search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Refuse extra create cells with reason "resource limit"
[tor.git] / src / or / command.c
blobd8a409bc275dadb163e7e06db21f164ae585c66e
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file command.c
9 * \brief Functions for processing incoming cells.
10 **/
11
12 /* In-points to command.c:
13 *
14 * - command_process_cell(), called from
15 * connection_or_process_cells_from_inbuf() in connection_or.c
16 */
17
18 #include "or.h"
19 #include "circuitbuild.h"
20 #include "circuitlist.h"
21 #include "command.h"
22 #include "connection.h"
23 #include "connection_or.h"
24 #include "config.h"
25 #include "control.h"
26 #include "cpuworker.h"
27 #include "hibernate.h"
28 #include "nodelist.h"
29 #include "onion.h"
30 #include "relay.h"
31 #include "router.h"
32 #include "routerlist.h"
33
34 /** How many CELL_PADDING cells have we received, ever? */
35 uint64_t stats_n_padding_cells_processed = 0;
36 /** How many CELL_CREATE cells have we received, ever? */
37 uint64_t stats_n_create_cells_processed = 0;
38 /** How many CELL_CREATED cells have we received, ever? */
39 uint64_t stats_n_created_cells_processed = 0;
40 /** How many CELL_RELAY cells have we received, ever? */
41 uint64_t stats_n_relay_cells_processed = 0;
42 /** How many CELL_DESTROY cells have we received, ever? */
43 uint64_t stats_n_destroy_cells_processed = 0;
44 /** How many CELL_VERSIONS cells have we received, ever? */
45 uint64_t stats_n_versions_cells_processed = 0;
46 /** How many CELL_NETINFO cells have we received, ever? */
47 uint64_t stats_n_netinfo_cells_processed = 0;
48
49 /** How many CELL_VPADDING cells have we received, ever? */
50 uint64_t stats_n_vpadding_cells_processed = 0;
51 /** How many CELL_CERTS cells have we received, ever? */
52 uint64_t stats_n_certs_cells_processed = 0;
53 /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
54 uint64_t stats_n_auth_challenge_cells_processed = 0;
55 /** How many CELL_AUTHENTICATE cells have we received, ever? */
56 uint64_t stats_n_authenticate_cells_processed = 0;
57 /** How many CELL_AUTHORIZE cells have we received, ever? */
58 uint64_t stats_n_authorize_cells_processed = 0;
59
60 /* These are the main functions for processing cells */
61 static void command_process_create_cell(cell_t *cell, or_connection_t *conn);
62 static void command_process_created_cell(cell_t *cell, or_connection_t *conn);
63 static void command_process_relay_cell(cell_t *cell, or_connection_t *conn);
64 static void command_process_destroy_cell(cell_t *cell, or_connection_t *conn);
65 static void command_process_versions_cell(var_cell_t *cell,
66 or_connection_t *conn);
67 static void command_process_netinfo_cell(cell_t *cell, or_connection_t *conn);
68 static void command_process_certs_cell(var_cell_t *cell,
69 or_connection_t *conn);
70 static void command_process_auth_challenge_cell(var_cell_t *cell,
71 or_connection_t *conn);
72 static void command_process_authenticate_cell(var_cell_t *cell,
73 or_connection_t *conn);
74 static int enter_v3_handshake_with_cell(var_cell_t *cell,
75 or_connection_t *conn);
76
77 #ifdef KEEP_TIMING_STATS
78 /** This is a wrapper function around the actual function that processes the
79 * <b>cell</b> that just arrived on <b>conn</b>. Increment <b>*time</b>
80 * by the number of microseconds used by the call to <b>*func(cell, conn)</b>.
81 */
82 static void
83 command_time_process_cell(cell_t *cell, or_connection_t *conn, int *time,
84 void (*func)(cell_t *, or_connection_t *))
85 {
86 struct timeval start, end;
87 long time_passed;
88
89 tor_gettimeofday(&start);
90
91 (*func)(cell, conn);
92
93 tor_gettimeofday(&end);
94 time_passed = tv_udiff(&start, &end) ;
95
96 if (time_passed > 10000) { /* more than 10ms */
97 log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
98 }
99 if (time_passed < 0) {
100 log_info(LD_GENERAL,"That call took us back in time!");
101 time_passed = 0;
102 }
103 *time += time_passed;
104 }
105 #endif
106
107 /** Process a <b>cell</b> that was just received on <b>conn</b>. Keep internal
108 * statistics about how many of each cell we've processed so far
109 * this second, and the total number of microseconds it took to
110 * process each type of cell.
111 */
112 void
113 command_process_cell(cell_t *cell, or_connection_t *conn)
114 {
115 int handshaking = (conn->_base.state != OR_CONN_STATE_OPEN);
116 #ifdef KEEP_TIMING_STATS
117 /* how many of each cell have we seen so far this second? needs better
118 * name. */
119 static int num_create=0, num_created=0, num_relay=0, num_destroy=0;
120 /* how long has it taken to process each type of cell? */
121 static int create_time=0, created_time=0, relay_time=0, destroy_time=0;
122 static time_t current_second = 0; /* from previous calls to time */
123
124 time_t now = time(NULL);
125
126 if (now > current_second) { /* the second has rolled over */
127 /* print stats */
128 log_info(LD_OR,
129 "At end of second: %d creates (%d ms), %d createds (%d ms), "
130 "%d relays (%d ms), %d destroys (%d ms)",
131 num_create, create_time/1000,
132 num_created, created_time/1000,
133 num_relay, relay_time/1000,
134 num_destroy, destroy_time/1000);
135
136 /* zero out stats */
137 num_create = num_created = num_relay = num_destroy = 0;
138 create_time = created_time = relay_time = destroy_time = 0;
139
140 /* remember which second it is, for next time */
141 current_second = now;
142 }
143 #endif
144
145 #ifdef KEEP_TIMING_STATS
146 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
147 ++num ## tp; \
148 command_time_process_cell(cl, cn, & tp ## time , \
149 command_process_ ## tp ## _cell); \
150 } STMT_END
151 #else
152 #define PROCESS_CELL(tp, cl, cn) command_process_ ## tp ## _cell(cl, cn)
153 #endif
154
155 if (conn->_base.marked_for_close)
156 return;
157
158 /* Reject all but VERSIONS and NETINFO when handshaking. */
159 /* (VERSIONS should actually be impossible; it's variable-length.) */
160 if (handshaking && cell->command != CELL_VERSIONS &&
161 cell->command != CELL_NETINFO) {
162 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
163 "Received unexpected cell command %d in state %s; closing the "
164 "connection.",
165 (int)cell->command,
166 conn_state_to_string(CONN_TYPE_OR,conn->_base.state));
167 connection_mark_for_close(TO_CONN(conn));
168 return;
169 }
170
171 if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
172 or_handshake_state_record_cell(conn->handshake_state, cell, 1);
173
174 switch (cell->command) {
175 case CELL_PADDING:
176 ++stats_n_padding_cells_processed;
177 /* do nothing */
178 break;
179 case CELL_CREATE:
180 case CELL_CREATE_FAST:
181 ++stats_n_create_cells_processed;
182 PROCESS_CELL(create, cell, conn);
183 break;
184 case CELL_CREATED:
185 case CELL_CREATED_FAST:
186 ++stats_n_created_cells_processed;
187 PROCESS_CELL(created, cell, conn);
188 break;
189 case CELL_RELAY:
190 case CELL_RELAY_EARLY:
191 ++stats_n_relay_cells_processed;
192 PROCESS_CELL(relay, cell, conn);
193 break;
194 case CELL_DESTROY:
195 ++stats_n_destroy_cells_processed;
196 PROCESS_CELL(destroy, cell, conn);
197 break;
198 case CELL_VERSIONS:
199 tor_fragile_assert();
200 break;
201 case CELL_NETINFO:
202 ++stats_n_netinfo_cells_processed;
203 PROCESS_CELL(netinfo, cell, conn);
204 break;
205 default:
206 log_fn(LOG_INFO, LD_PROTOCOL,
207 "Cell of unknown type (%d) received. Dropping.", cell->command);
208 break;
209 }
210 }
211
212 /** Return true if <b>command</b> is a cell command that's allowed to start a
213 * V3 handshake. */
214 static int
215 command_allowed_before_handshake(uint8_t command)
216 {
217 switch (command) {
218 case CELL_VERSIONS:
219 case CELL_VPADDING:
220 case CELL_AUTHORIZE:
221 return 1;
222 default:
223 return 0;
224 }
225 }
226
227 /** Process a <b>cell</b> that was just received on <b>conn</b>. Keep internal
228 * statistics about how many of each cell we've processed so far
229 * this second, and the total number of microseconds it took to
230 * process each type of cell.
231 */
232 void
233 command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
234 {
235 #ifdef KEEP_TIMING_STATS
236 /* how many of each cell have we seen so far this second? needs better
237 * name. */
238 static int num_versions=0, num_certs=0;
239
240 time_t now = time(NULL);
241
242 if (now > current_second) { /* the second has rolled over */
243 /* print stats */
244 log_info(LD_OR,
245 "At end of second: %d versions (%d ms), %d certs (%d ms)",
246 num_versions, versions_time/1000,
247 num_certs, certs_time/1000);
248
249 num_versions = num_certs = 0;
250 versions_time = certs_time = 0;
251
252 /* remember which second it is, for next time */
253 current_second = now;
254 }
255 #endif
256
257 if (conn->_base.marked_for_close)
258 return;
259
260 switch (conn->_base.state)
261 {
262 case OR_CONN_STATE_OR_HANDSHAKING_V2:
263 if (cell->command != CELL_VERSIONS) {
264 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
265 "Received a cell with command %d in state %s; "
266 "closing the connection.",
267 (int)cell->command,
268 conn_state_to_string(CONN_TYPE_OR,conn->_base.state));
269 connection_mark_for_close(TO_CONN(conn));
270 return;
271 }
272 break;
273 case OR_CONN_STATE_TLS_HANDSHAKING:
274 /* If we're using bufferevents, it's entirely possible for us to
275 * notice "hey, data arrived!" before we notice "hey, the handshake
276 * finished!" And we need to be accepting both at once to handle both
277 * the v2 and v3 handshakes. */
278
279 /* fall through */
280 case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
281 if (! command_allowed_before_handshake(cell->command)) {
282 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
283 "Received a cell with command %d in state %s; "
284 "closing the connection.",
285 (int)cell->command,
286 conn_state_to_string(CONN_TYPE_OR,conn->_base.state));
287 connection_mark_for_close(TO_CONN(conn));
288 return;
289 } else {
290 if (enter_v3_handshake_with_cell(cell, conn)<0)
291 return;
292 }
293 break;
294 case OR_CONN_STATE_OR_HANDSHAKING_V3:
295 if (cell->command != CELL_AUTHENTICATE)
296 or_handshake_state_record_var_cell(conn->handshake_state, cell, 1);
297 break; /* Everything is allowed */
298 case OR_CONN_STATE_OPEN:
299 if (conn->link_proto < 3) {
300 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
301 "Received a variable-length cell with command %d in state %s "
302 "with link protocol %d; ignoring it.",
303 (int)cell->command,
304 conn_state_to_string(CONN_TYPE_OR,conn->_base.state),
305 (int)conn->link_proto);
306 return;
307 }
308 break;
309 default:
310 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
311 "Received var-length cell with command %d in unexpected state "
312 "%s [%d]; ignoring it.",
313 (int)cell->command,
314 conn_state_to_string(CONN_TYPE_OR,conn->_base.state),
315 (int)conn->_base.state);
316 return;
317 }
318
319 switch (cell->command) {
320 case CELL_VERSIONS:
321 ++stats_n_versions_cells_processed;
322 PROCESS_CELL(versions, cell, conn);
323 break;
324 case CELL_VPADDING:
325 ++stats_n_vpadding_cells_processed;
326 /* Do nothing */
327 break;
328 case CELL_CERTS:
329 ++stats_n_certs_cells_processed;
330 PROCESS_CELL(certs, cell, conn);
331 break;
332 case CELL_AUTH_CHALLENGE:
333 ++stats_n_auth_challenge_cells_processed;
334 PROCESS_CELL(auth_challenge, cell, conn);
335 break;
336 case CELL_AUTHENTICATE:
337 ++stats_n_authenticate_cells_processed;
338 PROCESS_CELL(authenticate, cell, conn);
339 break;
340 case CELL_AUTHORIZE:
341 ++stats_n_authorize_cells_processed;
342 /* Ignored so far. */
343 break;
344 default:
345 log_fn(LOG_INFO, LD_PROTOCOL,
346 "Variable-length cell of unknown type (%d) received.",
347 cell->command);
348 break;
349 }
350 }
351
352 /** Process a 'create' <b>cell</b> that just arrived from <b>conn</b>. Make a
353 * new circuit with the p_circ_id specified in cell. Put the circuit in state
354 * onionskin_pending, and pass the onionskin to the cpuworker. Circ will get
355 * picked up again when the cpuworker finishes decrypting it.
356 */
357 static void
358 command_process_create_cell(cell_t *cell, or_connection_t *conn)
359 {
360 or_circuit_t *circ;
361 const or_options_t *options = get_options();
362 int id_is_high;
363
364 if (we_are_hibernating()) {
365 log_info(LD_OR,
366 "Received create cell but we're shutting down. Sending back "
367 "destroy.");
368 connection_or_send_destroy(cell->circ_id, conn,
369 END_CIRC_REASON_HIBERNATING);
370 return;
371 }
372
373 if (!server_mode(options) ||
374 (!public_server_mode(options) && conn->is_outgoing)) {
375 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
376 "Received create cell (type %d) from %s:%d, but we're connected "
377 "to it as a client. "
378 "Sending back a destroy.",
379 (int)cell->command, conn->_base.address, conn->_base.port);
380 connection_or_send_destroy(cell->circ_id, conn,
381 END_CIRC_REASON_TORPROTOCOL);
382 return;
383 }
384
385 /* If the high bit of the circuit ID is not as expected, close the
386 * circ. */
387 id_is_high = cell->circ_id & (1<<15);
388 if ((id_is_high && conn->circ_id_type == CIRC_ID_TYPE_HIGHER) ||
389 (!id_is_high && conn->circ_id_type == CIRC_ID_TYPE_LOWER)) {
390 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
391 "Received create cell with unexpected circ_id %d. Closing.",
392 cell->circ_id);
393 connection_or_send_destroy(cell->circ_id, conn,
394 END_CIRC_REASON_TORPROTOCOL);
395 return;
396 }
397
398 if (circuit_id_in_use_on_orconn(cell->circ_id, conn)) {
399 const node_t *node = node_get_by_id(conn->identity_digest);
400 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
401 "Received CREATE cell (circID %d) for known circ. "
402 "Dropping (age %d).",
403 cell->circ_id, (int)(time(NULL) - conn->_base.timestamp_created));
404 if (node) {
405 char *p = esc_for_log(node_get_platform(node));
406 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
407 "Details: router %s, platform %s.",
408 node_describe(node), p);
409 tor_free(p);
410 }
411 return;
412 }
413
414 circ = or_circuit_new(cell->circ_id, conn);
415 circ->_base.purpose = CIRCUIT_PURPOSE_OR;
416 circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_ONIONSKIN_PENDING);
417 if (cell->command == CELL_CREATE) {
418 char *onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN);
419 memcpy(onionskin, cell->payload, ONIONSKIN_CHALLENGE_LEN);
420
421 /* hand it off to the cpuworkers, and then return. */
422 if (assign_onionskin_to_cpuworker(NULL, circ, onionskin) < 0) {
423 #define WARN_HANDOFF_FAILURE_INTERVAL (6*60*60)
424 static ratelim_t handoff_warning =
425 RATELIM_INIT(WARN_HANDOFF_FAILURE_INTERVAL);
426 char *m;
427 if ((m = rate_limit_log(&handoff_warning, approx_time()))) {
428 log_warn(LD_GENERAL,"Failed to hand off onionskin. Closing.%s",m);
429 tor_free(m);
430 }
431 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
432 return;
433 }
434 log_debug(LD_OR,"success: handed off onionskin.");
435 } else {
436 /* This is a CREATE_FAST cell; we can handle it immediately without using
437 * a CPU worker. */
438 char keys[CPATH_KEY_MATERIAL_LEN];
439 char reply[DIGEST_LEN*2];
440
441 tor_assert(cell->command == CELL_CREATE_FAST);
442
443 /* Make sure we never try to use the OR connection on which we
444 * received this cell to satisfy an EXTEND request, */
445 conn->is_connection_with_client = 1;
446
447 if (fast_server_handshake(cell->payload, (uint8_t*)reply,
448 (uint8_t*)keys, sizeof(keys))<0) {
449 log_warn(LD_OR,"Failed to generate key material. Closing.");
450 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
451 return;
452 }
453 if (onionskin_answer(circ, CELL_CREATED_FAST, reply, keys)<0) {
454 log_warn(LD_OR,"Failed to reply to CREATE_FAST cell. Closing.");
455 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
456 return;
457 }
458 }
459 }
460
461 /** Process a 'created' <b>cell</b> that just arrived from <b>conn</b>.
462 * Find the circuit
463 * that it's intended for. If we're not the origin of the circuit, package
464 * the 'created' cell in an 'extended' relay cell and pass it back. If we
465 * are the origin of the circuit, send it to circuit_finish_handshake() to
466 * finish processing keys, and then call circuit_send_next_onion_skin() to
467 * extend to the next hop in the circuit if necessary.
468 */
469 static void
470 command_process_created_cell(cell_t *cell, or_connection_t *conn)
471 {
472 circuit_t *circ;
473
474 circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
475
476 if (!circ) {
477 log_info(LD_OR,
478 "(circID %d) unknown circ (probably got a destroy earlier). "
479 "Dropping.", cell->circ_id);
480 return;
481 }
482
483 if (circ->n_circ_id != cell->circ_id) {
484 log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,
485 "got created cell from Tor client? Closing.");
486 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
487 return;
488 }
489
490 if (CIRCUIT_IS_ORIGIN(circ)) { /* we're the OP. Handshake this. */
491 origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
492 int err_reason = 0;
493 log_debug(LD_OR,"at OP. Finishing handshake.");
494 if ((err_reason = circuit_finish_handshake(origin_circ, cell->command,
495 cell->payload)) < 0) {
496 log_warn(LD_OR,"circuit_finish_handshake failed.");
497 circuit_mark_for_close(circ, -err_reason);
498 return;
499 }
500 log_debug(LD_OR,"Moving to next skin.");
501 if ((err_reason = circuit_send_next_onion_skin(origin_circ)) < 0) {
502 log_info(LD_OR,"circuit_send_next_onion_skin failed.");
503 /* XXX push this circuit_close lower */
504 circuit_mark_for_close(circ, -err_reason);
505 return;
506 }
507 } else { /* pack it into an extended relay cell, and send it. */
508 log_debug(LD_OR,
509 "Converting created cell to extended relay cell, sending.");
510 relay_send_command_from_edge(0, circ, RELAY_COMMAND_EXTENDED,
511 (char*)cell->payload, ONIONSKIN_REPLY_LEN,
512 NULL);
513 }
514 }
515
516 /** Process a 'relay' or 'relay_early' <b>cell</b> that just arrived from
517 * <b>conn</b>. Make sure it came in with a recognized circ_id. Pass it on to
518 * circuit_receive_relay_cell() for actual processing.
519 */
520 static void
521 command_process_relay_cell(cell_t *cell, or_connection_t *conn)
522 {
523 circuit_t *circ;
524 int reason, direction;
525
526 circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
527
528 if (!circ) {
529 log_debug(LD_OR,
530 "unknown circuit %d on connection from %s:%d. Dropping.",
531 cell->circ_id, conn->_base.address, conn->_base.port);
532 return;
533 }
534
535 if (circ->state == CIRCUIT_STATE_ONIONSKIN_PENDING) {
536 log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit in create_wait. Closing.");
537 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
538 return;
539 }
540
541 if (CIRCUIT_IS_ORIGIN(circ)) {
542 /* if we're a relay and treating connections with recent local
543 * traffic better, then this is one of them. */
544 conn->client_used = time(NULL);
545 }
546
547 if (!CIRCUIT_IS_ORIGIN(circ) &&
548 cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id)
549 direction = CELL_DIRECTION_OUT;
550 else
551 direction = CELL_DIRECTION_IN;
552
553 /* If we have a relay_early cell, make sure that it's outbound, and we've
554 * gotten no more than MAX_RELAY_EARLY_CELLS_PER_CIRCUIT of them. */
555 if (cell->command == CELL_RELAY_EARLY) {
556 if (direction == CELL_DIRECTION_IN) {
557 /* Allow an unlimited number of inbound relay_early cells,
558 * for hidden service compatibility. There isn't any way to make
559 * a long circuit through inbound relay_early cells anyway. See
560 * bug 1038. -RD */
561 } else {
562 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
563 if (or_circ->remaining_relay_early_cells == 0) {
564 log_fn(LOG_PROTOCOL_WARN, LD_OR,
565 "Received too many RELAY_EARLY cells on circ %d from %s:%d."
566 " Closing circuit.",
567 cell->circ_id, safe_str(conn->_base.address),
568 conn->_base.port);
569 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
570 return;
571 }
572 --or_circ->remaining_relay_early_cells;
573 }
574 }
575
576 if ((reason = circuit_receive_relay_cell(cell, circ, direction)) < 0) {
577 log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit_receive_relay_cell "
578 "(%s) failed. Closing.",
579 direction==CELL_DIRECTION_OUT?"forward":"backward");
580 circuit_mark_for_close(circ, -reason);
581 }
582 }
583
584 /** Process a 'destroy' <b>cell</b> that just arrived from
585 * <b>conn</b>. Find the circ that it refers to (if any).
586 *
587 * If the circ is in state
588 * onionskin_pending, then call onion_pending_remove() to remove it
589 * from the pending onion list (note that if it's already being
590 * processed by the cpuworker, it won't be in the list anymore; but
591 * when the cpuworker returns it, the circuit will be gone, and the
592 * cpuworker response will be dropped).
593 *
594 * Then mark the circuit for close (which marks all edges for close,
595 * and passes the destroy cell onward if necessary).
596 */
597 static void
598 command_process_destroy_cell(cell_t *cell, or_connection_t *conn)
599 {
600 circuit_t *circ;
601 int reason;
602
603 circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
604 if (!circ) {
605 log_info(LD_OR,"unknown circuit %d on connection from %s:%d. Dropping.",
606 cell->circ_id, conn->_base.address, conn->_base.port);
607 return;
608 }
609 log_debug(LD_OR,"Received for circID %d.",cell->circ_id);
610
611 reason = (uint8_t)cell->payload[0];
612
613 if (!CIRCUIT_IS_ORIGIN(circ) &&
614 cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
615 /* the destroy came from behind */
616 circuit_set_p_circid_orconn(TO_OR_CIRCUIT(circ), 0, NULL);
617 circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
618 } else { /* the destroy came from ahead */
619 circuit_set_n_circid_orconn(circ, 0, NULL);
620 if (CIRCUIT_IS_ORIGIN(circ)) {
621 circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
622 } else {
623 char payload[1];
624 log_debug(LD_OR, "Delivering 'truncated' back.");
625 payload[0] = (char)reason;
626 relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
627 payload, sizeof(payload), NULL);
628 }
629 }
630 }
631
632 /** Called when we as a server receive an appropriate cell while waiting
633 * either for a cell or a TLS handshake. Set the connection's state to
634 * "handshaking_v3', initializes the or_handshake_state field as needed,
635 * and add the cell to the hash of incoming cells.)
636 *
637 * Return 0 on success; return -1 and mark the connection on failure.
638 */
639 static int
640 enter_v3_handshake_with_cell(var_cell_t *cell, or_connection_t *conn)
641 {
642 const int started_here = connection_or_nonopen_was_started_here(conn);
643
644 tor_assert(conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING ||
645 conn->_base.state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
646
647 if (started_here) {
648 log_fn(LOG_PROTOCOL_WARN, LD_OR,
649 "Received a cell while TLS-handshaking, not in "
650 "OR_HANDSHAKING_V3, on a connection we originated.");
651 }
652 conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
653 if (connection_init_or_handshake_state(conn, started_here) < 0) {
654 connection_mark_for_close(TO_CONN(conn));
655 return -1;
656 }
657 or_handshake_state_record_var_cell(conn->handshake_state, cell, 1);
658 return 0;
659 }
660
661 /** Process a 'versions' cell. The current link protocol version must be 0
662 * to indicate that no version has yet been negotiated. We compare the
663 * versions in the cell to the list of versions we support, pick the
664 * highest version we have in common, and continue the negotiation from
665 * there.
666 */
667 static void
668 command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
669 {
670 int highest_supported_version = 0;
671 const uint8_t *cp, *end;
672 const int started_here = connection_or_nonopen_was_started_here(conn);
673 if (conn->link_proto != 0 ||
674 (conn->handshake_state && conn->handshake_state->received_versions)) {
675 log_fn(LOG_PROTOCOL_WARN, LD_OR,
676 "Received a VERSIONS cell on a connection with its version "
677 "already set to %d; dropping", (int) conn->link_proto);
678 return;
679 }
680 switch (conn->_base.state)
681 {
682 case OR_CONN_STATE_OR_HANDSHAKING_V2:
683 case OR_CONN_STATE_OR_HANDSHAKING_V3:
684 break;
685 case OR_CONN_STATE_TLS_HANDSHAKING:
686 case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
687 default:
688 log_fn(LOG_PROTOCOL_WARN, LD_OR,
689 "VERSIONS cell while in unexpected state");
690 return;
691 }
692
693 tor_assert(conn->handshake_state);
694 end = cell->payload + cell->payload_len;
695 for (cp = cell->payload; cp+1 < end; ++cp) {
696 uint16_t v = ntohs(get_uint16(cp));
697 if (is_or_protocol_version_known(v) && v > highest_supported_version)
698 highest_supported_version = v;
699 }
700 if (!highest_supported_version) {
701 log_fn(LOG_PROTOCOL_WARN, LD_OR,
702 "Couldn't find a version in common between my version list and the "
703 "list in the VERSIONS cell; closing connection.");
704 connection_mark_for_close(TO_CONN(conn));
705 return;
706 } else if (highest_supported_version == 1) {
707 /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
708 * cells. */
709 log_fn(LOG_PROTOCOL_WARN, LD_OR,
710 "Used version negotiation protocol to negotiate a v1 connection. "
711 "That's crazily non-compliant. Closing connection.");
712 connection_mark_for_close(TO_CONN(conn));
713 return;
714 } else if (highest_supported_version < 3 &&
715 conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
716 log_fn(LOG_PROTOCOL_WARN, LD_OR,
717 "Negotiated link protocol 2 or lower after doing a v3 TLS "
718 "handshake. Closing connection.");
719 connection_mark_for_close(TO_CONN(conn));
720 return;
721 }
722
723 conn->link_proto = highest_supported_version;
724 conn->handshake_state->received_versions = 1;
725
726 if (conn->link_proto == 2) {
727 log_info(LD_OR, "Negotiated version %d with %s:%d; sending NETINFO.",
728 highest_supported_version,
729 safe_str_client(conn->_base.address),
730 conn->_base.port);
731
732 if (connection_or_send_netinfo(conn) < 0) {
733 connection_mark_for_close(TO_CONN(conn));
734 return;
735 }
736 } else {
737 const int send_versions = !started_here;
738 /* If we want to authenticate, send a CERTS cell */
739 const int send_certs = !started_here || public_server_mode(get_options());
740 /* If we're a relay that got a connection, ask for authentication. */
741 const int send_chall = !started_here && public_server_mode(get_options());
742 /* If our certs cell will authenticate us, we can send a netinfo cell
743 * right now. */
744 const int send_netinfo = !started_here;
745 const int send_any =
746 send_versions || send_certs || send_chall || send_netinfo;
747 tor_assert(conn->link_proto >= 3);
748
749 log_info(LD_OR, "Negotiated version %d with %s:%d; %s%s%s%s%s",
750 highest_supported_version,
751 safe_str_client(conn->_base.address),
752 conn->_base.port,
753 send_any ? "Sending cells:" : "Waiting for CERTS cell",
754 send_versions ? " VERSIONS" : "",
755 send_certs ? " CERTS" : "",
756 send_chall ? " AUTH_CHALLENGE" : "",
757 send_netinfo ? " NETINFO" : "");
758
759 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
760 if (1) {
761 connection_mark_for_close(TO_CONN(conn));
762 return;
763 }
764 #endif
765
766 if (send_versions) {
767 if (connection_or_send_versions(conn, 1) < 0) {
768 log_warn(LD_OR, "Couldn't send versions cell");
769 connection_mark_for_close(TO_CONN(conn));
770 return;
771 }
772 }
773 if (send_certs) {
774 if (connection_or_send_certs_cell(conn) < 0) {
775 log_warn(LD_OR, "Couldn't send certs cell");
776 connection_mark_for_close(TO_CONN(conn));
777 return;
778 }
779 }
780 if (send_chall) {
781 if (connection_or_send_auth_challenge_cell(conn) < 0) {
782 log_warn(LD_OR, "Couldn't send auth_challenge cell");
783 connection_mark_for_close(TO_CONN(conn));
784 return;
785 }
786 }
787 if (send_netinfo) {
788 if (connection_or_send_netinfo(conn) < 0) {
789 log_warn(LD_OR, "Couldn't send netinfo cell");
790 connection_mark_for_close(TO_CONN(conn));
791 return;
792 }
793 }
794 }
795 }
796
797 /** Process a 'netinfo' cell: read and act on its contents, and set the
798 * connection state to "open". */
799 static void
800 command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
801 {
802 time_t timestamp;
803 uint8_t my_addr_type;
804 uint8_t my_addr_len;
805 const uint8_t *my_addr_ptr;
806 const uint8_t *cp, *end;
807 uint8_t n_other_addrs;
808 time_t now = time(NULL);
809
810 long apparent_skew = 0;
811 uint32_t my_apparent_addr = 0;
812
813 if (conn->link_proto < 2) {
814 log_fn(LOG_PROTOCOL_WARN, LD_OR,
815 "Received a NETINFO cell on %s connection; dropping.",
816 conn->link_proto == 0 ? "non-versioned" : "a v1");
817 return;
818 }
819 if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
820 conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
821 log_fn(LOG_PROTOCOL_WARN, LD_OR,
822 "Received a NETINFO cell on non-handshaking connection; dropping.");
823 return;
824 }
825 tor_assert(conn->handshake_state &&
826 conn->handshake_state->received_versions);
827
828 if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
829 tor_assert(conn->link_proto >= 3);
830 if (conn->handshake_state->started_here) {
831 if (!conn->handshake_state->authenticated) {
832 log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got a NETINFO cell from server, "
833 "but no authentication. Closing the connection.");
834 connection_mark_for_close(TO_CONN(conn));
835 return;
836 }
837 } else {
838 /* we're the server. If the client never authenticated, we have
839 some housekeeping to do.*/
840 if (!conn->handshake_state->authenticated) {
841 tor_assert(tor_digest_is_zero(
842 (const char*)conn->handshake_state->authenticated_peer_id));
843 connection_or_set_circid_type(conn, NULL);
844
845 connection_or_init_conn_from_address(conn,
846 &conn->_base.addr,
847 conn->_base.port,
848 (const char*)conn->handshake_state->authenticated_peer_id,
849 0);
850 }
851 }
852 }
853
854 /* Decode the cell. */
855 timestamp = ntohl(get_uint32(cell->payload));
856 if (labs(now - conn->handshake_state->sent_versions_at) < 180) {
857 apparent_skew = now - timestamp;
858 }
859
860 my_addr_type = (uint8_t) cell->payload[4];
861 my_addr_len = (uint8_t) cell->payload[5];
862 my_addr_ptr = (uint8_t*) cell->payload + 6;
863 end = cell->payload + CELL_PAYLOAD_SIZE;
864 cp = cell->payload + 6 + my_addr_len;
865 if (cp >= end) {
866 log_fn(LOG_PROTOCOL_WARN, LD_OR,
867 "Addresses too long in netinfo cell; closing connection.");
868 connection_mark_for_close(TO_CONN(conn));
869 return;
870 } else if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
871 my_apparent_addr = ntohl(get_uint32(my_addr_ptr));
872 }
873
874 n_other_addrs = (uint8_t) *cp++;
875 while (n_other_addrs && cp < end-2) {
876 /* Consider all the other addresses; if any matches, this connection is
877 * "canonical." */
878 tor_addr_t addr;
879 const uint8_t *next =
880 decode_address_from_payload(&addr, cp, (int)(end-cp));
881 if (next == NULL) {
882 log_fn(LOG_PROTOCOL_WARN, LD_OR,
883 "Bad address in netinfo cell; closing connection.");
884 connection_mark_for_close(TO_CONN(conn));
885 return;
886 }
887 if (tor_addr_eq(&addr, &conn->real_addr)) {
888 conn->is_canonical = 1;
889 break;
890 }
891 cp = next;
892 --n_other_addrs;
893 }
894
895 /* Act on apparent skew. */
896 /** Warn when we get a netinfo skew with at least this value. */
897 #define NETINFO_NOTICE_SKEW 3600
898 if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
899 router_get_by_id_digest(conn->identity_digest)) {
900 char dbuf[64];
901 int severity;
902 /*XXXX be smarter about when everybody says we are skewed. */
903 if (router_digest_is_trusted_dir(conn->identity_digest))
904 severity = LOG_WARN;
905 else
906 severity = LOG_INFO;
907 format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
908 log_fn(severity, LD_GENERAL, "Received NETINFO cell with skewed time from "
909 "server at %s:%d. It seems that our clock is %s by %s, or "
910 "that theirs is %s. Tor requires an accurate clock to work: "
911 "please check your time and date settings.",
912 conn->_base.address, (int)conn->_base.port,
913 apparent_skew>0 ? "ahead" : "behind", dbuf,
914 apparent_skew>0 ? "behind" : "ahead");
915 if (severity == LOG_WARN) /* only tell the controller if an authority */
916 control_event_general_status(LOG_WARN,
917 "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
918 apparent_skew,
919 conn->_base.address, conn->_base.port);
920 }
921
922 /* XXX maybe act on my_apparent_addr, if the source is sufficiently
923 * trustworthy. */
924 (void)my_apparent_addr;
925
926 if (connection_or_set_state_open(conn)<0) {
927 log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got good NETINFO cell from %s:%d; but "
928 "was unable to make the OR connection become open.",
929 safe_str_client(conn->_base.address),
930 conn->_base.port);
931 connection_mark_for_close(TO_CONN(conn));
932 } else {
933 log_info(LD_OR, "Got good NETINFO cell from %s:%d; OR connection is now "
934 "open, using protocol version %d. Its ID digest is %s",
935 safe_str_client(conn->_base.address),
936 conn->_base.port, (int)conn->link_proto,
937 hex_str(conn->identity_digest, DIGEST_LEN));
938 }
939 assert_connection_ok(TO_CONN(conn),time(NULL));
940 }
941
942 /** Process a CERTS cell from an OR connection.
943 *
944 * If the other side should not have sent us a CERTS cell, or the cell is
945 * malformed, or it is supposed to authenticate the TLS key but it doesn't,
946 * then mark the connection.
947 *
948 * If the cell has a good cert chain and we're doing a v3 handshake, then
949 * store the certificates in or_handshake_state. If this is the client side
950 * of the connection, we then authenticate the server or mark the connection.
951 * If it's the server side, wait for an AUTHENTICATE cell.
952 */
953 static void
954 command_process_certs_cell(var_cell_t *cell, or_connection_t *conn)
955 {
956 #define ERR(s) \
957 do { \
958 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
959 "Received a bad CERTS cell from %s:%d: %s", \
960 safe_str(conn->_base.address), conn->_base.port, (s)); \
961 connection_mark_for_close(TO_CONN(conn)); \
962 goto err; \
963 } while (0)
964
965 tor_cert_t *link_cert = NULL;
966 tor_cert_t *id_cert = NULL;
967 tor_cert_t *auth_cert = NULL;
968
969 uint8_t *ptr;
970 int n_certs, i;
971 int send_netinfo = 0;
972
973 if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
974 ERR("We're not doing a v3 handshake!");
975 if (conn->link_proto < 3)
976 ERR("We're not using link protocol >= 3");
977 if (conn->handshake_state->received_certs_cell)
978 ERR("We already got one");
979 if (conn->handshake_state->authenticated) {
980 /* Should be unreachable, but let's make sure. */
981 ERR("We're already authenticated!");
982 }
983 if (cell->payload_len < 1)
984 ERR("It had no body");
985 if (cell->circ_id)
986 ERR("It had a nonzero circuit ID");
987
988 n_certs = cell->payload[0];
989 ptr = cell->payload + 1;
990 for (i = 0; i < n_certs; ++i) {
991 uint8_t cert_type;
992 uint16_t cert_len;
993 if (ptr + 3 > cell->payload + cell->payload_len) {
994 goto truncated;
995 }
996 cert_type = *ptr;
997 cert_len = ntohs(get_uint16(ptr+1));
998 if (ptr + 3 + cert_len > cell->payload + cell->payload_len) {
999 goto truncated;
1000 }
1001 if (cert_type == OR_CERT_TYPE_TLS_LINK ||
1002 cert_type == OR_CERT_TYPE_ID_1024 ||
1003 cert_type == OR_CERT_TYPE_AUTH_1024) {
1004 tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
1005 if (!cert) {
1006 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1007 "Received undecodable certificate in CERTS cell from %s:%d",
1008 safe_str(conn->_base.address), conn->_base.port);
1009 } else {
1010 if (cert_type == OR_CERT_TYPE_TLS_LINK) {
1011 if (link_cert) {
1012 tor_cert_free(cert);
1013 ERR("Too many TLS_LINK certificates");
1014 }
1015 link_cert = cert;
1016 } else if (cert_type == OR_CERT_TYPE_ID_1024) {
1017 if (id_cert) {
1018 tor_cert_free(cert);
1019 ERR("Too many ID_1024 certificates");
1020 }
1021 id_cert = cert;
1022 } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
1023 if (auth_cert) {
1024 tor_cert_free(cert);
1025 ERR("Too many AUTH_1024 certificates");
1026 }
1027 auth_cert = cert;
1028 } else {
1029 tor_cert_free(cert);
1030 }
1031 }
1032 }
1033 ptr += 3 + cert_len;
1034 continue;
1035
1036 truncated:
1037 ERR("It ends in the middle of a certificate");
1038 }
1039
1040 if (conn->handshake_state->started_here) {
1041 int severity;
1042 if (! (id_cert && link_cert))
1043 ERR("The certs we wanted were missing");
1044 /* Okay. We should be able to check the certificates now. */
1045 if (! tor_tls_cert_matches_key(conn->tls, link_cert)) {
1046 ERR("The link certificate didn't match the TLS public key");
1047 }
1048 /* Note that this warns more loudly about time and validity if we were
1049 * _trying_ to connect to an authority, not necessarily if we _did_ connect
1050 * to one. */
1051 if (router_digest_is_trusted_dir(conn->identity_digest))
1052 severity = LOG_WARN;
1053 else
1054 severity = LOG_PROTOCOL_WARN;
1055
1056 if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0))
1057 ERR("The link certificate was not valid");
1058 if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1))
1059 ERR("The ID certificate was not valid");
1060
1061 conn->handshake_state->authenticated = 1;
1062 {
1063 const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
1064 crypto_pk_t *identity_rcvd;
1065 if (!id_digests)
1066 ERR("Couldn't compute digests for key in ID cert");
1067
1068 identity_rcvd = tor_tls_cert_get_key(id_cert);
1069 if (!identity_rcvd)
1070 ERR("Internal error: Couldn't get RSA key from ID cert.");
1071 memcpy(conn->handshake_state->authenticated_peer_id,
1072 id_digests->d[DIGEST_SHA1], DIGEST_LEN);
1073 connection_or_set_circid_type(conn, identity_rcvd);
1074 crypto_pk_free(identity_rcvd);
1075 }
1076
1077 if (connection_or_client_learned_peer_id(conn,
1078 conn->handshake_state->authenticated_peer_id) < 0)
1079 ERR("Problem setting or checking peer id");
1080
1081 log_info(LD_OR, "Got some good certificates from %s:%d: Authenticated it.",
1082 safe_str(conn->_base.address), conn->_base.port);
1083
1084 conn->handshake_state->id_cert = id_cert;
1085 id_cert = NULL;
1086
1087 if (!public_server_mode(get_options())) {
1088 /* If we initiated the connection and we are not a public server, we
1089 * aren't planning to authenticate at all. At this point we know who we
1090 * are talking to, so we can just send a netinfo now. */
1091 send_netinfo = 1;
1092 }
1093 } else {
1094 if (! (id_cert && auth_cert))
1095 ERR("The certs we wanted were missing");
1096
1097 /* Remember these certificates so we can check an AUTHENTICATE cell */
1098 if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1))
1099 ERR("The authentication certificate was not valid");
1100 if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1))
1101 ERR("The ID certificate was not valid");
1102
1103 log_info(LD_OR, "Got some good certificates from %s:%d: "
1104 "Waiting for AUTHENTICATE.",
1105 safe_str(conn->_base.address), conn->_base.port);
1106 /* XXXX check more stuff? */
1107
1108 conn->handshake_state->id_cert = id_cert;
1109 conn->handshake_state->auth_cert = auth_cert;
1110 id_cert = auth_cert = NULL;
1111 }
1112
1113 conn->handshake_state->received_certs_cell = 1;
1114
1115 if (send_netinfo) {
1116 if (connection_or_send_netinfo(conn) < 0) {
1117 log_warn(LD_OR, "Couldn't send netinfo cell");
1118 connection_mark_for_close(TO_CONN(conn));
1119 goto err;
1120 }
1121 }
1122
1123 err:
1124 tor_cert_free(id_cert);
1125 tor_cert_free(link_cert);
1126 tor_cert_free(auth_cert);
1127 #undef ERR
1128 }
1129
1130 /** Process an AUTH_CHALLENGE cell from an OR connection.
1131 *
1132 * If we weren't supposed to get one (for example, because we're not the
1133 * originator of the connection), or it's ill-formed, or we aren't doing a v3
1134 * handshake, mark the connection. If the cell is well-formed but we don't
1135 * want to authenticate, just drop it. If the cell is well-formed *and* we
1136 * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell. */
1137 static void
1138 command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
1139 {
1140 int n_types, i, use_type = -1;
1141 uint8_t *cp;
1142
1143 #define ERR(s) \
1144 do { \
1145 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1146 "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
1147 safe_str(conn->_base.address), conn->_base.port, (s)); \
1148 connection_mark_for_close(TO_CONN(conn)); \
1149 return; \
1150 } while (0)
1151
1152 if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
1153 ERR("We're not currently doing a v3 handshake");
1154 if (conn->link_proto < 3)
1155 ERR("We're not using link protocol >= 3");
1156 if (! conn->handshake_state->started_here)
1157 ERR("We didn't originate this connection");
1158 if (conn->handshake_state->received_auth_challenge)
1159 ERR("We already received one");
1160 if (! conn->handshake_state->received_certs_cell)
1161 ERR("We haven't gotten a CERTS cell yet");
1162 if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
1163 ERR("It was too short");
1164 if (cell->circ_id)
1165 ERR("It had a nonzero circuit ID");
1166
1167 n_types = ntohs(get_uint16(cell->payload + OR_AUTH_CHALLENGE_LEN));
1168 if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2 + 2*n_types)
1169 ERR("It looks truncated");
1170
1171 /* Now see if there is an authentication type we can use */
1172 cp=cell->payload+OR_AUTH_CHALLENGE_LEN+2;
1173 for (i=0; i < n_types; ++i, cp += 2) {
1174 uint16_t authtype = ntohs(get_uint16(cp));
1175 if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET)
1176 use_type = authtype;
1177 }
1178
1179 conn->handshake_state->received_auth_challenge = 1;
1180
1181 if (! public_server_mode(get_options())) {
1182 /* If we're not a public server then we don't want to authenticate on a
1183 connection we originated, and we already sent a NETINFO cell when we
1184 got the CERTS cell. We have nothing more to do. */
1185 return;
1186 }
1187
1188 if (use_type >= 0) {
1189 log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
1190 "authentication",
1191 safe_str(conn->_base.address), conn->_base.port);
1192
1193 if (connection_or_send_authenticate_cell(conn, use_type) < 0) {
1194 log_warn(LD_OR, "Couldn't send authenticate cell");
1195 connection_mark_for_close(TO_CONN(conn));
1196 return;
1197 }
1198 } else {
1199 log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
1200 "know any of its authentication types. Not authenticating.",
1201 safe_str(conn->_base.address), conn->_base.port);
1202 }
1203
1204 if (connection_or_send_netinfo(conn) < 0) {
1205 log_warn(LD_OR, "Couldn't send netinfo cell");
1206 connection_mark_for_close(TO_CONN(conn));
1207 return;
1208 }
1209
1210 #undef ERR
1211 }
1212
1213 /** Process an AUTHENTICATE cell from an OR connection.
1214 *
1215 * If it's ill-formed or we weren't supposed to get one or we're not doing a
1216 * v3 handshake, then mark the connection. If it does not authenticate the
1217 * other side of the connection successfully (because it isn't signed right,
1218 * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
1219 * the identity of the router on the other side of the connection.
1220 */
1221 static void
1222 command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
1223 {
1224 uint8_t expected[V3_AUTH_FIXED_PART_LEN];
1225 const uint8_t *auth;
1226 int authlen;
1227
1228 #define ERR(s) \
1229 do { \
1230 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
1231 "Received a bad AUTHENTICATE cell from %s:%d: %s", \
1232 safe_str(conn->_base.address), conn->_base.port, (s)); \
1233 connection_mark_for_close(TO_CONN(conn)); \
1234 return; \
1235 } while (0)
1236
1237 if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
1238 ERR("We're not doing a v3 handshake");
1239 if (conn->link_proto < 3)
1240 ERR("We're not using link protocol >= 3");
1241 if (conn->handshake_state->started_here)
1242 ERR("We originated this connection");
1243 if (conn->handshake_state->received_authenticate)
1244 ERR("We already got one!");
1245 if (conn->handshake_state->authenticated) {
1246 /* Should be impossible given other checks */
1247 ERR("The peer is already authenticated");
1248 }
1249 if (! conn->handshake_state->received_certs_cell)
1250 ERR("We never got a certs cell");
1251 if (conn->handshake_state->auth_cert == NULL)
1252 ERR("We never got an authentication certificate");
1253 if (conn->handshake_state->id_cert == NULL)
1254 ERR("We never got an identity certificate");
1255 if (cell->payload_len < 4)
1256 ERR("Cell was way too short");
1257
1258 auth = cell->payload;
1259 {
1260 uint16_t type = ntohs(get_uint16(auth));
1261 uint16_t len = ntohs(get_uint16(auth+2));
1262 if (4 + len > cell->payload_len)
1263 ERR("Authenticator was truncated");
1264
1265 if (type != AUTHTYPE_RSA_SHA256_TLSSECRET)
1266 ERR("Authenticator type was not recognized");
1267
1268 auth += 4;
1269 authlen = len;
1270 }
1271
1272 if (authlen < V3_AUTH_BODY_LEN + 1)
1273 ERR("Authenticator was too short");
1274
1275 if (connection_or_compute_authenticate_cell_body(
1276 conn, expected, sizeof(expected), NULL, 1) < 0)
1277 ERR("Couldn't compute expected AUTHENTICATE cell body");
1278
1279 if (tor_memneq(expected, auth, sizeof(expected)))
1280 ERR("Some field in the AUTHENTICATE cell body was not as expected");
1281
1282 {
1283 crypto_pk_t *pk = tor_tls_cert_get_key(
1284 conn->handshake_state->auth_cert);
1285 char d[DIGEST256_LEN];
1286 char *signed_data;
1287 size_t keysize;
1288 int signed_len;
1289
1290 if (!pk)
1291 ERR("Internal error: couldn't get RSA key from AUTH cert.");
1292 crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
1293
1294 keysize = crypto_pk_keysize(pk);
1295 signed_data = tor_malloc(keysize);
1296 signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
1297 (char*)auth + V3_AUTH_BODY_LEN,
1298 authlen - V3_AUTH_BODY_LEN);
1299 crypto_pk_free(pk);
1300 if (signed_len < 0) {
1301 tor_free(signed_data);
1302 ERR("Signature wasn't valid");
1303 }
1304 if (signed_len < DIGEST256_LEN) {
1305 tor_free(signed_data);
1306 ERR("Not enough data was signed");
1307 }
1308 /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
1309 * in case they're later used to hold a SHA3 digest or something. */
1310 if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
1311 tor_free(signed_data);
1312 ERR("Signature did not match data to be signed.");
1313 }
1314 tor_free(signed_data);
1315 }
1316
1317 /* Okay, we are authenticated. */
1318 conn->handshake_state->received_authenticate = 1;
1319 conn->handshake_state->authenticated = 1;
1320 conn->handshake_state->digest_received_data = 0;
1321 {
1322 crypto_pk_t *identity_rcvd =
1323 tor_tls_cert_get_key(conn->handshake_state->id_cert);
1324 const digests_t *id_digests =
1325 tor_cert_get_id_digests(conn->handshake_state->id_cert);
1326
1327 /* This must exist; we checked key type when reading the cert. */
1328 tor_assert(id_digests);
1329
1330 memcpy(conn->handshake_state->authenticated_peer_id,
1331 id_digests->d[DIGEST_SHA1], DIGEST_LEN);
1332
1333 connection_or_set_circid_type(conn, identity_rcvd);
1334 crypto_pk_free(identity_rcvd);
1335
1336 connection_or_init_conn_from_address(conn,
1337 &conn->_base.addr,
1338 conn->_base.port,
1339 (const char*)conn->handshake_state->authenticated_peer_id,
1340 0);
1341
1342 log_info(LD_OR, "Got an AUTHENTICATE cell from %s:%d: Looks good.",
1343 safe_str(conn->_base.address), conn->_base.port);
1344 }
1345
1346 #undef ERR
1347 }
1348
The Onion Router