Tor  0.4.7.0-alpha-dev
or.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file or.h
9  * \brief Master header file for Tor-specific functionality.
10  **/
11 
12 #ifndef TOR_OR_H
13 #define TOR_OR_H
14 
15 #include "orconfig.h"
16 #include "lib/cc/torint.h"
17 
18 #ifdef HAVE_SIGNAL_H
19 #include <signal.h>
20 #endif
21 #ifdef HAVE_TIME_H
22 #include <time.h>
23 #endif
24 
25 #include "lib/arch/bytes.h"
26 #include "lib/cc/compat_compiler.h"
27 #include "lib/container/map.h"
28 #include "lib/buf/buffers.h"
32 #include "lib/ctime/di_ops.h"
33 #include "lib/defs/dh_sizes.h"
34 #include "lib/encoding/binascii.h"
35 #include "lib/encoding/cstring.h"
36 #include "lib/encoding/time_fmt.h"
37 #include "lib/err/torerr.h"
38 #include "lib/fs/dir.h"
39 #include "lib/fs/files.h"
40 #include "lib/fs/mmap.h"
41 #include "lib/fs/path.h"
42 #include "lib/fs/userdb.h"
43 #include "lib/geoip/country.h"
44 #include "lib/intmath/addsub.h"
45 #include "lib/intmath/bits.h"
46 #include "lib/intmath/cmp.h"
47 #include "lib/intmath/logic.h"
48 #include "lib/intmath/muldiv.h"
49 #include "lib/log/escape.h"
50 #include "lib/log/ratelim.h"
51 #include "lib/log/util_bug.h"
52 #include "lib/malloc/malloc.h"
53 #include "lib/net/address.h"
54 #include "lib/net/inaddr.h"
55 #include "lib/net/socket.h"
58 #include "lib/string/parse_int.h"
59 #include "lib/string/printf.h"
60 #include "lib/string/scanf.h"
61 #include "lib/string/util_string.h"
63 #include "lib/thread/threads.h"
64 #include "lib/time/compat_time.h"
66 #include "lib/wallclock/timeval.h"
67 
68 #include "ht.h"
69 
70 // These, more than other includes, are for keeping the other struct
71 // definitions working. We should remove them when we minimize our includes.
73 
76 
77 /* These signals are defined to help handle_control_signal work.
78  */
79 #ifndef SIGHUP
80 #define SIGHUP 1
81 #endif
82 #ifndef SIGINT
83 #define SIGINT 2
84 #endif
85 #ifndef SIGUSR1
86 #define SIGUSR1 10
87 #endif
88 #ifndef SIGUSR2
89 #define SIGUSR2 12
90 #endif
91 #ifndef SIGTERM
92 #define SIGTERM 15
93 #endif
94 /* Controller signals start at a high number so we don't
95  * conflict with system-defined signals. */
96 #define SIGNEWNYM 129
97 #define SIGCLEARDNSCACHE 130
98 #define SIGHEARTBEAT 131
99 #define SIGACTIVE 132
100 #define SIGDORMANT 133
101 
102 #if (SIZEOF_CELL_T != 0)
103 /* On Irix, stdlib.h defines a cell_t type, so we need to make sure
104  * that our stuff always calls cell_t something different. */
105 #define cell_t tor_cell_t
106 #endif
107 
108 /** Helper macro: Given a pointer to to.base_, of type from*, return &to. */
109 #define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))
110 
111 /** Length of longest allowable configured nickname. */
112 #define MAX_NICKNAME_LEN 19
113 /** Length of a router identity encoded as a hexadecimal digest, plus
114  * possible dollar sign. */
115 #define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)
116 /** Maximum length of verbose router identifier: dollar sign, hex ID digest,
117  * equal sign or tilde, nickname. */
118 #define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)
119 
120 /** For HTTP parsing: Maximum number of bytes we'll accept in the headers
121  * of an HTTP request or response. */
122 #define MAX_HEADERS_SIZE 50000
123 
124 /** Maximum size, in bytes, of a single router descriptor uploaded to us
125  * as a directory authority. Caches and clients fetch whatever descriptors
126  * the authorities tell them to fetch, and don't care about size. */
127 #define MAX_DESCRIPTOR_UPLOAD_SIZE 20000
128 
129 /** Maximum size of a single extrainfo document, as above. */
130 #define MAX_EXTRAINFO_UPLOAD_SIZE 50000
131 
132 /** Minimum lifetime for an onion key in days. */
133 #define MIN_ONION_KEY_LIFETIME_DAYS (1)
134 
135 /** Maximum lifetime for an onion key in days. */
136 #define MAX_ONION_KEY_LIFETIME_DAYS (90)
137 
138 /** Default lifetime for an onion key in days. */
139 #define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)
140 
141 /** Minimum grace period for acceptance of an onion key in days.
142  * The maximum value is defined in proposal #274 as being the current network
143  * consensus parameter for "onion-key-rotation-days". */
144 #define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1)
145 
146 /** Default grace period for acceptance of an onion key in days. */
147 #define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
148 
149 /** How often we should check the network consensus if it is time to rotate or
150  * expire onion keys. */
151 #define ONION_KEY_CONSENSUS_CHECK_INTERVAL (60*60)
152 
153 /** How often do we rotate TLS contexts? */
154 #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
155 
156 /** How old do we allow a router to get before removing it
157  * from the router list? In seconds. */
158 #define ROUTER_MAX_AGE (60*60*48)
159 /** How old can a router get before we (as a server) will no longer
160  * consider it live? In seconds. */
161 #define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24)
162 /** How old do we let a saved descriptor get before force-removing it? */
163 #define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)
164 
165 /* Proxy client types */
166 #define PROXY_NONE 0
167 #define PROXY_CONNECT 1
168 #define PROXY_SOCKS4 2
169 #define PROXY_SOCKS5 3
170 #define PROXY_HAPROXY 4
171 /* !!!! If there is ever a PROXY_* type over 7, we must grow the proxy_type
172  * field in or_connection_t */
173 
174 /* Pluggable transport proxy type. Don't use this in or_connection_t,
175  * instead use the actual underlying proxy type (see above). */
176 #define PROXY_PLUGGABLE 5
177 
178 /** How many circuits do we want simultaneously in-progress to handle
179  * a given stream? */
180 #define MIN_CIRCUITS_HANDLING_STREAM 2
181 
182 /* These RELAY_COMMAND constants define values for relay cell commands, and
183 * must match those defined in tor-spec.txt. */
184 #define RELAY_COMMAND_BEGIN 1
185 #define RELAY_COMMAND_DATA 2
186 #define RELAY_COMMAND_END 3
187 #define RELAY_COMMAND_CONNECTED 4
188 #define RELAY_COMMAND_SENDME 5
189 #define RELAY_COMMAND_EXTEND 6
190 #define RELAY_COMMAND_EXTENDED 7
191 #define RELAY_COMMAND_TRUNCATE 8
192 #define RELAY_COMMAND_TRUNCATED 9
193 #define RELAY_COMMAND_DROP 10
194 #define RELAY_COMMAND_RESOLVE 11
195 #define RELAY_COMMAND_RESOLVED 12
196 #define RELAY_COMMAND_BEGIN_DIR 13
197 #define RELAY_COMMAND_EXTEND2 14
198 #define RELAY_COMMAND_EXTENDED2 15
199 
200 #define RELAY_COMMAND_ESTABLISH_INTRO 32
201 #define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
202 #define RELAY_COMMAND_INTRODUCE1 34
203 #define RELAY_COMMAND_INTRODUCE2 35
204 #define RELAY_COMMAND_RENDEZVOUS1 36
205 #define RELAY_COMMAND_RENDEZVOUS2 37
206 #define RELAY_COMMAND_INTRO_ESTABLISHED 38
207 #define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
208 #define RELAY_COMMAND_INTRODUCE_ACK 40
209 
210 #define RELAY_COMMAND_PADDING_NEGOTIATE 41
211 #define RELAY_COMMAND_PADDING_NEGOTIATED 42
212 
213 /* Reasons why an OR connection is closed. */
214 #define END_OR_CONN_REASON_DONE 1
215 #define END_OR_CONN_REASON_REFUSED 2 /* connection refused */
216 #define END_OR_CONN_REASON_OR_IDENTITY 3
217 #define END_OR_CONN_REASON_CONNRESET 4 /* connection reset by peer */
218 #define END_OR_CONN_REASON_TIMEOUT 5
219 #define END_OR_CONN_REASON_NO_ROUTE 6 /* no route to host/net */
220 #define END_OR_CONN_REASON_IO_ERROR 7 /* read/write error */
221 #define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
222 #define END_OR_CONN_REASON_PT_MISSING 9 /* PT failed or not available */
223 #define END_OR_CONN_REASON_TLS_ERROR 10 /* Problem in TLS protocol */
224 #define END_OR_CONN_REASON_MISC 11
225 
226 /* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
227  * documentation of these. The values must match. */
228 #define END_STREAM_REASON_MISC 1
229 #define END_STREAM_REASON_RESOLVEFAILED 2
230 #define END_STREAM_REASON_CONNECTREFUSED 3
231 #define END_STREAM_REASON_EXITPOLICY 4
232 #define END_STREAM_REASON_DESTROY 5
233 #define END_STREAM_REASON_DONE 6
234 #define END_STREAM_REASON_TIMEOUT 7
235 #define END_STREAM_REASON_NOROUTE 8
236 #define END_STREAM_REASON_HIBERNATING 9
237 #define END_STREAM_REASON_INTERNAL 10
238 #define END_STREAM_REASON_RESOURCELIMIT 11
239 #define END_STREAM_REASON_CONNRESET 12
240 #define END_STREAM_REASON_TORPROTOCOL 13
241 #define END_STREAM_REASON_NOTDIRECTORY 14
242 #define END_STREAM_REASON_ENTRYPOLICY 15
243 
244 /* These high-numbered end reasons are not part of the official spec,
245  * and are not intended to be put in relay end cells. They are here
246  * to be more informative when sending back socks replies to the
247  * application. */
248 /* XXXX 256 is no longer used; feel free to reuse it. */
249 /** We were unable to attach the connection to any circuit at all. */
250 /* XXXX the ways we use this one don't make a lot of sense. */
251 #define END_STREAM_REASON_CANT_ATTACH 257
252 /** We can't connect to any directories at all, so we killed our streams
253  * before they can time out. */
254 #define END_STREAM_REASON_NET_UNREACHABLE 258
255 /** This is a SOCKS connection, and the client used (or misused) the SOCKS
256  * protocol in a way we couldn't handle. */
257 #define END_STREAM_REASON_SOCKSPROTOCOL 259
258 /** This is a transparent proxy connection, but we can't extract the original
259  * target address:port. */
260 #define END_STREAM_REASON_CANT_FETCH_ORIG_DEST 260
261 /** This is a connection on the NATD port, and the destination IP:Port was
262  * either ill-formed or out-of-range. */
263 #define END_STREAM_REASON_INVALID_NATD_DEST 261
264 /** The target address is in a private network (like 127.0.0.1 or 10.0.0.1);
265  * you don't want to do that over a randomly chosen exit */
266 #define END_STREAM_REASON_PRIVATE_ADDR 262
267 /** This is an HTTP tunnel connection and the client used or misused HTTP in a
268  * way we can't handle.
269  */
270 #define END_STREAM_REASON_HTTPPROTOCOL 263
271 
272 /** Bitwise-and this value with endreason to mask out all flags. */
273 #define END_STREAM_REASON_MASK 511
274 
275 /** Bitwise-or this with the argument to control_event_stream_status
276  * to indicate that the reason came from an END cell. */
277 #define END_STREAM_REASON_FLAG_REMOTE 512
278 /** Bitwise-or this with the argument to control_event_stream_status
279  * to indicate that we already sent a CLOSED stream event. */
280 #define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED 1024
281 /** Bitwise-or this with endreason to indicate that we already sent
282  * a socks reply, and no further reply needs to be sent from
283  * connection_mark_unattached_ap(). */
284 #define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048
285 
286 /* 'type' values to use in RESOLVED cells. Specified in tor-spec.txt. */
287 #define RESOLVED_TYPE_HOSTNAME 0
288 #define RESOLVED_TYPE_IPV4 4
289 #define RESOLVED_TYPE_IPV6 6
290 #define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
291 #define RESOLVED_TYPE_ERROR 0xF1
292 
293 /* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
294  * call; they only go to the controller for tracking */
295 
296 /* Closing introduction point that were opened in parallel. */
297 #define END_CIRC_REASON_IP_NOW_REDUNDANT -4
298 
299 /** Our post-timeout circuit time measurement period expired.
300  * We must give up now */
301 #define END_CIRC_REASON_MEASUREMENT_EXPIRED -3
302 
303 /** We couldn't build a path for this circuit. */
304 #define END_CIRC_REASON_NOPATH -2
305 /** Catch-all "other" reason for closing origin circuits. */
306 #define END_CIRC_AT_ORIGIN -1
307 
308 /* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt
309  * section 5.4 for documentation of these. */
310 #define END_CIRC_REASON_MIN_ 0
311 #define END_CIRC_REASON_NONE 0
312 #define END_CIRC_REASON_TORPROTOCOL 1
313 #define END_CIRC_REASON_INTERNAL 2
314 #define END_CIRC_REASON_REQUESTED 3
315 #define END_CIRC_REASON_HIBERNATING 4
316 #define END_CIRC_REASON_RESOURCELIMIT 5
317 #define END_CIRC_REASON_CONNECTFAILED 6
318 #define END_CIRC_REASON_OR_IDENTITY 7
319 #define END_CIRC_REASON_CHANNEL_CLOSED 8
320 #define END_CIRC_REASON_FINISHED 9
321 #define END_CIRC_REASON_TIMEOUT 10
322 #define END_CIRC_REASON_DESTROYED 11
323 #define END_CIRC_REASON_NOSUCHSERVICE 12
324 #define END_CIRC_REASON_MAX_ 12
325 
326 /** Bitwise-OR this with the argument to circuit_mark_for_close() or
327  * control_event_circuit_status() to indicate that the reason was
328  * passed through from a destroy or truncate cell. */
329 #define END_CIRC_REASON_FLAG_REMOTE 512
330 
331 /** Length of v2 descriptor ID (32 base32 chars = 160 bits).
332  *
333  * XXX: It is still used by v3 code but should be renamed or maybe removed. */
334 #define REND_DESC_ID_V2_LEN_BASE32 BASE32_DIGEST_LEN
335 
336 /** Maximum length of authorized client names for a hidden service. */
337 #define REND_CLIENTNAME_MAX_LEN 16
338 
339 /** Length of the rendezvous cookie that is used to connect circuits at the
340  * rendezvous point. */
341 #define REND_COOKIE_LEN DIGEST_LEN
342 
343 /** Client authorization type that a hidden service performs. */
344 typedef enum rend_auth_type_t {
345  REND_NO_AUTH = 0,
346  REND_V3_AUTH = 1, /* Dummy flag to allow adding v3 services on the
347  * control port */
349 
350 /* Stub because we can't include hs_ident.h. */
351 struct hs_ident_edge_conn_t;
352 struct hs_ident_dir_conn_t;
353 struct hs_ident_circuit_t;
354 
355 typedef struct hsdir_index_t hsdir_index_t;
356 
357 /** Time interval for tracking replays of DH public keys received in
358  * INTRODUCE2 cells. Used only to avoid launching multiple
359  * simultaneous attempts to connect to the same rendezvous point. */
360 #define REND_REPLAY_TIME_INTERVAL (5 * 60)
361 
362 /** Used to indicate which way a cell is going on a circuit. */
363 typedef enum {
364  CELL_DIRECTION_IN=1, /**< The cell is moving towards the origin. */
365  CELL_DIRECTION_OUT=2, /**< The cell is moving away from the origin. */
367 
368 /**
369  * An enum to allow us to specify which channel in a circuit
370  * we're interested in.
371  *
372  * This is needed because our data structures and other fields
373  * for channel delivery are disassociated from the channel.
374  */
375 typedef enum {
376  CIRCUIT_N_CHAN = 0,
377  CIRCUIT_P_CHAN = 1
379 
380 /** Initial value for both sides of a circuit transmission window when the
381  * circuit is initialized. Measured in cells. */
382 #define CIRCWINDOW_START 1000
383 #define CIRCWINDOW_START_MIN 100
384 #define CIRCWINDOW_START_MAX 1000
385 /** Amount to increment a circuit window when we get a circuit SENDME. */
386 #define CIRCWINDOW_INCREMENT 100
387 /** Initial value on both sides of a stream transmission window when the
388  * stream is initialized. Measured in cells. */
389 #define STREAMWINDOW_START 500
390 #define STREAMWINDOW_START_MAX 500
391 /** Amount to increment a stream window when we get a stream SENDME. */
392 #define STREAMWINDOW_INCREMENT 50
393 
394 /** Maximum number of queued cells on a circuit for which we are the
395  * midpoint before we give up and kill it. This must be >= circwindow
396  * to avoid killing innocent circuits, and >= circwindow*2 to give
397  * leaky-pipe a chance of working someday. The ORCIRC_MAX_MIDDLE_KILL_THRESH
398  * ratio controls the margin of error between emitting a warning and
399  * killing the circuit.
400  */
401 #define ORCIRC_MAX_MIDDLE_CELLS (CIRCWINDOW_START_MAX*2)
402 /** Ratio of hard (circuit kill) to soft (warning) thresholds for the
403  * ORCIRC_MAX_MIDDLE_CELLS tests.
404  */
405 #define ORCIRC_MAX_MIDDLE_KILL_THRESH (1.1f)
406 
407 /* Cell commands. These values are defined in tor-spec.txt. */
408 #define CELL_PADDING 0
409 #define CELL_CREATE 1
410 #define CELL_CREATED 2
411 #define CELL_RELAY 3
412 #define CELL_DESTROY 4
413 #define CELL_CREATE_FAST 5
414 #define CELL_CREATED_FAST 6
415 #define CELL_VERSIONS 7
416 #define CELL_NETINFO 8
417 #define CELL_RELAY_EARLY 9
418 #define CELL_CREATE2 10
419 #define CELL_CREATED2 11
420 #define CELL_PADDING_NEGOTIATE 12
421 
422 #define CELL_VPADDING 128
423 #define CELL_CERTS 129
424 #define CELL_AUTH_CHALLENGE 130
425 #define CELL_AUTHENTICATE 131
426 #define CELL_AUTHORIZE 132
427 #define CELL_COMMAND_MAX_ 132
428 
429 /** How long to test reachability before complaining to the user. */
430 #define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)
431 
432 /** Legal characters in a nickname. */
433 #define LEGAL_NICKNAME_CHARACTERS \
434  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
435 
436 /** Name to use in client TLS certificates if no nickname is given. Once
437  * Tor 0.1.2.x is obsolete, we can remove this. */
438 #define DEFAULT_CLIENT_NICKNAME "client"
439 
440 /** Name chosen by routers that don't configure nicknames */
441 #define UNNAMED_ROUTER_NICKNAME "Unnamed"
442 
443 /** Number of bytes in a SOCKS4 header. */
444 #define SOCKS4_NETWORK_LEN 8
445 
446 /*
447  * Relay payload:
448  * Relay command [1 byte]
449  * Recognized [2 bytes]
450  * Stream ID [2 bytes]
451  * Partial SHA-1 [4 bytes]
452  * Length [2 bytes]
453  * Relay payload [498 bytes]
454  */
455 
456 /** Number of bytes in a cell, minus cell header. */
457 #define CELL_PAYLOAD_SIZE 509
458 /** Number of bytes in a cell transmitted over the network, in the longest
459  * form */
460 #define CELL_MAX_NETWORK_SIZE 514
461 
462 /** Maximum length of a header on a variable-length cell. */
463 #define VAR_CELL_MAX_HEADER_SIZE 7
464 
465 static int get_cell_network_size(int wide_circ_ids);
466 static inline int get_cell_network_size(int wide_circ_ids)
467 {
468  return wide_circ_ids ? CELL_MAX_NETWORK_SIZE : CELL_MAX_NETWORK_SIZE - 2;
469 }
470 static int get_var_cell_header_size(int wide_circ_ids);
471 static inline int get_var_cell_header_size(int wide_circ_ids)
472 {
473  return wide_circ_ids ? VAR_CELL_MAX_HEADER_SIZE :
475 }
476 static int get_circ_id_size(int wide_circ_ids);
477 static inline int get_circ_id_size(int wide_circ_ids)
478 {
479  return wide_circ_ids ? 4 : 2;
480 }
481 
482 /** Number of bytes in a relay cell's header (not including general cell
483  * header). */
484 #define RELAY_HEADER_SIZE (1+2+2+4+2)
485 /** Largest number of bytes that can fit in a relay cell payload. */
486 #define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)
487 
488 /** Identifies a circuit on an or_connection */
489 typedef uint32_t circid_t;
490 /** Identifies a stream on a circuit */
491 typedef uint16_t streamid_t;
492 
493 /* channel_t typedef; struct channel_t is in channel.h */
494 
495 typedef struct channel_t channel_t;
496 
497 /* channel_listener_t typedef; struct channel_listener_t is in channel.h */
498 
500 
501 /* TLS channel stuff */
502 
503 typedef struct channel_tls_t channel_tls_t;
504 
505 /* circuitmux_t typedef; struct circuitmux_t is in circuitmux.h */
506 
507 typedef struct circuitmux_t circuitmux_t;
508 
509 typedef struct cell_t cell_t;
510 typedef struct var_cell_t var_cell_t;
511 typedef struct packed_cell_t packed_cell_t;
512 typedef struct cell_queue_t cell_queue_t;
513 typedef struct destroy_cell_t destroy_cell_t;
515 typedef struct ext_or_cmd_t ext_or_cmd_t;
516 
517 /** Beginning of a RELAY cell payload. */
518 typedef struct {
519  uint8_t command; /**< The end-to-end relay command. */
520  uint16_t recognized; /**< Used to tell whether cell is for us. */
521  streamid_t stream_id; /**< Which stream is this cell associated with? */
522  char integrity[4]; /**< Used to tell whether cell is corrupted. */
523  uint16_t length; /**< How long is the payload body? */
525 
526 typedef struct socks_request_t socks_request_t;
527 typedef struct entry_port_cfg_t entry_port_cfg_t;
528 typedef struct server_port_cfg_t server_port_cfg_t;
529 
530 /** Minimum length of the random part of an AUTH_CHALLENGE cell. */
531 #define OR_AUTH_CHALLENGE_LEN 32
532 
533 /**
534  * @name Certificate types for CERTS cells.
535  *
536  * These values are defined by the protocol, and affect how an X509
537  * certificate in a CERTS cell is interpreted and used.
538  *
539  * @{ */
540 /** A certificate that authenticates a TLS link key. The subject key
541  * must match the key used in the TLS handshake; it must be signed by
542  * the identity key. */
543 #define OR_CERT_TYPE_TLS_LINK 1
544 /** A self-signed identity certificate. The subject key must be a
545  * 1024-bit RSA key. */
546 #define OR_CERT_TYPE_ID_1024 2
547 /** A certificate that authenticates a key used in an AUTHENTICATE cell
548  * in the v3 handshake. The subject key must be a 1024-bit RSA key; it
549  * must be signed by the identity key */
550 #define OR_CERT_TYPE_AUTH_1024 3
551 /* DOCDOC */
552 #define OR_CERT_TYPE_RSA_ED_CROSSCERT 7
553 /**@}*/
554 
555 /** The first supported type of AUTHENTICATE cell. It contains
556  * a bunch of structures signed with an RSA1024 key. The signed
557  * structures include a HMAC using negotiated TLS secrets, and a digest
558  * of all cells sent or received before the AUTHENTICATE cell (including
559  * the random server-generated AUTH_CHALLENGE cell).
560  */
561 #define AUTHTYPE_RSA_SHA256_TLSSECRET 1
562 /** As AUTHTYPE_RSA_SHA256_TLSSECRET, but instead of using the
563  * negotiated TLS secrets, uses exported keying material from the TLS
564  * session as described in RFC 5705.
565  *
566  * Not used by today's tors, since everything that supports this
567  * also supports ED25519_SHA256_5705, which is better.
568  **/
569 #define AUTHTYPE_RSA_SHA256_RFC5705 2
570 /** As AUTHTYPE_RSA_SHA256_RFC5705, but uses an Ed25519 identity key to
571  * authenticate. */
572 #define AUTHTYPE_ED25519_SHA256_RFC5705 3
573 /*
574  * NOTE: authchallenge_type_is_better() relies on these AUTHTYPE codes
575  * being sorted in order of preference. If we someday add one with
576  * a higher numerical value that we don't like as much, we should revise
577  * authchallenge_type_is_better().
578  */
579 
580 /** The length of the part of the AUTHENTICATE cell body that the client and
581  * server can generate independently (when using RSA_SHA256_TLSSECRET). It
582  * contains everything except the client's timestamp, the client's randomly
583  * generated nonce, and the signature. */
584 #define V3_AUTH_FIXED_PART_LEN (8+(32*6))
585 /** The length of the part of the AUTHENTICATE cell body that the client
586  * signs. */
587 #define V3_AUTH_BODY_LEN (V3_AUTH_FIXED_PART_LEN + 8 + 16)
588 
591 
592 /** Length of Extended ORPort connection identifier. */
593 #define EXT_OR_CONN_ID_LEN DIGEST_LEN /* 20 */
594 /*
595  * OR_CONN_HIGHWATER and OR_CONN_LOWWATER moved from connection_or.c so
596  * channeltls.c can see them too.
597  */
598 
599 /** When adding cells to an OR connection's outbuf, keep adding until the
600  * outbuf is at least this long, or we run out of cells. */
601 #define OR_CONN_HIGHWATER (32*1024)
602 
603 /** Add cells to an OR connection's outbuf whenever the outbuf's data length
604  * drops below this size. */
605 #define OR_CONN_LOWWATER (16*1024)
606 
607 typedef struct connection_t connection_t;
609 typedef struct dir_connection_t dir_connection_t;
610 typedef struct edge_connection_t edge_connection_t;
613 typedef struct or_connection_t or_connection_t;
614 
615 /** Cast a connection_t subtype pointer to a connection_t **/
616 #define TO_CONN(c) (&(((c)->base_)))
617 
618 /** Cast a entry_connection_t subtype pointer to a connection_t **/
619 #define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c)))
620 
621 typedef struct addr_policy_t addr_policy_t;
622 
623 typedef struct cached_dir_t cached_dir_t;
624 
625 /** Enum used to remember where a signed_descriptor_t is stored and how to
626  * manage the memory for signed_descriptor_body. */
627 typedef enum {
628  /** The descriptor isn't stored on disk at all: the copy in memory is
629  * canonical; the saved_offset field is meaningless. */
631  /** The descriptor is stored in the cached_routers file: the
632  * signed_descriptor_body is meaningless; the signed_descriptor_len and
633  * saved_offset are used to index into the mmaped cache file. */
635  /** The descriptor is stored in the cached_routers.new file: the
636  * signed_descriptor_body and saved_offset fields are both set. */
637  /* FFFF (We could also mmap the file and grow the mmap as needed, or
638  * lazy-load the descriptor text by using seek and read. We don't, for
639  * now.)
640  */
643 #define saved_location_bitfield_t ENUM_BF(saved_location_t)
644 
645 /** Enumeration: what directory object is being downloaded?
646  * This determines which schedule is selected to perform the download. */
647 typedef enum {
648  DL_SCHED_GENERIC = 0,
649  DL_SCHED_CONSENSUS = 1,
650  DL_SCHED_BRIDGE = 2,
652 #define download_schedule_bitfield_t ENUM_BF(download_schedule_t)
653 
654 /** Enumeration: is the download schedule for downloading from an authority,
655  * or from any available directory mirror?
656  * During bootstrap, "any" means a fallback (or an authority, if there
657  * are no fallbacks).
658  * When we have a valid consensus, "any" means any directory server. */
659 typedef enum {
660  DL_WANT_ANY_DIRSERVER = 0,
661  DL_WANT_AUTHORITY = 1,
663 #define download_want_authority_bitfield_t \
664  ENUM_BF(download_want_authority_t)
665 
666 /** Enumeration: do we want to increment the schedule position each time a
667  * connection is attempted (these attempts can be concurrent), or do we want
668  * to increment the schedule position after a connection fails? */
669 typedef enum {
670  DL_SCHED_INCREMENT_FAILURE = 0,
671  DL_SCHED_INCREMENT_ATTEMPT = 1,
673 #define download_schedule_increment_bitfield_t \
674  ENUM_BF(download_schedule_increment_t)
675 
676 typedef struct download_status_t download_status_t;
677 
678 /** If n_download_failures is this high, the download can never happen. */
679 #define IMPOSSIBLE_TO_DOWNLOAD 255
680 
681 /** The max size we expect router descriptor annotations we create to
682  * be. We'll accept larger ones if we see them on disk, but we won't
683  * create any that are larger than this. */
684 #define ROUTER_ANNOTATION_BUF_LEN 256
685 
687 
688 /** Flags used to summarize the declared protocol versions of a relay,
689  * so we don't need to parse them again and again. */
690 typedef struct protover_summary_flags_t {
691  /** True iff we have a proto line for this router, or a versions line
692  * from which we could infer the protocols. */
693  unsigned int protocols_known:1;
694 
695  /** True iff this router has a version or protocol list that allows it to
696  * accept EXTEND2 cells. This requires Relay=2. */
697  unsigned int supports_extend2_cells:1;
698 
699  /** True iff this router has a version or protocol list that allows it to
700  * accept IPv6 connections. This requires Relay=2 or Relay=3. */
702 
703  /** True iff this router has a version or protocol list that allows it to
704  * initiate IPv6 connections. This requires Relay=3. */
706 
707  /** True iff this router has a version or protocol list that allows it to
708  * consider IPv6 connections canonical. This requires Relay=3. */
710 
711  /** True iff this router has a protocol list that allows it to negotiate
712  * ed25519 identity keys on a link handshake with us. This
713  * requires LinkAuth=3. */
715 
716  /** True iff this router has a protocol list that allows it to negotiate
717  * ed25519 identity keys on a link handshake, at all. This requires some
718  * LinkAuth=X for X >= 3. */
720 
721  /** True iff this router has a protocol list that allows it to be an
722  * introduction point supporting ed25519 authentication key which is part of
723  * the v3 protocol detailed in proposal 224. This requires HSIntro=4. */
724  unsigned int supports_ed25519_hs_intro : 1;
725 
726  /** True iff this router has a protocol list that allows it to support the
727  * ESTABLISH_INTRO DoS cell extension. Requires HSIntro=5. */
729 
730  /** True iff this router has a protocol list that allows it to be an hidden
731  * service directory supporting version 3 as seen in proposal 224. This
732  * requires HSDir=2. */
733  unsigned int supports_v3_hsdir : 1;
734 
735  /** True iff this router has a protocol list that allows it to be an hidden
736  * service rendezvous point supporting version 3 as seen in proposal 224.
737  * This requires HSRend=2. */
739 
740  /** True iff this router has a protocol list that allows clients to
741  * negotiate hs circuit setup padding. Requires Padding=2. */
742  unsigned int supports_hs_setup_padding : 1;
743 
745 
746 typedef struct routerinfo_t routerinfo_t;
747 typedef struct extrainfo_t extrainfo_t;
748 typedef struct routerstatus_t routerstatus_t;
749 
750 typedef struct microdesc_t microdesc_t;
751 typedef struct node_t node_t;
757 
758 /** Enumerates recognized flavors of a consensus networkstatus document. All
759  * flavors of a consensus are generated from the same set of votes, but they
760  * present different types information to different versions of Tor. */
761 typedef enum {
762  FLAV_NS = 0,
763  FLAV_MICRODESC = 1,
765 
766 /** How many different consensus flavors are there? */
767 #define N_CONSENSUS_FLAVORS ((int)(FLAV_MICRODESC)+1)
768 
769 typedef struct networkstatus_t networkstatus_t;
771 typedef struct desc_store_t desc_store_t;
772 typedef struct routerlist_t routerlist_t;
773 typedef struct extend_info_t extend_info_t;
774 typedef struct authority_cert_t authority_cert_t;
775 
776 /** Bitfield enum type listing types of information that directory authorities
777  * can be authoritative about, and that directory caches may or may not cache.
778  *
779  * Note that the granularity here is based on authority granularity and on
780  * cache capabilities. Thus, one particular bit may correspond in practice to
781  * a few types of directory info, so long as every authority that pronounces
782  * officially about one of the types prounounces officially about all of them,
783  * and so long as every cache that caches one of them caches all of them.
784  */
785 typedef enum {
786  NO_DIRINFO = 0,
787  /** Serves/signs v3 directory information: votes, consensuses, certs */
788  V3_DIRINFO = 1 << 2,
789  /** Serves bridge descriptors. */
790  BRIDGE_DIRINFO = 1 << 4,
791  /** Serves extrainfo documents. */
793  /** Serves microdescriptors. */
796 
797 #define ALL_DIRINFO ((dirinfo_type_t)((1<<7)-1))
798 
799 #define ONION_HANDSHAKE_TYPE_TAP 0x0000
800 #define ONION_HANDSHAKE_TYPE_FAST 0x0001
801 #define ONION_HANDSHAKE_TYPE_NTOR 0x0002
802 #define MAX_ONION_HANDSHAKE_TYPE 0x0002
803 
805 typedef struct relay_crypto_t relay_crypto_t;
806 typedef struct crypt_path_t crypt_path_t;
808 
809 #define CPATH_KEY_MATERIAL_LEN (20*2+16*2)
810 
812 
813 struct create_cell_t;
814 
815 /** Entry in the cell stats list of a circuit; used only if CELL_STATS
816  * events are enabled. */
818  uint8_t command; /**< cell command number. */
819  /** Waiting time in centiseconds if this event is for a removed cell,
820  * or 0 if this event is for adding a cell to the queue. 22 bits can
821  * store more than 11 hours, enough to assume that a circuit with this
822  * delay would long have been closed. */
823  unsigned int waiting_time:22;
824  unsigned int removed:1; /**< 0 for added to, 1 for removed from queue. */
825  unsigned int exitward:1; /**< 0 for app-ward, 1 for exit-ward. */
827 
828 typedef struct circuit_t circuit_t;
829 typedef struct origin_circuit_t origin_circuit_t;
830 typedef struct or_circuit_t or_circuit_t;
831 
832 /** Largest number of relay_early cells that we can send on a given
833  * circuit. */
834 #define MAX_RELAY_EARLY_CELLS_PER_CIRCUIT 8
835 
836 typedef enum path_state_t path_state_t;
837 #define path_state_bitfield_t ENUM_BF(path_state_t)
838 
839 #if REND_COOKIE_LEN != DIGEST_LEN
840 #error "The REND_TOKEN_LEN macro assumes REND_COOKIE_LEN == DIGEST_LEN"
841 #endif
842 #define REND_TOKEN_LEN DIGEST_LEN
843 
844 /** Convert a circuit subtype to a circuit_t. */
845 #define TO_CIRCUIT(x) (&((x)->base_))
846 
847 /** @name Isolation flags
848 
849  Ways to isolate client streams
850 
851  @{
852 */
853 /** Isolate based on destination port */
854 #define ISO_DESTPORT (1u<<0)
855 /** Isolate based on destination address */
856 #define ISO_DESTADDR (1u<<1)
857 /** Isolate based on SOCKS authentication */
858 #define ISO_SOCKSAUTH (1u<<2)
859 /** Isolate based on client protocol choice */
860 #define ISO_CLIENTPROTO (1u<<3)
861 /** Isolate based on client address */
862 #define ISO_CLIENTADDR (1u<<4)
863 /** Isolate based on session group (always on). */
864 #define ISO_SESSIONGRP (1u<<5)
865 /** Isolate based on newnym epoch (always on). */
866 #define ISO_NYM_EPOCH (1u<<6)
867 /** Isolate all streams (Internal only). */
868 #define ISO_STREAM (1u<<7)
869 /**@}*/
870 
871 /** Default isolation level for ports. */
872 #define ISO_DEFAULT (ISO_CLIENTADDR|ISO_SOCKSAUTH|ISO_SESSIONGRP|ISO_NYM_EPOCH)
873 
874 /** Indicates that we haven't yet set a session group on a port_cfg_t. */
875 #define SESSION_GROUP_UNSET -1
876 /** Session group reserved for directory connections */
877 #define SESSION_GROUP_DIRCONN -2
878 /** Session group reserved for resolve requests launched by a controller */
879 #define SESSION_GROUP_CONTROL_RESOLVE -3
880 /** First automatically allocated session group number */
881 #define SESSION_GROUP_FIRST_AUTO -4
882 
883 typedef struct port_cfg_t port_cfg_t;
884 typedef struct routerset_t routerset_t;
885 
886 /** A magic value for the (Socks|OR|...)Port options below, telling Tor
887  * to pick its own port. */
888 #define CFG_AUTO_PORT 0xc4005e
889 
890 typedef struct or_options_t or_options_t;
891 
892 typedef struct or_state_t or_state_t;
893 
894 #define MAX_SOCKS_ADDR_LEN 256
895 
896 /********************************* circuitbuild.c **********************/
897 
898 /** How many hops does a general-purpose circuit have by default? */
899 #define DEFAULT_ROUTE_LEN 3
900 
901 /* Circuit Build Timeout "public" structures. */
902 
903 /** Precision multiplier for the Bw weights */
904 #define BW_WEIGHT_SCALE 10000
905 #define BW_MIN_WEIGHT_SCALE 1
906 #define BW_MAX_WEIGHT_SCALE INT32_MAX
907 
909 
910 /********************************* config.c ***************************/
911 
912 /********************************* connection_edge.c *************************/
913 
914 /** Enumerates possible origins of a client-side address mapping. */
915 typedef enum {
916  /** We're remapping this address because the controller told us to. */
918  /** We're remapping this address because of an AutomapHostsOnResolve
919  * configuration. */
921  /** We're remapping this address because our configuration (via torrc, the
922  * command line, or a SETCONF command) told us to. */
924  /** We're remapping this address because we have TrackHostExit configured,
925  * and we want to remember to use the same exit next time. */
927  /** We're remapping this address because we got a DNS resolution from a
928  * Tor server that told us what its value was. */
930 
931  /** No remapping has occurred. This isn't a possible value for an
932  * addrmap_entry_t; it's used as a null value when we need to answer "Why
933  * did this remapping happen." */
936 #define addressmap_entry_source_bitfield_t ENUM_BF(addressmap_entry_source_t)
937 
938 #define WRITE_STATS_INTERVAL (24*60*60)
939 
940 /********************************* dirvote.c ************************/
941 
942 typedef struct vote_timing_t vote_timing_t;
943 
944 /********************************* microdesc.c *************************/
945 
946 typedef struct microdesc_cache_t microdesc_cache_t;
947 
948 /** The maximum number of non-circuit-build-timeout failures a hidden
949  * service client will tolerate while trying to build a circuit to an
950  * introduction point. */
951 #define MAX_INTRO_POINT_REACHABILITY_FAILURES 5
952 
953 /** The minimum and maximum number of distinct INTRODUCE2 cells which a
954  * hidden service's introduction point will receive before it begins to
955  * expire. */
956 #define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS 16384
957 /* Double the minimum value so the interval is [min, min * 2]. */
958 #define INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS \
959  (INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS * 2)
960 
961 /** The minimum number of seconds that an introduction point will last
962  * before expiring due to old age. (If it receives
963  * INTRO_POINT_LIFETIME_INTRODUCTIONS INTRODUCE2 cells, it may expire
964  * sooner.)
965  *
966  * XXX Should this be configurable? */
967 #define INTRO_POINT_LIFETIME_MIN_SECONDS (18*60*60)
968 /** The maximum number of seconds that an introduction point will last
969  * before expiring due to old age.
970  *
971  * XXX Should this be configurable? */
972 #define INTRO_POINT_LIFETIME_MAX_SECONDS (24*60*60)
973 
974 /** The maximum number of circuit creation retry we do to an intro point
975  * before giving up. We try to reuse intro point that fails during their
976  * lifetime so this is a hard limit on the amount of time we do that. */
977 #define MAX_INTRO_POINT_CIRCUIT_RETRIES 3
978 
979 /********************************* routerlist.c ***************************/
980 
981 typedef struct dir_server_t dir_server_t;
982 
983 #define RELAY_REQUIRED_MIN_BANDWIDTH (75*1024)
984 #define BRIDGE_REQUIRED_MIN_BANDWIDTH (50*1024)
985 
986 #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX
987 
988 typedef struct tor_version_t tor_version_t;
989 
990 #endif /* !defined(TOR_OR_H) */
Headers for address.h.
Header for addsub.c.
Header for approx_time.c.
Header for binascii.c.
Header for bits.c.
Header file for buffers.c.
Inline functions for reading and writing multibyte values from the middle of strings,...
Macro definitions for MIN, MAX, and CLAMP.
Utility macros to handle different features and behavior in different compilers.
Locale-independent character-type inspection (header)
Header for compat_string.c.
Functions and types for monotonic times.
Country type for geoip.
Headers for crypto_cipher.c.
Headers for crypto_rsa.c.
Header for cstring.c.
Definitions for sizes of Diffie-Hellman groups elements in Z_p.
Headers for di_ops.c.
Header for dir.c.
Configuration structure for client ports.
Header for escape.c.
Wrappers for reading and writing data to files on disk.
Header for inaddr.c.
Macros for comparing the boolean value of integers.
Headers for util_malloc.c.
Headers for map.c.
Header for mmap.c.
Header for muldiv.c.
saved_location_t
Definition: or.h:627
@ SAVED_IN_JOURNAL
Definition: or.h:641
@ SAVED_NOWHERE
Definition: or.h:630
@ SAVED_IN_CACHE
Definition: or.h:634
#define VAR_CELL_MAX_HEADER_SIZE
Definition: or.h:463
addressmap_entry_source_t
Definition: or.h:915
@ ADDRMAPSRC_TRACKEXIT
Definition: or.h:926
@ ADDRMAPSRC_AUTOMAP
Definition: or.h:920
@ ADDRMAPSRC_NONE
Definition: or.h:934
@ ADDRMAPSRC_CONTROLLER
Definition: or.h:917
@ ADDRMAPSRC_DNS
Definition: or.h:929
@ ADDRMAPSRC_TORRC
Definition: or.h:923
#define CELL_MAX_NETWORK_SIZE
Definition: or.h:460
uint32_t circid_t
Definition: or.h:489
uint16_t streamid_t
Definition: or.h:491
download_want_authority_t
Definition: or.h:659
rend_auth_type_t
Definition: or.h:344
download_schedule_t
Definition: or.h:647
cell_direction_t
Definition: or.h:363
@ CELL_DIRECTION_OUT
Definition: or.h:365
@ CELL_DIRECTION_IN
Definition: or.h:364
consensus_flavor_t
Definition: or.h:761
dirinfo_type_t
Definition: or.h:785
@ V3_DIRINFO
Definition: or.h:788
@ BRIDGE_DIRINFO
Definition: or.h:790
@ EXTRAINFO_DIRINFO
Definition: or.h:792
@ MICRODESC_DIRINFO
Definition: or.h:794
download_schedule_increment_t
Definition: or.h:669
circuit_channel_direction_t
Definition: or.h:375
path_state_t
Header for parse_int.c.
Header for path.c.
Header for printf.c.
Summarize similar messages that would otherwise flood the logs.
Header for scanf.c.
Header for smartlist.c.
Header for socket.c.
Definition: cell_st.h:17
Definition: node_st.h:34
unsigned int supports_extend2_cells
Definition: or.h:697
unsigned int supports_ed25519_link_handshake_compat
Definition: or.h:714
unsigned int supports_v3_rendezvous_point
Definition: or.h:738
unsigned int supports_hs_setup_padding
Definition: or.h:742
unsigned int supports_initiating_ipv6_extends
Definition: or.h:705
unsigned int supports_v3_hsdir
Definition: or.h:733
unsigned int supports_ed25519_link_handshake_any
Definition: or.h:719
unsigned int supports_canonical_ipv6_conns
Definition: or.h:709
unsigned int protocols_known
Definition: or.h:693
unsigned int supports_accepting_ipv6_extends
Definition: or.h:701
unsigned int supports_ed25519_hs_intro
Definition: or.h:724
unsigned int supports_establish_intro_dos_extension
Definition: or.h:728
uint16_t length
Definition: or.h:523
uint8_t command
Definition: or.h:519
streamid_t stream_id
Definition: or.h:521
uint16_t recognized
Definition: or.h:520
Definition: or.h:817
uint8_t command
Definition: or.h:818
unsigned int waiting_time
Definition: or.h:823
unsigned int exitward
Definition: or.h:825
unsigned int removed
Definition: or.h:824
Macros to implement mocking and selective exposure for the test code.
Header for threads.c.
Definitions for timing-related constants.
Header for time_fmt.c.
Declarations for timeval-related macros that some platforms are missing.
Headers for torerr.c.
Integer definitions used throughout Tor.
Header for userdb.c.
Macros to manage assertions, fatal and non-fatal.
Header for util_string.c.