Tor  0.4.5.0-alpha-dev
routerparse.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file routerparse.c
9  * \brief Code to parse and validate router descriptors, consenus directories,
10  * and similar objects.
11  *
12  * The objects parsed by this module use a common text-based metaformat,
13  * documented in dir-spec.txt in torspec.git. This module is itself divided
14  * into two major kinds of function: code to handle the metaformat, and code
15  * to convert from particular instances of the metaformat into the
16  * objects that Tor uses.
17  *
18  * The generic parsing code works by calling a table-based tokenizer on the
19  * input string. Each token corresponds to a single line with a token, plus
20  * optional arguments on that line, plus an optional base-64 encoded object
21  * after that line. Each token has a definition in a table of token_rule_t
22  * entries that describes how many arguments it can take, whether it takes an
23  * object, how many times it may appear, whether it must appear first, and so
24  * on.
25  *
26  * The tokenizer function tokenize_string() converts its string input into a
27  * smartlist full of instances of directory_token_t, according to a provided
28  * table of token_rule_t.
29  *
30  * The generic parts of this module additionally include functions for
31  * finding the start and end of signed information inside a signed object, and
32  * computing the digest that will be signed.
33  *
34  * There are also functions for saving objects to disk that have caused
35  * parsing to fail.
36  *
37  * The specific parts of this module describe conversions between
38  * particular lists of directory_token_t and particular objects. The
39  * kinds of objects that can be parsed here are:
40  * <ul>
41  * <li>router descriptors (managed from routerlist.c)
42  * <li>extra-info documents (managed from routerlist.c)
43  * <li>microdescriptors (managed from microdesc.c)
44  * <li>vote and consensus networkstatus documents, and the routerstatus_t
45  * objects that they comprise (managed from networkstatus.c)
46  * <li>detached-signature objects used by authorities for gathering
47  * signatures on the networkstatus consensus (managed from dirvote.c)
48  * <li>authority key certificates (managed from routerlist.c)
49  * <li>hidden service descriptors (managed from rendcommon.c and rendcache.c)
50  * </ul>
51  **/
52 
53 #define ROUTERDESC_TOKEN_TABLE_PRIVATE
54 
55 #include "core/or/or.h"
56 #include "app/config/config.h"
57 #include "core/or/policies.h"
58 #include "core/or/versions.h"
69 #include "feature/relay/router.h"
73 #include "lib/memarea/memarea.h"
74 #include "lib/sandbox/sandbox.h"
75 
76 #include "core/or/addr_policy_st.h"
80 
81 /****************************************************************************/
82 
83 /** List of tokens recognized in router descriptors */
84 // clang-format off
86  T0N("reject", K_REJECT, ARGS, NO_OBJ ),
87  T0N("accept", K_ACCEPT, ARGS, NO_OBJ ),
88  T0N("reject6", K_REJECT6, ARGS, NO_OBJ ),
89  T0N("accept6", K_ACCEPT6, ARGS, NO_OBJ ),
90  T1_START( "router", K_ROUTER, GE(5), NO_OBJ ),
91  T01("ipv6-policy", K_IPV6_POLICY, CONCAT_ARGS, NO_OBJ),
92  T1( "signing-key", K_SIGNING_KEY, NO_ARGS, NEED_KEY_1024 ),
93  T1( "onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024 ),
94  T01("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
95  T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
96  T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
97  T01("uptime", K_UPTIME, GE(1), NO_OBJ ),
98  T01("fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
99  T01("hibernating", K_HIBERNATING, GE(1), NO_OBJ ),
100  T01("platform", K_PLATFORM, CONCAT_ARGS, NO_OBJ ),
101  T01("proto", K_PROTO, CONCAT_ARGS, NO_OBJ ),
102  T01("contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
103  T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
104  T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
105  T01("extra-info-digest", K_EXTRA_INFO_DIGEST, GE(1), NO_OBJ ),
106  T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR, NO_ARGS, NO_OBJ ),
107  T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
108  T01("master-key-ed25519", K_MASTER_KEY_ED25519, GE(1), NO_OBJ ),
109  T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
110  T01("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),
111  T01("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT,
112  EQ(1), NEED_OBJ ),
113 
114  T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS, NO_ARGS, NO_OBJ ),
115 
116  T01("family", K_FAMILY, ARGS, NO_OBJ ),
117  T01("caches-extra-info", K_CACHES_EXTRA_INFO, NO_ARGS, NO_OBJ ),
118  T0N("or-address", K_OR_ADDRESS, GE(1), NO_OBJ ),
119 
120  T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
121  T1( "bandwidth", K_BANDWIDTH, GE(3), NO_OBJ ),
122  A01("@purpose", A_PURPOSE, GE(1), NO_OBJ ),
123  T01("tunnelled-dir-server",K_DIR_TUNNELLED, NO_ARGS, NO_OBJ ),
124 
126 };
127 // clang-format on
128 
129 /** List of tokens recognized in extra-info documents. */
130 // clang-format off
132  T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
133  T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
134  T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
135  T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
136  T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
137  T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
138  T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
139  T01("dirreq-stats-end", K_DIRREQ_END, ARGS, NO_OBJ ),
140  T01("dirreq-v2-ips", K_DIRREQ_V2_IPS, ARGS, NO_OBJ ),
141  T01("dirreq-v3-ips", K_DIRREQ_V3_IPS, ARGS, NO_OBJ ),
142  T01("dirreq-v2-reqs", K_DIRREQ_V2_REQS, ARGS, NO_OBJ ),
143  T01("dirreq-v3-reqs", K_DIRREQ_V3_REQS, ARGS, NO_OBJ ),
144  T01("dirreq-v2-share", K_DIRREQ_V2_SHARE, ARGS, NO_OBJ ),
145  T01("dirreq-v3-share", K_DIRREQ_V3_SHARE, ARGS, NO_OBJ ),
146  T01("dirreq-v2-resp", K_DIRREQ_V2_RESP, ARGS, NO_OBJ ),
147  T01("dirreq-v3-resp", K_DIRREQ_V3_RESP, ARGS, NO_OBJ ),
148  T01("dirreq-v2-direct-dl", K_DIRREQ_V2_DIR, ARGS, NO_OBJ ),
149  T01("dirreq-v3-direct-dl", K_DIRREQ_V3_DIR, ARGS, NO_OBJ ),
150  T01("dirreq-v2-tunneled-dl", K_DIRREQ_V2_TUN, ARGS, NO_OBJ ),
151  T01("dirreq-v3-tunneled-dl", K_DIRREQ_V3_TUN, ARGS, NO_OBJ ),
152  T01("entry-stats-end", K_ENTRY_END, ARGS, NO_OBJ ),
153  T01("entry-ips", K_ENTRY_IPS, ARGS, NO_OBJ ),
154  T01("cell-stats-end", K_CELL_END, ARGS, NO_OBJ ),
155  T01("cell-processed-cells", K_CELL_PROCESSED, ARGS, NO_OBJ ),
156  T01("cell-queued-cells", K_CELL_QUEUED, ARGS, NO_OBJ ),
157  T01("cell-time-in-queue", K_CELL_TIME, ARGS, NO_OBJ ),
158  T01("cell-circuits-per-decile", K_CELL_CIRCS, ARGS, NO_OBJ ),
159  T01("exit-stats-end", K_EXIT_END, ARGS, NO_OBJ ),
160  T01("exit-kibibytes-written", K_EXIT_WRITTEN, ARGS, NO_OBJ ),
161  T01("exit-kibibytes-read", K_EXIT_READ, ARGS, NO_OBJ ),
162  T01("exit-streams-opened", K_EXIT_OPENED, ARGS, NO_OBJ ),
163 
164  T1_START( "extra-info", K_EXTRA_INFO, GE(2), NO_OBJ ),
165 
167 };
168 // clang-format on
169 
170 #undef T
171 
172 /* static function prototypes */
173 static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok);
175 
176 /** Set <b>digest</b> to the SHA-1 digest of the hash of the first router in
177  * <b>s</b>. Return 0 on success, -1 on failure.
178  */
179 int
180 router_get_router_hash(const char *s, size_t s_len, char *digest)
181 {
182  return router_get_hash_impl(s, s_len, digest,
183  "router ","\nrouter-signature", '\n',
184  DIGEST_SHA1);
185 }
186 
187 /** Set <b>digest</b> to the SHA-1 digest of the hash of the <b>s_len</b>-byte
188  * extrainfo string at <b>s</b>. Return 0 on success, -1 on failure. */
189 int
190 router_get_extrainfo_hash(const char *s, size_t s_len, char *digest)
191 {
192  return router_get_hash_impl(s, s_len, digest, "extra-info",
193  "\nrouter-signature",'\n', DIGEST_SHA1);
194 }
195 
196 /** Helper: move *<b>s_ptr</b> ahead to the next router, the next extra-info,
197  * or to the first of the annotations proceeding the next router or
198  * extra-info---whichever comes first. Set <b>is_extrainfo_out</b> to true if
199  * we found an extrainfo, or false if found a router. Do not scan beyond
200  * <b>eos</b>. Return -1 if we found nothing; 0 if we found something. */
201 static int
203  const char *eos,
204  int *is_extrainfo_out)
205 {
206  const char *annotations = NULL;
207  const char *s = *s_ptr;
208 
209  s = eat_whitespace_eos(s, eos);
210 
211  while (s < eos-32) { /* 32 gives enough room for a the first keyword. */
212  /* We're at the start of a line. */
213  tor_assert(*s != '\n');
214 
215  if (*s == '@' && !annotations) {
216  annotations = s;
217  } else if (*s == 'r' && !strcmpstart(s, "router ")) {
218  *s_ptr = annotations ? annotations : s;
219  *is_extrainfo_out = 0;
220  return 0;
221  } else if (*s == 'e' && !strcmpstart(s, "extra-info ")) {
222  *s_ptr = annotations ? annotations : s;
223  *is_extrainfo_out = 1;
224  return 0;
225  }
226 
227  if (!(s = memchr(s+1, '\n', eos-(s+1))))
228  break;
229  s = eat_whitespace_eos(s, eos);
230  }
231  return -1;
232 }
233 
234 /** Given a string *<b>s</b> containing a concatenated sequence of router
235  * descriptors (or extra-info documents if <b>want_extrainfo</b> is set),
236  * parses them and stores the result in <b>dest</b>. All routers are marked
237  * running and valid. Advances *s to a point immediately following the last
238  * router entry. Ignore any trailing router entries that are not complete.
239  *
240  * If <b>saved_location</b> isn't SAVED_IN_CACHE, make a local copy of each
241  * descriptor in the signed_descriptor_body field of each routerinfo_t. If it
242  * isn't SAVED_NOWHERE, remember the offset of each descriptor.
243  *
244  * Returns 0 on success and -1 on failure. Adds a digest to
245  * <b>invalid_digests_out</b> for every entry that was unparseable or
246  * invalid. (This may cause duplicate entries.)
247  */
248 int
249 router_parse_list_from_string(const char **s, const char *eos,
250  smartlist_t *dest,
251  saved_location_t saved_location,
252  int want_extrainfo,
253  int allow_annotations,
254  const char *prepend_annotations,
255  smartlist_t *invalid_digests_out)
256 {
257  routerinfo_t *router;
258  extrainfo_t *extrainfo;
259  signed_descriptor_t *signed_desc = NULL;
260  void *elt;
261  const char *end, *start;
262  int have_extrainfo;
263 
264  tor_assert(s);
265  tor_assert(*s);
266  tor_assert(dest);
267 
268  start = *s;
269  if (!eos)
270  eos = *s + strlen(*s);
271 
272  tor_assert(eos >= *s);
273 
274  while (1) {
275  char raw_digest[DIGEST_LEN];
276  int have_raw_digest = 0;
277  int dl_again = 0;
278  if (find_start_of_next_router_or_extrainfo(s, eos, &have_extrainfo) < 0)
279  break;
280 
281  end = tor_memstr(*s, eos-*s, "\nrouter-signature");
282  if (end)
283  end = tor_memstr(end, eos-end, "\n-----END SIGNATURE-----\n");
284  if (end)
285  end += strlen("\n-----END SIGNATURE-----\n");
286 
287  if (!end)
288  break;
289 
290  elt = NULL;
291 
292  if (have_extrainfo && want_extrainfo) {
294  have_raw_digest = router_get_extrainfo_hash(*s, end-*s, raw_digest) == 0;
295  extrainfo = extrainfo_parse_entry_from_string(*s, end,
296  saved_location != SAVED_IN_CACHE,
297  rl->identity_map, &dl_again);
298  if (extrainfo) {
299  signed_desc = &extrainfo->cache_info;
300  elt = extrainfo;
301  }
302  } else if (!have_extrainfo && !want_extrainfo) {
303  have_raw_digest = router_get_router_hash(*s, end-*s, raw_digest) == 0;
304  router = router_parse_entry_from_string(*s, end,
305  saved_location != SAVED_IN_CACHE,
306  allow_annotations,
307  prepend_annotations, &dl_again);
308  if (router) {
309  log_debug(LD_DIR, "Read router '%s', purpose '%s'",
310  router_describe(router),
312  signed_desc = &router->cache_info;
313  elt = router;
314  }
315  }
316  if (! elt && ! dl_again && have_raw_digest && invalid_digests_out) {
317  smartlist_add(invalid_digests_out, tor_memdup(raw_digest, DIGEST_LEN));
318  }
319  if (!elt) {
320  *s = end;
321  continue;
322  }
323  if (saved_location != SAVED_NOWHERE) {
324  tor_assert(signed_desc);
325  signed_desc->saved_location = saved_location;
326  signed_desc->saved_offset = *s - start;
327  }
328  *s = end;
329  smartlist_add(dest, elt);
330  }
331 
332  return 0;
333 }
334 
335 /** Try to find an IPv6 OR port in <b>list</b> of directory_token_t's
336  * with at least one argument (use GE(1) in setup). If found, store
337  * address and port number to <b>addr_out</b> and
338  * <b>port_out</b>. Return number of OR ports found. */
339 int
341  tor_addr_t *addr_out,
342  uint16_t *port_out)
343 {
344  int ret = 0;
345  tor_assert(list != NULL);
346  tor_assert(addr_out != NULL);
347  tor_assert(port_out != NULL);
348 
350  tor_addr_t a;
351  maskbits_t bits;
352  uint16_t port_min, port_max;
353  tor_assert(t->n_args >= 1);
354  /* XXXX Prop186 the full spec allows much more than this. */
355  if (tor_addr_parse_mask_ports(t->args[0], 0,
356  &a, &bits, &port_min,
357  &port_max) == AF_INET6 &&
358  bits == 128 &&
359  port_min == port_max) {
360  /* Okay, this is one we can understand. Use it and ignore
361  any potential more addresses in list. */
362  tor_addr_copy(addr_out, &a);
363  *port_out = port_min;
364  ret = 1;
365  break;
366  }
367  } SMARTLIST_FOREACH_END(t);
368 
369  return ret;
370 }
371 
372 /** Helper function: reads a single router entry from *<b>s</b> ...
373  * *<b>end</b>. Mallocs a new router and returns it if all goes well, else
374  * returns NULL. If <b>cache_copy</b> is true, duplicate the contents of
375  * s through end into the signed_descriptor_body of the resulting
376  * routerinfo_t.
377  *
378  * If <b>end</b> is NULL, <b>s</b> must be properly NUL-terminated.
379  *
380  * If <b>allow_annotations</b>, it's okay to encounter annotations in <b>s</b>
381  * before the router; if it's false, reject the router if it's annotated. If
382  * <b>prepend_annotations</b> is set, it should contain some annotations:
383  * append them to the front of the router before parsing it, and keep them
384  * around when caching the router.
385  *
386  * Only one of allow_annotations and prepend_annotations may be set.
387  *
388  * If <b>can_dl_again_out</b> is provided, set *<b>can_dl_again_out</b> to 1
389  * if it's okay to try to download a descriptor with this same digest again,
390  * and 0 if it isn't. (It might not be okay to download it again if part of
391  * the part covered by the digest is invalid.)
392  */
393 routerinfo_t *
394 router_parse_entry_from_string(const char *s, const char *end,
395  int cache_copy, int allow_annotations,
396  const char *prepend_annotations,
397  int *can_dl_again_out)
398 {
399  routerinfo_t *router = NULL;
400  char digest[128];
401  smartlist_t *tokens = NULL, *exit_policy_tokens = NULL;
402  directory_token_t *tok;
403  struct in_addr in;
404  const char *start_of_annotations, *cp, *s_dup = s;
405  size_t prepend_len = prepend_annotations ? strlen(prepend_annotations) : 0;
406  int ok = 1;
407  memarea_t *area = NULL;
408  tor_cert_t *ntor_cc_cert = NULL;
409  /* Do not set this to '1' until we have parsed everything that we intend to
410  * parse that's covered by the hash. */
411  int can_dl_again = 0;
412  crypto_pk_t *rsa_pubkey = NULL;
413 
414  tor_assert(!allow_annotations || !prepend_annotations);
415 
416  if (!end) {
417  end = s + strlen(s);
418  }
419 
420  /* point 'end' to a point immediately after the final newline. */
421  while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
422  --end;
423 
424  area = memarea_new();
425  tokens = smartlist_new();
426  if (prepend_annotations) {
427  if (tokenize_string(area,prepend_annotations,NULL,tokens,
428  routerdesc_token_table,TS_NOCHECK)) {
429  log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
430  goto err;
431  }
432  }
433 
434  start_of_annotations = s;
435  cp = tor_memstr(s, end-s, "\nrouter ");
436  if (!cp) {
437  if (end-s < 7 || strcmpstart(s, "router ")) {
438  log_warn(LD_DIR, "No router keyword found.");
439  goto err;
440  }
441  } else {
442  s = cp+1;
443  }
444 
445  if (start_of_annotations != s) { /* We have annotations */
446  if (allow_annotations) {
447  if (tokenize_string(area,start_of_annotations,s,tokens,
448  routerdesc_token_table,TS_NOCHECK)) {
449  log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
450  goto err;
451  }
452  } else {
453  log_warn(LD_DIR, "Found unexpected annotations on router descriptor not "
454  "loaded from disk. Dropping it.");
455  goto err;
456  }
457  }
458 
459  if (router_get_router_hash(s, end - s, digest) < 0) {
460  log_warn(LD_DIR, "Couldn't compute router hash.");
461  goto err;
462  }
463  {
464  int flags = 0;
465  if (allow_annotations)
466  flags |= TS_ANNOTATIONS_OK;
467  if (prepend_annotations)
468  flags |= TS_ANNOTATIONS_OK|TS_NO_NEW_ANNOTATIONS;
469 
470  if (tokenize_string(area,s,end,tokens,routerdesc_token_table, flags)) {
471  log_warn(LD_DIR, "Error tokenizing router descriptor.");
472  goto err;
473  }
474  }
475 
476  if (smartlist_len(tokens) < 2) {
477  log_warn(LD_DIR, "Impossibly short router descriptor.");
478  goto err;
479  }
480 
481  tok = find_by_keyword(tokens, K_ROUTER);
482  const int router_token_pos = smartlist_pos(tokens, tok);
483  tor_assert(tok->n_args >= 5);
484 
485  router = tor_malloc_zero(sizeof(routerinfo_t));
486  router->cert_expiration_time = TIME_MAX;
487  router->cache_info.routerlist_index = -1;
488  router->cache_info.annotations_len = s-start_of_annotations + prepend_len;
489  router->cache_info.signed_descriptor_len = end-s;
490  if (cache_copy) {
491  size_t len = router->cache_info.signed_descriptor_len +
492  router->cache_info.annotations_len;
493  char *signed_body =
494  router->cache_info.signed_descriptor_body = tor_malloc(len+1);
495  if (prepend_annotations) {
496  memcpy(signed_body, prepend_annotations, prepend_len);
497  signed_body += prepend_len;
498  }
499  /* This assertion will always succeed.
500  * len == signed_desc_len + annotations_len
501  * == end-s + s-start_of_annotations + prepend_len
502  * == end-start_of_annotations + prepend_len
503  * We already wrote prepend_len bytes into the buffer; now we're
504  * writing end-start_of_annotations -NM. */
505  tor_assert(signed_body+(end-start_of_annotations) ==
506  router->cache_info.signed_descriptor_body+len);
507  memcpy(signed_body, start_of_annotations, end-start_of_annotations);
508  router->cache_info.signed_descriptor_body[len] = '\0';
509  tor_assert(strlen(router->cache_info.signed_descriptor_body) == len);
510  }
511  memcpy(router->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
512 
513  router->nickname = tor_strdup(tok->args[0]);
514  if (!is_legal_nickname(router->nickname)) {
515  log_warn(LD_DIR,"Router nickname is invalid");
516  goto err;
517  }
518  if (!tor_inet_aton(tok->args[1], &in)) {
519  log_warn(LD_DIR,"Router address is not an IP address.");
520  goto err;
521  }
522  tor_addr_from_in(&router->ipv4_addr, &in);
523 
524  router->ipv4_orport =
525  (uint16_t) tor_parse_long(tok->args[2],10,0,65535,&ok,NULL);
526  if (!ok) {
527  log_warn(LD_DIR,"Invalid OR port %s", escaped(tok->args[2]));
528  goto err;
529  }
530  router->ipv4_dirport =
531  (uint16_t) tor_parse_long(tok->args[4],10,0,65535,&ok,NULL);
532  if (!ok) {
533  log_warn(LD_DIR,"Invalid dir port %s", escaped(tok->args[4]));
534  goto err;
535  }
536 
537  tok = find_by_keyword(tokens, K_BANDWIDTH);
538  tor_assert(tok->n_args >= 3);
539  router->bandwidthrate = (int)
540  tor_parse_long(tok->args[0],10,1,INT_MAX,&ok,NULL);
541 
542  if (!ok) {
543  log_warn(LD_DIR, "bandwidthrate %s unreadable or 0. Failing.",
544  escaped(tok->args[0]));
545  goto err;
546  }
547  router->bandwidthburst =
548  (int) tor_parse_long(tok->args[1],10,0,INT_MAX,&ok,NULL);
549  if (!ok) {
550  log_warn(LD_DIR, "Invalid bandwidthburst %s", escaped(tok->args[1]));
551  goto err;
552  }
553  router->bandwidthcapacity = (int)
554  tor_parse_long(tok->args[2],10,0,INT_MAX,&ok,NULL);
555  if (!ok) {
556  log_warn(LD_DIR, "Invalid bandwidthcapacity %s", escaped(tok->args[1]));
557  goto err;
558  }
559 
560  if ((tok = find_opt_by_keyword(tokens, A_PURPOSE))) {
561  tor_assert(tok->n_args);
562  router->purpose = router_purpose_from_string(tok->args[0]);
563  if (router->purpose == ROUTER_PURPOSE_UNKNOWN) {
564  goto err;
565  }
566  } else {
568  }
569  router->cache_info.send_unencrypted =
570  (router->purpose == ROUTER_PURPOSE_GENERAL) ? 1 : 0;
571 
572  if ((tok = find_opt_by_keyword(tokens, K_UPTIME))) {
573  tor_assert(tok->n_args >= 1);
574  router->uptime = tor_parse_long(tok->args[0],10,0,LONG_MAX,&ok,NULL);
575  if (!ok) {
576  log_warn(LD_DIR, "Invalid uptime %s", escaped(tok->args[0]));
577  goto err;
578  }
579  }
580 
581  if ((tok = find_opt_by_keyword(tokens, K_HIBERNATING))) {
582  tor_assert(tok->n_args >= 1);
583  router->is_hibernating
584  = (tor_parse_long(tok->args[0],10,0,LONG_MAX,NULL,NULL) != 0);
585  }
586 
587  tok = find_by_keyword(tokens, K_PUBLISHED);
588  tor_assert(tok->n_args == 1);
589  if (parse_iso_time(tok->args[0], &router->cache_info.published_on) < 0)
590  goto err;
591 
592  tok = find_by_keyword(tokens, K_ONION_KEY);
593  if (!crypto_pk_public_exponent_ok(tok->key)) {
594  log_warn(LD_DIR,
595  "Relay's onion key had invalid exponent.");
596  goto err;
597  }
598  router->onion_pkey = tor_memdup(tok->object_body, tok->object_size);
599  router->onion_pkey_len = tok->object_size;
600  crypto_pk_free(tok->key);
601 
602  if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
604  tor_assert(tok->n_args >= 1);
605  if (curve25519_public_from_base64(&k, tok->args[0]) < 0) {
606  log_warn(LD_DIR, "Bogus ntor-onion-key in routerinfo");
607  goto err;
608  }
609  router->onion_curve25519_pkey =
610  tor_memdup(&k, sizeof(curve25519_public_key_t));
611  }
612 
613  tok = find_by_keyword(tokens, K_SIGNING_KEY);
614  router->identity_pkey = tok->key;
615  tok->key = NULL; /* Prevent free */
617  router->cache_info.identity_digest)) {
618  log_warn(LD_DIR, "Couldn't calculate key digest"); goto err;
619  }
620 
621  {
622  directory_token_t *ed_sig_tok, *ed_cert_tok, *cc_tap_tok, *cc_ntor_tok,
623  *master_key_tok;
624  ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
625  ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
626  master_key_tok = find_opt_by_keyword(tokens, K_MASTER_KEY_ED25519);
627  cc_tap_tok = find_opt_by_keyword(tokens, K_ONION_KEY_CROSSCERT);
628  cc_ntor_tok = find_opt_by_keyword(tokens, K_NTOR_ONION_KEY_CROSSCERT);
629  int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok +
630  !!cc_tap_tok + !!cc_ntor_tok;
631  if ((n_ed_toks != 0 && n_ed_toks != 4) ||
632  (n_ed_toks == 4 && !router->onion_curve25519_pkey)) {
633  log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
634  "cross-certification support");
635  goto err;
636  }
637  if (master_key_tok && !ed_sig_tok) {
638  log_warn(LD_DIR, "Router descriptor has ed25519 master key but no "
639  "certificate");
640  goto err;
641  }
642  if (ed_sig_tok) {
643  tor_assert(ed_cert_tok && cc_tap_tok && cc_ntor_tok);
644  const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
645  if (ed_cert_token_pos == -1 || router_token_pos == -1 ||
646  (ed_cert_token_pos != router_token_pos + 1 &&
647  ed_cert_token_pos != router_token_pos - 1)) {
648  log_warn(LD_DIR, "Ed25519 certificate in wrong position");
649  goto err;
650  }
651  if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
652  log_warn(LD_DIR, "Ed25519 signature in wrong position");
653  goto err;
654  }
655  if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
656  log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
657  goto err;
658  }
659  if (strcmp(cc_ntor_tok->object_type, "ED25519 CERT")) {
660  log_warn(LD_DIR, "Wrong object type on ntor-onion-key-crosscert "
661  "in decriptor");
662  goto err;
663  }
664  if (strcmp(cc_tap_tok->object_type, "CROSSCERT")) {
665  log_warn(LD_DIR, "Wrong object type on onion-key-crosscert "
666  "in decriptor");
667  goto err;
668  }
669  if (strcmp(cc_ntor_tok->args[0], "0") &&
670  strcmp(cc_ntor_tok->args[0], "1")) {
671  log_warn(LD_DIR, "Bad sign bit on ntor-onion-key-crosscert");
672  goto err;
673  }
674  int ntor_cc_sign_bit = !strcmp(cc_ntor_tok->args[0], "1");
675 
676  uint8_t d256[DIGEST256_LEN];
677  const char *signed_start, *signed_end;
678  tor_cert_t *cert = tor_cert_parse(
679  (const uint8_t*)ed_cert_tok->object_body,
680  ed_cert_tok->object_size);
681  if (! cert) {
682  log_warn(LD_DIR, "Couldn't parse ed25519 cert");
683  goto err;
684  }
685  /* makes sure it gets freed. */
686  router->cache_info.signing_key_cert = cert;
687 
688  if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
689  ! cert->signing_key_included) {
690  log_warn(LD_DIR, "Invalid form for ed25519 cert");
691  goto err;
692  }
693 
694  if (master_key_tok) {
695  /* This token is optional, but if it's present, it must match
696  * the signature in the signing cert, or supplant it. */
697  tor_assert(master_key_tok->n_args >= 1);
699  if (ed25519_public_from_base64(&pkey, master_key_tok->args[0])<0) {
700  log_warn(LD_DIR, "Can't parse ed25519 master key");
701  goto err;
702  }
703 
704  if (fast_memneq(&cert->signing_key.pubkey,
705  pkey.pubkey, ED25519_PUBKEY_LEN)) {
706  log_warn(LD_DIR, "Ed25519 master key does not match "
707  "key in certificate");
708  goto err;
709  }
710  }
711  ntor_cc_cert = tor_cert_parse((const uint8_t*)cc_ntor_tok->object_body,
712  cc_ntor_tok->object_size);
713  if (!ntor_cc_cert) {
714  log_warn(LD_DIR, "Couldn't parse ntor-onion-key-crosscert cert");
715  goto err;
716  }
717  if (ntor_cc_cert->cert_type != CERT_TYPE_ONION_ID ||
718  ! ed25519_pubkey_eq(&ntor_cc_cert->signed_key, &cert->signing_key)) {
719  log_warn(LD_DIR, "Invalid contents for ntor-onion-key-crosscert cert");
720  goto err;
721  }
722 
723  ed25519_public_key_t ntor_cc_pk;
725  router->onion_curve25519_pkey,
726  ntor_cc_sign_bit)<0) {
727  log_warn(LD_DIR, "Error converting onion key to ed25519");
728  goto err;
729  }
730 
731  if (router_get_hash_impl_helper(s, end-s, "router ",
732  "\nrouter-sig-ed25519",
733  ' ', LOG_WARN,
734  &signed_start, &signed_end) < 0) {
735  log_warn(LD_DIR, "Can't find ed25519-signed portion of descriptor");
736  goto err;
737  }
738  crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
739  crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
740  strlen(ED_DESC_SIGNATURE_PREFIX));
741  crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
742  crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
744 
745  ed25519_checkable_t check[3];
746  int check_ok[3];
747  time_t expires = TIME_MAX;
748  if (tor_cert_get_checkable_sig(&check[0], cert, NULL, &expires) < 0) {
749  log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
750  goto err;
751  }
752  if (tor_cert_get_checkable_sig(&check[1],
753  ntor_cc_cert, &ntor_cc_pk, &expires) < 0) {
754  log_err(LD_BUG, "Couldn't create 'checkable' for ntor_cc_cert.");
755  goto err;
756  }
757 
758  if (ed25519_signature_from_base64(&check[2].signature,
759  ed_sig_tok->args[0])<0) {
760  log_warn(LD_DIR, "Couldn't decode ed25519 signature");
761  goto err;
762  }
763  check[2].pubkey = &cert->signed_key;
764  check[2].msg = d256;
765  check[2].len = DIGEST256_LEN;
766 
767  if (ed25519_checksig_batch(check_ok, check, 3) < 0) {
768  log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
769  goto err;
770  }
771 
772  rsa_pubkey = router_get_rsa_onion_pkey(router->onion_pkey,
773  router->onion_pkey_len);
775  (const uint8_t*)cc_tap_tok->object_body,
776  (int)cc_tap_tok->object_size,
777  rsa_pubkey,
778  &cert->signing_key,
779  (const uint8_t*)router->cache_info.identity_digest)<0) {
780  log_warn(LD_DIR, "Incorrect TAP cross-verification");
781  goto err;
782  }
783 
784  /* We check this before adding it to the routerlist. */
785  router->cert_expiration_time = expires;
786  }
787  }
788 
789  if ((tok = find_opt_by_keyword(tokens, K_FINGERPRINT))) {
790  /* If there's a fingerprint line, it must match the identity digest. */
791  char d[DIGEST_LEN];
792  tor_assert(tok->n_args == 1);
793  tor_strstrip(tok->args[0], " ");
794  if (base16_decode(d, DIGEST_LEN,
795  tok->args[0], strlen(tok->args[0])) != DIGEST_LEN) {
796  log_warn(LD_DIR, "Couldn't decode router fingerprint %s",
797  escaped(tok->args[0]));
798  goto err;
799  }
800  if (tor_memneq(d,router->cache_info.identity_digest, DIGEST_LEN)) {
801  log_warn(LD_DIR, "Fingerprint '%s' does not match identity digest.",
802  tok->args[0]);
803  goto err;
804  }
805  }
806 
807  {
808  const char *version = NULL, *protocols = NULL;
809  if ((tok = find_opt_by_keyword(tokens, K_PLATFORM))) {
810  router->platform = tor_strdup(tok->args[0]);
811  version = tok->args[0];
812  }
813 
814  if ((tok = find_opt_by_keyword(tokens, K_PROTO))) {
815  router->protocol_list = tor_strdup(tok->args[0]);
816  protocols = tok->args[0];
817  }
818 
819  summarize_protover_flags(&router->pv, protocols, version);
820  }
821 
822  if ((tok = find_opt_by_keyword(tokens, K_CONTACT))) {
823  router->contact_info = tor_strdup(tok->args[0]);
824  }
825 
826  if (find_opt_by_keyword(tokens, K_REJECT6) ||
827  find_opt_by_keyword(tokens, K_ACCEPT6)) {
828  log_warn(LD_DIR, "Rejecting router with reject6/accept6 line: they crash "
829  "older Tors.");
830  goto err;
831  }
832  {
833  smartlist_t *or_addresses = find_all_by_keyword(tokens, K_OR_ADDRESS);
834  if (or_addresses) {
835  find_single_ipv6_orport(or_addresses, &router->ipv6_addr,
836  &router->ipv6_orport);
837  smartlist_free(or_addresses);
838  }
839  }
840  exit_policy_tokens = find_all_exitpolicy(tokens);
841  if (!smartlist_len(exit_policy_tokens)) {
842  log_warn(LD_DIR, "No exit policy tokens in descriptor.");
843  goto err;
844  }
845  SMARTLIST_FOREACH(exit_policy_tokens, directory_token_t *, t,
846  if (router_add_exit_policy(router,t)<0) {
847  log_warn(LD_DIR,"Error in exit policy");
848  goto err;
849  });
851 
852  if ((tok = find_opt_by_keyword(tokens, K_IPV6_POLICY)) && tok->n_args) {
853  router->ipv6_exit_policy = parse_short_policy(tok->args[0]);
854  if (! router->ipv6_exit_policy) {
855  log_warn(LD_DIR , "Error in ipv6-policy %s", escaped(tok->args[0]));
856  goto err;
857  }
858  }
859 
860  if (policy_is_reject_star(router->exit_policy, AF_INET, 1) &&
861  (!router->ipv6_exit_policy ||
863  router->policy_is_reject_star = 1;
864 
865  if ((tok = find_opt_by_keyword(tokens, K_FAMILY)) && tok->n_args) {
866  int i;
867  router->declared_family = smartlist_new();
868  for (i=0;i<tok->n_args;++i) {
869  if (!is_legal_nickname_or_hexdigest(tok->args[i])) {
870  log_warn(LD_DIR, "Illegal nickname %s in family line",
871  escaped(tok->args[i]));
872  goto err;
873  }
874  smartlist_add_strdup(router->declared_family, tok->args[i]);
875  }
876  }
877 
878  if (find_opt_by_keyword(tokens, K_CACHES_EXTRA_INFO))
879  router->caches_extra_info = 1;
880 
881  if (find_opt_by_keyword(tokens, K_ALLOW_SINGLE_HOP_EXITS))
882  router->allow_single_hop_exits = 1;
883 
884  if ((tok = find_opt_by_keyword(tokens, K_EXTRA_INFO_DIGEST))) {
885  tor_assert(tok->n_args >= 1);
886  if (strlen(tok->args[0]) == HEX_DIGEST_LEN) {
887  if (base16_decode(router->cache_info.extra_info_digest, DIGEST_LEN,
888  tok->args[0], HEX_DIGEST_LEN) != DIGEST_LEN) {
889  log_warn(LD_DIR,"Invalid extra info digest");
890  }
891  } else {
892  log_warn(LD_DIR, "Invalid extra info digest %s", escaped(tok->args[0]));
893  }
894 
895  if (tok->n_args >= 2) {
896  if (digest256_from_base64(router->cache_info.extra_info_digest256,
897  tok->args[1]) < 0) {
898  log_warn(LD_DIR, "Invalid extra info digest256 %s",
899  escaped(tok->args[1]));
900  }
901  }
902  }
903 
904  if (find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR)) {
905  router->wants_to_be_hs_dir = 1;
906  }
907 
908  /* This router accepts tunnelled directory requests via begindir if it has
909  * an open dirport or it included "tunnelled-dir-server". */
910  if (find_opt_by_keyword(tokens, K_DIR_TUNNELLED) ||
911  router->ipv4_dirport > 0) {
913  }
914 
915  tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
916 
917  if (!router->ipv4_orport) {
918  log_warn(LD_DIR,"or_port unreadable or 0. Failing.");
919  goto err;
920  }
921 
922  /* We've checked everything that's covered by the hash. */
923  can_dl_again = 1;
924  if (check_signature_token(digest, DIGEST_LEN, tok, router->identity_pkey, 0,
925  "router descriptor") < 0)
926  goto err;
927 
928  if (!router->platform) {
929  router->platform = tor_strdup("<unknown>");
930  }
931  goto done;
932 
933  err:
934  dump_desc(s_dup, "router descriptor");
935  routerinfo_free(router);
936  router = NULL;
937  done:
938  crypto_pk_free(rsa_pubkey);
939  tor_cert_free(ntor_cc_cert);
940  if (tokens) {
942  smartlist_free(tokens);
943  }
944  smartlist_free(exit_policy_tokens);
945  if (area) {
946  DUMP_AREA(area, "routerinfo");
947  memarea_drop_all(area);
948  }
949  if (can_dl_again_out)
950  *can_dl_again_out = can_dl_again;
951  return router;
952 }
953 
954 /** Parse a single extrainfo entry from the string <b>s</b>, ending at
955  * <b>end</b>. (If <b>end</b> is NULL, parse up to the end of <b>s</b>.) If
956  * <b>cache_copy</b> is true, make a copy of the extra-info document in the
957  * cache_info fields of the result. If <b>routermap</b> is provided, use it
958  * as a map from router identity to routerinfo_t when looking up signing keys.
959  *
960  * If <b>can_dl_again_out</b> is provided, set *<b>can_dl_again_out</b> to 1
961  * if it's okay to try to download an extrainfo with this same digest again,
962  * and 0 if it isn't. (It might not be okay to download it again if part of
963  * the part covered by the digest is invalid.)
964  */
965 extrainfo_t *
966 extrainfo_parse_entry_from_string(const char *s, const char *end,
967  int cache_copy, struct digest_ri_map_t *routermap,
968  int *can_dl_again_out)
969 {
970  extrainfo_t *extrainfo = NULL;
971  char digest[128];
972  smartlist_t *tokens = NULL;
973  directory_token_t *tok;
974  crypto_pk_t *key = NULL;
975  routerinfo_t *router = NULL;
976  memarea_t *area = NULL;
977  const char *s_dup = s;
978  /* Do not set this to '1' until we have parsed everything that we intend to
979  * parse that's covered by the hash. */
980  int can_dl_again = 0;
981 
982  if (BUG(s == NULL))
983  return NULL;
984 
985  if (!end) {
986  end = s + strlen(s);
987  }
988 
989  /* point 'end' to a point immediately after the final newline. */
990  while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
991  --end;
992 
993  if (router_get_extrainfo_hash(s, end-s, digest) < 0) {
994  log_warn(LD_DIR, "Couldn't compute router hash.");
995  goto err;
996  }
997  tokens = smartlist_new();
998  area = memarea_new();
999  if (tokenize_string(area,s,end,tokens,extrainfo_token_table,0)) {
1000  log_warn(LD_DIR, "Error tokenizing extra-info document.");
1001  goto err;
1002  }
1003 
1004  if (smartlist_len(tokens) < 2) {
1005  log_warn(LD_DIR, "Impossibly short extra-info document.");
1006  goto err;
1007  }
1008 
1009  /* XXXX Accept this in position 1 too, and ed identity in position 0. */
1010  tok = smartlist_get(tokens,0);
1011  if (tok->tp != K_EXTRA_INFO) {
1012  log_warn(LD_DIR,"Entry does not start with \"extra-info\"");
1013  goto err;
1014  }
1015 
1016  extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
1017  extrainfo->cache_info.is_extrainfo = 1;
1018  if (cache_copy)
1019  extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s,end-s);
1020  extrainfo->cache_info.signed_descriptor_len = end-s;
1021  memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
1022  crypto_digest256((char*)extrainfo->digest256, s, end-s, DIGEST_SHA256);
1023 
1024  tor_assert(tok->n_args >= 2);
1025  if (!is_legal_nickname(tok->args[0])) {
1026  log_warn(LD_DIR,"Bad nickname %s on \"extra-info\"",escaped(tok->args[0]));
1027  goto err;
1028  }
1029  strlcpy(extrainfo->nickname, tok->args[0], sizeof(extrainfo->nickname));
1030  if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
1031  base16_decode(extrainfo->cache_info.identity_digest, DIGEST_LEN,
1032  tok->args[1], HEX_DIGEST_LEN) != DIGEST_LEN) {
1033  log_warn(LD_DIR,"Invalid fingerprint %s on \"extra-info\"",
1034  escaped(tok->args[1]));
1035  goto err;
1036  }
1037 
1038  tok = find_by_keyword(tokens, K_PUBLISHED);
1039  if (parse_iso_time(tok->args[0], &extrainfo->cache_info.published_on)) {
1040  log_warn(LD_DIR,"Invalid published time %s on \"extra-info\"",
1041  escaped(tok->args[0]));
1042  goto err;
1043  }
1044 
1045  {
1046  directory_token_t *ed_sig_tok, *ed_cert_tok;
1047  ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
1048  ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
1049  int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok;
1050  if (n_ed_toks != 0 && n_ed_toks != 2) {
1051  log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
1052  "cross-certification support");
1053  goto err;
1054  }
1055  if (ed_sig_tok) {
1056  tor_assert(ed_cert_tok);
1057  const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
1058  if (ed_cert_token_pos != 1) {
1059  /* Accept this in position 0 XXXX */
1060  log_warn(LD_DIR, "Ed25519 certificate in wrong position");
1061  goto err;
1062  }
1063  if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
1064  log_warn(LD_DIR, "Ed25519 signature in wrong position");
1065  goto err;
1066  }
1067  if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
1068  log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
1069  goto err;
1070  }
1071 
1072  uint8_t d256[DIGEST256_LEN];
1073  const char *signed_start, *signed_end;
1074  tor_cert_t *cert = tor_cert_parse(
1075  (const uint8_t*)ed_cert_tok->object_body,
1076  ed_cert_tok->object_size);
1077  if (! cert) {
1078  log_warn(LD_DIR, "Couldn't parse ed25519 cert");
1079  goto err;
1080  }
1081  /* makes sure it gets freed. */
1082  extrainfo->cache_info.signing_key_cert = cert;
1083 
1084  if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
1085  ! cert->signing_key_included) {
1086  log_warn(LD_DIR, "Invalid form for ed25519 cert");
1087  goto err;
1088  }
1089 
1090  if (router_get_hash_impl_helper(s, end-s, "extra-info ",
1091  "\nrouter-sig-ed25519",
1092  ' ', LOG_WARN,
1093  &signed_start, &signed_end) < 0) {
1094  log_warn(LD_DIR, "Can't find ed25519-signed portion of extrainfo");
1095  goto err;
1096  }
1097  crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
1098  crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
1099  strlen(ED_DESC_SIGNATURE_PREFIX));
1100  crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
1101  crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
1102  crypto_digest_free(d);
1103 
1104  ed25519_checkable_t check[2];
1105  int check_ok[2];
1106  if (tor_cert_get_checkable_sig(&check[0], cert, NULL, NULL) < 0) {
1107  log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
1108  goto err;
1109  }
1110 
1111  if (ed25519_signature_from_base64(&check[1].signature,
1112  ed_sig_tok->args[0])<0) {
1113  log_warn(LD_DIR, "Couldn't decode ed25519 signature");
1114  goto err;
1115  }
1116  check[1].pubkey = &cert->signed_key;
1117  check[1].msg = d256;
1118  check[1].len = DIGEST256_LEN;
1119 
1120  if (ed25519_checksig_batch(check_ok, check, 2) < 0) {
1121  log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
1122  goto err;
1123  }
1124  /* We don't check the certificate expiration time: checking that it
1125  * matches the cert in the router descriptor is adequate. */
1126  }
1127  }
1128 
1129  /* We've checked everything that's covered by the hash. */
1130  can_dl_again = 1;
1131 
1132  if (routermap &&
1133  (router = digestmap_get((digestmap_t*)routermap,
1134  extrainfo->cache_info.identity_digest))) {
1135  key = router->identity_pkey;
1136  }
1137 
1138  tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
1139  if (strcmp(tok->object_type, "SIGNATURE") ||
1140  tok->object_size < 128 || tok->object_size > 512) {
1141  log_warn(LD_DIR, "Bad object type or length on extra-info signature");
1142  goto err;
1143  }
1144 
1145  if (key) {
1146  if (check_signature_token(digest, DIGEST_LEN, tok, key, 0,
1147  "extra-info") < 0)
1148  goto err;
1149 
1150  if (router)
1151  extrainfo->cache_info.send_unencrypted =
1152  router->cache_info.send_unencrypted;
1153  } else {
1154  extrainfo->pending_sig = tor_memdup(tok->object_body,
1155  tok->object_size);
1156  extrainfo->pending_sig_len = tok->object_size;
1157  }
1158 
1159  goto done;
1160  err:
1161  dump_desc(s_dup, "extra-info descriptor");
1162  extrainfo_free(extrainfo);
1163  extrainfo = NULL;
1164  done:
1165  if (tokens) {
1167  smartlist_free(tokens);
1168  }
1169  if (area) {
1170  DUMP_AREA(area, "extrainfo");
1171  memarea_drop_all(area);
1172  }
1173  if (can_dl_again_out)
1174  *can_dl_again_out = can_dl_again;
1175  return extrainfo;
1176 }
1177 
1178 /** Add an exit policy stored in the token <b>tok</b> to the router info in
1179  * <b>router</b>. Return 0 on success, -1 on failure. */
1180 static int
1182 {
1183  addr_policy_t *newe;
1184  /* Use the standard interpretation of accept/reject *, an IPv4 wildcard. */
1185  newe = router_parse_addr_policy(tok, 0);
1186  if (!newe)
1187  return -1;
1188  if (! router->exit_policy)
1189  router->exit_policy = smartlist_new();
1190 
1191  /* Ensure that in descriptors, accept/reject fields are followed by
1192  * IPv4 addresses, and accept6/reject6 fields are followed by
1193  * IPv6 addresses. Unlike torrcs, descriptor exit policies do not permit
1194  * accept/reject followed by IPv6. */
1195  if (((tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6) &&
1196  tor_addr_family(&newe->addr) == AF_INET)
1197  ||
1198  ((tok->tp == K_ACCEPT || tok->tp == K_REJECT) &&
1199  tor_addr_family(&newe->addr) == AF_INET6)) {
1200  /* There's nothing the user can do about other relays' descriptors,
1201  * so we don't provide usage advice here. */
1202  log_warn(LD_DIR, "Mismatch between field type and address type in exit "
1203  "policy '%s'. Discarding entire router descriptor.",
1204  tok->n_args == 1 ? tok->args[0] : "");
1205  addr_policy_free(newe);
1206  return -1;
1207  }
1208 
1209  smartlist_add(router->exit_policy, newe);
1210 
1211  return 0;
1212 }
1213 
1214 /** Return a newly allocated smartlist of all accept or reject tokens in
1215  * <b>s</b>.
1216  */
1217 static smartlist_t *
1219 {
1220  smartlist_t *out = smartlist_new();
1222  if (t->tp == K_ACCEPT || t->tp == K_ACCEPT6 ||
1223  t->tp == K_REJECT || t->tp == K_REJECT6)
1224  smartlist_add(out,t));
1225  return out;
1226 }
1227 
1228 /** Called on startup; right now we just handle scanning the unparseable
1229  * descriptor dumps, but hang anything else we might need to do in the
1230  * future here as well.
1231  */
1232 void
1234 {
1235  /*
1236  * Check both if the sandbox is active and whether it's configured; no
1237  * point in loading all that if we won't be able to use it after the
1238  * sandbox becomes active.
1239  */
1240  if (!(sandbox_is_active() || get_options()->Sandbox)) {
1241  dump_desc_init();
1242  }
1243 }
1244 
1245 /** Clean up all data structures used by routerparse.c at exit */
1246 void
1248 {
1250 }
routerinfo_t::purpose
uint8_t purpose
Definition: routerinfo_st.h:115
routerinfo_t
Definition: routerinfo_st.h:20
versions.h
Header file for versions.c.
extrainfo_t::nickname
char nickname[MAX_NICKNAME_LEN+1]
Definition: extrainfo_st.h:23
T1_START
#define T1_START(s, t, a, o)
Definition: parsecommon.h:252
router_get_hash_impl_helper
int router_get_hash_impl_helper(const char *s, size_t s_len, const char *start_str, const char *end_str, char end_c, int log_severity, const char **start_out, const char **end_out)
Definition: sigcommon.c:27
tor_addr_family
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
smartlist_pos
int smartlist_pos(const smartlist_t *sl, const void *element)
Definition: smartlist.c:119
routerinfo.h
Header file for routerinfo.c.
extrainfo_t::pending_sig_len
size_t pending_sig_len
Definition: extrainfo_st.h:31
routerlist_t::identity_map
struct digest_ri_map_t * identity_map
Definition: routerlist_st.h:20
routerdesc_token_table
const token_rule_t routerdesc_token_table[]
Definition: routerparse.c:85
tor_cert_t
Definition: torcert.h:30
routerinfo_t::bandwidthcapacity
uint32_t bandwidthcapacity
Definition: routerinfo_st.h:58
tor_addr_t
Definition: address.h:69
smartlist_add_strdup
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
Definition: smartlist_core.c:137
extrainfo_t
Definition: extrainfo_st.h:18
sandbox.h
Header file for sandbox.c.
NEED_KEY_1024
@ NEED_KEY_1024
Definition: parsecommon.h:222
END_OF_TABLE
#define END_OF_TABLE
Definition: parsecommon.h:244
addr_policy_st.h
Address policy structures.
tokenize_string
int tokenize_string(memarea_t *area, const char *start, const char *end, smartlist_t *out, const token_rule_t *table, int flags)
Definition: parsecommon.c:53
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
LD_BUG
#define LD_BUG
Definition: log.h:86
extrainfo_token_table
static token_rule_t extrainfo_token_table[]
Definition: routerparse.c:131
ed25519_pubkey_eq
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Definition: crypto_ed25519.c:642
router.h
Header file for router.c.
routerinfo_t::ipv6_exit_policy
struct short_policy_t * ipv6_exit_policy
Definition: routerinfo_st.h:63
memarea.h
Header for memarea.c.
T0N
#define T0N(s, t, a, o)
Definition: parsecommon.h:248
routerinfo_t::identity_pkey
crypto_pk_t * identity_pkey
Definition: routerinfo_st.h:41
extrainfo_t::digest256
uint8_t digest256[DIGEST256_LEN]
Definition: extrainfo_st.h:21
describe.h
Header file for describe.c.
directory_token_t
Definition: parsecommon.h:201
signed_descriptor_t::annotations_len
size_t annotations_len
Definition: signed_descriptor_st.h:24
NO_OBJ
@ NO_OBJ
Definition: parsecommon.h:219
memarea_drop_all
#define memarea_drop_all(area)
Definition: memarea.h:22
router_get_extrainfo_hash
int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest)
Definition: routerparse.c:190
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
tor_cert_get_checkable_sig
int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out, const tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t *expiration_out)
Definition: torcert.c:211
is_legal_nickname
int is_legal_nickname(const char *s)
Definition: nickname.c:19
token_clear
void token_clear(directory_token_t *tok)
Definition: parsecommon.c:41
tor_cert_t::signing_key_included
unsigned signing_key_included
Definition: torcert.h:47
routerinfo_t::caches_extra_info
unsigned int caches_extra_info
Definition: routerinfo_st.h:70
directory_token_t::args
char ** args
Definition: parsecommon.h:204
ED25519_PUBKEY_LEN
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
NEED_OBJ
@ NEED_OBJ
Definition: parsecommon.h:220
routerparse_free_all
void routerparse_free_all(void)
Definition: routerparse.c:1247
crypto_digest_add_bytes
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
Definition: crypto_digest_nss.c:308
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
ed25519_signature_from_base64
int ed25519_signature_from_base64(ed25519_signature_t *sig, const char *input)
Definition: crypto_format.c:255
crypto_digest_t
Definition: crypto_digest_nss.c:166
routerinfo_t::onion_pkey_len
size_t onion_pkey_len
Definition: routerinfo_st.h:39
router_purpose_to_string
const char * router_purpose_to_string(uint8_t p)
Definition: routerinfo.c:82
routerinfo_t::ipv6_addr
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:30
tor_parse_long
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
parse_iso_time
int parse_iso_time(const char *cp, time_t *t)
Definition: time_fmt.c:392
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
routerinfo_t::platform
char * platform
Definition: routerinfo_st.h:48
dump_desc_init
void dump_desc_init(void)
Definition: unparseable.c:38
check_signature_token
int check_signature_token(const char *digest, ssize_t digest_len, directory_token_t *tok, crypto_pk_t *pkey, int flags, const char *doctype)
Definition: sigcommon.c:143
addr_policy_t
Definition: addr_policy_st.h:26
ed25519_public_key_from_curve25519_public_key
int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey, const curve25519_public_key_t *pubkey_in, int signbit)
Definition: crypto_ed25519.c:493
signed_descriptor_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: signed_descriptor_st.h:31
base16_decode
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:506
routerinfo_t::bandwidthburst
uint32_t bandwidthburst
Definition: routerinfo_st.h:56
sandbox_is_active
int sandbox_is_active(void)
Definition: sandbox.c:1898
tor_strstrip
void tor_strstrip(char *s, const char *strip)
Definition: util_string.c:111
find_all_by_keyword
smartlist_t * find_all_by_keyword(const smartlist_t *s, directory_keyword k)
Definition: parsecommon.c:468
routerinfo_t::protocol_list
char * protocol_list
Definition: routerinfo_st.h:50
unparseable.h
Header file for unparseable.c.
T01
#define T01(s, t, a, o)
Definition: parsecommon.h:258
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
signed_descriptor_t::extra_info_digest256
char extra_info_digest256[DIGEST256_LEN]
Definition: signed_descriptor_st.h:37
directory_token_t::n_args
int n_args
Definition: parsecommon.h:203
ARGS
#define ARGS
Definition: parsecommon.h:263
router_parse_entry_from_string
routerinfo_t * router_parse_entry_from_string(const char *s, const char *end, int cache_copy, int allow_annotations, const char *prepend_annotations, int *can_dl_again_out)
Definition: routerparse.c:394
EQ
#define EQ(n)
Definition: parsecommon.h:271
crypto_format.h
Header for crypto_format.c.
NO_ARGS
#define NO_ARGS
Definition: parsecommon.h:265
signed_descriptor_t::saved_location
saved_location_t saved_location
Definition: signed_descriptor_st.h:44
routerlist_t
Definition: routerlist_st.h:18
tor_addr_from_in
#define tor_addr_from_in(dest, in)
Definition: address.h:331
routerinfo_t::ipv4_addr
tor_addr_t ipv4_addr
Definition: routerinfo_st.h:25
routerparse_init
void routerparse_init(void)
Definition: routerparse.c:1233
dump_desc_fifo_cleanup
void dump_desc_fifo_cleanup(void)
Definition: unparseable.c:239
routerinfo_t::wants_to_be_hs_dir
unsigned int wants_to_be_hs_dir
Definition: routerinfo_st.h:75
tor_memneq
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
tor_inet_aton
int tor_inet_aton(const char *str, struct in_addr *addr)
Definition: inaddr.c:40
curve25519_public_from_base64
int curve25519_public_from_base64(curve25519_public_key_t *pkey, const char *input)
Definition: crypto_format.c:170
T1
#define T1(s, t, a, o)
Definition: parsecommon.h:250
memarea_new
memarea_t * memarea_new(void)
Definition: memarea.c:153
torcert.h
Header for torcert.c.
crypto_pk_get_digest
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
routerinfo_t::policy_is_reject_star
unsigned int policy_is_reject_star
Definition: routerinfo_st.h:77
ed25519_public_key_t
Definition: crypto_ed25519.h:23
extrainfo_t::pending_sig
char * pending_sig
Definition: extrainfo_st.h:29
router_get_router_hash
int router_get_router_hash(const char *s, size_t s_len, char *digest)
Definition: routerparse.c:180
signed_descriptor_t::signed_descriptor_digest
char signed_descriptor_digest[DIGEST_LEN]
Definition: signed_descriptor_st.h:29
escaped
const char * escaped(const char *s)
Definition: escape.c:126
tor_cert_t::signing_key
ed25519_public_key_t signing_key
Definition: torcert.h:35
ed25519_checkable_t
Definition: crypto_ed25519.h:77
ROUTER_PURPOSE_UNKNOWN
#define ROUTER_PURPOSE_UNKNOWN
Definition: routerinfo_st.h:109
tor_cert_parse
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
Definition: torcert.c:159
strcmpstart
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:215
routerinfo_t::exit_policy
smartlist_t * exit_policy
Definition: routerinfo_st.h:59
memarea_t
Definition: memarea.c:119
routerlist_st.h
Router descriptor list structure.
routerlist.h
Header file for routerlist.c.
routerinfo_t::supports_tunnelled_dir_requests
unsigned int supports_tunnelled_dir_requests
Definition: routerinfo_st.h:86
router_purpose_from_string
uint8_t router_purpose_from_string(const char *s)
Definition: routerinfo.c:97
maskbits_t
uint8_t maskbits_t
Definition: address.h:62
directory_token_t::object_body
char * object_body
Definition: parsecommon.h:208
routerinfo_t::declared_family
smartlist_t * declared_family
Definition: routerinfo_st.h:65
crypto_curve25519.h
Header for crypto_curve25519.c.
sigcommon.h
Header file for sigcommon.c.
routerinfo_st.h
Router descriptor structure.
DIGEST256_LEN
#define DIGEST256_LEN
Definition: digest_sizes.h:23
CONCAT_ARGS
#define CONCAT_ARGS
Definition: parsecommon.h:267
routerinfo_t::contact_info
char * contact_info
Definition: routerinfo_st.h:67
saved_location_t
saved_location_t
Definition: or.h:747
short_policy_is_reject_star
int short_policy_is_reject_star(const short_policy_t *policy)
Definition: policies.c:2840
OBJ_OK
@ OBJ_OK
Definition: parsecommon.h:224
digest256_from_base64
int digest256_from_base64(char *digest, const char *d64)
Definition: crypto_format.c:320
fast_memneq
#define fast_memneq(a, b, c)
Definition: di_ops.h:42
crypto_digest256_new
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:272
get_options
const or_options_t * get_options(void)
Definition: config.c:929
SAVED_IN_CACHE
@ SAVED_IN_CACHE
Definition: or.h:754
router_get_hash_impl
int router_get_hash_impl(const char *s, size_t s_len, char *digest, const char *start_str, const char *end_str, char end_c, digest_algorithm_t alg)
Definition: sigcommon.c:74
routerinfo_t::onion_pkey
char * onion_pkey
Definition: routerinfo_st.h:37
parse_short_policy
short_policy_t * parse_short_policy(const char *summary)
Definition: policies.c:2655
crypto_digest_free
#define crypto_digest_free(d)
Definition: crypto_digest.h:130
directory_token_t::object_size
size_t object_size
Definition: parsecommon.h:207
curve25519_public_key_t
Definition: crypto_curve25519.h:24
signed_descriptor_t::signing_key_cert
struct tor_cert_st * signing_key_cert
Definition: signed_descriptor_st.h:39
routerinfo_t::allow_single_hop_exits
unsigned int allow_single_hop_exits
Definition: routerinfo_st.h:72
policy_parse.h
Header file for policy_parse.c.
is_legal_nickname_or_hexdigest
int is_legal_nickname_or_hexdigest(const char *s)
Definition: nickname.c:31
crypto_pk_public_exponent_ok
int crypto_pk_public_exponent_ok(const crypto_pk_t *env)
Definition: crypto_rsa_nss.c:261
tor_addr_parse_mask_ports
int tor_addr_parse_mask_ports(const char *s, unsigned flags, tor_addr_t *addr_out, maskbits_t *maskbits_out, uint16_t *port_min_out, uint16_t *port_max_out)
Definition: address.c:543
T1_END
#define T1_END(s, t, a, o)
Definition: parsecommon.h:254
router_parse_list_from_string
int router_parse_list_from_string(const char **s, const char *eos, smartlist_t *dest, saved_location_t saved_location, int want_extrainfo, int allow_annotations, const char *prepend_annotations, smartlist_t *invalid_digests_out)
Definition: routerparse.c:249
router_parse_addr_policy
addr_policy_t * router_parse_addr_policy(directory_token_t *tok, unsigned fmt_flags)
Definition: policy_parse.c:136
check_tap_onion_key_crosscert
int check_tap_onion_key_crosscert(const uint8_t *crosscert, int crosscert_len, const crypto_pk_t *onion_pkey, const ed25519_public_key_t *master_id_pkey, const uint8_t *rsa_id_digest)
Definition: torcert.c:649
extrainfo_st.h
A relay's extra-info structure.
routerinfo_t::pv
protover_summary_flags_t pv
Definition: routerinfo_st.h:93
nickname.h
Header file for nickname.c.
parsecommon.h
Header file for parsecommon.c.
signed_descriptor_t::saved_offset
off_t saved_offset
Definition: signed_descriptor_st.h:47
router_add_exit_policy
static int router_add_exit_policy(routerinfo_t *router, directory_token_t *tok)
Definition: routerparse.c:1181
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
crypto_pk_t
Definition: crypto_rsa_nss.c:37
directory_token_t::tp
directory_keyword tp
Definition: parsecommon.h:202
ed25519_checksig_batch
int ed25519_checksig_batch(int *okay_out, const ed25519_checkable_t *checkable, int n_checkable)
Definition: crypto_ed25519.c:376
router_get_routerlist
routerlist_t * router_get_routerlist(void)
Definition: routerlist.c:894
HEX_DIGEST_LEN
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
LOG_WARN
#define LOG_WARN
Definition: log.h:53
router_describe
const char * router_describe(const routerinfo_t *ri)
Definition: describe.c:122
find_single_ipv6_orport
int find_single_ipv6_orport(const smartlist_t *list, tor_addr_t *addr_out, uint16_t *port_out)
Definition: routerparse.c:340
find_opt_by_keyword
directory_token_t * find_opt_by_keyword(const smartlist_t *s, directory_keyword keyword)
Definition: parsecommon.c:457
policies.h
Header file for policies.c.
routerinfo_t::uptime
long uptime
Definition: routerinfo_st.h:64
ed25519_public_from_base64
int ed25519_public_from_base64(ed25519_public_key_t *pkey, const char *input)
Definition: crypto_format.c:212
tor_cert_t::cert_type
uint8_t cert_type
Definition: torcert.h:45
config.h
Header file for config.c.
addr_policy_t::addr
tor_addr_t addr
Definition: addr_policy_st.h:46
crypto_digest256
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:121
summarize_protover_flags
void summarize_protover_flags(protover_summary_flags_t *out, const char *protocols, const char *version)
Definition: versions.c:501
token_rule_t
Definition: parsecommon.h:275
extrainfo_parse_entry_from_string
extrainfo_t * extrainfo_parse_entry_from_string(const char *s, const char *end, int cache_copy, struct digest_ri_map_t *routermap, int *can_dl_again_out)
Definition: routerparse.c:966
routerinfo_t::is_hibernating
unsigned int is_hibernating
Definition: routerinfo_st.h:68
signed_descriptor_t::published_on
time_t published_on
Definition: signed_descriptor_st.h:33
policy_is_reject_star
int policy_is_reject_star(const smartlist_t *policy, sa_family_t family, int default_reject)
Definition: policies.c:2214
ROUTER_PURPOSE_GENERAL
#define ROUTER_PURPOSE_GENERAL
Definition: routerinfo_st.h:98
signed_descriptor_t
Definition: signed_descriptor_st.h:18
tor_cert_t::signed_key
ed25519_public_key_t signed_key
Definition: torcert.h:32
policy_expand_private
void policy_expand_private(smartlist_t **policy)
Definition: policies.c:105
signed_descriptor_t::routerlist_index
int routerlist_index
Definition: signed_descriptor_st.h:50
signed_descriptor_t::signed_descriptor_body
char * signed_descriptor_body
Definition: signed_descriptor_st.h:22
signed_descriptor_t::signed_descriptor_len
size_t signed_descriptor_len
Definition: signed_descriptor_st.h:26
GE
#define GE(n)
Definition: parsecommon.h:269
routerparse.h
Header file for routerparse.c.
routerinfo_t::nickname
char * nickname
Definition: routerinfo_st.h:22
LD_DIR
#define LD_DIR
Definition: log.h:88
A01
#define A01(s, t, a, o)
Definition: parsecommon.h:260
eat_whitespace_eos
const char * eat_whitespace_eos(const char *s, const char *eos)
Definition: util_string.c:304
crypto_ed25519.h
Header for crypto_ed25519.c.
find_start_of_next_router_or_extrainfo
static int find_start_of_next_router_or_extrainfo(const char **s_ptr, const char *eos, int *is_extrainfo_out)
Definition: routerparse.c:202
SAVED_NOWHERE
@ SAVED_NOWHERE
Definition: or.h:750
routerinfo_t::bandwidthrate
uint32_t bandwidthrate
Definition: routerinfo_st.h:54
smartlist_t
Definition: smartlist_core.h:26
dump_desc
void dump_desc(const char *desc, const char *type)
Definition: unparseable.c:496
crypto_digest_get_digest
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Definition: crypto_digest_nss.c:348
directory_token_t::key
struct crypto_pk_t * key
Definition: parsecommon.h:210
directory_token_t::object_type
char * object_type
Definition: parsecommon.h:206
tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
routerinfo_t::onion_curve25519_pkey
struct curve25519_public_key_t * onion_curve25519_pkey
Definition: routerinfo_st.h:43
or.h
Master header file for Tor-specific functionality.
find_all_exitpolicy
static smartlist_t * find_all_exitpolicy(smartlist_t *s)
Definition: routerparse.c:1218
routerinfo_t::cert_expiration_time
time_t cert_expiration_time
Definition: routerinfo_st.h:46
signed_descriptor_t::extra_info_digest
char extra_info_digest[DIGEST_LEN]
Definition: signed_descriptor_st.h:35