doc/tor/extendinfo_8c_source.html

 /* Copyright (c) 2001 Matej Pfajfar.

  * Copyright (c) 2001-2004, Roger Dingledine.

  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.

  * Copyright (c) 2007-2021, The Tor Project, Inc. */

 /* See LICENSE for licensing information */


 /**

  * @file extendinfo.c

  * @brief Functions for creating and using extend_info_t objects.

  *

  * An extend_info_t is the information we hold about a relay in order to

  * extend a circuit to it.

  **/


 #include "core/or/or.h"

 #include "core/or/extendinfo.h"


 #include "app/config/config.h"

 #include "core/or/policies.h"

 #include "feature/nodelist/describe.h"

 #include "feature/nodelist/nodelist.h"

 #include "feature/relay/router.h"

 #include "feature/relay/routermode.h"

 #include "lib/crypt_ops/crypto_rand.h"


 #include "core/or/extend_info_st.h"

 #include "feature/nodelist/node_st.h"

 #include "feature/nodelist/routerinfo_st.h"

 #include "feature/nodelist/routerstatus_st.h"


 /** Allocate a new extend_info object based on the various arguments. */

 extend_info_t *

 extend_info_new(const char *nickname,

                 const char *rsa_id_digest,

                 const ed25519_public_key_t *ed_id,

                 crypto_pk_t *onion_key,

                 const curve25519_public_key_t *ntor_key,

                 const tor_addr_t *addr, uint16_t port,

                 const protover_summary_flags_t *pv,

                 bool for_exit_use)

 {

   extend_info_t *info = tor_malloc_zero(sizeof(extend_info_t));

   if (rsa_id_digest)

     memcpy(info->identity_digest, rsa_id_digest, DIGEST_LEN);

   if (ed_id && !ed25519_public_key_is_zero(ed_id))

     memcpy(&info->ed_identity, ed_id, sizeof(ed25519_public_key_t));

   if (nickname)

     strlcpy(info->nickname, nickname, sizeof(info->nickname));

   if (onion_key)

     info->onion_key = crypto_pk_dup_key(onion_key);

   if (ntor_key)

     memcpy(&info->curve25519_onion_key, ntor_key,

            sizeof(curve25519_public_key_t));

   for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

     tor_addr_make_unspec(&info->orports[i].addr);

   }


   if (addr) {

     extend_info_add_orport(info, addr, port);

   }


   if (pv && for_exit_use) {

     info->exit_supports_congestion_control =

       pv->supports_congestion_control;

   }


   return info;

 }


 /**

  * Add another address:port pair to a given extend_info_t, if there is

  * room.  Return 0 on success, -1 on failure.

  **/

 int

 extend_info_add_orport(extend_info_t *ei,

                        const tor_addr_t *addr,

                        uint16_t port)

 {

   for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

     if (tor_addr_is_unspec(&ei->orports[i].addr)) {

       tor_addr_copy(&ei->orports[i].addr, addr);

       ei->orports[i].port = port;

       return 0;

     }

   }

   return -1;

 }


 /** Allocate and return a new extend_info that can be used to build a

  * circuit to or through the node <b>node</b>. Use the primary address

  * of the node (i.e. its IPv4 address) unless

  * <b>for_direct_connect</b> is true, in which case the preferred

  * address is used instead. May return NULL if there is not enough

  * info about <b>node</b> to extend to it--for example, if the preferred

  * routerinfo_t or microdesc_t is missing, or if for_direct_connect is

  * true and none of the node's addresses is allowed by tor's firewall

  * and IP version config.

  **/

 extend_info_t *

 extend_info_from_node(const node_t *node, int for_direct_connect,

                       bool for_exit)

 {

   crypto_pk_t *rsa_pubkey = NULL;

   extend_info_t *info = NULL;

   tor_addr_port_t ap;

   int valid_addr = 0;


   if (!node_has_preferred_descriptor(node, for_direct_connect)) {

     return NULL;

   }


   /* Choose a preferred address first, but fall back to an allowed address. */

   if (for_direct_connect)

     reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0, &ap);

   else {

     node_get_prim_orport(node, &ap);

   }

   valid_addr = tor_addr_port_is_valid_ap(&ap, 0);


   if (valid_addr)

     log_debug(LD_CIRC, "using %s for %s",

               fmt_addrport(&ap.addr, ap.port),

               node->ri ? node->ri->nickname : node->rs->nickname);

   else

     log_warn(LD_CIRC, "Could not choose valid address for %s",

               node->ri ? node->ri->nickname : node->rs->nickname);


   /* Every node we connect or extend to must support ntor */

   if (!node_has_curve25519_onion_key(node)) {

     log_fn(LOG_PROTOCOL_WARN, LD_CIRC,

            "Attempted to create extend_info for a node that does not support "

            "ntor: %s", node_describe(node));

     return NULL;

   }


   const ed25519_public_key_t *ed_pubkey = NULL;


   /* Don't send the ed25519 pubkey unless the target node actually supports

    * authenticating with it. */

   if (node_supports_ed25519_link_authentication(node, 0)) {

     log_info(LD_CIRC, "Including Ed25519 ID for %s", node_describe(node));

     ed_pubkey = node_get_ed25519_id(node);

   } else if (node_get_ed25519_id(node)) {

     log_info(LD_CIRC, "Not including the ed25519 ID for %s, since it won't "

              "be able to authenticate it.",

              node_describe(node));

   }


   /* Retrieve the curve25519 pubkey. */

   const curve25519_public_key_t *curve_pubkey =

     node_get_curve25519_onion_key(node);

   rsa_pubkey = node_get_rsa_onion_key(node);


   if (valid_addr && node->ri) {

     info = extend_info_new(node->ri->nickname,

                            node->identity,

                            ed_pubkey,

                            rsa_pubkey,

                            curve_pubkey,

                            &ap.addr,

                            ap.port,

                            &node->ri->pv,

                            for_exit);

   } else if (valid_addr && node->rs && node->md) {

     info = extend_info_new(node->rs->nickname,

                            node->identity,

                            ed_pubkey,

                            rsa_pubkey,

                            curve_pubkey,

                            &ap.addr,

                            ap.port,

                            &node->rs->pv,

                            for_exit);

   }


   crypto_pk_free(rsa_pubkey);

   return info;

 }


 /** Release storage held by an extend_info_t struct. */

 void

 extend_info_free_(extend_info_t *info)

 {

   if (!info)

     return;

   crypto_pk_free(info->onion_key);

   tor_free(info);

 }


 /** Allocate and return a new extend_info_t with the same contents as

  * <b>info</b>. */

 extend_info_t *

 extend_info_dup(extend_info_t *info)

 {

   extend_info_t *newinfo;

   tor_assert(info);

   newinfo = tor_malloc(sizeof(extend_info_t));

   memcpy(newinfo, info, sizeof(extend_info_t));

   if (info->onion_key)

     newinfo->onion_key = crypto_pk_dup_key(info->onion_key);

   else

     newinfo->onion_key = NULL;

   return newinfo;

 }


 /* Does ei have a valid TAP key? */

 int

 extend_info_supports_tap(const extend_info_t* ei)

 {

   tor_assert(ei);

   /* Valid TAP keys are not NULL */

   return ei->onion_key != NULL;

 }


 /* Does ei have a valid ntor key? */

 int

 extend_info_supports_ntor(const extend_info_t* ei)

 {

   tor_assert(ei);

   /* Valid ntor keys have at least one non-zero byte */

   return !fast_mem_is_zero(

                           (const char*)ei->curve25519_onion_key.public_key,

                           CURVE25519_PUBKEY_LEN);

 }


 /** Return true if we can use the Ntor v3 handshake with `ei` */

 int

 extend_info_supports_ntor_v3(const extend_info_t *ei)

 {

   tor_assert(ei);

   return extend_info_supports_ntor(ei) &&

     ei->exit_supports_congestion_control;

 }


 /* Does ei have an onion key which it would prefer to use?

  * Currently, we prefer ntor keys*/

 int

 extend_info_has_preferred_onion_key(const extend_info_t* ei)

 {

   tor_assert(ei);

   return extend_info_supports_ntor(ei);

 }


 /** Return true iff the given address can be used to extend to. */

 int

 extend_info_addr_is_allowed(const tor_addr_t *addr)

 {

   tor_assert(addr);


   /* Check if we have a private address and if we can extend to it. */

   if ((tor_addr_is_internal(addr, 0) || tor_addr_is_multicast(addr)) &&

       !get_options()->ExtendAllowPrivateAddresses) {

     goto disallow;

   }

   /* Allowed! */

   return 1;

  disallow:

   return 0;

 }


 /**

  * Return true if @a addr : @a port is a listed ORPort in @a ei.

  **/

 bool

 extend_info_has_orport(const extend_info_t *ei,

                        const tor_addr_t *addr, uint16_t port)

 {

   IF_BUG_ONCE(ei == NULL) {

     return false;

   }


   for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

     const tor_addr_port_t *ei_ap = &ei->orports[i];

     if (tor_addr_eq(&ei_ap->addr, addr) && ei_ap->port == port)

       return true;

   }

   return false;

 }


 /**

  * If the extend_info @a ei has an orport of the chosen family, then return

  * that orport.  Otherwise, return NULL.

  **/

 const tor_addr_port_t *

 extend_info_get_orport(const extend_info_t *ei, int family)

 {

   for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

     if (tor_addr_is_unspec(&ei->orports[i].addr))

       continue;

     if (tor_addr_family(&ei->orports[i].addr) == family)

       return &ei->orports[i];

   }

   return NULL;

 }


 /**

  * Chose an addr_port_t within @a ei to connect to.

  **/

 const tor_addr_port_t *

 extend_info_pick_orport(const extend_info_t *ei)

 {

   IF_BUG_ONCE(!ei) {

     return NULL;

   }

   const or_options_t *options = get_options();

   if (!server_mode(options)) {

     // If we aren't a server, just pick the first address we built into

     // this extendinfo.

     return &ei->orports[0];

   }


   const bool ipv6_ok = router_can_extend_over_ipv6(options);


   // Use 'usable' to collect the usable orports, then pick one.

   const tor_addr_port_t *usable[EXTEND_INFO_MAX_ADDRS];

   int n_usable = 0;

   for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

     const tor_addr_port_t *a = &ei->orports[i];

     const int family = tor_addr_family(&a->addr);

     if (family == AF_INET || (ipv6_ok && family == AF_INET6)) {

       usable[n_usable++] = a;

     }

   }


   if (n_usable == 0) {

     // Need to bail out early, since nothing will work.

     return NULL;

   }


   crypto_fast_rng_t *rng = get_thread_fast_rng();

   const int idx = crypto_fast_rng_get_uint(rng, n_usable);


   return usable[idx];

 }


 /**

  * Return true if any orport address in @a ei is an internal address.

  **/

 bool

 extend_info_any_orport_addr_is_internal(const extend_info_t *ei)

 {

   IF_BUG_ONCE(ei == NULL) {

     return false;

   }


   for (int i = 0; i < EXTEND_INFO_MAX_ADDRS; ++i) {

     if (! tor_addr_is_unspec(&ei->orports[i].addr) &&

         tor_addr_is_internal(&ei->orports[i].addr, 0))

       return true;

   }

   return false;

 }

tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933

fmt_addrport
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1199

tor_addr_make_unspec
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225

tor_addr_is_multicast
int tor_addr_is_multicast(const tor_addr_t *a)
Definition: address.c:1624

tor_addr_family
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187

tor_addr_eq
#define tor_addr_eq(a, b)
Definition: address.h:280

tor_addr_is_unspec
static bool tor_addr_is_unspec(const tor_addr_t *a)
Definition: address.h:196

get_options
const or_options_t * get_options(void)
Definition: config.c:926

config.h
Header file for config.c.

ed25519_public_key_is_zero
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:227

crypto_rand.h
Common functions for using (pseudo-)random number generators.

get_thread_fast_rng
crypto_fast_rng_t * get_thread_fast_rng(void)
Definition: crypto_rand_fast.c:377

crypto_fast_rng_get_uint
unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit)
Definition: crypto_rand_numeric.c:139

crypto_pk_dup_key
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Definition: crypto_rsa_nss.c:353

node_describe
const char * node_describe(const node_t *node)
Definition: describe.c:160

describe.h
Header file for describe.c.

DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20

extend_info_st.h
Extend-info structure.

EXTEND_INFO_MAX_ADDRS
#define EXTEND_INFO_MAX_ADDRS
Definition: extend_info_st.h:21

extend_info_free_
void extend_info_free_(extend_info_t *info)
Definition: extendinfo.c:182

extend_info_get_orport
const tor_addr_port_t * extend_info_get_orport(const extend_info_t *ei, int family)
Definition: extendinfo.c:285

extend_info_add_orport
int extend_info_add_orport(extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:75

extend_info_from_node
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect, bool for_exit)
Definition: extendinfo.c:100

extend_info_supports_ntor_v3
int extend_info_supports_ntor_v3(const extend_info_t *ei)
Definition: extendinfo.c:228

extend_info_pick_orport
const tor_addr_port_t * extend_info_pick_orport(const extend_info_t *ei)
Definition: extendinfo.c:300

extend_info_any_orport_addr_is_internal
bool extend_info_any_orport_addr_is_internal(const extend_info_t *ei)
Definition: extendinfo.c:340

extend_info_dup
extend_info_t * extend_info_dup(extend_info_t *info)
Definition: extendinfo.c:193

extend_info_has_orport
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:265

extend_info_addr_is_allowed
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Definition: extendinfo.c:246

extend_info_new
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port, const protover_summary_flags_t *pv, bool for_exit_use)
Definition: extendinfo.c:33

extendinfo.h
Header for core/or/extendinfo.c.

log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283

LD_CIRC
#define LD_CIRC
Definition: log.h:82

tor_free
#define tor_free(p)
Definition: malloc.h:56

node_st.h
Node information structure.

node_get_prim_orport
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1821

node_has_preferred_descriptor
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1500

node_supports_ed25519_link_authentication
bool node_supports_ed25519_link_authentication(const node_t *node, bool compatible_with_us)
Definition: nodelist.c:1235

node_get_ed25519_id
const ed25519_public_key_t * node_get_ed25519_id(const node_t *node)
Definition: nodelist.c:1150

node_get_curve25519_onion_key
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:2016

node_has_curve25519_onion_key
int node_has_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:2009

nodelist.h
Header file for nodelist.c.

or.h
Master header file for Tor-specific functionality.

reachable_addr_choose_from_node
void reachable_addr_choose_from_node(const node_t *node, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:988

policies.h
Header file for policies.c.

router_can_extend_over_ipv6
bool router_can_extend_over_ipv6(const or_options_t *options)
Definition: router.c:1594

router.h
Header file for router.c.

routerinfo_st.h
Router descriptor structure.

server_mode
int server_mode(const or_options_t *options)
Definition: routermode.c:34

routermode.h
Header file for routermode.c.

routerstatus_st.h
Routerstatus (consensus entry) structure.

crypto_fast_rng_t
Definition: crypto_rand_fast.c:95

crypto_pk_t
Definition: crypto_rsa_nss.c:39

curve25519_public_key_t
Definition: crypto_curve25519.h:24

ed25519_public_key_t
Definition: crypto_ed25519.h:23

extend_info_t
Definition: extend_info_st.h:27

extend_info_t::orports
tor_addr_port_t orports[EXTEND_INFO_MAX_ADDRS]
Definition: extend_info_st.h:36

extend_info_t::ed_identity
ed25519_public_key_t ed_identity
Definition: extend_info_st.h:33

extend_info_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: extend_info_st.h:31

extend_info_t::nickname
char nickname[MAX_HEX_NICKNAME_LEN+1]
Definition: extend_info_st.h:28

extend_info_t::onion_key
crypto_pk_t * onion_key
Definition: extend_info_st.h:38

extend_info_t::exit_supports_congestion_control
bool exit_supports_congestion_control
Definition: extend_info_st.h:44

extend_info_t::curve25519_onion_key
curve25519_public_key_t curve25519_onion_key
Definition: extend_info_st.h:40

node_t
Definition: node_st.h:34

node_t::identity
char identity[DIGEST_LEN]
Definition: node_st.h:46

or_options_t
Definition: or_options_st.h:64

protover_summary_flags_t
Definition: or.h:677

protover_summary_flags_t::supports_congestion_control
unsigned int supports_congestion_control
Definition: or.h:733

routerinfo_t::pv
protover_summary_flags_t pv
Definition: routerinfo_st.h:93

routerinfo_t::nickname
char * nickname
Definition: routerinfo_st.h:22

routerstatus_t::pv
protover_summary_flags_t pv
Definition: routerstatus_st.h:70

routerstatus_t::nickname
char nickname[MAX_NICKNAME_LEN+1]
Definition: routerstatus_st.h:24

tor_addr_port_t
Definition: address.h:81

tor_addr_t
Definition: address.h:69

tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102

IF_BUG_ONCE
#define IF_BUG_ONCE(cond)
Definition: util_bug.h:246

fast_mem_is_zero
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74

CURVE25519_PUBKEY_LEN
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20