channeltls.c 68 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178
  1. /* * Copyright (c) 2012-2013, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file channeltls.c
  5. * \brief channel_t concrete subclass using or_connection_t
  6. **/
  7. /*
  8. * Define this so channel.h gives us things only channel_t subclasses
  9. * should touch.
  10. */
  11. #define TOR_CHANNEL_INTERNAL_
  12. #include "or.h"
  13. #include "channel.h"
  14. #include "channeltls.h"
  15. #include "circuitmux.h"
  16. #include "circuitmux_ewma.h"
  17. #include "config.h"
  18. #include "connection.h"
  19. #include "connection_or.h"
  20. #include "control.h"
  21. #include "relay.h"
  22. #include "router.h"
  23. #include "routerlist.h"
  24. #include "scheduler.h"
  25. /** How many CELL_PADDING cells have we received, ever? */
  26. uint64_t stats_n_padding_cells_processed = 0;
  27. /** How many CELL_VERSIONS cells have we received, ever? */
  28. uint64_t stats_n_versions_cells_processed = 0;
  29. /** How many CELL_NETINFO cells have we received, ever? */
  30. uint64_t stats_n_netinfo_cells_processed = 0;
  31. /** How many CELL_VPADDING cells have we received, ever? */
  32. uint64_t stats_n_vpadding_cells_processed = 0;
  33. /** How many CELL_CERTS cells have we received, ever? */
  34. uint64_t stats_n_certs_cells_processed = 0;
  35. /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
  36. uint64_t stats_n_auth_challenge_cells_processed = 0;
  37. /** How many CELL_AUTHENTICATE cells have we received, ever? */
  38. uint64_t stats_n_authenticate_cells_processed = 0;
  39. /** How many CELL_AUTHORIZE cells have we received, ever? */
  40. uint64_t stats_n_authorize_cells_processed = 0;
  41. /** Active listener, if any */
  42. channel_listener_t *channel_tls_listener = NULL;
  43. /* Utility function declarations */
  44. static void channel_tls_common_init(channel_tls_t *tlschan);
  45. /* channel_tls_t method declarations */
  46. static void channel_tls_close_method(channel_t *chan);
  47. static const char * channel_tls_describe_transport_method(channel_t *chan);
  48. static void channel_tls_free_method(channel_t *chan);
  49. static double channel_tls_get_overhead_estimate_method(channel_t *chan);
  50. static int
  51. channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out);
  52. static int
  53. channel_tls_get_transport_name_method(channel_t *chan, char **transport_out);
  54. static const char *
  55. channel_tls_get_remote_descr_method(channel_t *chan, int flags);
  56. static int channel_tls_has_queued_writes_method(channel_t *chan);
  57. static int channel_tls_is_canonical_method(channel_t *chan, int req);
  58. static int
  59. channel_tls_matches_extend_info_method(channel_t *chan,
  60. extend_info_t *extend_info);
  61. static int channel_tls_matches_target_method(channel_t *chan,
  62. const tor_addr_t *target);
  63. static int channel_tls_num_cells_writeable_method(channel_t *chan);
  64. static size_t channel_tls_num_bytes_queued_method(channel_t *chan);
  65. static int channel_tls_write_cell_method(channel_t *chan,
  66. cell_t *cell);
  67. static int channel_tls_write_packed_cell_method(channel_t *chan,
  68. packed_cell_t *packed_cell);
  69. static int channel_tls_write_var_cell_method(channel_t *chan,
  70. var_cell_t *var_cell);
  71. /* channel_listener_tls_t method declarations */
  72. static void channel_tls_listener_close_method(channel_listener_t *chan_l);
  73. static const char *
  74. channel_tls_listener_describe_transport_method(channel_listener_t *chan_l);
  75. /** Handle incoming cells for the handshake stuff here rather than
  76. * passing them on up. */
  77. static void channel_tls_process_versions_cell(var_cell_t *cell,
  78. channel_tls_t *tlschan);
  79. static void channel_tls_process_netinfo_cell(cell_t *cell,
  80. channel_tls_t *tlschan);
  81. static void channel_tls_process_certs_cell(var_cell_t *cell,
  82. channel_tls_t *tlschan);
  83. static void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
  84. channel_tls_t *tlschan);
  85. static void channel_tls_process_authenticate_cell(var_cell_t *cell,
  86. channel_tls_t *tlschan);
  87. static int command_allowed_before_handshake(uint8_t command);
  88. static int enter_v3_handshake_with_cell(var_cell_t *cell,
  89. channel_tls_t *tlschan);
  90. /**
  91. * Do parts of channel_tls_t initialization common to channel_tls_connect()
  92. * and channel_tls_handle_incoming().
  93. */
  94. static void
  95. channel_tls_common_init(channel_tls_t *tlschan)
  96. {
  97. channel_t *chan;
  98. tor_assert(tlschan);
  99. chan = &(tlschan->base_);
  100. channel_init(chan);
  101. chan->magic = TLS_CHAN_MAGIC;
  102. chan->state = CHANNEL_STATE_OPENING;
  103. chan->close = channel_tls_close_method;
  104. chan->describe_transport = channel_tls_describe_transport_method;
  105. chan->free = channel_tls_free_method;
  106. chan->get_overhead_estimate = channel_tls_get_overhead_estimate_method;
  107. chan->get_remote_addr = channel_tls_get_remote_addr_method;
  108. chan->get_remote_descr = channel_tls_get_remote_descr_method;
  109. chan->get_transport_name = channel_tls_get_transport_name_method;
  110. chan->has_queued_writes = channel_tls_has_queued_writes_method;
  111. chan->is_canonical = channel_tls_is_canonical_method;
  112. chan->matches_extend_info = channel_tls_matches_extend_info_method;
  113. chan->matches_target = channel_tls_matches_target_method;
  114. chan->num_bytes_queued = channel_tls_num_bytes_queued_method;
  115. chan->num_cells_writeable = channel_tls_num_cells_writeable_method;
  116. chan->write_cell = channel_tls_write_cell_method;
  117. chan->write_packed_cell = channel_tls_write_packed_cell_method;
  118. chan->write_var_cell = channel_tls_write_var_cell_method;
  119. chan->cmux = circuitmux_alloc();
  120. if (cell_ewma_enabled()) {
  121. circuitmux_set_policy(chan->cmux, &ewma_policy);
  122. }
  123. }
  124. /**
  125. * Start a new TLS channel
  126. *
  127. * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
  128. * handshake with an OR with identity digest <b>id_digest</b>, and wrap
  129. * it in a channel_tls_t.
  130. */
  131. channel_t *
  132. channel_tls_connect(const tor_addr_t *addr, uint16_t port,
  133. const char *id_digest)
  134. {
  135. channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
  136. channel_t *chan = &(tlschan->base_);
  137. channel_tls_common_init(tlschan);
  138. log_debug(LD_CHANNEL,
  139. "In channel_tls_connect() for channel %p "
  140. "(global id " U64_FORMAT ")",
  141. tlschan,
  142. U64_PRINTF_ARG(chan->global_identifier));
  143. if (is_local_addr(addr)) {
  144. log_debug(LD_CHANNEL,
  145. "Marking new outgoing channel " U64_FORMAT " at %p as local",
  146. U64_PRINTF_ARG(chan->global_identifier), chan);
  147. channel_mark_local(chan);
  148. } else {
  149. log_debug(LD_CHANNEL,
  150. "Marking new outgoing channel " U64_FORMAT " at %p as remote",
  151. U64_PRINTF_ARG(chan->global_identifier), chan);
  152. channel_mark_remote(chan);
  153. }
  154. channel_mark_outgoing(chan);
  155. /* Set up or_connection stuff */
  156. tlschan->conn = connection_or_connect(addr, port, id_digest, tlschan);
  157. /* connection_or_connect() will fill in tlschan->conn */
  158. if (!(tlschan->conn)) {
  159. chan->reason_for_closing = CHANNEL_CLOSE_FOR_ERROR;
  160. channel_change_state(chan, CHANNEL_STATE_ERROR);
  161. goto err;
  162. }
  163. log_debug(LD_CHANNEL,
  164. "Got orconn %p for channel with global id " U64_FORMAT,
  165. tlschan->conn, U64_PRINTF_ARG(chan->global_identifier));
  166. goto done;
  167. err:
  168. circuitmux_free(chan->cmux);
  169. tor_free(tlschan);
  170. chan = NULL;
  171. done:
  172. /* If we got one, we should register it */
  173. if (chan) channel_register(chan);
  174. return chan;
  175. }
  176. /**
  177. * Return the current channel_tls_t listener
  178. *
  179. * Returns the current channel listener for incoming TLS connections, or
  180. * NULL if none has been established
  181. */
  182. channel_listener_t *
  183. channel_tls_get_listener(void)
  184. {
  185. return channel_tls_listener;
  186. }
  187. /**
  188. * Start a channel_tls_t listener if necessary
  189. *
  190. * Return the current channel_tls_t listener, or start one if we haven't yet,
  191. * and return that.
  192. */
  193. channel_listener_t *
  194. channel_tls_start_listener(void)
  195. {
  196. channel_listener_t *listener;
  197. if (!channel_tls_listener) {
  198. listener = tor_malloc_zero(sizeof(*listener));
  199. channel_init_listener(listener);
  200. listener->state = CHANNEL_LISTENER_STATE_LISTENING;
  201. listener->close = channel_tls_listener_close_method;
  202. listener->describe_transport =
  203. channel_tls_listener_describe_transport_method;
  204. channel_tls_listener = listener;
  205. log_debug(LD_CHANNEL,
  206. "Starting TLS channel listener %p with global id " U64_FORMAT,
  207. listener, U64_PRINTF_ARG(listener->global_identifier));
  208. channel_listener_register(listener);
  209. } else listener = channel_tls_listener;
  210. return listener;
  211. }
  212. /**
  213. * Free everything on shutdown
  214. *
  215. * Not much to do here, since channel_free_all() takes care of a lot, but let's
  216. * get rid of the listener.
  217. */
  218. void
  219. channel_tls_free_all(void)
  220. {
  221. channel_listener_t *old_listener = NULL;
  222. log_debug(LD_CHANNEL,
  223. "Shutting down TLS channels...");
  224. if (channel_tls_listener) {
  225. /*
  226. * When we close it, channel_tls_listener will get nulled out, so save
  227. * a pointer so we can free it.
  228. */
  229. old_listener = channel_tls_listener;
  230. log_debug(LD_CHANNEL,
  231. "Closing channel_tls_listener with ID " U64_FORMAT
  232. " at %p.",
  233. U64_PRINTF_ARG(old_listener->global_identifier),
  234. old_listener);
  235. channel_listener_unregister(old_listener);
  236. channel_listener_mark_for_close(old_listener);
  237. channel_listener_free(old_listener);
  238. tor_assert(channel_tls_listener == NULL);
  239. }
  240. log_debug(LD_CHANNEL,
  241. "Done shutting down TLS channels");
  242. }
  243. /**
  244. * Create a new channel around an incoming or_connection_t
  245. */
  246. channel_t *
  247. channel_tls_handle_incoming(or_connection_t *orconn)
  248. {
  249. channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
  250. channel_t *chan = &(tlschan->base_);
  251. tor_assert(orconn);
  252. tor_assert(!(orconn->chan));
  253. channel_tls_common_init(tlschan);
  254. /* Link the channel and orconn to each other */
  255. tlschan->conn = orconn;
  256. orconn->chan = tlschan;
  257. if (is_local_addr(&(TO_CONN(orconn)->addr))) {
  258. log_debug(LD_CHANNEL,
  259. "Marking new incoming channel " U64_FORMAT " at %p as local",
  260. U64_PRINTF_ARG(chan->global_identifier), chan);
  261. channel_mark_local(chan);
  262. } else {
  263. log_debug(LD_CHANNEL,
  264. "Marking new incoming channel " U64_FORMAT " at %p as remote",
  265. U64_PRINTF_ARG(chan->global_identifier), chan);
  266. channel_mark_remote(chan);
  267. }
  268. channel_mark_incoming(chan);
  269. /* Register it */
  270. channel_register(chan);
  271. return chan;
  272. }
  273. /*********
  274. * Casts *
  275. ********/
  276. /**
  277. * Cast a channel_tls_t to a channel_t.
  278. */
  279. channel_t *
  280. channel_tls_to_base(channel_tls_t *tlschan)
  281. {
  282. if (!tlschan) return NULL;
  283. return &(tlschan->base_);
  284. }
  285. /**
  286. * Cast a channel_t to a channel_tls_t, with appropriate type-checking
  287. * asserts.
  288. */
  289. channel_tls_t *
  290. channel_tls_from_base(channel_t *chan)
  291. {
  292. if (!chan) return NULL;
  293. tor_assert(chan->magic == TLS_CHAN_MAGIC);
  294. return (channel_tls_t *)(chan);
  295. }
  296. /********************************************
  297. * Method implementations for channel_tls_t *
  298. *******************************************/
  299. /**
  300. * Close a channel_tls_t
  301. *
  302. * This implements the close method for channel_tls_t
  303. */
  304. static void
  305. channel_tls_close_method(channel_t *chan)
  306. {
  307. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  308. tor_assert(tlschan);
  309. if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1);
  310. else {
  311. /* Weird - we'll have to change the state ourselves, I guess */
  312. log_info(LD_CHANNEL,
  313. "Tried to close channel_tls_t %p with NULL conn",
  314. tlschan);
  315. channel_change_state(chan, CHANNEL_STATE_ERROR);
  316. }
  317. }
  318. /**
  319. * Describe the transport for a channel_tls_t
  320. *
  321. * This returns the string "TLS channel on connection <id>" to the upper
  322. * layer.
  323. */
  324. static const char *
  325. channel_tls_describe_transport_method(channel_t *chan)
  326. {
  327. static char *buf = NULL;
  328. uint64_t id;
  329. channel_tls_t *tlschan;
  330. const char *rv = NULL;
  331. tor_assert(chan);
  332. tlschan = BASE_CHAN_TO_TLS(chan);
  333. if (tlschan->conn) {
  334. id = TO_CONN(tlschan->conn)->global_identifier;
  335. if (buf) tor_free(buf);
  336. tor_asprintf(&buf,
  337. "TLS channel (connection " U64_FORMAT ")",
  338. U64_PRINTF_ARG(id));
  339. rv = buf;
  340. } else {
  341. rv = "TLS channel (no connection)";
  342. }
  343. return rv;
  344. }
  345. /**
  346. * Free a channel_tls_t
  347. *
  348. * This is called by the generic channel layer when freeing a channel_tls_t;
  349. * this happens either on a channel which has already reached
  350. * CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or
  351. * on shutdown from channel_free_all(). In the latter case we might still
  352. * have an orconn active (which connection_free_all() will get to later),
  353. * so we should null out its channel pointer now.
  354. */
  355. static void
  356. channel_tls_free_method(channel_t *chan)
  357. {
  358. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  359. tor_assert(tlschan);
  360. if (tlschan->conn) {
  361. tlschan->conn->chan = NULL;
  362. tlschan->conn = NULL;
  363. }
  364. }
  365. /**
  366. * Get an estimate of the average TLS overhead for the upper layer
  367. */
  368. static double
  369. channel_tls_get_overhead_estimate_method(channel_t *chan)
  370. {
  371. double overhead = 1.0f;
  372. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  373. tor_assert(tlschan);
  374. tor_assert(tlschan->conn);
  375. /* Just return 1.0f if we don't have sensible data */
  376. if (tlschan->conn->bytes_xmitted > 0 &&
  377. tlschan->conn->bytes_xmitted_by_tls >=
  378. tlschan->conn->bytes_xmitted) {
  379. overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
  380. ((double)(tlschan->conn->bytes_xmitted));
  381. /*
  382. * Never estimate more than 2.0; otherwise we get silly large estimates
  383. * at the very start of a new TLS connection.
  384. */
  385. if (overhead > 2.0f) overhead = 2.0f;
  386. }
  387. log_debug(LD_CHANNEL,
  388. "Estimated overhead ratio for TLS chan " U64_FORMAT " is %f",
  389. U64_PRINTF_ARG(chan->global_identifier), overhead);
  390. return overhead;
  391. }
  392. /**
  393. * Get the remote address of a channel_tls_t
  394. *
  395. * This implements the get_remote_addr method for channel_tls_t; copy the
  396. * remote endpoint of the channel to addr_out and return 1 (always
  397. * succeeds for this transport).
  398. */
  399. static int
  400. channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out)
  401. {
  402. int rv = 0;
  403. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  404. tor_assert(tlschan);
  405. tor_assert(addr_out);
  406. if (tlschan->conn) {
  407. tor_addr_copy(addr_out, &(TO_CONN(tlschan->conn)->addr));
  408. rv = 1;
  409. } else tor_addr_make_unspec(addr_out);
  410. return rv;
  411. }
  412. /**
  413. * Get the name of the pluggable transport used by a channel_tls_t.
  414. *
  415. * This implements the get_transport_name for channel_tls_t. If the
  416. * channel uses a pluggable transport, copy its name to
  417. * <b>transport_out</b> and return 0. If the channel did not use a
  418. * pluggable transport, return -1. */
  419. static int
  420. channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
  421. {
  422. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  423. tor_assert(tlschan);
  424. tor_assert(transport_out);
  425. tor_assert(tlschan->conn);
  426. if (!tlschan->conn->ext_or_transport)
  427. return -1;
  428. *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
  429. return 0;
  430. }
  431. /**
  432. * Get endpoint description of a channel_tls_t
  433. *
  434. * This implements the get_remote_descr method for channel_tls_t; it returns
  435. * a text description of the remote endpoint of the channel suitable for use
  436. * in log messages. The req parameter is 0 for the canonical address or 1 for
  437. * the actual address seen.
  438. */
  439. static const char *
  440. channel_tls_get_remote_descr_method(channel_t *chan, int flags)
  441. {
  442. #define MAX_DESCR_LEN 32
  443. static char buf[MAX_DESCR_LEN + 1];
  444. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  445. connection_t *conn;
  446. const char *answer = NULL;
  447. char *addr_str;
  448. tor_assert(tlschan);
  449. if (tlschan->conn) {
  450. conn = TO_CONN(tlschan->conn);
  451. switch (flags) {
  452. case 0:
  453. /* Canonical address with port*/
  454. tor_snprintf(buf, MAX_DESCR_LEN + 1,
  455. "%s:%u", conn->address, conn->port);
  456. answer = buf;
  457. break;
  458. case GRD_FLAG_ORIGINAL:
  459. /* Actual address with port */
  460. addr_str = tor_dup_addr(&(tlschan->conn->real_addr));
  461. tor_snprintf(buf, MAX_DESCR_LEN + 1,
  462. "%s:%u", addr_str, conn->port);
  463. tor_free(addr_str);
  464. answer = buf;
  465. break;
  466. case GRD_FLAG_ADDR_ONLY:
  467. /* Canonical address, no port */
  468. strlcpy(buf, conn->address, sizeof(buf));
  469. answer = buf;
  470. break;
  471. case GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY:
  472. /* Actual address, no port */
  473. addr_str = tor_dup_addr(&(tlschan->conn->real_addr));
  474. strlcpy(buf, addr_str, sizeof(buf));
  475. tor_free(addr_str);
  476. answer = buf;
  477. break;
  478. default:
  479. /* Something's broken in channel.c */
  480. tor_assert(1);
  481. }
  482. } else {
  483. strlcpy(buf, "(No connection)", sizeof(buf));
  484. answer = buf;
  485. }
  486. return answer;
  487. }
  488. /**
  489. * Tell the upper layer if we have queued writes
  490. *
  491. * This implements the has_queued_writes method for channel_tls t_; it returns
  492. * 1 iff we have queued writes on the outbuf of the underlying or_connection_t.
  493. */
  494. static int
  495. channel_tls_has_queued_writes_method(channel_t *chan)
  496. {
  497. size_t outbuf_len;
  498. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  499. tor_assert(tlschan);
  500. if (!(tlschan->conn)) {
  501. log_info(LD_CHANNEL,
  502. "something called has_queued_writes on a tlschan "
  503. "(%p with ID " U64_FORMAT " but no conn",
  504. chan, U64_PRINTF_ARG(chan->global_identifier));
  505. }
  506. outbuf_len = (tlschan->conn != NULL) ?
  507. connection_get_outbuf_len(TO_CONN(tlschan->conn)) :
  508. 0;
  509. return (outbuf_len > 0);
  510. }
  511. /**
  512. * Tell the upper layer if we're canonical
  513. *
  514. * This implements the is_canonical method for channel_tls_t; if req is zero,
  515. * it returns whether this is a canonical channel, and if it is one it returns
  516. * whether that can be relied upon.
  517. */
  518. static int
  519. channel_tls_is_canonical_method(channel_t *chan, int req)
  520. {
  521. int answer = 0;
  522. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  523. tor_assert(tlschan);
  524. if (tlschan->conn) {
  525. switch (req) {
  526. case 0:
  527. answer = tlschan->conn->is_canonical;
  528. break;
  529. case 1:
  530. /*
  531. * Is the is_canonical bit reliable? In protocols version 2 and up
  532. * we get the canonical address from a NETINFO cell, but in older
  533. * versions it might be based on an obsolete descriptor.
  534. */
  535. answer = (tlschan->conn->link_proto >= 2);
  536. break;
  537. default:
  538. /* This shouldn't happen; channel.c is broken if it does */
  539. tor_assert(1);
  540. }
  541. }
  542. /* else return 0 for tlschan->conn == NULL */
  543. return answer;
  544. }
  545. /**
  546. * Check if we match an extend_info_t
  547. *
  548. * This implements the matches_extend_info method for channel_tls_t; the upper
  549. * layer wants to know if this channel matches an extend_info_t.
  550. */
  551. static int
  552. channel_tls_matches_extend_info_method(channel_t *chan,
  553. extend_info_t *extend_info)
  554. {
  555. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  556. tor_assert(tlschan);
  557. tor_assert(extend_info);
  558. /* Never match if we have no conn */
  559. if (!(tlschan->conn)) {
  560. log_info(LD_CHANNEL,
  561. "something called matches_extend_info on a tlschan "
  562. "(%p with ID " U64_FORMAT " but no conn",
  563. chan, U64_PRINTF_ARG(chan->global_identifier));
  564. return 0;
  565. }
  566. return (tor_addr_eq(&(extend_info->addr),
  567. &(TO_CONN(tlschan->conn)->addr)) &&
  568. (extend_info->port == TO_CONN(tlschan->conn)->port));
  569. }
  570. /**
  571. * Check if we match a target address; return true iff we do.
  572. *
  573. * This implements the matches_target method for channel_tls t_; the upper
  574. * layer wants to know if this channel matches a target address when extending
  575. * a circuit.
  576. */
  577. static int
  578. channel_tls_matches_target_method(channel_t *chan,
  579. const tor_addr_t *target)
  580. {
  581. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  582. tor_assert(tlschan);
  583. tor_assert(target);
  584. /* Never match if we have no conn */
  585. if (!(tlschan->conn)) {
  586. log_info(LD_CHANNEL,
  587. "something called matches_target on a tlschan "
  588. "(%p with ID " U64_FORMAT " but no conn",
  589. chan, U64_PRINTF_ARG(chan->global_identifier));
  590. return 0;
  591. }
  592. return tor_addr_eq(&(tlschan->conn->real_addr), target);
  593. }
  594. /**
  595. * Tell the upper layer how many bytes we have queued and not yet
  596. * sent.
  597. */
  598. static size_t
  599. channel_tls_num_bytes_queued_method(channel_t *chan)
  600. {
  601. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  602. tor_assert(tlschan);
  603. tor_assert(tlschan->conn);
  604. return connection_get_outbuf_len(TO_CONN(tlschan->conn));
  605. }
  606. /**
  607. * Tell the upper layer how many cells we can accept to write
  608. *
  609. * This implements the num_cells_writeable method for channel_tls_t; it
  610. * returns an estimate of the number of cells we can accept with
  611. * channel_tls_write_*_cell().
  612. */
  613. static int
  614. channel_tls_num_cells_writeable_method(channel_t *chan)
  615. {
  616. size_t outbuf_len;
  617. int n;
  618. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  619. size_t cell_network_size;
  620. tor_assert(tlschan);
  621. tor_assert(tlschan->conn);
  622. cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
  623. outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn));
  624. /* Get the number of cells */
  625. n = CEIL_DIV(OR_CONN_HIGHWATER - outbuf_len, cell_network_size);
  626. if (n < 0) n = 0;
  627. return n;
  628. }
  629. /**
  630. * Write a cell to a channel_tls_t
  631. *
  632. * This implements the write_cell method for channel_tls_t; given a
  633. * channel_tls_t and a cell_t, transmit the cell_t.
  634. */
  635. static int
  636. channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
  637. {
  638. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  639. int written = 0;
  640. tor_assert(tlschan);
  641. tor_assert(cell);
  642. if (tlschan->conn) {
  643. connection_or_write_cell_to_buf(cell, tlschan->conn);
  644. ++written;
  645. } else {
  646. log_info(LD_CHANNEL,
  647. "something called write_cell on a tlschan "
  648. "(%p with ID " U64_FORMAT " but no conn",
  649. chan, U64_PRINTF_ARG(chan->global_identifier));
  650. }
  651. return written;
  652. }
  653. /**
  654. * Write a packed cell to a channel_tls_t
  655. *
  656. * This implements the write_packed_cell method for channel_tls_t; given a
  657. * channel_tls_t and a packed_cell_t, transmit the packed_cell_t.
  658. */
  659. static int
  660. channel_tls_write_packed_cell_method(channel_t *chan,
  661. packed_cell_t *packed_cell)
  662. {
  663. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  664. size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
  665. int written = 0;
  666. tor_assert(tlschan);
  667. tor_assert(packed_cell);
  668. if (tlschan->conn) {
  669. connection_write_to_buf(packed_cell->body, cell_network_size,
  670. TO_CONN(tlschan->conn));
  671. /* This is where the cell is finished; used to be done from relay.c */
  672. packed_cell_free(packed_cell);
  673. ++written;
  674. } else {
  675. log_info(LD_CHANNEL,
  676. "something called write_packed_cell on a tlschan "
  677. "(%p with ID " U64_FORMAT " but no conn",
  678. chan, U64_PRINTF_ARG(chan->global_identifier));
  679. }
  680. return written;
  681. }
  682. /**
  683. * Write a variable-length cell to a channel_tls_t
  684. *
  685. * This implements the write_var_cell method for channel_tls_t; given a
  686. * channel_tls_t and a var_cell_t, transmit the var_cell_t.
  687. */
  688. static int
  689. channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
  690. {
  691. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  692. int written = 0;
  693. tor_assert(tlschan);
  694. tor_assert(var_cell);
  695. if (tlschan->conn) {
  696. connection_or_write_var_cell_to_buf(var_cell, tlschan->conn);
  697. ++written;
  698. } else {
  699. log_info(LD_CHANNEL,
  700. "something called write_var_cell on a tlschan "
  701. "(%p with ID " U64_FORMAT " but no conn",
  702. chan, U64_PRINTF_ARG(chan->global_identifier));
  703. }
  704. return written;
  705. }
  706. /*************************************************
  707. * Method implementations for channel_listener_t *
  708. ************************************************/
  709. /**
  710. * Close a channel_listener_t
  711. *
  712. * This implements the close method for channel_listener_t
  713. */
  714. static void
  715. channel_tls_listener_close_method(channel_listener_t *chan_l)
  716. {
  717. tor_assert(chan_l);
  718. /*
  719. * Listeners we just go ahead and change state through to CLOSED, but
  720. * make sure to check if they're channel_tls_listener to NULL it out.
  721. */
  722. if (chan_l == channel_tls_listener)
  723. channel_tls_listener = NULL;
  724. if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSING ||
  725. chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
  726. chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
  727. channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSING);
  728. }
  729. if (chan_l->incoming_list) {
  730. SMARTLIST_FOREACH_BEGIN(chan_l->incoming_list,
  731. channel_t *, ichan) {
  732. channel_mark_for_close(ichan);
  733. } SMARTLIST_FOREACH_END(ichan);
  734. smartlist_free(chan_l->incoming_list);
  735. chan_l->incoming_list = NULL;
  736. }
  737. if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
  738. chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
  739. channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSED);
  740. }
  741. }
  742. /**
  743. * Describe the transport for a channel_listener_t
  744. *
  745. * This returns the string "TLS channel (listening)" to the upper
  746. * layer.
  747. */
  748. static const char *
  749. channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
  750. {
  751. tor_assert(chan_l);
  752. return "TLS channel (listening)";
  753. }
  754. /*******************************************************
  755. * Functions for handling events on an or_connection_t *
  756. ******************************************************/
  757. /**
  758. * Handle an orconn state change
  759. *
  760. * This function will be called by connection_or.c when the or_connection_t
  761. * associated with this channel_tls_t changes state.
  762. */
  763. void
  764. channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
  765. or_connection_t *conn,
  766. uint8_t old_state,
  767. uint8_t state)
  768. {
  769. channel_t *base_chan;
  770. tor_assert(chan);
  771. tor_assert(conn);
  772. tor_assert(conn->chan == chan);
  773. tor_assert(chan->conn == conn);
  774. /* -Werror appeasement */
  775. tor_assert(old_state == old_state);
  776. base_chan = TLS_CHAN_TO_BASE(chan);
  777. /* Make sure the base connection state makes sense - shouldn't be error,
  778. * closed or listening. */
  779. tor_assert(base_chan->state == CHANNEL_STATE_OPENING ||
  780. base_chan->state == CHANNEL_STATE_OPEN ||
  781. base_chan->state == CHANNEL_STATE_MAINT ||
  782. base_chan->state == CHANNEL_STATE_CLOSING);
  783. /* Did we just go to state open? */
  784. if (state == OR_CONN_STATE_OPEN) {
  785. /*
  786. * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or
  787. * CHANNEL_STATE_MAINT on this.
  788. */
  789. channel_change_state(base_chan, CHANNEL_STATE_OPEN);
  790. /* We might have just become writeable; check and tell the scheduler */
  791. if (connection_or_num_cells_writeable(conn) > 0) {
  792. scheduler_channel_wants_writes(base_chan);
  793. }
  794. } else {
  795. /*
  796. * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
  797. * otherwise no change.
  798. */
  799. if (base_chan->state == CHANNEL_STATE_OPEN) {
  800. channel_change_state(base_chan, CHANNEL_STATE_MAINT);
  801. }
  802. }
  803. }
  804. #ifdef KEEP_TIMING_STATS
  805. /**
  806. * Timing states wrapper
  807. *
  808. * This is a wrapper function around the actual function that processes the
  809. * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b>
  810. * by the number of microseconds used by the call to <b>*func(cell, chan)</b>.
  811. */
  812. static void
  813. channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,
  814. void (*func)(cell_t *, channel_tls_t *))
  815. {
  816. struct timeval start, end;
  817. long time_passed;
  818. tor_gettimeofday(&start);
  819. (*func)(cell, chan);
  820. tor_gettimeofday(&end);
  821. time_passed = tv_udiff(&start, &end) ;
  822. if (time_passed > 10000) { /* more than 10ms */
  823. log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
  824. }
  825. if (time_passed < 0) {
  826. log_info(LD_GENERAL,"That call took us back in time!");
  827. time_passed = 0;
  828. }
  829. *time += time_passed;
  830. }
  831. #endif
  832. /**
  833. * Handle an incoming cell on a channel_tls_t
  834. *
  835. * This is called from connection_or.c to handle an arriving cell; it checks
  836. * for cell types specific to the handshake for this transport protocol and
  837. * handles them, and queues all other cells to the channel_t layer, which
  838. * eventually will hand them off to command.c.
  839. */
  840. void
  841. channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
  842. {
  843. channel_tls_t *chan;
  844. int handshaking;
  845. #ifdef KEEP_TIMING_STATS
  846. #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
  847. ++num ## tp; \
  848. channel_tls_time_process_cell(cl, cn, & tp ## time , \
  849. channel_tls_process_ ## tp ## _cell); \
  850. } STMT_END
  851. #else
  852. #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
  853. #endif
  854. tor_assert(cell);
  855. tor_assert(conn);
  856. chan = conn->chan;
  857. if (!chan) {
  858. log_warn(LD_CHANNEL,
  859. "Got a cell_t on an OR connection with no channel");
  860. return;
  861. }
  862. handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);
  863. if (conn->base_.marked_for_close)
  864. return;
  865. /* Reject all but VERSIONS and NETINFO when handshaking. */
  866. /* (VERSIONS should actually be impossible; it's variable-length.) */
  867. if (handshaking && cell->command != CELL_VERSIONS &&
  868. cell->command != CELL_NETINFO) {
  869. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  870. "Received unexpected cell command %d in chan state %s / "
  871. "conn state %s; closing the connection.",
  872. (int)cell->command,
  873. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  874. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state));
  875. connection_or_close_for_error(conn, 0);
  876. return;
  877. }
  878. if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
  879. or_handshake_state_record_cell(conn, conn->handshake_state, cell, 1);
  880. switch (cell->command) {
  881. case CELL_PADDING:
  882. ++stats_n_padding_cells_processed;
  883. /* do nothing */
  884. break;
  885. case CELL_VERSIONS:
  886. tor_fragile_assert();
  887. break;
  888. case CELL_NETINFO:
  889. ++stats_n_netinfo_cells_processed;
  890. PROCESS_CELL(netinfo, cell, chan);
  891. break;
  892. case CELL_CREATE:
  893. case CELL_CREATE_FAST:
  894. case CELL_CREATED:
  895. case CELL_CREATED_FAST:
  896. case CELL_RELAY:
  897. case CELL_RELAY_EARLY:
  898. case CELL_DESTROY:
  899. case CELL_CREATE2:
  900. case CELL_CREATED2:
  901. /*
  902. * These are all transport independent and we pass them up through the
  903. * channel_t mechanism. They are ultimately handled in command.c.
  904. */
  905. channel_queue_cell(TLS_CHAN_TO_BASE(chan), cell);
  906. break;
  907. default:
  908. log_fn(LOG_INFO, LD_PROTOCOL,
  909. "Cell of unknown type (%d) received in channeltls.c. "
  910. "Dropping.",
  911. cell->command);
  912. break;
  913. }
  914. }
  915. /**
  916. * Handle an incoming variable-length cell on a channel_tls_t
  917. *
  918. * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep
  919. * internal statistics about how many of each cell we've processed so far
  920. * this second, and the total number of microseconds it took to
  921. * process each type of cell. All the var_cell commands are handshake-
  922. * related and live below the channel_t layer, so no variable-length
  923. * cells ever get delivered in the current implementation, but I've left
  924. * the mechanism in place for future use.
  925. */
  926. void
  927. channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
  928. {
  929. channel_tls_t *chan;
  930. #ifdef KEEP_TIMING_STATS
  931. /* how many of each cell have we seen so far this second? needs better
  932. * name. */
  933. static int num_versions = 0, num_certs = 0;
  934. static time_t current_second = 0; /* from previous calls to time */
  935. time_t now = time(NULL);
  936. if (current_second == 0) current_second = now;
  937. if (now > current_second) { /* the second has rolled over */
  938. /* print stats */
  939. log_info(LD_OR,
  940. "At end of second: %d versions (%d ms), %d certs (%d ms)",
  941. num_versions, versions_time / ((now - current_second) * 1000),
  942. num_certs, certs_time / ((now - current_second) * 1000));
  943. num_versions = num_certs = 0;
  944. versions_time = certs_time = 0;
  945. /* remember which second it is, for next time */
  946. current_second = now;
  947. }
  948. #endif
  949. tor_assert(var_cell);
  950. tor_assert(conn);
  951. chan = conn->chan;
  952. if (!chan) {
  953. log_warn(LD_CHANNEL,
  954. "Got a var_cell_t on an OR connection with no channel");
  955. return;
  956. }
  957. if (TO_CONN(conn)->marked_for_close)
  958. return;
  959. switch (TO_CONN(conn)->state) {
  960. case OR_CONN_STATE_OR_HANDSHAKING_V2:
  961. if (var_cell->command != CELL_VERSIONS) {
  962. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  963. "Received a cell with command %d in unexpected "
  964. "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
  965. "closing the connection.",
  966. (int)(var_cell->command),
  967. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
  968. TO_CONN(conn)->state,
  969. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  970. (int)(TLS_CHAN_TO_BASE(chan)->state));
  971. /*
  972. * The code in connection_or.c will tell channel_t to close for
  973. * error; it will go to CHANNEL_STATE_CLOSING, and then to
  974. * CHANNEL_STATE_ERROR when conn is closed.
  975. */
  976. connection_or_close_for_error(conn, 0);
  977. return;
  978. }
  979. break;
  980. case OR_CONN_STATE_TLS_HANDSHAKING:
  981. /* If we're using bufferevents, it's entirely possible for us to
  982. * notice "hey, data arrived!" before we notice "hey, the handshake
  983. * finished!" And we need to be accepting both at once to handle both
  984. * the v2 and v3 handshakes. */
  985. /* fall through */
  986. case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
  987. if (!(command_allowed_before_handshake(var_cell->command))) {
  988. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  989. "Received a cell with command %d in unexpected "
  990. "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
  991. "closing the connection.",
  992. (int)(var_cell->command),
  993. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
  994. (int)(TO_CONN(conn)->state),
  995. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  996. (int)(TLS_CHAN_TO_BASE(chan)->state));
  997. /* see above comment about CHANNEL_STATE_ERROR */
  998. connection_or_close_for_error(conn, 0);
  999. return;
  1000. } else {
  1001. if (enter_v3_handshake_with_cell(var_cell, chan) < 0)
  1002. return;
  1003. }
  1004. break;
  1005. case OR_CONN_STATE_OR_HANDSHAKING_V3:
  1006. if (var_cell->command != CELL_AUTHENTICATE)
  1007. or_handshake_state_record_var_cell(conn, conn->handshake_state,
  1008. var_cell, 1);
  1009. break; /* Everything is allowed */
  1010. case OR_CONN_STATE_OPEN:
  1011. if (conn->link_proto < 3) {
  1012. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  1013. "Received a variable-length cell with command %d in orconn "
  1014. "state %s [%d], channel state %s [%d] with link protocol %d; "
  1015. "ignoring it.",
  1016. (int)(var_cell->command),
  1017. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
  1018. (int)(TO_CONN(conn)->state),
  1019. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  1020. (int)(TLS_CHAN_TO_BASE(chan)->state),
  1021. (int)(conn->link_proto));
  1022. return;
  1023. }
  1024. break;
  1025. default:
  1026. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  1027. "Received var-length cell with command %d in unexpected "
  1028. "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
  1029. "ignoring it.",
  1030. (int)(var_cell->command),
  1031. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
  1032. (int)(TO_CONN(conn)->state),
  1033. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  1034. (int)(TLS_CHAN_TO_BASE(chan)->state));
  1035. return;
  1036. }
  1037. /* Now handle the cell */
  1038. switch (var_cell->command) {
  1039. case CELL_VERSIONS:
  1040. ++stats_n_versions_cells_processed;
  1041. PROCESS_CELL(versions, var_cell, chan);
  1042. break;
  1043. case CELL_VPADDING:
  1044. ++stats_n_vpadding_cells_processed;
  1045. /* Do nothing */
  1046. break;
  1047. case CELL_CERTS:
  1048. ++stats_n_certs_cells_processed;
  1049. PROCESS_CELL(certs, var_cell, chan);
  1050. break;
  1051. case CELL_AUTH_CHALLENGE:
  1052. ++stats_n_auth_challenge_cells_processed;
  1053. PROCESS_CELL(auth_challenge, var_cell, chan);
  1054. break;
  1055. case CELL_AUTHENTICATE:
  1056. ++stats_n_authenticate_cells_processed;
  1057. PROCESS_CELL(authenticate, var_cell, chan);
  1058. break;
  1059. case CELL_AUTHORIZE:
  1060. ++stats_n_authorize_cells_processed;
  1061. /* Ignored so far. */
  1062. break;
  1063. default:
  1064. log_fn(LOG_INFO, LD_PROTOCOL,
  1065. "Variable-length cell of unknown type (%d) received.",
  1066. (int)(var_cell->command));
  1067. break;
  1068. }
  1069. }
  1070. /**
  1071. * Update channel marks after connection_or.c has changed an address
  1072. *
  1073. * This is called from connection_or_init_conn_from_address() after the
  1074. * connection's _base.addr or real_addr fields have potentially been changed
  1075. * so we can recalculate the local mark. Notably, this happens when incoming
  1076. * connections are reverse-proxied and we only learn the real address of the
  1077. * remote router by looking it up in the consensus after we finish the
  1078. * handshake and know an authenticated identity digest.
  1079. */
  1080. void
  1081. channel_tls_update_marks(or_connection_t *conn)
  1082. {
  1083. channel_t *chan = NULL;
  1084. tor_assert(conn);
  1085. tor_assert(conn->chan);
  1086. chan = TLS_CHAN_TO_BASE(conn->chan);
  1087. if (is_local_addr(&(TO_CONN(conn)->addr))) {
  1088. if (!channel_is_local(chan)) {
  1089. log_debug(LD_CHANNEL,
  1090. "Marking channel " U64_FORMAT " at %p as local",
  1091. U64_PRINTF_ARG(chan->global_identifier), chan);
  1092. channel_mark_local(chan);
  1093. }
  1094. } else {
  1095. if (channel_is_local(chan)) {
  1096. log_debug(LD_CHANNEL,
  1097. "Marking channel " U64_FORMAT " at %p as remote",
  1098. U64_PRINTF_ARG(chan->global_identifier), chan);
  1099. channel_mark_remote(chan);
  1100. }
  1101. }
  1102. }
  1103. /**
  1104. * Check if this cell type is allowed before the handshake is finished
  1105. *
  1106. * Return true if <b>command</b> is a cell command that's allowed to start a
  1107. * V3 handshake.
  1108. */
  1109. static int
  1110. command_allowed_before_handshake(uint8_t command)
  1111. {
  1112. switch (command) {
  1113. case CELL_VERSIONS:
  1114. case CELL_VPADDING:
  1115. case CELL_AUTHORIZE:
  1116. return 1;
  1117. default:
  1118. return 0;
  1119. }
  1120. }
  1121. /**
  1122. * Start a V3 handshake on an incoming connection
  1123. *
  1124. * Called when we as a server receive an appropriate cell while waiting
  1125. * either for a cell or a TLS handshake. Set the connection's state to
  1126. * "handshaking_v3', initializes the or_handshake_state field as needed,
  1127. * and add the cell to the hash of incoming cells.)
  1128. */
  1129. static int
  1130. enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan)
  1131. {
  1132. int started_here = 0;
  1133. tor_assert(cell);
  1134. tor_assert(chan);
  1135. tor_assert(chan->conn);
  1136. started_here = connection_or_nonopen_was_started_here(chan->conn);
  1137. tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING ||
  1138. TO_CONN(chan->conn)->state ==
  1139. OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
  1140. if (started_here) {
  1141. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1142. "Received a cell while TLS-handshaking, not in "
  1143. "OR_HANDSHAKING_V3, on a connection we originated.");
  1144. }
  1145. connection_or_block_renegotiation(chan->conn);
  1146. chan->conn->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
  1147. if (connection_init_or_handshake_state(chan->conn, started_here) < 0) {
  1148. connection_or_close_for_error(chan->conn, 0);
  1149. return -1;
  1150. }
  1151. or_handshake_state_record_var_cell(chan->conn,
  1152. chan->conn->handshake_state, cell, 1);
  1153. return 0;
  1154. }
  1155. /**
  1156. * Process a 'versions' cell.
  1157. *
  1158. * This function is called to handle an incoming VERSIONS cell; the current
  1159. * link protocol version must be 0 to indicate that no version has yet been
  1160. * negotiated. We compare the versions in the cell to the list of versions
  1161. * we support, pick the highest version we have in common, and continue the
  1162. * negotiation from there.
  1163. */
  1164. static void
  1165. channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
  1166. {
  1167. int highest_supported_version = 0;
  1168. int started_here = 0;
  1169. tor_assert(cell);
  1170. tor_assert(chan);
  1171. tor_assert(chan->conn);
  1172. if ((cell->payload_len % 2) == 1) {
  1173. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1174. "Received a VERSION cell with odd payload length %d; "
  1175. "closing connection.",cell->payload_len);
  1176. connection_or_close_for_error(chan->conn, 0);
  1177. return;
  1178. }
  1179. started_here = connection_or_nonopen_was_started_here(chan->conn);
  1180. if (chan->conn->link_proto != 0 ||
  1181. (chan->conn->handshake_state &&
  1182. chan->conn->handshake_state->received_versions)) {
  1183. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1184. "Received a VERSIONS cell on a connection with its version "
  1185. "already set to %d; dropping",
  1186. (int)(chan->conn->link_proto));
  1187. return;
  1188. }
  1189. switch (chan->conn->base_.state)
  1190. {
  1191. case OR_CONN_STATE_OR_HANDSHAKING_V2:
  1192. case OR_CONN_STATE_OR_HANDSHAKING_V3:
  1193. break;
  1194. case OR_CONN_STATE_TLS_HANDSHAKING:
  1195. case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
  1196. default:
  1197. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1198. "VERSIONS cell while in unexpected state");
  1199. return;
  1200. }
  1201. tor_assert(chan->conn->handshake_state);
  1202. {
  1203. int i;
  1204. const uint8_t *cp = cell->payload;
  1205. for (i = 0; i < cell->payload_len / 2; ++i, cp += 2) {
  1206. uint16_t v = ntohs(get_uint16(cp));
  1207. if (is_or_protocol_version_known(v) && v > highest_supported_version)
  1208. highest_supported_version = v;
  1209. }
  1210. }
  1211. if (!highest_supported_version) {
  1212. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1213. "Couldn't find a version in common between my version list and the "
  1214. "list in the VERSIONS cell; closing connection.");
  1215. connection_or_close_for_error(chan->conn, 0);
  1216. return;
  1217. } else if (highest_supported_version == 1) {
  1218. /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
  1219. * cells. */
  1220. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1221. "Used version negotiation protocol to negotiate a v1 connection. "
  1222. "That's crazily non-compliant. Closing connection.");
  1223. connection_or_close_for_error(chan->conn, 0);
  1224. return;
  1225. } else if (highest_supported_version < 3 &&
  1226. chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
  1227. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1228. "Negotiated link protocol 2 or lower after doing a v3 TLS "
  1229. "handshake. Closing connection.");
  1230. connection_or_close_for_error(chan->conn, 0);
  1231. return;
  1232. } else if (highest_supported_version != 2 &&
  1233. chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
  1234. /* XXXX This should eventually be a log_protocol_warn */
  1235. log_fn(LOG_WARN, LD_OR,
  1236. "Negotiated link with non-2 protocol after doing a v2 TLS "
  1237. "handshake with %s. Closing connection.",
  1238. fmt_addr(&chan->conn->base_.addr));
  1239. connection_or_close_for_error(chan->conn, 0);
  1240. return;
  1241. }
  1242. chan->conn->link_proto = highest_supported_version;
  1243. chan->conn->handshake_state->received_versions = 1;
  1244. if (chan->conn->link_proto == 2) {
  1245. log_info(LD_OR,
  1246. "Negotiated version %d with %s:%d; sending NETINFO.",
  1247. highest_supported_version,
  1248. safe_str_client(chan->conn->base_.address),
  1249. chan->conn->base_.port);
  1250. if (connection_or_send_netinfo(chan->conn) < 0) {
  1251. connection_or_close_for_error(chan->conn, 0);
  1252. return;
  1253. }
  1254. } else {
  1255. const int send_versions = !started_here;
  1256. /* If we want to authenticate, send a CERTS cell */
  1257. const int send_certs = !started_here || public_server_mode(get_options());
  1258. /* If we're a host that got a connection, ask for authentication. */
  1259. const int send_chall = !started_here;
  1260. /* If our certs cell will authenticate us, we can send a netinfo cell
  1261. * right now. */
  1262. const int send_netinfo = !started_here;
  1263. const int send_any =
  1264. send_versions || send_certs || send_chall || send_netinfo;
  1265. tor_assert(chan->conn->link_proto >= 3);
  1266. log_info(LD_OR,
  1267. "Negotiated version %d with %s:%d; %s%s%s%s%s",
  1268. highest_supported_version,
  1269. safe_str_client(chan->conn->base_.address),
  1270. chan->conn->base_.port,
  1271. send_any ? "Sending cells:" : "Waiting for CERTS cell",
  1272. send_versions ? " VERSIONS" : "",
  1273. send_certs ? " CERTS" : "",
  1274. send_chall ? " AUTH_CHALLENGE" : "",
  1275. send_netinfo ? " NETINFO" : "");
  1276. #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
  1277. if (1) {
  1278. connection_or_close_normally(chan->conn, 1);
  1279. return;
  1280. }
  1281. #endif
  1282. if (send_versions) {
  1283. if (connection_or_send_versions(chan->conn, 1) < 0) {
  1284. log_warn(LD_OR, "Couldn't send versions cell");
  1285. connection_or_close_for_error(chan->conn, 0);
  1286. return;
  1287. }
  1288. }
  1289. /* We set this after sending the verions cell. */
  1290. /*XXXXX symbolic const.*/
  1291. chan->base_.wide_circ_ids =
  1292. chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
  1293. chan->conn->wide_circ_ids = chan->base_.wide_circ_ids;
  1294. if (send_certs) {
  1295. if (connection_or_send_certs_cell(chan->conn) < 0) {
  1296. log_warn(LD_OR, "Couldn't send certs cell");
  1297. connection_or_close_for_error(chan->conn, 0);
  1298. return;
  1299. }
  1300. }
  1301. if (send_chall) {
  1302. if (connection_or_send_auth_challenge_cell(chan->conn) < 0) {
  1303. log_warn(LD_OR, "Couldn't send auth_challenge cell");
  1304. connection_or_close_for_error(chan->conn, 0);
  1305. return;
  1306. }
  1307. }
  1308. if (send_netinfo) {
  1309. if (connection_or_send_netinfo(chan->conn) < 0) {
  1310. log_warn(LD_OR, "Couldn't send netinfo cell");
  1311. connection_or_close_for_error(chan->conn, 0);
  1312. return;
  1313. }
  1314. }
  1315. }
  1316. }
  1317. /**
  1318. * Process a 'netinfo' cell
  1319. *
  1320. * This function is called to handle an incoming NETINFO cell; read and act
  1321. * on its contents, and set the connection state to "open".
  1322. */
  1323. static void
  1324. channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
  1325. {
  1326. time_t timestamp;
  1327. uint8_t my_addr_type;
  1328. uint8_t my_addr_len;
  1329. const uint8_t *my_addr_ptr;
  1330. const uint8_t *cp, *end;
  1331. uint8_t n_other_addrs;
  1332. time_t now = time(NULL);
  1333. long apparent_skew = 0;
  1334. tor_addr_t my_apparent_addr = TOR_ADDR_NULL;
  1335. tor_assert(cell);
  1336. tor_assert(chan);
  1337. tor_assert(chan->conn);
  1338. if (chan->conn->link_proto < 2) {
  1339. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1340. "Received a NETINFO cell on %s connection; dropping.",
  1341. chan->conn->link_proto == 0 ? "non-versioned" : "a v1");
  1342. return;
  1343. }
  1344. if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
  1345. chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
  1346. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1347. "Received a NETINFO cell on non-handshaking connection; dropping.");
  1348. return;
  1349. }
  1350. tor_assert(chan->conn->handshake_state &&
  1351. chan->conn->handshake_state->received_versions);
  1352. if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
  1353. tor_assert(chan->conn->link_proto >= 3);
  1354. if (chan->conn->handshake_state->started_here) {
  1355. if (!(chan->conn->handshake_state->authenticated)) {
  1356. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1357. "Got a NETINFO cell from server, "
  1358. "but no authentication. Closing the connection.");
  1359. connection_or_close_for_error(chan->conn, 0);
  1360. return;
  1361. }
  1362. } else {
  1363. /* we're the server. If the client never authenticated, we have
  1364. some housekeeping to do.*/
  1365. if (!(chan->conn->handshake_state->authenticated)) {
  1366. tor_assert(tor_digest_is_zero(
  1367. (const char*)(chan->conn->handshake_state->
  1368. authenticated_peer_id)));
  1369. channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
  1370. chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
  1371. connection_or_init_conn_from_address(chan->conn,
  1372. &(chan->conn->base_.addr),
  1373. chan->conn->base_.port,
  1374. (const char*)(chan->conn->handshake_state->
  1375. authenticated_peer_id),
  1376. 0);
  1377. }
  1378. }
  1379. }
  1380. /* Decode the cell. */
  1381. timestamp = ntohl(get_uint32(cell->payload));
  1382. if (labs(now - chan->conn->handshake_state->sent_versions_at) < 180) {
  1383. apparent_skew = now - timestamp;
  1384. }
  1385. my_addr_type = (uint8_t) cell->payload[4];
  1386. my_addr_len = (uint8_t) cell->payload[5];
  1387. my_addr_ptr = (uint8_t*) cell->payload + 6;
  1388. end = cell->payload + CELL_PAYLOAD_SIZE;
  1389. cp = cell->payload + 6 + my_addr_len;
  1390. /* We used to check:
  1391. * if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) {
  1392. *
  1393. * This is actually never going to happen, since my_addr_len is at most 255,
  1394. * and CELL_PAYLOAD_LEN - 6 is 503. So we know that cp is < end. */
  1395. if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
  1396. tor_addr_from_ipv4n(&my_apparent_addr, get_uint32(my_addr_ptr));
  1397. } else if (my_addr_type == RESOLVED_TYPE_IPV6 && my_addr_len == 16) {
  1398. tor_addr_from_ipv6_bytes(&my_apparent_addr, (const char *) my_addr_ptr);
  1399. }
  1400. n_other_addrs = (uint8_t) *cp++;
  1401. while (n_other_addrs && cp < end-2) {
  1402. /* Consider all the other addresses; if any matches, this connection is
  1403. * "canonical." */
  1404. tor_addr_t addr;
  1405. const uint8_t *next =
  1406. decode_address_from_payload(&addr, cp, (int)(end-cp));
  1407. if (next == NULL) {
  1408. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1409. "Bad address in netinfo cell; closing connection.");
  1410. connection_or_close_for_error(chan->conn, 0);
  1411. return;
  1412. }
  1413. if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {
  1414. connection_or_set_canonical(chan->conn, 1);
  1415. break;
  1416. }
  1417. cp = next;
  1418. --n_other_addrs;
  1419. }
  1420. /* Act on apparent skew. */
  1421. /** Warn when we get a netinfo skew with at least this value. */
  1422. #define NETINFO_NOTICE_SKEW 3600
  1423. if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
  1424. router_get_by_id_digest(chan->conn->identity_digest)) {
  1425. char dbuf[64];
  1426. int severity;
  1427. /*XXXX be smarter about when everybody says we are skewed. */
  1428. if (router_digest_is_trusted_dir(chan->conn->identity_digest))
  1429. severity = LOG_WARN;
  1430. else
  1431. severity = LOG_INFO;
  1432. format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
  1433. log_fn(severity, LD_GENERAL,
  1434. "Received NETINFO cell with skewed time from "
  1435. "server at %s:%d. It seems that our clock is %s by %s, or "
  1436. "that theirs is %s. Tor requires an accurate clock to work: "
  1437. "please check your time and date settings.",
  1438. chan->conn->base_.address,
  1439. (int)(chan->conn->base_.port),
  1440. apparent_skew > 0 ? "ahead" : "behind",
  1441. dbuf,
  1442. apparent_skew > 0 ? "behind" : "ahead");
  1443. if (severity == LOG_WARN) /* only tell the controller if an authority */
  1444. control_event_general_status(LOG_WARN,
  1445. "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
  1446. apparent_skew,
  1447. chan->conn->base_.address,
  1448. chan->conn->base_.port);
  1449. }
  1450. /* XXX maybe act on my_apparent_addr, if the source is sufficiently
  1451. * trustworthy. */
  1452. if (! chan->conn->handshake_state->sent_netinfo) {
  1453. /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
  1454. * cell, then we would not previously have sent a NETINFO cell. Do so
  1455. * now. */
  1456. if (connection_or_send_netinfo(chan->conn) < 0) {
  1457. connection_or_close_for_error(chan->conn, 0);
  1458. return;
  1459. }
  1460. }
  1461. if (connection_or_set_state_open(chan->conn) < 0) {
  1462. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1463. "Got good NETINFO cell from %s:%d; but "
  1464. "was unable to make the OR connection become open.",
  1465. safe_str_client(chan->conn->base_.address),
  1466. chan->conn->base_.port);
  1467. connection_or_close_for_error(chan->conn, 0);
  1468. } else {
  1469. log_info(LD_OR,
  1470. "Got good NETINFO cell from %s:%d; OR connection is now "
  1471. "open, using protocol version %d. Its ID digest is %s. "
  1472. "Our address is apparently %s.",
  1473. safe_str_client(chan->conn->base_.address),
  1474. chan->conn->base_.port,
  1475. (int)(chan->conn->link_proto),
  1476. hex_str(TLS_CHAN_TO_BASE(chan)->identity_digest,
  1477. DIGEST_LEN),
  1478. tor_addr_is_null(&my_apparent_addr) ?
  1479. "<none>" : fmt_and_decorate_addr(&my_apparent_addr));
  1480. }
  1481. assert_connection_ok(TO_CONN(chan->conn),time(NULL));
  1482. }
  1483. /**
  1484. * Process a CERTS cell from a channel.
  1485. *
  1486. * This function is called to process an incoming CERTS cell on a
  1487. * channel_tls_t:
  1488. *
  1489. * If the other side should not have sent us a CERTS cell, or the cell is
  1490. * malformed, or it is supposed to authenticate the TLS key but it doesn't,
  1491. * then mark the connection.
  1492. *
  1493. * If the cell has a good cert chain and we're doing a v3 handshake, then
  1494. * store the certificates in or_handshake_state. If this is the client side
  1495. * of the connection, we then authenticate the server or mark the connection.
  1496. * If it's the server side, wait for an AUTHENTICATE cell.
  1497. */
  1498. static void
  1499. channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
  1500. {
  1501. tor_cert_t *link_cert = NULL;
  1502. tor_cert_t *id_cert = NULL;
  1503. tor_cert_t *auth_cert = NULL;
  1504. uint8_t *ptr;
  1505. int n_certs, i;
  1506. int send_netinfo = 0;
  1507. tor_assert(cell);
  1508. tor_assert(chan);
  1509. tor_assert(chan->conn);
  1510. #define ERR(s) \
  1511. do { \
  1512. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
  1513. "Received a bad CERTS cell from %s:%d: %s", \
  1514. safe_str(chan->conn->base_.address), \
  1515. chan->conn->base_.port, (s)); \
  1516. connection_or_close_for_error(chan->conn, 0); \
  1517. goto err; \
  1518. } while (0)
  1519. if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
  1520. ERR("We're not doing a v3 handshake!");
  1521. if (chan->conn->link_proto < 3)
  1522. ERR("We're not using link protocol >= 3");
  1523. if (chan->conn->handshake_state->received_certs_cell)
  1524. ERR("We already got one");
  1525. if (chan->conn->handshake_state->authenticated) {
  1526. /* Should be unreachable, but let's make sure. */
  1527. ERR("We're already authenticated!");
  1528. }
  1529. if (cell->payload_len < 1)
  1530. ERR("It had no body");
  1531. if (cell->circ_id)
  1532. ERR("It had a nonzero circuit ID");
  1533. n_certs = cell->payload[0];
  1534. ptr = cell->payload + 1;
  1535. for (i = 0; i < n_certs; ++i) {
  1536. uint8_t cert_type;
  1537. uint16_t cert_len;
  1538. if (cell->payload_len < 3)
  1539. goto truncated;
  1540. if (ptr > cell->payload + cell->payload_len - 3) {
  1541. goto truncated;
  1542. }
  1543. cert_type = *ptr;
  1544. cert_len = ntohs(get_uint16(ptr+1));
  1545. if (cell->payload_len < 3 + cert_len)
  1546. goto truncated;
  1547. if (ptr > cell->payload + cell->payload_len - cert_len - 3) {
  1548. goto truncated;
  1549. }
  1550. if (cert_type == OR_CERT_TYPE_TLS_LINK ||
  1551. cert_type == OR_CERT_TYPE_ID_1024 ||
  1552. cert_type == OR_CERT_TYPE_AUTH_1024) {
  1553. tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
  1554. if (!cert) {
  1555. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  1556. "Received undecodable certificate in CERTS cell from %s:%d",
  1557. safe_str(chan->conn->base_.address),
  1558. chan->conn->base_.port);
  1559. } else {
  1560. if (cert_type == OR_CERT_TYPE_TLS_LINK) {
  1561. if (link_cert) {
  1562. tor_cert_free(cert);
  1563. ERR("Too many TLS_LINK certificates");
  1564. }
  1565. link_cert = cert;
  1566. } else if (cert_type == OR_CERT_TYPE_ID_1024) {
  1567. if (id_cert) {
  1568. tor_cert_free(cert);
  1569. ERR("Too many ID_1024 certificates");
  1570. }
  1571. id_cert = cert;
  1572. } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
  1573. if (auth_cert) {
  1574. tor_cert_free(cert);
  1575. ERR("Too many AUTH_1024 certificates");
  1576. }
  1577. auth_cert = cert;
  1578. } else {
  1579. tor_cert_free(cert);
  1580. }
  1581. }
  1582. }
  1583. ptr += 3 + cert_len;
  1584. continue;
  1585. truncated:
  1586. ERR("It ends in the middle of a certificate");
  1587. }
  1588. if (chan->conn->handshake_state->started_here) {
  1589. int severity;
  1590. if (! (id_cert && link_cert))
  1591. ERR("The certs we wanted were missing");
  1592. /* Okay. We should be able to check the certificates now. */
  1593. if (! tor_tls_cert_matches_key(chan->conn->tls, link_cert)) {
  1594. ERR("The link certificate didn't match the TLS public key");
  1595. }
  1596. /* Note that this warns more loudly about time and validity if we were
  1597. * _trying_ to connect to an authority, not necessarily if we _did_ connect
  1598. * to one. */
  1599. if (router_digest_is_trusted_dir(
  1600. TLS_CHAN_TO_BASE(chan)->identity_digest))
  1601. severity = LOG_WARN;
  1602. else
  1603. severity = LOG_PROTOCOL_WARN;
  1604. if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0))
  1605. ERR("The link certificate was not valid");
  1606. if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1))
  1607. ERR("The ID certificate was not valid");
  1608. chan->conn->handshake_state->authenticated = 1;
  1609. {
  1610. const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
  1611. crypto_pk_t *identity_rcvd;
  1612. if (!id_digests)
  1613. ERR("Couldn't compute digests for key in ID cert");
  1614. identity_rcvd = tor_tls_cert_get_key(id_cert);
  1615. if (!identity_rcvd)
  1616. ERR("Internal error: Couldn't get RSA key from ID cert.");
  1617. memcpy(chan->conn->handshake_state->authenticated_peer_id,
  1618. id_digests->d[DIGEST_SHA1], DIGEST_LEN);
  1619. channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
  1620. chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
  1621. crypto_pk_free(identity_rcvd);
  1622. }
  1623. if (connection_or_client_learned_peer_id(chan->conn,
  1624. chan->conn->handshake_state->authenticated_peer_id) < 0)
  1625. ERR("Problem setting or checking peer id");
  1626. log_info(LD_OR,
  1627. "Got some good certificates from %s:%d: Authenticated it.",
  1628. safe_str(chan->conn->base_.address), chan->conn->base_.port);
  1629. chan->conn->handshake_state->id_cert = id_cert;
  1630. id_cert = NULL;
  1631. if (!public_server_mode(get_options())) {
  1632. /* If we initiated the connection and we are not a public server, we
  1633. * aren't planning to authenticate at all. At this point we know who we
  1634. * are talking to, so we can just send a netinfo now. */
  1635. send_netinfo = 1;
  1636. }
  1637. } else {
  1638. if (! (id_cert && auth_cert))
  1639. ERR("The certs we wanted were missing");
  1640. /* Remember these certificates so we can check an AUTHENTICATE cell */
  1641. if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1))
  1642. ERR("The authentication certificate was not valid");
  1643. if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1))
  1644. ERR("The ID certificate was not valid");
  1645. log_info(LD_OR,
  1646. "Got some good certificates from %s:%d: "
  1647. "Waiting for AUTHENTICATE.",
  1648. safe_str(chan->conn->base_.address),
  1649. chan->conn->base_.port);
  1650. /* XXXX check more stuff? */
  1651. chan->conn->handshake_state->id_cert = id_cert;
  1652. chan->conn->handshake_state->auth_cert = auth_cert;
  1653. id_cert = auth_cert = NULL;
  1654. }
  1655. chan->conn->handshake_state->received_certs_cell = 1;
  1656. if (send_netinfo) {
  1657. if (connection_or_send_netinfo(chan->conn) < 0) {
  1658. log_warn(LD_OR, "Couldn't send netinfo cell");
  1659. connection_or_close_for_error(chan->conn, 0);
  1660. goto err;
  1661. }
  1662. }
  1663. err:
  1664. tor_cert_free(id_cert);
  1665. tor_cert_free(link_cert);
  1666. tor_cert_free(auth_cert);
  1667. #undef ERR
  1668. }
  1669. /**
  1670. * Process an AUTH_CHALLENGE cell from a channel_tls_t
  1671. *
  1672. * This function is called to handle an incoming AUTH_CHALLENGE cell on a
  1673. * channel_tls_t; if we weren't supposed to get one (for example, because we're
  1674. * not the originator of the channel), or it's ill-formed, or we aren't doing
  1675. * a v3 handshake, mark the channel. If the cell is well-formed but we don't
  1676. * want to authenticate, just drop it. If the cell is well-formed *and* we
  1677. * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
  1678. */
  1679. static void
  1680. channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
  1681. {
  1682. int n_types, i, use_type = -1;
  1683. uint8_t *cp;
  1684. tor_assert(cell);
  1685. tor_assert(chan);
  1686. tor_assert(chan->conn);
  1687. #define ERR(s) \
  1688. do { \
  1689. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
  1690. "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
  1691. safe_str(chan->conn->base_.address), \
  1692. chan->conn->base_.port, (s)); \
  1693. connection_or_close_for_error(chan->conn, 0); \
  1694. return; \
  1695. } while (0)
  1696. if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
  1697. ERR("We're not currently doing a v3 handshake");
  1698. if (chan->conn->link_proto < 3)
  1699. ERR("We're not using link protocol >= 3");
  1700. if (!(chan->conn->handshake_state->started_here))
  1701. ERR("We didn't originate this connection");
  1702. if (chan->conn->handshake_state->received_auth_challenge)
  1703. ERR("We already received one");
  1704. if (!(chan->conn->handshake_state->received_certs_cell))
  1705. ERR("We haven't gotten a CERTS cell yet");
  1706. if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
  1707. ERR("It was too short");
  1708. if (cell->circ_id)
  1709. ERR("It had a nonzero circuit ID");
  1710. n_types = ntohs(get_uint16(cell->payload + OR_AUTH_CHALLENGE_LEN));
  1711. if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2 + 2*n_types)
  1712. ERR("It looks truncated");
  1713. /* Now see if there is an authentication type we can use */
  1714. cp = cell->payload+OR_AUTH_CHALLENGE_LEN + 2;
  1715. for (i = 0; i < n_types; ++i, cp += 2) {
  1716. uint16_t authtype = ntohs(get_uint16(cp));
  1717. if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET)
  1718. use_type = authtype;
  1719. }
  1720. chan->conn->handshake_state->received_auth_challenge = 1;
  1721. if (! public_server_mode(get_options())) {
  1722. /* If we're not a public server then we don't want to authenticate on a
  1723. connection we originated, and we already sent a NETINFO cell when we
  1724. got the CERTS cell. We have nothing more to do. */
  1725. return;
  1726. }
  1727. if (use_type >= 0) {
  1728. log_info(LD_OR,
  1729. "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
  1730. "authentication",
  1731. safe_str(chan->conn->base_.address),
  1732. chan->conn->base_.port);
  1733. if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) {
  1734. log_warn(LD_OR,
  1735. "Couldn't send authenticate cell");
  1736. connection_or_close_for_error(chan->conn, 0);
  1737. return;
  1738. }
  1739. } else {
  1740. log_info(LD_OR,
  1741. "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
  1742. "know any of its authentication types. Not authenticating.",
  1743. safe_str(chan->conn->base_.address),
  1744. chan->conn->base_.port);
  1745. }
  1746. if (connection_or_send_netinfo(chan->conn) < 0) {
  1747. log_warn(LD_OR, "Couldn't send netinfo cell");
  1748. connection_or_close_for_error(chan->conn, 0);
  1749. return;
  1750. }
  1751. #undef ERR
  1752. }
  1753. /**
  1754. * Process an AUTHENTICATE cell from a channel_tls_t
  1755. *
  1756. * If it's ill-formed or we weren't supposed to get one or we're not doing a
  1757. * v3 handshake, then mark the connection. If it does not authenticate the
  1758. * other side of the connection successfully (because it isn't signed right,
  1759. * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
  1760. * the identity of the router on the other side of the connection.
  1761. */
  1762. static void
  1763. channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
  1764. {
  1765. uint8_t expected[V3_AUTH_FIXED_PART_LEN];
  1766. const uint8_t *auth;
  1767. int authlen;
  1768. tor_assert(cell);
  1769. tor_assert(chan);
  1770. tor_assert(chan->conn);
  1771. #define ERR(s) \
  1772. do { \
  1773. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
  1774. "Received a bad AUTHENTICATE cell from %s:%d: %s", \
  1775. safe_str(chan->conn->base_.address), \
  1776. chan->conn->base_.port, (s)); \
  1777. connection_or_close_for_error(chan->conn, 0); \
  1778. return; \
  1779. } while (0)
  1780. if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
  1781. ERR("We're not doing a v3 handshake");
  1782. if (chan->conn->link_proto < 3)
  1783. ERR("We're not using link protocol >= 3");
  1784. if (chan->conn->handshake_state->started_here)
  1785. ERR("We originated this connection");
  1786. if (chan->conn->handshake_state->received_authenticate)
  1787. ERR("We already got one!");
  1788. if (chan->conn->handshake_state->authenticated) {
  1789. /* Should be impossible given other checks */
  1790. ERR("The peer is already authenticated");
  1791. }
  1792. if (!(chan->conn->handshake_state->received_certs_cell))
  1793. ERR("We never got a certs cell");
  1794. if (chan->conn->handshake_state->auth_cert == NULL)
  1795. ERR("We never got an authentication certificate");
  1796. if (chan->conn->handshake_state->id_cert == NULL)
  1797. ERR("We never got an identity certificate");
  1798. if (cell->payload_len < 4)
  1799. ERR("Cell was way too short");
  1800. auth = cell->payload;
  1801. {
  1802. uint16_t type = ntohs(get_uint16(auth));
  1803. uint16_t len = ntohs(get_uint16(auth+2));
  1804. if (4 + len > cell->payload_len)
  1805. ERR("Authenticator was truncated");
  1806. if (type != AUTHTYPE_RSA_SHA256_TLSSECRET)
  1807. ERR("Authenticator type was not recognized");
  1808. auth += 4;
  1809. authlen = len;
  1810. }
  1811. if (authlen < V3_AUTH_BODY_LEN + 1)
  1812. ERR("Authenticator was too short");
  1813. if (connection_or_compute_authenticate_cell_body(
  1814. chan->conn, expected, sizeof(expected), NULL, 1) < 0)
  1815. ERR("Couldn't compute expected AUTHENTICATE cell body");
  1816. if (tor_memneq(expected, auth, sizeof(expected)))
  1817. ERR("Some field in the AUTHENTICATE cell body was not as expected");
  1818. {
  1819. crypto_pk_t *pk = tor_tls_cert_get_key(
  1820. chan->conn->handshake_state->auth_cert);
  1821. char d[DIGEST256_LEN];
  1822. char *signed_data;
  1823. size_t keysize;
  1824. int signed_len;
  1825. if (!pk)
  1826. ERR("Internal error: couldn't get RSA key from AUTH cert.");
  1827. crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
  1828. keysize = crypto_pk_keysize(pk);
  1829. signed_data = tor_malloc(keysize);
  1830. signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
  1831. (char*)auth + V3_AUTH_BODY_LEN,
  1832. authlen - V3_AUTH_BODY_LEN);
  1833. crypto_pk_free(pk);
  1834. if (signed_len < 0) {
  1835. tor_free(signed_data);
  1836. ERR("Signature wasn't valid");
  1837. }
  1838. if (signed_len < DIGEST256_LEN) {
  1839. tor_free(signed_data);
  1840. ERR("Not enough data was signed");
  1841. }
  1842. /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
  1843. * in case they're later used to hold a SHA3 digest or something. */
  1844. if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
  1845. tor_free(signed_data);
  1846. ERR("Signature did not match data to be signed.");
  1847. }
  1848. tor_free(signed_data);
  1849. }
  1850. /* Okay, we are authenticated. */
  1851. chan->conn->handshake_state->received_authenticate = 1;
  1852. chan->conn->handshake_state->authenticated = 1;
  1853. chan->conn->handshake_state->digest_received_data = 0;
  1854. {
  1855. crypto_pk_t *identity_rcvd =
  1856. tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);
  1857. const digests_t *id_digests =
  1858. tor_cert_get_id_digests(chan->conn->handshake_state->id_cert);
  1859. /* This must exist; we checked key type when reading the cert. */
  1860. tor_assert(id_digests);
  1861. memcpy(chan->conn->handshake_state->authenticated_peer_id,
  1862. id_digests->d[DIGEST_SHA1], DIGEST_LEN);
  1863. channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
  1864. chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
  1865. crypto_pk_free(identity_rcvd);
  1866. connection_or_init_conn_from_address(chan->conn,
  1867. &(chan->conn->base_.addr),
  1868. chan->conn->base_.port,
  1869. (const char*)(chan->conn->handshake_state->
  1870. authenticated_peer_id),
  1871. 0);
  1872. log_info(LD_OR,
  1873. "Got an AUTHENTICATE cell from %s:%d: Looks good.",
  1874. safe_str(chan->conn->base_.address),
  1875. chan->conn->base_.port);
  1876. }
  1877. #undef ERR
  1878. }