| blob | 04df8aeeb8d07e852295b8988ce9ba49224be30e |
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file protover.c
6 * \brief Versioning information for different pieces of the Tor protocol.
7 *
8 * Starting in version 0.2.9.3-alpha, Tor places separate version numbers on
9 * each of the different components of its protocol. Relays use these numbers
10 * to advertise what versions of the protocols they can support, and clients
11 * use them to find what they can ask a given relay to do. Authorities vote
12 * on the supported protocol versions for each relay, and also vote on the
13 * which protocols you should have to support in order to be on the Tor
14 * network. All Tor instances use these required/recommended protocol versions
15 * to tell what level of support for recent protocols each relay has, and
16 * to decide whether they should be running given their current protocols.
17 *
18 * The main advantage of these protocol versions numbers over using Tor
19 * version numbers is that they allow different implementations of the Tor
20 * protocols to develop independently, without having to claim compatibility
21 * with specific versions of Tor.
22 **/
24 #define PROTOVER_PRIVATE
31 #ifndef HAVE_RUST
39 /** Mapping between protocol type string and protocol type. */
40 /// C_RUST_COUPLED: src/rust/protover/protover.rs `PROTOCOL_NAMES`
42 protocol_type_t protover_type;
44 /* If you add a new protocol here, you probably also want to add
45 * parsing for it in summarize_protover_flags(), so that it has a
46 * summary flag in routerstatus_t */
60 };
62 #define N_PROTOCOL_NAMES ARRAY_LENGTH(PROTOCOL_NAMES)
64 /* Maximum allowed length of any single subprotocol name. */
65 // C_RUST_COUPLED: src/rust/protover/protover.rs
66 // `MAX_PROTOCOL_NAME_LENGTH`
69 /**
70 * Given a protocol_type_t, return the corresponding string used in
71 * descriptors.
72 */
75 {
80 }
81 /* LCOV_EXCL_START */
84 /* LCOV_EXCL_STOP */
85 }
87 /**
88 * Release all space held by a single proto_entry_t structure
89 */
90 STATIC void
92 {
97 }
99 /** The largest possible protocol version. */
100 #define MAX_PROTOCOL_VERSION (63)
102 /**
103 * Given a string <b>s</b> and optional end-of-string pointer
104 * <b>end_of_range</b>, parse the protocol range and store it in
105 * <b>low_out</b> and <b>high_out</b>. A protocol range has the format U, or
106 * U-U, where U is an unsigned integer between 0 and 63 inclusive.
107 */
108 static int
111 {
122 /* A range must start with a digit. */
125 }
127 /* Note that this wouldn't be safe if we didn't know that eventually,
128 * we'd hit a NUL */
137 }
143 /* ibid */
146 }
157 done:
162 error:
164 }
166 static int
168 {
172 }
174 }
176 /** The x'th bit in a bitmask. */
177 #define BIT(x) (UINT64_C(1)<<(x))
179 /**
180 * Return a bitmask so that bits 'low' through 'high' inclusive are set,
181 * and all other bits are cleared.
182 **/
183 static uint64_t
185 {
191 }
193 /** Parse a single protocol entry from <b>s</b> up to an optional
194 * <b>end_of_entry</b> pointer, and return that protocol entry. Return NULL
195 * on error.
196 *
197 * A protocol entry has a keyword, an = sign, and zero or more ranges. */
200 {
207 /* There must be an =. */
212 /* The name must be nonempty */
216 /* The name must not be longer than MAX_PROTOCOL_NAME_LENGTH. */
219 "protocol name. This is possibly an attack or a bug, unless "
220 "the Tor network truly supports protocol names larger than "
224 }
226 /* The name must contain only alphanumeric characters and hyphens. */
243 }
248 // Skip the comma separator between ranges. Don't ignore a trailing comma.
251 }
255 error:
258 }
260 /**
261 * Parse the protocol list from <b>s</b> and return it as a smartlist of
262 * proto_entry_t
263 */
264 STATIC smartlist_t *
266 {
270 /* Find the next space or the NUL. */
286 }
290 error:
294 }
296 /**
297 * Return true if the unparsed protover list in <b>s</b> contains a
298 * parsing error, such as extra commas, a bad number, or an over-long
299 * name.
300 */
301 bool
303 {
310 }
312 /**
313 * Given a protocol type and version number, return true iff we know
314 * how to speak that protocol.
315 */
316 int
318 {
321 }
323 /**
324 * Return true iff "list" encodes a protocol list that includes support for
325 * the indicated protocol and version.
326 *
327 * If the protocol list is unparseable, treat it as if it defines no
328 * protocols, and return 0.
329 */
330 int
333 {
334 /* NOTE: This is a pretty inefficient implementation. If it ever shows
335 * up in profiles, we should memoize it.
336 */
340 }
346 }
348 /**
349 * Return true iff "list" encodes a protocol list that includes support for
350 * the indicated protocol and version, or some later version.
351 *
352 * If the protocol list is unparseable, treat it as if it defines no
353 * protocols, and return 0.
354 */
355 int
357 protocol_type_t tp,
359 {
360 /* NOTE: This is a pretty inefficient implementation. If it ever shows
361 * up in profiles, we should memoize it.
362 */
366 }
378 }
381 found:
385 }
387 /*
388 * XXX START OF HAZARDOUS ZONE XXX
389 */
391 /** Return the canonical string containing the list of protocols
392 * that we support.
393 **/
394 /// C_RUST_COUPLED: src/rust/protover/protover.rs `SUPPORTED_PROTOCOLS`
397 {
398 /* WARNING!
399 *
400 * Remember to edit the SUPPORTED_PROTOCOLS list in protover.rs if you
401 * are editing this list.
402 */
404 /*
405 * XXX: WARNING!
406 *
407 * Be EXTREMELY CAREFUL when *removing* versions from this list. If you
408 * remove an entry while it still appears as "recommended" in the consensus,
409 * you'll cause all the instances without it to warn.
410 *
411 * If you remove an entry while it still appears as "required" in the
412 * consensus, you'll cause all the instances without it to refuse to connect
413 * to the network, and shut down.
414 *
415 * If you need to remove a version from this list, you need to make sure that
416 * it is not listed in the _current consensuses_: just removing it from the
417 * required list below is NOT ENOUGH. You need to remove it from the
418 * required list, and THEN let the authorities upgrade and vote on new
419 * consensuses without it. Only once those consensuses are out is it safe to
420 * remove from this list.
421 *
422 * One concrete example of a very dangerous race that could occur:
423 *
424 * Suppose that the client supports protocols "HsDir=1-2" and the consensus
425 * requires protocols "HsDir=1-2. If the client supported protocol list is
426 * then changed to "HSDir=2", while the consensus stills lists "HSDir=1-2",
427 * then these clients, even very recent ones, will shut down because they
428 * don't support "HSDir=1".
429 *
430 * And so, changes need to be done in strict sequence as described above.
431 *
432 * XXX: WARNING!
433 */
435 return
436 "Cons=1-2 "
437 "Desc=1-2 "
438 "DirCache=2 "
439 "FlowCtrl=1 "
440 "HSDir=1-2 "
441 "HSIntro=3-5 "
442 "HSRend=1-2 "
443 "Link=1-5 "
444 #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
445 "LinkAuth=1,3 "
446 #else
447 "LinkAuth=3 "
448 #endif
449 "Microdesc=1-2 "
450 "Padding=2 "
452 }
454 /*
455 * XXX: WARNING!
456 *
457 * The recommended and required values are hardwired, to avoid disaster. Voting
458 * on the wrong subprotocols here has the potential to take down the network.
459 *
460 * In particular, you need to be EXTREMELY CAREFUL before adding new versions
461 * to the required protocol list. Doing so will cause every relay or client
462 * that doesn't support those versions to refuse to connect to the network and
463 * shut down.
464 *
465 * Note that this applies to versions, not just protocols! If you say that
466 * Foobar=8-9 is required, and the client only has Foobar=9, it will shut down.
467 *
468 * It is okay to do this only for SUPER OLD relays that are not supported on
469 * the network anyway. For clients, we really shouldn't kick them off the
470 * network unless their presence is causing serious active harm.
471 *
472 * The following required and recommended lists MUST be changed BEFORE the
473 * supported list above is changed, so that these lists appear in the
474 * consensus BEFORE clients need them.
475 *
476 * Please, see the warning in protocol_get_supported_versions().
477 *
478 * XXX: WARNING!
479 */
481 /** Return the recommended client protocols list that directory authorities
482 * put in the consensus. */
485 {
488 }
490 /** Return the recommended relay protocols list that directory authorities
491 * put in the consensus. */
494 {
497 }
499 /** Return the required client protocols list that directory authorities
500 * put in the consensus. */
503 {
505 }
507 /** Return the required relay protocols list that directory authorities
508 * put in the consensus. */
511 {
514 }
516 /*
517 * XXX END OF HAZARDOUS ZONE XXX
518 */
520 /** The protocols from protover_get_supported_protocols(), as parsed into a
521 * list of proto_entry_t values. Access this via
522 * get_supported_protocol_list. */
525 /** Return a pointer to a smartlist of proto_entry_t for the protocols
526 * we support. */
529 {
531 supported_protocol_list =
533 }
535 }
537 /** Return the number of trailing zeros in x. Undefined if x is 0. */
538 static int
540 {
541 #ifdef __GNUC__
543 #else
549 }
552 }
554 /**
555 * Given a protocol entry, encode it at the end of the smartlist <b>chunks</b>
556 * as one or more newly allocated strings.
557 */
558 static void
560 {
570 }
580 }
583 }
586 }
587 }
589 /** Given a list of space-separated proto_entry_t items,
590 * encode it into a newly allocated space-separated string. */
593 {
610 }
612 /**
613 * Protocol voting implementation.
614 *
615 * Given a list of strings describing protocol versions, return a newly
616 * allocated string encoding all of the protocols that are listed by at
617 * least <b>threshold</b> of the inputs.
618 *
619 * The string is minimal and sorted according to the rules of
620 * contract_protocol_list above.
621 */
625 {
626 // we use u8 counters below.
631 }
637 // First, parse the inputs, and accumulate a list of protocol names.
645 }
649 }
654 // Sort the list of names.
657 // For each named protocol, compute the consensus.
658 //
659 // This is not super-efficient, but it's not critical path.
663 // Count how many votes we got for each bit.
672 }
673 }
680 }
681 }
687 }
702 }
704 /** Return true if every protocol version described in the string <b>s</b> is
705 * one that we support, and false otherwise. If <b>missing_out</b> is
706 * provided, set it to the list of protocols we do not support.
707 *
708 * If the protocol version string is unparseable, treat it as if it defines no
709 * protocols, and return 1.
710 **/
711 int
713 {
716 }
723 }
735 }
737 }
745 }
751 }
760 }
762 /** Helper: return the member of 'protos' whose name is
763 * 'name', or NULL if there is no such member. */
766 {
769 }
773 }
777 }
779 /** Helper: Given a list of proto_entry_t, return true iff
780 * <b>pr</b>=<b>ver</b> is included in that list. */
781 static int
784 {
787 }
791 }
794 }
799 }
801 }
803 /** Return a string describing the protocols supported by tor version
804 * <b>version</b>, or an empty string if we cannot tell.
805 *
806 * Note that this is only used to infer protocols for Tor versions that
807 * can't declare their own.
808 **/
809 /// C_RUST_COUPLED: src/rust/protover/protover.rs `compute_for_old_tor`
812 {
814 /* No known version; guess the oldest series that is still supported. */
816 }
819 FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS)) {
822 /* 0.2.9.1-alpha HSRend=2 */
824 "Link=1-4 LinkAuth=1 "
827 /* 0.2.7-stable added Desc=2, Microdesc=2, Cons=2, which indicate
828 * ed25519 support. We'll call them present only in "stable" 027,
829 * though. */
831 "Link=1-4 LinkAuth=1 "
834 /* No currently supported Tor server versions are older than this, or
835 * lack these protocols. */
837 "Link=1-4 LinkAuth=1 "
840 /* Cannot infer protocols. */
842 }
843 }
845 /**
846 * Release all storage held by static fields in protover.c
847 */
848 void
850 {
856 }
857 }