channeltls.c 61 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947
  1. /* * Copyright (c) 2012-2013, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file channeltls.c
  5. * \brief channel_t concrete subclass using or_connection_t
  6. **/
  7. /*
  8. * Define this so channel.h gives us things only channel_t subclasses
  9. * should touch.
  10. */
  11. #define TOR_CHANNEL_INTERNAL_
  12. #include "or.h"
  13. #include "channel.h"
  14. #include "channeltls.h"
  15. #include "circuitmux.h"
  16. #include "circuitmux_ewma.h"
  17. #include "config.h"
  18. #include "connection.h"
  19. #include "connection_or.h"
  20. #include "control.h"
  21. #include "relay.h"
  22. #include "router.h"
  23. #include "routerlist.h"
  24. /** How many CELL_PADDING cells have we received, ever? */
  25. uint64_t stats_n_padding_cells_processed = 0;
  26. /** How many CELL_VERSIONS cells have we received, ever? */
  27. uint64_t stats_n_versions_cells_processed = 0;
  28. /** How many CELL_NETINFO cells have we received, ever? */
  29. uint64_t stats_n_netinfo_cells_processed = 0;
  30. /** How many CELL_VPADDING cells have we received, ever? */
  31. uint64_t stats_n_vpadding_cells_processed = 0;
  32. /** How many CELL_CERTS cells have we received, ever? */
  33. uint64_t stats_n_certs_cells_processed = 0;
  34. /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
  35. uint64_t stats_n_auth_challenge_cells_processed = 0;
  36. /** How many CELL_AUTHENTICATE cells have we received, ever? */
  37. uint64_t stats_n_authenticate_cells_processed = 0;
  38. /** How many CELL_AUTHORIZE cells have we received, ever? */
  39. uint64_t stats_n_authorize_cells_processed = 0;
  40. /** Active listener, if any */
  41. channel_listener_t *channel_tls_listener = NULL;
  42. /* Utility function declarations */
  43. static void channel_tls_common_init(channel_tls_t *tlschan);
  44. /* channel_tls_t method declarations */
  45. static void channel_tls_close_method(channel_t *chan);
  46. static const char * channel_tls_describe_transport_method(channel_t *chan);
  47. static int
  48. channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out);
  49. static const char *
  50. channel_tls_get_remote_descr_method(channel_t *chan, int flags);
  51. static int channel_tls_has_queued_writes_method(channel_t *chan);
  52. static int channel_tls_is_canonical_method(channel_t *chan, int req);
  53. static int
  54. channel_tls_matches_extend_info_method(channel_t *chan,
  55. extend_info_t *extend_info);
  56. static int channel_tls_matches_target_method(channel_t *chan,
  57. const tor_addr_t *target);
  58. static int channel_tls_write_cell_method(channel_t *chan,
  59. cell_t *cell);
  60. static int channel_tls_write_packed_cell_method(channel_t *chan,
  61. packed_cell_t *packed_cell);
  62. static int channel_tls_write_var_cell_method(channel_t *chan,
  63. var_cell_t *var_cell);
  64. /* channel_listener_tls_t method declarations */
  65. static void channel_tls_listener_close_method(channel_listener_t *chan_l);
  66. static const char *
  67. channel_tls_listener_describe_transport_method(channel_listener_t *chan_l);
  68. /** Handle incoming cells for the handshake stuff here rather than
  69. * passing them on up. */
  70. static void channel_tls_process_versions_cell(var_cell_t *cell,
  71. channel_tls_t *tlschan);
  72. static void channel_tls_process_netinfo_cell(cell_t *cell,
  73. channel_tls_t *tlschan);
  74. static void channel_tls_process_certs_cell(var_cell_t *cell,
  75. channel_tls_t *tlschan);
  76. static void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
  77. channel_tls_t *tlschan);
  78. static void channel_tls_process_authenticate_cell(var_cell_t *cell,
  79. channel_tls_t *tlschan);
  80. static int command_allowed_before_handshake(uint8_t command);
  81. static int enter_v3_handshake_with_cell(var_cell_t *cell,
  82. channel_tls_t *tlschan);
  83. /**
  84. * Do parts of channel_tls_t initialization common to channel_tls_connect()
  85. * and channel_tls_handle_incoming().
  86. */
  87. static void
  88. channel_tls_common_init(channel_tls_t *tlschan)
  89. {
  90. channel_t *chan;
  91. tor_assert(tlschan);
  92. chan = &(tlschan->base_);
  93. channel_init(chan);
  94. chan->magic = TLS_CHAN_MAGIC;
  95. chan->state = CHANNEL_STATE_OPENING;
  96. chan->close = channel_tls_close_method;
  97. chan->describe_transport = channel_tls_describe_transport_method;
  98. chan->get_remote_addr = channel_tls_get_remote_addr_method;
  99. chan->get_remote_descr = channel_tls_get_remote_descr_method;
  100. chan->has_queued_writes = channel_tls_has_queued_writes_method;
  101. chan->is_canonical = channel_tls_is_canonical_method;
  102. chan->matches_extend_info = channel_tls_matches_extend_info_method;
  103. chan->matches_target = channel_tls_matches_target_method;
  104. chan->write_cell = channel_tls_write_cell_method;
  105. chan->write_packed_cell = channel_tls_write_packed_cell_method;
  106. chan->write_var_cell = channel_tls_write_var_cell_method;
  107. chan->cmux = circuitmux_alloc();
  108. if (cell_ewma_enabled()) {
  109. circuitmux_set_policy(chan->cmux, &ewma_policy);
  110. }
  111. }
  112. /**
  113. * Start a new TLS channel
  114. *
  115. * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
  116. * handshake with an OR with identity digest <b>id_digest</b>, and wrap
  117. * it in a channel_tls_t.
  118. */
  119. channel_t *
  120. channel_tls_connect(const tor_addr_t *addr, uint16_t port,
  121. const char *id_digest)
  122. {
  123. channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
  124. channel_t *chan = &(tlschan->base_);
  125. channel_tls_common_init(tlschan);
  126. log_debug(LD_CHANNEL,
  127. "In channel_tls_connect() for channel %p "
  128. "(global id " U64_FORMAT ")",
  129. tlschan,
  130. U64_PRINTF_ARG(chan->global_identifier));
  131. if (is_local_addr(addr)) channel_mark_local(chan);
  132. channel_mark_outgoing(chan);
  133. /* Set up or_connection stuff */
  134. tlschan->conn = connection_or_connect(addr, port, id_digest, tlschan);
  135. /* connection_or_connect() will fill in tlschan->conn */
  136. if (!(tlschan->conn)) {
  137. chan->reason_for_closing = CHANNEL_CLOSE_FOR_ERROR;
  138. channel_change_state(chan, CHANNEL_STATE_ERROR);
  139. goto err;
  140. }
  141. log_debug(LD_CHANNEL,
  142. "Got orconn %p for channel with global id " U64_FORMAT,
  143. tlschan->conn, U64_PRINTF_ARG(chan->global_identifier));
  144. goto done;
  145. err:
  146. circuitmux_free(chan->cmux);
  147. tor_free(tlschan);
  148. chan = NULL;
  149. done:
  150. /* If we got one, we should register it */
  151. if (chan) channel_register(chan);
  152. return chan;
  153. }
  154. /**
  155. * Return the current channel_tls_t listener
  156. *
  157. * Returns the current channel listener for incoming TLS connections, or
  158. * NULL if none has been established
  159. */
  160. channel_listener_t *
  161. channel_tls_get_listener(void)
  162. {
  163. return channel_tls_listener;
  164. }
  165. /**
  166. * Start a channel_tls_t listener if necessary
  167. *
  168. * Return the current channel_tls_t listener, or start one if we haven't yet,
  169. * and return that.
  170. */
  171. channel_listener_t *
  172. channel_tls_start_listener(void)
  173. {
  174. channel_listener_t *listener;
  175. if (!channel_tls_listener) {
  176. listener = tor_malloc_zero(sizeof(*listener));
  177. channel_init_listener(listener);
  178. listener->state = CHANNEL_LISTENER_STATE_LISTENING;
  179. listener->close = channel_tls_listener_close_method;
  180. listener->describe_transport =
  181. channel_tls_listener_describe_transport_method;
  182. channel_tls_listener = listener;
  183. log_debug(LD_CHANNEL,
  184. "Starting TLS channel listener %p with global id " U64_FORMAT,
  185. listener, U64_PRINTF_ARG(listener->global_identifier));
  186. channel_listener_register(listener);
  187. } else listener = channel_tls_listener;
  188. return listener;
  189. }
  190. /**
  191. * Free everything on shutdown
  192. *
  193. * Not much to do here, since channel_free_all() takes care of a lot, but let's
  194. * get rid of the listener.
  195. */
  196. void
  197. channel_tls_free_all(void)
  198. {
  199. channel_listener_t *old_listener = NULL;
  200. log_debug(LD_CHANNEL,
  201. "Shutting down TLS channels...");
  202. if (channel_tls_listener) {
  203. /*
  204. * When we close it, channel_tls_listener will get nulled out, so save
  205. * a pointer so we can free it.
  206. */
  207. old_listener = channel_tls_listener;
  208. log_debug(LD_CHANNEL,
  209. "Closing channel_tls_listener with ID " U64_FORMAT
  210. " at %p.",
  211. U64_PRINTF_ARG(old_listener->global_identifier),
  212. old_listener);
  213. channel_listener_unregister(old_listener);
  214. channel_listener_mark_for_close(old_listener);
  215. channel_listener_free(old_listener);
  216. tor_assert(channel_tls_listener == NULL);
  217. }
  218. log_debug(LD_CHANNEL,
  219. "Done shutting down TLS channels");
  220. }
  221. /**
  222. * Create a new channel around an incoming or_connection_t
  223. */
  224. channel_t *
  225. channel_tls_handle_incoming(or_connection_t *orconn)
  226. {
  227. channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
  228. channel_t *chan = &(tlschan->base_);
  229. tor_assert(orconn);
  230. tor_assert(!(orconn->chan));
  231. channel_tls_common_init(tlschan);
  232. /* Link the channel and orconn to each other */
  233. tlschan->conn = orconn;
  234. orconn->chan = tlschan;
  235. if (is_local_addr(&(TO_CONN(orconn)->addr))) channel_mark_local(chan);
  236. channel_mark_incoming(chan);
  237. /* If we got one, we should register it */
  238. if (chan) channel_register(chan);
  239. return chan;
  240. }
  241. /*********
  242. * Casts *
  243. ********/
  244. /**
  245. * Cast a channel_tls_t to a channel_t.
  246. */
  247. channel_t *
  248. channel_tls_to_base(channel_tls_t *tlschan)
  249. {
  250. if (!tlschan) return NULL;
  251. return &(tlschan->base_);
  252. }
  253. /**
  254. * Cast a channel_t to a channel_tls_t, with appropriate type-checking
  255. * asserts.
  256. */
  257. channel_tls_t *
  258. channel_tls_from_base(channel_t *chan)
  259. {
  260. if (!chan) return NULL;
  261. tor_assert(chan->magic == TLS_CHAN_MAGIC);
  262. return (channel_tls_t *)(chan);
  263. }
  264. /********************************************
  265. * Method implementations for channel_tls_t *
  266. *******************************************/
  267. /**
  268. * Close a channel_tls_t
  269. *
  270. * This implements the close method for channel_tls_t
  271. */
  272. static void
  273. channel_tls_close_method(channel_t *chan)
  274. {
  275. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  276. tor_assert(tlschan);
  277. if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1);
  278. else {
  279. /* Weird - we'll have to change the state ourselves, I guess */
  280. log_info(LD_CHANNEL,
  281. "Tried to close channel_tls_t %p with NULL conn",
  282. tlschan);
  283. channel_change_state(chan, CHANNEL_STATE_ERROR);
  284. }
  285. }
  286. /**
  287. * Describe the transport for a channel_tls_t
  288. *
  289. * This returns the string "TLS channel on connection <id>" to the upper
  290. * layer.
  291. */
  292. static const char *
  293. channel_tls_describe_transport_method(channel_t *chan)
  294. {
  295. static char *buf = NULL;
  296. uint64_t id;
  297. channel_tls_t *tlschan;
  298. const char *rv = NULL;
  299. tor_assert(chan);
  300. tlschan = BASE_CHAN_TO_TLS(chan);
  301. if (tlschan->conn) {
  302. id = TO_CONN(tlschan->conn)->global_identifier;
  303. if (buf) tor_free(buf);
  304. tor_asprintf(&buf,
  305. "TLS channel (connection " U64_FORMAT ")",
  306. U64_PRINTF_ARG(id));
  307. rv = buf;
  308. } else {
  309. rv = "TLS channel (no connection)";
  310. }
  311. return rv;
  312. }
  313. /**
  314. * Get the remote address of a channel_tls_t
  315. *
  316. * This implements the get_remote_addr method for channel_tls_t; copy the
  317. * remote endpoint of the channel to addr_out and return 1 (always
  318. * succeeds for this transport).
  319. */
  320. static int
  321. channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out)
  322. {
  323. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  324. tor_assert(tlschan);
  325. tor_assert(addr_out);
  326. tor_assert(tlschan->conn);
  327. tor_addr_copy(addr_out, &(TO_CONN(tlschan->conn)->addr));
  328. return 1;
  329. }
  330. /**
  331. * Get endpoint description of a channel_tls_t
  332. *
  333. * This implements the get_remote_descr method for channel_tls_t; it returns
  334. * a text description of the remote endpoint of the channel suitable for use
  335. * in log messages. The req parameter is 0 for the canonical address or 1 for
  336. * the actual address seen.
  337. */
  338. static const char *
  339. channel_tls_get_remote_descr_method(channel_t *chan, int flags)
  340. {
  341. #define MAX_DESCR_LEN 32
  342. static char buf[MAX_DESCR_LEN + 1];
  343. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  344. connection_t *conn;
  345. const char *answer = NULL;
  346. char *addr_str;
  347. tor_assert(tlschan);
  348. tor_assert(tlschan->conn);
  349. conn = TO_CONN(tlschan->conn);
  350. switch (flags) {
  351. case 0:
  352. /* Canonical address with port*/
  353. tor_snprintf(buf, MAX_DESCR_LEN + 1,
  354. "%s:%u", conn->address, conn->port);
  355. answer = buf;
  356. break;
  357. case GRD_FLAG_ORIGINAL:
  358. /* Actual address with port */
  359. addr_str = tor_dup_addr(&(tlschan->conn->real_addr));
  360. tor_snprintf(buf, MAX_DESCR_LEN + 1,
  361. "%s:%u", addr_str, conn->port);
  362. tor_free(addr_str);
  363. answer = buf;
  364. break;
  365. case GRD_FLAG_ADDR_ONLY:
  366. /* Canonical address, no port */
  367. strlcpy(buf, conn->address, sizeof(buf));
  368. answer = buf;
  369. break;
  370. case GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY:
  371. /* Actual address, no port */
  372. addr_str = tor_dup_addr(&(tlschan->conn->real_addr));
  373. strlcpy(buf, addr_str, sizeof(buf));
  374. tor_free(addr_str);
  375. answer = buf;
  376. break;
  377. default:
  378. /* Something's broken in channel.c */
  379. tor_assert(1);
  380. }
  381. return answer;
  382. }
  383. /**
  384. * Tell the upper layer if we have queued writes
  385. *
  386. * This implements the has_queued_writes method for channel_tls t_; it returns
  387. * 1 iff we have queued writes on the outbuf of the underlying or_connection_t.
  388. */
  389. static int
  390. channel_tls_has_queued_writes_method(channel_t *chan)
  391. {
  392. size_t outbuf_len;
  393. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  394. tor_assert(tlschan);
  395. tor_assert(tlschan->conn);
  396. outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn));
  397. return (outbuf_len > 0);
  398. }
  399. /**
  400. * Tell the upper layer if we're canonical
  401. *
  402. * This implements the is_canonical method for channel_tls_t; if req is zero,
  403. * it returns whether this is a canonical channel, and if it is one it returns
  404. * whether that can be relied upon.
  405. */
  406. static int
  407. channel_tls_is_canonical_method(channel_t *chan, int req)
  408. {
  409. int answer = 0;
  410. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  411. tor_assert(tlschan);
  412. tor_assert(tlschan->conn);
  413. switch (req) {
  414. case 0:
  415. answer = tlschan->conn->is_canonical;
  416. break;
  417. case 1:
  418. /*
  419. * Is the is_canonical bit reliable? In protocols version 2 and up
  420. * we get the canonical address from a NETINFO cell, but in older
  421. * versions it might be based on an obsolete descriptor.
  422. */
  423. answer = (tlschan->conn->link_proto >= 2);
  424. break;
  425. default:
  426. /* This shouldn't happen; channel.c is broken if it does */
  427. tor_assert(1);
  428. }
  429. return answer;
  430. }
  431. /**
  432. * Check if we match an extend_info_t
  433. *
  434. * This implements the matches_extend_info method for channel_tls_t; the upper
  435. * layer wants to know if this channel matches an extend_info_t.
  436. */
  437. static int
  438. channel_tls_matches_extend_info_method(channel_t *chan,
  439. extend_info_t *extend_info)
  440. {
  441. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  442. tor_assert(tlschan);
  443. tor_assert(extend_info);
  444. return (tor_addr_eq(&(extend_info->addr),
  445. &(TO_CONN(tlschan->conn)->addr)) &&
  446. (extend_info->port == TO_CONN(tlschan->conn)->port));
  447. }
  448. /**
  449. * Check if we match a target address
  450. *
  451. * This implements the matches_target method for channel_tls t_; the upper
  452. * layer wants to know if this channel matches a target address when extending
  453. * a circuit.
  454. */
  455. static int
  456. channel_tls_matches_target_method(channel_t *chan,
  457. const tor_addr_t *target)
  458. {
  459. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  460. tor_assert(tlschan);
  461. tor_assert(target);
  462. tor_assert(tlschan->conn);
  463. return tor_addr_compare(&(tlschan->conn->real_addr),
  464. target, CMP_EXACT);
  465. }
  466. /**
  467. * Write a cell to a channel_tls_t
  468. *
  469. * This implements the write_cell method for channel_tls_t; given a
  470. * channel_tls_t and a cell_t, transmit the cell_t.
  471. */
  472. static int
  473. channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
  474. {
  475. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  476. tor_assert(tlschan);
  477. tor_assert(cell);
  478. tor_assert(tlschan->conn);
  479. connection_or_write_cell_to_buf(cell, tlschan->conn);
  480. return 1;
  481. }
  482. /**
  483. * Write a packed cell to a channel_tls_t
  484. *
  485. * This implements the write_packed_cell method for channel_tls_t; given a
  486. * channel_tls_t and a packed_cell_t, transmit the packed_cell_t.
  487. */
  488. static int
  489. channel_tls_write_packed_cell_method(channel_t *chan,
  490. packed_cell_t *packed_cell)
  491. {
  492. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  493. size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
  494. tor_assert(tlschan);
  495. tor_assert(packed_cell);
  496. tor_assert(tlschan->conn);
  497. connection_write_to_buf(packed_cell->body, cell_network_size,
  498. TO_CONN(tlschan->conn));
  499. /* This is where the cell is finished; used to be done from relay.c */
  500. packed_cell_free(packed_cell);
  501. return 1;
  502. }
  503. /**
  504. * Write a variable-length cell to a channel_tls_t
  505. *
  506. * This implements the write_var_cell method for channel_tls_t; given a
  507. * channel_tls_t and a var_cell_t, transmit the var_cell_t.
  508. */
  509. static int
  510. channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
  511. {
  512. channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
  513. tor_assert(tlschan);
  514. tor_assert(var_cell);
  515. tor_assert(tlschan->conn);
  516. connection_or_write_var_cell_to_buf(var_cell, tlschan->conn);
  517. return 1;
  518. }
  519. /*************************************************
  520. * Method implementations for channel_listener_t *
  521. ************************************************/
  522. /**
  523. * Close a channel_listener_t
  524. *
  525. * This implements the close method for channel_listener_t
  526. */
  527. static void
  528. channel_tls_listener_close_method(channel_listener_t *chan_l)
  529. {
  530. tor_assert(chan_l);
  531. /*
  532. * Listeners we just go ahead and change state through to CLOSED, but
  533. * make sure to check if they're channel_tls_listener to NULL it out.
  534. */
  535. if (chan_l == channel_tls_listener)
  536. channel_tls_listener = NULL;
  537. if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSING ||
  538. chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
  539. chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
  540. channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSING);
  541. }
  542. if (chan_l->incoming_list) {
  543. SMARTLIST_FOREACH_BEGIN(chan_l->incoming_list,
  544. channel_t *, ichan) {
  545. channel_mark_for_close(ichan);
  546. } SMARTLIST_FOREACH_END(ichan);
  547. smartlist_free(chan_l->incoming_list);
  548. chan_l->incoming_list = NULL;
  549. }
  550. if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
  551. chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
  552. channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSED);
  553. }
  554. }
  555. /**
  556. * Describe the transport for a channel_listener_t
  557. *
  558. * This returns the string "TLS channel (listening)" to the upper
  559. * layer.
  560. */
  561. static const char *
  562. channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
  563. {
  564. tor_assert(chan_l);
  565. return "TLS channel (listening)";
  566. }
  567. /*******************************************************
  568. * Functions for handling events on an or_connection_t *
  569. ******************************************************/
  570. /**
  571. * Handle an orconn state change
  572. *
  573. * This function will be called by connection_or.c when the or_connection_t
  574. * associated with this channel_tls_t changes state.
  575. */
  576. void
  577. channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
  578. or_connection_t *conn,
  579. uint8_t old_state,
  580. uint8_t state)
  581. {
  582. channel_t *base_chan;
  583. tor_assert(chan);
  584. tor_assert(conn);
  585. tor_assert(conn->chan == chan);
  586. tor_assert(chan->conn == conn);
  587. /* -Werror appeasement */
  588. tor_assert(old_state == old_state);
  589. base_chan = TLS_CHAN_TO_BASE(chan);
  590. /* Make sure the base connection state makes sense - shouldn't be error,
  591. * closed or listening. */
  592. tor_assert(base_chan->state == CHANNEL_STATE_OPENING ||
  593. base_chan->state == CHANNEL_STATE_OPEN ||
  594. base_chan->state == CHANNEL_STATE_MAINT ||
  595. base_chan->state == CHANNEL_STATE_CLOSING);
  596. /* Did we just go to state open? */
  597. if (state == OR_CONN_STATE_OPEN) {
  598. /*
  599. * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or
  600. * CHANNEL_STATE_MAINT on this.
  601. */
  602. channel_change_state(base_chan, CHANNEL_STATE_OPEN);
  603. } else {
  604. /*
  605. * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
  606. * otherwise no change.
  607. */
  608. if (base_chan->state == CHANNEL_STATE_OPEN) {
  609. channel_change_state(base_chan, CHANNEL_STATE_MAINT);
  610. }
  611. }
  612. }
  613. /**
  614. * Flush cells from a channel_tls_t
  615. *
  616. * Try to flush up to about num_cells cells, and return how many we flushed.
  617. */
  618. ssize_t
  619. channel_tls_flush_some_cells(channel_tls_t *chan, ssize_t num_cells)
  620. {
  621. ssize_t flushed = 0;
  622. tor_assert(chan);
  623. if (flushed >= num_cells) goto done;
  624. /*
  625. * If channel_tls_t ever buffers anything below the channel_t layer, flush
  626. * that first here.
  627. */
  628. flushed += channel_flush_some_cells(TLS_CHAN_TO_BASE(chan),
  629. num_cells - flushed);
  630. /*
  631. * If channel_tls_t ever buffers anything below the channel_t layer, check
  632. * how much we actually got and push it on down here.
  633. */
  634. done:
  635. return flushed;
  636. }
  637. /**
  638. * Check if a channel_tls_t has anything to flush
  639. *
  640. * Return true if there is any more to flush on this channel (cells in queue
  641. * or active circuits).
  642. */
  643. int
  644. channel_tls_more_to_flush(channel_tls_t *chan)
  645. {
  646. tor_assert(chan);
  647. /*
  648. * If channel_tls_t ever buffers anything below channel_t, the
  649. * check for that should go here first.
  650. */
  651. return channel_more_to_flush(TLS_CHAN_TO_BASE(chan));
  652. }
  653. #ifdef KEEP_TIMING_STATS
  654. /**
  655. * Timing states wrapper
  656. *
  657. * This is a wrapper function around the actual function that processes the
  658. * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b>
  659. * by the number of microseconds used by the call to <b>*func(cell, chan)</b>.
  660. */
  661. static void
  662. channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,
  663. void (*func)(cell_t *, channel_tls_t *))
  664. {
  665. struct timeval start, end;
  666. long time_passed;
  667. tor_gettimeofday(&start);
  668. (*func)(cell, chan);
  669. tor_gettimeofday(&end);
  670. time_passed = tv_udiff(&start, &end) ;
  671. if (time_passed > 10000) { /* more than 10ms */
  672. log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
  673. }
  674. if (time_passed < 0) {
  675. log_info(LD_GENERAL,"That call took us back in time!");
  676. time_passed = 0;
  677. }
  678. *time += time_passed;
  679. }
  680. #endif
  681. /**
  682. * Handle an incoming cell on a channel_tls_t
  683. *
  684. * This is called from connection_or.c to handle an arriving cell; it checks
  685. * for cell types specific to the handshake for this transport protocol and
  686. * handles them, and queues all other cells to the channel_t layer, which
  687. * eventually will hand them off to command.c.
  688. */
  689. void
  690. channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
  691. {
  692. channel_tls_t *chan;
  693. int handshaking;
  694. #ifdef KEEP_TIMING_STATS
  695. #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
  696. ++num ## tp; \
  697. channel_tls_time_process_cell(cl, cn, & tp ## time , \
  698. channel_tls_process_ ## tp ## _cell); \
  699. } STMT_END
  700. #else
  701. #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
  702. #endif
  703. tor_assert(cell);
  704. tor_assert(conn);
  705. chan = conn->chan;
  706. if (!chan) {
  707. log_warn(LD_CHANNEL,
  708. "Got a cell_t on an OR connection with no channel");
  709. return;
  710. }
  711. handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);
  712. if (conn->base_.marked_for_close)
  713. return;
  714. /* Reject all but VERSIONS and NETINFO when handshaking. */
  715. /* (VERSIONS should actually be impossible; it's variable-length.) */
  716. if (handshaking && cell->command != CELL_VERSIONS &&
  717. cell->command != CELL_NETINFO) {
  718. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  719. "Received unexpected cell command %d in chan state %s / "
  720. "conn state %s; closing the connection.",
  721. (int)cell->command,
  722. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  723. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state));
  724. connection_or_close_for_error(conn, 0);
  725. return;
  726. }
  727. if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
  728. or_handshake_state_record_cell(conn, conn->handshake_state, cell, 1);
  729. switch (cell->command) {
  730. case CELL_PADDING:
  731. ++stats_n_padding_cells_processed;
  732. /* do nothing */
  733. break;
  734. case CELL_VERSIONS:
  735. tor_fragile_assert();
  736. break;
  737. case CELL_NETINFO:
  738. ++stats_n_netinfo_cells_processed;
  739. PROCESS_CELL(netinfo, cell, chan);
  740. break;
  741. case CELL_CREATE:
  742. case CELL_CREATE_FAST:
  743. case CELL_CREATED:
  744. case CELL_CREATED_FAST:
  745. case CELL_RELAY:
  746. case CELL_RELAY_EARLY:
  747. case CELL_DESTROY:
  748. case CELL_CREATE2:
  749. case CELL_CREATED2:
  750. /*
  751. * These are all transport independent and we pass them up through the
  752. * channel_t mechanism. They are ultimately handled in command.c.
  753. */
  754. channel_queue_cell(TLS_CHAN_TO_BASE(chan), cell);
  755. break;
  756. default:
  757. log_fn(LOG_INFO, LD_PROTOCOL,
  758. "Cell of unknown type (%d) received in channeltls.c. "
  759. "Dropping.",
  760. cell->command);
  761. break;
  762. }
  763. }
  764. /**
  765. * Handle an incoming variable-length cell on a channel_tls_t
  766. *
  767. * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep
  768. * internal statistics about how many of each cell we've processed so far
  769. * this second, and the total number of microseconds it took to
  770. * process each type of cell. All the var_cell commands are handshake-
  771. * related and live below the channel_t layer, so no variable-length
  772. * cells ever get delivered in the current implementation, but I've left
  773. * the mechanism in place for future use.
  774. */
  775. void
  776. channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
  777. {
  778. channel_tls_t *chan;
  779. #ifdef KEEP_TIMING_STATS
  780. /* how many of each cell have we seen so far this second? needs better
  781. * name. */
  782. static int num_versions = 0, num_certs = 0;
  783. static time_t current_second = 0; /* from previous calls to time */
  784. time_t now = time(NULL);
  785. if (current_second == 0) current_second = now;
  786. if (now > current_second) { /* the second has rolled over */
  787. /* print stats */
  788. log_info(LD_OR,
  789. "At end of second: %d versions (%d ms), %d certs (%d ms)",
  790. num_versions, versions_time / ((now - current_second) * 1000),
  791. num_certs, certs_time / ((now - current_second) * 1000));
  792. num_versions = num_certs = 0;
  793. versions_time = certs_time = 0;
  794. /* remember which second it is, for next time */
  795. current_second = now;
  796. }
  797. #endif
  798. tor_assert(var_cell);
  799. tor_assert(conn);
  800. chan = conn->chan;
  801. if (!chan) {
  802. log_warn(LD_CHANNEL,
  803. "Got a var_cell_t on an OR connection with no channel");
  804. return;
  805. }
  806. if (TO_CONN(conn)->marked_for_close)
  807. return;
  808. switch (TO_CONN(conn)->state) {
  809. case OR_CONN_STATE_OR_HANDSHAKING_V2:
  810. if (var_cell->command != CELL_VERSIONS) {
  811. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  812. "Received a cell with command %d in unexpected "
  813. "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
  814. "closing the connection.",
  815. (int)(var_cell->command),
  816. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
  817. TO_CONN(conn)->state,
  818. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  819. (int)(TLS_CHAN_TO_BASE(chan)->state));
  820. /*
  821. * The code in connection_or.c will tell channel_t to close for
  822. * error; it will go to CHANNEL_STATE_CLOSING, and then to
  823. * CHANNEL_STATE_ERROR when conn is closed.
  824. */
  825. connection_or_close_for_error(conn, 0);
  826. return;
  827. }
  828. break;
  829. case OR_CONN_STATE_TLS_HANDSHAKING:
  830. /* If we're using bufferevents, it's entirely possible for us to
  831. * notice "hey, data arrived!" before we notice "hey, the handshake
  832. * finished!" And we need to be accepting both at once to handle both
  833. * the v2 and v3 handshakes. */
  834. /* fall through */
  835. case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
  836. if (!(command_allowed_before_handshake(var_cell->command))) {
  837. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  838. "Received a cell with command %d in unexpected "
  839. "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
  840. "closing the connection.",
  841. (int)(var_cell->command),
  842. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
  843. (int)(TO_CONN(conn)->state),
  844. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  845. (int)(TLS_CHAN_TO_BASE(chan)->state));
  846. /* see above comment about CHANNEL_STATE_ERROR */
  847. connection_or_close_for_error(conn, 0);
  848. return;
  849. } else {
  850. if (enter_v3_handshake_with_cell(var_cell, chan) < 0)
  851. return;
  852. }
  853. break;
  854. case OR_CONN_STATE_OR_HANDSHAKING_V3:
  855. if (var_cell->command != CELL_AUTHENTICATE)
  856. or_handshake_state_record_var_cell(conn, conn->handshake_state,
  857. var_cell, 1);
  858. break; /* Everything is allowed */
  859. case OR_CONN_STATE_OPEN:
  860. if (conn->link_proto < 3) {
  861. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  862. "Received a variable-length cell with command %d in orconn "
  863. "state %s [%d], channel state %s [%d] with link protocol %d; "
  864. "ignoring it.",
  865. (int)(var_cell->command),
  866. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
  867. (int)(TO_CONN(conn)->state),
  868. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  869. (int)(TLS_CHAN_TO_BASE(chan)->state),
  870. (int)(conn->link_proto));
  871. return;
  872. }
  873. break;
  874. default:
  875. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  876. "Received var-length cell with command %d in unexpected "
  877. "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
  878. "ignoring it.",
  879. (int)(var_cell->command),
  880. conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
  881. (int)(TO_CONN(conn)->state),
  882. channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
  883. (int)(TLS_CHAN_TO_BASE(chan)->state));
  884. return;
  885. }
  886. /* Now handle the cell */
  887. switch (var_cell->command) {
  888. case CELL_VERSIONS:
  889. ++stats_n_versions_cells_processed;
  890. PROCESS_CELL(versions, var_cell, chan);
  891. break;
  892. case CELL_VPADDING:
  893. ++stats_n_vpadding_cells_processed;
  894. /* Do nothing */
  895. break;
  896. case CELL_CERTS:
  897. ++stats_n_certs_cells_processed;
  898. PROCESS_CELL(certs, var_cell, chan);
  899. break;
  900. case CELL_AUTH_CHALLENGE:
  901. ++stats_n_auth_challenge_cells_processed;
  902. PROCESS_CELL(auth_challenge, var_cell, chan);
  903. break;
  904. case CELL_AUTHENTICATE:
  905. ++stats_n_authenticate_cells_processed;
  906. PROCESS_CELL(authenticate, var_cell, chan);
  907. break;
  908. case CELL_AUTHORIZE:
  909. ++stats_n_authorize_cells_processed;
  910. /* Ignored so far. */
  911. break;
  912. default:
  913. log_fn(LOG_INFO, LD_PROTOCOL,
  914. "Variable-length cell of unknown type (%d) received.",
  915. (int)(var_cell->command));
  916. break;
  917. }
  918. }
  919. /**
  920. * Check if this cell type is allowed before the handshake is finished
  921. *
  922. * Return true if <b>command</b> is a cell command that's allowed to start a
  923. * V3 handshake.
  924. */
  925. static int
  926. command_allowed_before_handshake(uint8_t command)
  927. {
  928. switch (command) {
  929. case CELL_VERSIONS:
  930. case CELL_VPADDING:
  931. case CELL_AUTHORIZE:
  932. return 1;
  933. default:
  934. return 0;
  935. }
  936. }
  937. /**
  938. * Start a V3 handshake on an incoming connection
  939. *
  940. * Called when we as a server receive an appropriate cell while waiting
  941. * either for a cell or a TLS handshake. Set the connection's state to
  942. * "handshaking_v3', initializes the or_handshake_state field as needed,
  943. * and add the cell to the hash of incoming cells.)
  944. */
  945. static int
  946. enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan)
  947. {
  948. int started_here = 0;
  949. tor_assert(cell);
  950. tor_assert(chan);
  951. tor_assert(chan->conn);
  952. started_here = connection_or_nonopen_was_started_here(chan->conn);
  953. tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING ||
  954. TO_CONN(chan->conn)->state ==
  955. OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
  956. if (started_here) {
  957. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  958. "Received a cell while TLS-handshaking, not in "
  959. "OR_HANDSHAKING_V3, on a connection we originated.");
  960. }
  961. connection_or_block_renegotiation(chan->conn);
  962. chan->conn->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
  963. if (connection_init_or_handshake_state(chan->conn, started_here) < 0) {
  964. connection_or_close_for_error(chan->conn, 0);
  965. return -1;
  966. }
  967. or_handshake_state_record_var_cell(chan->conn,
  968. chan->conn->handshake_state, cell, 1);
  969. return 0;
  970. }
  971. /**
  972. * Process a 'versions' cell.
  973. *
  974. * This function is called to handle an incoming VERSIONS cell; the current
  975. * link protocol version must be 0 to indicate that no version has yet been
  976. * negotiated. We compare the versions in the cell to the list of versions
  977. * we support, pick the highest version we have in common, and continue the
  978. * negotiation from there.
  979. */
  980. static void
  981. channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
  982. {
  983. int highest_supported_version = 0;
  984. const uint8_t *cp, *end;
  985. int started_here = 0;
  986. tor_assert(cell);
  987. tor_assert(chan);
  988. tor_assert(chan->conn);
  989. started_here = connection_or_nonopen_was_started_here(chan->conn);
  990. if (chan->conn->link_proto != 0 ||
  991. (chan->conn->handshake_state &&
  992. chan->conn->handshake_state->received_versions)) {
  993. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  994. "Received a VERSIONS cell on a connection with its version "
  995. "already set to %d; dropping",
  996. (int)(chan->conn->link_proto));
  997. return;
  998. }
  999. switch (chan->conn->base_.state)
  1000. {
  1001. case OR_CONN_STATE_OR_HANDSHAKING_V2:
  1002. case OR_CONN_STATE_OR_HANDSHAKING_V3:
  1003. break;
  1004. case OR_CONN_STATE_TLS_HANDSHAKING:
  1005. case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
  1006. default:
  1007. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1008. "VERSIONS cell while in unexpected state");
  1009. return;
  1010. }
  1011. tor_assert(chan->conn->handshake_state);
  1012. end = cell->payload + cell->payload_len;
  1013. for (cp = cell->payload; cp+1 < end; cp += 2) {
  1014. uint16_t v = ntohs(get_uint16(cp));
  1015. if (is_or_protocol_version_known(v) && v > highest_supported_version)
  1016. highest_supported_version = v;
  1017. }
  1018. if (!highest_supported_version) {
  1019. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1020. "Couldn't find a version in common between my version list and the "
  1021. "list in the VERSIONS cell; closing connection.");
  1022. connection_or_close_for_error(chan->conn, 0);
  1023. return;
  1024. } else if (highest_supported_version == 1) {
  1025. /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
  1026. * cells. */
  1027. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1028. "Used version negotiation protocol to negotiate a v1 connection. "
  1029. "That's crazily non-compliant. Closing connection.");
  1030. connection_or_close_for_error(chan->conn, 0);
  1031. return;
  1032. } else if (highest_supported_version < 3 &&
  1033. chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
  1034. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1035. "Negotiated link protocol 2 or lower after doing a v3 TLS "
  1036. "handshake. Closing connection.");
  1037. connection_or_close_for_error(chan->conn, 0);
  1038. return;
  1039. } else if (highest_supported_version != 2 &&
  1040. chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
  1041. /* XXXX This should eventually be a log_protocol_warn */
  1042. log_fn(LOG_WARN, LD_OR,
  1043. "Negotiated link with non-2 protocol after doing a v2 TLS "
  1044. "handshake with %s. Closing connection.",
  1045. fmt_addr(&chan->conn->base_.addr));
  1046. connection_or_close_for_error(chan->conn, 0);
  1047. return;
  1048. }
  1049. chan->conn->link_proto = highest_supported_version;
  1050. chan->conn->handshake_state->received_versions = 1;
  1051. if (chan->conn->link_proto == 2) {
  1052. log_info(LD_OR,
  1053. "Negotiated version %d with %s:%d; sending NETINFO.",
  1054. highest_supported_version,
  1055. safe_str_client(chan->conn->base_.address),
  1056. chan->conn->base_.port);
  1057. if (connection_or_send_netinfo(chan->conn) < 0) {
  1058. connection_or_close_for_error(chan->conn, 0);
  1059. return;
  1060. }
  1061. } else {
  1062. const int send_versions = !started_here;
  1063. /* If we want to authenticate, send a CERTS cell */
  1064. const int send_certs = !started_here || public_server_mode(get_options());
  1065. /* If we're a relay that got a connection, ask for authentication. */
  1066. const int send_chall = !started_here && public_server_mode(get_options());
  1067. /* If our certs cell will authenticate us, we can send a netinfo cell
  1068. * right now. */
  1069. const int send_netinfo = !started_here;
  1070. const int send_any =
  1071. send_versions || send_certs || send_chall || send_netinfo;
  1072. tor_assert(chan->conn->link_proto >= 3);
  1073. log_info(LD_OR,
  1074. "Negotiated version %d with %s:%d; %s%s%s%s%s",
  1075. highest_supported_version,
  1076. safe_str_client(chan->conn->base_.address),
  1077. chan->conn->base_.port,
  1078. send_any ? "Sending cells:" : "Waiting for CERTS cell",
  1079. send_versions ? " VERSIONS" : "",
  1080. send_certs ? " CERTS" : "",
  1081. send_chall ? " AUTH_CHALLENGE" : "",
  1082. send_netinfo ? " NETINFO" : "");
  1083. #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
  1084. if (1) {
  1085. connection_or_close_normally(chan->conn, 1);
  1086. return;
  1087. }
  1088. #endif
  1089. if (send_versions) {
  1090. if (connection_or_send_versions(chan->conn, 1) < 0) {
  1091. log_warn(LD_OR, "Couldn't send versions cell");
  1092. connection_or_close_for_error(chan->conn, 0);
  1093. return;
  1094. }
  1095. }
  1096. /* We set this after sending the verions cell. */
  1097. /*XXXXX symbolic const.*/
  1098. chan->base_.wide_circ_ids =
  1099. chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
  1100. chan->conn->wide_circ_ids = chan->base_.wide_circ_ids;
  1101. if (send_certs) {
  1102. if (connection_or_send_certs_cell(chan->conn) < 0) {
  1103. log_warn(LD_OR, "Couldn't send certs cell");
  1104. connection_or_close_for_error(chan->conn, 0);
  1105. return;
  1106. }
  1107. }
  1108. if (send_chall) {
  1109. if (connection_or_send_auth_challenge_cell(chan->conn) < 0) {
  1110. log_warn(LD_OR, "Couldn't send auth_challenge cell");
  1111. connection_or_close_for_error(chan->conn, 0);
  1112. return;
  1113. }
  1114. }
  1115. if (send_netinfo) {
  1116. if (connection_or_send_netinfo(chan->conn) < 0) {
  1117. log_warn(LD_OR, "Couldn't send netinfo cell");
  1118. connection_or_close_for_error(chan->conn, 0);
  1119. return;
  1120. }
  1121. }
  1122. }
  1123. }
  1124. /**
  1125. * Process a 'netinfo' cell
  1126. *
  1127. * This function is called to handle an incoming NETINFO cell; read and act
  1128. * on its contents, and set the connection state to "open".
  1129. */
  1130. static void
  1131. channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
  1132. {
  1133. time_t timestamp;
  1134. uint8_t my_addr_type;
  1135. uint8_t my_addr_len;
  1136. const uint8_t *my_addr_ptr;
  1137. const uint8_t *cp, *end;
  1138. uint8_t n_other_addrs;
  1139. time_t now = time(NULL);
  1140. long apparent_skew = 0;
  1141. tor_addr_t my_apparent_addr = TOR_ADDR_NULL;
  1142. tor_assert(cell);
  1143. tor_assert(chan);
  1144. tor_assert(chan->conn);
  1145. if (chan->conn->link_proto < 2) {
  1146. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1147. "Received a NETINFO cell on %s connection; dropping.",
  1148. chan->conn->link_proto == 0 ? "non-versioned" : "a v1");
  1149. return;
  1150. }
  1151. if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
  1152. chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
  1153. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1154. "Received a NETINFO cell on non-handshaking connection; dropping.");
  1155. return;
  1156. }
  1157. tor_assert(chan->conn->handshake_state &&
  1158. chan->conn->handshake_state->received_versions);
  1159. if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
  1160. tor_assert(chan->conn->link_proto >= 3);
  1161. if (chan->conn->handshake_state->started_here) {
  1162. if (!(chan->conn->handshake_state->authenticated)) {
  1163. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1164. "Got a NETINFO cell from server, "
  1165. "but no authentication. Closing the connection.");
  1166. connection_or_close_for_error(chan->conn, 0);
  1167. return;
  1168. }
  1169. } else {
  1170. /* we're the server. If the client never authenticated, we have
  1171. some housekeeping to do.*/
  1172. if (!(chan->conn->handshake_state->authenticated)) {
  1173. tor_assert(tor_digest_is_zero(
  1174. (const char*)(chan->conn->handshake_state->
  1175. authenticated_peer_id)));
  1176. channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
  1177. chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
  1178. connection_or_init_conn_from_address(chan->conn,
  1179. &(chan->conn->base_.addr),
  1180. chan->conn->base_.port,
  1181. (const char*)(chan->conn->handshake_state->
  1182. authenticated_peer_id),
  1183. 0);
  1184. }
  1185. }
  1186. }
  1187. /* Decode the cell. */
  1188. timestamp = ntohl(get_uint32(cell->payload));
  1189. if (labs(now - chan->conn->handshake_state->sent_versions_at) < 180) {
  1190. apparent_skew = now - timestamp;
  1191. }
  1192. my_addr_type = (uint8_t) cell->payload[4];
  1193. my_addr_len = (uint8_t) cell->payload[5];
  1194. my_addr_ptr = (uint8_t*) cell->payload + 6;
  1195. end = cell->payload + CELL_PAYLOAD_SIZE;
  1196. cp = cell->payload + 6 + my_addr_len;
  1197. if (cp >= end) {
  1198. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1199. "Addresses too long in netinfo cell; closing connection.");
  1200. connection_or_close_for_error(chan->conn, 0);
  1201. return;
  1202. } else if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
  1203. tor_addr_from_ipv4n(&my_apparent_addr, get_uint32(my_addr_ptr));
  1204. } else if (my_addr_type == RESOLVED_TYPE_IPV6 && my_addr_len == 16) {
  1205. tor_addr_from_ipv6_bytes(&my_apparent_addr, (const char *) my_addr_ptr);
  1206. }
  1207. n_other_addrs = (uint8_t) *cp++;
  1208. while (n_other_addrs && cp < end-2) {
  1209. /* Consider all the other addresses; if any matches, this connection is
  1210. * "canonical." */
  1211. tor_addr_t addr;
  1212. const uint8_t *next =
  1213. decode_address_from_payload(&addr, cp, (int)(end-cp));
  1214. if (next == NULL) {
  1215. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1216. "Bad address in netinfo cell; closing connection.");
  1217. connection_or_close_for_error(chan->conn, 0);
  1218. return;
  1219. }
  1220. if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {
  1221. chan->conn->is_canonical = 1;
  1222. break;
  1223. }
  1224. cp = next;
  1225. --n_other_addrs;
  1226. }
  1227. /* Act on apparent skew. */
  1228. /** Warn when we get a netinfo skew with at least this value. */
  1229. #define NETINFO_NOTICE_SKEW 3600
  1230. if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
  1231. router_get_by_id_digest(chan->conn->identity_digest)) {
  1232. char dbuf[64];
  1233. int severity;
  1234. /*XXXX be smarter about when everybody says we are skewed. */
  1235. if (router_digest_is_trusted_dir(chan->conn->identity_digest))
  1236. severity = LOG_WARN;
  1237. else
  1238. severity = LOG_INFO;
  1239. format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
  1240. log_fn(severity, LD_GENERAL,
  1241. "Received NETINFO cell with skewed time from "
  1242. "server at %s:%d. It seems that our clock is %s by %s, or "
  1243. "that theirs is %s. Tor requires an accurate clock to work: "
  1244. "please check your time and date settings.",
  1245. chan->conn->base_.address,
  1246. (int)(chan->conn->base_.port),
  1247. apparent_skew > 0 ? "ahead" : "behind",
  1248. dbuf,
  1249. apparent_skew > 0 ? "behind" : "ahead");
  1250. if (severity == LOG_WARN) /* only tell the controller if an authority */
  1251. control_event_general_status(LOG_WARN,
  1252. "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
  1253. apparent_skew,
  1254. chan->conn->base_.address,
  1255. chan->conn->base_.port);
  1256. }
  1257. /* XXX maybe act on my_apparent_addr, if the source is sufficiently
  1258. * trustworthy. */
  1259. if (connection_or_set_state_open(chan->conn) < 0) {
  1260. log_fn(LOG_PROTOCOL_WARN, LD_OR,
  1261. "Got good NETINFO cell from %s:%d; but "
  1262. "was unable to make the OR connection become open.",
  1263. safe_str_client(chan->conn->base_.address),
  1264. chan->conn->base_.port);
  1265. connection_or_close_for_error(chan->conn, 0);
  1266. } else {
  1267. log_info(LD_OR,
  1268. "Got good NETINFO cell from %s:%d; OR connection is now "
  1269. "open, using protocol version %d. Its ID digest is %s. "
  1270. "Our address is apparently %s.",
  1271. safe_str_client(chan->conn->base_.address),
  1272. chan->conn->base_.port,
  1273. (int)(chan->conn->link_proto),
  1274. hex_str(TLS_CHAN_TO_BASE(chan)->identity_digest,
  1275. DIGEST_LEN),
  1276. tor_addr_is_null(&my_apparent_addr) ?
  1277. "<none>" : fmt_and_decorate_addr(&my_apparent_addr));
  1278. }
  1279. assert_connection_ok(TO_CONN(chan->conn),time(NULL));
  1280. }
  1281. /**
  1282. * Process a CERTS cell from a channel.
  1283. *
  1284. * This function is called to process an incoming CERTS cell on a
  1285. * channel_tls_t:
  1286. *
  1287. * If the other side should not have sent us a CERTS cell, or the cell is
  1288. * malformed, or it is supposed to authenticate the TLS key but it doesn't,
  1289. * then mark the connection.
  1290. *
  1291. * If the cell has a good cert chain and we're doing a v3 handshake, then
  1292. * store the certificates in or_handshake_state. If this is the client side
  1293. * of the connection, we then authenticate the server or mark the connection.
  1294. * If it's the server side, wait for an AUTHENTICATE cell.
  1295. */
  1296. static void
  1297. channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
  1298. {
  1299. tor_cert_t *link_cert = NULL;
  1300. tor_cert_t *id_cert = NULL;
  1301. tor_cert_t *auth_cert = NULL;
  1302. uint8_t *ptr;
  1303. int n_certs, i;
  1304. int send_netinfo = 0;
  1305. tor_assert(cell);
  1306. tor_assert(chan);
  1307. tor_assert(chan->conn);
  1308. #define ERR(s) \
  1309. do { \
  1310. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
  1311. "Received a bad CERTS cell from %s:%d: %s", \
  1312. safe_str(chan->conn->base_.address), \
  1313. chan->conn->base_.port, (s)); \
  1314. connection_or_close_for_error(chan->conn, 0); \
  1315. goto err; \
  1316. } while (0)
  1317. if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
  1318. ERR("We're not doing a v3 handshake!");
  1319. if (chan->conn->link_proto < 3)
  1320. ERR("We're not using link protocol >= 3");
  1321. if (chan->conn->handshake_state->received_certs_cell)
  1322. ERR("We already got one");
  1323. if (chan->conn->handshake_state->authenticated) {
  1324. /* Should be unreachable, but let's make sure. */
  1325. ERR("We're already authenticated!");
  1326. }
  1327. if (cell->payload_len < 1)
  1328. ERR("It had no body");
  1329. if (cell->circ_id)
  1330. ERR("It had a nonzero circuit ID");
  1331. n_certs = cell->payload[0];
  1332. ptr = cell->payload + 1;
  1333. for (i = 0; i < n_certs; ++i) {
  1334. uint8_t cert_type;
  1335. uint16_t cert_len;
  1336. if (ptr + 3 > cell->payload + cell->payload_len) {
  1337. goto truncated;
  1338. }
  1339. cert_type = *ptr;
  1340. cert_len = ntohs(get_uint16(ptr+1));
  1341. if (ptr + 3 + cert_len > cell->payload + cell->payload_len) {
  1342. goto truncated;
  1343. }
  1344. if (cert_type == OR_CERT_TYPE_TLS_LINK ||
  1345. cert_type == OR_CERT_TYPE_ID_1024 ||
  1346. cert_type == OR_CERT_TYPE_AUTH_1024) {
  1347. tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
  1348. if (!cert) {
  1349. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  1350. "Received undecodable certificate in CERTS cell from %s:%d",
  1351. safe_str(chan->conn->base_.address),
  1352. chan->conn->base_.port);
  1353. } else {
  1354. if (cert_type == OR_CERT_TYPE_TLS_LINK) {
  1355. if (link_cert) {
  1356. tor_cert_free(cert);
  1357. ERR("Too many TLS_LINK certificates");
  1358. }
  1359. link_cert = cert;
  1360. } else if (cert_type == OR_CERT_TYPE_ID_1024) {
  1361. if (id_cert) {
  1362. tor_cert_free(cert);
  1363. ERR("Too many ID_1024 certificates");
  1364. }
  1365. id_cert = cert;
  1366. } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
  1367. if (auth_cert) {
  1368. tor_cert_free(cert);
  1369. ERR("Too many AUTH_1024 certificates");
  1370. }
  1371. auth_cert = cert;
  1372. } else {
  1373. tor_cert_free(cert);
  1374. }
  1375. }
  1376. }
  1377. ptr += 3 + cert_len;
  1378. continue;
  1379. truncated:
  1380. ERR("It ends in the middle of a certificate");
  1381. }
  1382. if (chan->conn->handshake_state->started_here) {
  1383. int severity;
  1384. if (! (id_cert && link_cert))
  1385. ERR("The certs we wanted were missing");
  1386. /* Okay. We should be able to check the certificates now. */
  1387. if (! tor_tls_cert_matches_key(chan->conn->tls, link_cert)) {
  1388. ERR("The link certificate didn't match the TLS public key");
  1389. }
  1390. /* Note that this warns more loudly about time and validity if we were
  1391. * _trying_ to connect to an authority, not necessarily if we _did_ connect
  1392. * to one. */
  1393. if (router_digest_is_trusted_dir(
  1394. TLS_CHAN_TO_BASE(chan)->identity_digest))
  1395. severity = LOG_WARN;
  1396. else
  1397. severity = LOG_PROTOCOL_WARN;
  1398. if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0))
  1399. ERR("The link certificate was not valid");
  1400. if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1))
  1401. ERR("The ID certificate was not valid");
  1402. chan->conn->handshake_state->authenticated = 1;
  1403. {
  1404. const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
  1405. crypto_pk_t *identity_rcvd;
  1406. if (!id_digests)
  1407. ERR("Couldn't compute digests for key in ID cert");
  1408. identity_rcvd = tor_tls_cert_get_key(id_cert);
  1409. if (!identity_rcvd)
  1410. ERR("Internal error: Couldn't get RSA key from ID cert.");
  1411. memcpy(chan->conn->handshake_state->authenticated_peer_id,
  1412. id_digests->d[DIGEST_SHA1], DIGEST_LEN);
  1413. channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
  1414. chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
  1415. crypto_pk_free(identity_rcvd);
  1416. }
  1417. if (connection_or_client_learned_peer_id(chan->conn,
  1418. chan->conn->handshake_state->authenticated_peer_id) < 0)
  1419. ERR("Problem setting or checking peer id");
  1420. log_info(LD_OR,
  1421. "Got some good certificates from %s:%d: Authenticated it.",
  1422. safe_str(chan->conn->base_.address), chan->conn->base_.port);
  1423. chan->conn->handshake_state->id_cert = id_cert;
  1424. id_cert = NULL;
  1425. if (!public_server_mode(get_options())) {
  1426. /* If we initiated the connection and we are not a public server, we
  1427. * aren't planning to authenticate at all. At this point we know who we
  1428. * are talking to, so we can just send a netinfo now. */
  1429. send_netinfo = 1;
  1430. }
  1431. } else {
  1432. if (! (id_cert && auth_cert))
  1433. ERR("The certs we wanted were missing");
  1434. /* Remember these certificates so we can check an AUTHENTICATE cell */
  1435. if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1))
  1436. ERR("The authentication certificate was not valid");
  1437. if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1))
  1438. ERR("The ID certificate was not valid");
  1439. log_info(LD_OR,
  1440. "Got some good certificates from %s:%d: "
  1441. "Waiting for AUTHENTICATE.",
  1442. safe_str(chan->conn->base_.address),
  1443. chan->conn->base_.port);
  1444. /* XXXX check more stuff? */
  1445. chan->conn->handshake_state->id_cert = id_cert;
  1446. chan->conn->handshake_state->auth_cert = auth_cert;
  1447. id_cert = auth_cert = NULL;
  1448. }
  1449. chan->conn->handshake_state->received_certs_cell = 1;
  1450. if (send_netinfo) {
  1451. if (connection_or_send_netinfo(chan->conn) < 0) {
  1452. log_warn(LD_OR, "Couldn't send netinfo cell");
  1453. connection_or_close_for_error(chan->conn, 0);
  1454. goto err;
  1455. }
  1456. }
  1457. err:
  1458. tor_cert_free(id_cert);
  1459. tor_cert_free(link_cert);
  1460. tor_cert_free(auth_cert);
  1461. #undef ERR
  1462. }
  1463. /**
  1464. * Process an AUTH_CHALLENGE cell from a channel_tls_t
  1465. *
  1466. * This function is called to handle an incoming AUTH_CHALLENGE cell on a
  1467. * channel_tls_t; if we weren't supposed to get one (for example, because we're
  1468. * not the originator of the channel), or it's ill-formed, or we aren't doing
  1469. * a v3 handshake, mark the channel. If the cell is well-formed but we don't
  1470. * want to authenticate, just drop it. If the cell is well-formed *and* we
  1471. * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
  1472. */
  1473. static void
  1474. channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
  1475. {
  1476. int n_types, i, use_type = -1;
  1477. uint8_t *cp;
  1478. tor_assert(cell);
  1479. tor_assert(chan);
  1480. tor_assert(chan->conn);
  1481. #define ERR(s) \
  1482. do { \
  1483. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
  1484. "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
  1485. safe_str(chan->conn->base_.address), \
  1486. chan->conn->base_.port, (s)); \
  1487. connection_or_close_for_error(chan->conn, 0); \
  1488. return; \
  1489. } while (0)
  1490. if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
  1491. ERR("We're not currently doing a v3 handshake");
  1492. if (chan->conn->link_proto < 3)
  1493. ERR("We're not using link protocol >= 3");
  1494. if (!(chan->conn->handshake_state->started_here))
  1495. ERR("We didn't originate this connection");
  1496. if (chan->conn->handshake_state->received_auth_challenge)
  1497. ERR("We already received one");
  1498. if (!(chan->conn->handshake_state->received_certs_cell))
  1499. ERR("We haven't gotten a CERTS cell yet");
  1500. if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
  1501. ERR("It was too short");
  1502. if (cell->circ_id)
  1503. ERR("It had a nonzero circuit ID");
  1504. n_types = ntohs(get_uint16(cell->payload + OR_AUTH_CHALLENGE_LEN));
  1505. if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2 + 2*n_types)
  1506. ERR("It looks truncated");
  1507. /* Now see if there is an authentication type we can use */
  1508. cp = cell->payload+OR_AUTH_CHALLENGE_LEN + 2;
  1509. for (i = 0; i < n_types; ++i, cp += 2) {
  1510. uint16_t authtype = ntohs(get_uint16(cp));
  1511. if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET)
  1512. use_type = authtype;
  1513. }
  1514. chan->conn->handshake_state->received_auth_challenge = 1;
  1515. if (! public_server_mode(get_options())) {
  1516. /* If we're not a public server then we don't want to authenticate on a
  1517. connection we originated, and we already sent a NETINFO cell when we
  1518. got the CERTS cell. We have nothing more to do. */
  1519. return;
  1520. }
  1521. if (use_type >= 0) {
  1522. log_info(LD_OR,
  1523. "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
  1524. "authentication",
  1525. safe_str(chan->conn->base_.address),
  1526. chan->conn->base_.port);
  1527. if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) {
  1528. log_warn(LD_OR,
  1529. "Couldn't send authenticate cell");
  1530. connection_or_close_for_error(chan->conn, 0);
  1531. return;
  1532. }
  1533. } else {
  1534. log_info(LD_OR,
  1535. "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
  1536. "know any of its authentication types. Not authenticating.",
  1537. safe_str(chan->conn->base_.address),
  1538. chan->conn->base_.port);
  1539. }
  1540. if (connection_or_send_netinfo(chan->conn) < 0) {
  1541. log_warn(LD_OR, "Couldn't send netinfo cell");
  1542. connection_or_close_for_error(chan->conn, 0);
  1543. return;
  1544. }
  1545. #undef ERR
  1546. }
  1547. /**
  1548. * Process an AUTHENTICATE cell from a channel_tls_t
  1549. *
  1550. * If it's ill-formed or we weren't supposed to get one or we're not doing a
  1551. * v3 handshake, then mark the connection. If it does not authenticate the
  1552. * other side of the connection successfully (because it isn't signed right,
  1553. * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
  1554. * the identity of the router on the other side of the connection.
  1555. */
  1556. static void
  1557. channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
  1558. {
  1559. uint8_t expected[V3_AUTH_FIXED_PART_LEN];
  1560. const uint8_t *auth;
  1561. int authlen;
  1562. tor_assert(cell);
  1563. tor_assert(chan);
  1564. tor_assert(chan->conn);
  1565. #define ERR(s) \
  1566. do { \
  1567. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
  1568. "Received a bad AUTHENTICATE cell from %s:%d: %s", \
  1569. safe_str(chan->conn->base_.address), \
  1570. chan->conn->base_.port, (s)); \
  1571. connection_or_close_for_error(chan->conn, 0); \
  1572. return; \
  1573. } while (0)
  1574. if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
  1575. ERR("We're not doing a v3 handshake");
  1576. if (chan->conn->link_proto < 3)
  1577. ERR("We're not using link protocol >= 3");
  1578. if (chan->conn->handshake_state->started_here)
  1579. ERR("We originated this connection");
  1580. if (chan->conn->handshake_state->received_authenticate)
  1581. ERR("We already got one!");
  1582. if (chan->conn->handshake_state->authenticated) {
  1583. /* Should be impossible given other checks */
  1584. ERR("The peer is already authenticated");
  1585. }
  1586. if (!(chan->conn->handshake_state->received_certs_cell))
  1587. ERR("We never got a certs cell");
  1588. if (chan->conn->handshake_state->auth_cert == NULL)
  1589. ERR("We never got an authentication certificate");
  1590. if (chan->conn->handshake_state->id_cert == NULL)
  1591. ERR("We never got an identity certificate");
  1592. if (cell->payload_len < 4)
  1593. ERR("Cell was way too short");
  1594. auth = cell->payload;
  1595. {
  1596. uint16_t type = ntohs(get_uint16(auth));
  1597. uint16_t len = ntohs(get_uint16(auth+2));
  1598. if (4 + len > cell->payload_len)
  1599. ERR("Authenticator was truncated");
  1600. if (type != AUTHTYPE_RSA_SHA256_TLSSECRET)
  1601. ERR("Authenticator type was not recognized");
  1602. auth += 4;
  1603. authlen = len;
  1604. }
  1605. if (authlen < V3_AUTH_BODY_LEN + 1)
  1606. ERR("Authenticator was too short");
  1607. if (connection_or_compute_authenticate_cell_body(
  1608. chan->conn, expected, sizeof(expected), NULL, 1) < 0)
  1609. ERR("Couldn't compute expected AUTHENTICATE cell body");
  1610. if (tor_memneq(expected, auth, sizeof(expected)))
  1611. ERR("Some field in the AUTHENTICATE cell body was not as expected");
  1612. {
  1613. crypto_pk_t *pk = tor_tls_cert_get_key(
  1614. chan->conn->handshake_state->auth_cert);
  1615. char d[DIGEST256_LEN];
  1616. char *signed_data;
  1617. size_t keysize;
  1618. int signed_len;
  1619. if (!pk)
  1620. ERR("Internal error: couldn't get RSA key from AUTH cert.");
  1621. crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
  1622. keysize = crypto_pk_keysize(pk);
  1623. signed_data = tor_malloc(keysize);
  1624. signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
  1625. (char*)auth + V3_AUTH_BODY_LEN,
  1626. authlen - V3_AUTH_BODY_LEN);
  1627. crypto_pk_free(pk);
  1628. if (signed_len < 0) {
  1629. tor_free(signed_data);
  1630. ERR("Signature wasn't valid");
  1631. }
  1632. if (signed_len < DIGEST256_LEN) {
  1633. tor_free(signed_data);
  1634. ERR("Not enough data was signed");
  1635. }
  1636. /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
  1637. * in case they're later used to hold a SHA3 digest or something. */
  1638. if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
  1639. tor_free(signed_data);
  1640. ERR("Signature did not match data to be signed.");
  1641. }
  1642. tor_free(signed_data);
  1643. }
  1644. /* Okay, we are authenticated. */
  1645. chan->conn->handshake_state->received_authenticate = 1;
  1646. chan->conn->handshake_state->authenticated = 1;
  1647. chan->conn->handshake_state->digest_received_data = 0;
  1648. {
  1649. crypto_pk_t *identity_rcvd =
  1650. tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);
  1651. const digests_t *id_digests =
  1652. tor_cert_get_id_digests(chan->conn->handshake_state->id_cert);
  1653. /* This must exist; we checked key type when reading the cert. */
  1654. tor_assert(id_digests);
  1655. memcpy(chan->conn->handshake_state->authenticated_peer_id,
  1656. id_digests->d[DIGEST_SHA1], DIGEST_LEN);
  1657. channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
  1658. chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
  1659. crypto_pk_free(identity_rcvd);
  1660. connection_or_init_conn_from_address(chan->conn,
  1661. &(chan->conn->base_.addr),
  1662. chan->conn->base_.port,
  1663. (const char*)(chan->conn->handshake_state->
  1664. authenticated_peer_id),
  1665. 0);
  1666. log_info(LD_OR,
  1667. "Got an AUTHENTICATE cell from %s:%d: Looks good.",
  1668. safe_str(chan->conn->base_.address),
  1669. chan->conn->base_.port);
  1670. }
  1671. #undef ERR
  1672. }