routerparse.c 45 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242
  1. /* Copyright (c) 2001 Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2018, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file routerparse.c
  8. * \brief Code to parse and validate router descriptors, consenus directories,
  9. * and similar objects.
  10. *
  11. * The objects parsed by this module use a common text-based metaformat,
  12. * documented in dir-spec.txt in torspec.git. This module is itself divided
  13. * into two major kinds of function: code to handle the metaformat, and code
  14. * to convert from particular instances of the metaformat into the
  15. * objects that Tor uses.
  16. *
  17. * The generic parsing code works by calling a table-based tokenizer on the
  18. * input string. Each token corresponds to a single line with a token, plus
  19. * optional arguments on that line, plus an optional base-64 encoded object
  20. * after that line. Each token has a definition in a table of token_rule_t
  21. * entries that describes how many arguments it can take, whether it takes an
  22. * object, how many times it may appear, whether it must appear first, and so
  23. * on.
  24. *
  25. * The tokenizer function tokenize_string() converts its string input into a
  26. * smartlist full of instances of directory_token_t, according to a provided
  27. * table of token_rule_t.
  28. *
  29. * The generic parts of this module additionally include functions for
  30. * finding the start and end of signed information inside a signed object, and
  31. * computing the digest that will be signed.
  32. *
  33. * There are also functions for saving objects to disk that have caused
  34. * parsing to fail.
  35. *
  36. * The specific parts of this module describe conversions between
  37. * particular lists of directory_token_t and particular objects. The
  38. * kinds of objects that can be parsed here are:
  39. * <ul>
  40. * <li>router descriptors (managed from routerlist.c)
  41. * <li>extra-info documents (managed from routerlist.c)
  42. * <li>microdescriptors (managed from microdesc.c)
  43. * <li>vote and consensus networkstatus documents, and the routerstatus_t
  44. * objects that they comprise (managed from networkstatus.c)
  45. * <li>detached-signature objects used by authorities for gathering
  46. * signatures on the networkstatus consensus (managed from dirvote.c)
  47. * <li>authority key certificates (managed from routerlist.c)
  48. * <li>hidden service descriptors (managed from rendcommon.c and rendcache.c)
  49. * </ul>
  50. **/
  51. #define EXPOSE_ROUTERDESC_TOKEN_TABLE
  52. #include "core/or/or.h"
  53. #include "app/config/config.h"
  54. #include "core/or/policies.h"
  55. #include "core/or/versions.h"
  56. #include "feature/dirparse/parsecommon.h"
  57. #include "feature/dirparse/policy_parse.h"
  58. #include "feature/dirparse/routerparse.h"
  59. #include "feature/dirparse/sigcommon.h"
  60. #include "feature/dirparse/unparseable.h"
  61. #include "feature/nodelist/describe.h"
  62. #include "feature/nodelist/nickname.h"
  63. #include "feature/nodelist/routerinfo.h"
  64. #include "feature/nodelist/routerlist.h"
  65. #include "feature/nodelist/torcert.h"
  66. #include "feature/relay/router.h"
  67. #include "lib/crypt_ops/crypto_curve25519.h"
  68. #include "lib/crypt_ops/crypto_ed25519.h"
  69. #include "lib/crypt_ops/crypto_format.h"
  70. #include "lib/memarea/memarea.h"
  71. #include "lib/sandbox/sandbox.h"
  72. #include "core/or/addr_policy_st.h"
  73. #include "feature/nodelist/extrainfo_st.h"
  74. #include "feature/nodelist/routerinfo_st.h"
  75. #include "feature/nodelist/routerlist_st.h"
  76. /****************************************************************************/
  77. /** List of tokens recognized in router descriptors */
  78. const token_rule_t routerdesc_token_table[] = {
  79. T0N("reject", K_REJECT, ARGS, NO_OBJ ),
  80. T0N("accept", K_ACCEPT, ARGS, NO_OBJ ),
  81. T0N("reject6", K_REJECT6, ARGS, NO_OBJ ),
  82. T0N("accept6", K_ACCEPT6, ARGS, NO_OBJ ),
  83. T1_START( "router", K_ROUTER, GE(5), NO_OBJ ),
  84. T01("ipv6-policy", K_IPV6_POLICY, CONCAT_ARGS, NO_OBJ),
  85. T1( "signing-key", K_SIGNING_KEY, NO_ARGS, NEED_KEY_1024 ),
  86. T1( "onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024 ),
  87. T01("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
  88. T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
  89. T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
  90. T01("uptime", K_UPTIME, GE(1), NO_OBJ ),
  91. T01("fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
  92. T01("hibernating", K_HIBERNATING, GE(1), NO_OBJ ),
  93. T01("platform", K_PLATFORM, CONCAT_ARGS, NO_OBJ ),
  94. T01("proto", K_PROTO, CONCAT_ARGS, NO_OBJ ),
  95. T01("contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
  96. T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
  97. T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
  98. T01("extra-info-digest", K_EXTRA_INFO_DIGEST, GE(1), NO_OBJ ),
  99. T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR, NO_ARGS, NO_OBJ ),
  100. T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
  101. T01("master-key-ed25519", K_MASTER_KEY_ED25519, GE(1), NO_OBJ ),
  102. T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
  103. T01("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),
  104. T01("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT,
  105. EQ(1), NEED_OBJ ),
  106. T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS, NO_ARGS, NO_OBJ ),
  107. T01("family", K_FAMILY, ARGS, NO_OBJ ),
  108. T01("caches-extra-info", K_CACHES_EXTRA_INFO, NO_ARGS, NO_OBJ ),
  109. T0N("or-address", K_OR_ADDRESS, GE(1), NO_OBJ ),
  110. T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
  111. T1( "bandwidth", K_BANDWIDTH, GE(3), NO_OBJ ),
  112. A01("@purpose", A_PURPOSE, GE(1), NO_OBJ ),
  113. T01("tunnelled-dir-server",K_DIR_TUNNELLED, NO_ARGS, NO_OBJ ),
  114. END_OF_TABLE
  115. };
  116. /** List of tokens recognized in extra-info documents. */
  117. static token_rule_t extrainfo_token_table[] = {
  118. T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
  119. T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
  120. T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
  121. T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
  122. T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
  123. T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
  124. T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
  125. T01("dirreq-stats-end", K_DIRREQ_END, ARGS, NO_OBJ ),
  126. T01("dirreq-v2-ips", K_DIRREQ_V2_IPS, ARGS, NO_OBJ ),
  127. T01("dirreq-v3-ips", K_DIRREQ_V3_IPS, ARGS, NO_OBJ ),
  128. T01("dirreq-v2-reqs", K_DIRREQ_V2_REQS, ARGS, NO_OBJ ),
  129. T01("dirreq-v3-reqs", K_DIRREQ_V3_REQS, ARGS, NO_OBJ ),
  130. T01("dirreq-v2-share", K_DIRREQ_V2_SHARE, ARGS, NO_OBJ ),
  131. T01("dirreq-v3-share", K_DIRREQ_V3_SHARE, ARGS, NO_OBJ ),
  132. T01("dirreq-v2-resp", K_DIRREQ_V2_RESP, ARGS, NO_OBJ ),
  133. T01("dirreq-v3-resp", K_DIRREQ_V3_RESP, ARGS, NO_OBJ ),
  134. T01("dirreq-v2-direct-dl", K_DIRREQ_V2_DIR, ARGS, NO_OBJ ),
  135. T01("dirreq-v3-direct-dl", K_DIRREQ_V3_DIR, ARGS, NO_OBJ ),
  136. T01("dirreq-v2-tunneled-dl", K_DIRREQ_V2_TUN, ARGS, NO_OBJ ),
  137. T01("dirreq-v3-tunneled-dl", K_DIRREQ_V3_TUN, ARGS, NO_OBJ ),
  138. T01("entry-stats-end", K_ENTRY_END, ARGS, NO_OBJ ),
  139. T01("entry-ips", K_ENTRY_IPS, ARGS, NO_OBJ ),
  140. T01("cell-stats-end", K_CELL_END, ARGS, NO_OBJ ),
  141. T01("cell-processed-cells", K_CELL_PROCESSED, ARGS, NO_OBJ ),
  142. T01("cell-queued-cells", K_CELL_QUEUED, ARGS, NO_OBJ ),
  143. T01("cell-time-in-queue", K_CELL_TIME, ARGS, NO_OBJ ),
  144. T01("cell-circuits-per-decile", K_CELL_CIRCS, ARGS, NO_OBJ ),
  145. T01("exit-stats-end", K_EXIT_END, ARGS, NO_OBJ ),
  146. T01("exit-kibibytes-written", K_EXIT_WRITTEN, ARGS, NO_OBJ ),
  147. T01("exit-kibibytes-read", K_EXIT_READ, ARGS, NO_OBJ ),
  148. T01("exit-streams-opened", K_EXIT_OPENED, ARGS, NO_OBJ ),
  149. T1_START( "extra-info", K_EXTRA_INFO, GE(2), NO_OBJ ),
  150. END_OF_TABLE
  151. };
  152. #undef T
  153. /* static function prototypes */
  154. static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok);
  155. static smartlist_t *find_all_exitpolicy(smartlist_t *s);
  156. /** Set <b>digest</b> to the SHA-1 digest of the hash of the first router in
  157. * <b>s</b>. Return 0 on success, -1 on failure.
  158. */
  159. int
  160. router_get_router_hash(const char *s, size_t s_len, char *digest)
  161. {
  162. return router_get_hash_impl(s, s_len, digest,
  163. "router ","\nrouter-signature", '\n',
  164. DIGEST_SHA1);
  165. }
  166. /** Set <b>digest</b> to the SHA-1 digest of the hash of the <b>s_len</b>-byte
  167. * extrainfo string at <b>s</b>. Return 0 on success, -1 on failure. */
  168. int
  169. router_get_extrainfo_hash(const char *s, size_t s_len, char *digest)
  170. {
  171. return router_get_hash_impl(s, s_len, digest, "extra-info",
  172. "\nrouter-signature",'\n', DIGEST_SHA1);
  173. }
  174. /** Helper: move *<b>s_ptr</b> ahead to the next router, the next extra-info,
  175. * or to the first of the annotations proceeding the next router or
  176. * extra-info---whichever comes first. Set <b>is_extrainfo_out</b> to true if
  177. * we found an extrainfo, or false if found a router. Do not scan beyond
  178. * <b>eos</b>. Return -1 if we found nothing; 0 if we found something. */
  179. static int
  180. find_start_of_next_router_or_extrainfo(const char **s_ptr,
  181. const char *eos,
  182. int *is_extrainfo_out)
  183. {
  184. const char *annotations = NULL;
  185. const char *s = *s_ptr;
  186. s = eat_whitespace_eos(s, eos);
  187. while (s < eos-32) { /* 32 gives enough room for a the first keyword. */
  188. /* We're at the start of a line. */
  189. tor_assert(*s != '\n');
  190. if (*s == '@' && !annotations) {
  191. annotations = s;
  192. } else if (*s == 'r' && !strcmpstart(s, "router ")) {
  193. *s_ptr = annotations ? annotations : s;
  194. *is_extrainfo_out = 0;
  195. return 0;
  196. } else if (*s == 'e' && !strcmpstart(s, "extra-info ")) {
  197. *s_ptr = annotations ? annotations : s;
  198. *is_extrainfo_out = 1;
  199. return 0;
  200. }
  201. if (!(s = memchr(s+1, '\n', eos-(s+1))))
  202. break;
  203. s = eat_whitespace_eos(s, eos);
  204. }
  205. return -1;
  206. }
  207. /** Given a string *<b>s</b> containing a concatenated sequence of router
  208. * descriptors (or extra-info documents if <b>want_extrainfo</b> is set),
  209. * parses them and stores the result in <b>dest</b>. All routers are marked
  210. * running and valid. Advances *s to a point immediately following the last
  211. * router entry. Ignore any trailing router entries that are not complete.
  212. *
  213. * If <b>saved_location</b> isn't SAVED_IN_CACHE, make a local copy of each
  214. * descriptor in the signed_descriptor_body field of each routerinfo_t. If it
  215. * isn't SAVED_NOWHERE, remember the offset of each descriptor.
  216. *
  217. * Returns 0 on success and -1 on failure. Adds a digest to
  218. * <b>invalid_digests_out</b> for every entry that was unparseable or
  219. * invalid. (This may cause duplicate entries.)
  220. */
  221. int
  222. router_parse_list_from_string(const char **s, const char *eos,
  223. smartlist_t *dest,
  224. saved_location_t saved_location,
  225. int want_extrainfo,
  226. int allow_annotations,
  227. const char *prepend_annotations,
  228. smartlist_t *invalid_digests_out)
  229. {
  230. routerinfo_t *router;
  231. extrainfo_t *extrainfo;
  232. signed_descriptor_t *signed_desc = NULL;
  233. void *elt;
  234. const char *end, *start;
  235. int have_extrainfo;
  236. tor_assert(s);
  237. tor_assert(*s);
  238. tor_assert(dest);
  239. start = *s;
  240. if (!eos)
  241. eos = *s + strlen(*s);
  242. tor_assert(eos >= *s);
  243. while (1) {
  244. char raw_digest[DIGEST_LEN];
  245. int have_raw_digest = 0;
  246. int dl_again = 0;
  247. if (find_start_of_next_router_or_extrainfo(s, eos, &have_extrainfo) < 0)
  248. break;
  249. end = tor_memstr(*s, eos-*s, "\nrouter-signature");
  250. if (end)
  251. end = tor_memstr(end, eos-end, "\n-----END SIGNATURE-----\n");
  252. if (end)
  253. end += strlen("\n-----END SIGNATURE-----\n");
  254. if (!end)
  255. break;
  256. elt = NULL;
  257. if (have_extrainfo && want_extrainfo) {
  258. routerlist_t *rl = router_get_routerlist();
  259. have_raw_digest = router_get_extrainfo_hash(*s, end-*s, raw_digest) == 0;
  260. extrainfo = extrainfo_parse_entry_from_string(*s, end,
  261. saved_location != SAVED_IN_CACHE,
  262. rl->identity_map, &dl_again);
  263. if (extrainfo) {
  264. signed_desc = &extrainfo->cache_info;
  265. elt = extrainfo;
  266. }
  267. } else if (!have_extrainfo && !want_extrainfo) {
  268. have_raw_digest = router_get_router_hash(*s, end-*s, raw_digest) == 0;
  269. router = router_parse_entry_from_string(*s, end,
  270. saved_location != SAVED_IN_CACHE,
  271. allow_annotations,
  272. prepend_annotations, &dl_again);
  273. if (router) {
  274. log_debug(LD_DIR, "Read router '%s', purpose '%s'",
  275. router_describe(router),
  276. router_purpose_to_string(router->purpose));
  277. signed_desc = &router->cache_info;
  278. elt = router;
  279. }
  280. }
  281. if (! elt && ! dl_again && have_raw_digest && invalid_digests_out) {
  282. smartlist_add(invalid_digests_out, tor_memdup(raw_digest, DIGEST_LEN));
  283. }
  284. if (!elt) {
  285. *s = end;
  286. continue;
  287. }
  288. if (saved_location != SAVED_NOWHERE) {
  289. tor_assert(signed_desc);
  290. signed_desc->saved_location = saved_location;
  291. signed_desc->saved_offset = *s - start;
  292. }
  293. *s = end;
  294. smartlist_add(dest, elt);
  295. }
  296. return 0;
  297. }
  298. /** Try to find an IPv6 OR port in <b>list</b> of directory_token_t's
  299. * with at least one argument (use GE(1) in setup). If found, store
  300. * address and port number to <b>addr_out</b> and
  301. * <b>port_out</b>. Return number of OR ports found. */
  302. int
  303. find_single_ipv6_orport(const smartlist_t *list,
  304. tor_addr_t *addr_out,
  305. uint16_t *port_out)
  306. {
  307. int ret = 0;
  308. tor_assert(list != NULL);
  309. tor_assert(addr_out != NULL);
  310. tor_assert(port_out != NULL);
  311. SMARTLIST_FOREACH_BEGIN(list, directory_token_t *, t) {
  312. tor_addr_t a;
  313. maskbits_t bits;
  314. uint16_t port_min, port_max;
  315. tor_assert(t->n_args >= 1);
  316. /* XXXX Prop186 the full spec allows much more than this. */
  317. if (tor_addr_parse_mask_ports(t->args[0], 0,
  318. &a, &bits, &port_min,
  319. &port_max) == AF_INET6 &&
  320. bits == 128 &&
  321. port_min == port_max) {
  322. /* Okay, this is one we can understand. Use it and ignore
  323. any potential more addresses in list. */
  324. tor_addr_copy(addr_out, &a);
  325. *port_out = port_min;
  326. ret = 1;
  327. break;
  328. }
  329. } SMARTLIST_FOREACH_END(t);
  330. return ret;
  331. }
  332. /** Helper function: reads a single router entry from *<b>s</b> ...
  333. * *<b>end</b>. Mallocs a new router and returns it if all goes well, else
  334. * returns NULL. If <b>cache_copy</b> is true, duplicate the contents of
  335. * s through end into the signed_descriptor_body of the resulting
  336. * routerinfo_t.
  337. *
  338. * If <b>end</b> is NULL, <b>s</b> must be properly NUL-terminated.
  339. *
  340. * If <b>allow_annotations</b>, it's okay to encounter annotations in <b>s</b>
  341. * before the router; if it's false, reject the router if it's annotated. If
  342. * <b>prepend_annotations</b> is set, it should contain some annotations:
  343. * append them to the front of the router before parsing it, and keep them
  344. * around when caching the router.
  345. *
  346. * Only one of allow_annotations and prepend_annotations may be set.
  347. *
  348. * If <b>can_dl_again_out</b> is provided, set *<b>can_dl_again_out</b> to 1
  349. * if it's okay to try to download a descriptor with this same digest again,
  350. * and 0 if it isn't. (It might not be okay to download it again if part of
  351. * the part covered by the digest is invalid.)
  352. */
  353. routerinfo_t *
  354. router_parse_entry_from_string(const char *s, const char *end,
  355. int cache_copy, int allow_annotations,
  356. const char *prepend_annotations,
  357. int *can_dl_again_out)
  358. {
  359. routerinfo_t *router = NULL;
  360. char digest[128];
  361. smartlist_t *tokens = NULL, *exit_policy_tokens = NULL;
  362. directory_token_t *tok;
  363. struct in_addr in;
  364. const char *start_of_annotations, *cp, *s_dup = s;
  365. size_t prepend_len = prepend_annotations ? strlen(prepend_annotations) : 0;
  366. int ok = 1;
  367. memarea_t *area = NULL;
  368. tor_cert_t *ntor_cc_cert = NULL;
  369. /* Do not set this to '1' until we have parsed everything that we intend to
  370. * parse that's covered by the hash. */
  371. int can_dl_again = 0;
  372. crypto_pk_t *rsa_pubkey = NULL;
  373. tor_assert(!allow_annotations || !prepend_annotations);
  374. if (!end) {
  375. end = s + strlen(s);
  376. }
  377. /* point 'end' to a point immediately after the final newline. */
  378. while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
  379. --end;
  380. area = memarea_new();
  381. tokens = smartlist_new();
  382. if (prepend_annotations) {
  383. if (tokenize_string(area,prepend_annotations,NULL,tokens,
  384. routerdesc_token_table,TS_NOCHECK)) {
  385. log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
  386. goto err;
  387. }
  388. }
  389. start_of_annotations = s;
  390. cp = tor_memstr(s, end-s, "\nrouter ");
  391. if (!cp) {
  392. if (end-s < 7 || strcmpstart(s, "router ")) {
  393. log_warn(LD_DIR, "No router keyword found.");
  394. goto err;
  395. }
  396. } else {
  397. s = cp+1;
  398. }
  399. if (start_of_annotations != s) { /* We have annotations */
  400. if (allow_annotations) {
  401. if (tokenize_string(area,start_of_annotations,s,tokens,
  402. routerdesc_token_table,TS_NOCHECK)) {
  403. log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
  404. goto err;
  405. }
  406. } else {
  407. log_warn(LD_DIR, "Found unexpected annotations on router descriptor not "
  408. "loaded from disk. Dropping it.");
  409. goto err;
  410. }
  411. }
  412. if (router_get_router_hash(s, end - s, digest) < 0) {
  413. log_warn(LD_DIR, "Couldn't compute router hash.");
  414. goto err;
  415. }
  416. {
  417. int flags = 0;
  418. if (allow_annotations)
  419. flags |= TS_ANNOTATIONS_OK;
  420. if (prepend_annotations)
  421. flags |= TS_ANNOTATIONS_OK|TS_NO_NEW_ANNOTATIONS;
  422. if (tokenize_string(area,s,end,tokens,routerdesc_token_table, flags)) {
  423. log_warn(LD_DIR, "Error tokenizing router descriptor.");
  424. goto err;
  425. }
  426. }
  427. if (smartlist_len(tokens) < 2) {
  428. log_warn(LD_DIR, "Impossibly short router descriptor.");
  429. goto err;
  430. }
  431. tok = find_by_keyword(tokens, K_ROUTER);
  432. const int router_token_pos = smartlist_pos(tokens, tok);
  433. tor_assert(tok->n_args >= 5);
  434. router = tor_malloc_zero(sizeof(routerinfo_t));
  435. router->cert_expiration_time = TIME_MAX;
  436. router->cache_info.routerlist_index = -1;
  437. router->cache_info.annotations_len = s-start_of_annotations + prepend_len;
  438. router->cache_info.signed_descriptor_len = end-s;
  439. if (cache_copy) {
  440. size_t len = router->cache_info.signed_descriptor_len +
  441. router->cache_info.annotations_len;
  442. char *signed_body =
  443. router->cache_info.signed_descriptor_body = tor_malloc(len+1);
  444. if (prepend_annotations) {
  445. memcpy(signed_body, prepend_annotations, prepend_len);
  446. signed_body += prepend_len;
  447. }
  448. /* This assertion will always succeed.
  449. * len == signed_desc_len + annotations_len
  450. * == end-s + s-start_of_annotations + prepend_len
  451. * == end-start_of_annotations + prepend_len
  452. * We already wrote prepend_len bytes into the buffer; now we're
  453. * writing end-start_of_annotations -NM. */
  454. tor_assert(signed_body+(end-start_of_annotations) ==
  455. router->cache_info.signed_descriptor_body+len);
  456. memcpy(signed_body, start_of_annotations, end-start_of_annotations);
  457. router->cache_info.signed_descriptor_body[len] = '\0';
  458. tor_assert(strlen(router->cache_info.signed_descriptor_body) == len);
  459. }
  460. memcpy(router->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
  461. router->nickname = tor_strdup(tok->args[0]);
  462. if (!is_legal_nickname(router->nickname)) {
  463. log_warn(LD_DIR,"Router nickname is invalid");
  464. goto err;
  465. }
  466. if (!tor_inet_aton(tok->args[1], &in)) {
  467. log_warn(LD_DIR,"Router address is not an IP address.");
  468. goto err;
  469. }
  470. router->addr = ntohl(in.s_addr);
  471. router->or_port =
  472. (uint16_t) tor_parse_long(tok->args[2],10,0,65535,&ok,NULL);
  473. if (!ok) {
  474. log_warn(LD_DIR,"Invalid OR port %s", escaped(tok->args[2]));
  475. goto err;
  476. }
  477. router->dir_port =
  478. (uint16_t) tor_parse_long(tok->args[4],10,0,65535,&ok,NULL);
  479. if (!ok) {
  480. log_warn(LD_DIR,"Invalid dir port %s", escaped(tok->args[4]));
  481. goto err;
  482. }
  483. tok = find_by_keyword(tokens, K_BANDWIDTH);
  484. tor_assert(tok->n_args >= 3);
  485. router->bandwidthrate = (int)
  486. tor_parse_long(tok->args[0],10,1,INT_MAX,&ok,NULL);
  487. if (!ok) {
  488. log_warn(LD_DIR, "bandwidthrate %s unreadable or 0. Failing.",
  489. escaped(tok->args[0]));
  490. goto err;
  491. }
  492. router->bandwidthburst =
  493. (int) tor_parse_long(tok->args[1],10,0,INT_MAX,&ok,NULL);
  494. if (!ok) {
  495. log_warn(LD_DIR, "Invalid bandwidthburst %s", escaped(tok->args[1]));
  496. goto err;
  497. }
  498. router->bandwidthcapacity = (int)
  499. tor_parse_long(tok->args[2],10,0,INT_MAX,&ok,NULL);
  500. if (!ok) {
  501. log_warn(LD_DIR, "Invalid bandwidthcapacity %s", escaped(tok->args[1]));
  502. goto err;
  503. }
  504. if ((tok = find_opt_by_keyword(tokens, A_PURPOSE))) {
  505. tor_assert(tok->n_args);
  506. router->purpose = router_purpose_from_string(tok->args[0]);
  507. } else {
  508. router->purpose = ROUTER_PURPOSE_GENERAL;
  509. }
  510. router->cache_info.send_unencrypted =
  511. (router->purpose == ROUTER_PURPOSE_GENERAL) ? 1 : 0;
  512. if ((tok = find_opt_by_keyword(tokens, K_UPTIME))) {
  513. tor_assert(tok->n_args >= 1);
  514. router->uptime = tor_parse_long(tok->args[0],10,0,LONG_MAX,&ok,NULL);
  515. if (!ok) {
  516. log_warn(LD_DIR, "Invalid uptime %s", escaped(tok->args[0]));
  517. goto err;
  518. }
  519. }
  520. if ((tok = find_opt_by_keyword(tokens, K_HIBERNATING))) {
  521. tor_assert(tok->n_args >= 1);
  522. router->is_hibernating
  523. = (tor_parse_long(tok->args[0],10,0,LONG_MAX,NULL,NULL) != 0);
  524. }
  525. tok = find_by_keyword(tokens, K_PUBLISHED);
  526. tor_assert(tok->n_args == 1);
  527. if (parse_iso_time(tok->args[0], &router->cache_info.published_on) < 0)
  528. goto err;
  529. tok = find_by_keyword(tokens, K_ONION_KEY);
  530. if (!crypto_pk_public_exponent_ok(tok->key)) {
  531. log_warn(LD_DIR,
  532. "Relay's onion key had invalid exponent.");
  533. goto err;
  534. }
  535. router_set_rsa_onion_pkey(tok->key, &router->onion_pkey,
  536. &router->onion_pkey_len);
  537. crypto_pk_free(tok->key);
  538. if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
  539. curve25519_public_key_t k;
  540. tor_assert(tok->n_args >= 1);
  541. if (curve25519_public_from_base64(&k, tok->args[0]) < 0) {
  542. log_warn(LD_DIR, "Bogus ntor-onion-key in routerinfo");
  543. goto err;
  544. }
  545. router->onion_curve25519_pkey =
  546. tor_memdup(&k, sizeof(curve25519_public_key_t));
  547. }
  548. tok = find_by_keyword(tokens, K_SIGNING_KEY);
  549. router->identity_pkey = tok->key;
  550. tok->key = NULL; /* Prevent free */
  551. if (crypto_pk_get_digest(router->identity_pkey,
  552. router->cache_info.identity_digest)) {
  553. log_warn(LD_DIR, "Couldn't calculate key digest"); goto err;
  554. }
  555. {
  556. directory_token_t *ed_sig_tok, *ed_cert_tok, *cc_tap_tok, *cc_ntor_tok,
  557. *master_key_tok;
  558. ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
  559. ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
  560. master_key_tok = find_opt_by_keyword(tokens, K_MASTER_KEY_ED25519);
  561. cc_tap_tok = find_opt_by_keyword(tokens, K_ONION_KEY_CROSSCERT);
  562. cc_ntor_tok = find_opt_by_keyword(tokens, K_NTOR_ONION_KEY_CROSSCERT);
  563. int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok +
  564. !!cc_tap_tok + !!cc_ntor_tok;
  565. if ((n_ed_toks != 0 && n_ed_toks != 4) ||
  566. (n_ed_toks == 4 && !router->onion_curve25519_pkey)) {
  567. log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
  568. "cross-certification support");
  569. goto err;
  570. }
  571. if (master_key_tok && !ed_sig_tok) {
  572. log_warn(LD_DIR, "Router descriptor has ed25519 master key but no "
  573. "certificate");
  574. goto err;
  575. }
  576. if (ed_sig_tok) {
  577. tor_assert(ed_cert_tok && cc_tap_tok && cc_ntor_tok);
  578. const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
  579. if (ed_cert_token_pos == -1 || router_token_pos == -1 ||
  580. (ed_cert_token_pos != router_token_pos + 1 &&
  581. ed_cert_token_pos != router_token_pos - 1)) {
  582. log_warn(LD_DIR, "Ed25519 certificate in wrong position");
  583. goto err;
  584. }
  585. if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
  586. log_warn(LD_DIR, "Ed25519 signature in wrong position");
  587. goto err;
  588. }
  589. if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
  590. log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
  591. goto err;
  592. }
  593. if (strcmp(cc_ntor_tok->object_type, "ED25519 CERT")) {
  594. log_warn(LD_DIR, "Wrong object type on ntor-onion-key-crosscert "
  595. "in decriptor");
  596. goto err;
  597. }
  598. if (strcmp(cc_tap_tok->object_type, "CROSSCERT")) {
  599. log_warn(LD_DIR, "Wrong object type on onion-key-crosscert "
  600. "in decriptor");
  601. goto err;
  602. }
  603. if (strcmp(cc_ntor_tok->args[0], "0") &&
  604. strcmp(cc_ntor_tok->args[0], "1")) {
  605. log_warn(LD_DIR, "Bad sign bit on ntor-onion-key-crosscert");
  606. goto err;
  607. }
  608. int ntor_cc_sign_bit = !strcmp(cc_ntor_tok->args[0], "1");
  609. uint8_t d256[DIGEST256_LEN];
  610. const char *signed_start, *signed_end;
  611. tor_cert_t *cert = tor_cert_parse(
  612. (const uint8_t*)ed_cert_tok->object_body,
  613. ed_cert_tok->object_size);
  614. if (! cert) {
  615. log_warn(LD_DIR, "Couldn't parse ed25519 cert");
  616. goto err;
  617. }
  618. /* makes sure it gets freed. */
  619. router->cache_info.signing_key_cert = cert;
  620. if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
  621. ! cert->signing_key_included) {
  622. log_warn(LD_DIR, "Invalid form for ed25519 cert");
  623. goto err;
  624. }
  625. if (master_key_tok) {
  626. /* This token is optional, but if it's present, it must match
  627. * the signature in the signing cert, or supplant it. */
  628. tor_assert(master_key_tok->n_args >= 1);
  629. ed25519_public_key_t pkey;
  630. if (ed25519_public_from_base64(&pkey, master_key_tok->args[0])<0) {
  631. log_warn(LD_DIR, "Can't parse ed25519 master key");
  632. goto err;
  633. }
  634. if (fast_memneq(&cert->signing_key.pubkey,
  635. pkey.pubkey, ED25519_PUBKEY_LEN)) {
  636. log_warn(LD_DIR, "Ed25519 master key does not match "
  637. "key in certificate");
  638. goto err;
  639. }
  640. }
  641. ntor_cc_cert = tor_cert_parse((const uint8_t*)cc_ntor_tok->object_body,
  642. cc_ntor_tok->object_size);
  643. if (!ntor_cc_cert) {
  644. log_warn(LD_DIR, "Couldn't parse ntor-onion-key-crosscert cert");
  645. goto err;
  646. }
  647. if (ntor_cc_cert->cert_type != CERT_TYPE_ONION_ID ||
  648. ! ed25519_pubkey_eq(&ntor_cc_cert->signed_key, &cert->signing_key)) {
  649. log_warn(LD_DIR, "Invalid contents for ntor-onion-key-crosscert cert");
  650. goto err;
  651. }
  652. ed25519_public_key_t ntor_cc_pk;
  653. if (ed25519_public_key_from_curve25519_public_key(&ntor_cc_pk,
  654. router->onion_curve25519_pkey,
  655. ntor_cc_sign_bit)<0) {
  656. log_warn(LD_DIR, "Error converting onion key to ed25519");
  657. goto err;
  658. }
  659. if (router_get_hash_impl_helper(s, end-s, "router ",
  660. "\nrouter-sig-ed25519",
  661. ' ', LOG_WARN,
  662. &signed_start, &signed_end) < 0) {
  663. log_warn(LD_DIR, "Can't find ed25519-signed portion of descriptor");
  664. goto err;
  665. }
  666. crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
  667. crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
  668. strlen(ED_DESC_SIGNATURE_PREFIX));
  669. crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
  670. crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
  671. crypto_digest_free(d);
  672. ed25519_checkable_t check[3];
  673. int check_ok[3];
  674. time_t expires = TIME_MAX;
  675. if (tor_cert_get_checkable_sig(&check[0], cert, NULL, &expires) < 0) {
  676. log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
  677. goto err;
  678. }
  679. if (tor_cert_get_checkable_sig(&check[1],
  680. ntor_cc_cert, &ntor_cc_pk, &expires) < 0) {
  681. log_err(LD_BUG, "Couldn't create 'checkable' for ntor_cc_cert.");
  682. goto err;
  683. }
  684. if (ed25519_signature_from_base64(&check[2].signature,
  685. ed_sig_tok->args[0])<0) {
  686. log_warn(LD_DIR, "Couldn't decode ed25519 signature");
  687. goto err;
  688. }
  689. check[2].pubkey = &cert->signed_key;
  690. check[2].msg = d256;
  691. check[2].len = DIGEST256_LEN;
  692. if (ed25519_checksig_batch(check_ok, check, 3) < 0) {
  693. log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
  694. goto err;
  695. }
  696. rsa_pubkey = router_get_rsa_onion_pkey(router->onion_pkey,
  697. router->onion_pkey_len);
  698. if (check_tap_onion_key_crosscert(
  699. (const uint8_t*)cc_tap_tok->object_body,
  700. (int)cc_tap_tok->object_size,
  701. rsa_pubkey,
  702. &cert->signing_key,
  703. (const uint8_t*)router->cache_info.identity_digest)<0) {
  704. log_warn(LD_DIR, "Incorrect TAP cross-verification");
  705. goto err;
  706. }
  707. /* We check this before adding it to the routerlist. */
  708. router->cert_expiration_time = expires;
  709. }
  710. }
  711. if ((tok = find_opt_by_keyword(tokens, K_FINGERPRINT))) {
  712. /* If there's a fingerprint line, it must match the identity digest. */
  713. char d[DIGEST_LEN];
  714. tor_assert(tok->n_args == 1);
  715. tor_strstrip(tok->args[0], " ");
  716. if (base16_decode(d, DIGEST_LEN,
  717. tok->args[0], strlen(tok->args[0])) != DIGEST_LEN) {
  718. log_warn(LD_DIR, "Couldn't decode router fingerprint %s",
  719. escaped(tok->args[0]));
  720. goto err;
  721. }
  722. if (tor_memneq(d,router->cache_info.identity_digest, DIGEST_LEN)) {
  723. log_warn(LD_DIR, "Fingerprint '%s' does not match identity digest.",
  724. tok->args[0]);
  725. goto err;
  726. }
  727. }
  728. {
  729. const char *version = NULL, *protocols = NULL;
  730. if ((tok = find_opt_by_keyword(tokens, K_PLATFORM))) {
  731. router->platform = tor_strdup(tok->args[0]);
  732. version = tok->args[0];
  733. }
  734. if ((tok = find_opt_by_keyword(tokens, K_PROTO))) {
  735. router->protocol_list = tor_strdup(tok->args[0]);
  736. protocols = tok->args[0];
  737. }
  738. summarize_protover_flags(&router->pv, protocols, version);
  739. }
  740. if ((tok = find_opt_by_keyword(tokens, K_CONTACT))) {
  741. router->contact_info = tor_strdup(tok->args[0]);
  742. }
  743. if (find_opt_by_keyword(tokens, K_REJECT6) ||
  744. find_opt_by_keyword(tokens, K_ACCEPT6)) {
  745. log_warn(LD_DIR, "Rejecting router with reject6/accept6 line: they crash "
  746. "older Tors.");
  747. goto err;
  748. }
  749. {
  750. smartlist_t *or_addresses = find_all_by_keyword(tokens, K_OR_ADDRESS);
  751. if (or_addresses) {
  752. find_single_ipv6_orport(or_addresses, &router->ipv6_addr,
  753. &router->ipv6_orport);
  754. smartlist_free(or_addresses);
  755. }
  756. }
  757. exit_policy_tokens = find_all_exitpolicy(tokens);
  758. if (!smartlist_len(exit_policy_tokens)) {
  759. log_warn(LD_DIR, "No exit policy tokens in descriptor.");
  760. goto err;
  761. }
  762. SMARTLIST_FOREACH(exit_policy_tokens, directory_token_t *, t,
  763. if (router_add_exit_policy(router,t)<0) {
  764. log_warn(LD_DIR,"Error in exit policy");
  765. goto err;
  766. });
  767. policy_expand_private(&router->exit_policy);
  768. if ((tok = find_opt_by_keyword(tokens, K_IPV6_POLICY)) && tok->n_args) {
  769. router->ipv6_exit_policy = parse_short_policy(tok->args[0]);
  770. if (! router->ipv6_exit_policy) {
  771. log_warn(LD_DIR , "Error in ipv6-policy %s", escaped(tok->args[0]));
  772. goto err;
  773. }
  774. }
  775. if (policy_is_reject_star(router->exit_policy, AF_INET, 1) &&
  776. (!router->ipv6_exit_policy ||
  777. short_policy_is_reject_star(router->ipv6_exit_policy)))
  778. router->policy_is_reject_star = 1;
  779. if ((tok = find_opt_by_keyword(tokens, K_FAMILY)) && tok->n_args) {
  780. int i;
  781. router->declared_family = smartlist_new();
  782. for (i=0;i<tok->n_args;++i) {
  783. if (!is_legal_nickname_or_hexdigest(tok->args[i])) {
  784. log_warn(LD_DIR, "Illegal nickname %s in family line",
  785. escaped(tok->args[i]));
  786. goto err;
  787. }
  788. smartlist_add_strdup(router->declared_family, tok->args[i]);
  789. }
  790. }
  791. if (find_opt_by_keyword(tokens, K_CACHES_EXTRA_INFO))
  792. router->caches_extra_info = 1;
  793. if (find_opt_by_keyword(tokens, K_ALLOW_SINGLE_HOP_EXITS))
  794. router->allow_single_hop_exits = 1;
  795. if ((tok = find_opt_by_keyword(tokens, K_EXTRA_INFO_DIGEST))) {
  796. tor_assert(tok->n_args >= 1);
  797. if (strlen(tok->args[0]) == HEX_DIGEST_LEN) {
  798. if (base16_decode(router->cache_info.extra_info_digest, DIGEST_LEN,
  799. tok->args[0], HEX_DIGEST_LEN) != DIGEST_LEN) {
  800. log_warn(LD_DIR,"Invalid extra info digest");
  801. }
  802. } else {
  803. log_warn(LD_DIR, "Invalid extra info digest %s", escaped(tok->args[0]));
  804. }
  805. if (tok->n_args >= 2) {
  806. if (digest256_from_base64(router->cache_info.extra_info_digest256,
  807. tok->args[1]) < 0) {
  808. log_warn(LD_DIR, "Invalid extra info digest256 %s",
  809. escaped(tok->args[1]));
  810. }
  811. }
  812. }
  813. if (find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR)) {
  814. router->wants_to_be_hs_dir = 1;
  815. }
  816. /* This router accepts tunnelled directory requests via begindir if it has
  817. * an open dirport or it included "tunnelled-dir-server". */
  818. if (find_opt_by_keyword(tokens, K_DIR_TUNNELLED) || router->dir_port > 0) {
  819. router->supports_tunnelled_dir_requests = 1;
  820. }
  821. tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
  822. if (!router->or_port) {
  823. log_warn(LD_DIR,"or_port unreadable or 0. Failing.");
  824. goto err;
  825. }
  826. /* We've checked everything that's covered by the hash. */
  827. can_dl_again = 1;
  828. if (check_signature_token(digest, DIGEST_LEN, tok, router->identity_pkey, 0,
  829. "router descriptor") < 0)
  830. goto err;
  831. if (!router->platform) {
  832. router->platform = tor_strdup("<unknown>");
  833. }
  834. goto done;
  835. err:
  836. dump_desc(s_dup, "router descriptor");
  837. routerinfo_free(router);
  838. router = NULL;
  839. done:
  840. crypto_pk_free(rsa_pubkey);
  841. tor_cert_free(ntor_cc_cert);
  842. if (tokens) {
  843. SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
  844. smartlist_free(tokens);
  845. }
  846. smartlist_free(exit_policy_tokens);
  847. if (area) {
  848. DUMP_AREA(area, "routerinfo");
  849. memarea_drop_all(area);
  850. }
  851. if (can_dl_again_out)
  852. *can_dl_again_out = can_dl_again;
  853. return router;
  854. }
  855. /** Parse a single extrainfo entry from the string <b>s</b>, ending at
  856. * <b>end</b>. (If <b>end</b> is NULL, parse up to the end of <b>s</b>.) If
  857. * <b>cache_copy</b> is true, make a copy of the extra-info document in the
  858. * cache_info fields of the result. If <b>routermap</b> is provided, use it
  859. * as a map from router identity to routerinfo_t when looking up signing keys.
  860. *
  861. * If <b>can_dl_again_out</b> is provided, set *<b>can_dl_again_out</b> to 1
  862. * if it's okay to try to download an extrainfo with this same digest again,
  863. * and 0 if it isn't. (It might not be okay to download it again if part of
  864. * the part covered by the digest is invalid.)
  865. */
  866. extrainfo_t *
  867. extrainfo_parse_entry_from_string(const char *s, const char *end,
  868. int cache_copy, struct digest_ri_map_t *routermap,
  869. int *can_dl_again_out)
  870. {
  871. extrainfo_t *extrainfo = NULL;
  872. char digest[128];
  873. smartlist_t *tokens = NULL;
  874. directory_token_t *tok;
  875. crypto_pk_t *key = NULL;
  876. routerinfo_t *router = NULL;
  877. memarea_t *area = NULL;
  878. const char *s_dup = s;
  879. /* Do not set this to '1' until we have parsed everything that we intend to
  880. * parse that's covered by the hash. */
  881. int can_dl_again = 0;
  882. if (BUG(s == NULL))
  883. return NULL;
  884. if (!end) {
  885. end = s + strlen(s);
  886. }
  887. /* point 'end' to a point immediately after the final newline. */
  888. while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
  889. --end;
  890. if (router_get_extrainfo_hash(s, end-s, digest) < 0) {
  891. log_warn(LD_DIR, "Couldn't compute router hash.");
  892. goto err;
  893. }
  894. tokens = smartlist_new();
  895. area = memarea_new();
  896. if (tokenize_string(area,s,end,tokens,extrainfo_token_table,0)) {
  897. log_warn(LD_DIR, "Error tokenizing extra-info document.");
  898. goto err;
  899. }
  900. if (smartlist_len(tokens) < 2) {
  901. log_warn(LD_DIR, "Impossibly short extra-info document.");
  902. goto err;
  903. }
  904. /* XXXX Accept this in position 1 too, and ed identity in position 0. */
  905. tok = smartlist_get(tokens,0);
  906. if (tok->tp != K_EXTRA_INFO) {
  907. log_warn(LD_DIR,"Entry does not start with \"extra-info\"");
  908. goto err;
  909. }
  910. extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
  911. extrainfo->cache_info.is_extrainfo = 1;
  912. if (cache_copy)
  913. extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s,end-s);
  914. extrainfo->cache_info.signed_descriptor_len = end-s;
  915. memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
  916. crypto_digest256((char*)extrainfo->digest256, s, end-s, DIGEST_SHA256);
  917. tor_assert(tok->n_args >= 2);
  918. if (!is_legal_nickname(tok->args[0])) {
  919. log_warn(LD_DIR,"Bad nickname %s on \"extra-info\"",escaped(tok->args[0]));
  920. goto err;
  921. }
  922. strlcpy(extrainfo->nickname, tok->args[0], sizeof(extrainfo->nickname));
  923. if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
  924. base16_decode(extrainfo->cache_info.identity_digest, DIGEST_LEN,
  925. tok->args[1], HEX_DIGEST_LEN) != DIGEST_LEN) {
  926. log_warn(LD_DIR,"Invalid fingerprint %s on \"extra-info\"",
  927. escaped(tok->args[1]));
  928. goto err;
  929. }
  930. tok = find_by_keyword(tokens, K_PUBLISHED);
  931. if (parse_iso_time(tok->args[0], &extrainfo->cache_info.published_on)) {
  932. log_warn(LD_DIR,"Invalid published time %s on \"extra-info\"",
  933. escaped(tok->args[0]));
  934. goto err;
  935. }
  936. {
  937. directory_token_t *ed_sig_tok, *ed_cert_tok;
  938. ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
  939. ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
  940. int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok;
  941. if (n_ed_toks != 0 && n_ed_toks != 2) {
  942. log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
  943. "cross-certification support");
  944. goto err;
  945. }
  946. if (ed_sig_tok) {
  947. tor_assert(ed_cert_tok);
  948. const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
  949. if (ed_cert_token_pos != 1) {
  950. /* Accept this in position 0 XXXX */
  951. log_warn(LD_DIR, "Ed25519 certificate in wrong position");
  952. goto err;
  953. }
  954. if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
  955. log_warn(LD_DIR, "Ed25519 signature in wrong position");
  956. goto err;
  957. }
  958. if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
  959. log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
  960. goto err;
  961. }
  962. uint8_t d256[DIGEST256_LEN];
  963. const char *signed_start, *signed_end;
  964. tor_cert_t *cert = tor_cert_parse(
  965. (const uint8_t*)ed_cert_tok->object_body,
  966. ed_cert_tok->object_size);
  967. if (! cert) {
  968. log_warn(LD_DIR, "Couldn't parse ed25519 cert");
  969. goto err;
  970. }
  971. /* makes sure it gets freed. */
  972. extrainfo->cache_info.signing_key_cert = cert;
  973. if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
  974. ! cert->signing_key_included) {
  975. log_warn(LD_DIR, "Invalid form for ed25519 cert");
  976. goto err;
  977. }
  978. if (router_get_hash_impl_helper(s, end-s, "extra-info ",
  979. "\nrouter-sig-ed25519",
  980. ' ', LOG_WARN,
  981. &signed_start, &signed_end) < 0) {
  982. log_warn(LD_DIR, "Can't find ed25519-signed portion of extrainfo");
  983. goto err;
  984. }
  985. crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
  986. crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
  987. strlen(ED_DESC_SIGNATURE_PREFIX));
  988. crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
  989. crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
  990. crypto_digest_free(d);
  991. ed25519_checkable_t check[2];
  992. int check_ok[2];
  993. if (tor_cert_get_checkable_sig(&check[0], cert, NULL, NULL) < 0) {
  994. log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
  995. goto err;
  996. }
  997. if (ed25519_signature_from_base64(&check[1].signature,
  998. ed_sig_tok->args[0])<0) {
  999. log_warn(LD_DIR, "Couldn't decode ed25519 signature");
  1000. goto err;
  1001. }
  1002. check[1].pubkey = &cert->signed_key;
  1003. check[1].msg = d256;
  1004. check[1].len = DIGEST256_LEN;
  1005. if (ed25519_checksig_batch(check_ok, check, 2) < 0) {
  1006. log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
  1007. goto err;
  1008. }
  1009. /* We don't check the certificate expiration time: checking that it
  1010. * matches the cert in the router descriptor is adequate. */
  1011. }
  1012. }
  1013. /* We've checked everything that's covered by the hash. */
  1014. can_dl_again = 1;
  1015. if (routermap &&
  1016. (router = digestmap_get((digestmap_t*)routermap,
  1017. extrainfo->cache_info.identity_digest))) {
  1018. key = router->identity_pkey;
  1019. }
  1020. tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
  1021. if (strcmp(tok->object_type, "SIGNATURE") ||
  1022. tok->object_size < 128 || tok->object_size > 512) {
  1023. log_warn(LD_DIR, "Bad object type or length on extra-info signature");
  1024. goto err;
  1025. }
  1026. if (key) {
  1027. if (check_signature_token(digest, DIGEST_LEN, tok, key, 0,
  1028. "extra-info") < 0)
  1029. goto err;
  1030. if (router)
  1031. extrainfo->cache_info.send_unencrypted =
  1032. router->cache_info.send_unencrypted;
  1033. } else {
  1034. extrainfo->pending_sig = tor_memdup(tok->object_body,
  1035. tok->object_size);
  1036. extrainfo->pending_sig_len = tok->object_size;
  1037. }
  1038. goto done;
  1039. err:
  1040. dump_desc(s_dup, "extra-info descriptor");
  1041. extrainfo_free(extrainfo);
  1042. extrainfo = NULL;
  1043. done:
  1044. if (tokens) {
  1045. SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
  1046. smartlist_free(tokens);
  1047. }
  1048. if (area) {
  1049. DUMP_AREA(area, "extrainfo");
  1050. memarea_drop_all(area);
  1051. }
  1052. if (can_dl_again_out)
  1053. *can_dl_again_out = can_dl_again;
  1054. return extrainfo;
  1055. }
  1056. /** Add an exit policy stored in the token <b>tok</b> to the router info in
  1057. * <b>router</b>. Return 0 on success, -1 on failure. */
  1058. static int
  1059. router_add_exit_policy(routerinfo_t *router, directory_token_t *tok)
  1060. {
  1061. addr_policy_t *newe;
  1062. /* Use the standard interpretation of accept/reject *, an IPv4 wildcard. */
  1063. newe = router_parse_addr_policy(tok, 0);
  1064. if (!newe)
  1065. return -1;
  1066. if (! router->exit_policy)
  1067. router->exit_policy = smartlist_new();
  1068. /* Ensure that in descriptors, accept/reject fields are followed by
  1069. * IPv4 addresses, and accept6/reject6 fields are followed by
  1070. * IPv6 addresses. Unlike torrcs, descriptor exit policies do not permit
  1071. * accept/reject followed by IPv6. */
  1072. if (((tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6) &&
  1073. tor_addr_family(&newe->addr) == AF_INET)
  1074. ||
  1075. ((tok->tp == K_ACCEPT || tok->tp == K_REJECT) &&
  1076. tor_addr_family(&newe->addr) == AF_INET6)) {
  1077. /* There's nothing the user can do about other relays' descriptors,
  1078. * so we don't provide usage advice here. */
  1079. log_warn(LD_DIR, "Mismatch between field type and address type in exit "
  1080. "policy '%s'. Discarding entire router descriptor.",
  1081. tok->n_args == 1 ? tok->args[0] : "");
  1082. addr_policy_free(newe);
  1083. return -1;
  1084. }
  1085. smartlist_add(router->exit_policy, newe);
  1086. return 0;
  1087. }
  1088. /** Return a newly allocated smartlist of all accept or reject tokens in
  1089. * <b>s</b>.
  1090. */
  1091. static smartlist_t *
  1092. find_all_exitpolicy(smartlist_t *s)
  1093. {
  1094. smartlist_t *out = smartlist_new();
  1095. SMARTLIST_FOREACH(s, directory_token_t *, t,
  1096. if (t->tp == K_ACCEPT || t->tp == K_ACCEPT6 ||
  1097. t->tp == K_REJECT || t->tp == K_REJECT6)
  1098. smartlist_add(out,t));
  1099. return out;
  1100. }
  1101. /** Called on startup; right now we just handle scanning the unparseable
  1102. * descriptor dumps, but hang anything else we might need to do in the
  1103. * future here as well.
  1104. */
  1105. void
  1106. routerparse_init(void)
  1107. {
  1108. /*
  1109. * Check both if the sandbox is active and whether it's configured; no
  1110. * point in loading all that if we won't be able to use it after the
  1111. * sandbox becomes active.
  1112. */
  1113. if (!(sandbox_is_active() || get_options()->Sandbox)) {
  1114. dump_desc_init();
  1115. }
  1116. }
  1117. /** Clean up all data structures used by routerparse.c at exit */
  1118. void
  1119. routerparse_free_all(void)
  1120. {
  1121. dump_desc_fifo_cleanup();
  1122. }