Tor 0.4.9.1-alpha-dev
channeltls.c
Go to the documentation of this file.
1/* * Copyright (c) 2012-2021, The Tor Project, Inc. */
2/* See LICENSE for licensing information */
3
4/**
5 * \file channeltls.c
6 *
7 * \brief A concrete subclass of channel_t using or_connection_t to transfer
8 * cells between Tor instances.
9 *
10 * This module fills in the various function pointers in channel_t, to
11 * implement the channel_tls_t channels as used in Tor today. These channels
12 * are created from channel_tls_connect() and
13 * channel_tls_handle_incoming(). Each corresponds 1:1 to or_connection_t
14 * object, as implemented in connection_or.c. These channels transmit cells
15 * to the underlying or_connection_t by calling
16 * connection_or_write_*_cell_to_buf(), and receive cells from the underlying
17 * or_connection_t when connection_or_process_cells_from_inbuf() calls
18 * channel_tls_handle_*_cell().
19 *
20 * Here we also implement the server (responder) side of the v3+ Tor link
21 * handshake, which uses CERTS and AUTHENTICATE cell to negotiate versions,
22 * exchange expected and observed IP and time information, and bootstrap a
23 * level of authentication higher than we have gotten on the raw TLS
24 * handshake.
25 *
26 * NOTE: Since there is currently only one type of channel, there are probably
27 * more than a few cases where functionality that is currently in
28 * channeltls.c, connection_or.c, and channel.c ought to be divided up
29 * differently. The right time to do this is probably whenever we introduce
30 * our next channel type.
31 **/
32
33/*
34 * Define this so channel.h gives us things only channel_t subclasses
35 * should touch.
36 */
37#define CHANNEL_OBJECT_PRIVATE
38
39#define CHANNELTLS_PRIVATE
40
41#include "core/or/or.h"
42#include "core/or/channel.h"
43#include "core/or/channeltls.h"
44#include "core/or/circuitmux.h"
46#include "core/or/command.h"
47#include "core/or/dos.h"
48#include "app/config/config.h"
55#include "trunnel/link_handshake.h"
56#include "core/or/relay.h"
62#include "core/or/scheduler.h"
65#include "trunnel/channelpadding_negotiation.h"
66#include "trunnel/netinfo.h"
67#include "core/or/channelpadding.h"
68#include "core/or/extendinfo.h"
70
71#include "core/or/cell_st.h"
77#include "core/or/var_cell_st.h"
79
80#include "lib/tls/tortls.h"
81#include "lib/tls/x509.h"
82
83/** How many CELL_PADDING cells have we received, ever? */
85/** How many CELL_VERSIONS cells have we received, ever? */
87/** How many CELL_NETINFO cells have we received, ever? */
89/** How many CELL_VPADDING cells have we received, ever? */
91/** How many CELL_CERTS cells have we received, ever? */
93/** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
95/** How many CELL_AUTHENTICATE cells have we received, ever? */
97/** How many CELL_AUTHORIZE cells have we received, ever? */
99
100/** Active listener, if any */
102
103/* channel_tls_t method declarations */
104
105static void channel_tls_close_method(channel_t *chan);
106static const char * channel_tls_describe_transport_method(channel_t *chan);
107static void channel_tls_free_method(channel_t *chan);
109static int channel_tls_get_remote_addr_method(const channel_t *chan,
110 tor_addr_t *addr_out);
111static int
112channel_tls_get_transport_name_method(channel_t *chan, char **transport_out);
113static const char *channel_tls_describe_peer_method(const channel_t *chan);
116static int
118 extend_info_t *extend_info);
120 const tor_addr_t *target);
124 cell_t *cell);
126 packed_cell_t *packed_cell);
128 var_cell_t *var_cell);
129
130/* channel_listener_tls_t method declarations */
131
133static const char *
135
136/** Handle incoming cells for the handshake stuff here rather than
137 * passing them on up. */
138
140 channel_tls_t *tlschan);
142 channel_tls_t *tlschan);
143static int command_allowed_before_handshake(uint8_t command);
145 channel_tls_t *tlschan);
147 channel_tls_t *chan);
148
149/**
150 * Do parts of channel_tls_t initialization common to channel_tls_connect()
151 * and channel_tls_handle_incoming().
152 */
153STATIC void
154channel_tls_common_init(channel_tls_t *tlschan)
155{
156 channel_t *chan;
157
158 tor_assert(tlschan);
159
160 chan = &(tlschan->base_);
161 channel_init(chan);
162 chan->magic = TLS_CHAN_MAGIC;
168 chan->get_remote_addr = channel_tls_get_remote_addr_method;
170 chan->get_transport_name = channel_tls_get_transport_name_method;
175 chan->num_bytes_queued = channel_tls_num_bytes_queued_method;
176 chan->num_cells_writeable = channel_tls_num_cells_writeable_method;
177 chan->write_cell = channel_tls_write_cell_method;
180
181 chan->cmux = circuitmux_alloc();
182 /* We only have one policy for now so always set it to EWMA. */
183 circuitmux_set_policy(chan->cmux, &ewma_policy);
184}
185
186/**
187 * Start a new TLS channel.
188 *
189 * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
190 * handshake with an OR with identity digest <b>id_digest</b>, and wrap
191 * it in a channel_tls_t.
192 */
193channel_t *
194channel_tls_connect(const tor_addr_t *addr, uint16_t port,
195 const char *id_digest,
196 const ed25519_public_key_t *ed_id)
197{
198 channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
199 channel_t *chan = &(tlschan->base_);
200
202
203 log_debug(LD_CHANNEL,
204 "In channel_tls_connect() for channel %p "
205 "(global id %"PRIu64 ")",
206 tlschan,
207 (chan->global_identifier));
208
209 if (is_local_to_resolve_addr(addr)) {
210 log_debug(LD_CHANNEL,
211 "Marking new outgoing channel %"PRIu64 " at %p as local",
212 (chan->global_identifier), chan);
213 channel_mark_local(chan);
214 } else {
215 log_debug(LD_CHANNEL,
216 "Marking new outgoing channel %"PRIu64 " at %p as remote",
217 (chan->global_identifier), chan);
219 }
220
222
223 /* Set up or_connection stuff */
224 tlschan->conn = connection_or_connect(addr, port, id_digest, ed_id, tlschan);
225 /* connection_or_connect() will fill in tlschan->conn */
226 if (!(tlschan->conn)) {
227 chan->reason_for_closing = CHANNEL_CLOSE_FOR_ERROR;
229 goto err;
230 }
231
232 log_debug(LD_CHANNEL,
233 "Got orconn %p for channel with global id %"PRIu64,
234 tlschan->conn, (chan->global_identifier));
235
236 goto done;
237
238 err:
239 circuitmux_free(chan->cmux);
240 tor_free(tlschan);
241 chan = NULL;
242
243 done:
244 /* If we got one, we should register it */
245 if (chan) channel_register(chan);
246
247 return chan;
248}
249
250/**
251 * Return the current channel_tls_t listener.
252 *
253 * Returns the current channel listener for incoming TLS connections, or
254 * NULL if none has been established
255 */
258{
260}
261
262/**
263 * Start a channel_tls_t listener if necessary.
264 *
265 * Return the current channel_tls_t listener, or start one if we haven't yet,
266 * and return that.
267 */
270{
271 channel_listener_t *listener;
272
274 listener = tor_malloc_zero(sizeof(*listener));
275 channel_init_listener(listener);
278 listener->describe_transport =
280
281 channel_tls_listener = listener;
282
283 log_debug(LD_CHANNEL,
284 "Starting TLS channel listener %p with global id %"PRIu64,
285 listener, (listener->global_identifier));
286
288 } else listener = channel_tls_listener;
289
290 return listener;
291}
292
293/**
294 * Free everything on shutdown.
295 *
296 * Not much to do here, since channel_free_all() takes care of a lot, but let's
297 * get rid of the listener.
298 */
299void
301{
302 channel_listener_t *old_listener = NULL;
303
304 log_debug(LD_CHANNEL,
305 "Shutting down TLS channels...");
306
308 /*
309 * When we close it, channel_tls_listener will get nulled out, so save
310 * a pointer so we can free it.
311 */
312 old_listener = channel_tls_listener;
313 log_debug(LD_CHANNEL,
314 "Closing channel_tls_listener with ID %"PRIu64
315 " at %p.",
316 (old_listener->global_identifier),
317 old_listener);
318 channel_listener_unregister(old_listener);
320 channel_listener_free(old_listener);
322 }
323
324 log_debug(LD_CHANNEL,
325 "Done shutting down TLS channels");
326}
327
328/**
329 * Create a new channel around an incoming or_connection_t.
330 */
331channel_t *
333{
334 channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
335 channel_t *chan = &(tlschan->base_);
336
337 tor_assert(orconn);
338 tor_assert(!(orconn->chan));
339
341
342 /* Link the channel and orconn to each other */
343 tlschan->conn = orconn;
344 orconn->chan = tlschan;
345
346 if (is_local_to_resolve_addr(&(TO_CONN(orconn)->addr))) {
347 log_debug(LD_CHANNEL,
348 "Marking new incoming channel %"PRIu64 " at %p as local",
349 (chan->global_identifier), chan);
350 channel_mark_local(chan);
351 } else {
352 log_debug(LD_CHANNEL,
353 "Marking new incoming channel %"PRIu64 " at %p as remote",
354 (chan->global_identifier), chan);
356 }
357
359
360 /* Register it */
361 channel_register(chan);
362
363 char *transport_name = NULL;
364 if (channel_tls_get_transport_name_method(TLS_CHAN_TO_BASE(orconn->chan),
365 &transport_name) < 0) {
366 transport_name = NULL;
367 }
368 /* Start tracking TLS connections in the DoS subsystem as soon as possible,
369 * so we can protect against attacks that use partially open connections.
370 */
372 &TO_CONN(orconn)->addr, transport_name,
373 time(NULL));
374 dos_new_client_conn(orconn, transport_name);
375 tor_free(transport_name);
376
377 return chan;
378}
379
380/**
381 * Set the `potentially_used_for_bootstrapping` flag on the or_connection_t
382 * corresponding to the provided channel.
383 *
384 * This flag indicates that if the connection fails, it might be interesting
385 * to the bootstrapping subsystem. (The bootstrapping system only cares about
386 * channels that we have tried to use for our own circuits. Other channels
387 * may have been launched in response to EXTEND cells from somebody else, and
388 * if they fail, it won't necessarily indicate a bootstrapping problem.)
389 **/
390void
392{
393 if (BUG(!chan))
394 return;
395 if (chan->magic != TLS_CHAN_MAGIC)
396 return;
397 channel_tls_t *tlschan = channel_tls_from_base(chan);
398 if (BUG(!tlschan))
399 return;
400
401 if (tlschan->conn)
402 tlschan->conn->potentially_used_for_bootstrapping = 1;
403}
404
405/*********
406 * Casts *
407 ********/
408
409/**
410 * Cast a channel_tls_t to a channel_t.
411 */
412channel_t *
413channel_tls_to_base(channel_tls_t *tlschan)
414{
415 if (!tlschan) return NULL;
416
417 return &(tlschan->base_);
418}
419
420/**
421 * Cast a channel_t to a channel_tls_t, with appropriate type-checking
422 * asserts.
423 */
424channel_tls_t *
426{
427 if (!chan) return NULL;
428
429 tor_assert(chan->magic == TLS_CHAN_MAGIC);
430
431 return (channel_tls_t *)(chan);
432}
433
434/**
435 * Cast a const channel_tls_t to a const channel_t.
436 */
437const channel_t *
438channel_tls_to_base_const(const channel_tls_t *tlschan)
439{
440 return channel_tls_to_base((channel_tls_t*) tlschan);
441}
442
443/**
444 * Cast a const channel_t to a const channel_tls_t, with appropriate
445 * type-checking asserts.
446 */
447const channel_tls_t *
449{
450 return channel_tls_from_base((channel_t *)chan);
451}
452
453/********************************************
454 * Method implementations for channel_tls_t *
455 *******************************************/
456
457/**
458 * Close a channel_tls_t.
459 *
460 * This implements the close method for channel_tls_t.
461 */
462static void
464{
465 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
466
467 tor_assert(tlschan);
468
469 if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1);
470 else {
471 /* Weird - we'll have to change the state ourselves, I guess */
472 log_info(LD_CHANNEL,
473 "Tried to close channel_tls_t %p with NULL conn",
474 tlschan);
476 }
477}
478
479/**
480 * Describe the transport for a channel_tls_t.
481 *
482 * This returns the string "TLS channel on connection <id>" to the upper
483 * layer.
484 */
485static const char *
487{
488 static char *buf = NULL;
489 uint64_t id;
490 channel_tls_t *tlschan;
491 const char *rv = NULL;
492
493 tor_assert(chan);
494
495 tlschan = BASE_CHAN_TO_TLS(chan);
496
497 if (tlschan->conn) {
498 id = TO_CONN(tlschan->conn)->global_identifier;
499
500 if (buf) tor_free(buf);
501 tor_asprintf(&buf,
502 "TLS channel (connection %"PRIu64 ")",
503 (id));
504
505 rv = buf;
506 } else {
507 rv = "TLS channel (no connection)";
508 }
509
510 return rv;
511}
512
513/**
514 * Free a channel_tls_t.
515 *
516 * This is called by the generic channel layer when freeing a channel_tls_t;
517 * this happens either on a channel which has already reached
518 * CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or
519 * on shutdown from channel_free_all(). In the latter case we might still
520 * have an orconn active (which connection_free_all() will get to later),
521 * so we should null out its channel pointer now.
522 */
523static void
525{
526 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
527
528 tor_assert(tlschan);
529
530 if (tlschan->conn) {
531 tlschan->conn->chan = NULL;
532 tlschan->conn = NULL;
533 }
534}
535
536/**
537 * Get an estimate of the average TLS overhead for the upper layer.
538 */
539static double
541{
542 double overhead = 1.0;
543 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
544
545 tor_assert(tlschan);
546 tor_assert(tlschan->conn);
547
548 /* Just return 1.0f if we don't have sensible data */
549 if (tlschan->conn->bytes_xmitted > 0 &&
550 tlschan->conn->bytes_xmitted_by_tls >=
551 tlschan->conn->bytes_xmitted) {
552 overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
553 ((double)(tlschan->conn->bytes_xmitted));
554
555 /*
556 * Never estimate more than 2.0; otherwise we get silly large estimates
557 * at the very start of a new TLS connection.
558 */
559 if (overhead > 2.0)
560 overhead = 2.0;
561 }
562
563 log_debug(LD_CHANNEL,
564 "Estimated overhead ratio for TLS chan %"PRIu64 " is %f",
565 (chan->global_identifier), overhead);
566
567 return overhead;
568}
569
570/**
571 * Get the remote address of a channel_tls_t.
572 *
573 * This implements the get_remote_addr method for channel_tls_t; copy the
574 * remote endpoint of the channel to addr_out and return 1. (Always
575 * succeeds if this channel is attached to an OR connection.)
576 *
577 * Always returns the real address of the peer, not the canonical address.
578 */
579static int
581 tor_addr_t *addr_out)
582{
583 const channel_tls_t *tlschan = CONST_BASE_CHAN_TO_TLS(chan);
584
585 tor_assert(tlschan);
586 tor_assert(addr_out);
587
588 if (tlschan->conn == NULL) {
589 tor_addr_make_unspec(addr_out);
590 return 0;
591 }
592
593 /* They want the real address, so give it to them. */
594 tor_addr_copy(addr_out, &TO_CONN(tlschan->conn)->addr);
595
596 return 1;
597}
598
599/**
600 * Get the name of the pluggable transport used by a channel_tls_t.
601 *
602 * This implements the get_transport_name for channel_tls_t. If the
603 * channel uses a pluggable transport, copy its name to
604 * <b>transport_out</b> and return 0. If the channel did not use a
605 * pluggable transport, return -1.
606 */
607static int
609{
610 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
611
612 tor_assert(tlschan);
613 tor_assert(transport_out);
614 tor_assert(tlschan->conn);
615
616 if (!tlschan->conn->ext_or_transport)
617 return -1;
618
619 *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
620 return 0;
621}
622
623/**
624 * Get a human-readable endpoint description of a channel_tls_t.
625 *
626 * This format is intended for logging, and may change in the future;
627 * nothing should parse or rely on its particular details.
628 */
629static const char *
631{
632 const channel_tls_t *tlschan = CONST_BASE_CHAN_TO_TLS(chan);
633 tor_assert(tlschan);
634
635 if (tlschan->conn) {
636 return connection_describe_peer(TO_CONN(tlschan->conn));
637 } else {
638 return "(No connection)";
639 }
640}
641
642/**
643 * Tell the upper layer if we have queued writes.
644 *
645 * This implements the has_queued_writes method for channel_tls t_; it returns
646 * 1 iff we have queued writes on the outbuf of the underlying or_connection_t.
647 */
648static int
650{
651 size_t outbuf_len;
652 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
653
654 tor_assert(tlschan);
655 if (!(tlschan->conn)) {
656 log_info(LD_CHANNEL,
657 "something called has_queued_writes on a tlschan "
658 "(%p with ID %"PRIu64 " but no conn",
659 chan, (chan->global_identifier));
660 }
661
662 outbuf_len = (tlschan->conn != NULL) ?
663 connection_get_outbuf_len(TO_CONN(tlschan->conn)) :
664 0;
665
666 return (outbuf_len > 0);
667}
668
669/**
670 * Tell the upper layer if we're canonical.
671 *
672 * This implements the is_canonical method for channel_tls_t:
673 * it returns whether this is a canonical channel.
674 */
675static int
677{
678 int answer = 0;
679 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
680
681 tor_assert(tlschan);
682
683 if (tlschan->conn) {
684 /* If this bit is set to 0, and link_proto is sufficiently old, then we
685 * can't actually _rely_ on this being a non-canonical channel.
686 * Nonetheless, we're going to believe that this is a non-canonical
687 * channel in this case, since nobody should be using these link protocols
688 * any more. */
689 answer = tlschan->conn->is_canonical;
690 }
691
692 return answer;
693}
694
695/**
696 * Check if we match an extend_info_t.
697 *
698 * This implements the matches_extend_info method for channel_tls_t; the upper
699 * layer wants to know if this channel matches an extend_info_t.
700 *
701 * NOTE that this function only checks for an address/port match, and should
702 * be used only when no identify is available.
703 */
704static int
706 extend_info_t *extend_info)
707{
708 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
709
710 tor_assert(tlschan);
711 tor_assert(extend_info);
712
713 /* Never match if we have no conn */
714 if (!(tlschan->conn)) {
715 log_info(LD_CHANNEL,
716 "something called matches_extend_info on a tlschan "
717 "(%p with ID %"PRIu64 " but no conn",
718 chan, (chan->global_identifier));
719 return 0;
720 }
721
722 const tor_addr_port_t *orport = &tlschan->conn->canonical_orport;
723 // If the canonical address is set, then we'll allow matches based on that.
724 if (! tor_addr_is_unspec(&orport->addr)) {
725 if (extend_info_has_orport(extend_info, &orport->addr, orport->port)) {
726 return 1;
727 }
728 }
729
730 // We also want to match if the true address and port are listed in the
731 // extend info.
732 return extend_info_has_orport(extend_info,
733 &TO_CONN(tlschan->conn)->addr,
734 TO_CONN(tlschan->conn)->port);
735}
736
737/**
738 * Check if we match a target address; return true iff we do.
739 *
740 * This implements the matches_target method for channel_tls t_; the upper
741 * layer wants to know if this channel matches a target address when extending
742 * a circuit.
743 */
744static int
746 const tor_addr_t *target)
747{
748 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
749
750 tor_assert(tlschan);
751 tor_assert(target);
752
753 /* Never match if we have no conn */
754 if (!(tlschan->conn)) {
755 log_info(LD_CHANNEL,
756 "something called matches_target on a tlschan "
757 "(%p with ID %"PRIu64 " but no conn",
758 chan, (chan->global_identifier));
759 return 0;
760 }
761
762 /* addr is the address this connection came from.
763 * canonical_orport is updated by connection_or_init_conn_from_address()
764 * to be the address in the descriptor. It may be tempting to
765 * allow either address to be allowed, but if we did so, it would
766 * enable someone who steals a relay's keys to covertly impersonate/MITM it
767 * from anywhere on the Internet! (Because they could make long-lived
768 * TLS connections from anywhere to all relays, and wait for them to
769 * be used for extends).
770 *
771 * An adversary who has stolen a relay's keys could also post a fake relay
772 * descriptor, but that attack is easier to detect.
773 */
774 return tor_addr_eq(&TO_CONN(tlschan->conn)->addr, target);
775}
776
777/**
778 * Tell the upper layer how many bytes we have queued and not yet
779 * sent.
780 */
781static size_t
783{
784 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
785
786 tor_assert(tlschan);
787 tor_assert(tlschan->conn);
788
789 return connection_get_outbuf_len(TO_CONN(tlschan->conn));
790}
791
792/**
793 * Tell the upper layer how many cells we can accept to write.
794 *
795 * This implements the num_cells_writeable method for channel_tls_t; it
796 * returns an estimate of the number of cells we can accept with
797 * channel_tls_write_*_cell().
798 */
799static int
801{
802 size_t outbuf_len;
803 ssize_t n;
804 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
805 size_t cell_network_size;
806
807 tor_assert(tlschan);
808 tor_assert(tlschan->conn);
809
810 cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
811 outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn));
812 /* Get the number of cells */
813 n = CEIL_DIV(or_conn_highwatermark() - outbuf_len, cell_network_size);
814 if (n < 0) n = 0;
815#if SIZEOF_SIZE_T > SIZEOF_INT
816 if (n > INT_MAX) n = INT_MAX;
817#endif
818
819 return (int)n;
820}
821
822/**
823 * Write a cell to a channel_tls_t.
824 *
825 * This implements the write_cell method for channel_tls_t; given a
826 * channel_tls_t and a cell_t, transmit the cell_t.
827 */
828static int
830{
831 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
832 int written = 0;
833
834 tor_assert(tlschan);
835 tor_assert(cell);
836
837 if (tlschan->conn) {
838 connection_or_write_cell_to_buf(cell, tlschan->conn);
839 ++written;
840 } else {
841 log_info(LD_CHANNEL,
842 "something called write_cell on a tlschan "
843 "(%p with ID %"PRIu64 " but no conn",
844 chan, (chan->global_identifier));
845 }
846
847 return written;
848}
849
850/**
851 * Write a packed cell to a channel_tls_t.
852 *
853 * This implements the write_packed_cell method for channel_tls_t; given a
854 * channel_tls_t and a packed_cell_t, transmit the packed_cell_t.
855 *
856 * Return 0 on success or negative value on error. The caller must free the
857 * packed cell.
858 */
859static int
861 packed_cell_t *packed_cell)
862{
863 tor_assert(chan);
864 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
865 size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
866
867 tor_assert(tlschan);
868 tor_assert(packed_cell);
869
870 if (tlschan->conn) {
871 connection_buf_add(packed_cell->body, cell_network_size,
872 TO_CONN(tlschan->conn));
873 } else {
874 log_info(LD_CHANNEL,
875 "something called write_packed_cell on a tlschan "
876 "(%p with ID %"PRIu64 " but no conn",
877 chan, (chan->global_identifier));
878 return -1;
879 }
880
881 return 0;
882}
883
884/**
885 * Write a variable-length cell to a channel_tls_t.
886 *
887 * This implements the write_var_cell method for channel_tls_t; given a
888 * channel_tls_t and a var_cell_t, transmit the var_cell_t.
889 */
890static int
892{
893 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
894 int written = 0;
895
896 tor_assert(tlschan);
897 tor_assert(var_cell);
898
899 if (tlschan->conn) {
900 connection_or_write_var_cell_to_buf(var_cell, tlschan->conn);
901 ++written;
902 } else {
903 log_info(LD_CHANNEL,
904 "something called write_var_cell on a tlschan "
905 "(%p with ID %"PRIu64 " but no conn",
906 chan, (chan->global_identifier));
907 }
908
909 return written;
910}
911
912/*************************************************
913 * Method implementations for channel_listener_t *
914 ************************************************/
915
916/**
917 * Close a channel_listener_t.
918 *
919 * This implements the close method for channel_listener_t.
920 */
921static void
923{
924 tor_assert(chan_l);
925
926 /*
927 * Listeners we just go ahead and change state through to CLOSED, but
928 * make sure to check if they're channel_tls_listener to NULL it out.
929 */
930 if (chan_l == channel_tls_listener)
932
933 if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSING ||
937 }
938
939 if (chan_l->incoming_list) {
941 channel_t *, ichan) {
943 } SMARTLIST_FOREACH_END(ichan);
944
945 smartlist_free(chan_l->incoming_list);
946 chan_l->incoming_list = NULL;
947 }
948
949 if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
952 }
953}
954
955/**
956 * Describe the transport for a channel_listener_t.
957 *
958 * This returns the string "TLS channel (listening)" to the upper
959 * layer.
960 */
961static const char *
963{
964 tor_assert(chan_l);
965
966 return "TLS channel (listening)";
967}
968
969/*******************************************************
970 * Functions for handling events on an or_connection_t *
971 ******************************************************/
972
973/**
974 * Handle an orconn state change.
975 *
976 * This function will be called by connection_or.c when the or_connection_t
977 * associated with this channel_tls_t changes state.
978 */
979void
981 or_connection_t *conn,
982 uint8_t state)
983{
984 channel_t *base_chan;
985
986 tor_assert(chan);
987 tor_assert(conn);
988 tor_assert(conn->chan == chan);
989 tor_assert(chan->conn == conn);
990
991 base_chan = TLS_CHAN_TO_BASE(chan);
992
993 /* Make sure the base connection state makes sense - shouldn't be error
994 * or closed. */
995
996 tor_assert(CHANNEL_IS_OPENING(base_chan) ||
997 CHANNEL_IS_OPEN(base_chan) ||
998 CHANNEL_IS_MAINT(base_chan) ||
999 CHANNEL_IS_CLOSING(base_chan));
1000
1001 /* Did we just go to state open? */
1002 if (state == OR_CONN_STATE_OPEN) {
1003 /*
1004 * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or
1005 * CHANNEL_STATE_MAINT on this.
1006 */
1007 channel_change_state_open(base_chan);
1008 /* We might have just become writeable; check and tell the scheduler */
1009 if (connection_or_num_cells_writeable(conn) > 0) {
1011 }
1012 } else {
1013 /*
1014 * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
1015 * otherwise no change.
1016 */
1017 if (CHANNEL_IS_OPEN(base_chan)) {
1019 }
1020 }
1021}
1022
1023#ifdef KEEP_TIMING_STATS
1024
1025/**
1026 * Timing states wrapper.
1027 *
1028 * This is a wrapper function around the actual function that processes the
1029 * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b>
1030 * by the number of microseconds used by the call to <b>*func(cell, chan)</b>.
1031 */
1032static void
1033channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,
1034 void (*func)(cell_t *, channel_tls_t *))
1035{
1036 struct timeval start, end;
1037 long time_passed;
1038
1039 tor_gettimeofday(&start);
1040
1041 (*func)(cell, chan);
1042
1043 tor_gettimeofday(&end);
1044 time_passed = tv_udiff(&start, &end) ;
1045
1046 if (time_passed > 10000) { /* more than 10ms */
1047 log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
1048 }
1049
1050 if (time_passed < 0) {
1051 log_info(LD_GENERAL,"That call took us back in time!");
1052 time_passed = 0;
1053 }
1054
1055 *time += time_passed;
1056}
1057#endif /* defined(KEEP_TIMING_STATS) */
1058
1059#ifdef KEEP_TIMING_STATS
1060#define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
1061 ++num ## tp; \
1062 channel_tls_time_process_cell(cl, cn, & tp ## time , \
1063 channel_tls_process_ ## tp ## _cell); \
1064 } STMT_END
1065#else /* !defined(KEEP_TIMING_STATS) */
1066#define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
1067#endif /* defined(KEEP_TIMING_STATS) */
1068
1069/**
1070 * Handle an incoming cell on a channel_tls_t.
1071 *
1072 * This is called from connection_or.c to handle an arriving cell; it checks
1073 * for cell types specific to the handshake for this transport protocol and
1074 * handles them, and queues all other cells to the channel_t layer, which
1075 * eventually will hand them off to command.c.
1076 *
1077 * The channel layer itself decides whether the cell should be queued or
1078 * can be handed off immediately to the upper-layer code. It is responsible
1079 * for copying in the case that it queues; we merely pass pointers through
1080 * which we get from connection_or_process_cells_from_inbuf().
1081 */
1082void
1084{
1085 channel_tls_t *chan;
1086 int handshaking;
1087
1088 tor_assert(cell);
1089 tor_assert(conn);
1090
1091 chan = conn->chan;
1092
1093 if (!chan) {
1094 log_warn(LD_CHANNEL,
1095 "Got a cell_t on an OR connection with no channel");
1096 return;
1097 }
1098
1099 handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);
1100
1101 if (conn->base_.marked_for_close)
1102 return;
1103
1104 /* Reject all but VERSIONS and NETINFO when handshaking. */
1105 /* (VERSIONS actually indicates a protocol warning: it's variable-length,
1106 * so if it reaches this function, we're on a v1 connection.) */
1107 if (handshaking && cell->command != CELL_VERSIONS &&
1108 cell->command != CELL_NETINFO) {
1109 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1110 "Received unexpected cell command %d in chan state %s / "
1111 "conn state %s; closing the connection.",
1112 (int)cell->command,
1113 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1116 return;
1117 }
1118
1119 if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
1120 or_handshake_state_record_cell(conn, conn->handshake_state, cell, 1);
1121
1122 /* We note that we're on the internet whenever we read a cell. This is
1123 * a fast operation. */
1126
1127 if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1129
1130 switch (cell->command) {
1131 case CELL_PADDING:
1133 if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1136 /* do nothing */
1137 break;
1138 case CELL_VERSIONS:
1139 /* A VERSIONS cell should always be a variable-length cell, and
1140 * so should never reach this function (which handles constant-sized
1141 * cells). But if the connection is using the (obsolete) v1 link
1142 * protocol, all cells will be treated as constant-sized, and so
1143 * it's possible we'll reach this code.
1144 */
1145 log_fn(LOG_PROTOCOL_WARN, LD_CHANNEL,
1146 "Received unexpected VERSIONS cell on a channel using link "
1147 "protocol %d; ignoring.", conn->link_proto);
1148 break;
1149 case CELL_NETINFO:
1151 PROCESS_CELL(netinfo, cell, chan);
1152 break;
1153 case CELL_PADDING_NEGOTIATE:
1155 PROCESS_CELL(padding_negotiate, cell, chan);
1156 break;
1157 case CELL_CREATE:
1158 case CELL_CREATE_FAST:
1159 case CELL_CREATED:
1160 case CELL_CREATED_FAST:
1161 case CELL_RELAY:
1162 case CELL_RELAY_EARLY:
1163 case CELL_DESTROY:
1164 case CELL_CREATE2:
1165 case CELL_CREATED2:
1166 /*
1167 * These are all transport independent and we pass them up through the
1168 * channel_t mechanism. They are ultimately handled in command.c.
1169 */
1170 channel_process_cell(TLS_CHAN_TO_BASE(chan), cell);
1171 break;
1172 default:
1174 "Cell of unknown type (%d) received in channeltls.c. "
1175 "Dropping.",
1176 cell->command);
1177 break;
1178 }
1179}
1180
1181/**
1182 * Handle an incoming variable-length cell on a channel_tls_t.
1183 *
1184 * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep
1185 * internal statistics about how many of each cell we've processed so far
1186 * this second, and the total number of microseconds it took to
1187 * process each type of cell. All the var_cell commands are handshake-
1188 * related and live below the channel_t layer, so no variable-length
1189 * cells ever get delivered in the current implementation, but I've left
1190 * the mechanism in place for future use.
1191 *
1192 * If we were handing them off to the upper layer, the channel_t queueing
1193 * code would be responsible for memory management, and we'd just be passing
1194 * pointers through from connection_or_process_cells_from_inbuf(). That
1195 * caller always frees them after this function returns, so this function
1196 * should never free var_cell.
1197 */
1198void
1200{
1201 channel_tls_t *chan;
1202
1203#ifdef KEEP_TIMING_STATS
1204 /* how many of each cell have we seen so far this second? needs better
1205 * name. */
1206 static int num_versions = 0, num_certs = 0;
1207 static time_t current_second = 0; /* from previous calls to time */
1208 time_t now = time(NULL);
1209
1210 if (current_second == 0) current_second = now;
1211 if (now > current_second) { /* the second has rolled over */
1212 /* print stats */
1213 log_info(LD_OR,
1214 "At end of second: %d versions (%d ms), %d certs (%d ms)",
1215 num_versions, versions_time / ((now - current_second) * 1000),
1216 num_certs, certs_time / ((now - current_second) * 1000));
1217
1218 num_versions = num_certs = 0;
1219 versions_time = certs_time = 0;
1220
1221 /* remember which second it is, for next time */
1222 current_second = now;
1223 }
1224#endif /* defined(KEEP_TIMING_STATS) */
1225
1226 tor_assert(var_cell);
1227 tor_assert(conn);
1228
1229 chan = conn->chan;
1230
1231 if (!chan) {
1232 log_warn(LD_CHANNEL,
1233 "Got a var_cell_t on an OR connection with no channel");
1234 return;
1235 }
1236
1237 if (TO_CONN(conn)->marked_for_close)
1238 return;
1239
1240 switch (TO_CONN(conn)->state) {
1242 if (var_cell->command != CELL_VERSIONS) {
1243 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1244 "Received a cell with command %d in unexpected "
1245 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1246 "closing the connection.",
1247 (int)(var_cell->command),
1249 TO_CONN(conn)->state,
1250 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1251 (int)(TLS_CHAN_TO_BASE(chan)->state));
1252 /*
1253 * The code in connection_or.c will tell channel_t to close for
1254 * error; it will go to CHANNEL_STATE_CLOSING, and then to
1255 * CHANNEL_STATE_ERROR when conn is closed.
1256 */
1258 return;
1259 }
1260 break;
1262 /* If we're using bufferevents, it's entirely possible for us to
1263 * notice "hey, data arrived!" before we notice "hey, the handshake
1264 * finished!" And we need to be accepting both at once to handle both
1265 * the v2 and v3 handshakes. */
1266 /* But that should be happening any longer've disabled bufferevents. */
1267 tor_assert_nonfatal_unreached_once();
1270 if (!(command_allowed_before_handshake(var_cell->command))) {
1271 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1272 "Received a cell with command %d in unexpected "
1273 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1274 "closing the connection.",
1275 (int)(var_cell->command),
1277 (int)(TO_CONN(conn)->state),
1278 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1279 (int)(TLS_CHAN_TO_BASE(chan)->state));
1280 /* see above comment about CHANNEL_STATE_ERROR */
1282 return;
1283 } else {
1284 if (enter_v3_handshake_with_cell(var_cell, chan) < 0)
1285 return;
1286 }
1287 break;
1289 if (var_cell->command != CELL_AUTHENTICATE)
1291 var_cell, 1);
1292 break; /* Everything is allowed */
1293 case OR_CONN_STATE_OPEN:
1294 if (conn->link_proto < 3) {
1295 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1296 "Received a variable-length cell with command %d in orconn "
1297 "state %s [%d], channel state %s [%d] with link protocol %d; "
1298 "ignoring it.",
1299 (int)(var_cell->command),
1301 (int)(TO_CONN(conn)->state),
1302 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1303 (int)(TLS_CHAN_TO_BASE(chan)->state),
1304 (int)(conn->link_proto));
1305 return;
1306 }
1307 break;
1308 default:
1309 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1310 "Received var-length cell with command %d in unexpected "
1311 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1312 "ignoring it.",
1313 (int)(var_cell->command),
1315 (int)(TO_CONN(conn)->state),
1316 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1317 (int)(TLS_CHAN_TO_BASE(chan)->state));
1318 return;
1319 }
1320
1321 /* We note that we're on the internet whenever we read a cell. This is
1322 * a fast operation. */
1324
1325 /* Now handle the cell */
1326
1327 switch (var_cell->command) {
1328 case CELL_VERSIONS:
1330 PROCESS_CELL(versions, var_cell, chan);
1331 break;
1332 case CELL_VPADDING:
1334 /* Do nothing */
1335 break;
1336 case CELL_CERTS:
1338 PROCESS_CELL(certs, var_cell, chan);
1339 break;
1340 case CELL_AUTH_CHALLENGE:
1342 PROCESS_CELL(auth_challenge, var_cell, chan);
1343 break;
1344 case CELL_AUTHENTICATE:
1346 PROCESS_CELL(authenticate, var_cell, chan);
1347 break;
1348 case CELL_AUTHORIZE:
1350 /* Ignored so far. */
1351 break;
1352 default:
1354 "Variable-length cell of unknown type (%d) received.",
1355 (int)(var_cell->command));
1356 break;
1357 }
1358}
1359
1360#undef PROCESS_CELL
1361
1362/**
1363 * Update channel marks after connection_or.c has changed an address.
1364 *
1365 * This is called from connection_or_init_conn_from_address() after the
1366 * connection's _base.addr or real_addr fields have potentially been changed
1367 * so we can recalculate the local mark. Notably, this happens when incoming
1368 * connections are reverse-proxied and we only learn the real address of the
1369 * remote router by looking it up in the consensus after we finish the
1370 * handshake and know an authenticated identity digest.
1371 */
1372void
1374{
1375 channel_t *chan = NULL;
1376
1377 tor_assert(conn);
1378 tor_assert(conn->chan);
1379
1380 chan = TLS_CHAN_TO_BASE(conn->chan);
1381
1382 if (is_local_to_resolve_addr(&(TO_CONN(conn)->addr))) {
1383 if (!channel_is_local(chan)) {
1384 log_debug(LD_CHANNEL,
1385 "Marking channel %"PRIu64 " at %p as local",
1386 (chan->global_identifier), chan);
1387 channel_mark_local(chan);
1388 }
1389 } else {
1390 if (channel_is_local(chan)) {
1391 log_debug(LD_CHANNEL,
1392 "Marking channel %"PRIu64 " at %p as remote",
1393 (chan->global_identifier), chan);
1394 channel_mark_remote(chan);
1395 }
1396 }
1397}
1398
1399/**
1400 * Check if this cell type is allowed before the handshake is finished.
1401 *
1402 * Return true if <b>command</b> is a cell command that's allowed to start a
1403 * V3 handshake.
1404 */
1405static int
1407{
1408 switch (command) {
1409 case CELL_VERSIONS:
1410 case CELL_VPADDING:
1411 case CELL_AUTHORIZE:
1412 return 1;
1413 default:
1414 return 0;
1415 }
1416}
1417
1418/**
1419 * Start a V3 handshake on an incoming connection.
1420 *
1421 * Called when we as a server receive an appropriate cell while waiting
1422 * either for a cell or a TLS handshake. Set the connection's state to
1423 * "handshaking_v3', initializes the or_handshake_state field as needed,
1424 * and add the cell to the hash of incoming cells.)
1425 */
1426static int
1427enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan)
1428{
1429 int started_here = 0;
1430
1431 tor_assert(cell);
1432 tor_assert(chan);
1433 tor_assert(chan->conn);
1434
1435 started_here = connection_or_nonopen_was_started_here(chan->conn);
1436
1437 tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING ||
1438 TO_CONN(chan->conn)->state ==
1440
1441 if (started_here) {
1442 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1443 "Received a cell while TLS-handshaking, not in "
1444 "OR_HANDSHAKING_V3, on a connection we originated.");
1445 }
1448 if (connection_init_or_handshake_state(chan->conn, started_here) < 0) {
1449 connection_or_close_for_error(chan->conn, 0);
1450 return -1;
1451 }
1453 chan->conn->handshake_state, cell, 1);
1454 return 0;
1455}
1456
1457/**
1458 * Process a 'versions' cell.
1459 *
1460 * This function is called to handle an incoming VERSIONS cell; the current
1461 * link protocol version must be 0 to indicate that no version has yet been
1462 * negotiated. We compare the versions in the cell to the list of versions
1463 * we support, pick the highest version we have in common, and continue the
1464 * negotiation from there.
1465 */
1466static void
1468{
1469 int highest_supported_version = 0;
1470 int started_here = 0;
1471
1472 tor_assert(cell);
1473 tor_assert(chan);
1474 tor_assert(chan->conn);
1475
1476 if ((cell->payload_len % 2) == 1) {
1477 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1478 "Received a VERSION cell with odd payload length %d; "
1479 "closing connection.",cell->payload_len);
1480 connection_or_close_for_error(chan->conn, 0);
1481 return;
1482 }
1483
1484 started_here = connection_or_nonopen_was_started_here(chan->conn);
1485
1486 if (chan->conn->link_proto != 0 ||
1487 (chan->conn->handshake_state &&
1488 chan->conn->handshake_state->received_versions)) {
1489 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1490 "Received a VERSIONS cell on a connection with its version "
1491 "already set to %d; dropping",
1492 (int)(chan->conn->link_proto));
1493 return;
1494 }
1495 switch (chan->conn->base_.state)
1496 {
1499 break;
1502 default:
1503 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1504 "VERSIONS cell while in unexpected state");
1505 return;
1506 }
1507
1508 tor_assert(chan->conn->handshake_state);
1509
1510 {
1511 int i;
1512 const uint8_t *cp = cell->payload;
1513 for (i = 0; i < cell->payload_len / 2; ++i, cp += 2) {
1514 uint16_t v = ntohs(get_uint16(cp));
1515 if (is_or_protocol_version_known(v) && v > highest_supported_version)
1516 highest_supported_version = v;
1517 }
1518 }
1519 if (!highest_supported_version) {
1520 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1521 "Couldn't find a version in common between my version list and the "
1522 "list in the VERSIONS cell; closing connection.");
1523 connection_or_close_for_error(chan->conn, 0);
1524 return;
1525 } else if (highest_supported_version == 1) {
1526 /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
1527 * cells. */
1528 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1529 "Used version negotiation protocol to negotiate a v1 connection. "
1530 "That's crazily non-compliant. Closing connection.");
1531 connection_or_close_for_error(chan->conn, 0);
1532 return;
1533 } else if (highest_supported_version < 3 &&
1534 chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
1535 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1536 "Negotiated link protocol 2 or lower after doing a v3 TLS "
1537 "handshake. Closing connection.");
1538 connection_or_close_for_error(chan->conn, 0);
1539 return;
1540 } else if (highest_supported_version != 2 &&
1541 chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
1542 /* XXXX This should eventually be a log_protocol_warn */
1544 "Negotiated link with non-2 protocol after doing a v2 TLS "
1545 "handshake with %s. Closing connection.",
1546 connection_describe_peer(TO_CONN(chan->conn)));
1547 connection_or_close_for_error(chan->conn, 0);
1548 return;
1549 }
1550
1551 rep_hist_note_negotiated_link_proto(highest_supported_version, started_here);
1552
1553 chan->conn->link_proto = highest_supported_version;
1554 chan->conn->handshake_state->received_versions = 1;
1555
1556 if (chan->conn->link_proto == 2) {
1557 log_info(LD_OR,
1558 "Negotiated version %d on %s; sending NETINFO.",
1559 highest_supported_version,
1560 connection_describe(TO_CONN(chan->conn)));
1561
1562 if (connection_or_send_netinfo(chan->conn) < 0) {
1563 connection_or_close_for_error(chan->conn, 0);
1564 return;
1565 }
1566 } else {
1567 const int send_versions = !started_here;
1568 /* If we want to authenticate, send a CERTS cell */
1569 const int send_certs = !started_here || public_server_mode(get_options());
1570 /* If we're a host that got a connection, ask for authentication. */
1571 const int send_chall = !started_here;
1572 /* If our certs cell will authenticate us, we can send a netinfo cell
1573 * right now. */
1574 const int send_netinfo = !started_here;
1575 const int send_any =
1576 send_versions || send_certs || send_chall || send_netinfo;
1577 tor_assert(chan->conn->link_proto >= 3);
1578
1579 log_info(LD_OR,
1580 "Negotiated version %d with on %s; %s%s%s%s%s",
1581 highest_supported_version,
1582 connection_describe(TO_CONN(chan->conn)),
1583 send_any ? "Sending cells:" : "Waiting for CERTS cell",
1584 send_versions ? " VERSIONS" : "",
1585 send_certs ? " CERTS" : "",
1586 send_chall ? " AUTH_CHALLENGE" : "",
1587 send_netinfo ? " NETINFO" : "");
1588
1589#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
1590 if (1) {
1591 connection_or_close_normally(chan->conn, 1);
1592 return;
1593 }
1594#endif /* defined(DISABLE_V3_LINKPROTO_SERVERSIDE) */
1595
1596 if (send_versions) {
1597 if (connection_or_send_versions(chan->conn, 1) < 0) {
1598 log_warn(LD_OR, "Couldn't send versions cell");
1599 connection_or_close_for_error(chan->conn, 0);
1600 return;
1601 }
1602 }
1603
1604 /* We set this after sending the versions cell. */
1605 /*XXXXX symbolic const.*/
1606 TLS_CHAN_TO_BASE(chan)->wide_circ_ids =
1607 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
1608 chan->conn->wide_circ_ids = TLS_CHAN_TO_BASE(chan)->wide_circ_ids;
1609
1610 TLS_CHAN_TO_BASE(chan)->padding_enabled =
1611 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_CHANNEL_PADDING;
1612
1613 if (send_certs) {
1614 if (connection_or_send_certs_cell(chan->conn) < 0) {
1615 log_warn(LD_OR, "Couldn't send certs cell");
1616 connection_or_close_for_error(chan->conn, 0);
1617 return;
1618 }
1619 }
1620 if (send_chall) {
1621 if (connection_or_send_auth_challenge_cell(chan->conn) < 0) {
1622 log_warn(LD_OR, "Couldn't send auth_challenge cell");
1623 connection_or_close_for_error(chan->conn, 0);
1624 return;
1625 }
1626 }
1627 if (send_netinfo) {
1628 if (connection_or_send_netinfo(chan->conn) < 0) {
1629 log_warn(LD_OR, "Couldn't send netinfo cell");
1630 connection_or_close_for_error(chan->conn, 0);
1631 return;
1632 }
1633 }
1634 }
1635}
1636
1637/**
1638 * Process a 'padding_negotiate' cell.
1639 *
1640 * This function is called to handle an incoming PADDING_NEGOTIATE cell;
1641 * enable or disable padding accordingly, and read and act on its timeout
1642 * value contents.
1643 */
1644static void
1646{
1647 channelpadding_negotiate_t *negotiation;
1648 tor_assert(cell);
1649 tor_assert(chan);
1650 tor_assert(chan->conn);
1651
1652 if (chan->conn->link_proto < MIN_LINK_PROTO_FOR_CHANNEL_PADDING) {
1653 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1654 "Received a PADDING_NEGOTIATE cell on v%d connection; dropping.",
1655 chan->conn->link_proto);
1656 return;
1657 }
1658
1659 if (channelpadding_negotiate_parse(&negotiation, cell->payload,
1660 CELL_PAYLOAD_SIZE) < 0) {
1661 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1662 "Received malformed PADDING_NEGOTIATE cell on v%d connection; "
1663 "dropping.", chan->conn->link_proto);
1664
1665 return;
1666 }
1667
1668 channelpadding_update_padding_for_channel(TLS_CHAN_TO_BASE(chan),
1669 negotiation);
1670
1671 channelpadding_negotiate_free(negotiation);
1672}
1673
1674/**
1675 * Convert <b>netinfo_addr</b> into corresponding <b>tor_addr</b>.
1676 * Return 0 on success; on failure, return -1 and log a warning.
1677 */
1678static int
1680 const netinfo_addr_t *netinfo_addr) {
1681 tor_assert(tor_addr);
1682 tor_assert(netinfo_addr);
1683
1684 uint8_t type = netinfo_addr_get_addr_type(netinfo_addr);
1685 uint8_t len = netinfo_addr_get_len(netinfo_addr);
1686
1687 if (type == NETINFO_ADDR_TYPE_IPV4 && len == 4) {
1688 uint32_t ipv4 = netinfo_addr_get_addr_ipv4(netinfo_addr);
1689 tor_addr_from_ipv4h(tor_addr, ipv4);
1690 } else if (type == NETINFO_ADDR_TYPE_IPV6 && len == 16) {
1691 const uint8_t *ipv6_bytes = netinfo_addr_getconstarray_addr_ipv6(
1692 netinfo_addr);
1693 tor_addr_from_ipv6_bytes(tor_addr, ipv6_bytes);
1694 } else {
1695 log_fn(LOG_PROTOCOL_WARN, LD_OR, "Cannot read address from NETINFO "
1696 "- wrong type/length.");
1697 return -1;
1698 }
1699
1700 return 0;
1701}
1702
1703/**
1704 * Helper: compute the absolute value of a time_t.
1705 *
1706 * (we need this because labs() doesn't always work for time_t, since
1707 * long can be shorter than time_t.)
1708 */
1709static inline time_t
1710time_abs(time_t val)
1711{
1712 return (val < 0) ? -val : val;
1713}
1714
1715/** Return true iff the channel can process a NETINFO cell. For this to return
1716 * true, these channel conditions apply:
1717 *
1718 * 1. Link protocol is version 2 or higher (tor-spec.txt, NETINFO cells
1719 * section).
1720 *
1721 * 2. Underlying OR connection of the channel is either in v2 or v3
1722 * handshaking state.
1723 */
1724static bool
1725can_process_netinfo_cell(const channel_tls_t *chan)
1726{
1727 /* NETINFO cells can only be negotiated on link protocol 2 or higher. */
1728 if (chan->conn->link_proto < 2) {
1729 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1730 "Received a NETINFO cell on %s connection; dropping.",
1731 chan->conn->link_proto == 0 ? "non-versioned" : "a v1");
1732 return false;
1733 }
1734
1735 /* Can't process a NETINFO cell if the connection is not handshaking. */
1736 if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
1737 chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
1738 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1739 "Received a NETINFO cell on non-handshaking connection; dropping.");
1740 return false;
1741 }
1742
1743 /* Make sure we do have handshake state. */
1744 tor_assert(chan->conn->handshake_state);
1745 tor_assert(chan->conn->handshake_state->received_versions);
1746
1747 return true;
1748}
1749
1750/** Mark the given channel endpoint as a client (which means either a tor
1751 * client or a tor bridge).
1752 *
1753 * This MUST be done on an _unauthenticated_ channel. It is a mistake to mark
1754 * an authenticated channel as a client.
1755 *
1756 * The following is done on the channel:
1757 *
1758 * 1. Marked as a client.
1759 * 2. Type of circuit ID type is set.
1760 * 3. The underlying OR connection is initialized with the address of the
1761 * endpoint.
1762 */
1763static void
1765{
1766 /* Ending up here for an authenticated link is a mistake. */
1767 if (BUG(chan->conn->handshake_state->authenticated)) {
1768 return;
1769 }
1770
1772 (const char*)(chan->conn->handshake_state->
1773 authenticated_rsa_peer_id)));
1775 (const char*)(chan->conn->handshake_state->
1776 authenticated_ed25519_peer_id.pubkey), 32));
1777 /* If the client never authenticated, it's a tor client or bridge
1778 * relay, and we must not use it for EXTEND requests (nor could we, as
1779 * there are no authenticated peer IDs) */
1780 channel_mark_client(TLS_CHAN_TO_BASE(chan));
1781 channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
1782 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
1783
1785 &(chan->conn->base_.addr),
1786 chan->conn->base_.port,
1787 /* zero, checked above */
1788 (const char*)(chan->conn->handshake_state->
1789 authenticated_rsa_peer_id),
1790 NULL, /* Ed25519 ID: Also checked as zero */
1791 0);
1792}
1793
1794/**
1795 * Process a 'netinfo' cell
1796 *
1797 * This function is called to handle an incoming NETINFO cell; read and act
1798 * on its contents, and set the connection state to "open".
1799 */
1800static void
1801channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
1802{
1803 time_t timestamp;
1804 uint8_t my_addr_type;
1805 uint8_t my_addr_len;
1806 uint8_t n_other_addrs;
1807 time_t now = time(NULL);
1809
1810 time_t apparent_skew = 0;
1811 tor_addr_t my_apparent_addr = TOR_ADDR_NULL;
1812 int started_here = 0;
1813 const char *identity_digest = NULL;
1814
1815 tor_assert(cell);
1816 tor_assert(chan);
1817 tor_assert(chan->conn);
1818
1819 /* Make sure we can process a NETINFO cell. Link protocol and state
1820 * validation is done to make sure of it. */
1821 if (!can_process_netinfo_cell(chan)) {
1822 return;
1823 }
1824
1825 started_here = connection_or_nonopen_was_started_here(chan->conn);
1826 identity_digest = chan->conn->identity_digest;
1827
1828 if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
1829 tor_assert(chan->conn->link_proto >= 3);
1830 if (started_here) {
1831 if (!(chan->conn->handshake_state->authenticated)) {
1832 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1833 "Got a NETINFO cell from server, "
1834 "but no authentication. Closing the connection.");
1835 connection_or_close_for_error(chan->conn, 0);
1836 return;
1837 }
1838 } else {
1839 /* We're the server. If the client never authenticated, we have some
1840 * housekeeping to do.
1841 *
1842 * It's a tor client or bridge relay, and we must not use it for EXTEND
1843 * requests (nor could we, as there are no authenticated peer IDs) */
1844 if (!(chan->conn->handshake_state->authenticated)) {
1846 }
1847 }
1848 }
1849
1850 /* Decode the cell. */
1851 netinfo_cell_t *netinfo_cell = NULL;
1852
1853 ssize_t parsed = netinfo_cell_parse(&netinfo_cell, cell->payload,
1855
1856 if (parsed < 0) {
1857 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1858 "Failed to parse NETINFO cell - closing connection.");
1859 connection_or_close_for_error(chan->conn, 0);
1860 return;
1861 }
1862
1863 timestamp = netinfo_cell_get_timestamp(netinfo_cell);
1864
1865 const netinfo_addr_t *my_addr =
1866 netinfo_cell_getconst_other_addr(netinfo_cell);
1867
1868 my_addr_type = netinfo_addr_get_addr_type(my_addr);
1869 my_addr_len = netinfo_addr_get_len(my_addr);
1870
1871 if ((now - chan->conn->handshake_state->sent_versions_at) < 180) {
1872 apparent_skew = now - timestamp;
1873 }
1874 /* We used to check:
1875 * if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) {
1876 *
1877 * This is actually never going to happen, since my_addr_len is at most 255,
1878 * and CELL_PAYLOAD_LEN - 6 is 503. So we know that cp is < end. */
1879
1880 if (tor_addr_from_netinfo_addr(&my_apparent_addr, my_addr) == -1) {
1881 connection_or_close_for_error(chan->conn, 0);
1882 netinfo_cell_free(netinfo_cell);
1883 return;
1884 }
1885
1886 if (my_addr_type == NETINFO_ADDR_TYPE_IPV4 && my_addr_len == 4) {
1887 if (!get_options()->BridgeRelay && me &&
1888 tor_addr_eq(&my_apparent_addr, &me->ipv4_addr)) {
1889 TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1890 }
1891 } else if (my_addr_type == NETINFO_ADDR_TYPE_IPV6 &&
1892 my_addr_len == 16) {
1893 if (!get_options()->BridgeRelay && me &&
1894 !tor_addr_is_null(&me->ipv6_addr) &&
1895 tor_addr_eq(&my_apparent_addr, &me->ipv6_addr)) {
1896 TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1897 }
1898 }
1899
1900 if (me) {
1901 /* We have a descriptor, so we are a relay: record the address that the
1902 * other side said we had. */
1903 tor_addr_copy(&TLS_CHAN_TO_BASE(chan)->addr_according_to_peer,
1904 &my_apparent_addr);
1905 }
1906
1907 n_other_addrs = netinfo_cell_get_n_my_addrs(netinfo_cell);
1908 for (uint8_t i = 0; i < n_other_addrs; i++) {
1909 /* Consider all the other addresses; if any matches, this connection is
1910 * "canonical." */
1911
1912 const netinfo_addr_t *netinfo_addr =
1913 netinfo_cell_getconst_my_addrs(netinfo_cell, i);
1914
1915 tor_addr_t addr;
1916
1917 if (tor_addr_from_netinfo_addr(&addr, netinfo_addr) == -1) {
1918 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1919 "Bad address in netinfo cell; Skipping.");
1920 continue;
1921 }
1922 /* A relay can connect from anywhere and be canonical, so
1923 * long as it tells you from where it came. This may sound a bit
1924 * concerning... but that's what "canonical" means: that the
1925 * address is one that the relay itself has claimed. The relay
1926 * might be doing something funny, but nobody else is doing a MITM
1927 * on the relay's TCP.
1928 */
1929 if (tor_addr_eq(&addr, &TO_CONN(chan->conn)->addr)) {
1930 connection_or_set_canonical(chan->conn, 1);
1931 break;
1932 }
1933 }
1934
1935 netinfo_cell_free(netinfo_cell);
1936
1937 if (me && !TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer &&
1938 channel_is_canonical(TLS_CHAN_TO_BASE(chan))) {
1939 const char *descr = channel_describe_peer(
1940 TLS_CHAN_TO_BASE(chan));
1941 log_info(LD_OR,
1942 "We made a connection to a relay at %s (fp=%s) but we think "
1943 "they will not consider this connection canonical. They "
1944 "think we are at %s, but we think its %s.",
1945 safe_str(descr),
1946 safe_str(hex_str(identity_digest, DIGEST_LEN)),
1947 safe_str(tor_addr_is_null(&my_apparent_addr) ?
1948 "<none>" : fmt_and_decorate_addr(&my_apparent_addr)),
1949 safe_str(fmt_addr(&me->ipv4_addr)));
1950 }
1951
1952 /* Act on apparent skew. */
1953 /** Warn when we get a netinfo skew with at least this value. */
1954#define NETINFO_NOTICE_SKEW 3600
1955 if (time_abs(apparent_skew) > NETINFO_NOTICE_SKEW &&
1956 (started_here ||
1957 connection_or_digest_is_known_relay(chan->conn->identity_digest))) {
1958 int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
1959 clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL,
1960 "NETINFO cell", "OR");
1961 }
1962
1963 /* Consider our apparent address as a possible suggestion for our address if
1964 * we were unable to resolve it previously. The endpoint address is passed
1965 * in order to make sure to never consider an address that is the same as
1966 * our endpoint. */
1967 relay_address_new_suggestion(&my_apparent_addr, &TO_CONN(chan->conn)->addr,
1968 identity_digest);
1969
1970 if (! chan->conn->handshake_state->sent_netinfo) {
1971 /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
1972 * cell, then we would not previously have sent a NETINFO cell. Do so
1973 * now. */
1974 if (connection_or_send_netinfo(chan->conn) < 0) {
1975 connection_or_close_for_error(chan->conn, 0);
1976 return;
1977 }
1978 }
1979
1980 if (connection_or_set_state_open(chan->conn) < 0) {
1981 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1982 "Got good NETINFO cell on %s; but "
1983 "was unable to make the OR connection become open.",
1984 connection_describe(TO_CONN(chan->conn)));
1985 connection_or_close_for_error(chan->conn, 0);
1986 } else {
1987 log_info(LD_OR,
1988 "Got good NETINFO cell on %s; OR connection is now "
1989 "open, using protocol version %d. Its ID digest is %s. "
1990 "Our address is apparently %s.",
1991 connection_describe(TO_CONN(chan->conn)),
1992 (int)(chan->conn->link_proto),
1993 hex_str(identity_digest, DIGEST_LEN),
1994 tor_addr_is_null(&my_apparent_addr) ?
1995 "<none>" :
1996 safe_str_client(fmt_and_decorate_addr(&my_apparent_addr)));
1997 }
1998 assert_connection_ok(TO_CONN(chan->conn),time(NULL));
1999}
2000
2001/** Types of certificates that we know how to parse from CERTS cells. Each
2002 * type corresponds to a different encoding format. */
2003typedef enum cert_encoding_t {
2004 CERT_ENCODING_UNKNOWN, /**< We don't recognize this. */
2005 CERT_ENCODING_X509, /**< It's an RSA key, signed with RSA, encoded in x509.
2006 * (Actually, it might not be RSA. We test that later.) */
2007 CERT_ENCODING_ED25519, /**< It's something signed with an Ed25519 key,
2008 * encoded asa a tor_cert_t.*/
2009 CERT_ENCODING_RSA_CROSSCERT, /**< It's an Ed key signed with an RSA key. */
2011
2012/**
2013 * Given one of the certificate type codes used in a CERTS cell,
2014 * return the corresponding cert_encoding_t that we should use to parse
2015 * the certificate.
2016 */
2017static cert_encoding_t
2019{
2020 switch (typenum) {
2021 case CERTTYPE_RSA1024_ID_LINK:
2022 case CERTTYPE_RSA1024_ID_ID:
2023 case CERTTYPE_RSA1024_ID_AUTH:
2024 return CERT_ENCODING_X509;
2025 case CERTTYPE_ED_ID_SIGN:
2026 case CERTTYPE_ED_SIGN_LINK:
2027 case CERTTYPE_ED_SIGN_AUTH:
2028 return CERT_ENCODING_ED25519;
2029 case CERTTYPE_RSA1024_ID_EDID:
2031 default:
2032 return CERT_ENCODING_UNKNOWN;
2033 }
2034}
2035
2036/**
2037 * Process a CERTS cell from a channel.
2038 *
2039 * This function is called to process an incoming CERTS cell on a
2040 * channel_tls_t:
2041 *
2042 * If the other side should not have sent us a CERTS cell, or the cell is
2043 * malformed, or it is supposed to authenticate the TLS key but it doesn't,
2044 * then mark the connection.
2045 *
2046 * If the cell has a good cert chain and we're doing a v3 handshake, then
2047 * store the certificates in or_handshake_state. If this is the client side
2048 * of the connection, we then authenticate the server or mark the connection.
2049 * If it's the server side, wait for an AUTHENTICATE cell.
2050 */
2051STATIC void
2053{
2054#define MAX_CERT_TYPE_WANTED CERTTYPE_RSA1024_ID_EDID
2055 /* These arrays will be sparse, since a cert type can be at most one
2056 * of ed/x509 */
2057 tor_x509_cert_t *x509_certs[MAX_CERT_TYPE_WANTED + 1];
2058 tor_cert_t *ed_certs[MAX_CERT_TYPE_WANTED + 1];
2059 uint8_t *rsa_ed_cc_cert = NULL;
2060 size_t rsa_ed_cc_cert_len = 0;
2061
2062 int n_certs, i;
2063 certs_cell_t *cc = NULL;
2064
2065 int send_netinfo = 0, started_here = 0;
2066
2067 memset(x509_certs, 0, sizeof(x509_certs));
2068 memset(ed_certs, 0, sizeof(ed_certs));
2069 tor_assert(cell);
2070 tor_assert(chan);
2071 tor_assert(chan->conn);
2072
2073#define ERR(s) \
2074 do { \
2075 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2076 "Received a bad CERTS cell on %s: %s", \
2077 connection_describe(TO_CONN(chan->conn)), \
2078 (s)); \
2079 connection_or_close_for_error(chan->conn, 0); \
2080 goto err; \
2081 } while (0)
2082
2083 /* Can't use connection_or_nonopen_was_started_here(); its conn->tls
2084 * check looks like it breaks
2085 * test_link_handshake_recv_certs_ok_server(). */
2086 started_here = chan->conn->handshake_state->started_here;
2087
2088 if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2089 ERR("We're not doing a v3 handshake!");
2090 if (chan->conn->link_proto < 3)
2091 ERR("We're not using link protocol >= 3");
2092 if (chan->conn->handshake_state->received_certs_cell)
2093 ERR("We already got one");
2094 if (chan->conn->handshake_state->authenticated) {
2095 /* Should be unreachable, but let's make sure. */
2096 ERR("We're already authenticated!");
2097 }
2098 if (cell->payload_len < 1)
2099 ERR("It had no body");
2100 if (cell->circ_id)
2101 ERR("It had a nonzero circuit ID");
2102
2103 if (certs_cell_parse(&cc, cell->payload, cell->payload_len) < 0)
2104 ERR("It couldn't be parsed.");
2105
2106 n_certs = cc->n_certs;
2107
2108 for (i = 0; i < n_certs; ++i) {
2109 certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
2110
2111 uint16_t cert_type = c->cert_type;
2112 uint16_t cert_len = c->cert_len;
2113 uint8_t *cert_body = certs_cell_cert_getarray_body(c);
2114
2115 if (cert_type > MAX_CERT_TYPE_WANTED)
2116 continue;
2118 switch (ct) {
2119 default:
2121 break;
2122 case CERT_ENCODING_X509: {
2123 tor_x509_cert_t *x509_cert = tor_x509_cert_decode(cert_body, cert_len);
2124 if (!x509_cert) {
2125 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2126 "Received undecodable certificate in CERTS cell on %s",
2127 connection_describe(TO_CONN(chan->conn)));
2128 } else {
2129 if (x509_certs[cert_type]) {
2130 tor_x509_cert_free(x509_cert);
2131 ERR("Duplicate x509 certificate");
2132 } else {
2133 x509_certs[cert_type] = x509_cert;
2134 }
2135 }
2136 break;
2137 }
2138 case CERT_ENCODING_ED25519: {
2139 tor_cert_t *ed_cert = tor_cert_parse(cert_body, cert_len);
2140 if (!ed_cert) {
2141 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2142 "Received undecodable Ed certificate "
2143 "in CERTS cell on %s",
2144 connection_describe(TO_CONN(chan->conn)));
2145 } else {
2146 if (ed_certs[cert_type]) {
2147 tor_cert_free(ed_cert);
2148 ERR("Duplicate Ed25519 certificate");
2149 } else {
2150 ed_certs[cert_type] = ed_cert;
2151 }
2152 }
2153 break;
2154 }
2155
2157 if (rsa_ed_cc_cert) {
2158 ERR("Duplicate RSA->Ed25519 crosscert");
2159 } else {
2160 rsa_ed_cc_cert = tor_memdup(cert_body, cert_len);
2161 rsa_ed_cc_cert_len = cert_len;
2162 }
2163 break;
2164 }
2165 }
2166 }
2167
2168 /* Move the certificates we (might) want into the handshake_state->certs
2169 * structure. */
2170 tor_x509_cert_t *id_cert = x509_certs[CERTTYPE_RSA1024_ID_ID];
2171 tor_x509_cert_t *auth_cert = x509_certs[CERTTYPE_RSA1024_ID_AUTH];
2172 tor_x509_cert_t *link_cert = x509_certs[CERTTYPE_RSA1024_ID_LINK];
2173 chan->conn->handshake_state->certs->auth_cert = auth_cert;
2174 chan->conn->handshake_state->certs->link_cert = link_cert;
2175 chan->conn->handshake_state->certs->id_cert = id_cert;
2176 x509_certs[CERTTYPE_RSA1024_ID_ID] =
2177 x509_certs[CERTTYPE_RSA1024_ID_AUTH] =
2178 x509_certs[CERTTYPE_RSA1024_ID_LINK] = NULL;
2179
2180 tor_cert_t *ed_id_sign = ed_certs[CERTTYPE_ED_ID_SIGN];
2181 tor_cert_t *ed_sign_link = ed_certs[CERTTYPE_ED_SIGN_LINK];
2182 tor_cert_t *ed_sign_auth = ed_certs[CERTTYPE_ED_SIGN_AUTH];
2183 chan->conn->handshake_state->certs->ed_id_sign = ed_id_sign;
2184 chan->conn->handshake_state->certs->ed_sign_link = ed_sign_link;
2185 chan->conn->handshake_state->certs->ed_sign_auth = ed_sign_auth;
2186 ed_certs[CERTTYPE_ED_ID_SIGN] =
2187 ed_certs[CERTTYPE_ED_SIGN_LINK] =
2188 ed_certs[CERTTYPE_ED_SIGN_AUTH] = NULL;
2189
2190 chan->conn->handshake_state->certs->ed_rsa_crosscert = rsa_ed_cc_cert;
2191 chan->conn->handshake_state->certs->ed_rsa_crosscert_len =
2192 rsa_ed_cc_cert_len;
2193 rsa_ed_cc_cert = NULL;
2194
2195 int severity;
2196 /* Note that this warns more loudly about time and validity if we were
2197 * _trying_ to connect to an authority, not necessarily if we _did_ connect
2198 * to one. */
2199 if (started_here &&
2200 router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest))
2201 severity = LOG_WARN;
2202 else
2203 severity = LOG_PROTOCOL_WARN;
2204
2205 const ed25519_public_key_t *checked_ed_id = NULL;
2206 const common_digests_t *checked_rsa_id = NULL;
2208 chan->conn->handshake_state->certs,
2209 chan->conn->tls,
2210 time(NULL),
2211 &checked_ed_id,
2212 &checked_rsa_id);
2213
2214 if (!checked_rsa_id)
2215 ERR("Invalid certificate chain!");
2216
2217 if (started_here) {
2218 /* No more information is needed. */
2219
2220 chan->conn->handshake_state->authenticated = 1;
2221 chan->conn->handshake_state->authenticated_rsa = 1;
2222 {
2223 const common_digests_t *id_digests = checked_rsa_id;
2224 crypto_pk_t *identity_rcvd;
2225 if (!id_digests)
2226 ERR("Couldn't compute digests for key in ID cert");
2227
2228 identity_rcvd = tor_tls_cert_get_key(id_cert);
2229 if (!identity_rcvd) {
2230 ERR("Couldn't get RSA key from ID cert.");
2231 }
2232 memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2233 id_digests->d[DIGEST_SHA1], DIGEST_LEN);
2234 channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
2235 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2236 crypto_pk_free(identity_rcvd);
2237 }
2238
2239 if (checked_ed_id) {
2240 chan->conn->handshake_state->authenticated_ed25519 = 1;
2241 memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2242 checked_ed_id, sizeof(ed25519_public_key_t));
2243 }
2244
2245 log_debug(LD_HANDSHAKE, "calling client_learned_peer_id from "
2246 "process_certs_cell");
2247
2249 chan->conn->handshake_state->authenticated_rsa_peer_id,
2250 checked_ed_id) < 0)
2251 ERR("Problem setting or checking peer id");
2252
2253 log_info(LD_HANDSHAKE,
2254 "Got some good certificates on %s: Authenticated it with "
2255 "RSA%s",
2256 connection_describe(TO_CONN(chan->conn)),
2257 checked_ed_id ? " and Ed25519" : "");
2258
2260 /* If we initiated the connection and we are not a public server, we
2261 * aren't planning to authenticate at all. At this point we know who we
2262 * are talking to, so we can just send a netinfo now. */
2263 send_netinfo = 1;
2264 }
2265 } else {
2266 /* We can't call it authenticated till we see an AUTHENTICATE cell. */
2267 log_info(LD_OR,
2268 "Got some good RSA%s certificates on %s. "
2269 "Waiting for AUTHENTICATE.",
2270 checked_ed_id ? " and Ed25519" : "",
2271 connection_describe(TO_CONN(chan->conn)));
2272 /* XXXX check more stuff? */
2273 }
2274
2275 chan->conn->handshake_state->received_certs_cell = 1;
2276
2277 if (send_netinfo) {
2278 if (connection_or_send_netinfo(chan->conn) < 0) {
2279 log_warn(LD_OR, "Couldn't send netinfo cell");
2280 connection_or_close_for_error(chan->conn, 0);
2281 goto err;
2282 }
2283 }
2284
2285 err:
2286 for (unsigned u = 0; u < ARRAY_LENGTH(x509_certs); ++u) {
2287 tor_x509_cert_free(x509_certs[u]);
2288 }
2289 for (unsigned u = 0; u < ARRAY_LENGTH(ed_certs); ++u) {
2290 tor_cert_free(ed_certs[u]);
2291 }
2292 tor_free(rsa_ed_cc_cert);
2293 certs_cell_free(cc);
2294#undef ERR
2295}
2296
2297/**
2298 * Process an AUTH_CHALLENGE cell from a channel_tls_t.
2299 *
2300 * This function is called to handle an incoming AUTH_CHALLENGE cell on a
2301 * channel_tls_t; if we weren't supposed to get one (for example, because we're
2302 * not the originator of the channel), or it's ill-formed, or we aren't doing
2303 * a v3 handshake, mark the channel. If the cell is well-formed but we don't
2304 * want to authenticate, just drop it. If the cell is well-formed *and* we
2305 * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
2306 */
2307STATIC void
2309{
2310 int n_types, i, use_type = -1;
2311 auth_challenge_cell_t *ac = NULL;
2312
2313 tor_assert(cell);
2314 tor_assert(chan);
2315 tor_assert(chan->conn);
2316
2317#define ERR(s) \
2318 do { \
2319 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2320 "Received a bad AUTH_CHALLENGE cell on %s: %s", \
2321 connection_describe(TO_CONN(chan->conn)), \
2322 (s)); \
2323 connection_or_close_for_error(chan->conn, 0); \
2324 goto done; \
2325 } while (0)
2326
2327 if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2328 ERR("We're not currently doing a v3 handshake");
2329 if (chan->conn->link_proto < 3)
2330 ERR("We're not using link protocol >= 3");
2331 if (!(chan->conn->handshake_state->started_here))
2332 ERR("We didn't originate this connection");
2333 if (chan->conn->handshake_state->received_auth_challenge)
2334 ERR("We already received one");
2335 if (!(chan->conn->handshake_state->received_certs_cell))
2336 ERR("We haven't gotten a CERTS cell yet");
2337 if (cell->circ_id)
2338 ERR("It had a nonzero circuit ID");
2339
2340 if (auth_challenge_cell_parse(&ac, cell->payload, cell->payload_len) < 0)
2341 ERR("It was not well-formed.");
2342
2343 n_types = ac->n_methods;
2344
2345 /* Now see if there is an authentication type we can use */
2346 for (i = 0; i < n_types; ++i) {
2347 uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
2348 if (authchallenge_type_is_supported(authtype)) {
2349 if (use_type == -1 ||
2350 authchallenge_type_is_better(authtype, use_type)) {
2351 use_type = authtype;
2352 }
2353 }
2354 }
2355
2356 chan->conn->handshake_state->received_auth_challenge = 1;
2357
2359 /* If we're not a public server then we don't want to authenticate on a
2360 connection we originated, and we already sent a NETINFO cell when we
2361 got the CERTS cell. We have nothing more to do. */
2362 goto done;
2363 }
2364
2365 if (use_type >= 0) {
2366 log_info(LD_OR,
2367 "Got an AUTH_CHALLENGE cell on %s: Sending "
2368 "authentication type %d",
2369 connection_describe(TO_CONN(chan->conn)),
2370 use_type);
2371
2372 if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) {
2373 log_warn(LD_OR,
2374 "Couldn't send authenticate cell");
2375 connection_or_close_for_error(chan->conn, 0);
2376 goto done;
2377 }
2378 } else {
2379 log_info(LD_OR,
2380 "Got an AUTH_CHALLENGE cell on %s, but we don't "
2381 "know any of its authentication types. Not authenticating.",
2382 connection_describe(TO_CONN(chan->conn)));
2383 }
2384
2385 if (connection_or_send_netinfo(chan->conn) < 0) {
2386 log_warn(LD_OR, "Couldn't send netinfo cell");
2387 connection_or_close_for_error(chan->conn, 0);
2388 goto done;
2389 }
2390
2391 done:
2392 auth_challenge_cell_free(ac);
2393
2394#undef ERR
2395}
2396
2397/**
2398 * Process an AUTHENTICATE cell from a channel_tls_t.
2399 *
2400 * If it's ill-formed or we weren't supposed to get one or we're not doing a
2401 * v3 handshake, then mark the connection. If it does not authenticate the
2402 * other side of the connection successfully (because it isn't signed right,
2403 * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
2404 * the identity of the router on the other side of the connection.
2405 */
2406STATIC void
2408{
2409 var_cell_t *expected_cell = NULL;
2410 const uint8_t *auth;
2411 int authlen;
2412 int authtype;
2413 int bodylen;
2414
2415 tor_assert(cell);
2416 tor_assert(chan);
2417 tor_assert(chan->conn);
2418
2419#define ERR(s) \
2420 do { \
2421 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2422 "Received a bad AUTHENTICATE cell on %s: %s", \
2423 connection_describe(TO_CONN(chan->conn)), \
2424 (s)); \
2425 connection_or_close_for_error(chan->conn, 0); \
2426 var_cell_free(expected_cell); \
2427 return; \
2428 } while (0)
2429
2430 if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2431 ERR("We're not doing a v3 handshake");
2432 if (chan->conn->link_proto < 3)
2433 ERR("We're not using link protocol >= 3");
2434 if (chan->conn->handshake_state->started_here)
2435 ERR("We originated this connection");
2436 if (chan->conn->handshake_state->received_authenticate)
2437 ERR("We already got one!");
2438 if (chan->conn->handshake_state->authenticated) {
2439 /* Should be impossible given other checks */
2440 ERR("The peer is already authenticated");
2441 }
2442 if (!(chan->conn->handshake_state->received_certs_cell))
2443 ERR("We never got a certs cell");
2444 if (chan->conn->handshake_state->certs->id_cert == NULL)
2445 ERR("We never got an identity certificate");
2446 if (cell->payload_len < 4)
2447 ERR("Cell was way too short");
2448
2449 auth = cell->payload;
2450 {
2451 uint16_t type = ntohs(get_uint16(auth));
2452 uint16_t len = ntohs(get_uint16(auth+2));
2453 if (4 + len > cell->payload_len)
2454 ERR("Authenticator was truncated");
2455
2457 ERR("Authenticator type was not recognized");
2458 authtype = type;
2459
2460 auth += 4;
2461 authlen = len;
2462 }
2463
2464 if (authlen < V3_AUTH_BODY_LEN + 1)
2465 ERR("Authenticator was too short");
2466
2468 chan->conn, authtype, NULL, NULL, 1);
2469 if (! expected_cell)
2470 ERR("Couldn't compute expected AUTHENTICATE cell body");
2471
2472 int sig_is_rsa;
2473 if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET ||
2474 authtype == AUTHTYPE_RSA_SHA256_RFC5705) {
2475 bodylen = V3_AUTH_BODY_LEN;
2476 sig_is_rsa = 1;
2477 } else {
2479 /* Our earlier check had better have made sure we had room
2480 * for an ed25519 sig (inadvertently) */
2482 bodylen = authlen - ED25519_SIG_LEN;
2483 sig_is_rsa = 0;
2484 }
2485 if (expected_cell->payload_len != bodylen+4) {
2486 ERR("Expected AUTHENTICATE cell body len not as expected.");
2487 }
2488
2489 /* Length of random part. */
2490 if (BUG(bodylen < 24)) {
2491 // LCOV_EXCL_START
2492 ERR("Bodylen is somehow less than 24, which should really be impossible");
2493 // LCOV_EXCL_STOP
2494 }
2495
2496 if (tor_memneq(expected_cell->payload+4, auth, bodylen-24))
2497 ERR("Some field in the AUTHENTICATE cell body was not as expected");
2498
2499 if (sig_is_rsa) {
2500 if (chan->conn->handshake_state->certs->ed_id_sign != NULL)
2501 ERR("RSA-signed AUTHENTICATE response provided with an ED25519 cert");
2502
2503 if (chan->conn->handshake_state->certs->auth_cert == NULL)
2504 ERR("We never got an RSA authentication certificate");
2505
2507 chan->conn->handshake_state->certs->auth_cert);
2508 char d[DIGEST256_LEN];
2509 char *signed_data;
2510 size_t keysize;
2511 int signed_len;
2512
2513 if (! pk) {
2514 ERR("Couldn't get RSA key from AUTH cert.");
2515 }
2516 crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
2517
2518 keysize = crypto_pk_keysize(pk);
2519 signed_data = tor_malloc(keysize);
2520 signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
2521 (char*)auth + V3_AUTH_BODY_LEN,
2522 authlen - V3_AUTH_BODY_LEN);
2523 crypto_pk_free(pk);
2524 if (signed_len < 0) {
2525 tor_free(signed_data);
2526 ERR("RSA signature wasn't valid");
2527 }
2528 if (signed_len < DIGEST256_LEN) {
2529 tor_free(signed_data);
2530 ERR("Not enough data was signed");
2531 }
2532 /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
2533 * in case they're later used to hold a SHA3 digest or something. */
2534 if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
2535 tor_free(signed_data);
2536 ERR("Signature did not match data to be signed.");
2537 }
2538 tor_free(signed_data);
2539 } else {
2540 if (chan->conn->handshake_state->certs->ed_id_sign == NULL)
2541 ERR("We never got an Ed25519 identity certificate.");
2542 if (chan->conn->handshake_state->certs->ed_sign_auth == NULL)
2543 ERR("We never got an Ed25519 authentication certificate.");
2544
2545 const ed25519_public_key_t *authkey =
2546 &chan->conn->handshake_state->certs->ed_sign_auth->signed_key;
2548 tor_assert(authlen > ED25519_SIG_LEN);
2549 memcpy(&sig.sig, auth + authlen - ED25519_SIG_LEN, ED25519_SIG_LEN);
2550 if (ed25519_checksig(&sig, auth, authlen - ED25519_SIG_LEN, authkey)<0) {
2551 ERR("Ed25519 signature wasn't valid.");
2552 }
2553 }
2554
2555 /* Okay, we are authenticated. */
2556 chan->conn->handshake_state->received_authenticate = 1;
2557 chan->conn->handshake_state->authenticated = 1;
2558 chan->conn->handshake_state->authenticated_rsa = 1;
2559 chan->conn->handshake_state->digest_received_data = 0;
2560 {
2561 tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert;
2562 crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(id_cert);
2563 const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
2564 const ed25519_public_key_t *ed_identity_received = NULL;
2565
2566 if (! sig_is_rsa) {
2567 chan->conn->handshake_state->authenticated_ed25519 = 1;
2568 ed_identity_received =
2569 &chan->conn->handshake_state->certs->ed_id_sign->signing_key;
2570 memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2571 ed_identity_received, sizeof(ed25519_public_key_t));
2572 }
2573
2574 /* This must exist; we checked key type when reading the cert. */
2575 tor_assert(id_digests);
2576
2577 memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2578 id_digests->d[DIGEST_SHA1], DIGEST_LEN);
2579
2580 channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
2581 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2582 crypto_pk_free(identity_rcvd);
2583
2584 log_debug(LD_HANDSHAKE,
2585 "Calling connection_or_init_conn_from_address on %s "
2586 " from %s, with%s ed25519 id.",
2587 connection_describe(TO_CONN(chan->conn)),
2588 __func__,
2589 ed_identity_received ? "" : "out");
2590
2592 &(chan->conn->base_.addr),
2593 chan->conn->base_.port,
2594 (const char*)(chan->conn->handshake_state->
2595 authenticated_rsa_peer_id),
2596 ed_identity_received,
2597 0);
2598
2599 log_debug(LD_HANDSHAKE,
2600 "Got an AUTHENTICATE cell on %s, type %d: Looks good.",
2601 connection_describe(TO_CONN(chan->conn)),
2602 authtype);
2603 }
2604
2605 var_cell_free(expected_cell);
2606
2607#undef ERR
2608}
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:900
#define fmt_and_decorate_addr(a)
Definition: address.h:243
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
#define fmt_addr(a)
Definition: address.h:239
#define tor_addr_eq(a, b)
Definition: address.h:280
static bool tor_addr_is_unspec(const tor_addr_t *a)
Definition: address.h:196
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
Cell queue structures.
Fixed-size cell structure.
void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd, int consider_identity)
Definition: channel.c:3358
void channel_listener_unregister(channel_listener_t *chan_l)
Definition: channel.c:525
void channel_mark_local(channel_t *chan)
Definition: channel.c:3019
void channel_mark_client(channel_t *chan)
Definition: channel.c:2931
void channel_mark_incoming(channel_t *chan)
Definition: channel.c:2987
void channel_init_listener(channel_listener_t *chan_l)
Definition: channel.c:891
void channel_listener_mark_for_close(channel_listener_t *chan_l)
Definition: channel.c:1181
void channel_process_cell(channel_t *chan, cell_t *cell)
Definition: channel.c:1983
void channel_change_state_open(channel_t *chan)
Definition: channel.c:1627
int channel_is_canonical(channel_t *chan)
Definition: channel.c:2958
const char * channel_state_to_string(channel_state_t state)
Definition: channel.c:316
void channel_register(channel_t *chan)
Definition: channel.c:387
void channel_listener_register(channel_listener_t *chan_l)
Definition: channel.c:484
void channel_mark_remote(channel_t *chan)
Definition: channel.c:3035
int channel_is_local(channel_t *chan)
Definition: channel.c:3004
const char * channel_describe_peer(channel_t *chan)
Definition: channel.c:2840
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1142
void channel_listener_change_state(channel_listener_t *chan_l, channel_listener_state_t to_state)
Definition: channel.c:1644
void channel_mark_outgoing(channel_t *chan)
Definition: channel.c:3064
void channel_init(channel_t *chan)
Definition: channel.c:852
void channel_change_state(channel_t *chan, channel_state_t to_state)
Definition: channel.c:1617
Header file for channel.c.
@ CHANNEL_STATE_MAINT
Definition: channel.h:94
@ CHANNEL_STATE_OPENING
Definition: channel.h:70
@ CHANNEL_STATE_ERROR
Definition: channel.h:117
@ CHANNEL_LISTENER_STATE_ERROR
Definition: channel.h:166
@ CHANNEL_LISTENER_STATE_LISTENING
Definition: channel.h:146
@ CHANNEL_LISTENER_STATE_CLOSING
Definition: channel.h:156
@ CHANNEL_LISTENER_STATE_CLOSED
Definition: channel.h:135
int channelpadding_update_padding_for_channel(channel_t *chan, const channelpadding_negotiate_t *pad_vars)
static int channel_tls_get_remote_addr_method(const channel_t *chan, tor_addr_t *addr_out)
Definition: channeltls.c:580
void channel_tls_free_all(void)
Definition: channeltls.c:300
void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
Definition: channeltls.c:1199
static channel_listener_t * channel_tls_listener
Definition: channeltls.c:101
STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:2407
static void channel_tls_listener_close_method(channel_listener_t *chan_l)
Definition: channeltls.c:922
void channel_mark_as_used_for_origin_circuit(channel_t *chan)
Definition: channeltls.c:391
static int tor_addr_from_netinfo_addr(tor_addr_t *tor_addr, const netinfo_addr_t *netinfo_addr)
Definition: channeltls.c:1679
static const char * channel_tls_describe_transport_method(channel_t *chan)
Definition: channeltls.c:486
channel_listener_t * channel_tls_start_listener(void)
Definition: channeltls.c:269
static int channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
Definition: channeltls.c:891
static int channel_tls_has_queued_writes_method(channel_t *chan)
Definition: channeltls.c:649
static void mark_channel_tls_endpoint_as_client(channel_tls_t *chan)
Definition: channeltls.c:1764
static double channel_tls_get_overhead_estimate_method(channel_t *chan)
Definition: channeltls.c:540
void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, or_connection_t *conn, uint8_t state)
Definition: channeltls.c:980
void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
Definition: channeltls.c:1083
static int command_allowed_before_handshake(uint8_t command)
Definition: channeltls.c:1406
static bool can_process_netinfo_cell(const channel_tls_t *chan)
Definition: channeltls.c:1725
uint64_t stats_n_padding_cells_processed
Definition: channeltls.c:84
channel_listener_t * channel_tls_get_listener(void)
Definition: channeltls.c:257
cert_encoding_t
Definition: channeltls.c:2003
@ CERT_ENCODING_ED25519
Definition: channeltls.c:2007
@ CERT_ENCODING_UNKNOWN
Definition: channeltls.c:2004
@ CERT_ENCODING_X509
Definition: channeltls.c:2005
@ CERT_ENCODING_RSA_CROSSCERT
Definition: channeltls.c:2009
const channel_tls_t * channel_tls_from_base_const(const channel_t *chan)
Definition: channeltls.c:448
channel_tls_t * channel_tls_from_base(channel_t *chan)
Definition: channeltls.c:425
uint64_t stats_n_certs_cells_processed
Definition: channeltls.c:92
static int channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
Definition: channeltls.c:829
STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:2308
static void channel_tls_close_method(channel_t *chan)
Definition: channeltls.c:463
static int channel_tls_num_cells_writeable_method(channel_t *chan)
Definition: channeltls.c:800
static void channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:1645
STATIC void channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
Definition: channeltls.c:2052
uint64_t stats_n_auth_challenge_cells_processed
Definition: channeltls.c:94
void channel_tls_update_marks(or_connection_t *conn)
Definition: channeltls.c:1373
uint64_t stats_n_authorize_cells_processed
Definition: channeltls.c:98
uint64_t stats_n_versions_cells_processed
Definition: channeltls.c:86
static int enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1427
const channel_t * channel_tls_to_base_const(const channel_tls_t *tlschan)
Definition: channeltls.c:438
uint64_t stats_n_authenticate_cells_processed
Definition: channeltls.c:96
static size_t channel_tls_num_bytes_queued_method(channel_t *chan)
Definition: channeltls.c:782
static const char * channel_tls_describe_peer_method(const channel_t *chan)
Definition: channeltls.c:630
channel_t * channel_tls_handle_incoming(or_connection_t *orconn)
Definition: channeltls.c:332
static void channel_tls_free_method(channel_t *chan)
Definition: channeltls.c:524
static cert_encoding_t certs_cell_typenum_to_cert_type(int typenum)
Definition: channeltls.c:2018
uint64_t stats_n_vpadding_cells_processed
Definition: channeltls.c:90
static int channel_tls_is_canonical_method(channel_t *chan)
Definition: channeltls.c:676
static int channel_tls_matches_extend_info_method(channel_t *chan, extend_info_t *extend_info)
Definition: channeltls.c:705
static void channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1801
channel_t * channel_tls_to_base(channel_tls_t *tlschan)
Definition: channeltls.c:413
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
Definition: channeltls.c:194
static int channel_tls_write_packed_cell_method(channel_t *chan, packed_cell_t *packed_cell)
Definition: channeltls.c:860
static int channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
Definition: channeltls.c:608
static const char * channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
Definition: channeltls.c:962
static time_t time_abs(time_t val)
Definition: channeltls.c:1710
static void channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *tlschan)
Definition: channeltls.c:1467
STATIC void channel_tls_common_init(channel_tls_t *tlschan)
Definition: channeltls.c:154
static int channel_tls_matches_target_method(channel_t *chan, const tor_addr_t *target)
Definition: channeltls.c:745
uint64_t stats_n_netinfo_cells_processed
Definition: channeltls.c:88
Header file for channeltls.c.
void circuitmux_set_policy(circuitmux_t *cmux, const circuitmux_policy_t *pol)
Definition: circuitmux.c:428
circuitmux_t * circuitmux_alloc(void)
Definition: circuitmux.c:194
Header file for circuitmux.c.
Header file for circuitmux_ewma.c.
Header file for command.c.
#define ARRAY_LENGTH(x)
const or_options_t * get_options(void)
Definition: config.c:944
tor_cmdline_mode_t command
Definition: config.c:2468
Header file for config.c.
Public APIs for congestion control.
static uint32_t or_conn_highwatermark(void)
void clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted, log_domain_mask_t domain, const char *received, const char *source)
Definition: connection.c:5963
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5673
const char * connection_describe_peer(const connection_t *conn)
Definition: connection.c:530
const char * connection_describe(const connection_t *conn)
Definition: connection.c:545
const char * conn_state_to_string(int type, int state)
Definition: connection.c:304
Header file for connection.c.
#define CONN_TYPE_OR
Definition: connection.h:44
int connection_or_nonopen_was_started_here(struct or_connection_t *conn)
int is_or_protocol_version_known(uint16_t v)
int connection_or_set_state_open(or_connection_t *conn)
void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
int connection_or_send_versions(or_connection_t *conn, int v3_plus)
int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id)
void or_handshake_state_record_var_cell(or_connection_t *conn, or_handshake_state_t *state, const var_cell_t *cell, int incoming)
int connection_or_send_netinfo(or_connection_t *conn)
void connection_or_change_state(or_connection_t *conn, uint8_t state)
void or_handshake_state_record_cell(or_connection_t *conn, or_handshake_state_t *state, const cell_t *cell, int incoming)
int connection_or_digest_is_known_relay(const char *id_digest)
void connection_or_init_conn_from_address(or_connection_t *conn, const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, int started_here)
or_connection_t * connection_or_connect(const tor_addr_t *_addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, channel_tls_t *chan)
void connection_or_close_for_error(or_connection_t *orconn, int flush)
ssize_t connection_or_num_cells_writeable(or_connection_t *conn)
int connection_init_or_handshake_state(or_connection_t *conn, int started_here)
void connection_or_block_renegotiation(or_connection_t *conn)
void connection_or_close_normally(or_connection_t *orconn, int flush)
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
Header file for connection_or.c.
Header file for control.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
int ed25519_checksig(const ed25519_signature_t *signature, const uint8_t *msg, size_t len, const ed25519_public_key_t *pubkey)
size_t crypto_pk_keysize(const crypto_pk_t *env)
int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header file for dirlist.c.
void entry_guards_note_internet_connectivity(guard_selection_t *gs)
Definition: entrynodes.c:2121
guard_selection_t * get_guard_selection_info(void)
Definition: entrynodes.c:312
Header file for circuitbuild.c.
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:243
Header for core/or/extendinfo.c.
Header file for geoip_stats.c.
@ GEOIP_CLIENT_CONNECT
Definition: geoip_stats.h:24
void geoip_note_client_seen(geoip_client_action_t action, const tor_addr_t *addr, const char *transport_name, time_t now)
Definition: geoip_stats.c:229
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_PROTOCOL
Definition: log.h:72
#define LD_CHANNEL
Definition: log.h:105
#define LD_OR
Definition: log.h:92
#define LD_HANDSHAKE
Definition: log.h:101
#define LD_GENERAL
Definition: log.h:62
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
static time_t current_second
Definition: mainloop.c:2216
#define tor_free(p)
Definition: malloc.h:56
Header file for networkstatus.c.
Master header file for Tor-specific functionality.
#define V3_AUTH_BODY_LEN
Definition: or.h:595
#define CELL_PAYLOAD_SIZE
Definition: or.h:465
#define AUTHTYPE_RSA_SHA256_TLSSECRET
Definition: or.h:569
#define TO_CONN(c)
Definition: or.h:612
#define AUTHTYPE_RSA_SHA256_RFC5705
Definition: or.h:577
#define AUTHTYPE_ED25519_SHA256_RFC5705
Definition: or.h:580
OR connection structure.
OR handshake certs structure.
OR handshake state structure.
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
Definition: orconn_event.h:43
#define OR_CONN_STATE_OR_HANDSHAKING_V2
Definition: orconn_event.h:47
#define OR_CONN_STATE_TLS_HANDSHAKING
Definition: orconn_event.h:36
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:51
#define OR_CONN_STATE_OPEN
Definition: orconn_event.h:53
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
Header file for relay.c.
void relay_address_new_suggestion(const tor_addr_t *suggested_addr, const tor_addr_t *peer_addr, const char *identity_digest)
Header file for relay_find_addr.c.
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
int connection_or_send_certs_cell(or_connection_t *conn)
int authchallenge_type_is_supported(uint16_t challenge_type)
int connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
Header for feature/relay/relay_handshake.c.
void rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here)
Definition: rephist.c:2786
void rep_hist_padding_count_read(padding_type_t type)
Definition: rephist.c:2846
Header file for rephist.c.
@ PADDING_TYPE_ENABLED_CELL
Definition: rephist.h:158
@ PADDING_TYPE_TOTAL
Definition: rephist.h:154
@ PADDING_TYPE_ENABLED_TOTAL
Definition: rephist.h:156
@ PADDING_TYPE_CELL
Definition: rephist.h:152
bool is_local_to_resolve_addr(const tor_addr_t *addr)
: Return true iff the given addr is judged to be local to our resolved address.
Definition: resolve_addr.c:819
Header file for resolve_addr.c.
const routerinfo_t * router_get_my_routerinfo(void)
Definition: router.c:1830
Header file for router.c.
Router descriptor structure.
int public_server_mode(const or_options_t *options)
Definition: routermode.c:43
Header file for routermode.c.
void scheduler_channel_wants_writes(channel_t *chan)
Definition: scheduler.c:673
Header file for scheduler*.c.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: cell_st.h:17
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
uint8_t command
Definition: cell_st.h:19
channel_listener_state_t state
Definition: channel.h:463
const char *(* describe_transport)(channel_listener_t *)
Definition: channel.h:493
uint64_t global_identifier
Definition: channel.h:468
smartlist_t * incoming_list
Definition: channel.h:501
void(* close)(channel_listener_t *)
Definition: channel.h:491
void(* free_fn)(channel_t *)
Definition: channel.h:316
channel_state_t state
Definition: channel.h:192
int(* is_canonical)(channel_t *)
Definition: channel.h:353
void(* close)(channel_t *)
Definition: channel.h:318
int(* matches_extend_info)(channel_t *, extend_info_t *)
Definition: channel.h:355
uint32_t magic
Definition: channel.h:183
uint64_t global_identifier
Definition: channel.h:197
int(* write_packed_cell)(channel_t *, packed_cell_t *)
Definition: channel.h:365
const char *(* describe_transport)(channel_t *)
Definition: channel.h:320
double(* get_overhead_estimate)(channel_t *)
Definition: channel.h:333
int(* matches_target)(channel_t *, const tor_addr_t *)
Definition: channel.h:357
const char *(* describe_peer)(const channel_t *)
Definition: channel.h:346
int(* write_var_cell)(channel_t *, var_cell_t *)
Definition: channel.h:367
circuitmux_t * cmux
Definition: channel.h:397
int(* has_queued_writes)(channel_t *)
Definition: channel.h:348
enum channel_t::@8 reason_for_closing
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
Definition: crypto_digest.h:89
uint8_t state
Definition: connection_st.h:49
uint16_t marked_for_close
channel_tls_t * chan
or_handshake_state_t * handshake_state
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:30
tor_addr_t ipv4_addr
Definition: routerinfo_st.h:25
uint8_t command
Definition: var_cell_st.h:18
uint16_t payload_len
Definition: var_cell_st.h:22
circid_t circ_id
Definition: var_cell_st.h:20
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
Definition: var_cell_st.h:24
#define STATIC
Definition: testsupport.h:32
void tor_gettimeofday(struct timeval *timeval)
void or_handshake_certs_check_both(int severity, or_handshake_certs_t *certs, tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out)
Definition: torcert.c:685
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
Definition: torcert.c:159
Header for torcert.c.
Headers for tortls.c.
long tv_udiff(const struct timeval *start, const struct timeval *end)
Definition: tvdiff.c:53
#define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL
Definition: util_bug.h:268
#define tor_assert(expr)
Definition: util_bug.h:103
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:76
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:98
Variable-length cell structure.
#define ED25519_SIG_LEN
Definition: x25519_sizes.h:34
Headers for tortls.c.
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
Definition: x509_nss.c:287
tor_x509_cert_t * tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
Definition: x509_nss.c:271
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
Definition: x509.c:59