search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Implement midpoint functionality for rendezvous points.
[tor.git] / src / or / rendmid.c
blob7fe4d0d4ad8f5ff16246aa9544f04fa32268fa07
1 /* Copyright 2004 Roger Dingledine */
2 /* See LICENSE for licensing information */
3 /* $Id$ */
4
5 #include "or.h"
6
7 /* Respond to an ESTABLISH_INTRO cell by setting the circuit's purpose and
8 * rendevous service.
9 */
10 int
11 rend_mid_establish_intro(circuit_t *circ, char *request, int request_len)
12 {
13 crypto_pk_env_t *pk = NULL;
14 char buf[20+9];
15 char expected_digest[20];
16 char pk_digest[20];
17 int asn1len;
18 circuit_t *c;
19
20 if (circ->purpose != CIRCUIT_PURPOSE_INTERMEDIATE) {
21 log_fn(LOG_WARN, "Rejecting ESTABLISH_INTRO on non-intermediate circuit");
22 goto err;
23 }
24 if (request_len < 22)
25 goto truncated;
26 /* First 2 bytes: length of asn1-encoded key. */
27 asn1len = get_uint16(request);
28
29 /* Next asn1len bytes: asn1-encoded key. */
30 if (request_len < 22+asn1len)
31 goto truncated;
32 pk = crypto_pk_asn1_decode(request+2, asn1len);
33 if (!pk) {
34 log_fn(LOG_WARN, "Couldn't decode public key");
35 goto err;
36 }
37
38 /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */
39 memcpy(buf, circ->handshake_digest, 20);
40 memcpy(buf+20, "INTRODUCE", 9);
41 if (crypto_SHA_digest(buf, 29, expected_digest)<0) {
42 log_fn(LOG_WARN, "Error computing digest");
43 goto err;
44 }
45 if (memcmp(expected_digest, buf+2+asn1len, 20)) {
46 log_fn(LOG_WARN, "Hash of session info was not as expected");
47 goto err;
48 }
49
50 /* Rest of body: signature of previous data */
51 if (crypto_pk_public_checksig_digest(pk, buf, 22+asn1len,
52 buf+22+asn1len, request_len-(22+asn1len))<0) {
53 log_fn(LOG_WARN, "Incorrect signature on ESTABLISH_INTRO cell; rejecting");
54 goto err;
55 }
56
57 /* The request is valid. First, compute the hash of Bob's PK.*/
58 if (crypto_pk_get_digest(pk, pk_digest)<0) {
59 log_fn(LOG_WARN, "Couldn't hash public key.");
60 goto err;
61 }
62
63 /* Close any other intro circuits with the same pk. */
64 c = NULL;
65 while ((c = circuit_get_next_by_service_and_purpose(
66 c,pk_digest,CIRCUIT_PURPOSE_INTRO_POINT))) {
67 circuit_mark_for_close(c);
68 }
69
70 /* Now, set up this circuit. */
71 circ->purpose = CIRCUIT_PURPOSE_INTRO_POINT;
72 memcpy(circ->rend_service, pk_digest, 20);
73
74 return 0;
75 truncated:
76 log_fn(LOG_WARN, "Rejecting truncated ESTABLISH_INTRO cell");
77 err:
78 if (pk) crypto_free_pk_env(pk);
79 circuit_mark_for_close(circ);
80 return -1;
81 }
82
83 /* Process an INTRODUCE1 cell by finding the corresponding introduction
84 * circuit, and relaying the body of the INTRODUCE1 cell inside an
85 * INTRODUCE2 cell.
86 */
87 int
88 rend_mid_introduce(circuit_t *circ, char *request, int request_len)
89 {
90 circuit_t *intro_circ;
91
92 if (request_len < 276) {
93 log_fn(LOG_WARN, "Impossibly short INTRODUCE2 cell; dropping.");
94 goto err;
95 }
96
97 /* The first 20 bytes are all we look at: they have a hash of Bob's PK. */
98 intro_circ = circuit_get_next_by_service_and_purpose(
99 NULL, request, CIRCUIT_PURPOSE_INTRO_POINT);
100 if (!intro_circ) {
101 log_fn(LOG_WARN,
102 "No introduction circuit matching INTRODUCE2 cell; dropping");
103 goto err;
104 }
105
106 /* Great. Now we just relay the cell down the circuit. */
107 if (connection_edge_send_command(NULL, intro_circ,
108 RELAY_COMMAND_INTRODUCE2,
109 request, request_len, NULL)) {
110 log_fn(LOG_WARN, "Unable to send INTRODUCE2 cell to OP.");
111 goto err;
112 }
113
114 return 0;
115 err:
116 circuit_mark_for_close(circ); /* Is this right? */
117 return -1;
118 }
119
120 /* Process an ESTABLISH_RENDEZVOUS cell by settingthe circuit's purpose and
121 * rendezvous cookie.
122 */
123 int
124 rend_mid_establish_rendezvous(circuit_t *circ, char *request, int request_len)
125 {
126 if (circ->purpose != CIRCUIT_PURPOSE_INTERMEDIATE) {
127 log_fn(LOG_WARN, "Tried to establish rendezvous on non-intermediate circuit");
128 goto err;
129 }
130
131 if (request_len != REND_COOKIE_LEN) {
132 log_fn(LOG_WARN, "Invalid length on ESTABLISH_RENDEZVOUS");
133 goto err;
134 }
135
136 if (circuit_get_rendezvous(request)) {
137 log_fn(LOG_WARN, "Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS");
138 goto err;
139 }
140
141 circ->purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING;
142 memcpy(circ->rend_cookie, request, REND_COOKIE_LEN);
143
144 return 0;
145 err:
146 circuit_mark_for_close(circ);
147 return -1;
148 }
149
150 /* Process a RENDEZVOUS1 cell by looking up the correct rendezvous circuit by its
151 * relaying the cell's body in a RENDEZVOUS2 cell, and connecting the two circuits.
152 */
153 int
154 rend_mid_rendezvous(circuit_t *circ, char *request, int request_len)
155 {
156 circuit_t *rend_circ;
157
158 if (circ->purpose != CIRCUIT_PURPOSE_INTERMEDIATE) {
159 log_fn(LOG_WARN, "Tried to complete rendezvous on non-intermediate circuit");
160 goto err;
161 }
162
163 if (request_len < 20+128+20) {
164 log_fn(LOG_WARN, "Rejecting impossibly short RENDEZVOUS1 cell");
165 goto err;
166 }
167
168 rend_circ = circuit_get_rendezvous(request);
169 if (!rend_circ) {
170 log_fn(LOG_WARN, "Rejecting RENDEZVOUS1 cell with unrecognized rendezvous cookie");
171 goto err;
172 }
173
174 /* Send the RENDEZVOUS2 cell to Alice. */
175 if (connection_edge_send_command(NULL, rend_circ,
176 RELAY_COMMAND_RENDEZVOUS2,
177 request+20, request_len-20, NULL)) {
178 log_fn(LOG_WARN, "Unable to send RENDEZVOUS2 cell to OP.");
179 goto err;
180 }
181
182 /* Join the circuits. */
183 circ->purpose = CIRCUIT_PURPOSE_REND_ESTABLISHED;
184 rend_circ->purpose = CIRCUIT_PURPOSE_REND_ESTABLISHED;
185 memset(circ->rend_cookie, 0, 20);
186
187 rend_circ->rend_splice = circ;
188 circ->rend_splice = rend_circ;
189
190 return 0;
191 err:
192 circuit_mark_for_close(circ);
193 return -1;
194 }
195
196 /*
197 Local Variables:
198 mode:c
199 indent-tabs-mode:nil
200 c-basic-offset:2
201 End:
202 */
The Onion Router