search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
[tor.git] / src / or / channeltls.c
blob245e33583bdb08b78e28303e4925839a48f7eadf
1 /* * Copyright (c) 2012-2013, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3
4 /**
5 * \file channeltls.c
6 * \brief channel_t concrete subclass using or_connection_t
7 **/
8
9 /*
10 * Define this so channel.h gives us things only channel_t subclasses
11 * should touch.
12 */
13
14 #define TOR_CHANNEL_INTERNAL_
15
16 #include "or.h"
17 #include "channel.h"
18 #include "channeltls.h"
19 #include "circuitmux.h"
20 #include "circuitmux_ewma.h"
21 #include "config.h"
22 #include "connection.h"
23 #include "connection_or.h"
24 #include "control.h"
25 #include "relay.h"
26 #include "router.h"
27 #include "routerlist.h"
28
29 /** How many CELL_PADDING cells have we received, ever? */
30 uint64_t stats_n_padding_cells_processed = 0;
31 /** How many CELL_VERSIONS cells have we received, ever? */
32 uint64_t stats_n_versions_cells_processed = 0;
33 /** How many CELL_NETINFO cells have we received, ever? */
34 uint64_t stats_n_netinfo_cells_processed = 0;
35 /** How many CELL_VPADDING cells have we received, ever? */
36 uint64_t stats_n_vpadding_cells_processed = 0;
37 /** How many CELL_CERTS cells have we received, ever? */
38 uint64_t stats_n_certs_cells_processed = 0;
39 /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
40 uint64_t stats_n_auth_challenge_cells_processed = 0;
41 /** How many CELL_AUTHENTICATE cells have we received, ever? */
42 uint64_t stats_n_authenticate_cells_processed = 0;
43 /** How many CELL_AUTHORIZE cells have we received, ever? */
44 uint64_t stats_n_authorize_cells_processed = 0;
45
46 /** Active listener, if any */
47 channel_listener_t *channel_tls_listener = NULL;
48
49 /* Utility function declarations */
50 static void channel_tls_common_init(channel_tls_t *tlschan);
51
52 /* channel_tls_t method declarations */
53
54 static void channel_tls_close_method(channel_t *chan);
55 static const char * channel_tls_describe_transport_method(channel_t *chan);
56 static void channel_tls_free_method(channel_t *chan);
57 static int
58 channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out);
59 static int
60 channel_tls_get_transport_name_method(channel_t *chan, char **transport_out);
61 static const char *
62 channel_tls_get_remote_descr_method(channel_t *chan, int flags);
63 static int channel_tls_has_queued_writes_method(channel_t *chan);
64 static int channel_tls_is_canonical_method(channel_t *chan, int req);
65 static int
66 channel_tls_matches_extend_info_method(channel_t *chan,
67 extend_info_t *extend_info);
68 static int channel_tls_matches_target_method(channel_t *chan,
69 const tor_addr_t *target);
70 static int channel_tls_write_cell_method(channel_t *chan,
71 cell_t *cell);
72 static int channel_tls_write_packed_cell_method(channel_t *chan,
73 packed_cell_t *packed_cell);
74 static int channel_tls_write_var_cell_method(channel_t *chan,
75 var_cell_t *var_cell);
76
77 /* channel_listener_tls_t method declarations */
78
79 static void channel_tls_listener_close_method(channel_listener_t *chan_l);
80 static const char *
81 channel_tls_listener_describe_transport_method(channel_listener_t *chan_l);
82
83 /** Handle incoming cells for the handshake stuff here rather than
84 * passing them on up. */
85
86 static void channel_tls_process_versions_cell(var_cell_t *cell,
87 channel_tls_t *tlschan);
88 static void channel_tls_process_netinfo_cell(cell_t *cell,
89 channel_tls_t *tlschan);
90 static void channel_tls_process_certs_cell(var_cell_t *cell,
91 channel_tls_t *tlschan);
92 static void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
93 channel_tls_t *tlschan);
94 static void channel_tls_process_authenticate_cell(var_cell_t *cell,
95 channel_tls_t *tlschan);
96 static int command_allowed_before_handshake(uint8_t command);
97 static int enter_v3_handshake_with_cell(var_cell_t *cell,
98 channel_tls_t *tlschan);
99
100 /**
101 * Do parts of channel_tls_t initialization common to channel_tls_connect()
102 * and channel_tls_handle_incoming().
103 */
104
105 static void
106 channel_tls_common_init(channel_tls_t *tlschan)
107 {
108 channel_t *chan;
109
110 tor_assert(tlschan);
111
112 chan = &(tlschan->base_);
113 channel_init(chan);
114 chan->magic = TLS_CHAN_MAGIC;
115 chan->state = CHANNEL_STATE_OPENING;
116 chan->close = channel_tls_close_method;
117 chan->describe_transport = channel_tls_describe_transport_method;
118 chan->free = channel_tls_free_method;
119 chan->get_remote_addr = channel_tls_get_remote_addr_method;
120 chan->get_remote_descr = channel_tls_get_remote_descr_method;
121 chan->get_transport_name = channel_tls_get_transport_name_method;
122 chan->has_queued_writes = channel_tls_has_queued_writes_method;
123 chan->is_canonical = channel_tls_is_canonical_method;
124 chan->matches_extend_info = channel_tls_matches_extend_info_method;
125 chan->matches_target = channel_tls_matches_target_method;
126 chan->write_cell = channel_tls_write_cell_method;
127 chan->write_packed_cell = channel_tls_write_packed_cell_method;
128 chan->write_var_cell = channel_tls_write_var_cell_method;
129
130 chan->cmux = circuitmux_alloc();
131 if (cell_ewma_enabled()) {
132 circuitmux_set_policy(chan->cmux, &ewma_policy);
133 }
134 }
135
136 /**
137 * Start a new TLS channel
138 *
139 * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
140 * handshake with an OR with identity digest <b>id_digest</b>, and wrap
141 * it in a channel_tls_t.
142 */
143
144 channel_t *
145 channel_tls_connect(const tor_addr_t *addr, uint16_t port,
146 const char *id_digest)
147 {
148 channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
149 channel_t *chan = &(tlschan->base_);
150
151 channel_tls_common_init(tlschan);
152
153 log_debug(LD_CHANNEL,
154 "In channel_tls_connect() for channel %p "
155 "(global id " U64_FORMAT ")",
156 tlschan,
157 U64_PRINTF_ARG(chan->global_identifier));
158
159 if (is_local_addr(addr)) {
160 log_debug(LD_CHANNEL,
161 "Marking new outgoing channel " U64_FORMAT " at %p as local",
162 U64_PRINTF_ARG(chan->global_identifier), chan);
163 channel_mark_local(chan);
164 } else {
165 log_debug(LD_CHANNEL,
166 "Marking new outgoing channel " U64_FORMAT " at %p as remote",
167 U64_PRINTF_ARG(chan->global_identifier), chan);
168 channel_mark_remote(chan);
169 }
170
171 channel_mark_outgoing(chan);
172
173 /* Set up or_connection stuff */
174 tlschan->conn = connection_or_connect(addr, port, id_digest, tlschan);
175 /* connection_or_connect() will fill in tlschan->conn */
176 if (!(tlschan->conn)) {
177 chan->reason_for_closing = CHANNEL_CLOSE_FOR_ERROR;
178 channel_change_state(chan, CHANNEL_STATE_ERROR);
179 goto err;
180 }
181
182 log_debug(LD_CHANNEL,
183 "Got orconn %p for channel with global id " U64_FORMAT,
184 tlschan->conn, U64_PRINTF_ARG(chan->global_identifier));
185
186 goto done;
187
188 err:
189 circuitmux_free(chan->cmux);
190 tor_free(tlschan);
191 chan = NULL;
192
193 done:
194 /* If we got one, we should register it */
195 if (chan) channel_register(chan);
196
197 return chan;
198 }
199
200 /**
201 * Return the current channel_tls_t listener
202 *
203 * Returns the current channel listener for incoming TLS connections, or
204 * NULL if none has been established
205 */
206
207 channel_listener_t *
208 channel_tls_get_listener(void)
209 {
210 return channel_tls_listener;
211 }
212
213 /**
214 * Start a channel_tls_t listener if necessary
215 *
216 * Return the current channel_tls_t listener, or start one if we haven't yet,
217 * and return that.
218 */
219
220 channel_listener_t *
221 channel_tls_start_listener(void)
222 {
223 channel_listener_t *listener;
224
225 if (!channel_tls_listener) {
226 listener = tor_malloc_zero(sizeof(*listener));
227 channel_init_listener(listener);
228 listener->state = CHANNEL_LISTENER_STATE_LISTENING;
229 listener->close = channel_tls_listener_close_method;
230 listener->describe_transport =
231 channel_tls_listener_describe_transport_method;
232
233 channel_tls_listener = listener;
234
235 log_debug(LD_CHANNEL,
236 "Starting TLS channel listener %p with global id " U64_FORMAT,
237 listener, U64_PRINTF_ARG(listener->global_identifier));
238
239 channel_listener_register(listener);
240 } else listener = channel_tls_listener;
241
242 return listener;
243 }
244
245 /**
246 * Free everything on shutdown
247 *
248 * Not much to do here, since channel_free_all() takes care of a lot, but let's
249 * get rid of the listener.
250 */
251
252 void
253 channel_tls_free_all(void)
254 {
255 channel_listener_t *old_listener = NULL;
256
257 log_debug(LD_CHANNEL,
258 "Shutting down TLS channels...");
259
260 if (channel_tls_listener) {
261 /*
262 * When we close it, channel_tls_listener will get nulled out, so save
263 * a pointer so we can free it.
264 */
265 old_listener = channel_tls_listener;
266 log_debug(LD_CHANNEL,
267 "Closing channel_tls_listener with ID " U64_FORMAT
268 " at %p.",
269 U64_PRINTF_ARG(old_listener->global_identifier),
270 old_listener);
271 channel_listener_unregister(old_listener);
272 channel_listener_mark_for_close(old_listener);
273 channel_listener_free(old_listener);
274 tor_assert(channel_tls_listener == NULL);
275 }
276
277 log_debug(LD_CHANNEL,
278 "Done shutting down TLS channels");
279 }
280
281 /**
282 * Create a new channel around an incoming or_connection_t
283 */
284
285 channel_t *
286 channel_tls_handle_incoming(or_connection_t *orconn)
287 {
288 channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
289 channel_t *chan = &(tlschan->base_);
290
291 tor_assert(orconn);
292 tor_assert(!(orconn->chan));
293
294 channel_tls_common_init(tlschan);
295
296 /* Link the channel and orconn to each other */
297 tlschan->conn = orconn;
298 orconn->chan = tlschan;
299
300 if (is_local_addr(&(TO_CONN(orconn)->addr))) {
301 log_debug(LD_CHANNEL,
302 "Marking new incoming channel " U64_FORMAT " at %p as local",
303 U64_PRINTF_ARG(chan->global_identifier), chan);
304 channel_mark_local(chan);
305 } else {
306 log_debug(LD_CHANNEL,
307 "Marking new incoming channel " U64_FORMAT " at %p as remote",
308 U64_PRINTF_ARG(chan->global_identifier), chan);
309 channel_mark_remote(chan);
310 }
311
312 channel_mark_incoming(chan);
313
314 /* Register it */
315 channel_register(chan);
316
317 return chan;
318 }
319
320 /*********
321 * Casts *
322 ********/
323
324 /**
325 * Cast a channel_tls_t to a channel_t.
326 */
327
328 channel_t *
329 channel_tls_to_base(channel_tls_t *tlschan)
330 {
331 if (!tlschan) return NULL;
332
333 return &(tlschan->base_);
334 }
335
336 /**
337 * Cast a channel_t to a channel_tls_t, with appropriate type-checking
338 * asserts.
339 */
340
341 channel_tls_t *
342 channel_tls_from_base(channel_t *chan)
343 {
344 if (!chan) return NULL;
345
346 tor_assert(chan->magic == TLS_CHAN_MAGIC);
347
348 return (channel_tls_t *)(chan);
349 }
350
351 /********************************************
352 * Method implementations for channel_tls_t *
353 *******************************************/
354
355 /**
356 * Close a channel_tls_t
357 *
358 * This implements the close method for channel_tls_t
359 */
360
361 static void
362 channel_tls_close_method(channel_t *chan)
363 {
364 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
365
366 tor_assert(tlschan);
367
368 if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1);
369 else {
370 /* Weird - we'll have to change the state ourselves, I guess */
371 log_info(LD_CHANNEL,
372 "Tried to close channel_tls_t %p with NULL conn",
373 tlschan);
374 channel_change_state(chan, CHANNEL_STATE_ERROR);
375 }
376 }
377
378 /**
379 * Describe the transport for a channel_tls_t
380 *
381 * This returns the string "TLS channel on connection <id>" to the upper
382 * layer.
383 */
384
385 static const char *
386 channel_tls_describe_transport_method(channel_t *chan)
387 {
388 static char *buf = NULL;
389 uint64_t id;
390 channel_tls_t *tlschan;
391 const char *rv = NULL;
392
393 tor_assert(chan);
394
395 tlschan = BASE_CHAN_TO_TLS(chan);
396
397 if (tlschan->conn) {
398 id = TO_CONN(tlschan->conn)->global_identifier;
399
400 if (buf) tor_free(buf);
401 tor_asprintf(&buf,
402 "TLS channel (connection " U64_FORMAT ")",
403 U64_PRINTF_ARG(id));
404
405 rv = buf;
406 } else {
407 rv = "TLS channel (no connection)";
408 }
409
410 return rv;
411 }
412
413 /**
414 * Free a channel_tls_t
415 *
416 * This is called by the generic channel layer when freeing a channel_tls_t;
417 * this happens either on a channel which has already reached
418 * CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or
419 * on shutdown from channel_free_all(). In the latter case we might still
420 * have an orconn active (which connection_free_all() will get to later),
421 * so we should null out its channel pointer now.
422 */
423
424 static void
425 channel_tls_free_method(channel_t *chan)
426 {
427 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
428
429 tor_assert(tlschan);
430
431 if (tlschan->conn) {
432 tlschan->conn->chan = NULL;
433 tlschan->conn = NULL;
434 }
435 }
436
437 /**
438 * Get the remote address of a channel_tls_t
439 *
440 * This implements the get_remote_addr method for channel_tls_t; copy the
441 * remote endpoint of the channel to addr_out and return 1 (always
442 * succeeds for this transport).
443 */
444
445 static int
446 channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out)
447 {
448 int rv = 0;
449 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
450
451 tor_assert(tlschan);
452 tor_assert(addr_out);
453
454 if (tlschan->conn) {
455 tor_addr_copy(addr_out, &(TO_CONN(tlschan->conn)->addr));
456 rv = 1;
457 } else tor_addr_make_unspec(addr_out);
458
459 return rv;
460 }
461
462 /**
463 * Get the name of the pluggable transport used by a channel_tls_t.
464 *
465 * This implements the get_transport_name for channel_tls_t. If the
466 * channel uses a pluggable transport, copy its name to
467 * <b>transport_out</b> and return 0. If the channel did not use a
468 * pluggable transport, return -1. */
469
470 static int
471 channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
472 {
473 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
474
475 tor_assert(tlschan);
476 tor_assert(transport_out);
477 tor_assert(tlschan->conn);
478
479 if (!tlschan->conn->ext_or_transport)
480 return -1;
481
482 *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
483 return 0;
484 }
485
486 /**
487 * Get endpoint description of a channel_tls_t
488 *
489 * This implements the get_remote_descr method for channel_tls_t; it returns
490 * a text description of the remote endpoint of the channel suitable for use
491 * in log messages. The req parameter is 0 for the canonical address or 1 for
492 * the actual address seen.
493 */
494
495 static const char *
496 channel_tls_get_remote_descr_method(channel_t *chan, int flags)
497 {
498 #define MAX_DESCR_LEN 32
499
500 static char buf[MAX_DESCR_LEN + 1];
501 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
502 connection_t *conn;
503 const char *answer = NULL;
504 char *addr_str;
505
506 tor_assert(tlschan);
507
508 if (tlschan->conn) {
509 conn = TO_CONN(tlschan->conn);
510 switch (flags) {
511 case 0:
512 /* Canonical address with port*/
513 tor_snprintf(buf, MAX_DESCR_LEN + 1,
514 "%s:%u", conn->address, conn->port);
515 answer = buf;
516 break;
517 case GRD_FLAG_ORIGINAL:
518 /* Actual address with port */
519 addr_str = tor_dup_addr(&(tlschan->conn->real_addr));
520 tor_snprintf(buf, MAX_DESCR_LEN + 1,
521 "%s:%u", addr_str, conn->port);
522 tor_free(addr_str);
523 answer = buf;
524 break;
525 case GRD_FLAG_ADDR_ONLY:
526 /* Canonical address, no port */
527 strlcpy(buf, conn->address, sizeof(buf));
528 answer = buf;
529 break;
530 case GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY:
531 /* Actual address, no port */
532 addr_str = tor_dup_addr(&(tlschan->conn->real_addr));
533 strlcpy(buf, addr_str, sizeof(buf));
534 tor_free(addr_str);
535 answer = buf;
536 break;
537 default:
538 /* Something's broken in channel.c */
539 tor_assert(1);
540 }
541 } else {
542 strlcpy(buf, "(No connection)", sizeof(buf));
543 answer = buf;
544 }
545
546 return answer;
547 }
548
549 /**
550 * Tell the upper layer if we have queued writes
551 *
552 * This implements the has_queued_writes method for channel_tls t_; it returns
553 * 1 iff we have queued writes on the outbuf of the underlying or_connection_t.
554 */
555
556 static int
557 channel_tls_has_queued_writes_method(channel_t *chan)
558 {
559 size_t outbuf_len;
560 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
561
562 tor_assert(tlschan);
563 if (!(tlschan->conn)) {
564 log_info(LD_CHANNEL,
565 "something called has_queued_writes on a tlschan "
566 "(%p with ID " U64_FORMAT " but no conn",
567 chan, U64_PRINTF_ARG(chan->global_identifier));
568 }
569
570 outbuf_len = (tlschan->conn != NULL) ?
571 connection_get_outbuf_len(TO_CONN(tlschan->conn)) :
572 0;
573
574 return (outbuf_len > 0);
575 }
576
577 /**
578 * Tell the upper layer if we're canonical
579 *
580 * This implements the is_canonical method for channel_tls_t; if req is zero,
581 * it returns whether this is a canonical channel, and if it is one it returns
582 * whether that can be relied upon.
583 */
584
585 static int
586 channel_tls_is_canonical_method(channel_t *chan, int req)
587 {
588 int answer = 0;
589 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
590
591 tor_assert(tlschan);
592
593 if (tlschan->conn) {
594 switch (req) {
595 case 0:
596 answer = tlschan->conn->is_canonical;
597 break;
598 case 1:
599 /*
600 * Is the is_canonical bit reliable? In protocols version 2 and up
601 * we get the canonical address from a NETINFO cell, but in older
602 * versions it might be based on an obsolete descriptor.
603 */
604 answer = (tlschan->conn->link_proto >= 2);
605 break;
606 default:
607 /* This shouldn't happen; channel.c is broken if it does */
608 tor_assert(1);
609 }
610 }
611 /* else return 0 for tlschan->conn == NULL */
612
613 return answer;
614 }
615
616 /**
617 * Check if we match an extend_info_t
618 *
619 * This implements the matches_extend_info method for channel_tls_t; the upper
620 * layer wants to know if this channel matches an extend_info_t.
621 */
622
623 static int
624 channel_tls_matches_extend_info_method(channel_t *chan,
625 extend_info_t *extend_info)
626 {
627 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
628
629 tor_assert(tlschan);
630 tor_assert(extend_info);
631
632 /* Never match if we have no conn */
633 if (!(tlschan->conn)) {
634 log_info(LD_CHANNEL,
635 "something called matches_extend_info on a tlschan "
636 "(%p with ID " U64_FORMAT " but no conn",
637 chan, U64_PRINTF_ARG(chan->global_identifier));
638 return 0;
639 }
640
641 return (tor_addr_eq(&(extend_info->addr),
642 &(TO_CONN(tlschan->conn)->addr)) &&
643 (extend_info->port == TO_CONN(tlschan->conn)->port));
644 }
645
646 /**
647 * Check if we match a target address; return true iff we do.
648 *
649 * This implements the matches_target method for channel_tls t_; the upper
650 * layer wants to know if this channel matches a target address when extending
651 * a circuit.
652 */
653
654 static int
655 channel_tls_matches_target_method(channel_t *chan,
656 const tor_addr_t *target)
657 {
658 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
659
660 tor_assert(tlschan);
661 tor_assert(target);
662
663 /* Never match if we have no conn */
664 if (!(tlschan->conn)) {
665 log_info(LD_CHANNEL,
666 "something called matches_target on a tlschan "
667 "(%p with ID " U64_FORMAT " but no conn",
668 chan, U64_PRINTF_ARG(chan->global_identifier));
669 return 0;
670 }
671
672 return tor_addr_eq(&(tlschan->conn->real_addr), target);
673 }
674
675 /**
676 * Write a cell to a channel_tls_t
677 *
678 * This implements the write_cell method for channel_tls_t; given a
679 * channel_tls_t and a cell_t, transmit the cell_t.
680 */
681
682 static int
683 channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
684 {
685 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
686 int written = 0;
687
688 tor_assert(tlschan);
689 tor_assert(cell);
690
691 if (tlschan->conn) {
692 connection_or_write_cell_to_buf(cell, tlschan->conn);
693 ++written;
694 } else {
695 log_info(LD_CHANNEL,
696 "something called write_cell on a tlschan "
697 "(%p with ID " U64_FORMAT " but no conn",
698 chan, U64_PRINTF_ARG(chan->global_identifier));
699 }
700
701 return written;
702 }
703
704 /**
705 * Write a packed cell to a channel_tls_t
706 *
707 * This implements the write_packed_cell method for channel_tls_t; given a
708 * channel_tls_t and a packed_cell_t, transmit the packed_cell_t.
709 */
710
711 static int
712 channel_tls_write_packed_cell_method(channel_t *chan,
713 packed_cell_t *packed_cell)
714 {
715 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
716 size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
717 int written = 0;
718
719 tor_assert(tlschan);
720 tor_assert(packed_cell);
721
722 if (tlschan->conn) {
723 connection_write_to_buf(packed_cell->body, cell_network_size,
724 TO_CONN(tlschan->conn));
725
726 /* This is where the cell is finished; used to be done from relay.c */
727 packed_cell_free(packed_cell);
728 ++written;
729 } else {
730 log_info(LD_CHANNEL,
731 "something called write_packed_cell on a tlschan "
732 "(%p with ID " U64_FORMAT " but no conn",
733 chan, U64_PRINTF_ARG(chan->global_identifier));
734 }
735
736 return written;
737 }
738
739 /**
740 * Write a variable-length cell to a channel_tls_t
741 *
742 * This implements the write_var_cell method for channel_tls_t; given a
743 * channel_tls_t and a var_cell_t, transmit the var_cell_t.
744 */
745
746 static int
747 channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
748 {
749 channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
750 int written = 0;
751
752 tor_assert(tlschan);
753 tor_assert(var_cell);
754
755 if (tlschan->conn) {
756 connection_or_write_var_cell_to_buf(var_cell, tlschan->conn);
757 ++written;
758 } else {
759 log_info(LD_CHANNEL,
760 "something called write_var_cell on a tlschan "
761 "(%p with ID " U64_FORMAT " but no conn",
762 chan, U64_PRINTF_ARG(chan->global_identifier));
763 }
764
765 return written;
766 }
767
768 /*************************************************
769 * Method implementations for channel_listener_t *
770 ************************************************/
771
772 /**
773 * Close a channel_listener_t
774 *
775 * This implements the close method for channel_listener_t
776 */
777
778 static void
779 channel_tls_listener_close_method(channel_listener_t *chan_l)
780 {
781 tor_assert(chan_l);
782
783 /*
784 * Listeners we just go ahead and change state through to CLOSED, but
785 * make sure to check if they're channel_tls_listener to NULL it out.
786 */
787 if (chan_l == channel_tls_listener)
788 channel_tls_listener = NULL;
789
790 if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSING ||
791 chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
792 chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
793 channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSING);
794 }
795
796 if (chan_l->incoming_list) {
797 SMARTLIST_FOREACH_BEGIN(chan_l->incoming_list,
798 channel_t *, ichan) {
799 channel_mark_for_close(ichan);
800 } SMARTLIST_FOREACH_END(ichan);
801
802 smartlist_free(chan_l->incoming_list);
803 chan_l->incoming_list = NULL;
804 }
805
806 if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
807 chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
808 channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSED);
809 }
810 }
811
812 /**
813 * Describe the transport for a channel_listener_t
814 *
815 * This returns the string "TLS channel (listening)" to the upper
816 * layer.
817 */
818
819 static const char *
820 channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
821 {
822 tor_assert(chan_l);
823
824 return "TLS channel (listening)";
825 }
826
827 /*******************************************************
828 * Functions for handling events on an or_connection_t *
829 ******************************************************/
830
831 /**
832 * Handle an orconn state change
833 *
834 * This function will be called by connection_or.c when the or_connection_t
835 * associated with this channel_tls_t changes state.
836 */
837
838 void
839 channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
840 or_connection_t *conn,
841 uint8_t old_state,
842 uint8_t state)
843 {
844 channel_t *base_chan;
845
846 tor_assert(chan);
847 tor_assert(conn);
848 tor_assert(conn->chan == chan);
849 tor_assert(chan->conn == conn);
850 /* -Werror appeasement */
851 tor_assert(old_state == old_state);
852
853 base_chan = TLS_CHAN_TO_BASE(chan);
854
855 /* Make sure the base connection state makes sense - shouldn't be error,
856 * closed or listening. */
857
858 tor_assert(base_chan->state == CHANNEL_STATE_OPENING ||
859 base_chan->state == CHANNEL_STATE_OPEN ||
860 base_chan->state == CHANNEL_STATE_MAINT ||
861 base_chan->state == CHANNEL_STATE_CLOSING);
862
863 /* Did we just go to state open? */
864 if (state == OR_CONN_STATE_OPEN) {
865 /*
866 * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or
867 * CHANNEL_STATE_MAINT on this.
868 */
869 channel_change_state(base_chan, CHANNEL_STATE_OPEN);
870 } else {
871 /*
872 * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
873 * otherwise no change.
874 */
875 if (base_chan->state == CHANNEL_STATE_OPEN) {
876 channel_change_state(base_chan, CHANNEL_STATE_MAINT);
877 }
878 }
879 }
880
881 /**
882 * Flush cells from a channel_tls_t
883 *
884 * Try to flush up to about num_cells cells, and return how many we flushed.
885 */
886
887 ssize_t
888 channel_tls_flush_some_cells(channel_tls_t *chan, ssize_t num_cells)
889 {
890 ssize_t flushed = 0;
891
892 tor_assert(chan);
893
894 if (flushed >= num_cells) goto done;
895
896 /*
897 * If channel_tls_t ever buffers anything below the channel_t layer, flush
898 * that first here.
899 */
900
901 flushed += channel_flush_some_cells(TLS_CHAN_TO_BASE(chan),
902 num_cells - flushed);
903
904 /*
905 * If channel_tls_t ever buffers anything below the channel_t layer, check
906 * how much we actually got and push it on down here.
907 */
908
909 done:
910 return flushed;
911 }
912
913 /**
914 * Check if a channel_tls_t has anything to flush
915 *
916 * Return true if there is any more to flush on this channel (cells in queue
917 * or active circuits).
918 */
919
920 int
921 channel_tls_more_to_flush(channel_tls_t *chan)
922 {
923 tor_assert(chan);
924
925 /*
926 * If channel_tls_t ever buffers anything below channel_t, the
927 * check for that should go here first.
928 */
929
930 return channel_more_to_flush(TLS_CHAN_TO_BASE(chan));
931 }
932
933 #ifdef KEEP_TIMING_STATS
934
935 /**
936 * Timing states wrapper
937 *
938 * This is a wrapper function around the actual function that processes the
939 * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b>
940 * by the number of microseconds used by the call to <b>*func(cell, chan)</b>.
941 */
942
943 static void
944 channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,
945 void (*func)(cell_t *, channel_tls_t *))
946 {
947 struct timeval start, end;
948 long time_passed;
949
950 tor_gettimeofday(&start);
951
952 (*func)(cell, chan);
953
954 tor_gettimeofday(&end);
955 time_passed = tv_udiff(&start, &end) ;
956
957 if (time_passed > 10000) { /* more than 10ms */
958 log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
959 }
960
961 if (time_passed < 0) {
962 log_info(LD_GENERAL,"That call took us back in time!");
963 time_passed = 0;
964 }
965
966 *time += time_passed;
967 }
968 #endif
969
970 /**
971 * Handle an incoming cell on a channel_tls_t
972 *
973 * This is called from connection_or.c to handle an arriving cell; it checks
974 * for cell types specific to the handshake for this transport protocol and
975 * handles them, and queues all other cells to the channel_t layer, which
976 * eventually will hand them off to command.c.
977 */
978
979 void
980 channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
981 {
982 channel_tls_t *chan;
983 int handshaking;
984
985 #ifdef KEEP_TIMING_STATS
986 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
987 ++num ## tp; \
988 channel_tls_time_process_cell(cl, cn, & tp ## time , \
989 channel_tls_process_ ## tp ## _cell); \
990 } STMT_END
991 #else
992 #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
993 #endif
994
995 tor_assert(cell);
996 tor_assert(conn);
997
998 chan = conn->chan;
999
1000 if (!chan) {
1001 log_warn(LD_CHANNEL,
1002 "Got a cell_t on an OR connection with no channel");
1003 return;
1004 }
1005
1006 handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);
1007
1008 if (conn->base_.marked_for_close)
1009 return;
1010
1011 /* Reject all but VERSIONS and NETINFO when handshaking. */
1012 /* (VERSIONS should actually be impossible; it's variable-length.) */
1013 if (handshaking && cell->command != CELL_VERSIONS &&
1014 cell->command != CELL_NETINFO) {
1015 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1016 "Received unexpected cell command %d in chan state %s / "
1017 "conn state %s; closing the connection.",
1018 (int)cell->command,
1019 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1020 conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state));
1021 connection_or_close_for_error(conn, 0);
1022 return;
1023 }
1024
1025 if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
1026 or_handshake_state_record_cell(conn, conn->handshake_state, cell, 1);
1027
1028 switch (cell->command) {
1029 case CELL_PADDING:
1030 ++stats_n_padding_cells_processed;
1031 /* do nothing */
1032 break;
1033 case CELL_VERSIONS:
1034 tor_fragile_assert();
1035 break;
1036 case CELL_NETINFO:
1037 ++stats_n_netinfo_cells_processed;
1038 PROCESS_CELL(netinfo, cell, chan);
1039 break;
1040 case CELL_CREATE:
1041 case CELL_CREATE_FAST:
1042 case CELL_CREATED:
1043 case CELL_CREATED_FAST:
1044 case CELL_RELAY:
1045 case CELL_RELAY_EARLY:
1046 case CELL_DESTROY:
1047 case CELL_CREATE2:
1048 case CELL_CREATED2:
1049 /*
1050 * These are all transport independent and we pass them up through the
1051 * channel_t mechanism. They are ultimately handled in command.c.
1052 */
1053 channel_queue_cell(TLS_CHAN_TO_BASE(chan), cell);
1054 break;
1055 default:
1056 log_fn(LOG_INFO, LD_PROTOCOL,
1057 "Cell of unknown type (%d) received in channeltls.c. "
1058 "Dropping.",
1059 cell->command);
1060 break;
1061 }
1062 }
1063
1064 /**
1065 * Handle an incoming variable-length cell on a channel_tls_t
1066 *
1067 * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep
1068 * internal statistics about how many of each cell we've processed so far
1069 * this second, and the total number of microseconds it took to
1070 * process each type of cell. All the var_cell commands are handshake-
1071 * related and live below the channel_t layer, so no variable-length
1072 * cells ever get delivered in the current implementation, but I've left
1073 * the mechanism in place for future use.
1074 */
1075
1076 void
1077 channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
1078 {
1079 channel_tls_t *chan;
1080
1081 #ifdef KEEP_TIMING_STATS
1082 /* how many of each cell have we seen so far this second? needs better
1083 * name. */
1084 static int num_versions = 0, num_certs = 0;
1085 static time_t current_second = 0; /* from previous calls to time */
1086 time_t now = time(NULL);
1087
1088 if (current_second == 0) current_second = now;
1089 if (now > current_second) { /* the second has rolled over */
1090 /* print stats */
1091 log_info(LD_OR,
1092 "At end of second: %d versions (%d ms), %d certs (%d ms)",
1093 num_versions, versions_time / ((now - current_second) * 1000),
1094 num_certs, certs_time / ((now - current_second) * 1000));
1095
1096 num_versions = num_certs = 0;
1097 versions_time = certs_time = 0;
1098
1099 /* remember which second it is, for next time */
1100 current_second = now;
1101 }
1102 #endif
1103
1104 tor_assert(var_cell);
1105 tor_assert(conn);
1106
1107 chan = conn->chan;
1108
1109 if (!chan) {
1110 log_warn(LD_CHANNEL,
1111 "Got a var_cell_t on an OR connection with no channel");
1112 return;
1113 }
1114
1115 if (TO_CONN(conn)->marked_for_close)
1116 return;
1117
1118 switch (TO_CONN(conn)->state) {
1119 case OR_CONN_STATE_OR_HANDSHAKING_V2:
1120 if (var_cell->command != CELL_VERSIONS) {
1121 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1122 "Received a cell with command %d in unexpected "
1123 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1124 "closing the connection.",
1125 (int)(var_cell->command),
1126 conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1127 TO_CONN(conn)->state,
1128 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1129 (int)(TLS_CHAN_TO_BASE(chan)->state));
1130 /*
1131 * The code in connection_or.c will tell channel_t to close for
1132 * error; it will go to CHANNEL_STATE_CLOSING, and then to
1133 * CHANNEL_STATE_ERROR when conn is closed.
1134 */
1135 connection_or_close_for_error(conn, 0);
1136 return;
1137 }
1138 break;
1139 case OR_CONN_STATE_TLS_HANDSHAKING:
1140 /* If we're using bufferevents, it's entirely possible for us to
1141 * notice "hey, data arrived!" before we notice "hey, the handshake
1142 * finished!" And we need to be accepting both at once to handle both
1143 * the v2 and v3 handshakes. */
1144
1145 /* fall through */
1146 case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
1147 if (!(command_allowed_before_handshake(var_cell->command))) {
1148 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1149 "Received a cell with command %d in unexpected "
1150 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1151 "closing the connection.",
1152 (int)(var_cell->command),
1153 conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1154 (int)(TO_CONN(conn)->state),
1155 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1156 (int)(TLS_CHAN_TO_BASE(chan)->state));
1157 /* see above comment about CHANNEL_STATE_ERROR */
1158 connection_or_close_for_error(conn, 0);
1159 return;
1160 } else {
1161 if (enter_v3_handshake_with_cell(var_cell, chan) < 0)
1162 return;
1163 }
1164 break;
1165 case OR_CONN_STATE_OR_HANDSHAKING_V3:
1166 if (var_cell->command != CELL_AUTHENTICATE)
1167 or_handshake_state_record_var_cell(conn, conn->handshake_state,
1168 var_cell, 1);
1169 break; /* Everything is allowed */
1170 case OR_CONN_STATE_OPEN:
1171 if (conn->link_proto < 3) {
1172 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1173 "Received a variable-length cell with command %d in orconn "
1174 "state %s [%d], channel state %s [%d] with link protocol %d; "
1175 "ignoring it.",
1176 (int)(var_cell->command),
1177 conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1178 (int)(TO_CONN(conn)->state),
1179 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1180 (int)(TLS_CHAN_TO_BASE(chan)->state),
1181 (int)(conn->link_proto));
1182 return;
1183 }
1184 break;
1185 default:
1186 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1187 "Received var-length cell with command %d in unexpected "
1188 "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
1189 "ignoring it.",
1190 (int)(var_cell->command),
1191 conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
1192 (int)(TO_CONN(conn)->state),
1193 channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
1194 (int)(TLS_CHAN_TO_BASE(chan)->state));
1195 return;
1196 }
1197
1198 /* Now handle the cell */
1199
1200 switch (var_cell->command) {
1201 case CELL_VERSIONS:
1202 ++stats_n_versions_cells_processed;
1203 PROCESS_CELL(versions, var_cell, chan);
1204 break;
1205 case CELL_VPADDING:
1206 ++stats_n_vpadding_cells_processed;
1207 /* Do nothing */
1208 break;
1209 case CELL_CERTS:
1210 ++stats_n_certs_cells_processed;
1211 PROCESS_CELL(certs, var_cell, chan);
1212 break;
1213 case CELL_AUTH_CHALLENGE:
1214 ++stats_n_auth_challenge_cells_processed;
1215 PROCESS_CELL(auth_challenge, var_cell, chan);
1216 break;
1217 case CELL_AUTHENTICATE:
1218 ++stats_n_authenticate_cells_processed;
1219 PROCESS_CELL(authenticate, var_cell, chan);
1220 break;
1221 case CELL_AUTHORIZE:
1222 ++stats_n_authorize_cells_processed;
1223 /* Ignored so far. */
1224 break;
1225 default:
1226 log_fn(LOG_INFO, LD_PROTOCOL,
1227 "Variable-length cell of unknown type (%d) received.",
1228 (int)(var_cell->command));
1229 break;
1230 }
1231 }
1232
1233 /**
1234 * Update channel marks after connection_or.c has changed an address
1235 *
1236 * This is called from connection_or_init_conn_from_address() after the
1237 * connection's _base.addr or real_addr fields have potentially been changed
1238 * so we can recalculate the local mark. Notably, this happens when incoming
1239 * connections are reverse-proxied and we only learn the real address of the
1240 * remote router by looking it up in the consensus after we finish the
1241 * handshake and know an authenticated identity digest.
1242 */
1243
1244 void
1245 channel_tls_update_marks(or_connection_t *conn)
1246 {
1247 channel_t *chan = NULL;
1248
1249 tor_assert(conn);
1250 tor_assert(conn->chan);
1251
1252 chan = TLS_CHAN_TO_BASE(conn->chan);
1253
1254 if (is_local_addr(&(TO_CONN(conn)->addr))) {
1255 if (!channel_is_local(chan)) {
1256 log_debug(LD_CHANNEL,
1257 "Marking channel " U64_FORMAT " at %p as local",
1258 U64_PRINTF_ARG(chan->global_identifier), chan);
1259 channel_mark_local(chan);
1260 }
1261 } else {
1262 if (channel_is_local(chan)) {
1263 log_debug(LD_CHANNEL,
1264 "Marking channel " U64_FORMAT " at %p as remote",
1265 U64_PRINTF_ARG(chan->global_identifier), chan);
1266 channel_mark_remote(chan);
1267 }
1268 }
1269 }
1270
1271 /**
1272 * Check if this cell type is allowed before the handshake is finished
1273 *
1274 * Return true if <b>command</b> is a cell command that's allowed to start a
1275 * V3 handshake.
1276 */
1277
1278 static int
1279 command_allowed_before_handshake(uint8_t command)
1280 {
1281 switch (command) {
1282 case CELL_VERSIONS:
1283 case CELL_VPADDING:
1284 case CELL_AUTHORIZE:
1285 return 1;
1286 default:
1287 return 0;
1288 }
1289 }
1290
1291 /**
1292 * Start a V3 handshake on an incoming connection
1293 *
1294 * Called when we as a server receive an appropriate cell while waiting
1295 * either for a cell or a TLS handshake. Set the connection's state to
1296 * "handshaking_v3', initializes the or_handshake_state field as needed,
1297 * and add the cell to the hash of incoming cells.)
1298 */
1299
1300 static int
1301 enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan)
1302 {
1303 int started_here = 0;
1304
1305 tor_assert(cell);
1306 tor_assert(chan);
1307 tor_assert(chan->conn);
1308
1309 started_here = connection_or_nonopen_was_started_here(chan->conn);
1310
1311 tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING ||
1312 TO_CONN(chan->conn)->state ==
1313 OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
1314
1315 if (started_here) {
1316 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1317 "Received a cell while TLS-handshaking, not in "
1318 "OR_HANDSHAKING_V3, on a connection we originated.");
1319 }
1320 connection_or_block_renegotiation(chan->conn);
1321 chan->conn->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
1322 if (connection_init_or_handshake_state(chan->conn, started_here) < 0) {
1323 connection_or_close_for_error(chan->conn, 0);
1324 return -1;
1325 }
1326 or_handshake_state_record_var_cell(chan->conn,
1327 chan->conn->handshake_state, cell, 1);
1328 return 0;
1329 }
1330
1331 /**
1332 * Process a 'versions' cell.
1333 *
1334 * This function is called to handle an incoming VERSIONS cell; the current
1335 * link protocol version must be 0 to indicate that no version has yet been
1336 * negotiated. We compare the versions in the cell to the list of versions
1337 * we support, pick the highest version we have in common, and continue the
1338 * negotiation from there.
1339 */
1340
1341 static void
1342 channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
1343 {
1344 int highest_supported_version = 0;
1345 int started_here = 0;
1346
1347 tor_assert(cell);
1348 tor_assert(chan);
1349 tor_assert(chan->conn);
1350
1351 if ((cell->payload_len % 2) == 1) {
1352 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1353 "Received a VERSION cell with odd payload length %d; "
1354 "closing connection.",cell->payload_len);
1355 connection_or_close_for_error(chan->conn, 0);
1356 return;
1357 }
1358
1359 started_here = connection_or_nonopen_was_started_here(chan->conn);
1360
1361 if (chan->conn->link_proto != 0 ||
1362 (chan->conn->handshake_state &&
1363 chan->conn->handshake_state->received_versions)) {
1364 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1365 "Received a VERSIONS cell on a connection with its version "
1366 "already set to %d; dropping",
1367 (int)(chan->conn->link_proto));
1368 return;
1369 }
1370 switch (chan->conn->base_.state)
1371 {
1372 case OR_CONN_STATE_OR_HANDSHAKING_V2:
1373 case OR_CONN_STATE_OR_HANDSHAKING_V3:
1374 break;
1375 case OR_CONN_STATE_TLS_HANDSHAKING:
1376 case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
1377 default:
1378 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1379 "VERSIONS cell while in unexpected state");
1380 return;
1381 }
1382
1383 tor_assert(chan->conn->handshake_state);
1384
1385 {
1386 int i;
1387 const uint8_t *cp = cell->payload;
1388 for (i = 0; i < cell->payload_len / 2; ++i, cp += 2) {
1389 uint16_t v = ntohs(get_uint16(cp));
1390 if (is_or_protocol_version_known(v) && v > highest_supported_version)
1391 highest_supported_version = v;
1392 }
1393 }
1394 if (!highest_supported_version) {
1395 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1396 "Couldn't find a version in common between my version list and the "
1397 "list in the VERSIONS cell; closing connection.");
1398 connection_or_close_for_error(chan->conn, 0);
1399 return;
1400 } else if (highest_supported_version == 1) {
1401 /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
1402 * cells. */
1403 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1404 "Used version negotiation protocol to negotiate a v1 connection. "
1405 "That's crazily non-compliant. Closing connection.");
1406 connection_or_close_for_error(chan->conn, 0);
1407 return;
1408 } else if (highest_supported_version < 3 &&
1409 chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
1410 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1411 "Negotiated link protocol 2 or lower after doing a v3 TLS "
1412 "handshake. Closing connection.");
1413 connection_or_close_for_error(chan->conn, 0);
1414 return;
1415 } else if (highest_supported_version != 2 &&
1416 chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
1417 /* XXXX This should eventually be a log_protocol_warn */
1418 log_fn(LOG_WARN, LD_OR,
1419 "Negotiated link with non-2 protocol after doing a v2 TLS "
1420 "handshake with %s. Closing connection.",
1421 fmt_addr(&chan->conn->base_.addr));
1422 connection_or_close_for_error(chan->conn, 0);
1423 return;
1424 }
1425
1426 chan->conn->link_proto = highest_supported_version;
1427 chan->conn->handshake_state->received_versions = 1;
1428
1429 if (chan->conn->link_proto == 2) {
1430 log_info(LD_OR,
1431 "Negotiated version %d with %s:%d; sending NETINFO.",
1432 highest_supported_version,
1433 safe_str_client(chan->conn->base_.address),
1434 chan->conn->base_.port);
1435
1436 if (connection_or_send_netinfo(chan->conn) < 0) {
1437 connection_or_close_for_error(chan->conn, 0);
1438 return;
1439 }
1440 } else {
1441 const int send_versions = !started_here;
1442 /* If we want to authenticate, send a CERTS cell */
1443 const int send_certs = !started_here || public_server_mode(get_options());
1444 /* If we're a host that got a connection, ask for authentication. */
1445 const int send_chall = !started_here;
1446 /* If our certs cell will authenticate us, we can send a netinfo cell
1447 * right now. */
1448 const int send_netinfo = !started_here;
1449 const int send_any =
1450 send_versions || send_certs || send_chall || send_netinfo;
1451 tor_assert(chan->conn->link_proto >= 3);
1452
1453 log_info(LD_OR,
1454 "Negotiated version %d with %s:%d; %s%s%s%s%s",
1455 highest_supported_version,
1456 safe_str_client(chan->conn->base_.address),
1457 chan->conn->base_.port,
1458 send_any ? "Sending cells:" : "Waiting for CERTS cell",
1459 send_versions ? " VERSIONS" : "",
1460 send_certs ? " CERTS" : "",
1461 send_chall ? " AUTH_CHALLENGE" : "",
1462 send_netinfo ? " NETINFO" : "");
1463
1464 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
1465 if (1) {
1466 connection_or_close_normally(chan->conn, 1);
1467 return;
1468 }
1469 #endif
1470
1471 if (send_versions) {
1472 if (connection_or_send_versions(chan->conn, 1) < 0) {
1473 log_warn(LD_OR, "Couldn't send versions cell");
1474 connection_or_close_for_error(chan->conn, 0);
1475 return;
1476 }
1477 }
1478
1479 /* We set this after sending the verions cell. */
1480 /*XXXXX symbolic const.*/
1481 chan->base_.wide_circ_ids =
1482 chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
1483 chan->conn->wide_circ_ids = chan->base_.wide_circ_ids;
1484
1485 if (send_certs) {
1486 if (connection_or_send_certs_cell(chan->conn) < 0) {
1487 log_warn(LD_OR, "Couldn't send certs cell");
1488 connection_or_close_for_error(chan->conn, 0);
1489 return;
1490 }
1491 }
1492 if (send_chall) {
1493 if (connection_or_send_auth_challenge_cell(chan->conn) < 0) {
1494 log_warn(LD_OR, "Couldn't send auth_challenge cell");
1495 connection_or_close_for_error(chan->conn, 0);
1496 return;
1497 }
1498 }
1499 if (send_netinfo) {
1500 if (connection_or_send_netinfo(chan->conn) < 0) {
1501 log_warn(LD_OR, "Couldn't send netinfo cell");
1502 connection_or_close_for_error(chan->conn, 0);
1503 return;
1504 }
1505 }
1506 }
1507 }
1508
1509 /**
1510 * Process a 'netinfo' cell
1511 *
1512 * This function is called to handle an incoming NETINFO cell; read and act
1513 * on its contents, and set the connection state to "open".
1514 */
1515
1516 static void
1517 channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
1518 {
1519 time_t timestamp;
1520 uint8_t my_addr_type;
1521 uint8_t my_addr_len;
1522 const uint8_t *my_addr_ptr;
1523 const uint8_t *cp, *end;
1524 uint8_t n_other_addrs;
1525 time_t now = time(NULL);
1526
1527 long apparent_skew = 0;
1528 tor_addr_t my_apparent_addr = TOR_ADDR_NULL;
1529
1530 tor_assert(cell);
1531 tor_assert(chan);
1532 tor_assert(chan->conn);
1533
1534 if (chan->conn->link_proto < 2) {
1535 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1536 "Received a NETINFO cell on %s connection; dropping.",
1537 chan->conn->link_proto == 0 ? "non-versioned" : "a v1");
1538 return;
1539 }
1540 if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
1541 chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
1542 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1543 "Received a NETINFO cell on non-handshaking connection; dropping.");
1544 return;
1545 }
1546 tor_assert(chan->conn->handshake_state &&
1547 chan->conn->handshake_state->received_versions);
1548
1549 if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
1550 tor_assert(chan->conn->link_proto >= 3);
1551 if (chan->conn->handshake_state->started_here) {
1552 if (!(chan->conn->handshake_state->authenticated)) {
1553 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1554 "Got a NETINFO cell from server, "
1555 "but no authentication. Closing the connection.");
1556 connection_or_close_for_error(chan->conn, 0);
1557 return;
1558 }
1559 } else {
1560 /* we're the server. If the client never authenticated, we have
1561 some housekeeping to do.*/
1562 if (!(chan->conn->handshake_state->authenticated)) {
1563 tor_assert(tor_digest_is_zero(
1564 (const char*)(chan->conn->handshake_state->
1565 authenticated_peer_id)));
1566 channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
1567 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
1568
1569 connection_or_init_conn_from_address(chan->conn,
1570 &(chan->conn->base_.addr),
1571 chan->conn->base_.port,
1572 (const char*)(chan->conn->handshake_state->
1573 authenticated_peer_id),
1574 0);
1575 }
1576 }
1577 }
1578
1579 /* Decode the cell. */
1580 timestamp = ntohl(get_uint32(cell->payload));
1581 if (labs(now - chan->conn->handshake_state->sent_versions_at) < 180) {
1582 apparent_skew = now - timestamp;
1583 }
1584
1585 my_addr_type = (uint8_t) cell->payload[4];
1586 my_addr_len = (uint8_t) cell->payload[5];
1587 my_addr_ptr = (uint8_t*) cell->payload + 6;
1588 end = cell->payload + CELL_PAYLOAD_SIZE;
1589 cp = cell->payload + 6 + my_addr_len;
1590
1591 /* We used to check:
1592 * if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) {
1593 *
1594 * This is actually never going to happen, since my_addr_len is at most 255,
1595 * and CELL_PAYLOAD_LEN - 6 is 503. So we know that cp is < end. */
1596
1597 if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
1598 tor_addr_from_ipv4n(&my_apparent_addr, get_uint32(my_addr_ptr));
1599 } else if (my_addr_type == RESOLVED_TYPE_IPV6 && my_addr_len == 16) {
1600 tor_addr_from_ipv6_bytes(&my_apparent_addr, (const char *) my_addr_ptr);
1601 }
1602
1603 n_other_addrs = (uint8_t) *cp++;
1604 while (n_other_addrs && cp < end-2) {
1605 /* Consider all the other addresses; if any matches, this connection is
1606 * "canonical." */
1607 tor_addr_t addr;
1608 const uint8_t *next =
1609 decode_address_from_payload(&addr, cp, (int)(end-cp));
1610 if (next == NULL) {
1611 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1612 "Bad address in netinfo cell; closing connection.");
1613 connection_or_close_for_error(chan->conn, 0);
1614 return;
1615 }
1616 if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {
1617 connection_or_set_canonical(chan->conn, 1);
1618 break;
1619 }
1620 cp = next;
1621 --n_other_addrs;
1622 }
1623
1624 /* Act on apparent skew. */
1625 /** Warn when we get a netinfo skew with at least this value. */
1626 #define NETINFO_NOTICE_SKEW 3600
1627 if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
1628 router_get_by_id_digest(chan->conn->identity_digest)) {
1629 char dbuf[64];
1630 int severity;
1631 /*XXXX be smarter about when everybody says we are skewed. */
1632 if (router_digest_is_trusted_dir(chan->conn->identity_digest))
1633 severity = LOG_WARN;
1634 else
1635 severity = LOG_INFO;
1636 format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
1637 log_fn(severity, LD_GENERAL,
1638 "Received NETINFO cell with skewed time from "
1639 "server at %s:%d. It seems that our clock is %s by %s, or "
1640 "that theirs is %s. Tor requires an accurate clock to work: "
1641 "please check your time and date settings.",
1642 chan->conn->base_.address,
1643 (int)(chan->conn->base_.port),
1644 apparent_skew > 0 ? "ahead" : "behind",
1645 dbuf,
1646 apparent_skew > 0 ? "behind" : "ahead");
1647 if (severity == LOG_WARN) /* only tell the controller if an authority */
1648 control_event_general_status(LOG_WARN,
1649 "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
1650 apparent_skew,
1651 chan->conn->base_.address,
1652 chan->conn->base_.port);
1653 }
1654
1655 /* XXX maybe act on my_apparent_addr, if the source is sufficiently
1656 * trustworthy. */
1657
1658 if (! chan->conn->handshake_state->sent_netinfo) {
1659 /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
1660 * cell, then we would not previously have sent a NETINFO cell. Do so
1661 * now. */
1662 if (connection_or_send_netinfo(chan->conn) < 0) {
1663 connection_or_close_for_error(chan->conn, 0);
1664 return;
1665 }
1666 }
1667
1668 if (connection_or_set_state_open(chan->conn) < 0) {
1669 log_fn(LOG_PROTOCOL_WARN, LD_OR,
1670 "Got good NETINFO cell from %s:%d; but "
1671 "was unable to make the OR connection become open.",
1672 safe_str_client(chan->conn->base_.address),
1673 chan->conn->base_.port);
1674 connection_or_close_for_error(chan->conn, 0);
1675 } else {
1676 log_info(LD_OR,
1677 "Got good NETINFO cell from %s:%d; OR connection is now "
1678 "open, using protocol version %d. Its ID digest is %s. "
1679 "Our address is apparently %s.",
1680 safe_str_client(chan->conn->base_.address),
1681 chan->conn->base_.port,
1682 (int)(chan->conn->link_proto),
1683 hex_str(TLS_CHAN_TO_BASE(chan)->identity_digest,
1684 DIGEST_LEN),
1685 tor_addr_is_null(&my_apparent_addr) ?
1686 "<none>" : fmt_and_decorate_addr(&my_apparent_addr));
1687 }
1688 assert_connection_ok(TO_CONN(chan->conn),time(NULL));
1689 }
1690
1691 /**
1692 * Process a CERTS cell from a channel.
1693 *
1694 * This function is called to process an incoming CERTS cell on a
1695 * channel_tls_t:
1696 *
1697 * If the other side should not have sent us a CERTS cell, or the cell is
1698 * malformed, or it is supposed to authenticate the TLS key but it doesn't,
1699 * then mark the connection.
1700 *
1701 * If the cell has a good cert chain and we're doing a v3 handshake, then
1702 * store the certificates in or_handshake_state. If this is the client side
1703 * of the connection, we then authenticate the server or mark the connection.
1704 * If it's the server side, wait for an AUTHENTICATE cell.
1705 */
1706
1707 static void
1708 channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
1709 {
1710 tor_cert_t *link_cert = NULL;
1711 tor_cert_t *id_cert = NULL;
1712 tor_cert_t *auth_cert = NULL;
1713 uint8_t *ptr;
1714 int n_certs, i;
1715 int send_netinfo = 0;
1716
1717 tor_assert(cell);
1718 tor_assert(chan);
1719 tor_assert(chan->conn);
1720
1721 #define ERR(s) \
1722 do { \
1723 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1724 "Received a bad CERTS cell from %s:%d: %s", \
1725 safe_str(chan->conn->base_.address), \
1726 chan->conn->base_.port, (s)); \
1727 connection_or_close_for_error(chan->conn, 0); \
1728 goto err; \
1729 } while (0)
1730
1731 if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
1732 ERR("We're not doing a v3 handshake!");
1733 if (chan->conn->link_proto < 3)
1734 ERR("We're not using link protocol >= 3");
1735 if (chan->conn->handshake_state->received_certs_cell)
1736 ERR("We already got one");
1737 if (chan->conn->handshake_state->authenticated) {
1738 /* Should be unreachable, but let's make sure. */
1739 ERR("We're already authenticated!");
1740 }
1741 if (cell->payload_len < 1)
1742 ERR("It had no body");
1743 if (cell->circ_id)
1744 ERR("It had a nonzero circuit ID");
1745
1746 n_certs = cell->payload[0];
1747 ptr = cell->payload + 1;
1748 for (i = 0; i < n_certs; ++i) {
1749 uint8_t cert_type;
1750 uint16_t cert_len;
1751 if (cell->payload_len < 3)
1752 goto truncated;
1753 if (ptr > cell->payload + cell->payload_len - 3) {
1754 goto truncated;
1755 }
1756 cert_type = *ptr;
1757 cert_len = ntohs(get_uint16(ptr+1));
1758 if (cell->payload_len < 3 + cert_len)
1759 goto truncated;
1760 if (ptr > cell->payload + cell->payload_len - cert_len - 3) {
1761 goto truncated;
1762 }
1763 if (cert_type == OR_CERT_TYPE_TLS_LINK ||
1764 cert_type == OR_CERT_TYPE_ID_1024 ||
1765 cert_type == OR_CERT_TYPE_AUTH_1024) {
1766 tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
1767 if (!cert) {
1768 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1769 "Received undecodable certificate in CERTS cell from %s:%d",
1770 safe_str(chan->conn->base_.address),
1771 chan->conn->base_.port);
1772 } else {
1773 if (cert_type == OR_CERT_TYPE_TLS_LINK) {
1774 if (link_cert) {
1775 tor_cert_free(cert);
1776 ERR("Too many TLS_LINK certificates");
1777 }
1778 link_cert = cert;
1779 } else if (cert_type == OR_CERT_TYPE_ID_1024) {
1780 if (id_cert) {
1781 tor_cert_free(cert);
1782 ERR("Too many ID_1024 certificates");
1783 }
1784 id_cert = cert;
1785 } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
1786 if (auth_cert) {
1787 tor_cert_free(cert);
1788 ERR("Too many AUTH_1024 certificates");
1789 }
1790 auth_cert = cert;
1791 } else {
1792 tor_cert_free(cert);
1793 }
1794 }
1795 }
1796 ptr += 3 + cert_len;
1797 continue;
1798
1799 truncated:
1800 ERR("It ends in the middle of a certificate");
1801 }
1802
1803 if (chan->conn->handshake_state->started_here) {
1804 int severity;
1805 if (! (id_cert && link_cert))
1806 ERR("The certs we wanted were missing");
1807 /* Okay. We should be able to check the certificates now. */
1808 if (! tor_tls_cert_matches_key(chan->conn->tls, link_cert)) {
1809 ERR("The link certificate didn't match the TLS public key");
1810 }
1811 /* Note that this warns more loudly about time and validity if we were
1812 * _trying_ to connect to an authority, not necessarily if we _did_ connect
1813 * to one. */
1814 if (router_digest_is_trusted_dir(
1815 TLS_CHAN_TO_BASE(chan)->identity_digest))
1816 severity = LOG_WARN;
1817 else
1818 severity = LOG_PROTOCOL_WARN;
1819
1820 if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0))
1821 ERR("The link certificate was not valid");
1822 if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1))
1823 ERR("The ID certificate was not valid");
1824
1825 chan->conn->handshake_state->authenticated = 1;
1826 {
1827 const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
1828 crypto_pk_t *identity_rcvd;
1829 if (!id_digests)
1830 ERR("Couldn't compute digests for key in ID cert");
1831
1832 identity_rcvd = tor_tls_cert_get_key(id_cert);
1833 if (!identity_rcvd)
1834 ERR("Internal error: Couldn't get RSA key from ID cert.");
1835 memcpy(chan->conn->handshake_state->authenticated_peer_id,
1836 id_digests->d[DIGEST_SHA1], DIGEST_LEN);
1837 channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
1838 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
1839 crypto_pk_free(identity_rcvd);
1840 }
1841
1842 if (connection_or_client_learned_peer_id(chan->conn,
1843 chan->conn->handshake_state->authenticated_peer_id) < 0)
1844 ERR("Problem setting or checking peer id");
1845
1846 log_info(LD_OR,
1847 "Got some good certificates from %s:%d: Authenticated it.",
1848 safe_str(chan->conn->base_.address), chan->conn->base_.port);
1849
1850 chan->conn->handshake_state->id_cert = id_cert;
1851 id_cert = NULL;
1852
1853 if (!public_server_mode(get_options())) {
1854 /* If we initiated the connection and we are not a public server, we
1855 * aren't planning to authenticate at all. At this point we know who we
1856 * are talking to, so we can just send a netinfo now. */
1857 send_netinfo = 1;
1858 }
1859 } else {
1860 if (! (id_cert && auth_cert))
1861 ERR("The certs we wanted were missing");
1862
1863 /* Remember these certificates so we can check an AUTHENTICATE cell */
1864 if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1))
1865 ERR("The authentication certificate was not valid");
1866 if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1))
1867 ERR("The ID certificate was not valid");
1868
1869 log_info(LD_OR,
1870 "Got some good certificates from %s:%d: "
1871 "Waiting for AUTHENTICATE.",
1872 safe_str(chan->conn->base_.address),
1873 chan->conn->base_.port);
1874 /* XXXX check more stuff? */
1875
1876 chan->conn->handshake_state->id_cert = id_cert;
1877 chan->conn->handshake_state->auth_cert = auth_cert;
1878 id_cert = auth_cert = NULL;
1879 }
1880
1881 chan->conn->handshake_state->received_certs_cell = 1;
1882
1883 if (send_netinfo) {
1884 if (connection_or_send_netinfo(chan->conn) < 0) {
1885 log_warn(LD_OR, "Couldn't send netinfo cell");
1886 connection_or_close_for_error(chan->conn, 0);
1887 goto err;
1888 }
1889 }
1890
1891 err:
1892 tor_cert_free(id_cert);
1893 tor_cert_free(link_cert);
1894 tor_cert_free(auth_cert);
1895 #undef ERR
1896 }
1897
1898 /**
1899 * Process an AUTH_CHALLENGE cell from a channel_tls_t
1900 *
1901 * This function is called to handle an incoming AUTH_CHALLENGE cell on a
1902 * channel_tls_t; if we weren't supposed to get one (for example, because we're
1903 * not the originator of the channel), or it's ill-formed, or we aren't doing
1904 * a v3 handshake, mark the channel. If the cell is well-formed but we don't
1905 * want to authenticate, just drop it. If the cell is well-formed *and* we
1906 * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
1907 */
1908
1909 static void
1910 channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
1911 {
1912 int n_types, i, use_type = -1;
1913 uint8_t *cp;
1914
1915 tor_assert(cell);
1916 tor_assert(chan);
1917 tor_assert(chan->conn);
1918
1919 #define ERR(s) \
1920 do { \
1921 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1922 "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
1923 safe_str(chan->conn->base_.address), \
1924 chan->conn->base_.port, (s)); \
1925 connection_or_close_for_error(chan->conn, 0); \
1926 return; \
1927 } while (0)
1928
1929 if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
1930 ERR("We're not currently doing a v3 handshake");
1931 if (chan->conn->link_proto < 3)
1932 ERR("We're not using link protocol >= 3");
1933 if (!(chan->conn->handshake_state->started_here))
1934 ERR("We didn't originate this connection");
1935 if (chan->conn->handshake_state->received_auth_challenge)
1936 ERR("We already received one");
1937 if (!(chan->conn->handshake_state->received_certs_cell))
1938 ERR("We haven't gotten a CERTS cell yet");
1939 if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
1940 ERR("It was too short");
1941 if (cell->circ_id)
1942 ERR("It had a nonzero circuit ID");
1943
1944 n_types = ntohs(get_uint16(cell->payload + OR_AUTH_CHALLENGE_LEN));
1945 if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2 + 2*n_types)
1946 ERR("It looks truncated");
1947
1948 /* Now see if there is an authentication type we can use */
1949 cp = cell->payload+OR_AUTH_CHALLENGE_LEN + 2;
1950 for (i = 0; i < n_types; ++i, cp += 2) {
1951 uint16_t authtype = ntohs(get_uint16(cp));
1952 if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET)
1953 use_type = authtype;
1954 }
1955
1956 chan->conn->handshake_state->received_auth_challenge = 1;
1957
1958 if (! public_server_mode(get_options())) {
1959 /* If we're not a public server then we don't want to authenticate on a
1960 connection we originated, and we already sent a NETINFO cell when we
1961 got the CERTS cell. We have nothing more to do. */
1962 return;
1963 }
1964
1965 if (use_type >= 0) {
1966 log_info(LD_OR,
1967 "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
1968 "authentication",
1969 safe_str(chan->conn->base_.address),
1970 chan->conn->base_.port);
1971
1972 if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) {
1973 log_warn(LD_OR,
1974 "Couldn't send authenticate cell");
1975 connection_or_close_for_error(chan->conn, 0);
1976 return;
1977 }
1978 } else {
1979 log_info(LD_OR,
1980 "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
1981 "know any of its authentication types. Not authenticating.",
1982 safe_str(chan->conn->base_.address),
1983 chan->conn->base_.port);
1984 }
1985
1986 if (connection_or_send_netinfo(chan->conn) < 0) {
1987 log_warn(LD_OR, "Couldn't send netinfo cell");
1988 connection_or_close_for_error(chan->conn, 0);
1989 return;
1990 }
1991
1992 #undef ERR
1993 }
1994
1995 /**
1996 * Process an AUTHENTICATE cell from a channel_tls_t
1997 *
1998 * If it's ill-formed or we weren't supposed to get one or we're not doing a
1999 * v3 handshake, then mark the connection. If it does not authenticate the
2000 * other side of the connection successfully (because it isn't signed right,
2001 * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
2002 * the identity of the router on the other side of the connection.
2003 */
2004
2005 static void
2006 channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
2007 {
2008 uint8_t expected[V3_AUTH_FIXED_PART_LEN];
2009 const uint8_t *auth;
2010 int authlen;
2011
2012 tor_assert(cell);
2013 tor_assert(chan);
2014 tor_assert(chan->conn);
2015
2016 #define ERR(s) \
2017 do { \
2018 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
2019 "Received a bad AUTHENTICATE cell from %s:%d: %s", \
2020 safe_str(chan->conn->base_.address), \
2021 chan->conn->base_.port, (s)); \
2022 connection_or_close_for_error(chan->conn, 0); \
2023 return; \
2024 } while (0)
2025
2026 if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
2027 ERR("We're not doing a v3 handshake");
2028 if (chan->conn->link_proto < 3)
2029 ERR("We're not using link protocol >= 3");
2030 if (chan->conn->handshake_state->started_here)
2031 ERR("We originated this connection");
2032 if (chan->conn->handshake_state->received_authenticate)
2033 ERR("We already got one!");
2034 if (chan->conn->handshake_state->authenticated) {
2035 /* Should be impossible given other checks */
2036 ERR("The peer is already authenticated");
2037 }
2038 if (!(chan->conn->handshake_state->received_certs_cell))
2039 ERR("We never got a certs cell");
2040 if (chan->conn->handshake_state->auth_cert == NULL)
2041 ERR("We never got an authentication certificate");
2042 if (chan->conn->handshake_state->id_cert == NULL)
2043 ERR("We never got an identity certificate");
2044 if (cell->payload_len < 4)
2045 ERR("Cell was way too short");
2046
2047 auth = cell->payload;
2048 {
2049 uint16_t type = ntohs(get_uint16(auth));
2050 uint16_t len = ntohs(get_uint16(auth+2));
2051 if (4 + len > cell->payload_len)
2052 ERR("Authenticator was truncated");
2053
2054 if (type != AUTHTYPE_RSA_SHA256_TLSSECRET)
2055 ERR("Authenticator type was not recognized");
2056
2057 auth += 4;
2058 authlen = len;
2059 }
2060
2061 if (authlen < V3_AUTH_BODY_LEN + 1)
2062 ERR("Authenticator was too short");
2063
2064 if (connection_or_compute_authenticate_cell_body(
2065 chan->conn, expected, sizeof(expected), NULL, 1) < 0)
2066 ERR("Couldn't compute expected AUTHENTICATE cell body");
2067
2068 if (tor_memneq(expected, auth, sizeof(expected)))
2069 ERR("Some field in the AUTHENTICATE cell body was not as expected");
2070
2071 {
2072 crypto_pk_t *pk = tor_tls_cert_get_key(
2073 chan->conn->handshake_state->auth_cert);
2074 char d[DIGEST256_LEN];
2075 char *signed_data;
2076 size_t keysize;
2077 int signed_len;
2078
2079 if (!pk)
2080 ERR("Internal error: couldn't get RSA key from AUTH cert.");
2081 crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
2082
2083 keysize = crypto_pk_keysize(pk);
2084 signed_data = tor_malloc(keysize);
2085 signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
2086 (char*)auth + V3_AUTH_BODY_LEN,
2087 authlen - V3_AUTH_BODY_LEN);
2088 crypto_pk_free(pk);
2089 if (signed_len < 0) {
2090 tor_free(signed_data);
2091 ERR("Signature wasn't valid");
2092 }
2093 if (signed_len < DIGEST256_LEN) {
2094 tor_free(signed_data);
2095 ERR("Not enough data was signed");
2096 }
2097 /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
2098 * in case they're later used to hold a SHA3 digest or something. */
2099 if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
2100 tor_free(signed_data);
2101 ERR("Signature did not match data to be signed.");
2102 }
2103 tor_free(signed_data);
2104 }
2105
2106 /* Okay, we are authenticated. */
2107 chan->conn->handshake_state->received_authenticate = 1;
2108 chan->conn->handshake_state->authenticated = 1;
2109 chan->conn->handshake_state->digest_received_data = 0;
2110 {
2111 crypto_pk_t *identity_rcvd =
2112 tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);
2113 const digests_t *id_digests =
2114 tor_cert_get_id_digests(chan->conn->handshake_state->id_cert);
2115
2116 /* This must exist; we checked key type when reading the cert. */
2117 tor_assert(id_digests);
2118
2119 memcpy(chan->conn->handshake_state->authenticated_peer_id,
2120 id_digests->d[DIGEST_SHA1], DIGEST_LEN);
2121
2122 channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
2123 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
2124 crypto_pk_free(identity_rcvd);
2125
2126 connection_or_init_conn_from_address(chan->conn,
2127 &(chan->conn->base_.addr),
2128 chan->conn->base_.port,
2129 (const char*)(chan->conn->handshake_state->
2130 authenticated_peer_id),
2131 0);
2132
2133 log_info(LD_OR,
2134 "Got an AUTHENTICATE cell from %s:%d: Looks good.",
2135 safe_str(chan->conn->base_.address),
2136 chan->conn->base_.port);
2137 }
2138
2139 #undef ERR
2140 }
2141
The Onion Router