37 #define CHANNEL_OBJECT_PRIVATE
39 #define CHANNELTLS_PRIVATE
54 #include "trunnel/link_handshake.h"
63 #include "trunnel/channelpadding_negotiation.h"
64 #include "trunnel/netinfo.h"
65 #include "core/or/channelpadding.h"
137 channel_tls_t *tlschan);
139 channel_tls_t *tlschan);
142 channel_tls_t *tlschan);
144 channel_tls_t *chan);
157 chan = &(tlschan->base_);
159 chan->
magic = TLS_CHAN_MAGIC;
192 const char *id_digest,
195 channel_tls_t *tlschan = tor_malloc_zero(
sizeof(*tlschan));
201 "In channel_tls_connect() for channel %p "
202 "(global id %"PRIu64
")",
208 "Marking new outgoing channel %"PRIu64
" at %p as local",
213 "Marking new outgoing channel %"PRIu64
" at %p as remote",
223 if (!(tlschan->conn)) {
230 "Got orconn %p for channel with global id %"PRIu64,
236 circuitmux_free(chan->
cmux);
271 listener = tor_malloc_zero(
sizeof(*listener));
281 "Starting TLS channel listener %p with global id %"PRIu64,
302 "Shutting down TLS channels...");
311 "Closing channel_tls_listener with ID %"PRIu64
317 channel_listener_free(old_listener);
322 "Done shutting down TLS channels");
331 channel_tls_t *tlschan = tor_malloc_zero(
sizeof(*tlschan));
340 tlschan->conn = orconn;
341 orconn->
chan = tlschan;
345 "Marking new incoming channel %"PRIu64
" at %p as local",
350 "Marking new incoming channel %"PRIu64
" at %p as remote",
378 if (chan->
magic != TLS_CHAN_MAGIC)
385 tlschan->conn->potentially_used_for_bootstrapping = 1;
398 if (!tlschan)
return NULL;
400 return &(tlschan->base_);
410 if (!chan)
return NULL;
414 return (channel_tls_t *)(chan);
430 const channel_tls_t *
448 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
456 "Tried to close channel_tls_t %p with NULL conn",
471 static char *buf = NULL;
473 channel_tls_t *tlschan;
474 const char *rv = NULL;
478 tlschan = BASE_CHAN_TO_TLS(chan);
481 id =
TO_CONN(tlschan->conn)->global_identifier;
485 "TLS channel (connection %"PRIu64
")",
490 rv =
"TLS channel (no connection)";
509 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
514 tlschan->conn->chan = NULL;
515 tlschan->conn = NULL;
525 double overhead = 1.0;
526 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
532 if (tlschan->conn->bytes_xmitted > 0 &&
533 tlschan->conn->bytes_xmitted_by_tls >=
534 tlschan->conn->bytes_xmitted) {
535 overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
536 ((
double)(tlschan->conn->bytes_xmitted));
547 "Estimated overhead ratio for TLS chan %"PRIu64
" is %f",
566 const channel_tls_t *tlschan = CONST_BASE_CHAN_TO_TLS(chan);
571 if (tlschan->conn == NULL) {
593 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
599 if (!tlschan->conn->ext_or_transport)
602 *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
615 const channel_tls_t *tlschan = CONST_BASE_CHAN_TO_TLS(chan);
621 return "(No connection)";
635 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
638 if (!(tlschan->conn)) {
640 "something called has_queued_writes on a tlschan "
641 "(%p with ID %"PRIu64
" but no conn",
645 outbuf_len = (tlschan->conn != NULL) ?
646 connection_get_outbuf_len(
TO_CONN(tlschan->conn)) :
649 return (outbuf_len > 0);
662 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
672 answer = tlschan->conn->is_canonical;
691 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
697 if (!(tlschan->conn)) {
699 "something called matches_extend_info on a tlschan "
700 "(%p with ID %"PRIu64
" but no conn",
731 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
737 if (!(tlschan->conn)) {
739 "something called matches_target on a tlschan "
740 "(%p with ID %"PRIu64
" but no conn",
767 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
772 return connection_get_outbuf_len(
TO_CONN(tlschan->conn));
787 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
788 size_t cell_network_size;
793 cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
794 outbuf_len = connection_get_outbuf_len(
TO_CONN(tlschan->conn));
798 #if SIZEOF_SIZE_T > SIZEOF_INT
799 if (n > INT_MAX) n = INT_MAX;
814 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
825 "something called write_cell on a tlschan "
826 "(%p with ID %"PRIu64
" but no conn",
847 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
848 size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
854 connection_buf_add(packed_cell->
body, cell_network_size,
858 "something called write_packed_cell on a tlschan "
859 "(%p with ID %"PRIu64
" but no conn",
876 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
887 "something called write_var_cell on a tlschan "
888 "(%p with ID %"PRIu64
" but no conn",
926 } SMARTLIST_FOREACH_END(ichan);
949 return "TLS channel (listening)";
974 base_chan = TLS_CHAN_TO_BASE(chan);
980 CHANNEL_IS_OPEN(base_chan) ||
981 CHANNEL_IS_MAINT(base_chan) ||
982 CHANNEL_IS_CLOSING(base_chan));
1000 if (CHANNEL_IS_OPEN(base_chan)) {
1006 #ifdef KEEP_TIMING_STATS
1016 channel_tls_time_process_cell(
cell_t *cell, channel_tls_t *chan,
int *time,
1017 void (*func)(
cell_t *, channel_tls_t *))
1024 (*func)(cell, chan);
1027 time_passed =
tv_udiff(&start, &end) ;
1029 if (time_passed > 10000) {
1030 log_debug(
LD_OR,
"That call just took %ld ms.",time_passed/1000);
1033 if (time_passed < 0) {
1034 log_info(
LD_GENERAL,
"That call took us back in time!");
1038 *time += time_passed;
1042 #ifdef KEEP_TIMING_STATS
1043 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
1045 channel_tls_time_process_cell(cl, cn, & tp ## time , \
1046 channel_tls_process_ ## tp ## _cell); \
1049 #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
1068 channel_tls_t *chan;
1078 "Got a cell_t on an OR connection with no channel");
1090 if (handshaking && cell->
command != CELL_VERSIONS &&
1091 cell->
command != CELL_NETINFO) {
1093 "Received unexpected cell command %d in chan state %s / "
1094 "conn state %s; closing the connection.",
1110 if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1116 if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1129 "Received unexpected VERSIONS cell on a channel using link "
1134 PROCESS_CELL(netinfo, cell, chan);
1136 case CELL_PADDING_NEGOTIATE:
1138 PROCESS_CELL(padding_negotiate, cell, chan);
1141 case CELL_CREATE_FAST:
1143 case CELL_CREATED_FAST:
1145 case CELL_RELAY_EARLY:
1157 "Cell of unknown type (%d) received in channeltls.c. "
1184 channel_tls_t *chan;
1186 #ifdef KEEP_TIMING_STATS
1189 static int num_versions = 0, num_certs = 0;
1191 time_t now = time(NULL);
1197 "At end of second: %d versions (%d ms), %d certs (%d ms)",
1201 num_versions = num_certs = 0;
1202 versions_time = certs_time = 0;
1216 "Got a var_cell_t on an OR connection with no channel");
1220 if (
TO_CONN(conn)->marked_for_close)
1223 switch (
TO_CONN(conn)->state) {
1225 if (var_cell->
command != CELL_VERSIONS) {
1227 "Received a cell with command %d in unexpected "
1228 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1229 "closing the connection.",
1234 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1250 tor_assert_nonfatal_unreached_once();
1255 "Received a cell with command %d in unexpected "
1256 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1257 "closing the connection.",
1262 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1272 if (var_cell->
command != CELL_AUTHENTICATE)
1279 "Received a variable-length cell with command %d in orconn "
1280 "state %s [%d], channel state %s [%d] with link protocol %d; "
1286 (
int)(TLS_CHAN_TO_BASE(chan)->state),
1293 "Received var-length cell with command %d in unexpected "
1294 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1300 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1313 PROCESS_CELL(versions, var_cell, chan);
1321 PROCESS_CELL(certs, var_cell, chan);
1323 case CELL_AUTH_CHALLENGE:
1325 PROCESS_CELL(auth_challenge, var_cell, chan);
1327 case CELL_AUTHENTICATE:
1329 PROCESS_CELL(authenticate, var_cell, chan);
1331 case CELL_AUTHORIZE:
1337 "Variable-length cell of unknown type (%d) received.",
1363 chan = TLS_CHAN_TO_BASE(conn->
chan);
1368 "Marking channel %"PRIu64
" at %p as local",
1375 "Marking channel %"PRIu64
" at %p as remote",
1394 case CELL_AUTHORIZE:
1412 int started_here = 0;
1426 "Received a cell while TLS-handshaking, not in "
1427 "OR_HANDSHAKING_V3, on a connection we originated.");
1436 chan->conn->handshake_state, cell, 1);
1452 int highest_supported_version = 0;
1453 int started_here = 0;
1461 "Received a VERSION cell with odd payload length %d; "
1469 if (chan->conn->link_proto != 0 ||
1470 (chan->conn->handshake_state &&
1471 chan->conn->handshake_state->received_versions)) {
1473 "Received a VERSIONS cell on a connection with its version "
1474 "already set to %d; dropping",
1475 (
int)(chan->conn->link_proto));
1478 switch (chan->conn->base_.state)
1487 "VERSIONS cell while in unexpected state");
1495 const uint8_t *cp = cell->
payload;
1496 for (i = 0; i < cell->
payload_len / 2; ++i, cp += 2) {
1499 highest_supported_version = v;
1502 if (!highest_supported_version) {
1504 "Couldn't find a version in common between my version list and the "
1505 "list in the VERSIONS cell; closing connection.");
1508 }
else if (highest_supported_version == 1) {
1512 "Used version negotiation protocol to negotiate a v1 connection. "
1513 "That's crazily non-compliant. Closing connection.");
1516 }
else if (highest_supported_version < 3 &&
1519 "Negotiated link protocol 2 or lower after doing a v3 TLS "
1520 "handshake. Closing connection.");
1523 }
else if (highest_supported_version != 2 &&
1527 "Negotiated link with non-2 protocol after doing a v2 TLS "
1528 "handshake with %s. Closing connection.",
1536 chan->conn->link_proto = highest_supported_version;
1537 chan->conn->handshake_state->received_versions = 1;
1539 if (chan->conn->link_proto == 2) {
1541 "Negotiated version %d on %s; sending NETINFO.",
1542 highest_supported_version,
1550 const int send_versions = !started_here;
1554 const int send_chall = !started_here;
1557 const int send_netinfo = !started_here;
1558 const int send_any =
1559 send_versions || send_certs || send_chall || send_netinfo;
1563 "Negotiated version %d with on %s; %s%s%s%s%s",
1564 highest_supported_version,
1566 send_any ?
"Sending cells:" :
"Waiting for CERTS cell",
1567 send_versions ?
" VERSIONS" :
"",
1568 send_certs ?
" CERTS" :
"",
1569 send_chall ?
" AUTH_CHALLENGE" :
"",
1570 send_netinfo ?
" NETINFO" :
"");
1572 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
1579 if (send_versions) {
1581 log_warn(
LD_OR,
"Couldn't send versions cell");
1589 TLS_CHAN_TO_BASE(chan)->wide_circ_ids =
1590 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
1591 chan->conn->wide_circ_ids = TLS_CHAN_TO_BASE(chan)->wide_circ_ids;
1593 TLS_CHAN_TO_BASE(chan)->padding_enabled =
1594 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_CHANNEL_PADDING;
1598 log_warn(
LD_OR,
"Couldn't send certs cell");
1605 log_warn(
LD_OR,
"Couldn't send auth_challenge cell");
1612 log_warn(
LD_OR,
"Couldn't send netinfo cell");
1630 channelpadding_negotiate_t *negotiation;
1635 if (chan->conn->link_proto < MIN_LINK_PROTO_FOR_CHANNEL_PADDING) {
1637 "Received a PADDING_NEGOTIATE cell on v%d connection; dropping.",
1638 chan->conn->link_proto);
1642 if (channelpadding_negotiate_parse(&negotiation, cell->
payload,
1645 "Received malformed PADDING_NEGOTIATE cell on v%d connection; "
1646 "dropping.", chan->conn->link_proto);
1654 channelpadding_negotiate_free(negotiation);
1663 const netinfo_addr_t *netinfo_addr) {
1667 uint8_t type = netinfo_addr_get_addr_type(netinfo_addr);
1668 uint8_t len = netinfo_addr_get_len(netinfo_addr);
1670 if (type == NETINFO_ADDR_TYPE_IPV4 && len == 4) {
1671 uint32_t ipv4 = netinfo_addr_get_addr_ipv4(netinfo_addr);
1673 }
else if (type == NETINFO_ADDR_TYPE_IPV6 && len == 16) {
1674 const uint8_t *ipv6_bytes = netinfo_addr_getconstarray_addr_ipv6(
1678 log_fn(LOG_PROTOCOL_WARN,
LD_OR,
"Cannot read address from NETINFO "
1679 "- wrong type/length.");
1692 static inline time_t
1695 return (val < 0) ? -val : val;
1711 if (chan->conn->link_proto < 2) {
1713 "Received a NETINFO cell on %s connection; dropping.",
1714 chan->conn->link_proto == 0 ?
"non-versioned" :
"a v1");
1722 "Received a NETINFO cell on non-handshaking connection; dropping.");
1728 tor_assert(chan->conn->handshake_state->received_versions);
1750 if (BUG(chan->conn->handshake_state->authenticated)) {
1755 (
const char*)(chan->conn->handshake_state->
1756 authenticated_rsa_peer_id)));
1758 (
const char*)(chan->conn->handshake_state->
1759 authenticated_ed25519_peer_id.pubkey), 32));
1765 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
1768 &(chan->conn->base_.addr),
1769 chan->conn->base_.port,
1771 (
const char*)(chan->conn->handshake_state->
1772 authenticated_rsa_peer_id),
1787 uint8_t my_addr_type;
1788 uint8_t my_addr_len;
1789 uint8_t n_other_addrs;
1790 time_t now = time(NULL);
1793 time_t apparent_skew = 0;
1795 int started_here = 0;
1796 const char *identity_digest = NULL;
1809 identity_digest = chan->conn->identity_digest;
1814 if (!(chan->conn->handshake_state->authenticated)) {
1816 "Got a NETINFO cell from server, "
1817 "but no authentication. Closing the connection.");
1827 if (!(chan->conn->handshake_state->authenticated)) {
1834 netinfo_cell_t *netinfo_cell = NULL;
1836 ssize_t parsed = netinfo_cell_parse(&netinfo_cell, cell->
payload,
1841 "Failed to parse NETINFO cell - closing connection.");
1846 timestamp = netinfo_cell_get_timestamp(netinfo_cell);
1848 const netinfo_addr_t *my_addr =
1849 netinfo_cell_getconst_other_addr(netinfo_cell);
1851 my_addr_type = netinfo_addr_get_addr_type(my_addr);
1852 my_addr_len = netinfo_addr_get_len(my_addr);
1854 if ((now - chan->conn->handshake_state->sent_versions_at) < 180) {
1855 apparent_skew = now - timestamp;
1865 netinfo_cell_free(netinfo_cell);
1869 if (my_addr_type == NETINFO_ADDR_TYPE_IPV4 && my_addr_len == 4) {
1872 TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1874 }
else if (my_addr_type == NETINFO_ADDR_TYPE_IPV6 &&
1875 my_addr_len == 16) {
1879 TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1886 tor_addr_copy(&TLS_CHAN_TO_BASE(chan)->addr_according_to_peer,
1890 n_other_addrs = netinfo_cell_get_n_my_addrs(netinfo_cell);
1891 for (uint8_t i = 0; i < n_other_addrs; i++) {
1895 const netinfo_addr_t *netinfo_addr =
1896 netinfo_cell_getconst_my_addrs(netinfo_cell, i);
1902 "Bad address in netinfo cell; Skipping.");
1913 connection_or_set_canonical(chan->conn, 1);
1918 netinfo_cell_free(netinfo_cell);
1920 if (me && !TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer &&
1923 TLS_CHAN_TO_BASE(chan));
1925 "We made a connection to a relay at %s (fp=%s) but we think "
1926 "they will not consider this connection canonical. They "
1927 "think we are at %s, but we think its %s.",
1937 #define NETINFO_NOTICE_SKEW 3600
1938 if (
time_abs(apparent_skew) > NETINFO_NOTICE_SKEW &&
1941 int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
1943 "NETINFO cell",
"OR");
1953 if (! chan->conn->handshake_state->sent_netinfo) {
1965 "Got good NETINFO cell on %s; but "
1966 "was unable to make the OR connection become open.",
1971 "Got good NETINFO cell on %s; OR connection is now "
1972 "open, using protocol version %d. Its ID digest is %s. "
1973 "Our address is apparently %s.",
1975 (
int)(chan->conn->link_proto),
2004 case CERTTYPE_RSA1024_ID_LINK:
2005 case CERTTYPE_RSA1024_ID_ID:
2006 case CERTTYPE_RSA1024_ID_AUTH:
2008 case CERTTYPE_ED_ID_SIGN:
2009 case CERTTYPE_ED_SIGN_LINK:
2010 case CERTTYPE_ED_SIGN_AUTH:
2012 case CERTTYPE_RSA1024_ID_EDID:
2037 #define MAX_CERT_TYPE_WANTED CERTTYPE_RSA1024_ID_EDID
2040 tor_x509_cert_t *x509_certs[MAX_CERT_TYPE_WANTED + 1];
2041 tor_cert_t *ed_certs[MAX_CERT_TYPE_WANTED + 1];
2042 uint8_t *rsa_ed_cc_cert = NULL;
2043 size_t rsa_ed_cc_cert_len = 0;
2046 certs_cell_t *cc = NULL;
2048 int send_netinfo = 0, started_here = 0;
2050 memset(x509_certs, 0,
sizeof(x509_certs));
2051 memset(ed_certs, 0,
sizeof(ed_certs));
2058 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2059 "Received a bad CERTS cell on %s: %s", \
2060 connection_describe(TO_CONN(chan->conn)), \
2062 connection_or_close_for_error(chan->conn, 0); \
2069 started_here = chan->conn->handshake_state->started_here;
2072 ERR(
"We're not doing a v3 handshake!");
2073 if (chan->conn->link_proto < 3)
2074 ERR(
"We're not using link protocol >= 3");
2075 if (chan->conn->handshake_state->received_certs_cell)
2076 ERR(
"We already got one");
2077 if (chan->conn->handshake_state->authenticated) {
2079 ERR(
"We're already authenticated!");
2082 ERR(
"It had no body");
2084 ERR(
"It had a nonzero circuit ID");
2087 ERR(
"It couldn't be parsed.");
2089 n_certs = cc->n_certs;
2091 for (i = 0; i < n_certs; ++i) {
2092 certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
2094 uint16_t cert_type = c->cert_type;
2095 uint16_t cert_len = c->cert_len;
2096 uint8_t *cert_body = certs_cell_cert_getarray_body(c);
2098 if (cert_type > MAX_CERT_TYPE_WANTED)
2109 "Received undecodable certificate in CERTS cell on %s",
2112 if (x509_certs[cert_type]) {
2113 tor_x509_cert_free(x509_cert);
2114 ERR(
"Duplicate x509 certificate");
2116 x509_certs[cert_type] = x509_cert;
2125 "Received undecodable Ed certificate "
2126 "in CERTS cell on %s",
2129 if (ed_certs[cert_type]) {
2130 tor_cert_free(ed_cert);
2131 ERR(
"Duplicate Ed25519 certificate");
2133 ed_certs[cert_type] = ed_cert;
2140 if (rsa_ed_cc_cert) {
2141 ERR(
"Duplicate RSA->Ed25519 crosscert");
2143 rsa_ed_cc_cert = tor_memdup(cert_body, cert_len);
2144 rsa_ed_cc_cert_len = cert_len;
2153 tor_x509_cert_t *id_cert = x509_certs[CERTTYPE_RSA1024_ID_ID];
2154 tor_x509_cert_t *auth_cert = x509_certs[CERTTYPE_RSA1024_ID_AUTH];
2155 tor_x509_cert_t *link_cert = x509_certs[CERTTYPE_RSA1024_ID_LINK];
2156 chan->conn->handshake_state->certs->auth_cert = auth_cert;
2157 chan->conn->handshake_state->certs->link_cert = link_cert;
2158 chan->conn->handshake_state->certs->id_cert = id_cert;
2159 x509_certs[CERTTYPE_RSA1024_ID_ID] =
2160 x509_certs[CERTTYPE_RSA1024_ID_AUTH] =
2161 x509_certs[CERTTYPE_RSA1024_ID_LINK] = NULL;
2163 tor_cert_t *ed_id_sign = ed_certs[CERTTYPE_ED_ID_SIGN];
2164 tor_cert_t *ed_sign_link = ed_certs[CERTTYPE_ED_SIGN_LINK];
2165 tor_cert_t *ed_sign_auth = ed_certs[CERTTYPE_ED_SIGN_AUTH];
2166 chan->conn->handshake_state->certs->ed_id_sign = ed_id_sign;
2167 chan->conn->handshake_state->certs->ed_sign_link = ed_sign_link;
2168 chan->conn->handshake_state->certs->ed_sign_auth = ed_sign_auth;
2169 ed_certs[CERTTYPE_ED_ID_SIGN] =
2170 ed_certs[CERTTYPE_ED_SIGN_LINK] =
2171 ed_certs[CERTTYPE_ED_SIGN_AUTH] = NULL;
2173 chan->conn->handshake_state->certs->ed_rsa_crosscert = rsa_ed_cc_cert;
2174 chan->conn->handshake_state->certs->ed_rsa_crosscert_len =
2176 rsa_ed_cc_cert = NULL;
2183 router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest))
2186 severity = LOG_PROTOCOL_WARN;
2191 chan->conn->handshake_state->certs,
2197 if (!checked_rsa_id)
2198 ERR(
"Invalid certificate chain!");
2203 chan->conn->handshake_state->authenticated = 1;
2204 chan->conn->handshake_state->authenticated_rsa = 1;
2209 ERR(
"Couldn't compute digests for key in ID cert");
2212 if (!identity_rcvd) {
2213 ERR(
"Couldn't get RSA key from ID cert.");
2215 memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2218 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2219 crypto_pk_free(identity_rcvd);
2222 if (checked_ed_id) {
2223 chan->conn->handshake_state->authenticated_ed25519 = 1;
2224 memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2228 log_debug(
LD_HANDSHAKE,
"calling client_learned_peer_id from "
2229 "process_certs_cell");
2232 chan->conn->handshake_state->authenticated_rsa_peer_id,
2234 ERR(
"Problem setting or checking peer id");
2237 "Got some good certificates on %s: Authenticated it with "
2240 checked_ed_id ?
" and Ed25519" :
"");
2251 "Got some good RSA%s certificates on %s. "
2252 "Waiting for AUTHENTICATE.",
2253 checked_ed_id ?
" and Ed25519" :
"",
2258 chan->conn->handshake_state->received_certs_cell = 1;
2262 log_warn(
LD_OR,
"Couldn't send netinfo cell");
2269 for (
unsigned u = 0; u <
ARRAY_LENGTH(x509_certs); ++u) {
2270 tor_x509_cert_free(x509_certs[u]);
2272 for (
unsigned u = 0; u <
ARRAY_LENGTH(ed_certs); ++u) {
2273 tor_cert_free(ed_certs[u]);
2276 certs_cell_free(cc);
2293 int n_types, i, use_type = -1;
2294 auth_challenge_cell_t *ac = NULL;
2302 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2303 "Received a bad AUTH_CHALLENGE cell on %s: %s", \
2304 connection_describe(TO_CONN(chan->conn)), \
2306 connection_or_close_for_error(chan->conn, 0); \
2311 ERR(
"We're not currently doing a v3 handshake");
2312 if (chan->conn->link_proto < 3)
2313 ERR(
"We're not using link protocol >= 3");
2314 if (!(chan->conn->handshake_state->started_here))
2315 ERR(
"We didn't originate this connection");
2316 if (chan->conn->handshake_state->received_auth_challenge)
2317 ERR(
"We already received one");
2318 if (!(chan->conn->handshake_state->received_certs_cell))
2319 ERR(
"We haven't gotten a CERTS cell yet");
2321 ERR(
"It had a nonzero circuit ID");
2324 ERR(
"It was not well-formed.");
2326 n_types = ac->n_methods;
2329 for (i = 0; i < n_types; ++i) {
2330 uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
2332 if (use_type == -1 ||
2334 use_type = authtype;
2339 chan->conn->handshake_state->received_auth_challenge = 1;
2348 if (use_type >= 0) {
2350 "Got an AUTH_CHALLENGE cell on %s: Sending "
2351 "authentication type %d",
2357 "Couldn't send authenticate cell");
2363 "Got an AUTH_CHALLENGE cell on %s, but we don't "
2364 "know any of its authentication types. Not authenticating.",
2369 log_warn(
LD_OR,
"Couldn't send netinfo cell");
2375 auth_challenge_cell_free(ac);
2393 const uint8_t *auth;
2404 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2405 "Received a bad AUTHENTICATE cell on %s: %s", \
2406 connection_describe(TO_CONN(chan->conn)), \
2408 connection_or_close_for_error(chan->conn, 0); \
2409 var_cell_free(expected_cell); \
2414 ERR(
"We're not doing a v3 handshake");
2415 if (chan->conn->link_proto < 3)
2416 ERR(
"We're not using link protocol >= 3");
2417 if (chan->conn->handshake_state->started_here)
2418 ERR(
"We originated this connection");
2419 if (chan->conn->handshake_state->received_authenticate)
2420 ERR(
"We already got one!");
2421 if (chan->conn->handshake_state->authenticated) {
2423 ERR(
"The peer is already authenticated");
2425 if (!(chan->conn->handshake_state->received_certs_cell))
2426 ERR(
"We never got a certs cell");
2427 if (chan->conn->handshake_state->certs->id_cert == NULL)
2428 ERR(
"We never got an identity certificate");
2430 ERR(
"Cell was way too short");
2437 ERR(
"Authenticator was truncated");
2440 ERR(
"Authenticator type was not recognized");
2448 ERR(
"Authenticator was too short");
2451 chan->conn, authtype, NULL, NULL, 1);
2452 if (! expected_cell)
2453 ERR(
"Couldn't compute expected AUTHENTICATE cell body");
2469 ERR(
"Expected AUTHENTICATE cell body len not as expected.");
2473 if (BUG(bodylen < 24)) {
2475 ERR(
"Bodylen is somehow less than 24, which should really be impossible");
2480 ERR(
"Some field in the AUTHENTICATE cell body was not as expected");
2483 if (chan->conn->handshake_state->certs->ed_id_sign != NULL)
2484 ERR(
"RSA-signed AUTHENTICATE response provided with an ED25519 cert");
2486 if (chan->conn->handshake_state->certs->auth_cert == NULL)
2487 ERR(
"We never got an RSA authentication certificate");
2490 chan->conn->handshake_state->certs->auth_cert);
2497 ERR(
"Couldn't get RSA key from AUTH cert.");
2502 signed_data = tor_malloc(keysize);
2507 if (signed_len < 0) {
2509 ERR(
"RSA signature wasn't valid");
2513 ERR(
"Not enough data was signed");
2519 ERR(
"Signature did not match data to be signed.");
2523 if (chan->conn->handshake_state->certs->ed_id_sign == NULL)
2524 ERR(
"We never got an Ed25519 identity certificate.");
2525 if (chan->conn->handshake_state->certs->ed_sign_auth == NULL)
2526 ERR(
"We never got an Ed25519 authentication certificate.");
2529 &chan->conn->handshake_state->certs->ed_sign_auth->signed_key;
2534 ERR(
"Ed25519 signature wasn't valid.");
2539 chan->conn->handshake_state->received_authenticate = 1;
2540 chan->conn->handshake_state->authenticated = 1;
2541 chan->conn->handshake_state->authenticated_rsa = 1;
2542 chan->conn->handshake_state->digest_received_data = 0;
2544 tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert;
2550 chan->conn->handshake_state->authenticated_ed25519 = 1;
2551 ed_identity_received =
2552 &chan->conn->handshake_state->certs->ed_id_sign->signing_key;
2553 memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2560 memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2564 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2565 crypto_pk_free(identity_rcvd);
2568 "Calling connection_or_init_conn_from_address on %s "
2569 " from %s, with%s ed25519 id.",
2572 ed_identity_received ?
"" :
"out");
2575 &(chan->conn->base_.addr),
2576 chan->conn->base_.port,
2577 (
const char*)(chan->conn->handshake_state->
2578 authenticated_rsa_peer_id),
2579 ed_identity_received,
2583 "Got an AUTHENTICATE cell on %s, type %d: Looks good.",
2588 var_cell_free(expected_cell);
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
void tor_addr_make_unspec(tor_addr_t *a)
int tor_addr_is_null(const tor_addr_t *addr)
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
#define fmt_and_decorate_addr(a)
#define tor_addr_from_ipv4h(dest, v4addr)
#define tor_addr_eq(a, b)
static bool tor_addr_is_unspec(const tor_addr_t *a)
const char * hex_str(const char *from, size_t fromlen)
static uint16_t get_uint16(const void *cp)
Fixed-size cell structure.
void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd, int consider_identity)
void channel_listener_unregister(channel_listener_t *chan_l)
void channel_mark_local(channel_t *chan)
void channel_mark_client(channel_t *chan)
void channel_mark_incoming(channel_t *chan)
void channel_init_listener(channel_listener_t *chan_l)
void channel_listener_mark_for_close(channel_listener_t *chan_l)
void channel_process_cell(channel_t *chan, cell_t *cell)
void channel_change_state_open(channel_t *chan)
int channel_is_canonical(channel_t *chan)
void channel_register(channel_t *chan)
void channel_listener_register(channel_listener_t *chan_l)
void channel_mark_remote(channel_t *chan)
int channel_is_local(channel_t *chan)
const char * channel_state_to_string(channel_state_t state)
void channel_mark_for_close(channel_t *chan)
void channel_listener_change_state(channel_listener_t *chan_l, channel_listener_state_t to_state)
void channel_mark_outgoing(channel_t *chan)
const char * channel_describe_peer(channel_t *chan)
void channel_init(channel_t *chan)
void channel_change_state(channel_t *chan, channel_state_t to_state)
Header file for channel.c.
@ CHANNEL_LISTENER_STATE_ERROR
@ CHANNEL_LISTENER_STATE_LISTENING
@ CHANNEL_LISTENER_STATE_CLOSING
@ CHANNEL_LISTENER_STATE_CLOSED
int channelpadding_update_padding_for_channel(channel_t *chan, const channelpadding_negotiate_t *pad_vars)
static int channel_tls_get_remote_addr_method(const channel_t *chan, tor_addr_t *addr_out)
void channel_tls_free_all(void)
void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
static channel_listener_t * channel_tls_listener
STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
channel_t * channel_tls_to_base(channel_tls_t *tlschan)
static void channel_tls_listener_close_method(channel_listener_t *chan_l)
void channel_mark_as_used_for_origin_circuit(channel_t *chan)
static int tor_addr_from_netinfo_addr(tor_addr_t *tor_addr, const netinfo_addr_t *netinfo_addr)
static const char * channel_tls_describe_transport_method(channel_t *chan)
const channel_t * channel_tls_to_base_const(const channel_tls_t *tlschan)
static int channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
static int channel_tls_has_queued_writes_method(channel_t *chan)
static void mark_channel_tls_endpoint_as_client(channel_tls_t *chan)
static double channel_tls_get_overhead_estimate_method(channel_t *chan)
void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, or_connection_t *conn, uint8_t state)
channel_listener_t * channel_tls_get_listener(void)
void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
static int command_allowed_before_handshake(uint8_t command)
static bool can_process_netinfo_cell(const channel_tls_t *chan)
uint64_t stats_n_padding_cells_processed
@ CERT_ENCODING_RSA_CROSSCERT
uint64_t stats_n_certs_cells_processed
static int channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
static void channel_tls_close_method(channel_t *chan)
static int channel_tls_num_cells_writeable_method(channel_t *chan)
static void channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan)
STATIC void channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
uint64_t stats_n_auth_challenge_cells_processed
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
const channel_tls_t * channel_tls_from_base_const(const channel_t *chan)
void channel_tls_update_marks(or_connection_t *conn)
uint64_t stats_n_authorize_cells_processed
uint64_t stats_n_versions_cells_processed
static int enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *tlschan)
channel_listener_t * channel_tls_start_listener(void)
uint64_t stats_n_authenticate_cells_processed
static size_t channel_tls_num_bytes_queued_method(channel_t *chan)
static const char * channel_tls_describe_peer_method(const channel_t *chan)
channel_tls_t * channel_tls_from_base(channel_t *chan)
static void channel_tls_free_method(channel_t *chan)
static cert_encoding_t certs_cell_typenum_to_cert_type(int typenum)
uint64_t stats_n_vpadding_cells_processed
static int channel_tls_is_canonical_method(channel_t *chan)
static int channel_tls_matches_extend_info_method(channel_t *chan, extend_info_t *extend_info)
static void channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *tlschan)
static int channel_tls_write_packed_cell_method(channel_t *chan, packed_cell_t *packed_cell)
static int channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
static const char * channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
static time_t time_abs(time_t val)
static void channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *tlschan)
STATIC void channel_tls_common_init(channel_tls_t *tlschan)
channel_t * channel_tls_handle_incoming(or_connection_t *orconn)
static int channel_tls_matches_target_method(channel_t *chan, const tor_addr_t *target)
uint64_t stats_n_netinfo_cells_processed
Header file for channeltls.c.
void circuitmux_set_policy(circuitmux_t *cmux, const circuitmux_policy_t *pol)
circuitmux_t * circuitmux_alloc(void)
Header file for circuitmux.c.
Header file for circuitmux_ewma.c.
Header file for command.c.
const or_options_t * get_options(void)
tor_cmdline_mode_t command
Header file for config.c.
const char * conn_state_to_string(int type, int state)
void clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted, log_domain_mask_t domain, const char *received, const char *source)
const char * connection_describe(const connection_t *conn)
void assert_connection_ok(connection_t *conn, time_t now)
const char * connection_describe_peer(const connection_t *conn)
Header file for connection.c.
int connection_or_nonopen_was_started_here(struct or_connection_t *conn)
or_connection_t * connection_or_connect(const tor_addr_t *_addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, channel_tls_t *chan)
int is_or_protocol_version_known(uint16_t v)
int connection_or_set_state_open(or_connection_t *conn)
void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
int connection_or_send_versions(or_connection_t *conn, int v3_plus)
int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id)
void or_handshake_state_record_var_cell(or_connection_t *conn, or_handshake_state_t *state, const var_cell_t *cell, int incoming)
int connection_or_send_netinfo(or_connection_t *conn)
void connection_or_change_state(or_connection_t *conn, uint8_t state)
void or_handshake_state_record_cell(or_connection_t *conn, or_handshake_state_t *state, const cell_t *cell, int incoming)
int connection_or_digest_is_known_relay(const char *id_digest)
void connection_or_init_conn_from_address(or_connection_t *conn, const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, int started_here)
void connection_or_close_for_error(or_connection_t *orconn, int flush)
ssize_t connection_or_num_cells_writeable(or_connection_t *conn)
int connection_init_or_handshake_state(or_connection_t *conn, int started_here)
void connection_or_block_renegotiation(or_connection_t *conn)
void connection_or_close_normally(or_connection_t *orconn, int flush)
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
Header file for connection_or.c.
Header file for control.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
int ed25519_checksig(const ed25519_signature_t *signature, const uint8_t *msg, size_t len, const ed25519_public_key_t *pubkey)
size_t crypto_pk_keysize(const crypto_pk_t *env)
int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
#define tor_memneq(a, b, sz)
Header file for dirlist.c.
void entry_guards_note_internet_connectivity(guard_selection_t *gs)
guard_selection_t * get_guard_selection_info(void)
Header file for circuitbuild.c.
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Header for core/or/extendinfo.c.
#define log_fn(severity, domain, args,...)
static time_t current_second
Header file for networkstatus.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
#define OR_CONN_HIGHWATER
#define AUTHTYPE_RSA_SHA256_TLSSECRET
#define AUTHTYPE_RSA_SHA256_RFC5705
#define AUTHTYPE_ED25519_SHA256_RFC5705
OR handshake certs structure.
OR handshake state structure.
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
#define OR_CONN_STATE_OR_HANDSHAKING_V2
#define OR_CONN_STATE_TLS_HANDSHAKING
#define OR_CONN_STATE_OR_HANDSHAKING_V3
#define OR_CONN_STATE_OPEN
int tor_asprintf(char **strp, const char *fmt,...)
void relay_address_new_suggestion(const tor_addr_t *suggested_addr, const tor_addr_t *peer_addr, const char *identity_digest)
Header file for relay_find_addr.c.
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
int connection_or_send_certs_cell(or_connection_t *conn)
int authchallenge_type_is_supported(uint16_t challenge_type)
int connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
Header for feature/relay/relay_handshake.c.
void rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here)
void rep_hist_padding_count_read(padding_type_t type)
Header file for rephist.c.
@ PADDING_TYPE_ENABLED_CELL
@ PADDING_TYPE_ENABLED_TOTAL
bool is_local_to_resolve_addr(const tor_addr_t *addr)
: Return true iff the given addr is judged to be local to our resolved address.
Header file for resolve_addr.c.
const routerinfo_t * router_get_my_routerinfo(void)
Header file for router.c.
Router descriptor structure.
int public_server_mode(const or_options_t *options)
Header file for routermode.c.
void scheduler_channel_wants_writes(channel_t *chan)
Header file for scheduler*.c.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint8_t payload[CELL_PAYLOAD_SIZE]
channel_listener_state_t state
uint64_t global_identifier
smartlist_t * incoming_list
const char *(* describe_transport)(channel_listener_t *)
void(* close)(channel_listener_t *)
void(* free_fn)(channel_t *)
int(* is_canonical)(channel_t *)
void(* close)(channel_t *)
int(* matches_extend_info)(channel_t *, extend_info_t *)
uint64_t global_identifier
int(* write_packed_cell)(channel_t *, packed_cell_t *)
const char *(* describe_peer)(const channel_t *)
double(* get_overhead_estimate)(channel_t *)
int(* matches_target)(channel_t *, const tor_addr_t *)
const char *(* describe_transport)(channel_t *)
int(* write_var_cell)(channel_t *, var_cell_t *)
int(* has_queued_writes)(channel_t *)
enum channel_t::@8 reason_for_closing
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
uint16_t marked_for_close
or_handshake_state_t * handshake_state
char body[CELL_MAX_NETWORK_SIZE]
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
void tor_gettimeofday(struct timeval *timeval)
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
void or_handshake_certs_check_both(int severity, or_handshake_certs_t *certs, tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out)
long tv_udiff(const struct timeval *start, const struct timeval *end)
#define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL
int fast_mem_is_zero(const char *mem, size_t len)
int tor_digest_is_zero(const char *digest)
Variable-length cell structure.
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
tor_x509_cert_t * tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)