search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix two more DirServer mentions in log
[tor.git] / src / or / router.c
blobeabd9c3f59c2e7f72efaf83cfc67173c8f0dc487
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 #define ROUTER_PRIVATE
8
9 #include "or.h"
10 #include "circuitbuild.h"
11 #include "circuitlist.h"
12 #include "circuituse.h"
13 #include "config.h"
14 #include "connection.h"
15 #include "control.h"
16 #include "crypto_curve25519.h"
17 #include "directory.h"
18 #include "dirserv.h"
19 #include "dns.h"
20 #include "geoip.h"
21 #include "hibernate.h"
22 #include "main.h"
23 #include "networkstatus.h"
24 #include "nodelist.h"
25 #include "policies.h"
26 #include "relay.h"
27 #include "rephist.h"
28 #include "router.h"
29 #include "routerlist.h"
30 #include "routerparse.h"
31 #include "statefile.h"
32 #include "transports.h"
33 #include "routerset.h"
34
35 /**
36 * \file router.c
37 * \brief OR functionality, including key maintenance, generating
38 * and uploading server descriptors, retrying OR connections.
39 **/
40
41 extern long stats_n_seconds_working;
42
43 /************************************************************/
44
45 /*****
46 * Key management: ORs only.
47 *****/
48
49 /** Private keys for this OR. There is also an SSL key managed by tortls.c.
50 */
51 static tor_mutex_t *key_lock=NULL;
52 static time_t onionkey_set_at=0; /**< When was onionkey last changed? */
53 /** Current private onionskin decryption key: used to decode CREATE cells. */
54 static crypto_pk_t *onionkey=NULL;
55 /** Previous private onionskin decryption key: used to decode CREATE cells
56 * generated by clients that have an older version of our descriptor. */
57 static crypto_pk_t *lastonionkey=NULL;
58 #ifdef CURVE25519_ENABLED
59 /** Current private ntor secret key: used to perform the ntor handshake. */
60 static curve25519_keypair_t curve25519_onion_key;
61 /** Previous private ntor secret key: used to perform the ntor handshake
62 * with clients that have an older version of our descriptor. */
63 static curve25519_keypair_t last_curve25519_onion_key;
64 #endif
65 /** Private server "identity key": used to sign directory info and TLS
66 * certificates. Never changes. */
67 static crypto_pk_t *server_identitykey=NULL;
68 /** Digest of server_identitykey. */
69 static char server_identitykey_digest[DIGEST_LEN];
70 /** Private client "identity key": used to sign bridges' and clients'
71 * outbound TLS certificates. Regenerated on startup and on IP address
72 * change. */
73 static crypto_pk_t *client_identitykey=NULL;
74 /** Signing key used for v3 directory material; only set for authorities. */
75 static crypto_pk_t *authority_signing_key = NULL;
76 /** Key certificate to authenticate v3 directory material; only set for
77 * authorities. */
78 static authority_cert_t *authority_key_certificate = NULL;
79
80 /** For emergency V3 authority key migration: An extra signing key that we use
81 * with our old (obsolete) identity key for a while. */
82 static crypto_pk_t *legacy_signing_key = NULL;
83 /** For emergency V3 authority key migration: An extra certificate to
84 * authenticate legacy_signing_key with our obsolete identity key.*/
85 static authority_cert_t *legacy_key_certificate = NULL;
86
87 /* (Note that v3 authorities also have a separate "authority identity key",
88 * but this key is never actually loaded by the Tor process. Instead, it's
89 * used by tor-gencert to sign new signing keys and make new key
90 * certificates. */
91
92 /** Replace the current onion key with <b>k</b>. Does not affect
93 * lastonionkey; to update lastonionkey correctly, call rotate_onion_key().
94 */
95 static void
96 set_onion_key(crypto_pk_t *k)
97 {
98 if (onionkey && crypto_pk_eq_keys(onionkey, k)) {
99 /* k is already our onion key; free it and return */
100 crypto_pk_free(k);
101 return;
102 }
103 tor_mutex_acquire(key_lock);
104 crypto_pk_free(onionkey);
105 onionkey = k;
106 tor_mutex_release(key_lock);
107 mark_my_descriptor_dirty("set onion key");
108 }
109
110 /** Return the current onion key. Requires that the onion key has been
111 * loaded or generated. */
112 crypto_pk_t *
113 get_onion_key(void)
114 {
115 tor_assert(onionkey);
116 return onionkey;
117 }
118
119 /** Store a full copy of the current onion key into *<b>key</b>, and a full
120 * copy of the most recent onion key into *<b>last</b>.
121 */
122 void
123 dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
124 {
125 tor_assert(key);
126 tor_assert(last);
127 tor_mutex_acquire(key_lock);
128 tor_assert(onionkey);
129 *key = crypto_pk_copy_full(onionkey);
130 if (lastonionkey)
131 *last = crypto_pk_copy_full(lastonionkey);
132 else
133 *last = NULL;
134 tor_mutex_release(key_lock);
135 }
136
137 #ifdef CURVE25519_ENABLED
138 /** Return the current secret onion key for the ntor handshake. Must only
139 * be called from the main thread. */
140 static const curve25519_keypair_t *
141 get_current_curve25519_keypair(void)
142 {
143 return &curve25519_onion_key;
144 }
145 /** Return a map from KEYID (the key itself) to keypairs for use in the ntor
146 * handshake. Must only be called from the main thread. */
147 di_digest256_map_t *
148 construct_ntor_key_map(void)
149 {
150 di_digest256_map_t *m = NULL;
151
152 dimap_add_entry(&m,
153 curve25519_onion_key.pubkey.public_key,
154 tor_memdup(&curve25519_onion_key,
155 sizeof(curve25519_keypair_t)));
156 if (!tor_mem_is_zero((const char*)
157 last_curve25519_onion_key.pubkey.public_key,
158 CURVE25519_PUBKEY_LEN)) {
159 dimap_add_entry(&m,
160 last_curve25519_onion_key.pubkey.public_key,
161 tor_memdup(&last_curve25519_onion_key,
162 sizeof(curve25519_keypair_t)));
163 }
164
165 return m;
166 }
167 /** Helper used to deallocate a di_digest256_map_t returned by
168 * construct_ntor_key_map. */
169 static void
170 ntor_key_map_free_helper(void *arg)
171 {
172 curve25519_keypair_t *k = arg;
173 memwipe(k, 0, sizeof(*k));
174 tor_free(k);
175 }
176 /** Release all storage from a keymap returned by construct_ntor_key_map. */
177 void
178 ntor_key_map_free(di_digest256_map_t *map)
179 {
180 if (!map)
181 return;
182 dimap_free(map, ntor_key_map_free_helper);
183 }
184 #endif
185
186 /** Return the time when the onion key was last set. This is either the time
187 * when the process launched, or the time of the most recent key rotation since
188 * the process launched.
189 */
190 time_t
191 get_onion_key_set_at(void)
192 {
193 return onionkey_set_at;
194 }
195
196 /** Set the current server identity key to <b>k</b>.
197 */
198 void
199 set_server_identity_key(crypto_pk_t *k)
200 {
201 crypto_pk_free(server_identitykey);
202 server_identitykey = k;
203 crypto_pk_get_digest(server_identitykey, server_identitykey_digest);
204 }
205
206 /** Make sure that we have set up our identity keys to match or not match as
207 * appropriate, and die with an assertion if we have not. */
208 static void
209 assert_identity_keys_ok(void)
210 {
211 tor_assert(client_identitykey);
212 if (public_server_mode(get_options())) {
213 /* assert that we have set the client and server keys to be equal */
214 tor_assert(server_identitykey);
215 tor_assert(crypto_pk_eq_keys(client_identitykey, server_identitykey));
216 } else {
217 /* assert that we have set the client and server keys to be unequal */
218 if (server_identitykey)
219 tor_assert(!crypto_pk_eq_keys(client_identitykey, server_identitykey));
220 }
221 }
222
223 /** Returns the current server identity key; requires that the key has
224 * been set, and that we are running as a Tor server.
225 */
226 crypto_pk_t *
227 get_server_identity_key(void)
228 {
229 tor_assert(server_identitykey);
230 tor_assert(server_mode(get_options()));
231 assert_identity_keys_ok();
232 return server_identitykey;
233 }
234
235 /** Return true iff the server identity key has been set. */
236 int
237 server_identity_key_is_set(void)
238 {
239 return server_mode(get_options()) && server_identitykey != NULL;
240 }
241
242 /** Set the current client identity key to <b>k</b>.
243 */
244 void
245 set_client_identity_key(crypto_pk_t *k)
246 {
247 crypto_pk_free(client_identitykey);
248 client_identitykey = k;
249 }
250
251 /** Returns the current client identity key for use on outgoing TLS
252 * connections; requires that the key has been set.
253 */
254 crypto_pk_t *
255 get_tlsclient_identity_key(void)
256 {
257 tor_assert(client_identitykey);
258 assert_identity_keys_ok();
259 return client_identitykey;
260 }
261
262 /** Return true iff the client identity key has been set. */
263 int
264 client_identity_key_is_set(void)
265 {
266 return client_identitykey != NULL;
267 }
268
269 /** Return the key certificate for this v3 (voting) authority, or NULL
270 * if we have no such certificate. */
271 authority_cert_t *
272 get_my_v3_authority_cert(void)
273 {
274 return authority_key_certificate;
275 }
276
277 /** Return the v3 signing key for this v3 (voting) authority, or NULL
278 * if we have no such key. */
279 crypto_pk_t *
280 get_my_v3_authority_signing_key(void)
281 {
282 return authority_signing_key;
283 }
284
285 /** If we're an authority, and we're using a legacy authority identity key for
286 * emergency migration purposes, return the certificate associated with that
287 * key. */
288 authority_cert_t *
289 get_my_v3_legacy_cert(void)
290 {
291 return legacy_key_certificate;
292 }
293
294 /** If we're an authority, and we're using a legacy authority identity key for
295 * emergency migration purposes, return that key. */
296 crypto_pk_t *
297 get_my_v3_legacy_signing_key(void)
298 {
299 return legacy_signing_key;
300 }
301
302 /** Replace the previous onion key with the current onion key, and generate
303 * a new previous onion key. Immediately after calling this function,
304 * the OR should:
305 * - schedule all previous cpuworkers to shut down _after_ processing
306 * pending work. (This will cause fresh cpuworkers to be generated.)
307 * - generate and upload a fresh routerinfo.
308 */
309 void
310 rotate_onion_key(void)
311 {
312 char *fname, *fname_prev;
313 crypto_pk_t *prkey = NULL;
314 or_state_t *state = get_or_state();
315 #ifdef CURVE25519_ENABLED
316 curve25519_keypair_t new_curve25519_keypair;
317 #endif
318 time_t now;
319 fname = get_datadir_fname2("keys", "secret_onion_key");
320 fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
321 if (file_status(fname) == FN_FILE) {
322 if (replace_file(fname, fname_prev))
323 goto error;
324 }
325 if (!(prkey = crypto_pk_new())) {
326 log_err(LD_GENERAL,"Error constructing rotated onion key");
327 goto error;
328 }
329 if (crypto_pk_generate_key(prkey)) {
330 log_err(LD_BUG,"Error generating onion key");
331 goto error;
332 }
333 if (crypto_pk_write_private_key_to_filename(prkey, fname)) {
334 log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
335 goto error;
336 }
337 #ifdef CURVE25519_ENABLED
338 tor_free(fname);
339 tor_free(fname_prev);
340 fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
341 fname_prev = get_datadir_fname2("keys", "secret_onion_key_ntor.old");
342 if (curve25519_keypair_generate(&new_curve25519_keypair, 1) < 0)
343 goto error;
344 if (file_status(fname) == FN_FILE) {
345 if (replace_file(fname, fname_prev))
346 goto error;
347 }
348 if (curve25519_keypair_write_to_file(&new_curve25519_keypair, fname,
349 "onion") < 0) {
350 log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
351 goto error;
352 }
353 #endif
354 log_info(LD_GENERAL, "Rotating onion key");
355 tor_mutex_acquire(key_lock);
356 crypto_pk_free(lastonionkey);
357 lastonionkey = onionkey;
358 onionkey = prkey;
359 #ifdef CURVE25519_ENABLED
360 memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
361 sizeof(curve25519_keypair_t));
362 memcpy(&curve25519_onion_key, &new_curve25519_keypair,
363 sizeof(curve25519_keypair_t));
364 #endif
365 now = time(NULL);
366 state->LastRotatedOnionKey = onionkey_set_at = now;
367 tor_mutex_release(key_lock);
368 mark_my_descriptor_dirty("rotated onion key");
369 or_state_mark_dirty(state, get_options()->AvoidDiskWrites ? now+3600 : 0);
370 goto done;
371 error:
372 log_warn(LD_GENERAL, "Couldn't rotate onion key.");
373 if (prkey)
374 crypto_pk_free(prkey);
375 done:
376 #ifdef CURVE25519_ENABLED
377 memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
378 #endif
379 tor_free(fname);
380 tor_free(fname_prev);
381 }
382
383 /** Try to read an RSA key from <b>fname</b>. If <b>fname</b> doesn't exist
384 * and <b>generate</b> is true, create a new RSA key and save it in
385 * <b>fname</b>. Return the read/created key, or NULL on error. Log all
386 * errors at level <b>severity</b>.
387 */
388 crypto_pk_t *
389 init_key_from_file(const char *fname, int generate, int severity)
390 {
391 crypto_pk_t *prkey = NULL;
392
393 if (!(prkey = crypto_pk_new())) {
394 tor_log(severity, LD_GENERAL,"Error constructing key");
395 goto error;
396 }
397
398 switch (file_status(fname)) {
399 case FN_DIR:
400 case FN_ERROR:
401 tor_log(severity, LD_FS,"Can't read key from \"%s\"", fname);
402 goto error;
403 case FN_NOENT:
404 if (generate) {
405 if (!have_lockfile()) {
406 if (try_locking(get_options(), 0)<0) {
407 /* Make sure that --list-fingerprint only creates new keys
408 * if there is no possibility for a deadlock. */
409 tor_log(severity, LD_FS, "Another Tor process has locked \"%s\". "
410 "Not writing any new keys.", fname);
411 /*XXXX The 'other process' might make a key in a second or two;
412 * maybe we should wait for it. */
413 goto error;
414 }
415 }
416 log_info(LD_GENERAL, "No key found in \"%s\"; generating fresh key.",
417 fname);
418 if (crypto_pk_generate_key(prkey)) {
419 tor_log(severity, LD_GENERAL,"Error generating onion key");
420 goto error;
421 }
422 if (crypto_pk_check_key(prkey) <= 0) {
423 tor_log(severity, LD_GENERAL,"Generated key seems invalid");
424 goto error;
425 }
426 log_info(LD_GENERAL, "Generated key seems valid");
427 if (crypto_pk_write_private_key_to_filename(prkey, fname)) {
428 tor_log(severity, LD_FS,
429 "Couldn't write generated key to \"%s\".", fname);
430 goto error;
431 }
432 } else {
433 log_info(LD_GENERAL, "No key found in \"%s\"", fname);
434 }
435 return prkey;
436 case FN_FILE:
437 if (crypto_pk_read_private_key_from_filename(prkey, fname)) {
438 tor_log(severity, LD_GENERAL,"Error loading private key.");
439 goto error;
440 }
441 return prkey;
442 default:
443 tor_assert(0);
444 }
445
446 error:
447 if (prkey)
448 crypto_pk_free(prkey);
449 return NULL;
450 }
451
452 #ifdef CURVE25519_ENABLED
453 /** Load a curve25519 keypair from the file <b>fname</b>, writing it into
454 * <b>keys_out</b>. If the file isn't found and <b>generate</b> is true,
455 * create a new keypair and write it into the file. If there are errors, log
456 * them at level <b>severity</b>. Generate files using <b>tag</b> in their
457 * ASCII wrapper. */
458 static int
459 init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
460 const char *fname,
461 int generate,
462 int severity,
463 const char *tag)
464 {
465 switch (file_status(fname)) {
466 case FN_DIR:
467 case FN_ERROR:
468 tor_log(severity, LD_FS,"Can't read key from \"%s\"", fname);
469 goto error;
470 case FN_NOENT:
471 if (generate) {
472 if (!have_lockfile()) {
473 if (try_locking(get_options(), 0)<0) {
474 /* Make sure that --list-fingerprint only creates new keys
475 * if there is no possibility for a deadlock. */
476 tor_log(severity, LD_FS, "Another Tor process has locked \"%s\". "
477 "Not writing any new keys.", fname);
478 /*XXXX The 'other process' might make a key in a second or two;
479 * maybe we should wait for it. */
480 goto error;
481 }
482 }
483 log_info(LD_GENERAL, "No key found in \"%s\"; generating fresh key.",
484 fname);
485 if (curve25519_keypair_generate(keys_out, 1) < 0)
486 goto error;
487 if (curve25519_keypair_write_to_file(keys_out, fname, tag)<0) {
488 tor_log(severity, LD_FS,
489 "Couldn't write generated key to \"%s\".", fname);
490 memset(keys_out, 0, sizeof(*keys_out));
491 goto error;
492 }
493 } else {
494 log_info(LD_GENERAL, "No key found in \"%s\"", fname);
495 }
496 return 0;
497 case FN_FILE:
498 {
499 char *tag_in=NULL;
500 if (curve25519_keypair_read_from_file(keys_out, &tag_in, fname) < 0) {
501 tor_log(severity, LD_GENERAL,"Error loading private key.");
502 tor_free(tag_in);
503 goto error;
504 }
505 if (!tag_in || strcmp(tag_in, tag)) {
506 tor_log(severity, LD_GENERAL,"Unexpected tag %s on private key.",
507 escaped(tag_in));
508 tor_free(tag_in);
509 goto error;
510 }
511 tor_free(tag_in);
512 return 0;
513 }
514 default:
515 tor_assert(0);
516 }
517
518 error:
519 return -1;
520 }
521 #endif
522
523 /** Try to load the vote-signing private key and certificate for being a v3
524 * directory authority, and make sure they match. If <b>legacy</b>, load a
525 * legacy key/cert set for emergency key migration; otherwise load the regular
526 * key/cert set. On success, store them into *<b>key_out</b> and
527 * *<b>cert_out</b> respectively, and return 0. On failure, return -1. */
528 static int
529 load_authority_keyset(int legacy, crypto_pk_t **key_out,
530 authority_cert_t **cert_out)
531 {
532 int r = -1;
533 char *fname = NULL, *cert = NULL;
534 const char *eos = NULL;
535 crypto_pk_t *signing_key = NULL;
536 authority_cert_t *parsed = NULL;
537
538 fname = get_datadir_fname2("keys",
539 legacy ? "legacy_signing_key" : "authority_signing_key");
540 signing_key = init_key_from_file(fname, 0, LOG_INFO);
541 if (!signing_key) {
542 log_warn(LD_DIR, "No version 3 directory key found in %s", fname);
543 goto done;
544 }
545 tor_free(fname);
546 fname = get_datadir_fname2("keys",
547 legacy ? "legacy_certificate" : "authority_certificate");
548 cert = read_file_to_str(fname, 0, NULL);
549 if (!cert) {
550 log_warn(LD_DIR, "Signing key found, but no certificate found in %s",
551 fname);
552 goto done;
553 }
554 parsed = authority_cert_parse_from_string(cert, &eos);
555 if (!parsed) {
556 log_warn(LD_DIR, "Unable to parse certificate in %s", fname);
557 goto done;
558 }
559 if (!crypto_pk_eq_keys(signing_key, parsed->signing_key)) {
560 log_warn(LD_DIR, "Stored signing key does not match signing key in "
561 "certificate");
562 goto done;
563 }
564
565 crypto_pk_free(*key_out);
566 authority_cert_free(*cert_out);
567
568 *key_out = signing_key;
569 *cert_out = parsed;
570 r = 0;
571 signing_key = NULL;
572 parsed = NULL;
573
574 done:
575 tor_free(fname);
576 tor_free(cert);
577 crypto_pk_free(signing_key);
578 authority_cert_free(parsed);
579 return r;
580 }
581
582 /** Load the v3 (voting) authority signing key and certificate, if they are
583 * present. Return -1 if anything is missing, mismatched, or unloadable;
584 * return 0 on success. */
585 static int
586 init_v3_authority_keys(void)
587 {
588 if (load_authority_keyset(0, &authority_signing_key,
589 &authority_key_certificate)<0)
590 return -1;
591
592 if (get_options()->V3AuthUseLegacyKey &&
593 load_authority_keyset(1, &legacy_signing_key,
594 &legacy_key_certificate)<0)
595 return -1;
596
597 return 0;
598 }
599
600 /** If we're a v3 authority, check whether we have a certificate that's
601 * likely to expire soon. Warn if we do, but not too often. */
602 void
603 v3_authority_check_key_expiry(void)
604 {
605 time_t now, expires;
606 static time_t last_warned = 0;
607 int badness, time_left, warn_interval;
608 if (!authdir_mode_v3(get_options()) || !authority_key_certificate)
609 return;
610
611 now = time(NULL);
612 expires = authority_key_certificate->expires;
613 time_left = (int)( expires - now );
614 if (time_left <= 0) {
615 badness = LOG_ERR;
616 warn_interval = 60*60;
617 } else if (time_left <= 24*60*60) {
618 badness = LOG_WARN;
619 warn_interval = 60*60;
620 } else if (time_left <= 24*60*60*7) {
621 badness = LOG_WARN;
622 warn_interval = 24*60*60;
623 } else if (time_left <= 24*60*60*30) {
624 badness = LOG_WARN;
625 warn_interval = 24*60*60*5;
626 } else {
627 return;
628 }
629
630 if (last_warned + warn_interval > now)
631 return;
632
633 if (time_left <= 0) {
634 tor_log(badness, LD_DIR, "Your v3 authority certificate has expired."
635 " Generate a new one NOW.");
636 } else if (time_left <= 24*60*60) {
637 tor_log(badness, LD_DIR, "Your v3 authority certificate expires in %d "
638 "hours; Generate a new one NOW.", time_left/(60*60));
639 } else {
640 tor_log(badness, LD_DIR, "Your v3 authority certificate expires in %d "
641 "days; Generate a new one soon.", time_left/(24*60*60));
642 }
643 last_warned = now;
644 }
645
646 /** Set up Tor's TLS contexts, based on our configuration and keys. Return 0
647 * on success, and -1 on failure. */
648 int
649 router_initialize_tls_context(void)
650 {
651 unsigned int flags = 0;
652 const or_options_t *options = get_options();
653 int lifetime = options->SSLKeyLifetime;
654 if (public_server_mode(options))
655 flags |= TOR_TLS_CTX_IS_PUBLIC_SERVER;
656 if (options->TLSECGroup) {
657 if (!strcasecmp(options->TLSECGroup, "P256"))
658 flags |= TOR_TLS_CTX_USE_ECDHE_P256;
659 else if (!strcasecmp(options->TLSECGroup, "P224"))
660 flags |= TOR_TLS_CTX_USE_ECDHE_P224;
661 }
662 if (!lifetime) { /* we should guess a good ssl cert lifetime */
663
664 /* choose between 5 and 365 days, and round to the day */
665 lifetime = 5*24*3600 + crypto_rand_int(361*24*3600);
666 lifetime -= lifetime % (24*3600);
667
668 if (crypto_rand_int(2)) {
669 /* Half the time we expire at midnight, and half the time we expire
670 * one second before midnight. (Some CAs wobble their expiry times a
671 * bit in practice, perhaps to reduce collision attacks; see ticket
672 * 8443 for details about observed certs in the wild.) */
673 lifetime--;
674 }
675 }
676
677 /* It's ok to pass lifetime in as an unsigned int, since
678 * config_parse_interval() checked it. */
679 return tor_tls_context_init(flags,
680 get_tlsclient_identity_key(),
681 server_mode(options) ?
682 get_server_identity_key() : NULL,
683 (unsigned int)lifetime);
684 }
685
686 /** Initialize all OR private keys, and the TLS context, as necessary.
687 * On OPs, this only initializes the tls context. Return 0 on success,
688 * or -1 if Tor should die.
689 */
690 int
691 init_keys(void)
692 {
693 char *keydir;
694 char fingerprint[FINGERPRINT_LEN+1];
695 /*nickname<space>fp\n\0 */
696 char fingerprint_line[MAX_NICKNAME_LEN+FINGERPRINT_LEN+3];
697 const char *mydesc;
698 crypto_pk_t *prkey;
699 char digest[DIGEST_LEN];
700 char v3_digest[DIGEST_LEN];
701 char *cp;
702 const or_options_t *options = get_options();
703 dirinfo_type_t type;
704 time_t now = time(NULL);
705 dir_server_t *ds;
706 int v3_digest_set = 0;
707 authority_cert_t *cert = NULL;
708
709 if (!key_lock)
710 key_lock = tor_mutex_new();
711
712 /* There are a couple of paths that put us here before we've asked
713 * openssl to initialize itself. */
714 if (crypto_global_init(get_options()->HardwareAccel,
715 get_options()->AccelName,
716 get_options()->AccelDir)) {
717 log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
718 return -1;
719 }
720
721 /* OP's don't need persistent keys; just make up an identity and
722 * initialize the TLS context. */
723 if (!server_mode(options)) {
724 if (!(prkey = crypto_pk_new()))
725 return -1;
726 if (crypto_pk_generate_key(prkey)) {
727 crypto_pk_free(prkey);
728 return -1;
729 }
730 set_client_identity_key(prkey);
731 /* Create a TLS context. */
732 if (router_initialize_tls_context() < 0) {
733 log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
734 return -1;
735 }
736 return 0;
737 }
738 /* Make sure DataDirectory exists, and is private. */
739 if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
740 return -1;
741 }
742 /* Check the key directory. */
743 keydir = get_datadir_fname("keys");
744 if (check_private_dir(keydir, CPD_CREATE, options->User)) {
745 tor_free(keydir);
746 return -1;
747 }
748 tor_free(keydir);
749
750 /* 1a. Read v3 directory authority key/cert information. */
751 memset(v3_digest, 0, sizeof(v3_digest));
752 if (authdir_mode_v3(options)) {
753 if (init_v3_authority_keys()<0) {
754 log_err(LD_GENERAL, "We're configured as a V3 authority, but we "
755 "were unable to load our v3 authority keys and certificate! "
756 "Use tor-gencert to generate them. Dying.");
757 return -1;
758 }
759 cert = get_my_v3_authority_cert();
760 if (cert) {
761 crypto_pk_get_digest(get_my_v3_authority_cert()->identity_key,
762 v3_digest);
763 v3_digest_set = 1;
764 }
765 }
766
767 /* 1b. Read identity key. Make it if none is found. */
768 keydir = get_datadir_fname2("keys", "secret_id_key");
769 log_info(LD_GENERAL,"Reading/making identity key \"%s\"...",keydir);
770 prkey = init_key_from_file(keydir, 1, LOG_ERR);
771 tor_free(keydir);
772 if (!prkey) return -1;
773 set_server_identity_key(prkey);
774
775 /* 1c. If we are configured as a bridge, generate a client key;
776 * otherwise, set the server identity key as our client identity
777 * key. */
778 if (public_server_mode(options)) {
779 set_client_identity_key(crypto_pk_dup_key(prkey)); /* set above */
780 } else {
781 if (!(prkey = crypto_pk_new()))
782 return -1;
783 if (crypto_pk_generate_key(prkey)) {
784 crypto_pk_free(prkey);
785 return -1;
786 }
787 set_client_identity_key(prkey);
788 }
789
790 /* 2. Read onion key. Make it if none is found. */
791 keydir = get_datadir_fname2("keys", "secret_onion_key");
792 log_info(LD_GENERAL,"Reading/making onion key \"%s\"...",keydir);
793 prkey = init_key_from_file(keydir, 1, LOG_ERR);
794 tor_free(keydir);
795 if (!prkey) return -1;
796 set_onion_key(prkey);
797 if (options->command == CMD_RUN_TOR) {
798 /* only mess with the state file if we're actually running Tor */
799 or_state_t *state = get_or_state();
800 if (state->LastRotatedOnionKey > 100 && state->LastRotatedOnionKey < now) {
801 /* We allow for some parsing slop, but we don't want to risk accepting
802 * values in the distant future. If we did, we might never rotate the
803 * onion key. */
804 onionkey_set_at = state->LastRotatedOnionKey;
805 } else {
806 /* We have no LastRotatedOnionKey set; either we just created the key
807 * or it's a holdover from 0.1.2.4-alpha-dev or earlier. In either case,
808 * start the clock ticking now so that we will eventually rotate it even
809 * if we don't stay up for a full MIN_ONION_KEY_LIFETIME. */
810 state->LastRotatedOnionKey = onionkey_set_at = now;
811 or_state_mark_dirty(state, options->AvoidDiskWrites ?
812 time(NULL)+3600 : 0);
813 }
814 }
815
816 keydir = get_datadir_fname2("keys", "secret_onion_key.old");
817 if (!lastonionkey && file_status(keydir) == FN_FILE) {
818 prkey = init_key_from_file(keydir, 1, LOG_ERR); /* XXXX Why 1? */
819 if (prkey)
820 lastonionkey = prkey;
821 }
822 tor_free(keydir);
823
824 #ifdef CURVE25519_ENABLED
825 {
826 /* 2b. Load curve25519 onion keys. */
827 int r;
828 keydir = get_datadir_fname2("keys", "secret_onion_key_ntor");
829 r = init_curve25519_keypair_from_file(&curve25519_onion_key,
830 keydir, 1, LOG_ERR, "onion");
831 tor_free(keydir);
832 if (r<0)
833 return -1;
834
835 keydir = get_datadir_fname2("keys", "secret_onion_key_ntor.old");
836 if (tor_mem_is_zero((const char *)
837 last_curve25519_onion_key.pubkey.public_key,
838 CURVE25519_PUBKEY_LEN) &&
839 file_status(keydir) == FN_FILE) {
840 init_curve25519_keypair_from_file(&last_curve25519_onion_key,
841 keydir, 0, LOG_ERR, "onion");
842 }
843 tor_free(keydir);
844 }
845 #endif
846
847 /* 3. Initialize link key and TLS context. */
848 if (router_initialize_tls_context() < 0) {
849 log_err(LD_GENERAL,"Error initializing TLS context");
850 return -1;
851 }
852
853 /* 4. Build our router descriptor. */
854 /* Must be called after keys are initialized. */
855 mydesc = router_get_my_descriptor();
856 if (authdir_mode_handles_descs(options, ROUTER_PURPOSE_GENERAL)) {
857 const char *m = NULL;
858 routerinfo_t *ri;
859 /* We need to add our own fingerprint so it gets recognized. */
860 if (dirserv_add_own_fingerprint(options->Nickname,
861 get_server_identity_key())) {
862 log_err(LD_GENERAL,"Error adding own fingerprint to approved set");
863 return -1;
864 }
865 if (mydesc) {
866 was_router_added_t added;
867 ri = router_parse_entry_from_string(mydesc, NULL, 1, 0, NULL);
868 if (!ri) {
869 log_err(LD_GENERAL,"Generated a routerinfo we couldn't parse.");
870 return -1;
871 }
872 added = dirserv_add_descriptor(ri, &m, "self");
873 if (!WRA_WAS_ADDED(added)) {
874 if (!WRA_WAS_OUTDATED(added)) {
875 log_err(LD_GENERAL, "Unable to add own descriptor to directory: %s",
876 m?m:"<unknown error>");
877 return -1;
878 } else {
879 /* If the descriptor was outdated, that's ok. This can happen
880 * when some config options are toggled that affect workers, but
881 * we don't really need new keys yet so the descriptor doesn't
882 * change and the old one is still fresh. */
883 log_info(LD_GENERAL, "Couldn't add own descriptor to directory "
884 "after key init: %s This is usually not a problem.",
885 m?m:"<unknown error>");
886 }
887 }
888 }
889 }
890
891 /* 5. Dump fingerprint to 'fingerprint' */
892 keydir = get_datadir_fname("fingerprint");
893 log_info(LD_GENERAL,"Dumping fingerprint to \"%s\"...",keydir);
894 if (crypto_pk_get_fingerprint(get_server_identity_key(),
895 fingerprint, 0) < 0) {
896 log_err(LD_GENERAL,"Error computing fingerprint");
897 tor_free(keydir);
898 return -1;
899 }
900 tor_assert(strlen(options->Nickname) <= MAX_NICKNAME_LEN);
901 if (tor_snprintf(fingerprint_line, sizeof(fingerprint_line),
902 "%s %s\n",options->Nickname, fingerprint) < 0) {
903 log_err(LD_GENERAL,"Error writing fingerprint line");
904 tor_free(keydir);
905 return -1;
906 }
907 /* Check whether we need to write the fingerprint file. */
908 cp = NULL;
909 if (file_status(keydir) == FN_FILE)
910 cp = read_file_to_str(keydir, 0, NULL);
911 if (!cp || strcmp(cp, fingerprint_line)) {
912 if (write_str_to_file(keydir, fingerprint_line, 0)) {
913 log_err(LD_FS, "Error writing fingerprint line to file");
914 tor_free(keydir);
915 tor_free(cp);
916 return -1;
917 }
918 }
919 tor_free(cp);
920 tor_free(keydir);
921
922 log_notice(LD_GENERAL,
923 "Your Tor server's identity key fingerprint is '%s %s'",
924 options->Nickname, fingerprint);
925 if (!authdir_mode(options))
926 return 0;
927 /* 6. [authdirserver only] load approved-routers file */
928 if (dirserv_load_fingerprint_file() < 0) {
929 log_err(LD_GENERAL,"Error loading fingerprints");
930 return -1;
931 }
932 /* 6b. [authdirserver only] add own key to approved directories. */
933 crypto_pk_get_digest(get_server_identity_key(), digest);
934 type = ((options->V1AuthoritativeDir ? V1_DIRINFO : NO_DIRINFO) |
935 (options->V2AuthoritativeDir ? V2_DIRINFO : NO_DIRINFO) |
936 (options->V3AuthoritativeDir ?
937 (V3_DIRINFO|MICRODESC_DIRINFO|EXTRAINFO_DIRINFO) : NO_DIRINFO) |
938 (options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO) |
939 (options->HSAuthoritativeDir ? HIDSERV_DIRINFO : NO_DIRINFO));
940
941 ds = router_get_trusteddirserver_by_digest(digest);
942 if (!ds) {
943 ds = trusted_dir_server_new(options->Nickname, NULL,
944 router_get_advertised_dir_port(options, 0),
945 router_get_advertised_or_port(options),
946 digest,
947 v3_digest,
948 type, 0.0);
949 if (!ds) {
950 log_err(LD_GENERAL,"We want to be a directory authority, but we "
951 "couldn't add ourselves to the authority list. Failing.");
952 return -1;
953 }
954 dir_server_add(ds);
955 }
956 if (ds->type != type) {
957 log_warn(LD_DIR, "Configured authority type does not match authority "
958 "type in DirAuthority list. Adjusting. (%d v %d)",
959 type, ds->type);
960 ds->type = type;
961 }
962 if (v3_digest_set && (ds->type & V3_DIRINFO) &&
963 tor_memneq(v3_digest, ds->v3_identity_digest, DIGEST_LEN)) {
964 log_warn(LD_DIR, "V3 identity key does not match identity declared in "
965 "DirAuthority line. Adjusting.");
966 memcpy(ds->v3_identity_digest, v3_digest, DIGEST_LEN);
967 }
968
969 if (cert) { /* add my own cert to the list of known certs */
970 log_info(LD_DIR, "adding my own v3 cert");
971 if (trusted_dirs_load_certs_from_string(
972 cert->cache_info.signed_descriptor_body,
973 TRUSTED_DIRS_CERTS_SRC_SELF, 0)<0) {
974 log_warn(LD_DIR, "Unable to parse my own v3 cert! Failing.");
975 return -1;
976 }
977 }
978
979 return 0; /* success */
980 }
981
982 /* Keep track of whether we should upload our server descriptor,
983 * and what type of server we are.
984 */
985
986 /** Whether we can reach our ORPort from the outside. */
987 static int can_reach_or_port = 0;
988 /** Whether we can reach our DirPort from the outside. */
989 static int can_reach_dir_port = 0;
990
991 /** Forget what we have learned about our reachability status. */
992 void
993 router_reset_reachability(void)
994 {
995 can_reach_or_port = can_reach_dir_port = 0;
996 }
997
998 /** Return 1 if ORPort is known reachable; else return 0. */
999 int
1000 check_whether_orport_reachable(void)
1001 {
1002 const or_options_t *options = get_options();
1003 return options->AssumeReachable ||
1004 can_reach_or_port;
1005 }
1006
1007 /** Return 1 if we don't have a dirport configured, or if it's reachable. */
1008 int
1009 check_whether_dirport_reachable(void)
1010 {
1011 const or_options_t *options = get_options();
1012 return !options->DirPort_set ||
1013 options->AssumeReachable ||
1014 net_is_disabled() ||
1015 can_reach_dir_port;
1016 }
1017
1018 /** Look at a variety of factors, and return 0 if we don't want to
1019 * advertise the fact that we have a DirPort open. Else return the
1020 * DirPort we want to advertise.
1021 *
1022 * Log a helpful message if we change our mind about whether to publish
1023 * a DirPort.
1024 */
1025 static int
1026 decide_to_advertise_dirport(const or_options_t *options, uint16_t dir_port)
1027 {
1028 static int advertising=1; /* start out assuming we will advertise */
1029 int new_choice=1;
1030 const char *reason = NULL;
1031
1032 /* Section one: reasons to publish or not publish that aren't
1033 * worth mentioning to the user, either because they're obvious
1034 * or because they're normal behavior. */
1035
1036 if (!dir_port) /* short circuit the rest of the function */
1037 return 0;
1038 if (authdir_mode(options)) /* always publish */
1039 return dir_port;
1040 if (net_is_disabled())
1041 return 0;
1042 if (!check_whether_dirport_reachable())
1043 return 0;
1044 if (!router_get_advertised_dir_port(options, dir_port))
1045 return 0;
1046
1047 /* Section two: reasons to publish or not publish that the user
1048 * might find surprising. These are generally config options that
1049 * make us choose not to publish. */
1050
1051 if (accounting_is_enabled(options)) {
1052 /* Don't spend bytes for directory traffic if we could end up hibernating,
1053 * but allow DirPort otherwise. Some people set AccountingMax because
1054 * they're confused or to get statistics. */
1055 int interval_length = accounting_get_interval_length();
1056 uint32_t effective_bw = get_effective_bwrate(options);
1057 if (!interval_length) {
1058 log_warn(LD_BUG, "An accounting interval is not allowed to be zero "
1059 "seconds long. Raising to 1.");
1060 interval_length = 1;
1061 }
1062 log_info(LD_GENERAL, "Calculating whether to disable dirport: effective "
1063 "bwrate: %u, AccountingMax: "U64_FORMAT", "
1064 "accounting interval length %d", effective_bw,
1065 U64_PRINTF_ARG(options->AccountingMax),
1066 interval_length);
1067 if (effective_bw >=
1068 options->AccountingMax / interval_length) {
1069 new_choice = 0;
1070 reason = "AccountingMax enabled";
1071 }
1072 #define MIN_BW_TO_ADVERTISE_DIRPORT 51200
1073 } else if (options->BandwidthRate < MIN_BW_TO_ADVERTISE_DIRPORT ||
1074 (options->RelayBandwidthRate > 0 &&
1075 options->RelayBandwidthRate < MIN_BW_TO_ADVERTISE_DIRPORT)) {
1076 /* if we're advertising a small amount */
1077 new_choice = 0;
1078 reason = "BandwidthRate under 50KB";
1079 }
1080
1081 if (advertising != new_choice) {
1082 if (new_choice == 1) {
1083 log_notice(LD_DIR, "Advertising DirPort as %d", dir_port);
1084 } else {
1085 tor_assert(reason);
1086 log_notice(LD_DIR, "Not advertising DirPort (Reason: %s)", reason);
1087 }
1088 advertising = new_choice;
1089 }
1090
1091 return advertising ? dir_port : 0;
1092 }
1093
1094 /** Allocate and return a new extend_info_t that can be used to build
1095 * a circuit to or through the router <b>r</b>. Use the primary
1096 * address of the router unless <b>for_direct_connect</b> is true, in
1097 * which case the preferred address is used instead. */
1098 static extend_info_t *
1099 extend_info_from_router(const routerinfo_t *r)
1100 {
1101 tor_addr_port_t ap;
1102 tor_assert(r);
1103
1104 router_get_prim_orport(r, &ap);
1105 return extend_info_new(r->nickname, r->cache_info.identity_digest,
1106 r->onion_pkey, r->onion_curve25519_pkey,
1107 &ap.addr, ap.port);
1108 }
1109
1110 /** Some time has passed, or we just got new directory information.
1111 * See if we currently believe our ORPort or DirPort to be
1112 * unreachable. If so, launch a new test for it.
1113 *
1114 * For ORPort, we simply try making a circuit that ends at ourselves.
1115 * Success is noticed in onionskin_answer().
1116 *
1117 * For DirPort, we make a connection via Tor to our DirPort and ask
1118 * for our own server descriptor.
1119 * Success is noticed in connection_dir_client_reached_eof().
1120 */
1121 void
1122 consider_testing_reachability(int test_or, int test_dir)
1123 {
1124 const routerinfo_t *me = router_get_my_routerinfo();
1125 int orport_reachable = check_whether_orport_reachable();
1126 tor_addr_t addr;
1127 const or_options_t *options = get_options();
1128 if (!me)
1129 return;
1130
1131 if (routerset_contains_router(options->ExcludeNodes, me, -1) &&
1132 options->StrictNodes) {
1133 /* If we've excluded ourself, and StrictNodes is set, we can't test
1134 * ourself. */
1135 if (test_or || test_dir) {
1136 #define SELF_EXCLUDED_WARN_INTERVAL 3600
1137 static ratelim_t warning_limit=RATELIM_INIT(SELF_EXCLUDED_WARN_INTERVAL);
1138 log_fn_ratelim(&warning_limit, LOG_WARN, LD_CIRC,
1139 "Can't peform self-tests for this relay: we have "
1140 "listed ourself in ExcludeNodes, and StrictNodes is set. "
1141 "We cannot learn whether we are usable, and will not "
1142 "be able to advertise ourself.");
1143 }
1144 return;
1145 }
1146
1147 if (test_or && (!orport_reachable || !circuit_enough_testing_circs())) {
1148 extend_info_t *ei = extend_info_from_router(me);
1149 /* XXX IPv6 self testing */
1150 log_info(LD_CIRC, "Testing %s of my ORPort: %s:%d.",
1151 !orport_reachable ? "reachability" : "bandwidth",
1152 me->address, me->or_port);
1153 circuit_launch_by_extend_info(CIRCUIT_PURPOSE_TESTING, ei,
1154 CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL);
1155 extend_info_free(ei);
1156 }
1157
1158 tor_addr_from_ipv4h(&addr, me->addr);
1159 if (test_dir && !check_whether_dirport_reachable() &&
1160 !connection_get_by_type_addr_port_purpose(
1161 CONN_TYPE_DIR, &addr, me->dir_port,
1162 DIR_PURPOSE_FETCH_SERVERDESC)) {
1163 /* ask myself, via tor, for my server descriptor. */
1164 directory_initiate_command(me->address, &addr,
1165 me->or_port, me->dir_port,
1166 me->cache_info.identity_digest,
1167 DIR_PURPOSE_FETCH_SERVERDESC,
1168 ROUTER_PURPOSE_GENERAL,
1169 DIRIND_ANON_DIRPORT, "authority.z", NULL, 0, 0);
1170 }
1171 }
1172
1173 /** Annotate that we found our ORPort reachable. */
1174 void
1175 router_orport_found_reachable(void)
1176 {
1177 const routerinfo_t *me = router_get_my_routerinfo();
1178 if (!can_reach_or_port && me) {
1179 log_notice(LD_OR,"Self-testing indicates your ORPort is reachable from "
1180 "the outside. Excellent.%s",
1181 get_options()->PublishServerDescriptor_ != NO_DIRINFO ?
1182 " Publishing server descriptor." : "");
1183 can_reach_or_port = 1;
1184 mark_my_descriptor_dirty("ORPort found reachable");
1185 control_event_server_status(LOG_NOTICE,
1186 "REACHABILITY_SUCCEEDED ORADDRESS=%s:%d",
1187 me->address, me->or_port);
1188 }
1189 }
1190
1191 /** Annotate that we found our DirPort reachable. */
1192 void
1193 router_dirport_found_reachable(void)
1194 {
1195 const routerinfo_t *me = router_get_my_routerinfo();
1196 if (!can_reach_dir_port && me) {
1197 log_notice(LD_DIRSERV,"Self-testing indicates your DirPort is reachable "
1198 "from the outside. Excellent.");
1199 can_reach_dir_port = 1;
1200 if (decide_to_advertise_dirport(get_options(), me->dir_port))
1201 mark_my_descriptor_dirty("DirPort found reachable");
1202 control_event_server_status(LOG_NOTICE,
1203 "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d",
1204 me->address, me->dir_port);
1205 }
1206 }
1207
1208 /** We have enough testing circuits open. Send a bunch of "drop"
1209 * cells down each of them, to exercise our bandwidth. */
1210 void
1211 router_perform_bandwidth_test(int num_circs, time_t now)
1212 {
1213 int num_cells = (int)(get_options()->BandwidthRate * 10 /
1214 CELL_MAX_NETWORK_SIZE);
1215 int max_cells = num_cells < CIRCWINDOW_START ?
1216 num_cells : CIRCWINDOW_START;
1217 int cells_per_circuit = max_cells / num_circs;
1218 origin_circuit_t *circ = NULL;
1219
1220 log_notice(LD_OR,"Performing bandwidth self-test...done.");
1221 while ((circ = circuit_get_next_by_pk_and_purpose(circ, NULL,
1222 CIRCUIT_PURPOSE_TESTING))) {
1223 /* dump cells_per_circuit drop cells onto this circ */
1224 int i = cells_per_circuit;
1225 if (circ->base_.state != CIRCUIT_STATE_OPEN)
1226 continue;
1227 circ->base_.timestamp_dirty = now;
1228 while (i-- > 0) {
1229 if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
1230 RELAY_COMMAND_DROP,
1231 NULL, 0, circ->cpath->prev)<0) {
1232 return; /* stop if error */
1233 }
1234 }
1235 }
1236 }
1237
1238 /** Return true iff our network is in some sense disabled: either we're
1239 * hibernating, entering hibernation, or */
1240 int
1241 net_is_disabled(void)
1242 {
1243 return get_options()->DisableNetwork || we_are_hibernating();
1244 }
1245
1246 /** Return true iff we believe ourselves to be an authoritative
1247 * directory server.
1248 */
1249 int
1250 authdir_mode(const or_options_t *options)
1251 {
1252 return options->AuthoritativeDir != 0;
1253 }
1254 /** Return true iff we believe ourselves to be a v1 authoritative
1255 * directory server.
1256 */
1257 int
1258 authdir_mode_v1(const or_options_t *options)
1259 {
1260 return authdir_mode(options) && options->V1AuthoritativeDir != 0;
1261 }
1262 /** Return true iff we believe ourselves to be a v2 authoritative
1263 * directory server.
1264 */
1265 int
1266 authdir_mode_v2(const or_options_t *options)
1267 {
1268 return authdir_mode(options) && options->V2AuthoritativeDir != 0;
1269 }
1270 /** Return true iff we believe ourselves to be a v3 authoritative
1271 * directory server.
1272 */
1273 int
1274 authdir_mode_v3(const or_options_t *options)
1275 {
1276 return authdir_mode(options) && options->V3AuthoritativeDir != 0;
1277 }
1278 /** Return true iff we are a v1, v2, or v3 directory authority. */
1279 int
1280 authdir_mode_any_main(const or_options_t *options)
1281 {
1282 return options->V1AuthoritativeDir ||
1283 options->V2AuthoritativeDir ||
1284 options->V3AuthoritativeDir;
1285 }
1286 /** Return true if we believe ourselves to be any kind of
1287 * authoritative directory beyond just a hidserv authority. */
1288 int
1289 authdir_mode_any_nonhidserv(const or_options_t *options)
1290 {
1291 return options->BridgeAuthoritativeDir ||
1292 authdir_mode_any_main(options);
1293 }
1294 /** Return true iff we are an authoritative directory server that is
1295 * authoritative about receiving and serving descriptors of type
1296 * <b>purpose</b> on its dirport. Use -1 for "any purpose". */
1297 int
1298 authdir_mode_handles_descs(const or_options_t *options, int purpose)
1299 {
1300 if (purpose < 0)
1301 return authdir_mode_any_nonhidserv(options);
1302 else if (purpose == ROUTER_PURPOSE_GENERAL)
1303 return authdir_mode_any_main(options);
1304 else if (purpose == ROUTER_PURPOSE_BRIDGE)
1305 return (options->BridgeAuthoritativeDir);
1306 else
1307 return 0;
1308 }
1309 /** Return true iff we are an authoritative directory server that
1310 * publishes its own network statuses.
1311 */
1312 int
1313 authdir_mode_publishes_statuses(const or_options_t *options)
1314 {
1315 if (authdir_mode_bridge(options))
1316 return 0;
1317 return authdir_mode_any_nonhidserv(options);
1318 }
1319 /** Return true iff we are an authoritative directory server that
1320 * tests reachability of the descriptors it learns about.
1321 */
1322 int
1323 authdir_mode_tests_reachability(const or_options_t *options)
1324 {
1325 return authdir_mode_handles_descs(options, -1);
1326 }
1327 /** Return true iff we believe ourselves to be a bridge authoritative
1328 * directory server.
1329 */
1330 int
1331 authdir_mode_bridge(const or_options_t *options)
1332 {
1333 return authdir_mode(options) && options->BridgeAuthoritativeDir != 0;
1334 }
1335
1336 /** Return true iff we are trying to be a server.
1337 */
1338 int
1339 server_mode(const or_options_t *options)
1340 {
1341 if (options->ClientOnly) return 0;
1342 /* XXXX024 I believe we can kill off ORListenAddress here.*/
1343 return (options->ORPort_set || options->ORListenAddress);
1344 }
1345
1346 /** Return true iff we are trying to be a non-bridge server.
1347 */
1348 int
1349 public_server_mode(const or_options_t *options)
1350 {
1351 if (!server_mode(options)) return 0;
1352 return (!options->BridgeRelay);
1353 }
1354
1355 /** Return true iff the combination of options in <b>options</b> and parameters
1356 * in the consensus mean that we don't want to allow exits from circuits
1357 * we got from addresses not known to be servers. */
1358 int
1359 should_refuse_unknown_exits(const or_options_t *options)
1360 {
1361 if (options->RefuseUnknownExits != -1) {
1362 return options->RefuseUnknownExits;
1363 } else {
1364 return networkstatus_get_param(NULL, "refuseunknownexits", 1, 0, 1);
1365 }
1366 }
1367
1368 /** Remember if we've advertised ourselves to the dirservers. */
1369 static int server_is_advertised=0;
1370
1371 /** Return true iff we have published our descriptor lately.
1372 */
1373 int
1374 advertised_server_mode(void)
1375 {
1376 return server_is_advertised;
1377 }
1378
1379 /**
1380 * Called with a boolean: set whether we have recently published our
1381 * descriptor.
1382 */
1383 static void
1384 set_server_advertised(int s)
1385 {
1386 server_is_advertised = s;
1387 }
1388
1389 /** Return true iff we are trying to proxy client connections. */
1390 int
1391 proxy_mode(const or_options_t *options)
1392 {
1393 (void)options;
1394 SMARTLIST_FOREACH_BEGIN(get_configured_ports(), const port_cfg_t *, p) {
1395 if (p->type == CONN_TYPE_AP_LISTENER ||
1396 p->type == CONN_TYPE_AP_TRANS_LISTENER ||
1397 p->type == CONN_TYPE_AP_DNS_LISTENER ||
1398 p->type == CONN_TYPE_AP_NATD_LISTENER)
1399 return 1;
1400 } SMARTLIST_FOREACH_END(p);
1401 return 0;
1402 }
1403
1404 /** Decide if we're a publishable server. We are a publishable server if:
1405 * - We don't have the ClientOnly option set
1406 * and
1407 * - We have the PublishServerDescriptor option set to non-empty
1408 * and
1409 * - We have ORPort set
1410 * and
1411 * - We believe we are reachable from the outside; or
1412 * - We are an authoritative directory server.
1413 */
1414 static int
1415 decide_if_publishable_server(void)
1416 {
1417 const or_options_t *options = get_options();
1418
1419 if (options->ClientOnly)
1420 return 0;
1421 if (options->PublishServerDescriptor_ == NO_DIRINFO)
1422 return 0;
1423 if (!server_mode(options))
1424 return 0;
1425 if (authdir_mode(options))
1426 return 1;
1427 if (!router_get_advertised_or_port(options))
1428 return 0;
1429
1430 return check_whether_orport_reachable();
1431 }
1432
1433 /** Initiate server descriptor upload as reasonable (if server is publishable,
1434 * etc). <b>force</b> is as for router_upload_dir_desc_to_dirservers.
1435 *
1436 * We need to rebuild the descriptor if it's dirty even if we're not
1437 * uploading, because our reachability testing *uses* our descriptor to
1438 * determine what IP address and ports to test.
1439 */
1440 void
1441 consider_publishable_server(int force)
1442 {
1443 int rebuilt;
1444
1445 if (!server_mode(get_options()))
1446 return;
1447
1448 rebuilt = router_rebuild_descriptor(0);
1449 if (decide_if_publishable_server()) {
1450 set_server_advertised(1);
1451 if (rebuilt == 0)
1452 router_upload_dir_desc_to_dirservers(force);
1453 } else {
1454 set_server_advertised(0);
1455 }
1456 }
1457
1458 /** Return the port of the first active listener of type
1459 * <b>listener_type</b>. */
1460 /** XXX not a very good interface. it's not reliable when there are
1461 multiple listeners. */
1462 uint16_t
1463 router_get_active_listener_port_by_type_af(int listener_type,
1464 sa_family_t family)
1465 {
1466 /* Iterate all connections, find one of the right kind and return
1467 the port. Not very sophisticated or fast, but effective. */
1468 smartlist_t *conns = get_connection_array();
1469 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1470 if (conn->type == listener_type && !conn->marked_for_close &&
1471 conn->socket_family == family) {
1472 return conn->port;
1473 }
1474 } SMARTLIST_FOREACH_END(conn);
1475
1476 return 0;
1477 }
1478
1479 /** Return the port that we should advertise as our ORPort; this is either
1480 * the one configured in the ORPort option, or the one we actually bound to
1481 * if ORPort is "auto".
1482 */
1483 uint16_t
1484 router_get_advertised_or_port(const or_options_t *options)
1485 {
1486 return router_get_advertised_or_port_by_af(options, AF_INET);
1487 }
1488
1489 /** As router_get_advertised_or_port(), but allows an address family argument.
1490 */
1491 uint16_t
1492 router_get_advertised_or_port_by_af(const or_options_t *options,
1493 sa_family_t family)
1494 {
1495 int port = get_first_advertised_port_by_type_af(CONN_TYPE_OR_LISTENER,
1496 family);
1497 (void)options;
1498
1499 /* If the port is in 'auto' mode, we have to use
1500 router_get_listener_port_by_type(). */
1501 if (port == CFG_AUTO_PORT)
1502 return router_get_active_listener_port_by_type_af(CONN_TYPE_OR_LISTENER,
1503 family);
1504
1505 return port;
1506 }
1507
1508 /** Return the port that we should advertise as our DirPort;
1509 * this is one of three possibilities:
1510 * The one that is passed as <b>dirport</b> if the DirPort option is 0, or
1511 * the one configured in the DirPort option,
1512 * or the one we actually bound to if DirPort is "auto". */
1513 uint16_t
1514 router_get_advertised_dir_port(const or_options_t *options, uint16_t dirport)
1515 {
1516 int dirport_configured = get_primary_dir_port();
1517 (void)options;
1518
1519 if (!dirport_configured)
1520 return dirport;
1521
1522 if (dirport_configured == CFG_AUTO_PORT)
1523 return router_get_active_listener_port_by_type_af(CONN_TYPE_DIR_LISTENER,
1524 AF_INET);
1525
1526 return dirport_configured;
1527 }
1528
1529 /*
1530 * OR descriptor generation.
1531 */
1532
1533 /** My routerinfo. */
1534 static routerinfo_t *desc_routerinfo = NULL;
1535 /** My extrainfo */
1536 static extrainfo_t *desc_extrainfo = NULL;
1537 /** Why did we most recently decide to regenerate our descriptor? Used to
1538 * tell the authorities why we're sending it to them. */
1539 static const char *desc_gen_reason = NULL;
1540 /** Since when has our descriptor been "clean"? 0 if we need to regenerate it
1541 * now. */
1542 static time_t desc_clean_since = 0;
1543 /** Why did we mark the descriptor dirty? */
1544 static const char *desc_dirty_reason = NULL;
1545 /** Boolean: do we need to regenerate the above? */
1546 static int desc_needs_upload = 0;
1547
1548 /** OR only: If <b>force</b> is true, or we haven't uploaded this
1549 * descriptor successfully yet, try to upload our signed descriptor to
1550 * all the directory servers we know about.
1551 */
1552 void
1553 router_upload_dir_desc_to_dirservers(int force)
1554 {
1555 const routerinfo_t *ri;
1556 extrainfo_t *ei;
1557 char *msg;
1558 size_t desc_len, extra_len = 0, total_len;
1559 dirinfo_type_t auth = get_options()->PublishServerDescriptor_;
1560
1561 ri = router_get_my_routerinfo();
1562 if (!ri) {
1563 log_info(LD_GENERAL, "No descriptor; skipping upload");
1564 return;
1565 }
1566 ei = router_get_my_extrainfo();
1567 if (auth == NO_DIRINFO)
1568 return;
1569 if (!force && !desc_needs_upload)
1570 return;
1571
1572 log_info(LD_OR, "Uploading relay descriptor to directory authorities%s",
1573 force ? " (forced)" : "");
1574
1575 desc_needs_upload = 0;
1576
1577 desc_len = ri->cache_info.signed_descriptor_len;
1578 extra_len = ei ? ei->cache_info.signed_descriptor_len : 0;
1579 total_len = desc_len + extra_len + 1;
1580 msg = tor_malloc(total_len);
1581 memcpy(msg, ri->cache_info.signed_descriptor_body, desc_len);
1582 if (ei) {
1583 memcpy(msg+desc_len, ei->cache_info.signed_descriptor_body, extra_len);
1584 }
1585 msg[desc_len+extra_len] = 0;
1586
1587 directory_post_to_dirservers(DIR_PURPOSE_UPLOAD_DIR,
1588 (auth & BRIDGE_DIRINFO) ?
1589 ROUTER_PURPOSE_BRIDGE :
1590 ROUTER_PURPOSE_GENERAL,
1591 auth, msg, desc_len, extra_len);
1592 tor_free(msg);
1593 }
1594
1595 /** OR only: Check whether my exit policy says to allow connection to
1596 * conn. Return 0 if we accept; non-0 if we reject.
1597 */
1598 int
1599 router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
1600 {
1601 if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */
1602 return -1;
1603
1604 /* make sure it's resolved to something. this way we can't get a
1605 'maybe' below. */
1606 if (tor_addr_is_null(addr))
1607 return -1;
1608
1609 /* look at desc_routerinfo->exit_policy for both the v4 and the v6
1610 * policies. The exit_policy field in desc_routerinfo is a bit unusual,
1611 * in that it contains IPv6 and IPv6 entries. We don't want to look
1612 * at desc_routerinfio->ipv6_exit_policy, since that's a port summary. */
1613 if ((tor_addr_family(addr) == AF_INET ||
1614 tor_addr_family(addr) == AF_INET6)) {
1615 return compare_tor_addr_to_addr_policy(addr, port,
1616 desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
1617 #if 0
1618 } else if (tor_addr_family(addr) == AF_INET6) {
1619 return get_options()->IPv6Exit &&
1620 desc_routerinfo->ipv6_exit_policy &&
1621 compare_tor_addr_to_short_policy(addr, port,
1622 desc_routerinfo->ipv6_exit_policy) != ADDR_POLICY_ACCEPTED;
1623 #endif
1624 } else {
1625 return -1;
1626 }
1627 }
1628
1629 /** Return true iff my exit policy is reject *:*. Return -1 if we don't
1630 * have a descriptor */
1631 int
1632 router_my_exit_policy_is_reject_star(void)
1633 {
1634 if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */
1635 return -1;
1636
1637 return desc_routerinfo->policy_is_reject_star;
1638 }
1639
1640 /** Return true iff I'm a server and <b>digest</b> is equal to
1641 * my server identity key digest. */
1642 int
1643 router_digest_is_me(const char *digest)
1644 {
1645 return (server_identitykey &&
1646 tor_memeq(server_identitykey_digest, digest, DIGEST_LEN));
1647 }
1648
1649 /** Return my identity digest. */
1650 const uint8_t *
1651 router_get_my_id_digest(void)
1652 {
1653 return (const uint8_t *)server_identitykey_digest;
1654 }
1655
1656 /** Return true iff I'm a server and <b>digest</b> is equal to
1657 * my identity digest. */
1658 int
1659 router_extrainfo_digest_is_me(const char *digest)
1660 {
1661 extrainfo_t *ei = router_get_my_extrainfo();
1662 if (!ei)
1663 return 0;
1664
1665 return tor_memeq(digest,
1666 ei->cache_info.signed_descriptor_digest,
1667 DIGEST_LEN);
1668 }
1669
1670 /** A wrapper around router_digest_is_me(). */
1671 int
1672 router_is_me(const routerinfo_t *router)
1673 {
1674 return router_digest_is_me(router->cache_info.identity_digest);
1675 }
1676
1677 /** Return true iff <b>fp</b> is a hex fingerprint of my identity digest. */
1678 int
1679 router_fingerprint_is_me(const char *fp)
1680 {
1681 char digest[DIGEST_LEN];
1682 if (strlen(fp) == HEX_DIGEST_LEN &&
1683 base16_decode(digest, sizeof(digest), fp, HEX_DIGEST_LEN) == 0)
1684 return router_digest_is_me(digest);
1685
1686 return 0;
1687 }
1688
1689 /** Return a routerinfo for this OR, rebuilding a fresh one if
1690 * necessary. Return NULL on error, or if called on an OP. */
1691 const routerinfo_t *
1692 router_get_my_routerinfo(void)
1693 {
1694 if (!server_mode(get_options()))
1695 return NULL;
1696 if (router_rebuild_descriptor(0))
1697 return NULL;
1698 return desc_routerinfo;
1699 }
1700
1701 /** OR only: Return a signed server descriptor for this OR, rebuilding a fresh
1702 * one if necessary. Return NULL on error.
1703 */
1704 const char *
1705 router_get_my_descriptor(void)
1706 {
1707 const char *body;
1708 if (!router_get_my_routerinfo())
1709 return NULL;
1710 /* Make sure this is nul-terminated. */
1711 tor_assert(desc_routerinfo->cache_info.saved_location == SAVED_NOWHERE);
1712 body = signed_descriptor_get_body(&desc_routerinfo->cache_info);
1713 tor_assert(!body[desc_routerinfo->cache_info.signed_descriptor_len]);
1714 log_debug(LD_GENERAL,"my desc is '%s'", body);
1715 return body;
1716 }
1717
1718 /** Return the extrainfo document for this OR, or NULL if we have none.
1719 * Rebuilt it (and the server descriptor) if necessary. */
1720 extrainfo_t *
1721 router_get_my_extrainfo(void)
1722 {
1723 if (!server_mode(get_options()))
1724 return NULL;
1725 if (router_rebuild_descriptor(0))
1726 return NULL;
1727 return desc_extrainfo;
1728 }
1729
1730 /** Return a human-readable string describing what triggered us to generate
1731 * our current descriptor, or NULL if we don't know. */
1732 const char *
1733 router_get_descriptor_gen_reason(void)
1734 {
1735 return desc_gen_reason;
1736 }
1737
1738 /** A list of nicknames that we've warned about including in our family
1739 * declaration verbatim rather than as digests. */
1740 static smartlist_t *warned_nonexistent_family = NULL;
1741
1742 static int router_guess_address_from_dir_headers(uint32_t *guess);
1743
1744 /** Make a current best guess at our address, either because
1745 * it's configured in torrc, or because we've learned it from
1746 * dirserver headers. Place the answer in *<b>addr</b> and return
1747 * 0 on success, else return -1 if we have no guess. */
1748 int
1749 router_pick_published_address(const or_options_t *options, uint32_t *addr)
1750 {
1751 *addr = get_last_resolved_addr();
1752 if (!*addr &&
1753 resolve_my_address(LOG_INFO, options, addr, NULL, NULL) < 0) {
1754 log_info(LD_CONFIG, "Could not determine our address locally. "
1755 "Checking if directory headers provide any hints.");
1756 if (router_guess_address_from_dir_headers(addr) < 0) {
1757 log_info(LD_CONFIG, "No hints from directory headers either. "
1758 "Will try again later.");
1759 return -1;
1760 }
1761 }
1762 log_info(LD_CONFIG,"Success: chose address '%s'.", fmt_addr32(*addr));
1763 return 0;
1764 }
1765
1766 /** If <b>force</b> is true, or our descriptor is out-of-date, rebuild a fresh
1767 * routerinfo, signed server descriptor, and extra-info document for this OR.
1768 * Return 0 on success, -1 on temporary error.
1769 */
1770 int
1771 router_rebuild_descriptor(int force)
1772 {
1773 routerinfo_t *ri;
1774 extrainfo_t *ei;
1775 uint32_t addr;
1776 char platform[256];
1777 int hibernating = we_are_hibernating();
1778 const or_options_t *options = get_options();
1779
1780 if (desc_clean_since && !force)
1781 return 0;
1782
1783 if (router_pick_published_address(options, &addr) < 0 ||
1784 router_get_advertised_or_port(options) == 0) {
1785 /* Stop trying to rebuild our descriptor every second. We'll
1786 * learn that it's time to try again when ip_address_changed()
1787 * marks it dirty. */
1788 desc_clean_since = time(NULL);
1789 return -1;
1790 }
1791
1792 log_info(LD_OR, "Rebuilding relay descriptor%s", force ? " (forced)" : "");
1793
1794 ri = tor_malloc_zero(sizeof(routerinfo_t));
1795 ri->cache_info.routerlist_index = -1;
1796 ri->address = tor_dup_ip(addr);
1797 ri->nickname = tor_strdup(options->Nickname);
1798 ri->addr = addr;
1799 ri->or_port = router_get_advertised_or_port(options);
1800 ri->dir_port = router_get_advertised_dir_port(options, 0);
1801 ri->cache_info.published_on = time(NULL);
1802 ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
1803 * main thread */
1804 #ifdef CURVE25519_ENABLED
1805 ri->onion_curve25519_pkey =
1806 tor_memdup(&get_current_curve25519_keypair()->pubkey,
1807 sizeof(curve25519_public_key_t));
1808 #endif
1809
1810 /* For now, at most one IPv6 or-address is being advertised. */
1811 {
1812 const port_cfg_t *ipv6_orport = NULL;
1813 SMARTLIST_FOREACH_BEGIN(get_configured_ports(), const port_cfg_t *, p) {
1814 if (p->type == CONN_TYPE_OR_LISTENER &&
1815 ! p->no_advertise &&
1816 ! p->bind_ipv4_only &&
1817 tor_addr_family(&p->addr) == AF_INET6) {
1818 if (! tor_addr_is_internal(&p->addr, 0)) {
1819 ipv6_orport = p;
1820 break;
1821 } else {
1822 char addrbuf[TOR_ADDR_BUF_LEN];
1823 log_warn(LD_CONFIG,
1824 "Unable to use configured IPv6 address \"%s\" in a "
1825 "descriptor. Skipping it. "
1826 "Try specifying a globally reachable address explicitly. ",
1827 tor_addr_to_str(addrbuf, &p->addr, sizeof(addrbuf), 1));
1828 }
1829 }
1830 } SMARTLIST_FOREACH_END(p);
1831 if (ipv6_orport) {
1832 tor_addr_copy(&ri->ipv6_addr, &ipv6_orport->addr);
1833 ri->ipv6_orport = ipv6_orport->port;
1834 }
1835 }
1836
1837 ri->identity_pkey = crypto_pk_dup_key(get_server_identity_key());
1838 if (crypto_pk_get_digest(ri->identity_pkey,
1839 ri->cache_info.identity_digest)<0) {
1840 routerinfo_free(ri);
1841 return -1;
1842 }
1843 get_platform_str(platform, sizeof(platform));
1844 ri->platform = tor_strdup(platform);
1845
1846 /* compute ri->bandwidthrate as the min of various options */
1847 ri->bandwidthrate = get_effective_bwrate(options);
1848
1849 /* and compute ri->bandwidthburst similarly */
1850 ri->bandwidthburst = get_effective_bwburst(options);
1851
1852 ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess();
1853
1854 if (dns_seems_to_be_broken() || has_dns_init_failed()) {
1855 /* DNS is screwed up; don't claim to be an exit. */
1856 policies_exit_policy_append_reject_star(&ri->exit_policy);
1857 } else {
1858 policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
1859 options->IPv6Exit,
1860 options->ExitPolicyRejectPrivate,
1861 ri->address, !options->BridgeRelay);
1862 }
1863 ri->policy_is_reject_star =
1864 policy_is_reject_star(ri->exit_policy, AF_INET) &&
1865 policy_is_reject_star(ri->exit_policy, AF_INET6);
1866
1867 if (options->IPv6Exit) {
1868 char *p_tmp = policy_summarize(ri->exit_policy, AF_INET6);
1869 if (p_tmp)
1870 ri->ipv6_exit_policy = parse_short_policy(p_tmp);
1871 tor_free(p_tmp);
1872 }
1873
1874 #if 0
1875 /* XXXX NM NM I belive this is safe to remove */
1876 if (authdir_mode(options))
1877 ri->is_valid = ri->is_named = 1; /* believe in yourself */
1878 #endif
1879
1880 if (options->MyFamily && ! options->BridgeRelay) {
1881 smartlist_t *family;
1882 if (!warned_nonexistent_family)
1883 warned_nonexistent_family = smartlist_new();
1884 family = smartlist_new();
1885 ri->declared_family = smartlist_new();
1886 smartlist_split_string(family, options->MyFamily, ",",
1887 SPLIT_SKIP_SPACE|SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1888 SMARTLIST_FOREACH_BEGIN(family, char *, name) {
1889 const node_t *member;
1890 if (!strcasecmp(name, options->Nickname))
1891 goto skip; /* Don't list ourself, that's redundant */
1892 else
1893 member = node_get_by_nickname(name, 1);
1894 if (!member) {
1895 int is_legal = is_legal_nickname_or_hexdigest(name);
1896 if (!smartlist_contains_string(warned_nonexistent_family, name) &&
1897 !is_legal_hexdigest(name)) {
1898 if (is_legal)
1899 log_warn(LD_CONFIG,
1900 "I have no descriptor for the router named \"%s\" in my "
1901 "declared family; I'll use the nickname as is, but "
1902 "this may confuse clients.", name);
1903 else
1904 log_warn(LD_CONFIG, "There is a router named \"%s\" in my "
1905 "declared family, but that isn't a legal nickname. "
1906 "Skipping it.", escaped(name));
1907 smartlist_add(warned_nonexistent_family, tor_strdup(name));
1908 }
1909 if (is_legal) {
1910 smartlist_add(ri->declared_family, name);
1911 name = NULL;
1912 }
1913 } else if (router_digest_is_me(member->identity)) {
1914 /* Don't list ourself in our own family; that's redundant */
1915 /* XXX shouldn't be possible */
1916 } else {
1917 char *fp = tor_malloc(HEX_DIGEST_LEN+2);
1918 fp[0] = '$';
1919 base16_encode(fp+1,HEX_DIGEST_LEN+1,
1920 member->identity, DIGEST_LEN);
1921 smartlist_add(ri->declared_family, fp);
1922 if (smartlist_contains_string(warned_nonexistent_family, name))
1923 smartlist_string_remove(warned_nonexistent_family, name);
1924 }
1925 skip:
1926 tor_free(name);
1927 } SMARTLIST_FOREACH_END(name);
1928
1929 /* remove duplicates from the list */
1930 smartlist_sort_strings(ri->declared_family);
1931 smartlist_uniq_strings(ri->declared_family);
1932
1933 smartlist_free(family);
1934 }
1935
1936 /* Now generate the extrainfo. */
1937 ei = tor_malloc_zero(sizeof(extrainfo_t));
1938 ei->cache_info.is_extrainfo = 1;
1939 strlcpy(ei->nickname, get_options()->Nickname, sizeof(ei->nickname));
1940 ei->cache_info.published_on = ri->cache_info.published_on;
1941 memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest,
1942 DIGEST_LEN);
1943 if (extrainfo_dump_to_string(&ei->cache_info.signed_descriptor_body,
1944 ei, get_server_identity_key()) < 0) {
1945 log_warn(LD_BUG, "Couldn't generate extra-info descriptor.");
1946 extrainfo_free(ei);
1947 ei = NULL;
1948 } else {
1949 ei->cache_info.signed_descriptor_len =
1950 strlen(ei->cache_info.signed_descriptor_body);
1951 router_get_extrainfo_hash(ei->cache_info.signed_descriptor_body,
1952 ei->cache_info.signed_descriptor_len,
1953 ei->cache_info.signed_descriptor_digest);
1954 }
1955
1956 /* Now finish the router descriptor. */
1957 if (ei) {
1958 memcpy(ri->cache_info.extra_info_digest,
1959 ei->cache_info.signed_descriptor_digest,
1960 DIGEST_LEN);
1961 } else {
1962 /* ri was allocated with tor_malloc_zero, so there is no need to
1963 * zero ri->cache_info.extra_info_digest here. */
1964 }
1965 if (! (ri->cache_info.signed_descriptor_body = router_dump_router_to_string(
1966 ri, get_server_identity_key()))) {
1967 log_warn(LD_BUG, "Couldn't generate router descriptor.");
1968 routerinfo_free(ri);
1969 extrainfo_free(ei);
1970 return -1;
1971 }
1972 ri->cache_info.signed_descriptor_len =
1973 strlen(ri->cache_info.signed_descriptor_body);
1974
1975 ri->purpose =
1976 options->BridgeRelay ? ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL;
1977 if (options->BridgeRelay) {
1978 /* Bridges shouldn't be able to send their descriptors unencrypted,
1979 anyway, since they don't have a DirPort, and always connect to the
1980 bridge authority anonymously. But just in case they somehow think of
1981 sending them on an unencrypted connection, don't allow them to try. */
1982 ri->cache_info.send_unencrypted = 0;
1983 if (ei)
1984 ei->cache_info.send_unencrypted = 0;
1985 } else {
1986 ri->cache_info.send_unencrypted = 1;
1987 if (ei)
1988 ei->cache_info.send_unencrypted = 1;
1989 }
1990
1991 router_get_router_hash(ri->cache_info.signed_descriptor_body,
1992 strlen(ri->cache_info.signed_descriptor_body),
1993 ri->cache_info.signed_descriptor_digest);
1994
1995 if (ei) {
1996 tor_assert(! routerinfo_incompatible_with_extrainfo(ri, ei, NULL, NULL));
1997 }
1998
1999 routerinfo_free(desc_routerinfo);
2000 desc_routerinfo = ri;
2001 extrainfo_free(desc_extrainfo);
2002 desc_extrainfo = ei;
2003
2004 desc_clean_since = time(NULL);
2005 desc_needs_upload = 1;
2006 desc_gen_reason = desc_dirty_reason;
2007 desc_dirty_reason = NULL;
2008 control_event_my_descriptor_changed();
2009 return 0;
2010 }
2011
2012 /** If our router descriptor ever goes this long without being regenerated
2013 * because something changed, we force an immediate regenerate-and-upload. */
2014 #define FORCE_REGENERATE_DESCRIPTOR_INTERVAL (18*60*60)
2015
2016 /** If our router descriptor seems to be missing or unacceptable according
2017 * to the authorities, regenerate and reupload it _this_ often. */
2018 #define FAST_RETRY_DESCRIPTOR_INTERVAL (90*60)
2019
2020 /** Mark descriptor out of date if it's been "too long" since we last tried
2021 * to upload one. */
2022 void
2023 mark_my_descriptor_dirty_if_too_old(time_t now)
2024 {
2025 networkstatus_t *ns;
2026 const routerstatus_t *rs;
2027 const char *retry_fast_reason = NULL; /* Set if we should retry frequently */
2028 const time_t slow_cutoff = now - FORCE_REGENERATE_DESCRIPTOR_INTERVAL;
2029 const time_t fast_cutoff = now - FAST_RETRY_DESCRIPTOR_INTERVAL;
2030
2031 /* If it's already dirty, don't mark it. */
2032 if (! desc_clean_since)
2033 return;
2034
2035 /* If it's older than FORCE_REGENERATE_DESCRIPTOR_INTERVAL, it's always
2036 * time to rebuild it. */
2037 if (desc_clean_since < slow_cutoff) {
2038 mark_my_descriptor_dirty("time for new descriptor");
2039 return;
2040 }
2041 /* Now we see whether we want to be retrying frequently or no. The
2042 * rule here is that we'll retry frequently if we aren't listed in the
2043 * live consensus we have, or if the publication time of the
2044 * descriptor listed for us in the consensus is very old. */
2045 ns = networkstatus_get_live_consensus(now);
2046 if (ns) {
2047 rs = networkstatus_vote_find_entry(ns, server_identitykey_digest);
2048 if (rs == NULL)
2049 retry_fast_reason = "not listed in consensus";
2050 else if (rs->published_on < slow_cutoff)
2051 retry_fast_reason = "version listed in consensus is quite old";
2052 }
2053
2054 if (retry_fast_reason && desc_clean_since < fast_cutoff)
2055 mark_my_descriptor_dirty(retry_fast_reason);
2056 }
2057
2058 /** Call when the current descriptor is out of date. */
2059 void
2060 mark_my_descriptor_dirty(const char *reason)
2061 {
2062 const or_options_t *options = get_options();
2063 if (server_mode(options) && options->PublishServerDescriptor_)
2064 log_info(LD_OR, "Decided to publish new relay descriptor: %s", reason);
2065 desc_clean_since = 0;
2066 if (!desc_dirty_reason)
2067 desc_dirty_reason = reason;
2068 }
2069
2070 /** How frequently will we republish our descriptor because of large (factor
2071 * of 2) shifts in estimated bandwidth? */
2072 #define MAX_BANDWIDTH_CHANGE_FREQ (20*60)
2073
2074 /** Check whether bandwidth has changed a lot since the last time we announced
2075 * bandwidth. If so, mark our descriptor dirty. */
2076 void
2077 check_descriptor_bandwidth_changed(time_t now)
2078 {
2079 static time_t last_changed = 0;
2080 uint64_t prev, cur;
2081 if (!desc_routerinfo)
2082 return;
2083
2084 prev = desc_routerinfo->bandwidthcapacity;
2085 cur = we_are_hibernating() ? 0 : rep_hist_bandwidth_assess();
2086 if ((prev != cur && (!prev || !cur)) ||
2087 cur > prev*2 ||
2088 cur < prev/2) {
2089 if (last_changed+MAX_BANDWIDTH_CHANGE_FREQ < now) {
2090 log_info(LD_GENERAL,
2091 "Measured bandwidth has changed; rebuilding descriptor.");
2092 mark_my_descriptor_dirty("bandwidth has changed");
2093 last_changed = now;
2094 }
2095 }
2096 }
2097
2098 /** Note at log level severity that our best guess of address has changed from
2099 * <b>prev</b> to <b>cur</b>. */
2100 static void
2101 log_addr_has_changed(int severity,
2102 const tor_addr_t *prev,
2103 const tor_addr_t *cur,
2104 const char *source)
2105 {
2106 char addrbuf_prev[TOR_ADDR_BUF_LEN];
2107 char addrbuf_cur[TOR_ADDR_BUF_LEN];
2108
2109 if (tor_addr_to_str(addrbuf_prev, prev, sizeof(addrbuf_prev), 1) == NULL)
2110 strlcpy(addrbuf_prev, "???", TOR_ADDR_BUF_LEN);
2111 if (tor_addr_to_str(addrbuf_cur, cur, sizeof(addrbuf_cur), 1) == NULL)
2112 strlcpy(addrbuf_cur, "???", TOR_ADDR_BUF_LEN);
2113
2114 if (!tor_addr_is_null(prev))
2115 log_fn(severity, LD_GENERAL,
2116 "Our IP Address has changed from %s to %s; "
2117 "rebuilding descriptor (source: %s).",
2118 addrbuf_prev, addrbuf_cur, source);
2119 else
2120 log_notice(LD_GENERAL,
2121 "Guessed our IP address as %s (source: %s).",
2122 addrbuf_cur, source);
2123 }
2124
2125 /** Check whether our own address as defined by the Address configuration
2126 * has changed. This is for routers that get their address from a service
2127 * like dyndns. If our address has changed, mark our descriptor dirty. */
2128 void
2129 check_descriptor_ipaddress_changed(time_t now)
2130 {
2131 uint32_t prev, cur;
2132 const or_options_t *options = get_options();
2133 const char *method = NULL;
2134 char *hostname = NULL;
2135
2136 (void) now;
2137
2138 if (!desc_routerinfo)
2139 return;
2140
2141 /* XXXX ipv6 */
2142 prev = desc_routerinfo->addr;
2143 if (resolve_my_address(LOG_INFO, options, &cur, &method, &hostname) < 0) {
2144 log_info(LD_CONFIG,"options->Address didn't resolve into an IP.");
2145 return;
2146 }
2147
2148 if (prev != cur) {
2149 char *source;
2150 tor_addr_t tmp_prev, tmp_cur;
2151
2152 tor_addr_from_ipv4h(&tmp_prev, prev);
2153 tor_addr_from_ipv4h(&tmp_cur, cur);
2154
2155 tor_asprintf(&source, "METHOD=%s%s%s", method,
2156 hostname ? " HOSTNAME=" : "",
2157 hostname ? hostname : "");
2158
2159 log_addr_has_changed(LOG_NOTICE, &tmp_prev, &tmp_cur, source);
2160 tor_free(source);
2161
2162 ip_address_changed(0);
2163 }
2164
2165 tor_free(hostname);
2166 }
2167
2168 /** The most recently guessed value of our IP address, based on directory
2169 * headers. */
2170 static tor_addr_t last_guessed_ip = TOR_ADDR_NULL;
2171
2172 /** A directory server <b>d_conn</b> told us our IP address is
2173 * <b>suggestion</b>.
2174 * If this address is different from the one we think we are now, and
2175 * if our computer doesn't actually know its IP address, then switch. */
2176 void
2177 router_new_address_suggestion(const char *suggestion,
2178 const dir_connection_t *d_conn)
2179 {
2180 tor_addr_t addr;
2181 uint32_t cur = 0; /* Current IPv4 address. */
2182 const or_options_t *options = get_options();
2183
2184 /* first, learn what the IP address actually is */
2185 if (tor_addr_parse(&addr, suggestion) == -1) {
2186 log_debug(LD_DIR, "Malformed X-Your-Address-Is header %s. Ignoring.",
2187 escaped(suggestion));
2188 return;
2189 }
2190
2191 log_debug(LD_DIR, "Got X-Your-Address-Is: %s.", suggestion);
2192
2193 if (!server_mode(options)) {
2194 tor_addr_copy(&last_guessed_ip, &addr);
2195 return;
2196 }
2197
2198 /* XXXX ipv6 */
2199 cur = get_last_resolved_addr();
2200 if (cur ||
2201 resolve_my_address(LOG_INFO, options, &cur, NULL, NULL) >= 0) {
2202 /* We're all set -- we already know our address. Great. */
2203 tor_addr_from_ipv4h(&last_guessed_ip, cur); /* store it in case we
2204 need it later */
2205 return;
2206 }
2207 if (tor_addr_is_internal(&addr, 0)) {
2208 /* Don't believe anybody who says our IP is, say, 127.0.0.1. */
2209 return;
2210 }
2211 if (tor_addr_eq(&d_conn->base_.addr, &addr)) {
2212 /* Don't believe anybody who says our IP is their IP. */
2213 log_debug(LD_DIR, "A directory server told us our IP address is %s, "
2214 "but he's just reporting his own IP address. Ignoring.",
2215 suggestion);
2216 return;
2217 }
2218
2219 /* Okay. We can't resolve our own address, and X-Your-Address-Is is giving
2220 * us an answer different from what we had the last time we managed to
2221 * resolve it. */
2222 if (!tor_addr_eq(&last_guessed_ip, &addr)) {
2223 control_event_server_status(LOG_NOTICE,
2224 "EXTERNAL_ADDRESS ADDRESS=%s METHOD=DIRSERV",
2225 suggestion);
2226 log_addr_has_changed(LOG_NOTICE, &last_guessed_ip, &addr,
2227 d_conn->base_.address);
2228 ip_address_changed(0);
2229 tor_addr_copy(&last_guessed_ip, &addr); /* router_rebuild_descriptor()
2230 will fetch it */
2231 }
2232 }
2233
2234 /** We failed to resolve our address locally, but we'd like to build
2235 * a descriptor and publish / test reachability. If we have a guess
2236 * about our address based on directory headers, answer it and return
2237 * 0; else return -1. */
2238 static int
2239 router_guess_address_from_dir_headers(uint32_t *guess)
2240 {
2241 if (!tor_addr_is_null(&last_guessed_ip)) {
2242 *guess = tor_addr_to_ipv4h(&last_guessed_ip);
2243 return 0;
2244 }
2245 return -1;
2246 }
2247
2248 /** Set <b>platform</b> (max length <b>len</b>) to a NUL-terminated short
2249 * string describing the version of Tor and the operating system we're
2250 * currently running on.
2251 */
2252 void
2253 get_platform_str(char *platform, size_t len)
2254 {
2255 tor_snprintf(platform, len, "Tor %s on %s",
2256 get_short_version(), get_uname());
2257 }
2258
2259 /* XXX need to audit this thing and count fenceposts. maybe
2260 * refactor so we don't have to keep asking if we're
2261 * near the end of maxlen?
2262 */
2263 #define DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
2264
2265 /** OR only: Given a routerinfo for this router, and an identity key to sign
2266 * with, encode the routerinfo as a signed server descriptor and return a new
2267 * string encoding the result, or NULL on failure.
2268 */
2269 char *
2270 router_dump_router_to_string(routerinfo_t *router,
2271 crypto_pk_t *ident_key)
2272 {
2273 /* XXXX025 Make this look entirely at its arguments, and not at globals.
2274 */
2275 char *onion_pkey = NULL; /* Onion key, PEM-encoded. */
2276 char *identity_pkey = NULL; /* Identity key, PEM-encoded. */
2277 char digest[DIGEST_LEN];
2278 char published[ISO_TIME_LEN+1];
2279 char fingerprint[FINGERPRINT_LEN+1];
2280 int has_extra_info_digest;
2281 char extra_info_digest[HEX_DIGEST_LEN+1];
2282 size_t onion_pkeylen, identity_pkeylen;
2283 char *family_line = NULL;
2284 char *extra_or_address = NULL;
2285 const or_options_t *options = get_options();
2286 smartlist_t *chunks = NULL;
2287 char *output = NULL;
2288
2289 /* Make sure the identity key matches the one in the routerinfo. */
2290 if (!crypto_pk_eq_keys(ident_key, router->identity_pkey)) {
2291 log_warn(LD_BUG,"Tried to sign a router with a private key that didn't "
2292 "match router's public key!");
2293 goto err;
2294 }
2295
2296 /* record our fingerprint, so we can include it in the descriptor */
2297 if (crypto_pk_get_fingerprint(router->identity_pkey, fingerprint, 1)<0) {
2298 log_err(LD_BUG,"Error computing fingerprint");
2299 goto err;
2300 }
2301
2302 /* PEM-encode the onion key */
2303 if (crypto_pk_write_public_key_to_string(router->onion_pkey,
2304 &onion_pkey,&onion_pkeylen)<0) {
2305 log_warn(LD_BUG,"write onion_pkey to string failed!");
2306 goto err;
2307 }
2308
2309 /* PEM-encode the identity key */
2310 if (crypto_pk_write_public_key_to_string(router->identity_pkey,
2311 &identity_pkey,&identity_pkeylen)<0) {
2312 log_warn(LD_BUG,"write identity_pkey to string failed!");
2313 goto err;
2314 }
2315
2316 /* Encode the publication time. */
2317 format_iso_time(published, router->cache_info.published_on);
2318
2319 if (router->declared_family && smartlist_len(router->declared_family)) {
2320 char *family = smartlist_join_strings(router->declared_family,
2321 " ", 0, NULL);
2322 tor_asprintf(&family_line, "family %s\n", family);
2323 tor_free(family);
2324 } else {
2325 family_line = tor_strdup("");
2326 }
2327
2328 has_extra_info_digest =
2329 ! tor_digest_is_zero(router->cache_info.extra_info_digest);
2330
2331 if (has_extra_info_digest) {
2332 base16_encode(extra_info_digest, sizeof(extra_info_digest),
2333 router->cache_info.extra_info_digest, DIGEST_LEN);
2334 }
2335
2336 if (router->ipv6_orport &&
2337 tor_addr_family(&router->ipv6_addr) == AF_INET6) {
2338 char addr[TOR_ADDR_BUF_LEN];
2339 const char *a;
2340 a = tor_addr_to_str(addr, &router->ipv6_addr, sizeof(addr), 1);
2341 if (a) {
2342 tor_asprintf(&extra_or_address,
2343 "or-address %s:%d\n", a, router->ipv6_orport);
2344 log_debug(LD_OR, "My or-address line is <%s>", extra_or_address);
2345 }
2346 }
2347
2348 chunks = smartlist_new();
2349 /* Generate the easy portion of the router descriptor. */
2350 smartlist_add_asprintf(chunks,
2351 "router %s %s %d 0 %d\n"
2352 "%s"
2353 "platform %s\n"
2354 "protocols Link 1 2 Circuit 1\n"
2355 "published %s\n"
2356 "fingerprint %s\n"
2357 "uptime %ld\n"
2358 "bandwidth %d %d %d\n"
2359 "%s%s%s%s"
2360 "onion-key\n%s"
2361 "signing-key\n%s"
2362 "%s%s%s%s",
2363 router->nickname,
2364 router->address,
2365 router->or_port,
2366 decide_to_advertise_dirport(options, router->dir_port),
2367 extra_or_address ? extra_or_address : "",
2368 router->platform,
2369 published,
2370 fingerprint,
2371 stats_n_seconds_working,
2372 (int) router->bandwidthrate,
2373 (int) router->bandwidthburst,
2374 (int) router->bandwidthcapacity,
2375 has_extra_info_digest ? "extra-info-digest " : "",
2376 has_extra_info_digest ? extra_info_digest : "",
2377 has_extra_info_digest ? "\n" : "",
2378 options->DownloadExtraInfo ? "caches-extra-info\n" : "",
2379 onion_pkey, identity_pkey,
2380 family_line,
2381 we_are_hibernating() ? "hibernating 1\n" : "",
2382 options->HidServDirectoryV2 ? "hidden-service-dir\n" : "",
2383 options->AllowSingleHopExits ? "allow-single-hop-exits\n" : "");
2384
2385 if (options->ContactInfo && strlen(options->ContactInfo)) {
2386 const char *ci = options->ContactInfo;
2387 if (strchr(ci, '\n') || strchr(ci, '\r'))
2388 ci = escaped(ci);
2389 smartlist_add_asprintf(chunks, "contact %s\n", ci);
2390 }
2391
2392 #ifdef CURVE25519_ENABLED
2393 if (router->onion_curve25519_pkey) {
2394 char kbuf[128];
2395 base64_encode(kbuf, sizeof(kbuf),
2396 (const char *)router->onion_curve25519_pkey->public_key,
2397 CURVE25519_PUBKEY_LEN);
2398 smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
2399 }
2400 #endif
2401
2402 /* Write the exit policy to the end of 's'. */
2403 if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
2404 smartlist_add(chunks, tor_strdup("reject *:*\n"));
2405 } else if (router->exit_policy) {
2406 int i;
2407 for (i = 0; i < smartlist_len(router->exit_policy); ++i) {
2408 char pbuf[POLICY_BUF_LEN];
2409 addr_policy_t *tmpe = smartlist_get(router->exit_policy, i);
2410 int result;
2411 if (tor_addr_family(&tmpe->addr) == AF_INET6)
2412 continue; /* Don't include IPv6 parts of address policy */
2413 result = policy_write_item(pbuf, POLICY_BUF_LEN, tmpe, 1);
2414 if (result < 0) {
2415 log_warn(LD_BUG,"descriptor policy_write_item ran out of room!");
2416 goto err;
2417 }
2418 smartlist_add_asprintf(chunks, "%s\n", pbuf);
2419 }
2420 }
2421
2422 if (router->ipv6_exit_policy) {
2423 char *p6 = write_short_policy(router->ipv6_exit_policy);
2424 if (p6 && strcmp(p6, "reject 1-65535")) {
2425 smartlist_add_asprintf(chunks,
2426 "ipv6-policy %s\n", p6);
2427 }
2428 tor_free(p6);
2429 }
2430
2431 /* Sign the descriptor */
2432 smartlist_add(chunks, tor_strdup("router-signature\n"));
2433
2434 crypto_digest_smartlist(digest, DIGEST_LEN, chunks, "", DIGEST_SHA1);
2435
2436 note_crypto_pk_op(SIGN_RTR);
2437 {
2438 char *sig;
2439 if (!(sig = router_get_dirobj_signature(digest, DIGEST_LEN, ident_key))) {
2440 log_warn(LD_BUG, "Couldn't sign router descriptor");
2441 goto err;
2442 }
2443 smartlist_add(chunks, sig);
2444 }
2445
2446 /* include a last '\n' */
2447 smartlist_add(chunks, tor_strdup("\n"));
2448
2449 output = smartlist_join_strings(chunks, "", 0, NULL);
2450
2451 #ifdef DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
2452 {
2453 char *s_dup;
2454 const char *cp;
2455 routerinfo_t *ri_tmp;
2456 cp = s_dup = tor_strdup(output);
2457 ri_tmp = router_parse_entry_from_string(cp, NULL, 1, 0, NULL);
2458 if (!ri_tmp) {
2459 log_err(LD_BUG,
2460 "We just generated a router descriptor we can't parse.");
2461 log_err(LD_BUG, "Descriptor was: <<%s>>", output);
2462 goto err;
2463 }
2464 tor_free(s_dup);
2465 routerinfo_free(ri_tmp);
2466 }
2467 #endif
2468
2469 goto done;
2470
2471 err:
2472 tor_free(output); /* sets output to NULL */
2473 done:
2474 if (chunks) {
2475 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
2476 smartlist_free(chunks);
2477 }
2478 tor_free(family_line);
2479 tor_free(onion_pkey);
2480 tor_free(identity_pkey);
2481 tor_free(extra_or_address);
2482
2483 return output;
2484 }
2485
2486 /** Copy the primary (IPv4) OR port (IP address and TCP port) for
2487 * <b>router</b> into *<b>ap_out</b>. */
2488 void
2489 router_get_prim_orport(const routerinfo_t *router, tor_addr_port_t *ap_out)
2490 {
2491 tor_assert(ap_out != NULL);
2492 tor_addr_from_ipv4h(&ap_out->addr, router->addr);
2493 ap_out->port = router->or_port;
2494 }
2495
2496 /** Return 1 if any of <b>router</b>'s addresses are <b>addr</b>.
2497 * Otherwise return 0. */
2498 int
2499 router_has_addr(const routerinfo_t *router, const tor_addr_t *addr)
2500 {
2501 return
2502 tor_addr_eq_ipv4h(addr, router->addr) ||
2503 tor_addr_eq(&router->ipv6_addr, addr);
2504 }
2505
2506 int
2507 router_has_orport(const routerinfo_t *router, const tor_addr_port_t *orport)
2508 {
2509 return
2510 (tor_addr_eq_ipv4h(&orport->addr, router->addr) &&
2511 orport->port == router->or_port) ||
2512 (tor_addr_eq(&orport->addr, &router->ipv6_addr) &&
2513 orport->port == router->ipv6_orport);
2514 }
2515
2516 /** Load the contents of <b>filename</b>, find the last line starting with
2517 * <b>end_line</b>, ensure that its timestamp is not more than 25 hours in
2518 * the past or more than 1 hour in the future with respect to <b>now</b>,
2519 * and write the file contents starting with that line to *<b>out</b>.
2520 * Return 1 for success, 0 if the file does not exist, or -1 if the file
2521 * does not contain a line matching these criteria or other failure. */
2522 static int
2523 load_stats_file(const char *filename, const char *end_line, time_t now,
2524 char **out)
2525 {
2526 int r = -1;
2527 char *fname = get_datadir_fname(filename);
2528 char *contents, *start = NULL, *tmp, timestr[ISO_TIME_LEN+1];
2529 time_t written;
2530 switch (file_status(fname)) {
2531 case FN_FILE:
2532 /* X022 Find an alternative to reading the whole file to memory. */
2533 if ((contents = read_file_to_str(fname, 0, NULL))) {
2534 tmp = strstr(contents, end_line);
2535 /* Find last block starting with end_line */
2536 while (tmp) {
2537 start = tmp;
2538 tmp = strstr(tmp + 1, end_line);
2539 }
2540 if (!start)
2541 goto notfound;
2542 if (strlen(start) < strlen(end_line) + 1 + sizeof(timestr))
2543 goto notfound;
2544 strlcpy(timestr, start + 1 + strlen(end_line), sizeof(timestr));
2545 if (parse_iso_time(timestr, &written) < 0)
2546 goto notfound;
2547 if (written < now - (25*60*60) || written > now + (1*60*60))
2548 goto notfound;
2549 *out = tor_strdup(start);
2550 r = 1;
2551 }
2552 notfound:
2553 tor_free(contents);
2554 break;
2555 case FN_NOENT:
2556 r = 0;
2557 break;
2558 case FN_ERROR:
2559 case FN_DIR:
2560 default:
2561 break;
2562 }
2563 tor_free(fname);
2564 return r;
2565 }
2566
2567 /** Write the contents of <b>extrainfo</b> and aggregated statistics to
2568 * *<b>s_out</b>, signing them with <b>ident_key</b>. Return 0 on
2569 * success, negative on failure. */
2570 int
2571 extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
2572 crypto_pk_t *ident_key)
2573 {
2574 const or_options_t *options = get_options();
2575 char identity[HEX_DIGEST_LEN+1];
2576 char published[ISO_TIME_LEN+1];
2577 char digest[DIGEST_LEN];
2578 char *bandwidth_usage;
2579 int result;
2580 static int write_stats_to_extrainfo = 1;
2581 char sig[DIROBJ_MAX_SIG_LEN+1];
2582 char *s, *pre, *contents, *cp, *s_dup = NULL;
2583 time_t now = time(NULL);
2584 smartlist_t *chunks = smartlist_new();
2585 extrainfo_t *ei_tmp = NULL;
2586
2587 base16_encode(identity, sizeof(identity),
2588 extrainfo->cache_info.identity_digest, DIGEST_LEN);
2589 format_iso_time(published, extrainfo->cache_info.published_on);
2590 bandwidth_usage = rep_hist_get_bandwidth_lines();
2591
2592 tor_asprintf(&pre, "extra-info %s %s\npublished %s\n%s",
2593 extrainfo->nickname, identity,
2594 published, bandwidth_usage);
2595 tor_free(bandwidth_usage);
2596 smartlist_add(chunks, pre);
2597
2598 if (geoip_is_loaded(AF_INET))
2599 smartlist_add_asprintf(chunks, "geoip-db-digest %s\n",
2600 geoip_db_digest(AF_INET));
2601 if (geoip_is_loaded(AF_INET6))
2602 smartlist_add_asprintf(chunks, "geoip6-db-digest %s\n",
2603 geoip_db_digest(AF_INET6));
2604
2605 if (options->ExtraInfoStatistics && write_stats_to_extrainfo) {
2606 log_info(LD_GENERAL, "Adding stats to extra-info descriptor.");
2607 if (options->DirReqStatistics &&
2608 load_stats_file("stats"PATH_SEPARATOR"dirreq-stats",
2609 "dirreq-stats-end", now, &contents) > 0) {
2610 smartlist_add(chunks, contents);
2611 }
2612 if (options->EntryStatistics &&
2613 load_stats_file("stats"PATH_SEPARATOR"entry-stats",
2614 "entry-stats-end", now, &contents) > 0) {
2615 smartlist_add(chunks, contents);
2616 }
2617 if (options->CellStatistics &&
2618 load_stats_file("stats"PATH_SEPARATOR"buffer-stats",
2619 "cell-stats-end", now, &contents) > 0) {
2620 smartlist_add(chunks, contents);
2621 }
2622 if (options->ExitPortStatistics &&
2623 load_stats_file("stats"PATH_SEPARATOR"exit-stats",
2624 "exit-stats-end", now, &contents) > 0) {
2625 smartlist_add(chunks, contents);
2626 }
2627 if (options->ConnDirectionStatistics &&
2628 load_stats_file("stats"PATH_SEPARATOR"conn-stats",
2629 "conn-bi-direct", now, &contents) > 0) {
2630 smartlist_add(chunks, contents);
2631 }
2632 }
2633
2634 /* Add information about the pluggable transports we support. */
2635 if (options->ServerTransportPlugin) {
2636 char *pluggable_transports = pt_get_extra_info_descriptor_string();
2637 if (pluggable_transports)
2638 smartlist_add(chunks, pluggable_transports);
2639 }
2640
2641 if (should_record_bridge_info(options) && write_stats_to_extrainfo) {
2642 const char *bridge_stats = geoip_get_bridge_stats_extrainfo(now);
2643 if (bridge_stats) {
2644 smartlist_add(chunks, tor_strdup(bridge_stats));
2645 }
2646 }
2647
2648 smartlist_add(chunks, tor_strdup("router-signature\n"));
2649 s = smartlist_join_strings(chunks, "", 0, NULL);
2650
2651 while (strlen(s) > MAX_EXTRAINFO_UPLOAD_SIZE - DIROBJ_MAX_SIG_LEN) {
2652 /* So long as there are at least two chunks (one for the initial
2653 * extra-info line and one for the router-signature), we can keep removing
2654 * things. */
2655 if (smartlist_len(chunks) > 2) {
2656 /* We remove the next-to-last element (remember, len-1 is the last
2657 element), since we need to keep the router-signature element. */
2658 int idx = smartlist_len(chunks) - 2;
2659 char *e = smartlist_get(chunks, idx);
2660 smartlist_del_keeporder(chunks, idx);
2661 log_warn(LD_GENERAL, "We just generated an extra-info descriptor "
2662 "with statistics that exceeds the 50 KB "
2663 "upload limit. Removing last added "
2664 "statistics.");
2665 tor_free(e);
2666 tor_free(s);
2667 s = smartlist_join_strings(chunks, "", 0, NULL);
2668 } else {
2669 log_warn(LD_BUG, "We just generated an extra-info descriptors that "
2670 "exceeds the 50 KB upload limit.");
2671 goto err;
2672 }
2673 }
2674
2675 memset(sig, 0, sizeof(sig));
2676 if (router_get_extrainfo_hash(s, strlen(s), digest) < 0 ||
2677 router_append_dirobj_signature(sig, sizeof(sig), digest, DIGEST_LEN,
2678 ident_key) < 0) {
2679 log_warn(LD_BUG, "Could not append signature to extra-info "
2680 "descriptor.");
2681 goto err;
2682 }
2683 smartlist_add(chunks, tor_strdup(sig));
2684 tor_free(s);
2685 s = smartlist_join_strings(chunks, "", 0, NULL);
2686
2687 cp = s_dup = tor_strdup(s);
2688 ei_tmp = extrainfo_parse_entry_from_string(cp, NULL, 1, NULL);
2689 if (!ei_tmp) {
2690 if (write_stats_to_extrainfo) {
2691 log_warn(LD_GENERAL, "We just generated an extra-info descriptor "
2692 "with statistics that we can't parse. Not "
2693 "adding statistics to this or any future "
2694 "extra-info descriptors.");
2695 write_stats_to_extrainfo = 0;
2696 result = extrainfo_dump_to_string(s_out, extrainfo, ident_key);
2697 goto done;
2698 } else {
2699 log_warn(LD_BUG, "We just generated an extrainfo descriptor we "
2700 "can't parse.");
2701 goto err;
2702 }
2703 }
2704
2705 *s_out = s;
2706 s = NULL; /* prevent free */
2707 result = 0;
2708 goto done;
2709
2710 err:
2711 result = -1;
2712
2713 done:
2714 tor_free(s);
2715 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
2716 smartlist_free(chunks);
2717 tor_free(s_dup);
2718 extrainfo_free(ei_tmp);
2719
2720 return result;
2721 }
2722
2723 /** Return true iff <b>s</b> is a valid server nickname. (That is, a string
2724 * containing between 1 and MAX_NICKNAME_LEN characters from
2725 * LEGAL_NICKNAME_CHARACTERS.) */
2726 int
2727 is_legal_nickname(const char *s)
2728 {
2729 size_t len;
2730 tor_assert(s);
2731 len = strlen(s);
2732 return len > 0 && len <= MAX_NICKNAME_LEN &&
2733 strspn(s,LEGAL_NICKNAME_CHARACTERS) == len;
2734 }
2735
2736 /** Return true iff <b>s</b> is a valid server nickname or
2737 * hex-encoded identity-key digest. */
2738 int
2739 is_legal_nickname_or_hexdigest(const char *s)
2740 {
2741 if (*s!='$')
2742 return is_legal_nickname(s);
2743 else
2744 return is_legal_hexdigest(s);
2745 }
2746
2747 /** Return true iff <b>s</b> is a valid hex-encoded identity-key
2748 * digest. (That is, an optional $, followed by 40 hex characters,
2749 * followed by either nothing, or = or ~ followed by a nickname, or
2750 * a character other than =, ~, or a hex character.)
2751 */
2752 int
2753 is_legal_hexdigest(const char *s)
2754 {
2755 size_t len;
2756 tor_assert(s);
2757 if (s[0] == '$') s++;
2758 len = strlen(s);
2759 if (len > HEX_DIGEST_LEN) {
2760 if (s[HEX_DIGEST_LEN] == '=' ||
2761 s[HEX_DIGEST_LEN] == '~') {
2762 if (!is_legal_nickname(s+HEX_DIGEST_LEN+1))
2763 return 0;
2764 } else {
2765 return 0;
2766 }
2767 }
2768 return (len >= HEX_DIGEST_LEN &&
2769 strspn(s,HEX_CHARACTERS)==HEX_DIGEST_LEN);
2770 }
2771
2772 /** Use <b>buf</b> (which must be at least NODE_DESC_BUF_LEN bytes long) to
2773 * hold a human-readable description of a node with identity digest
2774 * <b>id_digest</b>, named-status <b>is_named</b>, nickname <b>nickname</b>,
2775 * and address <b>addr</b> or <b>addr32h</b>.
2776 *
2777 * The <b>nickname</b> and <b>addr</b> fields are optional and may be set to
2778 * NULL. The <b>addr32h</b> field is optional and may be set to 0.
2779 *
2780 * Return a pointer to the front of <b>buf</b>.
2781 */
2782 const char *
2783 format_node_description(char *buf,
2784 const char *id_digest,
2785 int is_named,
2786 const char *nickname,
2787 const tor_addr_t *addr,
2788 uint32_t addr32h)
2789 {
2790 char *cp;
2791
2792 if (!buf)
2793 return "<NULL BUFFER>";
2794
2795 buf[0] = '$';
2796 base16_encode(buf+1, HEX_DIGEST_LEN+1, id_digest, DIGEST_LEN);
2797 cp = buf+1+HEX_DIGEST_LEN;
2798 if (nickname) {
2799 buf[1+HEX_DIGEST_LEN] = is_named ? '=' : '~';
2800 strlcpy(buf+1+HEX_DIGEST_LEN+1, nickname, MAX_NICKNAME_LEN+1);
2801 cp += strlen(cp);
2802 }
2803 if (addr32h || addr) {
2804 memcpy(cp, " at ", 4);
2805 cp += 4;
2806 if (addr) {
2807 tor_addr_to_str(cp, addr, TOR_ADDR_BUF_LEN, 0);
2808 } else {
2809 struct in_addr in;
2810 in.s_addr = htonl(addr32h);
2811 tor_inet_ntoa(&in, cp, INET_NTOA_BUF_LEN);
2812 }
2813 }
2814 return buf;
2815 }
2816
2817 /** Use <b>buf</b> (which must be at least NODE_DESC_BUF_LEN bytes long) to
2818 * hold a human-readable description of <b>ri</b>.
2819 *
2820 *
2821 * Return a pointer to the front of <b>buf</b>.
2822 */
2823 const char *
2824 router_get_description(char *buf, const routerinfo_t *ri)
2825 {
2826 if (!ri)
2827 return "<null>";
2828 return format_node_description(buf,
2829 ri->cache_info.identity_digest,
2830 router_is_named(ri),
2831 ri->nickname,
2832 NULL,
2833 ri->addr);
2834 }
2835
2836 /** Use <b>buf</b> (which must be at least NODE_DESC_BUF_LEN bytes long) to
2837 * hold a human-readable description of <b>node</b>.
2838 *
2839 * Return a pointer to the front of <b>buf</b>.
2840 */
2841 const char *
2842 node_get_description(char *buf, const node_t *node)
2843 {
2844 const char *nickname = NULL;
2845 uint32_t addr32h = 0;
2846 int is_named = 0;
2847
2848 if (!node)
2849 return "<null>";
2850
2851 if (node->rs) {
2852 nickname = node->rs->nickname;
2853 is_named = node->rs->is_named;
2854 addr32h = node->rs->addr;
2855 } else if (node->ri) {
2856 nickname = node->ri->nickname;
2857 addr32h = node->ri->addr;
2858 }
2859
2860 return format_node_description(buf,
2861 node->identity,
2862 is_named,
2863 nickname,
2864 NULL,
2865 addr32h);
2866 }
2867
2868 /** Use <b>buf</b> (which must be at least NODE_DESC_BUF_LEN bytes long) to
2869 * hold a human-readable description of <b>rs</b>.
2870 *
2871 * Return a pointer to the front of <b>buf</b>.
2872 */
2873 const char *
2874 routerstatus_get_description(char *buf, const routerstatus_t *rs)
2875 {
2876 if (!rs)
2877 return "<null>";
2878 return format_node_description(buf,
2879 rs->identity_digest,
2880 rs->is_named,
2881 rs->nickname,
2882 NULL,
2883 rs->addr);
2884 }
2885
2886 /** Use <b>buf</b> (which must be at least NODE_DESC_BUF_LEN bytes long) to
2887 * hold a human-readable description of <b>ei</b>.
2888 *
2889 * Return a pointer to the front of <b>buf</b>.
2890 */
2891 const char *
2892 extend_info_get_description(char *buf, const extend_info_t *ei)
2893 {
2894 if (!ei)
2895 return "<null>";
2896 return format_node_description(buf,
2897 ei->identity_digest,
2898 0,
2899 ei->nickname,
2900 &ei->addr,
2901 0);
2902 }
2903
2904 /** Return a human-readable description of the routerinfo_t <b>ri</b>.
2905 *
2906 * This function is not thread-safe. Each call to this function invalidates
2907 * previous values returned by this function.
2908 */
2909 const char *
2910 router_describe(const routerinfo_t *ri)
2911 {
2912 static char buf[NODE_DESC_BUF_LEN];
2913 return router_get_description(buf, ri);
2914 }
2915
2916 /** Return a human-readable description of the node_t <b>node</b>.
2917 *
2918 * This function is not thread-safe. Each call to this function invalidates
2919 * previous values returned by this function.
2920 */
2921 const char *
2922 node_describe(const node_t *node)
2923 {
2924 static char buf[NODE_DESC_BUF_LEN];
2925 return node_get_description(buf, node);
2926 }
2927
2928 /** Return a human-readable description of the routerstatus_t <b>rs</b>.
2929 *
2930 * This function is not thread-safe. Each call to this function invalidates
2931 * previous values returned by this function.
2932 */
2933 const char *
2934 routerstatus_describe(const routerstatus_t *rs)
2935 {
2936 static char buf[NODE_DESC_BUF_LEN];
2937 return routerstatus_get_description(buf, rs);
2938 }
2939
2940 /** Return a human-readable description of the extend_info_t <b>ri</b>.
2941 *
2942 * This function is not thread-safe. Each call to this function invalidates
2943 * previous values returned by this function.
2944 */
2945 const char *
2946 extend_info_describe(const extend_info_t *ei)
2947 {
2948 static char buf[NODE_DESC_BUF_LEN];
2949 return extend_info_get_description(buf, ei);
2950 }
2951
2952 /** Set <b>buf</b> (which must have MAX_VERBOSE_NICKNAME_LEN+1 bytes) to the
2953 * verbose representation of the identity of <b>router</b>. The format is:
2954 * A dollar sign.
2955 * The upper-case hexadecimal encoding of the SHA1 hash of router's identity.
2956 * A "=" if the router is named; a "~" if it is not.
2957 * The router's nickname.
2958 **/
2959 void
2960 router_get_verbose_nickname(char *buf, const routerinfo_t *router)
2961 {
2962 const char *good_digest = networkstatus_get_router_digest_by_nickname(
2963 router->nickname);
2964 int is_named = good_digest && tor_memeq(good_digest,
2965 router->cache_info.identity_digest,
2966 DIGEST_LEN);
2967 buf[0] = '$';
2968 base16_encode(buf+1, HEX_DIGEST_LEN+1, router->cache_info.identity_digest,
2969 DIGEST_LEN);
2970 buf[1+HEX_DIGEST_LEN] = is_named ? '=' : '~';
2971 strlcpy(buf+1+HEX_DIGEST_LEN+1, router->nickname, MAX_NICKNAME_LEN+1);
2972 }
2973
2974 /** Forget that we have issued any router-related warnings, so that we'll
2975 * warn again if we see the same errors. */
2976 void
2977 router_reset_warnings(void)
2978 {
2979 if (warned_nonexistent_family) {
2980 SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));
2981 smartlist_clear(warned_nonexistent_family);
2982 }
2983 }
2984
2985 /** Given a router purpose, convert it to a string. Don't call this on
2986 * ROUTER_PURPOSE_UNKNOWN: The whole point of that value is that we don't
2987 * know its string representation. */
2988 const char *
2989 router_purpose_to_string(uint8_t p)
2990 {
2991 switch (p)
2992 {
2993 case ROUTER_PURPOSE_GENERAL: return "general";
2994 case ROUTER_PURPOSE_BRIDGE: return "bridge";
2995 case ROUTER_PURPOSE_CONTROLLER: return "controller";
2996 default:
2997 tor_assert(0);
2998 }
2999 return NULL;
3000 }
3001
3002 /** Given a string, convert it to a router purpose. */
3003 uint8_t
3004 router_purpose_from_string(const char *s)
3005 {
3006 if (!strcmp(s, "general"))
3007 return ROUTER_PURPOSE_GENERAL;
3008 else if (!strcmp(s, "bridge"))
3009 return ROUTER_PURPOSE_BRIDGE;
3010 else if (!strcmp(s, "controller"))
3011 return ROUTER_PURPOSE_CONTROLLER;
3012 else
3013 return ROUTER_PURPOSE_UNKNOWN;
3014 }
3015
3016 /** Release all static resources held in router.c */
3017 void
3018 router_free_all(void)
3019 {
3020 crypto_pk_free(onionkey);
3021 crypto_pk_free(lastonionkey);
3022 crypto_pk_free(server_identitykey);
3023 crypto_pk_free(client_identitykey);
3024 tor_mutex_free(key_lock);
3025 routerinfo_free(desc_routerinfo);
3026 extrainfo_free(desc_extrainfo);
3027 crypto_pk_free(authority_signing_key);
3028 authority_cert_free(authority_key_certificate);
3029 crypto_pk_free(legacy_signing_key);
3030 authority_cert_free(legacy_key_certificate);
3031
3032 #ifdef CURVE25519_ENABLED
3033 memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
3034 memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
3035 #endif
3036
3037 if (warned_nonexistent_family) {
3038 SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));
3039 smartlist_free(warned_nonexistent_family);
3040 }
3041 }
3042
3043 /** Return a smartlist of tor_addr_port_t's with all the OR ports of
3044 <b>ri</b>. Note that freeing of the items in the list as well as
3045 the smartlist itself is the callers responsibility.
3046
3047 XXX duplicating code from node_get_all_orports(). */
3048 smartlist_t *
3049 router_get_all_orports(const routerinfo_t *ri)
3050 {
3051 smartlist_t *sl = smartlist_new();
3052 tor_assert(ri);
3053
3054 if (ri->addr != 0) {
3055 tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t));
3056 tor_addr_from_ipv4h(&ap->addr, ri->addr);
3057 ap->port = ri->or_port;
3058 smartlist_add(sl, ap);
3059 }
3060 if (!tor_addr_is_null(&ri->ipv6_addr)) {
3061 tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t));
3062 tor_addr_copy(&ap->addr, &ri->ipv6_addr);
3063 ap->port = ri->or_port;
3064 smartlist_add(sl, ap);
3065 }
3066
3067 return sl;
3068 }
3069
The Onion Router