doc/tor/extendinfo_8c_source.html

/* Copyright (c) 2001 Matej Pfajfar.

 * Copyright (c) 2001-2004, Roger Dingledine.

 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.

 * Copyright (c) 2007-2021, The Tor Project, Inc. */

/* See LICENSE for licensing information */


/**

 * @file extendinfo.c

 * @brief Functions for creating and using extend_info_t objects.

 *

 * An extend_info_t is the information we hold about a relay in order to

 * extend a circuit to it.

 **/


#include "core/or/or.h"

#include "core/or/extendinfo.h"


#include "app/config/config.h"

#include "core/or/policies.h"

#include "feature/nodelist/describe.h"

#include "feature/nodelist/nodelist.h"

#include "feature/relay/router.h"

#include "feature/relay/routermode.h"

#include "lib/crypt_ops/crypto_rand.h"


#include "core/or/extend_info_st.h"

#include "feature/nodelist/node_st.h"

#include "feature/nodelist/routerinfo_st.h"

#include "feature/nodelist/routerstatus_st.h"


/** Allocate a new extend_info object based on the various arguments. */

extend_info_t *

extend_info_new(const char *nickname,

                const char *rsa_id_digest,

                const ed25519_public_key_t *ed_id,

                crypto_pk_t *onion_key,

                const curve25519_public_key_t *ntor_key,

                const tor_addr_t *addr, uint16_t port,

                const protover_summary_flags_t *pv,

                bool for_exit_use)

{

  extend_info_t *info = tor_malloc_zero(sizeof(extend_info_t));

  if (rsa_id_digest)

    memcpy(info->identity_digest, rsa_id_digest, DIGEST_LEN);

  if (ed_id && !ed25519_public_key_is_zero(ed_id))

    memcpy(&info->ed_identity, ed_id, sizeof(ed25519_public_key_t));

  if (nickname)

    strlcpy(info->nickname, nickname, sizeof(info->nickname));

  if (onion_key)

    info->onion_key = crypto_pk_dup_key(onion_key);

  if (ntor_key)

    memcpy(&info->curve25519_onion_key, ntor_key,

           sizeof(curve25519_public_key_t));

  for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

    tor_addr_make_unspec(&info->orports[i].addr);

  }


  if (addr) {

    extend_info_add_orport(info, addr, port);

  }


  if (pv && for_exit_use) {

    info->exit_supports_congestion_control =

      pv->supports_congestion_control;

  }


  return info;

}


/**

 * Add another address:port pair to a given extend_info_t, if there is

 * room.  Return 0 on success, -1 on failure.

 **/

int

extend_info_add_orport(extend_info_t *ei,

                       const tor_addr_t *addr,

                       uint16_t port)

{

  for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

    if (tor_addr_is_unspec(&ei->orports[i].addr)) {

      tor_addr_copy(&ei->orports[i].addr, addr);

      ei->orports[i].port = port;

      return 0;

    }

  }

  return -1;

}


/** Allocate and return a new extend_info that can be used to build a

 * circuit to or through the node <b>node</b>. Use the primary address

 * of the node (i.e. its IPv4 address) unless

 * <b>for_direct_connect</b> is true, in which case the preferred

 * address is used instead. May return NULL if there is not enough

 * info about <b>node</b> to extend to it--for example, if the preferred

 * routerinfo_t or microdesc_t is missing, or if for_direct_connect is

 * true and none of the node's addresses is allowed by tor's firewall

 * and IP version config.

 **/

extend_info_t *

extend_info_from_node(const node_t *node, int for_direct_connect,

                      bool for_exit)

{

  crypto_pk_t *rsa_pubkey = NULL;

  extend_info_t *info = NULL;

  tor_addr_port_t ap;

  int valid_addr = 0;


  if (!node_has_preferred_descriptor(node, for_direct_connect)) {

    return NULL;

  }


  /* Choose a preferred address first, but fall back to an allowed address. */

  if (for_direct_connect)

    reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0, &ap);

  else {

    node_get_prim_orport(node, &ap);

  }

  valid_addr = tor_addr_port_is_valid_ap(&ap, 0);


  if (valid_addr)

    log_debug(LD_CIRC, "using %s for %s",

              fmt_addrport(&ap.addr, ap.port),

              node->ri ? node->ri->nickname : node->rs->nickname);

  else

    log_warn(LD_CIRC, "Could not choose valid address for %s",

              node->ri ? node->ri->nickname : node->rs->nickname);


  /* Every node we connect or extend to must support ntor */

  if (!node_has_curve25519_onion_key(node)) {

    log_fn(LOG_PROTOCOL_WARN, LD_CIRC,

           "Attempted to create extend_info for a node that does not support "

           "ntor: %s", node_describe(node));

    return NULL;

  }


  const ed25519_public_key_t *ed_pubkey = NULL;


  /* Don't send the ed25519 pubkey unless the target node actually supports

   * authenticating with it. */

  if (node_supports_ed25519_link_authentication(node, 0)) {

    log_info(LD_CIRC, "Including Ed25519 ID for %s", node_describe(node));

    ed_pubkey = node_get_ed25519_id(node);

  } else if (node_get_ed25519_id(node)) {

    log_info(LD_CIRC, "Not including the ed25519 ID for %s, since it won't "

             "be able to authenticate it.",

             node_describe(node));

  }


  /* Retrieve the curve25519 pubkey. */

  const curve25519_public_key_t *curve_pubkey =

    node_get_curve25519_onion_key(node);

  rsa_pubkey = node_get_rsa_onion_key(node);


  if (valid_addr && node->ri) {

    info = extend_info_new(node->ri->nickname,

                           node->identity,

                           ed_pubkey,

                           rsa_pubkey,

                           curve_pubkey,

                           &ap.addr,

                           ap.port,

                           &node->ri->pv,

                           for_exit);

  } else if (valid_addr && node->rs && node->md) {

    info = extend_info_new(node->rs->nickname,

                           node->identity,

                           ed_pubkey,

                           rsa_pubkey,

                           curve_pubkey,

                           &ap.addr,

                           ap.port,

                           &node->rs->pv,

                           for_exit);

  }


  crypto_pk_free(rsa_pubkey);

  return info;

}


/** Release storage held by an extend_info_t struct. */

void

extend_info_free_(extend_info_t *info)

{

  if (!info)

    return;

  crypto_pk_free(info->onion_key);

  tor_free(info);

}


/** Allocate and return a new extend_info_t with the same contents as

 * <b>info</b>. */

extend_info_t *

extend_info_dup(extend_info_t *info)

{

  extend_info_t *newinfo;

  tor_assert(info);

  newinfo = tor_malloc(sizeof(extend_info_t));

  memcpy(newinfo, info, sizeof(extend_info_t));

  if (info->onion_key)

    newinfo->onion_key = crypto_pk_dup_key(info->onion_key);

  else

    newinfo->onion_key = NULL;

  return newinfo;

}


/* Does ei have a valid TAP key? */

int

extend_info_supports_tap(const extend_info_t* ei)

{

  tor_assert(ei);

  /* Valid TAP keys are not NULL */

  return ei->onion_key != NULL;

}


/* Does ei have a valid ntor key? */

int

extend_info_supports_ntor(const extend_info_t* ei)

{

  tor_assert(ei);

  /* Valid ntor keys have at least one non-zero byte */

  return !fast_mem_is_zero(

                          (const char*)ei->curve25519_onion_key.public_key,

                          CURVE25519_PUBKEY_LEN);

}


/** Return true if we can use the Ntor v3 handshake with `ei` */

int

extend_info_supports_ntor_v3(const extend_info_t *ei)

{

  tor_assert(ei);

  return extend_info_supports_ntor(ei) &&

    ei->exit_supports_congestion_control;

}


/* Does ei have an onion key which it would prefer to use?

 * Currently, we prefer ntor keys*/

int

extend_info_has_preferred_onion_key(const extend_info_t* ei)

{

  tor_assert(ei);

  return extend_info_supports_ntor(ei);

}


/** Return true iff the given address can be used to extend to. */

int

extend_info_addr_is_allowed(const tor_addr_t *addr)

{

  tor_assert(addr);


  /* Check if we have a private address and if we can extend to it. */

  if ((tor_addr_is_internal(addr, 0) || tor_addr_is_multicast(addr)) &&

      !get_options()->ExtendAllowPrivateAddresses) {

    goto disallow;

  }

  /* Allowed! */

  return 1;

 disallow:

  return 0;

}


/**

 * Return true if @a addr : @a port is a listed ORPort in @a ei.

 **/

bool

extend_info_has_orport(const extend_info_t *ei,

                       const tor_addr_t *addr, uint16_t port)

{

  IF_BUG_ONCE(ei == NULL) {

    return false;

  }


  for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

    const tor_addr_port_t *ei_ap = &ei->orports[i];

    if (tor_addr_eq(&ei_ap->addr, addr) && ei_ap->port == port)

      return true;

  }

  return false;

}


/**

 * If the extend_info @a ei has an orport of the chosen family, then return

 * that orport.  Otherwise, return NULL.

 **/

const tor_addr_port_t *

extend_info_get_orport(const extend_info_t *ei, int family)

{

  for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

    if (tor_addr_is_unspec(&ei->orports[i].addr))

      continue;

    if (tor_addr_family(&ei->orports[i].addr) == family)

      return &ei->orports[i];

  }

  return NULL;

}


/**

 * Chose an addr_port_t within @a ei to connect to.

 **/

const tor_addr_port_t *

extend_info_pick_orport(const extend_info_t *ei)

{

  IF_BUG_ONCE(!ei) {

    return NULL;

  }

  const or_options_t *options = get_options();

  if (!server_mode(options)) {

    // If we aren't a server, just pick the first address we built into

    // this extendinfo.

    return &ei->orports[0];

  }


  const bool ipv6_ok = router_can_extend_over_ipv6(options);


  // Use 'usable' to collect the usable orports, then pick one.

  const tor_addr_port_t *usable[EXTEND_INFO_MAX_ADDRS];

  int n_usable = 0;

  for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

    const tor_addr_port_t *a = &ei->orports[i];

    const int family = tor_addr_family(&a->addr);

    if (family == AF_INET || (ipv6_ok && family == AF_INET6)) {

      usable[n_usable++] = a;

    }

  }


  if (n_usable == 0) {

    // Need to bail out early, since nothing will work.

    return NULL;

  }


  crypto_fast_rng_t *rng = get_thread_fast_rng();

  const int idx = crypto_fast_rng_get_uint(rng, n_usable);


  return usable[idx];

}


/**

 * Return true if any orport address in @a ei is an internal address.

 **/

bool

extend_info_any_orport_addr_is_internal(const extend_info_t *ei)

{

  IF_BUG_ONCE(ei == NULL) {

    return false;

  }


  for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

    if (! tor_addr_is_unspec(&ei->orports[i].addr) &&

        tor_addr_is_internal(&ei->orports[i].addr, 0))

      return true;

  }

  return false;

}

tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933

tor_addr_make_unspec
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225

tor_addr_is_multicast
int tor_addr_is_multicast(const tor_addr_t *a)
Definition: address.c:1624

fmt_addrport
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1199

tor_addr_family
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187

tor_addr_eq
#define tor_addr_eq(a, b)
Definition: address.h:280

tor_addr_is_unspec
static bool tor_addr_is_unspec(const tor_addr_t *a)
Definition: address.h:196

get_options
const or_options_t * get_options(void)
Definition: config.c:944

config.h
Header file for config.c.

ed25519_public_key_is_zero
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:227

crypto_rand.h
Common functions for using (pseudo-)random number generators.

get_thread_fast_rng
crypto_fast_rng_t * get_thread_fast_rng(void)
Definition: crypto_rand_fast.c:377

crypto_fast_rng_get_uint
unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit)
Definition: crypto_rand_numeric.c:139

crypto_pk_dup_key
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Definition: crypto_rsa_nss.c:353

node_describe
const char * node_describe(const node_t *node)
Definition: describe.c:160

describe.h
Header file for describe.c.

DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20

extend_info_st.h
Extend-info structure.

EXTEND_INFO_MAX_ADDRS
#define EXTEND_INFO_MAX_ADDRS
Definition: extend_info_st.h:21

extend_info_new
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port, const protover_summary_flags_t *pv, bool for_exit_use)
Definition: extendinfo.c:33

extend_info_free_
void extend_info_free_(extend_info_t *info)
Definition: extendinfo.c:182

extend_info_dup
extend_info_t * extend_info_dup(extend_info_t *info)
Definition: extendinfo.c:193

extend_info_from_node
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect, bool for_exit)
Definition: extendinfo.c:100

extend_info_pick_orport
const tor_addr_port_t * extend_info_pick_orport(const extend_info_t *ei)
Definition: extendinfo.c:300

extend_info_add_orport
int extend_info_add_orport(extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:75

extend_info_get_orport
const tor_addr_port_t * extend_info_get_orport(const extend_info_t *ei, int family)
Definition: extendinfo.c:285

extend_info_supports_ntor_v3
int extend_info_supports_ntor_v3(const extend_info_t *ei)
Definition: extendinfo.c:228

extend_info_any_orport_addr_is_internal
bool extend_info_any_orport_addr_is_internal(const extend_info_t *ei)
Definition: extendinfo.c:340

extend_info_has_orport
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:265

extend_info_addr_is_allowed
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Definition: extendinfo.c:246

extendinfo.h
Header for core/or/extendinfo.c.

log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283

LD_CIRC
#define LD_CIRC
Definition: log.h:82

tor_free
#define tor_free(p)
Definition: malloc.h:56

node_st.h
Node information structure.

node_get_prim_orport
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1830

node_has_preferred_descriptor
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1509

node_supports_ed25519_link_authentication
bool node_supports_ed25519_link_authentication(const node_t *node, bool compatible_with_us)
Definition: nodelist.c:1235

node_get_curve25519_onion_key
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:2025

node_get_ed25519_id
const ed25519_public_key_t * node_get_ed25519_id(const node_t *node)
Definition: nodelist.c:1150

node_has_curve25519_onion_key
int node_has_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:2018

nodelist.h
Header file for nodelist.c.

or.h
Master header file for Tor-specific functionality.

reachable_addr_choose_from_node
void reachable_addr_choose_from_node(const node_t *node, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:988

policies.h
Header file for policies.c.

router_can_extend_over_ipv6
bool router_can_extend_over_ipv6(const or_options_t *options)
Definition: router.c:1599

router.h
Header file for router.c.

routerinfo_st.h
Router descriptor structure.

server_mode
int server_mode(const or_options_t *options)
Definition: routermode.c:34

routermode.h
Header file for routermode.c.

routerstatus_st.h
Routerstatus (consensus entry) structure.

crypto_fast_rng_t
Definition: crypto_rand_fast.c:95

crypto_pk_t
Definition: crypto_rsa_nss.c:39

curve25519_public_key_t
Definition: crypto_curve25519.h:24

ed25519_public_key_t
Definition: crypto_ed25519.h:23

extend_info_t
Definition: extend_info_st.h:27

extend_info_t::orports
tor_addr_port_t orports[EXTEND_INFO_MAX_ADDRS]
Definition: extend_info_st.h:36

extend_info_t::ed_identity
ed25519_public_key_t ed_identity
Definition: extend_info_st.h:33

extend_info_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: extend_info_st.h:31

extend_info_t::nickname
char nickname[MAX_HEX_NICKNAME_LEN+1]
Definition: extend_info_st.h:28

extend_info_t::onion_key
crypto_pk_t * onion_key
Definition: extend_info_st.h:38

extend_info_t::exit_supports_congestion_control
bool exit_supports_congestion_control
Definition: extend_info_st.h:44

extend_info_t::curve25519_onion_key
curve25519_public_key_t curve25519_onion_key
Definition: extend_info_st.h:40

node_t
Definition: node_st.h:34

node_t::identity
char identity[DIGEST_LEN]
Definition: node_st.h:46

or_options_t
Definition: or_options_st.h:64

protover_summary_flags_t
Definition: or.h:686

protover_summary_flags_t::supports_congestion_control
unsigned int supports_congestion_control
Definition: or.h:742

routerinfo_t::pv
protover_summary_flags_t pv
Definition: routerinfo_st.h:93

routerinfo_t::nickname
char * nickname
Definition: routerinfo_st.h:22

routerstatus_t::pv
protover_summary_flags_t pv
Definition: routerstatus_st.h:70

routerstatus_t::nickname
char nickname[MAX_NICKNAME_LEN+1]
Definition: routerstatus_st.h:24

tor_addr_port_t
Definition: address.h:81

tor_addr_t
Definition: address.h:69

tor_assert
#define tor_assert(expr)
Definition: util_bug.h:103

IF_BUG_ONCE
#define IF_BUG_ONCE(cond)
Definition: util_bug.h:254

fast_mem_is_zero
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:76

CURVE25519_PUBKEY_LEN
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20