30 #define TOR_CHANNEL_INTERNAL_ 31 #define CONNECTION_OR_PRIVATE 32 #define ORCONN_EVENT_PRIVATE 49 #include "trunnel/link_handshake.h" 50 #include "trunnel/netinfo.h" 54 #include "core/proto/proto_cell.h" 60 #include "feature/relay/routerkeys.h" 64 #include "feature/relay/ext_orport.h" 66 #include "feature/nodelist/torcert.h" 67 #include "core/or/channelpadding.h" 70 #include "core/or/cell_st.h" 71 #include "core/or/cell_queue_st.h" 72 #include "core/or/or_connection_st.h" 73 #include "core/or/or_handshake_certs_st.h" 74 #include "core/or/or_handshake_state_st.h" 75 #include "app/config/or_state_st.h" 76 #include "feature/nodelist/routerinfo_st.h" 77 #include "core/or/var_cell_st.h" 90 char *digest_rcvd_out);
96 static void connection_or_mark_bad_for_new_circs(
or_connection_t *or_conn);
140 connection_or_clear_identity(TO_OR_CONN(conn));
156 const char *rsa_digest,
164 chan = TLS_CHAN_TO_BASE(conn->
chan);
166 log_info(
LD_HANDSHAKE,
"Set identity digest for %p (%s): %s %s.",
176 const int ed_id_was_set =
178 const int rsa_changed =
180 const int ed_changed = ed_id_was_set &&
186 if (!rsa_changed && !ed_changed)
190 if (rsa_id_was_set) {
261 crypto_rand(random_id,
sizeof(random_id));
321 char *buf,
size_t buflen)
324 const char *conn_state;
332 tor_snprintf(buf, buflen,
"%s with SSL state %s", conn_state, tls_state);
344 log_info(
LD_HANDSHAKE,
"Connection died in state '%s'", buf);
359 if (b->count < a->count)
361 else if (b->count == a->count)
369 #define MAX_REASONS_TO_REPORT 10 382 items = smartlist_new();
385 c->count = (intptr_t)countptr;
386 total += (int)c->count;
389 } STRMAP_FOREACH_END;
393 tor_log(severity, domain,
"%d connections have failed%s", total,
400 " %d connections died in state %s", (
int)c->count, c->state);
401 } SMARTLIST_FOREACH_END(c);
404 smartlist_free(items);
419 msg.type = ORCONN_MSGTYPE_STATUS;
422 msg.u.status.
reason = reason;
438 msg.type = ORCONN_MSGTYPE_STATE;
441 msg.u.state.
state = state;
443 msg.u.state.
chan = TLS_CHAN_TO_BASE(conn->
chan)->global_identifier;
445 msg.u.state.
chan = 0;
459 conn->base_.
state = state;
492 char *dest = dst->
body;
520 dest->
command = get_uint8(src);
539 set_uint8(hdr_out, cell->
command);
549 size_t size = offsetof(
var_cell_t, payload) + payload_len;
569 copy = tor_malloc_zero(size);
592 log_info(
LD_OR,
"OR connection reached EOF. Closing.");
609 #define MAX_OR_INBUF_WHEN_NONOPEN 0 614 switch (conn->base_.
state) {
621 if (connection_tls_start_handshake(conn, 0) < 0)
628 connection_or_close_for_error(conn, 0);
647 if (buf_datalen(conn->base_.
inbuf) > MAX_OR_INBUF_WHEN_NONOPEN) {
648 log_fn(LOG_PROTOCOL_WARN,
LD_NET,
"Accumulated too much data (%d bytes) " 649 "on nonopen OR connection %s %s:%u in state %s; closing.",
650 (
int)buf_datalen(conn->base_.
inbuf),
654 connection_or_close_for_error(conn, 0);
674 datalen = connection_get_outbuf_len(
TO_CONN(conn));
688 size_t datalen, cell_network_size;
698 datalen = connection_get_outbuf_len(
TO_CONN(conn));
700 cell_network_size = get_cell_network_size(conn->wide_circ_ids);
721 switch (conn->base_.
state) {
728 log_err(
LD_BUG,
"Called in unexpected state %d.", conn->base_.
state);
752 log_debug(
LD_HANDSHAKE,
"OR connect() to router at %s:%u finished.",
755 if (proxy_type != PROXY_NONE) {
758 connection_or_close_for_error(or_conn, 0);
762 connection_start_reading(conn);
767 if (connection_tls_start_handshake(or_conn, 0) < 0) {
769 connection_or_close_for_error(or_conn, 0);
789 or_conn->
chan->conn = NULL;
790 or_conn->
chan = NULL;
806 control_event_bootstrap_prob_or(
860 networkstatus_get_param(NULL,
"perconnbwrate",
863 networkstatus_get_param(NULL,
"perconnbwburst",
882 if (connection_speaks_cells(conn))
902 or_conn->
idle_timeout = channelpadding_get_channel_idle_timeout(
903 TLS_CHAN_TO_BASE(or_conn->
chan), is_canonical);
906 "Channel %"PRIu64
" chose an idle timeout of %d.",
908 (TLS_CHAN_TO_BASE(or_conn->
chan)->global_identifier):0,
920 const char *id_digest,
924 log_debug(
LD_HANDSHAKE,
"init conn from address %s: %s, %s (%d)",
933 conn->base_.
port = port;
951 ed_id = & TLS_CHAN_TO_BASE(conn->
chan)->ed25519_identity;
953 const node_t *r = node_get_by_id(id_digest);
968 connection_or_set_canonical(conn, 1);
981 conn->base_.
port = node_ap.port;
1032 #define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7) 1054 "Marking OR conn to %s:%d as too old for new circuits " 1055 "(fd "TOR_SOCKET_T_FORMAT
", %d secs old).",
1056 or_conn->base_.
address, or_conn->base_.
port, or_conn->base_.
s,
1058 connection_or_mark_bad_for_new_circs(or_conn);
1088 int n_old = 0, n_inprogress = 0, n_canonical = 0, n_other = 0;
1089 time_t now = time(NULL);
1106 } SMARTLIST_FOREACH_END(or_conn);
1121 "Marking OR conn to %s:%d as unsuitable for new circuits: " 1122 "(fd "TOR_SOCKET_T_FORMAT
", %d secs old). It is not " 1123 "canonical, and we have another connection to that OR that is.",
1124 or_conn->base_.
address, or_conn->base_.
port, or_conn->base_.
s,
1126 connection_or_mark_bad_for_new_circs(or_conn);
1132 TLS_CHAN_TO_BASE(best->
chan))) {
1135 } SMARTLIST_FOREACH_END(or_conn);
1159 if (or_conn != best &&
1161 TLS_CHAN_TO_BASE(or_conn->
chan))) {
1165 "Marking OR conn to %s:%d as unsuitable for new circuits: " 1166 "(fd "TOR_SOCKET_T_FORMAT
", %d secs old). " 1167 "We have a better canonical one " 1168 "(fd "TOR_SOCKET_T_FORMAT
"; %d secs old).",
1169 or_conn->base_.
address, or_conn->base_.
port, or_conn->base_.
s,
1172 connection_or_mark_bad_for_new_circs(or_conn);
1176 "Marking OR conn to %s:%d as unsuitable for new circuits: " 1177 "(fd "TOR_SOCKET_T_FORMAT
", %d secs old). We have a better " 1179 "same address (fd "TOR_SOCKET_T_FORMAT
"; %d secs old).",
1180 or_conn->base_.
address, or_conn->base_.
port, or_conn->base_.
s,
1183 connection_or_mark_bad_for_new_circs(or_conn);
1186 } SMARTLIST_FOREACH_END(or_conn);
1191 #define OR_CONNECT_FAILURE_LIFETIME 60 1193 #define OR_CONNECT_FAILURE_CLEANUP_INTERVAL 60 1197 static time_t or_connect_failure_map_next_cleanup_ts = 0;
1220 time_t last_failed_connect_ts;
1226 or_connect_failures_map = HT_INITIALIZER();
1233 return fast_memeq(a->identity_digest, b->identity_digest,
DIGEST_LEN) &&
1243 size_t offset = 0, addr_size;
1244 const void *addr_ptr;
1246 uint8_t data[16 +
sizeof(uint16_t) +
DIGEST_LEN];
1252 addr_ptr = &entry->addr.addr.in_addr.s_addr;
1256 addr_ptr = &entry->addr.addr.in6_addr.s6_addr;
1259 tor_assert_nonfatal_unreached();
1263 memcpy(data, addr_ptr, addr_size);
1264 offset += addr_size;
1265 memcpy(data + offset, entry->identity_digest,
DIGEST_LEN);
1268 offset +=
sizeof(uint16_t);
1270 return (
unsigned int) siphash24g(data, offset);
1274 or_connect_failure_ht_hash, or_connect_failure_ht_eq)
1277 or_connect_failure_ht_hash, or_connect_failure_ht_eq,
1283 or_connect_failure_init(
const char *identity_digest,
const tor_addr_t *addr,
1287 if (identity_digest) {
1288 memcpy(ocf->identity_digest, identity_digest,
1289 sizeof(ocf->identity_digest));
1316 TO_CONN(or_conn)->port, &lookup);
1317 return HT_FIND(or_connect_failure_ht, &or_connect_failures_map, &lookup);
1329 ocf = or_connect_failure_find(or_conn);
1331 ocf = or_connect_failure_new(or_conn);
1332 HT_INSERT(or_connect_failure_ht, &or_connect_failures_map, ocf);
1340 or_connect_failure_map_cleanup(time_t cutoff)
1344 for (ptr = HT_START(or_connect_failure_ht, &or_connect_failures_map);
1345 ptr != NULL; ptr = next) {
1347 if (entry->last_failed_connect_ts <= cutoff) {
1348 next = HT_NEXT_RMV(or_connect_failure_ht, &or_connect_failures_map, ptr);
1351 next = HT_NEXT(or_connect_failure_ht, &or_connect_failures_map, ptr);
1365 time_t connect_failed_since_ts = 0;
1371 cutoff = now - OR_CONNECT_FAILURE_LIFETIME;
1375 if (or_connect_failure_map_next_cleanup_ts <= now) {
1376 or_connect_failure_map_cleanup(cutoff);
1377 or_connect_failure_map_next_cleanup_ts =
1378 now + OR_CONNECT_FAILURE_CLEANUP_INTERVAL;
1383 ocf = or_connect_failure_find(or_conn);
1385 connect_failed_since_ts = ocf->last_failed_connect_ts;
1389 if (connect_failed_since_ts > cutoff) {
1407 int reason,
const char *msg)
1411 control_event_bootstrap_prob_or(msg, reason, conn);
1412 note_or_connect_failed(conn);
1423 int reason,
const char *msg)
1435 chan = TLS_CHAN_TO_BASE(conn->
chan);
1437 if (!CHANNEL_CONDEMNED(chan)) {
1462 connection_or_connect, (
const tor_addr_t *_addr, uint16_t port,
1463 const char *id_digest,
1465 channel_tls_t *chan))
1469 int socket_error = 0;
1474 uint16_t proxy_port;
1482 log_info(
LD_PROTOCOL,
"Client asked me to connect to myself. Refusing.");
1486 log_info(
LD_PROTOCOL,
"Client asked me to connect to myself by Ed25519 " 1487 "identity. Refusing.");
1507 if (!should_connect_to_relay(conn)) {
1508 log_info(
LD_GENERAL,
"Can't connect to identity %s at %s:%u because we " 1509 "failed earlier. Refusing.",
1512 connection_free_(
TO_CONN(conn));
1522 if (proxy_type != PROXY_NONE) {
1539 const char *transport_name =
1543 if (transport_name) {
1544 log_warn(
LD_GENERAL,
"We were supposed to connect to bridge '%s' " 1545 "using pluggable transport '%s', but we can't find a pluggable " 1546 "transport proxy supporting '%s'. This can happen if you " 1547 "haven't provided a ClientTransportPlugin line, or if " 1548 "your pluggable transport proxy stopped running.",
1550 transport_name, transport_name);
1552 control_event_bootstrap_prob_or(
1553 "Can't connect to bridge",
1554 END_OR_CONN_REASON_PT_MISSING,
1558 log_warn(
LD_GENERAL,
"Tried to connect to '%s' through a proxy, but " 1559 "the proxy address could not be found.",
1563 connection_free_(
TO_CONN(conn));
1568 &addr, port, &socket_error)) {
1575 tor_socket_strerror(socket_error));
1576 connection_free_(
TO_CONN(conn));
1613 if (flush) connection_mark_and_flush_internal(
TO_CONN(orconn));
1614 else connection_mark_for_close_internal(
TO_CONN(orconn));
1616 chan = TLS_CHAN_TO_BASE(orconn->
chan);
1618 if (!CHANNEL_CONDEMNED(chan)) {
1634 if (flush) connection_mark_and_flush_internal(
TO_CONN(orconn));
1635 else connection_mark_for_close_internal(
TO_CONN(orconn));
1637 chan = TLS_CHAN_TO_BASE(orconn->
chan);
1639 if (!CHANNEL_CONDEMNED(chan)) {
1654 connection_tls_start_handshake,(
or_connection_t *conn,
int receiving))
1665 if (!chan_listener) {
1677 log_warn(
LD_BUG,
"tor_tls_new failed. Closing.");
1683 connection_start_reading(
TO_CONN(conn));
1684 log_debug(
LD_HANDSHAKE,
"starting TLS handshake on fd "TOR_SOCKET_T_FORMAT,
1718 connection_or_close_for_error(conn, 0);
1731 check_no_tls_errors();
1740 log_info(
LD_OR,
"tls error [%s]. breaking connection.",
1750 log_debug(
LD_OR,
"Done with initial SSL handshake (server-side). " 1751 "Expecting renegotiation or VERSIONS cell");
1757 connection_stop_writing(
TO_CONN(conn));
1758 connection_start_reading(
TO_CONN(conn));
1764 case TOR_TLS_WANTWRITE:
1765 connection_start_writing(
TO_CONN(conn));
1766 log_debug(
LD_OR,
"wanted write");
1768 case TOR_TLS_WANTREAD:
1769 log_debug(
LD_OR,
"wanted read");
1772 log_info(
LD_OR,
"tls closed. breaking connection.");
1821 char *digest_rcvd_out)
1825 int severity = server_mode(options) ? LOG_PROTOCOL_WARN :
LOG_WARN;
1826 const char *safe_address =
1827 started_here ? conn->base_.
address :
1829 const char *conn_type = started_here ?
"outgoing" :
"incoming";
1832 check_no_tls_errors();
1834 if (started_here && !has_cert) {
1835 log_info(
LD_HANDSHAKE,
"Tried connecting to router at %s:%d, but it didn't " 1836 "send a cert! Closing.",
1837 safe_address, conn->base_.
port);
1839 }
else if (!has_cert) {
1840 log_debug(
LD_HANDSHAKE,
"Got incoming connection with no certificate. " 1843 check_no_tls_errors();
1847 conn->
tls, &identity_rcvd);
1848 if (started_here && v<0) {
1850 " has a cert but it's invalid. Closing.",
1851 safe_address, conn->base_.
port);
1854 log_info(
LD_HANDSHAKE,
"Incoming connection gave us an invalid cert " 1855 "chain; ignoring.");
1858 "The certificate seems to be valid on %s connection " 1859 "with %s:%d", conn_type, safe_address, conn->base_.
port);
1861 check_no_tls_errors();
1864 if (identity_rcvd) {
1866 crypto_pk_free(identity_rcvd);
1874 channel_set_circid_type(TLS_CHAN_TO_BASE(conn->
chan), identity_rcvd, 1);
1876 crypto_pk_free(identity_rcvd);
1881 log_debug(
LD_HANDSHAKE,
"Calling client_learned_peer_id from " 1882 "check_valid_tls_handshake");
1884 (
const uint8_t*)digest_rcvd_out,
1917 const uint8_t *rsa_peer_id,
1921 channel_tls_t *chan_tls = conn->
chan;
1923 int changed_identity = 0;
1926 const int expected_rsa_key =
1928 const int expected_ed_key =
1931 log_info(
LD_HANDSHAKE,
"learned peer id for %p (%s): %s, %s",
1937 if (! expected_rsa_key && ! expected_ed_key) {
1938 log_info(
LD_HANDSHAKE,
"(we had no ID in mind when we made this " 1941 (
const char*)rsa_peer_id, ed_peer_id);
1947 log_info(
LD_HANDSHAKE,
"Connected to router %s at %s:%d without knowing " 1948 "its key. Hoping for the best.",
1953 (
const char*)rsa_peer_id, ed_peer_id);
1954 changed_identity = 1;
1957 const int rsa_mismatch = expected_rsa_key &&
1961 const int ed25519_mismatch =
1963 (ed_peer_id == NULL ||
1966 if (rsa_mismatch || ed25519_mismatch) {
1970 char seen_ed[ED25519_BASE64_LEN+1];
1971 char expected_ed[ED25519_BASE64_LEN+1];
1979 strlcpy(seen_ed,
"no ed25519 key",
sizeof(seen_ed));
1984 strlcpy(expected_ed,
"no ed25519 key",
sizeof(expected_ed));
1986 const int using_hardcoded_fingerprints =
1987 !networkstatus_get_reasonably_live_consensus(time(NULL),
1988 usable_consensus_flavor());
1991 const int is_authority_fingerprint = router_digest_is_trusted_dir(
1993 const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options);
1995 const char *extra_log =
"";
1999 if (server_mode(options) || non_anonymous_mode) {
2000 severity = LOG_PROTOCOL_WARN;
2002 if (using_hardcoded_fingerprints) {
2005 if (is_authority_fingerprint) {
2007 }
else if (is_fallback_fingerprint) {
2011 extra_log =
" Tor will try a different fallback.";
2023 "Tried connecting to router at %s:%d, but RSA + ed25519 identity " 2024 "keys were not as expected: wanted %s + %s but got %s + %s.%s",
2026 expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log);
2031 END_OR_CONN_REASON_OR_IDENTITY);
2033 control_event_bootstrap_prob_or(
2034 "Unexpected identity in router certificate",
2035 END_OR_CONN_REASON_OR_IDENTITY,
2040 if (!expected_ed_key && ed_peer_id) {
2041 log_info(
LD_HANDSHAKE,
"(We had no Ed25519 ID in mind when we made this " 2044 (
const char*)rsa_peer_id, ed_peer_id);
2045 changed_identity = 1;
2048 if (changed_identity) {
2056 (
const char*)rsa_peer_id, ed_peer_id);
2097 log_debug(
LD_HANDSHAKE,
"%s tls handshake on %p with %s done, using " 2098 "ciphersuite %s. verifying.",
2099 started_here?
"outgoing":
"incoming",
2102 tor_tls_get_ciphersuite_name(conn->
tls));
2113 conn->base_.
port, digest_rcvd,
2123 conn->base_.
port, digest_rcvd,
2156 log_warn(
LD_BUG,
"Duplicate call to connection_init_or_handshake_state!");
2162 s->digest_received_data = 1;
2163 if (! started_here && get_current_link_cert_cert()) {
2178 crypto_digest_free(state->digest_received);
2179 or_handshake_certs_free(state->
certs);
2200 size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
2204 if (!state->digest_received_data)
2211 log_warn(
LD_BUG,
"We shouldn't be sending any non-variable-length cells " 2212 "while making a handshake digest. But we think we are sending " 2213 "one with type %d.", (
int)cell->
command);
2215 dptr = incoming ? &state->digest_received : &state->
digest_sent;
2222 cell_pack(&packed, cell, conn->wide_circ_ids);
2224 memwipe(&packed, 0,
sizeof(packed));
2245 if (!state->digest_received_data)
2251 dptr = incoming ? &state->digest_received : &state->
digest_sent;
2281 connection_start_reading(
TO_CONN(conn));
2294 size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
2299 cell_pack(&networkcell, cell, conn->wide_circ_ids);
2302 if (cell->
command == CELL_PADDING)
2305 connection_buf_add(networkcell.
body, cell_network_size,
TO_CONN(conn));
2311 if (TLS_CHAN_TO_BASE(conn->
chan)->currently_padding) {
2313 if (cell->
command == CELL_PADDING)
2327 connection_or_write_var_cell_to_buf,(
const var_cell_t *cell,
2335 connection_buf_add(hdr, n,
TO_CONN(conn));
2336 connection_buf_add((
char*)cell->
payload,
2352 return fetch_var_cell_from_buf(conn->
inbuf, out, or_conn->
link_proto);
2382 TOR_SOCKET_T_FORMAT
": starting, inbuf_datalen %d " 2383 "(%d pending in tls object).",
2384 conn->base_.
s,(
int)connection_get_inbuf_len(
TO_CONN(conn)),
2396 var_cell_free(var_cell);
2398 const int wide_circ_ids = conn->wide_circ_ids;
2399 size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
2402 if (connection_get_inbuf_len(
TO_CONN(conn))
2403 < cell_network_size)
2455 const int min_version = v3_plus ? 3 : 0;
2456 const int max_version = v3_plus ? UINT16_MAX : 2;
2460 cell->
command = CELL_VERSIONS;
2463 if (v < min_version || v > max_version)
2470 connection_or_write_var_cell_to_buf(cell, conn);
2473 var_cell_free(cell);
2477 static netinfo_addr_t *
2478 netinfo_addr_from_tor_addr(
const tor_addr_t *tor_addr)
2482 if (BUG(addr_family != AF_INET && addr_family != AF_INET6))
2485 netinfo_addr_t *netinfo_addr = netinfo_addr_new();
2487 if (addr_family == AF_INET) {
2488 netinfo_addr_set_addr_type(netinfo_addr, NETINFO_ADDR_TYPE_IPV4);
2489 netinfo_addr_set_len(netinfo_addr, 4);
2491 }
else if (addr_family == AF_INET6) {
2492 netinfo_addr_set_addr_type(netinfo_addr, NETINFO_ADDR_TYPE_IPV6);
2493 netinfo_addr_set_len(netinfo_addr, 16);
2494 uint8_t *ipv6_buf = netinfo_addr_getarray_addr_ipv6(netinfo_addr);
2499 return netinfo_addr;
2508 time_t now = time(NULL);
2515 log_warn(
LD_BUG,
"Attempted to send an extra netinfo cell on a connection " 2516 "where we already sent one.");
2520 memset(&cell, 0,
sizeof(
cell_t));
2523 netinfo_cell_t *netinfo_cell = netinfo_cell_new();
2526 if (public_server_mode(get_options()) || ! conn->
is_outgoing)
2527 netinfo_cell_set_timestamp(netinfo_cell, (uint32_t)now);
2535 netinfo_addr_t *their_addr = netinfo_addr_from_tor_addr(remote_tor_addr);
2537 netinfo_cell_set_other_addr(netinfo_cell, their_addr);
2542 if ((public_server_mode(get_options()) || !conn->
is_outgoing) &&
2543 (me = router_get_my_routerinfo())) {
2548 netinfo_cell_set_n_my_addrs(netinfo_cell, n_my_addrs);
2550 netinfo_cell_add_my_addrs(netinfo_cell,
2551 netinfo_addr_from_tor_addr(&my_addr));
2554 netinfo_cell_add_my_addrs(netinfo_cell,
2555 netinfo_addr_from_tor_addr(&me->
ipv6_addr));
2559 const char *errmsg = NULL;
2560 if ((errmsg = netinfo_cell_check(netinfo_cell))) {
2561 log_warn(
LD_OR,
"Failed to validate NETINFO cell with error: %s",
2567 netinfo_cell) < 0) {
2568 log_warn(
LD_OR,
"Failed generating NETINFO cell");
2578 netinfo_cell_free(netinfo_cell);
2587 const uint8_t *cert_encoded,
2591 certs_cell_cert_t *ccc = certs_cell_cert_new();
2592 ccc->cert_type = cert_type;
2593 ccc->cert_len = cert_len;
2594 certs_cell_cert_setlen_body(ccc, cert_len);
2595 memcpy(certs_cell_cert_getarray_body(ccc), cert_encoded, cert_len);
2597 certs_cell_add_certs(certs_cell, ccc);
2607 const tor_x509_cert_t *cert)
2612 const uint8_t *cert_encoded = NULL;
2634 #ifdef TOR_UNIT_TESTS 2635 int certs_cell_ed25519_disabled_for_testing = 0;
2637 #define certs_cell_ed25519_disabled_for_testing 0 2645 const tor_x509_cert_t *global_link_cert = NULL, *id_cert = NULL;
2646 tor_x509_cert_t *own_link_cert = NULL;
2649 certs_cell_t *certs_cell = NULL;
2660 &global_link_cert, &id_cert) < 0)
2663 if (conn_in_server_mode) {
2664 own_link_cert = tor_tls_get_own_cert(conn->
tls);
2668 certs_cell = certs_cell_new();
2671 if (conn_in_server_mode) {
2672 tor_assert_nonfatal(own_link_cert);
2687 CERTTYPE_ED_ID_SIGN,
2688 get_master_signing_key_cert());
2689 if (conn_in_server_mode) {
2691 certs_cell_ed25519_disabled_for_testing);
2693 CERTTYPE_ED_SIGN_LINK,
2697 CERTTYPE_ED_SIGN_AUTH,
2698 get_current_auth_key_cert());
2703 const uint8_t *crosscert=NULL;
2704 size_t crosscert_len;
2705 get_master_rsa_crosscert(&crosscert, &crosscert_len);
2708 CERTTYPE_RSA1024_ID_EDID,
2709 crosscert, crosscert_len);
2714 certs_cell->n_certs = certs_cell_getlen_certs(certs_cell);
2716 ssize_t alloc_len = certs_cell_encoded_len(certs_cell);
2717 tor_assert(alloc_len >= 0 && alloc_len <= UINT16_MAX);
2720 ssize_t enc_len = certs_cell_encode(cell->
payload, alloc_len, certs_cell);
2721 tor_assert(enc_len > 0 && enc_len <= alloc_len);
2724 connection_or_write_var_cell_to_buf(cell, conn);
2725 var_cell_free(cell);
2726 certs_cell_free(certs_cell);
2727 tor_x509_cert_free(own_link_cert);
2732 #ifdef TOR_UNIT_TESTS 2733 int testing__connection_or_pretend_TLSSECRET_is_supported = 0;
2735 #define testing__connection_or_pretend_TLSSECRET_is_supported 0 2743 switch (challenge_type) {
2745 #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS 2748 return testing__connection_or_pretend_TLSSECRET_is_supported;
2762 uint16_t challenge_type_b)
2772 return (challenge_type_a > challenge_type_b);
2787 auth_challenge_cell_t *ac = auth_challenge_cell_new();
2790 crypto_rand((
char*)ac->challenge,
sizeof(ac->challenge));
2799 auth_challenge_cell_set_n_methods(ac,
2800 auth_challenge_cell_getlen_methods(ac));
2802 cell =
var_cell_new(auth_challenge_cell_encoded_len(ac));
2807 log_warn(
LD_BUG,
"Encoded auth challenge cell length not as expected");
2811 cell->
command = CELL_AUTH_CHALLENGE;
2813 connection_or_write_var_cell_to_buf(cell, conn);
2817 var_cell_free(cell);
2818 auth_challenge_cell_free(ac);
2848 auth1_t *auth = NULL;
2849 auth_ctx_t *ctx = auth_ctx_new();
2851 int old_tlssecrets_algorithm = 0;
2852 const char *authtype_str = NULL;
2859 authtype_str =
"AUTH0001";
2860 old_tlssecrets_algorithm = 1;
2863 authtype_str =
"AUTH0002";
2866 authtype_str =
"AUTH0003";
2878 memcpy(auth1_getarray_type(auth), authtype_str, 8);
2881 const tor_x509_cert_t *id_cert=NULL;
2883 const uint8_t *my_id, *their_id, *client_id, *server_id;
2891 my_id = (uint8_t*)my_digests->d[DIGEST_SHA256];
2892 their_id = (uint8_t*)their_digests->d[DIGEST_SHA256];
2894 client_id = server ? their_id : my_id;
2895 server_id = server ? my_id : their_id;
2898 memcpy(auth->cid, client_id, 32);
2901 memcpy(auth->sid, server_id, 32);
2907 log_warn(
LD_OR,
"Ed authenticate without Ed ID cert from peer.");
2910 my_ed_id = get_master_identity_key();
2913 const uint8_t *cid_ed = (server ? their_ed_id : my_ed_id)->pubkey;
2914 const uint8_t *sid_ed = (server ? my_ed_id : their_ed_id)->pubkey;
2916 memcpy(auth->u1_cid_ed, cid_ed, ED25519_PUBKEY_LEN);
2917 memcpy(auth->u1_sid_ed, sid_ed, ED25519_PUBKEY_LEN);
2939 tor_x509_cert_t *cert = NULL;
2941 cert = tor_tls_get_own_cert(conn->
tls);
2943 cert = tor_tls_get_peer_cert(conn->
tls);
2946 log_warn(
LD_OR,
"Unable to find cert when making %s data.",
2954 tor_x509_cert_free(cert);
2958 if (old_tlssecrets_algorithm) {
2959 if (tor_tls_get_tlssecrets(conn->
tls, auth->tlssecrets) < 0) {
2960 log_fn(LOG_PROTOCOL_WARN,
LD_OR,
"Somebody asked us for an older TLS " 2961 "authentication method (AUTHTYPE_RSA_SHA256_TLSSECRET) " 2962 "which we don't support.");
2967 "EXPORTER FOR TOR TLS CLIENT BINDING %s", authtype_str);
2968 int r = tor_tls_export_key_material(conn->
tls, auth->tlssecrets,
2969 auth->cid,
sizeof(auth->cid),
2973 log_warn(
LD_BUG,
"TLS key export failed for unknown reason.");
2982 crypto_rand((
char*)auth->rand, 24);
2984 ssize_t maxlen = auth1_encoded_len(auth, ctx);
2985 if (ed_signing_key && is_ed) {
2986 maxlen += ED25519_SIG_LEN;
2987 }
else if (signing_key && !is_ed) {
2991 const int AUTH_CELL_HEADER_LEN = 4;
2993 uint8_t *
const out = result->
payload + AUTH_CELL_HEADER_LEN;
2994 const size_t outlen = maxlen;
2997 result->
command = CELL_AUTHENTICATE;
3000 if ((len = auth1_encode(out, outlen, auth, ctx)) < 0) {
3002 log_warn(
LD_BUG,
"Unable to encode signed part of AUTH1 data.");
3008 auth1_t *tmp = NULL;
3009 ssize_t len2 = auth1_parse(&tmp, out, len, ctx);
3012 log_warn(
LD_BUG,
"Unable to parse signed part of AUTH1 data that " 3022 log_warn(
LD_BUG,
"Mismatched length when re-parsing AUTH1 data.");
3029 if (ed_signing_key && is_ed) {
3031 if (
ed25519_sign(&sig, out, len, ed_signing_key) < 0) {
3033 log_warn(
LD_BUG,
"Unable to sign ed25519 authentication data");
3037 auth1_setlen_sig(auth, ED25519_SIG_LEN);
3038 memcpy(auth1_getarray_sig(auth), sig.sig, ED25519_SIG_LEN);
3040 }
else if (signing_key && !is_ed) {
3046 (
char*)auth1_getarray_sig(auth),
3047 auth1_getlen_sig(auth),
3050 log_warn(
LD_OR,
"Unable to sign AUTH1 data.");
3054 auth1_setlen_sig(auth, siglen);
3057 len = auth1_encode(out, outlen, auth, ctx);
3060 log_warn(
LD_BUG,
"Unable to encode signed AUTH1 data.");
3064 tor_assert(len + AUTH_CELL_HEADER_LEN <= result->payload_len);
3071 var_cell_free(result);
3082 connection_or_send_authenticate_cell,(
or_connection_t *conn,
int authtype))
3089 log_warn(
LD_BUG,
"Can't compute authenticate cell: no client auth key");
3093 log_warn(
LD_BUG,
"Tried to send authenticate cell with unknown " 3094 "authentication type %d", authtype);
3101 get_current_auth_keypair(),
3104 log_fn(LOG_PROTOCOL_WARN,
LD_NET,
"Unable to compute authenticate cell!");
3107 connection_or_write_var_cell_to_buf(cell, conn);
3108 var_cell_free(cell);
var_cell_t * var_cell_new(uint16_t payload_len)
static int connection_or_launch_v3_or_handshake(or_connection_t *conn)
Header file for circuitstats.c.
void tor_tls_block_renegotiation(tor_tls_t *tls)
Header file for rendcommon.c.
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity)
int authdir_mode_tests_reachability(const or_options_t *options)
Header file for channeltls.c.
unsigned int channel_num_circuits(channel_t *chan)
void connection_or_close_normally(or_connection_t *orconn, int flush)
uint64_t global_identifier
static const int n_or_protocol_versions
void channel_mark_bad_for_new_circs(channel_t *chan)
crypto_pk_t * tor_tls_get_my_client_auth_key(void)
Header file for circuitbuild.c.
uint8_t payload[CELL_PAYLOAD_SIZE]
Common functions for using (pseudo-)random number generators.
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
static const uint16_t or_protocol_versions[]
int node_supports_ed25519_link_authentication(const node_t *node, int compatible_with_us)
char identity_digest[DIGEST_LEN]
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define AUTHTYPE_ED25519_SHA256_RFC5705
int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
struct tor_cert_st * ed_id_sign
Header file for command.c.
time_t channel_when_last_client(channel_t *chan)
const char * escaped_safe_str(const char *address)
void channel_timestamp_active(channel_t *chan)
or_handshake_state_t * handshake_state
void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
static int disable_broken_connection_counts
void channel_close_for_error(channel_t *chan)
Header file for connection.c.
void connection_or_connect_failed(or_connection_t *conn, int reason, const char *msg)
#define OR_CONN_HIGHWATER
channel_listener_t * channel_tls_get_listener(void)
static int connection_fetch_var_cell_from_buf(or_connection_t *or_conn, var_cell_t **out)
static void set_uint16(void *cp, uint16_t v)
const char * tor_tls_err_to_string(int err)
void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, or_connection_t *conn, uint8_t state)
void connection_or_block_renegotiation(or_connection_t *conn)
static void connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
tor_cert_t * tor_cert_dup(const tor_cert_t *cert)
#define DOWNCAST(to, ptr)
void rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here)
int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2, tor_addr_comparison_t how)
time_t connection_or_client_used(or_connection_t *conn)
#define TIME_BEFORE_OR_CONN_IS_TOO_OLD
#define OR_CERT_TYPE_ID_1024
Header file for nodelist.c.
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
HT_PROTOTYPE(HT_GENERATE2(strmap_impl, HT_GENERATE2(strmap_entry_t, HT_GENERATE2(node, HT_GENERATE2(strmap_entry_hash, HT_GENERATE2(strmap_entries_eq)
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
void var_cell_free_(var_cell_t *cell)
void smartlist_add(smartlist_t *sl, void *element)
#define OR_CONN_STATE_TLS_HANDSHAKING
void learned_router_identity(const tor_addr_t *addr, uint16_t port, const char *digest, const ed25519_public_key_t *ed_id)
int channel_is_better(channel_t *a, channel_t *b)
void connection_or_notify_error(or_connection_t *conn, int reason, const char *msg)
void connection_or_clear_identity_map(void)
void channel_tls_update_marks(or_connection_t *conn)
static strmap_t * broken_connection_counts
int authchallenge_type_is_supported(uint16_t challenge_type)
void channel_close_from_lower_layer(channel_t *chan)
const char * safe_str_client(const char *address)
int connection_or_digest_is_known_relay(const char *id_digest)
#define MAX_REASONS_TO_REPORT
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
Header file for config.c.
int router_digest_is_fallback_dir(const char *digest)
ed25519_public_key_t signing_key
Header file for microdesc.c.
static uint32_t tor_addr_to_ipv4h(const tor_addr_t *a)
Header file for reachability.c.
tor_tls_t * tor_tls_new(tor_socket_t sock, int is_server)
#define tor_fragile_assert()
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
struct broken_state_count_t broken_state_count_t
const char * conn_state_to_string(int type, int state)
Header file for mainloop.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
void circuit_build_times_network_is_live(circuit_build_times_t *cbt)
void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out)
void connection_or_about_to_close(or_connection_t *or_conn)
char body[CELL_MAX_NETWORK_SIZE]
void connection_or_init_conn_from_address(or_connection_t *conn, const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, int started_here)
void * tor_reallocarray_(void *ptr, size_t sz1, size_t sz2)
Header file for scheduler*.c.
or_connection_t * or_connection_new(int type, int socket_family)
var_cell_t * var_cell_copy(const var_cell_t *src)
void connection_or_clear_identity(or_connection_t *conn)
#define AUTHTYPE_RSA_SHA256_TLSSECRET
Header file for orconn_event.c.
int control_event_or_conn_status(or_connection_t *conn, or_conn_status_event_t tp, int reason)
static void set_uint32(void *cp, uint32_t v)
struct ed25519_public_key_t ed25519_identity
static uint32_t get_uint32(const void *cp)
or_connection_t * TO_OR_CONN(connection_t *c)
void connection_or_report_broken_states(int severity, int domain)
Header file for directory authority mode.
#define EXT_OR_CONN_ID_LEN
void connection_or_event_status(or_connection_t *conn, or_conn_status_event_t tp, int reason)
void connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
int errno_to_orconn_end_reason(int e)
Common functions for cryptographic routines.
Header file for channel.c.
#define AUTHTYPE_RSA_SHA256_RFC5705
int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type, const connection_t *conn)
const char * node_get_nickname(const node_t *node)
static int broken_state_count_compare(const void **a_ptr, const void **b_ptr)
static int connection_or_check_valid_tls_handshake(or_connection_t *conn, int started_here, char *digest_rcvd_out)
int connection_or_set_state_open(or_connection_t *conn)
MOCK_IMPL(int, connection_or_get_num_circuits,(or_connection_t *conn))
#define tor_addr_from_ipv4h(dest, v4addr)
static void connection_or_check_canonicity(or_connection_t *conn, int started_here)
void connection_or_group_set_badness_(smartlist_t *group, int force)
void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz)
Header file for routermode.c.
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
void clear_broken_connection_map(int stop_recording)
#define OR_CERT_TYPE_AUTH_1024
or_handshake_certs_t * or_handshake_certs_new(void)
const routerinfo_t * router_get_by_id_digest(const char *digest)
void channel_listener_queue_incoming(channel_listener_t *listener, channel_t *incoming)
int connection_or_reached_eof(or_connection_t *conn)
int tor_tls_used_v1_handshake(tor_tls_t *tls)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
Header file for circuitbuild.c.
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Master header file for Tor-specific functionality.
const char * find_transport_name_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
void entry_guard_chan_failed(channel_t *chan)
static void add_x509_cert(certs_cell_t *certs_cell, uint8_t cert_type, const tor_x509_cert_t *cert)
const char * hex_str(const char *from, size_t fromlen)
int connection_or_nonopen_was_started_here(or_connection_t *conn)
Header file for circuitbuild.c.
#define OR_CONN_STATE_OPEN
uint16_t marked_for_close
void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out)
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Header file for rephist.c.
static uint16_t get_uint16(const void *cp)
#define OR_CONN_STATE_PROXY_HANDSHAKING
int tor_addr_is_null(const tor_addr_t *addr)
void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
int connection_read_proxy_handshake(connection_t *conn)
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
struct tor_cert_st * own_link_cert
void tor_free_(void *mem)
#define CELL_MAX_NETWORK_SIZE
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Header file for circuitlist.c.
#define VAR_CELL_MAX_HEADER_SIZE
const routerstatus_t * router_get_consensus_status_by_id(const char *digest)
void token_bucket_rw_reset(token_bucket_rw_t *bucket, uint32_t now_ts)
int router_ed25519_id_is_me(const ed25519_public_key_t *id)
void channel_clear_identity_digest(channel_t *chan)
int tor_digest_is_zero(const char *digest)
static digestmap_t * orconn_ext_or_id_map
int channel_is_bad_for_new_circs(channel_t *chan)
#define OR_CERT_TYPE_TLS_LINK
void tor_tls_set_renegotiate_callback(tor_tls_t *tls, void(*cb)(tor_tls_t *, void *arg), void *arg)
#define OR_CONN_STATE_OR_HANDSHAKING_V2
static void note_broken_connection(const char *state)
int tor_tls_handshake(tor_tls_t *tls)
void connection_or_set_ext_or_identifier(or_connection_t *conn)
int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id)
const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
void or_handshake_state_record_cell(or_connection_t *conn, or_handshake_state_t *state, const cell_t *cell, int incoming)
static void connection_or_change_state(or_connection_t *conn, uint8_t state)
void connection_or_clear_ext_or_id_map(void)
void assert_connection_ok(connection_t *conn, time_t now)
channel_listener_t * channel_tls_start_listener(void)
int tor_snprintf(char *str, size_t size, const char *format,...)
char * tor_addr_to_str_dup(const tor_addr_t *addr)
#define CELL_PAYLOAD_SIZE
unsigned int digest_sent_data
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
int connection_or_send_certs_cell(or_connection_t *conn)
ssize_t connection_or_num_cells_writeable(or_connection_t *conn)
void or_handshake_state_record_var_cell(or_connection_t *conn, or_handshake_state_t *state, const var_cell_t *cell, int incoming)
void rep_hist_padding_count_write(padding_type_t type)
static void connection_or_set_identity_digest(or_connection_t *conn, const char *rsa_digest, const ed25519_public_key_t *ed_id)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
int connection_or_flushed_some(or_connection_t *conn)
Header file for router.c.
static int connection_or_process_cells_from_inbuf(or_connection_t *conn)
int connection_or_finished_flushing(or_connection_t *conn)
static void connection_or_update_token_buckets_helper(or_connection_t *conn, int reset, const or_options_t *options)
static int connection_tls_finish_handshake(or_connection_t *conn)
circuit_build_times_t * get_circuit_build_times_mutable(void)
int tor_tls_peer_has_cert(tor_tls_t *tls)
static void cell_unpack(cell_t *dest, const char *src, int wide_circ_ids)
int connection_init_or_handshake_state(or_connection_t *conn, int started_here)
void token_bucket_rw_adjust(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst)
#define log_fn(severity, domain, args,...)
static void connection_or_note_state_when_broken(or_connection_t *orconn)
int router_digest_is_me(const char *digest)
struct tor_x509_cert_t * id_cert
int var_cell_pack_header(const var_cell_t *cell, char *hdr_out, int wide_circ_ids)
size_t crypto_pk_keysize(const crypto_pk_t *env)
#define CASE_TOR_TLS_ERROR_ANY
channel_t * channel_tls_handle_incoming(or_connection_t *orconn)
Header file for control.c.
static void add_certs_cell_cert_helper(certs_cell_t *certs_cell, uint8_t cert_type, const uint8_t *cert_encoded, size_t cert_len)
#define tor_addr_eq(a, b)
void tor_tls_set_logged_address(tor_tls_t *tls, const char *address)
unsigned int hold_open_until_flushed
or_handshake_certs_t * certs
#define OR_CONN_STATE_OR_HANDSHAKING_V3
int ed25519_sign(ed25519_signature_t *signature_out, const uint8_t *msg, size_t len, const ed25519_keypair_t *keypair)
void scheduler_channel_wants_writes(channel_t *chan)
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
static void connection_or_state_publish(const or_connection_t *conn, uint8_t state)
static void add_ed25519_cert(certs_cell_t *certs_cell, uint8_t cert_type, const tor_cert_t *cert)
Header file for dirlist.c.
int connection_or_send_versions(or_connection_t *conn, int v3_plus)
static unsigned int connection_or_is_bad_for_new_circs(or_connection_t *or_conn)
void connection_or_update_token_buckets(smartlist_t *conns, const or_options_t *options)
int node_ed25519_id_matches(const node_t *node, const ed25519_public_key_t *id)
Header file for buffers.c.
Header file for reasons.c.
int tls_error_to_orconn_end_reason(int e)
Header file for connection_or.c.
void cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
int connection_or_process_inbuf(or_connection_t *conn)
#define OR_CONN_STATE_CONNECTING
#define tor_addr_to_in6_addr8(x)
void connection_watch_events(connection_t *conn, watchable_events_t events)
int is_or_protocol_version_known(uint16_t v)
static void connection_or_get_state_description(or_connection_t *orconn, char *buf, size_t buflen)
channel_t * channel_tls_to_base(channel_tls_t *tlschan)
void channel_set_identity_digest(channel_t *chan, const char *identity_digest, const ed25519_public_key_t *ed_identity)
int tor_tls_get_pending_bytes(tor_tls_t *tls)
void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
int connection_proxy_connect(connection_t *conn, int type)
int tor_tls_is_server(tor_tls_t *tls)
int connection_or_single_set_badness_(time_t now, or_connection_t *or_conn, int force)
int connection_tls_continue_handshake(or_connection_t *conn)
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
void channel_closed(channel_t *chan)
const char * orconn_end_reason_to_control_string(int r)
void channel_mark_client(channel_t *chan)
void dirserv_orconn_tls_done(const tor_addr_t *addr, uint16_t or_port, const char *digest_rcvd, const ed25519_public_key_t *ed_id_rcvd)
unsigned int is_canonical
int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out)
int connection_or_finished_connecting(or_connection_t *or_conn)
void or_handshake_state_free_(or_handshake_state_t *state)
Header file for networkstatus.c.
uint32_t monotime_coarse_get_stamp(void)
Header file for routerlist.c.
void command_setup_listener(channel_listener_t *listener)
crypto_digest_t * digest_sent
static sa_family_t tor_addr_family(const tor_addr_t *a)
void orconn_event_publish(const orconn_event_msg_t *msg)
or_connection_t * connection_or_get_by_ext_or_id(const char *id)
unsigned int started_here
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
