37 #define CHANNEL_OBJECT_PRIVATE
39 #define CHANNELTLS_PRIVATE
54 #include "trunnel/link_handshake.h"
63 #include "trunnel/channelpadding_negotiation.h"
64 #include "trunnel/netinfo.h"
65 #include "core/or/channelpadding.h"
138 channel_tls_t *tlschan);
140 channel_tls_t *tlschan);
143 channel_tls_t *tlschan);
145 channel_tls_t *chan);
158 chan = &(tlschan->base_);
160 chan->
magic = TLS_CHAN_MAGIC;
193 const char *id_digest,
196 channel_tls_t *tlschan = tor_malloc_zero(
sizeof(*tlschan));
202 "In channel_tls_connect() for channel %p "
203 "(global id %"PRIu64
")",
209 "Marking new outgoing channel %"PRIu64
" at %p as local",
214 "Marking new outgoing channel %"PRIu64
" at %p as remote",
224 if (!(tlschan->conn)) {
231 "Got orconn %p for channel with global id %"PRIu64,
237 circuitmux_free(chan->
cmux);
272 listener = tor_malloc_zero(
sizeof(*listener));
282 "Starting TLS channel listener %p with global id %"PRIu64,
303 "Shutting down TLS channels...");
312 "Closing channel_tls_listener with ID %"PRIu64
318 channel_listener_free(old_listener);
323 "Done shutting down TLS channels");
332 channel_tls_t *tlschan = tor_malloc_zero(
sizeof(*tlschan));
341 tlschan->conn = orconn;
342 orconn->
chan = tlschan;
346 "Marking new incoming channel %"PRIu64
" at %p as local",
351 "Marking new incoming channel %"PRIu64
" at %p as remote",
379 if (chan->
magic != TLS_CHAN_MAGIC)
386 tlschan->conn->potentially_used_for_bootstrapping = 1;
399 if (!tlschan)
return NULL;
401 return &(tlschan->base_);
411 if (!chan)
return NULL;
415 return (channel_tls_t *)(chan);
431 const channel_tls_t *
449 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
457 "Tried to close channel_tls_t %p with NULL conn",
472 static char *buf = NULL;
474 channel_tls_t *tlschan;
475 const char *rv = NULL;
479 tlschan = BASE_CHAN_TO_TLS(chan);
482 id =
TO_CONN(tlschan->conn)->global_identifier;
486 "TLS channel (connection %"PRIu64
")",
491 rv =
"TLS channel (no connection)";
510 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
515 tlschan->conn->chan = NULL;
516 tlschan->conn = NULL;
526 double overhead = 1.0;
527 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
533 if (tlschan->conn->bytes_xmitted > 0 &&
534 tlschan->conn->bytes_xmitted_by_tls >=
535 tlschan->conn->bytes_xmitted) {
536 overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
537 ((
double)(tlschan->conn->bytes_xmitted));
548 "Estimated overhead ratio for TLS chan %"PRIu64
" is %f",
567 const channel_tls_t *tlschan = CONST_BASE_CHAN_TO_TLS(chan);
572 if (tlschan->conn == NULL) {
594 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
600 if (!tlschan->conn->ext_or_transport)
603 *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
616 const channel_tls_t *tlschan = CONST_BASE_CHAN_TO_TLS(chan);
622 return "(No connection)";
636 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
639 if (!(tlschan->conn)) {
641 "something called has_queued_writes on a tlschan "
642 "(%p with ID %"PRIu64
" but no conn",
646 outbuf_len = (tlschan->conn != NULL) ?
647 connection_get_outbuf_len(
TO_CONN(tlschan->conn)) :
650 return (outbuf_len > 0);
663 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
673 answer = tlschan->conn->is_canonical;
692 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
698 if (!(tlschan->conn)) {
700 "something called matches_extend_info on a tlschan "
701 "(%p with ID %"PRIu64
" but no conn",
732 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
738 if (!(tlschan->conn)) {
740 "something called matches_target on a tlschan "
741 "(%p with ID %"PRIu64
" but no conn",
768 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
773 return connection_get_outbuf_len(
TO_CONN(tlschan->conn));
788 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
789 size_t cell_network_size;
794 cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
795 outbuf_len = connection_get_outbuf_len(
TO_CONN(tlschan->conn));
799 #if SIZEOF_SIZE_T > SIZEOF_INT
800 if (n > INT_MAX) n = INT_MAX;
815 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
826 "something called write_cell on a tlschan "
827 "(%p with ID %"PRIu64
" but no conn",
848 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
849 size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
855 connection_buf_add(packed_cell->
body, cell_network_size,
859 "something called write_packed_cell on a tlschan "
860 "(%p with ID %"PRIu64
" but no conn",
877 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
888 "something called write_var_cell on a tlschan "
889 "(%p with ID %"PRIu64
" but no conn",
927 } SMARTLIST_FOREACH_END(ichan);
950 return "TLS channel (listening)";
975 base_chan = TLS_CHAN_TO_BASE(chan);
981 CHANNEL_IS_OPEN(base_chan) ||
982 CHANNEL_IS_MAINT(base_chan) ||
983 CHANNEL_IS_CLOSING(base_chan));
1001 if (CHANNEL_IS_OPEN(base_chan)) {
1007 #ifdef KEEP_TIMING_STATS
1017 channel_tls_time_process_cell(
cell_t *cell, channel_tls_t *chan,
int *time,
1018 void (*func)(
cell_t *, channel_tls_t *))
1025 (*func)(cell, chan);
1028 time_passed =
tv_udiff(&start, &end) ;
1030 if (time_passed > 10000) {
1031 log_debug(
LD_OR,
"That call just took %ld ms.",time_passed/1000);
1034 if (time_passed < 0) {
1035 log_info(
LD_GENERAL,
"That call took us back in time!");
1039 *time += time_passed;
1043 #ifdef KEEP_TIMING_STATS
1044 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
1046 channel_tls_time_process_cell(cl, cn, & tp ## time , \
1047 channel_tls_process_ ## tp ## _cell); \
1050 #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
1069 channel_tls_t *chan;
1079 "Got a cell_t on an OR connection with no channel");
1091 if (handshaking && cell->
command != CELL_VERSIONS &&
1092 cell->
command != CELL_NETINFO) {
1094 "Received unexpected cell command %d in chan state %s / "
1095 "conn state %s; closing the connection.",
1111 if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1117 if (TLS_CHAN_TO_BASE(chan)->padding_enabled)
1130 "Received unexpected VERSIONS cell on a channel using link "
1135 PROCESS_CELL(netinfo, cell, chan);
1137 case CELL_PADDING_NEGOTIATE:
1139 PROCESS_CELL(padding_negotiate, cell, chan);
1142 case CELL_CREATE_FAST:
1144 case CELL_CREATED_FAST:
1146 case CELL_RELAY_EARLY:
1158 "Cell of unknown type (%d) received in channeltls.c. "
1185 channel_tls_t *chan;
1187 #ifdef KEEP_TIMING_STATS
1190 static int num_versions = 0, num_certs = 0;
1192 time_t now = time(NULL);
1198 "At end of second: %d versions (%d ms), %d certs (%d ms)",
1202 num_versions = num_certs = 0;
1203 versions_time = certs_time = 0;
1217 "Got a var_cell_t on an OR connection with no channel");
1221 if (
TO_CONN(conn)->marked_for_close)
1224 switch (
TO_CONN(conn)->state) {
1226 if (var_cell->
command != CELL_VERSIONS) {
1228 "Received a cell with command %d in unexpected "
1229 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1230 "closing the connection.",
1235 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1251 tor_assert_nonfatal_unreached_once();
1256 "Received a cell with command %d in unexpected "
1257 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1258 "closing the connection.",
1263 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1273 if (var_cell->
command != CELL_AUTHENTICATE)
1280 "Received a variable-length cell with command %d in orconn "
1281 "state %s [%d], channel state %s [%d] with link protocol %d; "
1287 (
int)(TLS_CHAN_TO_BASE(chan)->state),
1294 "Received var-length cell with command %d in unexpected "
1295 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1301 (
int)(TLS_CHAN_TO_BASE(chan)->state));
1314 PROCESS_CELL(versions, var_cell, chan);
1322 PROCESS_CELL(certs, var_cell, chan);
1324 case CELL_AUTH_CHALLENGE:
1326 PROCESS_CELL(auth_challenge, var_cell, chan);
1328 case CELL_AUTHENTICATE:
1330 PROCESS_CELL(authenticate, var_cell, chan);
1332 case CELL_AUTHORIZE:
1338 "Variable-length cell of unknown type (%d) received.",
1364 chan = TLS_CHAN_TO_BASE(conn->
chan);
1369 "Marking channel %"PRIu64
" at %p as local",
1376 "Marking channel %"PRIu64
" at %p as remote",
1395 case CELL_AUTHORIZE:
1413 int started_here = 0;
1427 "Received a cell while TLS-handshaking, not in "
1428 "OR_HANDSHAKING_V3, on a connection we originated.");
1437 chan->conn->handshake_state, cell, 1);
1453 int highest_supported_version = 0;
1454 int started_here = 0;
1462 "Received a VERSION cell with odd payload length %d; "
1470 if (chan->conn->link_proto != 0 ||
1471 (chan->conn->handshake_state &&
1472 chan->conn->handshake_state->received_versions)) {
1474 "Received a VERSIONS cell on a connection with its version "
1475 "already set to %d; dropping",
1476 (
int)(chan->conn->link_proto));
1479 switch (chan->conn->base_.state)
1488 "VERSIONS cell while in unexpected state");
1496 const uint8_t *cp = cell->
payload;
1497 for (i = 0; i < cell->
payload_len / 2; ++i, cp += 2) {
1500 highest_supported_version = v;
1503 if (!highest_supported_version) {
1505 "Couldn't find a version in common between my version list and the "
1506 "list in the VERSIONS cell; closing connection.");
1509 }
else if (highest_supported_version == 1) {
1513 "Used version negotiation protocol to negotiate a v1 connection. "
1514 "That's crazily non-compliant. Closing connection.");
1517 }
else if (highest_supported_version < 3 &&
1520 "Negotiated link protocol 2 or lower after doing a v3 TLS "
1521 "handshake. Closing connection.");
1524 }
else if (highest_supported_version != 2 &&
1528 "Negotiated link with non-2 protocol after doing a v2 TLS "
1529 "handshake with %s. Closing connection.",
1537 chan->conn->link_proto = highest_supported_version;
1538 chan->conn->handshake_state->received_versions = 1;
1540 if (chan->conn->link_proto == 2) {
1542 "Negotiated version %d on %s; sending NETINFO.",
1543 highest_supported_version,
1551 const int send_versions = !started_here;
1555 const int send_chall = !started_here;
1558 const int send_netinfo = !started_here;
1559 const int send_any =
1560 send_versions || send_certs || send_chall || send_netinfo;
1564 "Negotiated version %d with on %s; %s%s%s%s%s",
1565 highest_supported_version,
1567 send_any ?
"Sending cells:" :
"Waiting for CERTS cell",
1568 send_versions ?
" VERSIONS" :
"",
1569 send_certs ?
" CERTS" :
"",
1570 send_chall ?
" AUTH_CHALLENGE" :
"",
1571 send_netinfo ?
" NETINFO" :
"");
1573 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
1580 if (send_versions) {
1582 log_warn(
LD_OR,
"Couldn't send versions cell");
1590 TLS_CHAN_TO_BASE(chan)->wide_circ_ids =
1591 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
1592 chan->conn->wide_circ_ids = TLS_CHAN_TO_BASE(chan)->wide_circ_ids;
1594 TLS_CHAN_TO_BASE(chan)->padding_enabled =
1595 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_CHANNEL_PADDING;
1599 log_warn(
LD_OR,
"Couldn't send certs cell");
1606 log_warn(
LD_OR,
"Couldn't send auth_challenge cell");
1613 log_warn(
LD_OR,
"Couldn't send netinfo cell");
1631 channelpadding_negotiate_t *negotiation;
1636 if (chan->conn->link_proto < MIN_LINK_PROTO_FOR_CHANNEL_PADDING) {
1638 "Received a PADDING_NEGOTIATE cell on v%d connection; dropping.",
1639 chan->conn->link_proto);
1643 if (channelpadding_negotiate_parse(&negotiation, cell->
payload,
1646 "Received malformed PADDING_NEGOTIATE cell on v%d connection; "
1647 "dropping.", chan->conn->link_proto);
1655 channelpadding_negotiate_free(negotiation);
1664 const netinfo_addr_t *netinfo_addr) {
1668 uint8_t type = netinfo_addr_get_addr_type(netinfo_addr);
1669 uint8_t len = netinfo_addr_get_len(netinfo_addr);
1671 if (type == NETINFO_ADDR_TYPE_IPV4 && len == 4) {
1672 uint32_t ipv4 = netinfo_addr_get_addr_ipv4(netinfo_addr);
1674 }
else if (type == NETINFO_ADDR_TYPE_IPV6 && len == 16) {
1675 const uint8_t *ipv6_bytes = netinfo_addr_getconstarray_addr_ipv6(
1679 log_fn(LOG_PROTOCOL_WARN,
LD_OR,
"Cannot read address from NETINFO "
1680 "- wrong type/length.");
1693 static inline time_t
1696 return (val < 0) ? -val : val;
1712 if (chan->conn->link_proto < 2) {
1714 "Received a NETINFO cell on %s connection; dropping.",
1715 chan->conn->link_proto == 0 ?
"non-versioned" :
"a v1");
1723 "Received a NETINFO cell on non-handshaking connection; dropping.");
1729 tor_assert(chan->conn->handshake_state->received_versions);
1751 if (BUG(chan->conn->handshake_state->authenticated)) {
1756 (
const char*)(chan->conn->handshake_state->
1757 authenticated_rsa_peer_id)));
1759 (
const char*)(chan->conn->handshake_state->
1760 authenticated_ed25519_peer_id.pubkey), 32));
1766 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
1769 &(chan->conn->base_.addr),
1770 chan->conn->base_.port,
1772 (
const char*)(chan->conn->handshake_state->
1773 authenticated_rsa_peer_id),
1788 uint8_t my_addr_type;
1789 uint8_t my_addr_len;
1790 uint8_t n_other_addrs;
1791 time_t now = time(NULL);
1794 time_t apparent_skew = 0;
1796 int started_here = 0;
1797 const char *identity_digest = NULL;
1810 identity_digest = chan->conn->identity_digest;
1815 if (!(chan->conn->handshake_state->authenticated)) {
1817 "Got a NETINFO cell from server, "
1818 "but no authentication. Closing the connection.");
1828 if (!(chan->conn->handshake_state->authenticated)) {
1835 netinfo_cell_t *netinfo_cell = NULL;
1837 ssize_t parsed = netinfo_cell_parse(&netinfo_cell, cell->
payload,
1842 "Failed to parse NETINFO cell - closing connection.");
1847 timestamp = netinfo_cell_get_timestamp(netinfo_cell);
1849 const netinfo_addr_t *my_addr =
1850 netinfo_cell_getconst_other_addr(netinfo_cell);
1852 my_addr_type = netinfo_addr_get_addr_type(my_addr);
1853 my_addr_len = netinfo_addr_get_len(my_addr);
1855 if ((now - chan->conn->handshake_state->sent_versions_at) < 180) {
1856 apparent_skew = now - timestamp;
1866 netinfo_cell_free(netinfo_cell);
1870 if (my_addr_type == NETINFO_ADDR_TYPE_IPV4 && my_addr_len == 4) {
1873 TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1875 }
else if (my_addr_type == NETINFO_ADDR_TYPE_IPV6 &&
1876 my_addr_len == 16) {
1880 TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
1887 tor_addr_copy(&TLS_CHAN_TO_BASE(chan)->addr_according_to_peer,
1891 n_other_addrs = netinfo_cell_get_n_my_addrs(netinfo_cell);
1892 for (uint8_t i = 0; i < n_other_addrs; i++) {
1896 const netinfo_addr_t *netinfo_addr =
1897 netinfo_cell_getconst_my_addrs(netinfo_cell, i);
1903 "Bad address in netinfo cell; Skipping.");
1914 connection_or_set_canonical(chan->conn, 1);
1919 netinfo_cell_free(netinfo_cell);
1921 if (me && !TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer &&
1924 TLS_CHAN_TO_BASE(chan));
1926 "We made a connection to a relay at %s (fp=%s) but we think "
1927 "they will not consider this connection canonical. They "
1928 "think we are at %s, but we think its %s.",
1938 #define NETINFO_NOTICE_SKEW 3600
1939 if (
time_abs(apparent_skew) > NETINFO_NOTICE_SKEW &&
1942 int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
1944 "NETINFO cell",
"OR");
1954 if (! chan->conn->handshake_state->sent_netinfo) {
1966 "Got good NETINFO cell on %s; but "
1967 "was unable to make the OR connection become open.",
1972 "Got good NETINFO cell on %s; OR connection is now "
1973 "open, using protocol version %d. Its ID digest is %s. "
1974 "Our address is apparently %s.",
1976 (
int)(chan->conn->link_proto),
2005 case CERTTYPE_RSA1024_ID_LINK:
2006 case CERTTYPE_RSA1024_ID_ID:
2007 case CERTTYPE_RSA1024_ID_AUTH:
2009 case CERTTYPE_ED_ID_SIGN:
2010 case CERTTYPE_ED_SIGN_LINK:
2011 case CERTTYPE_ED_SIGN_AUTH:
2013 case CERTTYPE_RSA1024_ID_EDID:
2038 #define MAX_CERT_TYPE_WANTED CERTTYPE_RSA1024_ID_EDID
2041 tor_x509_cert_t *x509_certs[MAX_CERT_TYPE_WANTED + 1];
2042 tor_cert_t *ed_certs[MAX_CERT_TYPE_WANTED + 1];
2043 uint8_t *rsa_ed_cc_cert = NULL;
2044 size_t rsa_ed_cc_cert_len = 0;
2047 certs_cell_t *cc = NULL;
2049 int send_netinfo = 0, started_here = 0;
2051 memset(x509_certs, 0,
sizeof(x509_certs));
2052 memset(ed_certs, 0,
sizeof(ed_certs));
2059 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2060 "Received a bad CERTS cell on %s: %s", \
2061 connection_describe(TO_CONN(chan->conn)), \
2063 connection_or_close_for_error(chan->conn, 0); \
2070 started_here = chan->conn->handshake_state->started_here;
2073 ERR(
"We're not doing a v3 handshake!");
2074 if (chan->conn->link_proto < 3)
2075 ERR(
"We're not using link protocol >= 3");
2076 if (chan->conn->handshake_state->received_certs_cell)
2077 ERR(
"We already got one");
2078 if (chan->conn->handshake_state->authenticated) {
2080 ERR(
"We're already authenticated!");
2083 ERR(
"It had no body");
2085 ERR(
"It had a nonzero circuit ID");
2088 ERR(
"It couldn't be parsed.");
2090 n_certs = cc->n_certs;
2092 for (i = 0; i < n_certs; ++i) {
2093 certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
2095 uint16_t cert_type = c->cert_type;
2096 uint16_t cert_len = c->cert_len;
2097 uint8_t *cert_body = certs_cell_cert_getarray_body(c);
2099 if (cert_type > MAX_CERT_TYPE_WANTED)
2110 "Received undecodable certificate in CERTS cell on %s",
2113 if (x509_certs[cert_type]) {
2114 tor_x509_cert_free(x509_cert);
2115 ERR(
"Duplicate x509 certificate");
2117 x509_certs[cert_type] = x509_cert;
2126 "Received undecodable Ed certificate "
2127 "in CERTS cell on %s",
2130 if (ed_certs[cert_type]) {
2131 tor_cert_free(ed_cert);
2132 ERR(
"Duplicate Ed25519 certificate");
2134 ed_certs[cert_type] = ed_cert;
2141 if (rsa_ed_cc_cert) {
2142 ERR(
"Duplicate RSA->Ed25519 crosscert");
2144 rsa_ed_cc_cert = tor_memdup(cert_body, cert_len);
2145 rsa_ed_cc_cert_len = cert_len;
2154 tor_x509_cert_t *id_cert = x509_certs[CERTTYPE_RSA1024_ID_ID];
2155 tor_x509_cert_t *auth_cert = x509_certs[CERTTYPE_RSA1024_ID_AUTH];
2156 tor_x509_cert_t *link_cert = x509_certs[CERTTYPE_RSA1024_ID_LINK];
2157 chan->conn->handshake_state->certs->auth_cert = auth_cert;
2158 chan->conn->handshake_state->certs->link_cert = link_cert;
2159 chan->conn->handshake_state->certs->id_cert = id_cert;
2160 x509_certs[CERTTYPE_RSA1024_ID_ID] =
2161 x509_certs[CERTTYPE_RSA1024_ID_AUTH] =
2162 x509_certs[CERTTYPE_RSA1024_ID_LINK] = NULL;
2164 tor_cert_t *ed_id_sign = ed_certs[CERTTYPE_ED_ID_SIGN];
2165 tor_cert_t *ed_sign_link = ed_certs[CERTTYPE_ED_SIGN_LINK];
2166 tor_cert_t *ed_sign_auth = ed_certs[CERTTYPE_ED_SIGN_AUTH];
2167 chan->conn->handshake_state->certs->ed_id_sign = ed_id_sign;
2168 chan->conn->handshake_state->certs->ed_sign_link = ed_sign_link;
2169 chan->conn->handshake_state->certs->ed_sign_auth = ed_sign_auth;
2170 ed_certs[CERTTYPE_ED_ID_SIGN] =
2171 ed_certs[CERTTYPE_ED_SIGN_LINK] =
2172 ed_certs[CERTTYPE_ED_SIGN_AUTH] = NULL;
2174 chan->conn->handshake_state->certs->ed_rsa_crosscert = rsa_ed_cc_cert;
2175 chan->conn->handshake_state->certs->ed_rsa_crosscert_len =
2177 rsa_ed_cc_cert = NULL;
2184 router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest))
2187 severity = LOG_PROTOCOL_WARN;
2192 chan->conn->handshake_state->certs,
2198 if (!checked_rsa_id)
2199 ERR(
"Invalid certificate chain!");
2204 chan->conn->handshake_state->authenticated = 1;
2205 chan->conn->handshake_state->authenticated_rsa = 1;
2210 ERR(
"Couldn't compute digests for key in ID cert");
2213 if (!identity_rcvd) {
2214 ERR(
"Couldn't get RSA key from ID cert.");
2216 memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2219 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2220 crypto_pk_free(identity_rcvd);
2223 if (checked_ed_id) {
2224 chan->conn->handshake_state->authenticated_ed25519 = 1;
2225 memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2229 log_debug(
LD_HANDSHAKE,
"calling client_learned_peer_id from "
2230 "process_certs_cell");
2233 chan->conn->handshake_state->authenticated_rsa_peer_id,
2235 ERR(
"Problem setting or checking peer id");
2238 "Got some good certificates on %s: Authenticated it with "
2241 checked_ed_id ?
" and Ed25519" :
"");
2252 "Got some good RSA%s certificates on %s. "
2253 "Waiting for AUTHENTICATE.",
2254 checked_ed_id ?
" and Ed25519" :
"",
2259 chan->conn->handshake_state->received_certs_cell = 1;
2263 log_warn(
LD_OR,
"Couldn't send netinfo cell");
2270 for (
unsigned u = 0; u <
ARRAY_LENGTH(x509_certs); ++u) {
2271 tor_x509_cert_free(x509_certs[u]);
2273 for (
unsigned u = 0; u <
ARRAY_LENGTH(ed_certs); ++u) {
2274 tor_cert_free(ed_certs[u]);
2277 certs_cell_free(cc);
2294 int n_types, i, use_type = -1;
2295 auth_challenge_cell_t *ac = NULL;
2303 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2304 "Received a bad AUTH_CHALLENGE cell on %s: %s", \
2305 connection_describe(TO_CONN(chan->conn)), \
2307 connection_or_close_for_error(chan->conn, 0); \
2312 ERR(
"We're not currently doing a v3 handshake");
2313 if (chan->conn->link_proto < 3)
2314 ERR(
"We're not using link protocol >= 3");
2315 if (!(chan->conn->handshake_state->started_here))
2316 ERR(
"We didn't originate this connection");
2317 if (chan->conn->handshake_state->received_auth_challenge)
2318 ERR(
"We already received one");
2319 if (!(chan->conn->handshake_state->received_certs_cell))
2320 ERR(
"We haven't gotten a CERTS cell yet");
2322 ERR(
"It had a nonzero circuit ID");
2325 ERR(
"It was not well-formed.");
2327 n_types = ac->n_methods;
2330 for (i = 0; i < n_types; ++i) {
2331 uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
2333 if (use_type == -1 ||
2335 use_type = authtype;
2340 chan->conn->handshake_state->received_auth_challenge = 1;
2349 if (use_type >= 0) {
2351 "Got an AUTH_CHALLENGE cell on %s: Sending "
2352 "authentication type %d",
2358 "Couldn't send authenticate cell");
2364 "Got an AUTH_CHALLENGE cell on %s, but we don't "
2365 "know any of its authentication types. Not authenticating.",
2370 log_warn(
LD_OR,
"Couldn't send netinfo cell");
2376 auth_challenge_cell_free(ac);
2394 const uint8_t *auth;
2405 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2406 "Received a bad AUTHENTICATE cell on %s: %s", \
2407 connection_describe(TO_CONN(chan->conn)), \
2409 connection_or_close_for_error(chan->conn, 0); \
2410 var_cell_free(expected_cell); \
2415 ERR(
"We're not doing a v3 handshake");
2416 if (chan->conn->link_proto < 3)
2417 ERR(
"We're not using link protocol >= 3");
2418 if (chan->conn->handshake_state->started_here)
2419 ERR(
"We originated this connection");
2420 if (chan->conn->handshake_state->received_authenticate)
2421 ERR(
"We already got one!");
2422 if (chan->conn->handshake_state->authenticated) {
2424 ERR(
"The peer is already authenticated");
2426 if (!(chan->conn->handshake_state->received_certs_cell))
2427 ERR(
"We never got a certs cell");
2428 if (chan->conn->handshake_state->certs->id_cert == NULL)
2429 ERR(
"We never got an identity certificate");
2431 ERR(
"Cell was way too short");
2438 ERR(
"Authenticator was truncated");
2441 ERR(
"Authenticator type was not recognized");
2449 ERR(
"Authenticator was too short");
2452 chan->conn, authtype, NULL, NULL, 1);
2453 if (! expected_cell)
2454 ERR(
"Couldn't compute expected AUTHENTICATE cell body");
2470 ERR(
"Expected AUTHENTICATE cell body len not as expected.");
2474 if (BUG(bodylen < 24)) {
2476 ERR(
"Bodylen is somehow less than 24, which should really be impossible");
2481 ERR(
"Some field in the AUTHENTICATE cell body was not as expected");
2484 if (chan->conn->handshake_state->certs->ed_id_sign != NULL)
2485 ERR(
"RSA-signed AUTHENTICATE response provided with an ED25519 cert");
2487 if (chan->conn->handshake_state->certs->auth_cert == NULL)
2488 ERR(
"We never got an RSA authentication certificate");
2491 chan->conn->handshake_state->certs->auth_cert);
2498 ERR(
"Couldn't get RSA key from AUTH cert.");
2503 signed_data = tor_malloc(keysize);
2508 if (signed_len < 0) {
2510 ERR(
"RSA signature wasn't valid");
2514 ERR(
"Not enough data was signed");
2520 ERR(
"Signature did not match data to be signed.");
2524 if (chan->conn->handshake_state->certs->ed_id_sign == NULL)
2525 ERR(
"We never got an Ed25519 identity certificate.");
2526 if (chan->conn->handshake_state->certs->ed_sign_auth == NULL)
2527 ERR(
"We never got an Ed25519 authentication certificate.");
2530 &chan->conn->handshake_state->certs->ed_sign_auth->signed_key;
2535 ERR(
"Ed25519 signature wasn't valid.");
2540 chan->conn->handshake_state->received_authenticate = 1;
2541 chan->conn->handshake_state->authenticated = 1;
2542 chan->conn->handshake_state->authenticated_rsa = 1;
2543 chan->conn->handshake_state->digest_received_data = 0;
2545 tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert;
2551 chan->conn->handshake_state->authenticated_ed25519 = 1;
2552 ed_identity_received =
2553 &chan->conn->handshake_state->certs->ed_id_sign->signing_key;
2554 memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
2561 memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
2565 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2566 crypto_pk_free(identity_rcvd);
2569 "Calling connection_or_init_conn_from_address on %s "
2570 " from %s, with%s ed25519 id.",
2573 ed_identity_received ?
"" :
"out");
2576 &(chan->conn->base_.addr),
2577 chan->conn->base_.port,
2578 (
const char*)(chan->conn->handshake_state->
2579 authenticated_rsa_peer_id),
2580 ed_identity_received,
2584 "Got an AUTHENTICATE cell on %s, type %d: Looks good.",
2589 var_cell_free(expected_cell);
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
void tor_addr_make_unspec(tor_addr_t *a)
int tor_addr_is_null(const tor_addr_t *addr)
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
#define fmt_and_decorate_addr(a)
#define tor_addr_from_ipv4h(dest, v4addr)
#define tor_addr_eq(a, b)
static bool tor_addr_is_unspec(const tor_addr_t *a)
const char * hex_str(const char *from, size_t fromlen)
static uint16_t get_uint16(const void *cp)
Fixed-size cell structure.
void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd, int consider_identity)
void channel_listener_unregister(channel_listener_t *chan_l)
void channel_mark_local(channel_t *chan)
void channel_mark_client(channel_t *chan)
void channel_mark_incoming(channel_t *chan)
void channel_init_listener(channel_listener_t *chan_l)
void channel_listener_mark_for_close(channel_listener_t *chan_l)
void channel_process_cell(channel_t *chan, cell_t *cell)
void channel_change_state_open(channel_t *chan)
int channel_is_canonical(channel_t *chan)
void channel_register(channel_t *chan)
void channel_listener_register(channel_listener_t *chan_l)
void channel_mark_remote(channel_t *chan)
int channel_is_local(channel_t *chan)
const char * channel_state_to_string(channel_state_t state)
void channel_mark_for_close(channel_t *chan)
void channel_listener_change_state(channel_listener_t *chan_l, channel_listener_state_t to_state)
void channel_mark_outgoing(channel_t *chan)
const char * channel_describe_peer(channel_t *chan)
void channel_init(channel_t *chan)
void channel_change_state(channel_t *chan, channel_state_t to_state)
Header file for channel.c.
@ CHANNEL_LISTENER_STATE_ERROR
@ CHANNEL_LISTENER_STATE_LISTENING
@ CHANNEL_LISTENER_STATE_CLOSING
@ CHANNEL_LISTENER_STATE_CLOSED
int channelpadding_update_padding_for_channel(channel_t *chan, const channelpadding_negotiate_t *pad_vars)
static int channel_tls_get_remote_addr_method(const channel_t *chan, tor_addr_t *addr_out)
void channel_tls_free_all(void)
void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
static channel_listener_t * channel_tls_listener
STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
channel_t * channel_tls_to_base(channel_tls_t *tlschan)
static void channel_tls_listener_close_method(channel_listener_t *chan_l)
void channel_mark_as_used_for_origin_circuit(channel_t *chan)
static int tor_addr_from_netinfo_addr(tor_addr_t *tor_addr, const netinfo_addr_t *netinfo_addr)
static const char * channel_tls_describe_transport_method(channel_t *chan)
const channel_t * channel_tls_to_base_const(const channel_tls_t *tlschan)
static int channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
static int channel_tls_has_queued_writes_method(channel_t *chan)
static void mark_channel_tls_endpoint_as_client(channel_tls_t *chan)
static double channel_tls_get_overhead_estimate_method(channel_t *chan)
void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, or_connection_t *conn, uint8_t state)
channel_listener_t * channel_tls_get_listener(void)
void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
static int command_allowed_before_handshake(uint8_t command)
static bool can_process_netinfo_cell(const channel_tls_t *chan)
uint64_t stats_n_padding_cells_processed
@ CERT_ENCODING_RSA_CROSSCERT
uint64_t stats_n_certs_cells_processed
static int channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
static void channel_tls_close_method(channel_t *chan)
static int channel_tls_num_cells_writeable_method(channel_t *chan)
static void channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan)
STATIC void channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
uint64_t stats_n_auth_challenge_cells_processed
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
const channel_tls_t * channel_tls_from_base_const(const channel_t *chan)
void channel_tls_update_marks(or_connection_t *conn)
uint64_t stats_n_authorize_cells_processed
uint64_t stats_n_versions_cells_processed
static int enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *tlschan)
channel_listener_t * channel_tls_start_listener(void)
uint64_t stats_n_authenticate_cells_processed
static size_t channel_tls_num_bytes_queued_method(channel_t *chan)
static const char * channel_tls_describe_peer_method(const channel_t *chan)
channel_tls_t * channel_tls_from_base(channel_t *chan)
static void channel_tls_free_method(channel_t *chan)
static cert_encoding_t certs_cell_typenum_to_cert_type(int typenum)
uint64_t stats_n_vpadding_cells_processed
static int channel_tls_is_canonical_method(channel_t *chan)
static int channel_tls_matches_extend_info_method(channel_t *chan, extend_info_t *extend_info)
static void channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *tlschan)
static int channel_tls_write_packed_cell_method(channel_t *chan, packed_cell_t *packed_cell)
static int channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
static const char * channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
static time_t time_abs(time_t val)
static void channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *tlschan)
STATIC void channel_tls_common_init(channel_tls_t *tlschan)
channel_t * channel_tls_handle_incoming(or_connection_t *orconn)
static int channel_tls_matches_target_method(channel_t *chan, const tor_addr_t *target)
uint64_t stats_n_netinfo_cells_processed
Header file for channeltls.c.
void circuitmux_set_policy(circuitmux_t *cmux, const circuitmux_policy_t *pol)
circuitmux_t * circuitmux_alloc(void)
Header file for circuitmux.c.
Header file for circuitmux_ewma.c.
Header file for command.c.
const or_options_t * get_options(void)
tor_cmdline_mode_t command
Header file for config.c.
Public APIs for congestion control.
static uint32_t or_conn_highwatermark(void)
const char * conn_state_to_string(int type, int state)
void clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted, log_domain_mask_t domain, const char *received, const char *source)
const char * connection_describe(const connection_t *conn)
void assert_connection_ok(connection_t *conn, time_t now)
const char * connection_describe_peer(const connection_t *conn)
Header file for connection.c.
int connection_or_nonopen_was_started_here(struct or_connection_t *conn)
or_connection_t * connection_or_connect(const tor_addr_t *_addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, channel_tls_t *chan)
int is_or_protocol_version_known(uint16_t v)
int connection_or_set_state_open(or_connection_t *conn)
void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
int connection_or_send_versions(or_connection_t *conn, int v3_plus)
int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id)
void or_handshake_state_record_var_cell(or_connection_t *conn, or_handshake_state_t *state, const var_cell_t *cell, int incoming)
int connection_or_send_netinfo(or_connection_t *conn)
void connection_or_change_state(or_connection_t *conn, uint8_t state)
void or_handshake_state_record_cell(or_connection_t *conn, or_handshake_state_t *state, const cell_t *cell, int incoming)
int connection_or_digest_is_known_relay(const char *id_digest)
void connection_or_init_conn_from_address(or_connection_t *conn, const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, int started_here)
void connection_or_close_for_error(or_connection_t *orconn, int flush)
ssize_t connection_or_num_cells_writeable(or_connection_t *conn)
int connection_init_or_handshake_state(or_connection_t *conn, int started_here)
void connection_or_block_renegotiation(or_connection_t *conn)
void connection_or_close_normally(or_connection_t *orconn, int flush)
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
Header file for connection_or.c.
Header file for control.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
int ed25519_checksig(const ed25519_signature_t *signature, const uint8_t *msg, size_t len, const ed25519_public_key_t *pubkey)
size_t crypto_pk_keysize(const crypto_pk_t *env)
int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
#define tor_memneq(a, b, sz)
Header file for dirlist.c.
void entry_guards_note_internet_connectivity(guard_selection_t *gs)
guard_selection_t * get_guard_selection_info(void)
Header file for circuitbuild.c.
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Header for core/or/extendinfo.c.
#define log_fn(severity, domain, args,...)
static time_t current_second
Header file for networkstatus.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
#define AUTHTYPE_RSA_SHA256_TLSSECRET
#define AUTHTYPE_RSA_SHA256_RFC5705
#define AUTHTYPE_ED25519_SHA256_RFC5705
OR handshake certs structure.
OR handshake state structure.
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
#define OR_CONN_STATE_OR_HANDSHAKING_V2
#define OR_CONN_STATE_TLS_HANDSHAKING
#define OR_CONN_STATE_OR_HANDSHAKING_V3
#define OR_CONN_STATE_OPEN
int tor_asprintf(char **strp, const char *fmt,...)
void relay_address_new_suggestion(const tor_addr_t *suggested_addr, const tor_addr_t *peer_addr, const char *identity_digest)
Header file for relay_find_addr.c.
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
int connection_or_send_certs_cell(or_connection_t *conn)
int authchallenge_type_is_supported(uint16_t challenge_type)
int connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
Header for feature/relay/relay_handshake.c.
void rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here)
void rep_hist_padding_count_read(padding_type_t type)
Header file for rephist.c.
@ PADDING_TYPE_ENABLED_CELL
@ PADDING_TYPE_ENABLED_TOTAL
bool is_local_to_resolve_addr(const tor_addr_t *addr)
: Return true iff the given addr is judged to be local to our resolved address.
Header file for resolve_addr.c.
const routerinfo_t * router_get_my_routerinfo(void)
Header file for router.c.
Router descriptor structure.
int public_server_mode(const or_options_t *options)
Header file for routermode.c.
void scheduler_channel_wants_writes(channel_t *chan)
Header file for scheduler*.c.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint8_t payload[CELL_PAYLOAD_SIZE]
channel_listener_state_t state
uint64_t global_identifier
smartlist_t * incoming_list
const char *(* describe_transport)(channel_listener_t *)
void(* close)(channel_listener_t *)
void(* free_fn)(channel_t *)
int(* is_canonical)(channel_t *)
void(* close)(channel_t *)
int(* matches_extend_info)(channel_t *, extend_info_t *)
uint64_t global_identifier
int(* write_packed_cell)(channel_t *, packed_cell_t *)
const char *(* describe_peer)(const channel_t *)
double(* get_overhead_estimate)(channel_t *)
int(* matches_target)(channel_t *, const tor_addr_t *)
const char *(* describe_transport)(channel_t *)
int(* write_var_cell)(channel_t *, var_cell_t *)
int(* has_queued_writes)(channel_t *)
enum channel_t::@8 reason_for_closing
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
uint16_t marked_for_close
or_handshake_state_t * handshake_state
char body[CELL_MAX_NETWORK_SIZE]
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
void tor_gettimeofday(struct timeval *timeval)
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
void or_handshake_certs_check_both(int severity, or_handshake_certs_t *certs, tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out)
long tv_udiff(const struct timeval *start, const struct timeval *end)
#define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL
int fast_mem_is_zero(const char *mem, size_t len)
int tor_digest_is_zero(const char *digest)
Variable-length cell structure.
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
tor_x509_cert_t * tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)