/** Process a 'netinfo' cell: read and act on its contents, and set the
* connection state to "open". */
static void
command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
{
time_t timestamp;
uint8_t my_addr_type;
uint8_t my_addr_len;
const uint8_t *my_addr_ptr;
const uint8_t *cp, *end;
uint8_t n_other_addrs;
time_t now = time(NULL);
long apparent_skew = 0;
uint32_t my_apparent_addr = 0;
if (conn->link_proto < 2) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Received a NETINFO cell on %s connection; dropping.",
conn->link_proto == 0 ? "non-versioned" : "a v1");
return;
}
if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Received a NETINFO cell on non-handshaking connection; dropping.");
return;
}
tor_assert(conn->handshake_state &&
conn->handshake_state->received_versions);
if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
tor_assert(conn->link_proto >= 3);
if (conn->handshake_state->started_here) {
if (!conn->handshake_state->authenticated) {
log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got a NETINFO cell from server, "
"but no authentication. Closing the connection.");
connection_mark_for_close(TO_CONN(conn));
return;
}
} else {
/* we're the server. If the client never authenticated, we have
some housekeeping to do.*/
if (!conn->handshake_state->authenticated) {
tor_assert(tor_digest_is_zero(
(const char*)conn->handshake_state->authenticated_peer_id));
connection_or_set_circid_type(conn, NULL);
connection_or_init_conn_from_address(conn,
&conn->_base.addr,
conn->_base.port,
(const char*)conn->handshake_state->authenticated_peer_id,
0);
}
}
}
/* Decode the cell. */
timestamp = ntohl(get_uint32(cell->payload));
if (labs(now - conn->handshake_state->sent_versions_at) < 180) {
apparent_skew = now - timestamp;
}
my_addr_type = (uint8_t) cell->payload[4];
my_addr_len = (uint8_t) cell->payload[5];
my_addr_ptr = (uint8_t*) cell->payload + 6;
end = cell->payload + CELL_PAYLOAD_SIZE;
cp = cell->payload + 6 + my_addr_len;
if (cp >= end) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Addresses too long in netinfo cell; closing connection.");
connection_mark_for_close(TO_CONN(conn));
return;
} else if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
my_apparent_addr = ntohl(get_uint32(my_addr_ptr));
}
n_other_addrs = (uint8_t) *cp++;
while (n_other_addrs && cp < end-2) {
/* Consider all the other addresses; if any matches, this connection is
* "canonical." */
tor_addr_t addr;
const uint8_t *next =
decode_address_from_payload(&addr, cp, (int)(end-cp));
if (next == NULL) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Bad address in netinfo cell; closing connection.");
connection_mark_for_close(TO_CONN(conn));
return;
}
if (tor_addr_eq(&addr, &conn->real_addr)) {
conn->is_canonical = 1;
break;
}
cp = next;
--n_other_addrs;
}
/* Act on apparent skew. */
/** Warn when we get a netinfo skew with at least this value. */
#define NETINFO_NOTICE_SKEW 3600
if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
router_get_by_id_digest(conn->identity_digest)) {
char dbuf[64];
int severity;
/*XXXX be smarter about when everybody says we are skewed. */
if (router_digest_is_trusted_dir(conn->identity_digest))
severity = LOG_WARN;
else
severity = LOG_INFO;
format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
log_fn(severity, LD_GENERAL, "Received NETINFO cell with skewed time from "
"server at %s:%d. It seems that our clock is %s by %s, or "
"that theirs is %s. Tor requires an accurate clock to work: "
"please check your time and date settings.",
conn->_base.address, (int)conn->_base.port,
apparent_skew>0 ? "ahead" : "behind", dbuf,
apparent_skew>0 ? "behind" : "ahead");
if (severity == LOG_WARN) /* only tell the controller if an authority */
control_event_general_status(LOG_WARN,
"CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
apparent_skew,
conn->_base.address, conn->_base.port);
}
/* XXX maybe act on my_apparent_addr, if the source is sufficiently
* trustworthy. */
(void)my_apparent_addr;
if (connection_or_set_state_open(conn)<0) {
log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got good NETINFO cell from %s:%d; but "
"was unable to make the OR connection become open.",
safe_str_client(conn->_base.address),
conn->_base.port);
connection_mark_for_close(TO_CONN(conn));
} else {
log_info(LD_OR, "Got good NETINFO cell from %s:%d; OR connection is now "
"open, using protocol version %d. Its ID digest is %s",
safe_str_client(conn->_base.address),
conn->_base.port, (int)conn->link_proto,
hex_str(conn->identity_digest, DIGEST_LEN));
}
assert_connection_ok(TO_CONN(conn),time(NULL));
}
/** Process a CERTS cell from an OR connection.
*
* If the other side should not have sent us a CERTS cell, or the cell is
* malformed, or it is supposed to authenticate the TLS key but it doesn't,
* then mark the connection.
*
* If the cell has a good cert chain and we're doing a v3 handshake, then
* store the certificates in or_handshake_state. If this is the client side
* of the connection, we then authenticate the server or mark the connection.
* If it's the server side, wait for an AUTHENTICATE cell.
*/
static void
command_process_certs_cell(var_cell_t *cell, or_connection_t *conn)
{
#define ERR(s) \
do { \
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
"Received a bad CERTS cell from %s:%d: %s", \
safe_str(conn->_base.address), conn->_base.port, (s)); \
connection_mark_for_close(TO_CONN(conn)); \
goto err; \
} while (0)
tor_cert_t *link_cert = NULL;
tor_cert_t *id_cert = NULL;
tor_cert_t *auth_cert = NULL;
uint8_t *ptr;
int n_certs, i;
if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
ERR("We're not doing a v3 handshake!");
if (conn->link_proto < 3)
ERR("We're not using link protocol >= 3");
if (conn->handshake_state->received_certs_cell)
ERR("We already got one");
if (conn->handshake_state->authenticated) {
/* Should be unreachable, but let's make sure. */
ERR("We're already authenticated!");
}
if (cell->payload_len < 1)
ERR("It had no body");
if (cell->circ_id)
ERR("It had a nonzero circuit ID");
n_certs = cell->payload[0];
ptr = cell->payload + 1;
for (i = 0; i < n_certs; ++i) {
uint8_t cert_type;
uint16_t cert_len;
if (ptr + 3 > cell->payload + cell->payload_len) {
goto truncated;
}
cert_type = *ptr;
cert_len = ntohs(get_uint16(ptr+1));
if (ptr + 3 + cert_len > cell->payload + cell->payload_len) {
goto truncated;
}
if (cert_type == OR_CERT_TYPE_TLS_LINK ||
cert_type == OR_CERT_TYPE_ID_1024 ||
cert_type == OR_CERT_TYPE_AUTH_1024) {
tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
if (!cert) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Received undecodable certificate in CERTS cell from %s:%d",
safe_str(conn->_base.address), conn->_base.port);
} else {
if (cert_type == OR_CERT_TYPE_TLS_LINK) {
if (link_cert) {
tor_cert_free(cert);
ERR("Too many TLS_LINK certificates");
}
link_cert = cert;
} else if (cert_type == OR_CERT_TYPE_ID_1024) {
if (id_cert) {
tor_cert_free(cert);
ERR("Too many ID_1024 certificates");
}
id_cert = cert;
} else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
if (auth_cert) {
tor_cert_free(cert);
ERR("Too many AUTH_1024 certificates");
}
auth_cert = cert;
} else {
tor_cert_free(cert);
}
}
}
ptr += 3 + cert_len;
continue;
truncated:
ERR("It ends in the middle of a certificate");
}
if (conn->handshake_state->started_here) {
int severity;
if (! (id_cert && link_cert))
ERR("The certs we wanted were missing");
/* Okay. We should be able to check the certificates now. */
if (! tor_tls_cert_matches_key(conn->tls, link_cert)) {
ERR("The link certificate didn't match the TLS public key");
}
/* Note that this warns more loudly about time and validity if we were
* _trying_ to connect to an authority, not necessarily if we _did_ connect
* to one. */
if (router_digest_is_trusted_dir(conn->identity_digest))
severity = LOG_WARN;
else
severity = LOG_PROTOCOL_WARN;
if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0))
ERR("The link certificate was not valid");
if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1))
ERR("The ID certificate was not valid");
conn->handshake_state->authenticated = 1;
{
const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
crypto_pk_t *identity_rcvd;
if (!id_digests)
ERR("Couldn't compute digests for key in ID cert");
identity_rcvd = tor_tls_cert_get_key(id_cert);
if (!identity_rcvd)
ERR("Internal error: Couldn't get RSA key from ID cert.");
memcpy(conn->handshake_state->authenticated_peer_id,
id_digests->d[DIGEST_SHA1], DIGEST_LEN);
connection_or_set_circid_type(conn, identity_rcvd);
crypto_pk_free(identity_rcvd);
}
if (connection_or_client_learned_peer_id(conn,
conn->handshake_state->authenticated_peer_id) < 0)
ERR("Problem setting or checking peer id");
log_info(LD_OR, "Got some good certificates from %s:%d: Authenticated it.",
safe_str(conn->_base.address), conn->_base.port);
conn->handshake_state->id_cert = id_cert;
id_cert = NULL;
} else {
if (! (id_cert && auth_cert))
ERR("The certs we wanted were missing");
/* Remember these certificates so we can check an AUTHENTICATE cell */
if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1))
ERR("The authentication certificate was not valid");
if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1))
ERR("The ID certificate was not valid");
log_info(LD_OR, "Got some good certificates from %s:%d: "
"Waiting for AUTHENTICATE.",
safe_str(conn->_base.address), conn->_base.port);
/* XXXX check more stuff? */
conn->handshake_state->id_cert = id_cert;
conn->handshake_state->auth_cert = auth_cert;
id_cert = auth_cert = NULL;
}
conn->handshake_state->received_certs_cell = 1;
err:
tor_cert_free(id_cert);
tor_cert_free(link_cert);
tor_cert_free(auth_cert);
#undef ERR
}
/** Extract status information from <b>ri</b> and from other authority
* functions and store it in <b>rs</b>. <b>rs</b> is zeroed out before it is
* set.
*
* We assume that ri-\>is_running has already been set, e.g. by
* dirserv_set_router_is_running(ri, now);
*/
void
set_routerstatus_from_routerinfo(routerstatus_t *rs,
node_t *node,
const routerinfo_t *ri,
time_t now,
int listbadexits)
{
const or_options_t *options = get_options();
uint32_t routerbw_kb = dirserv_get_credible_bandwidth_kb(ri);
memset(rs, 0, sizeof(routerstatus_t));
rs->is_authority =
router_digest_is_trusted_dir(ri->cache_info.identity_digest);
/* Already set by compute_performance_thresholds. */
rs->is_exit = node->is_exit;
rs->is_stable = node->is_stable =
!dirserv_thinks_router_is_unreliable(now, ri, 1, 0);
rs->is_fast = node->is_fast =
!dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
rs->is_flagged_running = node->is_running; /* computed above */
rs->is_valid = node->is_valid;
if (node->is_fast && node->is_stable &&
ri->supports_tunnelled_dir_requests &&
((options->AuthDirGuardBWGuarantee &&
routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) ||
routerbw_kb >= MIN(guard_bandwidth_including_exits_kb,
guard_bandwidth_excluding_exits_kb))) {
long tk = rep_hist_get_weighted_time_known(
node->identity, now);
double wfu = rep_hist_get_weighted_fractional_uptime(
node->identity, now);
rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
} else {
rs->is_possible_guard = 0;
}
rs->is_bad_exit = listbadexits && node->is_bad_exit;
rs->is_hs_dir = node->is_hs_dir =
dirserv_thinks_router_is_hs_dir(ri, node, now);
rs->is_named = rs->is_unnamed = 0;
rs->published_on = ri->cache_info.published_on;
memcpy(rs->identity_digest, node->identity, DIGEST_LEN);
memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
DIGEST_LEN);
rs->addr = ri->addr;
strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
rs->or_port = ri->or_port;
rs->dir_port = ri->dir_port;
rs->is_v2_dir = ri->supports_tunnelled_dir_requests;
rs->is_staledesc =
(ri->cache_info.published_on + DESC_IS_STALE_INTERVAL) < now;
if (options->AuthDirHasIPv6Connectivity == 1 &&
!tor_addr_is_null(&ri->ipv6_addr) &&
node->last_reachable6 >= now - REACHABLE_TIMEOUT) {
/* We're configured as having IPv6 connectivity. There's an IPv6
OR port and it's reachable so copy it to the routerstatus. */
tor_addr_copy(&rs->ipv6_addr, &ri->ipv6_addr);
rs->ipv6_orport = ri->ipv6_orport;
} else {
tor_addr_make_null(&rs->ipv6_addr, AF_INET6);
rs->ipv6_orport = 0;
}
if (options->TestingTorNetwork) {
dirserv_set_routerstatus_testing(rs);
}
}
