| blob | 4ac3acc1bc20d60c5177c39d440c575c77f62297 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file authcert.c
9 * \brief Code to maintain directory authorities' certificates.
10 *
11 * Authority certificates are signed with authority identity keys; they
12 * are used to authenticate shorter-term authority signing keys. We
13 * fetch them when we find a consensus or a vote that has been signed
14 * with a signing key we don't recognize. We cache them on disk and
15 * load them on startup. Authority operators generate them with the
16 * "tor-gencert" utility.
17 */
50 #define DSMAP_FOREACH(map, keyvar, valvar) \
51 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
52 valvar)
53 #define dsmap_free(map, fn) MAP_FREE_AND_NULL(dsmap, (map), (fn))
55 /* Forward declaration for cert_list_t */
65 /** List of certificates for a single authority, and download status for
66 * latest certificate.
67 */
69 /*
70 * The keys of download status map are cert->signing_key_digest for pending
71 * downloads by (identity digest/signing key digest) pair; functions such
72 * as authority_cert_get_by_digest() already assume these are unique.
73 */
75 /* There is also a dlstatus for the download by identity key only */
76 download_status_t dl_status_by_id;
78 };
79 /** Map from v3 identity key digest to cert_list_t. */
82 /** True iff any key certificate in at least one member of
83 * <b>trusted_dir_certs</b> has changed since we last flushed the
84 * certificates to disk. */
87 /** Initialise schedule, want_authority, and increment_on in the download
88 * status dlstatus, then call download_status_reset() on it.
89 * It is safe to call this function or download_status_reset() multiple times
90 * on a new dlstatus. But it should *not* be called after a dlstatus has been
91 * used to count download attempts or failures. */
92 static void
94 {
101 /* Use the new schedule to set next_attempt_at */
103 }
105 /** Reset the download status of a specified element in a dsmap */
106 static void
108 {
114 /* Make sure we have a dsmap */
117 }
118 /* Look for a download_status_t in the map with this digest */
120 /* Got one? */
122 /* Insert before we reset */
126 }
128 /* Go ahead and reset it */
130 }
132 /**
133 * Return true if the download for this signing key digest in cl is ready
134 * to be re-attempted.
135 */
136 static int
140 {
147 /* Make sure we have a dsmap */
150 }
151 /* Look for a download_status_t in the map with this digest */
153 /* Got one? */
155 /* Use download_status_is_ready() */
158 /*
159 * If we don't know anything about it, return 1, since we haven't
160 * tried this one before. We need to create a new entry here,
161 * too.
162 */
167 }
170 }
172 /** Helper: Return the cert_list_t for an authority whose authority ID is
173 * <b>id_digest</b>, allocating a new list if necessary. */
176 {
187 }
189 }
191 /** Return a list of authority ID digests with potentially enumerable lists
192 * of download_status_t objects; used by controller GETINFO queries.
193 */
197 {
208 /*
209 * We always have at least dl_status_by_id to query, so no need to
210 * probe deeper than the existence of a cert_list_t.
211 */
216 }
217 }
218 /* else definitely no downloads going since nothing even has a cert list */
221 }
223 /** Given an authority ID digest, return a pointer to the default download
224 * status, or NULL if there is no such entry in trusted_dir_certs */
228 {
236 }
237 }
240 }
242 /** Given an authority ID digest, return a smartlist of signing key digests
243 * for which download_status_t is potentially queryable, or NULL if no such
244 * authority ID digest is known. */
248 {
264 /* Pull the digest out and add it to the list */
269 }
270 }
271 }
272 }
275 }
277 /** Given an authority ID digest and a signing key digest, return the
278 * download_status_t or NULL if none exists. */
283 {
291 }
292 }
295 }
297 #define cert_list_free(val) \
298 FREE_AND_NULL(cert_list_t, cert_list_free_, (val))
300 /** Release all space held by a cert_list_t */
301 static void
303 {
312 }
314 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
315 static void
317 {
319 }
321 /** Reload the cached v3 key certificates from the cached-certs file in
322 * the data directory. Return 0 on success, -1 on failure. */
323 int
325 {
336 contents,
340 }
342 /** Helper: return true iff we already have loaded the exact cert
343 * <b>cert</b>. */
346 {
350 {
353 DIGEST_LEN))
355 });
357 }
359 /** Load a bunch of new key certificates from the string <b>contents</b>. If
360 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
361 * from the cache, and we don't need to flush them to disk. If we are a
362 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
363 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
364 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
365 * need to flush any changed certificates to disk now. Return 0 on success,
366 * -1 if any certs fail to parse.
367 *
368 * If source_dir is non-NULL, it's the identity digest for a directory that
369 * we've just successfully retrieved certificates from, so try it first to
370 * fetch any missing certificates.
371 */
372 int
375 {
389 }
396 /* we already have this one. continue. */
402 /*
403 * A duplicate on download should be treated as a failure, so we call
404 * authority_cert_dl_failed() to reset the download status to make sure
405 * we can't try again. Since we've implemented the fp-sk mechanism
406 * to download certs by signing key, this should be much rarer than it
407 * was and is perhaps cause for concern.
408 */
412 "Got a certificate for %s, but we already have it. "
417 "Got a certificate for %s, but we already have it. "
420 }
422 /*
423 * This is where we care about the source; authority_cert_dl_failed()
424 * needs to know whether the download was by fp or (fp,sk) pair to
425 * twiddle the right bit in the download map.
426 */
433 }
434 }
438 }
455 }
456 }
461 /* Check to see whether we should update our view of the authority's
462 * address. */
472 }
474 }
478 }
483 /* call this even if failure_code is <0, since some certs might have
484 * succeeded, but only pass source_dir if there were no failures,
485 * and at least one more authority certificate was added to the store.
486 * This avoids retrying a directory that's serving bad or entirely duplicate
487 * certificates. */
492 }
495 }
497 /** Save all v3 key certificates to the cached-certs file. */
498 void
500 {
510 {
515 });
521 }
527 }
529 static int
531 {
538 else
540 }
542 /** Remove all expired v3 authority certificates that have been superseded for
543 * more than 48 hours or, if not expired, that were published more than 7 days
544 * before being superseded. (If the most recent cert was published more than 48
545 * hours ago, then we aren't going to get any consensuses signed with older
546 * keys.) */
547 void
549 {
551 #define DEAD_CERT_LIFETIME (2*24*60*60)
552 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
557 /* Sort the list from first-published to last-published */
562 /* This is the most recently published cert. Keep it. */
564 }
568 /* All later certs are published in the future. Keep everything
569 * we didn't discard. */
571 }
574 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
575 * Remove it. */
578 /* Certificate has been superseded for OLD_CERT_LIFETIME.
579 * Remove it.
580 */
582 }
587 }
591 #undef DEAD_CERT_LIFETIME
592 #undef OLD_CERT_LIFETIME
595 }
597 /** Return the newest v3 authority certificate whose v3 authority identity key
598 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
599 * or it has no certificate. */
600 authority_cert_t *
602 {
610 {
613 });
615 }
617 /** Return the newest v3 authority certificate whose directory signing key has
618 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
619 */
620 authority_cert_t *
622 {
636 {
639 });
642 }
644 /** Return the v3 authority certificate with signing key matching
645 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
646 * Return NULL if no such authority is known. */
647 authority_cert_t *
650 {
660 }
662 /** Add every known authority_cert_t to <b>certs_out</b>. */
663 void
665 {
674 }
676 /** Called when an attempt to download a certificate with the authority with
677 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
678 * fails with HTTP response code <b>status</b>: remember the failure, so we
679 * don't try again immediately. */
680 void
683 {
693 /*
694 * Are we noting a failed download of the latest cert for the id digest,
695 * or of a download by (id, signing key) digest pair?
696 */
698 /* Just by id digest */
701 /* Reset by (id, signing key) digest pair
702 *
703 * Look for a download_status_t in the map with this digest
704 */
706 /* Got one? */
710 /*
711 * Do this rather than hex_str(), since hex_str clobbers
712 * old results and we call twice in the param list.
713 */
719 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
722 }
723 }
724 }
737 NULL,
738 };
740 /** Return true iff <b>cert</b> authenticates some atuhority signing key
741 * which, because of the old openssl heartbleed vulnerability, should
742 * never be trusted. */
743 int
745 {
754 }
755 }
757 }
759 /** Return true iff when we've been getting enough failures when trying to
760 * download the certificate with ID digest <b>id_digest</b> that we're willing
761 * to start bugging the user about it. */
762 int
764 {
765 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
774 }
776 /* Fetch the authority certificates specified in resource.
777 * If we are a bridge client, and node is a configured bridge, fetch from node
778 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
779 * rs. Otherwise, fetch from a random directory mirror. */
780 static void
785 {
788 resource);
790 /* Make sure bridge clients never connect to anything but a bridge */
793 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
796 /* If we're using bridges, and there's no node, use a 3-hop path. */
798 }
799 }
805 /* If we've just downloaded a consensus from a bridge, re-use that
806 * bridge */
808 /* clients always make OR connections to bridges */
809 tor_addr_port_t or_ap;
810 /* we are willing to use a non-preferred address if we need to */
819 /* And if we've just downloaded a consensus from a directory, re-use that
820 * directory */
823 }
826 /* We've set up a request object -- fill in the other request fields, and
827 * send the request. */
833 }
835 /* Otherwise, we want certs from a random fallback or directory
836 * mirror, because they will almost always succeed. */
839 DL_WANT_ANY_DIRSERVER);
840 }
842 /** Try to download any v3 authority certificates that we may be missing. If
843 * <b>status</b> is provided, try to get all the ones that were used to sign
844 * <b>status</b>. Additionally, try to have a non-expired certificate for
845 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
846 * already have.
847 *
848 * If dir_hint is non-NULL, it's the identity digest for a directory that
849 * we've just successfully retrieved a consensus or certificates from, so try
850 * it first to fetch any missing certificates.
851 **/
852 void
855 {
856 /*
857 * The pending_id digestmap tracks pending certificate downloads by
858 * identity digest; the pending_cert digestmap tracks pending downloads
859 * by (identity digest, signing key digest) pairs.
860 */
863 /*
864 * The missing_id_digests smartlist will hold a list of id digests
865 * we want to fetch the newest cert for; the missing_cert_digests
866 * smartlist will hold a list of fp_pair_t with an identity and
867 * signing key digest.
868 */
886 /*
887 * First, we get the lists of already pending downloads so we don't
888 * duplicate effort.
889 */
894 /*
895 * Now, we download any trusted authority certs we don't have by
896 * identity digest only. This gets the latest cert for that authority.
897 */
909 /* It's not expired, and we weren't looking for something to
910 * verify a consensus with. Call it done. */
912 /* No sense trying to download it specifically by signing key hash */
916 }
922 "No current certificate known for authority %s "
926 }
929 /*
930 * Next, if we have a consensus, scan through it and look for anything
931 * signed with a key from a cert we don't have. Those get downloaded
932 * by (fp,sk) pair, but if we don't know any certs at all for the fp
933 * (identity digest), and it's one of the trusted dir server certs
934 * we started off above or a pending download in pending_id, don't
935 * try to get it yet. Most likely, the one we'll get for that will
936 * have the right signing key too, and we'd just be downloading
937 * redundantly.
938 */
941 voter) {
944 * go looking for a cert with key digest 0000000000. */
948 * authority.*/
950 /*
951 * If we don't know *any* cert for this authority, and a download by ID
952 * is pending or we added it to missing_id_digests above, skip this
953 * one for now to avoid duplicate downloads.
954 */
957 /* We have no certs at all for this one */
959 /* Do we have a download of one pending? */
963 /*
964 * Are we about to launch a download of one due to the trusted
965 * dir server check above?
966 */
970 }
980 }
986 /*
987 * Do this rather than hex_str(), since hex_str clobbers
988 * old results and we call twice in the param list.
989 */
997 "We're missing a certificate from authority %s "
998 "(ID digest %s) with signing key %s: "
1003 "We're missing a certificate from authority ID digest "
1006 }
1008 /* Allocate a new fp_pair_t to append */
1014 }
1017 }
1019 /* Bridge clients look up the node for the dir_hint */
1021 /* All clients, including bridge clients, look up the routerstatus for the
1022 * dir_hint */
1025 /* If we still need certificates, try the directory that just successfully
1026 * served us a consensus or certificates.
1027 * As soon as the directory fails to provide additional certificates, we try
1028 * another, randomly selected directory. This avoids continual retries.
1029 * (We only ever have one outstanding request per certificate.)
1030 */
1033 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1034 * or something else fetched over tor, we won't find the node here, but
1035 * we will find the rs. */
1037 }
1039 /* All clients try the consensus routerstatus, then the fallback
1040 * routerstatus */
1043 /* This will also find authorities */
1045 dir_hint);
1048 }
1049 }
1056 }
1057 }
1059 /* Do downloads by identity digest */
1078 /* No need for tor_asprintf() in this case; first one gets no '+' */
1081 }
1088 /* node and rs are directories that just gave us a consensus or
1089 * certificates */
1092 }
1093 /* else we didn't add any: they were all pending */
1097 }
1099 /* Do downloads by identity digest/signing key pair */
1112 /* Construct string encodings of the digests */
1118 /* Now tor_asprintf() */
1122 /* First one in the list doesn't get a '+' */
1125 }
1127 /* Add it to the list of pairs to request */
1133 /* node and rs are directories that just gave us a consensus or
1134 * certificates */
1137 }
1138 /* else they were all pending */
1142 }
1149 }
1151 void
1153 {
1157 }
1158 }
1160 /** Free storage held in <b>cert</b>. */
1161 void
1163 {
1172 }
1174 /** For every certificate we are currently downloading by (identity digest,
1175 * signing key digest) pair, set result[fp_pair] to (void *1).
1176 */
1177 static void
1179 {
1197 tmp);
1198 }
1207 }