1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2008, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 const char routerparse_c_id
[] =
12 * \brief Code to parse and validate router descriptors and directories.
18 /****************************************************************************/
20 /** Enumeration of possible token types. The ones starting with K_ correspond
21 * to directory 'keywords'. _ERR is an error in the tokenizing process, _EOF
22 * is an end-of-file marker, and _NIL is used to encode not-a-token.
27 K_DIRECTORY_SIGNATURE
,
28 K_RECOMMENDED_SOFTWARE
,
51 K_NETWORK_STATUS_VERSION
,
66 K_ALLOW_SINGLE_HOP_EXITS
,
68 K_DIR_KEY_CERTIFICATE_VERSION
,
72 K_DIR_KEY_CERTIFICATION
,
92 R_RENDEZVOUS_SERVICE_DESCRIPTOR
,
98 R_INTRODUCTION_POINTS
,
116 #define MIN_ANNOTATION A_PURPOSE
117 #define MAX_ANNOTATION _A_UNKNOWN
119 /** Structure to hold a single directory token.
121 * We parse a directory by breaking it into "tokens", each consisting
122 * of a keyword, a line full of arguments, and a binary object. The
123 * arguments and object are both optional, depending on the keyword
126 * This structure is only allocated in memareas; do not allocate it on
127 * the heap, or token_free() won't work.
129 typedef struct directory_token_t
{
130 directory_keyword tp
; /**< Type of the token. */
131 int n_args
:30; /**< Number of elements in args */
132 char **args
; /**< Array of arguments from keyword line. */
134 char *object_type
; /**< -----BEGIN [object_type]-----*/
135 size_t object_size
; /**< Bytes in object_body */
136 char *object_body
; /**< Contents of object, base64-decoded. */
138 crypto_pk_env_t
*key
; /**< For public keys only. Heap-allocated. */
140 char *error
; /**< For _ERR tokens only. */
143 /* ********************************************************************** */
145 /** We use a table of rules to decide how to parse each token type. */
147 /** Rules for whether the keyword needs an object. */
149 NO_OBJ
, /**< No object, ever. */
150 NEED_OBJ
, /**< Object is required. */
151 NEED_SKEY_1024
,/**< Object is required, and must be a 1024 bit private key */
152 NEED_KEY_1024
, /**< Object is required, and must be a 1024 bit public key */
153 NEED_KEY
, /**< Object is required, and must be a public key. */
154 OBJ_OK
, /**< Object is optional. */
160 /** Determines the parsing rules for a single token type. */
161 typedef struct token_rule_t
{
162 /** The string value of the keyword identifying the type of item. */
164 /** The corresponding directory_keyword enum. */
166 /** Minimum number of arguments for this item */
168 /** Maximum number of arguments for this item */
170 /** If true, we concatenate all arguments for this item into a single
173 /** Requirments on object syntax for this item. */
175 /** Lowest number of times this item may appear in a document. */
177 /** Highest number of times this item may appear in a document. */
179 /** One or more of AT_START/AT_END to limit where the item may appear in a
182 /** True iff this token is an annotation. */
187 * Helper macros to define token tables. 's' is a string, 't' is a
188 * directory_keyword, 'a' is a trio of argument multiplicities, and 'o' is an
193 /** Appears to indicate the end of a table. */
194 #define END_OF_TABLE { NULL, _NIL, 0,0,0, NO_OBJ, 0, INT_MAX, 0, 0 }
195 /** An item with no restrictions: used for obsolete document types */
196 #define T(s,t,a,o) { s, t, a, o, 0, INT_MAX, 0, 0 }
197 /** An item with no restrictions on multiplicity or location. */
198 #define T0N(s,t,a,o) { s, t, a, o, 0, INT_MAX, 0, 0 }
199 /** An item that must appear exactly once */
200 #define T1(s,t,a,o) { s, t, a, o, 1, 1, 0, 0 }
201 /** An item that must appear exactly once, at the start of the document */
202 #define T1_START(s,t,a,o) { s, t, a, o, 1, 1, AT_START, 0 }
203 /** An item that must appear exactly once, at the end of the document */
204 #define T1_END(s,t,a,o) { s, t, a, o, 1, 1, AT_END, 0 }
205 /** An item that must appear one or more times */
206 #define T1N(s,t,a,o) { s, t, a, o, 1, INT_MAX, 0, 0 }
207 /** An item that must appear no more than once */
208 #define T01(s,t,a,o) { s, t, a, o, 0, 1, 0, 0 }
209 /** An annotation that must appear no more than once */
210 #define A01(s,t,a,o) { s, t, a, o, 0, 1, 0, 1 }
212 /* Argument multiplicity: any number of arguments. */
213 #define ARGS 0,INT_MAX,0
214 /* Argument multiplicity: no arguments. */
215 #define NO_ARGS 0,0,0
216 /* Argument multiplicity: concatenate all arguments. */
217 #define CONCAT_ARGS 1,1,1
218 /* Argument multiplicity: at least <b>n</b> arguments. */
219 #define GE(n) n,INT_MAX,0
220 /* Argument multiplicity: exactly <b>n</b> arguments. */
223 /** List of tokens allowable in router derscriptors */
224 static token_rule_t routerdesc_token_table
[] = {
225 T0N("reject", K_REJECT
, ARGS
, NO_OBJ
),
226 T0N("accept", K_ACCEPT
, ARGS
, NO_OBJ
),
227 T0N("reject6", K_REJECT6
, ARGS
, NO_OBJ
),
228 T0N("accept6", K_ACCEPT6
, ARGS
, NO_OBJ
),
229 T1_START( "router", K_ROUTER
, GE(5), NO_OBJ
),
230 T1( "signing-key", K_SIGNING_KEY
, NO_ARGS
, NEED_KEY_1024
),
231 T1( "onion-key", K_ONION_KEY
, NO_ARGS
, NEED_KEY_1024
),
232 T1_END( "router-signature", K_ROUTER_SIGNATURE
, NO_ARGS
, NEED_OBJ
),
233 T1( "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
234 T01("uptime", K_UPTIME
, GE(1), NO_OBJ
),
235 T01("fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
236 T01("hibernating", K_HIBERNATING
, GE(1), NO_OBJ
),
237 T01("platform", K_PLATFORM
, CONCAT_ARGS
, NO_OBJ
),
238 T01("contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
239 T01("read-history", K_READ_HISTORY
, ARGS
, NO_OBJ
),
240 T01("write-history", K_WRITE_HISTORY
, ARGS
, NO_OBJ
),
241 T01("extra-info-digest", K_EXTRA_INFO_DIGEST
, GE(1), NO_OBJ
),
242 T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR
, NO_ARGS
, NO_OBJ
),
243 T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS
, NO_ARGS
, NO_OBJ
),
245 T01("family", K_FAMILY
, ARGS
, NO_OBJ
),
246 T01("caches-extra-info", K_CACHES_EXTRA_INFO
, NO_ARGS
, NO_OBJ
),
247 T01("eventdns", K_EVENTDNS
, ARGS
, NO_OBJ
),
249 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
250 T1( "bandwidth", K_BANDWIDTH
, GE(3), NO_OBJ
),
251 A01("@purpose", A_PURPOSE
, GE(1), NO_OBJ
),
256 /** List of tokens allowable in extra-info documents. */
257 static token_rule_t extrainfo_token_table
[] = {
258 T1_END( "router-signature", K_ROUTER_SIGNATURE
, NO_ARGS
, NEED_OBJ
),
259 T1( "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
260 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
261 T01("read-history", K_READ_HISTORY
, ARGS
, NO_OBJ
),
262 T01("write-history", K_WRITE_HISTORY
, ARGS
, NO_OBJ
),
263 T1_START( "extra-info", K_EXTRA_INFO
, GE(2), NO_OBJ
),
268 /** List of tokens allowable in the body part of v2 and v3 networkstatus
270 static token_rule_t rtrstatus_token_table
[] = {
271 T01("p", K_P
, CONCAT_ARGS
, NO_OBJ
),
272 T1( "r", K_R
, GE(8), NO_OBJ
),
273 T1( "s", K_S
, ARGS
, NO_OBJ
),
274 T01("v", K_V
, CONCAT_ARGS
, NO_OBJ
),
275 T01("w", K_W
, ARGS
, NO_OBJ
),
276 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
280 /** List of tokens allowable in the header part of v2 networkstatus documents.
282 static token_rule_t netstatus_token_table
[] = {
283 T1( "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
284 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
285 T1( "contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
286 T1( "dir-signing-key", K_DIR_SIGNING_KEY
, NO_ARGS
, NEED_KEY_1024
),
287 T1( "fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
288 T1_START("network-status-version", K_NETWORK_STATUS_VERSION
,
290 T1( "dir-source", K_DIR_SOURCE
, GE(3), NO_OBJ
),
291 T01("dir-options", K_DIR_OPTIONS
, ARGS
, NO_OBJ
),
292 T01("client-versions", K_CLIENT_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
293 T01("server-versions", K_SERVER_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
298 /** List of tokens allowable in the footer of v1/v2 directory/networkstatus
300 static token_rule_t dir_footer_token_table
[] = {
301 T1("directory-signature", K_DIRECTORY_SIGNATURE
, EQ(1), NEED_OBJ
),
305 /** List of tokens allowable in v1 directory headers/footers. */
306 static token_rule_t dir_token_table
[] = {
307 /* don't enforce counts; this is obsolete. */
308 T( "network-status", K_NETWORK_STATUS
, NO_ARGS
, NO_OBJ
),
309 T( "directory-signature", K_DIRECTORY_SIGNATURE
, ARGS
, NEED_OBJ
),
310 T( "recommended-software",K_RECOMMENDED_SOFTWARE
,CONCAT_ARGS
, NO_OBJ
),
311 T( "signed-directory", K_SIGNED_DIRECTORY
, NO_ARGS
, NO_OBJ
),
313 T( "running-routers", K_RUNNING_ROUTERS
, ARGS
, NO_OBJ
),
314 T( "router-status", K_ROUTER_STATUS
, ARGS
, NO_OBJ
),
315 T( "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
316 T( "opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
317 T( "contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
318 T( "dir-signing-key", K_DIR_SIGNING_KEY
, ARGS
, OBJ_OK
),
319 T( "fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
324 /** List of tokens common to V3 authority certificates and V3 consensuses. */
325 #define CERTIFICATE_MEMBERS \
326 T1("dir-key-certificate-version", K_DIR_KEY_CERTIFICATE_VERSION, \
328 T1("dir-identity-key", K_DIR_IDENTITY_KEY, NO_ARGS, NEED_KEY ),\
329 T1("dir-key-published",K_DIR_KEY_PUBLISHED, CONCAT_ARGS, NO_OBJ), \
330 T1("dir-key-expires", K_DIR_KEY_EXPIRES, CONCAT_ARGS, NO_OBJ), \
331 T1("dir-signing-key", K_DIR_SIGNING_KEY, NO_ARGS, NEED_KEY ),\
332 T01("dir-key-crosscert", K_DIR_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),\
333 T1("dir-key-certification", K_DIR_KEY_CERTIFICATION, \
334 NO_ARGS, NEED_OBJ), \
335 T01("dir-address", K_DIR_ADDRESS, GE(1), NO_OBJ),
337 /** List of tokens allowable in V3 authority certificates. */
338 static token_rule_t dir_key_certificate_table
[] = {
340 T1("fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
344 /** List of tokens allowable in rendezvous service descriptors */
345 static token_rule_t desc_token_table
[] = {
346 T1_START("rendezvous-service-descriptor", R_RENDEZVOUS_SERVICE_DESCRIPTOR
,
348 T1("version", R_VERSION
, EQ(1), NO_OBJ
),
349 T1("permanent-key", R_PERMANENT_KEY
, NO_ARGS
, NEED_KEY_1024
),
350 T1("secret-id-part", R_SECRET_ID_PART
, EQ(1), NO_OBJ
),
351 T1("publication-time", R_PUBLICATION_TIME
, CONCAT_ARGS
, NO_OBJ
),
352 T1("protocol-versions", R_PROTOCOL_VERSIONS
, EQ(1), NO_OBJ
),
353 T01("introduction-points", R_INTRODUCTION_POINTS
, NO_ARGS
, NEED_OBJ
),
354 T1_END("signature", R_SIGNATURE
, NO_ARGS
, NEED_OBJ
),
358 /** List of tokens allowed in the (encrypted) list of introduction points of
359 * rendezvous service descriptors */
360 static token_rule_t ipo_token_table
[] = {
361 T1_START("introduction-point", R_IPO_IDENTIFIER
, EQ(1), NO_OBJ
),
362 T1("ip-address", R_IPO_IP_ADDRESS
, EQ(1), NO_OBJ
),
363 T1("onion-port", R_IPO_ONION_PORT
, EQ(1), NO_OBJ
),
364 T1("onion-key", R_IPO_ONION_KEY
, NO_ARGS
, NEED_KEY_1024
),
365 T1("service-key", R_IPO_SERVICE_KEY
, NO_ARGS
, NEED_KEY_1024
),
369 /** List of tokens allowed in the (possibly encrypted) list of introduction
370 * points of rendezvous service descriptors */
371 static token_rule_t client_keys_token_table
[] = {
372 T1_START("client-name", C_CLIENT_NAME
, CONCAT_ARGS
, NO_OBJ
),
373 T1("descriptor-cookie", C_DESCRIPTOR_COOKIE
, EQ(1), NO_OBJ
),
374 T01("client-key", C_CLIENT_KEY
, NO_ARGS
, NEED_SKEY_1024
),
378 /** List of tokens allowed in V3 networkstatus votes. */
379 static token_rule_t networkstatus_token_table
[] = {
380 T1("network-status-version", K_NETWORK_STATUS_VERSION
,
382 T1("vote-status", K_VOTE_STATUS
, GE(1), NO_OBJ
),
383 T1("published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
),
384 T1("valid-after", K_VALID_AFTER
, CONCAT_ARGS
, NO_OBJ
),
385 T1("fresh-until", K_FRESH_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
386 T1("valid-until", K_VALID_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
387 T1("voting-delay", K_VOTING_DELAY
, GE(2), NO_OBJ
),
388 T1("known-flags", K_KNOWN_FLAGS
, ARGS
, NO_OBJ
),
389 T( "fingerprint", K_FINGERPRINT
, CONCAT_ARGS
, NO_OBJ
),
393 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
394 T1( "contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
395 T1( "dir-source", K_DIR_SOURCE
, GE(6), NO_OBJ
),
396 T01("legacy-dir-key", K_LEGACY_DIR_KEY
, GE(1), NO_OBJ
),
397 T1( "known-flags", K_KNOWN_FLAGS
, CONCAT_ARGS
, NO_OBJ
),
398 T01("client-versions", K_CLIENT_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
399 T01("server-versions", K_SERVER_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
400 T1( "consensus-methods", K_CONSENSUS_METHODS
, GE(1), NO_OBJ
),
405 /** List of tokens allowed in V3 networkstatus consensuses. */
406 static token_rule_t networkstatus_consensus_token_table
[] = {
407 T1("network-status-version", K_NETWORK_STATUS_VERSION
,
409 T1("vote-status", K_VOTE_STATUS
, GE(1), NO_OBJ
),
410 T1("valid-after", K_VALID_AFTER
, CONCAT_ARGS
, NO_OBJ
),
411 T1("fresh-until", K_FRESH_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
412 T1("valid-until", K_VALID_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
413 T1("voting-delay", K_VOTING_DELAY
, GE(2), NO_OBJ
),
415 T0N("opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
),
417 T1N("dir-source", K_DIR_SOURCE
, GE(3), NO_OBJ
),
418 T1N("contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
),
419 T1N("vote-digest", K_VOTE_DIGEST
, GE(1), NO_OBJ
),
421 T1( "known-flags", K_KNOWN_FLAGS
, CONCAT_ARGS
, NO_OBJ
),
423 T01("client-versions", K_CLIENT_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
424 T01("server-versions", K_SERVER_VERSIONS
, CONCAT_ARGS
, NO_OBJ
),
425 T01("consensus-method", K_CONSENSUS_METHOD
, EQ(1), NO_OBJ
),
430 /** List of tokens allowable in the footer of v1/v2 directory/networkstatus
432 static token_rule_t networkstatus_vote_footer_token_table
[] = {
433 T( "directory-signature", K_DIRECTORY_SIGNATURE
, GE(2), NEED_OBJ
),
437 /** List of tokens allowable in detached networkstatus signature documents. */
438 static token_rule_t networkstatus_detached_signature_token_table
[] = {
439 T1_START("consensus-digest", K_CONSENSUS_DIGEST
, GE(1), NO_OBJ
),
440 T1("valid-after", K_VALID_AFTER
, CONCAT_ARGS
, NO_OBJ
),
441 T1("fresh-until", K_FRESH_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
442 T1("valid-until", K_VALID_UNTIL
, CONCAT_ARGS
, NO_OBJ
),
443 T1N("directory-signature", K_DIRECTORY_SIGNATURE
, GE(2), NEED_OBJ
),
449 /* static function prototypes */
450 static int router_add_exit_policy(routerinfo_t
*router
,directory_token_t
*tok
);
451 static addr_policy_t
*router_parse_addr_policy(directory_token_t
*tok
);
452 static addr_policy_t
*router_parse_addr_policy_private(directory_token_t
*tok
);
454 static int router_get_hash_impl(const char *s
, char *digest
,
455 const char *start_str
, const char *end_str
,
457 static void token_free(directory_token_t
*tok
);
458 static smartlist_t
*find_all_exitpolicy(smartlist_t
*s
);
459 static directory_token_t
*_find_by_keyword(smartlist_t
*s
,
460 directory_keyword keyword
,
461 const char *keyword_str
);
462 #define find_by_keyword(s, keyword) _find_by_keyword((s), (keyword), #keyword)
463 static directory_token_t
*find_opt_by_keyword(smartlist_t
*s
,
464 directory_keyword keyword
);
466 #define TS_ANNOTATIONS_OK 1
468 #define TS_NO_NEW_ANNOTATIONS 4
469 static int tokenize_string(memarea_t
*area
,
470 const char *start
, const char *end
,
474 static directory_token_t
*get_next_token(memarea_t
*area
,
477 token_rule_t
*table
);
478 #define CST_CHECK_AUTHORITY (1<<0)
479 #define CST_NO_CHECK_OBJTYPE (1<<1)
480 static int check_signature_token(const char *digest
,
481 directory_token_t
*tok
,
482 crypto_pk_env_t
*pkey
,
484 const char *doctype
);
485 static crypto_pk_env_t
*find_dir_signing_key(const char *str
, const char *eos
);
486 static int tor_version_same_series(tor_version_t
*a
, tor_version_t
*b
);
488 #undef DEBUG_AREA_ALLOC
490 #ifdef DEBUG_AREA_ALLOC
491 #define DUMP_AREA(a,name) STMT_BEGIN \
492 size_t alloc=0, used=0; \
493 memarea_get_stats((a),&alloc,&used); \
494 log_debug(LD_MM, "Area for %s has %lu allocated; using %lu.", \
495 name, (unsigned long)alloc, (unsigned long)used); \
498 #define DUMP_AREA(a,name) STMT_NIL
501 /** Set <b>digest</b> to the SHA-1 digest of the hash of the directory in
502 * <b>s</b>. Return 0 on success, -1 on failure.
505 router_get_dir_hash(const char *s
, char *digest
)
507 return router_get_hash_impl(s
,digest
,
508 "signed-directory","\ndirectory-signature",'\n');
511 /** Set <b>digest</b> to the SHA-1 digest of the hash of the first router in
512 * <b>s</b>. Return 0 on success, -1 on failure.
515 router_get_router_hash(const char *s
, char *digest
)
517 return router_get_hash_impl(s
,digest
,
518 "router ","\nrouter-signature", '\n');
521 /** Set <b>digest</b> to the SHA-1 digest of the hash of the running-routers
522 * string in <b>s</b>. Return 0 on success, -1 on failure.
525 router_get_runningrouters_hash(const char *s
, char *digest
)
527 return router_get_hash_impl(s
,digest
,
528 "network-status","\ndirectory-signature", '\n');
531 /** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
532 * string in <b>s</b>. Return 0 on success, -1 on failure. */
534 router_get_networkstatus_v2_hash(const char *s
, char *digest
)
536 return router_get_hash_impl(s
,digest
,
537 "network-status-version","\ndirectory-signature",
541 /** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
542 * string in <b>s</b>. Return 0 on success, -1 on failure. */
544 router_get_networkstatus_v3_hash(const char *s
, char *digest
)
546 return router_get_hash_impl(s
,digest
,
547 "network-status-version","\ndirectory-signature",
551 /** Set <b>digest</b> to the SHA-1 digest of the hash of the extrainfo
552 * string in <b>s</b>. Return 0 on success, -1 on failure. */
554 router_get_extrainfo_hash(const char *s
, char *digest
)
556 return router_get_hash_impl(s
,digest
,"extra-info","\nrouter-signature",'\n');
559 /** Helper: used to generate signatures for routers, directories and
560 * network-status objects. Given a digest in <b>digest</b> and a secret
561 * <b>private_key</b>, generate an PKCS1-padded signature, BASE64-encode it,
562 * surround it with -----BEGIN/END----- pairs, and write it to the
563 * <b>buf_len</b>-byte buffer at <b>buf</b>. Return 0 on success, -1 on
567 router_append_dirobj_signature(char *buf
, size_t buf_len
, const char *digest
,
568 crypto_pk_env_t
*private_key
)
573 signature
= tor_malloc(crypto_pk_keysize(private_key
));
574 if (crypto_pk_private_sign(private_key
, signature
, digest
, DIGEST_LEN
) < 0) {
576 log_warn(LD_BUG
,"Couldn't sign digest.");
579 if (strlcat(buf
, "-----BEGIN SIGNATURE-----\n", buf_len
) >= buf_len
)
583 if (base64_encode(buf
+i
, buf_len
-i
, signature
, 128) < 0) {
584 log_warn(LD_BUG
,"couldn't base64-encode signature");
588 if (strlcat(buf
, "-----END SIGNATURE-----\n", buf_len
) >= buf_len
)
595 log_warn(LD_BUG
,"tried to exceed string length.");
601 /** Return VS_RECOMMENDED if <b>myversion</b> is contained in
602 * <b>versionlist</b>. Else, return VS_EMPTY if versionlist has no
603 * entries. Else, return VS_OLD if every member of
604 * <b>versionlist</b> is newer than <b>myversion</b>. Else, return
605 * VS_NEW_IN_SERIES if there is at least one member of <b>versionlist</b> in
606 * the same series (major.minor.micro) as <b>myversion</b>, but no such member
607 * is newer than <b>myversion.</b>. Else, return VS_NEW if every memeber of
608 * <b>versionlist</b> is older than <b>myversion</b>. Else, return
611 * (versionlist is a comma-separated list of version strings,
612 * optionally prefixed with "Tor". Versions that can't be parsed are
616 tor_version_is_obsolete(const char *myversion
, const char *versionlist
)
618 tor_version_t mine
, other
;
619 int found_newer
= 0, found_older
= 0, found_newer_in_series
= 0,
620 found_any_in_series
= 0, r
, same
;
621 version_status_t ret
= VS_UNRECOMMENDED
;
622 smartlist_t
*version_sl
;
624 log_debug(LD_CONFIG
,"Checking whether version '%s' is in '%s'",
625 myversion
, versionlist
);
627 if (tor_version_parse(myversion
, &mine
)) {
628 log_err(LD_BUG
,"I couldn't parse my own version (%s)", myversion
);
631 version_sl
= smartlist_create();
632 smartlist_split_string(version_sl
, versionlist
, ",", SPLIT_SKIP_SPACE
, 0);
634 if (!strlen(versionlist
)) { /* no authorities cared or agreed */
639 SMARTLIST_FOREACH(version_sl
, const char *, cp
, {
640 if (!strcmpstart(cp
, "Tor "))
643 if (tor_version_parse(cp
, &other
)) {
644 /* Couldn't parse other; it can't be a match. */
646 same
= tor_version_same_series(&mine
, &other
);
648 found_any_in_series
= 1;
649 r
= tor_version_compare(&mine
, &other
);
651 ret
= VS_RECOMMENDED
;
656 found_newer_in_series
= 1;
663 /* We didn't find the listed version. Is it new or old? */
664 if (found_any_in_series
&& !found_newer_in_series
&& found_newer
) {
665 ret
= VS_NEW_IN_SERIES
;
666 } else if (found_newer
&& !found_older
) {
668 } else if (found_older
&& !found_newer
) {
671 ret
= VS_UNRECOMMENDED
;
675 SMARTLIST_FOREACH(version_sl
, char *, version
, tor_free(version
));
676 smartlist_free(version_sl
);
680 /** Read a signed directory from <b>str</b>. If it's well-formed, return 0.
681 * Otherwise, return -1. If we're a directory cache, cache it.
684 router_parse_directory(const char *str
)
686 directory_token_t
*tok
;
687 char digest
[DIGEST_LEN
];
690 const char *end
, *cp
;
691 smartlist_t
*tokens
= NULL
;
692 crypto_pk_env_t
*declared_key
= NULL
;
693 memarea_t
*area
= memarea_new();
695 /* XXXX This could be simplified a lot, but it will all go away
696 * once pre-0.1.1.8 is obsolete, and for now it's better not to
699 if (router_get_dir_hash(str
, digest
)) {
700 log_warn(LD_DIR
, "Unable to compute digest of directory");
703 log_debug(LD_DIR
,"Received directory hashes to %s",hex_str(digest
,4));
705 /* Check signature first, before we try to tokenize. */
707 while (cp
&& (end
= strstr(cp
+1, "\ndirectory-signature")))
709 if (cp
== str
|| !cp
) {
710 log_warn(LD_DIR
, "No signature found on directory."); goto err
;
713 tokens
= smartlist_create();
714 if (tokenize_string(area
,cp
,strchr(cp
,'\0'),tokens
,dir_token_table
,0)) {
715 log_warn(LD_DIR
, "Error tokenizing directory signature"); goto err
;
717 if (smartlist_len(tokens
) != 1) {
718 log_warn(LD_DIR
, "Unexpected number of tokens in signature"); goto err
;
720 tok
=smartlist_get(tokens
,0);
721 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
) {
722 log_warn(LD_DIR
,"Expected a single directory signature"); goto err
;
724 declared_key
= find_dir_signing_key(str
, str
+strlen(str
));
725 note_crypto_pk_op(VERIFY_DIR
);
726 if (check_signature_token(digest
, tok
, declared_key
,
727 CST_CHECK_AUTHORITY
, "directory")<0)
730 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
731 smartlist_clear(tokens
);
734 /* Now try to parse the first part of the directory. */
735 if ((end
= strstr(str
,"\nrouter "))) {
737 } else if ((end
= strstr(str
, "\ndirectory-signature"))) {
740 end
= str
+ strlen(str
);
743 if (tokenize_string(area
,str
,end
,tokens
,dir_token_table
,0)) {
744 log_warn(LD_DIR
, "Error tokenizing directory"); goto err
;
747 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
748 tor_assert(tok
->n_args
== 1);
750 if (parse_iso_time(tok
->args
[0], &published_on
) < 0) {
754 /* Now that we know the signature is okay, and we have a
755 * publication time, cache the directory. */
756 if (directory_caches_v1_dir_info(get_options()) &&
757 !authdir_mode_v1(get_options()))
758 dirserv_set_cached_directory(str
, published_on
, 0);
765 if (declared_key
) crypto_free_pk_env(declared_key
);
767 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
768 smartlist_free(tokens
);
771 DUMP_AREA(area
, "v1 directory");
772 memarea_drop_all(area
);
777 /** Read a signed router status statement from <b>str</b>. If it's
778 * well-formed, return 0. Otherwise, return -1. If we're a directory cache,
781 router_parse_runningrouters(const char *str
)
783 char digest
[DIGEST_LEN
];
784 directory_token_t
*tok
;
787 crypto_pk_env_t
*declared_key
= NULL
;
788 smartlist_t
*tokens
= NULL
;
789 const char *eos
= str
+ strlen(str
);
790 memarea_t
*area
= NULL
;
792 if (router_get_runningrouters_hash(str
, digest
)) {
793 log_warn(LD_DIR
, "Unable to compute digest of running-routers");
796 area
= memarea_new();
797 tokens
= smartlist_create();
798 if (tokenize_string(area
,str
,eos
,tokens
,dir_token_table
,0)) {
799 log_warn(LD_DIR
, "Error tokenizing running-routers"); goto err
;
801 tok
= smartlist_get(tokens
,0);
802 if (tok
->tp
!= K_NETWORK_STATUS
) {
803 log_warn(LD_DIR
, "Network-status starts with wrong token");
807 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
808 tor_assert(tok
->n_args
== 1);
809 if (parse_iso_time(tok
->args
[0], &published_on
) < 0) {
812 if (!(tok
= find_opt_by_keyword(tokens
, K_DIRECTORY_SIGNATURE
))) {
813 log_warn(LD_DIR
, "Missing signature on running-routers");
816 declared_key
= find_dir_signing_key(str
, eos
);
817 note_crypto_pk_op(VERIFY_DIR
);
818 if (check_signature_token(digest
, tok
, declared_key
,
819 CST_CHECK_AUTHORITY
, "running-routers")
823 /* Now that we know the signature is okay, and we have a
824 * publication time, cache the list. */
825 if (get_options()->DirPort
&& !authdir_mode_v1(get_options()))
826 dirserv_set_cached_directory(str
, published_on
, 1);
830 if (declared_key
) crypto_free_pk_env(declared_key
);
832 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
833 smartlist_free(tokens
);
836 DUMP_AREA(area
, "v1 running-routers");
837 memarea_drop_all(area
);
842 /** Given a directory or running-routers string in <b>str</b>, try to
843 * find the its dir-signing-key token (if any). If this token is
844 * present, extract and return the key. Return NULL on failure. */
845 static crypto_pk_env_t
*
846 find_dir_signing_key(const char *str
, const char *eos
)
849 directory_token_t
*tok
;
850 crypto_pk_env_t
*key
= NULL
;
851 memarea_t
*area
= NULL
;
855 /* Is there a dir-signing-key in the directory? */
856 cp
= tor_memstr(str
, eos
-str
, "\nopt dir-signing-key");
858 cp
= tor_memstr(str
, eos
-str
, "\ndir-signing-key");
861 ++cp
; /* Now cp points to the start of the token. */
863 area
= memarea_new();
864 tok
= get_next_token(area
, &cp
, eos
, dir_token_table
);
866 log_warn(LD_DIR
, "Unparseable dir-signing-key token");
869 if (tok
->tp
!= K_DIR_SIGNING_KEY
) {
870 log_warn(LD_DIR
, "Dir-signing-key token did not parse as expected");
876 tok
->key
= NULL
; /* steal reference. */
878 log_warn(LD_DIR
, "Dir-signing-key token contained no key");
882 if (tok
) token_free(tok
);
884 DUMP_AREA(area
, "dir-signing-key token");
885 memarea_drop_all(area
);
890 /** Return true iff <b>key</b> is allowed to sign directories.
893 dir_signing_key_is_trusted(crypto_pk_env_t
*key
)
895 char digest
[DIGEST_LEN
];
897 if (crypto_pk_get_digest(key
, digest
) < 0) {
898 log_warn(LD_DIR
, "Error computing dir-signing-key digest");
901 if (!router_digest_is_trusted_dir(digest
)) {
902 log_warn(LD_DIR
, "Listed dir-signing-key is not trusted");
908 /** Check whether the object body of the token in <b>tok</b> has a good
909 * signature for <b>digest</b> using key <b>pkey</b>. If
910 * <b>CST_CHECK_AUTHORITY</b> is set, make sure that <b>pkey</b> is the key of
911 * a directory authority. If <b>CST_NO_CHECK_OBJTYPE</b> is set, do not check
912 * the object type of the signature object. Use <b>doctype</b> as the type of
913 * the document when generating log messages. Return 0 on success, negative
917 check_signature_token(const char *digest
,
918 directory_token_t
*tok
,
919 crypto_pk_env_t
*pkey
,
924 const int check_authority
= (flags
& CST_CHECK_AUTHORITY
);
925 const int check_objtype
= ! (flags
& CST_NO_CHECK_OBJTYPE
);
932 if (check_authority
&& !dir_signing_key_is_trusted(pkey
)) {
933 log_warn(LD_DIR
, "Key on %s did not come from an authority; rejecting",
939 if (strcmp(tok
->object_type
, "SIGNATURE")) {
940 log_warn(LD_DIR
, "Bad object type on %s signature", doctype
);
945 signed_digest
= tor_malloc(tok
->object_size
);
946 if (crypto_pk_public_checksig(pkey
, signed_digest
, tok
->object_body
,
949 log_warn(LD_DIR
, "Error reading %s: invalid signature.", doctype
);
950 tor_free(signed_digest
);
953 // log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
954 // hex_str(signed_digest,4));
955 if (memcmp(digest
, signed_digest
, DIGEST_LEN
)) {
956 log_warn(LD_DIR
, "Error reading %s: signature does not match.", doctype
);
957 tor_free(signed_digest
);
960 tor_free(signed_digest
);
964 /** Helper: move *<b>s_ptr</b> ahead to the next router, the next extra-info,
965 * or to the first of the annotations proceeding the next router or
966 * extra-info---whichever comes first. Set <b>is_extrainfo_out</b> to true if
967 * we found an extrainfo, or false if found a router. Do not scan beyond
968 * <b>eos</b>. Return -1 if we found nothing; 0 if we found something. */
970 find_start_of_next_router_or_extrainfo(const char **s_ptr
,
972 int *is_extrainfo_out
)
974 const char *annotations
= NULL
;
975 const char *s
= *s_ptr
;
977 s
= eat_whitespace_eos(s
, eos
);
979 while (s
< eos
-32) { /* 32 gives enough room for a the first keyword. */
980 /* We're at the start of a line. */
981 tor_assert(*s
!= '\n');
983 if (*s
== '@' && !annotations
) {
985 } else if (*s
== 'r' && !strcmpstart(s
, "router ")) {
986 *s_ptr
= annotations
? annotations
: s
;
987 *is_extrainfo_out
= 0;
989 } else if (*s
== 'e' && !strcmpstart(s
, "extra-info ")) {
990 *s_ptr
= annotations
? annotations
: s
;
991 *is_extrainfo_out
= 1;
995 if (!(s
= memchr(s
+1, '\n', eos
-(s
+1))))
997 s
= eat_whitespace_eos(s
, eos
);
1002 /** Given a string *<b>s</b> containing a concatenated sequence of router
1003 * descriptors (or extra-info documents if <b>is_extrainfo</b> is set), parses
1004 * them and stores the result in <b>dest</b>. All routers are marked running
1005 * and valid. Advances *s to a point immediately following the last router
1006 * entry. Ignore any trailing router entries that are not complete.
1008 * If <b>saved_location</b> isn't SAVED_IN_CACHE, make a local copy of each
1009 * descriptor in the signed_descriptor_body field of each routerinfo_t. If it
1010 * isn't SAVED_NOWHERE, remember the offset of each descriptor.
1012 * Returns 0 on success and -1 on failure.
1015 router_parse_list_from_string(const char **s
, const char *eos
,
1017 saved_location_t saved_location
,
1019 int allow_annotations
,
1020 const char *prepend_annotations
)
1022 routerinfo_t
*router
;
1023 extrainfo_t
*extrainfo
;
1024 signed_descriptor_t
*signed_desc
;
1026 const char *end
, *start
;
1035 eos
= *s
+ strlen(*s
);
1037 tor_assert(eos
>= *s
);
1040 if (find_start_of_next_router_or_extrainfo(s
, eos
, &have_extrainfo
) < 0)
1043 end
= tor_memstr(*s
, eos
-*s
, "\nrouter-signature");
1045 end
= tor_memstr(end
, eos
-end
, "\n-----END SIGNATURE-----\n");
1047 end
+= strlen("\n-----END SIGNATURE-----\n");
1054 if (have_extrainfo
&& want_extrainfo
) {
1055 routerlist_t
*rl
= router_get_routerlist();
1056 extrainfo
= extrainfo_parse_entry_from_string(*s
, end
,
1057 saved_location
!= SAVED_IN_CACHE
,
1060 signed_desc
= &extrainfo
->cache_info
;
1063 } else if (!have_extrainfo
&& !want_extrainfo
) {
1064 router
= router_parse_entry_from_string(*s
, end
,
1065 saved_location
!= SAVED_IN_CACHE
,
1067 prepend_annotations
);
1069 log_debug(LD_DIR
, "Read router '%s', purpose '%s'",
1070 router
->nickname
, router_purpose_to_string(router
->purpose
));
1071 signed_desc
= &router
->cache_info
;
1079 if (saved_location
!= SAVED_NOWHERE
) {
1080 signed_desc
->saved_location
= saved_location
;
1081 signed_desc
->saved_offset
= *s
- start
;
1084 smartlist_add(dest
, elt
);
1090 /* For debugging: define to count every descriptor digest we've seen so we
1091 * know if we need to try harder to avoid duplicate verifies. */
1092 #undef COUNT_DISTINCT_DIGESTS
1094 #ifdef COUNT_DISTINCT_DIGESTS
1095 static digestmap_t
*verified_digests
= NULL
;
1098 /** Log the total count of the number of distinct router digests we've ever
1099 * verified. When compared to the number of times we've verified routerdesc
1100 * signatures <i>in toto</i>, this will tell us if we're doing too much
1101 * multiple-verification. */
1103 dump_distinct_digest_count(int severity
)
1105 #ifdef COUNT_DISTINCT_DIGESTS
1106 if (!verified_digests
)
1107 verified_digests
= digestmap_new();
1108 log(severity
, LD_GENERAL
, "%d *distinct* router digests verified",
1109 digestmap_size(verified_digests
));
1111 (void)severity
; /* suppress "unused parameter" warning */
1115 /** Helper function: reads a single router entry from *<b>s</b> ...
1116 * *<b>end</b>. Mallocs a new router and returns it if all goes well, else
1117 * returns NULL. If <b>cache_copy</b> is true, duplicate the contents of
1118 * s through end into the signed_descriptor_body of the resulting
1121 * If <b>allow_annotations</b>, it's okay to encounter annotations in <b>s</b>
1122 * before the router; if it's false, reject the router if it's annotated. If
1123 * <b>prepend_annotations</b> is set, it should contain some annotations:
1124 * append them to the front of the router before parsing it, and keep them
1125 * around when caching the router.
1127 * Only one of allow_annotations and prepend_annotations may be set.
1130 router_parse_entry_from_string(const char *s
, const char *end
,
1131 int cache_copy
, int allow_annotations
,
1132 const char *prepend_annotations
)
1134 routerinfo_t
*router
= NULL
;
1136 smartlist_t
*tokens
= NULL
, *exit_policy_tokens
= NULL
;
1137 directory_token_t
*tok
;
1139 const char *start_of_annotations
, *cp
;
1140 size_t prepend_len
= prepend_annotations
? strlen(prepend_annotations
) : 0;
1142 memarea_t
*area
= NULL
;
1144 tor_assert(!allow_annotations
|| !prepend_annotations
);
1147 end
= s
+ strlen(s
);
1150 /* point 'end' to a point immediately after the final newline. */
1151 while (end
> s
+2 && *(end
-1) == '\n' && *(end
-2) == '\n')
1154 area
= memarea_new();
1155 tokens
= smartlist_create();
1156 if (prepend_annotations
) {
1157 if (tokenize_string(area
,prepend_annotations
,NULL
,tokens
,
1158 routerdesc_token_table
,TS_NOCHECK
)) {
1159 log_warn(LD_DIR
, "Error tokenizing router descriptor (annotations).");
1164 start_of_annotations
= s
;
1165 cp
= tor_memstr(s
, end
-s
, "\nrouter ");
1167 if (end
-s
< 7 || strcmpstart(s
, "router ")) {
1168 log_warn(LD_DIR
, "No router keyword found.");
1175 if (allow_annotations
&& start_of_annotations
!= s
) {
1176 if (tokenize_string(area
,start_of_annotations
,s
,tokens
,
1177 routerdesc_token_table
,TS_NOCHECK
)) {
1178 log_warn(LD_DIR
, "Error tokenizing router descriptor (annotations).");
1183 if (router_get_router_hash(s
, digest
) < 0) {
1184 log_warn(LD_DIR
, "Couldn't compute router hash.");
1189 if (allow_annotations
)
1190 flags
|= TS_ANNOTATIONS_OK
;
1191 if (prepend_annotations
)
1192 flags
|= TS_ANNOTATIONS_OK
|TS_NO_NEW_ANNOTATIONS
;
1194 if (tokenize_string(area
,s
,end
,tokens
,routerdesc_token_table
, flags
)) {
1195 log_warn(LD_DIR
, "Error tokenizing router descriptor.");
1200 if (smartlist_len(tokens
) < 2) {
1201 log_warn(LD_DIR
, "Impossibly short router descriptor.");
1205 tok
= find_by_keyword(tokens
, K_ROUTER
);
1206 tor_assert(tok
->n_args
>= 5);
1208 router
= tor_malloc_zero(sizeof(routerinfo_t
));
1209 router
->country
= -1;
1210 router
->cache_info
.routerlist_index
= -1;
1211 router
->cache_info
.annotations_len
= s
-start_of_annotations
+ prepend_len
;
1212 router
->cache_info
.signed_descriptor_len
= end
-s
;
1214 size_t len
= router
->cache_info
.signed_descriptor_len
+
1215 router
->cache_info
.annotations_len
;
1217 router
->cache_info
.signed_descriptor_body
= tor_malloc(len
+1);
1218 if (prepend_annotations
) {
1219 memcpy(cp
, prepend_annotations
, prepend_len
);
1222 /* This assertion will always succeed.
1223 * len == signed_desc_len + annotations_len
1224 * == end-s + s-start_of_annotations + prepend_len
1225 * == end-start_of_annotations + prepend_len
1226 * We already wrote prepend_len bytes into the buffer; now we're
1227 * writing end-start_of_annotations -NM. */
1228 tor_assert(cp
+(end
-start_of_annotations
) ==
1229 router
->cache_info
.signed_descriptor_body
+len
);
1230 memcpy(cp
, start_of_annotations
, end
-start_of_annotations
);
1231 router
->cache_info
.signed_descriptor_body
[len
] = '\0';
1232 tor_assert(strlen(router
->cache_info
.signed_descriptor_body
) == len
);
1234 memcpy(router
->cache_info
.signed_descriptor_digest
, digest
, DIGEST_LEN
);
1236 router
->nickname
= tor_strdup(tok
->args
[0]);
1237 if (!is_legal_nickname(router
->nickname
)) {
1238 log_warn(LD_DIR
,"Router nickname is invalid");
1241 router
->address
= tor_strdup(tok
->args
[1]);
1242 if (!tor_inet_aton(router
->address
, &in
)) {
1243 log_warn(LD_DIR
,"Router address is not an IP address.");
1246 router
->addr
= ntohl(in
.s_addr
);
1249 (uint16_t) tor_parse_long(tok
->args
[2],10,0,65535,&ok
,NULL
);
1251 log_warn(LD_DIR
,"Invalid OR port %s", escaped(tok
->args
[2]));
1255 (uint16_t) tor_parse_long(tok
->args
[4],10,0,65535,&ok
,NULL
);
1257 log_warn(LD_DIR
,"Invalid dir port %s", escaped(tok
->args
[4]));
1261 tok
= find_by_keyword(tokens
, K_BANDWIDTH
);
1262 tor_assert(tok
->n_args
>= 3);
1263 router
->bandwidthrate
= (int)
1264 tor_parse_long(tok
->args
[0],10,1,INT_MAX
,&ok
,NULL
);
1267 log_warn(LD_DIR
, "bandwidthrate %s unreadable or 0. Failing.",
1268 escaped(tok
->args
[0]));
1271 router
->bandwidthburst
=
1272 (int) tor_parse_long(tok
->args
[1],10,0,INT_MAX
,&ok
,NULL
);
1274 log_warn(LD_DIR
, "Invalid bandwidthburst %s", escaped(tok
->args
[1]));
1277 router
->bandwidthcapacity
= (int)
1278 tor_parse_long(tok
->args
[2],10,0,INT_MAX
,&ok
,NULL
);
1280 log_warn(LD_DIR
, "Invalid bandwidthcapacity %s", escaped(tok
->args
[1]));
1284 if ((tok
= find_opt_by_keyword(tokens
, A_PURPOSE
))) {
1285 tor_assert(tok
->n_args
);
1286 router
->purpose
= router_purpose_from_string(tok
->args
[0]);
1288 router
->purpose
= ROUTER_PURPOSE_GENERAL
;
1290 router
->cache_info
.send_unencrypted
=
1291 (router
->purpose
== ROUTER_PURPOSE_GENERAL
) ? 1 : 0;
1293 if ((tok
= find_opt_by_keyword(tokens
, K_UPTIME
))) {
1294 tor_assert(tok
->n_args
>= 1);
1295 router
->uptime
= tor_parse_long(tok
->args
[0],10,0,LONG_MAX
,&ok
,NULL
);
1297 log_warn(LD_DIR
, "Invalid uptime %s", escaped(tok
->args
[0]));
1302 if ((tok
= find_opt_by_keyword(tokens
, K_HIBERNATING
))) {
1303 tor_assert(tok
->n_args
>= 1);
1304 router
->is_hibernating
1305 = (tor_parse_long(tok
->args
[0],10,0,LONG_MAX
,NULL
,NULL
) != 0);
1308 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
1309 tor_assert(tok
->n_args
== 1);
1310 if (parse_iso_time(tok
->args
[0], &router
->cache_info
.published_on
) < 0)
1313 tok
= find_by_keyword(tokens
, K_ONION_KEY
);
1314 router
->onion_pkey
= tok
->key
;
1315 tok
->key
= NULL
; /* Prevent free */
1317 tok
= find_by_keyword(tokens
, K_SIGNING_KEY
);
1318 router
->identity_pkey
= tok
->key
;
1319 tok
->key
= NULL
; /* Prevent free */
1320 if (crypto_pk_get_digest(router
->identity_pkey
,
1321 router
->cache_info
.identity_digest
)) {
1322 log_warn(LD_DIR
, "Couldn't calculate key digest"); goto err
;
1325 if ((tok
= find_opt_by_keyword(tokens
, K_FINGERPRINT
))) {
1326 /* If there's a fingerprint line, it must match the identity digest. */
1328 tor_assert(tok
->n_args
== 1);
1329 tor_strstrip(tok
->args
[0], " ");
1330 if (base16_decode(d
, DIGEST_LEN
, tok
->args
[0], strlen(tok
->args
[0]))) {
1331 log_warn(LD_DIR
, "Couldn't decode router fingerprint %s",
1332 escaped(tok
->args
[0]));
1335 if (memcmp(d
,router
->cache_info
.identity_digest
, DIGEST_LEN
)!=0) {
1336 log_warn(LD_DIR
, "Fingerprint '%s' does not match identity digest.",
1342 if ((tok
= find_opt_by_keyword(tokens
, K_PLATFORM
))) {
1343 router
->platform
= tor_strdup(tok
->args
[0]);
1346 if ((tok
= find_opt_by_keyword(tokens
, K_CONTACT
))) {
1347 router
->contact_info
= tor_strdup(tok
->args
[0]);
1350 if ((tok
= find_opt_by_keyword(tokens
, K_EVENTDNS
))) {
1351 router
->has_old_dnsworkers
= tok
->n_args
&& !strcmp(tok
->args
[0], "0");
1352 } else if (router
->platform
) {
1353 if (! tor_version_as_new_as(router
->platform
, "0.1.2.2-alpha"))
1354 router
->has_old_dnsworkers
= 1;
1357 exit_policy_tokens
= find_all_exitpolicy(tokens
);
1358 if (!smartlist_len(exit_policy_tokens
)) {
1359 log_warn(LD_DIR
, "No exit policy tokens in descriptor.");
1362 SMARTLIST_FOREACH(exit_policy_tokens
, directory_token_t
*, t
,
1363 if (router_add_exit_policy(router
,t
)<0) {
1364 log_warn(LD_DIR
,"Error in exit policy");
1367 policy_expand_private(&router
->exit_policy
);
1368 if (policy_is_reject_star(router
->exit_policy
))
1369 router
->policy_is_reject_star
= 1;
1371 if ((tok
= find_opt_by_keyword(tokens
, K_FAMILY
)) && tok
->n_args
) {
1373 router
->declared_family
= smartlist_create();
1374 for (i
=0;i
<tok
->n_args
;++i
) {
1375 if (!is_legal_nickname_or_hexdigest(tok
->args
[i
])) {
1376 log_warn(LD_DIR
, "Illegal nickname %s in family line",
1377 escaped(tok
->args
[i
]));
1380 smartlist_add(router
->declared_family
, tor_strdup(tok
->args
[i
]));
1384 if ((tok
= find_opt_by_keyword(tokens
, K_CACHES_EXTRA_INFO
)))
1385 router
->caches_extra_info
= 1;
1387 if ((tok
= find_opt_by_keyword(tokens
, K_ALLOW_SINGLE_HOP_EXITS
)))
1388 router
->allow_single_hop_exits
= 1;
1390 if ((tok
= find_opt_by_keyword(tokens
, K_EXTRA_INFO_DIGEST
))) {
1391 tor_assert(tok
->n_args
>= 1);
1392 if (strlen(tok
->args
[0]) == HEX_DIGEST_LEN
) {
1393 base16_decode(router
->cache_info
.extra_info_digest
,
1394 DIGEST_LEN
, tok
->args
[0], HEX_DIGEST_LEN
);
1396 log_warn(LD_DIR
, "Invalid extra info digest %s", escaped(tok
->args
[0]));
1400 if ((tok
= find_opt_by_keyword(tokens
, K_HIDDEN_SERVICE_DIR
))) {
1401 router
->wants_to_be_hs_dir
= 1;
1404 tok
= find_by_keyword(tokens
, K_ROUTER_SIGNATURE
);
1405 note_crypto_pk_op(VERIFY_RTR
);
1406 #ifdef COUNT_DISTINCT_DIGESTS
1407 if (!verified_digests
)
1408 verified_digests
= digestmap_new();
1409 digestmap_set(verified_digests
, signed_digest
, (void*)(uintptr_t)1);
1411 if (check_signature_token(digest
, tok
, router
->identity_pkey
, 0,
1412 "router descriptor") < 0)
1415 routerinfo_set_country(router
);
1417 if (!router
->or_port
) {
1418 log_warn(LD_DIR
,"or_port unreadable or 0. Failing.");
1422 if (!router
->platform
) {
1423 router
->platform
= tor_strdup("<unknown>");
1429 routerinfo_free(router
);
1433 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1434 smartlist_free(tokens
);
1436 if (exit_policy_tokens
) {
1437 smartlist_free(exit_policy_tokens
);
1440 DUMP_AREA(area
, "routerinfo");
1441 memarea_drop_all(area
);
1446 /** Parse a single extrainfo entry from the string <b>s</b>, ending at
1447 * <b>end</b>. (If <b>end</b> is NULL, parse up to the end of <b>s</b>.) If
1448 * <b>cache_copy</b> is true, make a copy of the extra-info document in the
1449 * cache_info fields of the result. If <b>routermap</b> is provided, use it
1450 * as a map from router identity to routerinfo_t when looking up signing keys.
1453 extrainfo_parse_entry_from_string(const char *s
, const char *end
,
1454 int cache_copy
, struct digest_ri_map_t
*routermap
)
1456 extrainfo_t
*extrainfo
= NULL
;
1458 smartlist_t
*tokens
= NULL
;
1459 directory_token_t
*tok
;
1460 crypto_pk_env_t
*key
= NULL
;
1461 routerinfo_t
*router
= NULL
;
1462 memarea_t
*area
= NULL
;
1465 end
= s
+ strlen(s
);
1468 /* point 'end' to a point immediately after the final newline. */
1469 while (end
> s
+2 && *(end
-1) == '\n' && *(end
-2) == '\n')
1472 if (router_get_extrainfo_hash(s
, digest
) < 0) {
1473 log_warn(LD_DIR
, "Couldn't compute router hash.");
1476 tokens
= smartlist_create();
1477 area
= memarea_new();
1478 if (tokenize_string(area
,s
,end
,tokens
,extrainfo_token_table
,0)) {
1479 log_warn(LD_DIR
, "Error tokenizing extra-info document.");
1483 if (smartlist_len(tokens
) < 2) {
1484 log_warn(LD_DIR
, "Impossibly short extra-info document.");
1488 tok
= smartlist_get(tokens
,0);
1489 if (tok
->tp
!= K_EXTRA_INFO
) {
1490 log_warn(LD_DIR
,"Entry does not start with \"extra-info\"");
1494 extrainfo
= tor_malloc_zero(sizeof(extrainfo_t
));
1495 extrainfo
->cache_info
.is_extrainfo
= 1;
1497 extrainfo
->cache_info
.signed_descriptor_body
= tor_strndup(s
, end
-s
);
1498 extrainfo
->cache_info
.signed_descriptor_len
= end
-s
;
1499 memcpy(extrainfo
->cache_info
.signed_descriptor_digest
, digest
, DIGEST_LEN
);
1501 tor_assert(tok
->n_args
>= 2);
1502 if (!is_legal_nickname(tok
->args
[0])) {
1503 log_warn(LD_DIR
,"Bad nickname %s on \"extra-info\"",escaped(tok
->args
[0]));
1506 strlcpy(extrainfo
->nickname
, tok
->args
[0], sizeof(extrainfo
->nickname
));
1507 if (strlen(tok
->args
[1]) != HEX_DIGEST_LEN
||
1508 base16_decode(extrainfo
->cache_info
.identity_digest
, DIGEST_LEN
,
1509 tok
->args
[1], HEX_DIGEST_LEN
)) {
1510 log_warn(LD_DIR
,"Invalid fingerprint %s on \"extra-info\"",
1511 escaped(tok
->args
[1]));
1515 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
1516 if (parse_iso_time(tok
->args
[0], &extrainfo
->cache_info
.published_on
)) {
1517 log_warn(LD_DIR
,"Invalid published time %s on \"extra-info\"",
1518 escaped(tok
->args
[0]));
1523 (router
= digestmap_get((digestmap_t
*)routermap
,
1524 extrainfo
->cache_info
.identity_digest
))) {
1525 key
= router
->identity_pkey
;
1528 tok
= find_by_keyword(tokens
, K_ROUTER_SIGNATURE
);
1529 if (strcmp(tok
->object_type
, "SIGNATURE") ||
1530 tok
->object_size
< 128 || tok
->object_size
> 512) {
1531 log_warn(LD_DIR
, "Bad object type or length on extra-info signature");
1536 note_crypto_pk_op(VERIFY_RTR
);
1537 if (check_signature_token(digest
, tok
, key
, 0, "extra-info") < 0)
1541 extrainfo
->cache_info
.send_unencrypted
=
1542 router
->cache_info
.send_unencrypted
;
1544 extrainfo
->pending_sig
= tor_memdup(tok
->object_body
,
1546 extrainfo
->pending_sig_len
= tok
->object_size
;
1552 extrainfo_free(extrainfo
);
1556 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1557 smartlist_free(tokens
);
1560 DUMP_AREA(area
, "extrainfo");
1561 memarea_drop_all(area
);
1566 /** Parse a key certificate from <b>s</b>; point <b>end-of-string</b> to
1567 * the first character after the certificate. */
1569 authority_cert_parse_from_string(const char *s
, const char **end_of_string
)
1571 authority_cert_t
*cert
= NULL
, *old_cert
;
1572 smartlist_t
*tokens
= NULL
;
1573 char digest
[DIGEST_LEN
];
1574 directory_token_t
*tok
;
1575 char fp_declared
[DIGEST_LEN
];
1579 memarea_t
*area
= NULL
;
1581 s
= eat_whitespace(s
);
1582 eos
= strstr(s
, "\ndir-key-certification");
1584 log_warn(LD_DIR
, "No signature found on key certificate");
1587 eos
= strstr(eos
, "\n-----END SIGNATURE-----\n");
1589 log_warn(LD_DIR
, "No end-of-signature found on key certificate");
1592 eos
= strchr(eos
+2, '\n');
1597 tokens
= smartlist_create();
1598 area
= memarea_new();
1599 if (tokenize_string(area
,s
, eos
, tokens
, dir_key_certificate_table
, 0) < 0) {
1600 log_warn(LD_DIR
, "Error tokenizing key certificate");
1603 if (router_get_hash_impl(s
, digest
, "dir-key-certificate-version",
1604 "\ndir-key-certification", '\n') < 0)
1606 tok
= smartlist_get(tokens
, 0);
1607 if (tok
->tp
!= K_DIR_KEY_CERTIFICATE_VERSION
|| strcmp(tok
->args
[0], "3")) {
1609 "Key certificate does not begin with a recognized version (3).");
1613 cert
= tor_malloc_zero(sizeof(authority_cert_t
));
1614 memcpy(cert
->cache_info
.signed_descriptor_digest
, digest
, DIGEST_LEN
);
1616 tok
= find_by_keyword(tokens
, K_DIR_SIGNING_KEY
);
1617 tor_assert(tok
->key
);
1618 cert
->signing_key
= tok
->key
;
1620 if (crypto_pk_get_digest(cert
->signing_key
, cert
->signing_key_digest
))
1623 tok
= find_by_keyword(tokens
, K_DIR_IDENTITY_KEY
);
1624 tor_assert(tok
->key
);
1625 cert
->identity_key
= tok
->key
;
1628 tok
= find_by_keyword(tokens
, K_FINGERPRINT
);
1629 tor_assert(tok
->n_args
);
1630 if (base16_decode(fp_declared
, DIGEST_LEN
, tok
->args
[0],
1631 strlen(tok
->args
[0]))) {
1632 log_warn(LD_DIR
, "Couldn't decode key certificate fingerprint %s",
1633 escaped(tok
->args
[0]));
1637 if (crypto_pk_get_digest(cert
->identity_key
,
1638 cert
->cache_info
.identity_digest
))
1641 if (memcmp(cert
->cache_info
.identity_digest
, fp_declared
, DIGEST_LEN
)) {
1642 log_warn(LD_DIR
, "Digest of certificate key didn't match declared "
1647 tok
= find_opt_by_keyword(tokens
, K_DIR_ADDRESS
);
1649 tor_assert(tok
->n_args
);
1650 if (parse_addr_port(LOG_WARN
, tok
->args
[0], NULL
, &cert
->addr
,
1651 &cert
->dir_port
)<0) {
1652 log_warn(LD_DIR
, "Couldn't parse dir-address in certificate");
1657 tok
= find_by_keyword(tokens
, K_DIR_KEY_PUBLISHED
);
1658 if (parse_iso_time(tok
->args
[0], &cert
->cache_info
.published_on
) < 0) {
1661 tok
= find_by_keyword(tokens
, K_DIR_KEY_EXPIRES
);
1662 if (parse_iso_time(tok
->args
[0], &cert
->expires
) < 0) {
1666 tok
= smartlist_get(tokens
, smartlist_len(tokens
)-1);
1667 if (tok
->tp
!= K_DIR_KEY_CERTIFICATION
) {
1668 log_warn(LD_DIR
, "Certificate didn't end with dir-key-certification.");
1672 /* If we already have this cert, don't bother checking the signature. */
1673 old_cert
= authority_cert_get_by_digests(
1674 cert
->cache_info
.identity_digest
,
1675 cert
->signing_key_digest
);
1678 /* XXXX We could just compare signed_descriptor_digest, but that wouldn't
1680 if (old_cert
->cache_info
.signed_descriptor_len
== len
&&
1681 old_cert
->cache_info
.signed_descriptor_body
&&
1682 !memcmp(s
, old_cert
->cache_info
.signed_descriptor_body
, len
)) {
1683 log_debug(LD_DIR
, "We already checked the signature on this "
1684 "certificate; no need to do so again.");
1686 cert
->is_cross_certified
= old_cert
->is_cross_certified
;
1690 if (check_signature_token(digest
, tok
, cert
->identity_key
, 0,
1691 "key certificate")) {
1695 if ((tok
= find_opt_by_keyword(tokens
, K_DIR_KEY_CROSSCERT
))) {
1696 /* XXXX Once all authorities generate cross-certified certificates,
1697 * make this field mandatory. */
1698 if (check_signature_token(cert
->cache_info
.identity_digest
,
1701 CST_NO_CHECK_OBJTYPE
,
1702 "key cross-certification")) {
1705 cert
->is_cross_certified
= 1;
1709 cert
->cache_info
.signed_descriptor_len
= len
;
1710 cert
->cache_info
.signed_descriptor_body
= tor_malloc(len
+1);
1711 memcpy(cert
->cache_info
.signed_descriptor_body
, s
, len
);
1712 cert
->cache_info
.signed_descriptor_body
[len
] = 0;
1713 cert
->cache_info
.saved_location
= SAVED_NOWHERE
;
1715 if (end_of_string
) {
1716 *end_of_string
= eat_whitespace(eos
);
1718 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1719 smartlist_free(tokens
);
1721 DUMP_AREA(area
, "authority cert");
1722 memarea_drop_all(area
);
1726 authority_cert_free(cert
);
1727 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1728 smartlist_free(tokens
);
1730 DUMP_AREA(area
, "authority cert");
1731 memarea_drop_all(area
);
1736 /** Helper: given a string <b>s</b>, return the start of the next router-status
1737 * object (starting with "r " at the start of a line). If none is found,
1738 * return the start of the next directory signature. If none is found, return
1739 * the end of the string. */
1740 static INLINE
const char *
1741 find_start_of_next_routerstatus(const char *s
)
1743 const char *eos
= strstr(s
, "\nr ");
1745 const char *eos2
= tor_memstr(s
, eos
-s
, "\ndirectory-signature");
1746 if (eos2
&& eos2
< eos
)
1751 if ((eos
= strstr(s
, "\ndirectory-signature")))
1753 return s
+ strlen(s
);
1757 /** Given a string at *<b>s</b>, containing a routerstatus object, and an
1758 * empty smartlist at <b>tokens</b>, parse and return the first router status
1759 * object in the string, and advance *<b>s</b> to just after the end of the
1760 * router status. Return NULL and advance *<b>s</b> on error.
1762 * If <b>vote</b> and <b>vote_rs</b> are provided, don't allocate a fresh
1763 * routerstatus but use <b>vote_rs</b> instead.
1765 * If <b>consensus_method</b> is nonzero, this routerstatus is part of a
1766 * consensus, and we should parse it according to the method used to
1767 * make that consensus.
1769 static routerstatus_t
*
1770 routerstatus_parse_entry_from_string(memarea_t
*area
,
1771 const char **s
, smartlist_t
*tokens
,
1772 networkstatus_t
*vote
,
1773 vote_routerstatus_t
*vote_rs
,
1774 int consensus_method
)
1777 routerstatus_t
*rs
= NULL
;
1778 directory_token_t
*tok
;
1779 char timebuf
[ISO_TIME_LEN
+1];
1782 tor_assert(bool_eq(vote
, vote_rs
));
1784 eos
= find_start_of_next_routerstatus(*s
);
1786 if (tokenize_string(area
,*s
, eos
, tokens
, rtrstatus_token_table
,0)) {
1787 log_warn(LD_DIR
, "Error tokenizing router status");
1790 if (smartlist_len(tokens
) < 1) {
1791 log_warn(LD_DIR
, "Impossibly short router status");
1794 tok
= find_by_keyword(tokens
, K_R
);
1795 tor_assert(tok
->n_args
>= 8);
1797 rs
= &vote_rs
->status
;
1799 rs
= tor_malloc_zero(sizeof(routerstatus_t
));
1802 if (!is_legal_nickname(tok
->args
[0])) {
1804 "Invalid nickname %s in router status; skipping.",
1805 escaped(tok
->args
[0]));
1808 strlcpy(rs
->nickname
, tok
->args
[0], sizeof(rs
->nickname
));
1810 if (digest_from_base64(rs
->identity_digest
, tok
->args
[1])) {
1811 log_warn(LD_DIR
, "Error decoding identity digest %s",
1812 escaped(tok
->args
[1]));
1816 if (digest_from_base64(rs
->descriptor_digest
, tok
->args
[2])) {
1817 log_warn(LD_DIR
, "Error decoding descriptor digest %s",
1818 escaped(tok
->args
[2]));
1822 if (tor_snprintf(timebuf
, sizeof(timebuf
), "%s %s",
1823 tok
->args
[3], tok
->args
[4]) < 0 ||
1824 parse_iso_time(timebuf
, &rs
->published_on
)<0) {
1825 log_warn(LD_DIR
, "Error parsing time '%s %s'",
1826 tok
->args
[3], tok
->args
[4]);
1830 if (tor_inet_aton(tok
->args
[5], &in
) == 0) {
1831 log_warn(LD_DIR
, "Error parsing router address in network-status %s",
1832 escaped(tok
->args
[5]));
1835 rs
->addr
= ntohl(in
.s_addr
);
1837 rs
->or_port
=(uint16_t) tor_parse_long(tok
->args
[6],10,0,65535,NULL
,NULL
);
1838 rs
->dir_port
= (uint16_t) tor_parse_long(tok
->args
[7],10,0,65535,NULL
,NULL
);
1840 tok
= find_opt_by_keyword(tokens
, K_S
);
1844 for (i
=0; i
< tok
->n_args
; ++i
) {
1845 int p
= smartlist_string_pos(vote
->known_flags
, tok
->args
[i
]);
1847 vote_rs
->flags
|= (1<<p
);
1849 log_warn(LD_DIR
, "Flags line had a flag %s not listed in known_flags.",
1850 escaped(tok
->args
[i
]));
1856 for (i
=0; i
< tok
->n_args
; ++i
) {
1857 if (!strcmp(tok
->args
[i
], "Exit"))
1859 else if (!strcmp(tok
->args
[i
], "Stable"))
1861 else if (!strcmp(tok
->args
[i
], "Fast"))
1863 else if (!strcmp(tok
->args
[i
], "Running"))
1865 else if (!strcmp(tok
->args
[i
], "Named"))
1867 else if (!strcmp(tok
->args
[i
], "Valid"))
1869 else if (!strcmp(tok
->args
[i
], "V2Dir"))
1871 else if (!strcmp(tok
->args
[i
], "Guard"))
1872 rs
->is_possible_guard
= 1;
1873 else if (!strcmp(tok
->args
[i
], "BadExit"))
1874 rs
->is_bad_exit
= 1;
1875 else if (!strcmp(tok
->args
[i
], "BadDirectory"))
1876 rs
->is_bad_directory
= 1;
1877 else if (!strcmp(tok
->args
[i
], "Authority"))
1878 rs
->is_authority
= 1;
1879 else if (!strcmp(tok
->args
[i
], "Unnamed") &&
1880 consensus_method
>= 2) {
1881 /* Unnamed is computed right by consensus method 2 and later. */
1883 } else if (!strcmp(tok
->args
[i
], "HSDir")) {
1888 if ((tok
= find_opt_by_keyword(tokens
, K_V
))) {
1889 tor_assert(tok
->n_args
== 1);
1890 rs
->version_known
= 1;
1891 if (strcmpstart(tok
->args
[0], "Tor ")) {
1892 rs
->version_supports_begindir
= 1;
1893 rs
->version_supports_extrainfo_upload
= 1;
1894 rs
->version_supports_conditional_consensus
= 1;
1896 rs
->version_supports_begindir
=
1897 tor_version_as_new_as(tok
->args
[0], "0.2.0.1-alpha");
1898 rs
->version_supports_extrainfo_upload
=
1899 tor_version_as_new_as(tok
->args
[0], "0.2.0.0-alpha-dev (r10070)");
1900 rs
->version_supports_v3_dir
=
1901 tor_version_as_new_as(tok
->args
[0], "0.2.0.8-alpha");
1902 rs
->version_supports_conditional_consensus
=
1903 tor_version_as_new_as(tok
->args
[0], "0.2.1.1-alpha");
1906 vote_rs
->version
= tor_strdup(tok
->args
[0]);
1910 /* handle weighting/bandwidth info */
1911 if ((tok
= find_opt_by_keyword(tokens
, K_W
))) {
1913 for (i
=0; i
< tok
->n_args
; ++i
) {
1914 if (!strcmpstart(tok
->args
[i
], "Bandwidth=")) {
1916 rs
->bandwidth
= tor_parse_ulong(strchr(tok
->args
[i
], '=')+1, 10,
1917 0, UINT32_MAX
, &ok
, NULL
);
1919 log_warn(LD_DIR
, "Invalid Bandwidth %s", escaped(tok
->args
[i
]));
1922 rs
->has_bandwidth
= 1;
1927 /* parse exit policy summaries */
1928 if ((tok
= find_opt_by_keyword(tokens
, K_P
))) {
1929 tor_assert(tok
->n_args
== 1);
1930 if (strcmpstart(tok
->args
[0], "accept ") &&
1931 strcmpstart(tok
->args
[0], "reject ")) {
1932 log_err(LD_DIR
, "Unknown exit policy summary type %s.",
1933 escaped(tok
->args
[0]));
1936 /* XXX weasel: parse this into ports and represent them somehow smart,
1937 * maybe not here but somewhere on if we need it for the client.
1938 * we should still parse it here to check it's valid tho.
1940 rs
->exitsummary
= tor_strdup(tok
->args
[0]);
1941 rs
->has_exitsummary
= 1;
1944 if (!strcasecmp(rs
->nickname
, UNNAMED_ROUTER_NICKNAME
))
1950 routerstatus_free(rs
);
1953 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
1954 smartlist_clear(tokens
);
1956 DUMP_AREA(area
, "routerstatus entry");
1957 memarea_clear(area
);
1964 /** Helper to sort a smartlist of pointers to routerstatus_t */
1966 _compare_routerstatus_entries(const void **_a
, const void **_b
)
1968 const routerstatus_t
*a
= *_a
, *b
= *_b
;
1969 return memcmp(a
->identity_digest
, b
->identity_digest
, DIGEST_LEN
);
1972 /** Helper: used in call to _smartlist_uniq to clear out duplicate entries. */
1974 _free_duplicate_routerstatus_entry(void *e
)
1977 "Network-status has two entries for the same router. "
1979 routerstatus_free(e
);
1982 /** Given a v2 network-status object in <b>s</b>, try to
1983 * parse it and return the result. Return NULL on failure. Check the
1984 * signature of the network status, but do not (yet) check the signing key for
1987 networkstatus_v2_t
*
1988 networkstatus_v2_parse_from_string(const char *s
)
1991 smartlist_t
*tokens
= smartlist_create();
1992 smartlist_t
*footer_tokens
= smartlist_create();
1993 networkstatus_v2_t
*ns
= NULL
;
1994 char ns_digest
[DIGEST_LEN
];
1995 char tmp_digest
[DIGEST_LEN
];
1997 directory_token_t
*tok
;
1999 memarea_t
*area
= NULL
;
2001 if (router_get_networkstatus_v2_hash(s
, ns_digest
)) {
2002 log_warn(LD_DIR
, "Unable to compute digest of network-status");
2006 area
= memarea_new();
2007 eos
= find_start_of_next_routerstatus(s
);
2008 if (tokenize_string(area
, s
, eos
, tokens
, netstatus_token_table
,0)) {
2009 log_warn(LD_DIR
, "Error tokenizing network-status header.");
2012 ns
= tor_malloc_zero(sizeof(networkstatus_v2_t
));
2013 memcpy(ns
->networkstatus_digest
, ns_digest
, DIGEST_LEN
);
2015 tok
= find_by_keyword(tokens
, K_NETWORK_STATUS_VERSION
);
2016 tor_assert(tok
->n_args
>= 1);
2017 if (strcmp(tok
->args
[0], "2")) {
2018 log_warn(LD_BUG
, "Got a non-v2 networkstatus. Version was "
2019 "%s", escaped(tok
->args
[0]));
2023 tok
= find_by_keyword(tokens
, K_DIR_SOURCE
);
2024 tor_assert(tok
->n_args
>= 3);
2025 ns
->source_address
= tor_strdup(tok
->args
[0]);
2026 if (tor_inet_aton(tok
->args
[1], &in
) == 0) {
2027 log_warn(LD_DIR
, "Error parsing network-status source address %s",
2028 escaped(tok
->args
[1]));
2031 ns
->source_addr
= ntohl(in
.s_addr
);
2032 ns
->source_dirport
=
2033 (uint16_t) tor_parse_long(tok
->args
[2],10,0,65535,NULL
,NULL
);
2034 if (ns
->source_dirport
== 0) {
2035 log_warn(LD_DIR
, "Directory source without dirport; skipping.");
2039 tok
= find_by_keyword(tokens
, K_FINGERPRINT
);
2040 tor_assert(tok
->n_args
);
2041 if (base16_decode(ns
->identity_digest
, DIGEST_LEN
, tok
->args
[0],
2042 strlen(tok
->args
[0]))) {
2043 log_warn(LD_DIR
, "Couldn't decode networkstatus fingerprint %s",
2044 escaped(tok
->args
[0]));
2048 if ((tok
= find_opt_by_keyword(tokens
, K_CONTACT
))) {
2049 tor_assert(tok
->n_args
);
2050 ns
->contact
= tor_strdup(tok
->args
[0]);
2053 tok
= find_by_keyword(tokens
, K_DIR_SIGNING_KEY
);
2054 tor_assert(tok
->key
);
2055 ns
->signing_key
= tok
->key
;
2058 if (crypto_pk_get_digest(ns
->signing_key
, tmp_digest
)<0) {
2059 log_warn(LD_DIR
, "Couldn't compute signing key digest");
2062 if (memcmp(tmp_digest
, ns
->identity_digest
, DIGEST_LEN
)) {
2064 "network-status fingerprint did not match dir-signing-key");
2068 if ((tok
= find_opt_by_keyword(tokens
, K_DIR_OPTIONS
))) {
2069 for (i
=0; i
< tok
->n_args
; ++i
) {
2070 if (!strcmp(tok
->args
[i
], "Names"))
2071 ns
->binds_names
= 1;
2072 if (!strcmp(tok
->args
[i
], "Versions"))
2073 ns
->recommends_versions
= 1;
2074 if (!strcmp(tok
->args
[i
], "BadExits"))
2075 ns
->lists_bad_exits
= 1;
2076 if (!strcmp(tok
->args
[i
], "BadDirectories"))
2077 ns
->lists_bad_directories
= 1;
2081 if (ns
->recommends_versions
) {
2082 if (!(tok
= find_opt_by_keyword(tokens
, K_CLIENT_VERSIONS
))) {
2083 log_warn(LD_DIR
, "Missing client-versions on versioning directory");
2086 ns
->client_versions
= tor_strdup(tok
->args
[0]);
2088 if (!(tok
= find_opt_by_keyword(tokens
, K_SERVER_VERSIONS
)) ||
2090 log_warn(LD_DIR
, "Missing server-versions on versioning directory");
2093 ns
->server_versions
= tor_strdup(tok
->args
[0]);
2096 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
2097 tor_assert(tok
->n_args
== 1);
2098 if (parse_iso_time(tok
->args
[0], &ns
->published_on
) < 0) {
2102 ns
->entries
= smartlist_create();
2104 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
2105 smartlist_clear(tokens
);
2106 memarea_clear(area
);
2107 while (!strcmpstart(s
, "r ")) {
2109 if ((rs
= routerstatus_parse_entry_from_string(area
, &s
, tokens
,
2111 smartlist_add(ns
->entries
, rs
);
2113 smartlist_sort(ns
->entries
, _compare_routerstatus_entries
);
2114 smartlist_uniq(ns
->entries
, _compare_routerstatus_entries
,
2115 _free_duplicate_routerstatus_entry
);
2117 if (tokenize_string(area
,s
, NULL
, footer_tokens
, dir_footer_token_table
,0)) {
2118 log_warn(LD_DIR
, "Error tokenizing network-status footer.");
2121 if (smartlist_len(footer_tokens
) < 1) {
2122 log_warn(LD_DIR
, "Too few items in network-status footer.");
2125 tok
= smartlist_get(footer_tokens
, smartlist_len(footer_tokens
)-1);
2126 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
) {
2128 "Expected network-status footer to end with a signature.");
2132 note_crypto_pk_op(VERIFY_DIR
);
2133 if (check_signature_token(ns_digest
, tok
, ns
->signing_key
, 0,
2134 "network-status") < 0)
2140 networkstatus_v2_free(ns
);
2143 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
2144 smartlist_free(tokens
);
2145 SMARTLIST_FOREACH(footer_tokens
, directory_token_t
*, t
, token_free(t
));
2146 smartlist_free(footer_tokens
);
2148 DUMP_AREA(area
, "v2 networkstatus");
2149 memarea_drop_all(area
);
2154 /** Parse a v3 networkstatus vote, opinion, or consensus (depending on
2155 * ns_type), from <b>s</b>, and return the result. Return NULL on failure. */
2157 networkstatus_parse_vote_from_string(const char *s
, const char **eos_out
,
2158 networkstatus_type_t ns_type
)
2160 smartlist_t
*tokens
= smartlist_create();
2161 smartlist_t
*rs_tokens
= NULL
, *footer_tokens
= NULL
;
2162 networkstatus_voter_info_t
*voter
= NULL
;
2163 networkstatus_t
*ns
= NULL
;
2164 char ns_digest
[DIGEST_LEN
];
2165 const char *cert
, *end_of_header
, *end_of_footer
;
2166 directory_token_t
*tok
;
2169 int i
, inorder
, n_signatures
= 0;
2170 memarea_t
*area
= NULL
, *rs_area
= NULL
;
2173 if (router_get_networkstatus_v3_hash(s
, ns_digest
)) {
2174 log_warn(LD_DIR
, "Unable to compute digest of network-status");
2178 area
= memarea_new();
2179 end_of_header
= find_start_of_next_routerstatus(s
);
2180 if (tokenize_string(area
, s
, end_of_header
, tokens
,
2181 (ns_type
== NS_TYPE_CONSENSUS
) ?
2182 networkstatus_consensus_token_table
:
2183 networkstatus_token_table
, 0)) {
2184 log_warn(LD_DIR
, "Error tokenizing network-status vote header");
2188 ns
= tor_malloc_zero(sizeof(networkstatus_t
));
2189 memcpy(ns
->networkstatus_digest
, ns_digest
, DIGEST_LEN
);
2191 if (ns_type
!= NS_TYPE_CONSENSUS
) {
2192 const char *end_of_cert
= NULL
;
2193 if (!(cert
= strstr(s
, "\ndir-key-certificate-version")))
2196 ns
->cert
= authority_cert_parse_from_string(cert
, &end_of_cert
);
2197 if (!ns
->cert
|| !end_of_cert
|| end_of_cert
> end_of_header
)
2201 tok
= find_by_keyword(tokens
, K_VOTE_STATUS
);
2202 tor_assert(tok
->n_args
);
2203 if (!strcmp(tok
->args
[0], "vote")) {
2204 ns
->type
= NS_TYPE_VOTE
;
2205 } else if (!strcmp(tok
->args
[0], "consensus")) {
2206 ns
->type
= NS_TYPE_CONSENSUS
;
2207 } else if (!strcmp(tok
->args
[0], "opinion")) {
2208 ns
->type
= NS_TYPE_OPINION
;
2210 log_warn(LD_DIR
, "Unrecognized vote status %s in network-status",
2211 escaped(tok
->args
[0]));
2214 if (ns_type
!= ns
->type
) {
2215 log_warn(LD_DIR
, "Got the wrong kind of v3 networkstatus.");
2219 if (ns
->type
== NS_TYPE_VOTE
|| ns
->type
== NS_TYPE_OPINION
) {
2220 tok
= find_by_keyword(tokens
, K_PUBLISHED
);
2221 if (parse_iso_time(tok
->args
[0], &ns
->published
))
2224 ns
->supported_methods
= smartlist_create();
2225 tok
= find_opt_by_keyword(tokens
, K_CONSENSUS_METHODS
);
2227 for (i
=0; i
< tok
->n_args
; ++i
)
2228 smartlist_add(ns
->supported_methods
, tor_strdup(tok
->args
[i
]));
2230 smartlist_add(ns
->supported_methods
, tor_strdup("1"));
2233 tok
= find_opt_by_keyword(tokens
, K_CONSENSUS_METHOD
);
2235 ns
->consensus_method
= (int)tor_parse_long(tok
->args
[0], 10, 1, INT_MAX
,
2240 ns
->consensus_method
= 1;
2244 tok
= find_by_keyword(tokens
, K_VALID_AFTER
);
2245 if (parse_iso_time(tok
->args
[0], &ns
->valid_after
))
2248 tok
= find_by_keyword(tokens
, K_FRESH_UNTIL
);
2249 if (parse_iso_time(tok
->args
[0], &ns
->fresh_until
))
2252 tok
= find_by_keyword(tokens
, K_VALID_UNTIL
);
2253 if (parse_iso_time(tok
->args
[0], &ns
->valid_until
))
2256 tok
= find_by_keyword(tokens
, K_VOTING_DELAY
);
2257 tor_assert(tok
->n_args
>= 2);
2259 (int) tor_parse_long(tok
->args
[0], 10, 0, INT_MAX
, &ok
, NULL
);
2263 (int) tor_parse_long(tok
->args
[1], 10, 0, INT_MAX
, &ok
, NULL
);
2266 if (ns
->valid_after
+ MIN_VOTE_INTERVAL
> ns
->fresh_until
) {
2267 log_warn(LD_DIR
, "Vote/consensus freshness interval is too short");
2270 if (ns
->valid_after
+ MIN_VOTE_INTERVAL
*2 > ns
->valid_until
) {
2271 log_warn(LD_DIR
, "Vote/consensus liveness interval is too short");
2274 if (ns
->vote_seconds
< MIN_VOTE_SECONDS
) {
2275 log_warn(LD_DIR
, "Vote seconds is too short");
2278 if (ns
->dist_seconds
< MIN_DIST_SECONDS
) {
2279 log_warn(LD_DIR
, "Dist seconds is too short");
2283 if ((tok
= find_opt_by_keyword(tokens
, K_CLIENT_VERSIONS
))) {
2284 ns
->client_versions
= tor_strdup(tok
->args
[0]);
2286 if ((tok
= find_opt_by_keyword(tokens
, K_SERVER_VERSIONS
))) {
2287 ns
->server_versions
= tor_strdup(tok
->args
[0]);
2290 tok
= find_by_keyword(tokens
, K_KNOWN_FLAGS
);
2291 ns
->known_flags
= smartlist_create();
2293 for (i
= 0; i
< tok
->n_args
; ++i
) {
2294 smartlist_add(ns
->known_flags
, tor_strdup(tok
->args
[i
]));
2295 if (i
>0 && strcmp(tok
->args
[i
-1], tok
->args
[i
])>= 0) {
2296 log_warn(LD_DIR
, "%s >= %s", tok
->args
[i
-1], tok
->args
[i
]);
2301 log_warn(LD_DIR
, "known-flags not in order");
2305 ns
->voters
= smartlist_create();
2307 SMARTLIST_FOREACH(tokens
, directory_token_t
*, _tok
,
2310 if (tok
->tp
== K_DIR_SOURCE
) {
2311 tor_assert(tok
->n_args
>= 6);
2314 smartlist_add(ns
->voters
, voter
);
2315 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2316 if (ns
->type
!= NS_TYPE_CONSENSUS
)
2317 memcpy(voter
->vote_digest
, ns_digest
, DIGEST_LEN
);
2319 voter
->nickname
= tor_strdup(tok
->args
[0]);
2320 if (strlen(tok
->args
[1]) != HEX_DIGEST_LEN
||
2321 base16_decode(voter
->identity_digest
, sizeof(voter
->identity_digest
),
2322 tok
->args
[1], HEX_DIGEST_LEN
) < 0) {
2323 log_warn(LD_DIR
, "Error decoding identity digest %s in "
2324 "network-status vote.", escaped(tok
->args
[1]));
2327 if (ns
->type
!= NS_TYPE_CONSENSUS
&&
2328 memcmp(ns
->cert
->cache_info
.identity_digest
,
2329 voter
->identity_digest
, DIGEST_LEN
)) {
2330 log_warn(LD_DIR
,"Mismatch between identities in certificate and vote");
2333 voter
->address
= tor_strdup(tok
->args
[2]);
2334 if (!tor_inet_aton(tok
->args
[3], &in
)) {
2335 log_warn(LD_DIR
, "Error decoding IP address %s in network-status.",
2336 escaped(tok
->args
[3]));
2339 voter
->addr
= ntohl(in
.s_addr
);
2340 voter
->dir_port
= (uint16_t)
2341 tor_parse_long(tok
->args
[4], 10, 0, 65535, &ok
, NULL
);
2344 voter
->or_port
= (uint16_t)
2345 tor_parse_long(tok
->args
[5], 10, 0, 65535, &ok
, NULL
);
2348 } else if (tok
->tp
== K_CONTACT
) {
2349 if (!voter
|| voter
->contact
) {
2350 log_warn(LD_DIR
, "contact element is out of place.");
2353 voter
->contact
= tor_strdup(tok
->args
[0]);
2354 } else if (tok
->tp
== K_VOTE_DIGEST
) {
2355 tor_assert(ns
->type
== NS_TYPE_CONSENSUS
);
2356 tor_assert(tok
->n_args
>= 1);
2357 if (!voter
|| ! tor_digest_is_zero(voter
->vote_digest
)) {
2358 log_warn(LD_DIR
, "vote-digest element is out of place.");
2361 if (strlen(tok
->args
[0]) != HEX_DIGEST_LEN
||
2362 base16_decode(voter
->vote_digest
, sizeof(voter
->vote_digest
),
2363 tok
->args
[0], HEX_DIGEST_LEN
) < 0) {
2364 log_warn(LD_DIR
, "Error decoding vote digest %s in "
2365 "network-status consensus.", escaped(tok
->args
[1]));
2371 smartlist_add(ns
->voters
, voter
);
2374 if (smartlist_len(ns
->voters
) == 0) {
2375 log_warn(LD_DIR
, "Missing dir-source elements in a vote networkstatus.");
2377 } else if (ns
->type
!= NS_TYPE_CONSENSUS
&& smartlist_len(ns
->voters
) != 1) {
2378 log_warn(LD_DIR
, "Too many dir-source elements in a vote networkstatus.");
2382 if (ns
->type
!= NS_TYPE_CONSENSUS
&&
2383 (tok
= find_opt_by_keyword(tokens
, K_LEGACY_DIR_KEY
))) {
2385 if (strlen(tok
->args
[0]) == HEX_DIGEST_LEN
) {
2386 networkstatus_voter_info_t
*voter
= smartlist_get(ns
->voters
, 0);
2387 if (base16_decode(voter
->legacy_id_digest
, DIGEST_LEN
,
2388 tok
->args
[0], HEX_DIGEST_LEN
)<0)
2394 log_warn(LD_DIR
, "Invalid legacy key digest %s on vote.",
2395 escaped(tok
->args
[0]));
2399 /* Parse routerstatus lines. */
2400 rs_tokens
= smartlist_create();
2401 rs_area
= memarea_new();
2403 ns
->routerstatus_list
= smartlist_create();
2405 while (!strcmpstart(s
, "r ")) {
2406 if (ns
->type
!= NS_TYPE_CONSENSUS
) {
2407 vote_routerstatus_t
*rs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2408 if (routerstatus_parse_entry_from_string(rs_area
, &s
, rs_tokens
, ns
,
2410 smartlist_add(ns
->routerstatus_list
, rs
);
2412 tor_free(rs
->version
);
2417 if ((rs
= routerstatus_parse_entry_from_string(rs_area
, &s
, rs_tokens
,
2419 ns
->consensus_method
)))
2420 smartlist_add(ns
->routerstatus_list
, rs
);
2423 for (i
= 1; i
< smartlist_len(ns
->routerstatus_list
); ++i
) {
2424 routerstatus_t
*rs1
, *rs2
;
2425 if (ns
->type
!= NS_TYPE_CONSENSUS
) {
2426 vote_routerstatus_t
*a
= smartlist_get(ns
->routerstatus_list
, i
-1);
2427 vote_routerstatus_t
*b
= smartlist_get(ns
->routerstatus_list
, i
);
2428 rs1
= &a
->status
; rs2
= &b
->status
;
2430 rs1
= smartlist_get(ns
->routerstatus_list
, i
-1);
2431 rs2
= smartlist_get(ns
->routerstatus_list
, i
);
2433 if (memcmp(rs1
->identity_digest
, rs2
->identity_digest
, DIGEST_LEN
) >= 0) {
2434 log_warn(LD_DIR
, "Vote networkstatus entries not sorted by identity "
2440 /* Parse footer; check signature. */
2441 footer_tokens
= smartlist_create();
2442 if ((end_of_footer
= strstr(s
, "\nnetwork-status-version ")))
2445 end_of_footer
= s
+ strlen(s
);
2446 if (tokenize_string(area
,s
, end_of_footer
, footer_tokens
,
2447 networkstatus_vote_footer_token_table
, 0)) {
2448 log_warn(LD_DIR
, "Error tokenizing network-status vote footer.");
2452 SMARTLIST_FOREACH(footer_tokens
, directory_token_t
*, _tok
,
2454 char declared_identity
[DIGEST_LEN
];
2455 networkstatus_voter_info_t
*v
;
2457 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
)
2459 tor_assert(tok
->n_args
>= 2);
2461 if (!tok
->object_type
||
2462 strcmp(tok
->object_type
, "SIGNATURE") ||
2463 tok
->object_size
< 128 || tok
->object_size
> 512) {
2464 log_warn(LD_DIR
, "Bad object type or length on directory-signature");
2468 if (strlen(tok
->args
[0]) != HEX_DIGEST_LEN
||
2469 base16_decode(declared_identity
, sizeof(declared_identity
),
2470 tok
->args
[0], HEX_DIGEST_LEN
) < 0) {
2471 log_warn(LD_DIR
, "Error decoding declared identity %s in "
2472 "network-status vote.", escaped(tok
->args
[0]));
2475 if (!(v
= networkstatus_get_voter_by_id(ns
, declared_identity
))) {
2476 log_warn(LD_DIR
, "ID on signature on network-status vote does not match "
2477 "any declared directory source.");
2480 if (strlen(tok
->args
[1]) != HEX_DIGEST_LEN
||
2481 base16_decode(v
->signing_key_digest
, sizeof(v
->signing_key_digest
),
2482 tok
->args
[1], HEX_DIGEST_LEN
) < 0) {
2483 log_warn(LD_DIR
, "Error decoding declared digest %s in "
2484 "network-status vote.", escaped(tok
->args
[1]));
2488 if (ns
->type
!= NS_TYPE_CONSENSUS
) {
2489 if (memcmp(declared_identity
, ns
->cert
->cache_info
.identity_digest
,
2491 log_warn(LD_DIR
, "Digest mismatch between declared and actual on "
2492 "network-status vote.");
2497 if (ns
->type
!= NS_TYPE_CONSENSUS
) {
2498 if (check_signature_token(ns_digest
, tok
, ns
->cert
->signing_key
, 0,
2499 "network-status vote"))
2501 v
->good_signature
= 1;
2503 if (tok
->object_size
>= INT_MAX
)
2505 v
->signature
= tor_memdup(tok
->object_body
, tok
->object_size
);
2506 v
->signature_len
= (int) tok
->object_size
;
2511 if (! n_signatures
) {
2512 log_warn(LD_DIR
, "No signatures on networkstatus vote.");
2517 *eos_out
= end_of_footer
;
2522 networkstatus_vote_free(ns
);
2526 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
2527 smartlist_free(tokens
);
2530 tor_free(voter
->nickname
);
2531 tor_free(voter
->address
);
2532 tor_free(voter
->contact
);
2533 tor_free(voter
->signature
);
2537 SMARTLIST_FOREACH(rs_tokens
, directory_token_t
*, t
, token_free(t
));
2538 smartlist_free(rs_tokens
);
2540 if (footer_tokens
) {
2541 SMARTLIST_FOREACH(footer_tokens
, directory_token_t
*, t
, token_free(t
));
2542 smartlist_free(footer_tokens
);
2545 DUMP_AREA(area
, "v3 networkstatus");
2546 memarea_drop_all(area
);
2549 memarea_drop_all(rs_area
);
2554 /** Parse a detached v3 networkstatus signature document between <b>s</b> and
2555 * <b>eos</b> and return the result. Return -1 on failure. */
2556 ns_detached_signatures_t
*
2557 networkstatus_parse_detached_signatures(const char *s
, const char *eos
)
2559 /* XXXX021 there is too much duplicate code here. */
2560 directory_token_t
*tok
;
2561 memarea_t
*area
= NULL
;
2563 smartlist_t
*tokens
= smartlist_create();
2564 ns_detached_signatures_t
*sigs
=
2565 tor_malloc_zero(sizeof(ns_detached_signatures_t
));
2568 eos
= s
+ strlen(s
);
2570 area
= memarea_new();
2571 if (tokenize_string(area
,s
, eos
, tokens
,
2572 networkstatus_detached_signature_token_table
, 0)) {
2573 log_warn(LD_DIR
, "Error tokenizing detached networkstatus signatures");
2577 tok
= find_by_keyword(tokens
, K_CONSENSUS_DIGEST
);
2578 if (strlen(tok
->args
[0]) != HEX_DIGEST_LEN
) {
2579 log_warn(LD_DIR
, "Wrong length on consensus-digest in detached "
2580 "networkstatus signatures");
2583 if (base16_decode(sigs
->networkstatus_digest
, DIGEST_LEN
,
2584 tok
->args
[0], strlen(tok
->args
[0])) < 0) {
2585 log_warn(LD_DIR
, "Bad encoding on on consensus-digest in detached "
2586 "networkstatus signatures");
2590 tok
= find_by_keyword(tokens
, K_VALID_AFTER
);
2591 if (parse_iso_time(tok
->args
[0], &sigs
->valid_after
)) {
2592 log_warn(LD_DIR
, "Bad valid-after in detached networkstatus signatures");
2596 tok
= find_by_keyword(tokens
, K_FRESH_UNTIL
);
2597 if (parse_iso_time(tok
->args
[0], &sigs
->fresh_until
)) {
2598 log_warn(LD_DIR
, "Bad fresh-until in detached networkstatus signatures");
2602 tok
= find_by_keyword(tokens
, K_VALID_UNTIL
);
2603 if (parse_iso_time(tok
->args
[0], &sigs
->valid_until
)) {
2604 log_warn(LD_DIR
, "Bad valid-until in detached networkstatus signatures");
2608 sigs
->signatures
= smartlist_create();
2609 SMARTLIST_FOREACH(tokens
, directory_token_t
*, _tok
,
2611 char id_digest
[DIGEST_LEN
];
2612 char sk_digest
[DIGEST_LEN
];
2613 networkstatus_voter_info_t
*voter
;
2616 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
)
2618 tor_assert(tok
->n_args
>= 2);
2620 if (!tok
->object_type
||
2621 strcmp(tok
->object_type
, "SIGNATURE") ||
2622 tok
->object_size
< 128 || tok
->object_size
> 512) {
2623 log_warn(LD_DIR
, "Bad object type or length on directory-signature");
2627 if (strlen(tok
->args
[0]) != HEX_DIGEST_LEN
||
2628 base16_decode(id_digest
, sizeof(id_digest
),
2629 tok
->args
[0], HEX_DIGEST_LEN
) < 0) {
2630 log_warn(LD_DIR
, "Error decoding declared identity %s in "
2631 "network-status vote.", escaped(tok
->args
[0]));
2634 if (strlen(tok
->args
[1]) != HEX_DIGEST_LEN
||
2635 base16_decode(sk_digest
, sizeof(sk_digest
),
2636 tok
->args
[1], HEX_DIGEST_LEN
) < 0) {
2637 log_warn(LD_DIR
, "Error decoding declared digest %s in "
2638 "network-status vote.", escaped(tok
->args
[1]));
2642 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2643 memcpy(voter
->identity_digest
, id_digest
, DIGEST_LEN
);
2644 memcpy(voter
->signing_key_digest
, sk_digest
, DIGEST_LEN
);
2645 if (tok
->object_size
>= INT_MAX
)
2647 voter
->signature
= tor_memdup(tok
->object_body
, tok
->object_size
);
2648 voter
->signature_len
= (int) tok
->object_size
;
2650 smartlist_add(sigs
->signatures
, voter
);
2655 ns_detached_signatures_free(sigs
);
2658 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
2659 smartlist_free(tokens
);
2661 DUMP_AREA(area
, "detached signatures");
2662 memarea_drop_all(area
);
2667 /** Parse the addr policy in the string <b>s</b> and return it. If
2668 * assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or
2669 * ADDR_POLICY_REJECT) for items that specify no action.
2672 router_parse_addr_policy_item_from_string(const char *s
, int assume_action
)
2674 directory_token_t
*tok
= NULL
;
2675 const char *cp
, *eos
;
2676 /* Longest possible policy is "accept ffff:ffff:..255/ffff:...255:0-65535".
2677 * But note that there can be an arbitrary amount of space between the
2678 * accept and the address:mask/port element. */
2679 char line
[TOR_ADDR_BUF_LEN
*2 + 32];
2681 memarea_t
*area
= NULL
;
2683 s
= eat_whitespace(s
);
2684 if ((*s
== '*' || TOR_ISDIGIT(*s
)) && assume_action
>= 0) {
2685 if (tor_snprintf(line
, sizeof(line
), "%s %s",
2686 assume_action
== ADDR_POLICY_ACCEPT
?"accept":"reject", s
)<0) {
2687 log_warn(LD_DIR
, "Policy %s is too long.", escaped(s
));
2692 } else { /* assume an already well-formed address policy line */
2696 eos
= cp
+ strlen(cp
);
2697 area
= memarea_new();
2698 tok
= get_next_token(area
, &cp
, eos
, routerdesc_token_table
);
2699 if (tok
->tp
== _ERR
) {
2700 log_warn(LD_DIR
, "Error reading address policy: %s", tok
->error
);
2703 if (tok
->tp
!= K_ACCEPT
&& tok
->tp
!= K_ACCEPT6
&&
2704 tok
->tp
!= K_REJECT
&& tok
->tp
!= K_REJECT6
) {
2705 log_warn(LD_DIR
, "Expected 'accept' or 'reject'.");
2709 r
= router_parse_addr_policy(tok
);
2716 DUMP_AREA(area
, "policy item");
2717 memarea_drop_all(area
);
2722 /** Add an exit policy stored in the token <b>tok</b> to the router info in
2723 * <b>router</b>. Return 0 on success, -1 on failure. */
2725 router_add_exit_policy(routerinfo_t
*router
, directory_token_t
*tok
)
2727 addr_policy_t
*newe
;
2728 newe
= router_parse_addr_policy(tok
);
2731 if (! router
->exit_policy
)
2732 router
->exit_policy
= smartlist_create();
2734 if (((tok
->tp
== K_ACCEPT6
|| tok
->tp
== K_REJECT6
) &&
2735 tor_addr_family(&newe
->addr
) == AF_INET
)
2737 ((tok
->tp
== K_ACCEPT
|| tok
->tp
== K_REJECT
) &&
2738 tor_addr_family(&newe
->addr
) == AF_INET6
)) {
2739 log_warn(LD_DIR
, "Mismatch between field type and address type in exit "
2741 addr_policy_free(newe
);
2745 smartlist_add(router
->exit_policy
, newe
);
2750 /** Given a K_ACCEPT or K_REJECT token and a router, create and return
2751 * a new exit_policy_t corresponding to the token. */
2752 static addr_policy_t
*
2753 router_parse_addr_policy(directory_token_t
*tok
)
2758 tor_assert(tok
->tp
== K_REJECT
|| tok
->tp
== K_REJECT6
||
2759 tok
->tp
== K_ACCEPT
|| tok
->tp
== K_ACCEPT6
);
2761 if (tok
->n_args
!= 1)
2765 if (!strcmpstart(arg
,"private"))
2766 return router_parse_addr_policy_private(tok
);
2768 memset(&newe
, 0, sizeof(newe
));
2770 if (tok
->tp
== K_REJECT
|| tok
->tp
== K_REJECT6
)
2771 newe
.policy_type
= ADDR_POLICY_REJECT
;
2773 newe
.policy_type
= ADDR_POLICY_ACCEPT
;
2775 if (tor_addr_parse_mask_ports(arg
, &newe
.addr
, &newe
.maskbits
,
2776 &newe
.prt_min
, &newe
.prt_max
) < 0) {
2777 log_warn(LD_DIR
,"Couldn't parse line %s. Dropping", escaped(arg
));
2781 return addr_policy_get_canonical_entry(&newe
);
2784 /** Parse an exit policy line of the format "accept/reject private:...".
2785 * This didn't exist until Tor 0.1.1.15, so nobody should generate it in
2786 * router descriptors until earlier versions are obsolete.
2788 static addr_policy_t
*
2789 router_parse_addr_policy_private(directory_token_t
*tok
)
2792 uint16_t port_min
, port_max
;
2793 addr_policy_t result
;
2796 if (strcmpstart(arg
, "private"))
2799 arg
+= strlen("private");
2800 arg
= (char*) eat_whitespace(arg
);
2801 if (!arg
|| *arg
!= ':')
2804 if (parse_port_range(arg
+1, &port_min
, &port_max
)<0)
2807 memset(&result
, 0, sizeof(result
));
2808 if (tok
->tp
== K_REJECT
|| tok
->tp
== K_REJECT6
)
2809 result
.policy_type
= ADDR_POLICY_REJECT
;
2811 result
.policy_type
= ADDR_POLICY_ACCEPT
;
2812 result
.is_private
= 1;
2813 result
.prt_min
= port_min
;
2814 result
.prt_max
= port_max
;
2816 return addr_policy_get_canonical_entry(&result
);
2819 /** Log and exit if <b>t</b> is malformed */
2821 assert_addr_policy_ok(smartlist_t
*lst
)
2824 SMARTLIST_FOREACH(lst
, addr_policy_t
*, t
, {
2825 tor_assert(t
->policy_type
== ADDR_POLICY_REJECT
||
2826 t
->policy_type
== ADDR_POLICY_ACCEPT
);
2827 tor_assert(t
->prt_min
<= t
->prt_max
);
2832 * Low-level tokenizer for router descriptors and directories.
2835 /** Free all resources allocated for <b>tok</b> */
2837 token_free(directory_token_t
*tok
)
2841 crypto_free_pk_env(tok
->key
);
2844 #define ALLOC_ZERO(sz) memarea_alloc_zero(area,sz)
2845 #define ALLOC(sz) memarea_alloc(area,sz)
2846 #define STRDUP(str) memarea_strdup(area,str)
2847 #define STRNDUP(str,n) memarea_strndup(area,(str),(n))
2849 #define RET_ERR(msg) \
2851 if (tok) token_free(tok); \
2852 tok = ALLOC_ZERO(sizeof(directory_token_t)); \
2854 tok->error = STRDUP(msg); \
2855 goto done_tokenizing; \
2858 /** Helper: make sure that the token <b>tok</b> with keyword <b>kwd</b> obeys
2859 * the object syntax of <b>o_syn</b>. Allocate all storage in <b>area</b>.
2860 * Return <b>tok</b> on success, or a new _ERR token if the token didn't
2861 * conform to the syntax we wanted.
2863 static INLINE directory_token_t
*
2864 token_check_object(memarea_t
*area
, const char *kwd
,
2865 directory_token_t
*tok
, obj_syntax o_syn
)
2870 /* No object is allowed for this token. */
2871 if (tok
->object_body
) {
2872 tor_snprintf(ebuf
, sizeof(ebuf
), "Unexpected object for %s", kwd
);
2876 tor_snprintf(ebuf
, sizeof(ebuf
), "Unexpected public key for %s", kwd
);
2881 /* There must be a (non-key) object. */
2882 if (!tok
->object_body
) {
2883 tor_snprintf(ebuf
, sizeof(ebuf
), "Missing object for %s", kwd
);
2887 case NEED_KEY_1024
: /* There must be a 1024-bit public key. */
2888 case NEED_SKEY_1024
: /* There must be a 1024-bit private key. */
2889 if (tok
->key
&& crypto_pk_keysize(tok
->key
) != PK_BYTES
) {
2890 tor_snprintf(ebuf
, sizeof(ebuf
), "Wrong size on key for %s: %d bits",
2891 kwd
, (int)crypto_pk_keysize(tok
->key
));
2895 case NEED_KEY
: /* There must be some kind of key. */
2897 tor_snprintf(ebuf
, sizeof(ebuf
), "Missing public key for %s", kwd
);
2899 if (o_syn
!= NEED_SKEY_1024
) {
2900 if (crypto_pk_key_is_private(tok
->key
)) {
2901 tor_snprintf(ebuf
, sizeof(ebuf
),
2902 "Private key given for %s, which wants a public key", kwd
);
2905 } else { /* o_syn == NEED_SKEY_1024 */
2906 if (!crypto_pk_key_is_private(tok
->key
)) {
2907 tor_snprintf(ebuf
, sizeof(ebuf
),
2908 "Public key given for %s, which wants a private key", kwd
);
2914 /* Anything goes with this token. */
2922 /** Helper: parse space-separated arguments from the string <b>s</b> ending at
2923 * <b>eol</b>, and store them in the args field of <b>tok</b>. Store the
2924 * number of parsed elements into the n_args field of <b>tok</b>. Allocate
2925 * all storage in <b>area</b>. Return the number of arguments parsed, or
2926 * return -1 if there was an insanely high number of arguments. */
2928 get_token_arguments(memarea_t
*area
, directory_token_t
*tok
,
2929 const char *s
, const char *eol
)
2931 /** Largest number of arguments we'll accept to any token, ever. */
2932 #define MAX_ARGS 512
2933 char *mem
= memarea_strndup(area
, s
, eol
-s
);
2936 char *args
[MAX_ARGS
];
2941 cp
= (char*)find_whitespace(cp
);
2943 break; /* End of the line. */
2945 cp
= (char*)eat_whitespace(cp
);
2948 tok
->args
= memarea_memdup(area
, args
, j
*sizeof(char*));
2953 /** Helper function: read the next token from *s, advance *s to the end of the
2954 * token, and return the parsed token. Parse *<b>s</b> according to the list
2955 * of tokens in <b>table</b>.
2957 static directory_token_t
*
2958 get_next_token(memarea_t
*area
,
2959 const char **s
, const char *eos
, token_rule_t
*table
)
2961 const char *next
, *eol
, *obstart
;
2964 directory_token_t
*tok
;
2965 obj_syntax o_syn
= NO_OBJ
;
2967 const char *kwd
= "";
2970 tok
= ALLOC_ZERO(sizeof(directory_token_t
));
2973 /* Set *s to first token, eol to end-of-line, next to after first token */
2974 *s
= eat_whitespace_eos(*s
, eos
); /* eat multi-line whitespace */
2975 tor_assert(eos
>= *s
);
2976 eol
= memchr(*s
, '\n', eos
-*s
);
2979 next
= find_whitespace_eos(*s
, eol
);
2981 if (!strcmp_len(*s
, "opt", next
-*s
)) {
2982 /* Skip past an "opt" at the start of the line. */
2983 *s
= eat_whitespace_eos_no_nl(next
, eol
);
2984 next
= find_whitespace_eos(*s
, eol
);
2985 } else if (*s
== eos
) { /* If no "opt", and end-of-line, line is invalid */
2986 RET_ERR("Unexpected EOF");
2989 /* Search the table for the appropriate entry. (I tried a binary search
2990 * instead, but it wasn't any faster.) */
2991 for (i
= 0; table
[i
].t
; ++i
) {
2992 if (!strcmp_len(*s
, table
[i
].t
, next
-*s
)) {
2993 /* We've found the keyword. */
2995 tok
->tp
= table
[i
].v
;
2996 o_syn
= table
[i
].os
;
2997 *s
= eat_whitespace_eos_no_nl(next
, eol
);
2998 /* We go ahead whether there are arguments or not, so that tok->args is
2999 * always set if we want arguments. */
3000 if (table
[i
].concat_args
) {
3001 /* The keyword takes the line as a single argument */
3002 tok
->args
= ALLOC(sizeof(char*));
3003 tok
->args
[0] = STRNDUP(*s
,eol
-*s
); /* Grab everything on line */
3006 /* This keyword takes multiple arguments. */
3007 if (get_token_arguments(area
, tok
, *s
, eol
)<0) {
3008 tor_snprintf(ebuf
, sizeof(ebuf
),"Far too many arguments to %s", kwd
);
3013 if (tok
->n_args
< table
[i
].min_args
) {
3014 tor_snprintf(ebuf
, sizeof(ebuf
), "Too few arguments to %s", kwd
);
3016 } else if (tok
->n_args
> table
[i
].max_args
) {
3017 tor_snprintf(ebuf
, sizeof(ebuf
), "Too many arguments to %s", kwd
);
3024 if (tok
->tp
== _ERR
) {
3025 /* No keyword matched; call it an "K_opt" or "A_unrecognized" */
3027 tok
->tp
= _A_UNKNOWN
;
3030 tok
->args
= ALLOC(sizeof(char*));
3031 tok
->args
[0] = STRNDUP(*s
, eol
-*s
);
3036 /* Check whether there's an object present */
3037 *s
= eat_whitespace_eos(eol
, eos
); /* Scan from end of first line */
3038 tor_assert(eos
>= *s
);
3039 eol
= memchr(*s
, '\n', eos
-*s
);
3040 if (!eol
|| eol
-*s
<11 || strcmpstart(*s
, "-----BEGIN ")) /* No object. */
3043 obstart
= *s
; /* Set obstart to start of object spec */
3044 tor_assert(eol
>= (*s
+16));
3045 if (*s
+11 >= eol
-5 || memchr(*s
+11,'\0',eol
-*s
-16) || /* no short lines, */
3046 strcmp_len(eol
-5, "-----", 5)) { /* nuls or invalid endings */
3047 RET_ERR("Malformed object: bad begin line");
3049 tok
->object_type
= STRNDUP(*s
+11, eol
-*s
-16);
3050 obname_len
= eol
-*s
-16; /* store objname length here to avoid a strlen() */
3051 *s
= eol
+1; /* Set *s to possible start of object data (could be eos) */
3053 /* Go to the end of the object */
3054 next
= tor_memstr(*s
, eos
-*s
, "-----END ");
3056 RET_ERR("Malformed object: missing object end line");
3058 tor_assert(eos
>= next
);
3059 eol
= memchr(next
, '\n', eos
-next
);
3060 if (!eol
) /* end-of-line marker, or eos if there's no '\n' */
3062 /* Validate the ending tag, which should be 9 + NAME + 5 + eol */
3063 if ((size_t)(eol
-next
) != 9+obname_len
+5 ||
3064 strcmp_len(next
+9, tok
->object_type
, obname_len
) ||
3065 strcmp_len(eol
-5, "-----", 5)) {
3066 snprintf(ebuf
, sizeof(ebuf
), "Malformed object: mismatched end tag %s",
3068 ebuf
[sizeof(ebuf
)-1] = '\0';
3071 if (!strcmp(tok
->object_type
, "RSA PUBLIC KEY")) { /* If it's a public key */
3072 tok
->key
= crypto_new_pk_env();
3073 if (crypto_pk_read_public_key_from_string(tok
->key
, obstart
, eol
-obstart
))
3074 RET_ERR("Couldn't parse public key.");
3075 } else if (!strcmp(tok
->object_type
, "RSA PRIVATE KEY")) { /* private key */
3076 tok
->key
= crypto_new_pk_env();
3077 if (crypto_pk_read_private_key_from_string(tok
->key
, obstart
))
3078 RET_ERR("Couldn't parse private key.");
3079 } else { /* If it's something else, try to base64-decode it */
3081 tok
->object_body
= ALLOC(next
-*s
); /* really, this is too much RAM. */
3082 r
= base64_decode(tok
->object_body
, next
-*s
, *s
, next
-*s
);
3084 RET_ERR("Malformed object: bad base64-encoded data");
3085 tok
->object_size
= r
;
3090 tok
= token_check_object(area
, kwd
, tok
, o_syn
);
3102 /** Read all tokens from a string between <b>start</b> and <b>end</b>, and add
3103 * them to <b>out</b>. Parse according to the token rules in <b>table</b>.
3104 * Caller must free tokens in <b>out</b>. If <b>end</b> is NULL, use the
3108 tokenize_string(memarea_t
*area
,
3109 const char *start
, const char *end
, smartlist_t
*out
,
3110 token_rule_t
*table
, int flags
)
3113 directory_token_t
*tok
= NULL
;
3116 int first_nonannotation
;
3117 int prev_len
= smartlist_len(out
);
3122 end
= start
+strlen(start
);
3123 for (i
= 0; i
< _NIL
; ++i
)
3125 while (*s
< end
&& (!tok
|| tok
->tp
!= _EOF
)) {
3126 tok
= get_next_token(area
, s
, end
, table
);
3127 if (tok
->tp
== _ERR
) {
3128 log_warn(LD_DIR
, "parse error: %s", tok
->error
);
3133 smartlist_add(out
, tok
);
3134 *s
= eat_whitespace_eos(*s
, end
);
3137 if (flags
& TS_NOCHECK
)
3140 if ((flags
& TS_ANNOTATIONS_OK
)) {
3141 first_nonannotation
= -1;
3142 for (i
= 0; i
< smartlist_len(out
); ++i
) {
3143 tok
= smartlist_get(out
, i
);
3144 if (tok
->tp
< MIN_ANNOTATION
|| tok
->tp
> MAX_ANNOTATION
) {
3145 first_nonannotation
= i
;
3149 if (first_nonannotation
< 0) {
3150 log_warn(LD_DIR
, "parse error: item contains only annotations");
3153 for (i
=first_nonannotation
; i
< smartlist_len(out
); ++i
) {
3154 tok
= smartlist_get(out
, i
);
3155 if (tok
->tp
>= MIN_ANNOTATION
&& tok
->tp
<= MAX_ANNOTATION
) {
3156 log_warn(LD_DIR
, "parse error: Annotations mixed with keywords");
3160 if ((flags
& TS_NO_NEW_ANNOTATIONS
)) {
3161 if (first_nonannotation
!= prev_len
) {
3162 log_warn(LD_DIR
, "parse error: Unexpectd annotations.");
3167 for (i
=0; i
< smartlist_len(out
); ++i
) {
3168 tok
= smartlist_get(out
, i
);
3169 if (tok
->tp
>= MIN_ANNOTATION
&& tok
->tp
<= MAX_ANNOTATION
) {
3170 log_warn(LD_DIR
, "parse error: no annotations allowed.");
3174 first_nonannotation
= 0;
3176 for (i
= 0; table
[i
].t
; ++i
) {
3177 if (counts
[table
[i
].v
] < table
[i
].min_cnt
) {
3178 log_warn(LD_DIR
, "Parse error: missing %s element.", table
[i
].t
);
3181 if (counts
[table
[i
].v
] > table
[i
].max_cnt
) {
3182 log_warn(LD_DIR
, "Parse error: too many %s elements.", table
[i
].t
);
3185 if (table
[i
].pos
& AT_START
) {
3186 if (smartlist_len(out
) < 1 ||
3187 (tok
= smartlist_get(out
, first_nonannotation
))->tp
!= table
[i
].v
) {
3188 log_warn(LD_DIR
, "Parse error: first item is not %s.", table
[i
].t
);
3192 if (table
[i
].pos
& AT_END
) {
3193 if (smartlist_len(out
) < 1 ||
3194 (tok
= smartlist_get(out
, smartlist_len(out
)-1))->tp
!= table
[i
].v
) {
3195 log_warn(LD_DIR
, "Parse error: last item is not %s.", table
[i
].t
);
3203 /** Find the first token in <b>s</b> whose keyword is <b>keyword</b>; return
3204 * NULL if no such keyword is found.
3206 static directory_token_t
*
3207 find_opt_by_keyword(smartlist_t
*s
, directory_keyword keyword
)
3209 SMARTLIST_FOREACH(s
, directory_token_t
*, t
, if (t
->tp
== keyword
) return t
);
3213 /** Find the first token in <b>s</b> whose keyword is <b>keyword</b>; fail
3214 * with an assert if no such keyword is found.
3216 static directory_token_t
*
3217 _find_by_keyword(smartlist_t
*s
, directory_keyword keyword
,
3218 const char *keyword_as_string
)
3220 directory_token_t
*tok
= find_opt_by_keyword(s
, keyword
);
3221 if (PREDICT_UNLIKELY(!tok
)) {
3222 log_err(LD_BUG
, "Missing %s [%d] in directory object that should have "
3223 "been validated. Internal error.", keyword_as_string
, (int)keyword
);
3229 /** Return a newly allocated smartlist of all accept or reject tokens in
3232 static smartlist_t
*
3233 find_all_exitpolicy(smartlist_t
*s
)
3235 smartlist_t
*out
= smartlist_create();
3236 SMARTLIST_FOREACH(s
, directory_token_t
*, t
,
3237 if (t
->tp
== K_ACCEPT
|| t
->tp
== K_ACCEPT6
||
3238 t
->tp
== K_REJECT
|| t
->tp
== K_REJECT6
)
3239 smartlist_add(out
,t
));
3243 /** Compute the SHA-1 digest of the substring of <b>s</b> taken from the first
3244 * occurrence of <b>start_str</b> through the first instance of c after the
3245 * first subsequent occurrence of <b>end_str</b>; store the 20-byte result in
3246 * <b>digest</b>; return 0 on success.
3248 * If no such substring exists, return -1.
3251 router_get_hash_impl(const char *s
, char *digest
,
3252 const char *start_str
,
3253 const char *end_str
, char end_c
)
3256 start
= strstr(s
, start_str
);
3258 log_warn(LD_DIR
,"couldn't find start of hashed material \"%s\"",start_str
);
3261 if (start
!= s
&& *(start
-1) != '\n') {
3263 "first occurrence of \"%s\" is not at the start of a line",
3267 end
= strstr(start
+strlen(start_str
), end_str
);
3269 log_warn(LD_DIR
,"couldn't find end of hashed material \"%s\"",end_str
);
3272 end
= strchr(end
+strlen(end_str
), end_c
);
3274 log_warn(LD_DIR
,"couldn't find EOL");
3279 if (crypto_digest(digest
, start
, end
-start
)) {
3280 log_warn(LD_BUG
,"couldn't compute digest");
3287 /** Parse the Tor version of the platform string <b>platform</b>,
3288 * and compare it to the version in <b>cutoff</b>. Return 1 if
3289 * the router is at least as new as the cutoff, else return 0.
3292 tor_version_as_new_as(const char *platform
, const char *cutoff
)
3294 tor_version_t cutoff_version
, router_version
;
3295 char *s
, *s2
, *start
;
3298 tor_assert(platform
);
3300 if (tor_version_parse(cutoff
, &cutoff_version
)<0) {
3301 log_warn(LD_BUG
,"cutoff version '%s' unparseable.",cutoff
);
3304 if (strcmpstart(platform
,"Tor ")) /* nonstandard Tor; be safe and say yes */
3307 start
= (char *)eat_whitespace(platform
+3);
3308 if (!*start
) return 0;
3309 s
= (char *)find_whitespace(start
); /* also finds '\0', which is fine */
3310 s2
= (char*)eat_whitespace(s
);
3311 if (!strcmpstart(s2
, "(r"))
3312 s
= (char*)find_whitespace(s2
);
3314 if ((size_t)(s
-start
+1) >= sizeof(tmp
)) /* too big, no */
3316 strlcpy(tmp
, start
, s
-start
+1);
3318 if (tor_version_parse(tmp
, &router_version
)<0) {
3319 log_info(LD_DIR
,"Router version '%s' unparseable.",tmp
);
3320 return 1; /* be safe and say yes */
3323 /* Here's why we don't need to do any special handling for svn revisions:
3324 * - If neither has an svn revision, we're fine.
3325 * - If the router doesn't have an svn revision, we can't assume that it
3326 * is "at least" any svn revision, so we need to return 0.
3327 * - If the target version doesn't have an svn revision, any svn revision
3328 * (or none at all) is good enough, so return 1.
3329 * - If both target and router have an svn revision, we compare them.
3332 return tor_version_compare(&router_version
, &cutoff_version
) >= 0;
3335 /** Parse a tor version from <b>s</b>, and store the result in <b>out</b>.
3336 * Return 0 on success, -1 on failure. */
3338 tor_version_parse(const char *s
, tor_version_t
*out
)
3341 const char *cp
=NULL
;
3343 * "Tor " ? NUM dot NUM dot NUM [ ( pre | rc | dot ) NUM [ - tag ] ]
3348 memset(out
, 0, sizeof(tor_version_t
));
3350 if (!strcasecmpstart(s
, "Tor "))
3354 out
->major
= (int)strtol(s
,&eos
,10);
3355 if (!eos
|| eos
==s
|| *eos
!= '.') return -1;
3359 out
->minor
= (int) strtol(cp
,&eos
,10);
3360 if (!eos
|| eos
==cp
|| *eos
!= '.') return -1;
3364 out
->micro
= (int) strtol(cp
,&eos
,10);
3365 if (!eos
|| eos
==cp
) return -1;
3367 out
->status
= VER_RELEASE
;
3368 out
->patchlevel
= 0;
3375 out
->status
= VER_RELEASE
;
3377 } else if (0==strncmp(cp
, "pre", 3)) {
3378 out
->status
= VER_PRE
;
3380 } else if (0==strncmp(cp
, "rc", 2)) {
3381 out
->status
= VER_RC
;
3387 /* Get patchlevel */
3388 out
->patchlevel
= (int) strtol(cp
,&eos
,10);
3389 if (!eos
|| eos
==cp
) return -1;
3392 /* Get status tag. */
3393 if (*cp
== '-' || *cp
== '.')
3395 eos
= (char*) find_whitespace(cp
);
3396 if (eos
-cp
>= (int)sizeof(out
->status_tag
))
3397 strlcpy(out
->status_tag
, cp
, sizeof(out
->status_tag
));
3399 memcpy(out
->status_tag
, cp
, eos
-cp
);
3400 out
->status_tag
[eos
-cp
] = 0;
3402 cp
= eat_whitespace(eos
);
3404 if (!strcmpstart(cp
, "(r")) {
3406 out
->svn_revision
= (int) strtol(cp
,&eos
,10);
3412 /** Compare two tor versions; Return <0 if a < b; 0 if a ==b, >0 if a >
3415 tor_version_compare(tor_version_t
*a
, tor_version_t
*b
)
3420 if ((i
= a
->major
- b
->major
))
3422 else if ((i
= a
->minor
- b
->minor
))
3424 else if ((i
= a
->micro
- b
->micro
))
3426 else if ((i
= a
->status
- b
->status
))
3428 else if ((i
= a
->patchlevel
- b
->patchlevel
))
3430 else if ((i
= strcmp(a
->status_tag
, b
->status_tag
)))
3433 return a
->svn_revision
- b
->svn_revision
;
3436 /** Return true iff versions <b>a</b> and <b>b</b> belong to the same series.
3439 tor_version_same_series(tor_version_t
*a
, tor_version_t
*b
)
3443 return ((a
->major
== b
->major
) &&
3444 (a
->minor
== b
->minor
) &&
3445 (a
->micro
== b
->micro
));
3448 /** Helper: Given pointers to two strings describing tor versions, return -1
3449 * if _a precedes _b, 1 if _b preceeds _a, and 0 if they are equivalent.
3450 * Used to sort a list of versions. */
3452 _compare_tor_version_str_ptr(const void **_a
, const void **_b
)
3454 const char *a
= *_a
, *b
= *_b
;
3456 tor_version_t va
, vb
;
3457 ca
= tor_version_parse(a
, &va
);
3458 cb
= tor_version_parse(b
, &vb
);
3459 /* If they both parse, compare them. */
3461 return tor_version_compare(&va
,&vb
);
3462 /* If one parses, it comes first. */
3467 /* If neither parses, compare strings. Also, the directory server admin
3468 ** needs to be smacked upside the head. But Tor is tolerant and gentle. */
3472 /** Sort a list of string-representations of versions in ascending order. */
3474 sort_version_list(smartlist_t
*versions
, int remove_duplicates
)
3476 smartlist_sort(versions
, _compare_tor_version_str_ptr
);
3478 if (remove_duplicates
)
3479 smartlist_uniq(versions
, _compare_tor_version_str_ptr
, _tor_free
);
3482 /** Parse and validate the ASCII-encoded v2 descriptor in <b>desc</b>,
3483 * write the parsed descriptor to the newly allocated *<b>parsed_out</b>, the
3484 * binary descriptor ID of length DIGEST_LEN to <b>desc_id_out</b>, the
3485 * encrypted introduction points to the newly allocated
3486 * *<b>intro_points_encrypted_out</b>, their encrypted size to
3487 * *<b>intro_points_encrypted_size_out</b>, the size of the encoded descriptor
3488 * to *<b>encoded_size_out</b>, and a pointer to the possibly next
3489 * descriptor to *<b>next_out</b>; return 0 for success (including validation)
3490 * and -1 for failure.
3493 rend_parse_v2_service_descriptor(rend_service_descriptor_t
**parsed_out
,
3495 char **intro_points_encrypted_out
,
3496 size_t *intro_points_encrypted_size_out
,
3497 size_t *encoded_size_out
,
3498 const char **next_out
, const char *desc
)
3500 rend_service_descriptor_t
*result
=
3501 tor_malloc_zero(sizeof(rend_service_descriptor_t
));
3502 char desc_hash
[DIGEST_LEN
];
3504 smartlist_t
*tokens
= smartlist_create();
3505 directory_token_t
*tok
;
3506 char secret_id_part
[DIGEST_LEN
];
3507 int i
, version
, num_ok
=1;
3508 smartlist_t
*versions
;
3509 char public_key_hash
[DIGEST_LEN
];
3510 char test_desc_id
[DIGEST_LEN
];
3511 memarea_t
*area
= NULL
;
3513 /* Check if desc starts correctly. */
3514 if (strncmp(desc
, "rendezvous-service-descriptor ",
3515 strlen("rendezvous-service-descriptor "))) {
3516 log_info(LD_REND
, "Descriptor does not start correctly.");
3519 /* Compute descriptor hash for later validation. */
3520 if (router_get_hash_impl(desc
, desc_hash
,
3521 "rendezvous-service-descriptor ",
3522 "\nsignature", '\n') < 0) {
3523 log_warn(LD_REND
, "Couldn't compute descriptor hash.");
3526 /* Determine end of string. */
3527 eos
= strstr(desc
, "\nrendezvous-service-descriptor ");
3529 eos
= desc
+ strlen(desc
);
3533 if (strlen(desc
) > REND_DESC_MAX_SIZE
) {
3534 log_warn(LD_REND
, "Descriptor length is %i which exceeds "
3535 "maximum rendezvous descriptor size of %i kilobytes.",
3536 (int)strlen(desc
), REND_DESC_MAX_SIZE
);
3539 /* Tokenize descriptor. */
3540 area
= memarea_new();
3541 if (tokenize_string(area
, desc
, eos
, tokens
, desc_token_table
, 0)) {
3542 log_warn(LD_REND
, "Error tokenizing descriptor.");
3545 /* Set next to next descriptor, if available. */
3547 /* Set length of encoded descriptor. */
3548 *encoded_size_out
= eos
- desc
;
3549 /* Check min allowed length of token list. */
3550 if (smartlist_len(tokens
) < 7) {
3551 log_warn(LD_REND
, "Impossibly short descriptor.");
3554 /* Parse base32-encoded descriptor ID. */
3555 tok
= find_by_keyword(tokens
, R_RENDEZVOUS_SERVICE_DESCRIPTOR
);
3556 tor_assert(tok
== smartlist_get(tokens
, 0));
3557 tor_assert(tok
->n_args
== 1);
3558 if (strlen(tok
->args
[0]) != REND_DESC_ID_V2_LEN_BASE32
||
3559 strspn(tok
->args
[0], BASE32_CHARS
) != REND_DESC_ID_V2_LEN_BASE32
) {
3560 log_warn(LD_REND
, "Invalid descriptor ID: '%s'", tok
->args
[0]);
3563 if (base32_decode(desc_id_out
, DIGEST_LEN
,
3564 tok
->args
[0], REND_DESC_ID_V2_LEN_BASE32
) < 0) {
3565 log_warn(LD_REND
, "Descriptor ID contains illegal characters: %s",
3569 /* Parse descriptor version. */
3570 tok
= find_by_keyword(tokens
, R_VERSION
);
3571 tor_assert(tok
->n_args
== 1);
3573 (int) tor_parse_long(tok
->args
[0], 10, 0, INT_MAX
, &num_ok
, NULL
);
3574 if (result
->version
!= 2 || !num_ok
) {
3575 /* If it's <2, it shouldn't be under this format. If the number
3576 * is greater than 2, we bumped it because we broke backward
3577 * compatibility. See how version numbers in our other formats
3579 log_warn(LD_REND
, "Unrecognized descriptor version: %s",
3580 escaped(tok
->args
[0]));
3583 /* Parse public key. */
3584 tok
= find_by_keyword(tokens
, R_PERMANENT_KEY
);
3585 result
->pk
= tok
->key
;
3586 tok
->key
= NULL
; /* Prevent free */
3587 /* Parse secret ID part. */
3588 tok
= find_by_keyword(tokens
, R_SECRET_ID_PART
);
3589 tor_assert(tok
->n_args
== 1);
3590 if (strlen(tok
->args
[0]) != REND_SECRET_ID_PART_LEN_BASE32
||
3591 strspn(tok
->args
[0], BASE32_CHARS
) != REND_SECRET_ID_PART_LEN_BASE32
) {
3592 log_warn(LD_REND
, "Invalid secret ID part: '%s'", tok
->args
[0]);
3595 if (base32_decode(secret_id_part
, DIGEST_LEN
, tok
->args
[0], 32) < 0) {
3596 log_warn(LD_REND
, "Secret ID part contains illegal characters: %s",
3600 /* Parse publication time -- up-to-date check is done when storing the
3602 tok
= find_by_keyword(tokens
, R_PUBLICATION_TIME
);
3603 tor_assert(tok
->n_args
== 1);
3604 if (parse_iso_time(tok
->args
[0], &result
->timestamp
) < 0) {
3605 log_warn(LD_REND
, "Invalid publication time: '%s'", tok
->args
[0]);
3608 /* Parse protocol versions. */
3609 tok
= find_by_keyword(tokens
, R_PROTOCOL_VERSIONS
);
3610 tor_assert(tok
->n_args
== 1);
3611 versions
= smartlist_create();
3612 smartlist_split_string(versions
, tok
->args
[0], ",",
3613 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
3614 for (i
= 0; i
< smartlist_len(versions
); i
++) {
3615 version
= (int) tor_parse_long(smartlist_get(versions
, i
),
3616 10, 0, INT_MAX
, &num_ok
, NULL
);
3617 if (!num_ok
) /* It's a string; let's ignore it. */
3619 result
->protocols
|= 1 << version
;
3621 SMARTLIST_FOREACH(versions
, char *, cp
, tor_free(cp
));
3622 smartlist_free(versions
);
3623 /* Parse encrypted introduction points. Don't verify. */
3624 tok
= find_opt_by_keyword(tokens
, R_INTRODUCTION_POINTS
);
3626 if (strcmp(tok
->object_type
, "MESSAGE")) {
3627 log_warn(LD_DIR
, "Bad object type: introduction points should be of "
3631 *intro_points_encrypted_out
= tor_memdup(tok
->object_body
,
3633 *intro_points_encrypted_size_out
= tok
->object_size
;
3635 *intro_points_encrypted_out
= NULL
;
3636 *intro_points_encrypted_size_out
= 0;
3638 /* Parse and verify signature. */
3639 tok
= find_by_keyword(tokens
, R_SIGNATURE
);
3640 note_crypto_pk_op(VERIFY_RTR
);
3641 if (check_signature_token(desc_hash
, tok
, result
->pk
, 0,
3642 "v2 rendezvous service descriptor") < 0)
3644 /* Verify that descriptor ID belongs to public key and secret ID part. */
3645 crypto_pk_get_digest(result
->pk
, public_key_hash
);
3646 rend_get_descriptor_id_bytes(test_desc_id
, public_key_hash
,
3648 if (memcmp(desc_id_out
, test_desc_id
, DIGEST_LEN
)) {
3649 log_warn(LD_REND
, "Parsed descriptor ID does not match "
3650 "computed descriptor ID.");
3656 rend_service_descriptor_free(result
);
3660 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
3661 smartlist_free(tokens
);
3664 memarea_drop_all(area
);
3665 *parsed_out
= result
;
3671 /** Decrypt the encrypted introduction points in <b>ipos_encrypted</b> of
3672 * length <b>ipos_encrypted_size</b> using <b>descriptor_cookie</b> and
3673 * write the result to a newly allocated string that is pointed to by
3674 * <b>ipos_decrypted</b> and its length to <b>ipos_decrypted_size</b>.
3675 * Return 0 if decryption was successful and -1 otherwise. */
3677 rend_decrypt_introduction_points(char **ipos_decrypted
,
3678 size_t *ipos_decrypted_size
,
3679 const char *descriptor_cookie
,
3680 const char *ipos_encrypted
,
3681 size_t ipos_encrypted_size
)
3683 tor_assert(ipos_encrypted
);
3684 tor_assert(descriptor_cookie
);
3685 if (ipos_encrypted_size
< 2) {
3686 log_warn(LD_REND
, "Size of encrypted introduction points is too "
3690 if (ipos_encrypted
[0] == (int)REND_BASIC_AUTH
) {
3691 char iv
[CIPHER_IV_LEN
], client_id
[REND_BASIC_AUTH_CLIENT_ID_LEN
],
3692 session_key
[CIPHER_KEY_LEN
], *dec
;
3693 int declen
, client_blocks
;
3694 size_t pos
= 0, len
, client_entries_len
;
3695 crypto_digest_env_t
*digest
;
3696 crypto_cipher_env_t
*cipher
;
3697 client_blocks
= (int) ipos_encrypted
[1];
3698 client_entries_len
= client_blocks
* REND_BASIC_AUTH_CLIENT_MULTIPLE
*
3699 REND_BASIC_AUTH_CLIENT_ENTRY_LEN
;
3700 if (ipos_encrypted_size
< 2 + client_entries_len
+ CIPHER_IV_LEN
+ 1) {
3701 log_warn(LD_REND
, "Size of encrypted introduction points is too "
3705 memcpy(iv
, ipos_encrypted
+ 2 + client_entries_len
, CIPHER_IV_LEN
);
3706 digest
= crypto_new_digest_env();
3707 crypto_digest_add_bytes(digest
, descriptor_cookie
, REND_DESC_COOKIE_LEN
);
3708 crypto_digest_add_bytes(digest
, iv
, CIPHER_IV_LEN
);
3709 crypto_digest_get_digest(digest
, client_id
,
3710 REND_BASIC_AUTH_CLIENT_ID_LEN
);
3711 crypto_free_digest_env(digest
);
3712 for (pos
= 2; pos
< 2 + client_entries_len
;
3713 pos
+= REND_BASIC_AUTH_CLIENT_ENTRY_LEN
) {
3714 if (!memcmp(ipos_encrypted
+ pos
, client_id
,
3715 REND_BASIC_AUTH_CLIENT_ID_LEN
)) {
3716 /* Attempt to decrypt introduction points. */
3717 cipher
= crypto_create_init_cipher(descriptor_cookie
, 0);
3718 if (crypto_cipher_decrypt(cipher
, session_key
, ipos_encrypted
3719 + pos
+ REND_BASIC_AUTH_CLIENT_ID_LEN
,
3720 CIPHER_KEY_LEN
) < 0) {
3721 log_warn(LD_REND
, "Could not decrypt session key for client.");
3722 crypto_free_cipher_env(cipher
);
3725 crypto_free_cipher_env(cipher
);
3726 cipher
= crypto_create_init_cipher(session_key
, 0);
3727 len
= ipos_encrypted_size
- 2 - client_entries_len
- CIPHER_IV_LEN
;
3728 dec
= tor_malloc(len
);
3729 declen
= crypto_cipher_decrypt_with_iv(cipher
, dec
, len
,
3730 ipos_encrypted
+ 2 + client_entries_len
,
3731 ipos_encrypted_size
- 2 - client_entries_len
);
3732 crypto_free_cipher_env(cipher
);
3734 log_warn(LD_REND
, "Could not decrypt introduction point string.");
3738 if (memcmpstart(dec
, declen
, "introduction-point ")) {
3739 log_warn(LD_REND
, "Decrypted introduction points don't "
3740 "look like we could parse them.");
3744 *ipos_decrypted
= dec
;
3745 *ipos_decrypted_size
= declen
;
3749 log_warn(LD_REND
, "Could not decrypt introduction points. Please "
3750 "check your authorization for this service!");
3752 } else if (ipos_encrypted
[0] == (int)REND_STEALTH_AUTH
) {
3753 crypto_cipher_env_t
*cipher
;
3756 dec
= tor_malloc_zero(ipos_encrypted_size
- CIPHER_IV_LEN
- 1);
3757 cipher
= crypto_create_init_cipher(descriptor_cookie
, 0);
3758 declen
= crypto_cipher_decrypt_with_iv(cipher
, dec
,
3759 ipos_encrypted_size
-
3762 ipos_encrypted_size
- 1);
3763 crypto_free_cipher_env(cipher
);
3765 log_warn(LD_REND
, "Decrypting introduction points failed!");
3769 *ipos_decrypted
= dec
;
3770 *ipos_decrypted_size
= declen
;
3773 log_warn(LD_REND
, "Unknown authorization type number: %d",
3779 /** Parse the encoded introduction points in <b>intro_points_encoded</b> of
3780 * length <b>intro_points_encoded_size</b> and write the result to the
3781 * descriptor in <b>parsed</b>; return the number of successfully parsed
3782 * introduction points or -1 in case of a failure. */
3784 rend_parse_introduction_points(rend_service_descriptor_t
*parsed
,
3785 const char *intro_points_encoded
,
3786 size_t intro_points_encoded_size
)
3788 const char *current_ipo
, *end_of_intro_points
;
3789 smartlist_t
*tokens
;
3790 directory_token_t
*tok
;
3791 rend_intro_point_t
*intro
;
3792 extend_info_t
*info
;
3793 int result
, num_ok
=1;
3794 memarea_t
*area
= NULL
;
3796 /** Function may only be invoked once. */
3797 tor_assert(!parsed
->intro_nodes
);
3798 tor_assert(intro_points_encoded
);
3799 tor_assert(intro_points_encoded_size
> 0);
3800 /* Consider one intro point after the other. */
3801 current_ipo
= intro_points_encoded
;
3802 end_of_intro_points
= intro_points_encoded
+ intro_points_encoded_size
;
3803 tokens
= smartlist_create();
3804 parsed
->intro_nodes
= smartlist_create();
3805 area
= memarea_new();
3807 while (!memcmpstart(current_ipo
, end_of_intro_points
-current_ipo
,
3808 "introduction-point ")) {
3809 /* Determine end of string. */
3810 const char *eos
= tor_memstr(current_ipo
, end_of_intro_points
-current_ipo
,
3811 "\nintroduction-point ");
3813 eos
= end_of_intro_points
;
3816 tor_assert(eos
<= intro_points_encoded
+intro_points_encoded_size
);
3817 /* Free tokens and clear token list. */
3818 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
3819 smartlist_clear(tokens
);
3820 memarea_clear(area
);
3821 /* Tokenize string. */
3822 if (tokenize_string(area
, current_ipo
, eos
, tokens
, ipo_token_table
, 0)) {
3823 log_warn(LD_REND
, "Error tokenizing introduction point");
3826 /* Advance to next introduction point, if available. */
3828 /* Check minimum allowed length of introduction point. */
3829 if (smartlist_len(tokens
) < 5) {
3830 log_warn(LD_REND
, "Impossibly short introduction point.");
3833 /* Allocate new intro point and extend info. */
3834 intro
= tor_malloc_zero(sizeof(rend_intro_point_t
));
3835 info
= intro
->extend_info
= tor_malloc_zero(sizeof(extend_info_t
));
3836 /* Parse identifier. */
3837 tok
= find_by_keyword(tokens
, R_IPO_IDENTIFIER
);
3838 if (base32_decode(info
->identity_digest
, DIGEST_LEN
,
3839 tok
->args
[0], REND_INTRO_POINT_ID_LEN_BASE32
) < 0) {
3840 log_warn(LD_REND
, "Identity digest contains illegal characters: %s",
3842 rend_intro_point_free(intro
);
3845 /* Write identifier to nickname. */
3846 info
->nickname
[0] = '$';
3847 base16_encode(info
->nickname
+ 1, sizeof(info
->nickname
) - 1,
3848 info
->identity_digest
, DIGEST_LEN
);
3849 /* Parse IP address. */
3850 tok
= find_by_keyword(tokens
, R_IPO_IP_ADDRESS
);
3851 if (tor_addr_from_str(&info
->addr
, tok
->args
[0])<0) {
3852 log_warn(LD_REND
, "Could not parse introduction point address.");
3853 rend_intro_point_free(intro
);
3856 if (tor_addr_family(&info
->addr
) != AF_INET
) {
3857 log_warn(LD_REND
, "Introduction point address was not ipv4.");
3858 rend_intro_point_free(intro
);
3862 /* Parse onion port. */
3863 tok
= find_by_keyword(tokens
, R_IPO_ONION_PORT
);
3864 info
->port
= (uint16_t) tor_parse_long(tok
->args
[0],10,1,65535,
3866 if (!info
->port
|| !num_ok
) {
3867 log_warn(LD_REND
, "Introduction point onion port %s is invalid",
3868 escaped(tok
->args
[0]));
3869 rend_intro_point_free(intro
);
3872 /* Parse onion key. */
3873 tok
= find_by_keyword(tokens
, R_IPO_ONION_KEY
);
3874 info
->onion_key
= tok
->key
;
3875 tok
->key
= NULL
; /* Prevent free */
3876 /* Parse service key. */
3877 tok
= find_by_keyword(tokens
, R_IPO_SERVICE_KEY
);
3878 intro
->intro_key
= tok
->key
;
3879 tok
->key
= NULL
; /* Prevent free */
3880 /* Add extend info to list of introduction points. */
3881 smartlist_add(parsed
->intro_nodes
, intro
);
3883 result
= smartlist_len(parsed
->intro_nodes
);
3890 /* Free tokens and clear token list. */
3891 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
3892 smartlist_free(tokens
);
3894 memarea_drop_all(area
);
3899 /** Parse the content of a client_key file in <b>ckstr</b> and add
3900 * rend_authorized_client_t's for each parsed client to
3901 * <b>parsed_clients</b>. Return the number of parsed clients as result
3902 * or -1 for failure. */
3904 rend_parse_client_keys(strmap_t
*parsed_clients
, const char *ckstr
)
3907 smartlist_t
*tokens
;
3908 directory_token_t
*tok
;
3909 const char *current_entry
= NULL
;
3910 memarea_t
*area
= NULL
;
3911 if (!ckstr
|| strlen(ckstr
) == 0)
3913 tokens
= smartlist_create();
3914 /* Begin parsing with first entry, skipping comments or whitespace at the
3916 area
= memarea_new();
3917 current_entry
= eat_whitespace(ckstr
);
3918 while (!strcmpstart(current_entry
, "client-name ")) {
3919 rend_authorized_client_t
*parsed_entry
;
3921 char descriptor_cookie_base64
[REND_DESC_COOKIE_LEN_BASE64
+2+1];
3922 char descriptor_cookie_tmp
[REND_DESC_COOKIE_LEN
+2];
3923 /* Determine end of string. */
3924 const char *eos
= strstr(current_entry
, "\nclient-name ");
3926 eos
= current_entry
+ strlen(current_entry
);
3929 /* Free tokens and clear token list. */
3930 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
3931 smartlist_clear(tokens
);
3932 memarea_clear(area
);
3933 /* Tokenize string. */
3934 if (tokenize_string(area
, current_entry
, eos
, tokens
,
3935 client_keys_token_table
, 0)) {
3936 log_warn(LD_REND
, "Error tokenizing client keys file.");
3939 /* Advance to next entry, if available. */
3940 current_entry
= eos
;
3941 /* Check minimum allowed length of token list. */
3942 if (smartlist_len(tokens
) < 2) {
3943 log_warn(LD_REND
, "Impossibly short client key entry.");
3946 /* Parse client name. */
3947 tok
= find_by_keyword(tokens
, C_CLIENT_NAME
);
3948 tor_assert(tok
== smartlist_get(tokens
, 0));
3949 tor_assert(tok
->n_args
== 1);
3951 len
= strlen(tok
->args
[0]);
3952 if (len
< 1 || len
> 19 ||
3953 strspn(tok
->args
[0], REND_LEGAL_CLIENTNAME_CHARACTERS
) != len
) {
3954 log_warn(LD_CONFIG
, "Illegal client name: %s. (Length must be "
3955 "between 1 and 19, and valid characters are "
3956 "[A-Za-z0-9+-_].)", tok
->args
[0]);
3959 /* Check if client name is duplicate. */
3960 if (strmap_get(parsed_clients
, tok
->args
[0])) {
3961 log_warn(LD_CONFIG
, "HiddenServiceAuthorizeClient contains a "
3962 "duplicate client name: '%s'. Ignoring.", tok
->args
[0]);
3965 parsed_entry
= tor_malloc_zero(sizeof(rend_authorized_client_t
));
3966 parsed_entry
->client_name
= tor_strdup(tok
->args
[0]);
3967 strmap_set(parsed_clients
, parsed_entry
->client_name
, parsed_entry
);
3968 /* Parse client key. */
3969 tok
= find_opt_by_keyword(tokens
, C_CLIENT_KEY
);
3971 parsed_entry
->client_key
= tok
->key
;
3972 tok
->key
= NULL
; /* Prevent free */
3975 /* Parse descriptor cookie. */
3976 tok
= find_by_keyword(tokens
, C_DESCRIPTOR_COOKIE
);
3977 tor_assert(tok
->n_args
== 1);
3978 if (strlen(tok
->args
[0]) != REND_DESC_COOKIE_LEN_BASE64
+ 2) {
3979 log_warn(LD_REND
, "Descriptor cookie has illegal length: %s",
3980 escaped(tok
->args
[0]));
3983 /* The size of descriptor_cookie_tmp needs to be REND_DESC_COOKIE_LEN+2,
3984 * because a base64 encoding of length 24 does not fit into 16 bytes in all
3986 if ((base64_decode(descriptor_cookie_tmp
, REND_DESC_COOKIE_LEN
+2,
3987 tok
->args
[0], REND_DESC_COOKIE_LEN_BASE64
+2+1)
3988 != REND_DESC_COOKIE_LEN
)) {
3989 log_warn(LD_REND
, "Descriptor cookie contains illegal characters: "
3990 "%s", descriptor_cookie_base64
);
3993 memcpy(parsed_entry
->descriptor_cookie
, descriptor_cookie_tmp
,
3994 REND_DESC_COOKIE_LEN
);
3996 result
= strmap_size(parsed_clients
);
4001 /* Free tokens and clear token list. */
4002 SMARTLIST_FOREACH(tokens
, directory_token_t
*, t
, token_free(t
));
4003 smartlist_free(tokens
);
4005 memarea_drop_all(area
);