Tor  0.4.5.0-alpha-dev
channeltls.c
Go to the documentation of this file.
1 /* * Copyright (c) 2012-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file channeltls.c
6  *
7  * \brief A concrete subclass of channel_t using or_connection_t to transfer
8  * cells between Tor instances.
9  *
10  * This module fills in the various function pointers in channel_t, to
11  * implement the channel_tls_t channels as used in Tor today. These channels
12  * are created from channel_tls_connect() and
13  * channel_tls_handle_incoming(). Each corresponds 1:1 to or_connection_t
14  * object, as implemented in connection_or.c. These channels transmit cells
15  * to the underlying or_connection_t by calling
16  * connection_or_write_*_cell_to_buf(), and receive cells from the underlying
17  * or_connection_t when connection_or_process_cells_from_inbuf() calls
18  * channel_tls_handle_*_cell().
19  *
20  * Here we also implement the server (responder) side of the v3+ Tor link
21  * handshake, which uses CERTS and AUTHENTICATE cell to negotiate versions,
22  * exchange expected and observed IP and time information, and bootstrap a
23  * level of authentication higher than we have gotten on the raw TLS
24  * handshake.
25  *
26  * NOTE: Since there is currently only one type of channel, there are probably
27  * more than a few cases where functionality that is currently in
28  * channeltls.c, connection_or.c, and channel.c ought to be divided up
29  * differently. The right time to do this is probably whenever we introduce
30  * our next channel type.
31  **/
32 
33 /*
34  * Define this so channel.h gives us things only channel_t subclasses
35  * should touch.
36  */
37 #define CHANNEL_OBJECT_PRIVATE
38 
39 #define CHANNELTLS_PRIVATE
40 
41 #include "core/or/or.h"
42 #include "core/or/channel.h"
43 #include "core/or/channeltls.h"
44 #include "core/or/circuitmux.h"
46 #include "core/or/command.h"
47 #include "app/config/config.h"
50 #include "core/or/connection_or.h"
54 #include "trunnel/link_handshake.h"
55 #include "core/or/relay.h"
56 #include "feature/stats/rephist.h"
57 #include "feature/relay/router.h"
60 #include "core/or/scheduler.h"
63 #include "trunnel/channelpadding_negotiation.h"
64 #include "trunnel/netinfo.h"
65 #include "core/or/channelpadding.h"
66 #include "core/or/extendinfo.h"
67 
68 #include "core/or/cell_st.h"
69 #include "core/or/cell_queue_st.h"
74 #include "core/or/var_cell_st.h"
75 
76 #include "lib/tls/tortls.h"
77 #include "lib/tls/x509.h"
78 
79 /** How many CELL_PADDING cells have we received, ever? */
81 /** How many CELL_VERSIONS cells have we received, ever? */
83 /** How many CELL_NETINFO cells have we received, ever? */
85 /** How many CELL_VPADDING cells have we received, ever? */
87 /** How many CELL_CERTS cells have we received, ever? */
89 /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
91 /** How many CELL_AUTHENTICATE cells have we received, ever? */
93 /** How many CELL_AUTHORIZE cells have we received, ever? */
95 
96 /** Active listener, if any */
98 
99 /* channel_tls_t method declarations */
100 
101 static void channel_tls_close_method(channel_t *chan);
102 static const char * channel_tls_describe_transport_method(channel_t *chan);
103 static void channel_tls_free_method(channel_t *chan);
105 static int
107 static int
108 channel_tls_get_transport_name_method(channel_t *chan, char **transport_out);
109 static const char *
112 static int channel_tls_is_canonical_method(channel_t *chan, int req);
113 static int
115  extend_info_t *extend_info);
117  const tor_addr_t *target);
121  cell_t *cell);
123  packed_cell_t *packed_cell);
125  var_cell_t *var_cell);
126 
127 /* channel_listener_tls_t method declarations */
128 
130 static const char *
132 
133 /** Handle incoming cells for the handshake stuff here rather than
134  * passing them on up. */
135 
137  channel_tls_t *tlschan);
138 static void channel_tls_process_netinfo_cell(cell_t *cell,
139  channel_tls_t *tlschan);
140 static int command_allowed_before_handshake(uint8_t command);
142  channel_tls_t *tlschan);
144  channel_tls_t *chan);
145 
146 /**
147  * Do parts of channel_tls_t initialization common to channel_tls_connect()
148  * and channel_tls_handle_incoming().
149  */
150 STATIC void
151 channel_tls_common_init(channel_tls_t *tlschan)
152 {
153  channel_t *chan;
154 
155  tor_assert(tlschan);
156 
157  chan = &(tlschan->base_);
158  channel_init(chan);
159  chan->magic = TLS_CHAN_MAGIC;
165  chan->get_remote_addr = channel_tls_get_remote_addr_method;
167  chan->get_transport_name = channel_tls_get_transport_name_method;
172  chan->num_bytes_queued = channel_tls_num_bytes_queued_method;
173  chan->num_cells_writeable = channel_tls_num_cells_writeable_method;
174  chan->write_cell = channel_tls_write_cell_method;
177 
178  chan->cmux = circuitmux_alloc();
179  /* We only have one policy for now so always set it to EWMA. */
180  circuitmux_set_policy(chan->cmux, &ewma_policy);
181 }
182 
183 /**
184  * Start a new TLS channel.
185  *
186  * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
187  * handshake with an OR with identity digest <b>id_digest</b>, and wrap
188  * it in a channel_tls_t.
189  */
190 channel_t *
191 channel_tls_connect(const tor_addr_t *addr, uint16_t port,
192  const char *id_digest,
193  const ed25519_public_key_t *ed_id)
194 {
195  channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
196  channel_t *chan = &(tlschan->base_);
197 
198  channel_tls_common_init(tlschan);
199 
200  log_debug(LD_CHANNEL,
201  "In channel_tls_connect() for channel %p "
202  "(global id %"PRIu64 ")",
203  tlschan,
204  (chan->global_identifier));
205 
206  if (is_local_to_resolve_addr(addr)) {
207  log_debug(LD_CHANNEL,
208  "Marking new outgoing channel %"PRIu64 " at %p as local",
209  (chan->global_identifier), chan);
210  channel_mark_local(chan);
211  } else {
212  log_debug(LD_CHANNEL,
213  "Marking new outgoing channel %"PRIu64 " at %p as remote",
214  (chan->global_identifier), chan);
215  channel_mark_remote(chan);
216  }
217 
218  channel_mark_outgoing(chan);
219 
220  /* Set up or_connection stuff */
221  tlschan->conn = connection_or_connect(addr, port, id_digest, ed_id, tlschan);
222  /* connection_or_connect() will fill in tlschan->conn */
223  if (!(tlschan->conn)) {
224  chan->reason_for_closing = CHANNEL_CLOSE_FOR_ERROR;
226  goto err;
227  }
228 
229  log_debug(LD_CHANNEL,
230  "Got orconn %p for channel with global id %"PRIu64,
231  tlschan->conn, (chan->global_identifier));
232 
233  goto done;
234 
235  err:
236  circuitmux_free(chan->cmux);
237  tor_free(tlschan);
238  chan = NULL;
239 
240  done:
241  /* If we got one, we should register it */
242  if (chan) channel_register(chan);
243 
244  return chan;
245 }
246 
247 /**
248  * Return the current channel_tls_t listener.
249  *
250  * Returns the current channel listener for incoming TLS connections, or
251  * NULL if none has been established
252  */
255 {
256  return channel_tls_listener;
257 }
258 
259 /**
260  * Start a channel_tls_t listener if necessary.
261  *
262  * Return the current channel_tls_t listener, or start one if we haven't yet,
263  * and return that.
264  */
267 {
268  channel_listener_t *listener;
269 
270  if (!channel_tls_listener) {
271  listener = tor_malloc_zero(sizeof(*listener));
272  channel_init_listener(listener);
275  listener->describe_transport =
277 
278  channel_tls_listener = listener;
279 
280  log_debug(LD_CHANNEL,
281  "Starting TLS channel listener %p with global id %"PRIu64,
282  listener, (listener->global_identifier));
283 
284  channel_listener_register(listener);
285  } else listener = channel_tls_listener;
286 
287  return listener;
288 }
289 
290 /**
291  * Free everything on shutdown.
292  *
293  * Not much to do here, since channel_free_all() takes care of a lot, but let's
294  * get rid of the listener.
295  */
296 void
298 {
299  channel_listener_t *old_listener = NULL;
300 
301  log_debug(LD_CHANNEL,
302  "Shutting down TLS channels...");
303 
304  if (channel_tls_listener) {
305  /*
306  * When we close it, channel_tls_listener will get nulled out, so save
307  * a pointer so we can free it.
308  */
309  old_listener = channel_tls_listener;
310  log_debug(LD_CHANNEL,
311  "Closing channel_tls_listener with ID %"PRIu64
312  " at %p.",
313  (old_listener->global_identifier),
314  old_listener);
315  channel_listener_unregister(old_listener);
316  channel_listener_mark_for_close(old_listener);
317  channel_listener_free(old_listener);
319  }
320 
321  log_debug(LD_CHANNEL,
322  "Done shutting down TLS channels");
323 }
324 
325 /**
326  * Create a new channel around an incoming or_connection_t.
327  */
328 channel_t *
330 {
331  channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
332  channel_t *chan = &(tlschan->base_);
333 
334  tor_assert(orconn);
335  tor_assert(!(orconn->chan));
336 
337  channel_tls_common_init(tlschan);
338 
339  /* Link the channel and orconn to each other */
340  tlschan->conn = orconn;
341  orconn->chan = tlschan;
342 
343  if (is_local_to_resolve_addr(&(TO_CONN(orconn)->addr))) {
344  log_debug(LD_CHANNEL,
345  "Marking new incoming channel %"PRIu64 " at %p as local",
346  (chan->global_identifier), chan);
347  channel_mark_local(chan);
348  } else {
349  log_debug(LD_CHANNEL,
350  "Marking new incoming channel %"PRIu64 " at %p as remote",
351  (chan->global_identifier), chan);
352  channel_mark_remote(chan);
353  }
354 
355  channel_mark_incoming(chan);
356 
357  /* Register it */
358  channel_register(chan);
359 
360  return chan;
361 }
362 
363 /*********
364  * Casts *
365  ********/
366 
367 /**
368  * Cast a channel_tls_t to a channel_t.
369  */
370 channel_t *
371 channel_tls_to_base(channel_tls_t *tlschan)
372 {
373  if (!tlschan) return NULL;
374 
375  return &(tlschan->base_);
376 }
377 
378 /**
379  * Cast a channel_t to a channel_tls_t, with appropriate type-checking
380  * asserts.
381  */
382 channel_tls_t *
384 {
385  if (!chan) return NULL;
386 
387  tor_assert(chan->magic == TLS_CHAN_MAGIC);
388 
389  return (channel_tls_t *)(chan);
390 }
391 
392 /********************************************
393  * Method implementations for channel_tls_t *
394  *******************************************/
395 
396 /**
397  * Close a channel_tls_t.
398  *
399  * This implements the close method for channel_tls_t.
400  */
401 static void
403 {
404  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
405 
406  tor_assert(tlschan);
407 
408  if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1);
409  else {
410  /* Weird - we'll have to change the state ourselves, I guess */
411  log_info(LD_CHANNEL,
412  "Tried to close channel_tls_t %p with NULL conn",
413  tlschan);
415  }
416 }
417 
418 /**
419  * Describe the transport for a channel_tls_t.
420  *
421  * This returns the string "TLS channel on connection <id>" to the upper
422  * layer.
423  */
424 static const char *
426 {
427  static char *buf = NULL;
428  uint64_t id;
429  channel_tls_t *tlschan;
430  const char *rv = NULL;
431 
432  tor_assert(chan);
433 
434  tlschan = BASE_CHAN_TO_TLS(chan);
435 
436  if (tlschan->conn) {
437  id = TO_CONN(tlschan->conn)->global_identifier;
438 
439  if (buf) tor_free(buf);
440  tor_asprintf(&buf,
441  "TLS channel (connection %"PRIu64 ")",
442  (id));
443 
444  rv = buf;
445  } else {
446  rv = "TLS channel (no connection)";
447  }
448 
449  return rv;
450 }
451 
452 /**
453  * Free a channel_tls_t.
454  *
455  * This is called by the generic channel layer when freeing a channel_tls_t;
456  * this happens either on a channel which has already reached
457  * CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or
458  * on shutdown from channel_free_all(). In the latter case we might still
459  * have an orconn active (which connection_free_all() will get to later),
460  * so we should null out its channel pointer now.
461  */
462 static void
464 {
465  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
466 
467  tor_assert(tlschan);
468 
469  if (tlschan->conn) {
470  tlschan->conn->chan = NULL;
471  tlschan->conn = NULL;
472  }
473 }
474 
475 /**
476  * Get an estimate of the average TLS overhead for the upper layer.
477  */
478 static double
480 {
481  double overhead = 1.0;
482  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
483 
484  tor_assert(tlschan);
485  tor_assert(tlschan->conn);
486 
487  /* Just return 1.0f if we don't have sensible data */
488  if (tlschan->conn->bytes_xmitted > 0 &&
489  tlschan->conn->bytes_xmitted_by_tls >=
490  tlschan->conn->bytes_xmitted) {
491  overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
492  ((double)(tlschan->conn->bytes_xmitted));
493 
494  /*
495  * Never estimate more than 2.0; otherwise we get silly large estimates
496  * at the very start of a new TLS connection.
497  */
498  if (overhead > 2.0)
499  overhead = 2.0;
500  }
501 
502  log_debug(LD_CHANNEL,
503  "Estimated overhead ratio for TLS chan %"PRIu64 " is %f",
504  (chan->global_identifier), overhead);
505 
506  return overhead;
507 }
508 
509 /**
510  * Get the remote address of a channel_tls_t.
511  *
512  * This implements the get_remote_addr method for channel_tls_t; copy the
513  * remote endpoint of the channel to addr_out and return 1 (always
514  * succeeds for this transport).
515  */
516 static int
518 {
519  int rv = 0;
520  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
521 
522  tor_assert(tlschan);
523  tor_assert(addr_out);
524 
525  if (tlschan->conn) {
526  tor_addr_copy(addr_out, &(tlschan->conn->real_addr));
527  rv = 1;
528  } else tor_addr_make_unspec(addr_out);
529 
530  return rv;
531 }
532 
533 /**
534  * Get the name of the pluggable transport used by a channel_tls_t.
535  *
536  * This implements the get_transport_name for channel_tls_t. If the
537  * channel uses a pluggable transport, copy its name to
538  * <b>transport_out</b> and return 0. If the channel did not use a
539  * pluggable transport, return -1.
540  */
541 static int
543 {
544  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
545 
546  tor_assert(tlschan);
547  tor_assert(transport_out);
548  tor_assert(tlschan->conn);
549 
550  if (!tlschan->conn->ext_or_transport)
551  return -1;
552 
553  *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
554  return 0;
555 }
556 
557 /**
558  * Get endpoint description of a channel_tls_t.
559  *
560  * This implements the get_remote_descr method for channel_tls_t; it returns
561  * a text description of the remote endpoint of the channel suitable for use
562  * in log messages. The req parameter is 0 for the canonical address or 1 for
563  * the actual address seen.
564  */
565 static const char *
567 {
568  static char buf[TOR_ADDRPORT_BUF_LEN];
569  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
570  connection_t *conn;
571  const char *answer = NULL;
572  char *addr_str;
573 
574  tor_assert(tlschan);
575 
576  if (tlschan->conn) {
577  conn = TO_CONN(tlschan->conn);
578  switch (flags) {
579  case 0:
580  /* Canonical address with port*/
582  "%s:%u", conn->address, conn->port);
583  answer = buf;
584  break;
585  case GRD_FLAG_ORIGINAL:
586  /* Actual address with port */
587  addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr));
588  tor_snprintf(buf, TOR_ADDRPORT_BUF_LEN, "%s:%u", addr_str, conn->port);
589  tor_free(addr_str);
590  answer = buf;
591  break;
592  case GRD_FLAG_ADDR_ONLY:
593  /* Canonical address, no port */
594  strlcpy(buf, conn->address, sizeof(buf));
595  answer = buf;
596  break;
597  case GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY:
598  /* Actual address, no port */
599  addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr));
600  strlcpy(buf, addr_str, sizeof(buf));
601  tor_free(addr_str);
602  answer = buf;
603  break;
604  default:
605  /* Something's broken in channel.c */
606  tor_assert_nonfatal_unreached_once();
607  }
608  } else {
609  strlcpy(buf, "(No connection)", sizeof(buf));
610  answer = buf;
611  }
612 
613  return answer;
614 }
615 
616 /**
617  * Tell the upper layer if we have queued writes.
618  *
619  * This implements the has_queued_writes method for channel_tls t_; it returns
620  * 1 iff we have queued writes on the outbuf of the underlying or_connection_t.
621  */
622 static int
624 {
625  size_t outbuf_len;
626  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
627 
628  tor_assert(tlschan);
629  if (!(tlschan->conn)) {
630  log_info(LD_CHANNEL,
631  "something called has_queued_writes on a tlschan "
632  "(%p with ID %"PRIu64 " but no conn",
633  chan, (chan->global_identifier));
634  }
635 
636  outbuf_len = (tlschan->conn != NULL) ?
637  connection_get_outbuf_len(TO_CONN(tlschan->conn)) :
638  0;
639 
640  return (outbuf_len > 0);
641 }
642 
643 /**
644  * Tell the upper layer if we're canonical.
645  *
646  * This implements the is_canonical method for channel_tls_t; if req is zero,
647  * it returns whether this is a canonical channel, and if it is one it returns
648  * whether that can be relied upon.
649  */
650 static int
652 {
653  int answer = 0;
654  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
655 
656  tor_assert(tlschan);
657 
658  if (tlschan->conn) {
659  switch (req) {
660  case 0:
661  answer = tlschan->conn->is_canonical;
662  break;
663  case 1:
664  /*
665  * Is the is_canonical bit reliable? In protocols version 2 and up
666  * we get the canonical address from a NETINFO cell, but in older
667  * versions it might be based on an obsolete descriptor.
668  */
669  answer = (tlschan->conn->link_proto >= 2);
670  break;
671  default:
672  /* This shouldn't happen; channel.c is broken if it does */
673  tor_assert_nonfatal_unreached_once();
674  }
675  }
676  /* else return 0 for tlschan->conn == NULL */
677 
678  return answer;
679 }
680 
681 /**
682  * Check if we match an extend_info_t.
683  *
684  * This implements the matches_extend_info method for channel_tls_t; the upper
685  * layer wants to know if this channel matches an extend_info_t.
686  */
687 static int
689  extend_info_t *extend_info)
690 {
691  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
692 
693  tor_assert(tlschan);
694  tor_assert(extend_info);
695 
696  /* Never match if we have no conn */
697  if (!(tlschan->conn)) {
698  log_info(LD_CHANNEL,
699  "something called matches_extend_info on a tlschan "
700  "(%p with ID %"PRIu64 " but no conn",
701  chan, (chan->global_identifier));
702  return 0;
703  }
704 
705  return extend_info_has_orport(extend_info,
706  &TO_CONN(tlschan->conn)->addr,
707  TO_CONN(tlschan->conn)->port);
708 }
709 
710 /**
711  * Check if we match a target address; return true iff we do.
712  *
713  * This implements the matches_target method for channel_tls t_; the upper
714  * layer wants to know if this channel matches a target address when extending
715  * a circuit.
716  */
717 static int
719  const tor_addr_t *target)
720 {
721  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
722 
723  tor_assert(tlschan);
724  tor_assert(target);
725 
726  /* Never match if we have no conn */
727  if (!(tlschan->conn)) {
728  log_info(LD_CHANNEL,
729  "something called matches_target on a tlschan "
730  "(%p with ID %"PRIu64 " but no conn",
731  chan, (chan->global_identifier));
732  return 0;
733  }
734 
735  /* real_addr is the address this connection came from.
736  * base_.addr is updated by connection_or_init_conn_from_address()
737  * to be the address in the descriptor. It may be tempting to
738  * allow either address to be allowed, but if we did so, it would
739  * enable someone who steals a relay's keys to covertly impersonate/MITM it
740  * from anywhere on the Internet! (Because they could make long-lived
741  * TLS connections from anywhere to all relays, and wait for them to
742  * be used for extends).
743  *
744  * An adversary who has stolen a relay's keys could also post a fake relay
745  * descriptor, but that attack is easier to detect.
746  */
747  return tor_addr_eq(&(tlschan->conn->real_addr), target);
748 }
749 
750 /**
751  * Tell the upper layer how many bytes we have queued and not yet
752  * sent.
753  */
754 static size_t
756 {
757  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
758 
759  tor_assert(tlschan);
760  tor_assert(tlschan->conn);
761 
762  return connection_get_outbuf_len(TO_CONN(tlschan->conn));
763 }
764 
765 /**
766  * Tell the upper layer how many cells we can accept to write.
767  *
768  * This implements the num_cells_writeable method for channel_tls_t; it
769  * returns an estimate of the number of cells we can accept with
770  * channel_tls_write_*_cell().
771  */
772 static int
774 {
775  size_t outbuf_len;
776  ssize_t n;
777  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
778  size_t cell_network_size;
779 
780  tor_assert(tlschan);
781  tor_assert(tlschan->conn);
782 
783  cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
784  outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn));
785  /* Get the number of cells */
786  n = CEIL_DIV(OR_CONN_HIGHWATER - outbuf_len, cell_network_size);
787  if (n < 0) n = 0;
788 #if SIZEOF_SIZE_T > SIZEOF_INT
789  if (n > INT_MAX) n = INT_MAX;
790 #endif
791 
792  return (int)n;
793 }
794 
795 /**
796  * Write a cell to a channel_tls_t.
797  *
798  * This implements the write_cell method for channel_tls_t; given a
799  * channel_tls_t and a cell_t, transmit the cell_t.
800  */
801 static int
803 {
804  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
805  int written = 0;
806 
807  tor_assert(tlschan);
808  tor_assert(cell);
809 
810  if (tlschan->conn) {
811  connection_or_write_cell_to_buf(cell, tlschan->conn);
812  ++written;
813  } else {
814  log_info(LD_CHANNEL,
815  "something called write_cell on a tlschan "
816  "(%p with ID %"PRIu64 " but no conn",
817  chan, (chan->global_identifier));
818  }
819 
820  return written;
821 }
822 
823 /**
824  * Write a packed cell to a channel_tls_t.
825  *
826  * This implements the write_packed_cell method for channel_tls_t; given a
827  * channel_tls_t and a packed_cell_t, transmit the packed_cell_t.
828  *
829  * Return 0 on success or negative value on error. The caller must free the
830  * packed cell.
831  */
832 static int
834  packed_cell_t *packed_cell)
835 {
836  tor_assert(chan);
837  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
838  size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
839 
840  tor_assert(tlschan);
841  tor_assert(packed_cell);
842 
843  if (tlschan->conn) {
844  connection_buf_add(packed_cell->body, cell_network_size,
845  TO_CONN(tlschan->conn));
846  } else {
847  log_info(LD_CHANNEL,
848  "something called write_packed_cell on a tlschan "
849  "(%p with ID %"PRIu64 " but no conn",
850  chan, (chan->global_identifier));
851  return -1;
852  }
853 
854  return 0;
855 }
856 
857 /**
858  * Write a variable-length cell to a channel_tls_t.
859  *
860  * This implements the write_var_cell method for channel_tls_t; given a
861  * channel_tls_t and a var_cell_t, transmit the var_cell_t.
862  */
863 static int
865 {
866  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
867  int written = 0;
868 
869  tor_assert(tlschan);
870  tor_assert(var_cell);
871 
872  if (tlschan->conn) {
873  connection_or_write_var_cell_to_buf(var_cell, tlschan->conn);
874  ++written;
875  } else {
876  log_info(LD_CHANNEL,
877  "something called write_var_cell on a tlschan "
878  "(%p with ID %"PRIu64 " but no conn",
879  chan, (chan->global_identifier));
880  }
881 
882  return written;
883 }
884 
885 /*************************************************
886  * Method implementations for channel_listener_t *
887  ************************************************/
888 
889 /**
890  * Close a channel_listener_t.
891  *
892  * This implements the close method for channel_listener_t.
893  */
894 static void
896 {
897  tor_assert(chan_l);
898 
899  /*
900  * Listeners we just go ahead and change state through to CLOSED, but
901  * make sure to check if they're channel_tls_listener to NULL it out.
902  */
903  if (chan_l == channel_tls_listener)
904  channel_tls_listener = NULL;
905 
906  if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSING ||
908  chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
910  }
911 
912  if (chan_l->incoming_list) {
914  channel_t *, ichan) {
915  channel_mark_for_close(ichan);
916  } SMARTLIST_FOREACH_END(ichan);
917 
918  smartlist_free(chan_l->incoming_list);
919  chan_l->incoming_list = NULL;
920  }
921 
922  if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
923  chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
925  }
926 }
927 
928 /**
929  * Describe the transport for a channel_listener_t.
930  *
931  * This returns the string "TLS channel (listening)" to the upper
932  * layer.
933  */
934 static const char *
936 {
937  tor_assert(chan_l);
938 
939  return "TLS channel (listening)";
940 }
941 
942 /*******************************************************
943  * Functions for handling events on an or_connection_t *
944  ******************************************************/
945 
946 /**
947  * Handle an orconn state change.
948  *
949  * This function will be called by connection_or.c when the or_connection_t
950  * associated with this channel_tls_t changes state.
951  */
952 void
954  or_connection_t *conn,
955  uint8_t state)
956 {
957  channel_t *base_chan;
958 
959  tor_assert(chan);
960  tor_assert(conn);
961  tor_assert(conn->chan == chan);
962  tor_assert(chan->conn == conn);
963 
964  base_chan = TLS_CHAN_TO_BASE(chan);
965 
966  /* Make sure the base connection state makes sense - shouldn't be error
967  * or closed. */
968 
969  tor_assert(CHANNEL_IS_OPENING(base_chan) ||
970  CHANNEL_IS_OPEN(base_chan) ||
971  CHANNEL_IS_MAINT(base_chan) ||
972  CHANNEL_IS_CLOSING(base_chan));
973 
974  /* Did we just go to state open? */
975  if (state == OR_CONN_STATE_OPEN) {
976  /*
977  * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or
978  * CHANNEL_STATE_MAINT on this.
979  */
980  channel_change_state_open(base_chan);
981  /* We might have just become writeable; check and tell the scheduler */
982  if (connection_or_num_cells_writeable(conn) > 0) {
984  }
985  } else {
986  /*
987  * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
988  * otherwise no change.
989  */
990  if (CHANNEL_IS_OPEN(base_chan)) {
992  }
993  }
994 }
995 
996 #ifdef KEEP_TIMING_STATS
997 
998 /**
999  * Timing states wrapper.
1000  *
1001  * This is a wrapper function around the actual function that processes the
1002  * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b>
1003  * by the number of microseconds used by the call to <b>*func(cell, chan)</b>.
1004  */
1005 static void
1006 channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,
1007  void (*func)(cell_t *, channel_tls_t *))
1008 {
1009  struct timeval start, end;
1010  long time_passed;
1011 
1012  tor_gettimeofday(&start);
1013 
1014  (*func)(cell, chan);
1015 
1016  tor_gettimeofday(&end);
1017  time_passed = tv_udiff(&start, &end) ;
1018 
1019  if (time_passed > 10000) { /* more than 10ms */
1020  log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
1021  }
1022 
1023  if (time_passed < 0) {
1024  log_info(LD_GENERAL,"That call took us back in time!");
1025  time_passed = 0;
1026  }
1027 
1028  *time += time_passed;
1029 }
1030 #endif /* defined(KEEP_TIMING_STATS) */
1031 
1032 #ifdef KEEP_TIMING_STATS
1033 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
1034  ++num ## tp; \
1035  channel_tls_time_process_cell(cl, cn, & tp ## time , \
1036  channel_tls_process_ ## tp ## _cell); \
1037  } STMT_END
1038 #else /* !defined(KEEP_TIMING_STATS) */
1039 #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
1040 #endif /* defined(KEEP_TIMING_STATS) */
1041 
1042 /**
1043  * Handle an incoming cell on a channel_tls_t.
1044  *
1045  * This is called from connection_or.c to handle an arriving cell; it checks
1046  * for cell types specific to the handshake for this transport protocol and
1047  * handles them, and queues all other cells to the channel_t layer, which
1048  * eventually will hand them off to command.c.
1049  *
1050  * The channel layer itself decides whether the cell should be queued or
1051  * can be handed off immediately to the upper-layer code. It is responsible
1052  * for copying in the case that it queues; we merely pass pointers through
1053  * which we get from connection_or_process_cells_from_inbuf().
1054  */
1055 void
1057 {
1058  channel_tls_t *chan;
1059  int handshaking;
1060 
1061  tor_assert(cell);
1062  tor_assert(conn);
1063 
1064  chan = conn->chan;
1065 
1066  if (!chan) {
1067  log_warn(LD_CHANNEL,
1068  "Got a cell_t on an OR connection with no channel");
1069  return;
1070  }
1071 
1072  handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);
1073 
1074  if (conn->base_.marked_for_close)
1075  return;
1076 
1077  /* Reject all but VERSIONS and NETINFO when handshaking. */
1078  /* (VERSIONS actually indicates a protocol warning: it's variable-length,
1079  * so if it reaches this function, we're on a v1 connection.) */
1080  if (handshaking && cell->command != CELL_VERSIONS &&
1081  cell->command != CELL_NETINFO) {
1082  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1083  "Received unexpected cell command %d in chan state %s / "
1084  "conn state %s; closing the connection.",
1085  (int)cell->command,
1086  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1087  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state));
1089  return;
1090  }
1091 
1092  if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
1093  or_handshake_state_record_cell(conn, conn->handshake_state, cell, 1);
1094 
1095  /* We note that we're on the internet whenever we read a cell. This is
1096  * a fast operation. */
1099 
1100  if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1102 
1103  switch (cell->command) {
1104  case CELL_PADDING:
1106  if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1109  /* do nothing */
1110  break;
1111  case CELL_VERSIONS:
1112  /* A VERSIONS cell should always be a variable-length cell, and
1113  * so should never reach this function (which handles constant-sized
1114  * cells). But if the connection is using the (obsolete) v1 link
1115  * protocol, all cells will be treated as constant-sized, and so
1116  * it's possible we'll reach this code.
1117  */
1118  log_fn(LOG_PROTOCOL_WARN, LD_CHANNEL,
1119  "Received unexpected VERSIONS cell on a channel using link "
1120  "protocol %d; ignoring.", conn->link_proto);
1121  break;
1122  case CELL_NETINFO:
1124  PROCESS_CELL(netinfo, cell, chan);
1125  break;
1126  case CELL_PADDING_NEGOTIATE:
1128  PROCESS_CELL(padding_negotiate, cell, chan);
1129  break;
1130  case CELL_CREATE:
1131  case CELL_CREATE_FAST:
1132  case CELL_CREATED:
1133  case CELL_CREATED_FAST:
1134  case CELL_RELAY:
1135  case CELL_RELAY_EARLY:
1136  case CELL_DESTROY:
1137  case CELL_CREATE2:
1138  case CELL_CREATED2:
1139  /*
1140  * These are all transport independent and we pass them up through the
1141  * channel_t mechanism. They are ultimately handled in command.c.
1142  */
1143  channel_process_cell(TLS_CHAN_TO_BASE(chan), cell);
1144  break;
1145  default:
1147  "Cell of unknown type (%d) received in channeltls.c. "
1148  "Dropping.",
1149  cell->command);
1150  break;
1151  }
1152 }
1153 
1154 /**
1155  * Handle an incoming variable-length cell on a channel_tls_t.
1156  *
1157  * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep
1158  * internal statistics about how many of each cell we've processed so far
1159  * this second, and the total number of microseconds it took to
1160  * process each type of cell. All the var_cell commands are handshake-
1161  * related and live below the channel_t layer, so no variable-length
1162  * cells ever get delivered in the current implementation, but I've left
1163  * the mechanism in place for future use.
1164  *
1165  * If we were handing them off to the upper layer, the channel_t queueing
1166  * code would be responsible for memory management, and we'd just be passing
1167  * pointers through from connection_or_process_cells_from_inbuf(). That
1168  * caller always frees them after this function returns, so this function
1169  * should never free var_cell.
1170  */
1171 void
1173 {
1174  channel_tls_t *chan;
1175 
1176 #ifdef KEEP_TIMING_STATS
1177  /* how many of each cell have we seen so far this second? needs better
1178  * name. */
1179  static int num_versions = 0, num_certs = 0;
1180  static time_t current_second = 0; /* from previous calls to time */
1181  time_t now = time(NULL);
1182 
1183  if (current_second == 0) current_second = now;
1184  if (now > current_second) { /* the second has rolled over */
1185  /* print stats */
1186  log_info(LD_OR,
1187  "At end of second: %d versions (%d ms), %d certs (%d ms)",
1188  num_versions, versions_time / ((now - current_second) * 1000),
1189  num_certs, certs_time / ((now - current_second) * 1000));
1190 
1191  num_versions = num_certs = 0;
1192  versions_time = certs_time = 0;
1193 
1194  /* remember which second it is, for next time */
1195  current_second = now;
1196  }
1197 #endif /* defined(KEEP_TIMING_STATS) */
1198 
1199  tor_assert(var_cell);
1200  tor_assert(conn);
1201 
1202  chan = conn->chan;
1203 
1204  if (!chan) {
1205  log_warn(LD_CHANNEL,
1206  "Got a var_cell_t on an OR connection with no channel");
1207  return;
1208  }
1209 
1210  if (TO_CONN(conn)->marked_for_close)
1211  return;
1212 
1213  switch (TO_CONN(conn)->state) {
1215  if (var_cell->command != CELL_VERSIONS) {
1216  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1217  "Received a cell with command %d in unexpected "
1218  "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1219  "closing the connection.",
1220  (int)(var_cell->command),
1221  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1222  TO_CONN(conn)->state,
1223  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1224  (int)(TLS_CHAN_TO_BASE(chan)->state));
1225  /*
1226  * The code in connection_or.c will tell channel_t to close for
1227  * error; it will go to CHANNEL_STATE_CLOSING, and then to
1228  * CHANNEL_STATE_ERROR when conn is closed.
1229  */
1231  return;
1232  }
1233  break;
1235  /* If we're using bufferevents, it's entirely possible for us to
1236  * notice "hey, data arrived!" before we notice "hey, the handshake
1237  * finished!" And we need to be accepting both at once to handle both
1238  * the v2 and v3 handshakes. */
1239  /* But that should be happening any longer've disabled bufferevents. */
1240  tor_assert_nonfatal_unreached_once();
1241 
1242  FALLTHROUGH;
1244  if (!(command_allowed_before_handshake(var_cell->command))) {
1245  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1246  "Received a cell with command %d in unexpected "
1247  "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1248  "closing the connection.",
1249  (int)(var_cell->command),
1250  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1251  (int)(TO_CONN(conn)->state),
1252  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1253  (int)(TLS_CHAN_TO_BASE(chan)->state));
1254  /* see above comment about CHANNEL_STATE_ERROR */
1256  return;
1257  } else {
1258  if (enter_v3_handshake_with_cell(var_cell, chan) < 0)
1259  return;
1260  }
1261  break;
1263  if (var_cell->command != CELL_AUTHENTICATE)
1265  var_cell, 1);
1266  break; /* Everything is allowed */
1267  case OR_CONN_STATE_OPEN:
1268  if (conn->link_proto < 3) {
1269  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1270  "Received a variable-length cell with command %d in orconn "
1271  "state %s [%d], channel state %s [%d] with link protocol %d; "
1272  "ignoring it.",
1273  (int)(var_cell->command),
1274  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1275  (int)(TO_CONN(conn)->state),
1276  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1277  (int)(TLS_CHAN_TO_BASE(chan)->state),
1278  (int)(conn->link_proto));
1279  return;
1280  }
1281  break;
1282  default:
1283  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1284  "Received var-length cell with command %d in unexpected "
1285  "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1286  "ignoring it.",
1287  (int)(var_cell->command),
1288  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1289  (int)(TO_CONN(conn)->state),
1290  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1291  (int)(TLS_CHAN_TO_BASE(chan)->state));
1292  return;
1293  }
1294 
1295  /* We note that we're on the internet whenever we read a cell. This is
1296  * a fast operation. */
1298 
1299  /* Now handle the cell */
1300 
1301  switch (var_cell->command) {
1302  case CELL_VERSIONS:
1304  PROCESS_CELL(versions, var_cell, chan);
1305  break;
1306  case CELL_VPADDING:
1308  /* Do nothing */
1309  break;
1310  case CELL_CERTS:
1312  PROCESS_CELL(certs, var_cell, chan);
1313  break;
1314  case CELL_AUTH_CHALLENGE:
1316  PROCESS_CELL(auth_challenge, var_cell, chan);
1317  break;
1318  case CELL_AUTHENTICATE:
1320  PROCESS_CELL(authenticate, var_cell, chan);
1321  break;
1322  case CELL_AUTHORIZE:
1324  /* Ignored so far. */
1325  break;
1326  default:
1328  "Variable-length cell of unknown type (%d) received.",
1329  (int)(var_cell->command));
1330  break;
1331  }
1332 }
1333 
1334 #undef PROCESS_CELL
1335 
1336 /**
1337  * Update channel marks after connection_or.c has changed an address.
1338  *
1339  * This is called from connection_or_init_conn_from_address() after the
1340  * connection's _base.addr or real_addr fields have potentially been changed
1341  * so we can recalculate the local mark. Notably, this happens when incoming
1342  * connections are reverse-proxied and we only learn the real address of the
1343  * remote router by looking it up in the consensus after we finish the
1344  * handshake and know an authenticated identity digest.
1345  */
1346 void
1348 {
1349  channel_t *chan = NULL;
1350 
1351  tor_assert(conn);
1352  tor_assert(conn->chan);
1353 
1354  chan = TLS_CHAN_TO_BASE(conn->chan);
1355 
1356  if (is_local_to_resolve_addr(&(TO_CONN(conn)->addr))) {
1357  if (!channel_is_local(chan)) {
1358  log_debug(LD_CHANNEL,
1359  "Marking channel %"PRIu64 " at %p as local",
1360  (chan->global_identifier), chan);
1361  channel_mark_local(chan);
1362  }
1363  } else {
1364  if (channel_is_local(chan)) {
1365  log_debug(LD_CHANNEL,
1366  "Marking channel %"PRIu64 " at %p as remote",
1367  (chan->global_identifier), chan);
1368  channel_mark_remote(chan);
1369  }
1370  }
1371 }
1372 
1373 /**
1374  * Check if this cell type is allowed before the handshake is finished.
1375  *
1376  * Return true if <b>command</b> is a cell command that's allowed to start a
1377  * V3 handshake.
1378  */
1379 static int
1381 {
1382  switch (command) {
1383  case CELL_VERSIONS:
1384  case CELL_VPADDING:
1385  case CELL_AUTHORIZE:
1386  return 1;
1387  default:
1388  return 0;
1389  }
1390 }
1391 
1392 /**
1393  * Start a V3 handshake on an incoming connection.
1394  *
1395  * Called when we as a server receive an appropriate cell while waiting
1396  * either for a cell or a TLS handshake. Set the connection's state to
1397  * "handshaking_v3', initializes the or_handshake_state field as needed,
1398  * and add the cell to the hash of incoming cells.)
1399  */
1400 static int
1401 enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan)
1402 {
1403  int started_here = 0;
1404 
1405  tor_assert(cell);
1406  tor_assert(chan);
1407  tor_assert(chan->conn);
1408 
1409  started_here = connection_or_nonopen_was_started_here(chan->conn);
1410 
1411  tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING ||
1412  TO_CONN(chan->conn)->state ==
1414 
1415  if (started_here) {
1416  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1417  "Received a cell while TLS-handshaking, not in "
1418  "OR_HANDSHAKING_V3, on a connection we originated.");
1419  }
1421  chan->conn->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
1422  if (connection_init_or_handshake_state(chan->conn, started_here) < 0) {
1423  connection_or_close_for_error(chan->conn, 0);
1424  return -1;
1425  }
1427  chan->conn->handshake_state, cell, 1);
1428  return 0;
1429 }
1430 
1431 /**
1432  * Process a 'versions' cell.
1433  *
1434  * This function is called to handle an incoming VERSIONS cell; the current
1435  * link protocol version must be 0 to indicate that no version has yet been
1436  * negotiated. We compare the versions in the cell to the list of versions
1437  * we support, pick the highest version we have in common, and continue the
1438  * negotiation from there.
1439  */
1440 static void
1442 {
1443  int highest_supported_version = 0;
1444  int started_here = 0;
1445 
1446  tor_assert(cell);
1447  tor_assert(chan);
1448  tor_assert(chan->conn);
1449 
1450  if ((cell->payload_len % 2) == 1) {
1451  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1452  "Received a VERSION cell with odd payload length %d; "
1453  "closing connection.",cell->payload_len);
1454  connection_or_close_for_error(chan->conn, 0);
1455  return;
1456  }
1457 
1458  started_here = connection_or_nonopen_was_started_here(chan->conn);
1459 
1460  if (chan->conn->link_proto != 0 ||
1461  (chan->conn->handshake_state &&
1462  chan->conn->handshake_state->received_versions)) {
1463  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1464  "Received a VERSIONS cell on a connection with its version "
1465  "already set to %d; dropping",
1466  (int)(chan->conn->link_proto));
1467  return;
1468  }
1469  switch (chan->conn->base_.state)
1470  {
1473  break;
1476  default:
1477  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1478  "VERSIONS cell while in unexpected state");
1479  return;
1480  }
1481 
1482  tor_assert(chan->conn->handshake_state);
1483 
1484  {
1485  int i;
1486  const uint8_t *cp = cell->payload;
1487  for (i = 0; i < cell->payload_len / 2; ++i, cp += 2) {
1488  uint16_t v = ntohs(get_uint16(cp));
1489  if (is_or_protocol_version_known(v) && v > highest_supported_version)
1490  highest_supported_version = v;
1491  }
1492  }
1493  if (!highest_supported_version) {
1494  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1495  "Couldn't find a version in common between my version list and the "
1496  "list in the VERSIONS cell; closing connection.");
1497  connection_or_close_for_error(chan->conn, 0);
1498  return;
1499  } else if (highest_supported_version == 1) {
1500  /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
1501  * cells. */
1502  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1503  "Used version negotiation protocol to negotiate a v1 connection. "
1504  "That's crazily non-compliant. Closing connection.");
1505  connection_or_close_for_error(chan->conn, 0);
1506  return;
1507  } else if (highest_supported_version < 3 &&
1508  chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
1509  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1510  "Negotiated link protocol 2 or lower after doing a v3 TLS "
1511  "handshake. Closing connection.");
1512  connection_or_close_for_error(chan->conn, 0);
1513  return;
1514  } else if (highest_supported_version != 2 &&
1515  chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
1516  /* XXXX This should eventually be a log_protocol_warn */
1518  "Negotiated link with non-2 protocol after doing a v2 TLS "
1519  "handshake with %s. Closing connection.",
1520  fmt_addr(&chan->conn->base_.addr));
1521  connection_or_close_for_error(chan->conn, 0);
1522  return;
1523  }
1524 
1525  rep_hist_note_negotiated_link_proto(highest_supported_version, started_here);
1526 
1527  chan->conn->link_proto = highest_supported_version;
1528  chan->conn->handshake_state->received_versions = 1;
1529 
1530  if (chan->conn->link_proto == 2) {
1531  log_info(LD_OR,
1532  "Negotiated version %d with %s:%d; sending NETINFO.",
1533  highest_supported_version,
1534  safe_str_client(chan->conn->base_.address),
1535  chan->conn->base_.port);
1536 
1537  if (connection_or_send_netinfo(chan->conn) < 0) {
1538  connection_or_close_for_error(chan->conn, 0);
1539  return;
1540  }
1541  } else {
1542  const int send_versions = !started_here;
1543  /* If we want to authenticate, send a CERTS cell */
1544  const int send_certs = !started_here || public_server_mode(get_options());
1545  /* If we're a host that got a connection, ask for authentication. */
1546  const int send_chall = !started_here;
1547  /* If our certs cell will authenticate us, we can send a netinfo cell
1548  * right now. */
1549  const int send_netinfo = !started_here;
1550  const int send_any =
1551  send_versions || send_certs || send_chall || send_netinfo;
1552  tor_assert(chan->conn->link_proto >= 3);
1553 
1554  log_info(LD_OR,
1555  "Negotiated version %d with %s:%d; %s%s%s%s%s",
1556  highest_supported_version,
1557  safe_str_client(chan->conn->base_.address),
1558  chan->conn->base_.port,
1559  send_any ? "Sending cells:" : "Waiting for CERTS cell",
1560  send_versions ? " VERSIONS" : "",
1561  send_certs ? " CERTS" : "",
1562  send_chall ? " AUTH_CHALLENGE" : "",
1563  send_netinfo ? " NETINFO" : "");
1564 
1565 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
1566  if (1) {
1567  connection_or_close_normally(chan->conn, 1);
1568  return;
1569  }
1570 #endif /* defined(DISABLE_V3_LINKPROTO_SERVERSIDE) */
1571 
1572  if (send_versions) {
1573  if (connection_or_send_versions(chan->conn, 1) < 0) {
1574  log_warn(LD_OR, "Couldn't send versions cell");
1575  connection_or_close_for_error(chan->conn, 0);
1576  return;
1577  }
1578  }
1579 
1580  /* We set this after sending the versions cell. */
1581  /*XXXXX symbolic const.*/
1582  TLS_CHAN_TO_BASE(chan)->wide_circ_ids =
1583  chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
1584  chan->conn->wide_circ_ids = TLS_CHAN_TO_BASE(chan)->wide_circ_ids;
1585 
1586  TLS_CHAN_TO_BASE(chan)->padding_enabled =
1587  chan->conn->link_proto >= MIN_LINK_PROTO_FOR_CHANNEL_PADDING;
1588 
1589  if (send_certs) {
1590  if (connection_or_send_certs_cell(chan->conn) < 0) {
1591  log_warn(LD_OR, "Couldn't send certs cell");
1592  connection_or_close_for_error(chan->conn, 0);
1593  return;
1594  }
1595  }
1596  if (send_chall) {
1597  if (connection_or_send_auth_challenge_cell(chan->conn) < 0) {
1598  log_warn(LD_OR, "Couldn't send auth_challenge cell");
1599  connection_or_close_for_error(chan->conn, 0);
1600  return;
1601  }
1602  }
1603  if (send_netinfo) {
1604  if (connection_or_send_netinfo(chan->conn) < 0) {
1605  log_warn(LD_OR, "Couldn't send netinfo cell");
1606  connection_or_close_for_error(chan->conn, 0);
1607  return;
1608  }
1609  }
1610  }
1611 }
1612 
1613 /**
1614  * Process a 'padding_negotiate' cell.
1615  *
1616  * This function is called to handle an incoming PADDING_NEGOTIATE cell;
1617  * enable or disable padding accordingly, and read and act on its timeout
1618  * value contents.
1619  */
1620 static void
1622 {
1623  channelpadding_negotiate_t *negotiation;
1624  tor_assert(cell);
1625  tor_assert(chan);
1626  tor_assert(chan->conn);
1627 
1628  if (chan->conn->link_proto < MIN_LINK_PROTO_FOR_CHANNEL_PADDING) {
1629  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1630  "Received a PADDING_NEGOTIATE cell on v%d connection; dropping.",
1631  chan->conn->link_proto);
1632  return;
1633  }
1634 
1635  if (channelpadding_negotiate_parse(&negotiation, cell->payload,
1636  CELL_PAYLOAD_SIZE) < 0) {
1637  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1638  "Received malformed PADDING_NEGOTIATE cell on v%d connection; "
1639  "dropping.", chan->conn->link_proto);
1640 
1641  return;
1642  }
1643 
1644  channelpadding_update_padding_for_channel(TLS_CHAN_TO_BASE(chan),
1645  negotiation);
1646 
1647  channelpadding_negotiate_free(negotiation);
1648 }
1649 
1650 /**
1651  * Convert <b>netinfo_addr</b> into corresponding <b>tor_addr</b>.
1652  * Return 0 on success; on failure, return -1 and log a warning.
1653  */
1654 static int
1656  const netinfo_addr_t *netinfo_addr) {
1657  tor_assert(tor_addr);
1658  tor_assert(netinfo_addr);
1659 
1660  uint8_t type = netinfo_addr_get_addr_type(netinfo_addr);
1661  uint8_t len = netinfo_addr_get_len(netinfo_addr);
1662 
1663  if (type == NETINFO_ADDR_TYPE_IPV4 && len == 4) {
1664  uint32_t ipv4 = netinfo_addr_get_addr_ipv4(netinfo_addr);
1665  tor_addr_from_ipv4h(tor_addr, ipv4);
1666  } else if (type == NETINFO_ADDR_TYPE_IPV6 && len == 16) {
1667  const uint8_t *ipv6_bytes = netinfo_addr_getconstarray_addr_ipv6(
1668  netinfo_addr);
1669  tor_addr_from_ipv6_bytes(tor_addr, ipv6_bytes);
1670  } else {
1671  log_fn(LOG_PROTOCOL_WARN, LD_OR, "Cannot read address from NETINFO "
1672  "- wrong type/length.");
1673  return -1;
1674  }
1675 
1676  return 0;
1677 }
1678 
1679 /**
1680  * Helper: compute the absolute value of a time_t.
1681  *
1682  * (we need this because labs() doesn't always work for time_t, since
1683  * long can be shorter than time_t.)
1684  */
1685 static inline time_t
1686 time_abs(time_t val)
1687 {
1688  return (val < 0) ? -val : val;
1689 }
1690 
1691 /**
1692  * Process a 'netinfo' cell
1693  *
1694  * This function is called to handle an incoming NETINFO cell; read and act
1695  * on its contents, and set the connection state to "open".
1696  */
1697 static void
1698 channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
1699 {
1700  time_t timestamp;
1701  uint8_t my_addr_type;
1702  uint8_t my_addr_len;
1703  uint8_t n_other_addrs;
1704  time_t now = time(NULL);
1705  const routerinfo_t *me = router_get_my_routerinfo();
1706 
1707  time_t apparent_skew = 0;
1708  tor_addr_t my_apparent_addr = TOR_ADDR_NULL;
1709  int started_here = 0;
1710  const char *identity_digest = NULL;
1711 
1712  tor_assert(cell);
1713  tor_assert(chan);
1714  tor_assert(chan->conn);
1715 
1716  if (chan->conn->link_proto < 2) {
1717  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1718  "Received a NETINFO cell on %s connection; dropping.",
1719  chan->conn->link_proto == 0 ? "non-versioned" : "a v1");
1720  return;
1721  }
1722  if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
1723  chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
1724  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1725  "Received a NETINFO cell on non-handshaking connection; dropping.");
1726  return;
1727  }
1728  tor_assert(chan->conn->handshake_state &&
1729  chan->conn->handshake_state->received_versions);
1730  started_here = connection_or_nonopen_was_started_here(chan->conn);
1731  identity_digest = chan->conn->identity_digest;
1732 
1733  if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
1734  tor_assert(chan->conn->link_proto >= 3);
1735  if (started_here) {
1736  if (!(chan->conn->handshake_state->authenticated)) {
1737  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1738  "Got a NETINFO cell from server, "
1739  "but no authentication. Closing the connection.");
1740  connection_or_close_for_error(chan->conn, 0);
1741  return;
1742  }
1743  } else {
1744  /* we're the server. If the client never authenticated, we have
1745  some housekeeping to do.*/
1746  if (!(chan->conn->handshake_state->authenticated)) {
1748  (const char*)(chan->conn->handshake_state->
1749  authenticated_rsa_peer_id)));
1751  (const char*)(chan->conn->handshake_state->
1752  authenticated_ed25519_peer_id.pubkey), 32));
1753  /* If the client never authenticated, it's a tor client or bridge
1754  * relay, and we must not use it for EXTEND requests (nor could we, as
1755  * there are no authenticated peer IDs) */
1756  channel_mark_client(TLS_CHAN_TO_BASE(chan));
1757  channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
1758  chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
1759 
1761  &(chan->conn->base_.addr),
1762  chan->conn->base_.port,
1763  /* zero, checked above */
1764  (const char*)(chan->conn->handshake_state->
1765  authenticated_rsa_peer_id),
1766  NULL, /* Ed25519 ID: Also checked as zero */
1767  0);
1768  }
1769  }
1770  }
1771 
1772  /* Decode the cell. */
1773  netinfo_cell_t *netinfo_cell = NULL;
1774 
1775  ssize_t parsed = netinfo_cell_parse(&netinfo_cell, cell->payload,
1777 
1778  if (parsed < 0) {
1779  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1780  "Failed to parse NETINFO cell - closing connection.");
1781  connection_or_close_for_error(chan->conn, 0);
1782  return;
1783  }
1784 
1785  timestamp = netinfo_cell_get_timestamp(netinfo_cell);
1786 
1787  const netinfo_addr_t *my_addr =
1788  netinfo_cell_getconst_other_addr(netinfo_cell);
1789 
1790  my_addr_type = netinfo_addr_get_addr_type(my_addr);
1791  my_addr_len = netinfo_addr_get_len(my_addr);
1792 
1793  if ((now - chan->conn->handshake_state->sent_versions_at) < 180) {
1794  apparent_skew = now - timestamp;
1795  }
1796  /* We used to check:
1797  * if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) {
1798  *
1799  * This is actually never going to happen, since my_addr_len is at most 255,
1800  * and CELL_PAYLOAD_LEN - 6 is 503. So we know that cp is < end. */
1801 
1802  if (tor_addr_from_netinfo_addr(&my_apparent_addr, my_addr) == -1) {
1803  connection_or_close_for_error(chan->conn, 0);
1804  netinfo_cell_free(netinfo_cell);
1805  return;
1806  }
1807 
1808  if (my_addr_type == NETINFO_ADDR_TYPE_IPV4 && my_addr_len == 4) {
1809  if (!get_options()->BridgeRelay && me &&
1810  tor_addr_eq_ipv4h(&my_apparent_addr, me->addr)) {
1811  TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1812  }
1813  } else if (my_addr_type == NETINFO_ADDR_TYPE_IPV6 &&
1814  my_addr_len == 16) {
1815  if (!get_options()->BridgeRelay && me &&
1816  !tor_addr_is_null(&me->ipv6_addr) &&
1817  tor_addr_eq(&my_apparent_addr, &me->ipv6_addr)) {
1818  TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1819  }
1820  }
1821 
1822  n_other_addrs = netinfo_cell_get_n_my_addrs(netinfo_cell);
1823  for (uint8_t i = 0; i < n_other_addrs; i++) {
1824  /* Consider all the other addresses; if any matches, this connection is
1825  * "canonical." */
1826 
1827  const netinfo_addr_t *netinfo_addr =
1828  netinfo_cell_getconst_my_addrs(netinfo_cell, i);
1829 
1830  tor_addr_t addr;
1831 
1832  if (tor_addr_from_netinfo_addr(&addr, netinfo_addr) == -1) {
1833  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1834  "Bad address in netinfo cell; Skipping.");
1835  continue;
1836  }
1837  /* A relay can connect from anywhere and be canonical, so
1838  * long as it tells you from where it came. This may sound a bit
1839  * concerning... but that's what "canonical" means: that the
1840  * address is one that the relay itself has claimed. The relay
1841  * might be doing something funny, but nobody else is doing a MITM
1842  * on the relay's TCP.
1843  */
1844  if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {
1845  connection_or_set_canonical(chan->conn, 1);
1846  break;
1847  }
1848  }
1849 
1850  netinfo_cell_free(netinfo_cell);
1851 
1852  if (me && !TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer &&
1853  channel_is_canonical(TLS_CHAN_TO_BASE(chan))) {
1854  const char *descr =
1855  TLS_CHAN_TO_BASE(chan)->get_remote_descr(TLS_CHAN_TO_BASE(chan), 0);
1856  log_info(LD_OR,
1857  "We made a connection to a relay at %s (fp=%s) but we think "
1858  "they will not consider this connection canonical. They "
1859  "think we are at %s, but we think its %s.",
1860  safe_str(descr),
1861  safe_str(hex_str(identity_digest, DIGEST_LEN)),
1862  safe_str(tor_addr_is_null(&my_apparent_addr) ?
1863  "<none>" : fmt_and_decorate_addr(&my_apparent_addr)),
1864  safe_str(fmt_addr32(me->addr)));
1865  }
1866 
1867  /* Act on apparent skew. */
1868  /** Warn when we get a netinfo skew with at least this value. */
1869 #define NETINFO_NOTICE_SKEW 3600
1870  if (time_abs(apparent_skew) > NETINFO_NOTICE_SKEW &&
1871  (started_here ||
1872  connection_or_digest_is_known_relay(chan->conn->identity_digest))) {
1873  int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
1874  clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL,
1875  "NETINFO cell", "OR");
1876  }
1877 
1878  /* XXX maybe act on my_apparent_addr, if the source is sufficiently
1879  * trustworthy. */
1880 
1881  if (! chan->conn->handshake_state->sent_netinfo) {
1882  /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
1883  * cell, then we would not previously have sent a NETINFO cell. Do so
1884  * now. */
1885  if (connection_or_send_netinfo(chan->conn) < 0) {
1886  connection_or_close_for_error(chan->conn, 0);
1887  return;
1888  }
1889  }
1890 
1891  if (connection_or_set_state_open(chan->conn) < 0) {
1892  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1893  "Got good NETINFO cell from %s:%d; but "
1894  "was unable to make the OR connection become open.",
1895  safe_str_client(chan->conn->base_.address),
1896  chan->conn->base_.port);
1897  connection_or_close_for_error(chan->conn, 0);
1898  } else {
1899  log_info(LD_OR,
1900  "Got good NETINFO cell from %s:%d; OR connection is now "
1901  "open, using protocol version %d. Its ID digest is %s. "
1902  "Our address is apparently %s.",
1903  safe_str_client(chan->conn->base_.address),
1904  chan->conn->base_.port,
1905  (int)(chan->conn->link_proto),
1906  hex_str(identity_digest, DIGEST_LEN),
1907  tor_addr_is_null(&my_apparent_addr) ?
1908  "<none>" :
1909  safe_str_client(fmt_and_decorate_addr(&my_apparent_addr)));
1910  }
1911  assert_connection_ok(TO_CONN(chan->conn),time(NULL));
1912 }
1913 
1914 /** Types of certificates that we know how to parse from CERTS cells. Each
1915  * type corresponds to a different encoding format. */
1916 typedef enum cert_encoding_t {
1917  CERT_ENCODING_UNKNOWN, /**< We don't recognize this. */
1918  CERT_ENCODING_X509, /**< It's an RSA key, signed with RSA, encoded in x509.
1919  * (Actually, it might not be RSA. We test that later.) */
1920  CERT_ENCODING_ED25519, /**< It's something signed with an Ed25519 key,
1921  * encoded asa a tor_cert_t.*/
1922  CERT_ENCODING_RSA_CROSSCERT, /**< It's an Ed key signed with an RSA key. */
1923 } cert_encoding_t;
1924 
1925 /**
1926  * Given one of the certificate type codes used in a CERTS cell,
1927  * return the corresponding cert_encoding_t that we should use to parse
1928  * the certificate.
1929  */
1930 static cert_encoding_t
1932 {
1933  switch (typenum) {
1934  case CERTTYPE_RSA1024_ID_LINK:
1935  case CERTTYPE_RSA1024_ID_ID:
1936  case CERTTYPE_RSA1024_ID_AUTH:
1937  return CERT_ENCODING_X509;
1938  case CERTTYPE_ED_ID_SIGN:
1939  case CERTTYPE_ED_SIGN_LINK:
1940  case CERTTYPE_ED_SIGN_AUTH:
1941  return CERT_ENCODING_ED25519;
1942  case CERTTYPE_RSA1024_ID_EDID:
1944  default:
1945  return CERT_ENCODING_UNKNOWN;
1946  }
1947 }
1948 
1949 /**
1950  * Process a CERTS cell from a channel.
1951  *
1952  * This function is called to process an incoming CERTS cell on a
1953  * channel_tls_t:
1954  *
1955  * If the other side should not have sent us a CERTS cell, or the cell is
1956  * malformed, or it is supposed to authenticate the TLS key but it doesn't,
1957  * then mark the connection.
1958  *
1959  * If the cell has a good cert chain and we're doing a v3 handshake, then
1960  * store the certificates in or_handshake_state. If this is the client side
1961  * of the connection, we then authenticate the server or mark the connection.
1962  * If it's the server side, wait for an AUTHENTICATE cell.
1963  */
1964 STATIC void
1965 channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
1966 {
1967 #define MAX_CERT_TYPE_WANTED CERTTYPE_RSA1024_ID_EDID
1968  /* These arrays will be sparse, since a cert type can be at most one
1969  * of ed/x509 */
1970  tor_x509_cert_t *x509_certs[MAX_CERT_TYPE_WANTED + 1];
1971  tor_cert_t *ed_certs[MAX_CERT_TYPE_WANTED + 1];
1972  uint8_t *rsa_ed_cc_cert = NULL;
1973  size_t rsa_ed_cc_cert_len = 0;
1974 
1975  int n_certs, i;
1976  certs_cell_t *cc = NULL;
1977 
1978  int send_netinfo = 0, started_here = 0;
1979 
1980  memset(x509_certs, 0, sizeof(x509_certs));
1981  memset(ed_certs, 0, sizeof(ed_certs));
1982  tor_assert(cell);
1983  tor_assert(chan);
1984  tor_assert(chan->conn);
1985 
1986 #define ERR(s) \
1987  do { \
1988  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1989  "Received a bad CERTS cell from %s:%d: %s", \
1990  safe_str(chan->conn->base_.address), \
1991  chan->conn->base_.port, (s)); \
1992  connection_or_close_for_error(chan->conn, 0); \
1993  goto err; \
1994  } while (0)
1995 
1996  /* Can't use connection_or_nonopen_was_started_here(); its conn->tls
1997  * check looks like it breaks
1998  * test_link_handshake_recv_certs_ok_server(). */
1999  started_here = chan->conn->handshake_state->started_here;
2000 
2001  if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2002  ERR("We're not doing a v3 handshake!");
2003  if (chan->conn->link_proto < 3)
2004  ERR("We're not using link protocol >= 3");
2005  if (chan->conn->handshake_state->received_certs_cell)
2006  ERR("We already got one");
2007  if (chan->conn->handshake_state->authenticated) {
2008  /* Should be unreachable, but let's make sure. */
2009  ERR("We're already authenticated!");
2010  }
2011  if (cell->payload_len < 1)
2012  ERR("It had no body");
2013  if (cell->circ_id)
2014  ERR("It had a nonzero circuit ID");
2015 
2016  if (certs_cell_parse(&cc, cell->payload, cell->payload_len) < 0)
2017  ERR("It couldn't be parsed.");
2018 
2019  n_certs = cc->n_certs;
2020 
2021  for (i = 0; i < n_certs; ++i) {
2022  certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
2023 
2024  uint16_t cert_type = c->cert_type;
2025  uint16_t cert_len = c->cert_len;
2026  uint8_t *cert_body = certs_cell_cert_getarray_body(c);
2027 
2028  if (cert_type > MAX_CERT_TYPE_WANTED)
2029  continue;
2030  const cert_encoding_t ct = certs_cell_typenum_to_cert_type(cert_type);
2031  switch (ct) {
2032  default:
2033  case CERT_ENCODING_UNKNOWN:
2034  break;
2035  case CERT_ENCODING_X509: {
2036  tor_x509_cert_t *x509_cert = tor_x509_cert_decode(cert_body, cert_len);
2037  if (!x509_cert) {
2038  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2039  "Received undecodable certificate in CERTS cell from %s:%d",
2040  safe_str(chan->conn->base_.address),
2041  chan->conn->base_.port);
2042  } else {
2043  if (x509_certs[cert_type]) {
2044  tor_x509_cert_free(x509_cert);
2045  ERR("Duplicate x509 certificate");
2046  } else {
2047  x509_certs[cert_type] = x509_cert;
2048  }
2049  }
2050  break;
2051  }
2052  case CERT_ENCODING_ED25519: {
2053  tor_cert_t *ed_cert = tor_cert_parse(cert_body, cert_len);
2054  if (!ed_cert) {
2055  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2056  "Received undecodable Ed certificate "
2057  "in CERTS cell from %s:%d",
2058  safe_str(chan->conn->base_.address),
2059  chan->conn->base_.port);
2060  } else {
2061  if (ed_certs[cert_type]) {
2062  tor_cert_free(ed_cert);
2063  ERR("Duplicate Ed25519 certificate");
2064  } else {
2065  ed_certs[cert_type] = ed_cert;
2066  }
2067  }
2068  break;
2069  }
2070 
2072  if (rsa_ed_cc_cert) {
2073  ERR("Duplicate RSA->Ed25519 crosscert");
2074  } else {
2075  rsa_ed_cc_cert = tor_memdup(cert_body, cert_len);
2076  rsa_ed_cc_cert_len = cert_len;
2077  }
2078  break;
2079  }
2080  }
2081  }
2082 
2083  /* Move the certificates we (might) want into the handshake_state->certs
2084  * structure. */
2085  tor_x509_cert_t *id_cert = x509_certs[CERTTYPE_RSA1024_ID_ID];
2086  tor_x509_cert_t *auth_cert = x509_certs[CERTTYPE_RSA1024_ID_AUTH];
2087  tor_x509_cert_t *link_cert = x509_certs[CERTTYPE_RSA1024_ID_LINK];
2088  chan->conn->handshake_state->certs->auth_cert = auth_cert;
2089  chan->conn->handshake_state->certs->link_cert = link_cert;
2090  chan->conn->handshake_state->certs->id_cert = id_cert;
2091  x509_certs[CERTTYPE_RSA1024_ID_ID] =
2092  x509_certs[CERTTYPE_RSA1024_ID_AUTH] =
2093  x509_certs[CERTTYPE_RSA1024_ID_LINK] = NULL;
2094 
2095  tor_cert_t *ed_id_sign = ed_certs[CERTTYPE_ED_ID_SIGN];
2096  tor_cert_t *ed_sign_link = ed_certs[CERTTYPE_ED_SIGN_LINK];
2097  tor_cert_t *ed_sign_auth = ed_certs[CERTTYPE_ED_SIGN_AUTH];
2098  chan->conn->handshake_state->certs->ed_id_sign = ed_id_sign;
2099  chan->conn->handshake_state->certs->ed_sign_link = ed_sign_link;
2100  chan->conn->handshake_state->certs->ed_sign_auth = ed_sign_auth;
2101  ed_certs[CERTTYPE_ED_ID_SIGN] =
2102  ed_certs[CERTTYPE_ED_SIGN_LINK] =
2103  ed_certs[CERTTYPE_ED_SIGN_AUTH] = NULL;
2104 
2105  chan->conn->handshake_state->certs->ed_rsa_crosscert = rsa_ed_cc_cert;
2106  chan->conn->handshake_state->certs->ed_rsa_crosscert_len =
2107  rsa_ed_cc_cert_len;
2108  rsa_ed_cc_cert = NULL;
2109 
2110  int severity;
2111  /* Note that this warns more loudly about time and validity if we were
2112  * _trying_ to connect to an authority, not necessarily if we _did_ connect
2113  * to one. */
2114  if (started_here &&
2115  router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest))
2116  severity = LOG_WARN;
2117  else
2118  severity = LOG_PROTOCOL_WARN;
2119 
2120  const ed25519_public_key_t *checked_ed_id = NULL;
2121  const common_digests_t *checked_rsa_id = NULL;
2123  chan->conn->handshake_state->certs,
2124  chan->conn->tls,
2125  time(NULL),
2126  &checked_ed_id,
2127  &checked_rsa_id);
2128 
2129  if (!checked_rsa_id)
2130  ERR("Invalid certificate chain!");
2131 
2132  if (started_here) {
2133  /* No more information is needed. */
2134 
2135  chan->conn->handshake_state->authenticated = 1;
2136  chan->conn->handshake_state->authenticated_rsa = 1;
2137  {
2138  const common_digests_t *id_digests = checked_rsa_id;
2139  crypto_pk_t *identity_rcvd;
2140  if (!id_digests)
2141  ERR("Couldn't compute digests for key in ID cert");
2142 
2143  identity_rcvd = tor_tls_cert_get_key(id_cert);
2144  if (!identity_rcvd) {
2145  ERR("Couldn't get RSA key from ID cert.");
2146  }
2147  memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2148  id_digests->d[DIGEST_SHA1], DIGEST_LEN);
2149  channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
2150  chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2151  crypto_pk_free(identity_rcvd);
2152  }
2153 
2154  if (checked_ed_id) {
2155  chan->conn->handshake_state->authenticated_ed25519 = 1;
2156  memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2157  checked_ed_id, sizeof(ed25519_public_key_t));
2158  }
2159 
2160  log_debug(LD_HANDSHAKE, "calling client_learned_peer_id from "
2161  "process_certs_cell");
2162 
2163  if (connection_or_client_learned_peer_id(chan->conn,
2164  chan->conn->handshake_state->authenticated_rsa_peer_id,
2165  checked_ed_id) < 0)
2166  ERR("Problem setting or checking peer id");
2167 
2168  log_info(LD_HANDSHAKE,
2169  "Got some good certificates from %s:%d: Authenticated it with "
2170  "RSA%s",
2171  safe_str(chan->conn->base_.address), chan->conn->base_.port,
2172  checked_ed_id ? " and Ed25519" : "");
2173 
2174  if (!public_server_mode(get_options())) {
2175  /* If we initiated the connection and we are not a public server, we
2176  * aren't planning to authenticate at all. At this point we know who we
2177  * are talking to, so we can just send a netinfo now. */
2178  send_netinfo = 1;
2179  }
2180  } else {
2181  /* We can't call it authenticated till we see an AUTHENTICATE cell. */
2182  log_info(LD_OR,
2183  "Got some good RSA%s certificates from %s:%d. "
2184  "Waiting for AUTHENTICATE.",
2185  checked_ed_id ? " and Ed25519" : "",
2186  safe_str(chan->conn->base_.address),
2187  chan->conn->base_.port);
2188  /* XXXX check more stuff? */
2189  }
2190 
2191  chan->conn->handshake_state->received_certs_cell = 1;
2192 
2193  if (send_netinfo) {
2194  if (connection_or_send_netinfo(chan->conn) < 0) {
2195  log_warn(LD_OR, "Couldn't send netinfo cell");
2196  connection_or_close_for_error(chan->conn, 0);
2197  goto err;
2198  }
2199  }
2200 
2201  err:
2202  for (unsigned u = 0; u < ARRAY_LENGTH(x509_certs); ++u) {
2203  tor_x509_cert_free(x509_certs[u]);
2204  }
2205  for (unsigned u = 0; u < ARRAY_LENGTH(ed_certs); ++u) {
2206  tor_cert_free(ed_certs[u]);
2207  }
2208  tor_free(rsa_ed_cc_cert);
2209  certs_cell_free(cc);
2210 #undef ERR
2211 }
2212 
2213 /**
2214  * Process an AUTH_CHALLENGE cell from a channel_tls_t.
2215  *
2216  * This function is called to handle an incoming AUTH_CHALLENGE cell on a
2217  * channel_tls_t; if we weren't supposed to get one (for example, because we're
2218  * not the originator of the channel), or it's ill-formed, or we aren't doing
2219  * a v3 handshake, mark the channel. If the cell is well-formed but we don't
2220  * want to authenticate, just drop it. If the cell is well-formed *and* we
2221  * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
2222  */
2223 STATIC void
2225 {
2226  int n_types, i, use_type = -1;
2227  auth_challenge_cell_t *ac = NULL;
2228 
2229  tor_assert(cell);
2230  tor_assert(chan);
2231  tor_assert(chan->conn);
2232 
2233 #define ERR(s) \
2234  do { \
2235  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2236  "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
2237  safe_str(chan->conn->base_.address), \
2238  chan->conn->base_.port, (s)); \
2239  connection_or_close_for_error(chan->conn, 0); \
2240  goto done; \
2241  } while (0)
2242 
2243  if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2244  ERR("We're not currently doing a v3 handshake");
2245  if (chan->conn->link_proto < 3)
2246  ERR("We're not using link protocol >= 3");
2247  if (!(chan->conn->handshake_state->started_here))
2248  ERR("We didn't originate this connection");
2249  if (chan->conn->handshake_state->received_auth_challenge)
2250  ERR("We already received one");
2251  if (!(chan->conn->handshake_state->received_certs_cell))
2252  ERR("We haven't gotten a CERTS cell yet");
2253  if (cell->circ_id)
2254  ERR("It had a nonzero circuit ID");
2255 
2256  if (auth_challenge_cell_parse(&ac, cell->payload, cell->payload_len) < 0)
2257  ERR("It was not well-formed.");
2258 
2259  n_types = ac->n_methods;
2260 
2261  /* Now see if there is an authentication type we can use */
2262  for (i = 0; i < n_types; ++i) {
2263  uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
2264  if (authchallenge_type_is_supported(authtype)) {
2265  if (use_type == -1 ||
2266  authchallenge_type_is_better(authtype, use_type)) {
2267  use_type = authtype;
2268  }
2269  }
2270  }
2271 
2272  chan->conn->handshake_state->received_auth_challenge = 1;
2273 
2274  if (! public_server_mode(get_options())) {
2275  /* If we're not a public server then we don't want to authenticate on a
2276  connection we originated, and we already sent a NETINFO cell when we
2277  got the CERTS cell. We have nothing more to do. */
2278  goto done;
2279  }
2280 
2281  if (use_type >= 0) {
2282  log_info(LD_OR,
2283  "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
2284  "authentication type %d",
2285  safe_str(chan->conn->base_.address),
2286  chan->conn->base_.port,
2287  use_type);
2288 
2289  if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) {
2290  log_warn(LD_OR,
2291  "Couldn't send authenticate cell");
2292  connection_or_close_for_error(chan->conn, 0);
2293  goto done;
2294  }
2295  } else {
2296  log_info(LD_OR,
2297  "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
2298  "know any of its authentication types. Not authenticating.",
2299  safe_str(chan->conn->base_.address),
2300  chan->conn->base_.port);
2301  }
2302 
2303  if (connection_or_send_netinfo(chan->conn) < 0) {
2304  log_warn(LD_OR, "Couldn't send netinfo cell");
2305  connection_or_close_for_error(chan->conn, 0);
2306  goto done;
2307  }
2308 
2309  done:
2310  auth_challenge_cell_free(ac);
2311 
2312 #undef ERR
2313 }
2314 
2315 /**
2316  * Process an AUTHENTICATE cell from a channel_tls_t.
2317  *
2318  * If it's ill-formed or we weren't supposed to get one or we're not doing a
2319  * v3 handshake, then mark the connection. If it does not authenticate the
2320  * other side of the connection successfully (because it isn't signed right,
2321  * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
2322  * the identity of the router on the other side of the connection.
2323  */
2324 STATIC void
2326 {
2327  var_cell_t *expected_cell = NULL;
2328  const uint8_t *auth;
2329  int authlen;
2330  int authtype;
2331  int bodylen;
2332 
2333  tor_assert(cell);
2334  tor_assert(chan);
2335  tor_assert(chan->conn);
2336 
2337 #define ERR(s) \
2338  do { \
2339  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2340  "Received a bad AUTHENTICATE cell from %s:%d: %s", \
2341  safe_str(chan->conn->base_.address), \
2342  chan->conn->base_.port, (s)); \
2343  connection_or_close_for_error(chan->conn, 0); \
2344  var_cell_free(expected_cell); \
2345  return; \
2346  } while (0)
2347 
2348  if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2349  ERR("We're not doing a v3 handshake");
2350  if (chan->conn->link_proto < 3)
2351  ERR("We're not using link protocol >= 3");
2352  if (chan->conn->handshake_state->started_here)
2353  ERR("We originated this connection");
2354  if (chan->conn->handshake_state->received_authenticate)
2355  ERR("We already got one!");
2356  if (chan->conn->handshake_state->authenticated) {
2357  /* Should be impossible given other checks */
2358  ERR("The peer is already authenticated");
2359  }
2360  if (!(chan->conn->handshake_state->received_certs_cell))
2361  ERR("We never got a certs cell");
2362  if (chan->conn->handshake_state->certs->id_cert == NULL)
2363  ERR("We never got an identity certificate");
2364  if (cell->payload_len < 4)
2365  ERR("Cell was way too short");
2366 
2367  auth = cell->payload;
2368  {
2369  uint16_t type = ntohs(get_uint16(auth));
2370  uint16_t len = ntohs(get_uint16(auth+2));
2371  if (4 + len > cell->payload_len)
2372  ERR("Authenticator was truncated");
2373 
2374  if (! authchallenge_type_is_supported(type))
2375  ERR("Authenticator type was not recognized");
2376  authtype = type;
2377 
2378  auth += 4;
2379  authlen = len;
2380  }
2381 
2382  if (authlen < V3_AUTH_BODY_LEN + 1)
2383  ERR("Authenticator was too short");
2384 
2386  chan->conn, authtype, NULL, NULL, 1);
2387  if (! expected_cell)
2388  ERR("Couldn't compute expected AUTHENTICATE cell body");
2389 
2390  int sig_is_rsa;
2391  if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET ||
2392  authtype == AUTHTYPE_RSA_SHA256_RFC5705) {
2393  bodylen = V3_AUTH_BODY_LEN;
2394  sig_is_rsa = 1;
2395  } else {
2397  /* Our earlier check had better have made sure we had room
2398  * for an ed25519 sig (inadvertently) */
2400  bodylen = authlen - ED25519_SIG_LEN;
2401  sig_is_rsa = 0;
2402  }
2403  if (expected_cell->payload_len != bodylen+4) {
2404  ERR("Expected AUTHENTICATE cell body len not as expected.");
2405  }
2406 
2407  /* Length of random part. */
2408  if (BUG(bodylen < 24)) {
2409  // LCOV_EXCL_START
2410  ERR("Bodylen is somehow less than 24, which should really be impossible");
2411  // LCOV_EXCL_STOP
2412  }
2413 
2414  if (tor_memneq(expected_cell->payload+4, auth, bodylen-24))
2415  ERR("Some field in the AUTHENTICATE cell body was not as expected");
2416 
2417  if (sig_is_rsa) {
2418  if (chan->conn->handshake_state->certs->ed_id_sign != NULL)
2419  ERR("RSA-signed AUTHENTICATE response provided with an ED25519 cert");
2420 
2421  if (chan->conn->handshake_state->certs->auth_cert == NULL)
2422  ERR("We never got an RSA authentication certificate");
2423 
2425  chan->conn->handshake_state->certs->auth_cert);
2426  char d[DIGEST256_LEN];
2427  char *signed_data;
2428  size_t keysize;
2429  int signed_len;
2430 
2431  if (! pk) {
2432  ERR("Couldn't get RSA key from AUTH cert.");
2433  }
2434  crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
2435 
2436  keysize = crypto_pk_keysize(pk);
2437  signed_data = tor_malloc(keysize);
2438  signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
2439  (char*)auth + V3_AUTH_BODY_LEN,
2440  authlen - V3_AUTH_BODY_LEN);
2441  crypto_pk_free(pk);
2442  if (signed_len < 0) {
2443  tor_free(signed_data);
2444  ERR("RSA signature wasn't valid");
2445  }
2446  if (signed_len < DIGEST256_LEN) {
2447  tor_free(signed_data);
2448  ERR("Not enough data was signed");
2449  }
2450  /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
2451  * in case they're later used to hold a SHA3 digest or something. */
2452  if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
2453  tor_free(signed_data);
2454  ERR("Signature did not match data to be signed.");
2455  }
2456  tor_free(signed_data);
2457  } else {
2458  if (chan->conn->handshake_state->certs->ed_id_sign == NULL)
2459  ERR("We never got an Ed25519 identity certificate.");
2460  if (chan->conn->handshake_state->certs->ed_sign_auth == NULL)
2461  ERR("We never got an Ed25519 authentication certificate.");
2462 
2463  const ed25519_public_key_t *authkey =
2464  &chan->conn->handshake_state->certs->ed_sign_auth->signed_key;
2465  ed25519_signature_t sig;
2466  tor_assert(authlen > ED25519_SIG_LEN);
2467  memcpy(&sig.sig, auth + authlen - ED25519_SIG_LEN, ED25519_SIG_LEN);
2468  if (ed25519_checksig(&sig, auth, authlen - ED25519_SIG_LEN, authkey)<0) {
2469  ERR("Ed25519 signature wasn't valid.");
2470  }
2471  }
2472 
2473  /* Okay, we are authenticated. */
2474  chan->conn->handshake_state->received_authenticate = 1;
2475  chan->conn->handshake_state->authenticated = 1;
2476  chan->conn->handshake_state->authenticated_rsa = 1;
2477  chan->conn->handshake_state->digest_received_data = 0;
2478  {
2479  tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert;
2480  crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(id_cert);
2481  const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
2482  const ed25519_public_key_t *ed_identity_received = NULL;
2483 
2484  if (! sig_is_rsa) {
2485  chan->conn->handshake_state->authenticated_ed25519 = 1;
2486  ed_identity_received =
2487  &chan->conn->handshake_state->certs->ed_id_sign->signing_key;
2488  memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2489  ed_identity_received, sizeof(ed25519_public_key_t));
2490  }
2491 
2492  /* This must exist; we checked key type when reading the cert. */
2493  tor_assert(id_digests);
2494 
2495  memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2496  id_digests->d[DIGEST_SHA1], DIGEST_LEN);
2497 
2498  channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
2499  chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2500  crypto_pk_free(identity_rcvd);
2501 
2502  log_debug(LD_HANDSHAKE,
2503  "Calling connection_or_init_conn_from_address for %s "
2504  " from %s, with%s ed25519 id.",
2505  safe_str(chan->conn->base_.address),
2506  __func__,
2507  ed_identity_received ? "" : "out");
2508 
2510  &(chan->conn->base_.addr),
2511  chan->conn->base_.port,
2512  (const char*)(chan->conn->handshake_state->
2513  authenticated_rsa_peer_id),
2514  ed_identity_received,
2515  0);
2516 
2517  log_debug(LD_HANDSHAKE,
2518  "Got an AUTHENTICATE cell from %s:%d, type %d: Looks good.",
2519  safe_str(chan->conn->base_.address),
2520  chan->conn->base_.port,
2521  authtype);
2522  }
2523 
2524  var_cell_free(expected_cell);
2525 
2526 #undef ERR
2527 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:287
CHANNEL_STATE_OPENING
@ CHANNEL_STATE_OPENING
Definition: channel.h:70
routermode.h
Header file for routermode.c.
tor_free
#define tor_free(p)
Definition: malloc.h:52
routerinfo_t
Definition: routerinfo_st.h:20
CERT_ENCODING_UNKNOWN
@ CERT_ENCODING_UNKNOWN
Definition: channeltls.c:1917
connection_or_send_netinfo
int connection_or_send_netinfo(or_connection_t *conn)
Definition: connection_or.c:2471
channel_tls_handle_state_change_on_orconn
void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, or_connection_t *conn, uint8_t state)
Definition: channeltls.c:953
entry_guards_note_internet_connectivity
void entry_guards_note_internet_connectivity(guard_selection_t *gs)
Definition: entrynodes.c:2070
circuitmux_ewma.h
Header file for circuitmux_ewma.c.
hex_str
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
connection_or_send_versions
int connection_or_send_versions(or_connection_t *conn, int v3_plus)
Definition: connection_or.c:2416
stats_n_authorize_cells_processed
uint64_t stats_n_authorize_cells_processed
Definition: channeltls.c:94
or_connection_t::handshake_state
or_handshake_state_t * handshake_state
Definition: or_connection_st.h:84
channel_tls_num_bytes_queued_method
static size_t channel_tls_num_bytes_queued_method(channel_t *chan)
Definition: channeltls.c:755
OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
Definition: orconn_event.h:43
channel_tls_from_base
channel_tls_t * channel_tls_from_base(channel_t *chan)
Definition: channeltls.c:383
tor_addr_t
Definition: address.h:68
channel_change_state_open
void channel_change_state_open(channel_t *chan)
Definition: channel.c:1602
connection_t::address
char * address
Definition: connection_st.h:125
channel_tls_listener_describe_transport_method
static const char * channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
Definition: channeltls.c:935
channel_t::matches_extend_info
int(* matches_extend_info)(channel_t *, extend_info_t *)
Definition: channel.h:360
channel_tls_handle_cell
void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
Definition: channeltls.c:1056
channel_tls_write_var_cell_method
static int channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
Definition: channeltls.c:864
channel_mark_client
void channel_mark_client(channel_t *chan)
Definition: channel.c:2925
circuitmux_alloc
circuitmux_t * circuitmux_alloc(void)
Definition: circuitmux.c:193
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
control.h
Header file for control.c.
channel_tls_is_canonical_method
static int channel_tls_is_canonical_method(channel_t *chan, int req)
Definition: channeltls.c:651
channel_state_to_string
const char * channel_state_to_string(channel_state_t state)
Definition: channel.c:321
tor_addr_eq_ipv4h
static int tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u)
Definition: address.h:212
router.h
Header file for router.c.
fast_mem_is_zero
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
channel_mark_for_close
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1117
channel_change_state
void channel_change_state(channel_t *chan, channel_state_t to_state)
Definition: channel.c:1592
channel.h
Header file for channel.c.
channel_t::matches_target
int(* matches_target)(channel_t *, const tor_addr_t *)
Definition: channel.h:362
stats_n_auth_challenge_cells_processed
uint64_t stats_n_auth_challenge_cells_processed
Definition: channeltls.c:90
LD_GENERAL
#define LD_GENERAL
Definition: log.h:62
PADDING_TYPE_ENABLED_CELL
@ PADDING_TYPE_ENABLED_CELL
Definition: rephist.h:124
channel_t::is_canonical
int(* is_canonical)(channel_t *, int)
Definition: channel.h:358
conn_state_to_string
const char * conn_state_to_string(int type, int state)
Definition: connection.c:278
channel_t::write_var_cell
int(* write_var_cell)(channel_t *, var_cell_t *)
Definition: channel.h:372
connection_init_or_handshake_state
int connection_init_or_handshake_state(or_connection_t *conn, int started_here)
Definition: connection_or.c:2115
channel_listener_register
void channel_listener_register(channel_listener_t *chan_l)
Definition: channel.c:489
router_get_my_routerinfo
const routerinfo_t * router_get_my_routerinfo(void)
Definition: router.c:1740
channel_tls_get_listener
channel_listener_t * channel_tls_get_listener(void)
Definition: channeltls.c:254
channel_listener_t::close
void(* close)(channel_listener_t *)
Definition: channel.h:496
OR_CONN_STATE_TLS_HANDSHAKING
#define OR_CONN_STATE_TLS_HANDSHAKING
Definition: orconn_event.h:36
connection_or_client_learned_peer_id
int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id)
Definition: connection_or.c:1879
is_or_protocol_version_known
int is_or_protocol_version_known(uint16_t v)
Definition: connection_or.c:2397
CHANNEL_LISTENER_STATE_CLOSED
@ CHANNEL_LISTENER_STATE_CLOSED
Definition: channel.h:135
stats_n_versions_cells_processed
uint64_t stats_n_versions_cells_processed
Definition: channeltls.c:82
get_guard_selection_info
guard_selection_t * get_guard_selection_info(void)
Definition: entrynodes.c:307
tor_addr_from_ipv6_bytes
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:891
channel_tls_update_marks
void channel_tls_update_marks(or_connection_t *conn)
Definition: channeltls.c:1347
channel_is_canonical
int channel_is_canonical(channel_t *chan)
Definition: channel.c:2952
CERT_ENCODING_RSA_CROSSCERT
@ CERT_ENCODING_RSA_CROSSCERT
Definition: channeltls.c:1922
channel_tls_write_cell_method
static int channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
Definition: channeltls.c:802
command_allowed_before_handshake
static int command_allowed_before_handshake(uint8_t command)
Definition: channeltls.c:1380
or_handshake_state_record_cell
void or_handshake_state_record_cell(or_connection_t *conn, or_handshake_state_t *state, const cell_t *cell, int incoming)
Definition: connection_or.c:2158
cert_encoding_t
cert_encoding_t
Definition: channeltls.c:1916
CERT_ENCODING_X509
@ CERT_ENCODING_X509
Definition: channeltls.c:1918
channel_listener_t::state
channel_listener_state_t state
Definition: channel.h:468
V3_AUTH_BODY_LEN
#define V3_AUTH_BODY_LEN
Definition: or.h:707
authchallenge_type_is_better
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
Definition: relay_handshake.c:215
channel_tls_close_method
static void channel_tls_close_method(channel_t *chan)
Definition: channeltls.c:402
connection_or_write_var_cell_to_buf
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
Definition: connection_or.c:2293
channel_tls_get_overhead_estimate_method
static double channel_tls_get_overhead_estimate_method(channel_t *chan)
Definition: channeltls.c:479
tor_addr_make_unspec
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
or_connection_t::link_proto
uint16_t link_proto
Definition: or_connection_st.h:78
or_connection_t
Definition: or_connection_st.h:22
tor_snprintf
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
routerinfo_t::ipv6_addr
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:29
common_digests_t
Definition: crypto_digest.h:87
connection_t::port
uint16_t port
Definition: connection_st.h:116
CELL_PAYLOAD_SIZE
#define CELL_PAYLOAD_SIZE
Definition: or.h:577
channel_t::get_overhead_estimate
double(* get_overhead_estimate)(channel_t *)
Definition: channel.h:330
AUTHTYPE_RSA_SHA256_RFC5705
#define AUTHTYPE_RSA_SHA256_RFC5705
Definition: or.h:689
circuitmux.h
Header file for circuitmux.c.
channel_tls_process_authenticate_cell
STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:2325
channel_t::cmux
circuitmux_t * cmux
Definition: channel.h:402
networkstatus.h
Header file for networkstatus.c.
channel_tls_connect
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
Definition: channeltls.c:191
rep_hist_note_negotiated_link_proto
void rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here)
Definition: rephist.c:2721
scheduler.h
Header file for scheduler*.c.
channel_t::has_queued_writes
int(* has_queued_writes)(channel_t *)
Definition: channel.h:351
cell_t
Definition: cell_st.h:17
or_connection_t::chan
channel_tls_t * chan
Definition: or_connection_st.h:50
channel_tls_process_netinfo_cell
static void channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1698
dirlist.h
Header file for dirlist.c.
rep_hist_padding_count_read
void rep_hist_padding_count_read(padding_type_t type)
Definition: rephist.c:2779
channel_is_local
int channel_is_local(channel_t *chan)
Definition: channel.c:3013
tor_addr_from_netinfo_addr
static int tor_addr_from_netinfo_addr(tor_addr_t *tor_addr, const netinfo_addr_t *netinfo_addr)
Definition: channeltls.c:1655
or_handshake_certs_check_both
void or_handshake_certs_check_both(int severity, or_handshake_certs_t *certs, tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out)
Definition: torcert.c:685
stats_n_netinfo_cells_processed
uint64_t stats_n_netinfo_cells_processed
Definition: channeltls.c:84
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
CHANNEL_STATE_MAINT
@ CHANNEL_STATE_MAINT
Definition: channel.h:94
LD_CHANNEL
#define LD_CHANNEL
Definition: log.h:105
OR_CONN_STATE_OPEN
#define OR_CONN_STATE_OPEN
Definition: orconn_event.h:53
extend_info_has_orport
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:240
stats_n_authenticate_cells_processed
uint64_t stats_n_authenticate_cells_processed
Definition: channeltls.c:92
channel_tls_get_remote_descr_method
static const char * channel_tls_get_remote_descr_method(channel_t *chan, int flags)
Definition: channeltls.c:566
ed25519_checksig
int ed25519_checksig(const ed25519_signature_t *signature, const uint8_t *msg, size_t len, const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:327
packed_cell_t
Definition: cell_queue_st.h:18
fmt_and_decorate_addr
#define fmt_and_decorate_addr(a)
Definition: address.h:243
channel_tls_matches_target_method
static int channel_tls_matches_target_method(channel_t *chan, const tor_addr_t *target)
Definition: channeltls.c:718
PADDING_TYPE_ENABLED_TOTAL
@ PADDING_TYPE_ENABLED_TOTAL
Definition: rephist.h:122
command.h
Header file for command.c.
connection_or_nonopen_was_started_here
int connection_or_nonopen_was_started_here(struct or_connection_t *conn)
Definition: connection_or.c:1745
channel_tls_has_queued_writes_method
static int channel_tls_has_queued_writes_method(channel_t *chan)
Definition: channeltls.c:623
tor_addr_from_ipv4h
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:326
connection_or_block_renegotiation
void connection_or_block_renegotiation(or_connection_t *conn)
Definition: connection_or.c:1656
tortls.h
Headers for tortls.c.
connection_or_compute_authenticate_cell_body
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
Definition: relay_handshake.c:296
tor_memneq
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
entrynodes.h
Header file for circuitbuild.c.
channel_tls_get_transport_name_method
static int channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
Definition: channeltls.c:542
certs_cell_typenum_to_cert_type
static cert_encoding_t certs_cell_typenum_to_cert_type(int typenum)
Definition: channeltls.c:1931
channel_listener_t::describe_transport
const char *(* describe_transport)(channel_listener_t *)
Definition: channel.h:498
LD_OR
#define LD_OR
Definition: log.h:92
torcert.h
Header for torcert.c.
CONN_TYPE_OR
#define CONN_TYPE_OR
Definition: connection.h:42
tor_digest_is_zero
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
channel_listener_mark_for_close
void channel_listener_mark_for_close(channel_listener_t *chan_l)
Definition: channel.c:1156
ed25519_public_key_t
Definition: crypto_ed25519.h:23
tor_x509_cert_decode
tor_x509_cert_t * tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
Definition: x509_nss.c:269
routerinfo_t::addr
uint32_t addr
Definition: routerinfo_st.h:24
tor_cert_parse
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
Definition: torcert.c:159
stats_n_certs_cells_processed
uint64_t stats_n_certs_cells_processed
Definition: channeltls.c:88
channel_init_listener
void channel_init_listener(channel_listener_t *chan_l)
Definition: channel.c:866
stats_n_padding_cells_processed
uint64_t stats_n_padding_cells_processed
Definition: channeltls.c:80
channel_mark_remote
void channel_mark_remote(channel_t *chan)
Definition: channel.c:3044
connection_t::marked_for_close
uint16_t marked_for_close
Definition: connection_st.h:119
connection_or_num_cells_writeable
ssize_t connection_or_num_cells_writeable(or_connection_t *conn)
Definition: connection_or.c:615
channel_tls_process_auth_challenge_cell
STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:2224
time_abs
static time_t time_abs(time_t val)
Definition: channeltls.c:1686
connection_or_set_state_open
int connection_or_set_state_open(or_connection_t *conn)
Definition: connection_or.c:2231
var_cell_t::payload_len
uint16_t payload_len
Definition: var_cell_st.h:22
channel_tls_process_versions_cell
static void channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1441
channel_tls_get_remote_addr_method
static int channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out)
Definition: channeltls.c:517
relay_handshake.h
Header for feature/relay/relay_handshake.c.
common_digests_t::d
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
Definition: crypto_digest.h:89
assert_connection_ok
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5363
channel_tls_write_packed_cell_method
static int channel_tls_write_packed_cell_method(channel_t *chan, packed_cell_t *packed_cell)
Definition: channeltls.c:833
channel_tls_listener_close_method
static void channel_tls_listener_close_method(channel_listener_t *chan_l)
Definition: channeltls.c:895
routerinfo_st.h
Router descriptor structure.
tor_gettimeofday
void tor_gettimeofday(struct timeval *timeval)
Definition: tor_gettimeofday.c:42
clock_skew_warning
void clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted, log_domain_mask_t domain, const char *received, const char *source)
Definition: connection.c:5663
DIGEST256_LEN
#define DIGEST256_LEN
Definition: digest_sizes.h:23
extendinfo.h
Header for core/or/extendinfo.c.
tor_addr_to_str_dup
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1155
crypto_pk_public_checksig
int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
Definition: crypto_rsa_nss.c:513
cell_t::command
uint8_t command
Definition: cell_st.h:19
cell_t::payload
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
channel_process_cell
void channel_process_cell(channel_t *chan, cell_t *cell)
Definition: channel.c:1956
channel_t
Definition: channel.h:181
PADDING_TYPE_TOTAL
@ PADDING_TYPE_TOTAL
Definition: rephist.h:120
command
tor_cmdline_mode_t command
Definition: config.c:2445
OR_CONN_STATE_OR_HANDSHAKING_V2
#define OR_CONN_STATE_OR_HANDSHAKING_V2
Definition: orconn_event.h:47
channel_tls_listener
static channel_listener_t * channel_tls_listener
Definition: channeltls.c:97
channel_tls_start_listener
channel_listener_t * channel_tls_start_listener(void)
Definition: channeltls.c:266
channel_mark_incoming
void channel_mark_incoming(channel_t *chan)
Definition: channel.c:2996
connection_t
Definition: connection_st.h:45
ARRAY_LENGTH
#define ARRAY_LENGTH(x)
Definition: compat_compiler.h:222
or_handshake_certs_st.h
OR handshake certs structure.
packed_cell_t::body
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
LOG_INFO
#define LOG_INFO
Definition: log.h:45
channel_listener_t::global_identifier
uint64_t global_identifier
Definition: channel.h:473
fmt_addr
#define fmt_addr(a)
Definition: address.h:239
channel_listener_unregister
void channel_listener_unregister(channel_listener_t *chan_l)
Definition: channel.c:530
CHANNEL_LISTENER_STATE_ERROR
@ CHANNEL_LISTENER_STATE_ERROR
Definition: channel.h:166
channel_listener_change_state
void channel_listener_change_state(channel_listener_t *chan_l, channel_listener_state_t to_state)
Definition: channel.c:1619
get_options
const or_options_t * get_options(void)
Definition: config.c:926
crypto_pk_keysize
size_t crypto_pk_keysize(const crypto_pk_t *env)
Definition: crypto_rsa_nss.c:331
var_cell_st.h
Variable-length cell structure.
tv_udiff
long tv_udiff(const struct timeval *start, const struct timeval *end)
Definition: tvdiff.c:53
channel_t::magic
uint32_t magic
Definition: channel.h:183
channel_tls_describe_transport_method
static const char * channel_tls_describe_transport_method(channel_t *chan)
Definition: channeltls.c:425
channel_tls_num_cells_writeable_method
static int channel_tls_num_cells_writeable_method(channel_t *chan)
Definition: channeltls.c:773
OR_CONN_STATE_OR_HANDSHAKING_V3
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:51
channel_tls_common_init
STATIC void channel_tls_common_init(channel_tls_t *tlschan)
Definition: channeltls.c:151
current_second
static time_t current_second
Definition: mainloop.c:2184
connection_or_close_for_error
void connection_or_close_for_error(or_connection_t *orconn, int flush)
Definition: connection_or.c:1590
scheduler_channel_wants_writes
void scheduler_channel_wants_writes(channel_t *chan)
Definition: scheduler.c:673
resolve_addr.h
Header file for resolve_addr.c.
enter_v3_handshake_with_cell
static int enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1401
channel_mark_outgoing
void channel_mark_outgoing(channel_t *chan)
Definition: channel.c:3073
tor_tls_cert_get_key
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
Definition: x509_nss.c:285
TOR_ADDRPORT_BUF_LEN
#define TOR_ADDRPORT_BUF_LEN
Definition: address.h:233
channel_tls_handle_incoming
channel_t * channel_tls_handle_incoming(or_connection_t *orconn)
Definition: channeltls.c:329
OR_CONN_HIGHWATER
#define OR_CONN_HIGHWATER
Definition: or.h:721
relay.h
Header file for relay.c.
connection.h
Header file for connection.c.
ed25519_signature_t
Definition: crypto_ed25519.h:18
channeltls.h
Header file for channeltls.c.
connection_or_write_cell_to_buf
void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
Definition: connection_or.c:2254
channel_t::close
void(* close)(channel_t *)
Definition: channel.h:315
channel_register
void channel_register(channel_t *chan)
Definition: channel.c:392
CERT_ENCODING_ED25519
@ CERT_ENCODING_ED25519
Definition: channeltls.c:1920
fmt_addr32
const char * fmt_addr32(uint32_t addr)
Definition: address.c:1201
LD_HANDSHAKE
#define LD_HANDSHAKE
Definition: log.h:101
connection_or_init_conn_from_address
void connection_or_init_conn_from_address(or_connection_t *conn, const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, int started_here)
Definition: connection_or.c:867
tor_addr_is_null
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:771
timeval
Definition: compat_time.h:151
var_cell_t::circ_id
circid_t circ_id
Definition: var_cell_st.h:20
tor_asprintf
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
channel_listener_t
Definition: channel.h:466
AUTHTYPE_ED25519_SHA256_RFC5705
#define AUTHTYPE_ED25519_SHA256_RFC5705
Definition: or.h:692
or_connection_st.h
OR connection structure.
channel_tls_free_method
static void channel_tls_free_method(channel_t *chan)
Definition: channeltls.c:463
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
crypto_pk_t
Definition: crypto_rsa_nss.c:36
channel_tls_matches_extend_info_method
static int channel_tls_matches_extend_info_method(channel_t *chan, extend_info_t *extend_info)
Definition: channeltls.c:688
channel_init
void channel_init(channel_t *chan)
Definition: channel.c:829
public_server_mode
int public_server_mode(const or_options_t *options)
Definition: routermode.c:43
LOG_WARN
#define LOG_WARN
Definition: log.h:53
cell_st.h
Fixed-size cell structure.
circuitmux_set_policy
void circuitmux_set_policy(circuitmux_t *cmux, const circuitmux_policy_t *pol)
Definition: circuitmux.c:427
channel_tls_handle_var_cell
void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
Definition: channeltls.c:1172
AUTHTYPE_RSA_SHA256_TLSSECRET
#define AUTHTYPE_RSA_SHA256_TLSSECRET
Definition: or.h:681
connection_or_digest_is_known_relay
int connection_or_digest_is_known_relay(const char *id_digest)
Definition: connection_or.c:774
channel_t::get_remote_descr
const char *(* get_remote_descr)(channel_t *, int)
Definition: channel.h:349
authchallenge_type_is_supported
int authchallenge_type_is_supported(uint16_t challenge_type)
Definition: relay_handshake.c:195
channel_mark_local
void channel_mark_local(channel_t *chan)
Definition: channel.c:3028
channelpadding_update_padding_for_channel
int channelpadding_update_padding_for_channel(channel_t *chan, const channelpadding_negotiate_t *pad_vars)
Definition: channelpadding.c:245
config.h
Header file for config.c.
channel_tls_process_certs_cell
STATIC void channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:1965
CHANNEL_LISTENER_STATE_CLOSING
@ CHANNEL_LISTENER_STATE_CLOSING
Definition: channel.h:156
crypto_digest256
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:121
channel_tls_free_all
void channel_tls_free_all(void)
Definition: channeltls.c:297
channel_t::reason_for_closing
enum channel_t::@8 reason_for_closing
connection_or_send_authenticate_cell
int connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
Definition: relay_handshake.c:536
get_uint16
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
or_handshake_state_record_var_cell
void or_handshake_state_record_var_cell(or_connection_t *conn, or_handshake_state_t *state, const var_cell_t *cell, int incoming)
Definition: connection_or.c:2199
channel_t::global_identifier
uint64_t global_identifier
Definition: channel.h:197
channel_set_circid_type
void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd, int consider_identity)
Definition: channel.c:3364
connection_t::state
uint8_t state
Definition: connection_st.h:49
CHANNEL_LISTENER_STATE_LISTENING
@ CHANNEL_LISTENER_STATE_LISTENING
Definition: channel.h:146
connection_or_send_certs_cell
int connection_or_send_certs_cell(or_connection_t *conn)
Definition: relay_handshake.c:97
connection_or_close_normally
void connection_or_close_normally(or_connection_t *orconn, int flush)
Definition: connection_or.c:1569
TO_CONN
#define TO_CONN(c)
Definition: or.h:736
is_local_to_resolve_addr
bool is_local_to_resolve_addr(const tor_addr_t *addr)
: Return true iff the given addr is judged to be local to our resolved address.
Definition: resolve_addr.c:659
var_cell_t::payload
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
Definition: var_cell_st.h:24
or_handshake_state_st.h
OR handshake state structure.
STATIC
#define STATIC
Definition: testsupport.h:32
cell_queue_st.h
Cell queue structures.
channel_t::describe_transport
const char *(* describe_transport)(channel_t *)
Definition: channel.h:317
var_cell_t::command
uint8_t command
Definition: var_cell_st.h:18
channel_t::free_fn
void(* free_fn)(channel_t *)
Definition: channel.h:313
connection_or_connect
or_connection_t * connection_or_connect(const tor_addr_t *_addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, channel_tls_t *chan)
Definition: connection_or.c:1424
var_cell_t
Definition: var_cell_st.h:16
channel_tls_to_base
channel_t * channel_tls_to_base(channel_tls_t *tlschan)
Definition: channeltls.c:371
tor_x509_cert_get_id_digests
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
Definition: x509.c:59
channel_listener_t::incoming_list
smartlist_t * incoming_list
Definition: channel.h:506
stats_n_vpadding_cells_processed
uint64_t stats_n_vpadding_cells_processed
Definition: channeltls.c:86
PADDING_TYPE_CELL
@ PADDING_TYPE_CELL
Definition: rephist.h:118
tor_addr_eq
#define tor_addr_eq(a, b)
Definition: address.h:280
ED25519_SIG_LEN
#define ED25519_SIG_LEN
Definition: x25519_sizes.h:34
rephist.h
Header file for rephist.c.
connection_or.h
Header file for connection_or.c.
tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:924
connection_or_send_auth_challenge_cell
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
Definition: relay_handshake.c:232
channel_t::state
channel_state_t state
Definition: channel.h:192
extend_info_t
Definition: extend_info_st.h:27
CHANNEL_STATE_ERROR
@ CHANNEL_STATE_ERROR
Definition: channel.h:117
or.h
Master header file for Tor-specific functionality.
channel_t::write_packed_cell
int(* write_packed_cell)(channel_t *, packed_cell_t *)
Definition: channel.h:370
channel_tls_process_padding_negotiate_cell
static void channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:1621
x509.h
Headers for tortls.c.
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72