tor  0.4.2.0-alpha-dev
routerparse.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
53 #define EXPOSE_ROUTERDESC_TOKEN_TABLE
54 
55 #include "core/or/or.h"
56 #include "app/config/config.h"
57 #include "core/or/policies.h"
58 #include "core/or/versions.h"
68 #include "feature/nodelist/torcert.h"
69 #include "feature/relay/router.h"
73 #include "lib/memarea/memarea.h"
74 #include "lib/sandbox/sandbox.h"
75 
76 #include "core/or/addr_policy_st.h"
77 #include "feature/nodelist/extrainfo_st.h"
78 #include "feature/nodelist/routerinfo_st.h"
79 #include "feature/nodelist/routerlist_st.h"
80 
81 /****************************************************************************/
82 
85  T0N("reject", K_REJECT, ARGS, NO_OBJ ),
86  T0N("accept", K_ACCEPT, ARGS, NO_OBJ ),
87  T0N("reject6", K_REJECT6, ARGS, NO_OBJ ),
88  T0N("accept6", K_ACCEPT6, ARGS, NO_OBJ ),
89  T1_START( "router", K_ROUTER, GE(5), NO_OBJ ),
90  T01("ipv6-policy", K_IPV6_POLICY, CONCAT_ARGS, NO_OBJ),
91  T1( "signing-key", K_SIGNING_KEY, NO_ARGS, NEED_KEY_1024 ),
92  T1( "onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024 ),
93  T01("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
94  T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
95  T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
96  T01("uptime", K_UPTIME, GE(1), NO_OBJ ),
97  T01("fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
98  T01("hibernating", K_HIBERNATING, GE(1), NO_OBJ ),
99  T01("platform", K_PLATFORM, CONCAT_ARGS, NO_OBJ ),
100  T01("proto", K_PROTO, CONCAT_ARGS, NO_OBJ ),
101  T01("contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
102  T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
103  T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
104  T01("extra-info-digest", K_EXTRA_INFO_DIGEST, GE(1), NO_OBJ ),
105  T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR, NO_ARGS, NO_OBJ ),
106  T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
107  T01("master-key-ed25519", K_MASTER_KEY_ED25519, GE(1), NO_OBJ ),
108  T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
109  T01("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),
110  T01("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT,
111  EQ(1), NEED_OBJ ),
112 
113  T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS, NO_ARGS, NO_OBJ ),
114 
115  T01("family", K_FAMILY, ARGS, NO_OBJ ),
116  T01("caches-extra-info", K_CACHES_EXTRA_INFO, NO_ARGS, NO_OBJ ),
117  T0N("or-address", K_OR_ADDRESS, GE(1), NO_OBJ ),
118 
119  T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
120  T1( "bandwidth", K_BANDWIDTH, GE(3), NO_OBJ ),
121  A01("@purpose", A_PURPOSE, GE(1), NO_OBJ ),
122  T01("tunnelled-dir-server",K_DIR_TUNNELLED, NO_ARGS, NO_OBJ ),
123 
125 };
126 
129  T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
130  T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
131  T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
132  T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
133  T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
134  T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
135  T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
136  T01("dirreq-stats-end", K_DIRREQ_END, ARGS, NO_OBJ ),
137  T01("dirreq-v2-ips", K_DIRREQ_V2_IPS, ARGS, NO_OBJ ),
138  T01("dirreq-v3-ips", K_DIRREQ_V3_IPS, ARGS, NO_OBJ ),
139  T01("dirreq-v2-reqs", K_DIRREQ_V2_REQS, ARGS, NO_OBJ ),
140  T01("dirreq-v3-reqs", K_DIRREQ_V3_REQS, ARGS, NO_OBJ ),
141  T01("dirreq-v2-share", K_DIRREQ_V2_SHARE, ARGS, NO_OBJ ),
142  T01("dirreq-v3-share", K_DIRREQ_V3_SHARE, ARGS, NO_OBJ ),
143  T01("dirreq-v2-resp", K_DIRREQ_V2_RESP, ARGS, NO_OBJ ),
144  T01("dirreq-v3-resp", K_DIRREQ_V3_RESP, ARGS, NO_OBJ ),
145  T01("dirreq-v2-direct-dl", K_DIRREQ_V2_DIR, ARGS, NO_OBJ ),
146  T01("dirreq-v3-direct-dl", K_DIRREQ_V3_DIR, ARGS, NO_OBJ ),
147  T01("dirreq-v2-tunneled-dl", K_DIRREQ_V2_TUN, ARGS, NO_OBJ ),
148  T01("dirreq-v3-tunneled-dl", K_DIRREQ_V3_TUN, ARGS, NO_OBJ ),
149  T01("entry-stats-end", K_ENTRY_END, ARGS, NO_OBJ ),
150  T01("entry-ips", K_ENTRY_IPS, ARGS, NO_OBJ ),
151  T01("cell-stats-end", K_CELL_END, ARGS, NO_OBJ ),
152  T01("cell-processed-cells", K_CELL_PROCESSED, ARGS, NO_OBJ ),
153  T01("cell-queued-cells", K_CELL_QUEUED, ARGS, NO_OBJ ),
154  T01("cell-time-in-queue", K_CELL_TIME, ARGS, NO_OBJ ),
155  T01("cell-circuits-per-decile", K_CELL_CIRCS, ARGS, NO_OBJ ),
156  T01("exit-stats-end", K_EXIT_END, ARGS, NO_OBJ ),
157  T01("exit-kibibytes-written", K_EXIT_WRITTEN, ARGS, NO_OBJ ),
158  T01("exit-kibibytes-read", K_EXIT_READ, ARGS, NO_OBJ ),
159  T01("exit-streams-opened", K_EXIT_OPENED, ARGS, NO_OBJ ),
160 
161  T1_START( "extra-info", K_EXTRA_INFO, GE(2), NO_OBJ ),
162 
164 };
165 
166 #undef T
167 
168 /* static function prototypes */
169 static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok);
171 
175 int
176 router_get_router_hash(const char *s, size_t s_len, char *digest)
177 {
178  return router_get_hash_impl(s, s_len, digest,
179  "router ","\nrouter-signature", '\n',
180  DIGEST_SHA1);
181 }
182 
185 int
186 router_get_extrainfo_hash(const char *s, size_t s_len, char *digest)
187 {
188  return router_get_hash_impl(s, s_len, digest, "extra-info",
189  "\nrouter-signature",'\n', DIGEST_SHA1);
190 }
191 
197 static int
199  const char *eos,
200  int *is_extrainfo_out)
201 {
202  const char *annotations = NULL;
203  const char *s = *s_ptr;
204 
205  s = eat_whitespace_eos(s, eos);
206 
207  while (s < eos-32) { /* 32 gives enough room for a the first keyword. */
208  /* We're at the start of a line. */
209  tor_assert(*s != '\n');
210 
211  if (*s == '@' && !annotations) {
212  annotations = s;
213  } else if (*s == 'r' && !strcmpstart(s, "router ")) {
214  *s_ptr = annotations ? annotations : s;
215  *is_extrainfo_out = 0;
216  return 0;
217  } else if (*s == 'e' && !strcmpstart(s, "extra-info ")) {
218  *s_ptr = annotations ? annotations : s;
219  *is_extrainfo_out = 1;
220  return 0;
221  }
222 
223  if (!(s = memchr(s+1, '\n', eos-(s+1))))
224  break;
225  s = eat_whitespace_eos(s, eos);
226  }
227  return -1;
228 }
229 
244 int
245 router_parse_list_from_string(const char **s, const char *eos,
246  smartlist_t *dest,
247  saved_location_t saved_location,
248  int want_extrainfo,
249  int allow_annotations,
250  const char *prepend_annotations,
251  smartlist_t *invalid_digests_out)
252 {
253  routerinfo_t *router;
254  extrainfo_t *extrainfo;
255  signed_descriptor_t *signed_desc = NULL;
256  void *elt;
257  const char *end, *start;
258  int have_extrainfo;
259 
260  tor_assert(s);
261  tor_assert(*s);
262  tor_assert(dest);
263 
264  start = *s;
265  if (!eos)
266  eos = *s + strlen(*s);
267 
268  tor_assert(eos >= *s);
269 
270  while (1) {
271  char raw_digest[DIGEST_LEN];
272  int have_raw_digest = 0;
273  int dl_again = 0;
274  if (find_start_of_next_router_or_extrainfo(s, eos, &have_extrainfo) < 0)
275  break;
276 
277  end = tor_memstr(*s, eos-*s, "\nrouter-signature");
278  if (end)
279  end = tor_memstr(end, eos-end, "\n-----END SIGNATURE-----\n");
280  if (end)
281  end += strlen("\n-----END SIGNATURE-----\n");
282 
283  if (!end)
284  break;
285 
286  elt = NULL;
287 
288  if (have_extrainfo && want_extrainfo) {
290  have_raw_digest = router_get_extrainfo_hash(*s, end-*s, raw_digest) == 0;
291  extrainfo = extrainfo_parse_entry_from_string(*s, end,
292  saved_location != SAVED_IN_CACHE,
293  rl->identity_map, &dl_again);
294  if (extrainfo) {
295  signed_desc = &extrainfo->cache_info;
296  elt = extrainfo;
297  }
298  } else if (!have_extrainfo && !want_extrainfo) {
299  have_raw_digest = router_get_router_hash(*s, end-*s, raw_digest) == 0;
300  router = router_parse_entry_from_string(*s, end,
301  saved_location != SAVED_IN_CACHE,
302  allow_annotations,
303  prepend_annotations, &dl_again);
304  if (router) {
305  log_debug(LD_DIR, "Read router '%s', purpose '%s'",
306  router_describe(router),
308  signed_desc = &router->cache_info;
309  elt = router;
310  }
311  }
312  if (! elt && ! dl_again && have_raw_digest && invalid_digests_out) {
313  smartlist_add(invalid_digests_out, tor_memdup(raw_digest, DIGEST_LEN));
314  }
315  if (!elt) {
316  *s = end;
317  continue;
318  }
319  if (saved_location != SAVED_NOWHERE) {
320  tor_assert(signed_desc);
321  signed_desc->saved_location = saved_location;
322  signed_desc->saved_offset = *s - start;
323  }
324  *s = end;
325  smartlist_add(dest, elt);
326  }
327 
328  return 0;
329 }
330 
335 int
337  tor_addr_t *addr_out,
338  uint16_t *port_out)
339 {
340  int ret = 0;
341  tor_assert(list != NULL);
342  tor_assert(addr_out != NULL);
343  tor_assert(port_out != NULL);
344 
346  tor_addr_t a;
347  maskbits_t bits;
348  uint16_t port_min, port_max;
349  tor_assert(t->n_args >= 1);
350  /* XXXX Prop186 the full spec allows much more than this. */
351  if (tor_addr_parse_mask_ports(t->args[0], 0,
352  &a, &bits, &port_min,
353  &port_max) == AF_INET6 &&
354  bits == 128 &&
355  port_min == port_max) {
356  /* Okay, this is one we can understand. Use it and ignore
357  any potential more addresses in list. */
358  tor_addr_copy(addr_out, &a);
359  *port_out = port_min;
360  ret = 1;
361  break;
362  }
363  } SMARTLIST_FOREACH_END(t);
364 
365  return ret;
366 }
367 
389 routerinfo_t *
390 router_parse_entry_from_string(const char *s, const char *end,
391  int cache_copy, int allow_annotations,
392  const char *prepend_annotations,
393  int *can_dl_again_out)
394 {
395  routerinfo_t *router = NULL;
396  char digest[128];
397  smartlist_t *tokens = NULL, *exit_policy_tokens = NULL;
398  directory_token_t *tok;
399  struct in_addr in;
400  const char *start_of_annotations, *cp, *s_dup = s;
401  size_t prepend_len = prepend_annotations ? strlen(prepend_annotations) : 0;
402  int ok = 1;
403  memarea_t *area = NULL;
404  tor_cert_t *ntor_cc_cert = NULL;
405  /* Do not set this to '1' until we have parsed everything that we intend to
406  * parse that's covered by the hash. */
407  int can_dl_again = 0;
408  crypto_pk_t *rsa_pubkey = NULL;
409 
410  tor_assert(!allow_annotations || !prepend_annotations);
411 
412  if (!end) {
413  end = s + strlen(s);
414  }
415 
416  /* point 'end' to a point immediately after the final newline. */
417  while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
418  --end;
419 
420  area = memarea_new();
421  tokens = smartlist_new();
422  if (prepend_annotations) {
423  if (tokenize_string(area,prepend_annotations,NULL,tokens,
424  routerdesc_token_table,TS_NOCHECK)) {
425  log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
426  goto err;
427  }
428  }
429 
430  start_of_annotations = s;
431  cp = tor_memstr(s, end-s, "\nrouter ");
432  if (!cp) {
433  if (end-s < 7 || strcmpstart(s, "router ")) {
434  log_warn(LD_DIR, "No router keyword found.");
435  goto err;
436  }
437  } else {
438  s = cp+1;
439  }
440 
441  if (start_of_annotations != s) { /* We have annotations */
442  if (allow_annotations) {
443  if (tokenize_string(area,start_of_annotations,s,tokens,
444  routerdesc_token_table,TS_NOCHECK)) {
445  log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
446  goto err;
447  }
448  } else {
449  log_warn(LD_DIR, "Found unexpected annotations on router descriptor not "
450  "loaded from disk. Dropping it.");
451  goto err;
452  }
453  }
454 
455  if (router_get_router_hash(s, end - s, digest) < 0) {
456  log_warn(LD_DIR, "Couldn't compute router hash.");
457  goto err;
458  }
459  {
460  int flags = 0;
461  if (allow_annotations)
462  flags |= TS_ANNOTATIONS_OK;
463  if (prepend_annotations)
464  flags |= TS_ANNOTATIONS_OK|TS_NO_NEW_ANNOTATIONS;
465 
466  if (tokenize_string(area,s,end,tokens,routerdesc_token_table, flags)) {
467  log_warn(LD_DIR, "Error tokenizing router descriptor.");
468  goto err;
469  }
470  }
471 
472  if (smartlist_len(tokens) < 2) {
473  log_warn(LD_DIR, "Impossibly short router descriptor.");
474  goto err;
475  }
476 
477  tok = find_by_keyword(tokens, K_ROUTER);
478  const int router_token_pos = smartlist_pos(tokens, tok);
479  tor_assert(tok->n_args >= 5);
480 
481  router = tor_malloc_zero(sizeof(routerinfo_t));
482  router->cert_expiration_time = TIME_MAX;
483  router->cache_info.routerlist_index = -1;
484  router->cache_info.annotations_len = s-start_of_annotations + prepend_len;
485  router->cache_info.signed_descriptor_len = end-s;
486  if (cache_copy) {
487  size_t len = router->cache_info.signed_descriptor_len +
488  router->cache_info.annotations_len;
489  char *signed_body =
490  router->cache_info.signed_descriptor_body = tor_malloc(len+1);
491  if (prepend_annotations) {
492  memcpy(signed_body, prepend_annotations, prepend_len);
493  signed_body += prepend_len;
494  }
495  /* This assertion will always succeed.
496  * len == signed_desc_len + annotations_len
497  * == end-s + s-start_of_annotations + prepend_len
498  * == end-start_of_annotations + prepend_len
499  * We already wrote prepend_len bytes into the buffer; now we're
500  * writing end-start_of_annotations -NM. */
501  tor_assert(signed_body+(end-start_of_annotations) ==
502  router->cache_info.signed_descriptor_body+len);
503  memcpy(signed_body, start_of_annotations, end-start_of_annotations);
504  router->cache_info.signed_descriptor_body[len] = '\0';
505  tor_assert(strlen(router->cache_info.signed_descriptor_body) == len);
506  }
507  memcpy(router->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
508 
509  router->nickname = tor_strdup(tok->args[0]);
510  if (!is_legal_nickname(router->nickname)) {
511  log_warn(LD_DIR,"Router nickname is invalid");
512  goto err;
513  }
514  if (!tor_inet_aton(tok->args[1], &in)) {
515  log_warn(LD_DIR,"Router address is not an IP address.");
516  goto err;
517  }
518  router->addr = ntohl(in.s_addr);
519 
520  router->or_port =
521  (uint16_t) tor_parse_long(tok->args[2],10,0,65535,&ok,NULL);
522  if (!ok) {
523  log_warn(LD_DIR,"Invalid OR port %s", escaped(tok->args[2]));
524  goto err;
525  }
526  router->dir_port =
527  (uint16_t) tor_parse_long(tok->args[4],10,0,65535,&ok,NULL);
528  if (!ok) {
529  log_warn(LD_DIR,"Invalid dir port %s", escaped(tok->args[4]));
530  goto err;
531  }
532 
533  tok = find_by_keyword(tokens, K_BANDWIDTH);
534  tor_assert(tok->n_args >= 3);
535  router->bandwidthrate = (int)
536  tor_parse_long(tok->args[0],10,1,INT_MAX,&ok,NULL);
537 
538  if (!ok) {
539  log_warn(LD_DIR, "bandwidthrate %s unreadable or 0. Failing.",
540  escaped(tok->args[0]));
541  goto err;
542  }
543  router->bandwidthburst =
544  (int) tor_parse_long(tok->args[1],10,0,INT_MAX,&ok,NULL);
545  if (!ok) {
546  log_warn(LD_DIR, "Invalid bandwidthburst %s", escaped(tok->args[1]));
547  goto err;
548  }
549  router->bandwidthcapacity = (int)
550  tor_parse_long(tok->args[2],10,0,INT_MAX,&ok,NULL);
551  if (!ok) {
552  log_warn(LD_DIR, "Invalid bandwidthcapacity %s", escaped(tok->args[1]));
553  goto err;
554  }
555 
556  if ((tok = find_opt_by_keyword(tokens, A_PURPOSE))) {
557  tor_assert(tok->n_args);
558  router->purpose = router_purpose_from_string(tok->args[0]);
559  if (router->purpose == ROUTER_PURPOSE_UNKNOWN) {
560  goto err;
561  }
562  } else {
563  router->purpose = ROUTER_PURPOSE_GENERAL;
564  }
565  router->cache_info.send_unencrypted =
566  (router->purpose == ROUTER_PURPOSE_GENERAL) ? 1 : 0;
567 
568  if ((tok = find_opt_by_keyword(tokens, K_UPTIME))) {
569  tor_assert(tok->n_args >= 1);
570  router->uptime = tor_parse_long(tok->args[0],10,0,LONG_MAX,&ok,NULL);
571  if (!ok) {
572  log_warn(LD_DIR, "Invalid uptime %s", escaped(tok->args[0]));
573  goto err;
574  }
575  }
576 
577  if ((tok = find_opt_by_keyword(tokens, K_HIBERNATING))) {
578  tor_assert(tok->n_args >= 1);
579  router->is_hibernating
580  = (tor_parse_long(tok->args[0],10,0,LONG_MAX,NULL,NULL) != 0);
581  }
582 
583  tok = find_by_keyword(tokens, K_PUBLISHED);
584  tor_assert(tok->n_args == 1);
585  if (parse_iso_time(tok->args[0], &router->cache_info.published_on) < 0)
586  goto err;
587 
588  tok = find_by_keyword(tokens, K_ONION_KEY);
589  if (!crypto_pk_public_exponent_ok(tok->key)) {
590  log_warn(LD_DIR,
591  "Relay's onion key had invalid exponent.");
592  goto err;
593  }
594  router->onion_pkey = tor_memdup(tok->object_body, tok->object_size);
595  router->onion_pkey_len = tok->object_size;
596  crypto_pk_free(tok->key);
597 
598  if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
600  tor_assert(tok->n_args >= 1);
601  if (curve25519_public_from_base64(&k, tok->args[0]) < 0) {
602  log_warn(LD_DIR, "Bogus ntor-onion-key in routerinfo");
603  goto err;
604  }
605  router->onion_curve25519_pkey =
606  tor_memdup(&k, sizeof(curve25519_public_key_t));
607  }
608 
609  tok = find_by_keyword(tokens, K_SIGNING_KEY);
610  router->identity_pkey = tok->key;
611  tok->key = NULL; /* Prevent free */
613  router->cache_info.identity_digest)) {
614  log_warn(LD_DIR, "Couldn't calculate key digest"); goto err;
615  }
616 
617  {
618  directory_token_t *ed_sig_tok, *ed_cert_tok, *cc_tap_tok, *cc_ntor_tok,
619  *master_key_tok;
620  ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
621  ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
622  master_key_tok = find_opt_by_keyword(tokens, K_MASTER_KEY_ED25519);
623  cc_tap_tok = find_opt_by_keyword(tokens, K_ONION_KEY_CROSSCERT);
624  cc_ntor_tok = find_opt_by_keyword(tokens, K_NTOR_ONION_KEY_CROSSCERT);
625  int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok +
626  !!cc_tap_tok + !!cc_ntor_tok;
627  if ((n_ed_toks != 0 && n_ed_toks != 4) ||
628  (n_ed_toks == 4 && !router->onion_curve25519_pkey)) {
629  log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
630  "cross-certification support");
631  goto err;
632  }
633  if (master_key_tok && !ed_sig_tok) {
634  log_warn(LD_DIR, "Router descriptor has ed25519 master key but no "
635  "certificate");
636  goto err;
637  }
638  if (ed_sig_tok) {
639  tor_assert(ed_cert_tok && cc_tap_tok && cc_ntor_tok);
640  const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
641  if (ed_cert_token_pos == -1 || router_token_pos == -1 ||
642  (ed_cert_token_pos != router_token_pos + 1 &&
643  ed_cert_token_pos != router_token_pos - 1)) {
644  log_warn(LD_DIR, "Ed25519 certificate in wrong position");
645  goto err;
646  }
647  if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
648  log_warn(LD_DIR, "Ed25519 signature in wrong position");
649  goto err;
650  }
651  if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
652  log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
653  goto err;
654  }
655  if (strcmp(cc_ntor_tok->object_type, "ED25519 CERT")) {
656  log_warn(LD_DIR, "Wrong object type on ntor-onion-key-crosscert "
657  "in decriptor");
658  goto err;
659  }
660  if (strcmp(cc_tap_tok->object_type, "CROSSCERT")) {
661  log_warn(LD_DIR, "Wrong object type on onion-key-crosscert "
662  "in decriptor");
663  goto err;
664  }
665  if (strcmp(cc_ntor_tok->args[0], "0") &&
666  strcmp(cc_ntor_tok->args[0], "1")) {
667  log_warn(LD_DIR, "Bad sign bit on ntor-onion-key-crosscert");
668  goto err;
669  }
670  int ntor_cc_sign_bit = !strcmp(cc_ntor_tok->args[0], "1");
671 
672  uint8_t d256[DIGEST256_LEN];
673  const char *signed_start, *signed_end;
674  tor_cert_t *cert = tor_cert_parse(
675  (const uint8_t*)ed_cert_tok->object_body,
676  ed_cert_tok->object_size);
677  if (! cert) {
678  log_warn(LD_DIR, "Couldn't parse ed25519 cert");
679  goto err;
680  }
681  /* makes sure it gets freed. */
682  router->cache_info.signing_key_cert = cert;
683 
684  if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
685  ! cert->signing_key_included) {
686  log_warn(LD_DIR, "Invalid form for ed25519 cert");
687  goto err;
688  }
689 
690  if (master_key_tok) {
691  /* This token is optional, but if it's present, it must match
692  * the signature in the signing cert, or supplant it. */
693  tor_assert(master_key_tok->n_args >= 1);
695  if (ed25519_public_from_base64(&pkey, master_key_tok->args[0])<0) {
696  log_warn(LD_DIR, "Can't parse ed25519 master key");
697  goto err;
698  }
699 
700  if (fast_memneq(&cert->signing_key.pubkey,
701  pkey.pubkey, ED25519_PUBKEY_LEN)) {
702  log_warn(LD_DIR, "Ed25519 master key does not match "
703  "key in certificate");
704  goto err;
705  }
706  }
707  ntor_cc_cert = tor_cert_parse((const uint8_t*)cc_ntor_tok->object_body,
708  cc_ntor_tok->object_size);
709  if (!ntor_cc_cert) {
710  log_warn(LD_DIR, "Couldn't parse ntor-onion-key-crosscert cert");
711  goto err;
712  }
713  if (ntor_cc_cert->cert_type != CERT_TYPE_ONION_ID ||
714  ! ed25519_pubkey_eq(&ntor_cc_cert->signed_key, &cert->signing_key)) {
715  log_warn(LD_DIR, "Invalid contents for ntor-onion-key-crosscert cert");
716  goto err;
717  }
718 
719  ed25519_public_key_t ntor_cc_pk;
721  router->onion_curve25519_pkey,
722  ntor_cc_sign_bit)<0) {
723  log_warn(LD_DIR, "Error converting onion key to ed25519");
724  goto err;
725  }
726 
727  if (router_get_hash_impl_helper(s, end-s, "router ",
728  "\nrouter-sig-ed25519",
729  ' ', LOG_WARN,
730  &signed_start, &signed_end) < 0) {
731  log_warn(LD_DIR, "Can't find ed25519-signed portion of descriptor");
732  goto err;
733  }
734  crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
735  crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
736  strlen(ED_DESC_SIGNATURE_PREFIX));
737  crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
738  crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
739  crypto_digest_free(d);
740 
741  ed25519_checkable_t check[3];
742  int check_ok[3];
743  time_t expires = TIME_MAX;
744  if (tor_cert_get_checkable_sig(&check[0], cert, NULL, &expires) < 0) {
745  log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
746  goto err;
747  }
748  if (tor_cert_get_checkable_sig(&check[1],
749  ntor_cc_cert, &ntor_cc_pk, &expires) < 0) {
750  log_err(LD_BUG, "Couldn't create 'checkable' for ntor_cc_cert.");
751  goto err;
752  }
753 
754  if (ed25519_signature_from_base64(&check[2].signature,
755  ed_sig_tok->args[0])<0) {
756  log_warn(LD_DIR, "Couldn't decode ed25519 signature");
757  goto err;
758  }
759  check[2].pubkey = &cert->signed_key;
760  check[2].msg = d256;
761  check[2].len = DIGEST256_LEN;
762 
763  if (ed25519_checksig_batch(check_ok, check, 3) < 0) {
764  log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
765  goto err;
766  }
767 
768  rsa_pubkey = router_get_rsa_onion_pkey(router->onion_pkey,
769  router->onion_pkey_len);
770  if (check_tap_onion_key_crosscert(
771  (const uint8_t*)cc_tap_tok->object_body,
772  (int)cc_tap_tok->object_size,
773  rsa_pubkey,
774  &cert->signing_key,
775  (const uint8_t*)router->cache_info.identity_digest)<0) {
776  log_warn(LD_DIR, "Incorrect TAP cross-verification");
777  goto err;
778  }
779 
780  /* We check this before adding it to the routerlist. */
781  router->cert_expiration_time = expires;
782  }
783  }
784 
785  if ((tok = find_opt_by_keyword(tokens, K_FINGERPRINT))) {
786  /* If there's a fingerprint line, it must match the identity digest. */
787  char d[DIGEST_LEN];
788  tor_assert(tok->n_args == 1);
789  tor_strstrip(tok->args[0], " ");
790  if (base16_decode(d, DIGEST_LEN,
791  tok->args[0], strlen(tok->args[0])) != DIGEST_LEN) {
792  log_warn(LD_DIR, "Couldn't decode router fingerprint %s",
793  escaped(tok->args[0]));
794  goto err;
795  }
796  if (tor_memneq(d,router->cache_info.identity_digest, DIGEST_LEN)) {
797  log_warn(LD_DIR, "Fingerprint '%s' does not match identity digest.",
798  tok->args[0]);
799  goto err;
800  }
801  }
802 
803  {
804  const char *version = NULL, *protocols = NULL;
805  if ((tok = find_opt_by_keyword(tokens, K_PLATFORM))) {
806  router->platform = tor_strdup(tok->args[0]);
807  version = tok->args[0];
808  }
809 
810  if ((tok = find_opt_by_keyword(tokens, K_PROTO))) {
811  router->protocol_list = tor_strdup(tok->args[0]);
812  protocols = tok->args[0];
813  }
814 
815  summarize_protover_flags(&router->pv, protocols, version);
816  }
817 
818  if ((tok = find_opt_by_keyword(tokens, K_CONTACT))) {
819  router->contact_info = tor_strdup(tok->args[0]);
820  }
821 
822  if (find_opt_by_keyword(tokens, K_REJECT6) ||
823  find_opt_by_keyword(tokens, K_ACCEPT6)) {
824  log_warn(LD_DIR, "Rejecting router with reject6/accept6 line: they crash "
825  "older Tors.");
826  goto err;
827  }
828  {
829  smartlist_t *or_addresses = find_all_by_keyword(tokens, K_OR_ADDRESS);
830  if (or_addresses) {
831  find_single_ipv6_orport(or_addresses, &router->ipv6_addr,
832  &router->ipv6_orport);
833  smartlist_free(or_addresses);
834  }
835  }
836  exit_policy_tokens = find_all_exitpolicy(tokens);
837  if (!smartlist_len(exit_policy_tokens)) {
838  log_warn(LD_DIR, "No exit policy tokens in descriptor.");
839  goto err;
840  }
841  SMARTLIST_FOREACH(exit_policy_tokens, directory_token_t *, t,
842  if (router_add_exit_policy(router,t)<0) {
843  log_warn(LD_DIR,"Error in exit policy");
844  goto err;
845  });
847 
848  if ((tok = find_opt_by_keyword(tokens, K_IPV6_POLICY)) && tok->n_args) {
849  router->ipv6_exit_policy = parse_short_policy(tok->args[0]);
850  if (! router->ipv6_exit_policy) {
851  log_warn(LD_DIR , "Error in ipv6-policy %s", escaped(tok->args[0]));
852  goto err;
853  }
854  }
855 
856  if (policy_is_reject_star(router->exit_policy, AF_INET, 1) &&
857  (!router->ipv6_exit_policy ||
859  router->policy_is_reject_star = 1;
860 
861  if ((tok = find_opt_by_keyword(tokens, K_FAMILY)) && tok->n_args) {
862  int i;
863  router->declared_family = smartlist_new();
864  for (i=0;i<tok->n_args;++i) {
865  if (!is_legal_nickname_or_hexdigest(tok->args[i])) {
866  log_warn(LD_DIR, "Illegal nickname %s in family line",
867  escaped(tok->args[i]));
868  goto err;
869  }
870  smartlist_add_strdup(router->declared_family, tok->args[i]);
871  }
872  }
873 
874  if (find_opt_by_keyword(tokens, K_CACHES_EXTRA_INFO))
875  router->caches_extra_info = 1;
876 
877  if (find_opt_by_keyword(tokens, K_ALLOW_SINGLE_HOP_EXITS))
878  router->allow_single_hop_exits = 1;
879 
880  if ((tok = find_opt_by_keyword(tokens, K_EXTRA_INFO_DIGEST))) {
881  tor_assert(tok->n_args >= 1);
882  if (strlen(tok->args[0]) == HEX_DIGEST_LEN) {
883  if (base16_decode(router->cache_info.extra_info_digest, DIGEST_LEN,
884  tok->args[0], HEX_DIGEST_LEN) != DIGEST_LEN) {
885  log_warn(LD_DIR,"Invalid extra info digest");
886  }
887  } else {
888  log_warn(LD_DIR, "Invalid extra info digest %s", escaped(tok->args[0]));
889  }
890 
891  if (tok->n_args >= 2) {
892  if (digest256_from_base64(router->cache_info.extra_info_digest256,
893  tok->args[1]) < 0) {
894  log_warn(LD_DIR, "Invalid extra info digest256 %s",
895  escaped(tok->args[1]));
896  }
897  }
898  }
899 
900  if (find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR)) {
901  router->wants_to_be_hs_dir = 1;
902  }
903 
904  /* This router accepts tunnelled directory requests via begindir if it has
905  * an open dirport or it included "tunnelled-dir-server". */
906  if (find_opt_by_keyword(tokens, K_DIR_TUNNELLED) || router->dir_port > 0) {
908  }
909 
910  tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
911 
912  if (!router->or_port) {
913  log_warn(LD_DIR,"or_port unreadable or 0. Failing.");
914  goto err;
915  }
916 
917  /* We've checked everything that's covered by the hash. */
918  can_dl_again = 1;
919  if (check_signature_token(digest, DIGEST_LEN, tok, router->identity_pkey, 0,
920  "router descriptor") < 0)
921  goto err;
922 
923  if (!router->platform) {
924  router->platform = tor_strdup("<unknown>");
925  }
926  goto done;
927 
928  err:
929  dump_desc(s_dup, "router descriptor");
930  routerinfo_free(router);
931  router = NULL;
932  done:
933  crypto_pk_free(rsa_pubkey);
934  tor_cert_free(ntor_cc_cert);
935  if (tokens) {
937  smartlist_free(tokens);
938  }
939  smartlist_free(exit_policy_tokens);
940  if (area) {
941  DUMP_AREA(area, "routerinfo");
942  memarea_drop_all(area);
943  }
944  if (can_dl_again_out)
945  *can_dl_again_out = can_dl_again;
946  return router;
947 }
948 
960 extrainfo_t *
961 extrainfo_parse_entry_from_string(const char *s, const char *end,
962  int cache_copy, struct digest_ri_map_t *routermap,
963  int *can_dl_again_out)
964 {
965  extrainfo_t *extrainfo = NULL;
966  char digest[128];
967  smartlist_t *tokens = NULL;
968  directory_token_t *tok;
969  crypto_pk_t *key = NULL;
970  routerinfo_t *router = NULL;
971  memarea_t *area = NULL;
972  const char *s_dup = s;
973  /* Do not set this to '1' until we have parsed everything that we intend to
974  * parse that's covered by the hash. */
975  int can_dl_again = 0;
976 
977  if (BUG(s == NULL))
978  return NULL;
979 
980  if (!end) {
981  end = s + strlen(s);
982  }
983 
984  /* point 'end' to a point immediately after the final newline. */
985  while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
986  --end;
987 
988  if (router_get_extrainfo_hash(s, end-s, digest) < 0) {
989  log_warn(LD_DIR, "Couldn't compute router hash.");
990  goto err;
991  }
992  tokens = smartlist_new();
993  area = memarea_new();
994  if (tokenize_string(area,s,end,tokens,extrainfo_token_table,0)) {
995  log_warn(LD_DIR, "Error tokenizing extra-info document.");
996  goto err;
997  }
998 
999  if (smartlist_len(tokens) < 2) {
1000  log_warn(LD_DIR, "Impossibly short extra-info document.");
1001  goto err;
1002  }
1003 
1004  /* XXXX Accept this in position 1 too, and ed identity in position 0. */
1005  tok = smartlist_get(tokens,0);
1006  if (tok->tp != K_EXTRA_INFO) {
1007  log_warn(LD_DIR,"Entry does not start with \"extra-info\"");
1008  goto err;
1009  }
1010 
1011  extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
1012  extrainfo->cache_info.is_extrainfo = 1;
1013  if (cache_copy)
1014  extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s,end-s);
1015  extrainfo->cache_info.signed_descriptor_len = end-s;
1016  memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
1017  crypto_digest256((char*)extrainfo->digest256, s, end-s, DIGEST_SHA256);
1018 
1019  tor_assert(tok->n_args >= 2);
1020  if (!is_legal_nickname(tok->args[0])) {
1021  log_warn(LD_DIR,"Bad nickname %s on \"extra-info\"",escaped(tok->args[0]));
1022  goto err;
1023  }
1024  strlcpy(extrainfo->nickname, tok->args[0], sizeof(extrainfo->nickname));
1025  if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
1026  base16_decode(extrainfo->cache_info.identity_digest, DIGEST_LEN,
1027  tok->args[1], HEX_DIGEST_LEN) != DIGEST_LEN) {
1028  log_warn(LD_DIR,"Invalid fingerprint %s on \"extra-info\"",
1029  escaped(tok->args[1]));
1030  goto err;
1031  }
1032 
1033  tok = find_by_keyword(tokens, K_PUBLISHED);
1034  if (parse_iso_time(tok->args[0], &extrainfo->cache_info.published_on)) {
1035  log_warn(LD_DIR,"Invalid published time %s on \"extra-info\"",
1036  escaped(tok->args[0]));
1037  goto err;
1038  }
1039 
1040  {
1041  directory_token_t *ed_sig_tok, *ed_cert_tok;
1042  ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
1043  ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
1044  int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok;
1045  if (n_ed_toks != 0 && n_ed_toks != 2) {
1046  log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
1047  "cross-certification support");
1048  goto err;
1049  }
1050  if (ed_sig_tok) {
1051  tor_assert(ed_cert_tok);
1052  const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
1053  if (ed_cert_token_pos != 1) {
1054  /* Accept this in position 0 XXXX */
1055  log_warn(LD_DIR, "Ed25519 certificate in wrong position");
1056  goto err;
1057  }
1058  if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
1059  log_warn(LD_DIR, "Ed25519 signature in wrong position");
1060  goto err;
1061  }
1062  if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
1063  log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
1064  goto err;
1065  }
1066 
1067  uint8_t d256[DIGEST256_LEN];
1068  const char *signed_start, *signed_end;
1069  tor_cert_t *cert = tor_cert_parse(
1070  (const uint8_t*)ed_cert_tok->object_body,
1071  ed_cert_tok->object_size);
1072  if (! cert) {
1073  log_warn(LD_DIR, "Couldn't parse ed25519 cert");
1074  goto err;
1075  }
1076  /* makes sure it gets freed. */
1077  extrainfo->cache_info.signing_key_cert = cert;
1078 
1079  if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
1080  ! cert->signing_key_included) {
1081  log_warn(LD_DIR, "Invalid form for ed25519 cert");
1082  goto err;
1083  }
1084 
1085  if (router_get_hash_impl_helper(s, end-s, "extra-info ",
1086  "\nrouter-sig-ed25519",
1087  ' ', LOG_WARN,
1088  &signed_start, &signed_end) < 0) {
1089  log_warn(LD_DIR, "Can't find ed25519-signed portion of extrainfo");
1090  goto err;
1091  }
1092  crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
1093  crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
1094  strlen(ED_DESC_SIGNATURE_PREFIX));
1095  crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
1096  crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
1097  crypto_digest_free(d);
1098 
1099  ed25519_checkable_t check[2];
1100  int check_ok[2];
1101  if (tor_cert_get_checkable_sig(&check[0], cert, NULL, NULL) < 0) {
1102  log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
1103  goto err;
1104  }
1105 
1106  if (ed25519_signature_from_base64(&check[1].signature,
1107  ed_sig_tok->args[0])<0) {
1108  log_warn(LD_DIR, "Couldn't decode ed25519 signature");
1109  goto err;
1110  }
1111  check[1].pubkey = &cert->signed_key;
1112  check[1].msg = d256;
1113  check[1].len = DIGEST256_LEN;
1114 
1115  if (ed25519_checksig_batch(check_ok, check, 2) < 0) {
1116  log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
1117  goto err;
1118  }
1119  /* We don't check the certificate expiration time: checking that it
1120  * matches the cert in the router descriptor is adequate. */
1121  }
1122  }
1123 
1124  /* We've checked everything that's covered by the hash. */
1125  can_dl_again = 1;
1126 
1127  if (routermap &&
1128  (router = digestmap_get((digestmap_t*)routermap,
1129  extrainfo->cache_info.identity_digest))) {
1130  key = router->identity_pkey;
1131  }
1132 
1133  tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
1134  if (strcmp(tok->object_type, "SIGNATURE") ||
1135  tok->object_size < 128 || tok->object_size > 512) {
1136  log_warn(LD_DIR, "Bad object type or length on extra-info signature");
1137  goto err;
1138  }
1139 
1140  if (key) {
1141  if (check_signature_token(digest, DIGEST_LEN, tok, key, 0,
1142  "extra-info") < 0)
1143  goto err;
1144 
1145  if (router)
1146  extrainfo->cache_info.send_unencrypted =
1147  router->cache_info.send_unencrypted;
1148  } else {
1149  extrainfo->pending_sig = tor_memdup(tok->object_body,
1150  tok->object_size);
1151  extrainfo->pending_sig_len = tok->object_size;
1152  }
1153 
1154  goto done;
1155  err:
1156  dump_desc(s_dup, "extra-info descriptor");
1157  extrainfo_free(extrainfo);
1158  extrainfo = NULL;
1159  done:
1160  if (tokens) {
1162  smartlist_free(tokens);
1163  }
1164  if (area) {
1165  DUMP_AREA(area, "extrainfo");
1166  memarea_drop_all(area);
1167  }
1168  if (can_dl_again_out)
1169  *can_dl_again_out = can_dl_again;
1170  return extrainfo;
1171 }
1172 
1175 static int
1177 {
1178  addr_policy_t *newe;
1179  /* Use the standard interpretation of accept/reject *, an IPv4 wildcard. */
1180  newe = router_parse_addr_policy(tok, 0);
1181  if (!newe)
1182  return -1;
1183  if (! router->exit_policy)
1184  router->exit_policy = smartlist_new();
1185 
1186  /* Ensure that in descriptors, accept/reject fields are followed by
1187  * IPv4 addresses, and accept6/reject6 fields are followed by
1188  * IPv6 addresses. Unlike torrcs, descriptor exit policies do not permit
1189  * accept/reject followed by IPv6. */
1190  if (((tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6) &&
1191  tor_addr_family(&newe->addr) == AF_INET)
1192  ||
1193  ((tok->tp == K_ACCEPT || tok->tp == K_REJECT) &&
1194  tor_addr_family(&newe->addr) == AF_INET6)) {
1195  /* There's nothing the user can do about other relays' descriptors,
1196  * so we don't provide usage advice here. */
1197  log_warn(LD_DIR, "Mismatch between field type and address type in exit "
1198  "policy '%s'. Discarding entire router descriptor.",
1199  tok->n_args == 1 ? tok->args[0] : "");
1200  addr_policy_free(newe);
1201  return -1;
1202  }
1203 
1204  smartlist_add(router->exit_policy, newe);
1205 
1206  return 0;
1207 }
1208 
1212 static smartlist_t *
1214 {
1215  smartlist_t *out = smartlist_new();
1217  if (t->tp == K_ACCEPT || t->tp == K_ACCEPT6 ||
1218  t->tp == K_REJECT || t->tp == K_REJECT6)
1219  smartlist_add(out,t));
1220  return out;
1221 }
1222 
1227 void
1229 {
1230  /*
1231  * Check both if the sandbox is active and whether it's configured; no
1232  * point in loading all that if we won't be able to use it after the
1233  * sandbox becomes active.
1234  */
1235  if (!(sandbox_is_active() || get_options()->Sandbox)) {
1236  dump_desc_init();
1237  }
1238 }
1239 
1241 void
1243 {
1245 }
extrainfo_t * extrainfo_parse_entry_from_string(const char *s, const char *end, int cache_copy, struct digest_ri_map_t *routermap, int *can_dl_again_out)
Definition: routerparse.c:961
struct curve25519_public_key_t * onion_curve25519_pkey
Definition: routerinfo_st.h:40
struct crypto_pk_t * key
Definition: parsecommon.h:210
const char * router_purpose_to_string(uint8_t p)
Definition: routerinfo.c:54
struct digest_ri_map_t * identity_map
Definition: routerlist_st.h:15
char * contact_info
Definition: routerinfo_st.h:64
ed25519_public_key_t signed_key
Definition: torcert.h:25
int router_get_hash_impl_helper(const char *s, size_t s_len, const char *start_str, const char *end_str, char end_c, int log_severity, const char **start_out, const char **end_out)
Definition: sigcommon.c:27
smartlist_t * find_all_by_keyword(const smartlist_t *s, directory_keyword k)
Definition: parsecommon.c:461
static int router_add_exit_policy(routerinfo_t *router, directory_token_t *tok)
Definition: routerparse.c:1176
#define END_OF_TABLE
Definition: parsecommon.h:244
unsigned int policy_is_reject_star
Definition: routerinfo_st.h:74
saved_location_t saved_location
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
void summarize_protover_flags(protover_summary_flags_t *out, const char *protocols, const char *version)
Definition: versions.c:466
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
void routerparse_free_all(void)
Definition: routerparse.c:1242
char extra_info_digest[DIGEST_LEN]
protover_summary_flags_t pv
Definition: routerinfo_st.h:90
static smartlist_t * find_all_exitpolicy(smartlist_t *s)
Definition: routerparse.c:1213
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
#define T0N(s, t, a, o)
Definition: parsecommon.h:248
char nickname[MAX_NICKNAME_LEN+1]
Definition: extrainfo_st.h:18
int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out, const tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t *expiration_out)
Definition: torcert.c:211
int curve25519_public_from_base64(curve25519_public_key_t *pkey, const char *input)
Header file for describe.c.
int sandbox_is_active(void)
Definition: sandbox.c:1802
#define A01(s, t, a, o)
Definition: parsecommon.h:260
void smartlist_add(smartlist_t *sl, void *element)
uint8_t cert_type
Definition: torcert.h:38
void tor_strstrip(char *s, const char *strip)
Definition: util_string.c:111
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
int digest256_from_base64(char *digest, const char *d64)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
Header file for config.c.
Header file for nickname.c.
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
ed25519_public_key_t signing_key
Definition: torcert.h:28
char extra_info_digest256[DIGEST256_LEN]
int tor_inet_aton(const char *str, struct in_addr *addr)
Definition: inaddr.c:38
char signed_descriptor_digest[DIGEST_LEN]
int short_policy_is_reject_star(const short_policy_t *policy)
Definition: policies.c:2987
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:206
unsigned int supports_tunnelled_dir_requests
Definition: routerinfo_st.h:83
int is_legal_nickname_or_hexdigest(const char *s)
Definition: nickname.c:31
uint32_t bandwidthburst
Definition: routerinfo_st.h:53
struct tor_cert_st * signing_key_cert
#define T1_START(s, t, a, o)
Definition: parsecommon.h:252
smartlist_t * declared_family
Definition: routerinfo_st.h:62
Header file for versions.c.
void dump_desc_init(void)
Definition: unparseable.c:33
time_t cert_expiration_time
Definition: routerinfo_st.h:43
static token_rule_t extrainfo_token_table[]
Definition: routerparse.c:128
memarea_t * memarea_new(void)
Definition: memarea.c:153
saved_location_t
Definition: or.h:746
int find_single_ipv6_orport(const smartlist_t *list, tor_addr_t *addr_out, uint16_t *port_out)
Definition: routerparse.c:336
unsigned signing_key_included
Definition: torcert.h:40
uint8_t maskbits_t
Definition: address.h:62
short_policy_t * parse_short_policy(const char *summary)
Definition: policies.c:2802
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header file for policies.c.
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
uint32_t bandwidthrate
Definition: routerinfo_st.h:51
Header file for unparseable.c.
#define NO_ARGS
Definition: parsecommon.h:265
tor_assert(buffer)
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
Definition: torcert.c:159
int router_parse_list_from_string(const char **s, const char *eos, smartlist_t *dest, saved_location_t saved_location, int want_extrainfo, int allow_annotations, const char *prepend_annotations, smartlist_t *invalid_digests_out)
Definition: routerparse.c:245
unsigned int wants_to_be_hs_dir
Definition: routerinfo_st.h:72
Header for crypto_format.c.
Header file for policy_parse.c.
unsigned int caches_extra_info
Definition: routerinfo_st.h:67
directory_keyword tp
Definition: parsecommon.h:202
smartlist_t * exit_policy
Definition: routerinfo_st.h:56
#define DIGEST_LEN
Definition: digest_sizes.h:20
Header file for sandbox.c.
uint8_t router_purpose_from_string(const char *s)
Definition: routerinfo.c:69
#define GE(n)
Definition: parsecommon.h:269
routerinfo_t * router_parse_entry_from_string(const char *s, const char *end, int cache_copy, int allow_annotations, const char *prepend_annotations, int *can_dl_again_out)
Definition: routerparse.c:390
unsigned int allow_single_hop_exits
Definition: routerinfo_st.h:69
Master header file for Tor-specific functionality.
void policy_expand_private(smartlist_t **policy)
Definition: policies.c:105
size_t onion_pkey_len
Definition: routerinfo_st.h:36
int tor_addr_parse_mask_ports(const char *s, unsigned flags, tor_addr_t *addr_out, maskbits_t *maskbits_out, uint16_t *port_min_out, uint16_t *port_max_out)
Definition: address.c:543
#define ARGS
Definition: parsecommon.h:263
void routerparse_init(void)
Definition: routerparse.c:1228
Header for memarea.c.
#define EQ(n)
Definition: parsecommon.h:271
Header for crypto_ed25519.c.
addr_policy_t * router_parse_addr_policy(directory_token_t *tok, unsigned fmt_flags)
Definition: policy_parse.c:136
#define LOG_WARN
Definition: log.h:51
#define CONCAT_ARGS
Definition: parsecommon.h:267
static int find_start_of_next_router_or_extrainfo(const char **s_ptr, const char *eos, int *is_extrainfo_out)
Definition: routerparse.c:198
int policy_is_reject_star(const smartlist_t *policy, sa_family_t family, int default_reject)
Definition: policies.c:2361
int smartlist_pos(const smartlist_t *sl, const void *element)
Definition: smartlist.c:119
char * onion_pkey
Definition: routerinfo_st.h:34
int router_get_router_hash(const char *s, size_t s_len, char *digest)
Definition: routerparse.c:176
directory_token_t * find_opt_by_keyword(const smartlist_t *s, directory_keyword keyword)
Definition: parsecommon.c:450
int crypto_pk_public_exponent_ok(const crypto_pk_t *env)
int is_legal_nickname(const char *s)
Definition: nickname.c:19
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
struct short_policy_t * ipv6_exit_policy
Definition: routerinfo_st.h:60
#define T1_END(s, t, a, o)
Definition: parsecommon.h:254
#define LD_DIR
Definition: log.h:86
Header file for parsecommon.c.
char identity_digest[DIGEST_LEN]
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
const token_rule_t routerdesc_token_table[]
Definition: routerparse.c:84
#define SMARTLIST_FOREACH(sl, type, var, cmd)
char * protocol_list
Definition: routerinfo_st.h:47
Header file for router.c.
const char * escaped(const char *s)
Definition: escape.c:126
char * nickname
Definition: routerinfo_st.h:17
uint16_t dir_port
Definition: routerinfo_st.h:21
int ed25519_public_from_base64(ed25519_public_key_t *pkey, const char *input)
uint32_t bandwidthcapacity
Definition: routerinfo_st.h:55
#define T1(s, t, a, o)
Definition: parsecommon.h:250
void token_clear(directory_token_t *tok)
Definition: parsecommon.c:41
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:56
uint32_t addr
Definition: routerinfo_st.h:19
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:506
char * platform
Definition: routerinfo_st.h:45
uint8_t purpose
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
int router_get_hash_impl(const char *s, size_t s_len, char *digest, const char *start_str, const char *end_str, char end_c, digest_algorithm_t alg)
Definition: sigcommon.c:74
unsigned int is_hibernating
Definition: routerinfo_st.h:65
int parse_iso_time(const char *cp, time_t *t)
Definition: time_fmt.c:392
int ed25519_signature_from_base64(ed25519_signature_t *sig, const char *input)
uint8_t digest256[DIGEST256_LEN]
Definition: extrainfo_st.h:16
int check_signature_token(const char *digest, ssize_t digest_len, directory_token_t *tok, crypto_pk_t *pkey, int flags, const char *doctype)
Definition: sigcommon.c:143
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:27
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:904
char * pending_sig
Definition: extrainfo_st.h:24
Header file for routerinfo.c.
int tokenize_string(memarea_t *area, const char *start, const char *end, smartlist_t *out, const token_rule_t *table, int flags)
Definition: parsecommon.c:53
#define T01(s, t, a, o)
Definition: parsecommon.h:258
Header file for sigcommon.c.
int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest)
Definition: routerparse.c:186
const char * router_describe(const routerinfo_t *ri)
Definition: describe.c:123
routerlist_t * router_get_routerlist(void)
Definition: routerlist.c:809
Header for crypto_curve25519.c.
crypto_pk_t * identity_pkey
Definition: routerinfo_st.h:38
size_t pending_sig_len
Definition: extrainfo_st.h:26
#define LD_BUG
Definition: log.h:84
const char * eat_whitespace_eos(const char *s, const char *eos)
Definition: util_string.c:295
Header file for routerlist.c.
Header file for routerparse.c.
tor_addr_t addr
uint16_t or_port
Definition: routerinfo_st.h:20
void dump_desc_fifo_cleanup(void)
Definition: unparseable.c:234
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:179