tor  0.4.2.0-alpha-dev
Data Structures | Macros | Typedefs | Functions | Variables
authcert.c File Reference
#include "core/or/or.h"
#include "app/config/config.h"
#include "core/mainloop/connection.h"
#include "core/mainloop/mainloop.h"
#include "core/or/policies.h"
#include "feature/client/bridges.h"
#include "feature/dirauth/authmode.h"
#include "feature/dirclient/dirclient.h"
#include "feature/dirclient/dlstatus.h"
#include "feature/dircommon/directory.h"
#include "feature/dircommon/fp_pair.h"
#include "feature/dirparse/authcert_parse.h"
#include "feature/nodelist/authcert.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/node_select.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerlist.h"
#include "feature/relay/routermode.h"
#include "core/or/connection_st.h"
#include "feature/dirclient/dir_server_st.h"
#include "feature/dircommon/dir_connection_st.h"
#include "feature/nodelist/authority_cert_st.h"
#include "feature/nodelist/document_signature_st.h"
#include "feature/nodelist/networkstatus_st.h"
#include "feature/nodelist/networkstatus_voter_info_st.h"
#include "feature/nodelist/node_st.h"

Go to the source code of this file.

Data Structures

struct  cert_list_t
 

Macros

#define DSMAP_FOREACH(map, keyvar, valvar)
 
#define dsmap_free(map, fn)   MAP_FREE_AND_NULL(dsmap, (map), (fn))
 
#define cert_list_free(val)   FREE_AND_NULL(cert_list_t, cert_list_free_, (val))
 
#define DEAD_CERT_LIFETIME   (2*24*60*60)
 
#define SUPERSEDED_CERT_LIFETIME   (2*24*60*60)
 
#define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER   2
 

Typedefs

typedef struct cert_list_t cert_list_t
 

Functions

static void download_status_reset_by_sk_in_cl (cert_list_t *cl, const char *digest)
 
static int download_status_is_ready_by_sk_in_cl (cert_list_t *cl, const char *digest, time_t now)
 
static void list_pending_fpsk_downloads (fp_pair_map_t *result)
 
static void download_status_cert_init (download_status_t *dlstatus)
 
static cert_list_tget_cert_list (const char *id_digest)
 
 MOCK_IMPL (smartlist_t *, list_authority_ids_with_downloads,(void))
 
 MOCK_IMPL (download_status_t *, id_only_download_status_for_authority_id,(const char *digest))
 
 MOCK_IMPL (smartlist_t *, list_sk_digests_for_authority_id,(const char *digest))
 
 MOCK_IMPL (download_status_t *, download_status_for_authority_id_and_sk,(const char *id_digest, const char *sk_digest))
 
static void cert_list_free_ (cert_list_t *cl)
 
static void cert_list_free_void (void *cl)
 
int trusted_dirs_reload_certs (void)
 
static int already_have_cert (authority_cert_t *cert)
 
int trusted_dirs_load_certs_from_string (const char *contents, int source, int flush, const char *source_dir)
 
void trusted_dirs_flush_certs_to_disk (void)
 
static int compare_certs_by_pubdates (const void **_a, const void **_b)
 
void trusted_dirs_remove_old_certs (void)
 
authority_cert_tauthority_cert_get_newest_by_id (const char *id_digest)
 
authority_cert_tauthority_cert_get_by_sk_digest (const char *sk_digest)
 
authority_cert_tauthority_cert_get_by_digests (const char *id_digest, const char *sk_digest)
 
void authority_cert_get_all (smartlist_t *certs_out)
 
void authority_cert_dl_failed (const char *id_digest, const char *signing_key_digest, int status)
 
int authority_cert_is_blacklisted (const authority_cert_t *cert)
 
int authority_cert_dl_looks_uncertain (const char *id_digest)
 
static void authority_certs_fetch_resource_impl (const char *resource, const char *dir_hint, const node_t *node, const routerstatus_t *rs)
 
void authority_certs_fetch_missing (networkstatus_t *status, time_t now, const char *dir_hint)
 
void authcert_free_all (void)
 
void authority_cert_free_ (authority_cert_t *cert)
 

Variables

static digestmap_t * trusted_dir_certs = NULL
 
static int trusted_dir_servers_certs_changed = 0
 
static const char * BAD_SIGNING_KEYS []
 

Detailed Description

Code to maintain directory authorities' certificates.

Authority certificates are signed with authority identity keys; they are used to authenticate shorter-term authority signing keys. We fetch them when we find a consensus or a vote that has been signed with a signing key we don't recognize. We cache them on disk and load them on startup. Authority operators generate them with the "tor-gencert" utility.

Definition in file authcert.c.

Macro Definition Documentation

◆ DSMAP_FOREACH

#define DSMAP_FOREACH (   map,
  keyvar,
  valvar 
)
Value:
DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
valvar)
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:153

Definition at line 50 of file authcert.c.

Function Documentation

◆ already_have_cert()

static int already_have_cert ( authority_cert_t cert)
inlinestatic

Helper: return true iff we already have loaded the exact cert cert.

Definition at line 345 of file authcert.c.

References authority_cert_t::cache_info, get_cert_list(), signed_descriptor_t::identity_digest, and SMARTLIST_FOREACH.

◆ authority_cert_dl_failed()

void authority_cert_dl_failed ( const char *  id_digest,
const char *  signing_key_digest,
int  status 
)

Called when an attempt to download a certificate with the authority with ID id_digest and, if not NULL, signed with key signing_key_digest fails with HTTP response code status: remember the failure, so we don't try again immediately.

Definition at line 683 of file authcert.c.

◆ authority_cert_dl_looks_uncertain()

int authority_cert_dl_looks_uncertain ( const char *  id_digest)

Return true iff when we've been getting enough failures when trying to download the certificate with ID digest id_digest that we're willing to start bugging the user about it.

Definition at line 765 of file authcert.c.

References download_status_get_n_failures(), and trusted_dir_certs.

Referenced by networkstatus_check_consensus_signature().

◆ authority_cert_free_()

void authority_cert_free_ ( authority_cert_t cert)

Free storage held in cert.

Definition at line 1164 of file authcert.c.

References authority_cert_t::cache_info, signed_descriptor_t::signed_descriptor_body, and tor_free.

◆ authority_cert_get_all()

void authority_cert_get_all ( smartlist_t certs_out)

Add every known authority_cert_t to certs_out.

Definition at line 666 of file authcert.c.

References DIGESTMAP_FOREACH, DIGESTMAP_FOREACH_END, smartlist_add(), SMARTLIST_FOREACH, tor_assert(), and trusted_dir_certs.

◆ authority_cert_get_by_digests()

authority_cert_t* authority_cert_get_by_digests ( const char *  id_digest,
const char *  sk_digest 
)

Return the v3 authority certificate with signing key matching sk_digest, for the authority with identity digest id_digest. Return NULL if no such authority is known.

Definition at line 650 of file authcert.c.

References DIGEST_LEN, SMARTLIST_FOREACH, tor_memeq(), and trusted_dir_certs.

Referenced by networkstatus_check_consensus_signature().

◆ authority_cert_get_by_sk_digest()

authority_cert_t* authority_cert_get_by_sk_digest ( const char *  sk_digest)

Return the newest v3 authority certificate whose directory signing key has digest sk_digest. Return NULL if no such certificate is known.

Definition at line 623 of file authcert.c.

References DIGEST_LEN, DIGESTMAP_FOREACH, DIGESTMAP_FOREACH_END, get_my_v3_legacy_cert(), authority_cert_t::signing_key_digest, SMARTLIST_FOREACH, tor_memeq(), and trusted_dir_certs.

◆ authority_cert_get_newest_by_id()

authority_cert_t* authority_cert_get_newest_by_id ( const char *  id_digest)

Return the newest v3 authority certificate whose v3 authority identity key has digest id_digest. Return NULL if no such authority is known, or it has no certificate.

Definition at line 603 of file authcert.c.

References SMARTLIST_FOREACH, and trusted_dir_certs.

◆ authority_cert_is_blacklisted()

int authority_cert_is_blacklisted ( const authority_cert_t cert)

Return true iff cert authenticates some atuhority signing key which, because of the old openssl heartbleed vulnerability, should never be trusted.

Definition at line 746 of file authcert.c.

References base16_encode(), HEX_DIGEST_LEN, and authority_cert_t::signing_key_digest.

◆ authority_certs_fetch_missing()

void authority_certs_fetch_missing ( networkstatus_t status,
time_t  now,
const char *  dir_hint 
)

Try to download any v3 authority certificates that we may be missing. If status is provided, try to get all the ones that were used to sign status. Additionally, try to have a non-expired certificate for every V3 authority in trusted_dir_servers. Don't fetch certificates we already have.

If dir_hint is non-NULL, it's the identity digest for a directory that we've just successfully retrieved a consensus or certificates from, so try it first to fetch any missing certificates.

Definition at line 855 of file authcert.c.

Referenced by update_certificate_downloads().

◆ cert_list_free_()

static void cert_list_free_ ( cert_list_t cl)
static

Release all space held by a cert_list_t

Definition at line 302 of file authcert.c.

References SMARTLIST_FOREACH.

Referenced by cert_list_free_void().

◆ cert_list_free_void()

static void cert_list_free_void ( void *  cl)
static

Wrapper for cert_list_free so we can pass it to digestmap_free

Definition at line 316 of file authcert.c.

References cert_list_free_().

◆ download_status_cert_init()

static void download_status_cert_init ( download_status_t dlstatus)
static

Initialise schedule, want_authority, and increment_on in the download status dlstatus, then call download_status_reset() on it. It is safe to call this function or download_status_reset() multiple times on a new dlstatus. But it should not be called after a dlstatus has been used to count download attempts or failures.

Definition at line 93 of file authcert.c.

References download_status_t::schedule.

◆ download_status_is_ready_by_sk_in_cl()

static int download_status_is_ready_by_sk_in_cl ( cert_list_t cl,
const char *  digest,
time_t  now 
)
static

Return true if the download for this signing key digest in cl is ready to be re-attempted.

Definition at line 137 of file authcert.c.

References download_status_is_ready(), and tor_assert().

◆ download_status_reset_by_sk_in_cl()

static void download_status_reset_by_sk_in_cl ( cert_list_t cl,
const char *  digest 
)
static

Reset the download status of a specified element in a dsmap

Definition at line 107 of file authcert.c.

References tor_assert().

◆ get_cert_list()

static cert_list_t* get_cert_list ( const char *  id_digest)
static

Helper: Return the cert_list_t for an authority whose authority ID is id_digest, allocating a new list if necessary.

Definition at line 175 of file authcert.c.

References trusted_dir_certs.

Referenced by already_have_cert().

◆ list_pending_fpsk_downloads()

static void list_pending_fpsk_downloads ( fp_pair_map_t result)
static

For every certificate we are currently downloading by (identity digest, signing key digest) pair, set result[fp_pair] to (void *1).

Definition at line 1180 of file authcert.c.

References CONN_TYPE_DIR, DIR_PURPOSE_FETCH_CERTIFICATE, dir_split_resource_into_fingerprint_pairs(), dir_connection_t::requested_resource, SMARTLIST_FOREACH_BEGIN, strcmpstart(), TO_DIR_CONN(), and tor_assert().

◆ MOCK_IMPL() [1/4]

MOCK_IMPL ( smartlist_t ,
list_authority_ids_with_downloads  ,
(void)   
)

Return a list of authority ID digests with potentially enumerable lists of download_status_t objects; used by controller GETINFO queries.

Definition at line 195 of file authcert.c.

References trusted_dir_certs.

◆ MOCK_IMPL() [2/4]

MOCK_IMPL ( download_status_t ,
id_only_download_status_for_authority_id  ,
(const char *digest)   
)

Given an authority ID digest, return a pointer to the default download status, or NULL if there is no such entry in trusted_dir_certs

Definition at line 226 of file authcert.c.

References trusted_dir_certs.

◆ MOCK_IMPL() [3/4]

MOCK_IMPL ( smartlist_t ,
list_sk_digests_for_authority_id  ,
(const char *digest)   
)

Given an authority ID digest, return a smartlist of signing key digests for which download_status_t is potentially queryable, or NULL if no such authority ID digest is known.

Definition at line 246 of file authcert.c.

References trusted_dir_certs.

◆ MOCK_IMPL() [4/4]

MOCK_IMPL ( download_status_t ,
download_status_for_authority_id_and_sk  ,
(const char *id_digest, const char *sk_digest)   
)

Given an authority ID digest and a signing key digest, return the download_status_t or NULL if none exists.

Definition at line 280 of file authcert.c.

References trusted_dir_certs.

◆ trusted_dirs_flush_certs_to_disk()

void trusted_dirs_flush_certs_to_disk ( void  )

Save all v3 key certificates to the cached-certs file.

Definition at line 501 of file authcert.c.

References DIGESTMAP_FOREACH, DIGESTMAP_FOREACH_END, SMARTLIST_FOREACH, trusted_dir_certs, and trusted_dir_servers_certs_changed.

◆ trusted_dirs_load_certs_from_string()

int trusted_dirs_load_certs_from_string ( const char *  contents,
int  source,
int  flush,
const char *  source_dir 
)

Load a bunch of new key certificates from the string contents. If source is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are from the cache, and we don't need to flush them to disk. If we are a dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF. Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If flush is true, we need to flush any changed certificates to disk now. Return 0 on success, -1 if any certs fail to parse.

If source_dir is non-NULL, it's the identity digest for a directory that we've just successfully retrieved certificates from, so try it first to fetch any missing certificates.

Definition at line 373 of file authcert.c.

◆ trusted_dirs_reload_certs()

int trusted_dirs_reload_certs ( void  )

Reload the cached v3 key certificates from the cached-certs file in the data directory. Return 0 on success, -1 on failure.

Definition at line 324 of file authcert.c.

◆ trusted_dirs_remove_old_certs()

void trusted_dirs_remove_old_certs ( void  )

Remove all expired v3 authority certificates that have been superseded for more than 48 hours or, if not expired, that were published more than 7 days before being superseded. (If the most recent cert was published more than 48 hours ago, then we aren't going to get any consensuses signed with older keys.)

Definition at line 550 of file authcert.c.

References DIGESTMAP_FOREACH, smartlist_sort(), and trusted_dir_certs.

Referenced by routerlist_remove_old_routers().

Variable Documentation

◆ BAD_SIGNING_KEYS

const char* BAD_SIGNING_KEYS[]
static
Initial value:
= {
"09CD84F751FD6E955E0F8ADB497D5401470D697E",
"0E7E9C07F0969D0468AD741E172A6109DC289F3C",
"57B85409891D3FB32137F642FDEDF8B7F8CDFDCD",
"87326329007AF781F587AF5B594E540B2B6C7630",
"98CC82342DE8D298CF99D3F1A396475901E0D38E",
"9904B52336713A5ADCB13E4FB14DC919E0D45571",
"9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227",
"A61682F34B9BB9694AC98491FE1ABBFE61923941",
"B59F6E99C575113650C99F1C425BA7B20A8C071D",
"D27178388FA75B96D37FA36E0B015227DDDBDA51",
NULL,
}

Definition at line 728 of file authcert.c.

◆ trusted_dir_certs

digestmap_t* trusted_dir_certs = NULL
static

◆ trusted_dir_servers_certs_changed

int trusted_dir_servers_certs_changed = 0
static

True iff any key certificate in at least one member of trusted_dir_certs has changed since we last flushed the certificates to disk.

Definition at line 85 of file authcert.c.

Referenced by trusted_dirs_flush_certs_to_disk().