Tor  0.4.3.0-alpha-dev
channeltls.c
Go to the documentation of this file.
1 /* * Copyright (c) 2012-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file channeltls.c
6  *
7  * \brief A concrete subclass of channel_t using or_connection_t to transfer
8  * cells between Tor instances.
9  *
10  * This module fills in the various function pointers in channel_t, to
11  * implement the channel_tls_t channels as used in Tor today. These channels
12  * are created from channel_tls_connect() and
13  * channel_tls_handle_incoming(). Each corresponds 1:1 to or_connection_t
14  * object, as implemented in connection_or.c. These channels transmit cells
15  * to the underlying or_connection_t by calling
16  * connection_or_write_*_cell_to_buf(), and receive cells from the underlying
17  * or_connection_t when connection_or_process_cells_from_inbuf() calls
18  * channel_tls_handle_*_cell().
19  *
20  * Here we also implement the server (responder) side of the v3+ Tor link
21  * handshake, which uses CERTS and AUTHENTICATE cell to negotiate versions,
22  * exchange expected and observed IP and time information, and bootstrap a
23  * level of authentication higher than we have gotten on the raw TLS
24  * handshake.
25  *
26  * NOTE: Since there is currently only one type of channel, there are probably
27  * more than a few cases where functionality that is currently in
28  * channeltls.c, connection_or.c, and channel.c ought to be divided up
29  * differently. The right time to do this is probably whenever we introduce
30  * our next channel type.
31  **/
32 
33 /*
34  * Define this so channel.h gives us things only channel_t subclasses
35  * should touch.
36  */
37 #define TOR_CHANNEL_INTERNAL_
38 
39 #define CHANNELTLS_PRIVATE
40 
41 #include "core/or/or.h"
42 #include "core/or/channel.h"
43 #include "core/or/channeltls.h"
44 #include "core/or/circuitmux.h"
46 #include "core/or/command.h"
47 #include "app/config/config.h"
49 #include "core/or/connection_or.h"
52 #include "trunnel/link_handshake.h"
53 #include "core/or/relay.h"
54 #include "feature/stats/rephist.h"
55 #include "feature/relay/router.h"
58 #include "core/or/scheduler.h"
61 #include "trunnel/channelpadding_negotiation.h"
62 #include "trunnel/netinfo.h"
63 #include "core/or/channelpadding.h"
64 
65 #include "core/or/cell_st.h"
66 #include "core/or/cell_queue_st.h"
67 #include "core/or/extend_info_st.h"
72 #include "core/or/var_cell_st.h"
73 
74 #include "lib/tls/tortls.h"
75 #include "lib/tls/x509.h"
76 
77 /** How many CELL_PADDING cells have we received, ever? */
79 /** How many CELL_VERSIONS cells have we received, ever? */
81 /** How many CELL_NETINFO cells have we received, ever? */
83 /** How many CELL_VPADDING cells have we received, ever? */
85 /** How many CELL_CERTS cells have we received, ever? */
87 /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
89 /** How many CELL_AUTHENTICATE cells have we received, ever? */
91 /** How many CELL_AUTHORIZE cells have we received, ever? */
93 
94 /** Active listener, if any */
95 static channel_listener_t *channel_tls_listener = NULL;
96 
97 /* channel_tls_t method declarations */
98 
99 static void channel_tls_close_method(channel_t *chan);
100 static const char * channel_tls_describe_transport_method(channel_t *chan);
101 static void channel_tls_free_method(channel_t *chan);
102 static double channel_tls_get_overhead_estimate_method(channel_t *chan);
103 static int
104 channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out);
105 static int
106 channel_tls_get_transport_name_method(channel_t *chan, char **transport_out);
107 static const char *
108 channel_tls_get_remote_descr_method(channel_t *chan, int flags);
109 static int channel_tls_has_queued_writes_method(channel_t *chan);
110 static int channel_tls_is_canonical_method(channel_t *chan, int req);
111 static int
113  extend_info_t *extend_info);
114 static int channel_tls_matches_target_method(channel_t *chan,
115  const tor_addr_t *target);
116 static int channel_tls_num_cells_writeable_method(channel_t *chan);
117 static size_t channel_tls_num_bytes_queued_method(channel_t *chan);
118 static int channel_tls_write_cell_method(channel_t *chan,
119  cell_t *cell);
120 static int channel_tls_write_packed_cell_method(channel_t *chan,
121  packed_cell_t *packed_cell);
122 static int channel_tls_write_var_cell_method(channel_t *chan,
123  var_cell_t *var_cell);
124 
125 /* channel_listener_tls_t method declarations */
126 
127 static void channel_tls_listener_close_method(channel_listener_t *chan_l);
128 static const char *
129 channel_tls_listener_describe_transport_method(channel_listener_t *chan_l);
130 
131 /** Handle incoming cells for the handshake stuff here rather than
132  * passing them on up. */
133 
135  channel_tls_t *tlschan);
136 static void channel_tls_process_netinfo_cell(cell_t *cell,
137  channel_tls_t *tlschan);
138 static int command_allowed_before_handshake(uint8_t command);
140  channel_tls_t *tlschan);
142  channel_tls_t *chan);
143 
144 /**
145  * Do parts of channel_tls_t initialization common to channel_tls_connect()
146  * and channel_tls_handle_incoming().
147  */
148 STATIC void
149 channel_tls_common_init(channel_tls_t *tlschan)
150 {
151  channel_t *chan;
152 
153  tor_assert(tlschan);
154 
155  chan = &(tlschan->base_);
156  channel_init(chan);
157  chan->magic = TLS_CHAN_MAGIC;
158  chan->state = CHANNEL_STATE_OPENING;
159  chan->close = channel_tls_close_method;
160  chan->describe_transport = channel_tls_describe_transport_method;
161  chan->free_fn = channel_tls_free_method;
162  chan->get_overhead_estimate = channel_tls_get_overhead_estimate_method;
163  chan->get_remote_addr = channel_tls_get_remote_addr_method;
164  chan->get_remote_descr = channel_tls_get_remote_descr_method;
165  chan->get_transport_name = channel_tls_get_transport_name_method;
166  chan->has_queued_writes = channel_tls_has_queued_writes_method;
167  chan->is_canonical = channel_tls_is_canonical_method;
168  chan->matches_extend_info = channel_tls_matches_extend_info_method;
169  chan->matches_target = channel_tls_matches_target_method;
170  chan->num_bytes_queued = channel_tls_num_bytes_queued_method;
171  chan->num_cells_writeable = channel_tls_num_cells_writeable_method;
172  chan->write_cell = channel_tls_write_cell_method;
173  chan->write_packed_cell = channel_tls_write_packed_cell_method;
174  chan->write_var_cell = channel_tls_write_var_cell_method;
175 
176  chan->cmux = circuitmux_alloc();
177  /* We only have one policy for now so always set it to EWMA. */
178  circuitmux_set_policy(chan->cmux, &ewma_policy);
179 }
180 
181 /**
182  * Start a new TLS channel.
183  *
184  * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
185  * handshake with an OR with identity digest <b>id_digest</b>, and wrap
186  * it in a channel_tls_t.
187  */
188 channel_t *
189 channel_tls_connect(const tor_addr_t *addr, uint16_t port,
190  const char *id_digest,
191  const ed25519_public_key_t *ed_id)
192 {
193  channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
194  channel_t *chan = &(tlschan->base_);
195 
196  channel_tls_common_init(tlschan);
197 
198  log_debug(LD_CHANNEL,
199  "In channel_tls_connect() for channel %p "
200  "(global id %"PRIu64 ")",
201  tlschan,
202  (chan->global_identifier));
203 
204  if (is_local_addr(addr)) {
205  log_debug(LD_CHANNEL,
206  "Marking new outgoing channel %"PRIu64 " at %p as local",
207  (chan->global_identifier), chan);
208  channel_mark_local(chan);
209  } else {
210  log_debug(LD_CHANNEL,
211  "Marking new outgoing channel %"PRIu64 " at %p as remote",
212  (chan->global_identifier), chan);
213  channel_mark_remote(chan);
214  }
215 
216  channel_mark_outgoing(chan);
217 
218  /* Set up or_connection stuff */
219  tlschan->conn = connection_or_connect(addr, port, id_digest, ed_id, tlschan);
220  /* connection_or_connect() will fill in tlschan->conn */
221  if (!(tlschan->conn)) {
222  chan->reason_for_closing = CHANNEL_CLOSE_FOR_ERROR;
224  goto err;
225  }
226 
227  log_debug(LD_CHANNEL,
228  "Got orconn %p for channel with global id %"PRIu64,
229  tlschan->conn, (chan->global_identifier));
230 
231  goto done;
232 
233  err:
234  circuitmux_free(chan->cmux);
235  tor_free(tlschan);
236  chan = NULL;
237 
238  done:
239  /* If we got one, we should register it */
240  if (chan) channel_register(chan);
241 
242  return chan;
243 }
244 
245 /**
246  * Return the current channel_tls_t listener.
247  *
248  * Returns the current channel listener for incoming TLS connections, or
249  * NULL if none has been established
250  */
251 channel_listener_t *
253 {
254  return channel_tls_listener;
255 }
256 
257 /**
258  * Start a channel_tls_t listener if necessary.
259  *
260  * Return the current channel_tls_t listener, or start one if we haven't yet,
261  * and return that.
262  */
263 channel_listener_t *
265 {
266  channel_listener_t *listener;
267 
268  if (!channel_tls_listener) {
269  listener = tor_malloc_zero(sizeof(*listener));
270  channel_init_listener(listener);
271  listener->state = CHANNEL_LISTENER_STATE_LISTENING;
272  listener->close = channel_tls_listener_close_method;
273  listener->describe_transport =
275 
276  channel_tls_listener = listener;
277 
278  log_debug(LD_CHANNEL,
279  "Starting TLS channel listener %p with global id %"PRIu64,
280  listener, (listener->global_identifier));
281 
282  channel_listener_register(listener);
283  } else listener = channel_tls_listener;
284 
285  return listener;
286 }
287 
288 /**
289  * Free everything on shutdown.
290  *
291  * Not much to do here, since channel_free_all() takes care of a lot, but let's
292  * get rid of the listener.
293  */
294 void
296 {
297  channel_listener_t *old_listener = NULL;
298 
299  log_debug(LD_CHANNEL,
300  "Shutting down TLS channels...");
301 
302  if (channel_tls_listener) {
303  /*
304  * When we close it, channel_tls_listener will get nulled out, so save
305  * a pointer so we can free it.
306  */
307  old_listener = channel_tls_listener;
308  log_debug(LD_CHANNEL,
309  "Closing channel_tls_listener with ID %"PRIu64
310  " at %p.",
311  (old_listener->global_identifier),
312  old_listener);
313  channel_listener_unregister(old_listener);
314  channel_listener_mark_for_close(old_listener);
315  channel_listener_free(old_listener);
317  }
318 
319  log_debug(LD_CHANNEL,
320  "Done shutting down TLS channels");
321 }
322 
323 /**
324  * Create a new channel around an incoming or_connection_t.
325  */
326 channel_t *
328 {
329  channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
330  channel_t *chan = &(tlschan->base_);
331 
332  tor_assert(orconn);
333  tor_assert(!(orconn->chan));
334 
335  channel_tls_common_init(tlschan);
336 
337  /* Link the channel and orconn to each other */
338  tlschan->conn = orconn;
339  orconn->chan = tlschan;
340 
341  if (is_local_addr(&(TO_CONN(orconn)->addr))) {
342  log_debug(LD_CHANNEL,
343  "Marking new incoming channel %"PRIu64 " at %p as local",
344  (chan->global_identifier), chan);
345  channel_mark_local(chan);
346  } else {
347  log_debug(LD_CHANNEL,
348  "Marking new incoming channel %"PRIu64 " at %p as remote",
349  (chan->global_identifier), chan);
350  channel_mark_remote(chan);
351  }
352 
353  channel_mark_incoming(chan);
354 
355  /* Register it */
356  channel_register(chan);
357 
358  return chan;
359 }
360 
361 /*********
362  * Casts *
363  ********/
364 
365 /**
366  * Cast a channel_tls_t to a channel_t.
367  */
368 channel_t *
369 channel_tls_to_base(channel_tls_t *tlschan)
370 {
371  if (!tlschan) return NULL;
372 
373  return &(tlschan->base_);
374 }
375 
376 /**
377  * Cast a channel_t to a channel_tls_t, with appropriate type-checking
378  * asserts.
379  */
380 channel_tls_t *
381 channel_tls_from_base(channel_t *chan)
382 {
383  if (!chan) return NULL;
384 
385  tor_assert(chan->magic == TLS_CHAN_MAGIC);
386 
387  return (channel_tls_t *)(chan);
388 }
389 
390 /********************************************
391  * Method implementations for channel_tls_t *
392  *******************************************/
393 
394 /**
395  * Close a channel_tls_t.
396  *
397  * This implements the close method for channel_tls_t.
398  */
399 static void
400 channel_tls_close_method(channel_t *chan)
401 {
402  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
403 
404  tor_assert(tlschan);
405 
406  if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1);
407  else {
408  /* Weird - we'll have to change the state ourselves, I guess */
409  log_info(LD_CHANNEL,
410  "Tried to close channel_tls_t %p with NULL conn",
411  tlschan);
413  }
414 }
415 
416 /**
417  * Describe the transport for a channel_tls_t.
418  *
419  * This returns the string "TLS channel on connection <id>" to the upper
420  * layer.
421  */
422 static const char *
424 {
425  static char *buf = NULL;
426  uint64_t id;
427  channel_tls_t *tlschan;
428  const char *rv = NULL;
429 
430  tor_assert(chan);
431 
432  tlschan = BASE_CHAN_TO_TLS(chan);
433 
434  if (tlschan->conn) {
435  id = TO_CONN(tlschan->conn)->global_identifier;
436 
437  if (buf) tor_free(buf);
438  tor_asprintf(&buf,
439  "TLS channel (connection %"PRIu64 ")",
440  (id));
441 
442  rv = buf;
443  } else {
444  rv = "TLS channel (no connection)";
445  }
446 
447  return rv;
448 }
449 
450 /**
451  * Free a channel_tls_t.
452  *
453  * This is called by the generic channel layer when freeing a channel_tls_t;
454  * this happens either on a channel which has already reached
455  * CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or
456  * on shutdown from channel_free_all(). In the latter case we might still
457  * have an orconn active (which connection_free_all() will get to later),
458  * so we should null out its channel pointer now.
459  */
460 static void
461 channel_tls_free_method(channel_t *chan)
462 {
463  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
464 
465  tor_assert(tlschan);
466 
467  if (tlschan->conn) {
468  tlschan->conn->chan = NULL;
469  tlschan->conn = NULL;
470  }
471 }
472 
473 /**
474  * Get an estimate of the average TLS overhead for the upper layer.
475  */
476 static double
478 {
479  double overhead = 1.0;
480  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
481 
482  tor_assert(tlschan);
483  tor_assert(tlschan->conn);
484 
485  /* Just return 1.0f if we don't have sensible data */
486  if (tlschan->conn->bytes_xmitted > 0 &&
487  tlschan->conn->bytes_xmitted_by_tls >=
488  tlschan->conn->bytes_xmitted) {
489  overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
490  ((double)(tlschan->conn->bytes_xmitted));
491 
492  /*
493  * Never estimate more than 2.0; otherwise we get silly large estimates
494  * at the very start of a new TLS connection.
495  */
496  if (overhead > 2.0)
497  overhead = 2.0;
498  }
499 
500  log_debug(LD_CHANNEL,
501  "Estimated overhead ratio for TLS chan %"PRIu64 " is %f",
502  (chan->global_identifier), overhead);
503 
504  return overhead;
505 }
506 
507 /**
508  * Get the remote address of a channel_tls_t.
509  *
510  * This implements the get_remote_addr method for channel_tls_t; copy the
511  * remote endpoint of the channel to addr_out and return 1 (always
512  * succeeds for this transport).
513  */
514 static int
516 {
517  int rv = 0;
518  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
519 
520  tor_assert(tlschan);
521  tor_assert(addr_out);
522 
523  if (tlschan->conn) {
524  tor_addr_copy(addr_out, &(tlschan->conn->real_addr));
525  rv = 1;
526  } else tor_addr_make_unspec(addr_out);
527 
528  return rv;
529 }
530 
531 /**
532  * Get the name of the pluggable transport used by a channel_tls_t.
533  *
534  * This implements the get_transport_name for channel_tls_t. If the
535  * channel uses a pluggable transport, copy its name to
536  * <b>transport_out</b> and return 0. If the channel did not use a
537  * pluggable transport, return -1.
538  */
539 static int
540 channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
541 {
542  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
543 
544  tor_assert(tlschan);
545  tor_assert(transport_out);
546  tor_assert(tlschan->conn);
547 
548  if (!tlschan->conn->ext_or_transport)
549  return -1;
550 
551  *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
552  return 0;
553 }
554 
555 /**
556  * Get endpoint description of a channel_tls_t.
557  *
558  * This implements the get_remote_descr method for channel_tls_t; it returns
559  * a text description of the remote endpoint of the channel suitable for use
560  * in log messages. The req parameter is 0 for the canonical address or 1 for
561  * the actual address seen.
562  */
563 static const char *
564 channel_tls_get_remote_descr_method(channel_t *chan, int flags)
565 {
566 #define MAX_DESCR_LEN 32
567 
568  static char buf[MAX_DESCR_LEN + 1];
569  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
570  connection_t *conn;
571  const char *answer = NULL;
572  char *addr_str;
573 
574  tor_assert(tlschan);
575 
576  if (tlschan->conn) {
577  conn = TO_CONN(tlschan->conn);
578  switch (flags) {
579  case 0:
580  /* Canonical address with port*/
581  tor_snprintf(buf, MAX_DESCR_LEN + 1,
582  "%s:%u", conn->address, conn->port);
583  answer = buf;
584  break;
585  case GRD_FLAG_ORIGINAL:
586  /* Actual address with port */
587  addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr));
588  tor_snprintf(buf, MAX_DESCR_LEN + 1,
589  "%s:%u", addr_str, conn->port);
590  tor_free(addr_str);
591  answer = buf;
592  break;
593  case GRD_FLAG_ADDR_ONLY:
594  /* Canonical address, no port */
595  strlcpy(buf, conn->address, sizeof(buf));
596  answer = buf;
597  break;
598  case GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY:
599  /* Actual address, no port */
600  addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr));
601  strlcpy(buf, addr_str, sizeof(buf));
602  tor_free(addr_str);
603  answer = buf;
604  break;
605  default:
606  /* Something's broken in channel.c */
607  tor_assert_nonfatal_unreached_once();
608  }
609  } else {
610  strlcpy(buf, "(No connection)", sizeof(buf));
611  answer = buf;
612  }
613 
614  return answer;
615 }
616 
617 /**
618  * Tell the upper layer if we have queued writes.
619  *
620  * This implements the has_queued_writes method for channel_tls t_; it returns
621  * 1 iff we have queued writes on the outbuf of the underlying or_connection_t.
622  */
623 static int
625 {
626  size_t outbuf_len;
627  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
628 
629  tor_assert(tlschan);
630  if (!(tlschan->conn)) {
631  log_info(LD_CHANNEL,
632  "something called has_queued_writes on a tlschan "
633  "(%p with ID %"PRIu64 " but no conn",
634  chan, (chan->global_identifier));
635  }
636 
637  outbuf_len = (tlschan->conn != NULL) ?
638  connection_get_outbuf_len(TO_CONN(tlschan->conn)) :
639  0;
640 
641  return (outbuf_len > 0);
642 }
643 
644 /**
645  * Tell the upper layer if we're canonical.
646  *
647  * This implements the is_canonical method for channel_tls_t; if req is zero,
648  * it returns whether this is a canonical channel, and if it is one it returns
649  * whether that can be relied upon.
650  */
651 static int
652 channel_tls_is_canonical_method(channel_t *chan, int req)
653 {
654  int answer = 0;
655  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
656 
657  tor_assert(tlschan);
658 
659  if (tlschan->conn) {
660  switch (req) {
661  case 0:
662  answer = tlschan->conn->is_canonical;
663  break;
664  case 1:
665  /*
666  * Is the is_canonical bit reliable? In protocols version 2 and up
667  * we get the canonical address from a NETINFO cell, but in older
668  * versions it might be based on an obsolete descriptor.
669  */
670  answer = (tlschan->conn->link_proto >= 2);
671  break;
672  default:
673  /* This shouldn't happen; channel.c is broken if it does */
674  tor_assert_nonfatal_unreached_once();
675  }
676  }
677  /* else return 0 for tlschan->conn == NULL */
678 
679  return answer;
680 }
681 
682 /**
683  * Check if we match an extend_info_t.
684  *
685  * This implements the matches_extend_info method for channel_tls_t; the upper
686  * layer wants to know if this channel matches an extend_info_t.
687  */
688 static int
690  extend_info_t *extend_info)
691 {
692  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
693 
694  tor_assert(tlschan);
695  tor_assert(extend_info);
696 
697  /* Never match if we have no conn */
698  if (!(tlschan->conn)) {
699  log_info(LD_CHANNEL,
700  "something called matches_extend_info on a tlschan "
701  "(%p with ID %"PRIu64 " but no conn",
702  chan, (chan->global_identifier));
703  return 0;
704  }
705 
706  return (tor_addr_eq(&(extend_info->addr),
707  &(TO_CONN(tlschan->conn)->addr)) &&
708  (extend_info->port == TO_CONN(tlschan->conn)->port));
709 }
710 
711 /**
712  * Check if we match a target address; return true iff we do.
713  *
714  * This implements the matches_target method for channel_tls t_; the upper
715  * layer wants to know if this channel matches a target address when extending
716  * a circuit.
717  */
718 static int
720  const tor_addr_t *target)
721 {
722  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
723 
724  tor_assert(tlschan);
725  tor_assert(target);
726 
727  /* Never match if we have no conn */
728  if (!(tlschan->conn)) {
729  log_info(LD_CHANNEL,
730  "something called matches_target on a tlschan "
731  "(%p with ID %"PRIu64 " but no conn",
732  chan, (chan->global_identifier));
733  return 0;
734  }
735 
736  /* real_addr is the address this connection came from.
737  * base_.addr is updated by connection_or_init_conn_from_address()
738  * to be the address in the descriptor. It may be tempting to
739  * allow either address to be allowed, but if we did so, it would
740  * enable someone who steals a relay's keys to impersonate/MITM it
741  * from anywhere on the Internet! (Because they could make long-lived
742  * TLS connections from anywhere to all relays, and wait for them to
743  * be used for extends).
744  */
745  return tor_addr_eq(&(tlschan->conn->real_addr), target);
746 }
747 
748 /**
749  * Tell the upper layer how many bytes we have queued and not yet
750  * sent.
751  */
752 static size_t
754 {
755  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
756 
757  tor_assert(tlschan);
758  tor_assert(tlschan->conn);
759 
760  return connection_get_outbuf_len(TO_CONN(tlschan->conn));
761 }
762 
763 /**
764  * Tell the upper layer how many cells we can accept to write.
765  *
766  * This implements the num_cells_writeable method for channel_tls_t; it
767  * returns an estimate of the number of cells we can accept with
768  * channel_tls_write_*_cell().
769  */
770 static int
772 {
773  size_t outbuf_len;
774  ssize_t n;
775  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
776  size_t cell_network_size;
777 
778  tor_assert(tlschan);
779  tor_assert(tlschan->conn);
780 
781  cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
782  outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn));
783  /* Get the number of cells */
784  n = CEIL_DIV(OR_CONN_HIGHWATER - outbuf_len, cell_network_size);
785  if (n < 0) n = 0;
786 #if SIZEOF_SIZE_T > SIZEOF_INT
787  if (n > INT_MAX) n = INT_MAX;
788 #endif
789 
790  return (int)n;
791 }
792 
793 /**
794  * Write a cell to a channel_tls_t.
795  *
796  * This implements the write_cell method for channel_tls_t; given a
797  * channel_tls_t and a cell_t, transmit the cell_t.
798  */
799 static int
800 channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
801 {
802  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
803  int written = 0;
804 
805  tor_assert(tlschan);
806  tor_assert(cell);
807 
808  if (tlschan->conn) {
809  connection_or_write_cell_to_buf(cell, tlschan->conn);
810  ++written;
811  } else {
812  log_info(LD_CHANNEL,
813  "something called write_cell on a tlschan "
814  "(%p with ID %"PRIu64 " but no conn",
815  chan, (chan->global_identifier));
816  }
817 
818  return written;
819 }
820 
821 /**
822  * Write a packed cell to a channel_tls_t.
823  *
824  * This implements the write_packed_cell method for channel_tls_t; given a
825  * channel_tls_t and a packed_cell_t, transmit the packed_cell_t.
826  *
827  * Return 0 on success or negative value on error. The caller must free the
828  * packed cell.
829  */
830 static int
832  packed_cell_t *packed_cell)
833 {
834  tor_assert(chan);
835  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
836  size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
837 
838  tor_assert(tlschan);
839  tor_assert(packed_cell);
840 
841  if (tlschan->conn) {
842  connection_buf_add(packed_cell->body, cell_network_size,
843  TO_CONN(tlschan->conn));
844  } else {
845  log_info(LD_CHANNEL,
846  "something called write_packed_cell on a tlschan "
847  "(%p with ID %"PRIu64 " but no conn",
848  chan, (chan->global_identifier));
849  return -1;
850  }
851 
852  return 0;
853 }
854 
855 /**
856  * Write a variable-length cell to a channel_tls_t.
857  *
858  * This implements the write_var_cell method for channel_tls_t; given a
859  * channel_tls_t and a var_cell_t, transmit the var_cell_t.
860  */
861 static int
863 {
864  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
865  int written = 0;
866 
867  tor_assert(tlschan);
868  tor_assert(var_cell);
869 
870  if (tlschan->conn) {
871  connection_or_write_var_cell_to_buf(var_cell, tlschan->conn);
872  ++written;
873  } else {
874  log_info(LD_CHANNEL,
875  "something called write_var_cell on a tlschan "
876  "(%p with ID %"PRIu64 " but no conn",
877  chan, (chan->global_identifier));
878  }
879 
880  return written;
881 }
882 
883 /*************************************************
884  * Method implementations for channel_listener_t *
885  ************************************************/
886 
887 /**
888  * Close a channel_listener_t.
889  *
890  * This implements the close method for channel_listener_t.
891  */
892 static void
893 channel_tls_listener_close_method(channel_listener_t *chan_l)
894 {
895  tor_assert(chan_l);
896 
897  /*
898  * Listeners we just go ahead and change state through to CLOSED, but
899  * make sure to check if they're channel_tls_listener to NULL it out.
900  */
901  if (chan_l == channel_tls_listener)
902  channel_tls_listener = NULL;
903 
904  if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSING ||
905  chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
906  chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
908  }
909 
910  if (chan_l->incoming_list) {
911  SMARTLIST_FOREACH_BEGIN(chan_l->incoming_list,
912  channel_t *, ichan) {
913  channel_mark_for_close(ichan);
914  } SMARTLIST_FOREACH_END(ichan);
915 
916  smartlist_free(chan_l->incoming_list);
917  chan_l->incoming_list = NULL;
918  }
919 
920  if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
921  chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
923  }
924 }
925 
926 /**
927  * Describe the transport for a channel_listener_t.
928  *
929  * This returns the string "TLS channel (listening)" to the upper
930  * layer.
931  */
932 static const char *
934 {
935  tor_assert(chan_l);
936 
937  return "TLS channel (listening)";
938 }
939 
940 /*******************************************************
941  * Functions for handling events on an or_connection_t *
942  ******************************************************/
943 
944 /**
945  * Handle an orconn state change.
946  *
947  * This function will be called by connection_or.c when the or_connection_t
948  * associated with this channel_tls_t changes state.
949  */
950 void
952  or_connection_t *conn,
953  uint8_t state)
954 {
955  channel_t *base_chan;
956 
957  tor_assert(chan);
958  tor_assert(conn);
959  tor_assert(conn->chan == chan);
960  tor_assert(chan->conn == conn);
961 
962  base_chan = TLS_CHAN_TO_BASE(chan);
963 
964  /* Make sure the base connection state makes sense - shouldn't be error
965  * or closed. */
966 
967  tor_assert(CHANNEL_IS_OPENING(base_chan) ||
968  CHANNEL_IS_OPEN(base_chan) ||
969  CHANNEL_IS_MAINT(base_chan) ||
970  CHANNEL_IS_CLOSING(base_chan));
971 
972  /* Did we just go to state open? */
973  if (state == OR_CONN_STATE_OPEN) {
974  /*
975  * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or
976  * CHANNEL_STATE_MAINT on this.
977  */
978  channel_change_state_open(base_chan);
979  /* We might have just become writeable; check and tell the scheduler */
980  if (connection_or_num_cells_writeable(conn) > 0) {
982  }
983  } else {
984  /*
985  * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
986  * otherwise no change.
987  */
988  if (CHANNEL_IS_OPEN(base_chan)) {
990  }
991  }
992 }
993 
994 #ifdef KEEP_TIMING_STATS
995 
996 /**
997  * Timing states wrapper.
998  *
999  * This is a wrapper function around the actual function that processes the
1000  * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b>
1001  * by the number of microseconds used by the call to <b>*func(cell, chan)</b>.
1002  */
1003 static void
1004 channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,
1005  void (*func)(cell_t *, channel_tls_t *))
1006 {
1007  struct timeval start, end;
1008  long time_passed;
1009 
1010  tor_gettimeofday(&start);
1011 
1012  (*func)(cell, chan);
1013 
1014  tor_gettimeofday(&end);
1015  time_passed = tv_udiff(&start, &end) ;
1016 
1017  if (time_passed > 10000) { /* more than 10ms */
1018  log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
1019  }
1020 
1021  if (time_passed < 0) {
1022  log_info(LD_GENERAL,"That call took us back in time!");
1023  time_passed = 0;
1024  }
1025 
1026  *time += time_passed;
1027 }
1028 #endif /* defined(KEEP_TIMING_STATS) */
1029 
1030 #ifdef KEEP_TIMING_STATS
1031 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
1032  ++num ## tp; \
1033  channel_tls_time_process_cell(cl, cn, & tp ## time , \
1034  channel_tls_process_ ## tp ## _cell); \
1035  } STMT_END
1036 #else /* !defined(KEEP_TIMING_STATS) */
1037 #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
1038 #endif /* defined(KEEP_TIMING_STATS) */
1039 
1040 /**
1041  * Handle an incoming cell on a channel_tls_t.
1042  *
1043  * This is called from connection_or.c to handle an arriving cell; it checks
1044  * for cell types specific to the handshake for this transport protocol and
1045  * handles them, and queues all other cells to the channel_t layer, which
1046  * eventually will hand them off to command.c.
1047  *
1048  * The channel layer itself decides whether the cell should be queued or
1049  * can be handed off immediately to the upper-layer code. It is responsible
1050  * for copying in the case that it queues; we merely pass pointers through
1051  * which we get from connection_or_process_cells_from_inbuf().
1052  */
1053 void
1055 {
1056  channel_tls_t *chan;
1057  int handshaking;
1058 
1059  tor_assert(cell);
1060  tor_assert(conn);
1061 
1062  chan = conn->chan;
1063 
1064  if (!chan) {
1065  log_warn(LD_CHANNEL,
1066  "Got a cell_t on an OR connection with no channel");
1067  return;
1068  }
1069 
1070  handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);
1071 
1072  if (conn->base_.marked_for_close)
1073  return;
1074 
1075  /* Reject all but VERSIONS and NETINFO when handshaking. */
1076  /* (VERSIONS actually indicates a protocol warning: it's variable-length,
1077  * so if it reaches this function, we're on a v1 connection.) */
1078  if (handshaking && cell->command != CELL_VERSIONS &&
1079  cell->command != CELL_NETINFO) {
1080  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1081  "Received unexpected cell command %d in chan state %s / "
1082  "conn state %s; closing the connection.",
1083  (int)cell->command,
1084  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1085  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state));
1087  return;
1088  }
1089 
1090  if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
1091  or_handshake_state_record_cell(conn, conn->handshake_state, cell, 1);
1092 
1093  /* We note that we're on the internet whenever we read a cell. This is
1094  * a fast operation. */
1097 
1098  if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1100 
1101  switch (cell->command) {
1102  case CELL_PADDING:
1104  if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1107  /* do nothing */
1108  break;
1109  case CELL_VERSIONS:
1110  /* A VERSIONS cell should always be a variable-length cell, and
1111  * so should never reach this function (which handles constant-sized
1112  * cells). But if the connection is using the (obsolete) v1 link
1113  * protocol, all cells will be treated as constant-sized, and so
1114  * it's possible we'll reach this code.
1115  */
1116  log_fn(LOG_PROTOCOL_WARN, LD_CHANNEL,
1117  "Received unexpected VERSIONS cell on a channel using link "
1118  "protocol %d; ignoring.", conn->link_proto);
1119  break;
1120  case CELL_NETINFO:
1122  PROCESS_CELL(netinfo, cell, chan);
1123  break;
1124  case CELL_PADDING_NEGOTIATE:
1126  PROCESS_CELL(padding_negotiate, cell, chan);
1127  break;
1128  case CELL_CREATE:
1129  case CELL_CREATE_FAST:
1130  case CELL_CREATED:
1131  case CELL_CREATED_FAST:
1132  case CELL_RELAY:
1133  case CELL_RELAY_EARLY:
1134  case CELL_DESTROY:
1135  case CELL_CREATE2:
1136  case CELL_CREATED2:
1137  /*
1138  * These are all transport independent and we pass them up through the
1139  * channel_t mechanism. They are ultimately handled in command.c.
1140  */
1141  channel_process_cell(TLS_CHAN_TO_BASE(chan), cell);
1142  break;
1143  default:
1145  "Cell of unknown type (%d) received in channeltls.c. "
1146  "Dropping.",
1147  cell->command);
1148  break;
1149  }
1150 }
1151 
1152 /**
1153  * Handle an incoming variable-length cell on a channel_tls_t.
1154  *
1155  * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep
1156  * internal statistics about how many of each cell we've processed so far
1157  * this second, and the total number of microseconds it took to
1158  * process each type of cell. All the var_cell commands are handshake-
1159  * related and live below the channel_t layer, so no variable-length
1160  * cells ever get delivered in the current implementation, but I've left
1161  * the mechanism in place for future use.
1162  *
1163  * If we were handing them off to the upper layer, the channel_t queueing
1164  * code would be responsible for memory management, and we'd just be passing
1165  * pointers through from connection_or_process_cells_from_inbuf(). That
1166  * caller always frees them after this function returns, so this function
1167  * should never free var_cell.
1168  */
1169 void
1171 {
1172  channel_tls_t *chan;
1173 
1174 #ifdef KEEP_TIMING_STATS
1175  /* how many of each cell have we seen so far this second? needs better
1176  * name. */
1177  static int num_versions = 0, num_certs = 0;
1178  static time_t current_second = 0; /* from previous calls to time */
1179  time_t now = time(NULL);
1180 
1181  if (current_second == 0) current_second = now;
1182  if (now > current_second) { /* the second has rolled over */
1183  /* print stats */
1184  log_info(LD_OR,
1185  "At end of second: %d versions (%d ms), %d certs (%d ms)",
1186  num_versions, versions_time / ((now - current_second) * 1000),
1187  num_certs, certs_time / ((now - current_second) * 1000));
1188 
1189  num_versions = num_certs = 0;
1190  versions_time = certs_time = 0;
1191 
1192  /* remember which second it is, for next time */
1193  current_second = now;
1194  }
1195 #endif /* defined(KEEP_TIMING_STATS) */
1196 
1197  tor_assert(var_cell);
1198  tor_assert(conn);
1199 
1200  chan = conn->chan;
1201 
1202  if (!chan) {
1203  log_warn(LD_CHANNEL,
1204  "Got a var_cell_t on an OR connection with no channel");
1205  return;
1206  }
1207 
1208  if (TO_CONN(conn)->marked_for_close)
1209  return;
1210 
1211  switch (TO_CONN(conn)->state) {
1213  if (var_cell->command != CELL_VERSIONS) {
1214  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1215  "Received a cell with command %d in unexpected "
1216  "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1217  "closing the connection.",
1218  (int)(var_cell->command),
1219  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1220  TO_CONN(conn)->state,
1221  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1222  (int)(TLS_CHAN_TO_BASE(chan)->state));
1223  /*
1224  * The code in connection_or.c will tell channel_t to close for
1225  * error; it will go to CHANNEL_STATE_CLOSING, and then to
1226  * CHANNEL_STATE_ERROR when conn is closed.
1227  */
1229  return;
1230  }
1231  break;
1233  /* If we're using bufferevents, it's entirely possible for us to
1234  * notice "hey, data arrived!" before we notice "hey, the handshake
1235  * finished!" And we need to be accepting both at once to handle both
1236  * the v2 and v3 handshakes. */
1237  /* But that should be happening any longer've disabled bufferevents. */
1238  tor_assert_nonfatal_unreached_once();
1239 
1240  /* fall through */
1242  if (!(command_allowed_before_handshake(var_cell->command))) {
1243  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1244  "Received a cell with command %d in unexpected "
1245  "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1246  "closing the connection.",
1247  (int)(var_cell->command),
1248  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1249  (int)(TO_CONN(conn)->state),
1250  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1251  (int)(TLS_CHAN_TO_BASE(chan)->state));
1252  /* see above comment about CHANNEL_STATE_ERROR */
1254  return;
1255  } else {
1256  if (enter_v3_handshake_with_cell(var_cell, chan) < 0)
1257  return;
1258  }
1259  break;
1261  if (var_cell->command != CELL_AUTHENTICATE)
1263  var_cell, 1);
1264  break; /* Everything is allowed */
1265  case OR_CONN_STATE_OPEN:
1266  if (conn->link_proto < 3) {
1267  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1268  "Received a variable-length cell with command %d in orconn "
1269  "state %s [%d], channel state %s [%d] with link protocol %d; "
1270  "ignoring it.",
1271  (int)(var_cell->command),
1272  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1273  (int)(TO_CONN(conn)->state),
1274  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1275  (int)(TLS_CHAN_TO_BASE(chan)->state),
1276  (int)(conn->link_proto));
1277  return;
1278  }
1279  break;
1280  default:
1281  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1282  "Received var-length cell with command %d in unexpected "
1283  "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1284  "ignoring it.",
1285  (int)(var_cell->command),
1286  conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1287  (int)(TO_CONN(conn)->state),
1288  channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1289  (int)(TLS_CHAN_TO_BASE(chan)->state));
1290  return;
1291  }
1292 
1293  /* We note that we're on the internet whenever we read a cell. This is
1294  * a fast operation. */
1296 
1297  /* Now handle the cell */
1298 
1299  switch (var_cell->command) {
1300  case CELL_VERSIONS:
1302  PROCESS_CELL(versions, var_cell, chan);
1303  break;
1304  case CELL_VPADDING:
1306  /* Do nothing */
1307  break;
1308  case CELL_CERTS:
1310  PROCESS_CELL(certs, var_cell, chan);
1311  break;
1312  case CELL_AUTH_CHALLENGE:
1314  PROCESS_CELL(auth_challenge, var_cell, chan);
1315  break;
1316  case CELL_AUTHENTICATE:
1318  PROCESS_CELL(authenticate, var_cell, chan);
1319  break;
1320  case CELL_AUTHORIZE:
1322  /* Ignored so far. */
1323  break;
1324  default:
1326  "Variable-length cell of unknown type (%d) received.",
1327  (int)(var_cell->command));
1328  break;
1329  }
1330 }
1331 
1332 #undef PROCESS_CELL
1333 
1334 /**
1335  * Update channel marks after connection_or.c has changed an address.
1336  *
1337  * This is called from connection_or_init_conn_from_address() after the
1338  * connection's _base.addr or real_addr fields have potentially been changed
1339  * so we can recalculate the local mark. Notably, this happens when incoming
1340  * connections are reverse-proxied and we only learn the real address of the
1341  * remote router by looking it up in the consensus after we finish the
1342  * handshake and know an authenticated identity digest.
1343  */
1344 void
1346 {
1347  channel_t *chan = NULL;
1348 
1349  tor_assert(conn);
1350  tor_assert(conn->chan);
1351 
1352  chan = TLS_CHAN_TO_BASE(conn->chan);
1353 
1354  if (is_local_addr(&(TO_CONN(conn)->addr))) {
1355  if (!channel_is_local(chan)) {
1356  log_debug(LD_CHANNEL,
1357  "Marking channel %"PRIu64 " at %p as local",
1358  (chan->global_identifier), chan);
1359  channel_mark_local(chan);
1360  }
1361  } else {
1362  if (channel_is_local(chan)) {
1363  log_debug(LD_CHANNEL,
1364  "Marking channel %"PRIu64 " at %p as remote",
1365  (chan->global_identifier), chan);
1366  channel_mark_remote(chan);
1367  }
1368  }
1369 }
1370 
1371 /**
1372  * Check if this cell type is allowed before the handshake is finished.
1373  *
1374  * Return true if <b>command</b> is a cell command that's allowed to start a
1375  * V3 handshake.
1376  */
1377 static int
1379 {
1380  switch (command) {
1381  case CELL_VERSIONS:
1382  case CELL_VPADDING:
1383  case CELL_AUTHORIZE:
1384  return 1;
1385  default:
1386  return 0;
1387  }
1388 }
1389 
1390 /**
1391  * Start a V3 handshake on an incoming connection.
1392  *
1393  * Called when we as a server receive an appropriate cell while waiting
1394  * either for a cell or a TLS handshake. Set the connection's state to
1395  * "handshaking_v3', initializes the or_handshake_state field as needed,
1396  * and add the cell to the hash of incoming cells.)
1397  */
1398 static int
1399 enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan)
1400 {
1401  int started_here = 0;
1402 
1403  tor_assert(cell);
1404  tor_assert(chan);
1405  tor_assert(chan->conn);
1406 
1407  started_here = connection_or_nonopen_was_started_here(chan->conn);
1408 
1409  tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING ||
1410  TO_CONN(chan->conn)->state ==
1412 
1413  if (started_here) {
1414  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1415  "Received a cell while TLS-handshaking, not in "
1416  "OR_HANDSHAKING_V3, on a connection we originated.");
1417  }
1419  chan->conn->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
1420  if (connection_init_or_handshake_state(chan->conn, started_here) < 0) {
1421  connection_or_close_for_error(chan->conn, 0);
1422  return -1;
1423  }
1425  chan->conn->handshake_state, cell, 1);
1426  return 0;
1427 }
1428 
1429 /**
1430  * Process a 'versions' cell.
1431  *
1432  * This function is called to handle an incoming VERSIONS cell; the current
1433  * link protocol version must be 0 to indicate that no version has yet been
1434  * negotiated. We compare the versions in the cell to the list of versions
1435  * we support, pick the highest version we have in common, and continue the
1436  * negotiation from there.
1437  */
1438 static void
1440 {
1441  int highest_supported_version = 0;
1442  int started_here = 0;
1443 
1444  tor_assert(cell);
1445  tor_assert(chan);
1446  tor_assert(chan->conn);
1447 
1448  if ((cell->payload_len % 2) == 1) {
1449  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1450  "Received a VERSION cell with odd payload length %d; "
1451  "closing connection.",cell->payload_len);
1452  connection_or_close_for_error(chan->conn, 0);
1453  return;
1454  }
1455 
1456  started_here = connection_or_nonopen_was_started_here(chan->conn);
1457 
1458  if (chan->conn->link_proto != 0 ||
1459  (chan->conn->handshake_state &&
1460  chan->conn->handshake_state->received_versions)) {
1461  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1462  "Received a VERSIONS cell on a connection with its version "
1463  "already set to %d; dropping",
1464  (int)(chan->conn->link_proto));
1465  return;
1466  }
1467  switch (chan->conn->base_.state)
1468  {
1471  break;
1474  default:
1475  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1476  "VERSIONS cell while in unexpected state");
1477  return;
1478  }
1479 
1480  tor_assert(chan->conn->handshake_state);
1481 
1482  {
1483  int i;
1484  const uint8_t *cp = cell->payload;
1485  for (i = 0; i < cell->payload_len / 2; ++i, cp += 2) {
1486  uint16_t v = ntohs(get_uint16(cp));
1487  if (is_or_protocol_version_known(v) && v > highest_supported_version)
1488  highest_supported_version = v;
1489  }
1490  }
1491  if (!highest_supported_version) {
1492  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1493  "Couldn't find a version in common between my version list and the "
1494  "list in the VERSIONS cell; closing connection.");
1495  connection_or_close_for_error(chan->conn, 0);
1496  return;
1497  } else if (highest_supported_version == 1) {
1498  /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
1499  * cells. */
1500  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1501  "Used version negotiation protocol to negotiate a v1 connection. "
1502  "That's crazily non-compliant. Closing connection.");
1503  connection_or_close_for_error(chan->conn, 0);
1504  return;
1505  } else if (highest_supported_version < 3 &&
1506  chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
1507  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1508  "Negotiated link protocol 2 or lower after doing a v3 TLS "
1509  "handshake. Closing connection.");
1510  connection_or_close_for_error(chan->conn, 0);
1511  return;
1512  } else if (highest_supported_version != 2 &&
1513  chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
1514  /* XXXX This should eventually be a log_protocol_warn */
1516  "Negotiated link with non-2 protocol after doing a v2 TLS "
1517  "handshake with %s. Closing connection.",
1518  fmt_addr(&chan->conn->base_.addr));
1519  connection_or_close_for_error(chan->conn, 0);
1520  return;
1521  }
1522 
1523  rep_hist_note_negotiated_link_proto(highest_supported_version, started_here);
1524 
1525  chan->conn->link_proto = highest_supported_version;
1526  chan->conn->handshake_state->received_versions = 1;
1527 
1528  if (chan->conn->link_proto == 2) {
1529  log_info(LD_OR,
1530  "Negotiated version %d with %s:%d; sending NETINFO.",
1531  highest_supported_version,
1532  safe_str_client(chan->conn->base_.address),
1533  chan->conn->base_.port);
1534 
1535  if (connection_or_send_netinfo(chan->conn) < 0) {
1536  connection_or_close_for_error(chan->conn, 0);
1537  return;
1538  }
1539  } else {
1540  const int send_versions = !started_here;
1541  /* If we want to authenticate, send a CERTS cell */
1542  const int send_certs = !started_here || public_server_mode(get_options());
1543  /* If we're a host that got a connection, ask for authentication. */
1544  const int send_chall = !started_here;
1545  /* If our certs cell will authenticate us, we can send a netinfo cell
1546  * right now. */
1547  const int send_netinfo = !started_here;
1548  const int send_any =
1549  send_versions || send_certs || send_chall || send_netinfo;
1550  tor_assert(chan->conn->link_proto >= 3);
1551 
1552  log_info(LD_OR,
1553  "Negotiated version %d with %s:%d; %s%s%s%s%s",
1554  highest_supported_version,
1555  safe_str_client(chan->conn->base_.address),
1556  chan->conn->base_.port,
1557  send_any ? "Sending cells:" : "Waiting for CERTS cell",
1558  send_versions ? " VERSIONS" : "",
1559  send_certs ? " CERTS" : "",
1560  send_chall ? " AUTH_CHALLENGE" : "",
1561  send_netinfo ? " NETINFO" : "");
1562 
1563 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
1564  if (1) {
1565  connection_or_close_normally(chan->conn, 1);
1566  return;
1567  }
1568 #endif /* defined(DISABLE_V3_LINKPROTO_SERVERSIDE) */
1569 
1570  if (send_versions) {
1571  if (connection_or_send_versions(chan->conn, 1) < 0) {
1572  log_warn(LD_OR, "Couldn't send versions cell");
1573  connection_or_close_for_error(chan->conn, 0);
1574  return;
1575  }
1576  }
1577 
1578  /* We set this after sending the versions cell. */
1579  /*XXXXX symbolic const.*/
1580  TLS_CHAN_TO_BASE(chan)->wide_circ_ids =
1581  chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
1582  chan->conn->wide_circ_ids = TLS_CHAN_TO_BASE(chan)->wide_circ_ids;
1583 
1584  TLS_CHAN_TO_BASE(chan)->padding_enabled =
1585  chan->conn->link_proto >= MIN_LINK_PROTO_FOR_CHANNEL_PADDING;
1586 
1587  if (send_certs) {
1588  if (connection_or_send_certs_cell(chan->conn) < 0) {
1589  log_warn(LD_OR, "Couldn't send certs cell");
1590  connection_or_close_for_error(chan->conn, 0);
1591  return;
1592  }
1593  }
1594  if (send_chall) {
1595  if (connection_or_send_auth_challenge_cell(chan->conn) < 0) {
1596  log_warn(LD_OR, "Couldn't send auth_challenge cell");
1597  connection_or_close_for_error(chan->conn, 0);
1598  return;
1599  }
1600  }
1601  if (send_netinfo) {
1602  if (connection_or_send_netinfo(chan->conn) < 0) {
1603  log_warn(LD_OR, "Couldn't send netinfo cell");
1604  connection_or_close_for_error(chan->conn, 0);
1605  return;
1606  }
1607  }
1608  }
1609 }
1610 
1611 /**
1612  * Process a 'padding_negotiate' cell.
1613  *
1614  * This function is called to handle an incoming PADDING_NEGOTIATE cell;
1615  * enable or disable padding accordingly, and read and act on its timeout
1616  * value contents.
1617  */
1618 static void
1620 {
1621  channelpadding_negotiate_t *negotiation;
1622  tor_assert(cell);
1623  tor_assert(chan);
1624  tor_assert(chan->conn);
1625 
1626  if (chan->conn->link_proto < MIN_LINK_PROTO_FOR_CHANNEL_PADDING) {
1627  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1628  "Received a PADDING_NEGOTIATE cell on v%d connection; dropping.",
1629  chan->conn->link_proto);
1630  return;
1631  }
1632 
1633  if (channelpadding_negotiate_parse(&negotiation, cell->payload,
1634  CELL_PAYLOAD_SIZE) < 0) {
1635  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1636  "Received malformed PADDING_NEGOTIATE cell on v%d connection; "
1637  "dropping.", chan->conn->link_proto);
1638 
1639  return;
1640  }
1641 
1642  channelpadding_update_padding_for_channel(TLS_CHAN_TO_BASE(chan),
1643  negotiation);
1644 
1645  channelpadding_negotiate_free(negotiation);
1646 }
1647 
1648 /**
1649  * Convert <b>netinfo_addr</b> into corresponding <b>tor_addr</b>.
1650  * Return 0 on success; on failure, return -1 and log a warning.
1651  */
1652 static int
1654  const netinfo_addr_t *netinfo_addr) {
1655  tor_assert(tor_addr);
1656  tor_assert(netinfo_addr);
1657 
1658  uint8_t type = netinfo_addr_get_addr_type(netinfo_addr);
1659  uint8_t len = netinfo_addr_get_len(netinfo_addr);
1660 
1661  if (type == NETINFO_ADDR_TYPE_IPV4 && len == 4) {
1662  uint32_t ipv4 = netinfo_addr_get_addr_ipv4(netinfo_addr);
1663  tor_addr_from_ipv4h(tor_addr, ipv4);
1664  } else if (type == NETINFO_ADDR_TYPE_IPV6 && len == 16) {
1665  const uint8_t *ipv6_bytes = netinfo_addr_getconstarray_addr_ipv6(
1666  netinfo_addr);
1667  tor_addr_from_ipv6_bytes(tor_addr, (const char *)ipv6_bytes);
1668  } else {
1669  log_fn(LOG_PROTOCOL_WARN, LD_OR, "Cannot read address from NETINFO "
1670  "- wrong type/length.");
1671  return -1;
1672  }
1673 
1674  return 0;
1675 }
1676 
1677 /**
1678  * Helper: compute the absolute value of a time_t.
1679  *
1680  * (we need this because labs() doesn't always work for time_t, since
1681  * long can be shorter than time_t.)
1682  */
1683 static inline time_t
1684 time_abs(time_t val)
1685 {
1686  return (val < 0) ? -val : val;
1687 }
1688 
1689 /**
1690  * Process a 'netinfo' cell
1691  *
1692  * This function is called to handle an incoming NETINFO cell; read and act
1693  * on its contents, and set the connection state to "open".
1694  */
1695 static void
1696 channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
1697 {
1698  time_t timestamp;
1699  uint8_t my_addr_type;
1700  uint8_t my_addr_len;
1701  uint8_t n_other_addrs;
1702  time_t now = time(NULL);
1703  const routerinfo_t *me = router_get_my_routerinfo();
1704 
1705  time_t apparent_skew = 0;
1706  tor_addr_t my_apparent_addr = TOR_ADDR_NULL;
1707  int started_here = 0;
1708  const char *identity_digest = NULL;
1709 
1710  tor_assert(cell);
1711  tor_assert(chan);
1712  tor_assert(chan->conn);
1713 
1714  if (chan->conn->link_proto < 2) {
1715  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1716  "Received a NETINFO cell on %s connection; dropping.",
1717  chan->conn->link_proto == 0 ? "non-versioned" : "a v1");
1718  return;
1719  }
1720  if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
1721  chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
1722  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1723  "Received a NETINFO cell on non-handshaking connection; dropping.");
1724  return;
1725  }
1726  tor_assert(chan->conn->handshake_state &&
1727  chan->conn->handshake_state->received_versions);
1728  started_here = connection_or_nonopen_was_started_here(chan->conn);
1729  identity_digest = chan->conn->identity_digest;
1730 
1731  if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
1732  tor_assert(chan->conn->link_proto >= 3);
1733  if (started_here) {
1734  if (!(chan->conn->handshake_state->authenticated)) {
1735  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1736  "Got a NETINFO cell from server, "
1737  "but no authentication. Closing the connection.");
1738  connection_or_close_for_error(chan->conn, 0);
1739  return;
1740  }
1741  } else {
1742  /* we're the server. If the client never authenticated, we have
1743  some housekeeping to do.*/
1744  if (!(chan->conn->handshake_state->authenticated)) {
1746  (const char*)(chan->conn->handshake_state->
1747  authenticated_rsa_peer_id)));
1749  (const char*)(chan->conn->handshake_state->
1750  authenticated_ed25519_peer_id.pubkey), 32));
1751  /* If the client never authenticated, it's a tor client or bridge
1752  * relay, and we must not use it for EXTEND requests (nor could we, as
1753  * there are no authenticated peer IDs) */
1754  channel_mark_client(TLS_CHAN_TO_BASE(chan));
1755  channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
1756  chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
1757 
1759  &(chan->conn->base_.addr),
1760  chan->conn->base_.port,
1761  /* zero, checked above */
1762  (const char*)(chan->conn->handshake_state->
1763  authenticated_rsa_peer_id),
1764  NULL, /* Ed25519 ID: Also checked as zero */
1765  0);
1766  }
1767  }
1768  }
1769 
1770  /* Decode the cell. */
1771  netinfo_cell_t *netinfo_cell = NULL;
1772 
1773  ssize_t parsed = netinfo_cell_parse(&netinfo_cell, cell->payload,
1775 
1776  if (parsed < 0) {
1777  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1778  "Failed to parse NETINFO cell - closing connection.");
1779  connection_or_close_for_error(chan->conn, 0);
1780  return;
1781  }
1782 
1783  timestamp = netinfo_cell_get_timestamp(netinfo_cell);
1784 
1785  const netinfo_addr_t *my_addr =
1786  netinfo_cell_getconst_other_addr(netinfo_cell);
1787 
1788  my_addr_type = netinfo_addr_get_addr_type(my_addr);
1789  my_addr_len = netinfo_addr_get_len(my_addr);
1790 
1791  if ((now - chan->conn->handshake_state->sent_versions_at) < 180) {
1792  apparent_skew = now - timestamp;
1793  }
1794  /* We used to check:
1795  * if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) {
1796  *
1797  * This is actually never going to happen, since my_addr_len is at most 255,
1798  * and CELL_PAYLOAD_LEN - 6 is 503. So we know that cp is < end. */
1799 
1800  if (tor_addr_from_netinfo_addr(&my_apparent_addr, my_addr) == -1) {
1801  connection_or_close_for_error(chan->conn, 0);
1802  netinfo_cell_free(netinfo_cell);
1803  return;
1804  }
1805 
1806  if (my_addr_type == NETINFO_ADDR_TYPE_IPV4 && my_addr_len == 4) {
1807  if (!get_options()->BridgeRelay && me &&
1808  tor_addr_eq_ipv4h(&my_apparent_addr, me->addr)) {
1809  TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1810  }
1811  } else if (my_addr_type == NETINFO_ADDR_TYPE_IPV6 &&
1812  my_addr_len == 16) {
1813  if (!get_options()->BridgeRelay && me &&
1814  !tor_addr_is_null(&me->ipv6_addr) &&
1815  tor_addr_eq(&my_apparent_addr, &me->ipv6_addr)) {
1816  TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1817  }
1818  }
1819 
1820  n_other_addrs = netinfo_cell_get_n_my_addrs(netinfo_cell);
1821  for (uint8_t i = 0; i < n_other_addrs; i++) {
1822  /* Consider all the other addresses; if any matches, this connection is
1823  * "canonical." */
1824 
1825  const netinfo_addr_t *netinfo_addr =
1826  netinfo_cell_getconst_my_addrs(netinfo_cell, i);
1827 
1828  tor_addr_t addr;
1829 
1830  if (tor_addr_from_netinfo_addr(&addr, netinfo_addr) == -1) {
1831  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1832  "Bad address in netinfo cell; Skipping.");
1833  continue;
1834  }
1835  /* A relay can connect from anywhere and be canonical, so
1836  * long as it tells you from where it came. This may sound a bit
1837  * concerning... but that's what "canonical" means: that the
1838  * address is one that the relay itself has claimed. The relay
1839  * might be doing something funny, but nobody else is doing a MITM
1840  * on the relay's TCP.
1841  */
1842  if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {
1843  connection_or_set_canonical(chan->conn, 1);
1844  break;
1845  }
1846  }
1847 
1848  netinfo_cell_free(netinfo_cell);
1849 
1850  if (me && !TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer &&
1851  channel_is_canonical(TLS_CHAN_TO_BASE(chan))) {
1852  const char *descr =
1853  TLS_CHAN_TO_BASE(chan)->get_remote_descr(TLS_CHAN_TO_BASE(chan), 0);
1854  log_info(LD_OR,
1855  "We made a connection to a relay at %s (fp=%s) but we think "
1856  "they will not consider this connection canonical. They "
1857  "think we are at %s, but we think its %s.",
1858  safe_str(descr),
1859  safe_str(hex_str(identity_digest, DIGEST_LEN)),
1860  safe_str(tor_addr_is_null(&my_apparent_addr) ?
1861  "<none>" : fmt_and_decorate_addr(&my_apparent_addr)),
1862  safe_str(fmt_addr32(me->addr)));
1863  }
1864 
1865  /* Act on apparent skew. */
1866  /** Warn when we get a netinfo skew with at least this value. */
1867 #define NETINFO_NOTICE_SKEW 3600
1868  if (time_abs(apparent_skew) > NETINFO_NOTICE_SKEW &&
1869  (started_here ||
1870  connection_or_digest_is_known_relay(chan->conn->identity_digest))) {
1871  int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
1872  clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL,
1873  "NETINFO cell", "OR");
1874  }
1875 
1876  /* XXX maybe act on my_apparent_addr, if the source is sufficiently
1877  * trustworthy. */
1878 
1879  if (! chan->conn->handshake_state->sent_netinfo) {
1880  /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
1881  * cell, then we would not previously have sent a NETINFO cell. Do so
1882  * now. */
1883  if (connection_or_send_netinfo(chan->conn) < 0) {
1884  connection_or_close_for_error(chan->conn, 0);
1885  return;
1886  }
1887  }
1888 
1889  if (connection_or_set_state_open(chan->conn) < 0) {
1890  log_fn(LOG_PROTOCOL_WARN, LD_OR,
1891  "Got good NETINFO cell from %s:%d; but "
1892  "was unable to make the OR connection become open.",
1893  safe_str_client(chan->conn->base_.address),
1894  chan->conn->base_.port);
1895  connection_or_close_for_error(chan->conn, 0);
1896  } else {
1897  log_info(LD_OR,
1898  "Got good NETINFO cell from %s:%d; OR connection is now "
1899  "open, using protocol version %d. Its ID digest is %s. "
1900  "Our address is apparently %s.",
1901  safe_str_client(chan->conn->base_.address),
1902  chan->conn->base_.port,
1903  (int)(chan->conn->link_proto),
1904  hex_str(identity_digest, DIGEST_LEN),
1905  tor_addr_is_null(&my_apparent_addr) ?
1906  "<none>" :
1907  safe_str_client(fmt_and_decorate_addr(&my_apparent_addr)));
1908  }
1909  assert_connection_ok(TO_CONN(chan->conn),time(NULL));
1910 }
1911 
1912 /** Types of certificates that we know how to parse from CERTS cells. Each
1913  * type corresponds to a different encoding format. */
1914 typedef enum cert_encoding_t {
1915  CERT_ENCODING_UNKNOWN, /**< We don't recognize this. */
1916  CERT_ENCODING_X509, /**< It's an RSA key, signed with RSA, encoded in x509.
1917  * (Actually, it might not be RSA. We test that later.) */
1918  CERT_ENCODING_ED25519, /**< It's something signed with an Ed25519 key,
1919  * encoded asa a tor_cert_t.*/
1920  CERT_ENCODING_RSA_CROSSCERT, /**< It's an Ed key signed with an RSA key. */
1921 } cert_encoding_t;
1922 
1923 /**
1924  * Given one of the certificate type codes used in a CERTS cell,
1925  * return the corresponding cert_encoding_t that we should use to parse
1926  * the certificate.
1927  */
1928 static cert_encoding_t
1930 {
1931  switch (typenum) {
1932  case CERTTYPE_RSA1024_ID_LINK:
1933  case CERTTYPE_RSA1024_ID_ID:
1934  case CERTTYPE_RSA1024_ID_AUTH:
1935  return CERT_ENCODING_X509;
1936  case CERTTYPE_ED_ID_SIGN:
1937  case CERTTYPE_ED_SIGN_LINK:
1938  case CERTTYPE_ED_SIGN_AUTH:
1939  return CERT_ENCODING_ED25519;
1940  case CERTTYPE_RSA1024_ID_EDID:
1942  default:
1943  return CERT_ENCODING_UNKNOWN;
1944  }
1945 }
1946 
1947 /**
1948  * Process a CERTS cell from a channel.
1949  *
1950  * This function is called to process an incoming CERTS cell on a
1951  * channel_tls_t:
1952  *
1953  * If the other side should not have sent us a CERTS cell, or the cell is
1954  * malformed, or it is supposed to authenticate the TLS key but it doesn't,
1955  * then mark the connection.
1956  *
1957  * If the cell has a good cert chain and we're doing a v3 handshake, then
1958  * store the certificates in or_handshake_state. If this is the client side
1959  * of the connection, we then authenticate the server or mark the connection.
1960  * If it's the server side, wait for an AUTHENTICATE cell.
1961  */
1962 STATIC void
1963 channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
1964 {
1965 #define MAX_CERT_TYPE_WANTED CERTTYPE_RSA1024_ID_EDID
1966  /* These arrays will be sparse, since a cert type can be at most one
1967  * of ed/x509 */
1968  tor_x509_cert_t *x509_certs[MAX_CERT_TYPE_WANTED + 1];
1969  tor_cert_t *ed_certs[MAX_CERT_TYPE_WANTED + 1];
1970  uint8_t *rsa_ed_cc_cert = NULL;
1971  size_t rsa_ed_cc_cert_len = 0;
1972 
1973  int n_certs, i;
1974  certs_cell_t *cc = NULL;
1975 
1976  int send_netinfo = 0, started_here = 0;
1977 
1978  memset(x509_certs, 0, sizeof(x509_certs));
1979  memset(ed_certs, 0, sizeof(ed_certs));
1980  tor_assert(cell);
1981  tor_assert(chan);
1982  tor_assert(chan->conn);
1983 
1984 #define ERR(s) \
1985  do { \
1986  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1987  "Received a bad CERTS cell from %s:%d: %s", \
1988  safe_str(chan->conn->base_.address), \
1989  chan->conn->base_.port, (s)); \
1990  connection_or_close_for_error(chan->conn, 0); \
1991  goto err; \
1992  } while (0)
1993 
1994  /* Can't use connection_or_nonopen_was_started_here(); its conn->tls
1995  * check looks like it breaks
1996  * test_link_handshake_recv_certs_ok_server(). */
1997  started_here = chan->conn->handshake_state->started_here;
1998 
1999  if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2000  ERR("We're not doing a v3 handshake!");
2001  if (chan->conn->link_proto < 3)
2002  ERR("We're not using link protocol >= 3");
2003  if (chan->conn->handshake_state->received_certs_cell)
2004  ERR("We already got one");
2005  if (chan->conn->handshake_state->authenticated) {
2006  /* Should be unreachable, but let's make sure. */
2007  ERR("We're already authenticated!");
2008  }
2009  if (cell->payload_len < 1)
2010  ERR("It had no body");
2011  if (cell->circ_id)
2012  ERR("It had a nonzero circuit ID");
2013 
2014  if (certs_cell_parse(&cc, cell->payload, cell->payload_len) < 0)
2015  ERR("It couldn't be parsed.");
2016 
2017  n_certs = cc->n_certs;
2018 
2019  for (i = 0; i < n_certs; ++i) {
2020  certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
2021 
2022  uint16_t cert_type = c->cert_type;
2023  uint16_t cert_len = c->cert_len;
2024  uint8_t *cert_body = certs_cell_cert_getarray_body(c);
2025 
2026  if (cert_type > MAX_CERT_TYPE_WANTED)
2027  continue;
2028  const cert_encoding_t ct = certs_cell_typenum_to_cert_type(cert_type);
2029  switch (ct) {
2030  default:
2031  case CERT_ENCODING_UNKNOWN:
2032  break;
2033  case CERT_ENCODING_X509: {
2034  tor_x509_cert_t *x509_cert = tor_x509_cert_decode(cert_body, cert_len);
2035  if (!x509_cert) {
2036  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2037  "Received undecodable certificate in CERTS cell from %s:%d",
2038  safe_str(chan->conn->base_.address),
2039  chan->conn->base_.port);
2040  } else {
2041  if (x509_certs[cert_type]) {
2042  tor_x509_cert_free(x509_cert);
2043  ERR("Duplicate x509 certificate");
2044  } else {
2045  x509_certs[cert_type] = x509_cert;
2046  }
2047  }
2048  break;
2049  }
2050  case CERT_ENCODING_ED25519: {
2051  tor_cert_t *ed_cert = tor_cert_parse(cert_body, cert_len);
2052  if (!ed_cert) {
2053  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2054  "Received undecodable Ed certificate "
2055  "in CERTS cell from %s:%d",
2056  safe_str(chan->conn->base_.address),
2057  chan->conn->base_.port);
2058  } else {
2059  if (ed_certs[cert_type]) {
2060  tor_cert_free(ed_cert);
2061  ERR("Duplicate Ed25519 certificate");
2062  } else {
2063  ed_certs[cert_type] = ed_cert;
2064  }
2065  }
2066  break;
2067  }
2068 
2070  if (rsa_ed_cc_cert) {
2071  ERR("Duplicate RSA->Ed25519 crosscert");
2072  } else {
2073  rsa_ed_cc_cert = tor_memdup(cert_body, cert_len);
2074  rsa_ed_cc_cert_len = cert_len;
2075  }
2076  break;
2077  }
2078  }
2079  }
2080 
2081  /* Move the certificates we (might) want into the handshake_state->certs
2082  * structure. */
2083  tor_x509_cert_t *id_cert = x509_certs[CERTTYPE_RSA1024_ID_ID];
2084  tor_x509_cert_t *auth_cert = x509_certs[CERTTYPE_RSA1024_ID_AUTH];
2085  tor_x509_cert_t *link_cert = x509_certs[CERTTYPE_RSA1024_ID_LINK];
2086  chan->conn->handshake_state->certs->auth_cert = auth_cert;
2087  chan->conn->handshake_state->certs->link_cert = link_cert;
2088  chan->conn->handshake_state->certs->id_cert = id_cert;
2089  x509_certs[CERTTYPE_RSA1024_ID_ID] =
2090  x509_certs[CERTTYPE_RSA1024_ID_AUTH] =
2091  x509_certs[CERTTYPE_RSA1024_ID_LINK] = NULL;
2092 
2093  tor_cert_t *ed_id_sign = ed_certs[CERTTYPE_ED_ID_SIGN];
2094  tor_cert_t *ed_sign_link = ed_certs[CERTTYPE_ED_SIGN_LINK];
2095  tor_cert_t *ed_sign_auth = ed_certs[CERTTYPE_ED_SIGN_AUTH];
2096  chan->conn->handshake_state->certs->ed_id_sign = ed_id_sign;
2097  chan->conn->handshake_state->certs->ed_sign_link = ed_sign_link;
2098  chan->conn->handshake_state->certs->ed_sign_auth = ed_sign_auth;
2099  ed_certs[CERTTYPE_ED_ID_SIGN] =
2100  ed_certs[CERTTYPE_ED_SIGN_LINK] =
2101  ed_certs[CERTTYPE_ED_SIGN_AUTH] = NULL;
2102 
2103  chan->conn->handshake_state->certs->ed_rsa_crosscert = rsa_ed_cc_cert;
2104  chan->conn->handshake_state->certs->ed_rsa_crosscert_len =
2105  rsa_ed_cc_cert_len;
2106  rsa_ed_cc_cert = NULL;
2107 
2108  int severity;
2109  /* Note that this warns more loudly about time and validity if we were
2110  * _trying_ to connect to an authority, not necessarily if we _did_ connect
2111  * to one. */
2112  if (started_here &&
2113  router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest))
2114  severity = LOG_WARN;
2115  else
2116  severity = LOG_PROTOCOL_WARN;
2117 
2118  const ed25519_public_key_t *checked_ed_id = NULL;
2119  const common_digests_t *checked_rsa_id = NULL;
2121  chan->conn->handshake_state->certs,
2122  chan->conn->tls,
2123  time(NULL),
2124  &checked_ed_id,
2125  &checked_rsa_id);
2126 
2127  if (!checked_rsa_id)
2128  ERR("Invalid certificate chain!");
2129 
2130  if (started_here) {
2131  /* No more information is needed. */
2132 
2133  chan->conn->handshake_state->authenticated = 1;
2134  chan->conn->handshake_state->authenticated_rsa = 1;
2135  {
2136  const common_digests_t *id_digests = checked_rsa_id;
2137  crypto_pk_t *identity_rcvd;
2138  if (!id_digests)
2139  ERR("Couldn't compute digests for key in ID cert");
2140 
2141  identity_rcvd = tor_tls_cert_get_key(id_cert);
2142  if (!identity_rcvd) {
2143  ERR("Couldn't get RSA key from ID cert.");
2144  }
2145  memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2146  id_digests->d[DIGEST_SHA1], DIGEST_LEN);
2147  channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
2148  chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2149  crypto_pk_free(identity_rcvd);
2150  }
2151 
2152  if (checked_ed_id) {
2153  chan->conn->handshake_state->authenticated_ed25519 = 1;
2154  memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2155  checked_ed_id, sizeof(ed25519_public_key_t));
2156  }
2157 
2158  log_debug(LD_HANDSHAKE, "calling client_learned_peer_id from "
2159  "process_certs_cell");
2160 
2161  if (connection_or_client_learned_peer_id(chan->conn,
2162  chan->conn->handshake_state->authenticated_rsa_peer_id,
2163  checked_ed_id) < 0)
2164  ERR("Problem setting or checking peer id");
2165 
2166  log_info(LD_HANDSHAKE,
2167  "Got some good certificates from %s:%d: Authenticated it with "
2168  "RSA%s",
2169  safe_str(chan->conn->base_.address), chan->conn->base_.port,
2170  checked_ed_id ? " and Ed25519" : "");
2171 
2172  if (!public_server_mode(get_options())) {
2173  /* If we initiated the connection and we are not a public server, we
2174  * aren't planning to authenticate at all. At this point we know who we
2175  * are talking to, so we can just send a netinfo now. */
2176  send_netinfo = 1;
2177  }
2178  } else {
2179  /* We can't call it authenticated till we see an AUTHENTICATE cell. */
2180  log_info(LD_OR,
2181  "Got some good RSA%s certificates from %s:%d. "
2182  "Waiting for AUTHENTICATE.",
2183  checked_ed_id ? " and Ed25519" : "",
2184  safe_str(chan->conn->base_.address),
2185  chan->conn->base_.port);
2186  /* XXXX check more stuff? */
2187  }
2188 
2189  chan->conn->handshake_state->received_certs_cell = 1;
2190 
2191  if (send_netinfo) {
2192  if (connection_or_send_netinfo(chan->conn) < 0) {
2193  log_warn(LD_OR, "Couldn't send netinfo cell");
2194  connection_or_close_for_error(chan->conn, 0);
2195  goto err;
2196  }
2197  }
2198 
2199  err:
2200  for (unsigned u = 0; u < ARRAY_LENGTH(x509_certs); ++u) {
2201  tor_x509_cert_free(x509_certs[u]);
2202  }
2203  for (unsigned u = 0; u < ARRAY_LENGTH(ed_certs); ++u) {
2204  tor_cert_free(ed_certs[u]);
2205  }
2206  tor_free(rsa_ed_cc_cert);
2207  certs_cell_free(cc);
2208 #undef ERR
2209 }
2210 
2211 /**
2212  * Process an AUTH_CHALLENGE cell from a channel_tls_t.
2213  *
2214  * This function is called to handle an incoming AUTH_CHALLENGE cell on a
2215  * channel_tls_t; if we weren't supposed to get one (for example, because we're
2216  * not the originator of the channel), or it's ill-formed, or we aren't doing
2217  * a v3 handshake, mark the channel. If the cell is well-formed but we don't
2218  * want to authenticate, just drop it. If the cell is well-formed *and* we
2219  * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
2220  */
2221 STATIC void
2223 {
2224  int n_types, i, use_type = -1;
2225  auth_challenge_cell_t *ac = NULL;
2226 
2227  tor_assert(cell);
2228  tor_assert(chan);
2229  tor_assert(chan->conn);
2230 
2231 #define ERR(s) \
2232  do { \
2233  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2234  "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
2235  safe_str(chan->conn->base_.address), \
2236  chan->conn->base_.port, (s)); \
2237  connection_or_close_for_error(chan->conn, 0); \
2238  goto done; \
2239  } while (0)
2240 
2241  if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2242  ERR("We're not currently doing a v3 handshake");
2243  if (chan->conn->link_proto < 3)
2244  ERR("We're not using link protocol >= 3");
2245  if (!(chan->conn->handshake_state->started_here))
2246  ERR("We didn't originate this connection");
2247  if (chan->conn->handshake_state->received_auth_challenge)
2248  ERR("We already received one");
2249  if (!(chan->conn->handshake_state->received_certs_cell))
2250  ERR("We haven't gotten a CERTS cell yet");
2251  if (cell->circ_id)
2252  ERR("It had a nonzero circuit ID");
2253 
2254  if (auth_challenge_cell_parse(&ac, cell->payload, cell->payload_len) < 0)
2255  ERR("It was not well-formed.");
2256 
2257  n_types = ac->n_methods;
2258 
2259  /* Now see if there is an authentication type we can use */
2260  for (i = 0; i < n_types; ++i) {
2261  uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
2262  if (authchallenge_type_is_supported(authtype)) {
2263  if (use_type == -1 ||
2264  authchallenge_type_is_better(authtype, use_type)) {
2265  use_type = authtype;
2266  }
2267  }
2268  }
2269 
2270  chan->conn->handshake_state->received_auth_challenge = 1;
2271 
2272  if (! public_server_mode(get_options())) {
2273  /* If we're not a public server then we don't want to authenticate on a
2274  connection we originated, and we already sent a NETINFO cell when we
2275  got the CERTS cell. We have nothing more to do. */
2276  goto done;
2277  }
2278 
2279  if (use_type >= 0) {
2280  log_info(LD_OR,
2281  "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
2282  "authentication type %d",
2283  safe_str(chan->conn->base_.address),
2284  chan->conn->base_.port,
2285  use_type);
2286 
2287  if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) {
2288  log_warn(LD_OR,
2289  "Couldn't send authenticate cell");
2290  connection_or_close_for_error(chan->conn, 0);
2291  goto done;
2292  }
2293  } else {
2294  log_info(LD_OR,
2295  "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
2296  "know any of its authentication types. Not authenticating.",
2297  safe_str(chan->conn->base_.address),
2298  chan->conn->base_.port);
2299  }
2300 
2301  if (connection_or_send_netinfo(chan->conn) < 0) {
2302  log_warn(LD_OR, "Couldn't send netinfo cell");
2303  connection_or_close_for_error(chan->conn, 0);
2304  goto done;
2305  }
2306 
2307  done:
2308  auth_challenge_cell_free(ac);
2309 
2310 #undef ERR
2311 }
2312 
2313 /**
2314  * Process an AUTHENTICATE cell from a channel_tls_t.
2315  *
2316  * If it's ill-formed or we weren't supposed to get one or we're not doing a
2317  * v3 handshake, then mark the connection. If it does not authenticate the
2318  * other side of the connection successfully (because it isn't signed right,
2319  * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
2320  * the identity of the router on the other side of the connection.
2321  */
2322 STATIC void
2324 {
2325  var_cell_t *expected_cell = NULL;
2326  const uint8_t *auth;
2327  int authlen;
2328  int authtype;
2329  int bodylen;
2330 
2331  tor_assert(cell);
2332  tor_assert(chan);
2333  tor_assert(chan->conn);
2334 
2335 #define ERR(s) \
2336  do { \
2337  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2338  "Received a bad AUTHENTICATE cell from %s:%d: %s", \
2339  safe_str(chan->conn->base_.address), \
2340  chan->conn->base_.port, (s)); \
2341  connection_or_close_for_error(chan->conn, 0); \
2342  var_cell_free(expected_cell); \
2343  return; \
2344  } while (0)
2345 
2346  if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2347  ERR("We're not doing a v3 handshake");
2348  if (chan->conn->link_proto < 3)
2349  ERR("We're not using link protocol >= 3");
2350  if (chan->conn->handshake_state->started_here)
2351  ERR("We originated this connection");
2352  if (chan->conn->handshake_state->received_authenticate)
2353  ERR("We already got one!");
2354  if (chan->conn->handshake_state->authenticated) {
2355  /* Should be impossible given other checks */
2356  ERR("The peer is already authenticated");
2357  }
2358  if (!(chan->conn->handshake_state->received_certs_cell))
2359  ERR("We never got a certs cell");
2360  if (chan->conn->handshake_state->certs->id_cert == NULL)
2361  ERR("We never got an identity certificate");
2362  if (cell->payload_len < 4)
2363  ERR("Cell was way too short");
2364 
2365  auth = cell->payload;
2366  {
2367  uint16_t type = ntohs(get_uint16(auth));
2368  uint16_t len = ntohs(get_uint16(auth+2));
2369  if (4 + len > cell->payload_len)
2370  ERR("Authenticator was truncated");
2371 
2372  if (! authchallenge_type_is_supported(type))
2373  ERR("Authenticator type was not recognized");
2374  authtype = type;
2375 
2376  auth += 4;
2377  authlen = len;
2378  }
2379 
2380  if (authlen < V3_AUTH_BODY_LEN + 1)
2381  ERR("Authenticator was too short");
2382 
2384  chan->conn, authtype, NULL, NULL, 1);
2385  if (! expected_cell)
2386  ERR("Couldn't compute expected AUTHENTICATE cell body");
2387 
2388  int sig_is_rsa;
2389  if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET ||
2390  authtype == AUTHTYPE_RSA_SHA256_RFC5705) {
2391  bodylen = V3_AUTH_BODY_LEN;
2392  sig_is_rsa = 1;
2393  } else {
2395  /* Our earlier check had better have made sure we had room
2396  * for an ed25519 sig (inadvertently) */
2398  bodylen = authlen - ED25519_SIG_LEN;
2399  sig_is_rsa = 0;
2400  }
2401  if (expected_cell->payload_len != bodylen+4) {
2402  ERR("Expected AUTHENTICATE cell body len not as expected.");
2403  }
2404 
2405  /* Length of random part. */
2406  if (BUG(bodylen < 24)) {
2407  // LCOV_EXCL_START
2408  ERR("Bodylen is somehow less than 24, which should really be impossible");
2409  // LCOV_EXCL_STOP
2410  }
2411 
2412  if (tor_memneq(expected_cell->payload+4, auth, bodylen-24))
2413  ERR("Some field in the AUTHENTICATE cell body was not as expected");
2414 
2415  if (sig_is_rsa) {
2416  if (chan->conn->handshake_state->certs->ed_id_sign != NULL)
2417  ERR("RSA-signed AUTHENTICATE response provided with an ED25519 cert");
2418 
2419  if (chan->conn->handshake_state->certs->auth_cert == NULL)
2420  ERR("We never got an RSA authentication certificate");
2421 
2423  chan->conn->handshake_state->certs->auth_cert);
2424  char d[DIGEST256_LEN];
2425  char *signed_data;
2426  size_t keysize;
2427  int signed_len;
2428 
2429  if (! pk) {
2430  ERR("Couldn't get RSA key from AUTH cert.");
2431  }
2432  crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
2433 
2434  keysize = crypto_pk_keysize(pk);
2435  signed_data = tor_malloc(keysize);
2436  signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
2437  (char*)auth + V3_AUTH_BODY_LEN,
2438  authlen - V3_AUTH_BODY_LEN);
2439  crypto_pk_free(pk);
2440  if (signed_len < 0) {
2441  tor_free(signed_data);
2442  ERR("RSA signature wasn't valid");
2443  }
2444  if (signed_len < DIGEST256_LEN) {
2445  tor_free(signed_data);
2446  ERR("Not enough data was signed");
2447  }
2448  /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
2449  * in case they're later used to hold a SHA3 digest or something. */
2450  if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
2451  tor_free(signed_data);
2452  ERR("Signature did not match data to be signed.");
2453  }
2454  tor_free(signed_data);
2455  } else {
2456  if (chan->conn->handshake_state->certs->ed_id_sign == NULL)
2457  ERR("We never got an Ed25519 identity certificate.");
2458  if (chan->conn->handshake_state->certs->ed_sign_auth == NULL)
2459  ERR("We never got an Ed25519 authentication certificate.");
2460 
2461  const ed25519_public_key_t *authkey =
2462  &chan->conn->handshake_state->certs->ed_sign_auth->signed_key;
2463  ed25519_signature_t sig;
2464  tor_assert(authlen > ED25519_SIG_LEN);
2465  memcpy(&sig.sig, auth + authlen - ED25519_SIG_LEN, ED25519_SIG_LEN);
2466  if (ed25519_checksig(&sig, auth, authlen - ED25519_SIG_LEN, authkey)<0) {
2467  ERR("Ed25519 signature wasn't valid.");
2468  }
2469  }
2470 
2471  /* Okay, we are authenticated. */
2472  chan->conn->handshake_state->received_authenticate = 1;
2473  chan->conn->handshake_state->authenticated = 1;
2474  chan->conn->handshake_state->authenticated_rsa = 1;
2475  chan->conn->handshake_state->digest_received_data = 0;
2476  {
2477  tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert;
2478  crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(id_cert);
2479  const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
2480  const ed25519_public_key_t *ed_identity_received = NULL;
2481 
2482  if (! sig_is_rsa) {
2483  chan->conn->handshake_state->authenticated_ed25519 = 1;
2484  ed_identity_received =
2485  &chan->conn->handshake_state->certs->ed_id_sign->signing_key;
2486  memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2487  ed_identity_received, sizeof(ed25519_public_key_t));
2488  }
2489 
2490  /* This must exist; we checked key type when reading the cert. */
2491  tor_assert(id_digests);
2492 
2493  memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2494  id_digests->d[DIGEST_SHA1], DIGEST_LEN);
2495 
2496  channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
2497  chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2498  crypto_pk_free(identity_rcvd);
2499 
2500  log_debug(LD_HANDSHAKE,
2501  "Calling connection_or_init_conn_from_address for %s "
2502  " from %s, with%s ed25519 id.",
2503  safe_str(chan->conn->base_.address),
2504  __func__,
2505  ed_identity_received ? "" : "out");
2506 
2508  &(chan->conn->base_.addr),
2509  chan->conn->base_.port,
2510  (const char*)(chan->conn->handshake_state->
2511  authenticated_rsa_peer_id),
2512  ed_identity_received,
2513  0);
2514 
2515  log_debug(LD_HANDSHAKE,
2516  "Got an AUTHENTICATE cell from %s:%d, type %d: Looks good.",
2517  safe_str(chan->conn->base_.address),
2518  chan->conn->base_.port,
2519  authtype);
2520  }
2521 
2522  var_cell_free(expected_cell);
2523 
2524 #undef ERR
2525 }
void connection_or_close_for_error(or_connection_t *orconn, int flush)
#define ED25519_SIG_LEN
Definition: x25519_sizes.h:34
int channelpadding_update_padding_for_channel(channel_t *chan, const channelpadding_negotiate_t *pad_vars)
Cell queue structures.
Header file for channeltls.c.
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
void connection_or_close_normally(or_connection_t *orconn, int flush)
Router descriptor structure.
uint64_t stats_n_authorize_cells_processed
Definition: channeltls.c:92
int connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
Header file for circuitbuild.c.
void channel_change_state(channel_t *chan, channel_state_t to_state)
Definition: channel.c:1609
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define TO_CONN(c)
Definition: or.h:735
#define AUTHTYPE_ED25519_SHA256_RFC5705
Definition: or.h:691
cert_encoding_t
Definition: channeltls.c:1914
Header file for command.c.
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
static void channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:1619
tor_addr_t addr
void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
Definition: channeltls.c:1054
static int channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
Definition: channeltls.c:862
void channel_change_state_open(channel_t *chan)
Definition: channel.c:1619
uint64_t stats_n_auth_challenge_cells_processed
Definition: channeltls.c:88
Header file for connection.c.
#define OR_CONN_HIGHWATER
Definition: or.h:720
channel_listener_t * channel_tls_get_listener(void)
Definition: channeltls.c:252
circid_t circ_id
Definition: var_cell_st.h:20
void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, or_connection_t *conn, uint8_t state)
Definition: channeltls.c:951
Definition: cell_st.h:17
#define LD_GENERAL
Definition: log.h:62
void connection_or_block_renegotiation(or_connection_t *conn)
int is_local_addr(const tor_addr_t *addr)
Definition: config.c:2762
void rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here)
Definition: rephist.c:2701
void or_handshake_certs_check_both(int severity, or_handshake_certs_t *certs, tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out)
Definition: torcert.c:685
static int tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u)
Definition: address.h:193
#define LOG_INFO
Definition: log.h:45
static size_t channel_tls_num_bytes_queued_method(channel_t *chan)
Definition: channeltls.c:753
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
Definition: x509.c:58
channel_tls_t * channel_tls_from_base(channel_t *chan)
Definition: channeltls.c:381
#define OR_CONN_STATE_TLS_HANDSHAKING
Definition: orconn_event.h:36
void channel_tls_update_marks(or_connection_t *conn)
Definition: channeltls.c:1345
OR connection structure.
int authchallenge_type_is_supported(uint16_t challenge_type)
int connection_or_digest_is_known_relay(const char *id_digest)
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
Definition: orconn_event.h:43
static double channel_tls_get_overhead_estimate_method(channel_t *chan)
Definition: channeltls.c:477
Header file for config.c.
#define V3_AUTH_BODY_LEN
Definition: or.h:706
#define fmt_and_decorate_addr(a)
Definition: address.h:214
#define CONN_TYPE_OR
Definition: connection.h:24
int channel_is_canonical(channel_t *chan)
Definition: channel.c:2964
const or_options_t * get_options(void)
Definition: config.c:941
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define tor_assert(expr)
Definition: util_bug.h:102
guard_selection_t * get_guard_selection_info(void)
Definition: entrynodes.c:303
static void channel_tls_close_method(channel_t *chan)
Definition: channeltls.c:400
uint64_t stats_n_authenticate_cells_processed
Definition: channeltls.c:90
void tor_gettimeofday(struct timeval *timeval)
const char * channel_state_to_string(channel_state_t state)
Definition: channel.c:315
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
Definition: x509_nss.c:285
static int channel_tls_has_queued_writes_method(channel_t *chan)
Definition: channeltls.c:624
#define tor_free(p)
Definition: malloc.h:52
int channel_is_local(channel_t *chan)
Definition: channel.c:3025
uint8_t command
Definition: var_cell_st.h:18
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
Definition: channeltls.c:189
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1134
STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:2323
static cert_encoding_t certs_cell_typenum_to_cert_type(int typenum)
Definition: channeltls.c:1929
const char * conn_state_to_string(int type, int state)
Definition: connection.c:275
uint64_t stats_n_versions_cells_processed
Definition: channeltls.c:80
static int tor_addr_from_netinfo_addr(tor_addr_t *tor_addr, const netinfo_addr_t *netinfo_addr)
Definition: channeltls.c:1653
static int channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
Definition: channeltls.c:800
static int command_allowed_before_handshake(uint8_t command)
Definition: channeltls.c:1378
void connection_or_init_conn_from_address(or_connection_t *conn, const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, int started_here)
Header file for scheduler*.c.
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
#define AUTHTYPE_RSA_SHA256_TLSSECRET
Definition: or.h:680
#define STATIC
Definition: testsupport.h:32
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
void rep_hist_padding_count_read(padding_type_t type)
Definition: rephist.c:2759
#define DIGEST256_LEN
Definition: digest_sizes.h:23
void channel_process_cell(channel_t *chan, cell_t *cell)
Definition: channel.c:1973
void channel_mark_incoming(channel_t *chan)
Definition: channel.c:3008
Header file for channel.c.
#define AUTHTYPE_RSA_SHA256_RFC5705
Definition: or.h:688
static void channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1696
static int channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
Definition: channeltls.c:540
OR handshake certs structure.
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
Definition: torcert.c:159
int connection_or_set_state_open(or_connection_t *conn)
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:287
static channel_listener_t * channel_tls_listener
Definition: channeltls.c:95
uint64_t stats_n_netinfo_cells_processed
Definition: channeltls.c:82
Header file for routermode.c.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
uint64_t stats_n_certs_cells_processed
Definition: channeltls.c:86
#define LD_CHANNEL
Definition: log.h:105
#define DIGEST_LEN
Definition: digest_sizes.h:20
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
Definition: var_cell_st.h:24
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const char *ipv6_bytes)
Definition: address.c:885
static const char * channel_tls_get_remote_descr_method(channel_t *chan, int flags)
Definition: channeltls.c:564
int ed25519_checksig(const ed25519_signature_t *signature, const uint8_t *msg, size_t len, const ed25519_public_key_t *pubkey)
channel_tls_t * chan
static int channel_tls_matches_target_method(channel_t *chan, const tor_addr_t *target)
Definition: channeltls.c:719
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
Master header file for Tor-specific functionality.
static int channel_tls_write_packed_cell_method(channel_t *chan, packed_cell_t *packed_cell)
Definition: channeltls.c:831
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
static int channel_tls_num_cells_writeable_method(channel_t *chan)
Definition: channeltls.c:771
uint64_t stats_n_padding_cells_processed
Definition: channeltls.c:78
STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:2222
static time_t time_abs(time_t val)
Definition: channeltls.c:1684
#define OR_CONN_STATE_OPEN
Definition: orconn_event.h:53
int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
void circuitmux_set_policy(circuitmux_t *cmux, const circuitmux_policy_t *pol)
Definition: circuitmux.c:425
#define LD_HANDSHAKE
Definition: log.h:101
static void channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1439
static int channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out)
Definition: channeltls.c:515
Header file for rephist.c.
const char * fmt_addr32(uint32_t addr)
Definition: address.c:1181
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
void channel_mark_remote(channel_t *chan)
Definition: channel.c:3056
uint16_t payload_len
Definition: var_cell_st.h:22
#define LOG_WARN
Definition: log.h:53
void channel_listener_change_state(channel_listener_t *chan_l, channel_listener_state_t to_state)
Definition: channel.c:1636
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:770
void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
Extend-info structure.
Header file for circuitmux_ewma.c.
uint16_t marked_for_close
int connection_or_send_netinfo(or_connection_t *conn)
void channel_listener_mark_for_close(channel_listener_t *chan_l)
Definition: channel.c:1173
#define LD_OR
Definition: log.h:92
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
Headers for tortls.c.
Fixed-size cell structure.
STATIC void channel_tls_common_init(channel_tls_t *tlschan)
Definition: channeltls.c:149
int connection_or_nonopen_was_started_here(or_connection_t *conn)
#define OR_CONN_STATE_OR_HANDSHAKING_V2
Definition: orconn_event.h:47
uint8_t command
Definition: cell_st.h:19
void channel_init_listener(channel_listener_t *chan_l)
Definition: channel.c:860
static const char * channel_tls_describe_transport_method(channel_t *chan)
Definition: channeltls.c:423
void channel_register(channel_t *chan)
Definition: channel.c:386
void channel_mark_local(channel_t *chan)
Definition: channel.c:3040
static void channel_tls_listener_close_method(channel_listener_t *chan_l)
Definition: channeltls.c:893
int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id)
void or_handshake_state_record_cell(or_connection_t *conn, or_handshake_state_t *state, const cell_t *cell, int incoming)
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
void entry_guards_note_internet_connectivity(guard_selection_t *gs)
Definition: entrynodes.c:2031
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5257
channel_listener_t * channel_tls_start_listener(void)
Definition: channeltls.c:264
void channel_init(channel_t *chan)
Definition: channel.c:823
STATIC void channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:1963
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1134
const routerinfo_t * router_get_my_routerinfo(void)
Definition: router.c:1623
void channel_mark_outgoing(channel_t *chan)
Definition: channel.c:3085
#define CELL_PAYLOAD_SIZE
Definition: or.h:576
int connection_or_send_certs_cell(or_connection_t *conn)
ssize_t connection_or_num_cells_writeable(or_connection_t *conn)
static void channel_tls_free_method(channel_t *chan)
Definition: channeltls.c:461
void or_handshake_state_record_var_cell(or_connection_t *conn, or_handshake_state_t *state, const var_cell_t *cell, int incoming)
void clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted, log_domain_mask_t domain, const char *received, const char *source)
Definition: connection.c:5549
static int channel_tls_matches_extend_info_method(channel_t *chan, extend_info_t *extend_info)
Definition: channeltls.c:689
Header file for relay.c.
Header file for circuitmux.c.
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
tor_x509_cert_t * tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
Definition: x509_nss.c:269
Header file for router.c.
uint16_t port
or_connection_t * connection_or_connect(const tor_addr_t *_addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, channel_tls_t *chan)
#define fmt_addr(a)
Definition: address.h:211
void channel_listener_unregister(channel_listener_t *chan_l)
Definition: channel.c:524
#define ARRAY_LENGTH(x)
int connection_init_or_handshake_state(or_connection_t *conn, int started_here)
#define log_fn(severity, domain, args,...)
Definition: log.h:287
static int enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1399
Variable-length cell structure.
long tv_udiff(const struct timeval *start, const struct timeval *end)
Definition: tvdiff.c:53
size_t crypto_pk_keysize(const crypto_pk_t *env)
Headers for tortls.c.
channel_t * channel_tls_handle_incoming(or_connection_t *orconn)
Definition: channeltls.c:327
void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd, int consider_identity)
Definition: channel.c:3363
Header file for control.c.
#define tor_addr_eq(a, b)
Definition: address.h:244
void channel_tls_free_all(void)
Definition: channeltls.c:295
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:51
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:32
void scheduler_channel_wants_writes(channel_t *chan)
Definition: scheduler.c:669
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
Header for torcert.c.
Header file for dirlist.c.
tor_cmdline_mode_t command
Definition: config.c:2215
int connection_or_send_versions(or_connection_t *conn, int v3_plus)
int public_server_mode(const or_options_t *options)
Definition: routermode.c:43
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
Definition: crypto_digest.h:89
OR handshake state structure.
uint32_t addr
Definition: routerinfo_st.h:24
Header file for connection_or.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
int is_or_protocol_version_known(uint16_t v)
channel_t * channel_tls_to_base(channel_tls_t *tlschan)
Definition: channeltls.c:369
void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
Definition: channeltls.c:1170
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:904
uint64_t stats_n_vpadding_cells_processed
Definition: channeltls.c:84
#define LD_PROTOCOL
Definition: log.h:72
or_handshake_state_t * handshake_state
void channel_mark_client(channel_t *chan)
Definition: channel.c:2937
uint8_t state
Definition: connection_st.h:49
static time_t current_second
Definition: mainloop.c:2185
Header file for networkstatus.c.
static const char * channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
Definition: channeltls.c:933
static int channel_tls_is_canonical_method(channel_t *chan, int req)
Definition: channeltls.c:652
void channel_listener_register(channel_listener_t *chan_l)
Definition: channel.c:483