1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2011, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Code to parse and validate router descriptors and directories.
15 /****************************************************************************/
17 /** Enumeration of possible token types. The ones starting with K_ correspond
18 * to directory 'keywords'. _ERR is an error in the tokenizing process, _EOF
19 * is an end-of-file marker, and _NIL is used to encode not-a-token.
24 K_DIRECTORY_SIGNATURE
,
25 K_RECOMMENDED_SOFTWARE
,
48 K_NETWORK_STATUS_VERSION
,
63 K_ALLOW_SINGLE_HOP_EXITS
,
65 K_DIR_KEY_CERTIFICATE_VERSION
,
69 K_DIR_KEY_CERTIFICATION
,
90 R_RENDEZVOUS_SERVICE_DESCRIPTOR
,
96 R_INTRODUCTION_POINTS
,
114 #define MIN_ANNOTATION A_PURPOSE
115 #define MAX_ANNOTATION _A_UNKNOWN
117 /** Structure to hold a single directory token.
119 * We parse a directory by breaking it into "tokens", each consisting
120 * of a keyword, a line full of arguments, and a binary object. The
121 * arguments and object are both optional, depending on the keyword
124 * This structure is only allocated in memareas; do not allocate it on
125 * the heap, or token_free() won't work.
127 typedef struct directory_token_t
{
128 directory_keyword tp
; /**< Type of the token. */
129 int n_args
:30; /**< Number of elements in args */
130 char **args
; /**< Array of arguments from keyword line. */
132 char *object_type
; /**< -----BEGIN [object_type]-----*/
133 size_t object_size
; /**< Bytes in object_body */
134 char *object_body
; /**< Contents of object, base64-decoded. */
136 crypto_pk_env_t
*key
; /**< For public keys only. Heap-allocated. */
138 char *error
; /**< For _ERR tokens only. */
141 /* ********************************************************************** */
143 /** We use a table of rules to decide how to parse each token type. */
145 /** Rules for whether the keyword needs an object. */
147 NO_OBJ
, /**< No object, ever. */
148 NEED_OBJ
, /**< Object is required. */
149 NEED_SKEY_1024
,/**< Object is required, and must be a 1024 bit private key */
150 NEED_KEY_1024
, /**< Object is required, and must be a 1024 bit public key */
151 NEED_KEY
, /**< Object is required, and must be a public key. */
152 OBJ_OK
, /**< Object is optional. */
158 /** Determines the parsing rules for a single token type. */
159 typedef struct token_rule_t
{
160 /** The string value of the keyword identifying the type of item. */
162 /** The corresponding directory_keyword enum. */
164 /** Minimum number of arguments for this item */
166 /** Maximum number of arguments for this item */
168 /** If true, we concatenate all arguments for this item into a single
171 /** Requirements on object syntax for this item. */
173 /** Lowest number of times this item may appear in a document. */
175 /** Highest number of times this item may appear in a document. */
177 /** One or more of AT_START/AT_END to limit where the item may appear in a
180 /** True iff this token is an annotation. */
185 * Helper macros to define token tables. 's' is a string, 't' is a
186 * directory_keyword, 'a' is a trio of argument multiplicities, and 'o' is an
191 /** Appears to indicate the end of a table. */
192 #define END_OF_TABLE { NULL, _NIL, 0,0,0, NO_OBJ, 0, INT_MAX, 0, 0 }
193 /** An item with no restrictions: used for obsolete document types */
194 #define T(s,t,a,o) { s, t, a, o, 0, INT_MAX, 0, 0 }
195 /** An item with no restrictions on multiplicity or location. */
196 #define T0N(s,t,a,o) { s, t, a, o, 0, INT_MAX, 0, 0 }
197 /** An item that must appear exactly once */
198 #define T1(s,t,a,o) { s, t, a, o, 1, 1, 0, 0 }
199 /** An item that must appear exactly once, at the start of the document */
200 #define T1_START(s,t,a,o) { s, t, a, o, 1, 1, AT_START, 0 }
201 /** An item that must appear exactly once, at the end of the document */
202 #define T1_END(s,t,a,o) { s, t, a, o, 1, 1, AT_END, 0 }
203 /** An item that must appear one or more times */
204 #define T1N(s,t,a,o) { s, t, a, o, 1, INT_MAX, 0, 0 }
205 /** An item that must appear no more than once */
206 #define T01(s,t,a,o) { s, t, a, o, 0, 1, 0, 0 }
207 /** An annotation that must appear no more than once */
208 #define A01(s,t,a,o) { s, t, a, o, 0, 1, 0, 1 }
210 /* Argument multiplicity: any number of arguments. */
211 #define ARGS 0,INT_MAX,0
212 /* Argument multiplicity: no arguments. */
213 #define NO_ARGS 0,0,0
214 /* Argument multiplicity: concatenate all arguments. */
215 #define CONCAT_ARGS 1,1,1
216 /* Argument multiplicity: at least <b>n</b> arguments. */
217 #define GE(n) n,INT_MAX,0
218 /* Argument multiplicity: exactly <b>n</b> arguments. */
221 /** List of tokens allowable in router descriptors */
222 static token_rule_t routerdesc_token_table
[] = {
223 T0N("reject", K_REJECT
, ARGS
, NO_OBJ
),
224 T0N("accept", K_ACCEPT
, ARGS
, NO_OBJ
),
225 T0N("reject6", K_REJECT6
, ARGS
, NO_OBJ
),
226 T0N("accept6", K_ACCEPT6
, ARGS
, NO_OBJ
),
227 T1_START( "router", K_ROUTER
, GE(5), NO_OBJ
),
228 T1( "signing-key", K_SIGNING_KEY
, NO_ARGS
, NEED_KEY_1024
),
229 T1( "onion-key", K_ONION_KEY
, NO_ARGS
, NEED_KEY_1024
),
230 T1_END( "router-signature", K_ROUTER_SIGNATURE
, NO_ARGS
, NEED_OBJ
),
231 T1( "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
232 T01("uptime", K_UPTIME
, GE(1), NO_OBJ
),
233 T01("fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
234 T01("hibernating", K_HIBERNATING
, GE(1), NO_OBJ
),
235 T01("platform", K_PLATFORM
, CONCAT_ARGS
, NO_OBJ
),
236 T01("contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
237 T01("read-history", K_READ_HISTORY
, ARGS
, NO_OBJ
),
238 T01("write-history", K_WRITE_HISTORY
, ARGS
, NO_OBJ
),
239 T01("extra-info-digest", K_EXTRA_INFO_DIGEST
, GE(1), NO_OBJ
),
240 T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR
, NO_ARGS
, NO_OBJ
),
241 T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS
, NO_ARGS
, NO_OBJ
),
243 T01("family", K_FAMILY
, ARGS
, NO_OBJ
),
244 T01("caches-extra-info", K_CACHES_EXTRA_INFO
, NO_ARGS
, NO_OBJ
),
245 T01("eventdns", K_EVENTDNS
, ARGS
, NO_OBJ
),
247 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
248 T1( "bandwidth", K_BANDWIDTH
, GE(3), NO_OBJ
),
249 A01("@purpose", A_PURPOSE
, GE(1), NO_OBJ
),
254 /** List of tokens allowable in extra-info documents. */
255 static token_rule_t extrainfo_token_table
[] = {
256 T1_END( "router-signature", K_ROUTER_SIGNATURE
, NO_ARGS
, NEED_OBJ
),
257 T1( "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
258 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
259 T01("read-history", K_READ_HISTORY
, ARGS
, NO_OBJ
),
260 T01("write-history", K_WRITE_HISTORY
, ARGS
, NO_OBJ
),
261 T1_START( "extra-info", K_EXTRA_INFO
, GE(2), NO_OBJ
),
266 /** List of tokens allowable in the body part of v2 and v3 networkstatus
268 static token_rule_t rtrstatus_token_table
[] = {
269 T01("p", K_P
, CONCAT_ARGS
, NO_OBJ
),
270 T1( "r", K_R
, GE(8), NO_OBJ
),
271 T1( "s", K_S
, ARGS
, NO_OBJ
),
272 T01("v", K_V
, CONCAT_ARGS
, NO_OBJ
),
273 T01("w", K_W
, ARGS
, NO_OBJ
),
274 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
278 /** List of tokens allowable in the header part of v2 networkstatus documents.
280 static token_rule_t netstatus_token_table
[] = {
281 T1( "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
282 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
283 T1( "contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
284 T1( "dir-signing-key", K_DIR_SIGNING_KEY
, NO_ARGS
, NEED_KEY_1024
),
285 T1( "fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
286 T1_START("network-status-version", K_NETWORK_STATUS_VERSION
,
288 T1( "dir-source", K_DIR_SOURCE
, GE(3), NO_OBJ
),
289 T01("dir-options", K_DIR_OPTIONS
, ARGS
, NO_OBJ
),
290 T01("client-versions", K_CLIENT_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
291 T01("server-versions", K_SERVER_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
296 /** List of tokens allowable in the footer of v1/v2 directory/networkstatus
298 static token_rule_t dir_footer_token_table
[] = {
299 T1("directory-signature", K_DIRECTORY_SIGNATURE
, EQ(1), NEED_OBJ
),
303 /** List of tokens allowable in v1 directory headers/footers. */
304 static token_rule_t dir_token_table
[] = {
305 /* don't enforce counts; this is obsolete. */
306 T( "network-status", K_NETWORK_STATUS
, NO_ARGS
, NO_OBJ
),
307 T( "directory-signature", K_DIRECTORY_SIGNATURE
, ARGS
, NEED_OBJ
),
308 T( "recommended-software",K_RECOMMENDED_SOFTWARE
,CONCAT_ARGS
, NO_OBJ
),
309 T( "signed-directory", K_SIGNED_DIRECTORY
, NO_ARGS
, NO_OBJ
),
311 T( "running-routers", K_RUNNING_ROUTERS
, ARGS
, NO_OBJ
),
312 T( "router-status", K_ROUTER_STATUS
, ARGS
, NO_OBJ
),
313 T( "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
314 T( "opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
315 T( "contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
316 T( "dir-signing-key", K_DIR_SIGNING_KEY
, ARGS
, OBJ_OK
),
317 T( "fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
322 /** List of tokens common to V3 authority certificates and V3 consensuses. */
323 #define CERTIFICATE_MEMBERS \
324 T1("dir-key-certificate-version", K_DIR_KEY_CERTIFICATE_VERSION, \
326 T1("dir-identity-key", K_DIR_IDENTITY_KEY, NO_ARGS, NEED_KEY ),\
327 T1("dir-key-published",K_DIR_KEY_PUBLISHED, CONCAT_ARGS, NO_OBJ), \
328 T1("dir-key-expires", K_DIR_KEY_EXPIRES, CONCAT_ARGS, NO_OBJ), \
329 T1("dir-signing-key", K_DIR_SIGNING_KEY, NO_ARGS, NEED_KEY ),\
330 T01("dir-key-crosscert", K_DIR_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),\
331 T1("dir-key-certification", K_DIR_KEY_CERTIFICATION, \
332 NO_ARGS, NEED_OBJ), \
333 T01("dir-address", K_DIR_ADDRESS, GE(1), NO_OBJ),
335 /** List of tokens allowable in V3 authority certificates. */
336 static token_rule_t dir_key_certificate_table
[] = {
338 T1("fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
342 /** List of tokens allowable in rendezvous service descriptors */
343 static token_rule_t desc_token_table
[] = {
344 T1_START("rendezvous-service-descriptor", R_RENDEZVOUS_SERVICE_DESCRIPTOR
,
346 T1("version", R_VERSION
, EQ(1), NO_OBJ
),
347 T1("permanent-key", R_PERMANENT_KEY
, NO_ARGS
, NEED_KEY_1024
),
348 T1("secret-id-part", R_SECRET_ID_PART
, EQ(1), NO_OBJ
),
349 T1("publication-time", R_PUBLICATION_TIME
, CONCAT_ARGS
, NO_OBJ
),
350 T1("protocol-versions", R_PROTOCOL_VERSIONS
, EQ(1), NO_OBJ
),
351 T01("introduction-points", R_INTRODUCTION_POINTS
, NO_ARGS
, NEED_OBJ
),
352 T1_END("signature", R_SIGNATURE
, NO_ARGS
, NEED_OBJ
),
356 /** List of tokens allowed in the (encrypted) list of introduction points of
357 * rendezvous service descriptors */
358 static token_rule_t ipo_token_table
[] = {
359 T1_START("introduction-point", R_IPO_IDENTIFIER
, EQ(1), NO_OBJ
),
360 T1("ip-address", R_IPO_IP_ADDRESS
, EQ(1), NO_OBJ
),
361 T1("onion-port", R_IPO_ONION_PORT
, EQ(1), NO_OBJ
),
362 T1("onion-key", R_IPO_ONION_KEY
, NO_ARGS
, NEED_KEY_1024
),
363 T1("service-key", R_IPO_SERVICE_KEY
, NO_ARGS
, NEED_KEY_1024
),
367 /** List of tokens allowed in the (possibly encrypted) list of introduction
368 * points of rendezvous service descriptors */
369 static token_rule_t client_keys_token_table
[] = {
370 T1_START("client-name", C_CLIENT_NAME
, CONCAT_ARGS
, NO_OBJ
),
371 T1("descriptor-cookie", C_DESCRIPTOR_COOKIE
, EQ(1), NO_OBJ
),
372 T01("client-key", C_CLIENT_KEY
, NO_ARGS
, NEED_SKEY_1024
),
376 /** List of tokens allowed in V3 networkstatus votes. */
377 static token_rule_t networkstatus_token_table
[] = {
378 T1("network-status-version", K_NETWORK_STATUS_VERSION
,
380 T1("vote-status", K_VOTE_STATUS
, GE(1), NO_OBJ
),
381 T1("published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
382 T1("valid-after", K_VALID_AFTER
, CONCAT_ARGS
, NO_OBJ
),
383 T1("fresh-until", K_FRESH_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
384 T1("valid-until", K_VALID_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
385 T1("voting-delay", K_VOTING_DELAY
, GE(2), NO_OBJ
),
386 T1("known-flags", K_KNOWN_FLAGS
, ARGS
, NO_OBJ
),
387 T01("params", K_PARAMS
, ARGS
, NO_OBJ
),
388 T( "fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
392 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
393 T1( "contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
394 T1( "dir-source", K_DIR_SOURCE
, GE(6), NO_OBJ
),
395 T01("legacy-dir-key", K_LEGACY_DIR_KEY
, GE(1), NO_OBJ
),
396 T1( "known-flags", K_KNOWN_FLAGS
, CONCAT_ARGS
, NO_OBJ
),
397 T01("client-versions", K_CLIENT_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
398 T01("server-versions", K_SERVER_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
399 T1( "consensus-methods", K_CONSENSUS_METHODS
, GE(1), NO_OBJ
),
404 /** List of tokens allowed in V3 networkstatus consensuses. */
405 static token_rule_t networkstatus_consensus_token_table
[] = {
406 T1("network-status-version", K_NETWORK_STATUS_VERSION
,
408 T1("vote-status", K_VOTE_STATUS
, GE(1), NO_OBJ
),
409 T1("valid-after", K_VALID_AFTER
, CONCAT_ARGS
, NO_OBJ
),
410 T1("fresh-until", K_FRESH_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
411 T1("valid-until", K_VALID_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
412 T1("voting-delay", K_VOTING_DELAY
, GE(2), NO_OBJ
),
414 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
416 T1N("dir-source", K_DIR_SOURCE
, GE(6), NO_OBJ
),
417 T1N("contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
418 T1N("vote-digest", K_VOTE_DIGEST
, GE(1), NO_OBJ
),
420 T1( "known-flags", K_KNOWN_FLAGS
, CONCAT_ARGS
, NO_OBJ
),
422 T01("client-versions", K_CLIENT_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
423 T01("server-versions", K_SERVER_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
424 T01("consensus-method", K_CONSENSUS_METHOD
, EQ(1), NO_OBJ
),
425 T01("params", K_PARAMS
, ARGS
, NO_OBJ
),
430 /** List of tokens allowable in the footer of v1/v2 directory/networkstatus
432 static token_rule_t networkstatus_vote_footer_token_table
[] = {
433 T( "directory-signature", K_DIRECTORY_SIGNATURE
, GE(2), NEED_OBJ
),
437 /** List of tokens allowable in detached networkstatus signature documents. */
438 static token_rule_t networkstatus_detached_signature_token_table
[] = {
439 T1_START("consensus-digest", K_CONSENSUS_DIGEST
, GE(1), NO_OBJ
),
440 T1("valid-after", K_VALID_AFTER
, CONCAT_ARGS
, NO_OBJ
),
441 T1("fresh-until", K_FRESH_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
442 T1("valid-until", K_VALID_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
443 T1N("directory-signature", K_DIRECTORY_SIGNATURE
, GE(2), NEED_OBJ
),
449 /* static function prototypes */
450 static int router_add_exit_policy(routerinfo_t
*router
,directory_token_t
*tok
);
451 static addr_policy_t
*router_parse_addr_policy(directory_token_t
*tok
);
452 static addr_policy_t
*router_parse_addr_policy_private(directory_token_t
*tok
);
454 static int router_get_hash_impl(const char *s
, size_t s_len
, char *digest
,
455 const char *start_str
, const char *end_str
,
458 static void token_free(directory_token_t
*tok
);
459 static smartlist_t
*find_all_exitpolicy(smartlist_t
*s
);
460 static directory_token_t
*_find_by_keyword(smartlist_t
*s
,
461 directory_keyword keyword
,
462 const char *keyword_str
);
463 #define find_by_keyword(s, keyword) _find_by_keyword((s), (keyword), #keyword)
464 static directory_token_t
*find_opt_by_keyword(smartlist_t
*s
,
465 directory_keyword keyword
);
467 #define TS_ANNOTATIONS_OK 1
469 #define TS_NO_NEW_ANNOTATIONS 4
470 static int tokenize_string(memarea_t
*area
,
471 const char *start
, const char *end
,
475 static directory_token_t
*get_next_token(memarea_t
*area
,
478 token_rule_t
*table
);
479 #define CST_CHECK_AUTHORITY (1<<0)
480 #define CST_NO_CHECK_OBJTYPE (1<<1)
481 static int check_signature_token(const char *digest
,
482 directory_token_t
*tok
,
483 crypto_pk_env_t
*pkey
,
485 const char *doctype
);
486 static crypto_pk_env_t
*find_dir_signing_key(const char *str
, const char *eos
);
487 static int tor_version_same_series(tor_version_t
*a
, tor_version_t
*b
);
489 #undef DEBUG_AREA_ALLOC
491 #ifdef DEBUG_AREA_ALLOC
492 #define DUMP_AREA(a,name) STMT_BEGIN \
493 size_t alloc=0, used=0; \
494 memarea_get_stats((a),&alloc,&used); \
495 log_debug(LD_MM, "Area for %s has %lu allocated; using %lu.", \
496 name, (unsigned long)alloc, (unsigned long)used); \
499 #define DUMP_AREA(a,name) STMT_NIL
502 /** Set <b>digest</b> to the SHA-1 digest of the hash of the directory in
503 * <b>s</b>. Return 0 on success, -1 on failure.
506 router_get_dir_hash(const char *s
, char *digest
)
508 return router_get_hash_impl(s
, strlen(s
), digest
,
509 "signed-directory","\ndirectory-signature",'\n');
512 /** Set <b>digest</b> to the SHA-1 digest of the hash of the first router in
513 * <b>s</b>. Return 0 on success, -1 on failure.
516 router_get_router_hash(const char *s
, size_t s_len
, char *digest
)
518 return router_get_hash_impl(s
, s_len
, digest
,
519 "router ","\nrouter-signature", '\n');
522 /** Set <b>digest</b> to the SHA-1 digest of the hash of the running-routers
523 * string in <b>s</b>. Return 0 on success, -1 on failure.
526 router_get_runningrouters_hash(const char *s
, char *digest
)
528 return router_get_hash_impl(s
, strlen(s
), digest
,
529 "network-status","\ndirectory-signature", '\n');
532 /** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
533 * string in <b>s</b>. Return 0 on success, -1 on failure. */
535 router_get_networkstatus_v2_hash(const char *s
, char *digest
)
537 return router_get_hash_impl(s
, strlen(s
), digest
,
538 "network-status-version","\ndirectory-signature",
542 /** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
543 * string in <b>s</b>. Return 0 on success, -1 on failure. */
545 router_get_networkstatus_v3_hash(const char *s
, char *digest
)
547 return router_get_hash_impl(s
, strlen(s
), digest
,
548 "network-status-version",
549 "\ndirectory-signature",
553 /** Set <b>digest</b> to the SHA-1 digest of the hash of the extrainfo
554 * string in <b>s</b>. Return 0 on success, -1 on failure. */
556 router_get_extrainfo_hash(const char *s
, char *digest
)
558 return router_get_hash_impl(s
, strlen(s
), digest
, "extra-info",
559 "\nrouter-signature",'\n');
562 /** Helper: used to generate signatures for routers, directories and
563 * network-status objects. Given a digest in <b>digest</b> and a secret
564 * <b>private_key</b>, generate an PKCS1-padded signature, BASE64-encode it,
565 * surround it with -----BEGIN/END----- pairs, and write it to the
566 * <b>buf_len</b>-byte buffer at <b>buf</b>. Return 0 on success, -1 on
570 router_append_dirobj_signature(char *buf
, size_t buf_len
, const char *digest
,
571 crypto_pk_env_t
*private_key
)
576 keysize
= crypto_pk_keysize(private_key
);
577 signature
= tor_malloc(keysize
);
578 if (crypto_pk_private_sign(private_key
, signature
, keysize
,
579 digest
, DIGEST_LEN
) < 0) {
581 log_warn(LD_BUG
,"Couldn't sign digest.");
584 if (strlcat(buf
, "-----BEGIN SIGNATURE-----\n", buf_len
) >= buf_len
)
588 if (base64_encode(buf
+i
, buf_len
-i
, signature
, 128) < 0) {
589 log_warn(LD_BUG
,"couldn't base64-encode signature");
593 if (strlcat(buf
, "-----END SIGNATURE-----\n", buf_len
) >= buf_len
)
600 log_warn(LD_BUG
,"tried to exceed string length.");
606 /** Return VS_RECOMMENDED if <b>myversion</b> is contained in
607 * <b>versionlist</b>. Else, return VS_EMPTY if versionlist has no
608 * entries. Else, return VS_OLD if every member of
609 * <b>versionlist</b> is newer than <b>myversion</b>. Else, return
610 * VS_NEW_IN_SERIES if there is at least one member of <b>versionlist</b> in
611 * the same series (major.minor.micro) as <b>myversion</b>, but no such member
612 * is newer than <b>myversion.</b>. Else, return VS_NEW if every member of
613 * <b>versionlist</b> is older than <b>myversion</b>. Else, return
616 * (versionlist is a comma-separated list of version strings,
617 * optionally prefixed with "Tor". Versions that can't be parsed are
621 tor_version_is_obsolete(const char *myversion
, const char *versionlist
)
623 tor_version_t mine
, other
;
624 int found_newer
= 0, found_older
= 0, found_newer_in_series
= 0,
625 found_any_in_series
= 0, r
, same
;
626 version_status_t ret
= VS_UNRECOMMENDED
;
627 smartlist_t
*version_sl
;
629 log_debug(LD_CONFIG
,"Checking whether version '%s' is in '%s'",
630 myversion
, versionlist
);
632 if (tor_version_parse(myversion
, &mine
)) {
633 log_err(LD_BUG
,"I couldn't parse my own version (%s)", myversion
);
636 version_sl
= smartlist_create();
637 smartlist_split_string(version_sl
, versionlist
, ",", SPLIT_SKIP_SPACE
, 0);
639 if (!strlen(versionlist
)) { /* no authorities cared or agreed */
644 SMARTLIST_FOREACH(version_sl
, const char *, cp
, {
645 if (!strcmpstart(cp
, "Tor "))
648 if (tor_version_parse(cp
, &other
)) {
649 /* Couldn't parse other; it can't be a match. */
651 same
= tor_version_same_series(&mine
, &other
);
653 found_any_in_series
= 1;
654 r
= tor_version_compare(&mine
, &other
);
656 ret
= VS_RECOMMENDED
;
661 found_newer_in_series
= 1;
668 /* We didn't find the listed version. Is it new or old? */
669 if (found_any_in_series
&& !found_newer_in_series
&& found_newer
) {
670 ret
= VS_NEW_IN_SERIES
;
671 } else if (found_newer
&& !found_older
) {
673 } else if (found_older
&& !found_newer
) {
676 ret
= VS_UNRECOMMENDED
;
680 SMARTLIST_FOREACH(version_sl
, char *, version
, tor_free(version
));
681 smartlist_free(version_sl
);
685 /** Read a signed directory from <b>str</b>. If it's well-formed, return 0.
686 * Otherwise, return -1. If we're a directory cache, cache it.
689 router_parse_directory(const char *str
)
691 directory_token_t
*tok
;
692 char digest
[DIGEST_LEN
];
695 const char *end
, *cp
;
696 smartlist_t
*tokens
= NULL
;
697 crypto_pk_env_t
*declared_key
= NULL
;
698 memarea_t
*area
= memarea_new();
700 /* XXXX This could be simplified a lot, but it will all go away
701 * once pre-0.1.1.8 is obsolete, and for now it's better not to
704 if (router_get_dir_hash(str
, digest
)) {
705 log_warn(LD_DIR
, "Unable to compute digest of directory");
708 log_debug(LD_DIR
,"Received directory hashes to %s",hex_str(digest
,4));
710 /* Check signature first, before we try to tokenize. */
712 while (cp
&& (end
= strstr(cp
+1, "\ndirectory-signature")))
714 if (cp
== str
|| !cp
) {
715 log_warn(LD_DIR
, "No signature found on directory."); goto err
;
718 tokens
= smartlist_create();
719 if (tokenize_string(area
,cp
,strchr(cp
,'\0'),tokens
,dir_token_table
,0)) {
720 log_warn(LD_DIR
, "Error tokenizing directory signature"); goto err
;
722 if (smartlist_len(tokens
) != 1) {
723 log_warn(LD_DIR
, "Unexpected number of tokens in signature"); goto err
;
725 tok
=smartlist_get(tokens
,0);
726 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
) {
727 log_warn(LD_DIR
,"Expected a single directory signature"); goto err
;
729 declared_key
= find_dir_signing_key(str
, str
+strlen(str
));
730 note_crypto_pk_op(VERIFY_DIR
);
731 if (check_signature_token(digest
, tok
, declared_key
,
732 CST_CHECK_AUTHORITY
, "directory")<0)
735 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
736 smartlist_clear(tokens
);
739 /* Now try to parse the first part of the directory. */
740 if ((end
= strstr(str
,"\nrouter "))) {
742 } else if ((end
= strstr(str
, "\ndirectory-signature"))) {
745 end
= str
+ strlen(str
);
748 if (tokenize_string(area
,str
,end
,tokens
,dir_token_table
,0)) {
749 log_warn(LD_DIR
, "Error tokenizing directory"); goto err
;
752 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
753 tor_assert(tok
->n_args
== 1);
755 if (parse_iso_time(tok
->args
[0], &published_on
) < 0) {
759 /* Now that we know the signature is okay, and we have a
760 * publication time, cache the directory. */
761 if (directory_caches_v1_dir_info(get_options()) &&
762 !authdir_mode_v1(get_options()))
763 dirserv_set_cached_directory(str
, published_on
, 0);
770 if (declared_key
) crypto_free_pk_env(declared_key
);
772 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
773 smartlist_free(tokens
);
776 DUMP_AREA(area
, "v1 directory");
777 memarea_drop_all(area
);
782 /** Read a signed router status statement from <b>str</b>. If it's
783 * well-formed, return 0. Otherwise, return -1. If we're a directory cache,
786 router_parse_runningrouters(const char *str
)
788 char digest
[DIGEST_LEN
];
789 directory_token_t
*tok
;
792 crypto_pk_env_t
*declared_key
= NULL
;
793 smartlist_t
*tokens
= NULL
;
794 const char *eos
= str
+ strlen(str
);
795 memarea_t
*area
= NULL
;
797 if (router_get_runningrouters_hash(str
, digest
)) {
798 log_warn(LD_DIR
, "Unable to compute digest of running-routers");
801 area
= memarea_new();
802 tokens
= smartlist_create();
803 if (tokenize_string(area
,str
,eos
,tokens
,dir_token_table
,0)) {
804 log_warn(LD_DIR
, "Error tokenizing running-routers"); goto err
;
806 tok
= smartlist_get(tokens
,0);
807 if (tok
->tp
!= K_NETWORK_STATUS
) {
808 log_warn(LD_DIR
, "Network-status starts with wrong token");
812 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
813 tor_assert(tok
->n_args
== 1);
814 if (parse_iso_time(tok
->args
[0], &published_on
) < 0) {
817 if (!(tok
= find_opt_by_keyword(tokens
, K_DIRECTORY_SIGNATURE
))) {
818 log_warn(LD_DIR
, "Missing signature on running-routers");
821 declared_key
= find_dir_signing_key(str
, eos
);
822 note_crypto_pk_op(VERIFY_DIR
);
823 if (check_signature_token(digest
, tok
, declared_key
,
824 CST_CHECK_AUTHORITY
, "running-routers")
828 /* Now that we know the signature is okay, and we have a
829 * publication time, cache the list. */
830 if (get_options()->DirPort
&& !authdir_mode_v1(get_options()))
831 dirserv_set_cached_directory(str
, published_on
, 1);
835 if (declared_key
) crypto_free_pk_env(declared_key
);
837 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
838 smartlist_free(tokens
);
841 DUMP_AREA(area
, "v1 running-routers");
842 memarea_drop_all(area
);
847 /** Given a directory or running-routers string in <b>str</b>, try to
848 * find the its dir-signing-key token (if any). If this token is
849 * present, extract and return the key. Return NULL on failure. */
850 static crypto_pk_env_t
*
851 find_dir_signing_key(const char *str
, const char *eos
)
854 directory_token_t
*tok
;
855 crypto_pk_env_t
*key
= NULL
;
856 memarea_t
*area
= NULL
;
860 /* Is there a dir-signing-key in the directory? */
861 cp
= tor_memstr(str
, eos
-str
, "\nopt dir-signing-key");
863 cp
= tor_memstr(str
, eos
-str
, "\ndir-signing-key");
866 ++cp
; /* Now cp points to the start of the token. */
868 area
= memarea_new();
869 tok
= get_next_token(area
, &cp
, eos
, dir_token_table
);
871 log_warn(LD_DIR
, "Unparseable dir-signing-key token");
874 if (tok
->tp
!= K_DIR_SIGNING_KEY
) {
875 log_warn(LD_DIR
, "Dir-signing-key token did not parse as expected");
881 tok
->key
= NULL
; /* steal reference. */
883 log_warn(LD_DIR
, "Dir-signing-key token contained no key");
887 if (tok
) token_free(tok
);
889 DUMP_AREA(area
, "dir-signing-key token");
890 memarea_drop_all(area
);
895 /** Return true iff <b>key</b> is allowed to sign directories.
898 dir_signing_key_is_trusted(crypto_pk_env_t
*key
)
900 char digest
[DIGEST_LEN
];
902 if (crypto_pk_get_digest(key
, digest
) < 0) {
903 log_warn(LD_DIR
, "Error computing dir-signing-key digest");
906 if (!router_digest_is_trusted_dir(digest
)) {
907 log_warn(LD_DIR
, "Listed dir-signing-key is not trusted");
913 /** Check whether the object body of the token in <b>tok</b> has a good
914 * signature for <b>digest</b> using key <b>pkey</b>. If
915 * <b>CST_CHECK_AUTHORITY</b> is set, make sure that <b>pkey</b> is the key of
916 * a directory authority. If <b>CST_NO_CHECK_OBJTYPE</b> is set, do not check
917 * the object type of the signature object. Use <b>doctype</b> as the type of
918 * the document when generating log messages. Return 0 on success, negative
922 check_signature_token(const char *digest
,
923 directory_token_t
*tok
,
924 crypto_pk_env_t
*pkey
,
930 const int check_authority
= (flags
& CST_CHECK_AUTHORITY
);
931 const int check_objtype
= ! (flags
& CST_NO_CHECK_OBJTYPE
);
938 if (check_authority
&& !dir_signing_key_is_trusted(pkey
)) {
939 log_warn(LD_DIR
, "Key on %s did not come from an authority; rejecting",
945 if (strcmp(tok
->object_type
, "SIGNATURE")) {
946 log_warn(LD_DIR
, "Bad object type on %s signature", doctype
);
951 keysize
= crypto_pk_keysize(pkey
);
952 signed_digest
= tor_malloc(keysize
);
953 if (crypto_pk_public_checksig(pkey
, signed_digest
, keysize
,
954 tok
->object_body
, tok
->object_size
)
956 log_warn(LD_DIR
, "Error reading %s: invalid signature.", doctype
);
957 tor_free(signed_digest
);
960 // log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
961 // hex_str(signed_digest,4));
962 if (memcmp(digest
, signed_digest
, DIGEST_LEN
)) {
963 log_warn(LD_DIR
, "Error reading %s: signature does not match.", doctype
);
964 tor_free(signed_digest
);
967 tor_free(signed_digest
);
971 /** Helper: move *<b>s_ptr</b> ahead to the next router, the next extra-info,
972 * or to the first of the annotations proceeding the next router or
973 * extra-info---whichever comes first. Set <b>is_extrainfo_out</b> to true if
974 * we found an extrainfo, or false if found a router. Do not scan beyond
975 * <b>eos</b>. Return -1 if we found nothing; 0 if we found something. */
977 find_start_of_next_router_or_extrainfo(const char **s_ptr
,
979 int *is_extrainfo_out
)
981 const char *annotations
= NULL
;
982 const char *s
= *s_ptr
;
984 s
= eat_whitespace_eos(s
, eos
);
986 while (s
< eos
-32) { /* 32 gives enough room for a the first keyword. */
987 /* We're at the start of a line. */
988 tor_assert(*s
!= '\n');
990 if (*s
== '@' && !annotations
) {
992 } else if (*s
== 'r' && !strcmpstart(s
, "router ")) {
993 *s_ptr
= annotations
? annotations
: s
;
994 *is_extrainfo_out
= 0;
996 } else if (*s
== 'e' && !strcmpstart(s
, "extra-info ")) {
997 *s_ptr
= annotations
? annotations
: s
;
998 *is_extrainfo_out
= 1;
1002 if (!(s
= memchr(s
+1, '\n', eos
-(s
+1))))
1004 s
= eat_whitespace_eos(s
, eos
);
1009 /** Given a string *<b>s</b> containing a concatenated sequence of router
1010 * descriptors (or extra-info documents if <b>is_extrainfo</b> is set), parses
1011 * them and stores the result in <b>dest</b>. All routers are marked running
1012 * and valid. Advances *s to a point immediately following the last router
1013 * entry. Ignore any trailing router entries that are not complete.
1015 * If <b>saved_location</b> isn't SAVED_IN_CACHE, make a local copy of each
1016 * descriptor in the signed_descriptor_body field of each routerinfo_t. If it
1017 * isn't SAVED_NOWHERE, remember the offset of each descriptor.
1019 * Returns 0 on success and -1 on failure.
1022 router_parse_list_from_string(const char **s
, const char *eos
,
1024 saved_location_t saved_location
,
1026 int allow_annotations
,
1027 const char *prepend_annotations
)
1029 routerinfo_t
*router
;
1030 extrainfo_t
*extrainfo
;
1031 signed_descriptor_t
*signed_desc
;
1033 const char *end
, *start
;
1042 eos
= *s
+ strlen(*s
);
1044 tor_assert(eos
>= *s
);
1047 if (find_start_of_next_router_or_extrainfo(s
, eos
, &have_extrainfo
) < 0)
1050 end
= tor_memstr(*s
, eos
-*s
, "\nrouter-signature");
1052 end
= tor_memstr(end
, eos
-end
, "\n-----END SIGNATURE-----\n");
1054 end
+= strlen("\n-----END SIGNATURE-----\n");
1061 if (have_extrainfo
&& want_extrainfo
) {
1062 routerlist_t
*rl
= router_get_routerlist();
1063 extrainfo
= extrainfo_parse_entry_from_string(*s
, end
,
1064 saved_location
!= SAVED_IN_CACHE
,
1067 signed_desc
= &extrainfo
->cache_info
;
1070 } else if (!have_extrainfo
&& !want_extrainfo
) {
1071 router
= router_parse_entry_from_string(*s
, end
,
1072 saved_location
!= SAVED_IN_CACHE
,
1074 prepend_annotations
);
1076 log_debug(LD_DIR
, "Read router '%s', purpose '%s'",
1077 router
->nickname
, router_purpose_to_string(router
->purpose
));
1078 signed_desc
= &router
->cache_info
;
1086 if (saved_location
!= SAVED_NOWHERE
) {
1087 signed_desc
->saved_location
= saved_location
;
1088 signed_desc
->saved_offset
= *s
- start
;
1091 smartlist_add(dest
, elt
);
1097 /* For debugging: define to count every descriptor digest we've seen so we
1098 * know if we need to try harder to avoid duplicate verifies. */
1099 #undef COUNT_DISTINCT_DIGESTS
1101 #ifdef COUNT_DISTINCT_DIGESTS
1102 static digestmap_t
*verified_digests
= NULL
;
1105 /** Log the total count of the number of distinct router digests we've ever
1106 * verified. When compared to the number of times we've verified routerdesc
1107 * signatures <i>in toto</i>, this will tell us if we're doing too much
1108 * multiple-verification. */
1110 dump_distinct_digest_count(int severity
)
1112 #ifdef COUNT_DISTINCT_DIGESTS
1113 if (!verified_digests
)
1114 verified_digests
= digestmap_new();
1115 log(severity
, LD_GENERAL
, "%d *distinct* router digests verified",
1116 digestmap_size(verified_digests
));
1118 (void)severity
; /* suppress "unused parameter" warning */
1122 /** Helper function: reads a single router entry from *<b>s</b> ...
1123 * *<b>end</b>. Mallocs a new router and returns it if all goes well, else
1124 * returns NULL. If <b>cache_copy</b> is true, duplicate the contents of
1125 * s through end into the signed_descriptor_body of the resulting
1128 * If <b>end</b> is NULL, <b>s</b> must be properly NULL-terminated.
1130 * If <b>allow_annotations</b>, it's okay to encounter annotations in <b>s</b>
1131 * before the router; if it's false, reject the router if it's annotated. If
1132 * <b>prepend_annotations</b> is set, it should contain some annotations:
1133 * append them to the front of the router before parsing it, and keep them
1134 * around when caching the router.
1136 * Only one of allow_annotations and prepend_annotations may be set.
1139 router_parse_entry_from_string(const char *s
, const char *end
,
1140 int cache_copy
, int allow_annotations
,
1141 const char *prepend_annotations
)
1143 routerinfo_t
*router
= NULL
;
1145 smartlist_t
*tokens
= NULL
, *exit_policy_tokens
= NULL
;
1146 directory_token_t
*tok
;
1148 const char *start_of_annotations
, *cp
;
1149 size_t prepend_len
= prepend_annotations
? strlen(prepend_annotations
) : 0;
1151 memarea_t
*area
= NULL
;
1153 tor_assert(!allow_annotations
|| !prepend_annotations
);
1156 end
= s
+ strlen(s
);
1159 /* point 'end' to a point immediately after the final newline. */
1160 while (end
> s
+2 && *(end
-1) == '\n' && *(end
-2) == '\n')
1163 area
= memarea_new();
1164 tokens
= smartlist_create();
1165 if (prepend_annotations
) {
1166 if (tokenize_string(area
,prepend_annotations
,NULL
,tokens
,
1167 routerdesc_token_table
,TS_NOCHECK
)) {
1168 log_warn(LD_DIR
, "Error tokenizing router descriptor (annotations).");
1173 start_of_annotations
= s
;
1174 cp
= tor_memstr(s
, end
-s
, "\nrouter ");
1176 if (end
-s
< 7 || strcmpstart(s
, "router ")) {
1177 log_warn(LD_DIR
, "No router keyword found.");
1184 if (start_of_annotations
!= s
) { /* We have annotations */
1185 if (allow_annotations
) {
1186 if (tokenize_string(area
,start_of_annotations
,s
,tokens
,
1187 routerdesc_token_table
,TS_NOCHECK
)) {
1188 log_warn(LD_DIR
, "Error tokenizing router descriptor (annotations).");
1192 log_warn(LD_DIR
, "Found unexpected annotations on router descriptor not "
1193 "loaded from disk. Dropping it.");
1198 if (router_get_router_hash(s
, end
- s
, digest
) < 0) {
1199 log_warn(LD_DIR
, "Couldn't compute router hash.");
1204 if (allow_annotations
)
1205 flags
|= TS_ANNOTATIONS_OK
;
1206 if (prepend_annotations
)
1207 flags
|= TS_ANNOTATIONS_OK
|TS_NO_NEW_ANNOTATIONS
;
1209 if (tokenize_string(area
,s
,end
,tokens
,routerdesc_token_table
, flags
)) {
1210 log_warn(LD_DIR
, "Error tokenizing router descriptor.");
1215 if (smartlist_len(tokens
) < 2) {
1216 log_warn(LD_DIR
, "Impossibly short router descriptor.");
1220 tok
= find_by_keyword(tokens
, K_ROUTER
);
1221 tor_assert(tok
->n_args
>= 5);
1223 router
= tor_malloc_zero(sizeof(routerinfo_t
));
1224 router
->country
= -1;
1225 router
->cache_info
.routerlist_index
= -1;
1226 router
->cache_info
.annotations_len
= s
-start_of_annotations
+ prepend_len
;
1227 router
->cache_info
.signed_descriptor_len
= end
-s
;
1229 size_t len
= router
->cache_info
.signed_descriptor_len
+
1230 router
->cache_info
.annotations_len
;
1232 router
->cache_info
.signed_descriptor_body
= tor_malloc(len
+1);
1233 if (prepend_annotations
) {
1234 memcpy(cp
, prepend_annotations
, prepend_len
);
1237 /* This assertion will always succeed.
1238 * len == signed_desc_len + annotations_len
1239 * == end-s + s-start_of_annotations + prepend_len
1240 * == end-start_of_annotations + prepend_len
1241 * We already wrote prepend_len bytes into the buffer; now we're
1242 * writing end-start_of_annotations -NM. */
1243 tor_assert(cp
+(end
-start_of_annotations
) ==
1244 router
->cache_info
.signed_descriptor_body
+len
);
1245 memcpy(cp
, start_of_annotations
, end
-start_of_annotations
);
1246 router
->cache_info
.signed_descriptor_body
[len
] = '\0';
1247 tor_assert(strlen(router
->cache_info
.signed_descriptor_body
) == len
);
1249 memcpy(router
->cache_info
.signed_descriptor_digest
, digest
, DIGEST_LEN
);
1251 router
->nickname
= tor_strdup(tok
->args
[0]);
1252 if (!is_legal_nickname(router
->nickname
)) {
1253 log_warn(LD_DIR
,"Router nickname is invalid");
1256 router
->address
= tor_strdup(tok
->args
[1]);
1257 if (!tor_inet_aton(router
->address
, &in
)) {
1258 log_warn(LD_DIR
,"Router address is not an IP address.");
1261 router
->addr
= ntohl(in
.s_addr
);
1264 (uint16_t) tor_parse_long(tok
->args
[2],10,0,65535,&ok
,NULL
);
1266 log_warn(LD_DIR
,"Invalid OR port %s", escaped(tok
->args
[2]));
1270 (uint16_t) tor_parse_long(tok
->args
[4],10,0,65535,&ok
,NULL
);
1272 log_warn(LD_DIR
,"Invalid dir port %s", escaped(tok
->args
[4]));
1276 tok
= find_by_keyword(tokens
, K_BANDWIDTH
);
1277 tor_assert(tok
->n_args
>= 3);
1278 router
->bandwidthrate
= (int)
1279 tor_parse_long(tok
->args
[0],10,1,INT_MAX
,&ok
,NULL
);
1282 log_warn(LD_DIR
, "bandwidthrate %s unreadable or 0. Failing.",
1283 escaped(tok
->args
[0]));
1286 router
->bandwidthburst
=
1287 (int) tor_parse_long(tok
->args
[1],10,0,INT_MAX
,&ok
,NULL
);
1289 log_warn(LD_DIR
, "Invalid bandwidthburst %s", escaped(tok
->args
[1]));
1292 router
->bandwidthcapacity
= (int)
1293 tor_parse_long(tok
->args
[2],10,0,INT_MAX
,&ok
,NULL
);
1295 log_warn(LD_DIR
, "Invalid bandwidthcapacity %s", escaped(tok
->args
[1]));
1299 if ((tok
= find_opt_by_keyword(tokens
, A_PURPOSE
))) {
1300 tor_assert(tok
->n_args
);
1301 router
->purpose
= router_purpose_from_string(tok
->args
[0]);
1303 router
->purpose
= ROUTER_PURPOSE_GENERAL
;
1305 router
->cache_info
.send_unencrypted
=
1306 (router
->purpose
== ROUTER_PURPOSE_GENERAL
) ? 1 : 0;
1308 if ((tok
= find_opt_by_keyword(tokens
, K_UPTIME
))) {
1309 tor_assert(tok
->n_args
>= 1);
1310 router
->uptime
= tor_parse_long(tok
->args
[0],10,0,LONG_MAX
,&ok
,NULL
);
1312 log_warn(LD_DIR
, "Invalid uptime %s", escaped(tok
->args
[0]));
1317 if ((tok
= find_opt_by_keyword(tokens
, K_HIBERNATING
))) {
1318 tor_assert(tok
->n_args
>= 1);
1319 router
->is_hibernating
1320 = (tor_parse_long(tok
->args
[0],10,0,LONG_MAX
,NULL
,NULL
) != 0);
1323 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
1324 tor_assert(tok
->n_args
== 1);
1325 if (parse_iso_time(tok
->args
[0], &router
->cache_info
.published_on
) < 0)
1328 tok
= find_by_keyword(tokens
, K_ONION_KEY
);
1329 router
->onion_pkey
= tok
->key
;
1330 tok
->key
= NULL
; /* Prevent free */
1332 tok
= find_by_keyword(tokens
, K_SIGNING_KEY
);
1333 router
->identity_pkey
= tok
->key
;
1334 tok
->key
= NULL
; /* Prevent free */
1335 if (crypto_pk_get_digest(router
->identity_pkey
,
1336 router
->cache_info
.identity_digest
)) {
1337 log_warn(LD_DIR
, "Couldn't calculate key digest"); goto err
;
1340 if ((tok
= find_opt_by_keyword(tokens
, K_FINGERPRINT
))) {
1341 /* If there's a fingerprint line, it must match the identity digest. */
1343 tor_assert(tok
->n_args
== 1);
1344 tor_strstrip(tok
->args
[0], " ");
1345 if (base16_decode(d
, DIGEST_LEN
, tok
->args
[0], strlen(tok
->args
[0]))) {
1346 log_warn(LD_DIR
, "Couldn't decode router fingerprint %s",
1347 escaped(tok
->args
[0]));
1350 if (memcmp(d
,router
->cache_info
.identity_digest
, DIGEST_LEN
)!=0) {
1351 log_warn(LD_DIR
, "Fingerprint '%s' does not match identity digest.",
1357 if ((tok
= find_opt_by_keyword(tokens
, K_PLATFORM
))) {
1358 router
->platform
= tor_strdup(tok
->args
[0]);
1361 if ((tok
= find_opt_by_keyword(tokens
, K_CONTACT
))) {
1362 router
->contact_info
= tor_strdup(tok
->args
[0]);
1365 if ((tok
= find_opt_by_keyword(tokens
, K_EVENTDNS
))) {
1366 router
->has_old_dnsworkers
= tok
->n_args
&& !strcmp(tok
->args
[0], "0");
1367 } else if (router
->platform
) {
1368 if (! tor_version_as_new_as(router
->platform
, "0.1.2.2-alpha"))
1369 router
->has_old_dnsworkers
= 1;
1372 exit_policy_tokens
= find_all_exitpolicy(tokens
);
1373 if (!smartlist_len(exit_policy_tokens
)) {
1374 log_warn(LD_DIR
, "No exit policy tokens in descriptor.");
1377 SMARTLIST_FOREACH(exit_policy_tokens
, directory_token_t
*, t
,
1378 if (router_add_exit_policy(router
,t
)<0) {
1379 log_warn(LD_DIR
,"Error in exit policy");
1382 policy_expand_private(&router
->exit_policy
);
1383 if (policy_is_reject_star(router
->exit_policy
))
1384 router
->policy_is_reject_star
= 1;
1386 if ((tok
= find_opt_by_keyword(tokens
, K_FAMILY
)) && tok
->n_args
) {
1388 router
->declared_family
= smartlist_create();
1389 for (i
=0;i
<tok
->n_args
;++i
) {
1390 if (!is_legal_nickname_or_hexdigest(tok
->args
[i
])) {
1391 log_warn(LD_DIR
, "Illegal nickname %s in family line",
1392 escaped(tok
->args
[i
]));
1395 smartlist_add(router
->declared_family
, tor_strdup(tok
->args
[i
]));
1399 if ((tok
= find_opt_by_keyword(tokens
, K_CACHES_EXTRA_INFO
)))
1400 router
->caches_extra_info
= 1;
1402 if ((tok
= find_opt_by_keyword(tokens
, K_ALLOW_SINGLE_HOP_EXITS
)))
1403 router
->allow_single_hop_exits
= 1;
1405 if ((tok
= find_opt_by_keyword(tokens
, K_EXTRA_INFO_DIGEST
))) {
1406 tor_assert(tok
->n_args
>= 1);
1407 if (strlen(tok
->args
[0]) == HEX_DIGEST_LEN
) {
1408 base16_decode(router
->cache_info
.extra_info_digest
,
1409 DIGEST_LEN
, tok
->args
[0], HEX_DIGEST_LEN
);
1411 log_warn(LD_DIR
, "Invalid extra info digest %s", escaped(tok
->args
[0]));
1415 if ((tok
= find_opt_by_keyword(tokens
, K_HIDDEN_SERVICE_DIR
))) {
1416 router
->wants_to_be_hs_dir
= 1;
1419 tok
= find_by_keyword(tokens
, K_ROUTER_SIGNATURE
);
1420 note_crypto_pk_op(VERIFY_RTR
);
1421 #ifdef COUNT_DISTINCT_DIGESTS
1422 if (!verified_digests
)
1423 verified_digests
= digestmap_new();
1424 digestmap_set(verified_digests
, signed_digest
, (void*)(uintptr_t)1);
1426 if (check_signature_token(digest
, tok
, router
->identity_pkey
, 0,
1427 "router descriptor") < 0)
1430 routerinfo_set_country(router
);
1432 if (!router
->or_port
) {
1433 log_warn(LD_DIR
,"or_port unreadable or 0. Failing.");
1437 if (!router
->platform
) {
1438 router
->platform
= tor_strdup("<unknown>");
1444 routerinfo_free(router
);
1448 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1449 smartlist_free(tokens
);
1451 if (exit_policy_tokens
) {
1452 smartlist_free(exit_policy_tokens
);
1455 DUMP_AREA(area
, "routerinfo");
1456 memarea_drop_all(area
);
1461 /** Parse a single extrainfo entry from the string <b>s</b>, ending at
1462 * <b>end</b>. (If <b>end</b> is NULL, parse up to the end of <b>s</b>.) If
1463 * <b>cache_copy</b> is true, make a copy of the extra-info document in the
1464 * cache_info fields of the result. If <b>routermap</b> is provided, use it
1465 * as a map from router identity to routerinfo_t when looking up signing keys.
1468 extrainfo_parse_entry_from_string(const char *s
, const char *end
,
1469 int cache_copy
, struct digest_ri_map_t
*routermap
)
1471 extrainfo_t
*extrainfo
= NULL
;
1473 smartlist_t
*tokens
= NULL
;
1474 directory_token_t
*tok
;
1475 crypto_pk_env_t
*key
= NULL
;
1476 routerinfo_t
*router
= NULL
;
1477 memarea_t
*area
= NULL
;
1480 end
= s
+ strlen(s
);
1483 /* point 'end' to a point immediately after the final newline. */
1484 while (end
> s
+2 && *(end
-1) == '\n' && *(end
-2) == '\n')
1487 if (router_get_extrainfo_hash(s
, digest
) < 0) {
1488 log_warn(LD_DIR
, "Couldn't compute router hash.");
1491 tokens
= smartlist_create();
1492 area
= memarea_new();
1493 if (tokenize_string(area
,s
,end
,tokens
,extrainfo_token_table
,0)) {
1494 log_warn(LD_DIR
, "Error tokenizing extra-info document.");
1498 if (smartlist_len(tokens
) < 2) {
1499 log_warn(LD_DIR
, "Impossibly short extra-info document.");
1503 tok
= smartlist_get(tokens
,0);
1504 if (tok
->tp
!= K_EXTRA_INFO
) {
1505 log_warn(LD_DIR
,"Entry does not start with \"extra-info\"");
1509 extrainfo
= tor_malloc_zero(sizeof(extrainfo_t
));
1510 extrainfo
->cache_info
.is_extrainfo
= 1;
1512 extrainfo
->cache_info
.signed_descriptor_body
= tor_strndup(s
, end
-s
);
1513 extrainfo
->cache_info
.signed_descriptor_len
= end
-s
;
1514 memcpy(extrainfo
->cache_info
.signed_descriptor_digest
, digest
, DIGEST_LEN
);
1516 tor_assert(tok
->n_args
>= 2);
1517 if (!is_legal_nickname(tok
->args
[0])) {
1518 log_warn(LD_DIR
,"Bad nickname %s on \"extra-info\"",escaped(tok
->args
[0]));
1521 strlcpy(extrainfo
->nickname
, tok
->args
[0], sizeof(extrainfo
->nickname
));
1522 if (strlen(tok
->args
[1]) != HEX_DIGEST_LEN
||
1523 base16_decode(extrainfo
->cache_info
.identity_digest
, DIGEST_LEN
,
1524 tok
->args
[1], HEX_DIGEST_LEN
)) {
1525 log_warn(LD_DIR
,"Invalid fingerprint %s on \"extra-info\"",
1526 escaped(tok
->args
[1]));
1530 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
1531 if (parse_iso_time(tok
->args
[0], &extrainfo
->cache_info
.published_on
)) {
1532 log_warn(LD_DIR
,"Invalid published time %s on \"extra-info\"",
1533 escaped(tok
->args
[0]));
1538 (router
= digestmap_get((digestmap_t
*)routermap
,
1539 extrainfo
->cache_info
.identity_digest
))) {
1540 key
= router
->identity_pkey
;
1543 tok
= find_by_keyword(tokens
, K_ROUTER_SIGNATURE
);
1544 if (strcmp(tok
->object_type
, "SIGNATURE") ||
1545 tok
->object_size
< 128 || tok
->object_size
> 512) {
1546 log_warn(LD_DIR
, "Bad object type or length on extra-info signature");
1551 note_crypto_pk_op(VERIFY_RTR
);
1552 if (check_signature_token(digest
, tok
, key
, 0, "extra-info") < 0)
1556 extrainfo
->cache_info
.send_unencrypted
=
1557 router
->cache_info
.send_unencrypted
;
1559 extrainfo
->pending_sig
= tor_memdup(tok
->object_body
,
1561 extrainfo
->pending_sig_len
= tok
->object_size
;
1567 extrainfo_free(extrainfo
);
1571 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1572 smartlist_free(tokens
);
1575 DUMP_AREA(area
, "extrainfo");
1576 memarea_drop_all(area
);
1581 /** Parse a key certificate from <b>s</b>; point <b>end-of-string</b> to
1582 * the first character after the certificate. */
1584 authority_cert_parse_from_string(const char *s
, const char **end_of_string
)
1586 authority_cert_t
*cert
= NULL
, *old_cert
;
1587 smartlist_t
*tokens
= NULL
;
1588 char digest
[DIGEST_LEN
];
1589 directory_token_t
*tok
;
1590 char fp_declared
[DIGEST_LEN
];
1594 memarea_t
*area
= NULL
;
1596 s
= eat_whitespace(s
);
1597 eos
= strstr(s
, "\ndir-key-certification");
1599 log_warn(LD_DIR
, "No signature found on key certificate");
1602 eos
= strstr(eos
, "\n-----END SIGNATURE-----\n");
1604 log_warn(LD_DIR
, "No end-of-signature found on key certificate");
1607 eos
= strchr(eos
+2, '\n');
1612 tokens
= smartlist_create();
1613 area
= memarea_new();
1614 if (tokenize_string(area
,s
, eos
, tokens
, dir_key_certificate_table
, 0) < 0) {
1615 log_warn(LD_DIR
, "Error tokenizing key certificate");
1618 if (router_get_hash_impl(s
, strlen(s
), digest
, "dir-key-certificate-version",
1619 "\ndir-key-certification", '\n') < 0)
1621 tok
= smartlist_get(tokens
, 0);
1622 if (tok
->tp
!= K_DIR_KEY_CERTIFICATE_VERSION
|| strcmp(tok
->args
[0], "3")) {
1624 "Key certificate does not begin with a recognized version (3).");
1628 cert
= tor_malloc_zero(sizeof(authority_cert_t
));
1629 memcpy(cert
->cache_info
.signed_descriptor_digest
, digest
, DIGEST_LEN
);
1631 tok
= find_by_keyword(tokens
, K_DIR_SIGNING_KEY
);
1632 tor_assert(tok
->key
);
1633 cert
->signing_key
= tok
->key
;
1635 if (crypto_pk_get_digest(cert
->signing_key
, cert
->signing_key_digest
))
1638 tok
= find_by_keyword(tokens
, K_DIR_IDENTITY_KEY
);
1639 tor_assert(tok
->key
);
1640 cert
->identity_key
= tok
->key
;
1643 tok
= find_by_keyword(tokens
, K_FINGERPRINT
);
1644 tor_assert(tok
->n_args
);
1645 if (base16_decode(fp_declared
, DIGEST_LEN
, tok
->args
[0],
1646 strlen(tok
->args
[0]))) {
1647 log_warn(LD_DIR
, "Couldn't decode key certificate fingerprint %s",
1648 escaped(tok
->args
[0]));
1652 if (crypto_pk_get_digest(cert
->identity_key
,
1653 cert
->cache_info
.identity_digest
))
1656 if (memcmp(cert
->cache_info
.identity_digest
, fp_declared
, DIGEST_LEN
)) {
1657 log_warn(LD_DIR
, "Digest of certificate key didn't match declared "
1662 tok
= find_opt_by_keyword(tokens
, K_DIR_ADDRESS
);
1665 char *address
= NULL
;
1666 tor_assert(tok
->n_args
);
1667 /* XXX021 use tor_addr_port_parse() below instead. -RD */
1668 if (parse_addr_port(LOG_WARN
, tok
->args
[0], &address
, NULL
,
1669 &cert
->dir_port
)<0 ||
1670 tor_inet_aton(address
, &in
) == 0) {
1671 log_warn(LD_DIR
, "Couldn't parse dir-address in certificate");
1675 cert
->addr
= ntohl(in
.s_addr
);
1679 tok
= find_by_keyword(tokens
, K_DIR_KEY_PUBLISHED
);
1680 if (parse_iso_time(tok
->args
[0], &cert
->cache_info
.published_on
) < 0) {
1683 tok
= find_by_keyword(tokens
, K_DIR_KEY_EXPIRES
);
1684 if (parse_iso_time(tok
->args
[0], &cert
->expires
) < 0) {
1688 tok
= smartlist_get(tokens
, smartlist_len(tokens
)-1);
1689 if (tok
->tp
!= K_DIR_KEY_CERTIFICATION
) {
1690 log_warn(LD_DIR
, "Certificate didn't end with dir-key-certification.");
1694 /* If we already have this cert, don't bother checking the signature. */
1695 old_cert
= authority_cert_get_by_digests(
1696 cert
->cache_info
.identity_digest
,
1697 cert
->signing_key_digest
);
1700 /* XXXX We could just compare signed_descriptor_digest, but that wouldn't
1702 if (old_cert
->cache_info
.signed_descriptor_len
== len
&&
1703 old_cert
->cache_info
.signed_descriptor_body
&&
1704 !memcmp(s
, old_cert
->cache_info
.signed_descriptor_body
, len
)) {
1705 log_debug(LD_DIR
, "We already checked the signature on this "
1706 "certificate; no need to do so again.");
1708 cert
->is_cross_certified
= old_cert
->is_cross_certified
;
1712 if (check_signature_token(digest
, tok
, cert
->identity_key
, 0,
1713 "key certificate")) {
1717 if ((tok
= find_opt_by_keyword(tokens
, K_DIR_KEY_CROSSCERT
))) {
1718 /* XXXX Once all authorities generate cross-certified certificates,
1719 * make this field mandatory. */
1720 if (check_signature_token(cert
->cache_info
.identity_digest
,
1723 CST_NO_CHECK_OBJTYPE
,
1724 "key cross-certification")) {
1727 cert
->is_cross_certified
= 1;
1731 cert
->cache_info
.signed_descriptor_len
= len
;
1732 cert
->cache_info
.signed_descriptor_body
= tor_malloc(len
+1);
1733 memcpy(cert
->cache_info
.signed_descriptor_body
, s
, len
);
1734 cert
->cache_info
.signed_descriptor_body
[len
] = 0;
1735 cert
->cache_info
.saved_location
= SAVED_NOWHERE
;
1737 if (end_of_string
) {
1738 *end_of_string
= eat_whitespace(eos
);
1740 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1741 smartlist_free(tokens
);
1743 DUMP_AREA(area
, "authority cert");
1744 memarea_drop_all(area
);
1748 authority_cert_free(cert
);
1749 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1750 smartlist_free(tokens
);
1752 DUMP_AREA(area
, "authority cert");
1753 memarea_drop_all(area
);
1758 /** Helper: given a string <b>s</b>, return the start of the next router-status
1759 * object (starting with "r " at the start of a line). If none is found,
1760 * return the start of the next directory signature. If none is found, return
1761 * the end of the string. */
1762 static INLINE
const char *
1763 find_start_of_next_routerstatus(const char *s
)
1765 const char *eos
= strstr(s
, "\nr ");
1767 const char *eos2
= tor_memstr(s
, eos
-s
, "\ndirectory-signature");
1768 if (eos2
&& eos2
< eos
)
1773 if ((eos
= strstr(s
, "\ndirectory-signature")))
1775 return s
+ strlen(s
);
1779 /** Given a string at *<b>s</b>, containing a routerstatus object, and an
1780 * empty smartlist at <b>tokens</b>, parse and return the first router status
1781 * object in the string, and advance *<b>s</b> to just after the end of the
1782 * router status. Return NULL and advance *<b>s</b> on error.
1784 * If <b>vote</b> and <b>vote_rs</b> are provided, don't allocate a fresh
1785 * routerstatus but use <b>vote_rs</b> instead.
1787 * If <b>consensus_method</b> is nonzero, this routerstatus is part of a
1788 * consensus, and we should parse it according to the method used to
1789 * make that consensus.
1791 static routerstatus_t
*
1792 routerstatus_parse_entry_from_string(memarea_t
*area
,
1793 const char **s
, smartlist_t
*tokens
,
1794 networkstatus_t
*vote
,
1795 vote_routerstatus_t
*vote_rs
,
1796 int consensus_method
)
1799 routerstatus_t
*rs
= NULL
;
1800 directory_token_t
*tok
;
1801 char timebuf
[ISO_TIME_LEN
+1];
1804 tor_assert(bool_eq(vote
, vote_rs
));
1806 eos
= find_start_of_next_routerstatus(*s
);
1808 if (tokenize_string(area
,*s
, eos
, tokens
, rtrstatus_token_table
,0)) {
1809 log_warn(LD_DIR
, "Error tokenizing router status");
1812 if (smartlist_len(tokens
) < 1) {
1813 log_warn(LD_DIR
, "Impossibly short router status");
1816 tok
= find_by_keyword(tokens
, K_R
);
1817 tor_assert(tok
->n_args
>= 8);
1819 rs
= &vote_rs
->status
;
1821 rs
= tor_malloc_zero(sizeof(routerstatus_t
));
1824 if (!is_legal_nickname(tok
->args
[0])) {
1826 "Invalid nickname %s in router status; skipping.",
1827 escaped(tok
->args
[0]));
1830 strlcpy(rs
->nickname
, tok
->args
[0], sizeof(rs
->nickname
));
1832 if (digest_from_base64(rs
->identity_digest
, tok
->args
[1])) {
1833 log_warn(LD_DIR
, "Error decoding identity digest %s",
1834 escaped(tok
->args
[1]));
1838 if (digest_from_base64(rs
->descriptor_digest
, tok
->args
[2])) {
1839 log_warn(LD_DIR
, "Error decoding descriptor digest %s",
1840 escaped(tok
->args
[2]));
1844 if (tor_snprintf(timebuf
, sizeof(timebuf
), "%s %s",
1845 tok
->args
[3], tok
->args
[4]) < 0 ||
1846 parse_iso_time(timebuf
, &rs
->published_on
)<0) {
1847 log_warn(LD_DIR
, "Error parsing time '%s %s'",
1848 tok
->args
[3], tok
->args
[4]);
1852 if (tor_inet_aton(tok
->args
[5], &in
) == 0) {
1853 log_warn(LD_DIR
, "Error parsing router address in network-status %s",
1854 escaped(tok
->args
[5]));
1857 rs
->addr
= ntohl(in
.s_addr
);
1859 rs
->or_port
=(uint16_t) tor_parse_long(tok
->args
[6],10,0,65535,NULL
,NULL
);
1860 rs
->dir_port
= (uint16_t) tor_parse_long(tok
->args
[7],10,0,65535,NULL
,NULL
);
1862 tok
= find_opt_by_keyword(tokens
, K_S
);
1866 for (i
=0; i
< tok
->n_args
; ++i
) {
1867 int p
= smartlist_string_pos(vote
->known_flags
, tok
->args
[i
]);
1869 vote_rs
->flags
|= (1<<p
);
1871 log_warn(LD_DIR
, "Flags line had a flag %s not listed in known_flags.",
1872 escaped(tok
->args
[i
]));
1878 for (i
=0; i
< tok
->n_args
; ++i
) {
1879 if (!strcmp(tok
->args
[i
], "Exit"))
1881 else if (!strcmp(tok
->args
[i
], "Stable"))
1883 else if (!strcmp(tok
->args
[i
], "Fast"))
1885 else if (!strcmp(tok
->args
[i
], "Running"))
1887 else if (!strcmp(tok
->args
[i
], "Named"))
1889 else if (!strcmp(tok
->args
[i
], "Valid"))
1891 else if (!strcmp(tok
->args
[i
], "V2Dir"))
1893 else if (!strcmp(tok
->args
[i
], "Guard"))
1894 rs
->is_possible_guard
= 1;
1895 else if (!strcmp(tok
->args
[i
], "BadExit"))
1896 rs
->is_bad_exit
= 1;
1897 else if (!strcmp(tok
->args
[i
], "BadDirectory"))
1898 rs
->is_bad_directory
= 1;
1899 else if (!strcmp(tok
->args
[i
], "Authority"))
1900 rs
->is_authority
= 1;
1901 else if (!strcmp(tok
->args
[i
], "Unnamed") &&
1902 consensus_method
>= 2) {
1903 /* Unnamed is computed right by consensus method 2 and later. */
1905 } else if (!strcmp(tok
->args
[i
], "HSDir")) {
1910 if ((tok
= find_opt_by_keyword(tokens
, K_V
))) {
1911 tor_assert(tok
->n_args
== 1);
1912 rs
->version_known
= 1;
1913 if (strcmpstart(tok
->args
[0], "Tor ")) {
1914 rs
->version_supports_begindir
= 1;
1915 rs
->version_supports_extrainfo_upload
= 1;
1916 rs
->version_supports_conditional_consensus
= 1;
1918 rs
->version_supports_begindir
=
1919 tor_version_as_new_as(tok
->args
[0], "0.2.0.1-alpha");
1920 rs
->version_supports_extrainfo_upload
=
1921 tor_version_as_new_as(tok
->args
[0], "0.2.0.0-alpha-dev (r10070)");
1922 rs
->version_supports_v3_dir
=
1923 tor_version_as_new_as(tok
->args
[0], "0.2.0.8-alpha");
1924 rs
->version_supports_conditional_consensus
=
1925 tor_version_as_new_as(tok
->args
[0], "0.2.1.1-alpha");
1928 vote_rs
->version
= tor_strdup(tok
->args
[0]);
1932 /* handle weighting/bandwidth info */
1933 if ((tok
= find_opt_by_keyword(tokens
, K_W
))) {
1935 for (i
=0; i
< tok
->n_args
; ++i
) {
1936 if (!strcmpstart(tok
->args
[i
], "Bandwidth=")) {
1938 rs
->bandwidth
= (uint32_t)tor_parse_ulong(strchr(tok
->args
[i
], '=')+1,
1942 log_warn(LD_DIR
, "Invalid Bandwidth %s", escaped(tok
->args
[i
]));
1945 rs
->has_bandwidth
= 1;
1950 /* parse exit policy summaries */
1951 if ((tok
= find_opt_by_keyword(tokens
, K_P
))) {
1952 tor_assert(tok
->n_args
== 1);
1953 if (strcmpstart(tok
->args
[0], "accept ") &&
1954 strcmpstart(tok
->args
[0], "reject ")) {
1955 log_warn(LD_DIR
, "Unknown exit policy summary type %s.",
1956 escaped(tok
->args
[0]));
1959 /* XXX weasel: parse this into ports and represent them somehow smart,
1960 * maybe not here but somewhere on if we need it for the client.
1961 * we should still parse it here to check it's valid tho.
1963 rs
->exitsummary
= tor_strdup(tok
->args
[0]);
1964 rs
->has_exitsummary
= 1;
1967 if (!strcasecmp(rs
->nickname
, UNNAMED_ROUTER_NICKNAME
))
1973 routerstatus_free(rs
);
1976 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1977 smartlist_clear(tokens
);
1979 DUMP_AREA(area
, "routerstatus entry");
1980 memarea_clear(area
);
1987 /** Helper to sort a smartlist of pointers to routerstatus_t */
1989 _compare_routerstatus_entries(const void **_a
, const void **_b
)
1991 const routerstatus_t
*a
= *_a
, *b
= *_b
;
1992 return memcmp(a
->identity_digest
, b
->identity_digest
, DIGEST_LEN
);
1995 /** Helper: used in call to _smartlist_uniq to clear out duplicate entries. */
1997 _free_duplicate_routerstatus_entry(void *e
)
2000 "Network-status has two entries for the same router. "
2002 routerstatus_free(e
);
2005 /** Given a v2 network-status object in <b>s</b>, try to
2006 * parse it and return the result. Return NULL on failure. Check the
2007 * signature of the network status, but do not (yet) check the signing key for
2010 networkstatus_v2_t
*
2011 networkstatus_v2_parse_from_string(const char *s
)
2014 smartlist_t
*tokens
= smartlist_create();
2015 smartlist_t
*footer_tokens
= smartlist_create();
2016 networkstatus_v2_t
*ns
= NULL
;
2017 char ns_digest
[DIGEST_LEN
];
2018 char tmp_digest
[DIGEST_LEN
];
2020 directory_token_t
*tok
;
2022 memarea_t
*area
= NULL
;
2024 if (router_get_networkstatus_v2_hash(s
, ns_digest
)) {
2025 log_warn(LD_DIR
, "Unable to compute digest of network-status");
2029 area
= memarea_new();
2030 eos
= find_start_of_next_routerstatus(s
);
2031 if (tokenize_string(area
, s
, eos
, tokens
, netstatus_token_table
,0)) {
2032 log_warn(LD_DIR
, "Error tokenizing network-status header.");
2035 ns
= tor_malloc_zero(sizeof(networkstatus_v2_t
));
2036 memcpy(ns
->networkstatus_digest
, ns_digest
, DIGEST_LEN
);
2038 tok
= find_by_keyword(tokens
, K_NETWORK_STATUS_VERSION
);
2039 tor_assert(tok
->n_args
>= 1);
2040 if (strcmp(tok
->args
[0], "2")) {
2041 log_warn(LD_BUG
, "Got a non-v2 networkstatus. Version was "
2042 "%s", escaped(tok
->args
[0]));
2046 tok
= find_by_keyword(tokens
, K_DIR_SOURCE
);
2047 tor_assert(tok
->n_args
>= 3);
2048 ns
->source_address
= tor_strdup(tok
->args
[0]);
2049 if (tor_inet_aton(tok
->args
[1], &in
) == 0) {
2050 log_warn(LD_DIR
, "Error parsing network-status source address %s",
2051 escaped(tok
->args
[1]));
2054 ns
->source_addr
= ntohl(in
.s_addr
);
2055 ns
->source_dirport
=
2056 (uint16_t) tor_parse_long(tok
->args
[2],10,0,65535,NULL
,NULL
);
2057 if (ns
->source_dirport
== 0) {
2058 log_warn(LD_DIR
, "Directory source without dirport; skipping.");
2062 tok
= find_by_keyword(tokens
, K_FINGERPRINT
);
2063 tor_assert(tok
->n_args
);
2064 if (base16_decode(ns
->identity_digest
, DIGEST_LEN
, tok
->args
[0],
2065 strlen(tok
->args
[0]))) {
2066 log_warn(LD_DIR
, "Couldn't decode networkstatus fingerprint %s",
2067 escaped(tok
->args
[0]));
2071 if ((tok
= find_opt_by_keyword(tokens
, K_CONTACT
))) {
2072 tor_assert(tok
->n_args
);
2073 ns
->contact
= tor_strdup(tok
->args
[0]);
2076 tok
= find_by_keyword(tokens
, K_DIR_SIGNING_KEY
);
2077 tor_assert(tok
->key
);
2078 ns
->signing_key
= tok
->key
;
2081 if (crypto_pk_get_digest(ns
->signing_key
, tmp_digest
)<0) {
2082 log_warn(LD_DIR
, "Couldn't compute signing key digest");
2085 if (memcmp(tmp_digest
, ns
->identity_digest
, DIGEST_LEN
)) {
2087 "network-status fingerprint did not match dir-signing-key");
2091 if ((tok
= find_opt_by_keyword(tokens
, K_DIR_OPTIONS
))) {
2092 for (i
=0; i
< tok
->n_args
; ++i
) {
2093 if (!strcmp(tok
->args
[i
], "Names"))
2094 ns
->binds_names
= 1;
2095 if (!strcmp(tok
->args
[i
], "Versions"))
2096 ns
->recommends_versions
= 1;
2097 if (!strcmp(tok
->args
[i
], "BadExits"))
2098 ns
->lists_bad_exits
= 1;
2099 if (!strcmp(tok
->args
[i
], "BadDirectories"))
2100 ns
->lists_bad_directories
= 1;
2104 if (ns
->recommends_versions
) {
2105 if (!(tok
= find_opt_by_keyword(tokens
, K_CLIENT_VERSIONS
))) {
2106 log_warn(LD_DIR
, "Missing client-versions on versioning directory");
2109 ns
->client_versions
= tor_strdup(tok
->args
[0]);
2111 if (!(tok
= find_opt_by_keyword(tokens
, K_SERVER_VERSIONS
)) ||
2113 log_warn(LD_DIR
, "Missing server-versions on versioning directory");
2116 ns
->server_versions
= tor_strdup(tok
->args
[0]);
2119 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
2120 tor_assert(tok
->n_args
== 1);
2121 if (parse_iso_time(tok
->args
[0], &ns
->published_on
) < 0) {
2125 ns
->entries
= smartlist_create();
2127 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
2128 smartlist_clear(tokens
);
2129 memarea_clear(area
);
2130 while (!strcmpstart(s
, "r ")) {
2132 if ((rs
= routerstatus_parse_entry_from_string(area
, &s
, tokens
,
2134 smartlist_add(ns
->entries
, rs
);
2136 smartlist_sort(ns
->entries
, _compare_routerstatus_entries
);
2137 smartlist_uniq(ns
->entries
, _compare_routerstatus_entries
,
2138 _free_duplicate_routerstatus_entry
);
2140 if (tokenize_string(area
,s
, NULL
, footer_tokens
, dir_footer_token_table
,0)) {
2141 log_warn(LD_DIR
, "Error tokenizing network-status footer.");
2144 if (smartlist_len(footer_tokens
) < 1) {
2145 log_warn(LD_DIR
, "Too few items in network-status footer.");
2148 tok
= smartlist_get(footer_tokens
, smartlist_len(footer_tokens
)-1);
2149 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
) {
2151 "Expected network-status footer to end with a signature.");
2155 note_crypto_pk_op(VERIFY_DIR
);
2156 if (check_signature_token(ns_digest
, tok
, ns
->signing_key
, 0,
2157 "network-status") < 0)
2163 networkstatus_v2_free(ns
);
2166 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
2167 smartlist_free(tokens
);
2168 SMARTLIST_FOREACH(footer_tokens
, directory_token_t
*, t
, token_free(t
));
2169 smartlist_free(footer_tokens
);
2171 DUMP_AREA(area
, "v2 networkstatus");
2172 memarea_drop_all(area
);
2177 /** Parse a v3 networkstatus vote, opinion, or consensus (depending on
2178 * ns_type), from <b>s</b>, and return the result. Return NULL on failure. */
2180 networkstatus_parse_vote_from_string(const char *s
, const char **eos_out
,
2181 networkstatus_type_t ns_type
)
2183 smartlist_t
*tokens
= smartlist_create();
2184 smartlist_t
*rs_tokens
= NULL
, *footer_tokens
= NULL
;
2185 networkstatus_voter_info_t
*voter
= NULL
;
2186 networkstatus_t
*ns
= NULL
;
2187 char ns_digest
[DIGEST_LEN
];
2188 const char *cert
, *end_of_header
, *end_of_footer
;
2189 directory_token_t
*tok
;
2192 int i
, inorder
, n_signatures
= 0;
2193 memarea_t
*area
= NULL
, *rs_area
= NULL
;
2199 if (router_get_networkstatus_v3_hash(s
, ns_digest
)) {
2200 log_warn(LD_DIR
, "Unable to compute digest of network-status");
2204 area
= memarea_new();
2205 end_of_header
= find_start_of_next_routerstatus(s
);
2206 if (tokenize_string(area
, s
, end_of_header
, tokens
,
2207 (ns_type
== NS_TYPE_CONSENSUS
) ?
2208 networkstatus_consensus_token_table
:
2209 networkstatus_token_table
, 0)) {
2210 log_warn(LD_DIR
, "Error tokenizing network-status vote header");
2214 ns
= tor_malloc_zero(sizeof(networkstatus_t
));
2215 memcpy(ns
->networkstatus_digest
, ns_digest
, DIGEST_LEN
);
2217 if (ns_type
!= NS_TYPE_CONSENSUS
) {
2218 const char *end_of_cert
= NULL
;
2219 if (!(cert
= strstr(s
, "\ndir-key-certificate-version")))
2222 ns
->cert
= authority_cert_parse_from_string(cert
, &end_of_cert
);
2223 if (!ns
->cert
|| !end_of_cert
|| end_of_cert
> end_of_header
)
2227 tok
= find_by_keyword(tokens
, K_VOTE_STATUS
);
2228 tor_assert(tok
->n_args
);
2229 if (!strcmp(tok
->args
[0], "vote")) {
2230 ns
->type
= NS_TYPE_VOTE
;
2231 } else if (!strcmp(tok
->args
[0], "consensus")) {
2232 ns
->type
= NS_TYPE_CONSENSUS
;
2233 } else if (!strcmp(tok
->args
[0], "opinion")) {
2234 ns
->type
= NS_TYPE_OPINION
;
2236 log_warn(LD_DIR
, "Unrecognized vote status %s in network-status",
2237 escaped(tok
->args
[0]));
2240 if (ns_type
!= ns
->type
) {
2241 log_warn(LD_DIR
, "Got the wrong kind of v3 networkstatus.");
2245 if (ns
->type
== NS_TYPE_VOTE
|| ns
->type
== NS_TYPE_OPINION
) {
2246 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
2247 if (parse_iso_time(tok
->args
[0], &ns
->published
))
2250 ns
->supported_methods
= smartlist_create();
2251 tok
= find_opt_by_keyword(tokens
, K_CONSENSUS_METHODS
);
2253 for (i
=0; i
< tok
->n_args
; ++i
)
2254 smartlist_add(ns
->supported_methods
, tor_strdup(tok
->args
[i
]));
2256 smartlist_add(ns
->supported_methods
, tor_strdup("1"));
2259 tok
= find_opt_by_keyword(tokens
, K_CONSENSUS_METHOD
);
2261 ns
->consensus_method
= (int)tor_parse_long(tok
->args
[0], 10, 1, INT_MAX
,
2266 ns
->consensus_method
= 1;
2270 tok
= find_by_keyword(tokens
, K_VALID_AFTER
);
2271 if (parse_iso_time(tok
->args
[0], &ns
->valid_after
))
2274 tok
= find_by_keyword(tokens
, K_FRESH_UNTIL
);
2275 if (parse_iso_time(tok
->args
[0], &ns
->fresh_until
))
2278 tok
= find_by_keyword(tokens
, K_VALID_UNTIL
);
2279 if (parse_iso_time(tok
->args
[0], &ns
->valid_until
))
2282 tok
= find_by_keyword(tokens
, K_VOTING_DELAY
);
2283 tor_assert(tok
->n_args
>= 2);
2285 (int) tor_parse_long(tok
->args
[0], 10, 0, INT_MAX
, &ok
, NULL
);
2289 (int) tor_parse_long(tok
->args
[1], 10, 0, INT_MAX
, &ok
, NULL
);
2292 if (ns
->valid_after
+ MIN_VOTE_INTERVAL
> ns
->fresh_until
) {
2293 log_warn(LD_DIR
, "Vote/consensus freshness interval is too short");
2296 if (ns
->valid_after
+ MIN_VOTE_INTERVAL
*2 > ns
->valid_until
) {
2297 log_warn(LD_DIR
, "Vote/consensus liveness interval is too short");
2300 if (ns
->vote_seconds
< MIN_VOTE_SECONDS
) {
2301 log_warn(LD_DIR
, "Vote seconds is too short");
2304 if (ns
->dist_seconds
< MIN_DIST_SECONDS
) {
2305 log_warn(LD_DIR
, "Dist seconds is too short");
2309 if ((tok
= find_opt_by_keyword(tokens
, K_CLIENT_VERSIONS
))) {
2310 ns
->client_versions
= tor_strdup(tok
->args
[0]);
2312 if ((tok
= find_opt_by_keyword(tokens
, K_SERVER_VERSIONS
))) {
2313 ns
->server_versions
= tor_strdup(tok
->args
[0]);
2316 tok
= find_by_keyword(tokens
, K_KNOWN_FLAGS
);
2317 ns
->known_flags
= smartlist_create();
2319 for (i
= 0; i
< tok
->n_args
; ++i
) {
2320 smartlist_add(ns
->known_flags
, tor_strdup(tok
->args
[i
]));
2321 if (i
>0 && strcmp(tok
->args
[i
-1], tok
->args
[i
])>= 0) {
2322 log_warn(LD_DIR
, "%s >= %s", tok
->args
[i
-1], tok
->args
[i
]);
2327 log_warn(LD_DIR
, "known-flags not in order");
2331 tok
= find_opt_by_keyword(tokens
, K_PARAMS
);
2334 ns
->net_params
= smartlist_create();
2335 for (i
= 0; i
< tok
->n_args
; ++i
) {
2337 char *eq
= strchr(tok
->args
[i
], '=');
2339 log_warn(LD_DIR
, "Bad element '%s' in params", escaped(tok
->args
[i
]));
2342 tor_parse_long(eq
+1, 10, INT32_MIN
, INT32_MAX
, &ok
, NULL
);
2344 log_warn(LD_DIR
, "Bad element '%s' in params", escaped(tok
->args
[i
]));
2347 if (i
> 0 && strcmp(tok
->args
[i
-1], tok
->args
[i
]) >= 0) {
2348 log_warn(LD_DIR
, "%s >= %s", tok
->args
[i
-1], tok
->args
[i
]);
2351 smartlist_add(ns
->net_params
, tor_strdup(tok
->args
[i
]));
2354 log_warn(LD_DIR
, "params not in order");
2359 ns
->voters
= smartlist_create();
2361 SMARTLIST_FOREACH_BEGIN(tokens
, directory_token_t
*, _tok
) {
2363 if (tok
->tp
== K_DIR_SOURCE
) {
2364 tor_assert(tok
->n_args
>= 6);
2367 smartlist_add(ns
->voters
, voter
);
2368 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2369 if (ns
->type
!= NS_TYPE_CONSENSUS
)
2370 memcpy(voter
->vote_digest
, ns_digest
, DIGEST_LEN
);
2372 voter
->nickname
= tor_strdup(tok
->args
[0]);
2373 if (strlen(tok
->args
[1]) != HEX_DIGEST_LEN
||
2374 base16_decode(voter
->identity_digest
, sizeof(voter
->identity_digest
),
2375 tok
->args
[1], HEX_DIGEST_LEN
) < 0) {
2376 log_warn(LD_DIR
, "Error decoding identity digest %s in "
2377 "network-status vote.", escaped(tok
->args
[1]));
2380 if (ns
->type
!= NS_TYPE_CONSENSUS
&&
2381 memcmp(ns
->cert
->cache_info
.identity_digest
,
2382 voter
->identity_digest
, DIGEST_LEN
)) {
2383 log_warn(LD_DIR
,"Mismatch between identities in certificate and vote");
2386 voter
->address
= tor_strdup(tok
->args
[2]);
2387 if (!tor_inet_aton(tok
->args
[3], &in
)) {
2388 log_warn(LD_DIR
, "Error decoding IP address %s in network-status.",
2389 escaped(tok
->args
[3]));
2392 voter
->addr
= ntohl(in
.s_addr
);
2393 voter
->dir_port
= (uint16_t)
2394 tor_parse_long(tok
->args
[4], 10, 0, 65535, &ok
, NULL
);
2397 voter
->or_port
= (uint16_t)
2398 tor_parse_long(tok
->args
[5], 10, 0, 65535, &ok
, NULL
);
2401 } else if (tok
->tp
== K_CONTACT
) {
2402 if (!voter
|| voter
->contact
) {
2403 log_warn(LD_DIR
, "contact element is out of place.");
2406 voter
->contact
= tor_strdup(tok
->args
[0]);
2407 } else if (tok
->tp
== K_VOTE_DIGEST
) {
2408 tor_assert(ns
->type
== NS_TYPE_CONSENSUS
);
2409 tor_assert(tok
->n_args
>= 1);
2410 if (!voter
|| ! tor_digest_is_zero(voter
->vote_digest
)) {
2411 log_warn(LD_DIR
, "vote-digest element is out of place.");
2414 if (strlen(tok
->args
[0]) != HEX_DIGEST_LEN
||
2415 base16_decode(voter
->vote_digest
, sizeof(voter
->vote_digest
),
2416 tok
->args
[0], HEX_DIGEST_LEN
) < 0) {
2417 log_warn(LD_DIR
, "Error decoding vote digest %s in "
2418 "network-status consensus.", escaped(tok
->args
[0]));
2422 } SMARTLIST_FOREACH_END(_tok
);
2424 smartlist_add(ns
->voters
, voter
);
2427 if (smartlist_len(ns
->voters
) == 0) {
2428 log_warn(LD_DIR
, "Missing dir-source elements in a vote networkstatus.");
2430 } else if (ns
->type
!= NS_TYPE_CONSENSUS
&& smartlist_len(ns
->voters
) != 1) {
2431 log_warn(LD_DIR
, "Too many dir-source elements in a vote networkstatus.");
2435 if (ns
->type
!= NS_TYPE_CONSENSUS
&&
2436 (tok
= find_opt_by_keyword(tokens
, K_LEGACY_DIR_KEY
))) {
2438 if (strlen(tok
->args
[0]) == HEX_DIGEST_LEN
) {
2439 networkstatus_voter_info_t
*voter
= smartlist_get(ns
->voters
, 0);
2440 if (base16_decode(voter
->legacy_id_digest
, DIGEST_LEN
,
2441 tok
->args
[0], HEX_DIGEST_LEN
)<0)
2447 log_warn(LD_DIR
, "Invalid legacy key digest %s on vote.",
2448 escaped(tok
->args
[0]));
2452 /* Parse routerstatus lines. */
2453 rs_tokens
= smartlist_create();
2454 rs_area
= memarea_new();
2456 ns
->routerstatus_list
= smartlist_create();
2458 while (!strcmpstart(s
, "r ")) {
2459 if (ns
->type
!= NS_TYPE_CONSENSUS
) {
2460 vote_routerstatus_t
*rs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2461 if (routerstatus_parse_entry_from_string(rs_area
, &s
, rs_tokens
, ns
,
2463 smartlist_add(ns
->routerstatus_list
, rs
);
2465 tor_free(rs
->version
);
2470 if ((rs
= routerstatus_parse_entry_from_string(rs_area
, &s
, rs_tokens
,
2472 ns
->consensus_method
)))
2473 smartlist_add(ns
->routerstatus_list
, rs
);
2476 for (i
= 1; i
< smartlist_len(ns
->routerstatus_list
); ++i
) {
2477 routerstatus_t
*rs1
, *rs2
;
2478 if (ns
->type
!= NS_TYPE_CONSENSUS
) {
2479 vote_routerstatus_t
*a
= smartlist_get(ns
->routerstatus_list
, i
-1);
2480 vote_routerstatus_t
*b
= smartlist_get(ns
->routerstatus_list
, i
);
2481 rs1
= &a
->status
; rs2
= &b
->status
;
2483 rs1
= smartlist_get(ns
->routerstatus_list
, i
-1);
2484 rs2
= smartlist_get(ns
->routerstatus_list
, i
);
2486 if (memcmp(rs1
->identity_digest
, rs2
->identity_digest
, DIGEST_LEN
) >= 0) {
2487 log_warn(LD_DIR
, "Vote networkstatus entries not sorted by identity "
2493 /* Parse footer; check signature. */
2494 footer_tokens
= smartlist_create();
2495 if ((end_of_footer
= strstr(s
, "\nnetwork-status-version ")))
2498 end_of_footer
= s
+ strlen(s
);
2499 if (tokenize_string(area
,s
, end_of_footer
, footer_tokens
,
2500 networkstatus_vote_footer_token_table
, 0)) {
2501 log_warn(LD_DIR
, "Error tokenizing network-status vote footer.");
2505 SMARTLIST_FOREACH(footer_tokens
, directory_token_t
*, _tok
,
2507 char declared_identity
[DIGEST_LEN
];
2508 networkstatus_voter_info_t
*v
;
2510 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
)
2512 tor_assert(tok
->n_args
>= 2);
2514 if (!tok
->object_type
||
2515 strcmp(tok
->object_type
, "SIGNATURE") ||
2516 tok
->object_size
< 128 || tok
->object_size
> 512) {
2517 log_warn(LD_DIR
, "Bad object type or length on directory-signature");
2521 if (strlen(tok
->args
[0]) != HEX_DIGEST_LEN
||
2522 base16_decode(declared_identity
, sizeof(declared_identity
),
2523 tok
->args
[0], HEX_DIGEST_LEN
) < 0) {
2524 log_warn(LD_DIR
, "Error decoding declared identity %s in "
2525 "network-status vote.", escaped(tok
->args
[0]));
2528 if (!(v
= networkstatus_get_voter_by_id(ns
, declared_identity
))) {
2529 log_warn(LD_DIR
, "ID on signature on network-status vote does not match "
2530 "any declared directory source.");
2533 if (strlen(tok
->args
[1]) != HEX_DIGEST_LEN
||
2534 base16_decode(v
->signing_key_digest
, sizeof(v
->signing_key_digest
),
2535 tok
->args
[1], HEX_DIGEST_LEN
) < 0) {
2536 log_warn(LD_DIR
, "Error decoding declared digest %s in "
2537 "network-status vote.", escaped(tok
->args
[1]));
2541 if (ns
->type
!= NS_TYPE_CONSENSUS
) {
2542 if (memcmp(declared_identity
, ns
->cert
->cache_info
.identity_digest
,
2544 log_warn(LD_DIR
, "Digest mismatch between declared and actual on "
2545 "network-status vote.");
2550 if (ns
->type
!= NS_TYPE_CONSENSUS
) {
2551 if (check_signature_token(ns_digest
, tok
, ns
->cert
->signing_key
, 0,
2552 "network-status vote"))
2554 v
->good_signature
= 1;
2556 if (tok
->object_size
>= INT_MAX
|| tok
->object_size
>= SIZE_T_CEILING
)
2558 /* We already parsed a vote from this voter. Use the first one. */
2560 log_fn(LOG_PROTOCOL_WARN
, LD_DIR
, "We received a networkstatus "
2561 "that contains two votes from the same voter. Ignoring "
2562 "the second vote.");
2566 v
->signature
= tor_memdup(tok
->object_body
, tok
->object_size
);
2567 v
->signature_len
= (int) tok
->object_size
;
2572 if (! n_signatures
) {
2573 log_warn(LD_DIR
, "No signatures on networkstatus vote.");
2578 *eos_out
= end_of_footer
;
2583 networkstatus_vote_free(ns
);
2587 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
2588 smartlist_free(tokens
);
2591 tor_free(voter
->nickname
);
2592 tor_free(voter
->address
);
2593 tor_free(voter
->contact
);
2594 tor_free(voter
->signature
);
2598 SMARTLIST_FOREACH(rs_tokens
, directory_token_t
*, t
, token_free(t
));
2599 smartlist_free(rs_tokens
);
2601 if (footer_tokens
) {
2602 SMARTLIST_FOREACH(footer_tokens
, directory_token_t
*, t
, token_free(t
));
2603 smartlist_free(footer_tokens
);
2606 DUMP_AREA(area
, "v3 networkstatus");
2607 memarea_drop_all(area
);
2610 memarea_drop_all(rs_area
);
2615 /** Parse a detached v3 networkstatus signature document between <b>s</b> and
2616 * <b>eos</b> and return the result. Return -1 on failure. */
2617 ns_detached_signatures_t
*
2618 networkstatus_parse_detached_signatures(const char *s
, const char *eos
)
2620 /* XXXX there is too much duplicate shared between this function and
2621 * networkstatus_parse_vote_from_string(). */
2622 directory_token_t
*tok
;
2623 memarea_t
*area
= NULL
;
2625 smartlist_t
*tokens
= smartlist_create();
2626 ns_detached_signatures_t
*sigs
=
2627 tor_malloc_zero(sizeof(ns_detached_signatures_t
));
2630 eos
= s
+ strlen(s
);
2632 area
= memarea_new();
2633 if (tokenize_string(area
,s
, eos
, tokens
,
2634 networkstatus_detached_signature_token_table
, 0)) {
2635 log_warn(LD_DIR
, "Error tokenizing detached networkstatus signatures");
2639 tok
= find_by_keyword(tokens
, K_CONSENSUS_DIGEST
);
2640 if (strlen(tok
->args
[0]) != HEX_DIGEST_LEN
) {
2641 log_warn(LD_DIR
, "Wrong length on consensus-digest in detached "
2642 "networkstatus signatures");
2645 if (base16_decode(sigs
->networkstatus_digest
, DIGEST_LEN
,
2646 tok
->args
[0], strlen(tok
->args
[0])) < 0) {
2647 log_warn(LD_DIR
, "Bad encoding on on consensus-digest in detached "
2648 "networkstatus signatures");
2652 tok
= find_by_keyword(tokens
, K_VALID_AFTER
);
2653 if (parse_iso_time(tok
->args
[0], &sigs
->valid_after
)) {
2654 log_warn(LD_DIR
, "Bad valid-after in detached networkstatus signatures");
2658 tok
= find_by_keyword(tokens
, K_FRESH_UNTIL
);
2659 if (parse_iso_time(tok
->args
[0], &sigs
->fresh_until
)) {
2660 log_warn(LD_DIR
, "Bad fresh-until in detached networkstatus signatures");
2664 tok
= find_by_keyword(tokens
, K_VALID_UNTIL
);
2665 if (parse_iso_time(tok
->args
[0], &sigs
->valid_until
)) {
2666 log_warn(LD_DIR
, "Bad valid-until in detached networkstatus signatures");
2670 sigs
->signatures
= smartlist_create();
2671 SMARTLIST_FOREACH(tokens
, directory_token_t
*, _tok
,
2673 char id_digest
[DIGEST_LEN
];
2674 char sk_digest
[DIGEST_LEN
];
2675 networkstatus_voter_info_t
*voter
;
2678 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
)
2680 tor_assert(tok
->n_args
>= 2);
2682 if (!tok
->object_type
||
2683 strcmp(tok
->object_type
, "SIGNATURE") ||
2684 tok
->object_size
< 128 || tok
->object_size
> 512) {
2685 log_warn(LD_DIR
, "Bad object type or length on directory-signature");
2689 if (strlen(tok
->args
[0]) != HEX_DIGEST_LEN
||
2690 base16_decode(id_digest
, sizeof(id_digest
),
2691 tok
->args
[0], HEX_DIGEST_LEN
) < 0) {
2692 log_warn(LD_DIR
, "Error decoding declared identity %s in "
2693 "network-status vote.", escaped(tok
->args
[0]));
2696 if (strlen(tok
->args
[1]) != HEX_DIGEST_LEN
||
2697 base16_decode(sk_digest
, sizeof(sk_digest
),
2698 tok
->args
[1], HEX_DIGEST_LEN
) < 0) {
2699 log_warn(LD_DIR
, "Error decoding declared digest %s in "
2700 "network-status vote.", escaped(tok
->args
[1]));
2704 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2705 memcpy(voter
->identity_digest
, id_digest
, DIGEST_LEN
);
2706 memcpy(voter
->signing_key_digest
, sk_digest
, DIGEST_LEN
);
2707 if (tok
->object_size
>= INT_MAX
|| tok
->object_size
>= SIZE_T_CEILING
)
2709 voter
->signature
= tor_memdup(tok
->object_body
, tok
->object_size
);
2710 voter
->signature_len
= (int) tok
->object_size
;
2712 smartlist_add(sigs
->signatures
, voter
);
2717 ns_detached_signatures_free(sigs
);
2720 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
2721 smartlist_free(tokens
);
2723 DUMP_AREA(area
, "detached signatures");
2724 memarea_drop_all(area
);
2729 /** Parse the addr policy in the string <b>s</b> and return it. If
2730 * assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or
2731 * ADDR_POLICY_REJECT) for items that specify no action.
2734 router_parse_addr_policy_item_from_string(const char *s
, int assume_action
)
2736 directory_token_t
*tok
= NULL
;
2737 const char *cp
, *eos
;
2738 /* Longest possible policy is "accept ffff:ffff:..255/ffff:...255:0-65535".
2739 * But note that there can be an arbitrary amount of space between the
2740 * accept and the address:mask/port element. */
2741 char line
[TOR_ADDR_BUF_LEN
*2 + 32];
2743 memarea_t
*area
= NULL
;
2745 s
= eat_whitespace(s
);
2746 if ((*s
== '*' || TOR_ISDIGIT(*s
)) && assume_action
>= 0) {
2747 if (tor_snprintf(line
, sizeof(line
), "%s %s",
2748 assume_action
== ADDR_POLICY_ACCEPT
?"accept":"reject", s
)<0) {
2749 log_warn(LD_DIR
, "Policy %s is too long.", escaped(s
));
2754 } else { /* assume an already well-formed address policy line */
2758 eos
= cp
+ strlen(cp
);
2759 area
= memarea_new();
2760 tok
= get_next_token(area
, &cp
, eos
, routerdesc_token_table
);
2761 if (tok
->tp
== _ERR
) {
2762 log_warn(LD_DIR
, "Error reading address policy: %s", tok
->error
);
2765 if (tok
->tp
!= K_ACCEPT
&& tok
->tp
!= K_ACCEPT6
&&
2766 tok
->tp
!= K_REJECT
&& tok
->tp
!= K_REJECT6
) {
2767 log_warn(LD_DIR
, "Expected 'accept' or 'reject'.");
2771 r
= router_parse_addr_policy(tok
);
2778 DUMP_AREA(area
, "policy item");
2779 memarea_drop_all(area
);
2784 /** Add an exit policy stored in the token <b>tok</b> to the router info in
2785 * <b>router</b>. Return 0 on success, -1 on failure. */
2787 router_add_exit_policy(routerinfo_t
*router
, directory_token_t
*tok
)
2789 addr_policy_t
*newe
;
2790 newe
= router_parse_addr_policy(tok
);
2793 if (! router
->exit_policy
)
2794 router
->exit_policy
= smartlist_create();
2796 if (((tok
->tp
== K_ACCEPT6
|| tok
->tp
== K_REJECT6
) &&
2797 tor_addr_family(&newe
->addr
) == AF_INET
)
2799 ((tok
->tp
== K_ACCEPT
|| tok
->tp
== K_REJECT
) &&
2800 tor_addr_family(&newe
->addr
) == AF_INET6
)) {
2801 log_warn(LD_DIR
, "Mismatch between field type and address type in exit "
2803 addr_policy_free(newe
);
2807 smartlist_add(router
->exit_policy
, newe
);
2812 /** Given a K_ACCEPT or K_REJECT token and a router, create and return
2813 * a new exit_policy_t corresponding to the token. */
2814 static addr_policy_t
*
2815 router_parse_addr_policy(directory_token_t
*tok
)
2820 tor_assert(tok
->tp
== K_REJECT
|| tok
->tp
== K_REJECT6
||
2821 tok
->tp
== K_ACCEPT
|| tok
->tp
== K_ACCEPT6
);
2823 if (tok
->n_args
!= 1)
2827 if (!strcmpstart(arg
,"private"))
2828 return router_parse_addr_policy_private(tok
);
2830 memset(&newe
, 0, sizeof(newe
));
2832 if (tok
->tp
== K_REJECT
|| tok
->tp
== K_REJECT6
)
2833 newe
.policy_type
= ADDR_POLICY_REJECT
;
2835 newe
.policy_type
= ADDR_POLICY_ACCEPT
;
2837 if (tor_addr_parse_mask_ports(arg
, &newe
.addr
, &newe
.maskbits
,
2838 &newe
.prt_min
, &newe
.prt_max
) < 0) {
2839 log_warn(LD_DIR
,"Couldn't parse line %s. Dropping", escaped(arg
));
2843 return addr_policy_get_canonical_entry(&newe
);
2846 /** Parse an exit policy line of the format "accept/reject private:...".
2847 * This didn't exist until Tor 0.1.1.15, so nobody should generate it in
2848 * router descriptors until earlier versions are obsolete.
2850 static addr_policy_t
*
2851 router_parse_addr_policy_private(directory_token_t
*tok
)
2854 uint16_t port_min
, port_max
;
2855 addr_policy_t result
;
2858 if (strcmpstart(arg
, "private"))
2861 arg
+= strlen("private");
2862 arg
= (char*) eat_whitespace(arg
);
2863 if (!arg
|| *arg
!= ':')
2866 if (parse_port_range(arg
+1, &port_min
, &port_max
)<0)
2869 memset(&result
, 0, sizeof(result
));
2870 if (tok
->tp
== K_REJECT
|| tok
->tp
== K_REJECT6
)
2871 result
.policy_type
= ADDR_POLICY_REJECT
;
2873 result
.policy_type
= ADDR_POLICY_ACCEPT
;
2874 result
.is_private
= 1;
2875 result
.prt_min
= port_min
;
2876 result
.prt_max
= port_max
;
2878 return addr_policy_get_canonical_entry(&result
);
2881 /** Log and exit if <b>t</b> is malformed */
2883 assert_addr_policy_ok(smartlist_t
*lst
)
2886 SMARTLIST_FOREACH(lst
, addr_policy_t
*, t
, {
2887 tor_assert(t
->policy_type
== ADDR_POLICY_REJECT
||
2888 t
->policy_type
== ADDR_POLICY_ACCEPT
);
2889 tor_assert(t
->prt_min
<= t
->prt_max
);
2894 * Low-level tokenizer for router descriptors and directories.
2897 /** Free all resources allocated for <b>tok</b> */
2899 token_free(directory_token_t
*tok
)
2903 crypto_free_pk_env(tok
->key
);
2906 #define ALLOC_ZERO(sz) memarea_alloc_zero(area,sz)
2907 #define ALLOC(sz) memarea_alloc(area,sz)
2908 #define STRDUP(str) memarea_strdup(area,str)
2909 #define STRNDUP(str,n) memarea_strndup(area,(str),(n))
2911 #define RET_ERR(msg) \
2913 if (tok) token_free(tok); \
2914 tok = ALLOC_ZERO(sizeof(directory_token_t)); \
2916 tok->error = STRDUP(msg); \
2917 goto done_tokenizing; \
2920 /** Helper: make sure that the token <b>tok</b> with keyword <b>kwd</b> obeys
2921 * the object syntax of <b>o_syn</b>. Allocate all storage in <b>area</b>.
2922 * Return <b>tok</b> on success, or a new _ERR token if the token didn't
2923 * conform to the syntax we wanted.
2925 static INLINE directory_token_t
*
2926 token_check_object(memarea_t
*area
, const char *kwd
,
2927 directory_token_t
*tok
, obj_syntax o_syn
)
2932 /* No object is allowed for this token. */
2933 if (tok
->object_body
) {
2934 tor_snprintf(ebuf
, sizeof(ebuf
), "Unexpected object for %s", kwd
);
2938 tor_snprintf(ebuf
, sizeof(ebuf
), "Unexpected public key for %s", kwd
);
2943 /* There must be a (non-key) object. */
2944 if (!tok
->object_body
) {
2945 tor_snprintf(ebuf
, sizeof(ebuf
), "Missing object for %s", kwd
);
2949 case NEED_KEY_1024
: /* There must be a 1024-bit public key. */
2950 case NEED_SKEY_1024
: /* There must be a 1024-bit private key. */
2951 if (tok
->key
&& crypto_pk_keysize(tok
->key
) != PK_BYTES
) {
2952 tor_snprintf(ebuf
, sizeof(ebuf
), "Wrong size on key for %s: %d bits",
2953 kwd
, (int)crypto_pk_keysize(tok
->key
));
2957 case NEED_KEY
: /* There must be some kind of key. */
2959 tor_snprintf(ebuf
, sizeof(ebuf
), "Missing public key for %s", kwd
);
2962 if (o_syn
!= NEED_SKEY_1024
) {
2963 if (crypto_pk_key_is_private(tok
->key
)) {
2964 tor_snprintf(ebuf
, sizeof(ebuf
),
2965 "Private key given for %s, which wants a public key", kwd
);
2968 } else { /* o_syn == NEED_SKEY_1024 */
2969 if (!crypto_pk_key_is_private(tok
->key
)) {
2970 tor_snprintf(ebuf
, sizeof(ebuf
),
2971 "Public key given for %s, which wants a private key", kwd
);
2977 /* Anything goes with this token. */
2985 /** Helper: parse space-separated arguments from the string <b>s</b> ending at
2986 * <b>eol</b>, and store them in the args field of <b>tok</b>. Store the
2987 * number of parsed elements into the n_args field of <b>tok</b>. Allocate
2988 * all storage in <b>area</b>. Return the number of arguments parsed, or
2989 * return -1 if there was an insanely high number of arguments. */
2991 get_token_arguments(memarea_t
*area
, directory_token_t
*tok
,
2992 const char *s
, const char *eol
)
2994 /** Largest number of arguments we'll accept to any token, ever. */
2995 #define MAX_ARGS 512
2996 char *mem
= memarea_strndup(area
, s
, eol
-s
);
2999 char *args
[MAX_ARGS
];
3004 cp
= (char*)find_whitespace(cp
);
3006 break; /* End of the line. */
3008 cp
= (char*)eat_whitespace(cp
);
3011 tok
->args
= memarea_memdup(area
, args
, j
*sizeof(char*));
3016 /** Helper function: read the next token from *s, advance *s to the end of the
3017 * token, and return the parsed token. Parse *<b>s</b> according to the list
3018 * of tokens in <b>table</b>.
3020 static directory_token_t
*
3021 get_next_token(memarea_t
*area
,
3022 const char **s
, const char *eos
, token_rule_t
*table
)
3024 /** Reject any object at least this big; it is probably an overflow, an
3025 * attack, a bug, or some other nonsense. */
3026 #define MAX_UNPARSED_OBJECT_SIZE (128*1024)
3028 const char *next
, *eol
, *obstart
;
3031 directory_token_t
*tok
;
3032 obj_syntax o_syn
= NO_OBJ
;
3034 const char *kwd
= "";
3037 tok
= ALLOC_ZERO(sizeof(directory_token_t
));
3040 /* Set *s to first token, eol to end-of-line, next to after first token */
3041 *s
= eat_whitespace_eos(*s
, eos
); /* eat multi-line whitespace */
3042 tor_assert(eos
>= *s
);
3043 eol
= memchr(*s
, '\n', eos
-*s
);
3046 next
= find_whitespace_eos(*s
, eol
);
3048 if (!strcmp_len(*s
, "opt", next
-*s
)) {
3049 /* Skip past an "opt" at the start of the line. */
3050 *s
= eat_whitespace_eos_no_nl(next
, eol
);
3051 next
= find_whitespace_eos(*s
, eol
);
3052 } else if (*s
== eos
) { /* If no "opt", and end-of-line, line is invalid */
3053 RET_ERR("Unexpected EOF");
3056 /* Search the table for the appropriate entry. (I tried a binary search
3057 * instead, but it wasn't any faster.) */
3058 for (i
= 0; table
[i
].t
; ++i
) {
3059 if (!strcmp_len(*s
, table
[i
].t
, next
-*s
)) {
3060 /* We've found the keyword. */
3062 tok
->tp
= table
[i
].v
;
3063 o_syn
= table
[i
].os
;
3064 *s
= eat_whitespace_eos_no_nl(next
, eol
);
3065 /* We go ahead whether there are arguments or not, so that tok->args is
3066 * always set if we want arguments. */
3067 if (table
[i
].concat_args
) {
3068 /* The keyword takes the line as a single argument */
3069 tok
->args
= ALLOC(sizeof(char*));
3070 tok
->args
[0] = STRNDUP(*s
,eol
-*s
); /* Grab everything on line */
3073 /* This keyword takes multiple arguments. */
3074 if (get_token_arguments(area
, tok
, *s
, eol
)<0) {
3075 tor_snprintf(ebuf
, sizeof(ebuf
),"Far too many arguments to %s", kwd
);
3080 if (tok
->n_args
< table
[i
].min_args
) {
3081 tor_snprintf(ebuf
, sizeof(ebuf
), "Too few arguments to %s", kwd
);
3083 } else if (tok
->n_args
> table
[i
].max_args
) {
3084 tor_snprintf(ebuf
, sizeof(ebuf
), "Too many arguments to %s", kwd
);
3091 if (tok
->tp
== _ERR
) {
3092 /* No keyword matched; call it an "K_opt" or "A_unrecognized" */
3094 tok
->tp
= _A_UNKNOWN
;
3097 tok
->args
= ALLOC(sizeof(char*));
3098 tok
->args
[0] = STRNDUP(*s
, eol
-*s
);
3103 /* Check whether there's an object present */
3104 *s
= eat_whitespace_eos(eol
, eos
); /* Scan from end of first line */
3105 tor_assert(eos
>= *s
);
3106 eol
= memchr(*s
, '\n', eos
-*s
);
3107 if (!eol
|| eol
-*s
<11 || strcmpstart(*s
, "-----BEGIN ")) /* No object. */
3110 obstart
= *s
; /* Set obstart to start of object spec */
3111 if (*s
+16 >= eol
|| memchr(*s
+11,'\0',eol
-*s
-16) || /* no short lines, */
3112 strcmp_len(eol
-5, "-----", 5) || /* nuls or invalid endings */
3113 (eol
-*s
) > MAX_UNPARSED_OBJECT_SIZE
) { /* name too long */
3114 RET_ERR("Malformed object: bad begin line");
3116 tok
->object_type
= STRNDUP(*s
+11, eol
-*s
-16);
3117 obname_len
= eol
-*s
-16; /* store objname length here to avoid a strlen() */
3118 *s
= eol
+1; /* Set *s to possible start of object data (could be eos) */
3120 /* Go to the end of the object */
3121 next
= tor_memstr(*s
, eos
-*s
, "-----END ");
3123 RET_ERR("Malformed object: missing object end line");
3125 tor_assert(eos
>= next
);
3126 eol
= memchr(next
, '\n', eos
-next
);
3127 if (!eol
) /* end-of-line marker, or eos if there's no '\n' */
3129 /* Validate the ending tag, which should be 9 + NAME + 5 + eol */
3130 if ((size_t)(eol
-next
) != 9+obname_len
+5 ||
3131 strcmp_len(next
+9, tok
->object_type
, obname_len
) ||
3132 strcmp_len(eol
-5, "-----", 5)) {
3133 snprintf(ebuf
, sizeof(ebuf
), "Malformed object: mismatched end tag %s",
3135 ebuf
[sizeof(ebuf
)-1] = '\0';
3138 if (next
- *s
> MAX_UNPARSED_OBJECT_SIZE
)
3139 RET_ERR("Couldn't parse object: missing footer or object much too big.");
3141 if (!strcmp(tok
->object_type
, "RSA PUBLIC KEY")) { /* If it's a public key */
3142 tok
->key
= crypto_new_pk_env();
3143 if (crypto_pk_read_public_key_from_string(tok
->key
, obstart
, eol
-obstart
))
3144 RET_ERR("Couldn't parse public key.");
3145 } else if (!strcmp(tok
->object_type
, "RSA PRIVATE KEY")) { /* private key */
3146 tok
->key
= crypto_new_pk_env();
3147 if (crypto_pk_read_private_key_from_string(tok
->key
, obstart
, eol
-obstart
))
3148 RET_ERR("Couldn't parse private key.");
3149 } else { /* If it's something else, try to base64-decode it */
3151 tok
->object_body
= ALLOC(next
-*s
); /* really, this is too much RAM. */
3152 r
= base64_decode(tok
->object_body
, next
-*s
, *s
, next
-*s
);
3154 RET_ERR("Malformed object: bad base64-encoded data");
3155 tok
->object_size
= r
;
3160 tok
= token_check_object(area
, kwd
, tok
, o_syn
);
3172 /** Read all tokens from a string between <b>start</b> and <b>end</b>, and add
3173 * them to <b>out</b>. Parse according to the token rules in <b>table</b>.
3174 * Caller must free tokens in <b>out</b>. If <b>end</b> is NULL, use the
3178 tokenize_string(memarea_t
*area
,
3179 const char *start
, const char *end
, smartlist_t
*out
,
3180 token_rule_t
*table
, int flags
)
3183 directory_token_t
*tok
= NULL
;
3186 int first_nonannotation
;
3187 int prev_len
= smartlist_len(out
);
3192 end
= start
+strlen(start
);
3193 for (i
= 0; i
< _NIL
; ++i
)
3196 SMARTLIST_FOREACH(out
, const directory_token_t
*, t
, ++counts
[t
->tp
]);
3198 while (*s
< end
&& (!tok
|| tok
->tp
!= _EOF
)) {
3199 tok
= get_next_token(area
, s
, end
, table
);
3200 if (tok
->tp
== _ERR
) {
3201 log_warn(LD_DIR
, "parse error: %s", tok
->error
);
3206 smartlist_add(out
, tok
);
3207 *s
= eat_whitespace_eos(*s
, end
);
3210 if (flags
& TS_NOCHECK
)
3213 if ((flags
& TS_ANNOTATIONS_OK
)) {
3214 first_nonannotation
= -1;
3215 for (i
= 0; i
< smartlist_len(out
); ++i
) {
3216 tok
= smartlist_get(out
, i
);
3217 if (tok
->tp
< MIN_ANNOTATION
|| tok
->tp
> MAX_ANNOTATION
) {
3218 first_nonannotation
= i
;
3222 if (first_nonannotation
< 0) {
3223 log_warn(LD_DIR
, "parse error: item contains only annotations");
3226 for (i
=first_nonannotation
; i
< smartlist_len(out
); ++i
) {
3227 tok
= smartlist_get(out
, i
);
3228 if (tok
->tp
>= MIN_ANNOTATION
&& tok
->tp
<= MAX_ANNOTATION
) {
3229 log_warn(LD_DIR
, "parse error: Annotations mixed with keywords");
3233 if ((flags
& TS_NO_NEW_ANNOTATIONS
)) {
3234 if (first_nonannotation
!= prev_len
) {
3235 log_warn(LD_DIR
, "parse error: Unexpected annotations.");
3240 for (i
=0; i
< smartlist_len(out
); ++i
) {
3241 tok
= smartlist_get(out
, i
);
3242 if (tok
->tp
>= MIN_ANNOTATION
&& tok
->tp
<= MAX_ANNOTATION
) {
3243 log_warn(LD_DIR
, "parse error: no annotations allowed.");
3247 first_nonannotation
= 0;
3249 for (i
= 0; table
[i
].t
; ++i
) {
3250 if (counts
[table
[i
].v
] < table
[i
].min_cnt
) {
3251 log_warn(LD_DIR
, "Parse error: missing %s element.", table
[i
].t
);
3254 if (counts
[table
[i
].v
] > table
[i
].max_cnt
) {
3255 log_warn(LD_DIR
, "Parse error: too many %s elements.", table
[i
].t
);
3258 if (table
[i
].pos
& AT_START
) {
3259 if (smartlist_len(out
) < 1 ||
3260 (tok
= smartlist_get(out
, first_nonannotation
))->tp
!= table
[i
].v
) {
3261 log_warn(LD_DIR
, "Parse error: first item is not %s.", table
[i
].t
);
3265 if (table
[i
].pos
& AT_END
) {
3266 if (smartlist_len(out
) < 1 ||
3267 (tok
= smartlist_get(out
, smartlist_len(out
)-1))->tp
!= table
[i
].v
) {
3268 log_warn(LD_DIR
, "Parse error: last item is not %s.", table
[i
].t
);
3276 /** Find the first token in <b>s</b> whose keyword is <b>keyword</b>; return
3277 * NULL if no such keyword is found.
3279 static directory_token_t
*
3280 find_opt_by_keyword(smartlist_t
*s
, directory_keyword keyword
)
3282 SMARTLIST_FOREACH(s
, directory_token_t
*, t
, if (t
->tp
== keyword
) return t
);
3286 /** Find the first token in <b>s</b> whose keyword is <b>keyword</b>; fail
3287 * with an assert if no such keyword is found.
3289 static directory_token_t
*
3290 _find_by_keyword(smartlist_t
*s
, directory_keyword keyword
,
3291 const char *keyword_as_string
)
3293 directory_token_t
*tok
= find_opt_by_keyword(s
, keyword
);
3294 if (PREDICT_UNLIKELY(!tok
)) {
3295 log_err(LD_BUG
, "Missing %s [%d] in directory object that should have "
3296 "been validated. Internal error.", keyword_as_string
, (int)keyword
);
3302 /** Return a newly allocated smartlist of all accept or reject tokens in
3305 static smartlist_t
*
3306 find_all_exitpolicy(smartlist_t
*s
)
3308 smartlist_t
*out
= smartlist_create();
3309 SMARTLIST_FOREACH(s
, directory_token_t
*, t
,
3310 if (t
->tp
== K_ACCEPT
|| t
->tp
== K_ACCEPT6
||
3311 t
->tp
== K_REJECT
|| t
->tp
== K_REJECT6
)
3312 smartlist_add(out
,t
));
3316 /** Compute the SHA-1 digest of the substring of <b>s</b> taken from the first
3317 * occurrence of <b>start_str</b> through the first instance of c after the
3318 * first subsequent occurrence of <b>end_str</b>; store the 20-byte result in
3319 * <b>digest</b>; return 0 on success.
3321 * If no such substring exists, return -1.
3324 router_get_hash_impl(const char *s
, size_t s_len
, char *digest
,
3325 const char *start_str
,
3326 const char *end_str
, char end_c
)
3328 const char *start
, *end
;
3329 start
= tor_memstr(s
, s_len
, start_str
);
3331 log_warn(LD_DIR
,"couldn't find start of hashed material \"%s\"",start_str
);
3334 if (start
!= s
&& *(start
-1) != '\n') {
3336 "first occurrence of \"%s\" is not at the start of a line",
3340 end
= tor_memstr(start
+strlen(start_str
),
3341 s_len
- (start
-s
) - strlen(start_str
), end_str
);
3343 log_warn(LD_DIR
,"couldn't find end of hashed material \"%s\"",end_str
);
3346 end
= memchr(end
+strlen(end_str
), end_c
, s_len
- (end
-s
) - strlen(end_str
));
3348 log_warn(LD_DIR
,"couldn't find EOL");
3353 if (crypto_digest(digest
, start
, end
-start
)) {
3354 log_warn(LD_BUG
,"couldn't compute digest");
3361 /** Parse the Tor version of the platform string <b>platform</b>,
3362 * and compare it to the version in <b>cutoff</b>. Return 1 if
3363 * the router is at least as new as the cutoff, else return 0.
3366 tor_version_as_new_as(const char *platform
, const char *cutoff
)
3368 tor_version_t cutoff_version
, router_version
;
3369 char *s
, *s2
, *start
;
3372 tor_assert(platform
);
3374 if (tor_version_parse(cutoff
, &cutoff_version
)<0) {
3375 log_warn(LD_BUG
,"cutoff version '%s' unparseable.",cutoff
);
3378 if (strcmpstart(platform
,"Tor ")) /* nonstandard Tor; be safe and say yes */
3381 start
= (char *)eat_whitespace(platform
+3);
3382 if (!*start
) return 0;
3383 s
= (char *)find_whitespace(start
); /* also finds '\0', which is fine */
3384 s2
= (char*)eat_whitespace(s
);
3385 if (!strcmpstart(s2
, "(r"))
3386 s
= (char*)find_whitespace(s2
);
3388 if ((size_t)(s
-start
+1) >= sizeof(tmp
)) /* too big, no */
3390 strlcpy(tmp
, start
, s
-start
+1);
3392 if (tor_version_parse(tmp
, &router_version
)<0) {
3393 log_info(LD_DIR
,"Router version '%s' unparseable.",tmp
);
3394 return 1; /* be safe and say yes */
3397 /* Here's why we don't need to do any special handling for svn revisions:
3398 * - If neither has an svn revision, we're fine.
3399 * - If the router doesn't have an svn revision, we can't assume that it
3400 * is "at least" any svn revision, so we need to return 0.
3401 * - If the target version doesn't have an svn revision, any svn revision
3402 * (or none at all) is good enough, so return 1.
3403 * - If both target and router have an svn revision, we compare them.
3406 return tor_version_compare(&router_version
, &cutoff_version
) >= 0;
3409 /** Parse a tor version from <b>s</b>, and store the result in <b>out</b>.
3410 * Return 0 on success, -1 on failure. */
3412 tor_version_parse(const char *s
, tor_version_t
*out
)
3415 const char *cp
=NULL
;
3417 * "Tor " ? NUM dot NUM dot NUM [ ( pre | rc | dot ) NUM [ - tag ] ]
3422 memset(out
, 0, sizeof(tor_version_t
));
3424 if (!strcasecmpstart(s
, "Tor "))
3428 out
->major
= (int)strtol(s
,&eos
,10);
3429 if (!eos
|| eos
==s
|| *eos
!= '.') return -1;
3433 out
->minor
= (int) strtol(cp
,&eos
,10);
3434 if (!eos
|| eos
==cp
|| *eos
!= '.') return -1;
3438 out
->micro
= (int) strtol(cp
,&eos
,10);
3439 if (!eos
|| eos
==cp
) return -1;
3441 out
->status
= VER_RELEASE
;
3442 out
->patchlevel
= 0;
3449 out
->status
= VER_RELEASE
;
3451 } else if (0==strncmp(cp
, "pre", 3)) {
3452 out
->status
= VER_PRE
;
3454 } else if (0==strncmp(cp
, "rc", 2)) {
3455 out
->status
= VER_RC
;
3461 /* Get patchlevel */
3462 out
->patchlevel
= (int) strtol(cp
,&eos
,10);
3463 if (!eos
|| eos
==cp
) return -1;
3466 /* Get status tag. */
3467 if (*cp
== '-' || *cp
== '.')
3469 eos
= (char*) find_whitespace(cp
);
3470 if (eos
-cp
>= (int)sizeof(out
->status_tag
))
3471 strlcpy(out
->status_tag
, cp
, sizeof(out
->status_tag
));
3473 memcpy(out
->status_tag
, cp
, eos
-cp
);
3474 out
->status_tag
[eos
-cp
] = 0;
3476 cp
= eat_whitespace(eos
);
3478 if (!strcmpstart(cp
, "(r")) {
3480 out
->svn_revision
= (int) strtol(cp
,&eos
,10);
3486 /** Compare two tor versions; Return <0 if a < b; 0 if a ==b, >0 if a >
3489 tor_version_compare(tor_version_t
*a
, tor_version_t
*b
)
3494 if ((i
= a
->major
- b
->major
))
3496 else if ((i
= a
->minor
- b
->minor
))
3498 else if ((i
= a
->micro
- b
->micro
))
3500 else if ((i
= a
->status
- b
->status
))
3502 else if ((i
= a
->patchlevel
- b
->patchlevel
))
3504 else if ((i
= strcmp(a
->status_tag
, b
->status_tag
)))
3507 return a
->svn_revision
- b
->svn_revision
;
3510 /** Return true iff versions <b>a</b> and <b>b</b> belong to the same series.
3513 tor_version_same_series(tor_version_t
*a
, tor_version_t
*b
)
3517 return ((a
->major
== b
->major
) &&
3518 (a
->minor
== b
->minor
) &&
3519 (a
->micro
== b
->micro
));
3522 /** Helper: Given pointers to two strings describing tor versions, return -1
3523 * if _a precedes _b, 1 if _b precedes _a, and 0 if they are equivalent.
3524 * Used to sort a list of versions. */
3526 _compare_tor_version_str_ptr(const void **_a
, const void **_b
)
3528 const char *a
= *_a
, *b
= *_b
;
3530 tor_version_t va
, vb
;
3531 ca
= tor_version_parse(a
, &va
);
3532 cb
= tor_version_parse(b
, &vb
);
3533 /* If they both parse, compare them. */
3535 return tor_version_compare(&va
,&vb
);
3536 /* If one parses, it comes first. */
3541 /* If neither parses, compare strings. Also, the directory server admin
3542 ** needs to be smacked upside the head. But Tor is tolerant and gentle. */
3546 /** Sort a list of string-representations of versions in ascending order. */
3548 sort_version_list(smartlist_t
*versions
, int remove_duplicates
)
3550 smartlist_sort(versions
, _compare_tor_version_str_ptr
);
3552 if (remove_duplicates
)
3553 smartlist_uniq(versions
, _compare_tor_version_str_ptr
, _tor_free
);
3556 /** Parse and validate the ASCII-encoded v2 descriptor in <b>desc</b>,
3557 * write the parsed descriptor to the newly allocated *<b>parsed_out</b>, the
3558 * binary descriptor ID of length DIGEST_LEN to <b>desc_id_out</b>, the
3559 * encrypted introduction points to the newly allocated
3560 * *<b>intro_points_encrypted_out</b>, their encrypted size to
3561 * *<b>intro_points_encrypted_size_out</b>, the size of the encoded descriptor
3562 * to *<b>encoded_size_out</b>, and a pointer to the possibly next
3563 * descriptor to *<b>next_out</b>; return 0 for success (including validation)
3564 * and -1 for failure.
3567 rend_parse_v2_service_descriptor(rend_service_descriptor_t
**parsed_out
,
3569 char **intro_points_encrypted_out
,
3570 size_t *intro_points_encrypted_size_out
,
3571 size_t *encoded_size_out
,
3572 const char **next_out
, const char *desc
)
3574 rend_service_descriptor_t
*result
=
3575 tor_malloc_zero(sizeof(rend_service_descriptor_t
));
3576 char desc_hash
[DIGEST_LEN
];
3578 smartlist_t
*tokens
= smartlist_create();
3579 directory_token_t
*tok
;
3580 char secret_id_part
[DIGEST_LEN
];
3581 int i
, version
, num_ok
=1;
3582 smartlist_t
*versions
;
3583 char public_key_hash
[DIGEST_LEN
];
3584 char test_desc_id
[DIGEST_LEN
];
3585 memarea_t
*area
= NULL
;
3587 /* Check if desc starts correctly. */
3588 if (strncmp(desc
, "rendezvous-service-descriptor ",
3589 strlen("rendezvous-service-descriptor "))) {
3590 log_info(LD_REND
, "Descriptor does not start correctly.");
3593 /* Compute descriptor hash for later validation. */
3594 if (router_get_hash_impl(desc
, strlen(desc
), desc_hash
,
3595 "rendezvous-service-descriptor ",
3596 "\nsignature", '\n') < 0) {
3597 log_warn(LD_REND
, "Couldn't compute descriptor hash.");
3600 /* Determine end of string. */
3601 eos
= strstr(desc
, "\nrendezvous-service-descriptor ");
3603 eos
= desc
+ strlen(desc
);
3607 if (strlen(desc
) > REND_DESC_MAX_SIZE
) {
3608 log_warn(LD_REND
, "Descriptor length is %i which exceeds "
3609 "maximum rendezvous descriptor size of %i kilobytes.",
3610 (int)strlen(desc
), REND_DESC_MAX_SIZE
);
3613 /* Tokenize descriptor. */
3614 area
= memarea_new();
3615 if (tokenize_string(area
, desc
, eos
, tokens
, desc_token_table
, 0)) {
3616 log_warn(LD_REND
, "Error tokenizing descriptor.");
3619 /* Set next to next descriptor, if available. */
3621 /* Set length of encoded descriptor. */
3622 *encoded_size_out
= eos
- desc
;
3623 /* Check min allowed length of token list. */
3624 if (smartlist_len(tokens
) < 7) {
3625 log_warn(LD_REND
, "Impossibly short descriptor.");
3628 /* Parse base32-encoded descriptor ID. */
3629 tok
= find_by_keyword(tokens
, R_RENDEZVOUS_SERVICE_DESCRIPTOR
);
3630 tor_assert(tok
== smartlist_get(tokens
, 0));
3631 tor_assert(tok
->n_args
== 1);
3632 if (strlen(tok
->args
[0]) != REND_DESC_ID_V2_LEN_BASE32
||
3633 strspn(tok
->args
[0], BASE32_CHARS
) != REND_DESC_ID_V2_LEN_BASE32
) {
3634 log_warn(LD_REND
, "Invalid descriptor ID: '%s'", tok
->args
[0]);
3637 if (base32_decode(desc_id_out
, DIGEST_LEN
,
3638 tok
->args
[0], REND_DESC_ID_V2_LEN_BASE32
) < 0) {
3639 log_warn(LD_REND
, "Descriptor ID contains illegal characters: %s",
3643 /* Parse descriptor version. */
3644 tok
= find_by_keyword(tokens
, R_VERSION
);
3645 tor_assert(tok
->n_args
== 1);
3647 (int) tor_parse_long(tok
->args
[0], 10, 0, INT_MAX
, &num_ok
, NULL
);
3648 if (result
->version
!= 2 || !num_ok
) {
3649 /* If it's <2, it shouldn't be under this format. If the number
3650 * is greater than 2, we bumped it because we broke backward
3651 * compatibility. See how version numbers in our other formats
3653 log_warn(LD_REND
, "Unrecognized descriptor version: %s",
3654 escaped(tok
->args
[0]));
3657 /* Parse public key. */
3658 tok
= find_by_keyword(tokens
, R_PERMANENT_KEY
);
3659 result
->pk
= tok
->key
;
3660 tok
->key
= NULL
; /* Prevent free */
3661 /* Parse secret ID part. */
3662 tok
= find_by_keyword(tokens
, R_SECRET_ID_PART
);
3663 tor_assert(tok
->n_args
== 1);
3664 if (strlen(tok
->args
[0]) != REND_SECRET_ID_PART_LEN_BASE32
||
3665 strspn(tok
->args
[0], BASE32_CHARS
) != REND_SECRET_ID_PART_LEN_BASE32
) {
3666 log_warn(LD_REND
, "Invalid secret ID part: '%s'", tok
->args
[0]);
3669 if (base32_decode(secret_id_part
, DIGEST_LEN
, tok
->args
[0], 32) < 0) {
3670 log_warn(LD_REND
, "Secret ID part contains illegal characters: %s",
3674 /* Parse publication time -- up-to-date check is done when storing the
3676 tok
= find_by_keyword(tokens
, R_PUBLICATION_TIME
);
3677 tor_assert(tok
->n_args
== 1);
3678 if (parse_iso_time(tok
->args
[0], &result
->timestamp
) < 0) {
3679 log_warn(LD_REND
, "Invalid publication time: '%s'", tok
->args
[0]);
3682 /* Parse protocol versions. */
3683 tok
= find_by_keyword(tokens
, R_PROTOCOL_VERSIONS
);
3684 tor_assert(tok
->n_args
== 1);
3685 versions
= smartlist_create();
3686 smartlist_split_string(versions
, tok
->args
[0], ",",
3687 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
3688 for (i
= 0; i
< smartlist_len(versions
); i
++) {
3689 version
= (int) tor_parse_long(smartlist_get(versions
, i
),
3690 10, 0, INT_MAX
, &num_ok
, NULL
);
3691 if (!num_ok
) /* It's a string; let's ignore it. */
3693 result
->protocols
|= 1 << version
;
3695 SMARTLIST_FOREACH(versions
, char *, cp
, tor_free(cp
));
3696 smartlist_free(versions
);
3697 /* Parse encrypted introduction points. Don't verify. */
3698 tok
= find_opt_by_keyword(tokens
, R_INTRODUCTION_POINTS
);
3700 if (strcmp(tok
->object_type
, "MESSAGE")) {
3701 log_warn(LD_DIR
, "Bad object type: introduction points should be of "
3705 *intro_points_encrypted_out
= tor_memdup(tok
->object_body
,
3707 *intro_points_encrypted_size_out
= tok
->object_size
;
3709 *intro_points_encrypted_out
= NULL
;
3710 *intro_points_encrypted_size_out
= 0;
3712 /* Parse and verify signature. */
3713 tok
= find_by_keyword(tokens
, R_SIGNATURE
);
3714 note_crypto_pk_op(VERIFY_RTR
);
3715 if (check_signature_token(desc_hash
, tok
, result
->pk
, 0,
3716 "v2 rendezvous service descriptor") < 0)
3718 /* Verify that descriptor ID belongs to public key and secret ID part. */
3719 crypto_pk_get_digest(result
->pk
, public_key_hash
);
3720 rend_get_descriptor_id_bytes(test_desc_id
, public_key_hash
,
3722 if (memcmp(desc_id_out
, test_desc_id
, DIGEST_LEN
)) {
3723 log_warn(LD_REND
, "Parsed descriptor ID does not match "
3724 "computed descriptor ID.");
3730 rend_service_descriptor_free(result
);
3734 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
3735 smartlist_free(tokens
);
3738 memarea_drop_all(area
);
3739 *parsed_out
= result
;
3745 /** Decrypt the encrypted introduction points in <b>ipos_encrypted</b> of
3746 * length <b>ipos_encrypted_size</b> using <b>descriptor_cookie</b> and
3747 * write the result to a newly allocated string that is pointed to by
3748 * <b>ipos_decrypted</b> and its length to <b>ipos_decrypted_size</b>.
3749 * Return 0 if decryption was successful and -1 otherwise. */
3751 rend_decrypt_introduction_points(char **ipos_decrypted
,
3752 size_t *ipos_decrypted_size
,
3753 const char *descriptor_cookie
,
3754 const char *ipos_encrypted
,
3755 size_t ipos_encrypted_size
)
3757 tor_assert(ipos_encrypted
);
3758 tor_assert(descriptor_cookie
);
3759 if (ipos_encrypted_size
< 2) {
3760 log_warn(LD_REND
, "Size of encrypted introduction points is too "
3764 if (ipos_encrypted
[0] == (int)REND_BASIC_AUTH
) {
3765 char iv
[CIPHER_IV_LEN
], client_id
[REND_BASIC_AUTH_CLIENT_ID_LEN
],
3766 session_key
[CIPHER_KEY_LEN
], *dec
;
3767 int declen
, client_blocks
;
3768 size_t pos
= 0, len
, client_entries_len
;
3769 crypto_digest_env_t
*digest
;
3770 crypto_cipher_env_t
*cipher
;
3771 client_blocks
= (int) ipos_encrypted
[1];
3772 client_entries_len
= client_blocks
* REND_BASIC_AUTH_CLIENT_MULTIPLE
*
3773 REND_BASIC_AUTH_CLIENT_ENTRY_LEN
;
3774 if (ipos_encrypted_size
< 2 + client_entries_len
+ CIPHER_IV_LEN
+ 1) {
3775 log_warn(LD_REND
, "Size of encrypted introduction points is too "
3779 memcpy(iv
, ipos_encrypted
+ 2 + client_entries_len
, CIPHER_IV_LEN
);
3780 digest
= crypto_new_digest_env();
3781 crypto_digest_add_bytes(digest
, descriptor_cookie
, REND_DESC_COOKIE_LEN
);
3782 crypto_digest_add_bytes(digest
, iv
, CIPHER_IV_LEN
);
3783 crypto_digest_get_digest(digest
, client_id
,
3784 REND_BASIC_AUTH_CLIENT_ID_LEN
);
3785 crypto_free_digest_env(digest
);
3786 for (pos
= 2; pos
< 2 + client_entries_len
;
3787 pos
+= REND_BASIC_AUTH_CLIENT_ENTRY_LEN
) {
3788 if (!memcmp(ipos_encrypted
+ pos
, client_id
,
3789 REND_BASIC_AUTH_CLIENT_ID_LEN
)) {
3790 /* Attempt to decrypt introduction points. */
3791 cipher
= crypto_create_init_cipher(descriptor_cookie
, 0);
3792 if (crypto_cipher_decrypt(cipher
, session_key
, ipos_encrypted
3793 + pos
+ REND_BASIC_AUTH_CLIENT_ID_LEN
,
3794 CIPHER_KEY_LEN
) < 0) {
3795 log_warn(LD_REND
, "Could not decrypt session key for client.");
3796 crypto_free_cipher_env(cipher
);
3799 crypto_free_cipher_env(cipher
);
3800 cipher
= crypto_create_init_cipher(session_key
, 0);
3801 len
= ipos_encrypted_size
- 2 - client_entries_len
- CIPHER_IV_LEN
;
3802 dec
= tor_malloc(len
);
3803 declen
= crypto_cipher_decrypt_with_iv(cipher
, dec
, len
,
3804 ipos_encrypted
+ 2 + client_entries_len
,
3805 ipos_encrypted_size
- 2 - client_entries_len
);
3806 crypto_free_cipher_env(cipher
);
3808 log_warn(LD_REND
, "Could not decrypt introduction point string.");
3812 if (memcmpstart(dec
, declen
, "introduction-point ")) {
3813 log_warn(LD_REND
, "Decrypted introduction points don't "
3814 "look like we could parse them.");
3818 *ipos_decrypted
= dec
;
3819 *ipos_decrypted_size
= declen
;
3823 log_warn(LD_REND
, "Could not decrypt introduction points. Please "
3824 "check your authorization for this service!");
3826 } else if (ipos_encrypted
[0] == (int)REND_STEALTH_AUTH
) {
3827 crypto_cipher_env_t
*cipher
;
3830 dec
= tor_malloc_zero(ipos_encrypted_size
- CIPHER_IV_LEN
- 1);
3831 cipher
= crypto_create_init_cipher(descriptor_cookie
, 0);
3832 declen
= crypto_cipher_decrypt_with_iv(cipher
, dec
,
3833 ipos_encrypted_size
-
3836 ipos_encrypted_size
- 1);
3837 crypto_free_cipher_env(cipher
);
3839 log_warn(LD_REND
, "Decrypting introduction points failed!");
3843 *ipos_decrypted
= dec
;
3844 *ipos_decrypted_size
= declen
;
3847 log_warn(LD_REND
, "Unknown authorization type number: %d",
3853 /** Parse the encoded introduction points in <b>intro_points_encoded</b> of
3854 * length <b>intro_points_encoded_size</b> and write the result to the
3855 * descriptor in <b>parsed</b>; return the number of successfully parsed
3856 * introduction points or -1 in case of a failure. */
3858 rend_parse_introduction_points(rend_service_descriptor_t
*parsed
,
3859 const char *intro_points_encoded
,
3860 size_t intro_points_encoded_size
)
3862 const char *current_ipo
, *end_of_intro_points
;
3863 smartlist_t
*tokens
;
3864 directory_token_t
*tok
;
3865 rend_intro_point_t
*intro
;
3866 extend_info_t
*info
;
3867 int result
, num_ok
=1;
3868 memarea_t
*area
= NULL
;
3870 /** Function may only be invoked once. */
3871 tor_assert(!parsed
->intro_nodes
);
3872 tor_assert(intro_points_encoded
);
3873 tor_assert(intro_points_encoded_size
> 0);
3874 /* Consider one intro point after the other. */
3875 current_ipo
= intro_points_encoded
;
3876 end_of_intro_points
= intro_points_encoded
+ intro_points_encoded_size
;
3877 tokens
= smartlist_create();
3878 parsed
->intro_nodes
= smartlist_create();
3879 area
= memarea_new();
3881 while (!memcmpstart(current_ipo
, end_of_intro_points
-current_ipo
,
3882 "introduction-point ")) {
3883 /* Determine end of string. */
3884 const char *eos
= tor_memstr(current_ipo
, end_of_intro_points
-current_ipo
,
3885 "\nintroduction-point ");
3887 eos
= end_of_intro_points
;
3890 tor_assert(eos
<= intro_points_encoded
+intro_points_encoded_size
);
3891 /* Free tokens and clear token list. */
3892 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
3893 smartlist_clear(tokens
);
3894 memarea_clear(area
);
3895 /* Tokenize string. */
3896 if (tokenize_string(area
, current_ipo
, eos
, tokens
, ipo_token_table
, 0)) {
3897 log_warn(LD_REND
, "Error tokenizing introduction point");
3900 /* Advance to next introduction point, if available. */
3902 /* Check minimum allowed length of introduction point. */
3903 if (smartlist_len(tokens
) < 5) {
3904 log_warn(LD_REND
, "Impossibly short introduction point.");
3907 /* Allocate new intro point and extend info. */
3908 intro
= tor_malloc_zero(sizeof(rend_intro_point_t
));
3909 info
= intro
->extend_info
= tor_malloc_zero(sizeof(extend_info_t
));
3910 /* Parse identifier. */
3911 tok
= find_by_keyword(tokens
, R_IPO_IDENTIFIER
);
3912 if (base32_decode(info
->identity_digest
, DIGEST_LEN
,
3913 tok
->args
[0], REND_INTRO_POINT_ID_LEN_BASE32
) < 0) {
3914 log_warn(LD_REND
, "Identity digest contains illegal characters: %s",
3916 rend_intro_point_free(intro
);
3919 /* Write identifier to nickname. */
3920 info
->nickname
[0] = '$';
3921 base16_encode(info
->nickname
+ 1, sizeof(info
->nickname
) - 1,
3922 info
->identity_digest
, DIGEST_LEN
);
3923 /* Parse IP address. */
3924 tok
= find_by_keyword(tokens
, R_IPO_IP_ADDRESS
);
3925 if (tor_addr_from_str(&info
->addr
, tok
->args
[0])<0) {
3926 log_warn(LD_REND
, "Could not parse introduction point address.");
3927 rend_intro_point_free(intro
);
3930 if (tor_addr_family(&info
->addr
) != AF_INET
) {
3931 log_warn(LD_REND
, "Introduction point address was not ipv4.");
3932 rend_intro_point_free(intro
);
3936 /* Parse onion port. */
3937 tok
= find_by_keyword(tokens
, R_IPO_ONION_PORT
);
3938 info
->port
= (uint16_t) tor_parse_long(tok
->args
[0],10,1,65535,
3940 if (!info
->port
|| !num_ok
) {
3941 log_warn(LD_REND
, "Introduction point onion port %s is invalid",
3942 escaped(tok
->args
[0]));
3943 rend_intro_point_free(intro
);
3946 /* Parse onion key. */
3947 tok
= find_by_keyword(tokens
, R_IPO_ONION_KEY
);
3948 info
->onion_key
= tok
->key
;
3949 tok
->key
= NULL
; /* Prevent free */
3950 /* Parse service key. */
3951 tok
= find_by_keyword(tokens
, R_IPO_SERVICE_KEY
);
3952 intro
->intro_key
= tok
->key
;
3953 tok
->key
= NULL
; /* Prevent free */
3954 /* Add extend info to list of introduction points. */
3955 smartlist_add(parsed
->intro_nodes
, intro
);
3957 result
= smartlist_len(parsed
->intro_nodes
);
3964 /* Free tokens and clear token list. */
3965 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
3966 smartlist_free(tokens
);
3968 memarea_drop_all(area
);
3973 /** Parse the content of a client_key file in <b>ckstr</b> and add
3974 * rend_authorized_client_t's for each parsed client to
3975 * <b>parsed_clients</b>. Return the number of parsed clients as result
3976 * or -1 for failure. */
3978 rend_parse_client_keys(strmap_t
*parsed_clients
, const char *ckstr
)
3981 smartlist_t
*tokens
;
3982 directory_token_t
*tok
;
3983 const char *current_entry
= NULL
;
3984 memarea_t
*area
= NULL
;
3985 if (!ckstr
|| strlen(ckstr
) == 0)
3987 tokens
= smartlist_create();
3988 /* Begin parsing with first entry, skipping comments or whitespace at the
3990 area
= memarea_new();
3991 current_entry
= eat_whitespace(ckstr
);
3992 while (!strcmpstart(current_entry
, "client-name ")) {
3993 rend_authorized_client_t
*parsed_entry
;
3995 char descriptor_cookie_base64
[REND_DESC_COOKIE_LEN_BASE64
+2+1];
3996 char descriptor_cookie_tmp
[REND_DESC_COOKIE_LEN
+2];
3997 /* Determine end of string. */
3998 const char *eos
= strstr(current_entry
, "\nclient-name ");
4000 eos
= current_entry
+ strlen(current_entry
);
4003 /* Free tokens and clear token list. */
4004 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
4005 smartlist_clear(tokens
);
4006 memarea_clear(area
);
4007 /* Tokenize string. */
4008 if (tokenize_string(area
, current_entry
, eos
, tokens
,
4009 client_keys_token_table
, 0)) {
4010 log_warn(LD_REND
, "Error tokenizing client keys file.");
4013 /* Advance to next entry, if available. */
4014 current_entry
= eos
;
4015 /* Check minimum allowed length of token list. */
4016 if (smartlist_len(tokens
) < 2) {
4017 log_warn(LD_REND
, "Impossibly short client key entry.");
4020 /* Parse client name. */
4021 tok
= find_by_keyword(tokens
, C_CLIENT_NAME
);
4022 tor_assert(tok
== smartlist_get(tokens
, 0));
4023 tor_assert(tok
->n_args
== 1);
4025 len
= strlen(tok
->args
[0]);
4026 if (len
< 1 || len
> 19 ||
4027 strspn(tok
->args
[0], REND_LEGAL_CLIENTNAME_CHARACTERS
) != len
) {
4028 log_warn(LD_CONFIG
, "Illegal client name: %s. (Length must be "
4029 "between 1 and 19, and valid characters are "
4030 "[A-Za-z0-9+-_].)", tok
->args
[0]);
4033 /* Check if client name is duplicate. */
4034 if (strmap_get(parsed_clients
, tok
->args
[0])) {
4035 log_warn(LD_CONFIG
, "HiddenServiceAuthorizeClient contains a "
4036 "duplicate client name: '%s'. Ignoring.", tok
->args
[0]);
4039 parsed_entry
= tor_malloc_zero(sizeof(rend_authorized_client_t
));
4040 parsed_entry
->client_name
= tor_strdup(tok
->args
[0]);
4041 strmap_set(parsed_clients
, parsed_entry
->client_name
, parsed_entry
);
4042 /* Parse client key. */
4043 tok
= find_opt_by_keyword(tokens
, C_CLIENT_KEY
);
4045 parsed_entry
->client_key
= tok
->key
;
4046 tok
->key
= NULL
; /* Prevent free */
4049 /* Parse descriptor cookie. */
4050 tok
= find_by_keyword(tokens
, C_DESCRIPTOR_COOKIE
);
4051 tor_assert(tok
->n_args
== 1);
4052 if (strlen(tok
->args
[0]) != REND_DESC_COOKIE_LEN_BASE64
+ 2) {
4053 log_warn(LD_REND
, "Descriptor cookie has illegal length: %s",
4054 escaped(tok
->args
[0]));
4057 /* The size of descriptor_cookie_tmp needs to be REND_DESC_COOKIE_LEN+2,
4058 * because a base64 encoding of length 24 does not fit into 16 bytes in all
4060 if ((base64_decode(descriptor_cookie_tmp
, REND_DESC_COOKIE_LEN
+2,
4061 tok
->args
[0], REND_DESC_COOKIE_LEN_BASE64
+2+1)
4062 != REND_DESC_COOKIE_LEN
)) {
4063 log_warn(LD_REND
, "Descriptor cookie contains illegal characters: "
4064 "%s", descriptor_cookie_base64
);
4067 memcpy(parsed_entry
->descriptor_cookie
, descriptor_cookie_tmp
,
4068 REND_DESC_COOKIE_LEN
);
4070 result
= strmap_size(parsed_clients
);
4075 /* Free tokens and clear token list. */
4076 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
4077 smartlist_free(tokens
);
4079 memarea_drop_all(area
);