| blob | dd31638eb3c4188a422941e6b2e70082280fdb40 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file connection_or.c
9 * \brief Functions to handle OR connections, TLS handshaking, and
10 * cells on the network.
11 *
12 * An or_connection_t is a subtype of connection_t (as implemented in
13 * connection.c) that uses a TLS connection to send and receive cells on the
14 * Tor network. (By sending and receiving cells connection_or.c, it cooperates
15 * with channeltls.c to implement a the channel interface of channel.c.)
16 *
17 * Every OR connection has an underlying tortls_t object (as implemented in
18 * tortls.c) which it uses as its TLS stream. It is responsible for
19 * sending and receiving cells over that TLS.
20 *
21 * This module also implements the client side of the v3 (and greater) Tor
22 * link handshake.
23 **/
27 /*
28 * Define this so we get channel internal functions, since we're implementing
29 * part of a subclass (channel_tls_t).
30 */
31 #define CHANNEL_OBJECT_PRIVATE
32 #define CONNECTION_OR_PRIVATE
33 #define ORCONN_EVENT_PRIVATE
94 static unsigned int
101 /**************************************************************/
103 /**
104 * Cast a `connection_t *` to an `or_connection_t *`.
105 *
106 * Exit with an assertion failure if the input is not an `or_connnection_t`.
107 **/
108 or_connection_t *
110 {
113 }
115 /**
116 * Cast a `const connection_t *` to a `const or_connection_t *`.
117 *
118 * Exit with an assertion failure if the input is not an `or_connnection_t`.
119 **/
122 {
124 }
126 /** Clear clear conn->identity_digest and update other data
127 * structures as appropriate.*/
128 void
130 {
133 }
135 /** Clear all identities in OR conns.*/
136 void
138 {
141 {
144 }
145 });
146 }
148 /** Change conn->identity_digest to digest, and add conn into
149 * the appropriate digest maps.
150 *
151 * NOTE that this function only allows two kinds of transitions: from
152 * unset identity to set identity, and from idempotent re-settings
153 * of the same identity. It's not allowed to clear an identity or to
154 * change an identity. Return 0 on success, and -1 if the transition
155 * is not allowed.
156 **/
157 static void
161 {
171 conn,
192 /* If the identity was set previously, remove the old mapping. */
197 }
201 /* If we're initializing the IDs to zero, don't add a mapping yet. */
206 /* Deal with channels */
209 }
211 /**
212 * Return the Ed25519 identity of the peer for this connection (if any).
213 *
214 * Note that this ID may not be the _actual_ identity for the peer if
215 * authentication is not complete.
216 **/
219 {
225 }
226 }
229 }
231 /**************************************************************/
233 /** Map from a string describing what a non-open OR connection was doing when
234 * failed, to an intptr_t describing the count of connections that failed that
235 * way. Note that the count is stored _as_ the pointer.
236 */
239 /** If true, do not record information in <b>broken_connection_counts</b>. */
242 /** Record that an OR connection failed in <b>state</b>. */
243 static void
245 {
256 val++;
259 }
261 /** Forget all recorded states for failed connections. If
262 * <b>stop_recording</b> is true, don't record any more. */
263 void
265 {
271 }
273 /** Write a detailed description the state of <b>orconn</b> into the
274 * <b>buflen</b>-byte buffer at <b>buf</b>. This description includes not
275 * only the OR-conn level state but also the TLS state. It's useful for
276 * diagnosing broken handshakes. */
277 static void
280 {
291 }
293 /** Record the current state of <b>orconn</b> as the state of a broken
294 * connection. */
295 static void
297 {
304 }
306 /** Helper type used to sort connection states and find the most frequent. */
312 /** Helper function used to sort broken_state_count_t by frequency. */
313 static int
315 {
321 else
323 }
325 /** Upper limit on the number of different states to report for connection
326 * failure. */
327 #define MAX_REASONS_TO_REPORT 10
329 /** Report a list of the top states for failed OR connections at log level
330 * <b>severity</b>, in log domain <b>domain</b>. */
331 void
333 {
363 }
365 /**
366 * Helper function to publish an OR connection status event
367 *
368 * Publishes a messages to subscribers of ORCONN messages, and sends
369 * the control event.
370 **/
371 void
374 {
382 }
384 /**
385 * Helper function to publish a state change message
386 *
387 * connection_or_change_state() calls this to notify subscribers about
388 * a change of an OR connection state.
389 **/
390 static void
392 {
397 /* Do extra decoding because conn->proxy_type indicates the proxy
398 * protocol that tor uses to talk with the transport plugin,
399 * instead of PROXY_PLUGGABLE. */
404 }
410 }
412 }
414 /** Call this to change or_connection_t states, so the owning channel_tls_t can
415 * be notified.
416 */
420 {
428 }
430 /** Return the number of circuits using an or_connection_t; this used to
431 * be an or_connection_t field, but it got moved to channel_t and we
432 * shouldn't maintain two copies. */
436 {
442 }
444 /**************************************************************/
446 /** Pack the cell_t host-order structure <b>src</b> into network-order
447 * in the buffer <b>dest</b>. See tor-spec.txt for details about the
448 * wire format.
449 *
450 * Note that this function doesn't touch <b>dst</b>-\>next: the caller
451 * should set it or clear it as appropriate.
452 */
453 void
455 {
461 /* Clear the last two bytes of dest, in case we can accidentally
462 * send them to the network somehow. */
466 }
469 }
471 /** Unpack the network-order buffer <b>src</b> into a host-order
472 * cell_t structure <b>dest</b>.
473 */
474 static void
476 {
483 }
486 }
488 /** Write the header of <b>cell</b> into the first VAR_CELL_MAX_HEADER_SIZE
489 * bytes of <b>hdr_out</b>. Returns number of bytes used. */
490 int
492 {
502 }
506 }
508 /** Allocate and return a new var_cell_t with <b>payload_len</b> bytes of
509 * payload space. */
510 var_cell_t *
512 {
519 }
521 /**
522 * Copy a var_cell_t
523 */
525 var_cell_t *
527 {
538 }
541 }
543 /** Release all space held by <b>cell</b>. */
544 void
546 {
548 }
550 /** We've received an EOF from <b>conn</b>. Mark it for close and return. */
551 int
553 {
560 }
562 /** Handle any new bytes that have come in on connection <b>conn</b>.
563 * If conn is in 'open' state, hand it to
564 * connection_or_process_cells_from_inbuf()
565 * (else do nothing).
566 */
567 int
569 {
577 /* start TLS after handshake completion, or deal with error */
582 "when transitioning from PROXY_HANDSHAKING state on %s: "
588 }
591 /* Touch the channel's active timestamp if there is one */
594 }
597 }
607 }
609 /* This check makes sure that we don't have any data on the inbuf if we're
610 * doing our TLS handshake: if we did, they were probably put there by a
611 * SOCKS proxy trying to trick us into accepting unauthenticated data.
612 */
620 }
623 }
625 /** Called whenever we have flushed some data on an or_conn: add more data
626 * from active circuits. */
627 int
629 {
632 /* Update the channel's active timestamp if there is one */
636 /* If we're under the low water mark, add cells until we're just over the
637 * high water mark. */
640 /* Let the scheduler know */
642 }
645 }
647 /** This is for channeltls.c to ask how many cells we could accept if
648 * they were available. */
649 ssize_t
651 {
657 /*
658 * If we're under the high water mark, we're potentially
659 * writeable; note this is different from the calculation above
660 * used to trigger when to start writing after we've stopped.
661 */
666 }
669 }
671 /** Connection <b>conn</b> has finished writing and has no bytes left on
672 * its outbuf.
673 *
674 * Otherwise it's in state "open": stop writing and return.
675 *
676 * If <b>conn</b> is broken, mark it for close and return -1, else
677 * return 0.
678 */
679 int
681 {
687 /* PROXY_HAPROXY gets connected by receiving an ack. */
691 /* This should be impossible; we're not even reading. */
694 }
698 /* TLS handshaking error of some kind. */
701 }
703 }
713 }
715 /* Update the channel's active timestamp if there is one */
720 }
722 /** Connected handler for OR connections: begin the TLS handshake.
723 */
724 int
726 {
738 /* start proxy handshake */
742 }
748 }
751 /* TLS handshaking error of some kind. */
754 }
756 }
758 /** Called when we're about to finally unlink and free an OR connection:
759 * perform necessary accounting and cleanup */
760 void
762 {
765 /* Tell the controlling channel we're closed */
768 /*
769 * NULL this out because the channel might hang around a little
770 * longer before channel_run_cleanup() gets it.
771 */
774 }
776 /* Remember why we're closing this connection. */
778 /* now mark things down as needed */
782 /* Tell the new guard API about the channel failure */
787 reason);
792 }
795 }
797 }
798 }
799 }
801 /* We only set hold_open_until_flushed when we're intentionally
802 * closing a connection. */
808 }
809 }
811 /** Return 1 if identity digest <b>id_digest</b> is known to be a
812 * currently or recently running relay. Otherwise return 0. */
813 int
815 {
820 * it. Probably it was in a recent consensus. "Yes". */
822 }
824 /** Set the per-conn read and write limits for <b>conn</b>. If it's a known
825 * relay, we will rely on the global read and write buckets, so give it
826 * per-conn limits that are big enough they'll never matter. But if it's
827 * not a known relay, first check if we set PerConnBwRate/Burst, then
828 * check if the consensus sets them, else default to 'big enough'.
829 *
830 * If <b>reset</b> is true, set the bucket to be full. Otherwise, just
831 * clip the bucket if it happens to be <em>too</em> full.
832 */
833 static void
836 {
839 /* It's in the consensus, or we have a descriptor for it meaning it
840 * was probably in a recent consensus. It's a recognized relay:
841 * give it full bandwidth. */
845 /* Not a recognized relay. Squeeze it down based on the suggested
846 * bandwidth parameters in the consensus, but allow local config
847 * options to override. */
854 }
859 }
860 }
862 /** Either our set of relays or our per-conn rate limits have changed.
863 * Go through all the OR connections and update their token buckets to make
864 * sure they don't exceed their maximum values. */
865 void
868 {
870 {
873 });
874 }
876 /* Mark <b>or_conn</b> as canonical if <b>is_canonical</b> is set, and
877 * non-canonical otherwise. Adjust idle_timeout accordingly.
878 */
879 void
882 {
885 /* Don't recalculate an existing idle_timeout unless the canonical
886 * status changed. */
888 }
899 }
901 /** If we don't necessarily know the router we're connecting to, but we
902 * have an addr/port/id_digest, then fill in as much as we can. Start
903 * by checking to see if this describes a router we know.
904 * <b>started_here</b> is 1 if we are the initiator of <b>conn</b> and
905 * 0 if it's an incoming connection. */
906 void
912 {
917 started_here);
926 }
929 }
931 /** Check whether the identity of <b>conn</b> matches a known node. If it
932 * does, check whether the address of conn matches the expected address, and
933 * update the connection's is_canonical flag, nickname, and address fields as
934 * appropriate. */
935 static void
937 {
949 /* If this node is capable of proving an ed25519 ID,
950 * we can't call this a canonical connection unless both IDs match. */
952 }
955 tor_addr_port_t node_ipv4_ap;
956 tor_addr_port_t node_ipv6_ap;
962 }
963 /* Choose the correct canonical address and port. */
969 }
970 /* Remember the canonical addr/port so our log messages will make
971 sense. */
981 }
983 /*
984 * We have to tell channeltls.c to update the channel marks (local, in
985 * particular), since we may have changed the address.
986 */
990 }
991 }
993 /** These just pass all the is_bad_for_new_circs manipulation on to
994 * channel_t */
996 static unsigned int
998 {
1004 }
1006 static void
1008 {
1013 }
1015 /** How old do we let a connection to an OR get before deciding it's
1016 * too old for new circuits? */
1017 #define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7)
1019 /** Expire an or_connection if it is too old. Helper for
1020 * connection_or_group_set_badness_ and fast path for
1021 * channel_rsa_id_group_set_badness.
1022 *
1023 * Returns 1 if the connection was already expired, else 0.
1024 */
1025 int
1029 {
1030 /* XXXX this function should also be about channels? */
1039 "Marking %s as too old for new circuits "
1045 }
1048 }
1050 /** Given a list of all the or_connections with a given
1051 * identity, set elements of that list as is_bad_for_new_circs as
1052 * appropriate. Helper for connection_or_set_bad_connections().
1053 *
1054 * Specifically, we set the is_bad_for_new_circs flag on:
1055 * - all connections if <b>force</b> is true.
1056 * - all connections that are too old.
1057 * - all open non-canonical connections for which a canonical connection
1058 * exists to the same router.
1059 * - all open canonical connections for which a 'better' canonical
1060 * connection exists to the same router.
1061 * - all open non-canonical connections for which a 'better' non-canonical
1062 * connection exists to the same router at the same address.
1063 *
1064 * See channel_is_better() in channel.c for our idea of what makes one OR
1065 * connection better than another.
1066 */
1067 void
1069 {
1070 /* XXXX this function should be entirely about channels, not OR
1071 * XXXX connections. */
1077 /* Pass 1: expire everything that's old, and see what the status of
1078 * everything else is. */
1091 }
1094 /* Pass 2: We know how about how good the best connection is.
1095 * expire everything that's worse, and find the very best if we can. */
1102 * when the connection finishes. */
1104 /* We have at least one open canonical connection to this router,
1105 * and this one is open but not canonical. Mark it bad. */
1107 "Marking %s unsuitable for new circuits: "
1115 }
1121 }
1127 /* Pass 3: One connection to OR is best. If it's canonical, mark as bad
1128 * every other open connection. If it's non-canonical, mark as bad
1129 * every other open connection to the same address.
1130 *
1131 * XXXX This isn't optimal; if we have connections to an OR at multiple
1132 * addresses, we'd like to pick the best _for each address_, and mark as
1133 * bad every open connection that isn't best for its address. But this
1134 * can only occur in cases where the other OR is old (so we have no
1135 * canonical connection to it), or where all the connections to the OR are
1136 * at noncanonical addresses and we have no good direct connection (which
1137 * means we aren't at risk of attaching circuits to it anyway). As
1138 * 0.1.2.x dies out, the first case will go away, and the second one is
1139 * "mostly harmless", so a fix can wait until somebody is bored.
1140 */
1149 /* This isn't the best conn, _and_ the best conn is better than it */
1152 "Marking %s as unsuitable for new circuits: "
1154 "We have a better canonical one "
1164 "Marking %s unsuitable for new circuits: "
1166 "one with the "
1173 }
1174 }
1176 }
1178 /* Lifetime of a connection failure. After that, we'll retry. This is in
1179 * seconds. */
1180 #define OR_CONNECT_FAILURE_LIFETIME 60
1181 /* The interval to use with when to clean up the failure cache. */
1182 #define OR_CONNECT_FAILURE_CLEANUP_INTERVAL 60
1184 /* When is the next time we have to cleanup the failure map. We keep this
1185 * because we clean it opportunistically. */
1188 /* OR connection failure entry data structure. It is kept in the connection
1189 * failure map defined below and indexed by OR identity digest, address and
1190 * port.
1191 *
1192 * We need to identify a connection failure with these three values because we
1193 * want to avoid to wrongfully block a relay if someone is trying to
1194 * extend to a known identity digest but with the wrong IP/port. For instance,
1195 * it can happen if a relay changed its port but the client still has an old
1196 * descriptor with the old port. We want to stop connecting to that
1197 * IP/port/identity all together, not only the relay identity. */
1200 /* Identity digest of the connection where it is connecting to. */
1202 /* This is the connection address from the base connection_t. After the
1203 * connection is checked for canonicity, the base address should represent
1204 * what we know instead of where we are connecting to. This is what we need
1205 * so we can correlate known relays within the consensus. */
1206 tor_addr_t addr;
1208 /* Last time we were unable to connect. */
1212 /* Map where we keep connection failure entries. They are indexed by addr,
1213 * port and identity digest. */
1217 /* Helper: Hashtable equal function. Return 1 if equal else 0. */
1218 static int
1221 {
1225 }
1227 /* Helper: Return the hash for the hashtable of the given entry. For this
1228 * table, it is a combination of address, port and identity digest. */
1229 static unsigned int
1231 {
1234 /* Largest size is IPv6 and IPv4 is smaller so it is fine. */
1237 /* Get the right address bytes depending on the family. */
1250 }
1260 }
1269 /* Initialize a given connect failure entry with the given identity_digest,
1270 * addr and port. All field are optional except ocf. */
1271 static void
1274 {
1279 }
1282 }
1284 }
1286 /* Return a newly allocated connection failure entry. It is initialized with
1287 * the given or_conn data. This can't fail. */
1290 {
1295 }
1297 /* Return a connection failure entry matching the given or_conn. NULL is
1298 * returned if not found. */
1301 {
1302 or_connect_failure_entry_t lookup;
1307 }
1309 /* Note down in the connection failure cache that a failure occurred on the
1310 * given or_conn. */
1311 STATIC void
1313 {
1322 }
1324 }
1326 /* Cleanup the connection failure cache and remove all entries below the
1327 * given cutoff. */
1328 static void
1330 {
1341 }
1342 }
1343 }
1345 /* Return true iff the given OR connection can connect to its destination that
1346 * is the triplet identity_digest, address and port.
1347 *
1348 * The or_conn MUST have gone through connection_or_check_canonicity() so the
1349 * base address is properly set to what we know or doesn't know. */
1350 STATIC int
1352 {
1362 /* Opportunistically try to cleanup the failure cache. We do that at regular
1363 * interval so it doesn't grow too big. */
1366 or_connect_failure_map_next_cleanup_ts =
1368 }
1370 /* Look if we have failed previously to the same destination as this
1371 * OR connection. */
1375 }
1376 /* If we do have an unable to connect timestamp and it is below cutoff, we
1377 * can connect. Or we have never failed before so let it connect. */
1380 }
1382 /* Ok we can connect! */
1384 no_connect:
1386 }
1388 /** <b>conn</b> is in the 'connecting' state, and it failed to complete
1389 * a TCP connection. Send notifications appropriately.
1390 *
1391 * <b>reason</b> specifies the or_conn_end_reason for the failure;
1392 * <b>msg</b> specifies the strerror-style error message.
1393 */
1394 void
1397 {
1402 }
1404 /** <b>conn</b> got an error in connection_handle_read_impl() or
1405 * connection_handle_write_impl() and is going to die soon.
1406 *
1407 * <b>reason</b> specifies the or_conn_end_reason for the failure;
1408 * <b>msg</b> specifies the strerror-style error message.
1409 */
1410 void
1413 {
1418 /* If we're connecting, call connect_failed() too */
1422 /* Tell the controlling channel if we have one */
1425 /* Don't transition if we're already in closing, closed or error */
1428 }
1429 }
1431 /* No need to mark for error because connection.c is about to do that */
1432 }
1434 /** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
1435 * handshake with an OR with identity digest <b>id_digest</b>. Optionally,
1436 * pass in a pointer to a channel using this connection.
1437 *
1438 * If <b>id_digest</b> is me, do nothing. If we're already connected to it,
1439 * return that connection. If the connect() is in progress, set the
1440 * new conn's state to 'connecting' and return it. If connect() succeeds,
1441 * call connection_tls_start_handshake() on it.
1442 *
1443 * This function is called from router_retry_connections(), for
1444 * ORs connecting to ORs, and circuit_establish_circuit(), for
1445 * OPs connecting to ORs.
1446 *
1447 * Return the launched conn, or NULL if it failed.
1448 */
1455 {
1459 tor_addr_t addr;
1462 tor_addr_t proxy_addr;
1473 }
1478 }
1482 /*
1483 * Set up conn so it's got all the data we need to remember for channels
1484 *
1485 * This stuff needs to happen before connection_or_init_conn_from_address()
1486 * so connection_or_set_identity_digest() and such know where to look to
1487 * keep the channel up to date.
1488 */
1493 /* We have a proper OR connection setup, now check if we can connect to it
1494 * that is we haven't had a failure earlier. This is to avoid to try to
1495 * constantly connect to relays that we think are not reachable. */
1502 }
1506 /* If we are using a proxy server, find it and use it. */
1516 }
1520 /* This duplication of state change calls is necessary in case we
1521 * run into an error condition below */
1525 /* get_proxy_addrport() might fail if we have a Bridge line that
1526 references a transport, but no ClientTransportPlugin lines
1527 defining its transport proxy. If this is the case, let's try to
1528 output a useful log message to the user. */
1535 "using pluggable transport '%s', but we can't find a pluggable "
1536 "transport proxy supporting '%s'. This can happen if you "
1537 "haven't provided a ClientTransportPlugin line, or if "
1544 END_OR_CONN_REASON_PT_MISSING,
1545 conn);
1551 }
1555 }
1560 /* We failed to establish a connection probably because of a local
1561 * error. No need to blame the guard in this case. Notify the networking
1562 * system of this failure. */
1570 /* writable indicates finish, readable indicates broken link,
1571 error indicates broken link on windows */
1573 /* case 1: fall through */
1574 }
1577 /* already marked for close */
1579 }
1581 }
1583 /** Mark orconn for close and transition the associated channel, if any, to
1584 * the closing state.
1585 *
1586 * It's safe to call this and connection_or_close_for_error() any time, and
1587 * channel layer will treat it as a connection closing for reasons outside
1588 * its control, like the remote end closing it. It can also be a local
1589 * reason that's specific to connection_t/or_connection_t rather than
1590 * the channel mechanism, such as expiration of old connections in
1591 * run_connection_housekeeping(). If you want to close a channel_t
1592 * from somewhere that logically works in terms of generic channels
1593 * rather than connections, use channel_mark_for_close(); see also
1594 * the comment on that function in channel.c.
1595 */
1597 void
1599 {
1607 /* Don't transition if we're already in closing, closed or error */
1610 }
1611 }
1612 }
1614 /** Mark orconn for close and transition the associated channel, if any, to
1615 * the error state.
1616 */
1620 {
1628 /* Don't transition if we're already in closing, closed or error */
1631 }
1632 }
1633 }
1635 /** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
1636 * we initiated the connection, else it's 1.
1637 *
1638 * Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
1639 * pass <b>conn</b> to connection_tls_continue_handshake().
1640 *
1641 * Return -1 if <b>conn</b> is broken, else return 0.
1642 */
1645 {
1649 /* Incoming connections will need a new channel passed to the
1650 * channel_tls_listener */
1652 /* It shouldn't already be set */
1658 }
1661 }
1669 }
1681 }
1683 /** Block all future attempts to renegotiate on 'conn' */
1684 void
1686 {
1692 }
1694 /** Invoked on the server side from inside tor_tls_read() when the server
1695 * gets a successful TLS renegotiation from the client. */
1696 static void
1698 {
1702 /* Don't invoke this again. */
1706 /* XXXX_TLS double-check that it's ok to do this from inside read. */
1707 /* XXXX_TLS double-check that this verifies certificates. */
1709 }
1710 }
1712 /** Move forward with the tls handshake. If it finishes, hand
1713 * <b>conn</b> to connection_tls_finish_handshake().
1714 *
1715 * Return -1 if <b>conn</b> is broken, else return 0.
1716 */
1717 int
1719 {
1724 // log_notice(LD_OR, "Continue handshake with %p", conn->tls);
1726 // log_notice(LD_OR, "Result: %d", result);
1729 CASE_TOR_TLS_ERROR_ANY:
1740 /* v2/v3 handshake, but we are not a client. */
1744 connection_or_tls_renegotiated_cb,
1745 conn);
1747 OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
1751 }
1752 }
1766 }
1768 }
1770 /** Return 1 if we initiated this connection, or 0 if it started
1771 * out as an incoming connection.
1772 */
1773 int
1775 {
1783 }
1785 /** <b>Conn</b> just completed its handshake. Return 0 if all is well, and
1786 * return -1 if they are lying, broken, or otherwise something is wrong.
1787 *
1788 * If we initiated this connection (<b>started_here</b> is true), make sure
1789 * the other side sent a correctly formed certificate. If I initiated the
1790 * connection, make sure it's the right relay by checking the certificate.
1791 *
1792 * Otherwise (if we _didn't_ initiate this connection), it's okay for
1793 * the certificate to be weird or absent.
1794 *
1795 * If we return 0, and the certificate is as expected, write a hash of the
1796 * identity key into <b>digest_rcvd_out</b>, which must have DIGEST_LEN
1797 * space in it.
1798 * If the certificate is invalid or missing on an incoming connection,
1799 * we return 0 and set <b>digest_rcvd_out</b> to DIGEST_LEN NUL bytes.
1800 * (If we return -1, the contents of this buffer are undefined.)
1801 *
1802 * As side effects,
1803 * 1) Set conn->circ_id_type according to tor-spec.txt.
1804 * 2) If we're an authdirserver and we initiated the connection: drop all
1805 * descriptors that claim to be on that IP/port but that aren't
1806 * this relay; and note that this relay is reachable.
1807 * 3) If this is a bridge and we didn't configure its identity
1808 * fingerprint, remember the keyid we just learned.
1809 */
1810 static int
1814 {
1831 }
1847 "The certificate seems to be valid on %s connection "
1850 }
1852 }
1858 }
1861 }
1869 /* A TLS handshake can't teach us an Ed25519 ID, so we set it to NULL
1870 * here. */
1875 NULL);
1876 }
1879 }
1881 /** Called when we (as a connection initiator) have definitively,
1882 * authenticatedly, learned that ID of the Tor instance on the other
1883 * side of <b>conn</b> is <b>rsa_peer_id</b> and optionally <b>ed_peer_id</b>.
1884 * For v1 and v2 handshakes,
1885 * this is right after we get a certificate chain in a TLS handshake
1886 * or renegotiation. For v3+ handshakes, this is right after we get a
1887 * certificate chain in a CERTS cell.
1888 *
1889 * If we did not know the ID before, record the one we got.
1890 *
1891 * If we wanted an ID, but we didn't get the one we expected, log a message
1892 * and return -1.
1893 * On relays:
1894 * - log a protocol warning whenever the fingerprints don't match;
1895 * On clients:
1896 * - if a relay's fingerprint doesn't match, log a warning;
1897 * - if we don't have updated relay fingerprints from a recent consensus, and
1898 * a fallback directory mirror's hard-coded fingerprint has changed, log an
1899 * info explaining that we will try another fallback.
1900 *
1901 * If we're testing reachability, remember what we learned.
1902 *
1903 * Return 0 on success, -1 on failure.
1904 */
1905 int
1909 {
1923 conn,
1940 /* if it's a bridge and we didn't know its identity fingerprint, now
1941 * we do -- remember it for future attempts. */
1945 }
1949 /* It only counts as an ed25519 mismatch if we wanted an ed25519 identity
1950 * and didn't get it. It's okay if we get one that we didn't ask for. */
1952 expected_ed_key &&
1957 /* I was aiming for a particular digest. I didn't get it! */
1965 DIGEST_LEN);
1970 }
1975 }
1988 /* Relays and Single Onion Services make direct connections using
1989 * untrusted authentication keys. */
1994 /* We need to do the checks in this order, because the list of
1995 * fallbacks includes the list of authorities */
1999 /* we expect a small number of fallbacks to change from their
2000 * hard-coded fingerprints over the life of a release */
2004 /* it's a bridge, it's either a misconfiguration, or unexpected */
2006 }
2008 /* a relay has changed its fingerprint from the one in the consensus */
2010 }
2011 }
2014 "Tried connecting to router at %s, but RSA + ed25519 identity "
2019 /* Tell the new guard API about the channel failure */
2022 END_OR_CONN_REASON_OR_IDENTITY);
2026 END_OR_CONN_REASON_OR_IDENTITY,
2027 conn);
2029 }
2037 }
2040 /* If we learned an identity for this connection, then we might have
2041 * just discovered it to be canonical. */
2046 }
2049 // We don't want to use canonical_orport here -- we want the address
2050 // that we really used.
2053 }
2056 }
2058 /** Return when we last used this channel for client activity (origin
2059 * circuits). This is called from connection.c, since client_used is now one
2060 * of the timestamps in channel_t */
2062 time_t
2064 {
2070 }
2072 /** The v1/v2 TLS handshake is finished.
2073 *
2074 * Make sure we are happy with the peer we just handshaked with.
2075 *
2076 * If they initiated the connection, make sure they're not already connected,
2077 * then initialize conn from the information in router.
2078 *
2079 * If all is successful, call circuit_n_conn_done() to handle events
2080 * that have been pending on the <tls handshake completion. Also set the
2081 * directory to be dirty (only matters if I'm an authdirserver).
2082 *
2083 * If this is a v2 TLS handshake, send a versions cell.
2084 */
2085 static int
2087 {
2121 }
2122 }
2124 /**
2125 * Called as client when initial TLS handshake is done, and we notice
2126 * that we got a v3-handshake signalling certificate from the server.
2127 * Set up structures, do bookkeeping, and send the versions cell.
2128 * Return 0 on success and -1 on failure.
2129 */
2130 static int
2132 {
2142 }
2144 /** Allocate a new connection handshake state for the connection
2145 * <b>conn</b>. Return 0 on success, -1 on failure. */
2146 int
2148 {
2153 }
2160 }
2164 }
2166 /** Free all storage held by <b>state</b>. */
2167 void
2169 {
2178 }
2180 /**
2181 * Remember that <b>cell</b> has been transmitted (if <b>incoming</b> is
2182 * false) or received (if <b>incoming</b> is true) during a V3 handshake using
2183 * <b>state</b>.
2184 *
2185 * (We don't record the cell, but we keep a digest of everything sent or
2186 * received during the v3 handshake, and the client signs it in an
2187 * authenticate cell.)
2188 */
2189 void
2194 {
2197 packed_cell_t packed;
2204 }
2207 "while making a handshake digest. But we think we are sending "
2209 }
2215 /* Re-packing like this is a little inefficient, but we don't have to do
2216 this very often at all. */
2220 }
2222 /** Remember that a variable-length <b>cell</b> has been transmitted (if
2223 * <b>incoming</b> is false) or received (if <b>incoming</b> is true) during a
2224 * V3 handshake using <b>state</b>.
2225 *
2226 * (We don't record the cell, but we keep a digest of everything sent or
2227 * received during the v3 handshake, and the client signs it in an
2228 * authenticate cell.)
2229 */
2230 void
2235 {
2245 }
2257 }
2259 /** Set <b>conn</b>'s state to OR_CONN_STATE_OPEN, and tell other subsystems
2260 * as appropriate. Called when we are done with all TLS and OR handshaking.
2261 */
2262 int
2264 {
2268 /* Link protocol 3 appeared in Tor 0.2.3.6-alpha, so any connection
2269 * that uses an earlier link protocol should not be treated as a relay. */
2272 }
2279 }
2281 /** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s outbuf.
2282 * For cells that use or affect a circuit, this should only be called by
2283 * connection_or_flush_from_first_active_circuit().
2284 */
2285 void
2287 {
2288 packed_cell_t networkcell;
2296 /* We need to count padding cells from this non-packed code path
2297 * since they are sent via chan->write_cell() (which is not packed) */
2304 /* Touch the channel's active timestamp if there is one */
2312 }
2313 }
2317 }
2319 /** Pack a variable-length <b>cell</b> into wire-format, and write it onto
2320 * <b>conn</b>'s outbuf. Right now, this <em>DOES NOT</em> support cells that
2321 * affect a circuit.
2322 */
2326 {
2339 /* Touch the channel's active timestamp if there is one */
2342 }
2344 /** See whether there's a variable-length cell waiting on <b>or_conn</b>'s
2345 * inbuf. Return values as for fetch_var_cell_from_buf(). */
2346 static int
2348 {
2351 }
2353 /** Process cells from <b>conn</b>'s inbuf.
2354 *
2355 * Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
2356 * and hand it to command_process_cell().
2357 *
2358 * Always return 0.
2359 */
2360 static int
2362 {
2365 /*
2366 * Note on memory management for incoming cells: below the channel layer,
2367 * we shouldn't need to consider its internal queueing/copying logic. It
2368 * is safe to pass cells to it on the stack or on the heap, but in the
2369 * latter case we must be sure we free them later.
2370 *
2371 * The incoming cell queue code in channel.c will (in the common case)
2372 * decide it can pass them to the upper layer immediately, in which case
2373 * those functions may run directly on the cell pointers we pass here, or
2374 * it may decide to queue them, in which case it will allocate its own
2375 * buffer and copy the cell.
2376 */
2380 TOR_SOCKET_T_FORMAT": starting, inbuf_datalen %d "
2388 /* Touch the channel's active timestamp if there is one */
2399 cell_t cell;
2404 /* Touch the channel's active timestamp if there is one */
2411 /* retrieve cell info from buf (create the host-order struct from the
2412 * network-order string) */
2416 }
2417 }
2418 }
2420 /** Array of recognized link protocol versions. */
2422 /** Number of versions in <b>or_protocol_versions</b>. */
2426 /** Return true iff <b>v</b> is a link protocol version that this Tor
2427 * implementation believes it can support. */
2428 int
2430 {
2435 }
2437 }
2439 /** Send a VERSIONS cell on <b>conn</b>, telling the other host about the
2440 * link protocol versions that this Tor can support.
2441 *
2442 * If <b>v3_plus</b>, this is part of a V3 protocol handshake, so only
2443 * allow protocol version v3 or later. If not <b>v3_plus</b>, this is
2444 * not part of a v3 protocol handshake, so don't allow protocol v3 or
2445 * later.
2446 **/
2447 int
2449 {
2465 }
2473 }
2477 {
2495 }
2498 }
2500 /** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
2501 * about their address, our address, and the current time. */
2504 {
2505 cell_t cell;
2516 }
2523 /* Timestamp, if we're a relay. */
2527 /* Their address. */
2529 /* We can safely use TO_CONN(conn)->addr here, since we no longer replace
2530 * it with a canonical address. */
2535 /* My address -- only include it if I'm a public relay, or if I'm a
2536 * bridge and this is an incoming connection. If I'm a bridge and this
2537 * is an outgoing connection, act like a normal client and omit it. */
2549 }
2550 }
2555 errmsg);
2557 }
2563 }
2570 cleanup:
2574 }