| blob | ea69792f1205657bcdb428954583f38adea4b49f |
1 /* * Copyright (c) 2012-2016, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file channeltls.c
6 *
7 * \brief A concrete subclass of channel_t using or_connection_t to transfer
8 * cells between Tor instances.
9 *
10 * This module fills in the various function pointers in channel_t, to
11 * implement the channel_tls_t channels as used in Tor today. These channels
12 * are created from channel_tls_connect() and
13 * channel_tls_handle_incoming(). Each corresponds 1:1 to or_connection_t
14 * object, as implemented in connection_or.c. These channels transmit cells
15 * to the underlying or_connection_t by calling
16 * connection_or_write_*_cell_to_buf(), and receive cells from the underlying
17 * or_connection_t when connection_or_process_cells_from_inbuf() calls
18 * channel_tls_handle_*_cell().
19 *
20 * Here we also implement the server (responder) side of the v3+ Tor link
21 * handshake, which uses CERTS and AUTHENTICATE cell to negotiate versions,
22 * exchange expected and observed IP and time information, and bootstrap a
23 * level of authentication higher than we have gotten on the raw TLS
24 * handshake.
25 *
26 * NOTE: Since there is currently only one type of channel, there are probably
27 * more than a few cases where functionality that is currently in
28 * channeltls.c, connection_or.c, and channel.c ought to be divided up
29 * differently. The right time to do this is probably whenever we introduce
30 * our next channel type.
31 **/
33 /*
34 * Define this so channel.h gives us things only channel_t subclasses
35 * should touch.
36 */
38 #define TOR_CHANNEL_INTERNAL_
40 #define CHANNELTLS_PRIVATE
59 /** How many CELL_PADDING cells have we received, ever? */
61 /** How many CELL_VERSIONS cells have we received, ever? */
63 /** How many CELL_NETINFO cells have we received, ever? */
65 /** How many CELL_VPADDING cells have we received, ever? */
67 /** How many CELL_CERTS cells have we received, ever? */
69 /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
71 /** How many CELL_AUTHENTICATE cells have we received, ever? */
73 /** How many CELL_AUTHORIZE cells have we received, ever? */
76 /** Active listener, if any */
79 /* channel_tls_t method declarations */
85 static int
87 static int
93 static int
107 /* channel_listener_tls_t method declarations */
113 /** Handle incoming cells for the handshake stuff here rather than
114 * passing them on up. */
124 /**
125 * Do parts of channel_tls_t initialization common to channel_tls_connect()
126 * and channel_tls_handle_incoming().
127 */
129 STATIC void
131 {
160 }
161 }
163 /**
164 * Start a new TLS channel
165 *
166 * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
167 * handshake with an OR with identity digest <b>id_digest</b>, and wrap
168 * it in a channel_tls_t.
169 */
171 channel_t *
174 {
181 "In channel_tls_connect() for channel %p "
183 tlschan,
196 }
200 /* Set up or_connection stuff */
202 /* connection_or_connect() will fill in tlschan->conn */
207 }
215 err:
220 done:
221 /* If we got one, we should register it */
225 }
227 /**
228 * Return the current channel_tls_t listener
229 *
230 * Returns the current channel listener for incoming TLS connections, or
231 * NULL if none has been established
232 */
234 channel_listener_t *
236 {
238 }
240 /**
241 * Start a channel_tls_t listener if necessary
242 *
243 * Return the current channel_tls_t listener, or start one if we haven't yet,
244 * and return that.
245 */
247 channel_listener_t *
249 {
258 channel_tls_listener_describe_transport_method;
270 }
272 /**
273 * Free everything on shutdown
274 *
275 * Not much to do here, since channel_free_all() takes care of a lot, but let's
276 * get rid of the listener.
277 */
279 void
281 {
288 /*
289 * When we close it, channel_tls_listener will get nulled out, so save
290 * a pointer so we can free it.
291 */
294 "Closing channel_tls_listener with ID " U64_FORMAT
297 old_listener);
302 }
306 }
308 /**
309 * Create a new channel around an incoming or_connection_t
310 */
312 channel_t *
314 {
323 /* Link the channel and orconn to each other */
337 }
341 /* Register it */
345 }
347 /*********
348 * Casts *
349 ********/
351 /**
352 * Cast a channel_tls_t to a channel_t.
353 */
355 channel_t *
357 {
361 }
363 /**
364 * Cast a channel_t to a channel_tls_t, with appropriate type-checking
365 * asserts.
366 */
368 channel_tls_t *
370 {
376 }
378 /********************************************
379 * Method implementations for channel_tls_t *
380 *******************************************/
382 /**
383 * Close a channel_tls_t
384 *
385 * This implements the close method for channel_tls_t
386 */
388 static void
390 {
397 /* Weird - we'll have to change the state ourselves, I guess */
400 tlschan);
402 }
403 }
405 /**
406 * Describe the transport for a channel_tls_t
407 *
408 * This returns the string "TLS channel on connection <id>" to the upper
409 * layer.
410 */
414 {
435 }
438 }
440 /**
441 * Free a channel_tls_t
442 *
443 * This is called by the generic channel layer when freeing a channel_tls_t;
444 * this happens either on a channel which has already reached
445 * CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or
446 * on shutdown from channel_free_all(). In the latter case we might still
447 * have an orconn active (which connection_free_all() will get to later),
448 * so we should null out its channel pointer now.
449 */
451 static void
453 {
461 }
462 }
464 /**
465 * Get an estimate of the average TLS overhead for the upper layer
466 */
468 static double
470 {
477 /* Just return 1.0f if we don't have sensible data */
484 /*
485 * Never estimate more than 2.0; otherwise we get silly large estimates
486 * at the very start of a new TLS connection.
487 */
490 }
497 }
499 /**
500 * Get the remote address of a channel_tls_t
501 *
502 * This implements the get_remote_addr method for channel_tls_t; copy the
503 * remote endpoint of the channel to addr_out and return 1 (always
504 * succeeds for this transport).
505 */
507 static int
509 {
522 }
524 /**
525 * Get the name of the pluggable transport used by a channel_tls_t.
526 *
527 * This implements the get_transport_name for channel_tls_t. If the
528 * channel uses a pluggable transport, copy its name to
529 * <b>transport_out</b> and return 0. If the channel did not use a
530 * pluggable transport, return -1. */
532 static int
534 {
546 }
548 /**
549 * Get endpoint description of a channel_tls_t
550 *
551 * This implements the get_remote_descr method for channel_tls_t; it returns
552 * a text description of the remote endpoint of the channel suitable for use
553 * in log messages. The req parameter is 0 for the canonical address or 1 for
554 * the actual address seen.
555 */
559 {
560 #define MAX_DESCR_LEN 32
574 /* Canonical address with port*/
580 /* Actual address with port */
588 /* Canonical address, no port */
593 /* Actual address, no port */
600 /* Something's broken in channel.c */
602 }
606 }
609 }
611 /**
612 * Tell the upper layer if we have queued writes
613 *
614 * This implements the has_queued_writes method for channel_tls t_; it returns
615 * 1 iff we have queued writes on the outbuf of the underlying or_connection_t.
616 */
618 static int
620 {
627 "something called has_queued_writes on a tlschan "
630 }
637 }
639 /**
640 * Tell the upper layer if we're canonical
641 *
642 * This implements the is_canonical method for channel_tls_t; if req is zero,
643 * it returns whether this is a canonical channel, and if it is one it returns
644 * whether that can be relied upon.
645 */
647 static int
649 {
661 /*
662 * Is the is_canonical bit reliable? In protocols version 2 and up
663 * we get the canonical address from a NETINFO cell, but in older
664 * versions it might be based on an obsolete descriptor.
665 */
669 /* This shouldn't happen; channel.c is broken if it does */
671 }
672 }
673 /* else return 0 for tlschan->conn == NULL */
676 }
678 /**
679 * Check if we match an extend_info_t
680 *
681 * This implements the matches_extend_info method for channel_tls_t; the upper
682 * layer wants to know if this channel matches an extend_info_t.
683 */
685 static int
688 {
694 /* Never match if we have no conn */
697 "something called matches_extend_info on a tlschan "
701 }
706 }
708 /**
709 * Check if we match a target address; return true iff we do.
710 *
711 * This implements the matches_target method for channel_tls t_; the upper
712 * layer wants to know if this channel matches a target address when extending
713 * a circuit.
714 */
716 static int
719 {
725 /* Never match if we have no conn */
728 "something called matches_target on a tlschan "
732 }
735 }
737 /**
738 * Tell the upper layer how many bytes we have queued and not yet
739 * sent.
740 */
742 static size_t
744 {
751 }
753 /**
754 * Tell the upper layer how many cells we can accept to write
755 *
756 * This implements the num_cells_writeable method for channel_tls_t; it
757 * returns an estimate of the number of cells we can accept with
758 * channel_tls_write_*_cell().
759 */
761 static int
763 {
765 ssize_t n;
774 /* Get the number of cells */
777 #if SIZEOF_SIZE_T > SIZEOF_INT
779 #endif
782 }
784 /**
785 * Write a cell to a channel_tls_t
786 *
787 * This implements the write_cell method for channel_tls_t; given a
788 * channel_tls_t and a cell_t, transmit the cell_t.
789 */
791 static int
793 {
805 "something called write_cell on a tlschan "
808 }
811 }
813 /**
814 * Write a packed cell to a channel_tls_t
815 *
816 * This implements the write_packed_cell method for channel_tls_t; given a
817 * channel_tls_t and a packed_cell_t, transmit the packed_cell_t.
818 */
820 static int
823 {
836 /* This is where the cell is finished; used to be done from relay.c */
841 "something called write_packed_cell on a tlschan "
844 }
847 }
849 /**
850 * Write a variable-length cell to a channel_tls_t
851 *
852 * This implements the write_var_cell method for channel_tls_t; given a
853 * channel_tls_t and a var_cell_t, transmit the var_cell_t.
854 */
856 static int
858 {
870 "something called write_var_cell on a tlschan "
873 }
876 }
878 /*************************************************
879 * Method implementations for channel_listener_t *
880 ************************************************/
882 /**
883 * Close a channel_listener_t
884 *
885 * This implements the close method for channel_listener_t
886 */
888 static void
890 {
893 /*
894 * Listeners we just go ahead and change state through to CLOSED, but
895 * make sure to check if they're channel_tls_listener to NULL it out.
896 */
904 }
914 }
919 }
920 }
922 /**
923 * Describe the transport for a channel_listener_t
924 *
925 * This returns the string "TLS channel (listening)" to the upper
926 * layer.
927 */
931 {
935 }
937 /*******************************************************
938 * Functions for handling events on an or_connection_t *
939 ******************************************************/
941 /**
942 * Handle an orconn state change
943 *
944 * This function will be called by connection_or.c when the or_connection_t
945 * associated with this channel_tls_t changes state.
946 */
948 void
953 {
960 /* Shut the compiler up without triggering -Wtautological-compare */
965 /* Make sure the base connection state makes sense - shouldn't be error
966 * or closed. */
973 /* Did we just go to state open? */
975 /*
976 * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or
977 * CHANNEL_STATE_MAINT on this.
978 */
980 /* We might have just become writeable; check and tell the scheduler */
983 }
985 /*
986 * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
987 * otherwise no change.
988 */
991 }
992 }
993 }
995 #ifdef KEEP_TIMING_STATS
997 /**
998 * Timing states wrapper
999 *
1000 * This is a wrapper function around the actual function that processes the
1001 * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b>
1002 * by the number of microseconds used by the call to <b>*func(cell, chan)</b>.
1003 */
1005 static void
1008 {
1021 }
1026 }
1029 }
1030 #endif
1032 /**
1033 * Handle an incoming cell on a channel_tls_t
1034 *
1035 * This is called from connection_or.c to handle an arriving cell; it checks
1036 * for cell types specific to the handshake for this transport protocol and
1037 * handles them, and queues all other cells to the channel_t layer, which
1038 * eventually will hand them off to command.c.
1039 *
1040 * The channel layer itself decides whether the cell should be queued or
1041 * can be handed off immediately to the upper-layer code. It is responsible
1042 * for copying in the case that it queues; we merely pass pointers through
1043 * which we get from connection_or_process_cells_from_inbuf().
1044 */
1046 void
1048 {
1052 #ifdef KEEP_TIMING_STATS
1053 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
1054 ++num ## tp; \
1055 channel_tls_time_process_cell(cl, cn, & tp ## time , \
1056 channel_tls_process_ ## tp ## _cell); \
1057 } STMT_END
1058 #else
1059 #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
1060 #endif
1071 }
1078 /* Reject all but VERSIONS and NETINFO when handshaking. */
1079 /* (VERSIONS should actually be impossible; it's variable-length.) */
1083 "Received unexpected cell command %d in chan state %s / "
1090 }
1098 /* do nothing */
1116 /*
1117 * These are all transport independent and we pass them up through the
1118 * channel_t mechanism. They are ultimately handled in command.c.
1119 */
1124 "Cell of unknown type (%d) received in channeltls.c. "
1128 }
1129 }
1131 /**
1132 * Handle an incoming variable-length cell on a channel_tls_t
1133 *
1134 * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep
1135 * internal statistics about how many of each cell we've processed so far
1136 * this second, and the total number of microseconds it took to
1137 * process each type of cell. All the var_cell commands are handshake-
1138 * related and live below the channel_t layer, so no variable-length
1139 * cells ever get delivered in the current implementation, but I've left
1140 * the mechanism in place for future use.
1141 *
1142 * If we were handing them off to the upper layer, the channel_t queueing
1143 * code would be responsible for memory management, and we'd just be passing
1144 * pointers through from connection_or_process_cells_from_inbuf(). That
1145 * caller always frees them after this function returns, so this function
1146 * should never free var_cell.
1147 */
1149 void
1151 {
1154 #ifdef KEEP_TIMING_STATS
1155 /* how many of each cell have we seen so far this second? needs better
1156 * name. */
1163 /* print stats */
1172 /* remember which second it is, for next time */
1174 }
1175 #endif
1186 }
1195 "Received a cell with command %d in unexpected "
1203 /*
1204 * The code in connection_or.c will tell channel_t to close for
1205 * error; it will go to CHANNEL_STATE_CLOSING, and then to
1206 * CHANNEL_STATE_ERROR when conn is closed.
1207 */
1210 }
1213 /* If we're using bufferevents, it's entirely possible for us to
1214 * notice "hey, data arrived!" before we notice "hey, the handshake
1215 * finished!" And we need to be accepting both at once to handle both
1216 * the v2 and v3 handshakes. */
1217 /* But that should be happening any longer've disabled bufferevents. */
1220 /* fall through */
1224 "Received a cell with command %d in unexpected "
1232 /* see above comment about CHANNEL_STATE_ERROR */
1238 }
1248 "Received a variable-length cell with command %d in orconn "
1249 "state %s [%d], channel state %s [%d] with link protocol %d; "
1258 }
1262 "Received var-length cell with command %d in unexpected "
1271 }
1273 /* Now handle the cell */
1282 /* Do nothing */
1298 /* Ignored so far. */
1305 }
1306 }
1308 /**
1309 * Update channel marks after connection_or.c has changed an address
1310 *
1311 * This is called from connection_or_init_conn_from_address() after the
1312 * connection's _base.addr or real_addr fields have potentially been changed
1313 * so we can recalculate the local mark. Notably, this happens when incoming
1314 * connections are reverse-proxied and we only learn the real address of the
1315 * remote router by looking it up in the consensus after we finish the
1316 * handshake and know an authenticated identity digest.
1317 */
1319 void
1321 {
1335 }
1342 }
1343 }
1344 }
1346 /**
1347 * Check if this cell type is allowed before the handshake is finished
1348 *
1349 * Return true if <b>command</b> is a cell command that's allowed to start a
1350 * V3 handshake.
1351 */
1353 static int
1355 {
1363 }
1364 }
1366 /**
1367 * Start a V3 handshake on an incoming connection
1368 *
1369 * Called when we as a server receive an appropriate cell while waiting
1370 * either for a cell or a TLS handshake. Set the connection's state to
1371 * "handshaking_v3', initializes the or_handshake_state field as needed,
1372 * and add the cell to the hash of incoming cells.)
1373 */
1375 static int
1377 {
1388 OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
1392 "Received a cell while TLS-handshaking, not in "
1394 }
1400 }
1404 }
1406 /**
1407 * Process a 'versions' cell.
1408 *
1409 * This function is called to handle an incoming VERSIONS cell; the current
1410 * link protocol version must be 0 to indicate that no version has yet been
1411 * negotiated. We compare the versions in the cell to the list of versions
1412 * we support, pick the highest version we have in common, and continue the
1413 * negotiation from there.
1414 */
1416 static void
1418 {
1428 "Received a VERSION cell with odd payload length %d; "
1432 }
1440 "Received a VERSIONS cell on a connection with its version "
1444 }
1446 {
1456 }
1460 {
1467 }
1468 }
1471 "Couldn't find a version in common between my version list and the "
1476 /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
1477 * cells. */
1479 "Used version negotiation protocol to negotiate a v1 connection. "
1486 "Negotiated link protocol 2 or lower after doing a v3 TLS "
1492 /* XXXX This should eventually be a log_protocol_warn */
1494 "Negotiated link with non-2 protocol after doing a v2 TLS "
1499 }
1509 highest_supported_version,
1516 }
1519 /* If we want to authenticate, send a CERTS cell */
1521 /* If we're a host that got a connection, ask for authentication. */
1523 /* If our certs cell will authenticate us, we can send a netinfo cell
1524 * right now. */
1532 highest_supported_version,
1541 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
1545 }
1546 #endif
1553 }
1554 }
1556 /* We set this after sending the verions cell. */
1557 /*XXXXX symbolic const.*/
1567 }
1568 }
1574 }
1575 }
1581 }
1582 }
1583 }
1584 }
1586 /**
1587 * Helper: compute the absolute value of a time_t.
1588 *
1589 * (we need this because labs() doesn't always work for time_t, since
1590 * long can be shorter than time_t.)
1591 */
1594 {
1596 }
1598 /**
1599 * Process a 'netinfo' cell
1600 *
1601 * This function is called to handle an incoming NETINFO cell; read and act
1602 * on its contents, and set the connection state to "open".
1603 */
1605 static void
1607 {
1628 }
1634 }
1643 "Got a NETINFO cell from server, "
1647 }
1649 /* we're the server. If the client never authenticated, we have
1650 some housekeeping to do.*/
1654 authenticated_peer_id)));
1655 /* If the client never authenticated, it's a tor client or bridge
1656 * relay, and we must not use it for EXTEND requests (nor could we, as
1657 * there are no authenticated peer IDs) */
1666 authenticated_peer_id),
1668 }
1669 }
1670 }
1672 /* Decode the cell. */
1677 /* If we have gotten the NETINFO cell reasonably soon after having
1678 * sent our VERSIONS cell, maybe we can learn skew information from it. */
1680 }
1688 /* We used to check:
1689 * if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) {
1690 *
1691 * This is actually never going to happen, since my_addr_len is at most 255,
1692 * and CELL_PAYLOAD_LEN - 6 is 503. So we know that cp is < end. */
1698 }
1702 /* Consider all the other addresses; if any matches, this connection is
1703 * "canonical." */
1704 tor_addr_t addr;
1712 }
1716 }
1719 }
1721 /* Act on apparent skew. */
1722 /** Warn when we get a netinfo skew with at least this value. */
1723 #define NETINFO_NOTICE_SKEW 3600
1729 }
1731 /* XXX maybe act on my_apparent_addr, if the source is sufficiently
1732 * trustworthy. */
1735 /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
1736 * cell, then we would not previously have sent a NETINFO cell. Do so
1737 * now. */
1741 }
1742 }
1746 "Got good NETINFO cell from %s:%d; but "
1753 "Got good NETINFO cell from %s:%d; OR connection is now "
1754 "open, using protocol version %d. Its ID digest is %s. "
1760 DIGEST_LEN),
1763 }
1765 }
1767 /**
1768 * Process a CERTS cell from a channel.
1769 *
1770 * This function is called to process an incoming CERTS cell on a
1771 * channel_tls_t:
1772 *
1773 * If the other side should not have sent us a CERTS cell, or the cell is
1774 * malformed, or it is supposed to authenticate the TLS key but it doesn't,
1775 * then mark the connection.
1776 *
1777 * If the cell has a good cert chain and we're doing a v3 handshake, then
1778 * store the certificates in or_handshake_state. If this is the client side
1779 * of the connection, we then authenticate the server or mark the connection.
1780 * If it's the server side, wait for an AUTHENTICATE cell.
1781 */
1783 STATIC void
1785 {
1786 #define MAX_CERT_TYPE_WANTED OR_CERT_TYPE_AUTH_1024
1798 #define ERR(s) \
1799 do { \
1800 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1802 safe_str(chan->conn->base_.address), \
1803 chan->conn->base_.port, (s)); \
1804 connection_or_close_for_error(chan->conn, 0); \
1805 goto err; \
1806 } while (0)
1815 /* Should be unreachable, but let's make sure. */
1817 }
1850 }
1851 }
1852 }
1862 /* Okay. We should be able to check the certificates now. */
1865 }
1866 /* Note that this warns more loudly about time and validity if we were
1867 * _trying_ to connect to an authority, not necessarily if we _did_ connect
1868 * to one. */
1872 else
1881 {
1896 }
1910 /* If we initiated the connection and we are not a public server, we
1911 * aren't planning to authenticate at all. At this point we know who we
1912 * are talking to, so we can just send a netinfo now. */
1914 }
1919 /* Remember these certificates so we can check an AUTHENTICATE cell */
1926 "Got some good certificates from %s:%d: "
1930 /* XXXX check more stuff? */
1935 }
1944 }
1945 }
1947 err:
1950 }
1952 #undef ERR
1953 }
1955 /**
1956 * Process an AUTH_CHALLENGE cell from a channel_tls_t
1957 *
1958 * This function is called to handle an incoming AUTH_CHALLENGE cell on a
1959 * channel_tls_t; if we weren't supposed to get one (for example, because we're
1960 * not the originator of the channel), or it's ill-formed, or we aren't doing
1961 * a v3 handshake, mark the channel. If the cell is well-formed but we don't
1962 * want to authenticate, just drop it. If the cell is well-formed *and* we
1963 * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
1964 */
1966 STATIC void
1968 {
1976 #define ERR(s) \
1977 do { \
1978 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1980 safe_str(chan->conn->base_.address), \
1981 chan->conn->base_.port, (s)); \
1982 connection_or_close_for_error(chan->conn, 0); \
1983 goto done; \
1984 } while (0)
2004 /* Now see if there is an authentication type we can use */
2009 }
2014 /* If we're not a public server then we don't want to authenticate on a
2015 connection we originated, and we already sent a NETINFO cell when we
2016 got the CERTS cell. We have nothing more to do. */
2018 }
2022 "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
2032 }
2035 "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
2039 }
2045 }
2047 done:
2050 #undef ERR
2051 }
2053 /**
2054 * Process an AUTHENTICATE cell from a channel_tls_t
2055 *
2056 * If it's ill-formed or we weren't supposed to get one or we're not doing a
2057 * v3 handshake, then mark the connection. If it does not authenticate the
2058 * other side of the connection successfully (because it isn't signed right,
2059 * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
2060 * the identity of the router on the other side of the connection.
2061 */
2063 STATIC void
2065 {
2074 #define ERR(s) \
2075 do { \
2076 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2078 safe_str(chan->conn->base_.address), \
2079 chan->conn->base_.port, (s)); \
2080 connection_or_close_for_error(chan->conn, 0); \
2081 return; \
2082 } while (0)
2093 /* Should be impossible given other checks */
2095 }
2106 {
2117 }
2122 ssize_t bodylen =
2131 {
2152 }
2156 }
2157 /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
2158 * in case they're later used to hold a SHA3 digest or something. */
2162 }
2164 }
2166 /* Okay, we are authenticated. */
2170 {
2176 /* This must exist; we checked key type when reading the cert. */
2190 authenticated_peer_id),
2197 }
2199 #undef ERR
2200 }