search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'maint-0.2.1' into maint-0.2.2
[tor/rransom.git] / src / or / rendmid.c
blob5e2dd986ba1ad9bc45aa262e6ba08f4c32f452ee
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2011, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4
5 /**
6 * \file rendmid.c
7 * \brief Implement introductions points and rendezvous points.
8 **/
9
10 #include "or.h"
11 #include "circuitlist.h"
12 #include "config.h"
13 #include "relay.h"
14 #include "rendmid.h"
15 #include "rephist.h"
16
17 /** Respond to an ESTABLISH_INTRO cell by checking the signed data and
18 * setting the circuit's purpose and service pk digest.
19 */
20 int
21 rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request,
22 size_t request_len)
23 {
24 crypto_pk_env_t *pk = NULL;
25 char buf[DIGEST_LEN+9];
26 char expected_digest[DIGEST_LEN];
27 char pk_digest[DIGEST_LEN];
28 size_t asn1len;
29 or_circuit_t *c;
30 char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
31 int reason = END_CIRC_REASON_INTERNAL;
32
33 log_info(LD_REND,
34 "Received an ESTABLISH_INTRO request on circuit %d",
35 circ->p_circ_id);
36
37 if (circ->_base.purpose != CIRCUIT_PURPOSE_OR || circ->_base.n_conn) {
38 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
39 "Rejecting ESTABLISH_INTRO on non-OR or non-edge circuit.");
40 reason = END_CIRC_REASON_TORPROTOCOL;
41 goto err;
42 }
43 if (request_len < 2+DIGEST_LEN)
44 goto truncated;
45 /* First 2 bytes: length of asn1-encoded key. */
46 asn1len = ntohs(get_uint16(request));
47
48 /* Next asn1len bytes: asn1-encoded key. */
49 if (request_len < 2+DIGEST_LEN+asn1len)
50 goto truncated;
51 pk = crypto_pk_asn1_decode((char*)(request+2), asn1len);
52 if (!pk) {
53 reason = END_CIRC_REASON_TORPROTOCOL;
54 log_warn(LD_PROTOCOL, "Couldn't decode public key.");
55 goto err;
56 }
57
58 /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */
59 memcpy(buf, circ->handshake_digest, DIGEST_LEN);
60 memcpy(buf+DIGEST_LEN, "INTRODUCE", 9);
61 if (crypto_digest(expected_digest, buf, DIGEST_LEN+9) < 0) {
62 log_warn(LD_BUG, "Internal error computing digest.");
63 goto err;
64 }
65 if (memcmp(expected_digest, request+2+asn1len, DIGEST_LEN)) {
66 log_warn(LD_PROTOCOL, "Hash of session info was not as expected.");
67 reason = END_CIRC_REASON_TORPROTOCOL;
68 goto err;
69 }
70 /* Rest of body: signature of previous data */
71 note_crypto_pk_op(REND_MID);
72 if (crypto_pk_public_checksig_digest(pk,
73 (char*)request, 2+asn1len+DIGEST_LEN,
74 (char*)(request+2+DIGEST_LEN+asn1len),
75 request_len-(2+DIGEST_LEN+asn1len))<0) {
76 log_warn(LD_PROTOCOL,
77 "Incorrect signature on ESTABLISH_INTRO cell; rejecting.");
78 reason = END_CIRC_REASON_TORPROTOCOL;
79 goto err;
80 }
81
82 /* The request is valid. First, compute the hash of Bob's PK.*/
83 if (crypto_pk_get_digest(pk, pk_digest)<0) {
84 log_warn(LD_BUG, "Internal error: couldn't hash public key.");
85 goto err;
86 }
87
88 crypto_free_pk_env(pk); /* don't need it anymore */
89 pk = NULL; /* so we don't free it again if err */
90
91 base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
92 pk_digest, REND_SERVICE_ID_LEN);
93
94 /* Close any other intro circuits with the same pk. */
95 c = NULL;
96 while ((c = circuit_get_intro_point(pk_digest))) {
97 log_info(LD_REND, "Replacing old circuit for service %s",
98 safe_str(serviceid));
99 circuit_mark_for_close(TO_CIRCUIT(c), END_CIRC_REASON_FINISHED);
100 /* Now it's marked, and it won't be returned next time. */
101 }
102
103 /* Acknowledge the request. */
104 if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
105 RELAY_COMMAND_INTRO_ESTABLISHED,
106 "", 0, NULL)<0) {
107 log_info(LD_GENERAL, "Couldn't send INTRO_ESTABLISHED cell.");
108 goto err;
109 }
110
111 /* Now, set up this circuit. */
112 circ->_base.purpose = CIRCUIT_PURPOSE_INTRO_POINT;
113 memcpy(circ->rend_token, pk_digest, DIGEST_LEN);
114
115 log_info(LD_REND,
116 "Established introduction point on circuit %d for service %s",
117 circ->p_circ_id, safe_str(serviceid));
118
119 return 0;
120 truncated:
121 log_warn(LD_PROTOCOL, "Rejecting truncated ESTABLISH_INTRO cell.");
122 reason = END_CIRC_REASON_TORPROTOCOL;
123 err:
124 if (pk) crypto_free_pk_env(pk);
125 circuit_mark_for_close(TO_CIRCUIT(circ), reason);
126 return -1;
127 }
128
129 /** Process an INTRODUCE1 cell by finding the corresponding introduction
130 * circuit, and relaying the body of the INTRODUCE1 cell inside an
131 * INTRODUCE2 cell.
132 */
133 int
134 rend_mid_introduce(or_circuit_t *circ, const uint8_t *request,
135 size_t request_len)
136 {
137 or_circuit_t *intro_circ;
138 char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
139 char nak_body[1];
140
141 log_info(LD_REND, "Received an INTRODUCE1 request on circuit %d",
142 circ->p_circ_id);
143
144 if (circ->_base.purpose != CIRCUIT_PURPOSE_OR || circ->_base.n_conn) {
145 log_warn(LD_PROTOCOL,
146 "Rejecting INTRODUCE1 on non-OR or non-edge circuit %d.",
147 circ->p_circ_id);
148 goto err;
149 }
150
151 /* We could change this to MAX_HEX_NICKNAME_LEN now that 0.0.9.x is
152 * obsolete; however, there isn't much reason to do so, and we're going
153 * to revise this protocol anyway.
154 */
155 if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
156 DH_KEY_LEN+CIPHER_KEY_LEN+PKCS1_OAEP_PADDING_OVERHEAD)) {
157 log_warn(LD_PROTOCOL, "Impossibly short INTRODUCE1 cell on circuit %d; "
158 "responding with nack.",
159 circ->p_circ_id);
160 goto err;
161 }
162
163 base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
164 (char*)request, REND_SERVICE_ID_LEN);
165
166 /* The first 20 bytes are all we look at: they have a hash of Bob's PK. */
167 intro_circ = circuit_get_intro_point((char*)request);
168 if (!intro_circ) {
169 log_info(LD_REND,
170 "No intro circ found for INTRODUCE1 cell (%s) from circuit %d; "
171 "responding with nack.",
172 safe_str(serviceid), circ->p_circ_id);
173 goto err;
174 }
175
176 log_info(LD_REND,
177 "Sending introduction request for service %s "
178 "from circ %d to circ %d",
179 safe_str(serviceid), circ->p_circ_id,
180 intro_circ->p_circ_id);
181
182 /* Great. Now we just relay the cell down the circuit. */
183 if (relay_send_command_from_edge(0, TO_CIRCUIT(intro_circ),
184 RELAY_COMMAND_INTRODUCE2,
185 (char*)request, request_len, NULL)) {
186 log_warn(LD_GENERAL,
187 "Unable to send INTRODUCE2 cell to Tor client.");
188 goto err;
189 }
190 /* And sent an ack down Alice's circuit. Empty body means succeeded. */
191 if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
192 RELAY_COMMAND_INTRODUCE_ACK,
193 NULL,0,NULL)) {
194 log_warn(LD_GENERAL, "Unable to send INTRODUCE_ACK cell to Tor client.");
195 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
196 return -1;
197 }
198
199 return 0;
200 err:
201 /* Send the client an NACK */
202 nak_body[0] = 1;
203 if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
204 RELAY_COMMAND_INTRODUCE_ACK,
205 nak_body, 1, NULL)) {
206 log_warn(LD_GENERAL, "Unable to send NAK to Tor client.");
207 /* Is this right? */
208 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
209 }
210 return -1;
211 }
212
213 /** Process an ESTABLISH_RENDEZVOUS cell by setting the circuit's purpose and
214 * rendezvous cookie.
215 */
216 int
217 rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
218 size_t request_len)
219 {
220 char hexid[9];
221 int reason = END_CIRC_REASON_TORPROTOCOL;
222
223 log_info(LD_REND, "Received an ESTABLISH_RENDEZVOUS request on circuit %d",
224 circ->p_circ_id);
225
226 if (circ->_base.purpose != CIRCUIT_PURPOSE_OR || circ->_base.n_conn) {
227 log_warn(LD_PROTOCOL,
228 "Tried to establish rendezvous on non-OR or non-edge circuit.");
229 goto err;
230 }
231
232 if (request_len != REND_COOKIE_LEN) {
233 log_warn(LD_PROTOCOL, "Invalid length on ESTABLISH_RENDEZVOUS.");
234 goto err;
235 }
236
237 if (circuit_get_rendezvous((char*)request)) {
238 log_warn(LD_PROTOCOL,
239 "Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.");
240 goto err;
241 }
242
243 /* Acknowledge the request. */
244 if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
245 RELAY_COMMAND_RENDEZVOUS_ESTABLISHED,
246 "", 0, NULL)<0) {
247 log_warn(LD_PROTOCOL, "Couldn't send RENDEZVOUS_ESTABLISHED cell.");
248 reason = END_CIRC_REASON_INTERNAL;
249 goto err;
250 }
251
252 circ->_base.purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING;
253 memcpy(circ->rend_token, request, REND_COOKIE_LEN);
254
255 base16_encode(hexid,9,(char*)request,4);
256
257 log_info(LD_REND,
258 "Established rendezvous point on circuit %d for cookie %s",
259 circ->p_circ_id, hexid);
260
261 return 0;
262 err:
263 circuit_mark_for_close(TO_CIRCUIT(circ), reason);
264 return -1;
265 }
266
267 /** Process a RENDEZVOUS1 cell by looking up the correct rendezvous
268 * circuit by its relaying the cell's body in a RENDEZVOUS2 cell, and
269 * connecting the two circuits.
270 */
271 int
272 rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
273 size_t request_len)
274 {
275 or_circuit_t *rend_circ;
276 char hexid[9];
277 int reason = END_CIRC_REASON_INTERNAL;
278 base16_encode(hexid,9,(char*)request,request_len<4?request_len:4);
279
280 if (request_len>=4) {
281 log_info(LD_REND,
282 "Got request for rendezvous from circuit %d to cookie %s.",
283 circ->p_circ_id, hexid);
284 }
285
286 if (circ->_base.purpose != CIRCUIT_PURPOSE_OR || circ->_base.n_conn) {
287 log_info(LD_REND,
288 "Tried to complete rendezvous on non-OR or non-edge circuit %d.",
289 circ->p_circ_id);
290 reason = END_CIRC_REASON_TORPROTOCOL;
291 goto err;
292 }
293
294 if (request_len != REND_COOKIE_LEN+DH_KEY_LEN+DIGEST_LEN) {
295 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
296 "Rejecting RENDEZVOUS1 cell with bad length (%d) on circuit %d.",
297 (int)request_len, circ->p_circ_id);
298 reason = END_CIRC_REASON_TORPROTOCOL;
299 goto err;
300 }
301
302 rend_circ = circuit_get_rendezvous((char*)request);
303 if (!rend_circ) {
304 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
305 "Rejecting RENDEZVOUS1 cell with unrecognized rendezvous cookie %s.",
306 hexid);
307 reason = END_CIRC_REASON_TORPROTOCOL;
308 goto err;
309 }
310
311 /* Send the RENDEZVOUS2 cell to Alice. */
312 if (relay_send_command_from_edge(0, TO_CIRCUIT(rend_circ),
313 RELAY_COMMAND_RENDEZVOUS2,
314 (char*)(request+REND_COOKIE_LEN),
315 request_len-REND_COOKIE_LEN, NULL)) {
316 log_warn(LD_GENERAL,
317 "Unable to send RENDEZVOUS2 cell to client on circuit %d.",
318 rend_circ->p_circ_id);
319 goto err;
320 }
321
322 /* Join the circuits. */
323 log_info(LD_REND,
324 "Completing rendezvous: circuit %d joins circuit %d (cookie %s)",
325 circ->p_circ_id, rend_circ->p_circ_id, hexid);
326
327 circ->_base.purpose = CIRCUIT_PURPOSE_REND_ESTABLISHED;
328 rend_circ->_base.purpose = CIRCUIT_PURPOSE_REND_ESTABLISHED;
329 memset(circ->rend_token, 0, REND_COOKIE_LEN);
330
331 rend_circ->rend_splice = circ;
332 circ->rend_splice = rend_circ;
333
334 return 0;
335 err:
336 circuit_mark_for_close(TO_CIRCUIT(circ), reason);
337 return -1;
338 }
339