37#define CHANNEL_OBJECT_PRIVATE
39#define CHANNELTLS_PRIVATE
47#include "core/or/dos.h"
55#include "trunnel/link_handshake.h"
65#include "trunnel/channelpadding_negotiation.h"
66#include "trunnel/netinfo.h"
67#include "core/or/channelpadding.h"
140 channel_tls_t *tlschan);
142 channel_tls_t *tlschan);
145 channel_tls_t *tlschan);
147 channel_tls_t *chan);
160 chan = &(tlschan->base_);
162 chan->
magic = TLS_CHAN_MAGIC;
195 const char *id_digest,
198 channel_tls_t *tlschan = tor_malloc_zero(
sizeof(*tlschan));
204 "In channel_tls_connect() for channel %p "
205 "(global id %"PRIu64
")",
211 "Marking new outgoing channel %"PRIu64
" at %p as local",
216 "Marking new outgoing channel %"PRIu64
" at %p as remote",
226 if (!(tlschan->conn)) {
233 "Got orconn %p for channel with global id %"PRIu64,
239 circuitmux_free(chan->
cmux);
274 listener = tor_malloc_zero(
sizeof(*listener));
284 "Starting TLS channel listener %p with global id %"PRIu64,
305 "Shutting down TLS channels...");
314 "Closing channel_tls_listener with ID %"PRIu64
320 channel_listener_free(old_listener);
325 "Done shutting down TLS channels");
334 channel_tls_t *tlschan = tor_malloc_zero(
sizeof(*tlschan));
343 tlschan->conn = orconn;
344 orconn->
chan = tlschan;
348 "Marking new incoming channel %"PRIu64
" at %p as local",
353 "Marking new incoming channel %"PRIu64
" at %p as remote",
363 char *transport_name = NULL;
365 &transport_name) < 0) {
366 transport_name = NULL;
372 &
TO_CONN(orconn)->addr, transport_name,
374 dos_new_client_conn(orconn, transport_name);
395 if (chan->
magic != TLS_CHAN_MAGIC)
402 tlschan->conn->potentially_used_for_bootstrapping = 1;
415 if (!tlschan)
return NULL;
417 return &(tlschan->base_);
427 if (!chan)
return NULL;
431 return (channel_tls_t *)(chan);
465 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
473 "Tried to close channel_tls_t %p with NULL conn",
488 static char *buf = NULL;
490 channel_tls_t *tlschan;
491 const char *rv = NULL;
495 tlschan = BASE_CHAN_TO_TLS(chan);
498 id =
TO_CONN(tlschan->conn)->global_identifier;
502 "TLS channel (connection %"PRIu64
")",
507 rv =
"TLS channel (no connection)";
526 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
531 tlschan->conn->chan = NULL;
532 tlschan->conn = NULL;
542 double overhead = 1.0;
543 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
549 if (tlschan->conn->bytes_xmitted > 0 &&
550 tlschan->conn->bytes_xmitted_by_tls >=
551 tlschan->conn->bytes_xmitted) {
552 overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
553 ((
double)(tlschan->conn->bytes_xmitted));
564 "Estimated overhead ratio for TLS chan %"PRIu64
" is %f",
583 const channel_tls_t *tlschan = CONST_BASE_CHAN_TO_TLS(chan);
588 if (tlschan->conn == NULL) {
610 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
616 if (!tlschan->conn->ext_or_transport)
619 *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
632 const channel_tls_t *tlschan = CONST_BASE_CHAN_TO_TLS(chan);
638 return "(No connection)";
652 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
655 if (!(tlschan->conn)) {
657 "something called has_queued_writes on a tlschan "
658 "(%p with ID %"PRIu64
" but no conn",
662 outbuf_len = (tlschan->conn != NULL) ?
663 connection_get_outbuf_len(
TO_CONN(tlschan->conn)) :
666 return (outbuf_len > 0);
679 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
689 answer = tlschan->conn->is_canonical;
708 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
714 if (!(tlschan->conn)) {
716 "something called matches_extend_info on a tlschan "
717 "(%p with ID %"PRIu64
" but no conn",
748 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
754 if (!(tlschan->conn)) {
756 "something called matches_target on a tlschan "
757 "(%p with ID %"PRIu64
" but no conn",
784 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
789 return connection_get_outbuf_len(
TO_CONN(tlschan->conn));
804 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
805 size_t cell_network_size;
810 cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
811 outbuf_len = connection_get_outbuf_len(
TO_CONN(tlschan->conn));
815#if SIZEOF_SIZE_T > SIZEOF_INT
816 if (n > INT_MAX) n = INT_MAX;
831 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
842 "something called write_cell on a tlschan "
843 "(%p with ID %"PRIu64
" but no conn",
864 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
865 size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
871 connection_buf_add(packed_cell->
body, cell_network_size,
875 "something called write_packed_cell on a tlschan "
876 "(%p with ID %"PRIu64
" but no conn",
893 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
904 "something called write_var_cell on a tlschan "
905 "(%p with ID %"PRIu64
" but no conn",
943 } SMARTLIST_FOREACH_END(ichan);
966 return "TLS channel (listening)";
991 base_chan = TLS_CHAN_TO_BASE(chan);
997 CHANNEL_IS_OPEN(base_chan) ||
998 CHANNEL_IS_MAINT(base_chan) ||
999 CHANNEL_IS_CLOSING(base_chan));
1017 if (CHANNEL_IS_OPEN(base_chan)) {
1023#ifdef KEEP_TIMING_STATS
1033channel_tls_time_process_cell(
cell_t *cell, channel_tls_t *chan,
int *time,
1034 void (*func)(
cell_t *, channel_tls_t *))
1041 (*func)(cell, chan);
1044 time_passed =
tv_udiff(&start, &end) ;
1046 if (time_passed > 10000) {
1047 log_debug(
LD_OR,
"That call just took %ld ms.",time_passed/1000);
1050 if (time_passed < 0) {
1051 log_info(
LD_GENERAL,
"That call took us back in time!");
1055 *time += time_passed;
1059#ifdef KEEP_TIMING_STATS
1060#define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
1062 channel_tls_time_process_cell(cl, cn, & tp ## time , \
1063 channel_tls_process_ ## tp ## _cell); \
1066#define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
1085 channel_tls_t *chan;
1095 "Got a cell_t on an OR connection with no channel");
1107 if (handshaking && cell->
command != CELL_VERSIONS &&
1108 cell->
command != CELL_NETINFO) {
1110 "Received unexpected cell command %d in chan state %s / "
1111 "conn state %s; closing the connection.",
1127 if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1133 if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1146 "Received unexpected VERSIONS cell on a channel using link "
1151 PROCESS_CELL(netinfo, cell, chan);
1153 case CELL_PADDING_NEGOTIATE:
1155 PROCESS_CELL(padding_negotiate, cell, chan);
1158 case CELL_CREATE_FAST:
1160 case CELL_CREATED_FAST:
1162 case CELL_RELAY_EARLY:
1174 "Cell of unknown type (%d) received in channeltls.c. "
1201 channel_tls_t *chan;
1203#ifdef KEEP_TIMING_STATS
1206 static int num_versions = 0, num_certs = 0;
1208 time_t now = time(NULL);
1214 "At end of second: %d versions (%d ms), %d certs (%d ms)",
1218 num_versions = num_certs = 0;
1219 versions_time = certs_time = 0;
1233 "Got a var_cell_t on an OR connection with no channel");
1237 if (
TO_CONN(conn)->marked_for_close)
1240 switch (
TO_CONN(conn)->state) {
1242 if (var_cell->
command != CELL_VERSIONS) {
1244 "Received a cell with command %d in unexpected "
1245 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1246 "closing the connection.",
1251 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1267 tor_assert_nonfatal_unreached_once();
1272 "Received a cell with command %d in unexpected "
1273 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1274 "closing the connection.",
1279 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1289 if (var_cell->
command != CELL_AUTHENTICATE)
1296 "Received a variable-length cell with command %d in orconn "
1297 "state %s [%d], channel state %s [%d] with link protocol %d; "
1303 (
int)(TLS_CHAN_TO_BASE(chan)->state),
1310 "Received var-length cell with command %d in unexpected "
1311 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1317 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1330 PROCESS_CELL(versions, var_cell, chan);
1338 PROCESS_CELL(certs, var_cell, chan);
1340 case CELL_AUTH_CHALLENGE:
1342 PROCESS_CELL(auth_challenge, var_cell, chan);
1344 case CELL_AUTHENTICATE:
1346 PROCESS_CELL(authenticate, var_cell, chan);
1348 case CELL_AUTHORIZE:
1354 "Variable-length cell of unknown type (%d) received.",
1380 chan = TLS_CHAN_TO_BASE(conn->
chan);
1385 "Marking channel %"PRIu64
" at %p as local",
1392 "Marking channel %"PRIu64
" at %p as remote",
1411 case CELL_AUTHORIZE:
1429 int started_here = 0;
1443 "Received a cell while TLS-handshaking, not in "
1444 "OR_HANDSHAKING_V3, on a connection we originated.");
1453 chan->conn->handshake_state, cell, 1);
1469 int highest_supported_version = 0;
1470 int started_here = 0;
1478 "Received a VERSION cell with odd payload length %d; "
1486 if (chan->conn->link_proto != 0 ||
1487 (chan->conn->handshake_state &&
1488 chan->conn->handshake_state->received_versions)) {
1490 "Received a VERSIONS cell on a connection with its version "
1491 "already set to %d; dropping",
1492 (
int)(chan->conn->link_proto));
1495 switch (chan->conn->base_.state)
1504 "VERSIONS cell while in unexpected state");
1512 const uint8_t *cp = cell->
payload;
1513 for (i = 0; i < cell->
payload_len / 2; ++i, cp += 2) {
1516 highest_supported_version = v;
1519 if (!highest_supported_version) {
1521 "Couldn't find a version in common between my version list and the "
1522 "list in the VERSIONS cell; closing connection.");
1525 }
else if (highest_supported_version == 1) {
1529 "Used version negotiation protocol to negotiate a v1 connection. "
1530 "That's crazily non-compliant. Closing connection.");
1533 }
else if (highest_supported_version < 3 &&
1536 "Negotiated link protocol 2 or lower after doing a v3 TLS "
1537 "handshake. Closing connection.");
1540 }
else if (highest_supported_version != 2 &&
1544 "Negotiated link with non-2 protocol after doing a v2 TLS "
1545 "handshake with %s. Closing connection.",
1553 chan->conn->link_proto = highest_supported_version;
1554 chan->conn->handshake_state->received_versions = 1;
1556 if (chan->conn->link_proto == 2) {
1558 "Negotiated version %d on %s; sending NETINFO.",
1559 highest_supported_version,
1567 const int send_versions = !started_here;
1571 const int send_chall = !started_here;
1574 const int send_netinfo = !started_here;
1575 const int send_any =
1576 send_versions || send_certs || send_chall || send_netinfo;
1580 "Negotiated version %d with on %s; %s%s%s%s%s",
1581 highest_supported_version,
1583 send_any ?
"Sending cells:" :
"Waiting for CERTS cell",
1584 send_versions ?
" VERSIONS" :
"",
1585 send_certs ?
" CERTS" :
"",
1586 send_chall ?
" AUTH_CHALLENGE" :
"",
1587 send_netinfo ?
" NETINFO" :
"");
1589#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
1596 if (send_versions) {
1598 log_warn(
LD_OR,
"Couldn't send versions cell");
1606 TLS_CHAN_TO_BASE(chan)->wide_circ_ids =
1607 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
1608 chan->conn->wide_circ_ids = TLS_CHAN_TO_BASE(chan)->wide_circ_ids;
1610 TLS_CHAN_TO_BASE(chan)->padding_enabled =
1611 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_CHANNEL_PADDING;
1615 log_warn(
LD_OR,
"Couldn't send certs cell");
1622 log_warn(
LD_OR,
"Couldn't send auth_challenge cell");
1629 log_warn(
LD_OR,
"Couldn't send netinfo cell");
1647 channelpadding_negotiate_t *negotiation;
1652 if (chan->conn->link_proto < MIN_LINK_PROTO_FOR_CHANNEL_PADDING) {
1654 "Received a PADDING_NEGOTIATE cell on v%d connection; dropping.",
1655 chan->conn->link_proto);
1659 if (channelpadding_negotiate_parse(&negotiation, cell->
payload,
1662 "Received malformed PADDING_NEGOTIATE cell on v%d connection; "
1663 "dropping.", chan->conn->link_proto);
1671 channelpadding_negotiate_free(negotiation);
1680 const netinfo_addr_t *netinfo_addr) {
1684 uint8_t type = netinfo_addr_get_addr_type(netinfo_addr);
1685 uint8_t len = netinfo_addr_get_len(netinfo_addr);
1687 if (type == NETINFO_ADDR_TYPE_IPV4 && len == 4) {
1688 uint32_t ipv4 = netinfo_addr_get_addr_ipv4(netinfo_addr);
1690 }
else if (type == NETINFO_ADDR_TYPE_IPV6 && len == 16) {
1691 const uint8_t *ipv6_bytes = netinfo_addr_getconstarray_addr_ipv6(
1695 log_fn(LOG_PROTOCOL_WARN,
LD_OR,
"Cannot read address from NETINFO "
1696 "- wrong type/length.");
1712 return (val < 0) ? -val : val;
1728 if (chan->conn->link_proto < 2) {
1730 "Received a NETINFO cell on %s connection; dropping.",
1731 chan->conn->link_proto == 0 ?
"non-versioned" :
"a v1");
1739 "Received a NETINFO cell on non-handshaking connection; dropping.");
1745 tor_assert(chan->conn->handshake_state->received_versions);
1767 if (BUG(chan->conn->handshake_state->authenticated)) {
1772 (
const char*)(chan->conn->handshake_state->
1773 authenticated_rsa_peer_id)));
1775 (
const char*)(chan->conn->handshake_state->
1776 authenticated_ed25519_peer_id.pubkey), 32));
1782 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
1785 &(chan->conn->base_.addr),
1786 chan->conn->base_.port,
1788 (
const char*)(chan->conn->handshake_state->
1789 authenticated_rsa_peer_id),
1804 uint8_t my_addr_type;
1805 uint8_t my_addr_len;
1806 uint8_t n_other_addrs;
1807 time_t now = time(NULL);
1810 time_t apparent_skew = 0;
1812 int started_here = 0;
1813 const char *identity_digest = NULL;
1826 identity_digest = chan->conn->identity_digest;
1831 if (!(chan->conn->handshake_state->authenticated)) {
1833 "Got a NETINFO cell from server, "
1834 "but no authentication. Closing the connection.");
1844 if (!(chan->conn->handshake_state->authenticated)) {
1851 netinfo_cell_t *netinfo_cell = NULL;
1853 ssize_t parsed = netinfo_cell_parse(&netinfo_cell, cell->
payload,
1858 "Failed to parse NETINFO cell - closing connection.");
1863 timestamp = netinfo_cell_get_timestamp(netinfo_cell);
1865 const netinfo_addr_t *my_addr =
1866 netinfo_cell_getconst_other_addr(netinfo_cell);
1868 my_addr_type = netinfo_addr_get_addr_type(my_addr);
1869 my_addr_len = netinfo_addr_get_len(my_addr);
1871 if ((now - chan->conn->handshake_state->sent_versions_at) < 180) {
1872 apparent_skew = now - timestamp;
1882 netinfo_cell_free(netinfo_cell);
1886 if (my_addr_type == NETINFO_ADDR_TYPE_IPV4 && my_addr_len == 4) {
1889 TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1891 }
else if (my_addr_type == NETINFO_ADDR_TYPE_IPV6 &&
1892 my_addr_len == 16) {
1896 TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1903 tor_addr_copy(&TLS_CHAN_TO_BASE(chan)->addr_according_to_peer,
1907 n_other_addrs = netinfo_cell_get_n_my_addrs(netinfo_cell);
1908 for (uint8_t i = 0; i < n_other_addrs; i++) {
1912 const netinfo_addr_t *netinfo_addr =
1913 netinfo_cell_getconst_my_addrs(netinfo_cell, i);
1919 "Bad address in netinfo cell; Skipping.");
1930 connection_or_set_canonical(chan->conn, 1);
1935 netinfo_cell_free(netinfo_cell);
1937 if (me && !TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer &&
1940 TLS_CHAN_TO_BASE(chan));
1942 "We made a connection to a relay at %s (fp=%s) but we think "
1943 "they will not consider this connection canonical. They "
1944 "think we are at %s, but we think its %s.",
1954#define NETINFO_NOTICE_SKEW 3600
1955 if (
time_abs(apparent_skew) > NETINFO_NOTICE_SKEW &&
1958 int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
1960 "NETINFO cell",
"OR");
1970 if (! chan->conn->handshake_state->sent_netinfo) {
1982 "Got good NETINFO cell on %s; but "
1983 "was unable to make the OR connection become open.",
1988 "Got good NETINFO cell on %s; OR connection is now "
1989 "open, using protocol version %d. Its ID digest is %s. "
1990 "Our address is apparently %s.",
1992 (
int)(chan->conn->link_proto),
2021 case CERTTYPE_RSA1024_ID_LINK:
2022 case CERTTYPE_RSA1024_ID_ID:
2023 case CERTTYPE_RSA1024_ID_AUTH:
2025 case CERTTYPE_ED_ID_SIGN:
2026 case CERTTYPE_ED_SIGN_LINK:
2027 case CERTTYPE_ED_SIGN_AUTH:
2029 case CERTTYPE_RSA1024_ID_EDID:
2054#define MAX_CERT_TYPE_WANTED CERTTYPE_RSA1024_ID_EDID
2057 tor_x509_cert_t *x509_certs[MAX_CERT_TYPE_WANTED + 1];
2058 tor_cert_t *ed_certs[MAX_CERT_TYPE_WANTED + 1];
2059 uint8_t *rsa_ed_cc_cert = NULL;
2060 size_t rsa_ed_cc_cert_len = 0;
2063 certs_cell_t *cc = NULL;
2065 int send_netinfo = 0, started_here = 0;
2067 memset(x509_certs, 0,
sizeof(x509_certs));
2068 memset(ed_certs, 0,
sizeof(ed_certs));
2075 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2076 "Received a bad CERTS cell on %s: %s", \
2077 connection_describe(TO_CONN(chan->conn)), \
2079 connection_or_close_for_error(chan->conn, 0); \
2086 started_here = chan->conn->handshake_state->started_here;
2089 ERR(
"We're not doing a v3 handshake!");
2090 if (chan->conn->link_proto < 3)
2091 ERR(
"We're not using link protocol >= 3");
2092 if (chan->conn->handshake_state->received_certs_cell)
2093 ERR(
"We already got one");
2094 if (chan->conn->handshake_state->authenticated) {
2096 ERR(
"We're already authenticated!");
2099 ERR(
"It had no body");
2101 ERR(
"It had a nonzero circuit ID");
2104 ERR(
"It couldn't be parsed.");
2106 n_certs = cc->n_certs;
2108 for (i = 0; i < n_certs; ++i) {
2109 certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
2111 uint16_t cert_type = c->cert_type;
2112 uint16_t cert_len = c->cert_len;
2113 uint8_t *cert_body = certs_cell_cert_getarray_body(c);
2115 if (cert_type > MAX_CERT_TYPE_WANTED)
2126 "Received undecodable certificate in CERTS cell on %s",
2129 if (x509_certs[cert_type]) {
2130 tor_x509_cert_free(x509_cert);
2131 ERR(
"Duplicate x509 certificate");
2133 x509_certs[cert_type] = x509_cert;
2142 "Received undecodable Ed certificate "
2143 "in CERTS cell on %s",
2146 if (ed_certs[cert_type]) {
2147 tor_cert_free(ed_cert);
2148 ERR(
"Duplicate Ed25519 certificate");
2150 ed_certs[cert_type] = ed_cert;
2157 if (rsa_ed_cc_cert) {
2158 ERR(
"Duplicate RSA->Ed25519 crosscert");
2160 rsa_ed_cc_cert = tor_memdup(cert_body, cert_len);
2161 rsa_ed_cc_cert_len = cert_len;
2170 tor_x509_cert_t *id_cert = x509_certs[CERTTYPE_RSA1024_ID_ID];
2171 tor_x509_cert_t *auth_cert = x509_certs[CERTTYPE_RSA1024_ID_AUTH];
2172 tor_x509_cert_t *link_cert = x509_certs[CERTTYPE_RSA1024_ID_LINK];
2173 chan->conn->handshake_state->certs->auth_cert = auth_cert;
2174 chan->conn->handshake_state->certs->link_cert = link_cert;
2175 chan->conn->handshake_state->certs->id_cert = id_cert;
2176 x509_certs[CERTTYPE_RSA1024_ID_ID] =
2177 x509_certs[CERTTYPE_RSA1024_ID_AUTH] =
2178 x509_certs[CERTTYPE_RSA1024_ID_LINK] = NULL;
2180 tor_cert_t *ed_id_sign = ed_certs[CERTTYPE_ED_ID_SIGN];
2181 tor_cert_t *ed_sign_link = ed_certs[CERTTYPE_ED_SIGN_LINK];
2182 tor_cert_t *ed_sign_auth = ed_certs[CERTTYPE_ED_SIGN_AUTH];
2183 chan->conn->handshake_state->certs->ed_id_sign = ed_id_sign;
2184 chan->conn->handshake_state->certs->ed_sign_link = ed_sign_link;
2185 chan->conn->handshake_state->certs->ed_sign_auth = ed_sign_auth;
2186 ed_certs[CERTTYPE_ED_ID_SIGN] =
2187 ed_certs[CERTTYPE_ED_SIGN_LINK] =
2188 ed_certs[CERTTYPE_ED_SIGN_AUTH] = NULL;
2190 chan->conn->handshake_state->certs->ed_rsa_crosscert = rsa_ed_cc_cert;
2191 chan->conn->handshake_state->certs->ed_rsa_crosscert_len =
2193 rsa_ed_cc_cert = NULL;
2200 router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest))
2203 severity = LOG_PROTOCOL_WARN;
2208 chan->conn->handshake_state->certs,
2214 if (!checked_rsa_id)
2215 ERR(
"Invalid certificate chain!");
2220 chan->conn->handshake_state->authenticated = 1;
2221 chan->conn->handshake_state->authenticated_rsa = 1;
2226 ERR(
"Couldn't compute digests for key in ID cert");
2229 if (!identity_rcvd) {
2230 ERR(
"Couldn't get RSA key from ID cert.");
2232 memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2235 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2236 crypto_pk_free(identity_rcvd);
2239 if (checked_ed_id) {
2240 chan->conn->handshake_state->authenticated_ed25519 = 1;
2241 memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2245 log_debug(
LD_HANDSHAKE,
"calling client_learned_peer_id from "
2246 "process_certs_cell");
2249 chan->conn->handshake_state->authenticated_rsa_peer_id,
2251 ERR(
"Problem setting or checking peer id");
2254 "Got some good certificates on %s: Authenticated it with "
2257 checked_ed_id ?
" and Ed25519" :
"");
2268 "Got some good RSA%s certificates on %s. "
2269 "Waiting for AUTHENTICATE.",
2270 checked_ed_id ?
" and Ed25519" :
"",
2275 chan->conn->handshake_state->received_certs_cell = 1;
2279 log_warn(
LD_OR,
"Couldn't send netinfo cell");
2286 for (
unsigned u = 0; u <
ARRAY_LENGTH(x509_certs); ++u) {
2287 tor_x509_cert_free(x509_certs[u]);
2289 for (
unsigned u = 0; u <
ARRAY_LENGTH(ed_certs); ++u) {
2290 tor_cert_free(ed_certs[u]);
2293 certs_cell_free(cc);
2310 int n_types, i, use_type = -1;
2311 auth_challenge_cell_t *ac = NULL;
2319 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2320 "Received a bad AUTH_CHALLENGE cell on %s: %s", \
2321 connection_describe(TO_CONN(chan->conn)), \
2323 connection_or_close_for_error(chan->conn, 0); \
2328 ERR(
"We're not currently doing a v3 handshake");
2329 if (chan->conn->link_proto < 3)
2330 ERR(
"We're not using link protocol >= 3");
2331 if (!(chan->conn->handshake_state->started_here))
2332 ERR(
"We didn't originate this connection");
2333 if (chan->conn->handshake_state->received_auth_challenge)
2334 ERR(
"We already received one");
2335 if (!(chan->conn->handshake_state->received_certs_cell))
2336 ERR(
"We haven't gotten a CERTS cell yet");
2338 ERR(
"It had a nonzero circuit ID");
2341 ERR(
"It was not well-formed.");
2343 n_types = ac->n_methods;
2346 for (i = 0; i < n_types; ++i) {
2347 uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
2349 if (use_type == -1 ||
2351 use_type = authtype;
2356 chan->conn->handshake_state->received_auth_challenge = 1;
2365 if (use_type >= 0) {
2367 "Got an AUTH_CHALLENGE cell on %s: Sending "
2368 "authentication type %d",
2374 "Couldn't send authenticate cell");
2380 "Got an AUTH_CHALLENGE cell on %s, but we don't "
2381 "know any of its authentication types. Not authenticating.",
2386 log_warn(
LD_OR,
"Couldn't send netinfo cell");
2392 auth_challenge_cell_free(ac);
2410 const uint8_t *auth;
2421 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2422 "Received a bad AUTHENTICATE cell on %s: %s", \
2423 connection_describe(TO_CONN(chan->conn)), \
2425 connection_or_close_for_error(chan->conn, 0); \
2426 var_cell_free(expected_cell); \
2431 ERR(
"We're not doing a v3 handshake");
2432 if (chan->conn->link_proto < 3)
2433 ERR(
"We're not using link protocol >= 3");
2434 if (chan->conn->handshake_state->started_here)
2435 ERR(
"We originated this connection");
2436 if (chan->conn->handshake_state->received_authenticate)
2437 ERR(
"We already got one!");
2438 if (chan->conn->handshake_state->authenticated) {
2440 ERR(
"The peer is already authenticated");
2442 if (!(chan->conn->handshake_state->received_certs_cell))
2443 ERR(
"We never got a certs cell");
2444 if (chan->conn->handshake_state->certs->id_cert == NULL)
2445 ERR(
"We never got an identity certificate");
2447 ERR(
"Cell was way too short");
2454 ERR(
"Authenticator was truncated");
2457 ERR(
"Authenticator type was not recognized");
2465 ERR(
"Authenticator was too short");
2468 chan->conn, authtype, NULL, NULL, 1);
2469 if (! expected_cell)
2470 ERR(
"Couldn't compute expected AUTHENTICATE cell body");
2486 ERR(
"Expected AUTHENTICATE cell body len not as expected.");
2490 if (BUG(bodylen < 24)) {
2492 ERR(
"Bodylen is somehow less than 24, which should really be impossible");
2497 ERR(
"Some field in the AUTHENTICATE cell body was not as expected");
2500 if (chan->conn->handshake_state->certs->ed_id_sign != NULL)
2501 ERR(
"RSA-signed AUTHENTICATE response provided with an ED25519 cert");
2503 if (chan->conn->handshake_state->certs->auth_cert == NULL)
2504 ERR(
"We never got an RSA authentication certificate");
2507 chan->conn->handshake_state->certs->auth_cert);
2514 ERR(
"Couldn't get RSA key from AUTH cert.");
2519 signed_data = tor_malloc(keysize);
2524 if (signed_len < 0) {
2526 ERR(
"RSA signature wasn't valid");
2530 ERR(
"Not enough data was signed");
2536 ERR(
"Signature did not match data to be signed.");
2540 if (chan->conn->handshake_state->certs->ed_id_sign == NULL)
2541 ERR(
"We never got an Ed25519 identity certificate.");
2542 if (chan->conn->handshake_state->certs->ed_sign_auth == NULL)
2543 ERR(
"We never got an Ed25519 authentication certificate.");
2546 &chan->conn->handshake_state->certs->ed_sign_auth->signed_key;
2551 ERR(
"Ed25519 signature wasn't valid.");
2556 chan->conn->handshake_state->received_authenticate = 1;
2557 chan->conn->handshake_state->authenticated = 1;
2558 chan->conn->handshake_state->authenticated_rsa = 1;
2559 chan->conn->handshake_state->digest_received_data = 0;
2561 tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert;
2567 chan->conn->handshake_state->authenticated_ed25519 = 1;
2568 ed_identity_received =
2569 &chan->conn->handshake_state->certs->ed_id_sign->signing_key;
2570 memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2577 memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2581 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2582 crypto_pk_free(identity_rcvd);
2585 "Calling connection_or_init_conn_from_address on %s "
2586 " from %s, with%s ed25519 id.",
2589 ed_identity_received ?
"" :
"out");
2592 &(chan->conn->base_.addr),
2593 chan->conn->base_.port,
2594 (
const char*)(chan->conn->handshake_state->
2595 authenticated_rsa_peer_id),
2596 ed_identity_received,
2600 "Got an AUTHENTICATE cell on %s, type %d: Looks good.",
2605 var_cell_free(expected_cell);
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
void tor_addr_make_unspec(tor_addr_t *a)
int tor_addr_is_null(const tor_addr_t *addr)
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
#define fmt_and_decorate_addr(a)
#define tor_addr_from_ipv4h(dest, v4addr)
#define tor_addr_eq(a, b)
static bool tor_addr_is_unspec(const tor_addr_t *a)
const char * hex_str(const char *from, size_t fromlen)
static uint16_t get_uint16(const void *cp)
Fixed-size cell structure.
void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd, int consider_identity)
void channel_listener_unregister(channel_listener_t *chan_l)
void channel_mark_local(channel_t *chan)
void channel_mark_client(channel_t *chan)
void channel_mark_incoming(channel_t *chan)
void channel_init_listener(channel_listener_t *chan_l)
void channel_listener_mark_for_close(channel_listener_t *chan_l)
void channel_process_cell(channel_t *chan, cell_t *cell)
void channel_change_state_open(channel_t *chan)
int channel_is_canonical(channel_t *chan)
const char * channel_state_to_string(channel_state_t state)
void channel_register(channel_t *chan)
void channel_listener_register(channel_listener_t *chan_l)
void channel_mark_remote(channel_t *chan)
int channel_is_local(channel_t *chan)
const char * channel_describe_peer(channel_t *chan)
void channel_mark_for_close(channel_t *chan)
void channel_listener_change_state(channel_listener_t *chan_l, channel_listener_state_t to_state)
void channel_mark_outgoing(channel_t *chan)
void channel_init(channel_t *chan)
void channel_change_state(channel_t *chan, channel_state_t to_state)
Header file for channel.c.
@ CHANNEL_LISTENER_STATE_ERROR
@ CHANNEL_LISTENER_STATE_LISTENING
@ CHANNEL_LISTENER_STATE_CLOSING
@ CHANNEL_LISTENER_STATE_CLOSED
int channelpadding_update_padding_for_channel(channel_t *chan, const channelpadding_negotiate_t *pad_vars)
static int channel_tls_get_remote_addr_method(const channel_t *chan, tor_addr_t *addr_out)
void channel_tls_free_all(void)
void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
static channel_listener_t * channel_tls_listener
STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
static void channel_tls_listener_close_method(channel_listener_t *chan_l)
void channel_mark_as_used_for_origin_circuit(channel_t *chan)
static int tor_addr_from_netinfo_addr(tor_addr_t *tor_addr, const netinfo_addr_t *netinfo_addr)
static const char * channel_tls_describe_transport_method(channel_t *chan)
channel_listener_t * channel_tls_start_listener(void)
static int channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
static int channel_tls_has_queued_writes_method(channel_t *chan)
static void mark_channel_tls_endpoint_as_client(channel_tls_t *chan)
static double channel_tls_get_overhead_estimate_method(channel_t *chan)
void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, or_connection_t *conn, uint8_t state)
void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
static int command_allowed_before_handshake(uint8_t command)
static bool can_process_netinfo_cell(const channel_tls_t *chan)
uint64_t stats_n_padding_cells_processed
channel_listener_t * channel_tls_get_listener(void)
@ CERT_ENCODING_RSA_CROSSCERT
const channel_tls_t * channel_tls_from_base_const(const channel_t *chan)
channel_tls_t * channel_tls_from_base(channel_t *chan)
uint64_t stats_n_certs_cells_processed
static int channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
static void channel_tls_close_method(channel_t *chan)
static int channel_tls_num_cells_writeable_method(channel_t *chan)
static void channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan)
STATIC void channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
uint64_t stats_n_auth_challenge_cells_processed
void channel_tls_update_marks(or_connection_t *conn)
uint64_t stats_n_authorize_cells_processed
uint64_t stats_n_versions_cells_processed
static int enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *tlschan)
const channel_t * channel_tls_to_base_const(const channel_tls_t *tlschan)
uint64_t stats_n_authenticate_cells_processed
static size_t channel_tls_num_bytes_queued_method(channel_t *chan)
static const char * channel_tls_describe_peer_method(const channel_t *chan)
channel_t * channel_tls_handle_incoming(or_connection_t *orconn)
static void channel_tls_free_method(channel_t *chan)
static cert_encoding_t certs_cell_typenum_to_cert_type(int typenum)
uint64_t stats_n_vpadding_cells_processed
static int channel_tls_is_canonical_method(channel_t *chan)
static int channel_tls_matches_extend_info_method(channel_t *chan, extend_info_t *extend_info)
static void channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *tlschan)
channel_t * channel_tls_to_base(channel_tls_t *tlschan)
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
static int channel_tls_write_packed_cell_method(channel_t *chan, packed_cell_t *packed_cell)
static int channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
static const char * channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
static time_t time_abs(time_t val)
static void channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *tlschan)
STATIC void channel_tls_common_init(channel_tls_t *tlschan)
static int channel_tls_matches_target_method(channel_t *chan, const tor_addr_t *target)
uint64_t stats_n_netinfo_cells_processed
Header file for channeltls.c.
void circuitmux_set_policy(circuitmux_t *cmux, const circuitmux_policy_t *pol)
circuitmux_t * circuitmux_alloc(void)
Header file for circuitmux.c.
Header file for circuitmux_ewma.c.
Header file for command.c.
const or_options_t * get_options(void)
tor_cmdline_mode_t command
Header file for config.c.
Public APIs for congestion control.
static uint32_t or_conn_highwatermark(void)
void clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted, log_domain_mask_t domain, const char *received, const char *source)
void assert_connection_ok(connection_t *conn, time_t now)
const char * connection_describe_peer(const connection_t *conn)
const char * connection_describe(const connection_t *conn)
const char * conn_state_to_string(int type, int state)
Header file for connection.c.
int connection_or_nonopen_was_started_here(struct or_connection_t *conn)
int is_or_protocol_version_known(uint16_t v)
int connection_or_set_state_open(or_connection_t *conn)
void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
int connection_or_send_versions(or_connection_t *conn, int v3_plus)
int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id)
void or_handshake_state_record_var_cell(or_connection_t *conn, or_handshake_state_t *state, const var_cell_t *cell, int incoming)
int connection_or_send_netinfo(or_connection_t *conn)
void connection_or_change_state(or_connection_t *conn, uint8_t state)
void or_handshake_state_record_cell(or_connection_t *conn, or_handshake_state_t *state, const cell_t *cell, int incoming)
int connection_or_digest_is_known_relay(const char *id_digest)
void connection_or_init_conn_from_address(or_connection_t *conn, const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, int started_here)
or_connection_t * connection_or_connect(const tor_addr_t *_addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, channel_tls_t *chan)
void connection_or_close_for_error(or_connection_t *orconn, int flush)
ssize_t connection_or_num_cells_writeable(or_connection_t *conn)
int connection_init_or_handshake_state(or_connection_t *conn, int started_here)
void connection_or_block_renegotiation(or_connection_t *conn)
void connection_or_close_normally(or_connection_t *orconn, int flush)
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
Header file for connection_or.c.
Header file for control.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
int ed25519_checksig(const ed25519_signature_t *signature, const uint8_t *msg, size_t len, const ed25519_public_key_t *pubkey)
size_t crypto_pk_keysize(const crypto_pk_t *env)
int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
#define tor_memneq(a, b, sz)
Header file for dirlist.c.
void entry_guards_note_internet_connectivity(guard_selection_t *gs)
guard_selection_t * get_guard_selection_info(void)
Header file for circuitbuild.c.
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Header for core/or/extendinfo.c.
Header file for geoip_stats.c.
void geoip_note_client_seen(geoip_client_action_t action, const tor_addr_t *addr, const char *transport_name, time_t now)
#define log_fn(severity, domain, args,...)
static time_t current_second
Header file for networkstatus.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
#define AUTHTYPE_RSA_SHA256_TLSSECRET
#define AUTHTYPE_RSA_SHA256_RFC5705
#define AUTHTYPE_ED25519_SHA256_RFC5705
OR handshake certs structure.
OR handshake state structure.
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
#define OR_CONN_STATE_OR_HANDSHAKING_V2
#define OR_CONN_STATE_TLS_HANDSHAKING
#define OR_CONN_STATE_OR_HANDSHAKING_V3
#define OR_CONN_STATE_OPEN
int tor_asprintf(char **strp, const char *fmt,...)
void relay_address_new_suggestion(const tor_addr_t *suggested_addr, const tor_addr_t *peer_addr, const char *identity_digest)
Header file for relay_find_addr.c.
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
int connection_or_send_certs_cell(or_connection_t *conn)
int authchallenge_type_is_supported(uint16_t challenge_type)
int connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
Header for feature/relay/relay_handshake.c.
void rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here)
void rep_hist_padding_count_read(padding_type_t type)
Header file for rephist.c.
@ PADDING_TYPE_ENABLED_CELL
@ PADDING_TYPE_ENABLED_TOTAL
bool is_local_to_resolve_addr(const tor_addr_t *addr)
: Return true iff the given addr is judged to be local to our resolved address.
Header file for resolve_addr.c.
const routerinfo_t * router_get_my_routerinfo(void)
Header file for router.c.
Router descriptor structure.
int public_server_mode(const or_options_t *options)
Header file for routermode.c.
void scheduler_channel_wants_writes(channel_t *chan)
Header file for scheduler*.c.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint8_t payload[CELL_PAYLOAD_SIZE]
channel_listener_state_t state
const char *(* describe_transport)(channel_listener_t *)
uint64_t global_identifier
smartlist_t * incoming_list
void(* close)(channel_listener_t *)
void(* free_fn)(channel_t *)
int(* is_canonical)(channel_t *)
void(* close)(channel_t *)
int(* matches_extend_info)(channel_t *, extend_info_t *)
uint64_t global_identifier
int(* write_packed_cell)(channel_t *, packed_cell_t *)
const char *(* describe_transport)(channel_t *)
double(* get_overhead_estimate)(channel_t *)
int(* matches_target)(channel_t *, const tor_addr_t *)
const char *(* describe_peer)(const channel_t *)
int(* write_var_cell)(channel_t *, var_cell_t *)
int(* has_queued_writes)(channel_t *)
enum channel_t::@8 reason_for_closing
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
uint16_t marked_for_close
or_handshake_state_t * handshake_state
char body[CELL_MAX_NETWORK_SIZE]
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
void tor_gettimeofday(struct timeval *timeval)
void or_handshake_certs_check_both(int severity, or_handshake_certs_t *certs, tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out)
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
long tv_udiff(const struct timeval *start, const struct timeval *end)
#define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL
int fast_mem_is_zero(const char *mem, size_t len)
int tor_digest_is_zero(const char *digest)
Variable-length cell structure.
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
tor_x509_cert_t * tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)