53 #define ROUTERDESC_TOKEN_TABLE_PRIVATE
94 T1(
"ntor-onion-key", K_ONION_KEY_NTOR,
GE(1),
NO_OBJ ),
105 T01(
"extra-info-digest", K_EXTRA_INFO_DIGEST,
GE(1),
NO_OBJ ),
108 T1(
"master-key-ed25519", K_MASTER_KEY_ED25519,
GE(1),
NO_OBJ ),
109 T1(
"router-sig-ed25519", K_ROUTER_SIG_ED25519,
GE(1),
NO_OBJ ),
111 T1(
"ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT,
121 T1(
"bandwidth", K_BANDWIDTH,
GE(3),
NO_OBJ ),
135 T1(
"router-sig-ed25519", K_ROUTER_SIG_ED25519,
GE(1),
NO_OBJ ),
150 T01(
"dirreq-v2-tunneled-dl", K_DIRREQ_V2_TUN,
ARGS,
NO_OBJ ),
151 T01(
"dirreq-v3-tunneled-dl", K_DIRREQ_V3_TUN,
ARGS,
NO_OBJ ),
155 T01(
"cell-processed-cells", K_CELL_PROCESSED,
ARGS,
NO_OBJ ),
158 T01(
"cell-circuits-per-decile", K_CELL_CIRCS,
ARGS,
NO_OBJ ),
160 T01(
"exit-kibibytes-written", K_EXIT_WRITTEN,
ARGS,
NO_OBJ ),
183 "router ",
"\nrouter-signature",
'\n',
193 "\nrouter-signature",
'\n', DIGEST_SHA1);
204 int *is_extrainfo_out)
206 const char *annotations = NULL;
207 const char *s = *s_ptr;
215 if (*s ==
'@' && !annotations) {
217 }
else if (*s ==
'r' && !
strcmpstart(s,
"router ")) {
218 *s_ptr = annotations ? annotations : s;
219 *is_extrainfo_out = 0;
221 }
else if (*s ==
'e' && !
strcmpstart(s,
"extra-info ")) {
222 *s_ptr = annotations ? annotations : s;
223 *is_extrainfo_out = 1;
227 if (!(s = memchr(s+1,
'\n', eos-(s+1))))
253 int allow_annotations,
254 const char *prepend_annotations,
261 const char *end, *start;
270 eos = *s + strlen(*s);
276 int have_raw_digest = 0;
281 end = tor_memstr(*s, eos-*s,
"\nrouter-signature");
283 end = tor_memstr(end, eos-end,
"\n-----END SIGNATURE-----\n");
285 end += strlen(
"\n-----END SIGNATURE-----\n");
292 if (have_extrainfo && want_extrainfo) {
299 signed_desc = &extrainfo->cache_info;
302 }
else if (!have_extrainfo && !want_extrainfo) {
307 prepend_annotations, &dl_again);
309 log_debug(
LD_DIR,
"Read router '%s', purpose '%s'",
312 signed_desc = &router->cache_info;
316 if (! elt && ! dl_again && have_raw_digest && invalid_digests_out) {
352 uint16_t port_min, port_max;
356 &a, &bits, &port_min,
357 &port_max) == AF_INET6 &&
359 port_min == port_max) {
363 *port_out = port_min;
367 } SMARTLIST_FOREACH_END(t);
395 int cache_copy,
int allow_annotations,
396 const char *prepend_annotations,
397 int *can_dl_again_out)
401 smartlist_t *tokens = NULL, *exit_policy_tokens = NULL;
404 const char *start_of_annotations, *cp, *s_dup = s;
405 size_t prepend_len = prepend_annotations ? strlen(prepend_annotations) : 0;
411 int can_dl_again = 0;
414 tor_assert(!allow_annotations || !prepend_annotations);
421 while (end > s+2 && *(end-1) ==
'\n' && *(end-2) ==
'\n')
426 if (prepend_annotations) {
429 log_warn(
LD_DIR,
"Error tokenizing router descriptor (annotations).");
434 start_of_annotations = s;
435 cp = tor_memstr(s, end-s,
"\nrouter ");
438 log_warn(
LD_DIR,
"No router keyword found.");
445 if (start_of_annotations != s) {
446 if (allow_annotations) {
449 log_warn(
LD_DIR,
"Error tokenizing router descriptor (annotations).");
453 log_warn(
LD_DIR,
"Found unexpected annotations on router descriptor not "
454 "loaded from disk. Dropping it.");
459 if (!tor_memstr(s, end-s,
"\nproto ")) {
460 log_debug(
LD_DIR,
"Found an obsolete router descriptor. "
461 "Rejecting quietly.");
466 log_warn(
LD_DIR,
"Couldn't compute router hash.");
471 if (allow_annotations)
472 flags |= TS_ANNOTATIONS_OK;
473 if (prepend_annotations)
474 flags |= TS_ANNOTATIONS_OK|TS_NO_NEW_ANNOTATIONS;
477 log_warn(
LD_DIR,
"Error tokenizing router descriptor.");
482 if (smartlist_len(tokens) < 2) {
483 log_warn(
LD_DIR,
"Impossibly short router descriptor.");
487 tok = find_by_keyword(tokens, K_ROUTER);
494 router->cache_info.
annotations_len = s-start_of_annotations + prepend_len;
501 if (prepend_annotations) {
502 memcpy(signed_body, prepend_annotations, prepend_len);
503 signed_body += prepend_len;
511 tor_assert(signed_body+(end-start_of_annotations) ==
513 memcpy(signed_body, start_of_annotations, end-start_of_annotations);
521 log_warn(
LD_DIR,
"Router nickname is invalid");
525 log_warn(
LD_DIR,
"Router address is not an IP address.");
530 router->ipv4_orport =
536 router->ipv4_dirport =
543 tok = find_by_keyword(tokens, K_BANDWIDTH);
549 log_warn(
LD_DIR,
"bandwidthrate %s unreadable or 0. Failing.",
575 router->cache_info.send_unencrypted =
593 tok = find_by_keyword(tokens, K_PUBLISHED);
598 tok = find_by_keyword(tokens, K_ONION_KEY);
601 "Relay's onion key had invalid exponent.");
606 crypto_pk_free(tok->
key);
612 log_warn(
LD_DIR,
"Bogus ntor-onion-key in routerinfo");
619 tok = find_by_keyword(tokens, K_SIGNING_KEY);
624 log_warn(
LD_DIR,
"Couldn't calculate key digest");
goto err;
635 int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok +
636 !!cc_tap_tok + !!cc_ntor_tok;
637 if ((n_ed_toks != 0 && n_ed_toks != 4) ||
639 log_warn(
LD_DIR,
"Router descriptor with only partial ed25519/"
640 "cross-certification support");
643 if (master_key_tok && !ed_sig_tok) {
644 log_warn(
LD_DIR,
"Router descriptor has ed25519 master key but no "
649 tor_assert(ed_cert_tok && cc_tap_tok && cc_ntor_tok);
650 const int ed_cert_token_pos =
smartlist_pos(tokens, ed_cert_tok);
651 if (ed_cert_token_pos == -1 || router_token_pos == -1 ||
652 (ed_cert_token_pos != router_token_pos + 1 &&
653 ed_cert_token_pos != router_token_pos - 1)) {
654 log_warn(
LD_DIR,
"Ed25519 certificate in wrong position");
657 if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
658 log_warn(
LD_DIR,
"Ed25519 signature in wrong position");
661 if (strcmp(ed_cert_tok->
object_type,
"ED25519 CERT")) {
662 log_warn(
LD_DIR,
"Wrong object type on identity-ed25519 "
666 if (strcmp(cc_ntor_tok->
object_type,
"ED25519 CERT")) {
667 log_warn(
LD_DIR,
"Wrong object type on ntor-onion-key-crosscert "
671 if (strcmp(cc_tap_tok->
object_type,
"CROSSCERT")) {
672 log_warn(
LD_DIR,
"Wrong object type on onion-key-crosscert "
676 if (strcmp(cc_ntor_tok->
args[0],
"0") &&
677 strcmp(cc_ntor_tok->
args[0],
"1")) {
678 log_warn(
LD_DIR,
"Bad sign bit on ntor-onion-key-crosscert");
681 int ntor_cc_sign_bit = !strcmp(cc_ntor_tok->
args[0],
"1");
684 const char *signed_start, *signed_end;
689 log_warn(
LD_DIR,
"Couldn't parse ed25519 cert");
695 if (cert->
cert_type != CERT_TYPE_ID_SIGNING ||
697 log_warn(
LD_DIR,
"Invalid form for ed25519 cert");
701 if (master_key_tok) {
707 log_warn(
LD_DIR,
"Can't parse ed25519 master key");
713 log_warn(
LD_DIR,
"Ed25519 master key does not match "
714 "key in certificate");
721 log_warn(
LD_DIR,
"Couldn't parse ntor-onion-key-crosscert cert");
724 if (ntor_cc_cert->
cert_type != CERT_TYPE_ONION_ID ||
726 log_warn(
LD_DIR,
"Invalid contents for ntor-onion-key-crosscert cert");
733 ntor_cc_sign_bit)<0) {
734 log_warn(
LD_DIR,
"Error converting onion key to ed25519");
739 "\nrouter-sig-ed25519",
741 &signed_start, &signed_end) < 0) {
742 log_warn(
LD_DIR,
"Can't find ed25519-signed portion of descriptor");
747 strlen(ED_DESC_SIGNATURE_PREFIX));
754 time_t expires = TIME_MAX;
756 log_err(
LD_BUG,
"Couldn't create 'checkable' for cert.");
760 ntor_cc_cert, &ntor_cc_pk, &expires) < 0) {
761 log_err(
LD_BUG,
"Couldn't create 'checkable' for ntor_cc_cert.");
766 ed_sig_tok->
args[0])<0) {
767 log_warn(
LD_DIR,
"Couldn't decode ed25519 signature");
775 log_warn(
LD_DIR,
"Incorrect ed25519 signature(s)");
779 rsa_pubkey = router_get_rsa_onion_pkey(router->
onion_pkey,
787 log_warn(
LD_DIR,
"Incorrect TAP cross-verification");
803 log_warn(
LD_DIR,
"Couldn't decode router fingerprint %s",
808 log_warn(
LD_DIR,
"Fingerprint '%s' does not match identity digest.",
815 const char *version = NULL, *protocols = NULL;
818 version = tok->
args[0];
823 protocols = tok->
args[0];
835 log_warn(
LD_DIR,
"Rejecting router with reject6/accept6 line: they crash "
843 &router->ipv6_orport);
844 smartlist_free(or_addresses);
848 if (!smartlist_len(exit_policy_tokens)) {
849 log_warn(
LD_DIR,
"No exit policy tokens in descriptor.");
854 log_warn(
LD_DIR,
"Error in exit policy");
875 for (i=0;i<tok->
n_args;++i) {
877 log_warn(
LD_DIR,
"Illegal nickname %s in family line",
896 log_warn(
LD_DIR,
"Invalid extra info digest");
905 log_warn(
LD_DIR,
"Invalid extra info digest256 %s",
918 router->ipv4_dirport > 0) {
922 tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
924 if (!router->ipv4_orport) {
925 log_warn(
LD_DIR,
"or_port unreadable or 0. Failing.");
932 "router descriptor") < 0)
936 router->
platform = tor_strdup(
"<unknown>");
942 routerinfo_free(router);
945 crypto_pk_free(rsa_pubkey);
946 tor_cert_free(ntor_cc_cert);
949 smartlist_free(tokens);
951 smartlist_free(exit_policy_tokens);
953 DUMP_AREA(area,
"routerinfo");
956 if (can_dl_again_out)
957 *can_dl_again_out = can_dl_again;
974 int cache_copy,
struct digest_ri_map_t *routermap,
975 int *can_dl_again_out)
984 const char *s_dup = s;
987 int can_dl_again = 0;
997 while (end > s+2 && *(end-1) ==
'\n' && *(end-2) ==
'\n')
1000 if (!tor_memstr(s, end-s,
"\nidentity-ed25519")) {
1001 log_debug(
LD_DIR,
"Found an obsolete extrainfo. Rejecting quietly.");
1006 log_warn(
LD_DIR,
"Couldn't compute router hash.");
1012 log_warn(
LD_DIR,
"Error tokenizing extra-info document.");
1016 if (smartlist_len(tokens) < 2) {
1017 log_warn(
LD_DIR,
"Impossibly short extra-info document.");
1022 tok = smartlist_get(tokens,0);
1023 if (tok->
tp != K_EXTRA_INFO) {
1024 log_warn(
LD_DIR,
"Entry does not start with \"extra-info\"");
1029 extrainfo->cache_info.is_extrainfo = 1;
1045 log_warn(
LD_DIR,
"Invalid fingerprint %s on \"extra-info\"",
1050 tok = find_by_keyword(tokens, K_PUBLISHED);
1052 log_warn(
LD_DIR,
"Invalid published time %s on \"extra-info\"",
1061 int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok;
1062 if (n_ed_toks != 0 && n_ed_toks != 2) {
1063 log_warn(
LD_DIR,
"Router descriptor with only partial ed25519/"
1064 "cross-certification support");
1069 const int ed_cert_token_pos =
smartlist_pos(tokens, ed_cert_tok);
1070 if (ed_cert_token_pos != 1) {
1072 log_warn(
LD_DIR,
"Ed25519 certificate in wrong position");
1075 if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
1076 log_warn(
LD_DIR,
"Ed25519 signature in wrong position");
1079 if (strcmp(ed_cert_tok->
object_type,
"ED25519 CERT")) {
1080 log_warn(
LD_DIR,
"Wrong object type on identity-ed25519 "
1086 const char *signed_start, *signed_end;
1091 log_warn(
LD_DIR,
"Couldn't parse ed25519 cert");
1097 if (cert->
cert_type != CERT_TYPE_ID_SIGNING ||
1099 log_warn(
LD_DIR,
"Invalid form for ed25519 cert");
1104 "\nrouter-sig-ed25519",
1106 &signed_start, &signed_end) < 0) {
1107 log_warn(
LD_DIR,
"Can't find ed25519-signed portion of extrainfo");
1112 strlen(ED_DESC_SIGNATURE_PREFIX));
1120 log_err(
LD_BUG,
"Couldn't create 'checkable' for cert.");
1125 ed_sig_tok->
args[0])<0) {
1126 log_warn(
LD_DIR,
"Couldn't decode ed25519 signature");
1130 check[1].msg = d256;
1134 log_warn(
LD_DIR,
"Incorrect ed25519 signature(s)");
1146 (router = digestmap_get((digestmap_t*)routermap,
1151 tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
1154 log_warn(
LD_DIR,
"Bad object type or length on extra-info signature");
1164 extrainfo->cache_info.send_unencrypted =
1165 router->cache_info.send_unencrypted;
1174 dump_desc(s_dup,
"extra-info descriptor");
1175 extrainfo_free(extrainfo);
1180 smartlist_free(tokens);
1183 DUMP_AREA(area,
"extrainfo");
1186 if (can_dl_again_out)
1187 *can_dl_again_out = can_dl_again;
1208 if (((tok->
tp == K_ACCEPT6 || tok->
tp == K_REJECT6) &&
1211 ((tok->
tp == K_ACCEPT || tok->
tp == K_REJECT) &&
1215 log_warn(
LD_DIR,
"Mismatch between field type and address type in exit "
1216 "policy '%s'. Discarding entire router descriptor.",
1218 addr_policy_free(newe);
1235 if (t->tp == K_ACCEPT || t->tp == K_ACCEPT6 ||
1236 t->tp == K_REJECT || t->tp == K_REJECT6)
Address policy structures.
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
int tor_addr_parse_mask_ports(const char *s, unsigned flags, tor_addr_t *addr_out, maskbits_t *maskbits_out, uint16_t *port_min_out, uint16_t *port_max_out)
static sa_family_t tor_addr_family(const tor_addr_t *a)
#define tor_addr_from_in(dest, in)
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
const or_options_t * get_options(void)
Header file for config.c.
Header for crypto_curve25519.c.
int curve25519_public_from_base64(curve25519_public_key_t *pkey, const char *input)
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
#define crypto_digest_free(d)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
int ed25519_checksig_batch(int *okay_out, const ed25519_checkable_t *checkable, int n_checkable)
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Header for crypto_ed25519.c.
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
int crypto_pk_public_exponent_ok(const crypto_pk_t *env)
const char * router_describe(const routerinfo_t *ri)
Header file for describe.c.
#define tor_memneq(a, b, sz)
#define fast_memneq(a, b, c)
const char * escaped(const char *s)
int tor_inet_aton(const char *str, struct in_addr *addr)
memarea_t * memarea_new(void)
#define memarea_drop_all(area)
int is_legal_nickname(const char *s)
int is_legal_nickname_or_hexdigest(const char *s)
Header file for nickname.c.
Master header file for Tor-specific functionality.
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
void token_clear(directory_token_t *tok)
int tokenize_string(memarea_t *area, const char *start, const char *end, smartlist_t *out, const token_rule_t *table, int flags)
directory_token_t * find_opt_by_keyword(const smartlist_t *s, directory_keyword keyword)
smartlist_t * find_all_by_keyword(const smartlist_t *s, directory_keyword k)
Header file for parsecommon.c.
#define T1_END(s, t, a, o)
#define T1_START(s, t, a, o)
void policy_expand_private(smartlist_t **policy)
short_policy_t * parse_short_policy(const char *summary)
int policy_is_reject_star(const smartlist_t *policy, sa_family_t family, int default_reject)
int short_policy_is_reject_star(const short_policy_t *policy)
Header file for policies.c.
addr_policy_t * router_parse_addr_policy(directory_token_t *tok, unsigned fmt_flags)
Header file for policy_parse.c.
Header file for router.c.
uint8_t router_purpose_from_string(const char *s)
const char * router_purpose_to_string(uint8_t p)
Header file for routerinfo.c.
Router descriptor structure.
#define ROUTER_PURPOSE_UNKNOWN
#define ROUTER_PURPOSE_GENERAL
routerlist_t * router_get_routerlist(void)
Header file for routerlist.c.
Router descriptor list structure.
int router_parse_list_from_string(const char **s, const char *eos, smartlist_t *dest, saved_location_t saved_location, int want_extrainfo, int allow_annotations, const char *prepend_annotations, smartlist_t *invalid_digests_out)
int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest)
static smartlist_t * find_all_exitpolicy(smartlist_t *s)
extrainfo_t * extrainfo_parse_entry_from_string(const char *s, const char *end, int cache_copy, struct digest_ri_map_t *routermap, int *can_dl_again_out)
static int find_start_of_next_router_or_extrainfo(const char **s_ptr, const char *eos, int *is_extrainfo_out)
routerinfo_t * router_parse_entry_from_string(const char *s, const char *end, int cache_copy, int allow_annotations, const char *prepend_annotations, int *can_dl_again_out)
int router_get_router_hash(const char *s, size_t s_len, char *digest)
void routerparse_free_all(void)
void routerparse_init(void)
int find_single_ipv6_orport(const smartlist_t *list, tor_addr_t *addr_out, uint16_t *port_out)
const token_rule_t routerdesc_token_table[]
static int router_add_exit_policy(routerinfo_t *router, directory_token_t *tok)
static token_rule_t extrainfo_token_table[]
Header file for routerparse.c.
int sandbox_is_active(void)
Header file for sandbox.c.
int check_signature_token(const char *digest, ssize_t digest_len, directory_token_t *tok, crypto_pk_t *pkey, int flags, const char *doctype)
int router_get_hash_impl_helper(const char *s, size_t s_len, const char *start_str, const char *end_str, char end_c, int log_severity, const char **start_out, const char **end_out)
int router_get_hash_impl(const char *s, size_t s_len, char *digest, const char *start_str, const char *end_str, char end_c, digest_algorithm_t alg)
Header file for sigcommon.c.
int smartlist_pos(const smartlist_t *sl, const void *element)
smartlist_t * smartlist_new(void)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
unsigned int allow_single_hop_exits
unsigned int caches_extra_info
protover_summary_flags_t pv
smartlist_t * exit_policy
smartlist_t * declared_family
crypto_pk_t * identity_pkey
struct curve25519_public_key_t * onion_curve25519_pkey
unsigned int wants_to_be_hs_dir
unsigned int is_hibernating
unsigned int policy_is_reject_star
unsigned int supports_tunnelled_dir_requests
uint32_t bandwidthcapacity
time_t cert_expiration_time
struct short_policy_t * ipv6_exit_policy
struct digest_ri_map_t * identity_map
char signed_descriptor_digest[DIGEST_LEN]
char extra_info_digest[DIGEST_LEN]
char identity_digest[DIGEST_LEN]
struct tor_cert_st * signing_key_cert
char * signed_descriptor_body
char extra_info_digest256[DIGEST256_LEN]
size_t signed_descriptor_len
saved_location_t saved_location
ed25519_public_key_t signing_key
ed25519_public_key_t signed_key
unsigned signing_key_included
int parse_iso_time(const char *cp, time_t *t)
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out, const tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t *expiration_out)
int check_tap_onion_key_crosscert(const uint8_t *crosscert, int crosscert_len, const crypto_pk_t *onion_pkey, const ed25519_public_key_t *master_id_pkey, const uint8_t *rsa_id_digest)
void dump_desc_fifo_cleanup(void)
void dump_desc(const char *desc, const char *type)
void dump_desc_init(void)
Header file for unparseable.c.
int strcmpstart(const char *s1, const char *s2)
const char * eat_whitespace_eos(const char *s, const char *eos)
void tor_strstrip(char *s, const char *strip)
void summarize_protover_flags(protover_summary_flags_t *out, const char *protocols, const char *version)
Header file for versions.c.
#define ED25519_PUBKEY_LEN