| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844 | /* * Copyright (c) 2012, The Tor Project, Inc. *//* See LICENSE for licensing information *//** * \file channeltls.c * \brief channel_t concrete subclass using or_connection_t **//* * Define this so channel.h gives us things only channel_t subclasses * should touch. */#define _TOR_CHANNEL_INTERNAL#include "or.h"#include "channel.h"#include "channeltls.h"#include "config.h"#include "connection.h"#include "connection_or.h"#include "control.h"#include "relay.h"#include "router.h"#include "routerlist.h"/** How many CELL_PADDING cells have we received, ever? */uint64_t stats_n_padding_cells_processed = 0;/** How many CELL_VERSIONS cells have we received, ever? */uint64_t stats_n_versions_cells_processed = 0;/** How many CELL_NETINFO cells have we received, ever? */uint64_t stats_n_netinfo_cells_processed = 0;/** How many CELL_VPADDING cells have we received, ever? */uint64_t stats_n_vpadding_cells_processed = 0;/** How many CELL_CERTS cells have we received, ever? */uint64_t stats_n_certs_cells_processed = 0;/** How many CELL_AUTH_CHALLENGE cells have we received, ever? */uint64_t stats_n_auth_challenge_cells_processed = 0;/** How many CELL_AUTHENTICATE cells have we received, ever? */uint64_t stats_n_authenticate_cells_processed = 0;/** How many CELL_AUTHORIZE cells have we received, ever? */uint64_t stats_n_authorize_cells_processed = 0;/** Active listener, if any */channel_tls_t *channel_tls_listener = NULL;/* channel_tls_t method declarations */static void channel_tls_close_method(channel_t *chan);static const char * channel_tls_describe_transport_method(channel_t *chan);static intchannel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out);static const char *channel_tls_get_remote_descr_method(channel_t *chan, int req);static int channel_tls_has_queued_writes_method(channel_t *chan);static int channel_tls_is_canonical_method(channel_t *chan, int req);static intchannel_tls_matches_extend_info_method(channel_t *chan,                                       extend_info_t *extend_info);static int channel_tls_matches_target_method(channel_t *chan,                                             const tor_addr_t *target);static int channel_tls_write_cell_method(channel_t *chan,                                         cell_t *cell);static int channel_tls_write_packed_cell_method(channel_t *chan,                                                packed_cell_t *packed_cell);static int channel_tls_write_var_cell_method(channel_t *chan,                                             var_cell_t *var_cell);/** Handle incoming cells for the handshake stuff here rather than * passing them on up. */static void channel_tls_process_versions_cell(var_cell_t *cell,                                              channel_tls_t *tlschan);static void channel_tls_process_netinfo_cell(cell_t *cell,                                             channel_tls_t *tlschan);static void channel_tls_process_certs_cell(var_cell_t *cell,                                           channel_tls_t *tlschan);static void channel_tls_process_auth_challenge_cell(var_cell_t *cell,                                                    channel_tls_t *tlschan);static void channel_tls_process_authenticate_cell(var_cell_t *cell,                                                  channel_tls_t *tlschan);static int command_allowed_before_handshake(uint8_t command);static int enter_v3_handshake_with_cell(var_cell_t *cell,                                        channel_tls_t *tlschan);/** * Start a new TLS channel * * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to * handshake with an OR with identity digest <b>id_digest</b>, and wrap * it in a channel_tls_t. */channel_t *channel_tls_connect(const tor_addr_t *addr, uint16_t port,                    const char *id_digest){  channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));  channel_t *chan = TLS_CHAN_TO_BASE(tlschan);  channel_init_for_cells(chan);  chan->state = CHANNEL_STATE_OPENING;  chan->close = channel_tls_close_method;  chan->describe_transport = channel_tls_describe_transport_method;  chan->u.cell_chan.get_remote_addr = channel_tls_get_remote_addr_method;  chan->u.cell_chan.get_remote_descr = channel_tls_get_remote_descr_method;  chan->u.cell_chan.has_queued_writes = channel_tls_has_queued_writes_method;  chan->u.cell_chan.is_canonical = channel_tls_is_canonical_method;  chan->u.cell_chan.matches_extend_info =    channel_tls_matches_extend_info_method;  chan->u.cell_chan.matches_target = channel_tls_matches_target_method;  chan->u.cell_chan.write_cell = channel_tls_write_cell_method;  chan->u.cell_chan.write_packed_cell = channel_tls_write_packed_cell_method;  chan->u.cell_chan.write_var_cell = channel_tls_write_var_cell_method;  log_debug(LD_CHANNEL,            "In channel_tls_connect() for channel %p "            "(global id " U64_FORMAT ")",            tlschan,            U64_PRINTF_ARG(chan->global_identifier));  if (is_local_addr(addr)) channel_mark_local(chan);  channel_mark_outgoing(chan);  chan->u.cell_chan.active_circuit_pqueue = smartlist_new();  chan->u.cell_chan.active_circuit_pqueue_last_recalibrated =    cell_ewma_get_tick();  /* Set up or_connection stuff */  tlschan->conn = connection_or_connect(addr, port, id_digest, tlschan);  /* connection_or_connect() will fill in tlschan->conn */  if (!(tlschan->conn)) {    channel_change_state(chan, CHANNEL_STATE_ERROR);    goto err;  }  log_debug(LD_CHANNEL,            "Got orconn %p for channel with global id " U64_FORMAT,            tlschan->conn, U64_PRINTF_ARG(chan->global_identifier));  goto done; err:  smartlist_free(chan->u.cell_chan.active_circuit_pqueue);  tor_free(tlschan);  chan = NULL; done:  /* If we got one, we should register it */  if (chan) channel_register(chan);  return chan;}/** * Return the current channel_tls_t listener * * Returns the current listening channel for incoming TLS connections, or * NULL if none has been established */channel_t *channel_tls_get_listener(void){  return TLS_CHAN_TO_BASE(channel_tls_listener);}/** * Start a channel_tls_t listener if necessary * * Return the current channel_tls_t listener, or start one if we haven't yet, * and return that. */channel_t *channel_tls_start_listener(void){  channel_tls_t *listener;  channel_t *lchan;  if (!channel_tls_listener) {    listener = tor_malloc_zero(sizeof(*listener));    lchan = TLS_CHAN_TO_BASE(listener);    channel_init_listener(lchan);    lchan->state = CHANNEL_STATE_LISTENING;    lchan->close = channel_tls_close_method;    lchan->describe_transport = channel_tls_describe_transport_method;    channel_tls_listener = listener;    log_debug(LD_CHANNEL,              "Starting TLS listener channel %p with global id " U64_FORMAT,              lchan, U64_PRINTF_ARG(lchan->global_identifier));    channel_register(lchan);  } else lchan = TLS_CHAN_TO_BASE(channel_tls_listener);  return lchan;}/** * Free everything on shutdown * * Not much to do here, since channel_free_all() takes care of a lot, but let's * get rid of the listener. */voidchannel_tls_free_all(void){  channel_t *base = NULL;  log_debug(LD_CHANNEL,            "Shutting down TLS channels...");  if (channel_tls_listener) {    base = TLS_CHAN_TO_BASE(channel_tls_listener);    channel_unregister(base);    channel_mark_for_close(base);    channel_free(base);    channel_tls_listener = NULL;  }  log_debug(LD_CHANNEL,            "Done shutting down TLS channels");}/** * Create a new channel around an incoming or_connection_t */channel_t *channel_tls_handle_incoming(or_connection_t *orconn){  channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));  channel_t *chan = TLS_CHAN_TO_BASE(tlschan);  tor_assert(orconn);  tor_assert(!(orconn->chan));  channel_init_for_cells(chan);  chan->state = CHANNEL_STATE_OPENING;  chan->close = channel_tls_close_method;  chan->describe_transport = channel_tls_describe_transport_method;  chan->u.cell_chan.get_remote_descr = channel_tls_get_remote_descr_method;  chan->u.cell_chan.has_queued_writes = channel_tls_has_queued_writes_method;  chan->u.cell_chan.is_canonical = channel_tls_is_canonical_method;  chan->u.cell_chan.matches_extend_info =    channel_tls_matches_extend_info_method;  chan->u.cell_chan.matches_target = channel_tls_matches_target_method;  chan->u.cell_chan.write_cell = channel_tls_write_cell_method;  chan->u.cell_chan.write_packed_cell = channel_tls_write_packed_cell_method;  chan->u.cell_chan.write_var_cell = channel_tls_write_var_cell_method;  /* Link the channel and orconn to each other */  tlschan->conn = orconn;  orconn->chan = tlschan;  if (is_local_addr(&(TO_CONN(orconn)->addr))) channel_mark_local(chan);  channel_mark_incoming(chan);  chan->u.cell_chan.active_circuit_pqueue = smartlist_new();  chan->u.cell_chan.active_circuit_pqueue_last_recalibrated =    cell_ewma_get_tick();  /* If we got one, we should register it */  if (chan) channel_register(chan);  return chan;}/******************************************** * Method implementations for channel_tls_t * *******************************************//** * Close a channel_tls_t * * This implements the close method for channel_tls_t */static voidchannel_tls_close_method(channel_t *chan){  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  if (chan->is_listener) {    /*     * Listeners we just go ahead and change state through to CLOSED, but     * make sure to check if they're channel_tls_listener to NULL it out.     */    if (chan == TLS_CHAN_TO_BASE(channel_tls_listener))      channel_tls_listener = NULL;    if (!(chan->state == CHANNEL_STATE_CLOSING ||          chan->state == CHANNEL_STATE_CLOSED ||          chan->state == CHANNEL_STATE_ERROR)) {      channel_change_state(chan, CHANNEL_STATE_CLOSING);    }    if (chan->u.listener.incoming_list) {      SMARTLIST_FOREACH_BEGIN(chan->u.listener.incoming_list,                              channel_t *, ichan) {        channel_mark_for_close(ichan);      } SMARTLIST_FOREACH_END(ichan);      smartlist_free(chan->u.listener.incoming_list);      chan->u.listener.incoming_list = NULL;    }    if (!(chan->state == CHANNEL_STATE_CLOSED ||          chan->state == CHANNEL_STATE_ERROR)) {      channel_change_state(chan, CHANNEL_STATE_CLOSED);    }  } else {    if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1);    else {      /* Weird - we'll have to change the state ourselves, I guess */      log_info(LD_CHANNEL,               "Tried to close channel_tls_t %p with NULL conn",               tlschan);      channel_change_state(chan, CHANNEL_STATE_ERROR);    }  }}/** * Describe the transport for a channel_tls_t * * This returns the string "TLS channel on connection <id>" to the upper * layer. */static const char *channel_tls_describe_transport_method(channel_t *chan){  static char *buf = NULL;  uint64_t id;  channel_tls_t *tlschan;  const char *rv = NULL;  tor_assert(chan);  if (chan->is_listener) {    rv = "TLS channel (listening)";  } else {    tlschan = BASE_CHAN_TO_TLS(chan);    if (tlschan->conn) {      id = TO_CONN(tlschan->conn)->global_identifier;      if (buf) tor_free(buf);      tor_asprintf(&buf,                   "TLS channel (connection " U64_FORMAT ")",                   U64_PRINTF_ARG(id));      rv = buf;    } else {      rv = "TLS channel (no connection)";    }  }  return rv;}/** * Get the remote address of a channel_tls_t * * This implements the get_remote_addr method for channel_tls_t; copy the * remote endpoint of the channel to addr_out and return 1 (always * succeeds for this transport). */static intchannel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out){  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  tor_assert(addr_out);  tor_assert(tlschan->conn);  tor_addr_copy(addr_out, &(TO_CONN(tlschan->conn)->addr));  return 1;}/** * Get endpoint description of a channel_tls_t * * This implements the get_remote_descr method for channel_tls_t; it returns * a text description of the remote endpoint of the channel suitable for use * in log messages.  The req parameter is 0 for the canonical address or 1 for * the actual address seen. */static const char *channel_tls_get_remote_descr_method(channel_t *chan, int req){#define MAX_DESCR_LEN 32  static char buf[MAX_DESCR_LEN + 1];  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  connection_t *conn;  const char *answer = NULL;  char *addr_str;  tor_assert(tlschan);  tor_assert(tlschan->conn);  conn = TO_CONN(tlschan->conn);  switch (req) {    case 0:      /* Canonical address */      tor_snprintf(buf, MAX_DESCR_LEN + 1,                   "%s:%u", conn->address, conn->port);      answer = buf;      break;    case 1:      /* Actual address */      addr_str = tor_dup_addr(&(tlschan->conn->real_addr));      tor_snprintf(buf, MAX_DESCR_LEN + 1,                   "%s:%u", addr_str, conn->port);      tor_free(addr_str);      answer = buf;      break;    default:      /* Something's broken in channel.c */      tor_assert(1);  }  return answer;}/** * Tell the upper layer if we have queued writes * * This implements the has_queued_writes method for channel_tls _t; it returns * 1 iff we have queued writes on the outbuf of the underlying or_connection_t. */static intchannel_tls_has_queued_writes_method(channel_t *chan){  size_t outbuf_len;  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  tor_assert(tlschan->conn);  outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn));  return (outbuf_len > 0);}/** * Tell the upper layer if we're canonical * * This implements the is_canonical method for channel_tls_t; if req is zero, * it returns whether this is a canonical channel, and if it is one it returns * whether that can be relied upon. */static intchannel_tls_is_canonical_method(channel_t *chan, int req){  int answer = 0;  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  tor_assert(tlschan->conn);  switch (req) {    case 0:      answer = tlschan->conn->is_canonical;      break;    case 1:      /*       * Is the is_canonical bit reliable?  In protocols version 2 and up       * we get the canonical address from a NETINFO cell, but in older       * versions it might be based on an obsolete descriptor.       */      answer = (tlschan->conn->link_proto >= 2);      break;    default:      /* This shouldn't happen; channel.c is broken if it does */      tor_assert(1);  }  return answer;}/** * Check if we match an extend_info_t * * This implements the matches_extend_info method for channel_tls_t; the upper * layer wants to know if this channel matches an extend_info_t. */static intchannel_tls_matches_extend_info_method(channel_t *chan,                                       extend_info_t *extend_info){  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  tor_assert(extend_info);  return (tor_addr_eq(&(extend_info->addr),                      &(TO_CONN(tlschan->conn)->addr)) &&         (extend_info->port == TO_CONN(tlschan->conn)->port));}/** * Check if we match a target address * * This implements the matches_target method for channel_tls _t; the upper * layer wants to know if this channel matches a target address when extending * a circuit. */static intchannel_tls_matches_target_method(channel_t *chan,                                  const tor_addr_t *target){  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  tor_assert(target);  tor_assert(tlschan->conn);  return tor_addr_compare(&(tlschan->conn->real_addr),                          target, CMP_EXACT);}/** * Write a cell to a channel_tls_t * * This implements the write_cell method for channel_tls_t; given a * channel_tls_t and a cell_t, transmit the cell_t. */static intchannel_tls_write_cell_method(channel_t *chan, cell_t *cell){  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  tor_assert(cell);  tor_assert(tlschan->conn);  connection_or_write_cell_to_buf(cell, tlschan->conn);  return 1;}/** * Write a packed cell to a channel_tls_t * * This implements the write_packed_cell method for channel_tls_t; given a * channel_tls_t and a packed_cell_t, transmit the packed_cell_t. */static intchannel_tls_write_packed_cell_method(channel_t *chan,                                     packed_cell_t *packed_cell){  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  tor_assert(packed_cell);  tor_assert(tlschan->conn);  connection_write_to_buf(packed_cell->body, CELL_NETWORK_SIZE,                          TO_CONN(tlschan->conn));  /* This is where the cell is finished; used to be done from relay.c */  packed_cell_free(packed_cell);  return 1;}/** * Write a variable-length cell to a channel_tls_t * * This implements the write_var_cell method for channel_tls_t; given a * channel_tls_t and a var_cell_t, transmit the var_cell_t. */static intchannel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell){  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);  tor_assert(tlschan);  tor_assert(var_cell);  tor_assert(tlschan->conn);  connection_or_write_var_cell_to_buf(var_cell, tlschan->conn);  return 1;}/******************************************************* * Functions for handling events on an or_connection_t * ******************************************************//** * Handle an orconn state change * * This function will be called by connection_or.c when the or_connection_t * associated with this channel_tls_t changes state. */voidchannel_tls_handle_state_change_on_orconn(channel_tls_t *chan,                                          or_connection_t *conn,                                          uint8_t old_state,                                          uint8_t state){  channel_t *base_chan;  tor_assert(chan);  tor_assert(conn);  tor_assert(conn->chan == chan);  tor_assert(chan->conn == conn);  /* -Werror appeasement */  tor_assert(old_state == old_state);  base_chan = TLS_CHAN_TO_BASE(chan);  /* Make sure the base connection state makes sense - shouldn't be error,   * closed or listening. */  tor_assert(base_chan->state == CHANNEL_STATE_OPENING ||             base_chan->state == CHANNEL_STATE_OPEN ||             base_chan->state == CHANNEL_STATE_MAINT ||             base_chan->state == CHANNEL_STATE_CLOSING);  /* Did we just go to state open? */  if (state == OR_CONN_STATE_OPEN) {    /*     * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or     * CHANNEL_STATE_MAINT on this.     */    channel_change_state(base_chan, CHANNEL_STATE_OPEN);  } else {    /*     * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,     * otherwise no change.     */    if (base_chan->state == CHANNEL_STATE_OPEN) {      channel_change_state(base_chan, CHANNEL_STATE_MAINT);    }  }}/** * Flush cells from a channel_tls_t * * Try to flush up to about num_cells cells, and return how many we flushed. */ssize_tchannel_tls_flush_some_cells(channel_tls_t *chan, ssize_t num_cells){  ssize_t flushed = 0;  tor_assert(chan);  if (flushed >= num_cells) goto done;  /*   * If channel_tls_t ever buffers anything below the channel_t layer, flush   * that first here.   */  flushed += channel_flush_some_cells(TLS_CHAN_TO_BASE(chan),                                      num_cells - flushed);  /*   * If channel_tls_t ever buffers anything below the channel_t layer, check   * how much we actually got and push it on down here.   */ done:  return flushed;}/** * Check if a channel_tls_t has anything to flush * * Return true if there is any more to flush on this channel (cells in queue * or active circuits). */intchannel_tls_more_to_flush(channel_tls_t *chan){  tor_assert(chan);  /*   * If channel_tls_t ever buffers anything below channel_t, the   * check for that should go here first.   */  return channel_more_to_flush(TLS_CHAN_TO_BASE(chan));}#ifdef KEEP_TIMING_STATS/** * Timing states wrapper * * This is a wrapper function around the actual function that processes the * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b> * by the number of microseconds used by the call to <b>*func(cell, chan)</b>. */static voidchannel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,                              void (*func)(cell_t *, channel_tls_t *)){  struct timeval start, end;  long time_passed;  tor_gettimeofday(&start);  (*func)(cell, chan);  tor_gettimeofday(&end);  time_passed = tv_udiff(&start, &end) ;  if (time_passed > 10000) { /* more than 10ms */    log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);  }  if (time_passed < 0) {    log_info(LD_GENERAL,"That call took us back in time!");    time_passed = 0;  }  *time += time_passed;}#endif/** * Handle an incoming cell on a channel_tls_t * * This is called from connection_or.c to handle an arriving cell; it checks * for cell types specific to the handshake for this transport protocol and * handles them, and queues all other cells to the channel_t layer, which * eventually will hand them off to command.c. */voidchannel_tls_handle_cell(cell_t *cell, or_connection_t *conn){  channel_tls_t *chan;  int handshaking;#ifdef KEEP_TIMING_STATS#define PROCESS_CELL(tp, cl, cn) STMT_BEGIN {                   \    ++num ## tp;                                                \    channel_tls_time_process_cell(cl, cn, & tp ## time ,            \                             channel_tls_process_ ## tp ## _cell);  \    } STMT_END#else#define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)#endif  tor_assert(cell);  tor_assert(conn);  chan = conn->chan; if (!chan) {   log_warn(LD_CHANNEL,            "Got a cell_t on an OR connection with no channel");   return;  }  tor_assert(!(TLS_CHAN_TO_BASE(chan)->is_listener));  handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);  if (conn->_base.marked_for_close)    return;  /* Reject all but VERSIONS and NETINFO when handshaking. */  /* (VERSIONS should actually be impossible; it's variable-length.) */  if (handshaking && cell->command != CELL_VERSIONS &&      cell->command != CELL_NETINFO) {    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,           "Received unexpected cell command %d in chan state %s / "           "conn state %s; closing the connection.",           (int)cell->command,           channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),           conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state));    connection_or_close_for_error(conn, 0);    return;  }  if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3)    or_handshake_state_record_cell(conn->handshake_state, cell, 1);  switch (cell->command) {    case CELL_PADDING:      ++stats_n_padding_cells_processed;      /* do nothing */      break;    case CELL_VERSIONS:      tor_fragile_assert();      break;    case CELL_NETINFO:      ++stats_n_netinfo_cells_processed;      PROCESS_CELL(netinfo, cell, chan);      break;    case CELL_CREATE:    case CELL_CREATE_FAST:    case CELL_CREATED:    case CELL_CREATED_FAST:    case CELL_RELAY:    case CELL_RELAY_EARLY:    case CELL_DESTROY:      /*       * These are all transport independent and we pass them up through the       * channel_t mechanism.  They are ultimately handled in command.c.       */      channel_queue_cell(TLS_CHAN_TO_BASE(chan), cell);      break;    default:      log_fn(LOG_INFO, LD_PROTOCOL,             "Cell of unknown type (%d) received in channeltls.c.  "             "Dropping.",             cell->command);             break;  }}/** * Handle an incoming variable-length cell on a channel_tls_t * * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep * internal statistics about how many of each cell we've processed so far * this second, and the total number of microseconds it took to * process each type of cell.  All the var_cell commands are handshake- * related and live below the channel_t layer, so no variable-length * cells ever get delivered in the current implementation, but I've left * the mechanism in place for future use. */voidchannel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn){  channel_tls_t *chan;  int handshaking;#ifdef KEEP_TIMING_STATS  /* how many of each cell have we seen so far this second? needs better   * name. */  static int num_versions = 0, num_certs = 0;  static time_t current_second = 0; /* from previous calls to time */  time_t now = time(NULL);  if (current_second == 0) current_second = now;  if (now > current_second) { /* the second has rolled over */    /* print stats */    log_info(LD_OR,             "At end of second: %d versions (%d ms), %d certs (%d ms)",             num_versions, versions_time / ((now - current_second) * 1000),             num_certs, certs_time / ((now - current_second) * 1000));    num_versions = num_certs = 0;    versions_time = certs_time = 0;    /* remember which second it is, for next time */    current_second = now;  }#endif  tor_assert(var_cell);  tor_assert(conn);  chan = conn->chan;  if (!chan) {    log_warn(LD_CHANNEL,             "Got a var_cell_t on an OR connection with no channel");    return;  }  tor_assert(!(TLS_CHAN_TO_BASE(chan)->is_listener));  handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);  if (TO_CONN(conn)->marked_for_close)    return;  switch (TO_CONN(conn)->state) {    case OR_CONN_STATE_OR_HANDSHAKING_V2:      if (var_cell->command != CELL_VERSIONS) {        log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,               "Received a cell with command %d in unexpected "               "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "               "closing the connection.",               (int)(var_cell->command),               conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),               TO_CONN(conn)->state,               channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),               (int)(TLS_CHAN_TO_BASE(chan)->state));        /*         * The code in connection_or.c will tell channel_t to close for         * error; it will go to CHANNEL_STATE_CLOSING, and then to         * CHANNEL_STATE_ERROR when conn is closed.         */        connection_or_close_for_error(conn, 0);        return;      }      break;    case OR_CONN_STATE_TLS_HANDSHAKING:      /* If we're using bufferevents, it's entirely possible for us to       * notice "hey, data arrived!" before we notice "hey, the handshake       * finished!" And we need to be accepting both at once to handle both       * the v2 and v3 handshakes. */      /* fall through */    case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:      if (!(command_allowed_before_handshake(var_cell->command))) {        log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,               "Received a cell with command %d in unexpected "               "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "               "closing the connection.",               (int)(var_cell->command),               conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),               (int)(TO_CONN(conn)->state),               channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),               (int)(TLS_CHAN_TO_BASE(chan)->state));        /* see above comment about CHANNEL_STATE_ERROR */        connection_or_close_for_error(conn, 0);        return;      } else {        if (enter_v3_handshake_with_cell(var_cell, chan) < 0)          return;      }      break;    case OR_CONN_STATE_OR_HANDSHAKING_V3:      if (var_cell->command != CELL_AUTHENTICATE)        or_handshake_state_record_var_cell(conn->handshake_state, var_cell, 1);      break; /* Everything is allowed */    case OR_CONN_STATE_OPEN:      if (conn->link_proto < 3) {        log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,               "Received a variable-length cell with command %d in orconn "               "state %s [%d], channel state %s [%d] with link protocol %d; "               "ignoring it.",               (int)(var_cell->command),               conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),               (int)(TO_CONN(conn)->state),               channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),               (int)(TLS_CHAN_TO_BASE(chan)->state),               (int)(conn->link_proto));        return;      }      break;    default:      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,             "Received var-length cell with command %d in unexpected "             "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "             "ignoring it.",             (int)(var_cell->command),             conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),             (int)(TO_CONN(conn)->state),             channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),             (int)(TLS_CHAN_TO_BASE(chan)->state));      return;  }  /* Now handle the cell */  switch (var_cell->command) {    case CELL_VERSIONS:      ++stats_n_versions_cells_processed;      PROCESS_CELL(versions, var_cell, chan);      break;    case CELL_VPADDING:      ++stats_n_vpadding_cells_processed;      /* Do nothing */      break;    case CELL_CERTS:      ++stats_n_certs_cells_processed;      PROCESS_CELL(certs, var_cell, chan);      break;    case CELL_AUTH_CHALLENGE:      ++stats_n_auth_challenge_cells_processed;      PROCESS_CELL(auth_challenge, var_cell, chan);      break;    case CELL_AUTHENTICATE:      ++stats_n_authenticate_cells_processed;      PROCESS_CELL(authenticate, var_cell, chan);      break;    case CELL_AUTHORIZE:      ++stats_n_authorize_cells_processed;      /* Ignored so far. */      break;    default:      log_fn(LOG_INFO, LD_PROTOCOL,             "Variable-length cell of unknown type (%d) received.",             (int)(var_cell->command));      break;  }}/** * Check if this cell type is allowed before the handshake is finished * * Return true if <b>command</b> is a cell command that's allowed to start a * V3 handshake. */static intcommand_allowed_before_handshake(uint8_t command){  switch (command) {    case CELL_VERSIONS:    case CELL_VPADDING:    case CELL_AUTHORIZE:      return 1;    default:      return 0;  }}/** * Start a V3 handshake on an incoming connection * * Called when we as a server receive an appropriate cell while waiting * either for a cell or a TLS handshake.  Set the connection's state to * "handshaking_v3', initializes the or_handshake_state field as needed, * and add the cell to the hash of incoming cells.) */static intenter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan){  int started_here = 0;  tor_assert(cell);  tor_assert(chan);  tor_assert(!(TLS_CHAN_TO_BASE(chan)->is_listener));  tor_assert(chan->conn);  started_here = connection_or_nonopen_was_started_here(chan->conn);  tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING ||             TO_CONN(chan->conn)->state ==               OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);  if (started_here) {    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Received a cell while TLS-handshaking, not in "           "OR_HANDSHAKING_V3, on a connection we originated.");  }  chan->conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING_V3;  if (connection_init_or_handshake_state(chan->conn, started_here) < 0) {    connection_or_close_for_error(chan->conn, 0);    return -1;  }  or_handshake_state_record_var_cell(chan->conn->handshake_state, cell, 1);  return 0;}/** * Process a 'versions' cell. * * This function is called to handle an incoming VERSIONS cell; the current * link protocol version must be 0 to indicate that no version has yet been * negotiated.  We compare the versions in the cell to the list of versions * we support, pick the highest version we have in common, and continue the * negotiation from there. */static voidchannel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan){  int highest_supported_version = 0;  const uint8_t *cp, *end;  int started_here = 0;  tor_assert(cell);  tor_assert(chan);  tor_assert(!(TLS_CHAN_TO_BASE(chan)->is_listener));  tor_assert(chan->conn);  started_here = connection_or_nonopen_was_started_here(chan->conn);  if (chan->conn->link_proto != 0 ||      (chan->conn->handshake_state &&       chan->conn->handshake_state->received_versions)) {    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Received a VERSIONS cell on a connection with its version "           "already set to %d; dropping",           (int)(chan->conn->link_proto));    return;  }  switch (chan->conn->_base.state)    {    case OR_CONN_STATE_OR_HANDSHAKING_V2:    case OR_CONN_STATE_OR_HANDSHAKING_V3:      break;    case OR_CONN_STATE_TLS_HANDSHAKING:    case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:    default:      log_fn(LOG_PROTOCOL_WARN, LD_OR,             "VERSIONS cell while in unexpected state");      return;  }  tor_assert(chan->conn->handshake_state);  end = cell->payload + cell->payload_len;  for (cp = cell->payload; cp+1 < end; ++cp) {    uint16_t v = ntohs(get_uint16(cp));    if (is_or_protocol_version_known(v) && v > highest_supported_version)      highest_supported_version = v;  }  if (!highest_supported_version) {    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Couldn't find a version in common between my version list and the "           "list in the VERSIONS cell; closing connection.");    connection_or_close_for_error(chan->conn, 0);    return;  } else if (highest_supported_version == 1) {    /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS     * cells. */    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Used version negotiation protocol to negotiate a v1 connection. "           "That's crazily non-compliant. Closing connection.");    connection_or_close_for_error(chan->conn, 0);    return;  } else if (highest_supported_version < 3 &&             chan->conn->_base.state ==  OR_CONN_STATE_OR_HANDSHAKING_V3) {    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Negotiated link protocol 2 or lower after doing a v3 TLS "           "handshake. Closing connection.");    connection_or_close_for_error(chan->conn, 0);    return;  }  chan->conn->link_proto = highest_supported_version;  chan->conn->handshake_state->received_versions = 1;  if (chan->conn->link_proto == 2) {    log_info(LD_OR,             "Negotiated version %d with %s:%d; sending NETINFO.",             highest_supported_version,             safe_str_client(chan->conn->_base.address),             chan->conn->_base.port);    if (connection_or_send_netinfo(chan->conn) < 0) {      connection_or_close_for_error(chan->conn, 0);      return;    }  } else {    const int send_versions = !started_here;    /* If we want to authenticate, send a CERTS cell */    const int send_certs = !started_here || public_server_mode(get_options());    /* If we're a relay that got a connection, ask for authentication. */    const int send_chall = !started_here && public_server_mode(get_options());    /* If our certs cell will authenticate us, we can send a netinfo cell     * right now. */    const int send_netinfo = !started_here;    const int send_any =      send_versions || send_certs || send_chall || send_netinfo;    tor_assert(chan->conn->link_proto >= 3);    log_info(LD_OR,             "Negotiated version %d with %s:%d; %s%s%s%s%s",             highest_supported_version,             safe_str_client(chan->conn->_base.address),             chan->conn->_base.port,             send_any ? "Sending cells:" : "Waiting for CERTS cell",             send_versions ? " VERSIONS" : "",             send_certs ? " CERTS" : "",             send_chall ? " AUTH_CHALLENGE" : "",             send_netinfo ? " NETINFO" : "");#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE    if (1) {      connection_or_close_normally(chan->conn, 1);      return;    }#endif    if (send_versions) {      if (connection_or_send_versions(chan->conn, 1) < 0) {        log_warn(LD_OR, "Couldn't send versions cell");        connection_or_close_for_error(chan->conn, 0);        return;      }    }    if (send_certs) {      if (connection_or_send_certs_cell(chan->conn) < 0) {        log_warn(LD_OR, "Couldn't send certs cell");        connection_or_close_for_error(chan->conn, 0);        return;      }    }    if (send_chall) {      if (connection_or_send_auth_challenge_cell(chan->conn) < 0) {        log_warn(LD_OR, "Couldn't send auth_challenge cell");        connection_or_close_for_error(chan->conn, 0);        return;      }    }    if (send_netinfo) {      if (connection_or_send_netinfo(chan->conn) < 0) {        log_warn(LD_OR, "Couldn't send netinfo cell");        connection_or_close_for_error(chan->conn, 0);        return;      }    }  }}/** * Process a 'netinfo' cell * * This function is called to handle an incoming NETINFO cell; read and act * on its contents, and set the connection state to "open". */static voidchannel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan){  time_t timestamp;  uint8_t my_addr_type;  uint8_t my_addr_len;  const uint8_t *my_addr_ptr;  const uint8_t *cp, *end;  uint8_t n_other_addrs;  time_t now = time(NULL);  long apparent_skew = 0;  tor_addr_t my_apparent_addr = TOR_ADDR_NULL;  tor_assert(cell);  tor_assert(chan);  tor_assert(!(TLS_CHAN_TO_BASE(chan)->is_listener));  tor_assert(chan->conn);  if (chan->conn->link_proto < 2) {    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Received a NETINFO cell on %s connection; dropping.",           chan->conn->link_proto == 0 ? "non-versioned" : "a v1");    return;  }  if (chan->conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&      chan->conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Received a NETINFO cell on non-handshaking connection; dropping.");    return;  }  tor_assert(chan->conn->handshake_state &&             chan->conn->handshake_state->received_versions);  if (chan->conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {    tor_assert(chan->conn->link_proto >= 3);    if (chan->conn->handshake_state->started_here) {      if (!(chan->conn->handshake_state->authenticated)) {        log_fn(LOG_PROTOCOL_WARN, LD_OR,               "Got a NETINFO cell from server, "               "but no authentication.  Closing the connection.");        connection_or_close_for_error(chan->conn, 0);        return;      }    } else {      /* we're the server.  If the client never authenticated, we have         some housekeeping to do.*/      if (!(chan->conn->handshake_state->authenticated)) {        tor_assert(tor_digest_is_zero(                  (const char*)(chan->conn->handshake_state->                      authenticated_peer_id)));        channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL);        connection_or_init_conn_from_address(chan->conn,                  &(chan->conn->_base.addr),                  chan->conn->_base.port,                  (const char*)(chan->conn->handshake_state->                   authenticated_peer_id),                  0);      }    }  }  /* Decode the cell. */  timestamp = ntohl(get_uint32(cell->payload));  if (labs(now - chan->conn->handshake_state->sent_versions_at) < 180) {    apparent_skew = now - timestamp;  }  my_addr_type = (uint8_t) cell->payload[4];  my_addr_len = (uint8_t) cell->payload[5];  my_addr_ptr = (uint8_t*) cell->payload + 6;  end = cell->payload + CELL_PAYLOAD_SIZE;  cp = cell->payload + 6 + my_addr_len;  if (cp >= end) {    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Addresses too long in netinfo cell; closing connection.");    connection_or_close_for_error(chan->conn, 0);    return;  } else if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {    tor_addr_from_ipv4n(&my_apparent_addr, get_uint32(my_addr_ptr));  } else if (my_addr_type == RESOLVED_TYPE_IPV6 && my_addr_len == 16) {    tor_addr_from_ipv6_bytes(&my_apparent_addr, (const char *) my_addr_ptr);  }  n_other_addrs = (uint8_t) *cp++;  while (n_other_addrs && cp < end-2) {    /* Consider all the other addresses; if any matches, this connection is     * "canonical." */    tor_addr_t addr;    const uint8_t *next =      decode_address_from_payload(&addr, cp, (int)(end-cp));    if (next == NULL) {      log_fn(LOG_PROTOCOL_WARN,  LD_OR,             "Bad address in netinfo cell; closing connection.");      connection_or_close_for_error(chan->conn, 0);      return;    }    if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {      chan->conn->is_canonical = 1;      break;    }    cp = next;    --n_other_addrs;  }  /* Act on apparent skew. */  /** Warn when we get a netinfo skew with at least this value. */#define NETINFO_NOTICE_SKEW 3600  if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&      router_get_by_id_digest(chan->conn->identity_digest)) {    char dbuf[64];    int severity;    /*XXXX be smarter about when everybody says we are skewed. */    if (router_digest_is_trusted_dir(chan->conn->identity_digest))      severity = LOG_WARN;    else      severity = LOG_INFO;    format_time_interval(dbuf, sizeof(dbuf), apparent_skew);    log_fn(severity, LD_GENERAL,           "Received NETINFO cell with skewed time from "           "server at %s:%d.  It seems that our clock is %s by %s, or "           "that theirs is %s. Tor requires an accurate clock to work: "           "please check your time and date settings.",           chan->conn->_base.address,           (int)(chan->conn->_base.port),           apparent_skew > 0 ? "ahead" : "behind",           dbuf,           apparent_skew > 0 ? "behind" : "ahead");    if (severity == LOG_WARN) /* only tell the controller if an authority */      control_event_general_status(LOG_WARN,                          "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",                          apparent_skew,                          chan->conn->_base.address,                          chan->conn->_base.port);  }  /* XXX maybe act on my_apparent_addr, if the source is sufficiently   * trustworthy. */  if (connection_or_set_state_open(chan->conn) < 0) {    log_fn(LOG_PROTOCOL_WARN, LD_OR,           "Got good NETINFO cell from %s:%d; but "           "was unable to make the OR connection become open.",           safe_str_client(chan->conn->_base.address),           chan->conn->_base.port);    connection_or_close_for_error(chan->conn, 0);  } else {    log_info(LD_OR,             "Got good NETINFO cell from %s:%d; OR connection is now "             "open, using protocol version %d. Its ID digest is %s. "             "Our address is apparently %s.",             safe_str_client(chan->conn->_base.address),             chan->conn->_base.port,             (int)(chan->conn->link_proto),             hex_str(TLS_CHAN_TO_BASE(chan)->u.cell_chan.identity_digest,                     DIGEST_LEN),             tor_addr_is_null(&my_apparent_addr) ?             "<none>" : fmt_and_decorate_addr(&my_apparent_addr));  }  assert_connection_ok(TO_CONN(chan->conn),time(NULL));}/** * Process a CERTS cell from a channel. * * This function is called to process an incoming CERTS cell on a * channel_tls_t: * * If the other side should not have sent us a CERTS cell, or the cell is * malformed, or it is supposed to authenticate the TLS key but it doesn't, * then mark the connection. * * If the cell has a good cert chain and we're doing a v3 handshake, then * store the certificates in or_handshake_state.  If this is the client side * of the connection, we then authenticate the server or mark the connection. * If it's the server side, wait for an AUTHENTICATE cell. */static voidchannel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan){  tor_cert_t *link_cert = NULL;  tor_cert_t *id_cert = NULL;  tor_cert_t *auth_cert = NULL;  uint8_t *ptr;  int n_certs, i;  int send_netinfo = 0;  tor_assert(cell);  tor_assert(chan);  tor_assert(!(TLS_CHAN_TO_BASE(chan)->is_listener));  tor_assert(chan->conn);#define ERR(s)                                                  \  do {                                                          \    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,                      \           "Received a bad CERTS cell from %s:%d: %s",          \           safe_str(chan->conn->_base.address),                 \           chan->conn->_base.port, (s));                        \    connection_or_close_for_error(chan->conn, 0);               \    return;                                                     \  } while (0)  if (chan->conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)    ERR("We're not doing a v3 handshake!");  if (chan->conn->link_proto < 3)    ERR("We're not using link protocol >= 3");  if (chan->conn->handshake_state->received_certs_cell)    ERR("We already got one");  if (chan->conn->handshake_state->authenticated) {    /* Should be unreachable, but let's make sure. */    ERR("We're already authenticated!");  }  if (cell->payload_len < 1)    ERR("It had no body");  if (cell->circ_id)    ERR("It had a nonzero circuit ID");  n_certs = cell->payload[0];  ptr = cell->payload + 1;  for (i = 0; i < n_certs; ++i) {    uint8_t cert_type;    uint16_t cert_len;    if (ptr + 3 > cell->payload + cell->payload_len) {      goto truncated;    }    cert_type = *ptr;    cert_len = ntohs(get_uint16(ptr+1));    if (ptr + 3 + cert_len > cell->payload + cell->payload_len) {      goto truncated;    }    if (cert_type == OR_CERT_TYPE_TLS_LINK ||        cert_type == OR_CERT_TYPE_ID_1024 ||        cert_type == OR_CERT_TYPE_AUTH_1024) {      tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);      if (!cert) {        log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,               "Received undecodable certificate in CERTS cell from %s:%d",               safe_str(chan->conn->_base.address),               chan->conn->_base.port);      } else {        if (cert_type == OR_CERT_TYPE_TLS_LINK) {          if (link_cert) {            tor_cert_free(cert);            ERR("Too many TLS_LINK certificates");          }          link_cert = cert;        } else if (cert_type == OR_CERT_TYPE_ID_1024) {          if (id_cert) {            tor_cert_free(cert);            ERR("Too many ID_1024 certificates");          }          id_cert = cert;        } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {          if (auth_cert) {            tor_cert_free(cert);            ERR("Too many AUTH_1024 certificates");          }          auth_cert = cert;        } else {          tor_cert_free(cert);        }      }    }    ptr += 3 + cert_len;    continue;  truncated:    ERR("It ends in the middle of a certificate");  }  if (chan->conn->handshake_state->started_here) {    int severity;    if (! (id_cert && link_cert))      ERR("The certs we wanted were missing");    /* Okay. We should be able to check the certificates now. */    if (! tor_tls_cert_matches_key(chan->conn->tls, link_cert)) {      ERR("The link certificate didn't match the TLS public key");    }    /* Note that this warns more loudly about time and validity if we were    * _trying_ to connect to an authority, not necessarily if we _did_ connect    * to one. */    if (router_digest_is_trusted_dir(          TLS_CHAN_TO_BASE(chan)->u.cell_chan.identity_digest))      severity = LOG_WARN;    else      severity = LOG_PROTOCOL_WARN;    if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0))      ERR("The link certificate was not valid");    if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1))      ERR("The ID certificate was not valid");    chan->conn->handshake_state->authenticated = 1;    {      const digests_t *id_digests = tor_cert_get_id_digests(id_cert);      crypto_pk_t *identity_rcvd;      if (!id_digests)        ERR("Couldn't compute digests for key in ID cert");      identity_rcvd = tor_tls_cert_get_key(id_cert);      if (!identity_rcvd)        ERR("Internal error: Couldn't get RSA key from ID cert.");      memcpy(chan->conn->handshake_state->authenticated_peer_id,             id_digests->d[DIGEST_SHA1], DIGEST_LEN);      channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd);      crypto_pk_free(identity_rcvd);    }    if (connection_or_client_learned_peer_id(chan->conn,            chan->conn->handshake_state->authenticated_peer_id) < 0)      ERR("Problem setting or checking peer id");    log_info(LD_OR,             "Got some good certificates from %s:%d: Authenticated it.",             safe_str(chan->conn->_base.address), chan->conn->_base.port);    chan->conn->handshake_state->id_cert = id_cert;    id_cert = NULL;    if (!public_server_mode(get_options())) {      /* If we initiated the connection and we are not a public server, we       * aren't planning to authenticate at all.  At this point we know who we       * are talking to, so we can just send a netinfo now. */      send_netinfo = 1;    }  } else {    if (! (id_cert && auth_cert))      ERR("The certs we wanted were missing");    /* Remember these certificates so we can check an AUTHENTICATE cell */    if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1))      ERR("The authentication certificate was not valid");    if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1))      ERR("The ID certificate was not valid");    log_info(LD_OR,             "Got some good certificates from %s:%d: "             "Waiting for AUTHENTICATE.",             safe_str(chan->conn->_base.address),             chan->conn->_base.port);    /* XXXX check more stuff? */    chan->conn->handshake_state->id_cert = id_cert;    chan->conn->handshake_state->auth_cert = auth_cert;    id_cert = auth_cert = NULL;  }  chan->conn->handshake_state->received_certs_cell = 1;  if (send_netinfo) {    if (connection_or_send_netinfo(chan->conn) < 0) {      log_warn(LD_OR, "Couldn't send netinfo cell");      connection_or_close_for_error(chan->conn, 0);      goto err;    }  } err:  tor_cert_free(id_cert);  tor_cert_free(link_cert);  tor_cert_free(auth_cert);#undef ERR}/** * Process an AUTH_CHALLENGE cell from a channel_tls_t * * This function is called to handle an incoming AUTH_CHALLENGE cell on a * channel_tls_t; if we weren't supposed to get one (for example, because we're * not the originator of the channel), or it's ill-formed, or we aren't doing * a v3 handshake, mark the channel.  If the cell is well-formed but we don't * want to authenticate, just drop it.  If the cell is well-formed *and* we * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell. */static voidchannel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan){  int n_types, i, use_type = -1;  uint8_t *cp;  tor_assert(cell);  tor_assert(chan);  tor_assert(!(TLS_CHAN_TO_BASE(chan)->is_listener));  tor_assert(chan->conn);#define ERR(s)                                                  \  do {                                                          \    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,                      \           "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \           safe_str(chan->conn->_base.address),                 \           chan->conn->_base.port, (s));                        \    connection_or_close_for_error(chan->conn, 0);               \    return;                                                     \  } while (0)  if (chan->conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)    ERR("We're not currently doing a v3 handshake");  if (chan->conn->link_proto < 3)    ERR("We're not using link protocol >= 3");  if (!(chan->conn->handshake_state->started_here))    ERR("We didn't originate this connection");  if (chan->conn->handshake_state->received_auth_challenge)    ERR("We already received one");  if (!(chan->conn->handshake_state->received_certs_cell))    ERR("We haven't gotten a CERTS cell yet");  if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)    ERR("It was too short");  if (cell->circ_id)    ERR("It had a nonzero circuit ID");  n_types = ntohs(get_uint16(cell->payload + OR_AUTH_CHALLENGE_LEN));  if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2 + 2*n_types)    ERR("It looks truncated");  /* Now see if there is an authentication type we can use */  cp = cell->payload+OR_AUTH_CHALLENGE_LEN + 2;  for (i = 0; i < n_types; ++i, cp += 2) {    uint16_t authtype = ntohs(get_uint16(cp));    if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET)      use_type = authtype;  }  chan->conn->handshake_state->received_auth_challenge = 1;  if (! public_server_mode(get_options())) {    /* If we're not a public server then we don't want to authenticate on a       connection we originated, and we already sent a NETINFO cell when we       got the CERTS cell. We have nothing more to do. */    return;  }  if (use_type >= 0) {    log_info(LD_OR,             "Got an AUTH_CHALLENGE cell from %s:%d: Sending "             "authentication",             safe_str(chan->conn->_base.address),             chan->conn->_base.port);    if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) {      log_warn(LD_OR,               "Couldn't send authenticate cell");      connection_or_close_for_error(chan->conn, 0);      return;    }  } else {    log_info(LD_OR,             "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "             "know any of its authentication types. Not authenticating.",             safe_str(chan->conn->_base.address),             chan->conn->_base.port);  }  if (connection_or_send_netinfo(chan->conn) < 0) {    log_warn(LD_OR, "Couldn't send netinfo cell");    connection_or_close_for_error(chan->conn, 0);    return;  }#undef ERR}/** * Process an AUTHENTICATE cell from a channel_tls_t * * If it's ill-formed or we weren't supposed to get one or we're not doing a * v3 handshake, then mark the connection.  If it does not authenticate the * other side of the connection successfully (because it isn't signed right, * we didn't get a CERTS cell, etc) mark the connection.  Otherwise, accept * the identity of the router on the other side of the connection. */static voidchannel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan){  uint8_t expected[V3_AUTH_FIXED_PART_LEN];  const uint8_t *auth;  int authlen;  tor_assert(cell);  tor_assert(chan);  tor_assert(!(TLS_CHAN_TO_BASE(chan)->is_listener));  tor_assert(chan->conn);#define ERR(s)                                                  \  do {                                                          \    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,                      \           "Received a bad AUTHENTICATE cell from %s:%d: %s",   \           safe_str(chan->conn->_base.address),                 \           chan->conn->_base.port, (s));                        \    connection_or_close_for_error(chan->conn, 0);               \    return;                                                     \  } while (0)  if (chan->conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)    ERR("We're not doing a v3 handshake");  if (chan->conn->link_proto < 3)    ERR("We're not using link protocol >= 3");  if (chan->conn->handshake_state->started_here)    ERR("We originated this connection");  if (chan->conn->handshake_state->received_authenticate)    ERR("We already got one!");  if (chan->conn->handshake_state->authenticated) {    /* Should be impossible given other checks */    ERR("The peer is already authenticated");  }  if (!(chan->conn->handshake_state->received_certs_cell))    ERR("We never got a certs cell");  if (chan->conn->handshake_state->auth_cert == NULL)    ERR("We never got an authentication certificate");  if (chan->conn->handshake_state->id_cert == NULL)    ERR("We never got an identity certificate");  if (cell->payload_len < 4)    ERR("Cell was way too short");  auth = cell->payload;  {    uint16_t type = ntohs(get_uint16(auth));    uint16_t len = ntohs(get_uint16(auth+2));    if (4 + len > cell->payload_len)      ERR("Authenticator was truncated");    if (type != AUTHTYPE_RSA_SHA256_TLSSECRET)      ERR("Authenticator type was not recognized");    auth += 4;    authlen = len;  }  if (authlen < V3_AUTH_BODY_LEN + 1)    ERR("Authenticator was too short");  if (connection_or_compute_authenticate_cell_body(                        chan->conn, expected, sizeof(expected), NULL, 1) < 0)    ERR("Couldn't compute expected AUTHENTICATE cell body");  if (tor_memneq(expected, auth, sizeof(expected)))    ERR("Some field in the AUTHENTICATE cell body was not as expected");  {    crypto_pk_t *pk = tor_tls_cert_get_key(                                   chan->conn->handshake_state->auth_cert);    char d[DIGEST256_LEN];    char *signed_data;    size_t keysize;    int signed_len;    if (!pk)      ERR("Internal error: couldn't get RSA key from AUTH cert.");    crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);    keysize = crypto_pk_keysize(pk);    signed_data = tor_malloc(keysize);    signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,                                           (char*)auth + V3_AUTH_BODY_LEN,                                           authlen - V3_AUTH_BODY_LEN);    crypto_pk_free(pk);    if (signed_len < 0) {      tor_free(signed_data);      ERR("Signature wasn't valid");    }    if (signed_len < DIGEST256_LEN) {      tor_free(signed_data);      ERR("Not enough data was signed");    }    /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,     * in case they're later used to hold a SHA3 digest or something. */    if (tor_memneq(signed_data, d, DIGEST256_LEN)) {      tor_free(signed_data);      ERR("Signature did not match data to be signed.");    }    tor_free(signed_data);  }  /* Okay, we are authenticated. */  chan->conn->handshake_state->received_authenticate = 1;  chan->conn->handshake_state->authenticated = 1;  chan->conn->handshake_state->digest_received_data = 0;  {    crypto_pk_t *identity_rcvd =      tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);    const digests_t *id_digests =      tor_cert_get_id_digests(chan->conn->handshake_state->id_cert);    /* This must exist; we checked key type when reading the cert. */    tor_assert(id_digests);    memcpy(chan->conn->handshake_state->authenticated_peer_id,           id_digests->d[DIGEST_SHA1], DIGEST_LEN);    channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd);    crypto_pk_free(identity_rcvd);    connection_or_init_conn_from_address(chan->conn,                  &(chan->conn->_base.addr),                  chan->conn->_base.port,                  (const char*)(chan->conn->handshake_state->                    authenticated_peer_id),                  0);    log_info(LD_OR,             "Got an AUTHENTICATE cell from %s:%d: Looks good.",             safe_str(chan->conn->_base.address),             chan->conn->_base.port);  }#undef ERR}
 |