search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'bug2352_obsize' into maint-0.2.1
[tor/rransom.git] / src / or / routerparse.c
blob37785090517e5f945ad7813104858ff4f8827c12
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2011, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file routerparse.c
9 * \brief Code to parse and validate router descriptors and directories.
10 **/
11
12 #include "or.h"
13 #include "memarea.h"
14
15 /****************************************************************************/
16
17 /** Enumeration of possible token types. The ones starting with K_ correspond
18 * to directory 'keywords'. _ERR is an error in the tokenizing process, _EOF
19 * is an end-of-file marker, and _NIL is used to encode not-a-token.
20 */
21 typedef enum {
22 K_ACCEPT = 0,
23 K_ACCEPT6,
24 K_DIRECTORY_SIGNATURE,
25 K_RECOMMENDED_SOFTWARE,
26 K_REJECT,
27 K_REJECT6,
28 K_ROUTER,
29 K_SIGNED_DIRECTORY,
30 K_SIGNING_KEY,
31 K_ONION_KEY,
32 K_ROUTER_SIGNATURE,
33 K_PUBLISHED,
34 K_RUNNING_ROUTERS,
35 K_ROUTER_STATUS,
36 K_PLATFORM,
37 K_OPT,
38 K_BANDWIDTH,
39 K_CONTACT,
40 K_NETWORK_STATUS,
41 K_UPTIME,
42 K_DIR_SIGNING_KEY,
43 K_FAMILY,
44 K_FINGERPRINT,
45 K_HIBERNATING,
46 K_READ_HISTORY,
47 K_WRITE_HISTORY,
48 K_NETWORK_STATUS_VERSION,
49 K_DIR_SOURCE,
50 K_DIR_OPTIONS,
51 K_CLIENT_VERSIONS,
52 K_SERVER_VERSIONS,
53 K_P,
54 K_R,
55 K_S,
56 K_V,
57 K_W,
58 K_EVENTDNS,
59 K_EXTRA_INFO,
60 K_EXTRA_INFO_DIGEST,
61 K_CACHES_EXTRA_INFO,
62 K_HIDDEN_SERVICE_DIR,
63 K_ALLOW_SINGLE_HOP_EXITS,
64
65 K_DIR_KEY_CERTIFICATE_VERSION,
66 K_DIR_IDENTITY_KEY,
67 K_DIR_KEY_PUBLISHED,
68 K_DIR_KEY_EXPIRES,
69 K_DIR_KEY_CERTIFICATION,
70 K_DIR_KEY_CROSSCERT,
71 K_DIR_ADDRESS,
72
73 K_VOTE_STATUS,
74 K_VALID_AFTER,
75 K_FRESH_UNTIL,
76 K_VALID_UNTIL,
77 K_VOTING_DELAY,
78
79 K_KNOWN_FLAGS,
80 K_PARAMS,
81 K_VOTE_DIGEST,
82 K_CONSENSUS_DIGEST,
83 K_CONSENSUS_METHODS,
84 K_CONSENSUS_METHOD,
85 K_LEGACY_DIR_KEY,
86
87 A_PURPOSE,
88 _A_UNKNOWN,
89
90 R_RENDEZVOUS_SERVICE_DESCRIPTOR,
91 R_VERSION,
92 R_PERMANENT_KEY,
93 R_SECRET_ID_PART,
94 R_PUBLICATION_TIME,
95 R_PROTOCOL_VERSIONS,
96 R_INTRODUCTION_POINTS,
97 R_SIGNATURE,
98
99 R_IPO_IDENTIFIER,
100 R_IPO_IP_ADDRESS,
101 R_IPO_ONION_PORT,
102 R_IPO_ONION_KEY,
103 R_IPO_SERVICE_KEY,
104
105 C_CLIENT_NAME,
106 C_DESCRIPTOR_COOKIE,
107 C_CLIENT_KEY,
108
109 _ERR,
110 _EOF,
111 _NIL
112 } directory_keyword;
113
114 #define MIN_ANNOTATION A_PURPOSE
115 #define MAX_ANNOTATION _A_UNKNOWN
116
117 /** Structure to hold a single directory token.
118 *
119 * We parse a directory by breaking it into "tokens", each consisting
120 * of a keyword, a line full of arguments, and a binary object. The
121 * arguments and object are both optional, depending on the keyword
122 * type.
123 *
124 * This structure is only allocated in memareas; do not allocate it on
125 * the heap, or token_free() won't work.
126 */
127 typedef struct directory_token_t {
128 directory_keyword tp; /**< Type of the token. */
129 int n_args:30; /**< Number of elements in args */
130 char **args; /**< Array of arguments from keyword line. */
131
132 char *object_type; /**< -----BEGIN [object_type]-----*/
133 size_t object_size; /**< Bytes in object_body */
134 char *object_body; /**< Contents of object, base64-decoded. */
135
136 crypto_pk_env_t *key; /**< For public keys only. Heap-allocated. */
137
138 char *error; /**< For _ERR tokens only. */
139 } directory_token_t;
140
141 /* ********************************************************************** */
142
143 /** We use a table of rules to decide how to parse each token type. */
144
145 /** Rules for whether the keyword needs an object. */
146 typedef enum {
147 NO_OBJ, /**< No object, ever. */
148 NEED_OBJ, /**< Object is required. */
149 NEED_SKEY_1024,/**< Object is required, and must be a 1024 bit private key */
150 NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */
151 NEED_KEY, /**< Object is required, and must be a public key. */
152 OBJ_OK, /**< Object is optional. */
153 } obj_syntax;
154
155 #define AT_START 1
156 #define AT_END 2
157
158 /** Determines the parsing rules for a single token type. */
159 typedef struct token_rule_t {
160 /** The string value of the keyword identifying the type of item. */
161 const char *t;
162 /** The corresponding directory_keyword enum. */
163 directory_keyword v;
164 /** Minimum number of arguments for this item */
165 int min_args;
166 /** Maximum number of arguments for this item */
167 int max_args;
168 /** If true, we concatenate all arguments for this item into a single
169 * string. */
170 int concat_args;
171 /** Requirements on object syntax for this item. */
172 obj_syntax os;
173 /** Lowest number of times this item may appear in a document. */
174 int min_cnt;
175 /** Highest number of times this item may appear in a document. */
176 int max_cnt;
177 /** One or more of AT_START/AT_END to limit where the item may appear in a
178 * document. */
179 int pos;
180 /** True iff this token is an annotation. */
181 int is_annotation;
182 } token_rule_t;
183
184 /*
185 * Helper macros to define token tables. 's' is a string, 't' is a
186 * directory_keyword, 'a' is a trio of argument multiplicities, and 'o' is an
187 * object syntax.
188 *
189 */
190
191 /** Appears to indicate the end of a table. */
192 #define END_OF_TABLE { NULL, _NIL, 0,0,0, NO_OBJ, 0, INT_MAX, 0, 0 }
193 /** An item with no restrictions: used for obsolete document types */
194 #define T(s,t,a,o) { s, t, a, o, 0, INT_MAX, 0, 0 }
195 /** An item with no restrictions on multiplicity or location. */
196 #define T0N(s,t,a,o) { s, t, a, o, 0, INT_MAX, 0, 0 }
197 /** An item that must appear exactly once */
198 #define T1(s,t,a,o) { s, t, a, o, 1, 1, 0, 0 }
199 /** An item that must appear exactly once, at the start of the document */
200 #define T1_START(s,t,a,o) { s, t, a, o, 1, 1, AT_START, 0 }
201 /** An item that must appear exactly once, at the end of the document */
202 #define T1_END(s,t,a,o) { s, t, a, o, 1, 1, AT_END, 0 }
203 /** An item that must appear one or more times */
204 #define T1N(s,t,a,o) { s, t, a, o, 1, INT_MAX, 0, 0 }
205 /** An item that must appear no more than once */
206 #define T01(s,t,a,o) { s, t, a, o, 0, 1, 0, 0 }
207 /** An annotation that must appear no more than once */
208 #define A01(s,t,a,o) { s, t, a, o, 0, 1, 0, 1 }
209
210 /* Argument multiplicity: any number of arguments. */
211 #define ARGS 0,INT_MAX,0
212 /* Argument multiplicity: no arguments. */
213 #define NO_ARGS 0,0,0
214 /* Argument multiplicity: concatenate all arguments. */
215 #define CONCAT_ARGS 1,1,1
216 /* Argument multiplicity: at least <b>n</b> arguments. */
217 #define GE(n) n,INT_MAX,0
218 /* Argument multiplicity: exactly <b>n</b> arguments. */
219 #define EQ(n) n,n,0
220
221 /** List of tokens allowable in router descriptors */
222 static token_rule_t routerdesc_token_table[] = {
223 T0N("reject", K_REJECT, ARGS, NO_OBJ ),
224 T0N("accept", K_ACCEPT, ARGS, NO_OBJ ),
225 T0N("reject6", K_REJECT6, ARGS, NO_OBJ ),
226 T0N("accept6", K_ACCEPT6, ARGS, NO_OBJ ),
227 T1_START( "router", K_ROUTER, GE(5), NO_OBJ ),
228 T1( "signing-key", K_SIGNING_KEY, NO_ARGS, NEED_KEY_1024 ),
229 T1( "onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024 ),
230 T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
231 T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
232 T01("uptime", K_UPTIME, GE(1), NO_OBJ ),
233 T01("fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
234 T01("hibernating", K_HIBERNATING, GE(1), NO_OBJ ),
235 T01("platform", K_PLATFORM, CONCAT_ARGS, NO_OBJ ),
236 T01("contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
237 T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
238 T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
239 T01("extra-info-digest", K_EXTRA_INFO_DIGEST, GE(1), NO_OBJ ),
240 T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR, NO_ARGS, NO_OBJ ),
241 T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS, NO_ARGS, NO_OBJ ),
242
243 T01("family", K_FAMILY, ARGS, NO_OBJ ),
244 T01("caches-extra-info", K_CACHES_EXTRA_INFO, NO_ARGS, NO_OBJ ),
245 T01("eventdns", K_EVENTDNS, ARGS, NO_OBJ ),
246
247 T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
248 T1( "bandwidth", K_BANDWIDTH, GE(3), NO_OBJ ),
249 A01("@purpose", A_PURPOSE, GE(1), NO_OBJ ),
250
251 END_OF_TABLE
252 };
253
254 /** List of tokens allowable in extra-info documents. */
255 static token_rule_t extrainfo_token_table[] = {
256 T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
257 T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
258 T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
259 T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
260 T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
261 T1_START( "extra-info", K_EXTRA_INFO, GE(2), NO_OBJ ),
262
263 END_OF_TABLE
264 };
265
266 /** List of tokens allowable in the body part of v2 and v3 networkstatus
267 * documents. */
268 static token_rule_t rtrstatus_token_table[] = {
269 T01("p", K_P, CONCAT_ARGS, NO_OBJ ),
270 T1( "r", K_R, GE(8), NO_OBJ ),
271 T1( "s", K_S, ARGS, NO_OBJ ),
272 T01("v", K_V, CONCAT_ARGS, NO_OBJ ),
273 T01("w", K_W, ARGS, NO_OBJ ),
274 T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
275 END_OF_TABLE
276 };
277
278 /** List of tokens allowable in the header part of v2 networkstatus documents.
279 */
280 static token_rule_t netstatus_token_table[] = {
281 T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
282 T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
283 T1( "contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
284 T1( "dir-signing-key", K_DIR_SIGNING_KEY, NO_ARGS, NEED_KEY_1024 ),
285 T1( "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
286 T1_START("network-status-version", K_NETWORK_STATUS_VERSION,
287 GE(1), NO_OBJ ),
288 T1( "dir-source", K_DIR_SOURCE, GE(3), NO_OBJ ),
289 T01("dir-options", K_DIR_OPTIONS, ARGS, NO_OBJ ),
290 T01("client-versions", K_CLIENT_VERSIONS, CONCAT_ARGS, NO_OBJ ),
291 T01("server-versions", K_SERVER_VERSIONS, CONCAT_ARGS, NO_OBJ ),
292
293 END_OF_TABLE
294 };
295
296 /** List of tokens allowable in the footer of v1/v2 directory/networkstatus
297 * footers. */
298 static token_rule_t dir_footer_token_table[] = {
299 T1("directory-signature", K_DIRECTORY_SIGNATURE, EQ(1), NEED_OBJ ),
300 END_OF_TABLE
301 };
302
303 /** List of tokens allowable in v1 directory headers/footers. */
304 static token_rule_t dir_token_table[] = {
305 /* don't enforce counts; this is obsolete. */
306 T( "network-status", K_NETWORK_STATUS, NO_ARGS, NO_OBJ ),
307 T( "directory-signature", K_DIRECTORY_SIGNATURE, ARGS, NEED_OBJ ),
308 T( "recommended-software",K_RECOMMENDED_SOFTWARE,CONCAT_ARGS, NO_OBJ ),
309 T( "signed-directory", K_SIGNED_DIRECTORY, NO_ARGS, NO_OBJ ),
310
311 T( "running-routers", K_RUNNING_ROUTERS, ARGS, NO_OBJ ),
312 T( "router-status", K_ROUTER_STATUS, ARGS, NO_OBJ ),
313 T( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
314 T( "opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
315 T( "contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
316 T( "dir-signing-key", K_DIR_SIGNING_KEY, ARGS, OBJ_OK ),
317 T( "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
318
319 END_OF_TABLE
320 };
321
322 /** List of tokens common to V3 authority certificates and V3 consensuses. */
323 #define CERTIFICATE_MEMBERS \
324 T1("dir-key-certificate-version", K_DIR_KEY_CERTIFICATE_VERSION, \
325 GE(1), NO_OBJ ), \
326 T1("dir-identity-key", K_DIR_IDENTITY_KEY, NO_ARGS, NEED_KEY ),\
327 T1("dir-key-published",K_DIR_KEY_PUBLISHED, CONCAT_ARGS, NO_OBJ), \
328 T1("dir-key-expires", K_DIR_KEY_EXPIRES, CONCAT_ARGS, NO_OBJ), \
329 T1("dir-signing-key", K_DIR_SIGNING_KEY, NO_ARGS, NEED_KEY ),\
330 T01("dir-key-crosscert", K_DIR_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),\
331 T1("dir-key-certification", K_DIR_KEY_CERTIFICATION, \
332 NO_ARGS, NEED_OBJ), \
333 T01("dir-address", K_DIR_ADDRESS, GE(1), NO_OBJ),
334
335 /** List of tokens allowable in V3 authority certificates. */
336 static token_rule_t dir_key_certificate_table[] = {
337 CERTIFICATE_MEMBERS
338 T1("fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
339 END_OF_TABLE
340 };
341
342 /** List of tokens allowable in rendezvous service descriptors */
343 static token_rule_t desc_token_table[] = {
344 T1_START("rendezvous-service-descriptor", R_RENDEZVOUS_SERVICE_DESCRIPTOR,
345 EQ(1), NO_OBJ),
346 T1("version", R_VERSION, EQ(1), NO_OBJ),
347 T1("permanent-key", R_PERMANENT_KEY, NO_ARGS, NEED_KEY_1024),
348 T1("secret-id-part", R_SECRET_ID_PART, EQ(1), NO_OBJ),
349 T1("publication-time", R_PUBLICATION_TIME, CONCAT_ARGS, NO_OBJ),
350 T1("protocol-versions", R_PROTOCOL_VERSIONS, EQ(1), NO_OBJ),
351 T01("introduction-points", R_INTRODUCTION_POINTS, NO_ARGS, NEED_OBJ),
352 T1_END("signature", R_SIGNATURE, NO_ARGS, NEED_OBJ),
353 END_OF_TABLE
354 };
355
356 /** List of tokens allowed in the (encrypted) list of introduction points of
357 * rendezvous service descriptors */
358 static token_rule_t ipo_token_table[] = {
359 T1_START("introduction-point", R_IPO_IDENTIFIER, EQ(1), NO_OBJ),
360 T1("ip-address", R_IPO_IP_ADDRESS, EQ(1), NO_OBJ),
361 T1("onion-port", R_IPO_ONION_PORT, EQ(1), NO_OBJ),
362 T1("onion-key", R_IPO_ONION_KEY, NO_ARGS, NEED_KEY_1024),
363 T1("service-key", R_IPO_SERVICE_KEY, NO_ARGS, NEED_KEY_1024),
364 END_OF_TABLE
365 };
366
367 /** List of tokens allowed in the (possibly encrypted) list of introduction
368 * points of rendezvous service descriptors */
369 static token_rule_t client_keys_token_table[] = {
370 T1_START("client-name", C_CLIENT_NAME, CONCAT_ARGS, NO_OBJ),
371 T1("descriptor-cookie", C_DESCRIPTOR_COOKIE, EQ(1), NO_OBJ),
372 T01("client-key", C_CLIENT_KEY, NO_ARGS, NEED_SKEY_1024),
373 END_OF_TABLE
374 };
375
376 /** List of tokens allowed in V3 networkstatus votes. */
377 static token_rule_t networkstatus_token_table[] = {
378 T1("network-status-version", K_NETWORK_STATUS_VERSION,
379 GE(1), NO_OBJ ),
380 T1("vote-status", K_VOTE_STATUS, GE(1), NO_OBJ ),
381 T1("published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
382 T1("valid-after", K_VALID_AFTER, CONCAT_ARGS, NO_OBJ ),
383 T1("fresh-until", K_FRESH_UNTIL, CONCAT_ARGS, NO_OBJ ),
384 T1("valid-until", K_VALID_UNTIL, CONCAT_ARGS, NO_OBJ ),
385 T1("voting-delay", K_VOTING_DELAY, GE(2), NO_OBJ ),
386 T1("known-flags", K_KNOWN_FLAGS, ARGS, NO_OBJ ),
387 T01("params", K_PARAMS, ARGS, NO_OBJ ),
388 T( "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
389
390 CERTIFICATE_MEMBERS
391
392 T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
393 T1( "contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
394 T1( "dir-source", K_DIR_SOURCE, GE(6), NO_OBJ ),
395 T01("legacy-dir-key", K_LEGACY_DIR_KEY, GE(1), NO_OBJ ),
396 T1( "known-flags", K_KNOWN_FLAGS, CONCAT_ARGS, NO_OBJ ),
397 T01("client-versions", K_CLIENT_VERSIONS, CONCAT_ARGS, NO_OBJ ),
398 T01("server-versions", K_SERVER_VERSIONS, CONCAT_ARGS, NO_OBJ ),
399 T1( "consensus-methods", K_CONSENSUS_METHODS, GE(1), NO_OBJ ),
400
401 END_OF_TABLE
402 };
403
404 /** List of tokens allowed in V3 networkstatus consensuses. */
405 static token_rule_t networkstatus_consensus_token_table[] = {
406 T1("network-status-version", K_NETWORK_STATUS_VERSION,
407 GE(1), NO_OBJ ),
408 T1("vote-status", K_VOTE_STATUS, GE(1), NO_OBJ ),
409 T1("valid-after", K_VALID_AFTER, CONCAT_ARGS, NO_OBJ ),
410 T1("fresh-until", K_FRESH_UNTIL, CONCAT_ARGS, NO_OBJ ),
411 T1("valid-until", K_VALID_UNTIL, CONCAT_ARGS, NO_OBJ ),
412 T1("voting-delay", K_VOTING_DELAY, GE(2), NO_OBJ ),
413
414 T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
415
416 T1N("dir-source", K_DIR_SOURCE, GE(6), NO_OBJ ),
417 T1N("contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
418 T1N("vote-digest", K_VOTE_DIGEST, GE(1), NO_OBJ ),
419
420 T1( "known-flags", K_KNOWN_FLAGS, CONCAT_ARGS, NO_OBJ ),
421
422 T01("client-versions", K_CLIENT_VERSIONS, CONCAT_ARGS, NO_OBJ ),
423 T01("server-versions", K_SERVER_VERSIONS, CONCAT_ARGS, NO_OBJ ),
424 T01("consensus-method", K_CONSENSUS_METHOD, EQ(1), NO_OBJ),
425 T01("params", K_PARAMS, ARGS, NO_OBJ ),
426
427 END_OF_TABLE
428 };
429
430 /** List of tokens allowable in the footer of v1/v2 directory/networkstatus
431 * footers. */
432 static token_rule_t networkstatus_vote_footer_token_table[] = {
433 T( "directory-signature", K_DIRECTORY_SIGNATURE, GE(2), NEED_OBJ ),
434 END_OF_TABLE
435 };
436
437 /** List of tokens allowable in detached networkstatus signature documents. */
438 static token_rule_t networkstatus_detached_signature_token_table[] = {
439 T1_START("consensus-digest", K_CONSENSUS_DIGEST, GE(1), NO_OBJ ),
440 T1("valid-after", K_VALID_AFTER, CONCAT_ARGS, NO_OBJ ),
441 T1("fresh-until", K_FRESH_UNTIL, CONCAT_ARGS, NO_OBJ ),
442 T1("valid-until", K_VALID_UNTIL, CONCAT_ARGS, NO_OBJ ),
443 T1N("directory-signature", K_DIRECTORY_SIGNATURE, GE(2), NEED_OBJ ),
444 END_OF_TABLE
445 };
446
447 #undef T
448
449 /* static function prototypes */
450 static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok);
451 static addr_policy_t *router_parse_addr_policy(directory_token_t *tok);
452 static addr_policy_t *router_parse_addr_policy_private(directory_token_t *tok);
453
454 static int router_get_hash_impl(const char *s, size_t s_len, char *digest,
455 const char *start_str, const char *end_str,
456 char end_char);
457
458 static void token_free(directory_token_t *tok);
459 static smartlist_t *find_all_exitpolicy(smartlist_t *s);
460 static directory_token_t *_find_by_keyword(smartlist_t *s,
461 directory_keyword keyword,
462 const char *keyword_str);
463 #define find_by_keyword(s, keyword) _find_by_keyword((s), (keyword), #keyword)
464 static directory_token_t *find_opt_by_keyword(smartlist_t *s,
465 directory_keyword keyword);
466
467 #define TS_ANNOTATIONS_OK 1
468 #define TS_NOCHECK 2
469 #define TS_NO_NEW_ANNOTATIONS 4
470 static int tokenize_string(memarea_t *area,
471 const char *start, const char *end,
472 smartlist_t *out,
473 token_rule_t *table,
474 int flags);
475 static directory_token_t *get_next_token(memarea_t *area,
476 const char **s,
477 const char *eos,
478 token_rule_t *table);
479 #define CST_CHECK_AUTHORITY (1<<0)
480 #define CST_NO_CHECK_OBJTYPE (1<<1)
481 static int check_signature_token(const char *digest,
482 directory_token_t *tok,
483 crypto_pk_env_t *pkey,
484 int flags,
485 const char *doctype);
486 static crypto_pk_env_t *find_dir_signing_key(const char *str, const char *eos);
487 static int tor_version_same_series(tor_version_t *a, tor_version_t *b);
488
489 #undef DEBUG_AREA_ALLOC
490
491 #ifdef DEBUG_AREA_ALLOC
492 #define DUMP_AREA(a,name) STMT_BEGIN \
493 size_t alloc=0, used=0; \
494 memarea_get_stats((a),&alloc,&used); \
495 log_debug(LD_MM, "Area for %s has %lu allocated; using %lu.", \
496 name, (unsigned long)alloc, (unsigned long)used); \
497 STMT_END
498 #else
499 #define DUMP_AREA(a,name) STMT_NIL
500 #endif
501
502 /** Set <b>digest</b> to the SHA-1 digest of the hash of the directory in
503 * <b>s</b>. Return 0 on success, -1 on failure.
504 */
505 int
506 router_get_dir_hash(const char *s, char *digest)
507 {
508 return router_get_hash_impl(s, strlen(s), digest,
509 "signed-directory","\ndirectory-signature",'\n');
510 }
511
512 /** Set <b>digest</b> to the SHA-1 digest of the hash of the first router in
513 * <b>s</b>. Return 0 on success, -1 on failure.
514 */
515 int
516 router_get_router_hash(const char *s, size_t s_len, char *digest)
517 {
518 return router_get_hash_impl(s, s_len, digest,
519 "router ","\nrouter-signature", '\n');
520 }
521
522 /** Set <b>digest</b> to the SHA-1 digest of the hash of the running-routers
523 * string in <b>s</b>. Return 0 on success, -1 on failure.
524 */
525 int
526 router_get_runningrouters_hash(const char *s, char *digest)
527 {
528 return router_get_hash_impl(s, strlen(s), digest,
529 "network-status","\ndirectory-signature", '\n');
530 }
531
532 /** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
533 * string in <b>s</b>. Return 0 on success, -1 on failure. */
534 int
535 router_get_networkstatus_v2_hash(const char *s, char *digest)
536 {
537 return router_get_hash_impl(s, strlen(s), digest,
538 "network-status-version","\ndirectory-signature",
539 '\n');
540 }
541
542 /** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
543 * string in <b>s</b>. Return 0 on success, -1 on failure. */
544 int
545 router_get_networkstatus_v3_hash(const char *s, char *digest)
546 {
547 return router_get_hash_impl(s, strlen(s), digest,
548 "network-status-version",
549 "\ndirectory-signature",
550 ' ');
551 }
552
553 /** Set <b>digest</b> to the SHA-1 digest of the hash of the extrainfo
554 * string in <b>s</b>. Return 0 on success, -1 on failure. */
555 int
556 router_get_extrainfo_hash(const char *s, char *digest)
557 {
558 return router_get_hash_impl(s, strlen(s), digest, "extra-info",
559 "\nrouter-signature",'\n');
560 }
561
562 /** Helper: used to generate signatures for routers, directories and
563 * network-status objects. Given a digest in <b>digest</b> and a secret
564 * <b>private_key</b>, generate an PKCS1-padded signature, BASE64-encode it,
565 * surround it with -----BEGIN/END----- pairs, and write it to the
566 * <b>buf_len</b>-byte buffer at <b>buf</b>. Return 0 on success, -1 on
567 * failure.
568 */
569 int
570 router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
571 crypto_pk_env_t *private_key)
572 {
573 char *signature;
574 size_t i, keysize;
575
576 keysize = crypto_pk_keysize(private_key);
577 signature = tor_malloc(keysize);
578 if (crypto_pk_private_sign(private_key, signature, keysize,
579 digest, DIGEST_LEN) < 0) {
580
581 log_warn(LD_BUG,"Couldn't sign digest.");
582 goto err;
583 }
584 if (strlcat(buf, "-----BEGIN SIGNATURE-----\n", buf_len) >= buf_len)
585 goto truncated;
586
587 i = strlen(buf);
588 if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) {
589 log_warn(LD_BUG,"couldn't base64-encode signature");
590 goto err;
591 }
592
593 if (strlcat(buf, "-----END SIGNATURE-----\n", buf_len) >= buf_len)
594 goto truncated;
595
596 tor_free(signature);
597 return 0;
598
599 truncated:
600 log_warn(LD_BUG,"tried to exceed string length.");
601 err:
602 tor_free(signature);
603 return -1;
604 }
605
606 /** Return VS_RECOMMENDED if <b>myversion</b> is contained in
607 * <b>versionlist</b>. Else, return VS_EMPTY if versionlist has no
608 * entries. Else, return VS_OLD if every member of
609 * <b>versionlist</b> is newer than <b>myversion</b>. Else, return
610 * VS_NEW_IN_SERIES if there is at least one member of <b>versionlist</b> in
611 * the same series (major.minor.micro) as <b>myversion</b>, but no such member
612 * is newer than <b>myversion.</b>. Else, return VS_NEW if every member of
613 * <b>versionlist</b> is older than <b>myversion</b>. Else, return
614 * VS_UNRECOMMENDED.
615 *
616 * (versionlist is a comma-separated list of version strings,
617 * optionally prefixed with "Tor". Versions that can't be parsed are
618 * ignored.)
619 */
620 version_status_t
621 tor_version_is_obsolete(const char *myversion, const char *versionlist)
622 {
623 tor_version_t mine, other;
624 int found_newer = 0, found_older = 0, found_newer_in_series = 0,
625 found_any_in_series = 0, r, same;
626 version_status_t ret = VS_UNRECOMMENDED;
627 smartlist_t *version_sl;
628
629 log_debug(LD_CONFIG,"Checking whether version '%s' is in '%s'",
630 myversion, versionlist);
631
632 if (tor_version_parse(myversion, &mine)) {
633 log_err(LD_BUG,"I couldn't parse my own version (%s)", myversion);
634 tor_assert(0);
635 }
636 version_sl = smartlist_create();
637 smartlist_split_string(version_sl, versionlist, ",", SPLIT_SKIP_SPACE, 0);
638
639 if (!strlen(versionlist)) { /* no authorities cared or agreed */
640 ret = VS_EMPTY;
641 goto done;
642 }
643
644 SMARTLIST_FOREACH(version_sl, const char *, cp, {
645 if (!strcmpstart(cp, "Tor "))
646 cp += 4;
647
648 if (tor_version_parse(cp, &other)) {
649 /* Couldn't parse other; it can't be a match. */
650 } else {
651 same = tor_version_same_series(&mine, &other);
652 if (same)
653 found_any_in_series = 1;
654 r = tor_version_compare(&mine, &other);
655 if (r==0) {
656 ret = VS_RECOMMENDED;
657 goto done;
658 } else if (r<0) {
659 found_newer = 1;
660 if (same)
661 found_newer_in_series = 1;
662 } else if (r>0) {
663 found_older = 1;
664 }
665 }
666 });
667
668 /* We didn't find the listed version. Is it new or old? */
669 if (found_any_in_series && !found_newer_in_series && found_newer) {
670 ret = VS_NEW_IN_SERIES;
671 } else if (found_newer && !found_older) {
672 ret = VS_OLD;
673 } else if (found_older && !found_newer) {
674 ret = VS_NEW;
675 } else {
676 ret = VS_UNRECOMMENDED;
677 }
678
679 done:
680 SMARTLIST_FOREACH(version_sl, char *, version, tor_free(version));
681 smartlist_free(version_sl);
682 return ret;
683 }
684
685 /** Read a signed directory from <b>str</b>. If it's well-formed, return 0.
686 * Otherwise, return -1. If we're a directory cache, cache it.
687 */
688 int
689 router_parse_directory(const char *str)
690 {
691 directory_token_t *tok;
692 char digest[DIGEST_LEN];
693 time_t published_on;
694 int r;
695 const char *end, *cp;
696 smartlist_t *tokens = NULL;
697 crypto_pk_env_t *declared_key = NULL;
698 memarea_t *area = memarea_new();
699
700 /* XXXX This could be simplified a lot, but it will all go away
701 * once pre-0.1.1.8 is obsolete, and for now it's better not to
702 * touch it. */
703
704 if (router_get_dir_hash(str, digest)) {
705 log_warn(LD_DIR, "Unable to compute digest of directory");
706 goto err;
707 }
708 log_debug(LD_DIR,"Received directory hashes to %s",hex_str(digest,4));
709
710 /* Check signature first, before we try to tokenize. */
711 cp = str;
712 while (cp && (end = strstr(cp+1, "\ndirectory-signature")))
713 cp = end;
714 if (cp == str || !cp) {
715 log_warn(LD_DIR, "No signature found on directory."); goto err;
716 }
717 ++cp;
718 tokens = smartlist_create();
719 if (tokenize_string(area,cp,strchr(cp,'\0'),tokens,dir_token_table,0)) {
720 log_warn(LD_DIR, "Error tokenizing directory signature"); goto err;
721 }
722 if (smartlist_len(tokens) != 1) {
723 log_warn(LD_DIR, "Unexpected number of tokens in signature"); goto err;
724 }
725 tok=smartlist_get(tokens,0);
726 if (tok->tp != K_DIRECTORY_SIGNATURE) {
727 log_warn(LD_DIR,"Expected a single directory signature"); goto err;
728 }
729 declared_key = find_dir_signing_key(str, str+strlen(str));
730 note_crypto_pk_op(VERIFY_DIR);
731 if (check_signature_token(digest, tok, declared_key,
732 CST_CHECK_AUTHORITY, "directory")<0)
733 goto err;
734
735 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
736 smartlist_clear(tokens);
737 memarea_clear(area);
738
739 /* Now try to parse the first part of the directory. */
740 if ((end = strstr(str,"\nrouter "))) {
741 ++end;
742 } else if ((end = strstr(str, "\ndirectory-signature"))) {
743 ++end;
744 } else {
745 end = str + strlen(str);
746 }
747
748 if (tokenize_string(area,str,end,tokens,dir_token_table,0)) {
749 log_warn(LD_DIR, "Error tokenizing directory"); goto err;
750 }
751
752 tok = find_by_keyword(tokens, K_PUBLISHED);
753 tor_assert(tok->n_args == 1);
754
755 if (parse_iso_time(tok->args[0], &published_on) < 0) {
756 goto err;
757 }
758
759 /* Now that we know the signature is okay, and we have a
760 * publication time, cache the directory. */
761 if (directory_caches_v1_dir_info(get_options()) &&
762 !authdir_mode_v1(get_options()))
763 dirserv_set_cached_directory(str, published_on, 0);
764
765 r = 0;
766 goto done;
767 err:
768 r = -1;
769 done:
770 if (declared_key) crypto_free_pk_env(declared_key);
771 if (tokens) {
772 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
773 smartlist_free(tokens);
774 }
775 if (area) {
776 DUMP_AREA(area, "v1 directory");
777 memarea_drop_all(area);
778 }
779 return r;
780 }
781
782 /** Read a signed router status statement from <b>str</b>. If it's
783 * well-formed, return 0. Otherwise, return -1. If we're a directory cache,
784 * cache it.*/
785 int
786 router_parse_runningrouters(const char *str)
787 {
788 char digest[DIGEST_LEN];
789 directory_token_t *tok;
790 time_t published_on;
791 int r = -1;
792 crypto_pk_env_t *declared_key = NULL;
793 smartlist_t *tokens = NULL;
794 const char *eos = str + strlen(str);
795 memarea_t *area = NULL;
796
797 if (router_get_runningrouters_hash(str, digest)) {
798 log_warn(LD_DIR, "Unable to compute digest of running-routers");
799 goto err;
800 }
801 area = memarea_new();
802 tokens = smartlist_create();
803 if (tokenize_string(area,str,eos,tokens,dir_token_table,0)) {
804 log_warn(LD_DIR, "Error tokenizing running-routers"); goto err;
805 }
806 tok = smartlist_get(tokens,0);
807 if (tok->tp != K_NETWORK_STATUS) {
808 log_warn(LD_DIR, "Network-status starts with wrong token");
809 goto err;
810 }
811
812 tok = find_by_keyword(tokens, K_PUBLISHED);
813 tor_assert(tok->n_args == 1);
814 if (parse_iso_time(tok->args[0], &published_on) < 0) {
815 goto err;
816 }
817 if (!(tok = find_opt_by_keyword(tokens, K_DIRECTORY_SIGNATURE))) {
818 log_warn(LD_DIR, "Missing signature on running-routers");
819 goto err;
820 }
821 declared_key = find_dir_signing_key(str, eos);
822 note_crypto_pk_op(VERIFY_DIR);
823 if (check_signature_token(digest, tok, declared_key,
824 CST_CHECK_AUTHORITY, "running-routers")
825 < 0)
826 goto err;
827
828 /* Now that we know the signature is okay, and we have a
829 * publication time, cache the list. */
830 if (get_options()->DirPort && !authdir_mode_v1(get_options()))
831 dirserv_set_cached_directory(str, published_on, 1);
832
833 r = 0;
834 err:
835 if (declared_key) crypto_free_pk_env(declared_key);
836 if (tokens) {
837 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
838 smartlist_free(tokens);
839 }
840 if (area) {
841 DUMP_AREA(area, "v1 running-routers");
842 memarea_drop_all(area);
843 }
844 return r;
845 }
846
847 /** Given a directory or running-routers string in <b>str</b>, try to
848 * find the its dir-signing-key token (if any). If this token is
849 * present, extract and return the key. Return NULL on failure. */
850 static crypto_pk_env_t *
851 find_dir_signing_key(const char *str, const char *eos)
852 {
853 const char *cp;
854 directory_token_t *tok;
855 crypto_pk_env_t *key = NULL;
856 memarea_t *area = NULL;
857 tor_assert(str);
858 tor_assert(eos);
859
860 /* Is there a dir-signing-key in the directory? */
861 cp = tor_memstr(str, eos-str, "\nopt dir-signing-key");
862 if (!cp)
863 cp = tor_memstr(str, eos-str, "\ndir-signing-key");
864 if (!cp)
865 return NULL;
866 ++cp; /* Now cp points to the start of the token. */
867
868 area = memarea_new();
869 tok = get_next_token(area, &cp, eos, dir_token_table);
870 if (!tok) {
871 log_warn(LD_DIR, "Unparseable dir-signing-key token");
872 goto done;
873 }
874 if (tok->tp != K_DIR_SIGNING_KEY) {
875 log_warn(LD_DIR, "Dir-signing-key token did not parse as expected");
876 goto done;
877 }
878
879 if (tok->key) {
880 key = tok->key;
881 tok->key = NULL; /* steal reference. */
882 } else {
883 log_warn(LD_DIR, "Dir-signing-key token contained no key");
884 }
885
886 done:
887 if (tok) token_free(tok);
888 if (area) {
889 DUMP_AREA(area, "dir-signing-key token");
890 memarea_drop_all(area);
891 }
892 return key;
893 }
894
895 /** Return true iff <b>key</b> is allowed to sign directories.
896 */
897 static int
898 dir_signing_key_is_trusted(crypto_pk_env_t *key)
899 {
900 char digest[DIGEST_LEN];
901 if (!key) return 0;
902 if (crypto_pk_get_digest(key, digest) < 0) {
903 log_warn(LD_DIR, "Error computing dir-signing-key digest");
904 return 0;
905 }
906 if (!router_digest_is_trusted_dir(digest)) {
907 log_warn(LD_DIR, "Listed dir-signing-key is not trusted");
908 return 0;
909 }
910 return 1;
911 }
912
913 /** Check whether the object body of the token in <b>tok</b> has a good
914 * signature for <b>digest</b> using key <b>pkey</b>. If
915 * <b>CST_CHECK_AUTHORITY</b> is set, make sure that <b>pkey</b> is the key of
916 * a directory authority. If <b>CST_NO_CHECK_OBJTYPE</b> is set, do not check
917 * the object type of the signature object. Use <b>doctype</b> as the type of
918 * the document when generating log messages. Return 0 on success, negative
919 * on failure.
920 */
921 static int
922 check_signature_token(const char *digest,
923 directory_token_t *tok,
924 crypto_pk_env_t *pkey,
925 int flags,
926 const char *doctype)
927 {
928 char *signed_digest;
929 size_t keysize;
930 const int check_authority = (flags & CST_CHECK_AUTHORITY);
931 const int check_objtype = ! (flags & CST_NO_CHECK_OBJTYPE);
932
933 tor_assert(pkey);
934 tor_assert(tok);
935 tor_assert(digest);
936 tor_assert(doctype);
937
938 if (check_authority && !dir_signing_key_is_trusted(pkey)) {
939 log_warn(LD_DIR, "Key on %s did not come from an authority; rejecting",
940 doctype);
941 return -1;
942 }
943
944 if (check_objtype) {
945 if (strcmp(tok->object_type, "SIGNATURE")) {
946 log_warn(LD_DIR, "Bad object type on %s signature", doctype);
947 return -1;
948 }
949 }
950
951 keysize = crypto_pk_keysize(pkey);
952 signed_digest = tor_malloc(keysize);
953 if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
954 tok->object_body, tok->object_size)
955 != DIGEST_LEN) {
956 log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
957 tor_free(signed_digest);
958 return -1;
959 }
960 // log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
961 // hex_str(signed_digest,4));
962 if (memcmp(digest, signed_digest, DIGEST_LEN)) {
963 log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype);
964 tor_free(signed_digest);
965 return -1;
966 }
967 tor_free(signed_digest);
968 return 0;
969 }
970
971 /** Helper: move *<b>s_ptr</b> ahead to the next router, the next extra-info,
972 * or to the first of the annotations proceeding the next router or
973 * extra-info---whichever comes first. Set <b>is_extrainfo_out</b> to true if
974 * we found an extrainfo, or false if found a router. Do not scan beyond
975 * <b>eos</b>. Return -1 if we found nothing; 0 if we found something. */
976 static int
977 find_start_of_next_router_or_extrainfo(const char **s_ptr,
978 const char *eos,
979 int *is_extrainfo_out)
980 {
981 const char *annotations = NULL;
982 const char *s = *s_ptr;
983
984 s = eat_whitespace_eos(s, eos);
985
986 while (s < eos-32) { /* 32 gives enough room for a the first keyword. */
987 /* We're at the start of a line. */
988 tor_assert(*s != '\n');
989
990 if (*s == '@' && !annotations) {
991 annotations = s;
992 } else if (*s == 'r' && !strcmpstart(s, "router ")) {
993 *s_ptr = annotations ? annotations : s;
994 *is_extrainfo_out = 0;
995 return 0;
996 } else if (*s == 'e' && !strcmpstart(s, "extra-info ")) {
997 *s_ptr = annotations ? annotations : s;
998 *is_extrainfo_out = 1;
999 return 0;
1000 }
1001
1002 if (!(s = memchr(s+1, '\n', eos-(s+1))))
1003 break;
1004 s = eat_whitespace_eos(s, eos);
1005 }
1006 return -1;
1007 }
1008
1009 /** Given a string *<b>s</b> containing a concatenated sequence of router
1010 * descriptors (or extra-info documents if <b>is_extrainfo</b> is set), parses
1011 * them and stores the result in <b>dest</b>. All routers are marked running
1012 * and valid. Advances *s to a point immediately following the last router
1013 * entry. Ignore any trailing router entries that are not complete.
1014 *
1015 * If <b>saved_location</b> isn't SAVED_IN_CACHE, make a local copy of each
1016 * descriptor in the signed_descriptor_body field of each routerinfo_t. If it
1017 * isn't SAVED_NOWHERE, remember the offset of each descriptor.
1018 *
1019 * Returns 0 on success and -1 on failure.
1020 */
1021 int
1022 router_parse_list_from_string(const char **s, const char *eos,
1023 smartlist_t *dest,
1024 saved_location_t saved_location,
1025 int want_extrainfo,
1026 int allow_annotations,
1027 const char *prepend_annotations)
1028 {
1029 routerinfo_t *router;
1030 extrainfo_t *extrainfo;
1031 signed_descriptor_t *signed_desc;
1032 void *elt;
1033 const char *end, *start;
1034 int have_extrainfo;
1035
1036 tor_assert(s);
1037 tor_assert(*s);
1038 tor_assert(dest);
1039
1040 start = *s;
1041 if (!eos)
1042 eos = *s + strlen(*s);
1043
1044 tor_assert(eos >= *s);
1045
1046 while (1) {
1047 if (find_start_of_next_router_or_extrainfo(s, eos, &have_extrainfo) < 0)
1048 break;
1049
1050 end = tor_memstr(*s, eos-*s, "\nrouter-signature");
1051 if (end)
1052 end = tor_memstr(end, eos-end, "\n-----END SIGNATURE-----\n");
1053 if (end)
1054 end += strlen("\n-----END SIGNATURE-----\n");
1055
1056 if (!end)
1057 break;
1058
1059 elt = NULL;
1060
1061 if (have_extrainfo && want_extrainfo) {
1062 routerlist_t *rl = router_get_routerlist();
1063 extrainfo = extrainfo_parse_entry_from_string(*s, end,
1064 saved_location != SAVED_IN_CACHE,
1065 rl->identity_map);
1066 if (extrainfo) {
1067 signed_desc = &extrainfo->cache_info;
1068 elt = extrainfo;
1069 }
1070 } else if (!have_extrainfo && !want_extrainfo) {
1071 router = router_parse_entry_from_string(*s, end,
1072 saved_location != SAVED_IN_CACHE,
1073 allow_annotations,
1074 prepend_annotations);
1075 if (router) {
1076 log_debug(LD_DIR, "Read router '%s', purpose '%s'",
1077 router->nickname, router_purpose_to_string(router->purpose));
1078 signed_desc = &router->cache_info;
1079 elt = router;
1080 }
1081 }
1082 if (!elt) {
1083 *s = end;
1084 continue;
1085 }
1086 if (saved_location != SAVED_NOWHERE) {
1087 signed_desc->saved_location = saved_location;
1088 signed_desc->saved_offset = *s - start;
1089 }
1090 *s = end;
1091 smartlist_add(dest, elt);
1092 }
1093
1094 return 0;
1095 }
1096
1097 /* For debugging: define to count every descriptor digest we've seen so we
1098 * know if we need to try harder to avoid duplicate verifies. */
1099 #undef COUNT_DISTINCT_DIGESTS
1100
1101 #ifdef COUNT_DISTINCT_DIGESTS
1102 static digestmap_t *verified_digests = NULL;
1103 #endif
1104
1105 /** Log the total count of the number of distinct router digests we've ever
1106 * verified. When compared to the number of times we've verified routerdesc
1107 * signatures <i>in toto</i>, this will tell us if we're doing too much
1108 * multiple-verification. */
1109 void
1110 dump_distinct_digest_count(int severity)
1111 {
1112 #ifdef COUNT_DISTINCT_DIGESTS
1113 if (!verified_digests)
1114 verified_digests = digestmap_new();
1115 log(severity, LD_GENERAL, "%d *distinct* router digests verified",
1116 digestmap_size(verified_digests));
1117 #else
1118 (void)severity; /* suppress "unused parameter" warning */
1119 #endif
1120 }
1121
1122 /** Helper function: reads a single router entry from *<b>s</b> ...
1123 * *<b>end</b>. Mallocs a new router and returns it if all goes well, else
1124 * returns NULL. If <b>cache_copy</b> is true, duplicate the contents of
1125 * s through end into the signed_descriptor_body of the resulting
1126 * routerinfo_t.
1127 *
1128 * If <b>end</b> is NULL, <b>s</b> must be properly NULL-terminated.
1129 *
1130 * If <b>allow_annotations</b>, it's okay to encounter annotations in <b>s</b>
1131 * before the router; if it's false, reject the router if it's annotated. If
1132 * <b>prepend_annotations</b> is set, it should contain some annotations:
1133 * append them to the front of the router before parsing it, and keep them
1134 * around when caching the router.
1135 *
1136 * Only one of allow_annotations and prepend_annotations may be set.
1137 */
1138 routerinfo_t *
1139 router_parse_entry_from_string(const char *s, const char *end,
1140 int cache_copy, int allow_annotations,
1141 const char *prepend_annotations)
1142 {
1143 routerinfo_t *router = NULL;
1144 char digest[128];
1145 smartlist_t *tokens = NULL, *exit_policy_tokens = NULL;
1146 directory_token_t *tok;
1147 struct in_addr in;
1148 const char *start_of_annotations, *cp;
1149 size_t prepend_len = prepend_annotations ? strlen(prepend_annotations) : 0;
1150 int ok = 1;
1151 memarea_t *area = NULL;
1152
1153 tor_assert(!allow_annotations || !prepend_annotations);
1154
1155 if (!end) {
1156 end = s + strlen(s);
1157 }
1158
1159 /* point 'end' to a point immediately after the final newline. */
1160 while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
1161 --end;
1162
1163 area = memarea_new();
1164 tokens = smartlist_create();
1165 if (prepend_annotations) {
1166 if (tokenize_string(area,prepend_annotations,NULL,tokens,
1167 routerdesc_token_table,TS_NOCHECK)) {
1168 log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
1169 goto err;
1170 }
1171 }
1172
1173 start_of_annotations = s;
1174 cp = tor_memstr(s, end-s, "\nrouter ");
1175 if (!cp) {
1176 if (end-s < 7 || strcmpstart(s, "router ")) {
1177 log_warn(LD_DIR, "No router keyword found.");
1178 goto err;
1179 }
1180 } else {
1181 s = cp+1;
1182 }
1183
1184 if (start_of_annotations != s) { /* We have annotations */
1185 if (allow_annotations) {
1186 if (tokenize_string(area,start_of_annotations,s,tokens,
1187 routerdesc_token_table,TS_NOCHECK)) {
1188 log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
1189 goto err;
1190 }
1191 } else {
1192 log_warn(LD_DIR, "Found unexpected annotations on router descriptor not "
1193 "loaded from disk. Dropping it.");
1194 goto err;
1195 }
1196 }
1197
1198 if (router_get_router_hash(s, end - s, digest) < 0) {
1199 log_warn(LD_DIR, "Couldn't compute router hash.");
1200 goto err;
1201 }
1202 {
1203 int flags = 0;
1204 if (allow_annotations)
1205 flags |= TS_ANNOTATIONS_OK;
1206 if (prepend_annotations)
1207 flags |= TS_ANNOTATIONS_OK|TS_NO_NEW_ANNOTATIONS;
1208
1209 if (tokenize_string(area,s,end,tokens,routerdesc_token_table, flags)) {
1210 log_warn(LD_DIR, "Error tokenizing router descriptor.");
1211 goto err;
1212 }
1213 }
1214
1215 if (smartlist_len(tokens) < 2) {
1216 log_warn(LD_DIR, "Impossibly short router descriptor.");
1217 goto err;
1218 }
1219
1220 tok = find_by_keyword(tokens, K_ROUTER);
1221 tor_assert(tok->n_args >= 5);
1222
1223 router = tor_malloc_zero(sizeof(routerinfo_t));
1224 router->country = -1;
1225 router->cache_info.routerlist_index = -1;
1226 router->cache_info.annotations_len = s-start_of_annotations + prepend_len;
1227 router->cache_info.signed_descriptor_len = end-s;
1228 if (cache_copy) {
1229 size_t len = router->cache_info.signed_descriptor_len +
1230 router->cache_info.annotations_len;
1231 char *cp =
1232 router->cache_info.signed_descriptor_body = tor_malloc(len+1);
1233 if (prepend_annotations) {
1234 memcpy(cp, prepend_annotations, prepend_len);
1235 cp += prepend_len;
1236 }
1237 /* This assertion will always succeed.
1238 * len == signed_desc_len + annotations_len
1239 * == end-s + s-start_of_annotations + prepend_len
1240 * == end-start_of_annotations + prepend_len
1241 * We already wrote prepend_len bytes into the buffer; now we're
1242 * writing end-start_of_annotations -NM. */
1243 tor_assert(cp+(end-start_of_annotations) ==
1244 router->cache_info.signed_descriptor_body+len);
1245 memcpy(cp, start_of_annotations, end-start_of_annotations);
1246 router->cache_info.signed_descriptor_body[len] = '\0';
1247 tor_assert(strlen(router->cache_info.signed_descriptor_body) == len);
1248 }
1249 memcpy(router->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
1250
1251 router->nickname = tor_strdup(tok->args[0]);
1252 if (!is_legal_nickname(router->nickname)) {
1253 log_warn(LD_DIR,"Router nickname is invalid");
1254 goto err;
1255 }
1256 router->address = tor_strdup(tok->args[1]);
1257 if (!tor_inet_aton(router->address, &in)) {
1258 log_warn(LD_DIR,"Router address is not an IP address.");
1259 goto err;
1260 }
1261 router->addr = ntohl(in.s_addr);
1262
1263 router->or_port =
1264 (uint16_t) tor_parse_long(tok->args[2],10,0,65535,&ok,NULL);
1265 if (!ok) {
1266 log_warn(LD_DIR,"Invalid OR port %s", escaped(tok->args[2]));
1267 goto err;
1268 }
1269 router->dir_port =
1270 (uint16_t) tor_parse_long(tok->args[4],10,0,65535,&ok,NULL);
1271 if (!ok) {
1272 log_warn(LD_DIR,"Invalid dir port %s", escaped(tok->args[4]));
1273 goto err;
1274 }
1275
1276 tok = find_by_keyword(tokens, K_BANDWIDTH);
1277 tor_assert(tok->n_args >= 3);
1278 router->bandwidthrate = (int)
1279 tor_parse_long(tok->args[0],10,1,INT_MAX,&ok,NULL);
1280
1281 if (!ok) {
1282 log_warn(LD_DIR, "bandwidthrate %s unreadable or 0. Failing.",
1283 escaped(tok->args[0]));
1284 goto err;
1285 }
1286 router->bandwidthburst =
1287 (int) tor_parse_long(tok->args[1],10,0,INT_MAX,&ok,NULL);
1288 if (!ok) {
1289 log_warn(LD_DIR, "Invalid bandwidthburst %s", escaped(tok->args[1]));
1290 goto err;
1291 }
1292 router->bandwidthcapacity = (int)
1293 tor_parse_long(tok->args[2],10,0,INT_MAX,&ok,NULL);
1294 if (!ok) {
1295 log_warn(LD_DIR, "Invalid bandwidthcapacity %s", escaped(tok->args[1]));
1296 goto err;
1297 }
1298
1299 if ((tok = find_opt_by_keyword(tokens, A_PURPOSE))) {
1300 tor_assert(tok->n_args);
1301 router->purpose = router_purpose_from_string(tok->args[0]);
1302 } else {
1303 router->purpose = ROUTER_PURPOSE_GENERAL;
1304 }
1305 router->cache_info.send_unencrypted =
1306 (router->purpose == ROUTER_PURPOSE_GENERAL) ? 1 : 0;
1307
1308 if ((tok = find_opt_by_keyword(tokens, K_UPTIME))) {
1309 tor_assert(tok->n_args >= 1);
1310 router->uptime = tor_parse_long(tok->args[0],10,0,LONG_MAX,&ok,NULL);
1311 if (!ok) {
1312 log_warn(LD_DIR, "Invalid uptime %s", escaped(tok->args[0]));
1313 goto err;
1314 }
1315 }
1316
1317 if ((tok = find_opt_by_keyword(tokens, K_HIBERNATING))) {
1318 tor_assert(tok->n_args >= 1);
1319 router->is_hibernating
1320 = (tor_parse_long(tok->args[0],10,0,LONG_MAX,NULL,NULL) != 0);
1321 }
1322
1323 tok = find_by_keyword(tokens, K_PUBLISHED);
1324 tor_assert(tok->n_args == 1);
1325 if (parse_iso_time(tok->args[0], &router->cache_info.published_on) < 0)
1326 goto err;
1327
1328 tok = find_by_keyword(tokens, K_ONION_KEY);
1329 router->onion_pkey = tok->key;
1330 tok->key = NULL; /* Prevent free */
1331
1332 tok = find_by_keyword(tokens, K_SIGNING_KEY);
1333 router->identity_pkey = tok->key;
1334 tok->key = NULL; /* Prevent free */
1335 if (crypto_pk_get_digest(router->identity_pkey,
1336 router->cache_info.identity_digest)) {
1337 log_warn(LD_DIR, "Couldn't calculate key digest"); goto err;
1338 }
1339
1340 if ((tok = find_opt_by_keyword(tokens, K_FINGERPRINT))) {
1341 /* If there's a fingerprint line, it must match the identity digest. */
1342 char d[DIGEST_LEN];
1343 tor_assert(tok->n_args == 1);
1344 tor_strstrip(tok->args[0], " ");
1345 if (base16_decode(d, DIGEST_LEN, tok->args[0], strlen(tok->args[0]))) {
1346 log_warn(LD_DIR, "Couldn't decode router fingerprint %s",
1347 escaped(tok->args[0]));
1348 goto err;
1349 }
1350 if (memcmp(d,router->cache_info.identity_digest, DIGEST_LEN)!=0) {
1351 log_warn(LD_DIR, "Fingerprint '%s' does not match identity digest.",
1352 tok->args[0]);
1353 goto err;
1354 }
1355 }
1356
1357 if ((tok = find_opt_by_keyword(tokens, K_PLATFORM))) {
1358 router->platform = tor_strdup(tok->args[0]);
1359 }
1360
1361 if ((tok = find_opt_by_keyword(tokens, K_CONTACT))) {
1362 router->contact_info = tor_strdup(tok->args[0]);
1363 }
1364
1365 if ((tok = find_opt_by_keyword(tokens, K_EVENTDNS))) {
1366 router->has_old_dnsworkers = tok->n_args && !strcmp(tok->args[0], "0");
1367 } else if (router->platform) {
1368 if (! tor_version_as_new_as(router->platform, "0.1.2.2-alpha"))
1369 router->has_old_dnsworkers = 1;
1370 }
1371
1372 exit_policy_tokens = find_all_exitpolicy(tokens);
1373 if (!smartlist_len(exit_policy_tokens)) {
1374 log_warn(LD_DIR, "No exit policy tokens in descriptor.");
1375 goto err;
1376 }
1377 SMARTLIST_FOREACH(exit_policy_tokens, directory_token_t *, t,
1378 if (router_add_exit_policy(router,t)<0) {
1379 log_warn(LD_DIR,"Error in exit policy");
1380 goto err;
1381 });
1382 policy_expand_private(&router->exit_policy);
1383 if (policy_is_reject_star(router->exit_policy))
1384 router->policy_is_reject_star = 1;
1385
1386 if ((tok = find_opt_by_keyword(tokens, K_FAMILY)) && tok->n_args) {
1387 int i;
1388 router->declared_family = smartlist_create();
1389 for (i=0;i<tok->n_args;++i) {
1390 if (!is_legal_nickname_or_hexdigest(tok->args[i])) {
1391 log_warn(LD_DIR, "Illegal nickname %s in family line",
1392 escaped(tok->args[i]));
1393 goto err;
1394 }
1395 smartlist_add(router->declared_family, tor_strdup(tok->args[i]));
1396 }
1397 }
1398
1399 if ((tok = find_opt_by_keyword(tokens, K_CACHES_EXTRA_INFO)))
1400 router->caches_extra_info = 1;
1401
1402 if ((tok = find_opt_by_keyword(tokens, K_ALLOW_SINGLE_HOP_EXITS)))
1403 router->allow_single_hop_exits = 1;
1404
1405 if ((tok = find_opt_by_keyword(tokens, K_EXTRA_INFO_DIGEST))) {
1406 tor_assert(tok->n_args >= 1);
1407 if (strlen(tok->args[0]) == HEX_DIGEST_LEN) {
1408 base16_decode(router->cache_info.extra_info_digest,
1409 DIGEST_LEN, tok->args[0], HEX_DIGEST_LEN);
1410 } else {
1411 log_warn(LD_DIR, "Invalid extra info digest %s", escaped(tok->args[0]));
1412 }
1413 }
1414
1415 if ((tok = find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR))) {
1416 router->wants_to_be_hs_dir = 1;
1417 }
1418
1419 tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
1420 note_crypto_pk_op(VERIFY_RTR);
1421 #ifdef COUNT_DISTINCT_DIGESTS
1422 if (!verified_digests)
1423 verified_digests = digestmap_new();
1424 digestmap_set(verified_digests, signed_digest, (void*)(uintptr_t)1);
1425 #endif
1426 if (check_signature_token(digest, tok, router->identity_pkey, 0,
1427 "router descriptor") < 0)
1428 goto err;
1429
1430 routerinfo_set_country(router);
1431
1432 if (!router->or_port) {
1433 log_warn(LD_DIR,"or_port unreadable or 0. Failing.");
1434 goto err;
1435 }
1436
1437 if (!router->platform) {
1438 router->platform = tor_strdup("<unknown>");
1439 }
1440
1441 goto done;
1442
1443 err:
1444 routerinfo_free(router);
1445 router = NULL;
1446 done:
1447 if (tokens) {
1448 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
1449 smartlist_free(tokens);
1450 }
1451 if (exit_policy_tokens) {
1452 smartlist_free(exit_policy_tokens);
1453 }
1454 if (area) {
1455 DUMP_AREA(area, "routerinfo");
1456 memarea_drop_all(area);
1457 }
1458 return router;
1459 }
1460
1461 /** Parse a single extrainfo entry from the string <b>s</b>, ending at
1462 * <b>end</b>. (If <b>end</b> is NULL, parse up to the end of <b>s</b>.) If
1463 * <b>cache_copy</b> is true, make a copy of the extra-info document in the
1464 * cache_info fields of the result. If <b>routermap</b> is provided, use it
1465 * as a map from router identity to routerinfo_t when looking up signing keys.
1466 */
1467 extrainfo_t *
1468 extrainfo_parse_entry_from_string(const char *s, const char *end,
1469 int cache_copy, struct digest_ri_map_t *routermap)
1470 {
1471 extrainfo_t *extrainfo = NULL;
1472 char digest[128];
1473 smartlist_t *tokens = NULL;
1474 directory_token_t *tok;
1475 crypto_pk_env_t *key = NULL;
1476 routerinfo_t *router = NULL;
1477 memarea_t *area = NULL;
1478
1479 if (!end) {
1480 end = s + strlen(s);
1481 }
1482
1483 /* point 'end' to a point immediately after the final newline. */
1484 while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
1485 --end;
1486
1487 if (router_get_extrainfo_hash(s, digest) < 0) {
1488 log_warn(LD_DIR, "Couldn't compute router hash.");
1489 goto err;
1490 }
1491 tokens = smartlist_create();
1492 area = memarea_new();
1493 if (tokenize_string(area,s,end,tokens,extrainfo_token_table,0)) {
1494 log_warn(LD_DIR, "Error tokenizing extra-info document.");
1495 goto err;
1496 }
1497
1498 if (smartlist_len(tokens) < 2) {
1499 log_warn(LD_DIR, "Impossibly short extra-info document.");
1500 goto err;
1501 }
1502
1503 tok = smartlist_get(tokens,0);
1504 if (tok->tp != K_EXTRA_INFO) {
1505 log_warn(LD_DIR,"Entry does not start with \"extra-info\"");
1506 goto err;
1507 }
1508
1509 extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
1510 extrainfo->cache_info.is_extrainfo = 1;
1511 if (cache_copy)
1512 extrainfo->cache_info.signed_descriptor_body = tor_strndup(s, end-s);
1513 extrainfo->cache_info.signed_descriptor_len = end-s;
1514 memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
1515
1516 tor_assert(tok->n_args >= 2);
1517 if (!is_legal_nickname(tok->args[0])) {
1518 log_warn(LD_DIR,"Bad nickname %s on \"extra-info\"",escaped(tok->args[0]));
1519 goto err;
1520 }
1521 strlcpy(extrainfo->nickname, tok->args[0], sizeof(extrainfo->nickname));
1522 if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
1523 base16_decode(extrainfo->cache_info.identity_digest, DIGEST_LEN,
1524 tok->args[1], HEX_DIGEST_LEN)) {
1525 log_warn(LD_DIR,"Invalid fingerprint %s on \"extra-info\"",
1526 escaped(tok->args[1]));
1527 goto err;
1528 }
1529
1530 tok = find_by_keyword(tokens, K_PUBLISHED);
1531 if (parse_iso_time(tok->args[0], &extrainfo->cache_info.published_on)) {
1532 log_warn(LD_DIR,"Invalid published time %s on \"extra-info\"",
1533 escaped(tok->args[0]));
1534 goto err;
1535 }
1536
1537 if (routermap &&
1538 (router = digestmap_get((digestmap_t*)routermap,
1539 extrainfo->cache_info.identity_digest))) {
1540 key = router->identity_pkey;
1541 }
1542
1543 tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
1544 if (strcmp(tok->object_type, "SIGNATURE") ||
1545 tok->object_size < 128 || tok->object_size > 512) {
1546 log_warn(LD_DIR, "Bad object type or length on extra-info signature");
1547 goto err;
1548 }
1549
1550 if (key) {
1551 note_crypto_pk_op(VERIFY_RTR);
1552 if (check_signature_token(digest, tok, key, 0, "extra-info") < 0)
1553 goto err;
1554
1555 if (router)
1556 extrainfo->cache_info.send_unencrypted =
1557 router->cache_info.send_unencrypted;
1558 } else {
1559 extrainfo->pending_sig = tor_memdup(tok->object_body,
1560 tok->object_size);
1561 extrainfo->pending_sig_len = tok->object_size;
1562 }
1563
1564 goto done;
1565 err:
1566 if (extrainfo)
1567 extrainfo_free(extrainfo);
1568 extrainfo = NULL;
1569 done:
1570 if (tokens) {
1571 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
1572 smartlist_free(tokens);
1573 }
1574 if (area) {
1575 DUMP_AREA(area, "extrainfo");
1576 memarea_drop_all(area);
1577 }
1578 return extrainfo;
1579 }
1580
1581 /** Parse a key certificate from <b>s</b>; point <b>end-of-string</b> to
1582 * the first character after the certificate. */
1583 authority_cert_t *
1584 authority_cert_parse_from_string(const char *s, const char **end_of_string)
1585 {
1586 authority_cert_t *cert = NULL, *old_cert;
1587 smartlist_t *tokens = NULL;
1588 char digest[DIGEST_LEN];
1589 directory_token_t *tok;
1590 char fp_declared[DIGEST_LEN];
1591 char *eos;
1592 size_t len;
1593 int found;
1594 memarea_t *area = NULL;
1595
1596 s = eat_whitespace(s);
1597 eos = strstr(s, "\ndir-key-certification");
1598 if (! eos) {
1599 log_warn(LD_DIR, "No signature found on key certificate");
1600 return NULL;
1601 }
1602 eos = strstr(eos, "\n-----END SIGNATURE-----\n");
1603 if (! eos) {
1604 log_warn(LD_DIR, "No end-of-signature found on key certificate");
1605 return NULL;
1606 }
1607 eos = strchr(eos+2, '\n');
1608 tor_assert(eos);
1609 ++eos;
1610 len = eos - s;
1611
1612 tokens = smartlist_create();
1613 area = memarea_new();
1614 if (tokenize_string(area,s, eos, tokens, dir_key_certificate_table, 0) < 0) {
1615 log_warn(LD_DIR, "Error tokenizing key certificate");
1616 goto err;
1617 }
1618 if (router_get_hash_impl(s, strlen(s), digest, "dir-key-certificate-version",
1619 "\ndir-key-certification", '\n') < 0)
1620 goto err;
1621 tok = smartlist_get(tokens, 0);
1622 if (tok->tp != K_DIR_KEY_CERTIFICATE_VERSION || strcmp(tok->args[0], "3")) {
1623 log_warn(LD_DIR,
1624 "Key certificate does not begin with a recognized version (3).");
1625 goto err;
1626 }
1627
1628 cert = tor_malloc_zero(sizeof(authority_cert_t));
1629 memcpy(cert->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
1630
1631 tok = find_by_keyword(tokens, K_DIR_SIGNING_KEY);
1632 tor_assert(tok->key);
1633 cert->signing_key = tok->key;
1634 tok->key = NULL;
1635 if (crypto_pk_get_digest(cert->signing_key, cert->signing_key_digest))
1636 goto err;
1637
1638 tok = find_by_keyword(tokens, K_DIR_IDENTITY_KEY);
1639 tor_assert(tok->key);
1640 cert->identity_key = tok->key;
1641 tok->key = NULL;
1642
1643 tok = find_by_keyword(tokens, K_FINGERPRINT);
1644 tor_assert(tok->n_args);
1645 if (base16_decode(fp_declared, DIGEST_LEN, tok->args[0],
1646 strlen(tok->args[0]))) {
1647 log_warn(LD_DIR, "Couldn't decode key certificate fingerprint %s",
1648 escaped(tok->args[0]));
1649 goto err;
1650 }
1651
1652 if (crypto_pk_get_digest(cert->identity_key,
1653 cert->cache_info.identity_digest))
1654 goto err;
1655
1656 if (memcmp(cert->cache_info.identity_digest, fp_declared, DIGEST_LEN)) {
1657 log_warn(LD_DIR, "Digest of certificate key didn't match declared "
1658 "fingerprint");
1659 goto err;
1660 }
1661
1662 tok = find_opt_by_keyword(tokens, K_DIR_ADDRESS);
1663 if (tok) {
1664 struct in_addr in;
1665 char *address = NULL;
1666 tor_assert(tok->n_args);
1667 /* XXX021 use tor_addr_port_parse() below instead. -RD */
1668 if (parse_addr_port(LOG_WARN, tok->args[0], &address, NULL,
1669 &cert->dir_port)<0 ||
1670 tor_inet_aton(address, &in) == 0) {
1671 log_warn(LD_DIR, "Couldn't parse dir-address in certificate");
1672 tor_free(address);
1673 goto err;
1674 }
1675 cert->addr = ntohl(in.s_addr);
1676 tor_free(address);
1677 }
1678
1679 tok = find_by_keyword(tokens, K_DIR_KEY_PUBLISHED);
1680 if (parse_iso_time(tok->args[0], &cert->cache_info.published_on) < 0) {
1681 goto err;
1682 }
1683 tok = find_by_keyword(tokens, K_DIR_KEY_EXPIRES);
1684 if (parse_iso_time(tok->args[0], &cert->expires) < 0) {
1685 goto err;
1686 }
1687
1688 tok = smartlist_get(tokens, smartlist_len(tokens)-1);
1689 if (tok->tp != K_DIR_KEY_CERTIFICATION) {
1690 log_warn(LD_DIR, "Certificate didn't end with dir-key-certification.");
1691 goto err;
1692 }
1693
1694 /* If we already have this cert, don't bother checking the signature. */
1695 old_cert = authority_cert_get_by_digests(
1696 cert->cache_info.identity_digest,
1697 cert->signing_key_digest);
1698 found = 0;
1699 if (old_cert) {
1700 /* XXXX We could just compare signed_descriptor_digest, but that wouldn't
1701 * buy us much. */
1702 if (old_cert->cache_info.signed_descriptor_len == len &&
1703 old_cert->cache_info.signed_descriptor_body &&
1704 !memcmp(s, old_cert->cache_info.signed_descriptor_body, len)) {
1705 log_debug(LD_DIR, "We already checked the signature on this "
1706 "certificate; no need to do so again.");
1707 found = 1;
1708 cert->is_cross_certified = old_cert->is_cross_certified;
1709 }
1710 }
1711 if (!found) {
1712 if (check_signature_token(digest, tok, cert->identity_key, 0,
1713 "key certificate")) {
1714 goto err;
1715 }
1716
1717 if ((tok = find_opt_by_keyword(tokens, K_DIR_KEY_CROSSCERT))) {
1718 /* XXXX Once all authorities generate cross-certified certificates,
1719 * make this field mandatory. */
1720 if (check_signature_token(cert->cache_info.identity_digest,
1721 tok,
1722 cert->signing_key,
1723 CST_NO_CHECK_OBJTYPE,
1724 "key cross-certification")) {
1725 goto err;
1726 }
1727 cert->is_cross_certified = 1;
1728 }
1729 }
1730
1731 cert->cache_info.signed_descriptor_len = len;
1732 cert->cache_info.signed_descriptor_body = tor_malloc(len+1);
1733 memcpy(cert->cache_info.signed_descriptor_body, s, len);
1734 cert->cache_info.signed_descriptor_body[len] = 0;
1735 cert->cache_info.saved_location = SAVED_NOWHERE;
1736
1737 if (end_of_string) {
1738 *end_of_string = eat_whitespace(eos);
1739 }
1740 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
1741 smartlist_free(tokens);
1742 if (area) {
1743 DUMP_AREA(area, "authority cert");
1744 memarea_drop_all(area);
1745 }
1746 return cert;
1747 err:
1748 authority_cert_free(cert);
1749 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
1750 smartlist_free(tokens);
1751 if (area) {
1752 DUMP_AREA(area, "authority cert");
1753 memarea_drop_all(area);
1754 }
1755 return NULL;
1756 }
1757
1758 /** Helper: given a string <b>s</b>, return the start of the next router-status
1759 * object (starting with "r " at the start of a line). If none is found,
1760 * return the start of the next directory signature. If none is found, return
1761 * the end of the string. */
1762 static INLINE const char *
1763 find_start_of_next_routerstatus(const char *s)
1764 {
1765 const char *eos = strstr(s, "\nr ");
1766 if (eos) {
1767 const char *eos2 = tor_memstr(s, eos-s, "\ndirectory-signature");
1768 if (eos2 && eos2 < eos)
1769 return eos2;
1770 else
1771 return eos+1;
1772 } else {
1773 if ((eos = strstr(s, "\ndirectory-signature")))
1774 return eos+1;
1775 return s + strlen(s);
1776 }
1777 }
1778
1779 /** Given a string at *<b>s</b>, containing a routerstatus object, and an
1780 * empty smartlist at <b>tokens</b>, parse and return the first router status
1781 * object in the string, and advance *<b>s</b> to just after the end of the
1782 * router status. Return NULL and advance *<b>s</b> on error.
1783 *
1784 * If <b>vote</b> and <b>vote_rs</b> are provided, don't allocate a fresh
1785 * routerstatus but use <b>vote_rs</b> instead.
1786 *
1787 * If <b>consensus_method</b> is nonzero, this routerstatus is part of a
1788 * consensus, and we should parse it according to the method used to
1789 * make that consensus.
1790 **/
1791 static routerstatus_t *
1792 routerstatus_parse_entry_from_string(memarea_t *area,
1793 const char **s, smartlist_t *tokens,
1794 networkstatus_t *vote,
1795 vote_routerstatus_t *vote_rs,
1796 int consensus_method)
1797 {
1798 const char *eos;
1799 routerstatus_t *rs = NULL;
1800 directory_token_t *tok;
1801 char timebuf[ISO_TIME_LEN+1];
1802 struct in_addr in;
1803 tor_assert(tokens);
1804 tor_assert(bool_eq(vote, vote_rs));
1805
1806 eos = find_start_of_next_routerstatus(*s);
1807
1808 if (tokenize_string(area,*s, eos, tokens, rtrstatus_token_table,0)) {
1809 log_warn(LD_DIR, "Error tokenizing router status");
1810 goto err;
1811 }
1812 if (smartlist_len(tokens) < 1) {
1813 log_warn(LD_DIR, "Impossibly short router status");
1814 goto err;
1815 }
1816 tok = find_by_keyword(tokens, K_R);
1817 tor_assert(tok->n_args >= 8);
1818 if (vote_rs) {
1819 rs = &vote_rs->status;
1820 } else {
1821 rs = tor_malloc_zero(sizeof(routerstatus_t));
1822 }
1823
1824 if (!is_legal_nickname(tok->args[0])) {
1825 log_warn(LD_DIR,
1826 "Invalid nickname %s in router status; skipping.",
1827 escaped(tok->args[0]));
1828 goto err;
1829 }
1830 strlcpy(rs->nickname, tok->args[0], sizeof(rs->nickname));
1831
1832 if (digest_from_base64(rs->identity_digest, tok->args[1])) {
1833 log_warn(LD_DIR, "Error decoding identity digest %s",
1834 escaped(tok->args[1]));
1835 goto err;
1836 }
1837
1838 if (digest_from_base64(rs->descriptor_digest, tok->args[2])) {
1839 log_warn(LD_DIR, "Error decoding descriptor digest %s",
1840 escaped(tok->args[2]));
1841 goto err;
1842 }
1843
1844 if (tor_snprintf(timebuf, sizeof(timebuf), "%s %s",
1845 tok->args[3], tok->args[4]) < 0 ||
1846 parse_iso_time(timebuf, &rs->published_on)<0) {
1847 log_warn(LD_DIR, "Error parsing time '%s %s'",
1848 tok->args[3], tok->args[4]);
1849 goto err;
1850 }
1851
1852 if (tor_inet_aton(tok->args[5], &in) == 0) {
1853 log_warn(LD_DIR, "Error parsing router address in network-status %s",
1854 escaped(tok->args[5]));
1855 goto err;
1856 }
1857 rs->addr = ntohl(in.s_addr);
1858
1859 rs->or_port =(uint16_t) tor_parse_long(tok->args[6],10,0,65535,NULL,NULL);
1860 rs->dir_port = (uint16_t) tor_parse_long(tok->args[7],10,0,65535,NULL,NULL);
1861
1862 tok = find_opt_by_keyword(tokens, K_S);
1863 if (tok && vote) {
1864 int i;
1865 vote_rs->flags = 0;
1866 for (i=0; i < tok->n_args; ++i) {
1867 int p = smartlist_string_pos(vote->known_flags, tok->args[i]);
1868 if (p >= 0) {
1869 vote_rs->flags |= (1<<p);
1870 } else {
1871 log_warn(LD_DIR, "Flags line had a flag %s not listed in known_flags.",
1872 escaped(tok->args[i]));
1873 goto err;
1874 }
1875 }
1876 } else if (tok) {
1877 int i;
1878 for (i=0; i < tok->n_args; ++i) {
1879 if (!strcmp(tok->args[i], "Exit"))
1880 rs->is_exit = 1;
1881 else if (!strcmp(tok->args[i], "Stable"))
1882 rs->is_stable = 1;
1883 else if (!strcmp(tok->args[i], "Fast"))
1884 rs->is_fast = 1;
1885 else if (!strcmp(tok->args[i], "Running"))
1886 rs->is_running = 1;
1887 else if (!strcmp(tok->args[i], "Named"))
1888 rs->is_named = 1;
1889 else if (!strcmp(tok->args[i], "Valid"))
1890 rs->is_valid = 1;
1891 else if (!strcmp(tok->args[i], "V2Dir"))
1892 rs->is_v2_dir = 1;
1893 else if (!strcmp(tok->args[i], "Guard"))
1894 rs->is_possible_guard = 1;
1895 else if (!strcmp(tok->args[i], "BadExit"))
1896 rs->is_bad_exit = 1;
1897 else if (!strcmp(tok->args[i], "BadDirectory"))
1898 rs->is_bad_directory = 1;
1899 else if (!strcmp(tok->args[i], "Authority"))
1900 rs->is_authority = 1;
1901 else if (!strcmp(tok->args[i], "Unnamed") &&
1902 consensus_method >= 2) {
1903 /* Unnamed is computed right by consensus method 2 and later. */
1904 rs->is_unnamed = 1;
1905 } else if (!strcmp(tok->args[i], "HSDir")) {
1906 rs->is_hs_dir = 1;
1907 }
1908 }
1909 }
1910 if ((tok = find_opt_by_keyword(tokens, K_V))) {
1911 tor_assert(tok->n_args == 1);
1912 rs->version_known = 1;
1913 if (strcmpstart(tok->args[0], "Tor ")) {
1914 rs->version_supports_begindir = 1;
1915 rs->version_supports_extrainfo_upload = 1;
1916 rs->version_supports_conditional_consensus = 1;
1917 } else {
1918 rs->version_supports_begindir =
1919 tor_version_as_new_as(tok->args[0], "0.2.0.1-alpha");
1920 rs->version_supports_extrainfo_upload =
1921 tor_version_as_new_as(tok->args[0], "0.2.0.0-alpha-dev (r10070)");
1922 rs->version_supports_v3_dir =
1923 tor_version_as_new_as(tok->args[0], "0.2.0.8-alpha");
1924 rs->version_supports_conditional_consensus =
1925 tor_version_as_new_as(tok->args[0], "0.2.1.1-alpha");
1926 }
1927 if (vote_rs) {
1928 vote_rs->version = tor_strdup(tok->args[0]);
1929 }
1930 }
1931
1932 /* handle weighting/bandwidth info */
1933 if ((tok = find_opt_by_keyword(tokens, K_W))) {
1934 int i;
1935 for (i=0; i < tok->n_args; ++i) {
1936 if (!strcmpstart(tok->args[i], "Bandwidth=")) {
1937 int ok;
1938 rs->bandwidth = (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1,
1939 10, 0, UINT32_MAX,
1940 &ok, NULL);
1941 if (!ok) {
1942 log_warn(LD_DIR, "Invalid Bandwidth %s", escaped(tok->args[i]));
1943 goto err;
1944 }
1945 rs->has_bandwidth = 1;
1946 }
1947 }
1948 }
1949
1950 /* parse exit policy summaries */
1951 if ((tok = find_opt_by_keyword(tokens, K_P))) {
1952 tor_assert(tok->n_args == 1);
1953 if (strcmpstart(tok->args[0], "accept ") &&
1954 strcmpstart(tok->args[0], "reject ")) {
1955 log_warn(LD_DIR, "Unknown exit policy summary type %s.",
1956 escaped(tok->args[0]));
1957 goto err;
1958 }
1959 /* XXX weasel: parse this into ports and represent them somehow smart,
1960 * maybe not here but somewhere on if we need it for the client.
1961 * we should still parse it here to check it's valid tho.
1962 */
1963 rs->exitsummary = tor_strdup(tok->args[0]);
1964 rs->has_exitsummary = 1;
1965 }
1966
1967 if (!strcasecmp(rs->nickname, UNNAMED_ROUTER_NICKNAME))
1968 rs->is_named = 0;
1969
1970 goto done;
1971 err:
1972 if (rs && !vote_rs)
1973 routerstatus_free(rs);
1974 rs = NULL;
1975 done:
1976 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
1977 smartlist_clear(tokens);
1978 if (area) {
1979 DUMP_AREA(area, "routerstatus entry");
1980 memarea_clear(area);
1981 }
1982 *s = eos;
1983
1984 return rs;
1985 }
1986
1987 /** Helper to sort a smartlist of pointers to routerstatus_t */
1988 static int
1989 _compare_routerstatus_entries(const void **_a, const void **_b)
1990 {
1991 const routerstatus_t *a = *_a, *b = *_b;
1992 return memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN);
1993 }
1994
1995 /** Helper: used in call to _smartlist_uniq to clear out duplicate entries. */
1996 static void
1997 _free_duplicate_routerstatus_entry(void *e)
1998 {
1999 log_warn(LD_DIR,
2000 "Network-status has two entries for the same router. "
2001 "Dropping one.");
2002 routerstatus_free(e);
2003 }
2004
2005 /** Given a v2 network-status object in <b>s</b>, try to
2006 * parse it and return the result. Return NULL on failure. Check the
2007 * signature of the network status, but do not (yet) check the signing key for
2008 * authority.
2009 */
2010 networkstatus_v2_t *
2011 networkstatus_v2_parse_from_string(const char *s)
2012 {
2013 const char *eos;
2014 smartlist_t *tokens = smartlist_create();
2015 smartlist_t *footer_tokens = smartlist_create();
2016 networkstatus_v2_t *ns = NULL;
2017 char ns_digest[DIGEST_LEN];
2018 char tmp_digest[DIGEST_LEN];
2019 struct in_addr in;
2020 directory_token_t *tok;
2021 int i;
2022 memarea_t *area = NULL;
2023
2024 if (router_get_networkstatus_v2_hash(s, ns_digest)) {
2025 log_warn(LD_DIR, "Unable to compute digest of network-status");
2026 goto err;
2027 }
2028
2029 area = memarea_new();
2030 eos = find_start_of_next_routerstatus(s);
2031 if (tokenize_string(area, s, eos, tokens, netstatus_token_table,0)) {
2032 log_warn(LD_DIR, "Error tokenizing network-status header.");
2033 goto err;
2034 }
2035 ns = tor_malloc_zero(sizeof(networkstatus_v2_t));
2036 memcpy(ns->networkstatus_digest, ns_digest, DIGEST_LEN);
2037
2038 tok = find_by_keyword(tokens, K_NETWORK_STATUS_VERSION);
2039 tor_assert(tok->n_args >= 1);
2040 if (strcmp(tok->args[0], "2")) {
2041 log_warn(LD_BUG, "Got a non-v2 networkstatus. Version was "
2042 "%s", escaped(tok->args[0]));
2043 goto err;
2044 }
2045
2046 tok = find_by_keyword(tokens, K_DIR_SOURCE);
2047 tor_assert(tok->n_args >= 3);
2048 ns->source_address = tor_strdup(tok->args[0]);
2049 if (tor_inet_aton(tok->args[1], &in) == 0) {
2050 log_warn(LD_DIR, "Error parsing network-status source address %s",
2051 escaped(tok->args[1]));
2052 goto err;
2053 }
2054 ns->source_addr = ntohl(in.s_addr);
2055 ns->source_dirport =
2056 (uint16_t) tor_parse_long(tok->args[2],10,0,65535,NULL,NULL);
2057 if (ns->source_dirport == 0) {
2058 log_warn(LD_DIR, "Directory source without dirport; skipping.");
2059 goto err;
2060 }
2061
2062 tok = find_by_keyword(tokens, K_FINGERPRINT);
2063 tor_assert(tok->n_args);
2064 if (base16_decode(ns->identity_digest, DIGEST_LEN, tok->args[0],
2065 strlen(tok->args[0]))) {
2066 log_warn(LD_DIR, "Couldn't decode networkstatus fingerprint %s",
2067 escaped(tok->args[0]));
2068 goto err;
2069 }
2070
2071 if ((tok = find_opt_by_keyword(tokens, K_CONTACT))) {
2072 tor_assert(tok->n_args);
2073 ns->contact = tor_strdup(tok->args[0]);
2074 }
2075
2076 tok = find_by_keyword(tokens, K_DIR_SIGNING_KEY);
2077 tor_assert(tok->key);
2078 ns->signing_key = tok->key;
2079 tok->key = NULL;
2080
2081 if (crypto_pk_get_digest(ns->signing_key, tmp_digest)<0) {
2082 log_warn(LD_DIR, "Couldn't compute signing key digest");
2083 goto err;
2084 }
2085 if (memcmp(tmp_digest, ns->identity_digest, DIGEST_LEN)) {
2086 log_warn(LD_DIR,
2087 "network-status fingerprint did not match dir-signing-key");
2088 goto err;
2089 }
2090
2091 if ((tok = find_opt_by_keyword(tokens, K_DIR_OPTIONS))) {
2092 for (i=0; i < tok->n_args; ++i) {
2093 if (!strcmp(tok->args[i], "Names"))
2094 ns->binds_names = 1;
2095 if (!strcmp(tok->args[i], "Versions"))
2096 ns->recommends_versions = 1;
2097 if (!strcmp(tok->args[i], "BadExits"))
2098 ns->lists_bad_exits = 1;
2099 if (!strcmp(tok->args[i], "BadDirectories"))
2100 ns->lists_bad_directories = 1;
2101 }
2102 }
2103
2104 if (ns->recommends_versions) {
2105 if (!(tok = find_opt_by_keyword(tokens, K_CLIENT_VERSIONS))) {
2106 log_warn(LD_DIR, "Missing client-versions on versioning directory");
2107 goto err;
2108 }
2109 ns->client_versions = tor_strdup(tok->args[0]);
2110
2111 if (!(tok = find_opt_by_keyword(tokens, K_SERVER_VERSIONS)) ||
2112 tok->n_args<1) {
2113 log_warn(LD_DIR, "Missing server-versions on versioning directory");
2114 goto err;
2115 }
2116 ns->server_versions = tor_strdup(tok->args[0]);
2117 }
2118
2119 tok = find_by_keyword(tokens, K_PUBLISHED);
2120 tor_assert(tok->n_args == 1);
2121 if (parse_iso_time(tok->args[0], &ns->published_on) < 0) {
2122 goto err;
2123 }
2124
2125 ns->entries = smartlist_create();
2126 s = eos;
2127 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
2128 smartlist_clear(tokens);
2129 memarea_clear(area);
2130 while (!strcmpstart(s, "r ")) {
2131 routerstatus_t *rs;
2132 if ((rs = routerstatus_parse_entry_from_string(area, &s, tokens,
2133 NULL, NULL, 0)))
2134 smartlist_add(ns->entries, rs);
2135 }
2136 smartlist_sort(ns->entries, _compare_routerstatus_entries);
2137 smartlist_uniq(ns->entries, _compare_routerstatus_entries,
2138 _free_duplicate_routerstatus_entry);
2139
2140 if (tokenize_string(area,s, NULL, footer_tokens, dir_footer_token_table,0)) {
2141 log_warn(LD_DIR, "Error tokenizing network-status footer.");
2142 goto err;
2143 }
2144 if (smartlist_len(footer_tokens) < 1) {
2145 log_warn(LD_DIR, "Too few items in network-status footer.");
2146 goto err;
2147 }
2148 tok = smartlist_get(footer_tokens, smartlist_len(footer_tokens)-1);
2149 if (tok->tp != K_DIRECTORY_SIGNATURE) {
2150 log_warn(LD_DIR,
2151 "Expected network-status footer to end with a signature.");
2152 goto err;
2153 }
2154
2155 note_crypto_pk_op(VERIFY_DIR);
2156 if (check_signature_token(ns_digest, tok, ns->signing_key, 0,
2157 "network-status") < 0)
2158 goto err;
2159
2160 goto done;
2161 err:
2162 if (ns)
2163 networkstatus_v2_free(ns);
2164 ns = NULL;
2165 done:
2166 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
2167 smartlist_free(tokens);
2168 SMARTLIST_FOREACH(footer_tokens, directory_token_t *, t, token_free(t));
2169 smartlist_free(footer_tokens);
2170 if (area) {
2171 DUMP_AREA(area, "v2 networkstatus");
2172 memarea_drop_all(area);
2173 }
2174 return ns;
2175 }
2176
2177 /** Parse a v3 networkstatus vote, opinion, or consensus (depending on
2178 * ns_type), from <b>s</b>, and return the result. Return NULL on failure. */
2179 networkstatus_t *
2180 networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
2181 networkstatus_type_t ns_type)
2182 {
2183 smartlist_t *tokens = smartlist_create();
2184 smartlist_t *rs_tokens = NULL, *footer_tokens = NULL;
2185 networkstatus_voter_info_t *voter = NULL;
2186 networkstatus_t *ns = NULL;
2187 char ns_digest[DIGEST_LEN];
2188 const char *cert, *end_of_header, *end_of_footer;
2189 directory_token_t *tok;
2190 int ok;
2191 struct in_addr in;
2192 int i, inorder, n_signatures = 0;
2193 memarea_t *area = NULL, *rs_area = NULL;
2194 tor_assert(s);
2195
2196 if (eos_out)
2197 *eos_out = NULL;
2198
2199 if (router_get_networkstatus_v3_hash(s, ns_digest)) {
2200 log_warn(LD_DIR, "Unable to compute digest of network-status");
2201 goto err;
2202 }
2203
2204 area = memarea_new();
2205 end_of_header = find_start_of_next_routerstatus(s);
2206 if (tokenize_string(area, s, end_of_header, tokens,
2207 (ns_type == NS_TYPE_CONSENSUS) ?
2208 networkstatus_consensus_token_table :
2209 networkstatus_token_table, 0)) {
2210 log_warn(LD_DIR, "Error tokenizing network-status vote header");
2211 goto err;
2212 }
2213
2214 ns = tor_malloc_zero(sizeof(networkstatus_t));
2215 memcpy(ns->networkstatus_digest, ns_digest, DIGEST_LEN);
2216
2217 if (ns_type != NS_TYPE_CONSENSUS) {
2218 const char *end_of_cert = NULL;
2219 if (!(cert = strstr(s, "\ndir-key-certificate-version")))
2220 goto err;
2221 ++cert;
2222 ns->cert = authority_cert_parse_from_string(cert, &end_of_cert);
2223 if (!ns->cert || !end_of_cert || end_of_cert > end_of_header)
2224 goto err;
2225 }
2226
2227 tok = find_by_keyword(tokens, K_VOTE_STATUS);
2228 tor_assert(tok->n_args);
2229 if (!strcmp(tok->args[0], "vote")) {
2230 ns->type = NS_TYPE_VOTE;
2231 } else if (!strcmp(tok->args[0], "consensus")) {
2232 ns->type = NS_TYPE_CONSENSUS;
2233 } else if (!strcmp(tok->args[0], "opinion")) {
2234 ns->type = NS_TYPE_OPINION;
2235 } else {
2236 log_warn(LD_DIR, "Unrecognized vote status %s in network-status",
2237 escaped(tok->args[0]));
2238 goto err;
2239 }
2240 if (ns_type != ns->type) {
2241 log_warn(LD_DIR, "Got the wrong kind of v3 networkstatus.");
2242 goto err;
2243 }
2244
2245 if (ns->type == NS_TYPE_VOTE || ns->type == NS_TYPE_OPINION) {
2246 tok = find_by_keyword(tokens, K_PUBLISHED);
2247 if (parse_iso_time(tok->args[0], &ns->published))
2248 goto err;
2249
2250 ns->supported_methods = smartlist_create();
2251 tok = find_opt_by_keyword(tokens, K_CONSENSUS_METHODS);
2252 if (tok) {
2253 for (i=0; i < tok->n_args; ++i)
2254 smartlist_add(ns->supported_methods, tor_strdup(tok->args[i]));
2255 } else {
2256 smartlist_add(ns->supported_methods, tor_strdup("1"));
2257 }
2258 } else {
2259 tok = find_opt_by_keyword(tokens, K_CONSENSUS_METHOD);
2260 if (tok) {
2261 ns->consensus_method = (int)tor_parse_long(tok->args[0], 10, 1, INT_MAX,
2262 &ok, NULL);
2263 if (!ok)
2264 goto err;
2265 } else {
2266 ns->consensus_method = 1;
2267 }
2268 }
2269
2270 tok = find_by_keyword(tokens, K_VALID_AFTER);
2271 if (parse_iso_time(tok->args[0], &ns->valid_after))
2272 goto err;
2273
2274 tok = find_by_keyword(tokens, K_FRESH_UNTIL);
2275 if (parse_iso_time(tok->args[0], &ns->fresh_until))
2276 goto err;
2277
2278 tok = find_by_keyword(tokens, K_VALID_UNTIL);
2279 if (parse_iso_time(tok->args[0], &ns->valid_until))
2280 goto err;
2281
2282 tok = find_by_keyword(tokens, K_VOTING_DELAY);
2283 tor_assert(tok->n_args >= 2);
2284 ns->vote_seconds =
2285 (int) tor_parse_long(tok->args[0], 10, 0, INT_MAX, &ok, NULL);
2286 if (!ok)
2287 goto err;
2288 ns->dist_seconds =
2289 (int) tor_parse_long(tok->args[1], 10, 0, INT_MAX, &ok, NULL);
2290 if (!ok)
2291 goto err;
2292 if (ns->valid_after + MIN_VOTE_INTERVAL > ns->fresh_until) {
2293 log_warn(LD_DIR, "Vote/consensus freshness interval is too short");
2294 goto err;
2295 }
2296 if (ns->valid_after + MIN_VOTE_INTERVAL*2 > ns->valid_until) {
2297 log_warn(LD_DIR, "Vote/consensus liveness interval is too short");
2298 goto err;
2299 }
2300 if (ns->vote_seconds < MIN_VOTE_SECONDS) {
2301 log_warn(LD_DIR, "Vote seconds is too short");
2302 goto err;
2303 }
2304 if (ns->dist_seconds < MIN_DIST_SECONDS) {
2305 log_warn(LD_DIR, "Dist seconds is too short");
2306 goto err;
2307 }
2308
2309 if ((tok = find_opt_by_keyword(tokens, K_CLIENT_VERSIONS))) {
2310 ns->client_versions = tor_strdup(tok->args[0]);
2311 }
2312 if ((tok = find_opt_by_keyword(tokens, K_SERVER_VERSIONS))) {
2313 ns->server_versions = tor_strdup(tok->args[0]);
2314 }
2315
2316 tok = find_by_keyword(tokens, K_KNOWN_FLAGS);
2317 ns->known_flags = smartlist_create();
2318 inorder = 1;
2319 for (i = 0; i < tok->n_args; ++i) {
2320 smartlist_add(ns->known_flags, tor_strdup(tok->args[i]));
2321 if (i>0 && strcmp(tok->args[i-1], tok->args[i])>= 0) {
2322 log_warn(LD_DIR, "%s >= %s", tok->args[i-1], tok->args[i]);
2323 inorder = 0;
2324 }
2325 }
2326 if (!inorder) {
2327 log_warn(LD_DIR, "known-flags not in order");
2328 goto err;
2329 }
2330
2331 tok = find_opt_by_keyword(tokens, K_PARAMS);
2332 if (tok) {
2333 inorder = 1;
2334 ns->net_params = smartlist_create();
2335 for (i = 0; i < tok->n_args; ++i) {
2336 int ok=0;
2337 char *eq = strchr(tok->args[i], '=');
2338 if (!eq) {
2339 log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
2340 goto err;
2341 }
2342 tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
2343 if (!ok) {
2344 log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
2345 goto err;
2346 }
2347 if (i > 0 && strcmp(tok->args[i-1], tok->args[i]) >= 0) {
2348 log_warn(LD_DIR, "%s >= %s", tok->args[i-1], tok->args[i]);
2349 inorder = 0;
2350 }
2351 smartlist_add(ns->net_params, tor_strdup(tok->args[i]));
2352 }
2353 if (!inorder) {
2354 log_warn(LD_DIR, "params not in order");
2355 goto err;
2356 }
2357 }
2358
2359 ns->voters = smartlist_create();
2360
2361 SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) {
2362 tok = _tok;
2363 if (tok->tp == K_DIR_SOURCE) {
2364 tor_assert(tok->n_args >= 6);
2365
2366 if (voter)
2367 smartlist_add(ns->voters, voter);
2368 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
2369 if (ns->type != NS_TYPE_CONSENSUS)
2370 memcpy(voter->vote_digest, ns_digest, DIGEST_LEN);
2371
2372 voter->nickname = tor_strdup(tok->args[0]);
2373 if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
2374 base16_decode(voter->identity_digest, sizeof(voter->identity_digest),
2375 tok->args[1], HEX_DIGEST_LEN) < 0) {
2376 log_warn(LD_DIR, "Error decoding identity digest %s in "
2377 "network-status vote.", escaped(tok->args[1]));
2378 goto err;
2379 }
2380 if (ns->type != NS_TYPE_CONSENSUS &&
2381 memcmp(ns->cert->cache_info.identity_digest,
2382 voter->identity_digest, DIGEST_LEN)) {
2383 log_warn(LD_DIR,"Mismatch between identities in certificate and vote");
2384 goto err;
2385 }
2386 voter->address = tor_strdup(tok->args[2]);
2387 if (!tor_inet_aton(tok->args[3], &in)) {
2388 log_warn(LD_DIR, "Error decoding IP address %s in network-status.",
2389 escaped(tok->args[3]));
2390 goto err;
2391 }
2392 voter->addr = ntohl(in.s_addr);
2393 voter->dir_port = (uint16_t)
2394 tor_parse_long(tok->args[4], 10, 0, 65535, &ok, NULL);
2395 if (!ok)
2396 goto err;
2397 voter->or_port = (uint16_t)
2398 tor_parse_long(tok->args[5], 10, 0, 65535, &ok, NULL);
2399 if (!ok)
2400 goto err;
2401 } else if (tok->tp == K_CONTACT) {
2402 if (!voter || voter->contact) {
2403 log_warn(LD_DIR, "contact element is out of place.");
2404 goto err;
2405 }
2406 voter->contact = tor_strdup(tok->args[0]);
2407 } else if (tok->tp == K_VOTE_DIGEST) {
2408 tor_assert(ns->type == NS_TYPE_CONSENSUS);
2409 tor_assert(tok->n_args >= 1);
2410 if (!voter || ! tor_digest_is_zero(voter->vote_digest)) {
2411 log_warn(LD_DIR, "vote-digest element is out of place.");
2412 goto err;
2413 }
2414 if (strlen(tok->args[0]) != HEX_DIGEST_LEN ||
2415 base16_decode(voter->vote_digest, sizeof(voter->vote_digest),
2416 tok->args[0], HEX_DIGEST_LEN) < 0) {
2417 log_warn(LD_DIR, "Error decoding vote digest %s in "
2418 "network-status consensus.", escaped(tok->args[0]));
2419 goto err;
2420 }
2421 }
2422 } SMARTLIST_FOREACH_END(_tok);
2423 if (voter) {
2424 smartlist_add(ns->voters, voter);
2425 voter = NULL;
2426 }
2427 if (smartlist_len(ns->voters) == 0) {
2428 log_warn(LD_DIR, "Missing dir-source elements in a vote networkstatus.");
2429 goto err;
2430 } else if (ns->type != NS_TYPE_CONSENSUS && smartlist_len(ns->voters) != 1) {
2431 log_warn(LD_DIR, "Too many dir-source elements in a vote networkstatus.");
2432 goto err;
2433 }
2434
2435 if (ns->type != NS_TYPE_CONSENSUS &&
2436 (tok = find_opt_by_keyword(tokens, K_LEGACY_DIR_KEY))) {
2437 int bad = 1;
2438 if (strlen(tok->args[0]) == HEX_DIGEST_LEN) {
2439 networkstatus_voter_info_t *voter = smartlist_get(ns->voters, 0);
2440 if (base16_decode(voter->legacy_id_digest, DIGEST_LEN,
2441 tok->args[0], HEX_DIGEST_LEN)<0)
2442 bad = 1;
2443 else
2444 bad = 0;
2445 }
2446 if (bad) {
2447 log_warn(LD_DIR, "Invalid legacy key digest %s on vote.",
2448 escaped(tok->args[0]));
2449 }
2450 }
2451
2452 /* Parse routerstatus lines. */
2453 rs_tokens = smartlist_create();
2454 rs_area = memarea_new();
2455 s = end_of_header;
2456 ns->routerstatus_list = smartlist_create();
2457
2458 while (!strcmpstart(s, "r ")) {
2459 if (ns->type != NS_TYPE_CONSENSUS) {
2460 vote_routerstatus_t *rs = tor_malloc_zero(sizeof(vote_routerstatus_t));
2461 if (routerstatus_parse_entry_from_string(rs_area, &s, rs_tokens, ns,
2462 rs, 0))
2463 smartlist_add(ns->routerstatus_list, rs);
2464 else {
2465 tor_free(rs->version);
2466 tor_free(rs);
2467 }
2468 } else {
2469 routerstatus_t *rs;
2470 if ((rs = routerstatus_parse_entry_from_string(rs_area, &s, rs_tokens,
2471 NULL, NULL,
2472 ns->consensus_method)))
2473 smartlist_add(ns->routerstatus_list, rs);
2474 }
2475 }
2476 for (i = 1; i < smartlist_len(ns->routerstatus_list); ++i) {
2477 routerstatus_t *rs1, *rs2;
2478 if (ns->type != NS_TYPE_CONSENSUS) {
2479 vote_routerstatus_t *a = smartlist_get(ns->routerstatus_list, i-1);
2480 vote_routerstatus_t *b = smartlist_get(ns->routerstatus_list, i);
2481 rs1 = &a->status; rs2 = &b->status;
2482 } else {
2483 rs1 = smartlist_get(ns->routerstatus_list, i-1);
2484 rs2 = smartlist_get(ns->routerstatus_list, i);
2485 }
2486 if (memcmp(rs1->identity_digest, rs2->identity_digest, DIGEST_LEN) >= 0) {
2487 log_warn(LD_DIR, "Vote networkstatus entries not sorted by identity "
2488 "digest");
2489 goto err;
2490 }
2491 }
2492
2493 /* Parse footer; check signature. */
2494 footer_tokens = smartlist_create();
2495 if ((end_of_footer = strstr(s, "\nnetwork-status-version ")))
2496 ++end_of_footer;
2497 else
2498 end_of_footer = s + strlen(s);
2499 if (tokenize_string(area,s, end_of_footer, footer_tokens,
2500 networkstatus_vote_footer_token_table, 0)) {
2501 log_warn(LD_DIR, "Error tokenizing network-status vote footer.");
2502 goto err;
2503 }
2504
2505 SMARTLIST_FOREACH(footer_tokens, directory_token_t *, _tok,
2506 {
2507 char declared_identity[DIGEST_LEN];
2508 networkstatus_voter_info_t *v;
2509 tok = _tok;
2510 if (tok->tp != K_DIRECTORY_SIGNATURE)
2511 continue;
2512 tor_assert(tok->n_args >= 2);
2513
2514 if (!tok->object_type ||
2515 strcmp(tok->object_type, "SIGNATURE") ||
2516 tok->object_size < 128 || tok->object_size > 512) {
2517 log_warn(LD_DIR, "Bad object type or length on directory-signature");
2518 goto err;
2519 }
2520
2521 if (strlen(tok->args[0]) != HEX_DIGEST_LEN ||
2522 base16_decode(declared_identity, sizeof(declared_identity),
2523 tok->args[0], HEX_DIGEST_LEN) < 0) {
2524 log_warn(LD_DIR, "Error decoding declared identity %s in "
2525 "network-status vote.", escaped(tok->args[0]));
2526 goto err;
2527 }
2528 if (!(v = networkstatus_get_voter_by_id(ns, declared_identity))) {
2529 log_warn(LD_DIR, "ID on signature on network-status vote does not match "
2530 "any declared directory source.");
2531 goto err;
2532 }
2533 if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
2534 base16_decode(v->signing_key_digest, sizeof(v->signing_key_digest),
2535 tok->args[1], HEX_DIGEST_LEN) < 0) {
2536 log_warn(LD_DIR, "Error decoding declared digest %s in "
2537 "network-status vote.", escaped(tok->args[1]));
2538 goto err;
2539 }
2540
2541 if (ns->type != NS_TYPE_CONSENSUS) {
2542 if (memcmp(declared_identity, ns->cert->cache_info.identity_digest,
2543 DIGEST_LEN)) {
2544 log_warn(LD_DIR, "Digest mismatch between declared and actual on "
2545 "network-status vote.");
2546 goto err;
2547 }
2548 }
2549
2550 if (ns->type != NS_TYPE_CONSENSUS) {
2551 if (check_signature_token(ns_digest, tok, ns->cert->signing_key, 0,
2552 "network-status vote"))
2553 goto err;
2554 v->good_signature = 1;
2555 } else {
2556 if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING)
2557 goto err;
2558 /* We already parsed a vote from this voter. Use the first one. */
2559 if (v->signature) {
2560 log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
2561 "that contains two votes from the same voter. Ignoring "
2562 "the second vote.");
2563 continue;
2564 }
2565
2566 v->signature = tor_memdup(tok->object_body, tok->object_size);
2567 v->signature_len = (int) tok->object_size;
2568 }
2569 ++n_signatures;
2570 });
2571
2572 if (! n_signatures) {
2573 log_warn(LD_DIR, "No signatures on networkstatus vote.");
2574 goto err;
2575 }
2576
2577 if (eos_out)
2578 *eos_out = end_of_footer;
2579
2580 goto done;
2581 err:
2582 if (ns)
2583 networkstatus_vote_free(ns);
2584 ns = NULL;
2585 done:
2586 if (tokens) {
2587 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
2588 smartlist_free(tokens);
2589 }
2590 if (voter) {
2591 tor_free(voter->nickname);
2592 tor_free(voter->address);
2593 tor_free(voter->contact);
2594 tor_free(voter->signature);
2595 tor_free(voter);
2596 }
2597 if (rs_tokens) {
2598 SMARTLIST_FOREACH(rs_tokens, directory_token_t *, t, token_free(t));
2599 smartlist_free(rs_tokens);
2600 }
2601 if (footer_tokens) {
2602 SMARTLIST_FOREACH(footer_tokens, directory_token_t *, t, token_free(t));
2603 smartlist_free(footer_tokens);
2604 }
2605 if (area) {
2606 DUMP_AREA(area, "v3 networkstatus");
2607 memarea_drop_all(area);
2608 }
2609 if (rs_area)
2610 memarea_drop_all(rs_area);
2611
2612 return ns;
2613 }
2614
2615 /** Parse a detached v3 networkstatus signature document between <b>s</b> and
2616 * <b>eos</b> and return the result. Return -1 on failure. */
2617 ns_detached_signatures_t *
2618 networkstatus_parse_detached_signatures(const char *s, const char *eos)
2619 {
2620 /* XXXX there is too much duplicate shared between this function and
2621 * networkstatus_parse_vote_from_string(). */
2622 directory_token_t *tok;
2623 memarea_t *area = NULL;
2624
2625 smartlist_t *tokens = smartlist_create();
2626 ns_detached_signatures_t *sigs =
2627 tor_malloc_zero(sizeof(ns_detached_signatures_t));
2628
2629 if (!eos)
2630 eos = s + strlen(s);
2631
2632 area = memarea_new();
2633 if (tokenize_string(area,s, eos, tokens,
2634 networkstatus_detached_signature_token_table, 0)) {
2635 log_warn(LD_DIR, "Error tokenizing detached networkstatus signatures");
2636 goto err;
2637 }
2638
2639 tok = find_by_keyword(tokens, K_CONSENSUS_DIGEST);
2640 if (strlen(tok->args[0]) != HEX_DIGEST_LEN) {
2641 log_warn(LD_DIR, "Wrong length on consensus-digest in detached "
2642 "networkstatus signatures");
2643 goto err;
2644 }
2645 if (base16_decode(sigs->networkstatus_digest, DIGEST_LEN,
2646 tok->args[0], strlen(tok->args[0])) < 0) {
2647 log_warn(LD_DIR, "Bad encoding on on consensus-digest in detached "
2648 "networkstatus signatures");
2649 goto err;
2650 }
2651
2652 tok = find_by_keyword(tokens, K_VALID_AFTER);
2653 if (parse_iso_time(tok->args[0], &sigs->valid_after)) {
2654 log_warn(LD_DIR, "Bad valid-after in detached networkstatus signatures");
2655 goto err;
2656 }
2657
2658 tok = find_by_keyword(tokens, K_FRESH_UNTIL);
2659 if (parse_iso_time(tok->args[0], &sigs->fresh_until)) {
2660 log_warn(LD_DIR, "Bad fresh-until in detached networkstatus signatures");
2661 goto err;
2662 }
2663
2664 tok = find_by_keyword(tokens, K_VALID_UNTIL);
2665 if (parse_iso_time(tok->args[0], &sigs->valid_until)) {
2666 log_warn(LD_DIR, "Bad valid-until in detached networkstatus signatures");
2667 goto err;
2668 }
2669
2670 sigs->signatures = smartlist_create();
2671 SMARTLIST_FOREACH(tokens, directory_token_t *, _tok,
2672 {
2673 char id_digest[DIGEST_LEN];
2674 char sk_digest[DIGEST_LEN];
2675 networkstatus_voter_info_t *voter;
2676
2677 tok = _tok;
2678 if (tok->tp != K_DIRECTORY_SIGNATURE)
2679 continue;
2680 tor_assert(tok->n_args >= 2);
2681
2682 if (!tok->object_type ||
2683 strcmp(tok->object_type, "SIGNATURE") ||
2684 tok->object_size < 128 || tok->object_size > 512) {
2685 log_warn(LD_DIR, "Bad object type or length on directory-signature");
2686 goto err;
2687 }
2688
2689 if (strlen(tok->args[0]) != HEX_DIGEST_LEN ||
2690 base16_decode(id_digest, sizeof(id_digest),
2691 tok->args[0], HEX_DIGEST_LEN) < 0) {
2692 log_warn(LD_DIR, "Error decoding declared identity %s in "
2693 "network-status vote.", escaped(tok->args[0]));
2694 goto err;
2695 }
2696 if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
2697 base16_decode(sk_digest, sizeof(sk_digest),
2698 tok->args[1], HEX_DIGEST_LEN) < 0) {
2699 log_warn(LD_DIR, "Error decoding declared digest %s in "
2700 "network-status vote.", escaped(tok->args[1]));
2701 goto err;
2702 }
2703
2704 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
2705 memcpy(voter->identity_digest, id_digest, DIGEST_LEN);
2706 memcpy(voter->signing_key_digest, sk_digest, DIGEST_LEN);
2707 if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING)
2708 goto err;
2709 voter->signature = tor_memdup(tok->object_body, tok->object_size);
2710 voter->signature_len = (int) tok->object_size;
2711
2712 smartlist_add(sigs->signatures, voter);
2713 });
2714
2715 goto done;
2716 err:
2717 ns_detached_signatures_free(sigs);
2718 sigs = NULL;
2719 done:
2720 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
2721 smartlist_free(tokens);
2722 if (area) {
2723 DUMP_AREA(area, "detached signatures");
2724 memarea_drop_all(area);
2725 }
2726 return sigs;
2727 }
2728
2729 /** Parse the addr policy in the string <b>s</b> and return it. If
2730 * assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or
2731 * ADDR_POLICY_REJECT) for items that specify no action.
2732 */
2733 addr_policy_t *
2734 router_parse_addr_policy_item_from_string(const char *s, int assume_action)
2735 {
2736 directory_token_t *tok = NULL;
2737 const char *cp, *eos;
2738 /* Longest possible policy is "accept ffff:ffff:..255/ffff:...255:0-65535".
2739 * But note that there can be an arbitrary amount of space between the
2740 * accept and the address:mask/port element. */
2741 char line[TOR_ADDR_BUF_LEN*2 + 32];
2742 addr_policy_t *r;
2743 memarea_t *area = NULL;
2744
2745 s = eat_whitespace(s);
2746 if ((*s == '*' || TOR_ISDIGIT(*s)) && assume_action >= 0) {
2747 if (tor_snprintf(line, sizeof(line), "%s %s",
2748 assume_action == ADDR_POLICY_ACCEPT?"accept":"reject", s)<0) {
2749 log_warn(LD_DIR, "Policy %s is too long.", escaped(s));
2750 return NULL;
2751 }
2752 cp = line;
2753 tor_strlower(line);
2754 } else { /* assume an already well-formed address policy line */
2755 cp = s;
2756 }
2757
2758 eos = cp + strlen(cp);
2759 area = memarea_new();
2760 tok = get_next_token(area, &cp, eos, routerdesc_token_table);
2761 if (tok->tp == _ERR) {
2762 log_warn(LD_DIR, "Error reading address policy: %s", tok->error);
2763 goto err;
2764 }
2765 if (tok->tp != K_ACCEPT && tok->tp != K_ACCEPT6 &&
2766 tok->tp != K_REJECT && tok->tp != K_REJECT6) {
2767 log_warn(LD_DIR, "Expected 'accept' or 'reject'.");
2768 goto err;
2769 }
2770
2771 r = router_parse_addr_policy(tok);
2772 goto done;
2773 err:
2774 r = NULL;
2775 done:
2776 token_free(tok);
2777 if (area) {
2778 DUMP_AREA(area, "policy item");
2779 memarea_drop_all(area);
2780 }
2781 return r;
2782 }
2783
2784 /** Add an exit policy stored in the token <b>tok</b> to the router info in
2785 * <b>router</b>. Return 0 on success, -1 on failure. */
2786 static int
2787 router_add_exit_policy(routerinfo_t *router, directory_token_t *tok)
2788 {
2789 addr_policy_t *newe;
2790 newe = router_parse_addr_policy(tok);
2791 if (!newe)
2792 return -1;
2793 if (! router->exit_policy)
2794 router->exit_policy = smartlist_create();
2795
2796 if (((tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6) &&
2797 tor_addr_family(&newe->addr) == AF_INET)
2798 ||
2799 ((tok->tp == K_ACCEPT || tok->tp == K_REJECT) &&
2800 tor_addr_family(&newe->addr) == AF_INET6)) {
2801 log_warn(LD_DIR, "Mismatch between field type and address type in exit "
2802 "policy");
2803 addr_policy_free(newe);
2804 return -1;
2805 }
2806
2807 smartlist_add(router->exit_policy, newe);
2808
2809 return 0;
2810 }
2811
2812 /** Given a K_ACCEPT or K_REJECT token and a router, create and return
2813 * a new exit_policy_t corresponding to the token. */
2814 static addr_policy_t *
2815 router_parse_addr_policy(directory_token_t *tok)
2816 {
2817 addr_policy_t newe;
2818 char *arg;
2819
2820 tor_assert(tok->tp == K_REJECT || tok->tp == K_REJECT6 ||
2821 tok->tp == K_ACCEPT || tok->tp == K_ACCEPT6);
2822
2823 if (tok->n_args != 1)
2824 return NULL;
2825 arg = tok->args[0];
2826
2827 if (!strcmpstart(arg,"private"))
2828 return router_parse_addr_policy_private(tok);
2829
2830 memset(&newe, 0, sizeof(newe));
2831
2832 if (tok->tp == K_REJECT || tok->tp == K_REJECT6)
2833 newe.policy_type = ADDR_POLICY_REJECT;
2834 else
2835 newe.policy_type = ADDR_POLICY_ACCEPT;
2836
2837 if (tor_addr_parse_mask_ports(arg, &newe.addr, &newe.maskbits,
2838 &newe.prt_min, &newe.prt_max) < 0) {
2839 log_warn(LD_DIR,"Couldn't parse line %s. Dropping", escaped(arg));
2840 return NULL;
2841 }
2842
2843 return addr_policy_get_canonical_entry(&newe);
2844 }
2845
2846 /** Parse an exit policy line of the format "accept/reject private:...".
2847 * This didn't exist until Tor 0.1.1.15, so nobody should generate it in
2848 * router descriptors until earlier versions are obsolete.
2849 */
2850 static addr_policy_t *
2851 router_parse_addr_policy_private(directory_token_t *tok)
2852 {
2853 const char *arg;
2854 uint16_t port_min, port_max;
2855 addr_policy_t result;
2856
2857 arg = tok->args[0];
2858 if (strcmpstart(arg, "private"))
2859 return NULL;
2860
2861 arg += strlen("private");
2862 arg = (char*) eat_whitespace(arg);
2863 if (!arg || *arg != ':')
2864 return NULL;
2865
2866 if (parse_port_range(arg+1, &port_min, &port_max)<0)
2867 return NULL;
2868
2869 memset(&result, 0, sizeof(result));
2870 if (tok->tp == K_REJECT || tok->tp == K_REJECT6)
2871 result.policy_type = ADDR_POLICY_REJECT;
2872 else
2873 result.policy_type = ADDR_POLICY_ACCEPT;
2874 result.is_private = 1;
2875 result.prt_min = port_min;
2876 result.prt_max = port_max;
2877
2878 return addr_policy_get_canonical_entry(&result);
2879 }
2880
2881 /** Log and exit if <b>t</b> is malformed */
2882 void
2883 assert_addr_policy_ok(smartlist_t *lst)
2884 {
2885 if (!lst) return;
2886 SMARTLIST_FOREACH(lst, addr_policy_t *, t, {
2887 tor_assert(t->policy_type == ADDR_POLICY_REJECT ||
2888 t->policy_type == ADDR_POLICY_ACCEPT);
2889 tor_assert(t->prt_min <= t->prt_max);
2890 });
2891 }
2892
2893 /*
2894 * Low-level tokenizer for router descriptors and directories.
2895 */
2896
2897 /** Free all resources allocated for <b>tok</b> */
2898 static void
2899 token_free(directory_token_t *tok)
2900 {
2901 tor_assert(tok);
2902 if (tok->key)
2903 crypto_free_pk_env(tok->key);
2904 }
2905
2906 #define ALLOC_ZERO(sz) memarea_alloc_zero(area,sz)
2907 #define ALLOC(sz) memarea_alloc(area,sz)
2908 #define STRDUP(str) memarea_strdup(area,str)
2909 #define STRNDUP(str,n) memarea_strndup(area,(str),(n))
2910
2911 #define RET_ERR(msg) \
2912 STMT_BEGIN \
2913 if (tok) token_free(tok); \
2914 tok = ALLOC_ZERO(sizeof(directory_token_t)); \
2915 tok->tp = _ERR; \
2916 tok->error = STRDUP(msg); \
2917 goto done_tokenizing; \
2918 STMT_END
2919
2920 /** Helper: make sure that the token <b>tok</b> with keyword <b>kwd</b> obeys
2921 * the object syntax of <b>o_syn</b>. Allocate all storage in <b>area</b>.
2922 * Return <b>tok</b> on success, or a new _ERR token if the token didn't
2923 * conform to the syntax we wanted.
2924 **/
2925 static INLINE directory_token_t *
2926 token_check_object(memarea_t *area, const char *kwd,
2927 directory_token_t *tok, obj_syntax o_syn)
2928 {
2929 char ebuf[128];
2930 switch (o_syn) {
2931 case NO_OBJ:
2932 /* No object is allowed for this token. */
2933 if (tok->object_body) {
2934 tor_snprintf(ebuf, sizeof(ebuf), "Unexpected object for %s", kwd);
2935 RET_ERR(ebuf);
2936 }
2937 if (tok->key) {
2938 tor_snprintf(ebuf, sizeof(ebuf), "Unexpected public key for %s", kwd);
2939 RET_ERR(ebuf);
2940 }
2941 break;
2942 case NEED_OBJ:
2943 /* There must be a (non-key) object. */
2944 if (!tok->object_body) {
2945 tor_snprintf(ebuf, sizeof(ebuf), "Missing object for %s", kwd);
2946 RET_ERR(ebuf);
2947 }
2948 break;
2949 case NEED_KEY_1024: /* There must be a 1024-bit public key. */
2950 case NEED_SKEY_1024: /* There must be a 1024-bit private key. */
2951 if (tok->key && crypto_pk_keysize(tok->key) != PK_BYTES) {
2952 tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits",
2953 kwd, (int)crypto_pk_keysize(tok->key));
2954 RET_ERR(ebuf);
2955 }
2956 /* fall through */
2957 case NEED_KEY: /* There must be some kind of key. */
2958 if (!tok->key) {
2959 tor_snprintf(ebuf, sizeof(ebuf), "Missing public key for %s", kwd);
2960 RET_ERR(ebuf);
2961 }
2962 if (o_syn != NEED_SKEY_1024) {
2963 if (crypto_pk_key_is_private(tok->key)) {
2964 tor_snprintf(ebuf, sizeof(ebuf),
2965 "Private key given for %s, which wants a public key", kwd);
2966 RET_ERR(ebuf);
2967 }
2968 } else { /* o_syn == NEED_SKEY_1024 */
2969 if (!crypto_pk_key_is_private(tok->key)) {
2970 tor_snprintf(ebuf, sizeof(ebuf),
2971 "Public key given for %s, which wants a private key", kwd);
2972 RET_ERR(ebuf);
2973 }
2974 }
2975 break;
2976 case OBJ_OK:
2977 /* Anything goes with this token. */
2978 break;
2979 }
2980
2981 done_tokenizing:
2982 return tok;
2983 }
2984
2985 /** Helper: parse space-separated arguments from the string <b>s</b> ending at
2986 * <b>eol</b>, and store them in the args field of <b>tok</b>. Store the
2987 * number of parsed elements into the n_args field of <b>tok</b>. Allocate
2988 * all storage in <b>area</b>. Return the number of arguments parsed, or
2989 * return -1 if there was an insanely high number of arguments. */
2990 static INLINE int
2991 get_token_arguments(memarea_t *area, directory_token_t *tok,
2992 const char *s, const char *eol)
2993 {
2994 /** Largest number of arguments we'll accept to any token, ever. */
2995 #define MAX_ARGS 512
2996 char *mem = memarea_strndup(area, s, eol-s);
2997 char *cp = mem;
2998 int j = 0;
2999 char *args[MAX_ARGS];
3000 while (*cp) {
3001 if (j == MAX_ARGS)
3002 return -1;
3003 args[j++] = cp;
3004 cp = (char*)find_whitespace(cp);
3005 if (!cp || !*cp)
3006 break; /* End of the line. */
3007 *cp++ = '\0';
3008 cp = (char*)eat_whitespace(cp);
3009 }
3010 tok->n_args = j;
3011 tok->args = memarea_memdup(area, args, j*sizeof(char*));
3012 return j;
3013 #undef MAX_ARGS
3014 }
3015
3016 /** Helper function: read the next token from *s, advance *s to the end of the
3017 * token, and return the parsed token. Parse *<b>s</b> according to the list
3018 * of tokens in <b>table</b>.
3019 */
3020 static directory_token_t *
3021 get_next_token(memarea_t *area,
3022 const char **s, const char *eos, token_rule_t *table)
3023 {
3024 /** Reject any object at least this big; it is probably an overflow, an
3025 * attack, a bug, or some other nonsense. */
3026 #define MAX_UNPARSED_OBJECT_SIZE (128*1024)
3027
3028 const char *next, *eol, *obstart;
3029 size_t obname_len;
3030 int i;
3031 directory_token_t *tok;
3032 obj_syntax o_syn = NO_OBJ;
3033 char ebuf[128];
3034 const char *kwd = "";
3035
3036 tor_assert(area);
3037 tok = ALLOC_ZERO(sizeof(directory_token_t));
3038 tok->tp = _ERR;
3039
3040 /* Set *s to first token, eol to end-of-line, next to after first token */
3041 *s = eat_whitespace_eos(*s, eos); /* eat multi-line whitespace */
3042 tor_assert(eos >= *s);
3043 eol = memchr(*s, '\n', eos-*s);
3044 if (!eol)
3045 eol = eos;
3046 next = find_whitespace_eos(*s, eol);
3047
3048 if (!strcmp_len(*s, "opt", next-*s)) {
3049 /* Skip past an "opt" at the start of the line. */
3050 *s = eat_whitespace_eos_no_nl(next, eol);
3051 next = find_whitespace_eos(*s, eol);
3052 } else if (*s == eos) { /* If no "opt", and end-of-line, line is invalid */
3053 RET_ERR("Unexpected EOF");
3054 }
3055
3056 /* Search the table for the appropriate entry. (I tried a binary search
3057 * instead, but it wasn't any faster.) */
3058 for (i = 0; table[i].t ; ++i) {
3059 if (!strcmp_len(*s, table[i].t, next-*s)) {
3060 /* We've found the keyword. */
3061 kwd = table[i].t;
3062 tok->tp = table[i].v;
3063 o_syn = table[i].os;
3064 *s = eat_whitespace_eos_no_nl(next, eol);
3065 /* We go ahead whether there are arguments or not, so that tok->args is
3066 * always set if we want arguments. */
3067 if (table[i].concat_args) {
3068 /* The keyword takes the line as a single argument */
3069 tok->args = ALLOC(sizeof(char*));
3070 tok->args[0] = STRNDUP(*s,eol-*s); /* Grab everything on line */
3071 tok->n_args = 1;
3072 } else {
3073 /* This keyword takes multiple arguments. */
3074 if (get_token_arguments(area, tok, *s, eol)<0) {
3075 tor_snprintf(ebuf, sizeof(ebuf),"Far too many arguments to %s", kwd);
3076 RET_ERR(ebuf);
3077 }
3078 *s = eol;
3079 }
3080 if (tok->n_args < table[i].min_args) {
3081 tor_snprintf(ebuf, sizeof(ebuf), "Too few arguments to %s", kwd);
3082 RET_ERR(ebuf);
3083 } else if (tok->n_args > table[i].max_args) {
3084 tor_snprintf(ebuf, sizeof(ebuf), "Too many arguments to %s", kwd);
3085 RET_ERR(ebuf);
3086 }
3087 break;
3088 }
3089 }
3090
3091 if (tok->tp == _ERR) {
3092 /* No keyword matched; call it an "K_opt" or "A_unrecognized" */
3093 if (**s == '@')
3094 tok->tp = _A_UNKNOWN;
3095 else
3096 tok->tp = K_OPT;
3097 tok->args = ALLOC(sizeof(char*));
3098 tok->args[0] = STRNDUP(*s, eol-*s);
3099 tok->n_args = 1;
3100 o_syn = OBJ_OK;
3101 }
3102
3103 /* Check whether there's an object present */
3104 *s = eat_whitespace_eos(eol, eos); /* Scan from end of first line */
3105 tor_assert(eos >= *s);
3106 eol = memchr(*s, '\n', eos-*s);
3107 if (!eol || eol-*s<11 || strcmpstart(*s, "-----BEGIN ")) /* No object. */
3108 goto check_object;
3109
3110 obstart = *s; /* Set obstart to start of object spec */
3111 if (*s+16 >= eol || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */
3112 strcmp_len(eol-5, "-----", 5) || /* nuls or invalid endings */
3113 (eol-*s) > MAX_UNPARSED_OBJECT_SIZE) { /* name too long */
3114 RET_ERR("Malformed object: bad begin line");
3115 }
3116 tok->object_type = STRNDUP(*s+11, eol-*s-16);
3117 obname_len = eol-*s-16; /* store objname length here to avoid a strlen() */
3118 *s = eol+1; /* Set *s to possible start of object data (could be eos) */
3119
3120 /* Go to the end of the object */
3121 next = tor_memstr(*s, eos-*s, "-----END ");
3122 if (!next) {
3123 RET_ERR("Malformed object: missing object end line");
3124 }
3125 tor_assert(eos >= next);
3126 eol = memchr(next, '\n', eos-next);
3127 if (!eol) /* end-of-line marker, or eos if there's no '\n' */
3128 eol = eos;
3129 /* Validate the ending tag, which should be 9 + NAME + 5 + eol */
3130 if ((size_t)(eol-next) != 9+obname_len+5 ||
3131 strcmp_len(next+9, tok->object_type, obname_len) ||
3132 strcmp_len(eol-5, "-----", 5)) {
3133 snprintf(ebuf, sizeof(ebuf), "Malformed object: mismatched end tag %s",
3134 tok->object_type);
3135 ebuf[sizeof(ebuf)-1] = '\0';
3136 RET_ERR(ebuf);
3137 }
3138 if (next - *s > MAX_UNPARSED_OBJECT_SIZE)
3139 RET_ERR("Couldn't parse object: missing footer or object much too big.");
3140
3141 if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
3142 tok->key = crypto_new_pk_env();
3143 if (crypto_pk_read_public_key_from_string(tok->key, obstart, eol-obstart))
3144 RET_ERR("Couldn't parse public key.");
3145 } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */
3146 tok->key = crypto_new_pk_env();
3147 if (crypto_pk_read_private_key_from_string(tok->key, obstart, eol-obstart))
3148 RET_ERR("Couldn't parse private key.");
3149 } else { /* If it's something else, try to base64-decode it */
3150 int r;
3151 tok->object_body = ALLOC(next-*s); /* really, this is too much RAM. */
3152 r = base64_decode(tok->object_body, next-*s, *s, next-*s);
3153 if (r<0)
3154 RET_ERR("Malformed object: bad base64-encoded data");
3155 tok->object_size = r;
3156 }
3157 *s = eol;
3158
3159 check_object:
3160 tok = token_check_object(area, kwd, tok, o_syn);
3161
3162 done_tokenizing:
3163 return tok;
3164
3165 #undef RET_ERR
3166 #undef ALLOC
3167 #undef ALLOC_ZERO
3168 #undef STRDUP
3169 #undef STRNDUP
3170 }
3171
3172 /** Read all tokens from a string between <b>start</b> and <b>end</b>, and add
3173 * them to <b>out</b>. Parse according to the token rules in <b>table</b>.
3174 * Caller must free tokens in <b>out</b>. If <b>end</b> is NULL, use the
3175 * entire string.
3176 */
3177 static int
3178 tokenize_string(memarea_t *area,
3179 const char *start, const char *end, smartlist_t *out,
3180 token_rule_t *table, int flags)
3181 {
3182 const char **s;
3183 directory_token_t *tok = NULL;
3184 int counts[_NIL];
3185 int i;
3186 int first_nonannotation;
3187 int prev_len = smartlist_len(out);
3188 tor_assert(area);
3189
3190 s = &start;
3191 if (!end)
3192 end = start+strlen(start);
3193 for (i = 0; i < _NIL; ++i)
3194 counts[i] = 0;
3195
3196 SMARTLIST_FOREACH(out, const directory_token_t *, t, ++counts[t->tp]);
3197
3198 while (*s < end && (!tok || tok->tp != _EOF)) {
3199 tok = get_next_token(area, s, end, table);
3200 if (tok->tp == _ERR) {
3201 log_warn(LD_DIR, "parse error: %s", tok->error);
3202 token_free(tok);
3203 return -1;
3204 }
3205 ++counts[tok->tp];
3206 smartlist_add(out, tok);
3207 *s = eat_whitespace_eos(*s, end);
3208 }
3209
3210 if (flags & TS_NOCHECK)
3211 return 0;
3212
3213 if ((flags & TS_ANNOTATIONS_OK)) {
3214 first_nonannotation = -1;
3215 for (i = 0; i < smartlist_len(out); ++i) {
3216 tok = smartlist_get(out, i);
3217 if (tok->tp < MIN_ANNOTATION || tok->tp > MAX_ANNOTATION) {
3218 first_nonannotation = i;
3219 break;
3220 }
3221 }
3222 if (first_nonannotation < 0) {
3223 log_warn(LD_DIR, "parse error: item contains only annotations");
3224 return -1;
3225 }
3226 for (i=first_nonannotation; i < smartlist_len(out); ++i) {
3227 tok = smartlist_get(out, i);
3228 if (tok->tp >= MIN_ANNOTATION && tok->tp <= MAX_ANNOTATION) {
3229 log_warn(LD_DIR, "parse error: Annotations mixed with keywords");
3230 return -1;
3231 }
3232 }
3233 if ((flags & TS_NO_NEW_ANNOTATIONS)) {
3234 if (first_nonannotation != prev_len) {
3235 log_warn(LD_DIR, "parse error: Unexpected annotations.");
3236 return -1;
3237 }
3238 }
3239 } else {
3240 for (i=0; i < smartlist_len(out); ++i) {
3241 tok = smartlist_get(out, i);
3242 if (tok->tp >= MIN_ANNOTATION && tok->tp <= MAX_ANNOTATION) {
3243 log_warn(LD_DIR, "parse error: no annotations allowed.");
3244 return -1;
3245 }
3246 }
3247 first_nonannotation = 0;
3248 }
3249 for (i = 0; table[i].t; ++i) {
3250 if (counts[table[i].v] < table[i].min_cnt) {
3251 log_warn(LD_DIR, "Parse error: missing %s element.", table[i].t);
3252 return -1;
3253 }
3254 if (counts[table[i].v] > table[i].max_cnt) {
3255 log_warn(LD_DIR, "Parse error: too many %s elements.", table[i].t);
3256 return -1;
3257 }
3258 if (table[i].pos & AT_START) {
3259 if (smartlist_len(out) < 1 ||
3260 (tok = smartlist_get(out, first_nonannotation))->tp != table[i].v) {
3261 log_warn(LD_DIR, "Parse error: first item is not %s.", table[i].t);
3262 return -1;
3263 }
3264 }
3265 if (table[i].pos & AT_END) {
3266 if (smartlist_len(out) < 1 ||
3267 (tok = smartlist_get(out, smartlist_len(out)-1))->tp != table[i].v) {
3268 log_warn(LD_DIR, "Parse error: last item is not %s.", table[i].t);
3269 return -1;
3270 }
3271 }
3272 }
3273 return 0;
3274 }
3275
3276 /** Find the first token in <b>s</b> whose keyword is <b>keyword</b>; return
3277 * NULL if no such keyword is found.
3278 */
3279 static directory_token_t *
3280 find_opt_by_keyword(smartlist_t *s, directory_keyword keyword)
3281 {
3282 SMARTLIST_FOREACH(s, directory_token_t *, t, if (t->tp == keyword) return t);
3283 return NULL;
3284 }
3285
3286 /** Find the first token in <b>s</b> whose keyword is <b>keyword</b>; fail
3287 * with an assert if no such keyword is found.
3288 */
3289 static directory_token_t *
3290 _find_by_keyword(smartlist_t *s, directory_keyword keyword,
3291 const char *keyword_as_string)
3292 {
3293 directory_token_t *tok = find_opt_by_keyword(s, keyword);
3294 if (PREDICT_UNLIKELY(!tok)) {
3295 log_err(LD_BUG, "Missing %s [%d] in directory object that should have "
3296 "been validated. Internal error.", keyword_as_string, (int)keyword);
3297 tor_assert(tok);
3298 }
3299 return tok;
3300 }
3301
3302 /** Return a newly allocated smartlist of all accept or reject tokens in
3303 * <b>s</b>.
3304 */
3305 static smartlist_t *
3306 find_all_exitpolicy(smartlist_t *s)
3307 {
3308 smartlist_t *out = smartlist_create();
3309 SMARTLIST_FOREACH(s, directory_token_t *, t,
3310 if (t->tp == K_ACCEPT || t->tp == K_ACCEPT6 ||
3311 t->tp == K_REJECT || t->tp == K_REJECT6)
3312 smartlist_add(out,t));
3313 return out;
3314 }
3315
3316 /** Compute the SHA-1 digest of the substring of <b>s</b> taken from the first
3317 * occurrence of <b>start_str</b> through the first instance of c after the
3318 * first subsequent occurrence of <b>end_str</b>; store the 20-byte result in
3319 * <b>digest</b>; return 0 on success.
3320 *
3321 * If no such substring exists, return -1.
3322 */
3323 static int
3324 router_get_hash_impl(const char *s, size_t s_len, char *digest,
3325 const char *start_str,
3326 const char *end_str, char end_c)
3327 {
3328 const char *start, *end;
3329 start = tor_memstr(s, s_len, start_str);
3330 if (!start) {
3331 log_warn(LD_DIR,"couldn't find start of hashed material \"%s\"",start_str);
3332 return -1;
3333 }
3334 if (start != s && *(start-1) != '\n') {
3335 log_warn(LD_DIR,
3336 "first occurrence of \"%s\" is not at the start of a line",
3337 start_str);
3338 return -1;
3339 }
3340 end = tor_memstr(start+strlen(start_str),
3341 s_len - (start-s) - strlen(start_str), end_str);
3342 if (!end) {
3343 log_warn(LD_DIR,"couldn't find end of hashed material \"%s\"",end_str);
3344 return -1;
3345 }
3346 end = memchr(end+strlen(end_str), end_c, s_len - (end-s) - strlen(end_str));
3347 if (!end) {
3348 log_warn(LD_DIR,"couldn't find EOL");
3349 return -1;
3350 }
3351 ++end;
3352
3353 if (crypto_digest(digest, start, end-start)) {
3354 log_warn(LD_BUG,"couldn't compute digest");
3355 return -1;
3356 }
3357
3358 return 0;
3359 }
3360
3361 /** Parse the Tor version of the platform string <b>platform</b>,
3362 * and compare it to the version in <b>cutoff</b>. Return 1 if
3363 * the router is at least as new as the cutoff, else return 0.
3364 */
3365 int
3366 tor_version_as_new_as(const char *platform, const char *cutoff)
3367 {
3368 tor_version_t cutoff_version, router_version;
3369 char *s, *s2, *start;
3370 char tmp[128];
3371
3372 tor_assert(platform);
3373
3374 if (tor_version_parse(cutoff, &cutoff_version)<0) {
3375 log_warn(LD_BUG,"cutoff version '%s' unparseable.",cutoff);
3376 return 0;
3377 }
3378 if (strcmpstart(platform,"Tor ")) /* nonstandard Tor; be safe and say yes */
3379 return 1;
3380
3381 start = (char *)eat_whitespace(platform+3);
3382 if (!*start) return 0;
3383 s = (char *)find_whitespace(start); /* also finds '\0', which is fine */
3384 s2 = (char*)eat_whitespace(s);
3385 if (!strcmpstart(s2, "(r"))
3386 s = (char*)find_whitespace(s2);
3387
3388 if ((size_t)(s-start+1) >= sizeof(tmp)) /* too big, no */
3389 return 0;
3390 strlcpy(tmp, start, s-start+1);
3391
3392 if (tor_version_parse(tmp, &router_version)<0) {
3393 log_info(LD_DIR,"Router version '%s' unparseable.",tmp);
3394 return 1; /* be safe and say yes */
3395 }
3396
3397 /* Here's why we don't need to do any special handling for svn revisions:
3398 * - If neither has an svn revision, we're fine.
3399 * - If the router doesn't have an svn revision, we can't assume that it
3400 * is "at least" any svn revision, so we need to return 0.
3401 * - If the target version doesn't have an svn revision, any svn revision
3402 * (or none at all) is good enough, so return 1.
3403 * - If both target and router have an svn revision, we compare them.
3404 */
3405
3406 return tor_version_compare(&router_version, &cutoff_version) >= 0;
3407 }
3408
3409 /** Parse a tor version from <b>s</b>, and store the result in <b>out</b>.
3410 * Return 0 on success, -1 on failure. */
3411 int
3412 tor_version_parse(const char *s, tor_version_t *out)
3413 {
3414 char *eos=NULL;
3415 const char *cp=NULL;
3416 /* Format is:
3417 * "Tor " ? NUM dot NUM dot NUM [ ( pre | rc | dot ) NUM [ - tag ] ]
3418 */
3419 tor_assert(s);
3420 tor_assert(out);
3421
3422 memset(out, 0, sizeof(tor_version_t));
3423
3424 if (!strcasecmpstart(s, "Tor "))
3425 s += 4;
3426
3427 /* Get major. */
3428 out->major = (int)strtol(s,&eos,10);
3429 if (!eos || eos==s || *eos != '.') return -1;
3430 cp = eos+1;
3431
3432 /* Get minor */
3433 out->minor = (int) strtol(cp,&eos,10);
3434 if (!eos || eos==cp || *eos != '.') return -1;
3435 cp = eos+1;
3436
3437 /* Get micro */
3438 out->micro = (int) strtol(cp,&eos,10);
3439 if (!eos || eos==cp) return -1;
3440 if (!*eos) {
3441 out->status = VER_RELEASE;
3442 out->patchlevel = 0;
3443 return 0;
3444 }
3445 cp = eos;
3446
3447 /* Get status */
3448 if (*cp == '.') {
3449 out->status = VER_RELEASE;
3450 ++cp;
3451 } else if (0==strncmp(cp, "pre", 3)) {
3452 out->status = VER_PRE;
3453 cp += 3;
3454 } else if (0==strncmp(cp, "rc", 2)) {
3455 out->status = VER_RC;
3456 cp += 2;
3457 } else {
3458 return -1;
3459 }
3460
3461 /* Get patchlevel */
3462 out->patchlevel = (int) strtol(cp,&eos,10);
3463 if (!eos || eos==cp) return -1;
3464 cp = eos;
3465
3466 /* Get status tag. */
3467 if (*cp == '-' || *cp == '.')
3468 ++cp;
3469 eos = (char*) find_whitespace(cp);
3470 if (eos-cp >= (int)sizeof(out->status_tag))
3471 strlcpy(out->status_tag, cp, sizeof(out->status_tag));
3472 else {
3473 memcpy(out->status_tag, cp, eos-cp);
3474 out->status_tag[eos-cp] = 0;
3475 }
3476 cp = eat_whitespace(eos);
3477
3478 if (!strcmpstart(cp, "(r")) {
3479 cp += 2;
3480 out->svn_revision = (int) strtol(cp,&eos,10);
3481 }
3482
3483 return 0;
3484 }
3485
3486 /** Compare two tor versions; Return <0 if a < b; 0 if a ==b, >0 if a >
3487 * b. */
3488 int
3489 tor_version_compare(tor_version_t *a, tor_version_t *b)
3490 {
3491 int i;
3492 tor_assert(a);
3493 tor_assert(b);
3494 if ((i = a->major - b->major))
3495 return i;
3496 else if ((i = a->minor - b->minor))
3497 return i;
3498 else if ((i = a->micro - b->micro))
3499 return i;
3500 else if ((i = a->status - b->status))
3501 return i;
3502 else if ((i = a->patchlevel - b->patchlevel))
3503 return i;
3504 else if ((i = strcmp(a->status_tag, b->status_tag)))
3505 return i;
3506 else
3507 return a->svn_revision - b->svn_revision;
3508 }
3509
3510 /** Return true iff versions <b>a</b> and <b>b</b> belong to the same series.
3511 */
3512 static int
3513 tor_version_same_series(tor_version_t *a, tor_version_t *b)
3514 {
3515 tor_assert(a);
3516 tor_assert(b);
3517 return ((a->major == b->major) &&
3518 (a->minor == b->minor) &&
3519 (a->micro == b->micro));
3520 }
3521
3522 /** Helper: Given pointers to two strings describing tor versions, return -1
3523 * if _a precedes _b, 1 if _b precedes _a, and 0 if they are equivalent.
3524 * Used to sort a list of versions. */
3525 static int
3526 _compare_tor_version_str_ptr(const void **_a, const void **_b)
3527 {
3528 const char *a = *_a, *b = *_b;
3529 int ca, cb;
3530 tor_version_t va, vb;
3531 ca = tor_version_parse(a, &va);
3532 cb = tor_version_parse(b, &vb);
3533 /* If they both parse, compare them. */
3534 if (!ca && !cb)
3535 return tor_version_compare(&va,&vb);
3536 /* If one parses, it comes first. */
3537 if (!ca && cb)
3538 return -1;
3539 if (ca && !cb)
3540 return 1;
3541 /* If neither parses, compare strings. Also, the directory server admin
3542 ** needs to be smacked upside the head. But Tor is tolerant and gentle. */
3543 return strcmp(a,b);
3544 }
3545
3546 /** Sort a list of string-representations of versions in ascending order. */
3547 void
3548 sort_version_list(smartlist_t *versions, int remove_duplicates)
3549 {
3550 smartlist_sort(versions, _compare_tor_version_str_ptr);
3551
3552 if (remove_duplicates)
3553 smartlist_uniq(versions, _compare_tor_version_str_ptr, _tor_free);
3554 }
3555
3556 /** Parse and validate the ASCII-encoded v2 descriptor in <b>desc</b>,
3557 * write the parsed descriptor to the newly allocated *<b>parsed_out</b>, the
3558 * binary descriptor ID of length DIGEST_LEN to <b>desc_id_out</b>, the
3559 * encrypted introduction points to the newly allocated
3560 * *<b>intro_points_encrypted_out</b>, their encrypted size to
3561 * *<b>intro_points_encrypted_size_out</b>, the size of the encoded descriptor
3562 * to *<b>encoded_size_out</b>, and a pointer to the possibly next
3563 * descriptor to *<b>next_out</b>; return 0 for success (including validation)
3564 * and -1 for failure.
3565 */
3566 int
3567 rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
3568 char *desc_id_out,
3569 char **intro_points_encrypted_out,
3570 size_t *intro_points_encrypted_size_out,
3571 size_t *encoded_size_out,
3572 const char **next_out, const char *desc)
3573 {
3574 rend_service_descriptor_t *result =
3575 tor_malloc_zero(sizeof(rend_service_descriptor_t));
3576 char desc_hash[DIGEST_LEN];
3577 const char *eos;
3578 smartlist_t *tokens = smartlist_create();
3579 directory_token_t *tok;
3580 char secret_id_part[DIGEST_LEN];
3581 int i, version, num_ok=1;
3582 smartlist_t *versions;
3583 char public_key_hash[DIGEST_LEN];
3584 char test_desc_id[DIGEST_LEN];
3585 memarea_t *area = NULL;
3586 tor_assert(desc);
3587 /* Check if desc starts correctly. */
3588 if (strncmp(desc, "rendezvous-service-descriptor ",
3589 strlen("rendezvous-service-descriptor "))) {
3590 log_info(LD_REND, "Descriptor does not start correctly.");
3591 goto err;
3592 }
3593 /* Compute descriptor hash for later validation. */
3594 if (router_get_hash_impl(desc, strlen(desc), desc_hash,
3595 "rendezvous-service-descriptor ",
3596 "\nsignature", '\n') < 0) {
3597 log_warn(LD_REND, "Couldn't compute descriptor hash.");
3598 goto err;
3599 }
3600 /* Determine end of string. */
3601 eos = strstr(desc, "\nrendezvous-service-descriptor ");
3602 if (!eos)
3603 eos = desc + strlen(desc);
3604 else
3605 eos = eos + 1;
3606 /* Check length. */
3607 if (strlen(desc) > REND_DESC_MAX_SIZE) {
3608 log_warn(LD_REND, "Descriptor length is %i which exceeds "
3609 "maximum rendezvous descriptor size of %i kilobytes.",
3610 (int)strlen(desc), REND_DESC_MAX_SIZE);
3611 goto err;
3612 }
3613 /* Tokenize descriptor. */
3614 area = memarea_new();
3615 if (tokenize_string(area, desc, eos, tokens, desc_token_table, 0)) {
3616 log_warn(LD_REND, "Error tokenizing descriptor.");
3617 goto err;
3618 }
3619 /* Set next to next descriptor, if available. */
3620 *next_out = eos;
3621 /* Set length of encoded descriptor. */
3622 *encoded_size_out = eos - desc;
3623 /* Check min allowed length of token list. */
3624 if (smartlist_len(tokens) < 7) {
3625 log_warn(LD_REND, "Impossibly short descriptor.");
3626 goto err;
3627 }
3628 /* Parse base32-encoded descriptor ID. */
3629 tok = find_by_keyword(tokens, R_RENDEZVOUS_SERVICE_DESCRIPTOR);
3630 tor_assert(tok == smartlist_get(tokens, 0));
3631 tor_assert(tok->n_args == 1);
3632 if (strlen(tok->args[0]) != REND_DESC_ID_V2_LEN_BASE32 ||
3633 strspn(tok->args[0], BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) {
3634 log_warn(LD_REND, "Invalid descriptor ID: '%s'", tok->args[0]);
3635 goto err;
3636 }
3637 if (base32_decode(desc_id_out, DIGEST_LEN,
3638 tok->args[0], REND_DESC_ID_V2_LEN_BASE32) < 0) {
3639 log_warn(LD_REND, "Descriptor ID contains illegal characters: %s",
3640 tok->args[0]);
3641 goto err;
3642 }
3643 /* Parse descriptor version. */
3644 tok = find_by_keyword(tokens, R_VERSION);
3645 tor_assert(tok->n_args == 1);
3646 result->version =
3647 (int) tor_parse_long(tok->args[0], 10, 0, INT_MAX, &num_ok, NULL);
3648 if (result->version != 2 || !num_ok) {
3649 /* If it's <2, it shouldn't be under this format. If the number
3650 * is greater than 2, we bumped it because we broke backward
3651 * compatibility. See how version numbers in our other formats
3652 * work. */
3653 log_warn(LD_REND, "Unrecognized descriptor version: %s",
3654 escaped(tok->args[0]));
3655 goto err;
3656 }
3657 /* Parse public key. */
3658 tok = find_by_keyword(tokens, R_PERMANENT_KEY);
3659 result->pk = tok->key;
3660 tok->key = NULL; /* Prevent free */
3661 /* Parse secret ID part. */
3662 tok = find_by_keyword(tokens, R_SECRET_ID_PART);
3663 tor_assert(tok->n_args == 1);
3664 if (strlen(tok->args[0]) != REND_SECRET_ID_PART_LEN_BASE32 ||
3665 strspn(tok->args[0], BASE32_CHARS) != REND_SECRET_ID_PART_LEN_BASE32) {
3666 log_warn(LD_REND, "Invalid secret ID part: '%s'", tok->args[0]);
3667 goto err;
3668 }
3669 if (base32_decode(secret_id_part, DIGEST_LEN, tok->args[0], 32) < 0) {
3670 log_warn(LD_REND, "Secret ID part contains illegal characters: %s",
3671 tok->args[0]);
3672 goto err;
3673 }
3674 /* Parse publication time -- up-to-date check is done when storing the
3675 * descriptor. */
3676 tok = find_by_keyword(tokens, R_PUBLICATION_TIME);
3677 tor_assert(tok->n_args == 1);
3678 if (parse_iso_time(tok->args[0], &result->timestamp) < 0) {
3679 log_warn(LD_REND, "Invalid publication time: '%s'", tok->args[0]);
3680 goto err;
3681 }
3682 /* Parse protocol versions. */
3683 tok = find_by_keyword(tokens, R_PROTOCOL_VERSIONS);
3684 tor_assert(tok->n_args == 1);
3685 versions = smartlist_create();
3686 smartlist_split_string(versions, tok->args[0], ",",
3687 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
3688 for (i = 0; i < smartlist_len(versions); i++) {
3689 version = (int) tor_parse_long(smartlist_get(versions, i),
3690 10, 0, INT_MAX, &num_ok, NULL);
3691 if (!num_ok) /* It's a string; let's ignore it. */
3692 continue;
3693 result->protocols |= 1 << version;
3694 }
3695 SMARTLIST_FOREACH(versions, char *, cp, tor_free(cp));
3696 smartlist_free(versions);
3697 /* Parse encrypted introduction points. Don't verify. */
3698 tok = find_opt_by_keyword(tokens, R_INTRODUCTION_POINTS);
3699 if (tok) {
3700 if (strcmp(tok->object_type, "MESSAGE")) {
3701 log_warn(LD_DIR, "Bad object type: introduction points should be of "
3702 "type MESSAGE");
3703 goto err;
3704 }
3705 *intro_points_encrypted_out = tor_memdup(tok->object_body,
3706 tok->object_size);
3707 *intro_points_encrypted_size_out = tok->object_size;
3708 } else {
3709 *intro_points_encrypted_out = NULL;
3710 *intro_points_encrypted_size_out = 0;
3711 }
3712 /* Parse and verify signature. */
3713 tok = find_by_keyword(tokens, R_SIGNATURE);
3714 note_crypto_pk_op(VERIFY_RTR);
3715 if (check_signature_token(desc_hash, tok, result->pk, 0,
3716 "v2 rendezvous service descriptor") < 0)
3717 goto err;
3718 /* Verify that descriptor ID belongs to public key and secret ID part. */
3719 crypto_pk_get_digest(result->pk, public_key_hash);
3720 rend_get_descriptor_id_bytes(test_desc_id, public_key_hash,
3721 secret_id_part);
3722 if (memcmp(desc_id_out, test_desc_id, DIGEST_LEN)) {
3723 log_warn(LD_REND, "Parsed descriptor ID does not match "
3724 "computed descriptor ID.");
3725 goto err;
3726 }
3727 goto done;
3728 err:
3729 if (result)
3730 rend_service_descriptor_free(result);
3731 result = NULL;
3732 done:
3733 if (tokens) {
3734 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
3735 smartlist_free(tokens);
3736 }
3737 if (area)
3738 memarea_drop_all(area);
3739 *parsed_out = result;
3740 if (result)
3741 return 0;
3742 return -1;
3743 }
3744
3745 /** Decrypt the encrypted introduction points in <b>ipos_encrypted</b> of
3746 * length <b>ipos_encrypted_size</b> using <b>descriptor_cookie</b> and
3747 * write the result to a newly allocated string that is pointed to by
3748 * <b>ipos_decrypted</b> and its length to <b>ipos_decrypted_size</b>.
3749 * Return 0 if decryption was successful and -1 otherwise. */
3750 int
3751 rend_decrypt_introduction_points(char **ipos_decrypted,
3752 size_t *ipos_decrypted_size,
3753 const char *descriptor_cookie,
3754 const char *ipos_encrypted,
3755 size_t ipos_encrypted_size)
3756 {
3757 tor_assert(ipos_encrypted);
3758 tor_assert(descriptor_cookie);
3759 if (ipos_encrypted_size < 2) {
3760 log_warn(LD_REND, "Size of encrypted introduction points is too "
3761 "small.");
3762 return -1;
3763 }
3764 if (ipos_encrypted[0] == (int)REND_BASIC_AUTH) {
3765 char iv[CIPHER_IV_LEN], client_id[REND_BASIC_AUTH_CLIENT_ID_LEN],
3766 session_key[CIPHER_KEY_LEN], *dec;
3767 int declen, client_blocks;
3768 size_t pos = 0, len, client_entries_len;
3769 crypto_digest_env_t *digest;
3770 crypto_cipher_env_t *cipher;
3771 client_blocks = (int) ipos_encrypted[1];
3772 client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
3773 REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
3774 if (ipos_encrypted_size < 2 + client_entries_len + CIPHER_IV_LEN + 1) {
3775 log_warn(LD_REND, "Size of encrypted introduction points is too "
3776 "small.");
3777 return -1;
3778 }
3779 memcpy(iv, ipos_encrypted + 2 + client_entries_len, CIPHER_IV_LEN);
3780 digest = crypto_new_digest_env();
3781 crypto_digest_add_bytes(digest, descriptor_cookie, REND_DESC_COOKIE_LEN);
3782 crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
3783 crypto_digest_get_digest(digest, client_id,
3784 REND_BASIC_AUTH_CLIENT_ID_LEN);
3785 crypto_free_digest_env(digest);
3786 for (pos = 2; pos < 2 + client_entries_len;
3787 pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN) {
3788 if (!memcmp(ipos_encrypted + pos, client_id,
3789 REND_BASIC_AUTH_CLIENT_ID_LEN)) {
3790 /* Attempt to decrypt introduction points. */
3791 cipher = crypto_create_init_cipher(descriptor_cookie, 0);
3792 if (crypto_cipher_decrypt(cipher, session_key, ipos_encrypted
3793 + pos + REND_BASIC_AUTH_CLIENT_ID_LEN,
3794 CIPHER_KEY_LEN) < 0) {
3795 log_warn(LD_REND, "Could not decrypt session key for client.");
3796 crypto_free_cipher_env(cipher);
3797 return -1;
3798 }
3799 crypto_free_cipher_env(cipher);
3800 cipher = crypto_create_init_cipher(session_key, 0);
3801 len = ipos_encrypted_size - 2 - client_entries_len - CIPHER_IV_LEN;
3802 dec = tor_malloc(len);
3803 declen = crypto_cipher_decrypt_with_iv(cipher, dec, len,
3804 ipos_encrypted + 2 + client_entries_len,
3805 ipos_encrypted_size - 2 - client_entries_len);
3806 crypto_free_cipher_env(cipher);
3807 if (declen < 0) {
3808 log_warn(LD_REND, "Could not decrypt introduction point string.");
3809 tor_free(dec);
3810 return -1;
3811 }
3812 if (memcmpstart(dec, declen, "introduction-point ")) {
3813 log_warn(LD_REND, "Decrypted introduction points don't "
3814 "look like we could parse them.");
3815 tor_free(dec);
3816 continue;
3817 }
3818 *ipos_decrypted = dec;
3819 *ipos_decrypted_size = declen;
3820 return 0;
3821 }
3822 }
3823 log_warn(LD_REND, "Could not decrypt introduction points. Please "
3824 "check your authorization for this service!");
3825 return -1;
3826 } else if (ipos_encrypted[0] == (int)REND_STEALTH_AUTH) {
3827 crypto_cipher_env_t *cipher;
3828 char *dec;
3829 int declen;
3830 dec = tor_malloc_zero(ipos_encrypted_size - CIPHER_IV_LEN - 1);
3831 cipher = crypto_create_init_cipher(descriptor_cookie, 0);
3832 declen = crypto_cipher_decrypt_with_iv(cipher, dec,
3833 ipos_encrypted_size -
3834 CIPHER_IV_LEN - 1,
3835 ipos_encrypted + 1,
3836 ipos_encrypted_size - 1);
3837 crypto_free_cipher_env(cipher);
3838 if (declen < 0) {
3839 log_warn(LD_REND, "Decrypting introduction points failed!");
3840 tor_free(dec);
3841 return -1;
3842 }
3843 *ipos_decrypted = dec;
3844 *ipos_decrypted_size = declen;
3845 return 0;
3846 } else {
3847 log_warn(LD_REND, "Unknown authorization type number: %d",
3848 ipos_encrypted[0]);
3849 return -1;
3850 }
3851 }
3852
3853 /** Parse the encoded introduction points in <b>intro_points_encoded</b> of
3854 * length <b>intro_points_encoded_size</b> and write the result to the
3855 * descriptor in <b>parsed</b>; return the number of successfully parsed
3856 * introduction points or -1 in case of a failure. */
3857 int
3858 rend_parse_introduction_points(rend_service_descriptor_t *parsed,
3859 const char *intro_points_encoded,
3860 size_t intro_points_encoded_size)
3861 {
3862 const char *current_ipo, *end_of_intro_points;
3863 smartlist_t *tokens;
3864 directory_token_t *tok;
3865 rend_intro_point_t *intro;
3866 extend_info_t *info;
3867 int result, num_ok=1;
3868 memarea_t *area = NULL;
3869 tor_assert(parsed);
3870 /** Function may only be invoked once. */
3871 tor_assert(!parsed->intro_nodes);
3872 tor_assert(intro_points_encoded);
3873 tor_assert(intro_points_encoded_size > 0);
3874 /* Consider one intro point after the other. */
3875 current_ipo = intro_points_encoded;
3876 end_of_intro_points = intro_points_encoded + intro_points_encoded_size;
3877 tokens = smartlist_create();
3878 parsed->intro_nodes = smartlist_create();
3879 area = memarea_new();
3880
3881 while (!memcmpstart(current_ipo, end_of_intro_points-current_ipo,
3882 "introduction-point ")) {
3883 /* Determine end of string. */
3884 const char *eos = tor_memstr(current_ipo, end_of_intro_points-current_ipo,
3885 "\nintroduction-point ");
3886 if (!eos)
3887 eos = end_of_intro_points;
3888 else
3889 eos = eos+1;
3890 tor_assert(eos <= intro_points_encoded+intro_points_encoded_size);
3891 /* Free tokens and clear token list. */
3892 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
3893 smartlist_clear(tokens);
3894 memarea_clear(area);
3895 /* Tokenize string. */
3896 if (tokenize_string(area, current_ipo, eos, tokens, ipo_token_table, 0)) {
3897 log_warn(LD_REND, "Error tokenizing introduction point");
3898 goto err;
3899 }
3900 /* Advance to next introduction point, if available. */
3901 current_ipo = eos;
3902 /* Check minimum allowed length of introduction point. */
3903 if (smartlist_len(tokens) < 5) {
3904 log_warn(LD_REND, "Impossibly short introduction point.");
3905 goto err;
3906 }
3907 /* Allocate new intro point and extend info. */
3908 intro = tor_malloc_zero(sizeof(rend_intro_point_t));
3909 info = intro->extend_info = tor_malloc_zero(sizeof(extend_info_t));
3910 /* Parse identifier. */
3911 tok = find_by_keyword(tokens, R_IPO_IDENTIFIER);
3912 if (base32_decode(info->identity_digest, DIGEST_LEN,
3913 tok->args[0], REND_INTRO_POINT_ID_LEN_BASE32) < 0) {
3914 log_warn(LD_REND, "Identity digest contains illegal characters: %s",
3915 tok->args[0]);
3916 rend_intro_point_free(intro);
3917 goto err;
3918 }
3919 /* Write identifier to nickname. */
3920 info->nickname[0] = '$';
3921 base16_encode(info->nickname + 1, sizeof(info->nickname) - 1,
3922 info->identity_digest, DIGEST_LEN);
3923 /* Parse IP address. */
3924 tok = find_by_keyword(tokens, R_IPO_IP_ADDRESS);
3925 if (tor_addr_from_str(&info->addr, tok->args[0])<0) {
3926 log_warn(LD_REND, "Could not parse introduction point address.");
3927 rend_intro_point_free(intro);
3928 goto err;
3929 }
3930 if (tor_addr_family(&info->addr) != AF_INET) {
3931 log_warn(LD_REND, "Introduction point address was not ipv4.");
3932 rend_intro_point_free(intro);
3933 goto err;
3934 }
3935
3936 /* Parse onion port. */
3937 tok = find_by_keyword(tokens, R_IPO_ONION_PORT);
3938 info->port = (uint16_t) tor_parse_long(tok->args[0],10,1,65535,
3939 &num_ok,NULL);
3940 if (!info->port || !num_ok) {
3941 log_warn(LD_REND, "Introduction point onion port %s is invalid",
3942 escaped(tok->args[0]));
3943 rend_intro_point_free(intro);
3944 goto err;
3945 }
3946 /* Parse onion key. */
3947 tok = find_by_keyword(tokens, R_IPO_ONION_KEY);
3948 info->onion_key = tok->key;
3949 tok->key = NULL; /* Prevent free */
3950 /* Parse service key. */
3951 tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY);
3952 intro->intro_key = tok->key;
3953 tok->key = NULL; /* Prevent free */
3954 /* Add extend info to list of introduction points. */
3955 smartlist_add(parsed->intro_nodes, intro);
3956 }
3957 result = smartlist_len(parsed->intro_nodes);
3958 goto done;
3959
3960 err:
3961 result = -1;
3962
3963 done:
3964 /* Free tokens and clear token list. */
3965 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
3966 smartlist_free(tokens);
3967 if (area)
3968 memarea_drop_all(area);
3969
3970 return result;
3971 }
3972
3973 /** Parse the content of a client_key file in <b>ckstr</b> and add
3974 * rend_authorized_client_t's for each parsed client to
3975 * <b>parsed_clients</b>. Return the number of parsed clients as result
3976 * or -1 for failure. */
3977 int
3978 rend_parse_client_keys(strmap_t *parsed_clients, const char *ckstr)
3979 {
3980 int result = -1;
3981 smartlist_t *tokens;
3982 directory_token_t *tok;
3983 const char *current_entry = NULL;
3984 memarea_t *area = NULL;
3985 if (!ckstr || strlen(ckstr) == 0)
3986 return -1;
3987 tokens = smartlist_create();
3988 /* Begin parsing with first entry, skipping comments or whitespace at the
3989 * beginning. */
3990 area = memarea_new();
3991 current_entry = eat_whitespace(ckstr);
3992 while (!strcmpstart(current_entry, "client-name ")) {
3993 rend_authorized_client_t *parsed_entry;
3994 size_t len;
3995 char descriptor_cookie_base64[REND_DESC_COOKIE_LEN_BASE64+2+1];
3996 char descriptor_cookie_tmp[REND_DESC_COOKIE_LEN+2];
3997 /* Determine end of string. */
3998 const char *eos = strstr(current_entry, "\nclient-name ");
3999 if (!eos)
4000 eos = current_entry + strlen(current_entry);
4001 else
4002 eos = eos + 1;
4003 /* Free tokens and clear token list. */
4004 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
4005 smartlist_clear(tokens);
4006 memarea_clear(area);
4007 /* Tokenize string. */
4008 if (tokenize_string(area, current_entry, eos, tokens,
4009 client_keys_token_table, 0)) {
4010 log_warn(LD_REND, "Error tokenizing client keys file.");
4011 goto err;
4012 }
4013 /* Advance to next entry, if available. */
4014 current_entry = eos;
4015 /* Check minimum allowed length of token list. */
4016 if (smartlist_len(tokens) < 2) {
4017 log_warn(LD_REND, "Impossibly short client key entry.");
4018 goto err;
4019 }
4020 /* Parse client name. */
4021 tok = find_by_keyword(tokens, C_CLIENT_NAME);
4022 tor_assert(tok == smartlist_get(tokens, 0));
4023 tor_assert(tok->n_args == 1);
4024
4025 len = strlen(tok->args[0]);
4026 if (len < 1 || len > 19 ||
4027 strspn(tok->args[0], REND_LEGAL_CLIENTNAME_CHARACTERS) != len) {
4028 log_warn(LD_CONFIG, "Illegal client name: %s. (Length must be "
4029 "between 1 and 19, and valid characters are "
4030 "[A-Za-z0-9+-_].)", tok->args[0]);
4031 goto err;
4032 }
4033 /* Check if client name is duplicate. */
4034 if (strmap_get(parsed_clients, tok->args[0])) {
4035 log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains a "
4036 "duplicate client name: '%s'. Ignoring.", tok->args[0]);
4037 goto err;
4038 }
4039 parsed_entry = tor_malloc_zero(sizeof(rend_authorized_client_t));
4040 parsed_entry->client_name = tor_strdup(tok->args[0]);
4041 strmap_set(parsed_clients, parsed_entry->client_name, parsed_entry);
4042 /* Parse client key. */
4043 tok = find_opt_by_keyword(tokens, C_CLIENT_KEY);
4044 if (tok) {
4045 parsed_entry->client_key = tok->key;
4046 tok->key = NULL; /* Prevent free */
4047 }
4048
4049 /* Parse descriptor cookie. */
4050 tok = find_by_keyword(tokens, C_DESCRIPTOR_COOKIE);
4051 tor_assert(tok->n_args == 1);
4052 if (strlen(tok->args[0]) != REND_DESC_COOKIE_LEN_BASE64 + 2) {
4053 log_warn(LD_REND, "Descriptor cookie has illegal length: %s",
4054 escaped(tok->args[0]));
4055 goto err;
4056 }
4057 /* The size of descriptor_cookie_tmp needs to be REND_DESC_COOKIE_LEN+2,
4058 * because a base64 encoding of length 24 does not fit into 16 bytes in all
4059 * cases. */
4060 if ((base64_decode(descriptor_cookie_tmp, REND_DESC_COOKIE_LEN+2,
4061 tok->args[0], REND_DESC_COOKIE_LEN_BASE64+2+1)
4062 != REND_DESC_COOKIE_LEN)) {
4063 log_warn(LD_REND, "Descriptor cookie contains illegal characters: "
4064 "%s", descriptor_cookie_base64);
4065 goto err;
4066 }
4067 memcpy(parsed_entry->descriptor_cookie, descriptor_cookie_tmp,
4068 REND_DESC_COOKIE_LEN);
4069 }
4070 result = strmap_size(parsed_clients);
4071 goto done;
4072 err:
4073 result = -1;
4074 done:
4075 /* Free tokens and clear token list. */
4076 SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
4077 smartlist_free(tokens);
4078 if (area)
4079 memarea_drop_all(area);
4080 return result;
4081 }
4082