1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Functions for processing incoming cells.
12 /* In-points to command.c:
14 * - command_process_cell(), called from
15 * connection_or_process_cells_from_inbuf() in connection_or.c
19 #include "circuitbuild.h"
20 #include "circuitlist.h"
22 #include "connection.h"
23 #include "connection_or.h"
26 #include "cpuworker.h"
27 #include "hibernate.h"
32 #include "routerlist.h"
34 /** How many CELL_PADDING cells have we received, ever? */
35 uint64_t stats_n_padding_cells_processed
= 0;
36 /** How many CELL_CREATE cells have we received, ever? */
37 uint64_t stats_n_create_cells_processed
= 0;
38 /** How many CELL_CREATED cells have we received, ever? */
39 uint64_t stats_n_created_cells_processed
= 0;
40 /** How many CELL_RELAY cells have we received, ever? */
41 uint64_t stats_n_relay_cells_processed
= 0;
42 /** How many CELL_DESTROY cells have we received, ever? */
43 uint64_t stats_n_destroy_cells_processed
= 0;
44 /** How many CELL_VERSIONS cells have we received, ever? */
45 uint64_t stats_n_versions_cells_processed
= 0;
46 /** How many CELL_NETINFO cells have we received, ever? */
47 uint64_t stats_n_netinfo_cells_processed
= 0;
49 /** How many CELL_VPADDING cells have we received, ever? */
50 uint64_t stats_n_vpadding_cells_processed
= 0;
51 /** How many CELL_CERTS cells have we received, ever? */
52 uint64_t stats_n_certs_cells_processed
= 0;
53 /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
54 uint64_t stats_n_auth_challenge_cells_processed
= 0;
55 /** How many CELL_AUTHENTICATE cells have we received, ever? */
56 uint64_t stats_n_authenticate_cells_processed
= 0;
57 /** How many CELL_AUTHORIZE cells have we received, ever? */
58 uint64_t stats_n_authorize_cells_processed
= 0;
60 /* These are the main functions for processing cells */
61 static void command_process_create_cell(cell_t
*cell
, or_connection_t
*conn
);
62 static void command_process_created_cell(cell_t
*cell
, or_connection_t
*conn
);
63 static void command_process_relay_cell(cell_t
*cell
, or_connection_t
*conn
);
64 static void command_process_destroy_cell(cell_t
*cell
, or_connection_t
*conn
);
65 static void command_process_versions_cell(var_cell_t
*cell
,
66 or_connection_t
*conn
);
67 static void command_process_netinfo_cell(cell_t
*cell
, or_connection_t
*conn
);
68 static void command_process_certs_cell(var_cell_t
*cell
,
69 or_connection_t
*conn
);
70 static void command_process_auth_challenge_cell(var_cell_t
*cell
,
71 or_connection_t
*conn
);
72 static void command_process_authenticate_cell(var_cell_t
*cell
,
73 or_connection_t
*conn
);
74 static int enter_v3_handshake_with_cell(var_cell_t
*cell
,
75 or_connection_t
*conn
);
77 #ifdef KEEP_TIMING_STATS
78 /** This is a wrapper function around the actual function that processes the
79 * <b>cell</b> that just arrived on <b>conn</b>. Increment <b>*time</b>
80 * by the number of microseconds used by the call to <b>*func(cell, conn)</b>.
83 command_time_process_cell(cell_t
*cell
, or_connection_t
*conn
, int *time
,
84 void (*func
)(cell_t
*, or_connection_t
*))
86 struct timeval start
, end
;
89 tor_gettimeofday(&start
);
93 tor_gettimeofday(&end
);
94 time_passed
= tv_udiff(&start
, &end
) ;
96 if (time_passed
> 10000) { /* more than 10ms */
97 log_debug(LD_OR
,"That call just took %ld ms.",time_passed
/1000);
99 if (time_passed
< 0) {
100 log_info(LD_GENERAL
,"That call took us back in time!");
103 *time
+= time_passed
;
107 /** Process a <b>cell</b> that was just received on <b>conn</b>. Keep internal
108 * statistics about how many of each cell we've processed so far
109 * this second, and the total number of microseconds it took to
110 * process each type of cell.
113 command_process_cell(cell_t
*cell
, or_connection_t
*conn
)
115 int handshaking
= (conn
->_base
.state
!= OR_CONN_STATE_OPEN
);
116 #ifdef KEEP_TIMING_STATS
117 /* how many of each cell have we seen so far this second? needs better
119 static int num_create
=0, num_created
=0, num_relay
=0, num_destroy
=0;
120 /* how long has it taken to process each type of cell? */
121 static int create_time
=0, created_time
=0, relay_time
=0, destroy_time
=0;
122 static time_t current_second
= 0; /* from previous calls to time */
124 time_t now
= time(NULL
);
126 if (now
> current_second
) { /* the second has rolled over */
129 "At end of second: %d creates (%d ms), %d createds (%d ms), "
130 "%d relays (%d ms), %d destroys (%d ms)",
131 num_create
, create_time
/1000,
132 num_created
, created_time
/1000,
133 num_relay
, relay_time
/1000,
134 num_destroy
, destroy_time
/1000);
137 num_create
= num_created
= num_relay
= num_destroy
= 0;
138 create_time
= created_time
= relay_time
= destroy_time
= 0;
140 /* remember which second it is, for next time */
141 current_second
= now
;
145 #ifdef KEEP_TIMING_STATS
146 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
148 command_time_process_cell(cl, cn, & tp ## time , \
149 command_process_ ## tp ## _cell); \
152 #define PROCESS_CELL(tp, cl, cn) command_process_ ## tp ## _cell(cl, cn)
155 if (conn
->_base
.marked_for_close
)
158 /* Reject all but VERSIONS and NETINFO when handshaking. */
159 /* (VERSIONS should actually be impossible; it's variable-length.) */
160 if (handshaking
&& cell
->command
!= CELL_VERSIONS
&&
161 cell
->command
!= CELL_NETINFO
) {
162 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
163 "Received unexpected cell command %d in state %s; closing the "
166 conn_state_to_string(CONN_TYPE_OR
,conn
->_base
.state
));
167 connection_mark_for_close(TO_CONN(conn
));
171 if (conn
->_base
.state
== OR_CONN_STATE_OR_HANDSHAKING_V3
)
172 or_handshake_state_record_cell(conn
->handshake_state
, cell
, 1);
174 switch (cell
->command
) {
176 ++stats_n_padding_cells_processed
;
180 case CELL_CREATE_FAST
:
181 ++stats_n_create_cells_processed
;
182 PROCESS_CELL(create
, cell
, conn
);
185 case CELL_CREATED_FAST
:
186 ++stats_n_created_cells_processed
;
187 PROCESS_CELL(created
, cell
, conn
);
190 case CELL_RELAY_EARLY
:
191 ++stats_n_relay_cells_processed
;
192 PROCESS_CELL(relay
, cell
, conn
);
195 ++stats_n_destroy_cells_processed
;
196 PROCESS_CELL(destroy
, cell
, conn
);
199 tor_fragile_assert();
202 ++stats_n_netinfo_cells_processed
;
203 PROCESS_CELL(netinfo
, cell
, conn
);
206 log_fn(LOG_INFO
, LD_PROTOCOL
,
207 "Cell of unknown type (%d) received. Dropping.", cell
->command
);
212 /** Return true if <b>command</b> is a cell command that's allowed to start a
215 command_allowed_before_handshake(uint8_t command
)
227 /** Process a <b>cell</b> that was just received on <b>conn</b>. Keep internal
228 * statistics about how many of each cell we've processed so far
229 * this second, and the total number of microseconds it took to
230 * process each type of cell.
233 command_process_var_cell(var_cell_t
*cell
, or_connection_t
*conn
)
235 #ifdef KEEP_TIMING_STATS
236 /* how many of each cell have we seen so far this second? needs better
238 static int num_versions
=0, num_certs
=0;
240 time_t now
= time(NULL
);
242 if (now
> current_second
) { /* the second has rolled over */
245 "At end of second: %d versions (%d ms), %d certs (%d ms)",
246 num_versions
, versions_time
/1000,
247 num_certs
, certs_time
/1000);
249 num_versions
= num_certs
= 0;
250 versions_time
= certs_time
= 0;
252 /* remember which second it is, for next time */
253 current_second
= now
;
257 if (conn
->_base
.marked_for_close
)
260 switch (conn
->_base
.state
)
262 case OR_CONN_STATE_OR_HANDSHAKING_V2
:
263 if (cell
->command
!= CELL_VERSIONS
) {
264 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
265 "Received a cell with command %d in state %s; "
266 "closing the connection.",
268 conn_state_to_string(CONN_TYPE_OR
,conn
->_base
.state
));
269 connection_mark_for_close(TO_CONN(conn
));
273 case OR_CONN_STATE_TLS_HANDSHAKING
:
274 /* If we're using bufferevents, it's entirely possible for us to
275 * notice "hey, data arrived!" before we notice "hey, the handshake
276 * finished!" And we need to be accepting both at once to handle both
277 * the v2 and v3 handshakes. */
280 case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
:
281 if (! command_allowed_before_handshake(cell
->command
)) {
282 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
283 "Received a cell with command %d in state %s; "
284 "closing the connection.",
286 conn_state_to_string(CONN_TYPE_OR
,conn
->_base
.state
));
287 connection_mark_for_close(TO_CONN(conn
));
290 if (enter_v3_handshake_with_cell(cell
, conn
)<0)
294 case OR_CONN_STATE_OR_HANDSHAKING_V3
:
295 if (cell
->command
!= CELL_AUTHENTICATE
)
296 or_handshake_state_record_var_cell(conn
->handshake_state
, cell
, 1);
297 break; /* Everything is allowed */
298 case OR_CONN_STATE_OPEN
:
299 if (conn
->link_proto
< 3) {
300 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
301 "Received a variable-length cell with command %d in state %s "
302 "with link protocol %d; ignoring it.",
304 conn_state_to_string(CONN_TYPE_OR
,conn
->_base
.state
),
305 (int)conn
->link_proto
);
310 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
311 "Received var-length cell with command %d in unexpected state "
312 "%s [%d]; ignoring it.",
314 conn_state_to_string(CONN_TYPE_OR
,conn
->_base
.state
),
315 (int)conn
->_base
.state
);
319 switch (cell
->command
) {
321 ++stats_n_versions_cells_processed
;
322 PROCESS_CELL(versions
, cell
, conn
);
325 ++stats_n_vpadding_cells_processed
;
329 ++stats_n_certs_cells_processed
;
330 PROCESS_CELL(certs
, cell
, conn
);
332 case CELL_AUTH_CHALLENGE
:
333 ++stats_n_auth_challenge_cells_processed
;
334 PROCESS_CELL(auth_challenge
, cell
, conn
);
336 case CELL_AUTHENTICATE
:
337 ++stats_n_authenticate_cells_processed
;
338 PROCESS_CELL(authenticate
, cell
, conn
);
341 ++stats_n_authorize_cells_processed
;
342 /* Ignored so far. */
345 log_fn(LOG_INFO
, LD_PROTOCOL
,
346 "Variable-length cell of unknown type (%d) received.",
352 /** Process a 'create' <b>cell</b> that just arrived from <b>conn</b>. Make a
353 * new circuit with the p_circ_id specified in cell. Put the circuit in state
354 * onionskin_pending, and pass the onionskin to the cpuworker. Circ will get
355 * picked up again when the cpuworker finishes decrypting it.
358 command_process_create_cell(cell_t
*cell
, or_connection_t
*conn
)
361 const or_options_t
*options
= get_options();
364 if (we_are_hibernating()) {
366 "Received create cell but we're shutting down. Sending back "
368 connection_or_send_destroy(cell
->circ_id
, conn
,
369 END_CIRC_REASON_HIBERNATING
);
373 if (!server_mode(options
) ||
374 (!public_server_mode(options
) && conn
->is_outgoing
)) {
375 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
376 "Received create cell (type %d) from %s:%d, but we're connected "
377 "to it as a client. "
378 "Sending back a destroy.",
379 (int)cell
->command
, conn
->_base
.address
, conn
->_base
.port
);
380 connection_or_send_destroy(cell
->circ_id
, conn
,
381 END_CIRC_REASON_TORPROTOCOL
);
385 /* If the high bit of the circuit ID is not as expected, close the
387 id_is_high
= cell
->circ_id
& (1<<15);
388 if ((id_is_high
&& conn
->circ_id_type
== CIRC_ID_TYPE_HIGHER
) ||
389 (!id_is_high
&& conn
->circ_id_type
== CIRC_ID_TYPE_LOWER
)) {
390 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
391 "Received create cell with unexpected circ_id %d. Closing.",
393 connection_or_send_destroy(cell
->circ_id
, conn
,
394 END_CIRC_REASON_TORPROTOCOL
);
398 if (circuit_id_in_use_on_orconn(cell
->circ_id
, conn
)) {
399 const node_t
*node
= node_get_by_id(conn
->identity_digest
);
400 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
401 "Received CREATE cell (circID %d) for known circ. "
402 "Dropping (age %d).",
403 cell
->circ_id
, (int)(time(NULL
) - conn
->_base
.timestamp_created
));
405 char *p
= esc_for_log(node_get_platform(node
));
406 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
407 "Details: router %s, platform %s.",
408 node_describe(node
), p
);
414 circ
= or_circuit_new(cell
->circ_id
, conn
);
415 circ
->_base
.purpose
= CIRCUIT_PURPOSE_OR
;
416 circuit_set_state(TO_CIRCUIT(circ
), CIRCUIT_STATE_ONIONSKIN_PENDING
);
417 if (cell
->command
== CELL_CREATE
) {
418 char *onionskin
= tor_malloc(ONIONSKIN_CHALLENGE_LEN
);
419 memcpy(onionskin
, cell
->payload
, ONIONSKIN_CHALLENGE_LEN
);
421 /* hand it off to the cpuworkers, and then return. */
422 if (assign_onionskin_to_cpuworker(NULL
, circ
, onionskin
) < 0) {
423 #define WARN_HANDOFF_FAILURE_INTERVAL (6*60*60)
424 static ratelim_t handoff_warning
=
425 RATELIM_INIT(WARN_HANDOFF_FAILURE_INTERVAL
);
427 if ((m
= rate_limit_log(&handoff_warning
, approx_time()))) {
428 log_warn(LD_GENERAL
,"Failed to hand off onionskin. Closing.%s",m
);
431 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_RESOURCELIMIT
);
434 log_debug(LD_OR
,"success: handed off onionskin.");
436 /* This is a CREATE_FAST cell; we can handle it immediately without using
438 char keys
[CPATH_KEY_MATERIAL_LEN
];
439 char reply
[DIGEST_LEN
*2];
441 tor_assert(cell
->command
== CELL_CREATE_FAST
);
443 /* Make sure we never try to use the OR connection on which we
444 * received this cell to satisfy an EXTEND request, */
445 conn
->is_connection_with_client
= 1;
447 if (fast_server_handshake(cell
->payload
, (uint8_t*)reply
,
448 (uint8_t*)keys
, sizeof(keys
))<0) {
449 log_warn(LD_OR
,"Failed to generate key material. Closing.");
450 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_INTERNAL
);
453 if (onionskin_answer(circ
, CELL_CREATED_FAST
, reply
, keys
)<0) {
454 log_warn(LD_OR
,"Failed to reply to CREATE_FAST cell. Closing.");
455 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_INTERNAL
);
461 /** Process a 'created' <b>cell</b> that just arrived from <b>conn</b>.
463 * that it's intended for. If we're not the origin of the circuit, package
464 * the 'created' cell in an 'extended' relay cell and pass it back. If we
465 * are the origin of the circuit, send it to circuit_finish_handshake() to
466 * finish processing keys, and then call circuit_send_next_onion_skin() to
467 * extend to the next hop in the circuit if necessary.
470 command_process_created_cell(cell_t
*cell
, or_connection_t
*conn
)
474 circ
= circuit_get_by_circid_orconn(cell
->circ_id
, conn
);
478 "(circID %d) unknown circ (probably got a destroy earlier). "
479 "Dropping.", cell
->circ_id
);
483 if (circ
->n_circ_id
!= cell
->circ_id
) {
484 log_fn(LOG_PROTOCOL_WARN
,LD_PROTOCOL
,
485 "got created cell from Tor client? Closing.");
486 circuit_mark_for_close(circ
, END_CIRC_REASON_TORPROTOCOL
);
490 if (CIRCUIT_IS_ORIGIN(circ
)) { /* we're the OP. Handshake this. */
491 origin_circuit_t
*origin_circ
= TO_ORIGIN_CIRCUIT(circ
);
493 log_debug(LD_OR
,"at OP. Finishing handshake.");
494 if ((err_reason
= circuit_finish_handshake(origin_circ
, cell
->command
,
495 cell
->payload
)) < 0) {
496 log_warn(LD_OR
,"circuit_finish_handshake failed.");
497 circuit_mark_for_close(circ
, -err_reason
);
500 log_debug(LD_OR
,"Moving to next skin.");
501 if ((err_reason
= circuit_send_next_onion_skin(origin_circ
)) < 0) {
502 log_info(LD_OR
,"circuit_send_next_onion_skin failed.");
503 /* XXX push this circuit_close lower */
504 circuit_mark_for_close(circ
, -err_reason
);
507 } else { /* pack it into an extended relay cell, and send it. */
509 "Converting created cell to extended relay cell, sending.");
510 relay_send_command_from_edge(0, circ
, RELAY_COMMAND_EXTENDED
,
511 (char*)cell
->payload
, ONIONSKIN_REPLY_LEN
,
516 /** Process a 'relay' or 'relay_early' <b>cell</b> that just arrived from
517 * <b>conn</b>. Make sure it came in with a recognized circ_id. Pass it on to
518 * circuit_receive_relay_cell() for actual processing.
521 command_process_relay_cell(cell_t
*cell
, or_connection_t
*conn
)
524 int reason
, direction
;
526 circ
= circuit_get_by_circid_orconn(cell
->circ_id
, conn
);
530 "unknown circuit %d on connection from %s:%d. Dropping.",
531 cell
->circ_id
, conn
->_base
.address
, conn
->_base
.port
);
535 if (circ
->state
== CIRCUIT_STATE_ONIONSKIN_PENDING
) {
536 log_fn(LOG_PROTOCOL_WARN
,LD_PROTOCOL
,"circuit in create_wait. Closing.");
537 circuit_mark_for_close(circ
, END_CIRC_REASON_TORPROTOCOL
);
541 if (CIRCUIT_IS_ORIGIN(circ
)) {
542 /* if we're a relay and treating connections with recent local
543 * traffic better, then this is one of them. */
544 conn
->client_used
= time(NULL
);
547 if (!CIRCUIT_IS_ORIGIN(circ
) &&
548 cell
->circ_id
== TO_OR_CIRCUIT(circ
)->p_circ_id
)
549 direction
= CELL_DIRECTION_OUT
;
551 direction
= CELL_DIRECTION_IN
;
553 /* If we have a relay_early cell, make sure that it's outbound, and we've
554 * gotten no more than MAX_RELAY_EARLY_CELLS_PER_CIRCUIT of them. */
555 if (cell
->command
== CELL_RELAY_EARLY
) {
556 if (direction
== CELL_DIRECTION_IN
) {
557 /* Allow an unlimited number of inbound relay_early cells,
558 * for hidden service compatibility. There isn't any way to make
559 * a long circuit through inbound relay_early cells anyway. See
562 or_circuit_t
*or_circ
= TO_OR_CIRCUIT(circ
);
563 if (or_circ
->remaining_relay_early_cells
== 0) {
564 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
565 "Received too many RELAY_EARLY cells on circ %d from %s:%d."
567 cell
->circ_id
, safe_str(conn
->_base
.address
),
569 circuit_mark_for_close(circ
, END_CIRC_REASON_TORPROTOCOL
);
572 --or_circ
->remaining_relay_early_cells
;
576 if ((reason
= circuit_receive_relay_cell(cell
, circ
, direction
)) < 0) {
577 log_fn(LOG_PROTOCOL_WARN
,LD_PROTOCOL
,"circuit_receive_relay_cell "
578 "(%s) failed. Closing.",
579 direction
==CELL_DIRECTION_OUT
?"forward":"backward");
580 circuit_mark_for_close(circ
, -reason
);
584 /** Process a 'destroy' <b>cell</b> that just arrived from
585 * <b>conn</b>. Find the circ that it refers to (if any).
587 * If the circ is in state
588 * onionskin_pending, then call onion_pending_remove() to remove it
589 * from the pending onion list (note that if it's already being
590 * processed by the cpuworker, it won't be in the list anymore; but
591 * when the cpuworker returns it, the circuit will be gone, and the
592 * cpuworker response will be dropped).
594 * Then mark the circuit for close (which marks all edges for close,
595 * and passes the destroy cell onward if necessary).
598 command_process_destroy_cell(cell_t
*cell
, or_connection_t
*conn
)
603 circ
= circuit_get_by_circid_orconn(cell
->circ_id
, conn
);
605 log_info(LD_OR
,"unknown circuit %d on connection from %s:%d. Dropping.",
606 cell
->circ_id
, conn
->_base
.address
, conn
->_base
.port
);
609 log_debug(LD_OR
,"Received for circID %d.",cell
->circ_id
);
611 reason
= (uint8_t)cell
->payload
[0];
613 if (!CIRCUIT_IS_ORIGIN(circ
) &&
614 cell
->circ_id
== TO_OR_CIRCUIT(circ
)->p_circ_id
) {
615 /* the destroy came from behind */
616 circuit_set_p_circid_orconn(TO_OR_CIRCUIT(circ
), 0, NULL
);
617 circuit_mark_for_close(circ
, reason
|END_CIRC_REASON_FLAG_REMOTE
);
618 } else { /* the destroy came from ahead */
619 circuit_set_n_circid_orconn(circ
, 0, NULL
);
620 if (CIRCUIT_IS_ORIGIN(circ
)) {
621 circuit_mark_for_close(circ
, reason
|END_CIRC_REASON_FLAG_REMOTE
);
624 log_debug(LD_OR
, "Delivering 'truncated' back.");
625 payload
[0] = (char)reason
;
626 relay_send_command_from_edge(0, circ
, RELAY_COMMAND_TRUNCATED
,
627 payload
, sizeof(payload
), NULL
);
632 /** Called when we as a server receive an appropriate cell while waiting
633 * either for a cell or a TLS handshake. Set the connection's state to
634 * "handshaking_v3', initializes the or_handshake_state field as needed,
635 * and add the cell to the hash of incoming cells.)
637 * Return 0 on success; return -1 and mark the connection on failure.
640 enter_v3_handshake_with_cell(var_cell_t
*cell
, or_connection_t
*conn
)
642 const int started_here
= connection_or_nonopen_was_started_here(conn
);
644 tor_assert(conn
->_base
.state
== OR_CONN_STATE_TLS_HANDSHAKING
||
645 conn
->_base
.state
== OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
);
648 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
649 "Received a cell while TLS-handshaking, not in "
650 "OR_HANDSHAKING_V3, on a connection we originated.");
652 conn
->_base
.state
= OR_CONN_STATE_OR_HANDSHAKING_V3
;
653 if (connection_init_or_handshake_state(conn
, started_here
) < 0) {
654 connection_mark_for_close(TO_CONN(conn
));
657 or_handshake_state_record_var_cell(conn
->handshake_state
, cell
, 1);
661 /** Process a 'versions' cell. The current link protocol version must be 0
662 * to indicate that no version has yet been negotiated. We compare the
663 * versions in the cell to the list of versions we support, pick the
664 * highest version we have in common, and continue the negotiation from
668 command_process_versions_cell(var_cell_t
*cell
, or_connection_t
*conn
)
670 int highest_supported_version
= 0;
671 const uint8_t *cp
, *end
;
672 const int started_here
= connection_or_nonopen_was_started_here(conn
);
673 if (conn
->link_proto
!= 0 ||
674 (conn
->handshake_state
&& conn
->handshake_state
->received_versions
)) {
675 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
676 "Received a VERSIONS cell on a connection with its version "
677 "already set to %d; dropping", (int) conn
->link_proto
);
680 switch (conn
->_base
.state
)
682 case OR_CONN_STATE_OR_HANDSHAKING_V2
:
683 case OR_CONN_STATE_OR_HANDSHAKING_V3
:
685 case OR_CONN_STATE_TLS_HANDSHAKING
:
686 case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
:
688 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
689 "VERSIONS cell while in unexpected state");
693 tor_assert(conn
->handshake_state
);
694 end
= cell
->payload
+ cell
->payload_len
;
695 for (cp
= cell
->payload
; cp
+1 < end
; ++cp
) {
696 uint16_t v
= ntohs(get_uint16(cp
));
697 if (is_or_protocol_version_known(v
) && v
> highest_supported_version
)
698 highest_supported_version
= v
;
700 if (!highest_supported_version
) {
701 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
702 "Couldn't find a version in common between my version list and the "
703 "list in the VERSIONS cell; closing connection.");
704 connection_mark_for_close(TO_CONN(conn
));
706 } else if (highest_supported_version
== 1) {
707 /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
709 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
710 "Used version negotiation protocol to negotiate a v1 connection. "
711 "That's crazily non-compliant. Closing connection.");
712 connection_mark_for_close(TO_CONN(conn
));
714 } else if (highest_supported_version
< 3 &&
715 conn
->_base
.state
== OR_CONN_STATE_OR_HANDSHAKING_V3
) {
716 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
717 "Negotiated link protocol 2 or lower after doing a v3 TLS "
718 "handshake. Closing connection.");
719 connection_mark_for_close(TO_CONN(conn
));
723 conn
->link_proto
= highest_supported_version
;
724 conn
->handshake_state
->received_versions
= 1;
726 if (conn
->link_proto
== 2) {
727 log_info(LD_OR
, "Negotiated version %d with %s:%d; sending NETINFO.",
728 highest_supported_version
,
729 safe_str_client(conn
->_base
.address
),
732 if (connection_or_send_netinfo(conn
) < 0) {
733 connection_mark_for_close(TO_CONN(conn
));
737 const int send_versions
= !started_here
;
738 /* If we want to authenticate, send a CERTS cell */
739 const int send_certs
= !started_here
|| public_server_mode(get_options());
740 /* If we're a relay that got a connection, ask for authentication. */
741 const int send_chall
= !started_here
&& public_server_mode(get_options());
742 /* If our certs cell will authenticate us, we can send a netinfo cell
744 const int send_netinfo
= !started_here
;
746 send_versions
|| send_certs
|| send_chall
|| send_netinfo
;
747 tor_assert(conn
->link_proto
>= 3);
749 log_info(LD_OR
, "Negotiated version %d with %s:%d; %s%s%s%s%s",
750 highest_supported_version
,
751 safe_str_client(conn
->_base
.address
),
753 send_any
? "Sending cells:" : "Waiting for CERTS cell",
754 send_versions
? " VERSIONS" : "",
755 send_certs
? " CERTS" : "",
756 send_chall
? " AUTH_CHALLENGE" : "",
757 send_netinfo
? " NETINFO" : "");
759 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
761 connection_mark_for_close(TO_CONN(conn
));
767 if (connection_or_send_versions(conn
, 1) < 0) {
768 log_warn(LD_OR
, "Couldn't send versions cell");
769 connection_mark_for_close(TO_CONN(conn
));
774 if (connection_or_send_certs_cell(conn
) < 0) {
775 log_warn(LD_OR
, "Couldn't send certs cell");
776 connection_mark_for_close(TO_CONN(conn
));
781 if (connection_or_send_auth_challenge_cell(conn
) < 0) {
782 log_warn(LD_OR
, "Couldn't send auth_challenge cell");
783 connection_mark_for_close(TO_CONN(conn
));
788 if (connection_or_send_netinfo(conn
) < 0) {
789 log_warn(LD_OR
, "Couldn't send netinfo cell");
790 connection_mark_for_close(TO_CONN(conn
));
797 /** Process a 'netinfo' cell: read and act on its contents, and set the
798 * connection state to "open". */
800 command_process_netinfo_cell(cell_t
*cell
, or_connection_t
*conn
)
803 uint8_t my_addr_type
;
805 const uint8_t *my_addr_ptr
;
806 const uint8_t *cp
, *end
;
807 uint8_t n_other_addrs
;
808 time_t now
= time(NULL
);
810 long apparent_skew
= 0;
811 uint32_t my_apparent_addr
= 0;
813 if (conn
->link_proto
< 2) {
814 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
815 "Received a NETINFO cell on %s connection; dropping.",
816 conn
->link_proto
== 0 ? "non-versioned" : "a v1");
819 if (conn
->_base
.state
!= OR_CONN_STATE_OR_HANDSHAKING_V2
&&
820 conn
->_base
.state
!= OR_CONN_STATE_OR_HANDSHAKING_V3
) {
821 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
822 "Received a NETINFO cell on non-handshaking connection; dropping.");
825 tor_assert(conn
->handshake_state
&&
826 conn
->handshake_state
->received_versions
);
828 if (conn
->_base
.state
== OR_CONN_STATE_OR_HANDSHAKING_V3
) {
829 tor_assert(conn
->link_proto
>= 3);
830 if (conn
->handshake_state
->started_here
) {
831 if (!conn
->handshake_state
->authenticated
) {
832 log_fn(LOG_PROTOCOL_WARN
, LD_OR
, "Got a NETINFO cell from server, "
833 "but no authentication. Closing the connection.");
834 connection_mark_for_close(TO_CONN(conn
));
838 /* we're the server. If the client never authenticated, we have
839 some housekeeping to do.*/
840 if (!conn
->handshake_state
->authenticated
) {
841 tor_assert(tor_digest_is_zero(
842 (const char*)conn
->handshake_state
->authenticated_peer_id
));
843 connection_or_set_circid_type(conn
, NULL
);
845 connection_or_init_conn_from_address(conn
,
848 (const char*)conn
->handshake_state
->authenticated_peer_id
,
854 /* Decode the cell. */
855 timestamp
= ntohl(get_uint32(cell
->payload
));
856 if (labs(now
- conn
->handshake_state
->sent_versions_at
) < 180) {
857 apparent_skew
= now
- timestamp
;
860 my_addr_type
= (uint8_t) cell
->payload
[4];
861 my_addr_len
= (uint8_t) cell
->payload
[5];
862 my_addr_ptr
= (uint8_t*) cell
->payload
+ 6;
863 end
= cell
->payload
+ CELL_PAYLOAD_SIZE
;
864 cp
= cell
->payload
+ 6 + my_addr_len
;
866 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
867 "Addresses too long in netinfo cell; closing connection.");
868 connection_mark_for_close(TO_CONN(conn
));
870 } else if (my_addr_type
== RESOLVED_TYPE_IPV4
&& my_addr_len
== 4) {
871 my_apparent_addr
= ntohl(get_uint32(my_addr_ptr
));
874 n_other_addrs
= (uint8_t) *cp
++;
875 while (n_other_addrs
&& cp
< end
-2) {
876 /* Consider all the other addresses; if any matches, this connection is
879 const uint8_t *next
=
880 decode_address_from_payload(&addr
, cp
, (int)(end
-cp
));
882 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
883 "Bad address in netinfo cell; closing connection.");
884 connection_mark_for_close(TO_CONN(conn
));
887 if (tor_addr_eq(&addr
, &conn
->real_addr
)) {
888 conn
->is_canonical
= 1;
895 /* Act on apparent skew. */
896 /** Warn when we get a netinfo skew with at least this value. */
897 #define NETINFO_NOTICE_SKEW 3600
898 if (labs(apparent_skew
) > NETINFO_NOTICE_SKEW
&&
899 router_get_by_id_digest(conn
->identity_digest
)) {
902 /*XXXX be smarter about when everybody says we are skewed. */
903 if (router_digest_is_trusted_dir(conn
->identity_digest
))
907 format_time_interval(dbuf
, sizeof(dbuf
), apparent_skew
);
908 log_fn(severity
, LD_GENERAL
, "Received NETINFO cell with skewed time from "
909 "server at %s:%d. It seems that our clock is %s by %s, or "
910 "that theirs is %s. Tor requires an accurate clock to work: "
911 "please check your time and date settings.",
912 conn
->_base
.address
, (int)conn
->_base
.port
,
913 apparent_skew
>0 ? "ahead" : "behind", dbuf
,
914 apparent_skew
>0 ? "behind" : "ahead");
915 if (severity
== LOG_WARN
) /* only tell the controller if an authority */
916 control_event_general_status(LOG_WARN
,
917 "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
919 conn
->_base
.address
, conn
->_base
.port
);
922 /* XXX maybe act on my_apparent_addr, if the source is sufficiently
924 (void)my_apparent_addr
;
926 if (connection_or_set_state_open(conn
)<0) {
927 log_fn(LOG_PROTOCOL_WARN
, LD_OR
, "Got good NETINFO cell from %s:%d; but "
928 "was unable to make the OR connection become open.",
929 safe_str_client(conn
->_base
.address
),
931 connection_mark_for_close(TO_CONN(conn
));
933 log_info(LD_OR
, "Got good NETINFO cell from %s:%d; OR connection is now "
934 "open, using protocol version %d. Its ID digest is %s",
935 safe_str_client(conn
->_base
.address
),
936 conn
->_base
.port
, (int)conn
->link_proto
,
937 hex_str(conn
->identity_digest
, DIGEST_LEN
));
939 assert_connection_ok(TO_CONN(conn
),time(NULL
));
942 /** Process a CERTS cell from an OR connection.
944 * If the other side should not have sent us a CERTS cell, or the cell is
945 * malformed, or it is supposed to authenticate the TLS key but it doesn't,
946 * then mark the connection.
948 * If the cell has a good cert chain and we're doing a v3 handshake, then
949 * store the certificates in or_handshake_state. If this is the client side
950 * of the connection, we then authenticate the server or mark the connection.
951 * If it's the server side, wait for an AUTHENTICATE cell.
954 command_process_certs_cell(var_cell_t
*cell
, or_connection_t
*conn
)
958 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
959 "Received a bad CERTS cell from %s:%d: %s", \
960 safe_str(conn->_base.address), conn->_base.port, (s)); \
961 connection_mark_for_close(TO_CONN(conn)); \
965 tor_cert_t
*link_cert
= NULL
;
966 tor_cert_t
*id_cert
= NULL
;
967 tor_cert_t
*auth_cert
= NULL
;
971 int send_netinfo
= 0;
973 if (conn
->_base
.state
!= OR_CONN_STATE_OR_HANDSHAKING_V3
)
974 ERR("We're not doing a v3 handshake!");
975 if (conn
->link_proto
< 3)
976 ERR("We're not using link protocol >= 3");
977 if (conn
->handshake_state
->received_certs_cell
)
978 ERR("We already got one");
979 if (conn
->handshake_state
->authenticated
) {
980 /* Should be unreachable, but let's make sure. */
981 ERR("We're already authenticated!");
983 if (cell
->payload_len
< 1)
984 ERR("It had no body");
986 ERR("It had a nonzero circuit ID");
988 n_certs
= cell
->payload
[0];
989 ptr
= cell
->payload
+ 1;
990 for (i
= 0; i
< n_certs
; ++i
) {
993 if (ptr
+ 3 > cell
->payload
+ cell
->payload_len
) {
997 cert_len
= ntohs(get_uint16(ptr
+1));
998 if (ptr
+ 3 + cert_len
> cell
->payload
+ cell
->payload_len
) {
1001 if (cert_type
== OR_CERT_TYPE_TLS_LINK
||
1002 cert_type
== OR_CERT_TYPE_ID_1024
||
1003 cert_type
== OR_CERT_TYPE_AUTH_1024
) {
1004 tor_cert_t
*cert
= tor_cert_decode(ptr
+ 3, cert_len
);
1006 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1007 "Received undecodable certificate in CERTS cell from %s:%d",
1008 safe_str(conn
->_base
.address
), conn
->_base
.port
);
1010 if (cert_type
== OR_CERT_TYPE_TLS_LINK
) {
1012 tor_cert_free(cert
);
1013 ERR("Too many TLS_LINK certificates");
1016 } else if (cert_type
== OR_CERT_TYPE_ID_1024
) {
1018 tor_cert_free(cert
);
1019 ERR("Too many ID_1024 certificates");
1022 } else if (cert_type
== OR_CERT_TYPE_AUTH_1024
) {
1024 tor_cert_free(cert
);
1025 ERR("Too many AUTH_1024 certificates");
1029 tor_cert_free(cert
);
1033 ptr
+= 3 + cert_len
;
1037 ERR("It ends in the middle of a certificate");
1040 if (conn
->handshake_state
->started_here
) {
1042 if (! (id_cert
&& link_cert
))
1043 ERR("The certs we wanted were missing");
1044 /* Okay. We should be able to check the certificates now. */
1045 if (! tor_tls_cert_matches_key(conn
->tls
, link_cert
)) {
1046 ERR("The link certificate didn't match the TLS public key");
1048 /* Note that this warns more loudly about time and validity if we were
1049 * _trying_ to connect to an authority, not necessarily if we _did_ connect
1051 if (router_digest_is_trusted_dir(conn
->identity_digest
))
1052 severity
= LOG_WARN
;
1054 severity
= LOG_PROTOCOL_WARN
;
1056 if (! tor_tls_cert_is_valid(severity
, link_cert
, id_cert
, 0))
1057 ERR("The link certificate was not valid");
1058 if (! tor_tls_cert_is_valid(severity
, id_cert
, id_cert
, 1))
1059 ERR("The ID certificate was not valid");
1061 conn
->handshake_state
->authenticated
= 1;
1063 const digests_t
*id_digests
= tor_cert_get_id_digests(id_cert
);
1064 crypto_pk_t
*identity_rcvd
;
1066 ERR("Couldn't compute digests for key in ID cert");
1068 identity_rcvd
= tor_tls_cert_get_key(id_cert
);
1070 ERR("Internal error: Couldn't get RSA key from ID cert.");
1071 memcpy(conn
->handshake_state
->authenticated_peer_id
,
1072 id_digests
->d
[DIGEST_SHA1
], DIGEST_LEN
);
1073 connection_or_set_circid_type(conn
, identity_rcvd
);
1074 crypto_pk_free(identity_rcvd
);
1077 if (connection_or_client_learned_peer_id(conn
,
1078 conn
->handshake_state
->authenticated_peer_id
) < 0)
1079 ERR("Problem setting or checking peer id");
1081 log_info(LD_OR
, "Got some good certificates from %s:%d: Authenticated it.",
1082 safe_str(conn
->_base
.address
), conn
->_base
.port
);
1084 conn
->handshake_state
->id_cert
= id_cert
;
1087 if (!public_server_mode(get_options())) {
1088 /* If we initiated the connection and we are not a public server, we
1089 * aren't planning to authenticate at all. At this point we know who we
1090 * are talking to, so we can just send a netinfo now. */
1094 if (! (id_cert
&& auth_cert
))
1095 ERR("The certs we wanted were missing");
1097 /* Remember these certificates so we can check an AUTHENTICATE cell */
1098 if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN
, auth_cert
, id_cert
, 1))
1099 ERR("The authentication certificate was not valid");
1100 if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN
, id_cert
, id_cert
, 1))
1101 ERR("The ID certificate was not valid");
1103 log_info(LD_OR
, "Got some good certificates from %s:%d: "
1104 "Waiting for AUTHENTICATE.",
1105 safe_str(conn
->_base
.address
), conn
->_base
.port
);
1106 /* XXXX check more stuff? */
1108 conn
->handshake_state
->id_cert
= id_cert
;
1109 conn
->handshake_state
->auth_cert
= auth_cert
;
1110 id_cert
= auth_cert
= NULL
;
1113 conn
->handshake_state
->received_certs_cell
= 1;
1116 if (connection_or_send_netinfo(conn
) < 0) {
1117 log_warn(LD_OR
, "Couldn't send netinfo cell");
1118 connection_mark_for_close(TO_CONN(conn
));
1124 tor_cert_free(id_cert
);
1125 tor_cert_free(link_cert
);
1126 tor_cert_free(auth_cert
);
1130 /** Process an AUTH_CHALLENGE cell from an OR connection.
1132 * If we weren't supposed to get one (for example, because we're not the
1133 * originator of the connection), or it's ill-formed, or we aren't doing a v3
1134 * handshake, mark the connection. If the cell is well-formed but we don't
1135 * want to authenticate, just drop it. If the cell is well-formed *and* we
1136 * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell. */
1138 command_process_auth_challenge_cell(var_cell_t
*cell
, or_connection_t
*conn
)
1140 int n_types
, i
, use_type
= -1;
1145 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1146 "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
1147 safe_str(conn->_base.address), conn->_base.port, (s)); \
1148 connection_mark_for_close(TO_CONN(conn)); \
1152 if (conn
->_base
.state
!= OR_CONN_STATE_OR_HANDSHAKING_V3
)
1153 ERR("We're not currently doing a v3 handshake");
1154 if (conn
->link_proto
< 3)
1155 ERR("We're not using link protocol >= 3");
1156 if (! conn
->handshake_state
->started_here
)
1157 ERR("We didn't originate this connection");
1158 if (conn
->handshake_state
->received_auth_challenge
)
1159 ERR("We already received one");
1160 if (! conn
->handshake_state
->received_certs_cell
)
1161 ERR("We haven't gotten a CERTS cell yet");
1162 if (cell
->payload_len
< OR_AUTH_CHALLENGE_LEN
+ 2)
1163 ERR("It was too short");
1165 ERR("It had a nonzero circuit ID");
1167 n_types
= ntohs(get_uint16(cell
->payload
+ OR_AUTH_CHALLENGE_LEN
));
1168 if (cell
->payload_len
< OR_AUTH_CHALLENGE_LEN
+ 2 + 2*n_types
)
1169 ERR("It looks truncated");
1171 /* Now see if there is an authentication type we can use */
1172 cp
=cell
->payload
+OR_AUTH_CHALLENGE_LEN
+2;
1173 for (i
=0; i
< n_types
; ++i
, cp
+= 2) {
1174 uint16_t authtype
= ntohs(get_uint16(cp
));
1175 if (authtype
== AUTHTYPE_RSA_SHA256_TLSSECRET
)
1176 use_type
= authtype
;
1179 conn
->handshake_state
->received_auth_challenge
= 1;
1181 if (! public_server_mode(get_options())) {
1182 /* If we're not a public server then we don't want to authenticate on a
1183 connection we originated, and we already sent a NETINFO cell when we
1184 got the CERTS cell. We have nothing more to do. */
1188 if (use_type
>= 0) {
1189 log_info(LD_OR
, "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
1191 safe_str(conn
->_base
.address
), conn
->_base
.port
);
1193 if (connection_or_send_authenticate_cell(conn
, use_type
) < 0) {
1194 log_warn(LD_OR
, "Couldn't send authenticate cell");
1195 connection_mark_for_close(TO_CONN(conn
));
1199 log_info(LD_OR
, "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
1200 "know any of its authentication types. Not authenticating.",
1201 safe_str(conn
->_base
.address
), conn
->_base
.port
);
1204 if (connection_or_send_netinfo(conn
) < 0) {
1205 log_warn(LD_OR
, "Couldn't send netinfo cell");
1206 connection_mark_for_close(TO_CONN(conn
));
1213 /** Process an AUTHENTICATE cell from an OR connection.
1215 * If it's ill-formed or we weren't supposed to get one or we're not doing a
1216 * v3 handshake, then mark the connection. If it does not authenticate the
1217 * other side of the connection successfully (because it isn't signed right,
1218 * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
1219 * the identity of the router on the other side of the connection.
1222 command_process_authenticate_cell(var_cell_t
*cell
, or_connection_t
*conn
)
1224 uint8_t expected
[V3_AUTH_FIXED_PART_LEN
];
1225 const uint8_t *auth
;
1230 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1231 "Received a bad AUTHENTICATE cell from %s:%d: %s", \
1232 safe_str(conn->_base.address), conn->_base.port, (s)); \
1233 connection_mark_for_close(TO_CONN(conn)); \
1237 if (conn
->_base
.state
!= OR_CONN_STATE_OR_HANDSHAKING_V3
)
1238 ERR("We're not doing a v3 handshake");
1239 if (conn
->link_proto
< 3)
1240 ERR("We're not using link protocol >= 3");
1241 if (conn
->handshake_state
->started_here
)
1242 ERR("We originated this connection");
1243 if (conn
->handshake_state
->received_authenticate
)
1244 ERR("We already got one!");
1245 if (conn
->handshake_state
->authenticated
) {
1246 /* Should be impossible given other checks */
1247 ERR("The peer is already authenticated");
1249 if (! conn
->handshake_state
->received_certs_cell
)
1250 ERR("We never got a certs cell");
1251 if (conn
->handshake_state
->auth_cert
== NULL
)
1252 ERR("We never got an authentication certificate");
1253 if (conn
->handshake_state
->id_cert
== NULL
)
1254 ERR("We never got an identity certificate");
1255 if (cell
->payload_len
< 4)
1256 ERR("Cell was way too short");
1258 auth
= cell
->payload
;
1260 uint16_t type
= ntohs(get_uint16(auth
));
1261 uint16_t len
= ntohs(get_uint16(auth
+2));
1262 if (4 + len
> cell
->payload_len
)
1263 ERR("Authenticator was truncated");
1265 if (type
!= AUTHTYPE_RSA_SHA256_TLSSECRET
)
1266 ERR("Authenticator type was not recognized");
1272 if (authlen
< V3_AUTH_BODY_LEN
+ 1)
1273 ERR("Authenticator was too short");
1275 if (connection_or_compute_authenticate_cell_body(
1276 conn
, expected
, sizeof(expected
), NULL
, 1) < 0)
1277 ERR("Couldn't compute expected AUTHENTICATE cell body");
1279 if (tor_memneq(expected
, auth
, sizeof(expected
)))
1280 ERR("Some field in the AUTHENTICATE cell body was not as expected");
1283 crypto_pk_t
*pk
= tor_tls_cert_get_key(
1284 conn
->handshake_state
->auth_cert
);
1285 char d
[DIGEST256_LEN
];
1291 ERR("Internal error: couldn't get RSA key from AUTH cert.");
1292 crypto_digest256(d
, (char*)auth
, V3_AUTH_BODY_LEN
, DIGEST_SHA256
);
1294 keysize
= crypto_pk_keysize(pk
);
1295 signed_data
= tor_malloc(keysize
);
1296 signed_len
= crypto_pk_public_checksig(pk
, signed_data
, keysize
,
1297 (char*)auth
+ V3_AUTH_BODY_LEN
,
1298 authlen
- V3_AUTH_BODY_LEN
);
1300 if (signed_len
< 0) {
1301 tor_free(signed_data
);
1302 ERR("Signature wasn't valid");
1304 if (signed_len
< DIGEST256_LEN
) {
1305 tor_free(signed_data
);
1306 ERR("Not enough data was signed");
1308 /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
1309 * in case they're later used to hold a SHA3 digest or something. */
1310 if (tor_memneq(signed_data
, d
, DIGEST256_LEN
)) {
1311 tor_free(signed_data
);
1312 ERR("Signature did not match data to be signed.");
1314 tor_free(signed_data
);
1317 /* Okay, we are authenticated. */
1318 conn
->handshake_state
->received_authenticate
= 1;
1319 conn
->handshake_state
->authenticated
= 1;
1320 conn
->handshake_state
->digest_received_data
= 0;
1322 crypto_pk_t
*identity_rcvd
=
1323 tor_tls_cert_get_key(conn
->handshake_state
->id_cert
);
1324 const digests_t
*id_digests
=
1325 tor_cert_get_id_digests(conn
->handshake_state
->id_cert
);
1327 /* This must exist; we checked key type when reading the cert. */
1328 tor_assert(id_digests
);
1330 memcpy(conn
->handshake_state
->authenticated_peer_id
,
1331 id_digests
->d
[DIGEST_SHA1
], DIGEST_LEN
);
1333 connection_or_set_circid_type(conn
, identity_rcvd
);
1334 crypto_pk_free(identity_rcvd
);
1336 connection_or_init_conn_from_address(conn
,
1339 (const char*)conn
->handshake_state
->authenticated_peer_id
,
1342 log_info(LD_OR
, "Got an AUTHENTICATE cell from %s:%d: Looks good.",
1343 safe_str(conn
->_base
.address
), conn
->_base
.port
);