tor  0.4.0.1-alpha
keypin.c
Go to the documentation of this file.
1 /* Copyright (c) 2014-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
11 #define KEYPIN_PRIVATE
12 
13 #include "orconfig.h"
14 
15 #include "lib/cc/torint.h"
19 #include "lib/ctime/di_ops.h"
20 #include "lib/ctime/di_ops.h"
21 #include "lib/encoding/binascii.h"
22 #include "lib/encoding/time_fmt.h"
23 #include "lib/fdio/fdio.h"
24 #include "lib/fs/files.h"
25 #include "lib/fs/mmap.h"
26 #include "lib/log/log.h"
27 #include "lib/log/util_bug.h"
29 #include "lib/string/printf.h"
31 
32 #include "ht.h"
33 #include "feature/dirauth/keypin.h"
34 
35 #include "siphash.h"
36 
37 #ifdef HAVE_UNISTD_H
38 #include <unistd.h>
39 #endif
40 #ifdef HAVE_FCNTL_H
41 #include <fcntl.h>
42 #endif
43 
44 #ifdef _WIN32
45 #include <io.h>
46 #endif
47 
48 #include <errno.h>
49 #include <string.h>
50 #include <stdlib.h>
51 
81 static int keypin_journal_append_entry(const uint8_t *rsa_id_digest,
82  const uint8_t *ed25519_id_key);
83 static int keypin_check_and_add_impl(const uint8_t *rsa_id_digest,
84  const uint8_t *ed25519_id_key,
85  const int do_not_add,
86  const int replace);
87 static int keypin_add_or_replace_entry_in_map(keypin_ent_t *ent);
88 
89 static HT_HEAD(rsamap, keypin_ent_st) the_rsa_map = HT_INITIALIZER();
90 static HT_HEAD(edmap, keypin_ent_st) the_ed_map = HT_INITIALIZER();
91 
94 static inline int
95 keypin_ents_eq_rsa(const keypin_ent_t *a, const keypin_ent_t *b)
96 {
97  return tor_memeq(a->rsa_id, b->rsa_id, sizeof(a->rsa_id));
98 }
99 
101 static inline unsigned
102 keypin_ent_hash_rsa(const keypin_ent_t *a)
103 {
104 return (unsigned) siphash24g(a->rsa_id, sizeof(a->rsa_id));
105 }
106 
109 static inline int
110 keypin_ents_eq_ed(const keypin_ent_t *a, const keypin_ent_t *b)
111 {
112  return tor_memeq(a->ed25519_key, b->ed25519_key, sizeof(a->ed25519_key));
113 }
114 
116 static inline unsigned
117 keypin_ent_hash_ed(const keypin_ent_t *a)
118 {
119 return (unsigned) siphash24g(a->ed25519_key, sizeof(a->ed25519_key));
120 }
121 
122 HT_PROTOTYPE(rsamap, keypin_ent_st, rsamap_node, keypin_ent_hash_rsa,
123  keypin_ents_eq_rsa)
124 HT_GENERATE2(rsamap, keypin_ent_st, rsamap_node, keypin_ent_hash_rsa,
125  keypin_ents_eq_rsa, 0.6, tor_reallocarray, tor_free_)
126 
127 HT_PROTOTYPE(edmap, keypin_ent_st, edmap_node, keypin_ent_hash_ed,
129 HT_GENERATE2(edmap, keypin_ent_st, edmap_node, keypin_ent_hash_ed,
130  keypin_ents_eq_ed, 0.6, tor_reallocarray, tor_free_)
131 
132 
143 int
144 keypin_check_and_add(const uint8_t *rsa_id_digest,
145  const uint8_t *ed25519_id_key,
146  const int replace_existing_entry)
147 {
148  return keypin_check_and_add_impl(rsa_id_digest, ed25519_id_key, 0,
149  replace_existing_entry);
150 }
151 
156 int
157 keypin_check(const uint8_t *rsa_id_digest,
158  const uint8_t *ed25519_id_key)
159 {
160  return keypin_check_and_add_impl(rsa_id_digest, ed25519_id_key, 1, 0);
161 }
162 
166 static int
167 keypin_check_and_add_impl(const uint8_t *rsa_id_digest,
168  const uint8_t *ed25519_id_key,
169  const int do_not_add,
170  const int replace)
171 {
172  keypin_ent_t search, *ent;
173  memset(&search, 0, sizeof(search));
174  memcpy(search.rsa_id, rsa_id_digest, sizeof(search.rsa_id));
175  memcpy(search.ed25519_key, ed25519_id_key, sizeof(search.ed25519_key));
176 
177  /* Search by RSA key digest first */
178  ent = HT_FIND(rsamap, &the_rsa_map, &search);
179  if (ent) {
180  tor_assert(fast_memeq(ent->rsa_id, rsa_id_digest, sizeof(ent->rsa_id)));
181  if (tor_memeq(ent->ed25519_key, ed25519_id_key,sizeof(ent->ed25519_key))) {
182  return KEYPIN_FOUND; /* Match on both keys. Great. */
183  } else {
184  if (!replace)
185  return KEYPIN_MISMATCH; /* Found RSA with different Ed key */
186  }
187  }
188 
189  /* See if we know a different RSA key for this ed key */
190  if (! replace) {
191  ent = HT_FIND(edmap, &the_ed_map, &search);
192  if (ent) {
193  /* If we got here, then the ed key matches and the RSA doesn't */
194  tor_assert(fast_memeq(ent->ed25519_key, ed25519_id_key,
195  sizeof(ent->ed25519_key)));
196  tor_assert(fast_memneq(ent->rsa_id, rsa_id_digest, sizeof(ent->rsa_id)));
197  return KEYPIN_MISMATCH;
198  }
199  }
200 
201  /* Okay, this one is new to us. */
202  if (do_not_add)
203  return KEYPIN_NOT_FOUND;
204 
205  ent = tor_memdup(&search, sizeof(search));
207  if (! replace) {
208  tor_assert(r == 1);
209  } else {
210  tor_assert(r != 0);
211  }
212  keypin_journal_append_entry(rsa_id_digest, ed25519_id_key);
213  return KEYPIN_ADDED;
214 }
215 
219 MOCK_IMPL(STATIC void,
220 keypin_add_entry_to_map, (keypin_ent_t *ent))
221 {
222  HT_INSERT(rsamap, &the_rsa_map, ent);
223  HT_INSERT(edmap, &the_ed_map, ent);
224 }
225 
233 static int
235 {
236  int r = 1;
237  keypin_ent_t *ent2 = HT_FIND(rsamap, &the_rsa_map, ent);
238  keypin_ent_t *ent3 = HT_FIND(edmap, &the_ed_map, ent);
239  if (ent2 &&
240  fast_memeq(ent2->ed25519_key, ent->ed25519_key, DIGEST256_LEN)) {
241  /* We already have this mapping stored. Ignore it. */
242  tor_free(ent);
243  return 0;
244  } else if (ent2 || ent3) {
245  /* We have a conflict. (If we had no entry, we would have ent2 == ent3
246  * == NULL. If we had a non-conflicting duplicate, we would have found
247  * it above.)
248  *
249  * We respond by having this entry (ent) supersede all entries that it
250  * contradicts (ent2 and/or ent3). In other words, if we receive
251  * <rsa,ed>, we remove all <rsa,ed'> and all <rsa',ed>, for rsa'!=rsa
252  * and ed'!= ed.
253  */
254  const keypin_ent_t *t;
255  if (ent2) {
256  t = HT_REMOVE(rsamap, &the_rsa_map, ent2);
257  tor_assert(ent2 == t);
258  t = HT_REMOVE(edmap, &the_ed_map, ent2);
259  tor_assert(ent2 == t);
260  }
261  if (ent3 && ent2 != ent3) {
262  t = HT_REMOVE(rsamap, &the_rsa_map, ent3);
263  tor_assert(ent3 == t);
264  t = HT_REMOVE(edmap, &the_ed_map, ent3);
265  tor_assert(ent3 == t);
266  tor_free(ent3);
267  }
268  tor_free(ent2);
269  r = -1;
270  /* Fall through */
271  }
272 
273  keypin_add_entry_to_map(ent);
274  return r;
275 }
276 
283 int
284 keypin_check_lone_rsa(const uint8_t *rsa_id_digest)
285 {
286  keypin_ent_t search, *ent;
287  memset(&search, 0, sizeof(search));
288  memcpy(search.rsa_id, rsa_id_digest, sizeof(search.rsa_id));
289 
290  /* Search by RSA key digest first */
291  ent = HT_FIND(rsamap, &the_rsa_map, &search);
292  if (ent) {
293  return KEYPIN_MISMATCH;
294  } else {
295  return KEYPIN_NOT_FOUND;
296  }
297 }
298 
300 static int keypin_journal_fd = -1;
301 
304 int
305 keypin_open_journal(const char *fname)
306 {
307 #ifndef O_SYNC
308 #define O_SYNC 0
309 #endif
310  int fd = tor_open_cloexec(fname, O_WRONLY|O_CREAT|O_BINARY|O_SYNC, 0600);
311  if (fd < 0)
312  goto err;
313 
314  if (tor_fd_seekend(fd) < 0)
315  goto err;
316 
317  /* Add a newline in case the last line was only partially written */
318  if (write(fd, "\n", 1) < 1)
319  goto err;
320 
321  /* Add something about when we opened this file. */
322  char buf[80];
323  char tbuf[ISO_TIME_LEN+1];
324  format_iso_time(tbuf, approx_time());
325  tor_snprintf(buf, sizeof(buf), "@opened-at %s\n", tbuf);
326  if (write_all_to_fd(fd, buf, strlen(buf)) < 0)
327  goto err;
328 
329  keypin_journal_fd = fd;
330  return 0;
331  err:
332  if (fd >= 0)
333  close(fd);
334  return -1;
335 }
336 
338 int
340 {
341  if (keypin_journal_fd >= 0)
342  close(keypin_journal_fd);
343  keypin_journal_fd = -1;
344  return 0;
345 }
346 
348 #define JOURNAL_LINE_LEN (BASE64_DIGEST_LEN + BASE64_DIGEST256_LEN + 2)
349 
352 static int
353 keypin_journal_append_entry(const uint8_t *rsa_id_digest,
354  const uint8_t *ed25519_id_key)
355 {
356  if (keypin_journal_fd == -1)
357  return -1;
358  char line[JOURNAL_LINE_LEN];
359  digest_to_base64(line, (const char*)rsa_id_digest);
360  line[BASE64_DIGEST_LEN] = ' ';
362  (const char*)ed25519_id_key);
364 
366  log_warn(LD_DIRSERV, "Error while adding a line to the key-pinning "
367  "journal: %s", strerror(errno));
369  return -1;
370  }
371 
372  return 0;
373 }
374 
377 STATIC int
378 keypin_load_journal_impl(const char *data, size_t size)
379 {
380  const char *start = data, *end = data + size, *next;
381 
382  int n_corrupt_lines = 0;
383  int n_entries = 0;
384  int n_duplicates = 0;
385  int n_conflicts = 0;
386 
387  for (const char *cp = start; cp < end; cp = next) {
388  const char *eol = memchr(cp, '\n', end-cp);
389  const char *eos = eol ? eol : end;
390  const size_t len = eos - cp;
391 
392  next = eol ? eol + 1 : end;
393 
394  if (len == 0) {
395  continue;
396  }
397 
398  if (*cp == '@') {
399  /* Lines that start with @ are reserved. Ignore for now. */
400  continue;
401  }
402  if (*cp == '#') {
403  /* Lines that start with # are comments. */
404  continue;
405  }
406 
407  /* Is it the right length? (The -1 here is for the newline.) */
408  if (len != JOURNAL_LINE_LEN - 1) {
409  /* Lines with a bad length are corrupt unless they are empty.
410  * Ignore them either way */
411  for (const char *s = cp; s < eos; ++s) {
412  if (! TOR_ISSPACE(*s)) {
413  ++n_corrupt_lines;
414  break;
415  }
416  }
417  continue;
418  }
419 
420  keypin_ent_t *ent = keypin_parse_journal_line(cp);
421 
422  if (ent == NULL) {
423  ++n_corrupt_lines;
424  continue;
425  }
426 
427  const int r = keypin_add_or_replace_entry_in_map(ent);
428  if (r == 0) {
429  ++n_duplicates;
430  } else if (r == -1) {
431  ++n_conflicts;
432  }
433 
434  ++n_entries;
435  }
436 
437  int severity = (n_corrupt_lines || n_duplicates) ? LOG_NOTICE : LOG_INFO;
438  tor_log(severity, LD_DIRSERV,
439  "Loaded %d entries from keypin journal. "
440  "Found %d corrupt lines (ignored), %d duplicates (harmless), "
441  "and %d conflicts (resolved in favor or more recent entry).",
442  n_entries, n_corrupt_lines, n_duplicates, n_conflicts);
443 
444  return 0;
445 }
446 
451 int
452 keypin_load_journal(const char *fname)
453 {
454  tor_mmap_t *map = tor_mmap_file(fname);
455  if (!map) {
456  if (errno == ENOENT)
457  return 0;
458  else
459  return -1;
460  }
461  int r = keypin_load_journal_impl(map->data, map->size);
462  tor_munmap_file(map);
463  return r;
464 }
465 
471 STATIC keypin_ent_t *
473 {
474  /* XXXX assumes !USE_OPENSSL_BASE64 */
475  keypin_ent_t *ent = tor_malloc_zero(sizeof(keypin_ent_t));
476 
477  if (base64_decode((char*)ent->rsa_id, sizeof(ent->rsa_id),
478  cp, BASE64_DIGEST_LEN) != DIGEST_LEN ||
479  cp[BASE64_DIGEST_LEN] != ' ' ||
480  base64_decode((char*)ent->ed25519_key, sizeof(ent->ed25519_key),
482  tor_free(ent);
483  return NULL;
484  } else {
485  return ent;
486  }
487 }
488 
490 void
492 {
493  int bad_entries = 0;
494  {
495  keypin_ent_t **ent, **next, *this;
496  for (ent = HT_START(rsamap, &the_rsa_map); ent != NULL; ent = next) {
497  this = *ent;
498  next = HT_NEXT_RMV(rsamap, &the_rsa_map, ent);
499 
500  keypin_ent_t *other_ent = HT_REMOVE(edmap, &the_ed_map, this);
501  bad_entries += (other_ent != this);
502 
503  tor_free(this);
504  }
505  }
506  bad_entries += HT_SIZE(&the_ed_map);
507 
508  HT_CLEAR(edmap,&the_ed_map);
509  HT_CLEAR(rsamap,&the_rsa_map);
510 
511  if (bad_entries) {
512  log_warn(LD_BUG, "Found %d discrepencies in the keypin database.",
513  bad_entries);
514  }
515 }
static int keypin_add_or_replace_entry_in_map(keypin_ent_t *ent)
Definition: keypin.c:234
int digest256_to_base64(char *d64, const char *digest)
static int keypin_journal_append_entry(const uint8_t *rsa_id_digest, const uint8_t *ed25519_id_key)
Definition: keypin.c:353
Header for printf.c.
int tor_open_cloexec(const char *path, int flags, unsigned mode)
Definition: files.c:54
Headers for di_ops.c.
int tor_fd_seekend(int fd)
Definition: fdio.c:56
static int keypin_check_and_add_impl(const uint8_t *rsa_id_digest, const uint8_t *ed25519_id_key, const int do_not_add, const int replace)
Definition: keypin.c:167
#define LOG_INFO
Definition: log.h:41
static unsigned keypin_ent_hash_ed(const keypin_ent_t *a)
Definition: keypin.c:117
HT_PROTOTYPE(HT_GENERATE2(strmap_impl, HT_GENERATE2(strmap_entry_t, HT_GENERATE2(node, HT_GENERATE2(strmap_entry_hash, HT_GENERATE2(strmap_entries_eq)
Definition: map.c:87
Header for fdio.c.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:631
ssize_t write_all_to_fd(int fd, const char *buf, size_t count)
Definition: files.c:162
STATIC int keypin_load_journal_impl(const char *data, size_t size)
Definition: keypin.c:378
static unsigned keypin_ent_hash_rsa(const keypin_ent_t *a)
Definition: keypin.c:102
Header for mmap.c.
int digest_to_base64(char *d64, const char *digest)
static int keypin_journal_fd
Definition: keypin.c:300
Header for time_fmt.c.
#define tor_free(p)
Definition: malloc.h:52
void keypin_clear(void)
Definition: keypin.c:491
#define LOG_NOTICE
Definition: log.h:46
Integer definitions used throughout Tor.
size_t size
Definition: mmap.h:26
int keypin_check(const uint8_t *rsa_id_digest, const uint8_t *ed25519_id_key)
Definition: keypin.c:157
int keypin_load_journal(const char *fname)
Definition: keypin.c:452
#define DIGEST256_LEN
Definition: digest_sizes.h:23
tor_assert(buffer)
Header for crypto_format.c.
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int keypin_close_journal(void)
Definition: keypin.c:339
STATIC keypin_ent_t * keypin_parse_journal_line(const char *cp)
Definition: keypin.c:472
#define DIGEST_LEN
Definition: digest_sizes.h:20
const char * data
Definition: mmap.h:25
#define LD_DIRSERV
Definition: log.h:86
int keypin_open_journal(const char *fname)
Definition: keypin.c:305
Header for binascii.c.
Header for approx_time.c.
void tor_free_(void *mem)
Definition: malloc.c:227
MOCK_IMPL(STATIC void, keypin_add_entry_to_map,(keypin_ent_t *ent))
Definition: keypin.c:219
Headers for crypto_digest.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
void format_iso_time(char *buf, time_t t)
Definition: time_fmt.c:291
int keypin_check_lone_rsa(const uint8_t *rsa_id_digest)
Definition: keypin.c:284
int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:394
Locale-independent character-type inspection (header)
#define BASE64_DIGEST_LEN
Definition: crypto_digest.h:26
Wrappers for reading and writing data to files on disk.
time_t approx_time(void)
Definition: approx_time.c:32
#define BASE64_DIGEST256_LEN
Definition: crypto_digest.h:29
#define JOURNAL_LINE_LEN
Definition: keypin.c:348
static int keypin_ents_eq_ed(const keypin_ent_t *a, const keypin_ent_t *b)
Definition: keypin.c:110
Headers for log.c.
Macros to manage assertions, fatal and non-fatal.
#define LD_BUG
Definition: log.h:82