Tor 0.4.9.0-alpha-dev
control_auth.c
Go to the documentation of this file.
1/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2021, The Tor Project, Inc. */
3/* See LICENSE for licensing information */
4
5/**
6 * \file control_auth.c
7 * \brief Authentication for Tor's control-socket interface.
8 **/
9
10#include "core/or/or.h"
11#include "app/config/config.h"
12#include "core/mainloop/connection.h"
13#include "feature/control/control.h"
14#include "feature/control/control_cmd.h"
15#include "feature/control/control_auth.h"
16#include "feature/control/control_cmd_args_st.h"
17#include "feature/control/control_connection_st.h"
18#include "feature/control/control_proto.h"
19#include "lib/crypt_ops/crypto_rand.h"
20#include "lib/crypt_ops/crypto_util.h"
21#include "lib/encoding/confline.h"
22#include "lib/encoding/kvline.h"
23#include "lib/encoding/qstring.h"
24
25#include "lib/crypt_ops/crypto_s2k.h"
26
27/** If we're using cookie-type authentication, how long should our cookies be?
28 */
29#define AUTHENTICATION_COOKIE_LEN 32
30
31/** If true, we've set authentication_cookie to a secret code and
32 * stored it to disk. */
33static int authentication_cookie_is_set = 0;
34/** If authentication_cookie_is_set, a secret cookie that we've stored to disk
35 * and which we're using to authenticate controllers. (If the controller can
36 * read it off disk, it has permission to connect.) */
37static uint8_t *authentication_cookie = NULL;
38
39#define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT \
40 "Tor safe cookie authentication server-to-controller hash"
41#define SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT \
42 "Tor safe cookie authentication controller-to-server hash"
43#define SAFECOOKIE_SERVER_NONCE_LEN DIGEST256_LEN
44
45/** Helper: Return a newly allocated string containing a path to the
46 * file where we store our authentication cookie. */
47char *
48get_controller_cookie_file_name(void)
49{
50 const or_options_t *options = get_options();
51 if (options->CookieAuthFile && strlen(options->CookieAuthFile)) {
52 return tor_strdup(options->CookieAuthFile);
53 } else {
54 return get_datadir_fname("control_auth_cookie");
55 }
56}
57
58/* Initialize the cookie-based authentication system of the
59 * ControlPort. If <b>enabled</b> is 0, then disable the cookie
60 * authentication system. */
61int
62init_control_cookie_authentication(int enabled)
63{
64 char *fname = NULL;
65 int retval;
66
67 if (!enabled) {
68 authentication_cookie_is_set = 0;
69 return 0;
70 }
71
72 fname = get_controller_cookie_file_name();
73 retval = init_cookie_authentication(fname, "", /* no header */
74 AUTHENTICATION_COOKIE_LEN,
75 get_options()->CookieAuthFileGroupReadable,
76 &authentication_cookie,
77 &authentication_cookie_is_set);
78 tor_free(fname);
79 return retval;
80}
81
82/** Decode the hashed, base64'd passwords stored in <b>passwords</b>.
83 * Return a smartlist of acceptable passwords (unterminated strings of
84 * length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on
85 * failure.
86 */
87smartlist_t *
88decode_hashed_passwords(config_line_t *passwords)
89{
90 char decoded[64];
91 config_line_t *cl;
92 smartlist_t *sl = smartlist_new();
93
94 tor_assert(passwords);
95
96 for (cl = passwords; cl; cl = cl->next) {
97 const char *hashed = cl->value;
98
99 if (!strcmpstart(hashed, "16:")) {
100 if (base16_decode(decoded, sizeof(decoded), hashed+3, strlen(hashed+3))
101 != S2K_RFC2440_SPECIFIER_LEN + DIGEST_LEN
102 || strlen(hashed+3) != (S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)*2) {
103 goto err;
104 }
105 } else {
106 if (base64_decode(decoded, sizeof(decoded), hashed, strlen(hashed))
107 != S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) {
108 goto err;
109 }
110 }
111 smartlist_add(sl,
112 tor_memdup(decoded, S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN));
113 }
114
115 return sl;
116
117 err:
118 SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
119 smartlist_free(sl);
120 return NULL;
121}
122
123const control_cmd_syntax_t authchallenge_syntax = {
124 .min_args = 1,
125 .max_args = 1,
126 .accept_keywords=true,
127 .kvline_flags=KV_OMIT_KEYS|KV_QUOTED_QSTRING,
128 .store_raw_body=true
129};
130
131/** Called when we get an AUTHCHALLENGE command. */
132int
133handle_control_authchallenge(control_connection_t *conn,
134 const control_cmd_args_t *args)
135{
136 char *client_nonce;
137 size_t client_nonce_len;
138 char server_hash[DIGEST256_LEN];
139 char server_hash_encoded[HEX_DIGEST256_LEN+1];
140 char server_nonce[SAFECOOKIE_SERVER_NONCE_LEN];
141 char server_nonce_encoded[(2*SAFECOOKIE_SERVER_NONCE_LEN) + 1];
142
143 if (strcasecmp(smartlist_get(args->args, 0), "SAFECOOKIE")) {
144 control_write_endreply(conn, 513,
145 "AUTHCHALLENGE only supports SAFECOOKIE "
146 "authentication");
147 goto fail;
148 }
149 if (!authentication_cookie_is_set) {
150 control_write_endreply(conn, 515, "Cookie authentication is disabled");
151 goto fail;
152 }
153 if (args->kwargs == NULL || args->kwargs->next != NULL) {
154 control_write_endreply(conn, 512,
155 "Wrong number of arguments for AUTHCHALLENGE");
156 goto fail;
157 }
158 if (strcmp(args->kwargs->key, "")) {
159 control_write_endreply(conn, 512,
160 "AUTHCHALLENGE does not accept keyword "
161 "arguments.");
162 goto fail;
163 }
164
165 bool contains_quote = strchr(args->raw_body, '\"');
166 if (contains_quote) {
167 /* The nonce was quoted */
168 client_nonce = tor_strdup(args->kwargs->value);
169 client_nonce_len = strlen(client_nonce);
170 } else {
171 /* The nonce was should be in hex. */
172 const char *hex_nonce = args->kwargs->value;
173 client_nonce_len = strlen(hex_nonce) / 2;
174 client_nonce = tor_malloc(client_nonce_len);
175 if (base16_decode(client_nonce, client_nonce_len, hex_nonce,
176 strlen(hex_nonce)) != (int)client_nonce_len) {
177 control_write_endreply(conn, 513, "Invalid base16 client nonce");
178 tor_free(client_nonce);
179 goto fail;
180 }
181 }
182
183 crypto_rand(server_nonce, SAFECOOKIE_SERVER_NONCE_LEN);
184
185 /* Now compute and send the server-to-controller response, and the
186 * server's nonce. */
187 tor_assert(authentication_cookie != NULL);
188
189 {
190 size_t tmp_len = (AUTHENTICATION_COOKIE_LEN +
191 client_nonce_len +
192 SAFECOOKIE_SERVER_NONCE_LEN);
193 char *tmp = tor_malloc_zero(tmp_len);
194 char *client_hash = tor_malloc_zero(DIGEST256_LEN);
195 memcpy(tmp, authentication_cookie, AUTHENTICATION_COOKIE_LEN);
196 memcpy(tmp + AUTHENTICATION_COOKIE_LEN, client_nonce, client_nonce_len);
197 memcpy(tmp + AUTHENTICATION_COOKIE_LEN + client_nonce_len,
198 server_nonce, SAFECOOKIE_SERVER_NONCE_LEN);
199
200 crypto_hmac_sha256(server_hash,
201 SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT,
202 strlen(SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT),
203 tmp,
204 tmp_len);
205
206 crypto_hmac_sha256(client_hash,
207 SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT,
208 strlen(SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT),
209 tmp,
210 tmp_len);
211
212 conn->safecookie_client_hash = client_hash;
213
214 tor_free(tmp);
215 }
216
217 base16_encode(server_hash_encoded, sizeof(server_hash_encoded),
218 server_hash, sizeof(server_hash));
219 base16_encode(server_nonce_encoded, sizeof(server_nonce_encoded),
220 server_nonce, sizeof(server_nonce));
221
222 control_printf_endreply(conn, 250,
223 "AUTHCHALLENGE SERVERHASH=%s SERVERNONCE=%s",
224 server_hash_encoded,
225 server_nonce_encoded);
226
227 tor_free(client_nonce);
228 return 0;
229 fail:
230 connection_mark_for_close(TO_CONN(conn));
231 return -1;
232}
233
234const control_cmd_syntax_t authenticate_syntax = {
235 .max_args = 0,
236 .accept_keywords=true,
237 .kvline_flags=KV_OMIT_KEYS|KV_QUOTED_QSTRING,
238 .store_raw_body=true
239};
240
241/** Called when we get an AUTHENTICATE message. Check whether the
242 * authentication is valid, and if so, update the connection's state to
243 * OPEN. Reply with DONE or ERROR.
244 */
245int
246handle_control_authenticate(control_connection_t *conn,
247 const control_cmd_args_t *args)
248{
249 bool used_quoted_string = false;
250 const or_options_t *options = get_options();
251 const char *errstr = "Unknown error";
252 char *password;
253 size_t password_len;
254 int bad_cookie=0, bad_password=0;
255 smartlist_t *sl = NULL;
256
257 if (args->kwargs == NULL) {
258 password = tor_strdup("");
259 password_len = 0;
260 } else if (args->kwargs->next) {
261 control_write_endreply(conn, 512, "Too many arguments to AUTHENTICATE.");
262 connection_mark_for_close(TO_CONN(conn));
263 return 0;
264 } else if (strcmp(args->kwargs->key, "")) {
265 control_write_endreply(conn, 512,
266 "AUTHENTICATE does not accept keyword arguments.");
267 connection_mark_for_close(TO_CONN(conn));
268 return 0;
269 } else if (strchr(args->raw_body, '\"')) {
270 used_quoted_string = true;
271 password = tor_strdup(args->kwargs->value);
272 password_len = strlen(password);
273 } else {
274 const char *hex_passwd = args->kwargs->value;
275 password_len = strlen(hex_passwd) / 2;
276 password = tor_malloc(password_len+1);
277 if (base16_decode(password, password_len+1, hex_passwd, strlen(hex_passwd))
278 != (int) password_len) {
279 control_write_endreply(conn, 551,
280 "Invalid hexadecimal encoding. Maybe you tried a plain text "
281 "password? If so, the standard requires that you put it in "
282 "double quotes.");
283 connection_mark_for_close(TO_CONN(conn));
284 tor_free(password);
285 return 0;
286 }
287 }
288
289 if (conn->safecookie_client_hash != NULL) {
290 /* The controller has chosen safe cookie authentication; the only
291 * acceptable authentication value is the controller-to-server
292 * response. */
293
294 tor_assert(authentication_cookie_is_set);
295
296 if (password_len != DIGEST256_LEN) {
297 log_warn(LD_CONTROL,
298 "Got safe cookie authentication response with wrong length "
299 "(%d)", (int)password_len);
300 errstr = "Wrong length for safe cookie response.";
301 goto err;
302 }
303
304 if (tor_memneq(conn->safecookie_client_hash, password, DIGEST256_LEN)) {
305 log_warn(LD_CONTROL,
306 "Got incorrect safe cookie authentication response");
307 errstr = "Safe cookie response did not match expected value.";
308 goto err;
309 }
310
311 tor_free(conn->safecookie_client_hash);
312 goto ok;
313 }
314
315 if (!options->CookieAuthentication && !options->HashedControlPassword &&
316 !options->HashedControlSessionPassword) {
317 /* if Tor doesn't demand any stronger authentication, then
318 * the controller can get in with anything. */
319 goto ok;
320 }
321
322 if (options->CookieAuthentication) {
323 int also_password = options->HashedControlPassword != NULL ||
324 options->HashedControlSessionPassword != NULL;
325 if (password_len != AUTHENTICATION_COOKIE_LEN) {
326 if (!also_password) {
327 log_warn(LD_CONTROL, "Got authentication cookie with wrong length "
328 "(%d)", (int)password_len);
329 errstr = "Wrong length on authentication cookie.";
330 goto err;
331 }
332 bad_cookie = 1;
333 } else if (tor_memneq(authentication_cookie, password, password_len)) {
334 if (!also_password) {
335 log_warn(LD_CONTROL, "Got mismatched authentication cookie");
336 errstr = "Authentication cookie did not match expected value.";
337 goto err;
338 }
339 bad_cookie = 1;
340 } else {
341 goto ok;
342 }
343 }
344
345 if (options->HashedControlPassword ||
346 options->HashedControlSessionPassword) {
347 int bad = 0;
348 smartlist_t *sl_tmp;
349 char received[DIGEST_LEN];
350 int also_cookie = options->CookieAuthentication;
351 sl = smartlist_new();
352 if (options->HashedControlPassword) {
353 sl_tmp = decode_hashed_passwords(options->HashedControlPassword);
354 if (!sl_tmp)
355 bad = 1;
356 else {
357 smartlist_add_all(sl, sl_tmp);
358 smartlist_free(sl_tmp);
359 }
360 }
361 if (options->HashedControlSessionPassword) {
362 sl_tmp = decode_hashed_passwords(options->HashedControlSessionPassword);
363 if (!sl_tmp)
364 bad = 1;
365 else {
366 smartlist_add_all(sl, sl_tmp);
367 smartlist_free(sl_tmp);
368 }
369 }
370 if (bad) {
371 if (!also_cookie) {
372 log_warn(LD_BUG,
373 "Couldn't decode HashedControlPassword: invalid base16");
374 errstr="Couldn't decode HashedControlPassword value in configuration.";
375 goto err;
376 }
377 bad_password = 1;
378 SMARTLIST_FOREACH(sl, char *, str, tor_free(str));
379 smartlist_free(sl);
380 sl = NULL;
381 } else {
382 SMARTLIST_FOREACH(sl, char *, expected,
383 {
384 secret_to_key_rfc2440(received,DIGEST_LEN,
385 password,password_len,expected);
386 if (tor_memeq(expected + S2K_RFC2440_SPECIFIER_LEN,
387 received, DIGEST_LEN))
388 goto ok;
389 });
390 SMARTLIST_FOREACH(sl, char *, str, tor_free(str));
391 smartlist_free(sl);
392 sl = NULL;
393
394 if (used_quoted_string)
395 errstr = "Password did not match HashedControlPassword value from "
396 "configuration";
397 else
398 errstr = "Password did not match HashedControlPassword value from "
399 "configuration. Maybe you tried a plain text password? "
400 "If so, the standard requires that you put it in double quotes.";
401 bad_password = 1;
402 if (!also_cookie)
403 goto err;
404 }
405 }
406
407 /** We only get here if both kinds of authentication failed. */
408 tor_assert(bad_password && bad_cookie);
409 log_warn(LD_CONTROL, "Bad password or authentication cookie on controller.");
410 errstr = "Password did not match HashedControlPassword *or* authentication "
411 "cookie.";
412
413 err:
414 tor_free(password);
415 control_printf_endreply(conn, 515, "Authentication failed: %s", errstr);
416 connection_mark_for_close(TO_CONN(conn));
417 if (sl) { /* clean up */
418 SMARTLIST_FOREACH(sl, char *, str, tor_free(str));
419 smartlist_free(sl);
420 }
421 return 0;
422 ok:
423 log_info(LD_CONTROL, "Authenticated control connection ("TOR_SOCKET_T_FORMAT
424 ")", conn->base_.s);
425 send_control_done(conn);
426 conn->base_.state = CONTROL_CONN_STATE_OPEN;
427 tor_free(password);
428 if (sl) { /* clean up */
429 SMARTLIST_FOREACH(sl, char *, str, tor_free(str));
430 smartlist_free(sl);
431 }
432 return 0;
433}
434
435void
436control_auth_free_all(void)
437{
438 if (authentication_cookie) /* Free the auth cookie */
439 tor_free(authentication_cookie);
440 authentication_cookie_is_set = 0;
441}
base64_decode
int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:396
base16_decode
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:506
base16_encode
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
get_options
const or_options_t * get_options(void)
Definition: config.c:944
init_cookie_authentication
int init_cookie_authentication(const char *fname, const char *header, int cookie_len, int group_readable, uint8_t **cookie_out, int *cookie_is_set_out)
Definition: config.c:7485
config.h
Header file for config.c.
confline.h
Header for confline.c.
connection.h
Header file for connection.c.
control.h
Header file for control.c.
CONTROL_CONN_STATE_OPEN
#define CONTROL_CONN_STATE_OPEN
Definition: control.h:20
get_controller_cookie_file_name
char * get_controller_cookie_file_name(void)
Definition: control_auth.c:48
authentication_cookie
static uint8_t * authentication_cookie
Definition: control_auth.c:37
decode_hashed_passwords
smartlist_t * decode_hashed_passwords(config_line_t *passwords)
Definition: control_auth.c:88
handle_control_authchallenge
int handle_control_authchallenge(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_auth.c:133
AUTHENTICATION_COOKIE_LEN
#define AUTHENTICATION_COOKIE_LEN
Definition: control_auth.c:29
handle_control_authenticate
int handle_control_authenticate(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_auth.c:246
authentication_cookie_is_set
static int authentication_cookie_is_set
Definition: control_auth.c:33
control_auth.h
Header file for control_auth.c.
control_cmd.h
Header file for control_cmd.c.
control_cmd_args_st.h
Definition for control_cmd_args_t.
control_connection_st.h
Controller connection structure.
control_write_endreply
void control_write_endreply(control_connection_t *conn, int code, const char *s)
Definition: control_proto.c:214
send_control_done
void send_control_done(control_connection_t *conn)
Definition: control_proto.c:169
control_printf_endreply
void control_printf_endreply(control_connection_t *conn, int code, const char *fmt,...)
Definition: control_proto.c:221
control_proto.h
Header file for control_proto.c.
HEX_DIGEST256_LEN
#define HEX_DIGEST256_LEN
Definition: crypto_digest.h:37
crypto_hmac_sha256
void crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len)
Definition: crypto_digest_nss.c:508
crypto_rand
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:479
crypto_rand.h
Common functions for using (pseudo-)random number generators.
secret_to_key_rfc2440
void secret_to_key_rfc2440(char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier)
Definition: crypto_s2k.c:205
crypto_s2k.h
Header for crypto_s2k.c.
S2K_RFC2440_SPECIFIER_LEN
#define S2K_RFC2440_SPECIFIER_LEN
Definition: crypto_s2k.h:21
crypto_util.h
Common functions for cryptographic routines.
tor_memeq
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
tor_memneq
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
DIGEST256_LEN
#define DIGEST256_LEN
Definition: digest_sizes.h:23
kvline.h
Header for kvline.c.
LD_BUG
#define LD_BUG
Definition: log.h:86
LD_CONTROL
#define LD_CONTROL
Definition: log.h:80
tor_free
#define tor_free(p)
Definition: malloc.h:56
or.h
Master header file for Tor-specific functionality.
TO_CONN
#define TO_CONN(c)
Definition: or.h:612
qstring.h
Header for qstring.c.
smartlist_add_all
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
Definition: smartlist_core.c:125
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
config_line_t
Definition: confline.h:29
connection_t::state
uint8_t state
Definition: connection_st.h:49
connection_t::s
tor_socket_t s
Definition: connection_st.h:100
control_cmd_args_t
Definition: control_cmd_args_st.h:24
control_cmd_args_t::raw_body
const char * raw_body
Definition: control_cmd_args_st.h:49
control_cmd_args_t::args
struct smartlist_t * args
Definition: control_cmd_args_st.h:33
control_cmd_args_t::kwargs
struct config_line_t * kwargs
Definition: control_cmd_args_st.h:37
control_cmd_syntax_t
Definition: control_cmd.h:36
control_cmd_syntax_t::min_args
unsigned int min_args
Definition: control_cmd.h:41
control_cmd_syntax_t::max_args
unsigned int max_args
Definition: control_cmd.h:46
control_connection_t
Definition: control_connection_st.h:19
control_connection_t::safecookie_client_hash
char * safecookie_client_hash
Definition: control_connection_st.h:39
or_options_t
Definition: or_options_st.h:64
or_options_t::CookieAuthFile
char * CookieAuthFile
Definition: or_options_st.h:542
or_options_t::HashedControlPassword
struct config_line_t * HashedControlPassword
Definition: or_options_st.h:536
or_options_t::CookieAuthentication
int CookieAuthentication
Definition: or_options_st.h:540
or_options_t::HashedControlSessionPassword
struct config_line_t * HashedControlSessionPassword
Definition: or_options_st.h:538
smartlist_t
Definition: smartlist_core.h:26
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:103
strcmpstart
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:217
Generated by doxygen 1.9.4