| blob | db9f93e6f6453b0ea09e1c666757b4bc5fbe10c5 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file connection_or.c
9 * \brief Functions to handle OR connections, TLS handshaking, and
10 * cells on the network.
11 *
12 * An or_connection_t is a subtype of connection_t (as implemented in
13 * connection.c) that uses a TLS connection to send and receive cells on the
14 * Tor network. (By sending and receiving cells connection_or.c, it cooperates
15 * with channeltls.c to implement a the channel interface of channel.c.)
16 *
17 * Every OR connection has an underlying tortls_t object (as implemented in
18 * tortls.c) which it uses as its TLS stream. It is responsible for
19 * sending and receiving cells over that TLS.
20 *
21 * This module also implements the client side of the v3 (and greater) Tor
22 * link handshake.
23 **/
27 /*
28 * Define this so we get channel internal functions, since we're implementing
29 * part of a subclass (channel_tls_t).
30 */
31 #define CHANNEL_OBJECT_PRIVATE
32 #define CONNECTION_OR_PRIVATE
33 #define ORCONN_EVENT_PRIVATE
95 static unsigned int
102 /**************************************************************/
104 /**
105 * Cast a `connection_t *` to an `or_connection_t *`.
106 *
107 * Exit with an assertion failure if the input is not an `or_connnection_t`.
108 **/
109 or_connection_t *
111 {
114 }
116 /**
117 * Cast a `const connection_t *` to a `const or_connection_t *`.
118 *
119 * Exit with an assertion failure if the input is not an `or_connnection_t`.
120 **/
123 {
125 }
127 /** Clear clear conn->identity_digest and update other data
128 * structures as appropriate.*/
129 void
131 {
134 }
136 /** Clear all identities in OR conns.*/
137 void
139 {
142 {
145 }
146 });
147 }
149 /** Change conn->identity_digest to digest, and add conn into
150 * the appropriate digest maps.
151 *
152 * NOTE that this function only allows two kinds of transitions: from
153 * unset identity to set identity, and from idempotent re-settings
154 * of the same identity. It's not allowed to clear an identity or to
155 * change an identity. Return 0 on success, and -1 if the transition
156 * is not allowed.
157 **/
158 static void
162 {
172 conn,
193 /* If the identity was set previously, remove the old mapping. */
198 }
202 /* If we're initializing the IDs to zero, don't add a mapping yet. */
207 /* Deal with channels */
210 }
212 /**
213 * Return the Ed25519 identity of the peer for this connection (if any).
214 *
215 * Note that this ID may not be the _actual_ identity for the peer if
216 * authentication is not complete.
217 **/
220 {
226 }
227 }
230 }
232 /**************************************************************/
234 /** Map from a string describing what a non-open OR connection was doing when
235 * failed, to an intptr_t describing the count of connections that failed that
236 * way. Note that the count is stored _as_ the pointer.
237 */
240 /** If true, do not record information in <b>broken_connection_counts</b>. */
243 /** Record that an OR connection failed in <b>state</b>. */
244 static void
246 {
257 val++;
260 }
262 /** Forget all recorded states for failed connections. If
263 * <b>stop_recording</b> is true, don't record any more. */
264 void
266 {
272 }
274 /** Write a detailed description the state of <b>orconn</b> into the
275 * <b>buflen</b>-byte buffer at <b>buf</b>. This description includes not
276 * only the OR-conn level state but also the TLS state. It's useful for
277 * diagnosing broken handshakes. */
278 static void
281 {
292 }
294 /** Record the current state of <b>orconn</b> as the state of a broken
295 * connection. */
296 static void
298 {
305 }
307 /** Helper type used to sort connection states and find the most frequent. */
313 /** Helper function used to sort broken_state_count_t by frequency. */
314 static int
316 {
322 else
324 }
326 /** Upper limit on the number of different states to report for connection
327 * failure. */
328 #define MAX_REASONS_TO_REPORT 10
330 /** Report a list of the top states for failed OR connections at log level
331 * <b>severity</b>, in log domain <b>domain</b>. */
332 void
334 {
364 }
366 /**
367 * Helper function to publish an OR connection status event
368 *
369 * Publishes a messages to subscribers of ORCONN messages, and sends
370 * the control event.
371 **/
372 void
375 {
383 }
385 /**
386 * Helper function to publish a state change message
387 *
388 * connection_or_change_state() calls this to notify subscribers about
389 * a change of an OR connection state.
390 **/
391 static void
393 {
398 /* Do extra decoding because conn->proxy_type indicates the proxy
399 * protocol that tor uses to talk with the transport plugin,
400 * instead of PROXY_PLUGGABLE. */
405 }
411 }
413 }
415 /** Call this to change or_connection_t states, so the owning channel_tls_t can
416 * be notified.
417 */
421 {
429 }
431 /** Return the number of circuits using an or_connection_t; this used to
432 * be an or_connection_t field, but it got moved to channel_t and we
433 * shouldn't maintain two copies. */
437 {
443 }
445 /**************************************************************/
447 /** Pack the cell_t host-order structure <b>src</b> into network-order
448 * in the buffer <b>dest</b>. See tor-spec.txt for details about the
449 * wire format.
450 *
451 * Note that this function doesn't touch <b>dst</b>-\>next: the caller
452 * should set it or clear it as appropriate.
453 */
454 void
456 {
462 /* Clear the last two bytes of dest, in case we can accidentally
463 * send them to the network somehow. */
467 }
470 }
472 /** Unpack the network-order buffer <b>src</b> into a host-order
473 * cell_t structure <b>dest</b>.
474 */
475 static void
477 {
484 }
487 }
489 /** Write the header of <b>cell</b> into the first VAR_CELL_MAX_HEADER_SIZE
490 * bytes of <b>hdr_out</b>. Returns number of bytes used. */
491 int
493 {
503 }
507 }
509 /** Allocate and return a new var_cell_t with <b>payload_len</b> bytes of
510 * payload space. */
511 var_cell_t *
513 {
520 }
522 /**
523 * Copy a var_cell_t
524 */
526 var_cell_t *
528 {
539 }
542 }
544 /** Release all space held by <b>cell</b>. */
545 void
547 {
549 }
551 /** We've received an EOF from <b>conn</b>. Mark it for close and return. */
552 int
554 {
561 }
563 /** Handle any new bytes that have come in on connection <b>conn</b>.
564 * If conn is in 'open' state, hand it to
565 * connection_or_process_cells_from_inbuf()
566 * (else do nothing).
567 */
568 int
570 {
578 /* start TLS after handshake completion, or deal with error */
583 "when transitioning from PROXY_HANDSHAKING state on %s: "
589 }
592 /* Touch the channel's active timestamp if there is one */
595 }
598 }
608 }
610 /* This check makes sure that we don't have any data on the inbuf if we're
611 * doing our TLS handshake: if we did, they were probably put there by a
612 * SOCKS proxy trying to trick us into accepting unauthenticated data.
613 */
621 }
624 }
626 /** Called whenever we have flushed some data on an or_conn: add more data
627 * from active circuits. */
628 int
630 {
633 /* Update the channel's active timestamp if there is one */
637 /* If we're under the low water mark, add cells until we're just over the
638 * high water mark. */
641 /* Let the scheduler know */
643 }
646 }
648 /** This is for channeltls.c to ask how many cells we could accept if
649 * they were available. */
650 ssize_t
652 {
658 /*
659 * If we're under the high water mark, we're potentially
660 * writeable; note this is different from the calculation above
661 * used to trigger when to start writing after we've stopped.
662 */
667 }
670 }
672 /** Connection <b>conn</b> has finished writing and has no bytes left on
673 * its outbuf.
674 *
675 * Otherwise it's in state "open": stop writing and return.
676 *
677 * If <b>conn</b> is broken, mark it for close and return -1, else
678 * return 0.
679 */
680 int
682 {
688 /* PROXY_HAPROXY gets connected by receiving an ack. */
692 /* This should be impossible; we're not even reading. */
695 }
699 /* TLS handshaking error of some kind. */
702 }
704 }
714 }
716 /* Update the channel's active timestamp if there is one */
721 }
723 /** Connected handler for OR connections: begin the TLS handshake.
724 */
725 int
727 {
739 /* start proxy handshake */
743 }
749 }
752 /* TLS handshaking error of some kind. */
755 }
757 }
759 /** Called when we're about to finally unlink and free an OR connection:
760 * perform necessary accounting and cleanup */
761 void
763 {
766 /* Tell the controlling channel we're closed */
769 /*
770 * NULL this out because the channel might hang around a little
771 * longer before channel_run_cleanup() gets it.
772 */
775 }
777 /* Remember why we're closing this connection. */
779 /* now mark things down as needed */
783 /* Tell the new guard API about the channel failure */
788 reason);
793 }
796 }
798 }
799 }
800 }
802 /* We only set hold_open_until_flushed when we're intentionally
803 * closing a connection. */
809 }
810 }
812 /** Return 1 if identity digest <b>id_digest</b> is known to be a
813 * currently or recently running relay. Otherwise return 0. */
814 int
816 {
821 * it. Probably it was in a recent consensus. "Yes". */
823 }
825 /** Set the per-conn read and write limits for <b>conn</b>. If it's a known
826 * relay, we will rely on the global read and write buckets, so give it
827 * per-conn limits that are big enough they'll never matter. But if it's
828 * not a known relay, first check if we set PerConnBwRate/Burst, then
829 * check if the consensus sets them, else default to 'big enough'.
830 *
831 * If <b>reset</b> is true, set the bucket to be full. Otherwise, just
832 * clip the bucket if it happens to be <em>too</em> full.
833 */
834 static void
837 {
840 /* It's in the consensus, or we have a descriptor for it meaning it
841 * was probably in a recent consensus. It's a recognized relay:
842 * give it full bandwidth. */
846 /* Not a recognized relay. Squeeze it down based on the suggested
847 * bandwidth parameters in the consensus, but allow local config
848 * options to override. */
855 }
860 }
861 }
863 /** Either our set of relays or our per-conn rate limits have changed.
864 * Go through all the OR connections and update their token buckets to make
865 * sure they don't exceed their maximum values. */
866 void
869 {
871 {
874 });
875 }
877 /* Mark <b>or_conn</b> as canonical if <b>is_canonical</b> is set, and
878 * non-canonical otherwise. Adjust idle_timeout accordingly.
879 */
880 void
883 {
886 /* Don't recalculate an existing idle_timeout unless the canonical
887 * status changed. */
889 }
900 }
902 /** If we don't necessarily know the router we're connecting to, but we
903 * have an addr/port/id_digest, then fill in as much as we can. Start
904 * by checking to see if this describes a router we know.
905 * <b>started_here</b> is 1 if we are the initiator of <b>conn</b> and
906 * 0 if it's an incoming connection. */
907 void
913 {
918 started_here);
927 }
930 }
932 /** Check whether the identity of <b>conn</b> matches a known node. If it
933 * does, check whether the address of conn matches the expected address, and
934 * update the connection's is_canonical flag, nickname, and address fields as
935 * appropriate. */
936 static void
938 {
950 /* If this node is capable of proving an ed25519 ID,
951 * we can't call this a canonical connection unless both IDs match. */
953 }
956 tor_addr_port_t node_ipv4_ap;
957 tor_addr_port_t node_ipv6_ap;
963 }
964 /* Choose the correct canonical address and port. */
970 }
971 /* Remember the canonical addr/port so our log messages will make
972 sense. */
982 }
984 /*
985 * We have to tell channeltls.c to update the channel marks (local, in
986 * particular), since we may have changed the address.
987 */
991 }
992 }
994 /** These just pass all the is_bad_for_new_circs manipulation on to
995 * channel_t */
997 static unsigned int
999 {
1005 }
1007 static void
1009 {
1014 }
1016 /** How old do we let a connection to an OR get before deciding it's
1017 * too old for new circuits? */
1018 #define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7)
1020 /** Expire an or_connection if it is too old. Helper for
1021 * connection_or_group_set_badness_ and fast path for
1022 * channel_rsa_id_group_set_badness.
1023 *
1024 * Returns 1 if the connection was already expired, else 0.
1025 */
1026 int
1030 {
1031 /* XXXX this function should also be about channels? */
1040 "Marking %s as too old for new circuits "
1046 }
1049 }
1051 /** Given a list of all the or_connections with a given
1052 * identity, set elements of that list as is_bad_for_new_circs as
1053 * appropriate. Helper for connection_or_set_bad_connections().
1054 *
1055 * Specifically, we set the is_bad_for_new_circs flag on:
1056 * - all connections if <b>force</b> is true.
1057 * - all connections that are too old.
1058 * - all open non-canonical connections for which a canonical connection
1059 * exists to the same router.
1060 * - all open canonical connections for which a 'better' canonical
1061 * connection exists to the same router.
1062 * - all open non-canonical connections for which a 'better' non-canonical
1063 * connection exists to the same router at the same address.
1064 *
1065 * See channel_is_better() in channel.c for our idea of what makes one OR
1066 * connection better than another.
1067 */
1068 void
1070 {
1071 /* XXXX this function should be entirely about channels, not OR
1072 * XXXX connections. */
1078 /* Pass 1: expire everything that's old, and see what the status of
1079 * everything else is. */
1092 }
1095 /* Pass 2: We know how about how good the best connection is.
1096 * expire everything that's worse, and find the very best if we can. */
1103 * when the connection finishes. */
1105 /* We have at least one open canonical connection to this router,
1106 * and this one is open but not canonical. Mark it bad. */
1108 "Marking %s unsuitable for new circuits: "
1116 }
1122 }
1128 /* Pass 3: One connection to OR is best. If it's canonical, mark as bad
1129 * every other open connection. If it's non-canonical, mark as bad
1130 * every other open connection to the same address.
1131 *
1132 * XXXX This isn't optimal; if we have connections to an OR at multiple
1133 * addresses, we'd like to pick the best _for each address_, and mark as
1134 * bad every open connection that isn't best for its address. But this
1135 * can only occur in cases where the other OR is old (so we have no
1136 * canonical connection to it), or where all the connections to the OR are
1137 * at noncanonical addresses and we have no good direct connection (which
1138 * means we aren't at risk of attaching circuits to it anyway). As
1139 * 0.1.2.x dies out, the first case will go away, and the second one is
1140 * "mostly harmless", so a fix can wait until somebody is bored.
1141 */
1150 /* This isn't the best conn, _and_ the best conn is better than it */
1153 "Marking %s as unsuitable for new circuits: "
1155 "We have a better canonical one "
1165 "Marking %s unsuitable for new circuits: "
1167 "one with the "
1174 }
1175 }
1177 }
1179 /* Lifetime of a connection failure. After that, we'll retry. This is in
1180 * seconds. */
1181 #define OR_CONNECT_FAILURE_LIFETIME 60
1182 /* The interval to use with when to clean up the failure cache. */
1183 #define OR_CONNECT_FAILURE_CLEANUP_INTERVAL 60
1185 /* When is the next time we have to cleanup the failure map. We keep this
1186 * because we clean it opportunistically. */
1189 /* OR connection failure entry data structure. It is kept in the connection
1190 * failure map defined below and indexed by OR identity digest, address and
1191 * port.
1192 *
1193 * We need to identify a connection failure with these three values because we
1194 * want to avoid to wrongfully block a relay if someone is trying to
1195 * extend to a known identity digest but with the wrong IP/port. For instance,
1196 * it can happen if a relay changed its port but the client still has an old
1197 * descriptor with the old port. We want to stop connecting to that
1198 * IP/port/identity all together, not only the relay identity. */
1201 /* Identity digest of the connection where it is connecting to. */
1203 /* This is the connection address from the base connection_t. After the
1204 * connection is checked for canonicity, the base address should represent
1205 * what we know instead of where we are connecting to. This is what we need
1206 * so we can correlate known relays within the consensus. */
1207 tor_addr_t addr;
1209 /* Last time we were unable to connect. */
1213 /* Map where we keep connection failure entries. They are indexed by addr,
1214 * port and identity digest. */
1218 /* Helper: Hashtable equal function. Return 1 if equal else 0. */
1219 static int
1222 {
1226 }
1228 /* Helper: Return the hash for the hashtable of the given entry. For this
1229 * table, it is a combination of address, port and identity digest. */
1230 static unsigned int
1232 {
1235 /* Largest size is IPv6 and IPv4 is smaller so it is fine. */
1238 /* Get the right address bytes depending on the family. */
1251 }
1261 }
1270 /* Initialize a given connect failure entry with the given identity_digest,
1271 * addr and port. All field are optional except ocf. */
1272 static void
1275 {
1280 }
1283 }
1285 }
1287 /* Return a newly allocated connection failure entry. It is initialized with
1288 * the given or_conn data. This can't fail. */
1291 {
1296 }
1298 /* Return a connection failure entry matching the given or_conn. NULL is
1299 * returned if not found. */
1302 {
1303 or_connect_failure_entry_t lookup;
1308 }
1310 /* Note down in the connection failure cache that a failure occurred on the
1311 * given or_conn. */
1312 STATIC void
1314 {
1323 }
1325 }
1327 /* Cleanup the connection failure cache and remove all entries below the
1328 * given cutoff. */
1329 static void
1331 {
1342 }
1343 }
1344 }
1346 /* Return true iff the given OR connection can connect to its destination that
1347 * is the triplet identity_digest, address and port.
1348 *
1349 * The or_conn MUST have gone through connection_or_check_canonicity() so the
1350 * base address is properly set to what we know or doesn't know. */
1351 STATIC int
1353 {
1363 /* Opportunistically try to cleanup the failure cache. We do that at regular
1364 * interval so it doesn't grow too big. */
1367 or_connect_failure_map_next_cleanup_ts =
1369 }
1371 /* Look if we have failed previously to the same destination as this
1372 * OR connection. */
1376 }
1377 /* If we do have an unable to connect timestamp and it is below cutoff, we
1378 * can connect. Or we have never failed before so let it connect. */
1381 }
1383 /* Ok we can connect! */
1385 no_connect:
1387 }
1389 /** <b>conn</b> is in the 'connecting' state, and it failed to complete
1390 * a TCP connection. Send notifications appropriately.
1391 *
1392 * <b>reason</b> specifies the or_conn_end_reason for the failure;
1393 * <b>msg</b> specifies the strerror-style error message.
1394 */
1395 void
1398 {
1403 }
1405 /** <b>conn</b> got an error in connection_handle_read_impl() or
1406 * connection_handle_write_impl() and is going to die soon.
1407 *
1408 * <b>reason</b> specifies the or_conn_end_reason for the failure;
1409 * <b>msg</b> specifies the strerror-style error message.
1410 */
1411 void
1414 {
1419 /* If we're connecting, call connect_failed() too */
1423 /* Tell the controlling channel if we have one */
1426 /* Don't transition if we're already in closing, closed or error */
1429 }
1430 }
1432 /* No need to mark for error because connection.c is about to do that */
1433 }
1435 /** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
1436 * handshake with an OR with identity digest <b>id_digest</b>. Optionally,
1437 * pass in a pointer to a channel using this connection.
1438 *
1439 * If <b>id_digest</b> is me, do nothing. If we're already connected to it,
1440 * return that connection. If the connect() is in progress, set the
1441 * new conn's state to 'connecting' and return it. If connect() succeeds,
1442 * call connection_tls_start_handshake() on it.
1443 *
1444 * This function is called from router_retry_connections(), for
1445 * ORs connecting to ORs, and circuit_establish_circuit(), for
1446 * OPs connecting to ORs.
1447 *
1448 * Return the launched conn, or NULL if it failed.
1449 */
1456 {
1460 tor_addr_t addr;
1463 tor_addr_t proxy_addr;
1474 }
1479 }
1483 /*
1484 * Set up conn so it's got all the data we need to remember for channels
1485 *
1486 * This stuff needs to happen before connection_or_init_conn_from_address()
1487 * so connection_or_set_identity_digest() and such know where to look to
1488 * keep the channel up to date.
1489 */
1494 /* We have a proper OR connection setup, now check if we can connect to it
1495 * that is we haven't had a failure earlier. This is to avoid to try to
1496 * constantly connect to relays that we think are not reachable. */
1503 }
1507 /* If we are using a proxy server, find it and use it. */
1517 }
1521 /* This duplication of state change calls is necessary in case we
1522 * run into an error condition below */
1526 /* get_proxy_addrport() might fail if we have a Bridge line that
1527 references a transport, but no ClientTransportPlugin lines
1528 defining its transport proxy. If this is the case, let's try to
1529 output a useful log message to the user. */
1536 "using pluggable transport '%s', but we can't find a pluggable "
1537 "transport proxy supporting '%s'. This can happen if you "
1538 "haven't provided a ClientTransportPlugin line, or if "
1545 END_OR_CONN_REASON_PT_MISSING,
1546 conn);
1552 }
1556 }
1561 /* We failed to establish a connection probably because of a local
1562 * error. No need to blame the guard in this case. Notify the networking
1563 * system of this failure. */
1571 /* writable indicates finish, readable indicates broken link,
1572 error indicates broken link on windows */
1574 /* case 1: fall through */
1575 }
1578 /* already marked for close */
1580 }
1582 }
1584 /** Mark orconn for close and transition the associated channel, if any, to
1585 * the closing state.
1586 *
1587 * It's safe to call this and connection_or_close_for_error() any time, and
1588 * channel layer will treat it as a connection closing for reasons outside
1589 * its control, like the remote end closing it. It can also be a local
1590 * reason that's specific to connection_t/or_connection_t rather than
1591 * the channel mechanism, such as expiration of old connections in
1592 * run_connection_housekeeping(). If you want to close a channel_t
1593 * from somewhere that logically works in terms of generic channels
1594 * rather than connections, use channel_mark_for_close(); see also
1595 * the comment on that function in channel.c.
1596 */
1598 void
1600 {
1608 /* Don't transition if we're already in closing, closed or error */
1611 }
1612 }
1613 }
1615 /** Mark orconn for close and transition the associated channel, if any, to
1616 * the error state.
1617 */
1621 {
1629 /* Don't transition if we're already in closing, closed or error */
1632 }
1633 }
1634 }
1636 /** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
1637 * we initiated the connection, else it's 1.
1638 *
1639 * Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
1640 * pass <b>conn</b> to connection_tls_continue_handshake().
1641 *
1642 * Return -1 if <b>conn</b> is broken, else return 0.
1643 */
1646 {
1650 /* Incoming connections will need a new channel passed to the
1651 * channel_tls_listener */
1653 /* It shouldn't already be set */
1659 }
1662 }
1670 }
1682 }
1684 /** Block all future attempts to renegotiate on 'conn' */
1685 void
1687 {
1693 }
1695 /** Invoked on the server side from inside tor_tls_read() when the server
1696 * gets a successful TLS renegotiation from the client. */
1697 static void
1699 {
1703 /* Don't invoke this again. */
1707 /* XXXX_TLS double-check that it's ok to do this from inside read. */
1708 /* XXXX_TLS double-check that this verifies certificates. */
1710 }
1711 }
1713 /** Move forward with the tls handshake. If it finishes, hand
1714 * <b>conn</b> to connection_tls_finish_handshake().
1715 *
1716 * Return -1 if <b>conn</b> is broken, else return 0.
1717 */
1718 int
1720 {
1725 // log_notice(LD_OR, "Continue handshake with %p", conn->tls);
1727 // log_notice(LD_OR, "Result: %d", result);
1730 CASE_TOR_TLS_ERROR_ANY:
1741 /* v2/v3 handshake, but we are not a client. */
1745 connection_or_tls_renegotiated_cb,
1746 conn);
1748 OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
1752 }
1753 }
1767 }
1769 }
1771 /** Return 1 if we initiated this connection, or 0 if it started
1772 * out as an incoming connection.
1773 */
1774 int
1776 {
1784 }
1786 /** <b>Conn</b> just completed its handshake. Return 0 if all is well, and
1787 * return -1 if they are lying, broken, or otherwise something is wrong.
1788 *
1789 * If we initiated this connection (<b>started_here</b> is true), make sure
1790 * the other side sent a correctly formed certificate. If I initiated the
1791 * connection, make sure it's the right relay by checking the certificate.
1792 *
1793 * Otherwise (if we _didn't_ initiate this connection), it's okay for
1794 * the certificate to be weird or absent.
1795 *
1796 * If we return 0, and the certificate is as expected, write a hash of the
1797 * identity key into <b>digest_rcvd_out</b>, which must have DIGEST_LEN
1798 * space in it.
1799 * If the certificate is invalid or missing on an incoming connection,
1800 * we return 0 and set <b>digest_rcvd_out</b> to DIGEST_LEN NUL bytes.
1801 * (If we return -1, the contents of this buffer are undefined.)
1802 *
1803 * As side effects,
1804 * 1) Set conn->circ_id_type according to tor-spec.txt.
1805 * 2) If we're an authdirserver and we initiated the connection: drop all
1806 * descriptors that claim to be on that IP/port but that aren't
1807 * this relay; and note that this relay is reachable.
1808 * 3) If this is a bridge and we didn't configure its identity
1809 * fingerprint, remember the keyid we just learned.
1810 */
1811 static int
1815 {
1832 }
1848 "The certificate seems to be valid on %s connection "
1851 }
1853 }
1859 }
1862 }
1870 /* A TLS handshake can't teach us an Ed25519 ID, so we set it to NULL
1871 * here. */
1876 NULL);
1877 }
1880 }
1882 /** Called when we (as a connection initiator) have definitively,
1883 * authenticatedly, learned that ID of the Tor instance on the other
1884 * side of <b>conn</b> is <b>rsa_peer_id</b> and optionally <b>ed_peer_id</b>.
1885 * For v1 and v2 handshakes,
1886 * this is right after we get a certificate chain in a TLS handshake
1887 * or renegotiation. For v3+ handshakes, this is right after we get a
1888 * certificate chain in a CERTS cell.
1889 *
1890 * If we did not know the ID before, record the one we got.
1891 *
1892 * If we wanted an ID, but we didn't get the one we expected, log a message
1893 * and return -1.
1894 * On relays:
1895 * - log a protocol warning whenever the fingerprints don't match;
1896 * On clients:
1897 * - if a relay's fingerprint doesn't match, log a warning;
1898 * - if we don't have updated relay fingerprints from a recent consensus, and
1899 * a fallback directory mirror's hard-coded fingerprint has changed, log an
1900 * info explaining that we will try another fallback.
1901 *
1902 * If we're testing reachability, remember what we learned.
1903 *
1904 * Return 0 on success, -1 on failure.
1905 */
1906 int
1910 {
1924 conn,
1941 /* if it's a bridge and we didn't know its identity fingerprint, now
1942 * we do -- remember it for future attempts. */
1946 }
1950 /* It only counts as an ed25519 mismatch if we wanted an ed25519 identity
1951 * and didn't get it. It's okay if we get one that we didn't ask for. */
1953 expected_ed_key &&
1958 /* I was aiming for a particular digest. I didn't get it! */
1966 DIGEST_LEN);
1971 }
1976 }
1989 /* Relays and Single Onion Services make direct connections using
1990 * untrusted authentication keys. */
1995 /* We need to do the checks in this order, because the list of
1996 * fallbacks includes the list of authorities */
2000 /* we expect a small number of fallbacks to change from their
2001 * hard-coded fingerprints over the life of a release */
2005 /* it's a bridge, it's either a misconfiguration, or unexpected */
2007 }
2009 /* a relay has changed its fingerprint from the one in the consensus */
2011 }
2012 }
2015 "Tried connecting to router at %s, but RSA + ed25519 identity "
2020 /* Tell the new guard API about the channel failure */
2023 END_OR_CONN_REASON_OR_IDENTITY);
2027 END_OR_CONN_REASON_OR_IDENTITY,
2028 conn);
2030 }
2038 }
2041 /* If we learned an identity for this connection, then we might have
2042 * just discovered it to be canonical. */
2047 }
2050 // We don't want to use canonical_orport here -- we want the address
2051 // that we really used.
2054 }
2057 }
2059 /** Return when we last used this channel for client activity (origin
2060 * circuits). This is called from connection.c, since client_used is now one
2061 * of the timestamps in channel_t */
2063 time_t
2065 {
2071 }
2073 /** The v1/v2 TLS handshake is finished.
2074 *
2075 * Make sure we are happy with the peer we just handshaked with.
2076 *
2077 * If they initiated the connection, make sure they're not already connected,
2078 * then initialize conn from the information in router.
2079 *
2080 * If all is successful, call circuit_n_conn_done() to handle events
2081 * that have been pending on the <tls handshake completion. Also set the
2082 * directory to be dirty (only matters if I'm an authdirserver).
2083 *
2084 * If this is a v2 TLS handshake, send a versions cell.
2085 */
2086 static int
2088 {
2122 }
2123 }
2125 /**
2126 * Called as client when initial TLS handshake is done, and we notice
2127 * that we got a v3-handshake signalling certificate from the server.
2128 * Set up structures, do bookkeeping, and send the versions cell.
2129 * Return 0 on success and -1 on failure.
2130 */
2131 static int
2133 {
2143 }
2145 /** Allocate a new connection handshake state for the connection
2146 * <b>conn</b>. Return 0 on success, -1 on failure. */
2147 int
2149 {
2154 }
2161 }
2165 }
2167 /** Free all storage held by <b>state</b>. */
2168 void
2170 {
2179 }
2181 /**
2182 * Remember that <b>cell</b> has been transmitted (if <b>incoming</b> is
2183 * false) or received (if <b>incoming</b> is true) during a V3 handshake using
2184 * <b>state</b>.
2185 *
2186 * (We don't record the cell, but we keep a digest of everything sent or
2187 * received during the v3 handshake, and the client signs it in an
2188 * authenticate cell.)
2189 */
2190 void
2195 {
2198 packed_cell_t packed;
2205 }
2208 "while making a handshake digest. But we think we are sending "
2210 }
2216 /* Re-packing like this is a little inefficient, but we don't have to do
2217 this very often at all. */
2221 }
2223 /** Remember that a variable-length <b>cell</b> has been transmitted (if
2224 * <b>incoming</b> is false) or received (if <b>incoming</b> is true) during a
2225 * V3 handshake using <b>state</b>.
2226 *
2227 * (We don't record the cell, but we keep a digest of everything sent or
2228 * received during the v3 handshake, and the client signs it in an
2229 * authenticate cell.)
2230 */
2231 void
2236 {
2246 }
2258 }
2260 /** Set <b>conn</b>'s state to OR_CONN_STATE_OPEN, and tell other subsystems
2261 * as appropriate. Called when we are done with all TLS and OR handshaking.
2262 */
2263 int
2265 {
2269 /* Link protocol 3 appeared in Tor 0.2.3.6-alpha, so any connection
2270 * that uses an earlier link protocol should not be treated as a relay. */
2273 }
2280 }
2282 /** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s outbuf.
2283 * For cells that use or affect a circuit, this should only be called by
2284 * connection_or_flush_from_first_active_circuit().
2285 */
2286 void
2288 {
2289 packed_cell_t networkcell;
2297 /* We need to count padding cells from this non-packed code path
2298 * since they are sent via chan->write_cell() (which is not packed) */
2305 /* Touch the channel's active timestamp if there is one */
2313 }
2314 }
2318 }
2320 /** Pack a variable-length <b>cell</b> into wire-format, and write it onto
2321 * <b>conn</b>'s outbuf. Right now, this <em>DOES NOT</em> support cells that
2322 * affect a circuit.
2323 */
2327 {
2340 /* Touch the channel's active timestamp if there is one */
2343 }
2345 /** See whether there's a variable-length cell waiting on <b>or_conn</b>'s
2346 * inbuf. Return values as for fetch_var_cell_from_buf(). */
2347 static int
2349 {
2352 }
2354 /** Process cells from <b>conn</b>'s inbuf.
2355 *
2356 * Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
2357 * and hand it to command_process_cell().
2358 *
2359 * Always return 0.
2360 */
2361 static int
2363 {
2366 /*
2367 * Note on memory management for incoming cells: below the channel layer,
2368 * we shouldn't need to consider its internal queueing/copying logic. It
2369 * is safe to pass cells to it on the stack or on the heap, but in the
2370 * latter case we must be sure we free them later.
2371 *
2372 * The incoming cell queue code in channel.c will (in the common case)
2373 * decide it can pass them to the upper layer immediately, in which case
2374 * those functions may run directly on the cell pointers we pass here, or
2375 * it may decide to queue them, in which case it will allocate its own
2376 * buffer and copy the cell.
2377 */
2381 TOR_SOCKET_T_FORMAT": starting, inbuf_datalen %d "
2389 /* Touch the channel's active timestamp if there is one */
2400 cell_t cell;
2405 /* Touch the channel's active timestamp if there is one */
2412 /* retrieve cell info from buf (create the host-order struct from the
2413 * network-order string) */
2417 }
2418 }
2419 }
2421 /** Array of recognized link protocol versions. */
2423 /** Number of versions in <b>or_protocol_versions</b>. */
2427 /** Return true iff <b>v</b> is a link protocol version that this Tor
2428 * implementation believes it can support. */
2429 int
2431 {
2436 }
2438 }
2440 /** Send a VERSIONS cell on <b>conn</b>, telling the other host about the
2441 * link protocol versions that this Tor can support.
2442 *
2443 * If <b>v3_plus</b>, this is part of a V3 protocol handshake, so only
2444 * allow protocol version v3 or later. If not <b>v3_plus</b>, this is
2445 * not part of a v3 protocol handshake, so don't allow protocol v3 or
2446 * later.
2447 **/
2448 int
2450 {
2466 }
2474 }
2478 {
2496 }
2499 }
2501 /** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
2502 * about their address, our address, and the current time. */
2505 {
2506 cell_t cell;
2517 }
2524 /* Timestamp, if we're a relay. */
2528 /* Their address. */
2530 /* We can safely use TO_CONN(conn)->addr here, since we no longer replace
2531 * it with a canonical address. */
2536 /* My address -- only include it if I'm a public relay, or if I'm a
2537 * bridge and this is an incoming connection. If I'm a bridge and this
2538 * is an outgoing connection, act like a normal client and omit it. */
2550 }
2551 }
2556 errmsg);
2558 }
2564 }
2571 cleanup:
2575 }