1 /* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
2 /* See LICENSE for licensing information */
6 extern or_options_t options
; /* command-line and config-file options */
10 * these two functions are the main ways 'in' to connection_or
14 int connection_or_process_inbuf(connection_t
*conn
) {
16 assert(conn
&& conn
->type
== CONN_TYPE_OR
);
18 if(conn
->inbuf_reached_eof
) {
19 /* eof reached, kill it. */
20 log(LOG_DEBUG
,"connection_or_process_inbuf(): conn reached eof. Closing.");
24 // log(LOG_DEBUG,"connection_or_process_inbuf(): state %d.",conn->state);
27 case OR_CONN_STATE_CLIENT_AUTH_WAIT
:
28 return or_handshake_client_process_auth(conn
);
29 case OR_CONN_STATE_SERVER_AUTH_WAIT
:
30 return or_handshake_server_process_auth(conn
);
31 case OR_CONN_STATE_SERVER_NONCE_WAIT
:
32 return or_handshake_server_process_nonce(conn
);
33 case OR_CONN_STATE_OPEN
:
34 return connection_process_cell_from_inbuf(conn
);
36 log(LOG_DEBUG
,"connection_or_process_inbuf() called in state where I'm writing. Ignoring buf for now.");
42 int connection_or_finished_flushing(connection_t
*conn
) {
45 assert(conn
&& conn
->type
== CONN_TYPE_OR
);
48 case OR_CONN_STATE_OP_SENDING_KEYS
:
49 return or_handshake_op_finished_sending_keys(conn
);
50 case OR_CONN_STATE_CLIENT_CONNECTING
:
51 if (getsockopt(conn
->s
, SOL_SOCKET
, SO_ERROR
, &e
, &len
) < 0) { /* not yet */
52 if(errno
!= EINPROGRESS
){
54 log(LOG_DEBUG
,"connection_or_finished_flushing(): in-progress connect failed. Removing.");
57 return 0; /* no change, see if next time is better */
60 /* the connect has finished. */
62 log(LOG_DEBUG
,"connection_or_finished_flushing() : OR connection to router %s:%u established.",
63 conn
->address
,conn
->port
);
65 if(options
.OnionRouter
)
66 return or_handshake_client_send_auth(conn
);
68 return or_handshake_op_send_keys(conn
);
69 case OR_CONN_STATE_CLIENT_SENDING_AUTH
:
70 log(LOG_DEBUG
,"connection_or_finished_flushing(): client finished sending auth.");
71 conn
->state
= OR_CONN_STATE_CLIENT_AUTH_WAIT
;
72 connection_watch_events(conn
, POLLIN
);
74 case OR_CONN_STATE_CLIENT_SENDING_NONCE
:
75 log(LOG_DEBUG
,"connection_or_finished_flushing(): client finished sending nonce.");
76 conn_or_init_crypto(conn
);
77 connection_or_set_open(conn
);
79 return connection_process_inbuf(conn
); /* in case there's anything waiting on it */
80 case OR_CONN_STATE_SERVER_SENDING_AUTH
:
81 log(LOG_DEBUG
,"connection_or_finished_flushing(): server finished sending auth.");
82 conn
->state
= OR_CONN_STATE_SERVER_NONCE_WAIT
;
83 connection_watch_events(conn
, POLLIN
);
85 case OR_CONN_STATE_OPEN
:
86 /* FIXME down the road, we'll clear out circuits that are pending to close */
87 connection_stop_writing(conn
);
90 log(LOG_DEBUG
,"Bug: connection_or_finished_flushing() called in unexpected state.");
98 /*********************/
100 void connection_or_set_open(connection_t
*conn
) {
101 conn
->state
= OR_CONN_STATE_OPEN
;
102 directory_set_dirty();
103 connection_init_timeval(conn
);
104 connection_watch_events(conn
, POLLIN
);
107 void conn_or_init_crypto(connection_t
*conn
) {
109 unsigned char iv
[16];
113 memset((void *)iv
, 0, 16);
114 crypto_cipher_set_iv(conn
->f_crypto
, iv
);
115 crypto_cipher_set_iv(conn
->b_crypto
, iv
);
117 crypto_cipher_encrypt_init_cipher(conn
->f_crypto
);
118 crypto_cipher_decrypt_init_cipher(conn
->b_crypto
);
119 /* always encrypt with f, always decrypt with b */
122 connection_t
*connection_or_connect(routerinfo_t
*router
) {
124 struct sockaddr_in router_addr
;
129 if(router_is_me(router
->addr
, router
->or_port
)) {
130 /* this is me! don't connect to me. */
131 log(LOG_DEBUG
,"connection_or_connect(): This is me. Skipping.");
135 /* this function should never be called if we're already connected to router, but */
136 /* check first to be sure */
137 conn
= connection_exact_get_by_addr_port(router
->addr
,router
->or_port
);
141 conn
= connection_new(CONN_TYPE_OR
);
146 /* set up conn so it's got all the data we need to remember */
147 conn
->addr
= router
->addr
;
148 conn
->port
= router
->or_port
;
149 conn
->bandwidth
= router
->bandwidth
;
150 conn
->pkey
= crypto_pk_dup_key(router
->pkey
);
151 conn
->address
= strdup(router
->address
);
153 s
=socket(PF_INET
,SOCK_STREAM
,IPPROTO_TCP
);
155 log(LOG_ERR
,"Error creating network socket.");
156 connection_free(conn
);
159 fcntl(s
, F_SETFL
, O_NONBLOCK
); /* set s to non-blocking */
161 memset((void *)&router_addr
,0,sizeof(router_addr
));
162 router_addr
.sin_family
= AF_INET
;
163 router_addr
.sin_port
= htons(router
->or_port
);
164 router_addr
.sin_addr
.s_addr
= htonl(router
->addr
);
166 log(LOG_DEBUG
,"connection_or_connect() : Trying to connect to %s:%u.",router
->address
,router
->or_port
);
167 if(connect(s
,(struct sockaddr
*)&router_addr
,sizeof(router_addr
)) < 0){
168 if(errno
!= EINPROGRESS
){
170 connection_free(conn
);
173 /* it's in progress. set state appropriately and return. */
176 if(connection_add(conn
) < 0) { /* no space, forget it */
177 connection_free(conn
);
181 log(LOG_DEBUG
,"connection_or_connect() : connect in progress.");
182 connection_watch_events(conn
, POLLIN
| POLLOUT
); /* writable indicates finish, readable indicates broken link */
183 conn
->state
= OR_CONN_STATE_CLIENT_CONNECTING
;
188 /* it succeeded. we're connected. */
191 if(connection_add(conn
) < 0) { /* no space, forget it */
192 connection_free(conn
);
196 log(LOG_DEBUG
,"connection_or_connect() : Connection to router %s:%u established.",
197 router
->address
, router
->or_port
);
199 if((options
.OnionRouter
&& or_handshake_client_send_auth(conn
) >= 0) ||
200 (!options
.OnionRouter
&& or_handshake_op_send_keys(conn
) >= 0))
201 return conn
; /* success! */
204 connection_remove(conn
);
205 connection_free(conn
);
209 int or_handshake_op_send_keys(connection_t
*conn
) {
210 unsigned char message
[38]; /* flag(16bits), bandwidth(32bits), forward key(128bits), backward key(128bits) */
211 unsigned char cipher
[128];
214 assert(conn
&& conn
->type
== CONN_TYPE_OR
);
216 conn
->bandwidth
= DEFAULT_BANDWIDTH_OP
;
218 /* generate random keys */
219 if(crypto_cipher_generate_key(conn
->f_crypto
) ||
220 crypto_cipher_generate_key(conn
->b_crypto
)) {
221 log(LOG_ERR
,"Cannot generate a secure 3DES key.");
224 log(LOG_DEBUG
,"or_handshake_op_send_keys() : Generated 3DES keys.");
225 /* compose the message */
226 *(uint16_t *)(message
) = htons(HANDSHAKE_AS_OP
);
227 *(uint32_t *)(message
+2) = htonl(conn
->bandwidth
);
228 memcpy((void *)(message
+6), (void *)conn
->f_crypto
->key
, 16);
229 memcpy((void *)(message
+22), (void *)conn
->b_crypto
->key
, 16);
231 /* encrypt with RSA */
232 if(crypto_pk_public_encrypt(conn
->pkey
, message
, 38, cipher
, RSA_PKCS1_PADDING
) < 0) {
233 log(LOG_ERR
,"or_handshake_op_send_keys(): Public key encryption failed.");
236 log(LOG_DEBUG
,"or_handshake_op_send_keys() : Encrypted authentication message.");
240 if(connection_write_to_buf(cipher
, 128, conn
) < 0) {
241 log(LOG_DEBUG
,"or_handshake_op_send_keys(): my outbuf is full. Oops.");
244 retval
= connection_flush_buf(conn
);
246 log(LOG_DEBUG
,"or_handshake_op_send_keys(): bad socket while flushing.");
250 /* still stuff on the buffer. */
251 conn
->state
= OR_CONN_STATE_OP_SENDING_KEYS
;
252 connection_watch_events(conn
, POLLOUT
| POLLIN
);
256 /* it finished sending */
257 log(LOG_DEBUG
,"or_handshake_op_send_keys(): Finished sending authentication message.");
258 return or_handshake_op_finished_sending_keys(conn
);
261 int or_handshake_op_finished_sending_keys(connection_t
*conn
) {
263 /* do crypto initialization, etc */
264 conn_or_init_crypto(conn
);
266 connection_or_set_open(conn
);
267 circuit_n_conn_open(conn
); /* send the pending onion(s) */
271 int or_handshake_client_send_auth(connection_t
*conn
) {
275 struct sockaddr_in me
; /* my router identity */
279 if(learn_my_address(&me
) < 0)
282 /* generate random keys */
283 if(crypto_cipher_generate_key(conn
->f_crypto
) ||
284 crypto_cipher_generate_key(conn
->b_crypto
)) {
285 log(LOG_ERR
,"Cannot generate a secure DES key.");
288 log(LOG_DEBUG
,"or_handshake_client_send_auth() : Generated DES keys.");
290 /* generate first message */
291 *(uint16_t*)buf
= htons(HANDSHAKE_AS_OR
);
292 *(uint32_t*)(buf
+2) = me
.sin_addr
.s_addr
; /* local address, network order */
293 *(uint16_t*)(buf
+6) = me
.sin_port
; /* local port, network order */
294 *(uint32_t*)(buf
+8) = htonl(conn
->addr
); /* remote address */
295 *(uint16_t*)(buf
+12) = htons(conn
->port
); /* remote port */
296 memcpy(buf
+14,conn
->f_crypto
->key
,16); /* keys */
297 memcpy(buf
+30,conn
->b_crypto
->key
,16);
298 *(uint32_t *)(buf
+46) = htonl(conn
->bandwidth
); /* max link utilisation */
299 log(LOG_DEBUG
,"or_handshake_client_send_auth() : Generated first authentication message.");
301 /* encrypt message */
302 retval
= crypto_pk_public_encrypt(conn
->pkey
, buf
, 50, cipher
,RSA_PKCS1_PADDING
);
303 if (retval
== -1) /* error */
305 log(LOG_ERR
,"Public-key encryption failed during authentication to %s:%u.",conn
->address
,conn
->port
);
306 log(LOG_DEBUG
,"or_handshake_client_send_auth() : Reason : %s.",crypto_perror());
309 log(LOG_DEBUG
,"or_handshake_client_send_auth() : Encrypted authentication message.");
313 if(connection_write_to_buf(cipher
, 128, conn
) < 0) {
314 log(LOG_DEBUG
,"or_handshake_client_send_auth(): my outbuf is full. Oops.");
317 retval
= connection_flush_buf(conn
);
319 log(LOG_DEBUG
,"or_handshake_client_send_auth(): bad socket while flushing.");
323 /* still stuff on the buffer. */
324 conn
->state
= OR_CONN_STATE_CLIENT_SENDING_AUTH
;
325 connection_watch_events(conn
, POLLOUT
| POLLIN
);
329 /* it finished sending */
330 log(LOG_DEBUG
,"or_handshake_client_send_auth(): Finished sending authentication message.");
331 conn
->state
= OR_CONN_STATE_CLIENT_AUTH_WAIT
;
332 connection_watch_events(conn
, POLLIN
);
337 int or_handshake_client_process_auth(connection_t
*conn
) {
338 char buf
[128]; /* only 56 of this is expected to be used */
342 struct sockaddr_in me
; /* my router identity */
346 if(learn_my_address(&me
) < 0)
349 if(conn
->inbuf_datalen
< 128) /* entire response available? */
350 return 0; /* not yet */
352 if(connection_fetch_from_buf(cipher
,128,conn
) < 0) {
355 log(LOG_DEBUG
,"or_handshake_client_process_auth() : Received auth.");
357 /* decrypt response */
358 retval
= crypto_pk_private_decrypt(get_privatekey(), cipher
, 128, buf
, RSA_PKCS1_PADDING
);
361 log(LOG_ERR
,"Public-key decryption failed during authentication to %s:%u.",
362 conn
->address
,conn
->port
);
363 log(LOG_DEBUG
,"or_handshake_client_process_auth() : Reason : %s.",
367 else if (retval
!= 56)
369 log(LOG_ERR
,"client_process_auth: incorrect response from router %s:%u.",
370 conn
->address
,conn
->port
);
373 log(LOG_DEBUG
,"or_handshake_client_process_auth() : Decrypted response.");
375 if ( (*(uint32_t*)buf
!= me
.sin_addr
.s_addr
) || /* local address, network order */
376 (*(uint16_t*)(buf
+4) != me
.sin_port
) || /* local port, network order */
377 (ntohl(*(uint32_t*)(buf
+6)) != conn
->addr
) || /* remote address */
378 (ntohs(*(uint16_t*)(buf
+10)) != conn
->port
) ) { /* remote port */
379 log(LOG_ERR
,"client_process_auth: Router %s:%u: bad address info.", conn
->address
,conn
->port
);
382 if ( (memcmp(conn
->f_crypto
->key
, buf
+12, 16)) || /* keys */
383 (memcmp(conn
->b_crypto
->key
, buf
+28, 16)) ) {
384 log(LOG_ERR
,"client_process_auth: Router %s:%u: bad key info.",conn
->address
,conn
->port
);
388 log(LOG_DEBUG
,"or_handshake_client_process_auth() : Response valid.");
390 /* update link info */
391 bandwidth
= ntohl(*(uint32_t *)(buf
+44));
393 if (conn
->bandwidth
> bandwidth
)
394 conn
->bandwidth
= bandwidth
;
396 /* reply is just local addr/port, remote addr/port, nonce */
397 memcpy(buf
+12, buf
+48, 8);
400 retval
= crypto_pk_public_encrypt(conn
->pkey
, buf
, 20, cipher
,RSA_PKCS1_PADDING
);
401 if (retval
== -1) /* error */
403 log(LOG_ERR
,"Public-key encryption failed during authentication to %s:%u.",conn
->address
,conn
->port
);
404 log(LOG_DEBUG
,"or_handshake_client_process_auth() : Reason : %s.",crypto_perror());
408 /* send the message */
410 if(connection_write_to_buf(cipher
, 128, conn
) < 0) {
411 log(LOG_DEBUG
,"or_handshake_client_process_auth(): my outbuf is full. Oops.");
414 retval
= connection_flush_buf(conn
);
416 log(LOG_DEBUG
,"or_handshake_client_process_auth(): bad socket while flushing.");
420 /* still stuff on the buffer. */
421 conn
->state
= OR_CONN_STATE_CLIENT_SENDING_NONCE
;
422 connection_watch_events(conn
, POLLOUT
| POLLIN
);
423 /* return(connection_process_inbuf(conn)); process the rest of the inbuf */
427 /* it finished sending */
428 log(LOG_DEBUG
,"or_handshake_client_process_auth(): Finished sending nonce.");
429 conn_or_init_crypto(conn
);
430 connection_or_set_open(conn
);
431 return connection_process_inbuf(conn
); /* process the rest of the inbuf */
437 * auth handshake, as performed by OR *receiving* the connection
441 int or_handshake_server_process_auth(connection_t
*conn
) {
444 char buf
[128]; /* 50 of this is expected to be used for OR, 38 for OP */
447 unsigned char iv
[16];
453 routerinfo_t
*router
;
457 log(LOG_DEBUG
,"or_handshake_server_process_auth() entered.");
459 if(conn
->inbuf_datalen
< 128) /* entire response available? */
460 return 0; /* not yet */
462 if(connection_fetch_from_buf(cipher
,128,conn
) < 0) {
465 log(LOG_DEBUG
,"or_handshake_server_process_auth() : Received auth.");
467 /* decrypt response */
468 retval
= crypto_pk_private_decrypt(get_privatekey(), cipher
, 128, buf
, RSA_PKCS1_PADDING
);
470 log(LOG_ERR
,"or_handshake_server_process_auth: Public-key decryption failed.");
471 log(LOG_DEBUG
,"or_handshake_server_process_auth() : Reason : %s.",
478 log(LOG_DEBUG
,"or_handshake_server_process_auth(): Decrypted OR-style auth message.");
479 if(ntohs(*(uint16_t*)buf
) != HANDSHAKE_AS_OR
) {
480 log(LOG_DEBUG
,"or_handshake_server_process_auth(): ...but wasn't labelled OR. Dropping.");
484 /* identify the router */
485 addr
= ntohl(*(uint32_t*)(buf
+2)); /* save the IP address */
486 port
= ntohs(*(uint16_t*)(buf
+6)); /* save the port */
488 router
= router_get_by_addr_port(addr
,port
);
490 log(LOG_DEBUG
,"or_handshake_server_process_auth() : unknown router '%s:%d'. Will drop.", conn
->address
, port
);
493 log(LOG_DEBUG
,"or_handshake_server_process_auth() : Router identified as %s:%u.",
494 router
->address
,router
->or_port
);
496 if(connection_exact_get_by_addr_port(addr
,port
)) {
497 log(LOG_DEBUG
,"or_handshake_server_process_auth(): That router is already connected. Dropping.");
502 crypto_cipher_set_key(conn
->b_crypto
,buf
+14);
503 crypto_cipher_set_key(conn
->f_crypto
,buf
+30);
505 /* update link info */
506 bandwidth
= ntohl(*(uint32_t *)(buf
+46));
508 conn
->bandwidth
= router
->bandwidth
;
510 if (conn
->bandwidth
> bandwidth
)
511 conn
->bandwidth
= bandwidth
;
513 /* copy all relevant info to conn */
514 conn
->addr
= router
->addr
, conn
->port
= router
->or_port
;
515 conn
->pkey
= crypto_pk_dup_key(router
->pkey
);
516 conn
->address
= strdup(router
->address
);
518 /* generate a nonce */
519 retval
= crypto_rand(8, conn
->nonce
);
520 if (retval
) { /* error */
521 log(LOG_ERR
,"Cannot generate a nonce.");
524 log(LOG_DEBUG
,"or_handshake_server_process_auth(): Nonce generated.");
526 memmove(buf
, buf
+2, 44);
527 *(uint32_t *)(buf
+44) = htonl(conn
->bandwidth
); /* send max link utilisation */
528 memcpy(buf
+48,conn
->nonce
,8); /* append the nonce to the end of the message */
530 /* encrypt message */
531 retval
= crypto_pk_public_encrypt(conn
->pkey
, buf
, 56, cipher
,RSA_PKCS1_PADDING
);
532 if (retval
== -1) { /* error */
533 log(LOG_ERR
,"Public-key encryption failed during authentication to %s:%u.",conn
->address
,conn
->port
);
534 log(LOG_DEBUG
,"or_handshake_server_process_auth() : Reason : %s.",crypto_perror());
537 log(LOG_DEBUG
,"or_handshake_server_process_auth() : Reply encrypted.");
541 if(connection_write_to_buf(cipher
, 128, conn
) < 0) {
542 log(LOG_DEBUG
,"or_handshake_server_process_auth(): my outbuf is full. Oops.");
545 retval
= connection_flush_buf(conn
);
547 log(LOG_DEBUG
,"or_handshake_server_process_auth(): bad socket while flushing.");
551 /* still stuff on the buffer. */
552 conn
->state
= OR_CONN_STATE_SERVER_SENDING_AUTH
;
553 connection_watch_events(conn
, POLLOUT
| POLLIN
);
557 /* it finished sending */
558 log(LOG_DEBUG
,"or_handshake_server_process_auth(): Finished sending auth.");
559 conn
->state
= OR_CONN_STATE_SERVER_NONCE_WAIT
;
560 connection_watch_events(conn
, POLLIN
);
565 log(LOG_DEBUG
,"or_handshake_server_process_auth(): Decrypted OP-style auth message.");
566 if(ntohs(*(uint16_t*)buf
) != HANDSHAKE_AS_OP
) {
567 log(LOG_DEBUG
,"or_handshake_server_process_auth(): ...but wasn't labelled OP. Dropping.");
571 conn
->bandwidth
= ntohl(*((uint32_t *)(buf
+2)));
572 log(LOG_DEBUG
,"or_handshake_server_process_auth(): Bandwidth %d requested.",conn
->bandwidth
);
574 crypto_cipher_set_key(conn
->b_crypto
, buf
+6);
575 crypto_cipher_set_key(conn
->f_crypto
, buf
+22);
578 crypto_cipher_set_iv(conn
->b_crypto
, iv
);
579 crypto_cipher_set_iv(conn
->f_crypto
, iv
);
581 crypto_cipher_encrypt_init_cipher(conn
->b_crypto
);
582 crypto_cipher_decrypt_init_cipher(conn
->f_crypto
);
584 conn
->state
= OR_CONN_STATE_OPEN
;
585 connection_init_timeval(conn
);
586 connection_watch_events(conn
, POLLIN
);
588 return connection_process_inbuf(conn
); /* in case they sent some cells along with the keys */
591 log(LOG_ERR
,"or_handshake_server_process_auth(): received an incorrect authentication request.");
595 int or_handshake_server_process_nonce(connection_t
*conn
) {
600 struct sockaddr_in me
; /* my router identity */
604 if(learn_my_address(&me
) < 0)
607 if(conn
->inbuf_datalen
< 128) /* entire response available? */
608 return 0; /* not yet */
610 if(connection_fetch_from_buf(cipher
,128,conn
) < 0) {
613 log(LOG_DEBUG
,"or_handshake_server_process_nonce() : Received auth.");
615 /* decrypt response */
616 retval
= crypto_pk_private_decrypt(get_privatekey(), cipher
, 128, buf
,RSA_PKCS1_PADDING
);
619 log(LOG_ERR
,"Public-key decryption failed during authentication to %s:%u.",
620 conn
->address
,conn
->port
);
621 log(LOG_DEBUG
,"or_handshake_server_process_nonce() : Reason : %s.",
625 else if (retval
!= 20)
627 log(LOG_ERR
,"server_process_nonce: incorrect response from router %s:%u.",
628 conn
->address
,conn
->port
);
631 log(LOG_DEBUG
,"or_handshake_server_process_nonce() : Response decrypted.");
634 if ((ntohl(*(uint32_t*)buf
) != conn
->addr
) || /* remote address */
635 (ntohs(*(uint16_t*)(buf
+4)) != conn
->port
) || /* remote port */
636 (*(uint32_t*)(buf
+6) != me
.sin_addr
.s_addr
) || /* local address, network order */
637 (*(uint16_t*)(buf
+10) != me
.sin_port
) || /* local port, network order */
638 (memcmp(conn
->nonce
,buf
+12,8))) /* nonce */
640 log(LOG_ERR
,"server_process_nonce: Router %s:%u gave bad response.",conn
->address
,conn
->port
);
643 log(LOG_DEBUG
,"or_handshake_server_process_nonce() : Response valid. Authentication complete.");
645 conn_or_init_crypto(conn
);
646 connection_or_set_open(conn
);
647 return connection_process_inbuf(conn
); /* process the rest of the inbuf */
652 /* ********************************** */
655 int connection_or_create_listener(struct sockaddr_in
*bindaddr
) {
656 log(LOG_DEBUG
,"connection_create_or_listener starting");
657 return connection_create_listener(bindaddr
, CONN_TYPE_OR_LISTENER
);
660 int connection_or_handle_listener_read(connection_t
*conn
) {
661 log(LOG_NOTICE
,"OR: Received a connection request from a router. Attempting to authenticate.");
662 return connection_handle_listener_read(conn
, CONN_TYPE_OR
, OR_CONN_STATE_SERVER_AUTH_WAIT
);