1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2011, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
7 * \brief Implement introductions points and rendezvous points.
11 #include "circuitlist.h"
17 /** Respond to an ESTABLISH_INTRO cell by checking the signed data and
18 * setting the circuit's purpose and service pk digest.
21 rend_mid_establish_intro(or_circuit_t
*circ
, const uint8_t *request
,
24 crypto_pk_env_t
*pk
= NULL
;
25 char buf
[DIGEST_LEN
+9];
26 char expected_digest
[DIGEST_LEN
];
27 char pk_digest
[DIGEST_LEN
];
30 char serviceid
[REND_SERVICE_ID_LEN_BASE32
+1];
31 int reason
= END_CIRC_REASON_INTERNAL
;
34 "Received an ESTABLISH_INTRO request on circuit %d",
37 if (circ
->_base
.purpose
!= CIRCUIT_PURPOSE_OR
|| circ
->_base
.n_conn
) {
38 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
39 "Rejecting ESTABLISH_INTRO on non-OR or non-edge circuit.");
40 reason
= END_CIRC_REASON_TORPROTOCOL
;
43 if (request_len
< 2+DIGEST_LEN
)
45 /* First 2 bytes: length of asn1-encoded key. */
46 asn1len
= ntohs(get_uint16(request
));
48 /* Next asn1len bytes: asn1-encoded key. */
49 if (request_len
< 2+DIGEST_LEN
+asn1len
)
51 pk
= crypto_pk_asn1_decode((char*)(request
+2), asn1len
);
53 reason
= END_CIRC_REASON_TORPROTOCOL
;
54 log_warn(LD_PROTOCOL
, "Couldn't decode public key.");
58 /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */
59 memcpy(buf
, circ
->handshake_digest
, DIGEST_LEN
);
60 memcpy(buf
+DIGEST_LEN
, "INTRODUCE", 9);
61 if (crypto_digest(expected_digest
, buf
, DIGEST_LEN
+9) < 0) {
62 log_warn(LD_BUG
, "Internal error computing digest.");
65 if (memcmp(expected_digest
, request
+2+asn1len
, DIGEST_LEN
)) {
66 log_warn(LD_PROTOCOL
, "Hash of session info was not as expected.");
67 reason
= END_CIRC_REASON_TORPROTOCOL
;
70 /* Rest of body: signature of previous data */
71 note_crypto_pk_op(REND_MID
);
72 if (crypto_pk_public_checksig_digest(pk
,
73 (char*)request
, 2+asn1len
+DIGEST_LEN
,
74 (char*)(request
+2+DIGEST_LEN
+asn1len
),
75 request_len
-(2+DIGEST_LEN
+asn1len
))<0) {
77 "Incorrect signature on ESTABLISH_INTRO cell; rejecting.");
78 reason
= END_CIRC_REASON_TORPROTOCOL
;
82 /* The request is valid. First, compute the hash of Bob's PK.*/
83 if (crypto_pk_get_digest(pk
, pk_digest
)<0) {
84 log_warn(LD_BUG
, "Internal error: couldn't hash public key.");
88 crypto_free_pk_env(pk
); /* don't need it anymore */
89 pk
= NULL
; /* so we don't free it again if err */
91 base32_encode(serviceid
, REND_SERVICE_ID_LEN_BASE32
+1,
92 pk_digest
, REND_SERVICE_ID_LEN
);
94 /* Close any other intro circuits with the same pk. */
96 while ((c
= circuit_get_intro_point(pk_digest
))) {
97 log_info(LD_REND
, "Replacing old circuit for service %s",
99 circuit_mark_for_close(TO_CIRCUIT(c
), END_CIRC_REASON_FINISHED
);
100 /* Now it's marked, and it won't be returned next time. */
103 /* Acknowledge the request. */
104 if (relay_send_command_from_edge(0, TO_CIRCUIT(circ
),
105 RELAY_COMMAND_INTRO_ESTABLISHED
,
107 log_info(LD_GENERAL
, "Couldn't send INTRO_ESTABLISHED cell.");
111 /* Now, set up this circuit. */
112 circ
->_base
.purpose
= CIRCUIT_PURPOSE_INTRO_POINT
;
113 memcpy(circ
->rend_token
, pk_digest
, DIGEST_LEN
);
116 "Established introduction point on circuit %d for service %s",
117 circ
->p_circ_id
, safe_str(serviceid
));
121 log_warn(LD_PROTOCOL
, "Rejecting truncated ESTABLISH_INTRO cell.");
122 reason
= END_CIRC_REASON_TORPROTOCOL
;
124 if (pk
) crypto_free_pk_env(pk
);
125 circuit_mark_for_close(TO_CIRCUIT(circ
), reason
);
129 /** Process an INTRODUCE1 cell by finding the corresponding introduction
130 * circuit, and relaying the body of the INTRODUCE1 cell inside an
134 rend_mid_introduce(or_circuit_t
*circ
, const uint8_t *request
,
137 or_circuit_t
*intro_circ
;
138 char serviceid
[REND_SERVICE_ID_LEN_BASE32
+1];
141 log_info(LD_REND
, "Received an INTRODUCE1 request on circuit %d",
144 if (circ
->_base
.purpose
!= CIRCUIT_PURPOSE_OR
|| circ
->_base
.n_conn
) {
145 log_warn(LD_PROTOCOL
,
146 "Rejecting INTRODUCE1 on non-OR or non-edge circuit %d.",
151 /* We could change this to MAX_HEX_NICKNAME_LEN now that 0.0.9.x is
152 * obsolete; however, there isn't much reason to do so, and we're going
153 * to revise this protocol anyway.
155 if (request_len
< (DIGEST_LEN
+(MAX_NICKNAME_LEN
+1)+REND_COOKIE_LEN
+
156 DH_KEY_LEN
+CIPHER_KEY_LEN
+PKCS1_OAEP_PADDING_OVERHEAD
)) {
157 log_warn(LD_PROTOCOL
, "Impossibly short INTRODUCE1 cell on circuit %d; "
158 "responding with nack.",
163 base32_encode(serviceid
, REND_SERVICE_ID_LEN_BASE32
+1,
164 (char*)request
, REND_SERVICE_ID_LEN
);
166 /* The first 20 bytes are all we look at: they have a hash of Bob's PK. */
167 intro_circ
= circuit_get_intro_point((char*)request
);
170 "No intro circ found for INTRODUCE1 cell (%s) from circuit %d; "
171 "responding with nack.",
172 safe_str(serviceid
), circ
->p_circ_id
);
177 "Sending introduction request for service %s "
178 "from circ %d to circ %d",
179 safe_str(serviceid
), circ
->p_circ_id
,
180 intro_circ
->p_circ_id
);
182 /* Great. Now we just relay the cell down the circuit. */
183 if (relay_send_command_from_edge(0, TO_CIRCUIT(intro_circ
),
184 RELAY_COMMAND_INTRODUCE2
,
185 (char*)request
, request_len
, NULL
)) {
187 "Unable to send INTRODUCE2 cell to Tor client.");
190 /* And sent an ack down Alice's circuit. Empty body means succeeded. */
191 if (relay_send_command_from_edge(0,TO_CIRCUIT(circ
),
192 RELAY_COMMAND_INTRODUCE_ACK
,
194 log_warn(LD_GENERAL
, "Unable to send INTRODUCE_ACK cell to Tor client.");
195 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_INTERNAL
);
201 /* Send the client an NACK */
203 if (relay_send_command_from_edge(0,TO_CIRCUIT(circ
),
204 RELAY_COMMAND_INTRODUCE_ACK
,
205 nak_body
, 1, NULL
)) {
206 log_warn(LD_GENERAL
, "Unable to send NAK to Tor client.");
208 circuit_mark_for_close(TO_CIRCUIT(circ
), END_CIRC_REASON_INTERNAL
);
213 /** Process an ESTABLISH_RENDEZVOUS cell by setting the circuit's purpose and
217 rend_mid_establish_rendezvous(or_circuit_t
*circ
, const uint8_t *request
,
221 int reason
= END_CIRC_REASON_TORPROTOCOL
;
223 log_info(LD_REND
, "Received an ESTABLISH_RENDEZVOUS request on circuit %d",
226 if (circ
->_base
.purpose
!= CIRCUIT_PURPOSE_OR
|| circ
->_base
.n_conn
) {
227 log_warn(LD_PROTOCOL
,
228 "Tried to establish rendezvous on non-OR or non-edge circuit.");
232 if (request_len
!= REND_COOKIE_LEN
) {
233 log_warn(LD_PROTOCOL
, "Invalid length on ESTABLISH_RENDEZVOUS.");
237 if (circuit_get_rendezvous((char*)request
)) {
238 log_warn(LD_PROTOCOL
,
239 "Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.");
243 /* Acknowledge the request. */
244 if (relay_send_command_from_edge(0,TO_CIRCUIT(circ
),
245 RELAY_COMMAND_RENDEZVOUS_ESTABLISHED
,
247 log_warn(LD_PROTOCOL
, "Couldn't send RENDEZVOUS_ESTABLISHED cell.");
248 reason
= END_CIRC_REASON_INTERNAL
;
252 circ
->_base
.purpose
= CIRCUIT_PURPOSE_REND_POINT_WAITING
;
253 memcpy(circ
->rend_token
, request
, REND_COOKIE_LEN
);
255 base16_encode(hexid
,9,(char*)request
,4);
258 "Established rendezvous point on circuit %d for cookie %s",
259 circ
->p_circ_id
, hexid
);
263 circuit_mark_for_close(TO_CIRCUIT(circ
), reason
);
267 /** Process a RENDEZVOUS1 cell by looking up the correct rendezvous
268 * circuit by its relaying the cell's body in a RENDEZVOUS2 cell, and
269 * connecting the two circuits.
272 rend_mid_rendezvous(or_circuit_t
*circ
, const uint8_t *request
,
275 or_circuit_t
*rend_circ
;
277 int reason
= END_CIRC_REASON_INTERNAL
;
278 base16_encode(hexid
,9,(char*)request
,request_len
<4?request_len
:4);
280 if (request_len
>=4) {
282 "Got request for rendezvous from circuit %d to cookie %s.",
283 circ
->p_circ_id
, hexid
);
286 if (circ
->_base
.purpose
!= CIRCUIT_PURPOSE_OR
|| circ
->_base
.n_conn
) {
288 "Tried to complete rendezvous on non-OR or non-edge circuit %d.",
290 reason
= END_CIRC_REASON_TORPROTOCOL
;
294 if (request_len
!= REND_COOKIE_LEN
+DH_KEY_LEN
+DIGEST_LEN
) {
295 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
296 "Rejecting RENDEZVOUS1 cell with bad length (%d) on circuit %d.",
297 (int)request_len
, circ
->p_circ_id
);
298 reason
= END_CIRC_REASON_TORPROTOCOL
;
302 rend_circ
= circuit_get_rendezvous((char*)request
);
304 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
305 "Rejecting RENDEZVOUS1 cell with unrecognized rendezvous cookie %s.",
307 reason
= END_CIRC_REASON_TORPROTOCOL
;
311 /* Send the RENDEZVOUS2 cell to Alice. */
312 if (relay_send_command_from_edge(0, TO_CIRCUIT(rend_circ
),
313 RELAY_COMMAND_RENDEZVOUS2
,
314 (char*)(request
+REND_COOKIE_LEN
),
315 request_len
-REND_COOKIE_LEN
, NULL
)) {
317 "Unable to send RENDEZVOUS2 cell to client on circuit %d.",
318 rend_circ
->p_circ_id
);
322 /* Join the circuits. */
324 "Completing rendezvous: circuit %d joins circuit %d (cookie %s)",
325 circ
->p_circ_id
, rend_circ
->p_circ_id
, hexid
);
327 circ
->_base
.purpose
= CIRCUIT_PURPOSE_REND_ESTABLISHED
;
328 rend_circ
->_base
.purpose
= CIRCUIT_PURPOSE_REND_ESTABLISHED
;
329 memset(circ
->rend_token
, 0, REND_COOKIE_LEN
);
331 rend_circ
->rend_splice
= circ
;
332 circ
->rend_splice
= rend_circ
;
336 circuit_mark_for_close(TO_CIRCUIT(circ
), reason
);