1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Code to maintain directory authorities' certificates.
11 * Authority certificates are signed with authority identity keys; they
12 * are used to authenticate shorter-term authority signing keys. We
13 * fetch them when we find a consensus or a vote that has been signed
14 * with a signing key we don't recognize. We cache them on disk and
15 * load them on startup. Authority operators generate them with the
16 * "tor-gencert" utility.
19 #include "core/or/or.h"
21 #include "app/config/config.h"
22 #include "core/mainloop/connection.h"
23 #include "core/mainloop/mainloop.h"
24 #include "core/or/policies.h"
25 #include "feature/client/bridges.h"
26 #include "feature/dirauth/authmode.h"
27 #include "feature/dirclient/dirclient.h"
28 #include "feature/dirclient/dlstatus.h"
29 #include "feature/dircommon/directory.h"
30 #include "feature/dircommon/fp_pair.h"
31 #include "feature/dirparse/authcert_parse.h"
32 #include "feature/nodelist/authcert.h"
33 #include "feature/nodelist/dirlist.h"
34 #include "feature/nodelist/networkstatus.h"
35 #include "feature/nodelist/node_select.h"
36 #include "feature/nodelist/nodelist.h"
37 #include "feature/nodelist/routerlist.h"
38 #include "feature/relay/routermode.h"
40 #include "core/or/connection_st.h"
41 #include "feature/dirclient/dir_server_st.h"
42 #include "feature/dircommon/dir_connection_st.h"
43 #include "feature/nodelist/authority_cert_st.h"
44 #include "feature/nodelist/document_signature_st.h"
45 #include "feature/nodelist/networkstatus_st.h"
46 #include "feature/nodelist/networkstatus_voter_info_st.h"
47 #include "feature/nodelist/node_st.h"
49 DECLARE_TYPED_DIGESTMAP_FNS(dsmap
, digest_ds_map_t
, download_status_t
)
50 #define DSMAP_FOREACH(map, keyvar, valvar) \
51 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
53 #define dsmap_free(map, fn) MAP_FREE_AND_NULL(dsmap, (map), (fn))
55 /* Forward declaration for cert_list_t */
56 typedef struct cert_list_t cert_list_t
;
58 static void download_status_reset_by_sk_in_cl(cert_list_t
*cl
,
60 static int download_status_is_ready_by_sk_in_cl(cert_list_t
*cl
,
63 static void list_pending_fpsk_downloads(fp_pair_map_t
*result
);
65 /** List of certificates for a single authority, and download status for
70 * The keys of download status map are cert->signing_key_digest for pending
71 * downloads by (identity digest/signing key digest) pair; functions such
72 * as authority_cert_get_by_digest() already assume these are unique.
74 struct digest_ds_map_t
*dl_status_map
;
75 /* There is also a dlstatus for the download by identity key only */
76 download_status_t dl_status_by_id
;
79 /** Map from v3 identity key digest to cert_list_t. */
80 static digestmap_t
*trusted_dir_certs
= NULL
;
82 /** True iff any key certificate in at least one member of
83 * <b>trusted_dir_certs</b> has changed since we last flushed the
84 * certificates to disk. */
85 static int trusted_dir_servers_certs_changed
= 0;
87 /** Initialise schedule, want_authority, and increment_on in the download
88 * status dlstatus, then call download_status_reset() on it.
89 * It is safe to call this function or download_status_reset() multiple times
90 * on a new dlstatus. But it should *not* be called after a dlstatus has been
91 * used to count download attempts or failures. */
93 download_status_cert_init(download_status_t
*dlstatus
)
95 dlstatus
->schedule
= DL_SCHED_CONSENSUS
;
96 dlstatus
->want_authority
= DL_WANT_ANY_DIRSERVER
;
97 dlstatus
->increment_on
= DL_SCHED_INCREMENT_FAILURE
;
98 dlstatus
->last_backoff_position
= 0;
99 dlstatus
->last_delay_used
= 0;
101 /* Use the new schedule to set next_attempt_at */
102 download_status_reset(dlstatus
);
105 /** Reset the download status of a specified element in a dsmap */
107 download_status_reset_by_sk_in_cl(cert_list_t
*cl
, const char *digest
)
109 download_status_t
*dlstatus
= NULL
;
114 /* Make sure we have a dsmap */
115 if (!(cl
->dl_status_map
)) {
116 cl
->dl_status_map
= dsmap_new();
118 /* Look for a download_status_t in the map with this digest */
119 dlstatus
= dsmap_get(cl
->dl_status_map
, digest
);
122 /* Insert before we reset */
123 dlstatus
= tor_malloc_zero(sizeof(*dlstatus
));
124 dsmap_set(cl
->dl_status_map
, digest
, dlstatus
);
125 download_status_cert_init(dlstatus
);
127 tor_assert(dlstatus
);
128 /* Go ahead and reset it */
129 download_status_reset(dlstatus
);
133 * Return true if the download for this signing key digest in cl is ready
134 * to be re-attempted.
137 download_status_is_ready_by_sk_in_cl(cert_list_t
*cl
,
142 download_status_t
*dlstatus
= NULL
;
147 /* Make sure we have a dsmap */
148 if (!(cl
->dl_status_map
)) {
149 cl
->dl_status_map
= dsmap_new();
151 /* Look for a download_status_t in the map with this digest */
152 dlstatus
= dsmap_get(cl
->dl_status_map
, digest
);
155 /* Use download_status_is_ready() */
156 rv
= download_status_is_ready(dlstatus
, now
);
159 * If we don't know anything about it, return 1, since we haven't
160 * tried this one before. We need to create a new entry here,
163 dlstatus
= tor_malloc_zero(sizeof(*dlstatus
));
164 download_status_cert_init(dlstatus
);
165 dsmap_set(cl
->dl_status_map
, digest
, dlstatus
);
172 /** Helper: Return the cert_list_t for an authority whose authority ID is
173 * <b>id_digest</b>, allocating a new list if necessary. */
175 get_cert_list(const char *id_digest
)
178 if (!trusted_dir_certs
)
179 trusted_dir_certs
= digestmap_new();
180 cl
= digestmap_get(trusted_dir_certs
, id_digest
);
182 cl
= tor_malloc_zero(sizeof(cert_list_t
));
183 download_status_cert_init(&cl
->dl_status_by_id
);
184 cl
->certs
= smartlist_new();
185 cl
->dl_status_map
= dsmap_new();
186 digestmap_set(trusted_dir_certs
, id_digest
, cl
);
191 /** Return a list of authority ID digests with potentially enumerable lists
192 * of download_status_t objects; used by controller GETINFO queries.
195 MOCK_IMPL(smartlist_t
*,
196 list_authority_ids_with_downloads
, (void))
198 smartlist_t
*ids
= smartlist_new();
204 if (trusted_dir_certs
) {
205 for (i
= digestmap_iter_init(trusted_dir_certs
);
206 !(digestmap_iter_done(i
));
207 i
= digestmap_iter_next(trusted_dir_certs
, i
)) {
209 * We always have at least dl_status_by_id to query, so no need to
210 * probe deeper than the existence of a cert_list_t.
212 digestmap_iter_get(i
, &digest
, &cl
);
213 tmp
= tor_malloc(DIGEST_LEN
);
214 memcpy(tmp
, digest
, DIGEST_LEN
);
215 smartlist_add(ids
, tmp
);
218 /* else definitely no downloads going since nothing even has a cert list */
223 /** Given an authority ID digest, return a pointer to the default download
224 * status, or NULL if there is no such entry in trusted_dir_certs */
226 MOCK_IMPL(download_status_t
*,
227 id_only_download_status_for_authority_id
, (const char *digest
))
229 download_status_t
*dl
= NULL
;
232 if (trusted_dir_certs
) {
233 cl
= digestmap_get(trusted_dir_certs
, digest
);
235 dl
= &(cl
->dl_status_by_id
);
242 /** Given an authority ID digest, return a smartlist of signing key digests
243 * for which download_status_t is potentially queryable, or NULL if no such
244 * authority ID digest is known. */
246 MOCK_IMPL(smartlist_t
*,
247 list_sk_digests_for_authority_id
, (const char *digest
))
249 smartlist_t
*sks
= NULL
;
252 const char *sk_digest
;
254 download_status_t
*dl
;
256 if (trusted_dir_certs
) {
257 cl
= digestmap_get(trusted_dir_certs
, digest
);
259 sks
= smartlist_new();
260 if (cl
->dl_status_map
) {
261 for (i
= dsmap_iter_init(cl
->dl_status_map
);
262 !(dsmap_iter_done(i
));
263 i
= dsmap_iter_next(cl
->dl_status_map
, i
)) {
264 /* Pull the digest out and add it to the list */
265 dsmap_iter_get(i
, &sk_digest
, &dl
);
266 tmp
= tor_malloc(DIGEST_LEN
);
267 memcpy(tmp
, sk_digest
, DIGEST_LEN
);
268 smartlist_add(sks
, tmp
);
277 /** Given an authority ID digest and a signing key digest, return the
278 * download_status_t or NULL if none exists. */
280 MOCK_IMPL(download_status_t
*,
281 download_status_for_authority_id_and_sk
,(const char *id_digest
,
282 const char *sk_digest
))
284 download_status_t
*dl
= NULL
;
285 cert_list_t
*cl
= NULL
;
287 if (trusted_dir_certs
) {
288 cl
= digestmap_get(trusted_dir_certs
, id_digest
);
289 if (cl
&& cl
->dl_status_map
) {
290 dl
= dsmap_get(cl
->dl_status_map
, sk_digest
);
297 #define cert_list_free(val) \
298 FREE_AND_NULL(cert_list_t, cert_list_free_, (val))
300 /** Release all space held by a cert_list_t */
302 cert_list_free_(cert_list_t
*cl
)
307 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
308 authority_cert_free(cert
));
309 smartlist_free(cl
->certs
);
310 dsmap_free(cl
->dl_status_map
, tor_free_
);
314 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
316 cert_list_free_void(void *cl
)
321 /** Reload the cached v3 key certificates from the cached-certs file in
322 * the data directory. Return 0 on success, -1 on failure. */
324 trusted_dirs_reload_certs(void)
330 filename
= get_cachedir_fname("cached-certs");
331 contents
= read_file_to_str(filename
, RFTS_IGNORE_MISSING
, NULL
);
335 r
= trusted_dirs_load_certs_from_string(
337 TRUSTED_DIRS_CERTS_SRC_FROM_STORE
, 1, NULL
);
342 /** Helper: return true iff we already have loaded the exact cert
345 already_have_cert(authority_cert_t
*cert
)
347 cert_list_t
*cl
= get_cert_list(cert
->cache_info
.identity_digest
);
349 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, c
,
351 if (tor_memeq(c
->cache_info
.signed_descriptor_digest
,
352 cert
->cache_info
.signed_descriptor_digest
,
359 /** Load a bunch of new key certificates from the string <b>contents</b>. If
360 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
361 * from the cache, and we don't need to flush them to disk. If we are a
362 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
363 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
364 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
365 * need to flush any changed certificates to disk now. Return 0 on success,
366 * -1 if any certs fail to parse.
368 * If source_dir is non-NULL, it's the identity digest for a directory that
369 * we've just successfully retrieved certificates from, so try it first to
370 * fetch any missing certificates.
373 trusted_dirs_load_certs_from_string(const char *contents
, int source
,
374 int flush
, const char *source_dir
)
378 int failure_code
= 0;
379 int from_store
= (source
== TRUSTED_DIRS_CERTS_SRC_FROM_STORE
);
380 int added_trusted_cert
= 0;
382 for (s
= contents
; *s
; s
= eos
) {
383 authority_cert_t
*cert
= authority_cert_parse_from_string(s
, strlen(s
),
390 ds
= trusteddirserver_get_by_v3_auth_digest(
391 cert
->cache_info
.identity_digest
);
392 log_debug(LD_DIR
, "Parsed certificate for %s",
393 ds
? ds
->nickname
: "unknown authority");
395 if (already_have_cert(cert
)) {
396 /* we already have this one. continue. */
397 log_info(LD_DIR
, "Skipping %s certificate for %s that we "
399 from_store
? "cached" : "downloaded",
400 ds
? ds
->nickname
: "an old or new authority");
403 * A duplicate on download should be treated as a failure, so we call
404 * authority_cert_dl_failed() to reset the download status to make sure
405 * we can't try again. Since we've implemented the fp-sk mechanism
406 * to download certs by signing key, this should be much rarer than it
407 * was and is perhaps cause for concern.
410 if (authdir_mode(get_options())) {
412 "Got a certificate for %s, but we already have it. "
413 "Maybe they haven't updated it. Waiting for a while.",
414 ds
? ds
->nickname
: "an old or new authority");
417 "Got a certificate for %s, but we already have it. "
418 "Maybe they haven't updated it. Waiting for a while.",
419 ds
? ds
->nickname
: "an old or new authority");
423 * This is where we care about the source; authority_cert_dl_failed()
424 * needs to know whether the download was by fp or (fp,sk) pair to
425 * twiddle the right bit in the download map.
427 if (source
== TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
) {
428 authority_cert_dl_failed(cert
->cache_info
.identity_digest
,
430 } else if (source
== TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST
) {
431 authority_cert_dl_failed(cert
->cache_info
.identity_digest
,
432 cert
->signing_key_digest
, 404);
436 authority_cert_free(cert
);
441 added_trusted_cert
= 1;
442 log_info(LD_DIR
, "Adding %s certificate for directory authority %s with "
443 "signing key %s", from_store
? "cached" : "downloaded",
444 ds
->nickname
, hex_str(cert
->signing_key_digest
,DIGEST_LEN
));
446 int adding
= we_want_to_fetch_unknown_auth_certs(get_options());
447 log_info(LD_DIR
, "%s %s certificate for unrecognized directory "
448 "authority with signing key %s",
449 adding
? "Adding" : "Not adding",
450 from_store
? "cached" : "downloaded",
451 hex_str(cert
->signing_key_digest
,DIGEST_LEN
));
453 authority_cert_free(cert
);
458 cl
= get_cert_list(cert
->cache_info
.identity_digest
);
459 smartlist_add(cl
->certs
, cert
);
460 if (ds
&& cert
->cache_info
.published_on
> ds
->addr_current_at
) {
461 /* Check to see whether we should update our view of the authority's
463 if (!tor_addr_is_null(&cert
->ipv4_addr
) && cert
->ipv4_dirport
&&
464 (!tor_addr_eq(&ds
->ipv4_addr
, &cert
->ipv4_addr
) ||
465 ds
->ipv4_dirport
!= cert
->ipv4_dirport
)) {
466 log_notice(LD_DIR
, "Updating address for directory authority %s "
467 "from %s:%"PRIu16
" to %s:%"PRIu16
" based on certificate.",
468 ds
->nickname
, ds
->address
, ds
->ipv4_dirport
,
469 fmt_addr(&cert
->ipv4_addr
), cert
->ipv4_dirport
);
470 tor_addr_copy(&ds
->ipv4_addr
, &cert
->ipv4_addr
);
471 ds
->ipv4_dirport
= cert
->ipv4_dirport
;
473 ds
->addr_current_at
= cert
->cache_info
.published_on
;
477 trusted_dir_servers_certs_changed
= 1;
481 trusted_dirs_flush_certs_to_disk();
483 /* call this even if failure_code is <0, since some certs might have
484 * succeeded, but only pass source_dir if there were no failures,
485 * and at least one more authority certificate was added to the store.
486 * This avoids retrying a directory that's serving bad or entirely duplicate
488 if (failure_code
== 0 && added_trusted_cert
) {
489 networkstatus_note_certs_arrived(source_dir
);
491 networkstatus_note_certs_arrived(NULL
);
497 /** Save all v3 key certificates to the cached-certs file. */
499 trusted_dirs_flush_certs_to_disk(void)
504 if (!trusted_dir_servers_certs_changed
|| !trusted_dir_certs
)
507 chunks
= smartlist_new();
508 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
509 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
511 sized_chunk_t
*c
= tor_malloc(sizeof(sized_chunk_t
));
512 c
->bytes
= cert
->cache_info
.signed_descriptor_body
;
513 c
->len
= cert
->cache_info
.signed_descriptor_len
;
514 smartlist_add(chunks
, c
);
516 } DIGESTMAP_FOREACH_END
;
518 filename
= get_cachedir_fname("cached-certs");
519 if (write_chunks_to_file(filename
, chunks
, 0, 0)) {
520 log_warn(LD_FS
, "Error writing certificates to disk.");
523 SMARTLIST_FOREACH(chunks
, sized_chunk_t
*, c
, tor_free(c
));
524 smartlist_free(chunks
);
526 trusted_dir_servers_certs_changed
= 0;
530 compare_certs_by_pubdates(const void **_a
, const void **_b
)
532 const authority_cert_t
*cert1
= *_a
, *cert2
=*_b
;
534 if (cert1
->cache_info
.published_on
< cert2
->cache_info
.published_on
)
536 else if (cert1
->cache_info
.published_on
> cert2
->cache_info
.published_on
)
542 /** Remove all expired v3 authority certificates that have been superseded for
543 * more than 48 hours or, if not expired, that were published more than 7 days
544 * before being superseded. (If the most recent cert was published more than 48
545 * hours ago, then we aren't going to get any consensuses signed with older
548 trusted_dirs_remove_old_certs(void)
550 time_t now
= time(NULL
);
551 #define DEAD_CERT_LIFETIME (2*24*60*60)
552 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
553 if (!trusted_dir_certs
)
556 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
557 /* Sort the list from first-published to last-published */
558 smartlist_sort(cl
->certs
, compare_certs_by_pubdates
);
560 SMARTLIST_FOREACH_BEGIN(cl
->certs
, authority_cert_t
*, cert
) {
561 if (cert_sl_idx
== smartlist_len(cl
->certs
) - 1) {
562 /* This is the most recently published cert. Keep it. */
565 authority_cert_t
*next_cert
= smartlist_get(cl
->certs
, cert_sl_idx
+1);
566 const time_t next_cert_published
= next_cert
->cache_info
.published_on
;
567 if (next_cert_published
> now
) {
568 /* All later certs are published in the future. Keep everything
569 * we didn't discard. */
572 int should_remove
= 0;
573 if (cert
->expires
+ DEAD_CERT_LIFETIME
< now
) {
574 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
577 } else if (next_cert_published
+ SUPERSEDED_CERT_LIFETIME
< now
) {
578 /* Certificate has been superseded for OLD_CERT_LIFETIME.
584 SMARTLIST_DEL_CURRENT_KEEPORDER(cl
->certs
, cert
);
585 authority_cert_free(cert
);
586 trusted_dir_servers_certs_changed
= 1;
588 } SMARTLIST_FOREACH_END(cert
);
590 } DIGESTMAP_FOREACH_END
;
591 #undef DEAD_CERT_LIFETIME
592 #undef OLD_CERT_LIFETIME
594 trusted_dirs_flush_certs_to_disk();
597 /** Return the newest v3 authority certificate whose v3 authority identity key
598 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
599 * or it has no certificate. */
601 authority_cert_get_newest_by_id(const char *id_digest
)
604 authority_cert_t
*best
= NULL
;
605 if (!trusted_dir_certs
||
606 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
609 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
611 if (!best
|| cert
->cache_info
.published_on
> best
->cache_info
.published_on
)
617 /** Return the newest v3 authority certificate whose directory signing key has
618 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
621 authority_cert_get_by_sk_digest(const char *sk_digest
)
624 if (!trusted_dir_certs
)
627 if ((c
= get_my_v3_authority_cert()) &&
628 tor_memeq(c
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
630 if ((c
= get_my_v3_legacy_cert()) &&
631 tor_memeq(c
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
634 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
635 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
637 if (tor_memeq(cert
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
640 } DIGESTMAP_FOREACH_END
;
644 /** Return the v3 authority certificate with signing key matching
645 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
646 * Return NULL if no such authority is known. */
648 authority_cert_get_by_digests(const char *id_digest
,
649 const char *sk_digest
)
652 if (!trusted_dir_certs
||
653 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
655 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
656 if (tor_memeq(cert
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
662 /** Add every known authority_cert_t to <b>certs_out</b>. */
664 authority_cert_get_all(smartlist_t
*certs_out
)
666 tor_assert(certs_out
);
667 if (!trusted_dir_certs
)
670 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
671 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, c
,
672 smartlist_add(certs_out
, c
));
673 } DIGESTMAP_FOREACH_END
;
676 /** Called when an attempt to download a certificate with the authority with
677 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
678 * fails with HTTP response code <b>status</b>: remember the failure, so we
679 * don't try again immediately. */
681 authority_cert_dl_failed(const char *id_digest
,
682 const char *signing_key_digest
, int status
)
685 download_status_t
*dlstatus
= NULL
;
686 char id_digest_str
[2*DIGEST_LEN
+1];
687 char sk_digest_str
[2*DIGEST_LEN
+1];
689 if (!trusted_dir_certs
||
690 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
694 * Are we noting a failed download of the latest cert for the id digest,
695 * or of a download by (id, signing key) digest pair?
697 if (!signing_key_digest
) {
698 /* Just by id digest */
699 download_status_failed(&cl
->dl_status_by_id
, status
);
701 /* Reset by (id, signing key) digest pair
703 * Look for a download_status_t in the map with this digest
705 dlstatus
= dsmap_get(cl
->dl_status_map
, signing_key_digest
);
708 download_status_failed(dlstatus
, status
);
711 * Do this rather than hex_str(), since hex_str clobbers
712 * old results and we call twice in the param list.
714 base16_encode(id_digest_str
, sizeof(id_digest_str
),
715 id_digest
, DIGEST_LEN
);
716 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
717 signing_key_digest
, DIGEST_LEN
);
719 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
720 "status %d, but knew nothing about the download.",
721 id_digest_str
, sk_digest_str
, status
);
726 static const char *BAD_SIGNING_KEYS
[] = {
727 "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31
728 "0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26
729 "57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09
730 "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09
731 "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56
732 "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01
733 "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30
734 "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09
735 "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10
736 "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57
740 /** Return true iff <b>cert</b> authenticates some atuhority signing key
741 * which, because of the old openssl heartbleed vulnerability, should
742 * never be trusted. */
744 authority_cert_is_denylisted(const authority_cert_t
*cert
)
746 char hex_digest
[HEX_DIGEST_LEN
+1];
748 base16_encode(hex_digest
, sizeof(hex_digest
),
749 cert
->signing_key_digest
, sizeof(cert
->signing_key_digest
));
751 for (i
= 0; BAD_SIGNING_KEYS
[i
]; ++i
) {
752 if (!strcasecmp(hex_digest
, BAD_SIGNING_KEYS
[i
])) {
759 /** Return true iff when we've been getting enough failures when trying to
760 * download the certificate with ID digest <b>id_digest</b> that we're willing
761 * to start bugging the user about it. */
763 authority_cert_dl_looks_uncertain(const char *id_digest
)
765 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
768 if (!trusted_dir_certs
||
769 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
772 n_failures
= download_status_get_n_failures(&cl
->dl_status_by_id
);
773 return n_failures
>= N_AUTH_CERT_DL_FAILURES_TO_BUG_USER
;
776 /* Fetch the authority certificates specified in resource.
777 * If we are a bridge client, and node is a configured bridge, fetch from node
778 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
779 * rs. Otherwise, fetch from a random directory mirror. */
781 authority_certs_fetch_resource_impl(const char *resource
,
782 const char *dir_hint
,
784 const routerstatus_t
*rs
)
786 const or_options_t
*options
= get_options();
787 int get_via_tor
= purpose_needs_anonymity(DIR_PURPOSE_FETCH_CERTIFICATE
, 0,
790 /* Make sure bridge clients never connect to anything but a bridge */
791 if (options
->UseBridges
) {
792 if (node
&& !node_is_a_configured_bridge(node
)) {
793 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
796 /* If we're using bridges, and there's no node, use a 3-hop path. */
801 const dir_indirection_t indirection
= get_via_tor
? DIRIND_ANONYMOUS
804 directory_request_t
*req
= NULL
;
805 /* If we've just downloaded a consensus from a bridge, re-use that
807 if (options
->UseBridges
&& node
&& node
->ri
&& !get_via_tor
) {
808 /* clients always make OR connections to bridges */
809 tor_addr_port_t or_ap
;
810 /* we are willing to use a non-preferred address if we need to */
811 reachable_addr_choose_from_node(node
, FIREWALL_OR_CONNECTION
, 0,
814 req
= directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE
);
815 directory_request_set_or_addr_port(req
, &or_ap
);
817 directory_request_set_directory_id_digest(req
, dir_hint
);
819 /* And if we've just downloaded a consensus from a directory, re-use that
821 req
= directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE
);
822 directory_request_set_routerstatus(req
, rs
);
826 /* We've set up a request object -- fill in the other request fields, and
827 * send the request. */
828 directory_request_set_indirection(req
, indirection
);
829 directory_request_set_resource(req
, resource
);
830 directory_initiate_request(req
);
831 directory_request_free(req
);
835 /* Otherwise, we want certs from a random fallback or directory
836 * mirror, because they will almost always succeed. */
837 directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE
, 0,
838 resource
, PDS_RETRY_IF_NO_SERVERS
,
839 DL_WANT_ANY_DIRSERVER
);
842 /** Try to download any v3 authority certificates that we may be missing. If
843 * <b>status</b> is provided, try to get all the ones that were used to sign
844 * <b>status</b>. Additionally, try to have a non-expired certificate for
845 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
848 * If dir_hint is non-NULL, it's the identity digest for a directory that
849 * we've just successfully retrieved a consensus or certificates from, so try
850 * it first to fetch any missing certificates.
853 authority_certs_fetch_missing(networkstatus_t
*status
, time_t now
,
854 const char *dir_hint
)
857 * The pending_id digestmap tracks pending certificate downloads by
858 * identity digest; the pending_cert digestmap tracks pending downloads
859 * by (identity digest, signing key digest) pairs.
861 digestmap_t
*pending_id
;
862 fp_pair_map_t
*pending_cert
;
864 * The missing_id_digests smartlist will hold a list of id digests
865 * we want to fetch the newest cert for; the missing_cert_digests
866 * smartlist will hold a list of fp_pair_t with an identity and
867 * signing key digest.
869 smartlist_t
*missing_cert_digests
, *missing_id_digests
;
870 char *resource
= NULL
;
872 const or_options_t
*options
= get_options();
873 const int keep_unknown
= we_want_to_fetch_unknown_auth_certs(options
);
874 fp_pair_t
*fp_tmp
= NULL
;
875 char id_digest_str
[2*DIGEST_LEN
+1];
876 char sk_digest_str
[2*DIGEST_LEN
+1];
878 if (should_delay_dir_fetches(options
, NULL
))
881 pending_cert
= fp_pair_map_new();
882 pending_id
= digestmap_new();
883 missing_cert_digests
= smartlist_new();
884 missing_id_digests
= smartlist_new();
887 * First, we get the lists of already pending downloads so we don't
890 list_pending_downloads(pending_id
, NULL
,
891 DIR_PURPOSE_FETCH_CERTIFICATE
, "fp/");
892 list_pending_fpsk_downloads(pending_cert
);
895 * Now, we download any trusted authority certs we don't have by
896 * identity digest only. This gets the latest cert for that authority.
898 SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
899 dir_server_t
*, ds
) {
901 if (!(ds
->type
& V3_DIRINFO
))
903 if (smartlist_contains_digest(missing_id_digests
,
904 ds
->v3_identity_digest
))
906 cl
= get_cert_list(ds
->v3_identity_digest
);
907 SMARTLIST_FOREACH_BEGIN(cl
->certs
, authority_cert_t
*, cert
) {
908 if (now
< cert
->expires
) {
909 /* It's not expired, and we weren't looking for something to
910 * verify a consensus with. Call it done. */
911 download_status_reset(&(cl
->dl_status_by_id
));
912 /* No sense trying to download it specifically by signing key hash */
913 download_status_reset_by_sk_in_cl(cl
, cert
->signing_key_digest
);
917 } SMARTLIST_FOREACH_END(cert
);
919 download_status_is_ready(&(cl
->dl_status_by_id
), now
) &&
920 !digestmap_get(pending_id
, ds
->v3_identity_digest
)) {
922 "No current certificate known for authority %s "
923 "(ID digest %s); launching request.",
924 ds
->nickname
, hex_str(ds
->v3_identity_digest
, DIGEST_LEN
));
925 smartlist_add(missing_id_digests
, ds
->v3_identity_digest
);
927 } SMARTLIST_FOREACH_END(ds
);
930 * Next, if we have a consensus, scan through it and look for anything
931 * signed with a key from a cert we don't have. Those get downloaded
932 * by (fp,sk) pair, but if we don't know any certs at all for the fp
933 * (identity digest), and it's one of the trusted dir server certs
934 * we started off above or a pending download in pending_id, don't
935 * try to get it yet. Most likely, the one we'll get for that will
936 * have the right signing key too, and we'd just be downloading
940 SMARTLIST_FOREACH_BEGIN(status
->voters
, networkstatus_voter_info_t
*,
942 if (!smartlist_len(voter
->sigs
))
943 continue; /* This authority never signed this consensus, so don't
944 * go looking for a cert with key digest 0000000000. */
946 !trusteddirserver_get_by_v3_auth_digest(voter
->identity_digest
))
947 continue; /* We don't want unknown certs, and we don't know this
951 * If we don't know *any* cert for this authority, and a download by ID
952 * is pending or we added it to missing_id_digests above, skip this
953 * one for now to avoid duplicate downloads.
955 cl
= get_cert_list(voter
->identity_digest
);
956 if (smartlist_len(cl
->certs
) == 0) {
957 /* We have no certs at all for this one */
959 /* Do we have a download of one pending? */
960 if (digestmap_get(pending_id
, voter
->identity_digest
))
964 * Are we about to launch a download of one due to the trusted
965 * dir server check above?
967 if (smartlist_contains_digest(missing_id_digests
,
968 voter
->identity_digest
))
972 SMARTLIST_FOREACH_BEGIN(voter
->sigs
, document_signature_t
*, sig
) {
973 authority_cert_t
*cert
=
974 authority_cert_get_by_digests(voter
->identity_digest
,
975 sig
->signing_key_digest
);
977 if (now
< cert
->expires
)
978 download_status_reset_by_sk_in_cl(cl
, sig
->signing_key_digest
);
981 if (download_status_is_ready_by_sk_in_cl(
982 cl
, sig
->signing_key_digest
, now
) &&
983 !fp_pair_map_get_by_digests(pending_cert
,
984 voter
->identity_digest
,
985 sig
->signing_key_digest
)) {
987 * Do this rather than hex_str(), since hex_str clobbers
988 * old results and we call twice in the param list.
990 base16_encode(id_digest_str
, sizeof(id_digest_str
),
991 voter
->identity_digest
, DIGEST_LEN
);
992 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
993 sig
->signing_key_digest
, DIGEST_LEN
);
995 if (voter
->nickname
) {
997 "We're missing a certificate from authority %s "
998 "(ID digest %s) with signing key %s: "
999 "launching request.",
1000 voter
->nickname
, id_digest_str
, sk_digest_str
);
1003 "We're missing a certificate from authority ID digest "
1004 "%s with signing key %s: launching request.",
1005 id_digest_str
, sk_digest_str
);
1008 /* Allocate a new fp_pair_t to append */
1009 fp_tmp
= tor_malloc(sizeof(*fp_tmp
));
1010 memcpy(fp_tmp
->first
, voter
->identity_digest
, sizeof(fp_tmp
->first
));
1011 memcpy(fp_tmp
->second
, sig
->signing_key_digest
,
1012 sizeof(fp_tmp
->second
));
1013 smartlist_add(missing_cert_digests
, fp_tmp
);
1015 } SMARTLIST_FOREACH_END(sig
);
1016 } SMARTLIST_FOREACH_END(voter
);
1019 /* Bridge clients look up the node for the dir_hint */
1020 const node_t
*node
= NULL
;
1021 /* All clients, including bridge clients, look up the routerstatus for the
1023 const routerstatus_t
*rs
= NULL
;
1025 /* If we still need certificates, try the directory that just successfully
1026 * served us a consensus or certificates.
1027 * As soon as the directory fails to provide additional certificates, we try
1028 * another, randomly selected directory. This avoids continual retries.
1029 * (We only ever have one outstanding request per certificate.)
1032 if (options
->UseBridges
) {
1033 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1034 * or something else fetched over tor, we won't find the node here, but
1035 * we will find the rs. */
1036 node
= node_get_by_id(dir_hint
);
1039 /* All clients try the consensus routerstatus, then the fallback
1041 rs
= router_get_consensus_status_by_id(dir_hint
);
1043 /* This will also find authorities */
1044 const dir_server_t
*ds
= router_get_fallback_dirserver_by_digest(
1047 rs
= &ds
->fake_status
;
1052 log_warn(LD_BUG
, "Directory %s delivered a consensus, but %s"
1053 "no routerstatus could be found for it.",
1054 options
->UseBridges
? "no node and " : "",
1055 hex_str(dir_hint
, DIGEST_LEN
));
1059 /* Do downloads by identity digest */
1060 if (smartlist_len(missing_id_digests
) > 0) {
1062 smartlist_t
*fps
= smartlist_new();
1064 smartlist_add_strdup(fps
, "fp/");
1066 SMARTLIST_FOREACH_BEGIN(missing_id_digests
, const char *, d
) {
1069 if (digestmap_get(pending_id
, d
))
1072 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1076 tor_asprintf(&fp
, "+%s", id_digest_str
);
1078 /* No need for tor_asprintf() in this case; first one gets no '+' */
1079 fp
= tor_strdup(id_digest_str
);
1083 smartlist_add(fps
, fp
);
1084 } SMARTLIST_FOREACH_END(d
);
1086 if (smartlist_len(fps
) > 1) {
1087 resource
= smartlist_join_strings(fps
, "", 0, NULL
);
1088 /* node and rs are directories that just gave us a consensus or
1090 authority_certs_fetch_resource_impl(resource
, dir_hint
, node
, rs
);
1093 /* else we didn't add any: they were all pending */
1095 SMARTLIST_FOREACH(fps
, char *, cp
, tor_free(cp
));
1096 smartlist_free(fps
);
1099 /* Do downloads by identity digest/signing key pair */
1100 if (smartlist_len(missing_cert_digests
) > 0) {
1102 smartlist_t
*fp_pairs
= smartlist_new();
1104 smartlist_add_strdup(fp_pairs
, "fp-sk/");
1106 SMARTLIST_FOREACH_BEGIN(missing_cert_digests
, const fp_pair_t
*, d
) {
1107 char *fp_pair
= NULL
;
1109 if (fp_pair_map_get(pending_cert
, d
))
1112 /* Construct string encodings of the digests */
1113 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1114 d
->first
, DIGEST_LEN
);
1115 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
1116 d
->second
, DIGEST_LEN
);
1118 /* Now tor_asprintf() */
1120 tor_asprintf(&fp_pair
, "+%s-%s", id_digest_str
, sk_digest_str
);
1122 /* First one in the list doesn't get a '+' */
1123 tor_asprintf(&fp_pair
, "%s-%s", id_digest_str
, sk_digest_str
);
1127 /* Add it to the list of pairs to request */
1128 smartlist_add(fp_pairs
, fp_pair
);
1129 } SMARTLIST_FOREACH_END(d
);
1131 if (smartlist_len(fp_pairs
) > 1) {
1132 resource
= smartlist_join_strings(fp_pairs
, "", 0, NULL
);
1133 /* node and rs are directories that just gave us a consensus or
1135 authority_certs_fetch_resource_impl(resource
, dir_hint
, node
, rs
);
1138 /* else they were all pending */
1140 SMARTLIST_FOREACH(fp_pairs
, char *, p
, tor_free(p
));
1141 smartlist_free(fp_pairs
);
1144 smartlist_free(missing_id_digests
);
1145 SMARTLIST_FOREACH(missing_cert_digests
, fp_pair_t
*, p
, tor_free(p
));
1146 smartlist_free(missing_cert_digests
);
1147 digestmap_free(pending_id
, NULL
);
1148 fp_pair_map_free(pending_cert
, NULL
);
1152 authcert_free_all(void)
1154 if (trusted_dir_certs
) {
1155 digestmap_free(trusted_dir_certs
, cert_list_free_void
);
1156 trusted_dir_certs
= NULL
;
1160 /** Free storage held in <b>cert</b>. */
1162 authority_cert_free_(authority_cert_t
*cert
)
1167 tor_free(cert
->cache_info
.signed_descriptor_body
);
1168 crypto_pk_free(cert
->signing_key
);
1169 crypto_pk_free(cert
->identity_key
);
1174 /** For every certificate we are currently downloading by (identity digest,
1175 * signing key digest) pair, set result[fp_pair] to (void *1).
1178 list_pending_fpsk_downloads(fp_pair_map_t
*result
)
1180 const char *pfx
= "fp-sk/";
1183 const char *resource
;
1187 tmp
= smartlist_new();
1188 conns
= get_connection_array();
1190 SMARTLIST_FOREACH_BEGIN(conns
, connection_t
*, conn
) {
1191 if (conn
->type
== CONN_TYPE_DIR
&&
1192 conn
->purpose
== DIR_PURPOSE_FETCH_CERTIFICATE
&&
1193 !conn
->marked_for_close
) {
1194 resource
= TO_DIR_CONN(conn
)->requested_resource
;
1195 if (!strcmpstart(resource
, pfx
))
1196 dir_split_resource_into_fingerprint_pairs(resource
+ strlen(pfx
),
1199 } SMARTLIST_FOREACH_END(conn
);
1201 SMARTLIST_FOREACH_BEGIN(tmp
, fp_pair_t
*, fp
) {
1202 fp_pair_map_set(result
, fp
, (void*)1);
1204 } SMARTLIST_FOREACH_END(fp
);
1206 smartlist_free(tmp
);