 : typedef struct circuitmux_t circuitmux_t;
508 :
509 : typedef struct cell_t cell_t;
510 : typedef struct var_cell_t var_cell_t;
511 : typedef struct packed_cell_t packed_cell_t;
512 : typedef struct cell_queue_t cell_queue_t;
513 : typedef struct destroy_cell_t destroy_cell_t;
514 : typedef struct destroy_cell_queue_t destroy_cell_queue_t;
515 : typedef struct ext_or_cmd_t ext_or_cmd_t;
516 :
517 : /** Beginning of a RELAY cell payload. */
518 : typedef struct {
519 : uint8_t command; /**< The end-to-end relay command. */
520 : uint16_t recognized; /**< Used to tell whether cell is for us. */
521 : streamid_t stream_id; /**< Which stream is this cell associated with? */
522 : char integrity[4]; /**< Used to tell whether cell is corrupted. */
523 : uint16_t length; /**< How long is the payload body? */
524 : } relay_header_t;
525 :
526 : typedef struct socks_request_t socks_request_t;
527 : typedef struct entry_port_cfg_t entry_port_cfg_t;
528 : typedef struct server_port_cfg_t server_port_cfg_t;
529 :
530 : /** Minimum length of the random part of an AUTH_CHALLENGE cell. */
531 : #define OR_AUTH_CHALLENGE_LEN 32
532 :
533 : /**
534 : * @name Certificate types for CERTS cells.
535 : *
536 : * These values are defined by the protocol, and affect how an X509
537 : * certificate in a CERTS cell is interpreted and used.
538 : *
539 : * @{ */
540 : /** A certificate that authenticates a TLS link key. The subject key
541 : * must match the key used in the TLS handshake; it must be signed by
542 : * the identity key. */
543 : #define OR_CERT_TYPE_TLS_LINK 1
544 : /** A self-signed identity certificate. The subject key must be a
545 : * 1024-bit RSA key. */
546 : #define OR_CERT_TYPE_ID_1024 2
547 : /** A certificate that authenticates a key used in an AUTHENTICATE cell
548 : * in the v3 handshake. The subject key must be a 1024-bit RSA key; it
549 : * must be signed by the identity key */
550 : #define OR_CERT_TYPE_AUTH_1024 3
551 : /* DOCDOC */
552 : #define OR_CERT_TYPE_RSA_ED_CROSSCERT 7
553 : /**@}*/
554 :
555 : /** The first supported type of AUTHENTICATE cell. It contains
556 : * a bunch of structures signed with an RSA1024 key. The signed
557 : * structures include a HMAC using negotiated TLS secrets, and a digest
558 : * of all cells sent or received before the AUTHENTICATE cell (including
559 : * the random server-generated AUTH_CHALLENGE cell).
560 : */
561 : #define AUTHTYPE_RSA_SHA256_TLSSECRET 1
562 : /** As AUTHTYPE_RSA_SHA256_TLSSECRET, but instead of using the
563 : * negotiated TLS secrets, uses exported keying material from the TLS
564 : * session as described in RFC 5705.
565 : *
566 : * Not used by today's tors, since everything that supports this
567 : * also supports ED25519_SHA256_5705, which is better.
568 : **/
569 : #define AUTHTYPE_RSA_SHA256_RFC5705 2
570 : /** As AUTHTYPE_RSA_SHA256_RFC5705, but uses an Ed25519 identity key to
571 : * authenticate. */
572 : #define AUTHTYPE_ED25519_SHA256_RFC5705 3
573 : /*
574 : * NOTE: authchallenge_type_is_better() relies on these AUTHTYPE codes
575 : * being sorted in order of preference. If we someday add one with
576 : * a higher numerical value that we don't like as much, we should revise
577 : * authchallenge_type_is_better().
578 : */
579 :
580 : /** The length of the part of the AUTHENTICATE cell body that the client and
581 : * server can generate independently (when using RSA_SHA256_TLSSECRET). It
582 : * contains everything except the client's timestamp, the client's randomly
583 : * generated nonce, and the signature. */
584 : #define V3_AUTH_FIXED_PART_LEN (8+(32*6))
585 : /** The length of the part of the AUTHENTICATE cell body that the client
586 : * signs. */
587 : #define V3_AUTH_BODY_LEN (V3_AUTH_FIXED_PART_LEN + 8 + 16)
588 :
589 : typedef struct or_handshake_certs_t or_handshake_certs_t;
590 : typedef struct or_handshake_state_t or_handshake_state_t;
591 :
592 : /** Length of Extended ORPort connection identifier. */
593 : #define EXT_OR_CONN_ID_LEN DIGEST_LEN /* 20 */
594 : /*
595 : * OR_CONN_HIGHWATER and OR_CONN_LOWWATER moved from connection_or.c so
596 : * channeltls.c can see them too.
597 : */
598 :
599 : /** When adding cells to an OR connection's outbuf, keep adding until the
600 : * outbuf is at least this long, or we run out of cells. */
601 : #define OR_CONN_HIGHWATER (32*1024)
602 :
603 : /** Add cells to an OR connection's outbuf whenever the outbuf's data length
604 : * drops below this size. */
605 : #define OR_CONN_LOWWATER (16*1024)
606 :
607 : typedef struct connection_t connection_t;
608 : typedef struct control_connection_t control_connection_t;
609 : typedef struct dir_connection_t dir_connection_t;
610 : typedef struct edge_connection_t edge_connection_t;
611 : typedef struct entry_connection_t entry_connection_t;
612 : typedef struct listener_connection_t listener_connection_t;
613 : typedef struct or_connection_t or_connection_t;
614 :
615 : /** Cast a connection_t subtype pointer to a connection_t **/
616 : #define TO_CONN(c) (&(((c)->base_)))
617 :
618 : /** Cast a entry_connection_t subtype pointer to a connection_t **/
619 : #define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c)))
620 :
621 : typedef struct addr_policy_t addr_policy_t;
622 :
623 : typedef struct cached_dir_t cached_dir_t;
624 :
625 : /** Enum used to remember where a signed_descriptor_t is stored and how to
626 : * manage the memory for signed_descriptor_body. */
627 : typedef enum {
628 : /** The descriptor isn't stored on disk at all: the copy in memory is
629 : * canonical; the saved_offset field is meaningless. */
630 : SAVED_NOWHERE=0,
631 : /** The descriptor is stored in the cached_routers file: the
632 : * signed_descriptor_body is meaningless; the signed_descriptor_len and
633 : * saved_offset are used to index into the mmaped cache file. */
634 : SAVED_IN_CACHE,
635 : /** The descriptor is stored in the cached_routers.new file: the
636 : * signed_descriptor_body and saved_offset fields are both set. */
637 : /* FFFF (We could also mmap the file and grow the mmap as needed, or
638 : * lazy-load the descriptor text by using seek and read. We don't, for
639 : * now.)
640 : */
641 : SAVED_IN_JOURNAL
642 : } saved_location_t;
643 : #define saved_location_bitfield_t ENUM_BF(saved_location_t)
644 :
645 : /** Enumeration: what directory object is being downloaded?
646 : * This determines which schedule is selected to perform the download. */
647 : typedef enum {
648 : DL_SCHED_GENERIC = 0,
649 : DL_SCHED_CONSENSUS = 1,
650 : DL_SCHED_BRIDGE = 2,
651 : } download_schedule_t;
652 : #define download_schedule_bitfield_t ENUM_BF(download_schedule_t)
653 :
654 : /** Enumeration: is the download schedule for downloading from an authority,
655 : * or from any available directory mirror?
656 : * During bootstrap, "any" means a fallback (or an authority, if there
657 : * are no fallbacks).
658 : * When we have a valid consensus, "any" means any directory server. */
659 : typedef enum {
660 : DL_WANT_ANY_DIRSERVER = 0,
661 : DL_WANT_AUTHORITY = 1,
662 : } download_want_authority_t;
663 : #define download_want_authority_bitfield_t \
664 : ENUM_BF(download_want_authority_t)
665 :
666 : /** Enumeration: do we want to increment the schedule position each time a
667 : * connection is attempted (these attempts can be concurrent), or do we want
668 : * to increment the schedule position after a connection fails? */
669 : typedef enum {
670 : DL_SCHED_INCREMENT_FAILURE = 0,
671 : DL_SCHED_INCREMENT_ATTEMPT = 1,
672 : } download_schedule_increment_t;
673 : #define download_schedule_increment_bitfield_t \
674 : ENUM_BF(download_schedule_increment_t)
675 :
676 : typedef struct download_status_t download_status_t;
677 :
678 : /** If n_download_failures is this high, the download can never happen. */
679 : #define IMPOSSIBLE_TO_DOWNLOAD 255
680 :
681 : /** The max size we expect router descriptor annotations we create to
682 : * be. We'll accept larger ones if we see them on disk, but we won't
683 : * create any that are larger than this. */
684 : #define ROUTER_ANNOTATION_BUF_LEN 256
685 :
686 : typedef struct signed_descriptor_t signed_descriptor_t;
687 :
688 : /** Flags used to summarize the declared protocol versions of a relay,
689 : * so we don't need to parse them again and again. */
690 : typedef struct protover_summary_flags_t {
691 : /** True iff we have a proto line for this router, or a versions line
692 : * from which we could infer the protocols. */
693 : unsigned int protocols_known:1;
694 :
695 : /** True iff this router has a version or protocol list that allows it to
696 : * accept EXTEND2 cells. This requires Relay=2. */
697 : unsigned int supports_extend2_cells:1;
698 :
699 : /** True iff this router has a version or protocol list that allows it to
700 : * accept IPv6 connections. This requires Relay=2 or Relay=3. */
701 : unsigned int supports_accepting_ipv6_extends:1;
702 :
703 : /** True iff this router has a version or protocol list that allows it to
704 : * initiate IPv6 connections. This requires Relay=3. */
705 : unsigned int supports_initiating_ipv6_extends:1;
706 :
707 : /** True iff this router has a version or protocol list that allows it to
708 : * consider IPv6 connections canonical. This requires Relay=3. */
709 : unsigned int supports_canonical_ipv6_conns:1;
710 :
711 : /** True iff this router has a protocol list that allows it to negotiate
712 : * ed25519 identity keys on a link handshake with us. This
713 : * requires LinkAuth=3. */
714 : unsigned int supports_ed25519_link_handshake_compat:1;
715 :
716 : /** True iff this router has a protocol list that allows it to negotiate
717 : * ed25519 identity keys on a link handshake, at all. This requires some
718 : * LinkAuth=X for X >= 3. */
719 : unsigned int supports_ed25519_link_handshake_any:1;
720 :
721 : /** True iff this router has a protocol list that allows it to be an
722 : * introduction point supporting ed25519 authentication key which is part of
723 : * the v3 protocol detailed in proposal 224. This requires HSIntro=4. */
724 : unsigned int supports_ed25519_hs_intro : 1;
725 :
726 : /** True iff this router has a protocol list that allows it to support the
727 : * ESTABLISH_INTRO DoS cell extension. Requires HSIntro=5. */
728 : unsigned int supports_establish_intro_dos_extension : 1;
729 :
730 : /** True iff this router has a protocol list that allows it to be an hidden
731 : * service directory supporting version 3 as seen in proposal 224. This
732 : * requires HSDir=2. */
733 : unsigned int supports_v3_hsdir : 1;
734 :
735 : /** True iff this router has a protocol list that allows it to be an hidden
736 : * service rendezvous point supporting version 3 as seen in proposal 224.
737 : * This requires HSRend=2. */
738 : unsigned int supports_v3_rendezvous_point: 1;
739 :
740 : /** True iff this router has a protocol list that allows clients to
741 : * negotiate hs circuit setup padding. Requires Padding=2. */
742 : unsigned int supports_hs_setup_padding : 1;
743 :
744 : } protover_summary_flags_t;
745 :
746 : typedef struct routerinfo_t routerinfo_t;
747 : typedef struct extrainfo_t extrainfo_t;
748 : typedef struct routerstatus_t routerstatus_t;
749 :
750 : typedef struct microdesc_t microdesc_t;
751 : typedef struct node_t node_t;
752 : typedef struct vote_microdesc_hash_t vote_microdesc_hash_t;
753 : typedef struct vote_routerstatus_t vote_routerstatus_t;
754 : typedef struct document_signature_t document_signature_t;
755 : typedef struct networkstatus_voter_info_t networkstatus_voter_info_t;
756 : typedef struct networkstatus_sr_info_t networkstatus_sr_info_t;
757 :
758 : /** Enumerates recognized flavors of a consensus networkstatus document. All
759 : * flavors of a consensus are generated from the same set of votes, but they
760 : * present different types information to different versions of Tor. */
761 : typedef enum {
762 : FLAV_NS = 0,
763 : FLAV_MICRODESC = 1,
764 : } consensus_flavor_t;
765 :
766 : /** How many different consensus flavors are there? */
767 : #define N_CONSENSUS_FLAVORS ((int)(FLAV_MICRODESC)+1)
768 :
769 : typedef struct networkstatus_t networkstatus_t;
770 : typedef struct ns_detached_signatures_t ns_detached_signatures_t;
771 : typedef struct desc_store_t desc_store_t;
772 : typedef struct routerlist_t routerlist_t;
773 : typedef struct extend_info_t extend_info_t;
774 : typedef struct authority_cert_t authority_cert_t;
775 :
776 : /** Bitfield enum type listing types of information that directory authorities
777 : * can be authoritative about, and that directory caches may or may not cache.
778 : *
779 : * Note that the granularity here is based on authority granularity and on
780 : * cache capabilities. Thus, one particular bit may correspond in practice to
781 : * a few types of directory info, so long as every authority that pronounces
782 : * officially about one of the types prounounces officially about all of them,
783 : * and so long as every cache that caches one of them caches all of them.
784 : */
785 : typedef enum {
786 : NO_DIRINFO = 0,
787 : /** Serves/signs v3 directory information: votes, consensuses, certs */
788 : V3_DIRINFO = 1 << 2,
789 : /** Serves bridge descriptors. */
790 : BRIDGE_DIRINFO = 1 << 4,
791 : /** Serves extrainfo documents. */
792 : EXTRAINFO_DIRINFO=1 << 5,
793 : /** Serves microdescriptors. */
794 : MICRODESC_DIRINFO=1 << 6,
795 : } dirinfo_type_t;
796 :
797 : #define ALL_DIRINFO ((dirinfo_type_t)((1<<7)-1))
798 :
799 : #define ONION_HANDSHAKE_TYPE_TAP 0x0000
800 : #define ONION_HANDSHAKE_TYPE_FAST 0x0001
801 : #define ONION_HANDSHAKE_TYPE_NTOR 0x0002
802 : #define MAX_ONION_HANDSHAKE_TYPE 0x0002
803 :
804 : typedef struct onion_handshake_state_t onion_handshake_state_t;
805 : typedef struct relay_crypto_t relay_crypto_t;
806 : typedef struct crypt_path_t crypt_path_t;
807 : typedef struct crypt_path_reference_t crypt_path_reference_t;
808 :
809 : #define CPATH_KEY_MATERIAL_LEN (20*2+16*2)
810 :
811 : typedef struct cpath_build_state_t cpath_build_state_t;
812 :
813 : struct create_cell_t;
814 :
815 : /** Entry in the cell stats list of a circuit; used only if CELL_STATS
816 : * events are enabled. */
817 : typedef struct testing_cell_stats_entry_t {
818 : uint8_t command; /**< cell command number. */
819 : /** Waiting time in centiseconds if this event is for a removed cell,
820 : * or 0 if this event is for adding a cell to the queue. 22 bits can
821 : * store more than 11 hours, enough to assume that a circuit with this
822 : * delay would long have been closed. */
823 : unsigned int waiting_time:22;
824 : unsigned int removed:1; /**< 0 for added to, 1 for removed from queue. */
825 : unsigned int exitward:1; /**< 0 for app-ward, 1 for exit-ward. */
826 : } testing_cell_stats_entry_t;
827 :
828 : typedef struct circuit_t circuit_t;
829 : typedef struct origin_circuit_t origin_circuit_t;
830 : typedef struct or_circuit_t or_circuit_t;
831 :
832 : /** Largest number of relay_early cells that we can send on a given
833 : * circuit. */
834 : #define MAX_RELAY_EARLY_CELLS_PER_CIRCUIT 8
835 :
836 : typedef enum path_state_t path_state_t;
837 : #define path_state_bitfield_t ENUM_BF(path_state_t)
838 :
839 : #if REND_COOKIE_LEN != DIGEST_LEN
840 : #error "The REND_TOKEN_LEN macro assumes REND_COOKIE_LEN == DIGEST_LEN"
841 : #endif
842 : #define REND_TOKEN_LEN DIGEST_LEN
843 :
844 : /** Convert a circuit subtype to a circuit_t. */
845 : #define TO_CIRCUIT(x) (&((x)->base_))
846 :
847 : /** @name Isolation flags
848 :
849 : Ways to isolate client streams
850 :
851 : @{
852 : */
853 : /** Isolate based on destination port */
854 : #define ISO_DESTPORT (1u<<0)
855 : /** Isolate based on destination address */
856 : #define ISO_DESTADDR (1u<<1)
857 : /** Isolate based on SOCKS authentication */
858 : #define ISO_SOCKSAUTH (1u<<2)
859 : /** Isolate based on client protocol choice */
860 : #define ISO_CLIENTPROTO (1u<<3)
861 : /** Isolate based on client address */
862 : #define ISO_CLIENTADDR (1u<<4)
863 : /** Isolate based on session group (always on). */
864 : #define ISO_SESSIONGRP (1u<<5)
865 : /** Isolate based on newnym epoch (always on). */
866 : #define ISO_NYM_EPOCH (1u<<6)
867 : /** Isolate all streams (Internal only). */
868 : #define ISO_STREAM (1u<<7)
869 : /**@}*/
870 :
871 : /** Default isolation level for ports. */
872 : #define ISO_DEFAULT (ISO_CLIENTADDR|ISO_SOCKSAUTH|ISO_SESSIONGRP|ISO_NYM_EPOCH)
873 :
874 : /** Indicates that we haven't yet set a session group on a port_cfg_t. */
875 : #define SESSION_GROUP_UNSET -1
876 : /** Session group reserved for directory connections */
877 : #define SESSION_GROUP_DIRCONN -2
878 : /** Session group reserved for resolve requests launched by a controller */
879 : #define SESSION_GROUP_CONTROL_RESOLVE -3
880 : /** First automatically allocated session group number */
881 : #define SESSION_GROUP_FIRST_AUTO -4
882 :
883 : typedef struct port_cfg_t port_cfg_t;
884 : typedef struct routerset_t routerset_t;
885 :
886 : /** A magic value for the (Socks|OR|...)Port options below, telling Tor
887 : * to pick its own port. */
888 : #define CFG_AUTO_PORT 0xc4005e
889 :
890 : typedef struct or_options_t or_options_t;
891 :
892 : typedef struct or_state_t or_state_t;
893 :
894 : #define MAX_SOCKS_ADDR_LEN 256
895 :
896 : /********************************* circuitbuild.c **********************/
897 :
898 : /** How many hops does a general-purpose circuit have by default? */
899 : #define DEFAULT_ROUTE_LEN 3
900 :
901 : /* Circuit Build Timeout "public" structures. */
902 :
903 : /** Precision multiplier for the Bw weights */
904 : #define BW_WEIGHT_SCALE 10000
905 : #define BW_MIN_WEIGHT_SCALE 1
906 : #define BW_MAX_WEIGHT_SCALE INT32_MAX
907 :
908 : typedef struct circuit_build_times_t circuit_build_times_t;
909 :
910 : /********************************* config.c ***************************/
911 :
912 : /********************************* connection_edge.c *************************/
913 :
914 : /** Enumerates possible origins of a client-side address mapping. */
915 : typedef enum {
916 : /** We're remapping this address because the controller told us to. */
917 : ADDRMAPSRC_CONTROLLER,
918 : /** We're remapping this address because of an AutomapHostsOnResolve
919 : * configuration. */
920 : ADDRMAPSRC_AUTOMAP,
921 : /** We're remapping this address because our configuration (via torrc, the
922 : * command line, or a SETCONF command) told us to. */
923 : ADDRMAPSRC_TORRC,
924 : /** We're remapping this address because we have TrackHostExit configured,
925 : * and we want to remember to use the same exit next time. */
926 : ADDRMAPSRC_TRACKEXIT,
927 : /** We're remapping this address because we got a DNS resolution from a
928 : * Tor server that told us what its value was. */
929 : ADDRMAPSRC_DNS,
930 :
931 : /** No remapping has occurred. This isn't a possible value for an
932 : * addrmap_entry_t; it's used as a null value when we need to answer "Why
933 : * did this remapping happen." */
934 : ADDRMAPSRC_NONE
935 : } addressmap_entry_source_t;
936 : #define addressmap_entry_source_bitfield_t ENUM_BF(addressmap_entry_source_t)
937 :
938 : #define WRITE_STATS_INTERVAL (24*60*60)
939 :
940 : /********************************* dirvote.c ************************/
941 :
942 : typedef struct vote_timing_t vote_timing_t;
943 :
944 : /********************************* microdesc.c *************************/
945 :
946 : typedef struct microdesc_cache_t microdesc_cache_t;
947 :
948 : /** The maximum number of non-circuit-build-timeout failures a hidden
949 : * service client will tolerate while trying to build a circuit to an
950 : * introduction point. */
951 : #define MAX_INTRO_POINT_REACHABILITY_FAILURES 5
952 :
953 : /** The minimum and maximum number of distinct INTRODUCE2 cells which a
954 : * hidden service's introduction point will receive before it begins to
955 : * expire. */
956 : #define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS 16384
957 : /* Double the minimum value so the interval is [min, min * 2]. */
958 : #define INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS \
959 : (INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS * 2)
960 :
961 : /** The minimum number of seconds that an introduction point will last
962 : * before expiring due to old age. (If it receives
963 : * INTRO_POINT_LIFETIME_INTRODUCTIONS INTRODUCE2 cells, it may expire
964 : * sooner.)
965 : *
966 : * XXX Should this be configurable? */
967 : #define INTRO_POINT_LIFETIME_MIN_SECONDS (18*60*60)
968 : /** The maximum number of seconds that an introduction point will last
969 : * before expiring due to old age.
970 : *
971 : * XXX Should this be configurable? */
972 : #define INTRO_POINT_LIFETIME_MAX_SECONDS (24*60*60)
973 :
974 : /** The maximum number of circuit creation retry we do to an intro point
975 : * before giving up. We try to reuse intro point that fails during their
976 : * lifetime so this is a hard limit on the amount of time we do that. */
977 : #define MAX_INTRO_POINT_CIRCUIT_RETRIES 3
978 :
979 : /********************************* routerlist.c ***************************/
980 :
981 : typedef struct dir_server_t dir_server_t;
982 :
983 : #define RELAY_REQUIRED_MIN_BANDWIDTH (75*1024)
984 : #define BRIDGE_REQUIRED_MIN_BANDWIDTH (50*1024)
985 :
986 : #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX
987 :
988 : typedef struct tor_version_t tor_version_t;
989 :
990 : #endif /* !defined(TOR_OR_H) */
|
