commit 7589995111b452cf7e92f5e9b5d94df244cbdbb9 Merge: 3c97ab3c2 046183714 Author: Nick Mathewson <nickm@torproject.org> Date: Tue Sep 17 09:16:52 2019 -0400 Merge branch 'maint-0.3.5' into bug31107_035 .appveyor.yml | 119 + .gitignore | 139 +- .gitlab-ci.yml | 45 + .gitmodules | 3 + .travis.yml | 78 +- CODE_OF_CONDUCT | 7 + CONTRIBUTING | 39 + ChangeLog | 9099 +++++++++++++++++++- Doxyfile.in | 1184 ++- INSTALL | 34 - LICENSE | 32 +- Makefile.am | 276 +- README | 3 + ReleaseNotes | 7319 +++++++++++++++- acinclude.m4 | 25 +- autogen.sh | 4 +- changes/29241_diagnostic | 4 + changes/bug13221 | 5 + changes/bug21394.2 | 7 - changes/bug22619 | 3 + changes/bug23512 | 6 - changes/bug23681 | 5 - changes/bug23790 | 6 - changes/bug24104 | 4 - changes/bug24661 | 3 + changes/bug24903 | 5 - changes/bug25113 | 5 - changes/bug25116 | 4 - changes/bug25733 | 4 - changes/bug27073 | 4 - changes/bug27197 | 3 + changes/bug27199 | 3 + changes/bug27316 | 3 - changes/bug27658 | 6 - changes/bug27709 | 4 - changes/bug27740 | 4 + changes/bug27741 | 5 + changes/bug27750 | 6 + changes/bug27800 | 4 + changes/bug27804 | 3 + changes/bug27841 | 7 + changes/bug27963_timeradd | 4 + changes/bug27968 | 3 + changes/bug28115 | 3 + changes/bug28127 | 7 + changes/bug28183 | 4 + changes/bug28298 | 4 + changes/bug28303 | 3 + changes/bug28348_034 | 5 + changes/bug28399 | 4 + changes/bug28419 | 3 + changes/bug28435 | 3 + changes/bug28441 | 4 + changes/bug28454 | 4 + changes/bug28485 | 3 + changes/bug28524 | 4 + changes/bug28554 | 3 + changes/bug28562 | 5 + changes/bug28568 | 4 + changes/bug28569 | 3 + changes/bug28612 | 4 + changes/bug28619 | 6 + changes/bug28656 | 3 + changes/bug28698 | 3 + changes/bug28895 | 5 + changes/bug28920 | 6 + changes/bug28938 | 4 + changes/bug28974 | 3 + changes/bug28979 | 4 + changes/bug28981 | 5 + changes/bug28995 | 5 + changes/bug29017 | 4 + changes/bug29034 | 5 + changes/bug29040 | 4 + changes/bug29042 | 5 + changes/bug29135 | 5 + changes/bug29144 | 5 + changes/bug29161 | 3 + changes/bug29175_035 | 4 + changes/bug29241 | 6 + changes/bug29244 | 4 + changes/bug29530_035 | 5 + changes/bug29601 | 6 + changes/bug29670 | 4 + changes/bug29875 | 11 + changes/bug29922 | 4 + changes/bug30011 | 4 + changes/bug30040 | 9 + changes/bug30148 | 4 + changes/bug30189 | 4 + changes/bug30190 | 3 + changes/bug30316 | 4 + changes/bug30452 | 3 + changes/bug30475 | 4 + changes/bug30713 | 5 + changes/bug30744 | 3 + changes/bug30894 | 4 + changes/bug31003 | 4 + changes/bug31463 | 3 + changes/cid1444119 | 3 + changes/geoip-2018-09-06 | 4 - changes/geoip-2018-10-09 | 4 - changes/rust_asan | 8 + changes/ticket19566 | 6 + changes/ticket27252 | 6 - changes/ticket27471 | 5 + changes/ticket27738 | 4 - changes/ticket27751 | 2 + changes/ticket27838 | 4 + changes/ticket27913 | 3 + changes/ticket27995 | 4 + changes/ticket28026 | 3 + changes/ticket28113 | 5 + changes/ticket28128 | 4 + changes/ticket28229_diag | 3 + changes/ticket28275 | 4 + changes/ticket28318 | 3 + changes/ticket28459 | 4 + changes/ticket28574 | 4 + changes/ticket28668 | 3 + changes/ticket28669 | 6 + changes/ticket28838 | 8 + changes/ticket28851 | 4 + changes/ticket28879 | 5 + changes/ticket28881 | 4 + changes/ticket28883 | 4 + changes/ticket28912 | 6 + changes/ticket28924 | 4 + changes/ticket28973 | 6 + changes/ticket29026 | 4 + changes/ticket29160 | 4 + changes/ticket29168 | 5 + changes/ticket29435 | 3 + changes/ticket29617 | 4 + changes/ticket29702 | 4 + changes/ticket29806 | 7 + changes/ticket29962 | 3 + changes/ticket30117 | 4 + changes/ticket30234 | 2 + changes/ticket30454 | 10 + changes/ticket30591 | 3 + changes/ticket30694 | 3 + changes/ticket30871 | 6 + changes/ticket31554 | 4 + config.rust.in | 24 + configure.ac | 967 ++- contrib/dist/tor.service.in | 2 +- contrib/include.am | 1 - contrib/operator-tools/linux-tor-prio.sh | 2 +- contrib/win32build/package_nsis-mingw.sh | 95 - contrib/win32build/tor-mingw.nsi.in | 2 +- doc/HACKING/CodeStructure.md | 129 + doc/HACKING/CodingStandards.md | 237 +- doc/HACKING/CodingStandardsRust.md | 523 ++ doc/HACKING/Fuzzing.md | 123 + doc/HACKING/GettingStarted.md | 5 +- doc/HACKING/GettingStartedRust.md | 183 + doc/HACKING/HelpfulTools.md | 132 +- doc/HACKING/HowToReview.md | 3 + doc/HACKING/Module.md | 111 + doc/HACKING/ReleasingTor.md | 135 +- doc/HACKING/Tracing.md | 91 + doc/HACKING/WritingTests.md | 12 +- doc/HACKING/android/Simpleperf.md | 98 + doc/include.am | 28 +- doc/tor-print-ed-signing-cert.1.txt | 32 + doc/tor-resolve.1.txt | 2 +- doc/tor.1.txt | 1706 ++-- doc/torify.1.txt | 20 +- doc/torrc_format.txt | 15 +- m4/ax_check_sign.m4 | 4 +- m4/pc_from_ucontext.m4 | 20 +- scripts/README | 6 + scripts/coccinelle/ceil_div.cocci | 6 + scripts/coccinelle/test-operator-cleanup | 11 + scripts/coccinelle/test_assert_int.cocci | 49 + scripts/coccinelle/test_assert_null.cocci | 11 + scripts/coccinelle/test_assert_zero.cocci | 5 + scripts/codegen/fuzzing_include_am.py | 154 + scripts/codegen/gen_server_ciphers.py | 64 +- scripts/codegen/get_mozilla_ciphers.py | 15 +- scripts/codegen/makedesc.py | 2 +- scripts/codegen/run_trunnel.sh | 10 +- scripts/maint/analyze_callgraph.py | 259 - scripts/maint/annotate_ifdef_directives | 74 + scripts/maint/checkIncludes.py | 115 + scripts/maint/checkOptionDocs.pl.in | 2 +- scripts/maint/checkSpace.pl | 148 +- scripts/maint/display_callgraph.py | 41 - scripts/maint/fallback.blacklist | 229 - scripts/maint/fallback.whitelist | 525 +- scripts/maint/format_changelog.py | 4 +- scripts/maint/generateFallbackDirLine.py | 38 + scripts/maint/generate_callgraph.sh | 14 - scripts/maint/lintChanges.py | 72 +- scripts/maint/lookupFallbackDirContact.py | 28 + scripts/maint/rectify_include_paths.py | 60 + scripts/maint/redox.py | 4 +- scripts/maint/run_calltool.sh | 29 + scripts/maint/sortChanges.py | 2 +- scripts/maint/updateCopyright.pl | 4 +- scripts/maint/updateFallbackDirs.py | 815 +- scripts/maint/updateRustDependencies.sh | 45 + scripts/test/appveyor-irc-notify.py | 219 + scripts/test/chutney-git-bisect.sh | 62 + scripts/test/cov-diff | 14 +- scripts/test/cov-exclude | 6 + scripts/test/coverage | 8 +- scripts/test/scan-build.sh | 61 +- src/{or => app/config}/auth_dirs.inc | 0 src/app/config/config.c | 8521 ++++++++++++++++++ src/app/config/config.h | 300 + src/app/config/confparse.c | 1207 +++ src/app/config/confparse.h | 233 + src/{or => app/config}/fallback_dirs.inc | 0 src/app/config/or_options_st.h | 1077 +++ src/app/config/or_state_st.h | 92 + src/app/config/statefile.c | 728 ++ src/app/config/statefile.h | 36 + src/app/include.am | 35 + src/app/main/main.c | 1519 ++++ src/app/main/main.h | 31 + src/app/main/ntmain.c | 785 ++ src/app/main/ntmain.h | 28 + src/app/main/tor_main.c | 42 + src/common/Makefile.nmake | 28 - src/common/address.c | 2162 ----- src/common/address.h | 379 - src/common/address_set.c | 129 - src/common/address_set.h | 35 - src/common/aes.c | 404 - src/common/aes.h | 27 - src/common/backtrace.c | 248 - src/common/backtrace.h | 21 - src/common/ciphers.inc | 140 - src/common/compat.c | 3555 -------- src/common/compat.h | 747 -- src/common/compat_libevent.c | 285 - src/common/compat_libevent.h | 75 - src/common/compat_openssl.h | 47 - src/common/compat_pthreads.c | 349 - src/common/compat_threads.c | 332 - src/common/compat_threads.h | 151 - src/common/compat_time.c | 656 -- src/common/compat_time.h | 162 - src/common/compat_winthreads.c | 250 - src/common/container.c | 1517 ---- src/common/container.h | 725 -- src/common/crypto.c | 3432 -------- src/common/crypto.h | 340 - src/common/crypto_curve25519.c | 354 - src/common/crypto_curve25519.h | 87 - src/common/crypto_ed25519.c | 736 -- src/common/crypto_ed25519.h | 131 - src/common/crypto_format.c | 277 - src/common/crypto_format.h | 46 - src/common/crypto_pwbox.c | 212 - src/common/crypto_pwbox.h | 20 - src/common/crypto_s2k.c | 468 - src/common/crypto_s2k.h | 73 - src/common/di_ops.c | 274 - src/common/di_ops.h | 50 - src/common/handles.h | 153 - src/common/include.am | 175 - src/common/log.c | 1395 --- src/common/memarea.c | 306 - src/common/memarea.h | 24 - src/common/procmon.c | 343 - src/common/procmon.h | 33 - src/common/pubsub.c | 129 - src/common/pubsub.h | 179 - src/common/sandbox.c | 2016 ----- src/common/sandbox.h | 182 - src/common/testsupport.h | 90 - src/common/timers.c | 293 - src/common/timers.h | 24 - src/common/torgzip.c | 586 -- src/common/torgzip.h | 72 - src/common/torint.h | 367 - src/common/torlog.h | 251 - src/common/tortls.c | 2579 ------ src/common/tortls.h | 265 - src/common/util.c | 5774 ------------- src/common/util.h | 561 -- src/common/util_bug.c | 115 - src/common/util_bug.h | 204 - src/common/util_format.c | 562 -- src/common/util_format.h | 34 - src/common/util_process.c | 158 - src/common/util_process.h | 26 - src/common/workqueue.c | 538 -- src/common/workqueue.h | 49 - src/config/torrc.minimal.in-staging | 18 +- src/config/torrc.sample.in | 49 +- src/core/crypto/hs_ntor.c | 620 ++ src/core/crypto/hs_ntor.h | 69 + src/core/crypto/onion_crypto.c | 311 + src/core/crypto/onion_crypto.h | 47 + src/core/crypto/onion_fast.c | 144 + src/core/crypto/onion_fast.h | 41 + src/core/crypto/onion_ntor.c | 341 + src/core/crypto/onion_ntor.h | 65 + src/core/crypto/onion_tap.c | 246 + src/core/crypto/onion_tap.h | 40 + src/core/crypto/relay_crypto.c | 332 + src/core/crypto/relay_crypto.h | 31 + src/core/include.am | 404 + src/core/mainloop/connection.c | 5504 ++++++++++++ src/core/mainloop/connection.h | 353 + src/core/mainloop/cpuworker.c | 600 ++ src/core/mainloop/cpuworker.h | 37 + src/core/mainloop/mainloop.c | 2942 +++++++ src/core/mainloop/mainloop.h | 114 + src/core/mainloop/netstatus.c | 28 + src/core/mainloop/netstatus.h | 13 + src/core/mainloop/periodic.c | 174 + src/core/mainloop/periodic.h | 88 + src/core/or/addr_policy_st.h | 46 + src/core/or/address_set.c | 71 + src/core/or/address_set.h | 31 + src/core/or/cell_queue_st.h | 29 + src/core/or/cell_st.h | 20 + src/core/or/channel.c | 3476 ++++++++ src/core/or/channel.h | 780 ++ src/core/or/channelpadding.c | 794 ++ src/core/or/channelpadding.h | 43 + src/core/or/channeltls.c | 2485 ++++++ src/core/or/channeltls.h | 79 + src/core/or/circuit_st.h | 182 + src/core/or/circuitbuild.c | 3012 +++++++ src/core/or/circuitbuild.h | 102 + src/core/or/circuitlist.c | 2853 ++++++ src/core/or/circuitlist.h | 250 + src/core/or/circuitmux.c | 1364 +++ src/core/or/circuitmux.h | 162 + src/core/or/circuitmux_ewma.c | 829 ++ src/core/or/circuitmux_ewma.h | 30 + src/core/or/circuitstats.c | 1951 +++++ src/core/or/circuitstats.h | 213 + src/core/or/circuituse.c | 3142 +++++++ src/core/or/circuituse.h | 93 + src/core/or/command.c | 703 ++ src/core/or/command.h | 31 + src/core/or/connection_edge.c | 4534 ++++++++++ src/core/or/connection_edge.h | 279 + src/core/or/connection_or.c | 3026 +++++++ src/core/or/connection_or.h | 166 + src/core/or/connection_st.h | 149 + src/core/or/cpath_build_state_st.h | 38 + src/core/or/crypt_path_reference_st.h | 23 + src/core/or/crypt_path_st.h | 70 + src/core/or/destroy_cell_queue_st.h | 27 + src/core/or/dos.c | 801 ++ src/core/or/dos.h | 140 + src/core/or/edge_connection_st.h | 77 + src/core/or/entry_connection_st.h | 100 + src/core/or/entry_port_cfg_st.h | 54 + src/core/or/extend_info_st.h | 30 + src/core/or/half_edge_st.h | 34 + src/core/or/listener_connection_st.h | 25 + src/core/or/onion.c | 720 ++ src/core/or/onion.h | 90 + src/core/or/or.h | 1094 +++ src/core/or/or_circuit_st.h | 80 + src/core/or/or_connection_st.h | 92 + src/core/or/or_handshake_certs_st.h | 40 + src/core/or/or_handshake_state_st.h | 78 + src/core/or/origin_circuit_st.h | 294 + src/core/or/policies.c | 3145 +++++++ src/core/or/policies.h | 187 + src/core/or/port_cfg_st.h | 35 + src/core/or/protover.c | 942 ++ src/core/or/protover.h | 97 + src/core/or/protover_rust.c | 34 + src/core/or/reasons.c | 497 ++ src/core/or/reasons.h | 34 + src/core/or/relay.c | 3169 +++++++ src/core/or/relay.h | 124 + src/core/or/relay_crypto_st.h | 31 + src/core/or/scheduler.c | 768 ++ src/core/or/scheduler.h | 218 + src/core/or/scheduler_kist.c | 844 ++ src/core/or/scheduler_vanilla.c | 175 + src/core/or/server_port_cfg_st.h | 20 + src/core/or/socks_request_st.h | 77 + src/core/or/status.c | 252 + src/core/or/status.h | 18 + src/core/or/tor_version_st.h | 32 + src/core/or/var_cell_st.h | 23 + src/core/or/versions.c | 422 + src/core/or/versions.h | 44 + src/core/proto/proto_cell.c | 86 + src/core/proto/proto_cell.h | 17 + src/core/proto/proto_control0.c | 26 + src/core/proto/proto_control0.h | 14 + src/core/proto/proto_ext_or.c | 40 + src/core/proto/proto_ext_or.h | 22 + src/core/proto/proto_http.c | 171 + src/core/proto/proto_http.h | 24 + src/core/proto/proto_socks.c | 1133 +++ src/core/proto/proto_socks.h | 21 + src/ext/OpenBSD_malloc_Linux.c | 2 +- src/ext/byteorder.h | 71 + src/ext/csiphash.c | 50 +- src/ext/curve25519_donna/curve25519-donna-c64.c | 2 +- src/ext/curve25519_donna/curve25519-donna.c | 2 +- src/ext/ed25519/donna/ed25519-donna-impl-base.h | 12 +- .../donna/ed25519-donna-portable-identify.h | 2 +- src/ext/ed25519/donna/ed25519-hash-custom.h | 31 + src/ext/ed25519/donna/ed25519-randombytes-custom.h | 2 +- src/ext/ed25519/donna/ed25519_donna_tor.h | 7 +- src/ext/ed25519/donna/ed25519_tor.c | 43 +- src/ext/ed25519/ref10/blinding.c | 51 +- src/ext/ed25519/ref10/crypto_hash_sha512.h | 30 +- src/ext/ed25519/ref10/crypto_int32.h | 2 +- src/ext/ed25519/ref10/crypto_int64.h | 2 +- src/ext/ed25519/ref10/crypto_uint32.h | 2 +- src/ext/ed25519/ref10/crypto_uint64.h | 2 +- src/ext/ed25519/ref10/crypto_verify_32.h | 3 +- src/ext/ed25519/ref10/ed25519_ref10.h | 6 +- src/ext/ed25519/ref10/keypair.c | 4 +- src/ext/ed25519/ref10/randombytes.h | 2 +- src/ext/getdelim.c | 79 + src/ext/ht.h | 4 +- src/ext/include.am | 4 +- src/ext/keccak-tiny/keccak-tiny-unrolled.c | 21 +- src/ext/keccak-tiny/keccak-tiny.h | 2 +- src/ext/mulodi/mulodi4.c | 2 +- src/ext/rust | 1 + src/ext/siphash.h | 1 + src/ext/timeouts/timeout-bitops.c | 3 +- src/ext/timeouts/timeout.c | 4 +- src/ext/tinytest.c | 13 +- src/ext/trunnel/trunnel-impl.h | 5 +- src/ext/trunnel/trunnel.c | 10 +- src/ext/trunnel/trunnel.h | 4 +- src/feature/api/tor_api.c | 167 + src/feature/api/tor_api.h | 129 + src/feature/api/tor_api_internal.h | 29 + src/feature/client/addressmap.c | 1156 +++ src/feature/client/addressmap.h | 65 + src/feature/client/bridges.c | 1029 +++ src/feature/client/bridges.h | 80 + src/feature/client/circpathbias.c | 1641 ++++ src/feature/client/circpathbias.h | 29 + src/feature/client/dnsserv.c | 415 + src/feature/client/dnsserv.h | 27 + src/feature/client/entrynodes.c | 3824 ++++++++ src/feature/client/entrynodes.h | 639 ++ src/feature/client/transports.c | 1738 ++++ src/feature/client/transports.h | 147 + src/feature/control/control.c | 7902 +++++++++++++++++ src/feature/control/control.h | 417 + src/feature/control/control_connection_st.h | 46 + src/feature/control/fmt_serverstatus.c | 104 + src/feature/control/fmt_serverstatus.h | 18 + src/feature/control/getinfo_geoip.c | 45 + src/feature/control/getinfo_geoip.h | 14 + src/feature/dirauth/authmode.c | 70 + src/feature/dirauth/authmode.h | 46 + src/feature/dirauth/bwauth.c | 459 + src/feature/dirauth/bwauth.h | 58 + src/feature/dirauth/dircollate.c | 327 + src/feature/dirauth/dircollate.h | 70 + src/feature/dirauth/dirvote.c | 4658 ++++++++++ src/feature/dirauth/dirvote.h | 250 + src/feature/dirauth/dsigs_parse.c | 282 + src/feature/dirauth/dsigs_parse.h | 22 + src/feature/dirauth/guardfraction.c | 333 + src/feature/dirauth/guardfraction.h | 24 + src/feature/dirauth/keypin.c | 515 ++ src/feature/dirauth/keypin.h | 47 + src/feature/dirauth/ns_detached_signatures_st.h | 22 + src/feature/dirauth/process_descs.c | 839 ++ src/feature/dirauth/process_descs.h | 38 + src/feature/dirauth/reachability.c | 207 + src/feature/dirauth/reachability.h | 36 + src/feature/dirauth/recommend_pkg.c | 90 + src/feature/dirauth/recommend_pkg.h | 17 + src/feature/dirauth/shared_random.c | 1291 +++ src/feature/dirauth/shared_random.h | 194 + src/feature/dirauth/shared_random_state.c | 1340 +++ src/feature/dirauth/shared_random_state.h | 148 + src/feature/dirauth/vote_microdesc_hash_st.h | 22 + src/feature/dirauth/voteflags.c | 644 ++ src/feature/dirauth/voteflags.h | 31 + src/feature/dircache/cached_dir_st.h | 25 + src/feature/dircache/conscache.c | 627 ++ src/feature/dircache/conscache.h | 66 + src/feature/dircache/consdiffmgr.c | 1945 +++++ src/feature/dircache/consdiffmgr.h | 75 + src/feature/dircache/dircache.c | 1740 ++++ src/feature/dircache/dircache.h | 43 + src/feature/dircache/dirserv.c | 918 ++ src/feature/dircache/dirserv.h | 119 + src/feature/dirclient/dir_server_st.h | 54 + src/feature/dirclient/dirclient.c | 3206 +++++++ src/feature/dirclient/dirclient.h | 172 + src/feature/dirclient/dlstatus.c | 422 + src/feature/dirclient/dlstatus.h | 58 + src/feature/dirclient/download_status_st.h | 65 + src/feature/dircommon/consdiff.c | 1414 +++ src/feature/dircommon/consdiff.h | 99 + src/feature/dircommon/dir_connection_st.h | 67 + src/feature/dircommon/directory.c | 651 ++ src/feature/dircommon/directory.h | 129 + src/feature/dircommon/fp_pair.c | 315 + src/feature/dircommon/fp_pair.h | 56 + src/feature/dircommon/vote_timing_st.h | 24 + src/feature/dircommon/voting_schedule.c | 194 + src/feature/dircommon/voting_schedule.h | 65 + src/feature/dirparse/authcert_members.i | 13 + src/feature/dirparse/authcert_parse.c | 207 + src/feature/dirparse/authcert_parse.h | 18 + src/feature/dirparse/microdesc_parse.c | 267 + src/feature/dirparse/microdesc_parse.h | 20 + src/feature/dirparse/ns_parse.c | 1685 ++++ src/feature/dirparse/ns_parse.h | 45 + src/feature/dirparse/parsecommon.c | 458 + src/feature/dirparse/parsecommon.h | 324 + src/feature/dirparse/policy_parse.c | 224 + src/feature/dirparse/policy_parse.h | 25 + src/feature/dirparse/routerparse.c | 1245 +++ src/feature/dirparse/routerparse.h | 49 + src/feature/dirparse/sigcommon.c | 185 + src/feature/dirparse/sigcommon.h | 48 + src/feature/dirparse/signing.c | 98 + src/feature/dirparse/signing.h | 23 + src/feature/dirparse/unparseable.c | 591 ++ src/feature/dirparse/unparseable.h | 56 + src/feature/hibernate/hibernate.c | 1267 +++ src/feature/hibernate/hibernate.h | 61 + src/feature/hs/hs_cache.c | 986 +++ src/feature/hs/hs_cache.h | 130 + src/feature/hs/hs_cell.c | 952 ++ src/feature/hs/hs_cell.h | 109 + src/feature/hs/hs_circuit.c | 1271 +++ src/feature/hs/hs_circuit.h | 75 + src/feature/hs/hs_circuitmap.c | 585 ++ src/feature/hs/hs_circuitmap.h | 112 + src/feature/hs/hs_client.c | 1945 +++++ src/feature/hs/hs_client.h | 119 + src/feature/hs/hs_common.c | 1829 ++++ src/feature/hs/hs_common.h | 288 + src/feature/hs/hs_config.c | 696 ++ src/feature/hs/hs_config.h | 25 + src/feature/hs/hs_control.c | 261 + src/feature/hs/hs_control.h | 52 + src/feature/hs/hs_descriptor.c | 3073 +++++++ src/feature/hs/hs_descriptor.h | 346 + src/feature/hs/hs_ident.c | 127 + src/feature/hs/hs_ident.h | 150 + src/feature/hs/hs_intropoint.c | 609 ++ src/feature/hs/hs_intropoint.h | 64 + src/feature/hs/hs_service.c | 4170 +++++++++ src/feature/hs/hs_service.h | 444 + src/feature/hs/hs_stats.c | 58 + src/feature/hs/hs_stats.h | 14 + src/feature/hs/hsdir_index_st.h | 24 + src/feature/hs_common/replaycache.c | 209 + src/feature/hs_common/replaycache.h | 67 + src/feature/hs_common/shared_random_client.c | 293 + src/feature/hs_common/shared_random_client.h | 48 + src/feature/keymgt/loadkey.c | 755 ++ src/feature/keymgt/loadkey.h | 55 + src/feature/nodelist/authcert.c | 1208 +++ src/feature/nodelist/authcert.h | 60 + src/feature/nodelist/authority_cert_st.h | 32 + src/feature/nodelist/desc_store_st.h | 39 + src/feature/nodelist/describe.c | 183 + src/feature/nodelist/describe.h | 25 + src/feature/nodelist/dirlist.c | 422 + src/feature/nodelist/dirlist.h | 47 + src/feature/nodelist/document_signature_st.h | 29 + src/feature/nodelist/extrainfo_st.h | 30 + src/feature/nodelist/fmt_routerstatus.c | 253 + src/feature/nodelist/fmt_routerstatus.h | 41 + src/feature/nodelist/microdesc.c | 1063 +++ src/feature/nodelist/microdesc.h | 60 + src/feature/nodelist/microdesc_st.h | 80 + src/feature/nodelist/networkstatus.c | 2723 ++++++ src/feature/nodelist/networkstatus.h | 160 + src/feature/nodelist/networkstatus_sr_info_st.h | 23 + src/feature/nodelist/networkstatus_st.h | 104 + src/feature/nodelist/networkstatus_voter_info_st.h | 30 + src/feature/nodelist/nickname.c | 62 + src/feature/nodelist/nickname.h | 19 + src/feature/nodelist/node_select.c | 1111 +++ src/feature/nodelist/node_select.h | 102 + src/feature/nodelist/node_st.h | 102 + src/feature/nodelist/nodelist.c | 2620 ++++++ src/feature/nodelist/nodelist.h | 169 + src/feature/nodelist/routerinfo.c | 79 + src/feature/nodelist/routerinfo.h | 27 + src/feature/nodelist/routerinfo_st.h | 115 + src/feature/nodelist/routerlist.c | 3234 +++++++ src/feature/nodelist/routerlist.h | 207 + src/feature/nodelist/routerlist_st.h | 40 + src/feature/nodelist/routerset.c | 463 + src/feature/nodelist/routerset.h | 89 + src/feature/nodelist/routerstatus_st.h | 80 + src/feature/nodelist/signed_descriptor_st.h | 61 + src/feature/nodelist/torcert.c | 764 ++ src/feature/nodelist/torcert.h | 116 + src/feature/nodelist/vote_routerstatus_st.h | 41 + src/feature/relay/dns.c | 2187 +++++ src/feature/relay/dns.h | 72 + src/feature/relay/dns_structs.h | 102 + src/feature/relay/ext_orport.c | 662 ++ src/feature/relay/ext_orport.h | 64 + src/feature/relay/onion_queue.c | 361 + src/feature/relay/onion_queue.h | 23 + src/feature/relay/router.c | 3128 +++++++ src/feature/relay/router.h | 122 + src/feature/relay/routerkeys.c | 740 ++ src/feature/relay/routerkeys.h | 45 + src/feature/relay/routermode.c | 80 + src/feature/relay/routermode.h | 24 + src/feature/relay/selftest.c | 301 + src/feature/relay/selftest.h | 24 + src/feature/rend/rend_authorized_client_st.h | 18 + .../rend/rend_encoded_v2_service_descriptor_st.h | 17 + src/feature/rend/rend_intro_point_st.h | 76 + src/feature/rend/rend_service_descriptor_st.h | 34 + src/feature/rend/rendcache.c | 1008 +++ src/feature/rend/rendcache.h | 130 + src/feature/rend/rendclient.c | 1228 +++ src/feature/rend/rendclient.h | 51 + src/feature/rend/rendcommon.c | 1047 +++ src/feature/rend/rendcommon.h | 82 + src/feature/rend/rendmid.c | 370 + src/feature/rend/rendmid.h | 25 + src/feature/rend/rendparse.c | 600 ++ src/feature/rend/rendparse.h | 32 + src/feature/rend/rendservice.c | 4487 ++++++++++ src/feature/rend/rendservice.h | 222 + src/feature/stats/geoip_stats.c | 1425 +++ src/feature/stats/geoip_stats.h | 139 + src/feature/stats/predict_ports.c | 313 + src/feature/stats/predict_ports.h | 30 + src/feature/stats/rephist.c | 2933 +++++++ src/feature/stats/rephist.h | 133 + src/include.am | 43 +- src/lib/arch/.may_include | 2 + src/lib/arch/bytes.h | 182 + src/lib/arch/include.am | 3 + src/lib/cc/.may_include | 1 + src/lib/cc/compat_compiler.h | 220 + src/lib/cc/include.am | 4 + src/lib/cc/torint.h | 128 + src/lib/compress/.may_include | 12 + src/lib/compress/compress.c | 681 ++ src/lib/compress/compress.h | 99 + src/lib/compress/compress_buf.c | 83 + src/lib/compress/compress_lzma.c | 362 + src/lib/compress/compress_lzma.h | 46 + src/lib/compress/compress_none.c | 54 + src/lib/compress/compress_none.h | 20 + src/lib/compress/compress_zlib.c | 304 + src/lib/compress/compress_zlib.h | 46 + src/lib/compress/compress_zstd.c | 541 ++ src/lib/compress/compress_zstd.h | 53 + src/lib/compress/include.am | 26 + src/lib/container/.may_include | 18 + src/lib/container/bitarray.h | 86 + src/lib/container/bloomfilt.c | 113 + src/lib/container/bloomfilt.h | 41 + src/lib/container/buffers.c | 932 ++ src/lib/container/buffers.h | 122 + src/lib/container/handles.h | 153 + src/lib/container/include.am | 27 + src/lib/container/map.c | 413 + src/lib/container/map.h | 261 + src/lib/container/order.c | 48 + src/lib/container/order.h | 60 + src/lib/container/smartlist.c | 866 ++ src/lib/container/smartlist.h | 168 + src/lib/crypt_ops/.may_include | 24 + src/lib/crypt_ops/aes.h | 31 + src/lib/crypt_ops/aes_nss.c | 106 + src/lib/crypt_ops/aes_openssl.c | 410 + src/lib/crypt_ops/compat_openssl.h | 57 + src/lib/crypt_ops/crypto_cipher.c | 190 + src/lib/crypt_ops/crypto_cipher.h | 57 + src/lib/crypt_ops/crypto_curve25519.c | 366 + src/lib/crypt_ops/crypto_curve25519.h | 85 + src/lib/crypt_ops/crypto_dh.c | 113 + src/lib/crypt_ops/crypto_dh.h | 64 + src/lib/crypt_ops/crypto_dh_nss.c | 209 + src/lib/crypt_ops/crypto_dh_openssl.c | 477 + src/lib/crypt_ops/crypto_digest.c | 828 ++ src/lib/crypt_ops/crypto_digest.h | 132 + src/lib/crypt_ops/crypto_ed25519.c | 821 ++ src/lib/crypt_ops/crypto_ed25519.h | 144 + src/lib/crypt_ops/crypto_format.c | 305 + src/lib/crypt_ops/crypto_format.h | 50 + src/lib/crypt_ops/crypto_hkdf.c | 201 + src/lib/crypt_ops/crypto_hkdf.h | 27 + src/lib/crypt_ops/crypto_init.c | 204 + src/lib/crypt_ops/crypto_init.h | 36 + src/lib/crypt_ops/crypto_nss_mgt.c | 132 + src/lib/crypt_ops/crypto_nss_mgt.h | 34 + src/lib/crypt_ops/crypto_ope.c | 185 + src/lib/crypt_ops/crypto_ope.h | 46 + src/lib/crypt_ops/crypto_openssl_mgt.c | 398 + src/lib/crypt_ops/crypto_openssl_mgt.h | 89 + src/lib/crypt_ops/crypto_pwbox.c | 219 + src/lib/crypt_ops/crypto_pwbox.h | 28 + src/lib/crypt_ops/crypto_rand.c | 731 ++ src/lib/crypt_ops/crypto_rand.h | 53 + src/lib/crypt_ops/crypto_rsa.c | 672 ++ src/lib/crypt_ops/crypto_rsa.h | 145 + src/lib/crypt_ops/crypto_rsa_nss.c | 738 ++ src/lib/crypt_ops/crypto_rsa_openssl.c | 590 ++ src/lib/crypt_ops/crypto_s2k.c | 525 ++ src/lib/crypt_ops/crypto_s2k.h | 78 + src/lib/crypt_ops/crypto_util.c | 111 + src/lib/crypt_ops/crypto_util.h | 21 + src/lib/crypt_ops/digestset.c | 58 + src/lib/crypt_ops/digestset.h | 29 + src/lib/crypt_ops/include.am | 70 + src/lib/ctime/.may_include | 5 + src/lib/ctime/di_ops.c | 278 + src/lib/ctime/di_ops.h | 55 + src/lib/ctime/include.am | 25 + src/lib/defs/.may_include | 1 + src/lib/defs/dh_sizes.h | 22 + src/lib/defs/digest_sizes.h | 27 + src/lib/defs/include.am | 5 + src/lib/defs/x25519_sizes.h | 36 + src/lib/encoding/.may_include | 10 + src/lib/encoding/binascii.c | 520 ++ src/lib/encoding/binascii.h | 60 + src/lib/encoding/confline.c | 402 + src/lib/encoding/confline.h | 78 + src/lib/encoding/cstring.c | 138 + src/lib/encoding/cstring.h | 19 + src/lib/encoding/include.am | 26 + src/lib/encoding/keyval.c | 52 + src/lib/encoding/keyval.h | 17 + src/lib/encoding/pem.c | 106 + src/lib/encoding/pem.h | 26 + src/lib/encoding/time_fmt.c | 516 ++ src/lib/encoding/time_fmt.h | 44 + src/lib/err/.may_include | 3 + src/lib/err/backtrace.c | 286 + src/lib/err/backtrace.h | 35 + src/lib/err/include.am | 19 + src/lib/err/torerr.c | 238 + src/lib/err/torerr.h | 47 + src/lib/evloop/.may_include | 16 + src/lib/evloop/compat_libevent.c | 535 ++ src/lib/evloop/compat_libevent.h | 104 + src/lib/evloop/include.am | 26 + src/lib/evloop/procmon.c | 339 + src/lib/evloop/procmon.h | 34 + src/lib/evloop/timers.c | 328 + src/lib/evloop/timers.h | 35 + src/lib/evloop/token_bucket.c | 258 + src/lib/evloop/token_bucket.h | 117 + src/lib/evloop/workqueue.c | 682 ++ src/lib/evloop/workqueue.h | 70 + src/lib/fdio/.may_include | 4 + src/lib/fdio/fdio.c | 115 + src/lib/fdio/fdio.h | 23 + src/lib/fdio/include.am | 17 + src/lib/fs/.may_include | 16 + src/lib/fs/conffile.c | 174 + src/lib/fs/conffile.h | 23 + src/lib/fs/dir.c | 367 + src/lib/fs/dir.h | 33 + src/lib/fs/files.c | 721 ++ src/lib/fs/files.h | 145 + src/lib/fs/freespace.c | 63 + src/lib/fs/include.am | 37 + src/lib/fs/lockfile.c | 145 + src/lib/fs/lockfile.h | 20 + src/lib/fs/mmap.c | 240 + src/lib/fs/mmap.h | 41 + src/lib/fs/path.c | 295 + src/lib/fs/path.h | 30 + src/lib/fs/storagedir.c | 606 ++ src/lib/fs/storagedir.h | 64 + src/lib/fs/userdb.c | 138 + src/lib/fs/userdb.h | 26 + src/lib/fs/winlib.c | 30 + src/lib/fs/winlib.h | 22 + src/lib/geoip/.may_include | 13 + src/lib/geoip/country.h | 16 + src/lib/geoip/geoip.c | 510 ++ src/lib/geoip/geoip.h | 50 + src/lib/geoip/include.am | 17 + src/lib/include.libdonna.am | 24 + src/lib/intmath/.may_include | 4 + src/lib/intmath/addsub.c | 28 + src/lib/intmath/addsub.h | 19 + src/lib/intmath/bits.c | 94 + src/lib/intmath/bits.h | 22 + src/lib/intmath/cmp.h | 39 + src/lib/intmath/include.am | 25 + src/lib/intmath/logic.h | 20 + src/lib/intmath/muldiv.c | 81 + src/lib/intmath/muldiv.h | 28 + src/lib/intmath/weakrng.c | 60 + src/lib/intmath/weakrng.h | 31 + src/lib/lock/.may_include | 5 + src/lib/lock/compat_mutex.c | 40 + src/lib/lock/compat_mutex.h | 66 + src/lib/lock/compat_mutex_pthreads.c | 103 + src/lib/lock/compat_mutex_winthreads.c | 46 + src/lib/lock/include.am | 24 + src/lib/log/.may_include | 15 + src/lib/log/escape.c | 137 + src/lib/log/escape.h | 23 + src/lib/log/git_revision.c | 24 + src/lib/log/git_revision.h | 12 + src/lib/log/include.am | 36 + src/lib/log/log.c | 1483 ++++ src/lib/log/log.h | 276 + src/lib/log/ratelim.c | 60 + src/lib/log/ratelim.h | 53 + src/lib/log/util_bug.c | 161 + src/lib/log/util_bug.h | 246 + src/lib/log/win32err.c | 61 + src/lib/log/win32err.h | 22 + src/lib/malloc/.may_include | 6 + src/lib/malloc/include.am | 21 + src/lib/malloc/malloc.c | 230 + src/lib/malloc/malloc.h | 92 + src/lib/math/.may_include | 5 + src/lib/math/fp.c | 119 + src/lib/math/fp.h | 23 + src/lib/math/include.am | 20 + src/lib/math/laplace.c | 73 + src/lib/math/laplace.h | 22 + src/lib/memarea/.may_include | 7 + src/lib/memarea/include.am | 17 + src/lib/memarea/memarea.c | 403 + src/lib/memarea/memarea.h | 35 + src/lib/meminfo/.may_include | 8 + src/lib/meminfo/include.am | 17 + src/lib/meminfo/meminfo.c | 180 + src/lib/meminfo/meminfo.h | 21 + src/lib/net/.may_include | 15 + src/lib/net/address.c | 2057 +++++ src/lib/net/address.h | 388 + src/lib/net/alertsock.c | 295 + src/lib/net/alertsock.h | 45 + src/lib/net/buffers_net.c | 202 + src/lib/net/buffers_net.h | 27 + src/lib/net/gethostname.c | 30 + src/lib/net/gethostname.h | 19 + src/lib/net/inaddr.c | 267 + src/lib/net/inaddr.h | 27 + src/lib/net/inaddr_st.h | 107 + src/lib/net/include.am | 34 + src/lib/net/nettypes.h | 44 + src/lib/net/resolve.c | 424 + src/lib/net/resolve.h | 58 + src/lib/net/socket.c | 697 ++ src/lib/net/socket.h | 118 + src/lib/net/socketpair.c | 214 + src/lib/net/socketpair.h | 19 + src/lib/net/socks5_status.h | 32 + src/lib/osinfo/.may_include | 5 + src/lib/osinfo/include.am | 17 + src/lib/osinfo/uname.c | 149 + src/lib/osinfo/uname.h | 18 + src/lib/process/.may_include | 17 + src/lib/process/daemon.c | 187 + src/lib/process/daemon.h | 21 + src/lib/process/env.c | 224 + src/lib/process/env.h | 41 + src/lib/process/include.am | 29 + src/lib/process/pidfile.c | 52 + src/lib/process/pidfile.h | 16 + src/lib/process/restrict.c | 285 + src/lib/process/restrict.h | 27 + src/lib/process/setuid.c | 386 + src/lib/process/setuid.h | 22 + src/lib/process/subprocess.c | 1236 +++ src/lib/process/subprocess.h | 134 + src/lib/process/waitpid.c | 154 + src/lib/process/waitpid.h | 29 + src/lib/sandbox/.may_include | 15 + src/lib/sandbox/include.am | 18 + src/{common => lib/sandbox}/linux_syscalls.inc | 0 src/lib/sandbox/sandbox.c | 1808 ++++ src/lib/sandbox/sandbox.h | 150 + src/lib/smartlist_core/.may_include | 7 + src/lib/smartlist_core/include.am | 21 + src/lib/smartlist_core/smartlist_core.c | 234 + src/lib/smartlist_core/smartlist_core.h | 100 + src/lib/smartlist_core/smartlist_foreach.h | 133 + src/lib/smartlist_core/smartlist_split.c | 92 + src/lib/smartlist_core/smartlist_split.h | 20 + src/lib/string/.may_include | 10 + src/lib/string/compat_ctype.c | 72 + src/lib/string/compat_ctype.h | 67 + src/lib/string/compat_string.c | 74 + src/lib/string/compat_string.h | 62 + src/lib/string/include.am | 27 + src/lib/string/parse_int.c | 131 + src/lib/string/parse_int.h | 25 + src/lib/string/printf.c | 167 + src/lib/string/printf.h | 30 + src/lib/string/scanf.c | 317 + src/lib/string/scanf.h | 24 + src/lib/string/util_string.c | 543 ++ src/lib/string/util_string.h | 57 + src/lib/term/.may_include | 9 + src/lib/term/getpass.c | 120 + src/lib/term/getpass.h | 18 + src/lib/term/include.am | 24 + src/lib/testsupport/.may_include | 0 src/lib/testsupport/include.am | 3 + src/lib/testsupport/testsupport.h | 103 + src/lib/thread/.may_include | 7 + src/lib/thread/compat_pthreads.c | 270 + src/lib/thread/compat_threads.c | 111 + src/lib/thread/compat_winthreads.c | 223 + src/lib/thread/include.am | 27 + src/lib/thread/numcpus.c | 98 + src/lib/thread/numcpus.h | 16 + src/lib/thread/threads.h | 168 + src/lib/time/.may_include | 11 + src/lib/time/compat_time.c | 869 ++ src/lib/time/compat_time.h | 235 + src/lib/time/include.am | 19 + src/lib/time/tvdiff.c | 189 + src/lib/time/tvdiff.h | 23 + src/lib/tls/.may_include | 17 + src/lib/tls/buffers_tls.c | 182 + src/lib/tls/buffers_tls.h | 23 + src/lib/tls/ciphers.inc | 100 + src/lib/tls/include.am | 40 + src/lib/tls/nss_countbytes.c | 244 + src/lib/tls/nss_countbytes.h | 25 + src/lib/tls/tortls.c | 442 + src/lib/tls/tortls.h | 160 + src/lib/tls/tortls_internal.h | 76 + src/lib/tls/tortls_nss.c | 833 ++ src/lib/tls/tortls_openssl.c | 1795 ++++ src/lib/tls/tortls_st.h | 75 + src/lib/tls/x509.c | 143 + src/lib/tls/x509.h | 75 + src/lib/tls/x509_internal.h | 53 + src/lib/tls/x509_nss.c | 458 + src/lib/tls/x509_openssl.c | 464 + src/lib/trace/.may_include | 3 + src/lib/trace/debug.h | 30 + src/lib/trace/events.h | 45 + src/lib/trace/include.am | 18 + src/lib/trace/trace.c | 17 + src/lib/trace/trace.h | 14 + src/lib/wallclock/.may_include | 6 + src/lib/wallclock/approx_time.c | 43 + src/lib/wallclock/approx_time.h | 25 + src/lib/wallclock/include.am | 22 + src/lib/wallclock/time_to_tm.c | 200 + src/lib/wallclock/time_to_tm.h | 22 + src/lib/wallclock/timeval.h | 65 + src/lib/wallclock/tor_gettimeofday.c | 82 + src/lib/wallclock/tor_gettimeofday.h | 20 + src/or/Makefile.nmake | 78 - src/or/addressmap.c | 1125 --- src/or/addressmap.h | 65 - src/or/buffers.c | 2065 ----- src/or/buffers.h | 101 - src/or/channel.c | 4617 ---------- src/or/channel.h | 609 -- src/or/channeltls.c | 2208 ----- src/or/channeltls.h | 76 - src/or/circpathbias.c | 1546 ---- src/or/circpathbias.h | 29 - src/or/circuitbuild.c | 2553 ------ src/or/circuitbuild.h | 78 - src/or/circuitlist.c | 2435 ------ src/or/circuitlist.h | 91 - src/or/circuitmux.c | 1990 ----- src/or/circuitmux.h | 160 - src/or/circuitmux_ewma.c | 765 -- src/or/circuitmux_ewma.h | 24 - src/or/circuitstats.c | 1734 ---- src/or/circuitstats.h | 98 - src/or/circuituse.c | 2624 ------ src/or/circuituse.h | 63 - src/or/command.c | 642 -- src/or/command.h | 31 - src/or/config.c | 8013 ----------------- src/or/config.h | 205 - src/or/confparse.c | 1364 --- src/or/confparse.h | 143 - src/or/connection.c | 5177 ----------- src/or/connection.h | 290 - src/or/connection_edge.c | 3825 -------- src/or/connection_edge.h | 192 - src/or/connection_or.c | 2454 ------ src/or/connection_or.h | 107 - src/or/control.c | 7190 ---------------- src/or/control.h | 292 - src/or/cpuworker.c | 572 -- src/or/cpuworker.h | 29 - src/or/dircollate.c | 353 - src/or/dircollate.h | 68 - src/or/directory.c | 4316 ---------- src/or/directory.h | 175 - src/or/dirserv.c | 3913 --------- src/or/dirserv.h | 143 - src/or/dirvote.c | 4012 --------- src/or/dirvote.h | 240 - src/or/dns.c | 2120 ----- src/or/dns.h | 70 - src/or/dns_structs.h | 102 - src/or/dnsserv.c | 396 - src/or/dnsserv.h | 27 - src/or/dos.c | 794 -- src/or/dos.h | 140 - src/or/entrynodes.c | 2561 ------ src/or/entrynodes.h | 187 - src/or/ext_orport.c | 653 -- src/or/ext_orport.h | 42 - src/or/fp_pair.c | 315 - src/or/fp_pair.h | 45 - src/or/geoip.c | 1875 ---- src/or/geoip.h | 100 - src/or/hibernate.c | 1125 --- src/or/hibernate.h | 59 - src/or/include.am | 222 - src/or/keypin.c | 498 -- src/or/keypin.h | 47 - src/or/main.c | 3533 -------- src/or/main.h | 98 - src/or/microdesc.c | 968 --- src/or/microdesc.h | 56 - src/or/networkstatus.c | 2535 ------ src/or/networkstatus.h | 135 - src/or/nodelist.c | 2026 ----- src/or/nodelist.h | 131 - src/or/ntmain.c | 781 -- src/or/ntmain.h | 28 - src/or/onion.c | 1247 --- src/or/onion.h | 121 - src/or/onion_fast.c | 142 - src/or/onion_fast.h | 39 - src/or/onion_ntor.c | 335 - src/or/onion_ntor.h | 61 - src/or/onion_tap.c | 247 - src/or/onion_tap.h | 38 - src/or/or.h | 5392 ------------ src/or/periodic.c | 126 - src/or/periodic.h | 37 - src/or/policies.c | 3040 ------- src/or/policies.h | 147 - src/or/protover.c | 793 -- src/or/protover.h | 74 - src/or/reasons.c | 444 - src/or/reasons.h | 31 - src/or/relay.c | 3068 ------- src/or/relay.h | 115 - src/or/rendcache.c | 1013 --- src/or/rendcache.h | 115 - src/or/rendclient.c | 1567 ---- src/or/rendclient.h | 58 - src/or/rendcommon.c | 1118 --- src/or/rendcommon.h | 87 - src/or/rendmid.c | 382 - src/or/rendmid.h | 25 - src/or/rendservice.c | 4438 ---------- src/or/rendservice.h | 205 - src/or/rephist.c | 3299 ------- src/or/rephist.h | 123 - src/or/replaycache.c | 216 - src/or/replaycache.h | 66 - src/or/router.c | 3658 -------- src/or/router.h | 163 - src/or/routerkeys.c | 1147 --- src/or/routerkeys.h | 77 - src/or/routerlist.c | 5820 ------------- src/or/routerlist.h | 258 - src/or/routerparse.c | 6364 -------------- src/or/routerparse.h | 131 - src/or/routerset.c | 445 - src/or/routerset.h | 84 - src/or/scheduler.c | 707 -- src/or/scheduler.h | 57 - src/or/shared_random.c | 1363 --- src/or/shared_random.h | 168 - src/or/shared_random_state.c | 1360 --- src/or/shared_random_state.h | 149 - src/or/statefile.c | 684 -- src/or/statefile.h | 28 - src/or/status.c | 210 - src/or/status.h | 18 - src/or/tor_main.c | 40 - src/or/torcert.c | 297 - src/or/torcert.h | 76 - src/or/transports.c | 1744 ---- src/or/transports.h | 139 - src/rust/.cargo/config.in | 12 + src/rust/.rustfmt.toml | 12 + src/rust/Cargo.lock | 122 + src/rust/Cargo.toml | 26 + src/rust/build.rs | 190 + src/rust/crypto/Cargo.toml | 37 + src/rust/crypto/digests/mod.rs | 7 + src/rust/crypto/digests/sha2.rs | 234 + src/rust/crypto/lib.rs | 46 + src/rust/crypto/rand/mod.rs | 6 + src/rust/crypto/rand/rng.rs | 145 + src/rust/external/Cargo.toml | 20 + src/rust/external/crypto_digest.rs | 454 + src/rust/external/crypto_rand.rs | 84 + src/rust/external/external.rs | 37 + src/rust/external/lib.rs | 19 + src/rust/include.am | 41 + src/rust/protover/Cargo.toml | 33 + src/rust/protover/errors.rs | 57 + src/rust/protover/ffi.rs | 245 + src/rust/protover/lib.rs | 40 + src/rust/protover/protoset.rs | 689 ++ src/rust/protover/protover.rs | 971 +++ src/rust/protover/tests/protover.rs | 404 + src/rust/smartlist/Cargo.toml | 18 + src/rust/smartlist/lib.rs | 17 + src/rust/smartlist/smartlist.rs | 115 + src/rust/tor_allocate/Cargo.toml | 18 + src/rust/tor_allocate/lib.rs | 20 + src/rust/tor_allocate/tor_allocate.rs | 104 + src/rust/tor_log/Cargo.toml | 21 + src/rust/tor_log/lib.rs | 16 + src/rust/tor_log/tor_log.rs | 265 + src/rust/tor_rust/Cargo.toml | 22 + src/rust/tor_rust/include.am | 28 + src/rust/tor_rust/lib.rs | 5 + src/rust/tor_util/Cargo.toml | 24 + src/rust/tor_util/ffi.rs | 27 + src/rust/tor_util/lib.rs | 14 + src/rust/tor_util/strings.rs | 140 + src/test/Makefile.nmake | 4 +- src/test/bench.c | 125 +- src/test/bt_test.py | 2 +- src/test/ed25519_exts_ref.py | 38 +- src/test/ed25519_vectors.inc | 32 +- src/test/fakechans.h | 3 +- src/test/fuzz/dict/consensus | 52 + src/test/fuzz/dict/descriptor | 41 + src/test/fuzz/dict/extrainfo | 32 + src/test/fuzz/dict/hsdescv2 | 8 + src/test/fuzz/dict/hsdescv3 | 6 + src/test/fuzz/dict/http | 24 + src/test/fuzz/dict/iptsv2 | 6 + src/test/fuzz/dict/microdesc | 7 + src/test/fuzz/fixup_filenames.sh | 19 + src/test/fuzz/fuzz_consensus.c | 81 + src/test/fuzz/fuzz_descriptor.c | 81 + src/test/fuzz/fuzz_diff.c | 69 + src/test/fuzz/fuzz_diff_apply.c | 65 + src/test/fuzz/fuzz_extrainfo.c | 67 + src/test/fuzz/fuzz_hsdescv2.c | 52 + src/test/fuzz/fuzz_hsdescv3.c | 99 + src/test/fuzz/fuzz_http.c | 134 + src/test/fuzz/fuzz_http_connect.c | 109 + src/test/fuzz/fuzz_iptsv2.c | 50 + src/test/fuzz/fuzz_microdesc.c | 49 + src/test/fuzz/fuzz_multi.sh | 34 + src/test/fuzz/fuzz_socks.c | 50 + src/test/fuzz/fuzz_vrs.c | 87 + src/test/fuzz/fuzzing.h | 13 + src/test/fuzz/fuzzing_common.c | 197 + src/test/fuzz/include.am | 440 + src/test/fuzz/minimize.sh | 14 + src/test/fuzz_static_testcases.sh | 27 + src/test/hs_build_address.py | 38 + src/test/hs_indexes.py | 70 + src/test/hs_ntor_ref.py | 428 + src/test/hs_test_helpers.c | 325 + src/test/hs_test_helpers.h | 25 + src/test/include.am | 224 +- src/test/log_test_helpers.c | 6 +- src/test/log_test_helpers.h | 45 +- src/test/ntor_ref.py | 2 +- src/test/ope_ref.py | 40 + src/test/rend_test_helpers.c | 31 +- src/test/rend_test_helpers.h | 7 +- src/test/rust_supp.txt | 1 + src/test/test-child.c | 4 +- src/test/test-memwipe.c | 17 +- src/test/test-network.sh | 4 +- src/test/test-timers.c | 31 +- src/test/test.c | 568 +- src/test/test.h | 79 +- src/test/test_accounting.c | 16 +- src/test/test_addr.c | 248 +- src/test/test_address.c | 147 +- src/test/test_address_set.c | 26 +- src/test/test_bridges.c | 704 ++ src/test/test_bt_cl.c | 27 +- src/test/test_buffers.c | 548 +- src/test/test_bwmgt.c | 233 + src/test/test_cell_formats.c | 66 +- src/test/test_cell_queue.c | 19 +- src/test/test_channel.c | 1931 ++--- src/test/test_channelpadding.c | 1104 +++ src/test/test_channeltls.c | 67 +- src/test/test_checkdir.c | 16 +- src/test/test_circuitbuild.c | 182 + src/test/test_circuitlist.c | 192 +- src/test/test_circuitmux.c | 69 +- src/test/test_circuitstats.c | 206 + src/test/test_circuituse.c | 310 + src/test/test_compat_libevent.c | 71 +- src/test/test_config.c | 1983 +++-- src/test/test_connection.c | 558 +- src/test/test_connection.h | 13 + src/test/test_conscache.c | 340 + src/test/test_consdiff.c | 1185 +++ src/test/test_consdiffmgr.c | 900 ++ src/test/test_containers.c | 150 +- src/test/test_controller.c | 667 +- src/test/test_controller_events.c | 160 +- src/test/test_crypto.c | 538 +- src/test/test_crypto_ope.c | 154 + src/test/test_crypto_openssl.c | 106 + src/test/test_crypto_slow.c | 50 +- src/test/test_data.c | 4 +- src/test/test_dir.c | 2531 ++++-- src/test/test_dir_common.c | 28 +- src/test/test_dir_common.h | 7 +- src/test/test_dir_handle_get.c | 376 +- src/test/test_dns.c | 88 +- src/test/test_dos.c | 31 +- src/test/test_entryconn.c | 202 +- src/test/test_entrynodes.c | 3519 ++++++-- src/test/test_extorport.c | 86 +- src/test/test_geoip.c | 580 ++ src/test/test_guardfraction.c | 81 +- src/test/test_handles.c | 13 +- src/test/test_helpers.c | 229 +- src/test/test_helpers.h | 22 +- src/test/test_hs.c | 613 +- src/test/test_hs_cache.c | 566 ++ src/test/test_hs_cell.c | 131 + src/test/test_hs_client.c | 1010 +++ src/test/test_hs_common.c | 1839 ++++ src/test/test_hs_config.c | 517 ++ src/test/test_hs_control.c | 194 + src/test/test_hs_descriptor.c | 965 +++ src/test/test_hs_descriptor.inc | 224 + src/test/test_hs_intropoint.c | 930 ++ src/test/test_hs_ntor.c | 115 + src/test/test_hs_ntor.sh | 11 + src/test/test_hs_ntor_cl.c | 259 + src/test/test_hs_service.c | 2145 +++++ src/test/test_introduce.c | 20 +- src/test/test_key_expiration.sh | 138 + src/test/test_keygen.sh | 112 +- src/test/test_keypin.c | 112 +- src/test/test_link_handshake.c | 941 +- src/test/test_logging.c | 28 +- src/test/test_mainloop.c | 142 + src/test/test_microdesc.c | 135 +- src/test/test_nodelist.c | 140 +- src/test/test_ntor_cl.c | 18 +- src/test/test_oom.c | 83 +- src/test/test_oos.c | 37 +- src/test/test_options.c | 981 +-- src/test/test_pem.c | 122 + src/test/test_periodic_event.c | 333 + src/test/test_policy.c | 492 +- src/test/test_procmon.c | 10 +- src/test/test_proto_http.c | 213 + src/test/test_proto_misc.c | 265 + src/test/test_protover.c | 363 +- src/test/test_pt.c | 74 +- src/test/test_pubsub.c | 85 - src/test/test_rebind.py | 145 + src/test/test_rebind.sh | 32 + src/test/test_relay.c | 59 +- src/test/test_relaycell.c | 837 +- src/test/test_relaycrypt.c | 190 + src/test/test_rendcache.c | 114 +- src/test/test_replay.c | 34 +- src/test/test_router.c | 119 +- src/test/test_routerkeys.c | 334 +- src/test/test_routerlist.c | 432 +- src/test/test_routerset.c | 130 +- src/test/test_rust.sh | 27 + src/test/test_scheduler.c | 1115 ++- src/test/test_shared_random.c | 508 +- src/test/test_slow.c | 6 +- src/test/test_socks.c | 671 +- src/test/test_status.c | 57 +- src/test/test_storagedir.c | 376 + src/test/test_switch_id.c | 17 +- src/test/test_threads.c | 20 +- src/test/test_tortls.c | 2860 +----- src/test/test_tortls.h | 13 + src/test/test_tortls_openssl.c | 2316 +++++ src/test/test_util.c | 1553 +++- src/test/test_util_format.c | 99 +- src/test/test_util_process.c | 12 +- src/test/test_util_slow.c | 45 +- src/test/test_voting_schedule.c | 64 + src/test/test_workqueue.c | 79 +- src/test/test_x509.c | 205 + src/test/test_zero_length_keys.sh | 6 +- src/test/testing_common.c | 181 +- src/test/testing_rsakeys.c | 546 ++ src/test/zero_length_keys.sh | 3 +- src/tools/Makefile.nmake | 5 +- src/tools/include.am | 80 +- src/tools/tor-checkkey.c | 89 - src/tools/tor-fw-helper/README | 10 - src/tools/tor-gencert.c | 110 +- src/tools/tor-print-ed-signing-cert.c | 65 + src/tools/tor-resolve.c | 72 +- src/tools/tor_runner.c | 112 + src/trunnel/channelpadding_negotiation.c | 281 + src/trunnel/channelpadding_negotiation.h | 98 + src/trunnel/channelpadding_negotiation.trunnel | 17 + src/trunnel/ed25519_cert.c | 2312 ++++- src/trunnel/ed25519_cert.h | 678 +- src/trunnel/ed25519_cert.trunnel | 64 +- src/trunnel/hs/cell_common.c | 595 ++ src/trunnel/hs/cell_common.h | 203 + src/trunnel/hs/cell_common.trunnel | 12 + src/trunnel/hs/cell_establish_intro.c | 735 ++ src/trunnel/hs/cell_establish_intro.h | 276 + src/trunnel/hs/cell_establish_intro.trunnel | 41 + src/trunnel/hs/cell_introduce1.c | 1347 +++ src/trunnel/hs/cell_introduce1.h | 500 ++ src/trunnel/hs/cell_introduce1.trunnel | 75 + src/trunnel/hs/cell_rendezvous.c | 470 + src/trunnel/hs/cell_rendezvous.h | 187 + src/trunnel/hs/cell_rendezvous.trunnel | 29 + src/trunnel/include.am | 36 +- src/trunnel/link_handshake.c | 212 +- src/trunnel/link_handshake.h | 148 +- src/trunnel/pwbox.c | 54 +- src/trunnel/pwbox.h | 38 +- src/trunnel/socks5.c | 3978 +++++++++ src/trunnel/socks5.h | 995 +++ src/trunnel/socks5.trunnel | 94 + src/trunnel/trunnel-local.h | 6 +- src/win32/orconfig.h | 2 +- warning_flags.in | 1 + 1347 files changed, 319206 insertions(+), 195287 deletions(-) diff --cc src/core/or/channeltls.c index 000000000,91a424728..4db283d20 mode 000000,100644..100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@@ -1,0 -1,2477 +1,2485 @@@ + /* * Copyright (c) 2012-2019, The Tor Project, Inc. */ + /* See LICENSE for licensing information */ + + /** + * \file channeltls.c + * + * \brief A concrete subclass of channel_t using or_connection_t to transfer + * cells between Tor instances. + * + * This module fills in the various function pointers in channel_t, to + * implement the channel_tls_t channels as used in Tor today. These channels + * are created from channel_tls_connect() and + * channel_tls_handle_incoming(). Each corresponds 1:1 to or_connection_t + * object, as implemented in connection_or.c. These channels transmit cells + * to the underlying or_connection_t by calling + * connection_or_write_*_cell_to_buf(), and receive cells from the underlying + * or_connection_t when connection_or_process_cells_from_inbuf() calls + * channel_tls_handle_*_cell(). + * + * Here we also implement the server (responder) side of the v3+ Tor link + * handshake, which uses CERTS and AUTHENTICATE cell to negotiate versions, + * exchange expected and observed IP and time information, and bootstrap a + * level of authentication higher than we have gotten on the raw TLS + * handshake. + * + * NOTE: Since there is currently only one type of channel, there are probably + * more than a few cases where functionality that is currently in + * channeltls.c, connection_or.c, and channel.c ought to be divided up + * differently. The right time to do this is probably whenever we introduce + * our next channel type. + **/ + + /* + * Define this so channel.h gives us things only channel_t subclasses + * should touch. + */ + #define TOR_CHANNEL_INTERNAL_ + + #define CHANNELTLS_PRIVATE + + #include "core/or/or.h" + #include "core/or/channel.h" + #include "core/or/channeltls.h" + #include "core/or/circuitmux.h" + #include "core/or/circuitmux_ewma.h" + #include "core/or/command.h" + #include "app/config/config.h" + #include "core/mainloop/connection.h" + #include "core/or/connection_or.h" + #include "feature/control/control.h" + #include "feature/client/entrynodes.h" + #include "trunnel/link_handshake.h" + #include "core/or/relay.h" + #include "feature/stats/rephist.h" + #include "feature/relay/router.h" + #include "feature/relay/routermode.h" + #include "feature/nodelist/dirlist.h" + #include "core/or/scheduler.h" + #include "feature/nodelist/torcert.h" + #include "feature/nodelist/networkstatus.h" + #include "trunnel/channelpadding_negotiation.h" + #include "core/or/channelpadding.h" + + #include "core/or/cell_st.h" + #include "core/or/cell_queue_st.h" + #include "core/or/extend_info_st.h" + #include "core/or/or_connection_st.h" + #include "core/or/or_handshake_certs_st.h" + #include "core/or/or_handshake_state_st.h" + #include "feature/nodelist/routerinfo_st.h" + #include "core/or/var_cell_st.h" + + #include "lib/tls/tortls.h" + #include "lib/tls/x509.h" + + /** How many CELL_PADDING cells have we received, ever? */ + uint64_t stats_n_padding_cells_processed = 0; + /** How many CELL_VERSIONS cells have we received, ever? */ + uint64_t stats_n_versions_cells_processed = 0; + /** How many CELL_NETINFO cells have we received, ever? */ + uint64_t stats_n_netinfo_cells_processed = 0; + /** How many CELL_VPADDING cells have we received, ever? */ + uint64_t stats_n_vpadding_cells_processed = 0; + /** How many CELL_CERTS cells have we received, ever? */ + uint64_t stats_n_certs_cells_processed = 0; + /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */ + uint64_t stats_n_auth_challenge_cells_processed = 0; + /** How many CELL_AUTHENTICATE cells have we received, ever? */ + uint64_t stats_n_authenticate_cells_processed = 0; + /** How many CELL_AUTHORIZE cells have we received, ever? */ + uint64_t stats_n_authorize_cells_processed = 0; + + /** Active listener, if any */ + static channel_listener_t *channel_tls_listener = NULL; + + /* channel_tls_t method declarations */ + + static void channel_tls_close_method(channel_t *chan); + static const char * channel_tls_describe_transport_method(channel_t *chan); + static void channel_tls_free_method(channel_t *chan); + static double channel_tls_get_overhead_estimate_method(channel_t *chan); + static int + channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out); + static int + channel_tls_get_transport_name_method(channel_t *chan, char **transport_out); + static const char * + channel_tls_get_remote_descr_method(channel_t *chan, int flags); + static int channel_tls_has_queued_writes_method(channel_t *chan); + static int channel_tls_is_canonical_method(channel_t *chan, int req); + static int + channel_tls_matches_extend_info_method(channel_t *chan, + extend_info_t *extend_info); + static int channel_tls_matches_target_method(channel_t *chan, + const tor_addr_t *target); + static int channel_tls_num_cells_writeable_method(channel_t *chan); + static size_t channel_tls_num_bytes_queued_method(channel_t *chan); + static int channel_tls_write_cell_method(channel_t *chan, + cell_t *cell); + static int channel_tls_write_packed_cell_method(channel_t *chan, + packed_cell_t *packed_cell); + static int channel_tls_write_var_cell_method(channel_t *chan, + var_cell_t *var_cell); + + /* channel_listener_tls_t method declarations */ + + static void channel_tls_listener_close_method(channel_listener_t *chan_l); + static const char * + channel_tls_listener_describe_transport_method(channel_listener_t *chan_l); + + /** Handle incoming cells for the handshake stuff here rather than + * passing them on up. */ + + static void channel_tls_process_versions_cell(var_cell_t *cell, + channel_tls_t *tlschan); + static void channel_tls_process_netinfo_cell(cell_t *cell, + channel_tls_t *tlschan); + static int command_allowed_before_handshake(uint8_t command); + static int enter_v3_handshake_with_cell(var_cell_t *cell, + channel_tls_t *tlschan); + static void channel_tls_process_padding_negotiate_cell(cell_t *cell, + channel_tls_t *chan); + + /** + * Do parts of channel_tls_t initialization common to channel_tls_connect() + * and channel_tls_handle_incoming(). + */ + STATIC void + channel_tls_common_init(channel_tls_t *tlschan) + { + channel_t *chan; + + tor_assert(tlschan); + + chan = &(tlschan->base_); + channel_init(chan); + chan->magic = TLS_CHAN_MAGIC; + chan->state = CHANNEL_STATE_OPENING; + chan->close = channel_tls_close_method; + chan->describe_transport = channel_tls_describe_transport_method; + chan->free_fn = channel_tls_free_method; + chan->get_overhead_estimate = channel_tls_get_overhead_estimate_method; + chan->get_remote_addr = channel_tls_get_remote_addr_method; + chan->get_remote_descr = channel_tls_get_remote_descr_method; + chan->get_transport_name = channel_tls_get_transport_name_method; + chan->has_queued_writes = channel_tls_has_queued_writes_method; + chan->is_canonical = channel_tls_is_canonical_method; + chan->matches_extend_info = channel_tls_matches_extend_info_method; + chan->matches_target = channel_tls_matches_target_method; + chan->num_bytes_queued = channel_tls_num_bytes_queued_method; + chan->num_cells_writeable = channel_tls_num_cells_writeable_method; + chan->write_cell = channel_tls_write_cell_method; + chan->write_packed_cell = channel_tls_write_packed_cell_method; + chan->write_var_cell = channel_tls_write_var_cell_method; + + chan->cmux = circuitmux_alloc(); + /* We only have one policy for now so always set it to EWMA. */ + circuitmux_set_policy(chan->cmux, &ewma_policy); + } + + /** + * Start a new TLS channel. + * + * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to + * handshake with an OR with identity digest <b>id_digest</b>, and wrap + * it in a channel_tls_t. + */ + channel_t * + channel_tls_connect(const tor_addr_t *addr, uint16_t port, + const char *id_digest, + const ed25519_public_key_t *ed_id) + { + channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan)); + channel_t *chan = &(tlschan->base_); + + channel_tls_common_init(tlschan); + + log_debug(LD_CHANNEL, + "In channel_tls_connect() for channel %p " + "(global id %"PRIu64 ")", + tlschan, + (chan->global_identifier)); + + if (is_local_addr(addr)) { + log_debug(LD_CHANNEL, + "Marking new outgoing channel %"PRIu64 " at %p as local", + (chan->global_identifier), chan); + channel_mark_local(chan); + } else { + log_debug(LD_CHANNEL, + "Marking new outgoing channel %"PRIu64 " at %p as remote", + (chan->global_identifier), chan); + channel_mark_remote(chan); + } + + channel_mark_outgoing(chan); + + /* Set up or_connection stuff */ + tlschan->conn = connection_or_connect(addr, port, id_digest, ed_id, tlschan); + /* connection_or_connect() will fill in tlschan->conn */ + if (!(tlschan->conn)) { + chan->reason_for_closing = CHANNEL_CLOSE_FOR_ERROR; + channel_change_state(chan, CHANNEL_STATE_ERROR); + goto err; + } + + log_debug(LD_CHANNEL, + "Got orconn %p for channel with global id %"PRIu64, + tlschan->conn, (chan->global_identifier)); + + goto done; + + err: + circuitmux_free(chan->cmux); + tor_free(tlschan); + chan = NULL; + + done: + /* If we got one, we should register it */ + if (chan) channel_register(chan); + + return chan; + } + + /** + * Return the current channel_tls_t listener. + * + * Returns the current channel listener for incoming TLS connections, or + * NULL if none has been established + */ + channel_listener_t * + channel_tls_get_listener(void) + { + return channel_tls_listener; + } + + /** + * Start a channel_tls_t listener if necessary. + * + * Return the current channel_tls_t listener, or start one if we haven't yet, + * and return that. + */ + channel_listener_t * + channel_tls_start_listener(void) + { + channel_listener_t *listener; + + if (!channel_tls_listener) { + listener = tor_malloc_zero(sizeof(*listener)); + channel_init_listener(listener); + listener->state = CHANNEL_LISTENER_STATE_LISTENING; + listener->close = channel_tls_listener_close_method; + listener->describe_transport = + channel_tls_listener_describe_transport_method; + + channel_tls_listener = listener; + + log_debug(LD_CHANNEL, + "Starting TLS channel listener %p with global id %"PRIu64, + listener, (listener->global_identifier)); + + channel_listener_register(listener); + } else listener = channel_tls_listener; + + return listener; + } + + /** + * Free everything on shutdown. + * + * Not much to do here, since channel_free_all() takes care of a lot, but let's + * get rid of the listener. + */ + void + channel_tls_free_all(void) + { + channel_listener_t *old_listener = NULL; + + log_debug(LD_CHANNEL, + "Shutting down TLS channels..."); + + if (channel_tls_listener) { + /* + * When we close it, channel_tls_listener will get nulled out, so save + * a pointer so we can free it. + */ + old_listener = channel_tls_listener; + log_debug(LD_CHANNEL, + "Closing channel_tls_listener with ID %"PRIu64 + " at %p.", + (old_listener->global_identifier), + old_listener); + channel_listener_unregister(old_listener); + channel_listener_mark_for_close(old_listener); + channel_listener_free(old_listener); + tor_assert(channel_tls_listener == NULL); + } + + log_debug(LD_CHANNEL, + "Done shutting down TLS channels"); + } + + /** + * Create a new channel around an incoming or_connection_t. + */ + channel_t * + channel_tls_handle_incoming(or_connection_t *orconn) + { + channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan)); + channel_t *chan = &(tlschan->base_); + + tor_assert(orconn); + tor_assert(!(orconn->chan)); + + channel_tls_common_init(tlschan); + + /* Link the channel and orconn to each other */ + tlschan->conn = orconn; + orconn->chan = tlschan; + + if (is_local_addr(&(TO_CONN(orconn)->addr))) { + log_debug(LD_CHANNEL, + "Marking new incoming channel %"PRIu64 " at %p as local", + (chan->global_identifier), chan); + channel_mark_local(chan); + } else { + log_debug(LD_CHANNEL, + "Marking new incoming channel %"PRIu64 " at %p as remote", + (chan->global_identifier), chan); + channel_mark_remote(chan); + } + + channel_mark_incoming(chan); + + /* Register it */ + channel_register(chan); + + return chan; + } + + /********* + * Casts * + ********/ + + /** + * Cast a channel_tls_t to a channel_t. + */ + channel_t * + channel_tls_to_base(channel_tls_t *tlschan) + { + if (!tlschan) return NULL; + + return &(tlschan->base_); + } + + /** + * Cast a channel_t to a channel_tls_t, with appropriate type-checking + * asserts. + */ + channel_tls_t * + channel_tls_from_base(channel_t *chan) + { + if (!chan) return NULL; + + tor_assert(chan->magic == TLS_CHAN_MAGIC); + + return (channel_tls_t *)(chan); + } + + /******************************************** + * Method implementations for channel_tls_t * + *******************************************/ + + /** + * Close a channel_tls_t. + * + * This implements the close method for channel_tls_t. + */ + static void + channel_tls_close_method(channel_t *chan) + { + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + + if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1); + else { + /* Weird - we'll have to change the state ourselves, I guess */ + log_info(LD_CHANNEL, + "Tried to close channel_tls_t %p with NULL conn", + tlschan); + channel_change_state(chan, CHANNEL_STATE_ERROR); + } + } + + /** + * Describe the transport for a channel_tls_t. + * + * This returns the string "TLS channel on connection <id>" to the upper + * layer. + */ + static const char * + channel_tls_describe_transport_method(channel_t *chan) + { + static char *buf = NULL; + uint64_t id; + channel_tls_t *tlschan; + const char *rv = NULL; + + tor_assert(chan); + + tlschan = BASE_CHAN_TO_TLS(chan); + + if (tlschan->conn) { + id = TO_CONN(tlschan->conn)->global_identifier; + + if (buf) tor_free(buf); + tor_asprintf(&buf, + "TLS channel (connection %"PRIu64 ")", + (id)); + + rv = buf; + } else { + rv = "TLS channel (no connection)"; + } + + return rv; + } + + /** + * Free a channel_tls_t. + * + * This is called by the generic channel layer when freeing a channel_tls_t; + * this happens either on a channel which has already reached + * CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or + * on shutdown from channel_free_all(). In the latter case we might still + * have an orconn active (which connection_free_all() will get to later), + * so we should null out its channel pointer now. + */ + static void + channel_tls_free_method(channel_t *chan) + { + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + + if (tlschan->conn) { + tlschan->conn->chan = NULL; + tlschan->conn = NULL; + } + } + + /** + * Get an estimate of the average TLS overhead for the upper layer. + */ + static double + channel_tls_get_overhead_estimate_method(channel_t *chan) + { + double overhead = 1.0; + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + tor_assert(tlschan->conn); + + /* Just return 1.0f if we don't have sensible data */ + if (tlschan->conn->bytes_xmitted > 0 && + tlschan->conn->bytes_xmitted_by_tls >= + tlschan->conn->bytes_xmitted) { + overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) / + ((double)(tlschan->conn->bytes_xmitted)); + + /* + * Never estimate more than 2.0; otherwise we get silly large estimates + * at the very start of a new TLS connection. + */ + if (overhead > 2.0) + overhead = 2.0; + } + + log_debug(LD_CHANNEL, + "Estimated overhead ratio for TLS chan %"PRIu64 " is %f", + (chan->global_identifier), overhead); + + return overhead; + } + + /** + * Get the remote address of a channel_tls_t. + * + * This implements the get_remote_addr method for channel_tls_t; copy the + * remote endpoint of the channel to addr_out and return 1 (always + * succeeds for this transport). + */ + static int + channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out) + { + int rv = 0; + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + tor_assert(addr_out); + + if (tlschan->conn) { + tor_addr_copy(addr_out, &(tlschan->conn->real_addr)); + rv = 1; + } else tor_addr_make_unspec(addr_out); + + return rv; + } + + /** + * Get the name of the pluggable transport used by a channel_tls_t. + * + * This implements the get_transport_name for channel_tls_t. If the + * channel uses a pluggable transport, copy its name to + * <b>transport_out</b> and return 0. If the channel did not use a + * pluggable transport, return -1. + */ + static int + channel_tls_get_transport_name_method(channel_t *chan, char **transport_out) + { + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + tor_assert(transport_out); + tor_assert(tlschan->conn); + + if (!tlschan->conn->ext_or_transport) + return -1; + + *transport_out = tor_strdup(tlschan->conn->ext_or_transport); + return 0; + } + + /** + * Get endpoint description of a channel_tls_t. + * + * This implements the get_remote_descr method for channel_tls_t; it returns + * a text description of the remote endpoint of the channel suitable for use + * in log messages. The req parameter is 0 for the canonical address or 1 for + * the actual address seen. + */ + static const char * + channel_tls_get_remote_descr_method(channel_t *chan, int flags) + { + #define MAX_DESCR_LEN 32 + + static char buf[MAX_DESCR_LEN + 1]; + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + connection_t *conn; + const char *answer = NULL; + char *addr_str; + + tor_assert(tlschan); + + if (tlschan->conn) { + conn = TO_CONN(tlschan->conn); + switch (flags) { + case 0: + /* Canonical address with port*/ + tor_snprintf(buf, MAX_DESCR_LEN + 1, + "%s:%u", conn->address, conn->port); + answer = buf; + break; + case GRD_FLAG_ORIGINAL: + /* Actual address with port */ + addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr)); + tor_snprintf(buf, MAX_DESCR_LEN + 1, + "%s:%u", addr_str, conn->port); + tor_free(addr_str); + answer = buf; + break; + case GRD_FLAG_ADDR_ONLY: + /* Canonical address, no port */ + strlcpy(buf, conn->address, sizeof(buf)); + answer = buf; + break; + case GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY: + /* Actual address, no port */ + addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr)); + strlcpy(buf, addr_str, sizeof(buf)); + tor_free(addr_str); + answer = buf; + break; + default: + /* Something's broken in channel.c */ + tor_assert_nonfatal_unreached_once(); + } + } else { + strlcpy(buf, "(No connection)", sizeof(buf)); + answer = buf; + } + + return answer; + } + + /** + * Tell the upper layer if we have queued writes. + * + * This implements the has_queued_writes method for channel_tls t_; it returns + * 1 iff we have queued writes on the outbuf of the underlying or_connection_t. + */ + static int + channel_tls_has_queued_writes_method(channel_t *chan) + { + size_t outbuf_len; + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + if (!(tlschan->conn)) { + log_info(LD_CHANNEL, + "something called has_queued_writes on a tlschan " + "(%p with ID %"PRIu64 " but no conn", + chan, (chan->global_identifier)); + } + + outbuf_len = (tlschan->conn != NULL) ? + connection_get_outbuf_len(TO_CONN(tlschan->conn)) : + 0; + + return (outbuf_len > 0); + } + + /** + * Tell the upper layer if we're canonical. + * + * This implements the is_canonical method for channel_tls_t; if req is zero, + * it returns whether this is a canonical channel, and if it is one it returns + * whether that can be relied upon. + */ + static int + channel_tls_is_canonical_method(channel_t *chan, int req) + { + int answer = 0; + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + + if (tlschan->conn) { + switch (req) { + case 0: + answer = tlschan->conn->is_canonical; + break; + case 1: + /* + * Is the is_canonical bit reliable? In protocols version 2 and up + * we get the canonical address from a NETINFO cell, but in older + * versions it might be based on an obsolete descriptor. + */ + answer = (tlschan->conn->link_proto >= 2); + break; + default: + /* This shouldn't happen; channel.c is broken if it does */ + tor_assert_nonfatal_unreached_once(); + } + } + /* else return 0 for tlschan->conn == NULL */ + + return answer; + } + + /** + * Check if we match an extend_info_t. + * + * This implements the matches_extend_info method for channel_tls_t; the upper + * layer wants to know if this channel matches an extend_info_t. + */ + static int + channel_tls_matches_extend_info_method(channel_t *chan, + extend_info_t *extend_info) + { + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + tor_assert(extend_info); + + /* Never match if we have no conn */ + if (!(tlschan->conn)) { + log_info(LD_CHANNEL, + "something called matches_extend_info on a tlschan " + "(%p with ID %"PRIu64 " but no conn", + chan, (chan->global_identifier)); + return 0; + } + + return (tor_addr_eq(&(extend_info->addr), + &(TO_CONN(tlschan->conn)->addr)) && + (extend_info->port == TO_CONN(tlschan->conn)->port)); + } + + /** + * Check if we match a target address; return true iff we do. + * + * This implements the matches_target method for channel_tls t_; the upper + * layer wants to know if this channel matches a target address when extending + * a circuit. + */ + static int + channel_tls_matches_target_method(channel_t *chan, + const tor_addr_t *target) + { + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + tor_assert(target); + + /* Never match if we have no conn */ + if (!(tlschan->conn)) { + log_info(LD_CHANNEL, + "something called matches_target on a tlschan " + "(%p with ID %"PRIu64 " but no conn", + chan, (chan->global_identifier)); + return 0; + } + + /* real_addr is the address this connection came from. + * base_.addr is updated by connection_or_init_conn_from_address() + * to be the address in the descriptor. It may be tempting to + * allow either address to be allowed, but if we did so, it would + * enable someone who steals a relay's keys to impersonate/MITM it + * from anywhere on the Internet! (Because they could make long-lived + * TLS connections from anywhere to all relays, and wait for them to + * be used for extends). + */ + return tor_addr_eq(&(tlschan->conn->real_addr), target); + } + + /** + * Tell the upper layer how many bytes we have queued and not yet + * sent. + */ + static size_t + channel_tls_num_bytes_queued_method(channel_t *chan) + { + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + + tor_assert(tlschan); + tor_assert(tlschan->conn); + + return connection_get_outbuf_len(TO_CONN(tlschan->conn)); + } + + /** + * Tell the upper layer how many cells we can accept to write. + * + * This implements the num_cells_writeable method for channel_tls_t; it + * returns an estimate of the number of cells we can accept with + * channel_tls_write_*_cell(). + */ + static int + channel_tls_num_cells_writeable_method(channel_t *chan) + { + size_t outbuf_len; + ssize_t n; + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + size_t cell_network_size; + + tor_assert(tlschan); + tor_assert(tlschan->conn); + + cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids); + outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn)); + /* Get the number of cells */ + n = CEIL_DIV(OR_CONN_HIGHWATER - outbuf_len, cell_network_size); + if (n < 0) n = 0; + #if SIZEOF_SIZE_T > SIZEOF_INT + if (n > INT_MAX) n = INT_MAX; + #endif + + return (int)n; + } + + /** + * Write a cell to a channel_tls_t. + * + * This implements the write_cell method for channel_tls_t; given a + * channel_tls_t and a cell_t, transmit the cell_t. + */ + static int + channel_tls_write_cell_method(channel_t *chan, cell_t *cell) + { + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + int written = 0; + + tor_assert(tlschan); + tor_assert(cell); + + if (tlschan->conn) { + connection_or_write_cell_to_buf(cell, tlschan->conn); + ++written; + } else { + log_info(LD_CHANNEL, + "something called write_cell on a tlschan " + "(%p with ID %"PRIu64 " but no conn", + chan, (chan->global_identifier)); + } + + return written; + } + + /** + * Write a packed cell to a channel_tls_t. + * + * This implements the write_packed_cell method for channel_tls_t; given a + * channel_tls_t and a packed_cell_t, transmit the packed_cell_t. + * + * Return 0 on success or negative value on error. The caller must free the + * packed cell. + */ + static int + channel_tls_write_packed_cell_method(channel_t *chan, + packed_cell_t *packed_cell) + { + tor_assert(chan); + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids); + + tor_assert(tlschan); + tor_assert(packed_cell); + + if (tlschan->conn) { + connection_buf_add(packed_cell->body, cell_network_size, + TO_CONN(tlschan->conn)); + } else { + log_info(LD_CHANNEL, + "something called write_packed_cell on a tlschan " + "(%p with ID %"PRIu64 " but no conn", + chan, (chan->global_identifier)); + return -1; + } + + return 0; + } + + /** + * Write a variable-length cell to a channel_tls_t. + * + * This implements the write_var_cell method for channel_tls_t; given a + * channel_tls_t and a var_cell_t, transmit the var_cell_t. + */ + static int + channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell) + { + channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); + int written = 0; + + tor_assert(tlschan); + tor_assert(var_cell); + + if (tlschan->conn) { + connection_or_write_var_cell_to_buf(var_cell, tlschan->conn); + ++written; + } else { + log_info(LD_CHANNEL, + "something called write_var_cell on a tlschan " + "(%p with ID %"PRIu64 " but no conn", + chan, (chan->global_identifier)); + } + + return written; + } + + /************************************************* + * Method implementations for channel_listener_t * + ************************************************/ + + /** + * Close a channel_listener_t. + * + * This implements the close method for channel_listener_t. + */ + static void + channel_tls_listener_close_method(channel_listener_t *chan_l) + { + tor_assert(chan_l); + + /* + * Listeners we just go ahead and change state through to CLOSED, but + * make sure to check if they're channel_tls_listener to NULL it out. + */ + if (chan_l == channel_tls_listener) + channel_tls_listener = NULL; + + if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSING || + chan_l->state == CHANNEL_LISTENER_STATE_CLOSED || + chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) { + channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSING); + } + + if (chan_l->incoming_list) { + SMARTLIST_FOREACH_BEGIN(chan_l->incoming_list, + channel_t *, ichan) { + channel_mark_for_close(ichan); + } SMARTLIST_FOREACH_END(ichan); + + smartlist_free(chan_l->incoming_list); + chan_l->incoming_list = NULL; + } + + if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED || + chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) { + channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSED); + } + } + + /** + * Describe the transport for a channel_listener_t. + * + * This returns the string "TLS channel (listening)" to the upper + * layer. + */ + static const char * + channel_tls_listener_describe_transport_method(channel_listener_t *chan_l) + { + tor_assert(chan_l); + + return "TLS channel (listening)"; + } + + /******************************************************* + * Functions for handling events on an or_connection_t * + ******************************************************/ + + /** + * Handle an orconn state change. + * + * This function will be called by connection_or.c when the or_connection_t + * associated with this channel_tls_t changes state. + */ + void + channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, + or_connection_t *conn, + uint8_t old_state, + uint8_t state) + { + channel_t *base_chan; + + tor_assert(chan); + tor_assert(conn); + tor_assert(conn->chan == chan); + tor_assert(chan->conn == conn); + /* Shut the compiler up without triggering -Wtautological-compare */ + (void)old_state; + + base_chan = TLS_CHAN_TO_BASE(chan); + + /* Make sure the base connection state makes sense - shouldn't be error + * or closed. */ + + tor_assert(CHANNEL_IS_OPENING(base_chan) || + CHANNEL_IS_OPEN(base_chan) || + CHANNEL_IS_MAINT(base_chan) || + CHANNEL_IS_CLOSING(base_chan)); + + /* Did we just go to state open? */ + if (state == OR_CONN_STATE_OPEN) { + /* + * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or + * CHANNEL_STATE_MAINT on this. + */ + channel_change_state_open(base_chan); + /* We might have just become writeable; check and tell the scheduler */ + if (connection_or_num_cells_writeable(conn) > 0) { + scheduler_channel_wants_writes(base_chan); + } + } else { + /* + * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT, + * otherwise no change. + */ + if (CHANNEL_IS_OPEN(base_chan)) { + channel_change_state(base_chan, CHANNEL_STATE_MAINT); + } + } + } + + #ifdef KEEP_TIMING_STATS + + /** + * Timing states wrapper. + * + * This is a wrapper function around the actual function that processes the + * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b> + * by the number of microseconds used by the call to <b>*func(cell, chan)</b>. + */ + static void + channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time, + void (*func)(cell_t *, channel_tls_t *)) + { + struct timeval start, end; + long time_passed; + + tor_gettimeofday(&start); + + (*func)(cell, chan); + + tor_gettimeofday(&end); + time_passed = tv_udiff(&start, &end) ; + + if (time_passed > 10000) { /* more than 10ms */ + log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000); + } + + if (time_passed < 0) { + log_info(LD_GENERAL,"That call took us back in time!"); + time_passed = 0; + } + + *time += time_passed; + } + #endif /* defined(KEEP_TIMING_STATS) */ + + /** + * Handle an incoming cell on a channel_tls_t. + * + * This is called from connection_or.c to handle an arriving cell; it checks + * for cell types specific to the handshake for this transport protocol and + * handles them, and queues all other cells to the channel_t layer, which + * eventually will hand them off to command.c. + * + * The channel layer itself decides whether the cell should be queued or + * can be handed off immediately to the upper-layer code. It is responsible + * for copying in the case that it queues; we merely pass pointers through + * which we get from connection_or_process_cells_from_inbuf(). + */ + void + channel_tls_handle_cell(cell_t *cell, or_connection_t *conn) + { + channel_tls_t *chan; + int handshaking; + + #ifdef KEEP_TIMING_STATS + #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \ + ++num ## tp; \ + channel_tls_time_process_cell(cl, cn, & tp ## time , \ + channel_tls_process_ ## tp ## _cell); \ + } STMT_END + #else /* !(defined(KEEP_TIMING_STATS)) */ + #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn) + #endif /* defined(KEEP_TIMING_STATS) */ + + tor_assert(cell); + tor_assert(conn); + + chan = conn->chan; + + if (!chan) { + log_warn(LD_CHANNEL, + "Got a cell_t on an OR connection with no channel"); + return; + } + + handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN); + + if (conn->base_.marked_for_close) + return; + + /* Reject all but VERSIONS and NETINFO when handshaking. */ + /* (VERSIONS should actually be impossible; it's variable-length.) */ + if (handshaking && cell->command != CELL_VERSIONS && + cell->command != CELL_NETINFO) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received unexpected cell command %d in chan state %s / " + "conn state %s; closing the connection.", + (int)cell->command, + channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state), + conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state)); + connection_or_close_for_error(conn, 0); + return; + } + + if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) + or_handshake_state_record_cell(conn, conn->handshake_state, cell, 1); + + /* We note that we're on the internet whenever we read a cell. This is + * a fast operation. */ + entry_guards_note_internet_connectivity(get_guard_selection_info()); + rep_hist_padding_count_read(PADDING_TYPE_TOTAL); + + if (TLS_CHAN_TO_BASE(chan)->currently_padding) + rep_hist_padding_count_read(PADDING_TYPE_ENABLED_TOTAL); + + switch (cell->command) { + case CELL_PADDING: + rep_hist_padding_count_read(PADDING_TYPE_CELL); + if (TLS_CHAN_TO_BASE(chan)->currently_padding) + rep_hist_padding_count_read(PADDING_TYPE_ENABLED_CELL); + ++stats_n_padding_cells_processed; + /* do nothing */ + break; + case CELL_VERSIONS: - tor_fragile_assert(); ++ /* A VERSIONS cell should always be a variable-length cell, and ++ * so should never reach this function (which handles constant-sized ++ * cells). But if the connection is using the (obsolete) v1 link ++ * protocol, all cells will be treated as constant-sized, and so ++ * it's possible we'll reach this code. ++ */ ++ log_fn(LOG_PROTOCOL_WARN, LD_CHANNEL, ++ "Received unexpected VERSIONS cell on a channel using link " ++ "protocol %d; ignoring.", conn->link_proto); + break; + case CELL_NETINFO: + ++stats_n_netinfo_cells_processed; + PROCESS_CELL(netinfo, cell, chan); + break; + case CELL_PADDING_NEGOTIATE: + ++stats_n_netinfo_cells_processed; + PROCESS_CELL(padding_negotiate, cell, chan); + break; + case CELL_CREATE: + case CELL_CREATE_FAST: + case CELL_CREATED: + case CELL_CREATED_FAST: + case CELL_RELAY: + case CELL_RELAY_EARLY: + case CELL_DESTROY: + case CELL_CREATE2: + case CELL_CREATED2: + /* + * These are all transport independent and we pass them up through the + * channel_t mechanism. They are ultimately handled in command.c. + */ + channel_process_cell(TLS_CHAN_TO_BASE(chan), cell); + break; + default: + log_fn(LOG_INFO, LD_PROTOCOL, + "Cell of unknown type (%d) received in channeltls.c. " + "Dropping.", + cell->command); + break; + } + } + + /** + * Handle an incoming variable-length cell on a channel_tls_t. + * + * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep + * internal statistics about how many of each cell we've processed so far + * this second, and the total number of microseconds it took to + * process each type of cell. All the var_cell commands are handshake- + * related and live below the channel_t layer, so no variable-length + * cells ever get delivered in the current implementation, but I've left + * the mechanism in place for future use. + * + * If we were handing them off to the upper layer, the channel_t queueing + * code would be responsible for memory management, and we'd just be passing + * pointers through from connection_or_process_cells_from_inbuf(). That + * caller always frees them after this function returns, so this function + * should never free var_cell. + */ + void + channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn) + { + channel_tls_t *chan; + + #ifdef KEEP_TIMING_STATS + /* how many of each cell have we seen so far this second? needs better + * name. */ + static int num_versions = 0, num_certs = 0; + static time_t current_second = 0; /* from previous calls to time */ + time_t now = time(NULL); + + if (current_second == 0) current_second = now; + if (now > current_second) { /* the second has rolled over */ + /* print stats */ + log_info(LD_OR, + "At end of second: %d versions (%d ms), %d certs (%d ms)", + num_versions, versions_time / ((now - current_second) * 1000), + num_certs, certs_time / ((now - current_second) * 1000)); + + num_versions = num_certs = 0; + versions_time = certs_time = 0; + + /* remember which second it is, for next time */ + current_second = now; + } + #endif /* defined(KEEP_TIMING_STATS) */ + + tor_assert(var_cell); + tor_assert(conn); + + chan = conn->chan; + + if (!chan) { + log_warn(LD_CHANNEL, + "Got a var_cell_t on an OR connection with no channel"); + return; + } + + if (TO_CONN(conn)->marked_for_close) + return; + + switch (TO_CONN(conn)->state) { + case OR_CONN_STATE_OR_HANDSHAKING_V2: + if (var_cell->command != CELL_VERSIONS) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received a cell with command %d in unexpected " + "orconn state \"%s\" [%d], channel state \"%s\" [%d]; " + "closing the connection.", + (int)(var_cell->command), + conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state), + TO_CONN(conn)->state, + channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state), + (int)(TLS_CHAN_TO_BASE(chan)->state)); + /* + * The code in connection_or.c will tell channel_t to close for + * error; it will go to CHANNEL_STATE_CLOSING, and then to + * CHANNEL_STATE_ERROR when conn is closed. + */ + connection_or_close_for_error(conn, 0); + return; + } + break; + case OR_CONN_STATE_TLS_HANDSHAKING: + /* If we're using bufferevents, it's entirely possible for us to + * notice "hey, data arrived!" before we notice "hey, the handshake + * finished!" And we need to be accepting both at once to handle both + * the v2 and v3 handshakes. */ + /* But that should be happening any longer've disabled bufferevents. */ + tor_assert_nonfatal_unreached_once(); + + /* fall through */ + case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING: + if (!(command_allowed_before_handshake(var_cell->command))) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received a cell with command %d in unexpected " + "orconn state \"%s\" [%d], channel state \"%s\" [%d]; " + "closing the connection.", + (int)(var_cell->command), + conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state), + (int)(TO_CONN(conn)->state), + channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state), + (int)(TLS_CHAN_TO_BASE(chan)->state)); + /* see above comment about CHANNEL_STATE_ERROR */ + connection_or_close_for_error(conn, 0); + return; + } else { + if (enter_v3_handshake_with_cell(var_cell, chan) < 0) + return; + } + break; + case OR_CONN_STATE_OR_HANDSHAKING_V3: + if (var_cell->command != CELL_AUTHENTICATE) + or_handshake_state_record_var_cell(conn, conn->handshake_state, + var_cell, 1); + break; /* Everything is allowed */ + case OR_CONN_STATE_OPEN: + if (conn->link_proto < 3) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received a variable-length cell with command %d in orconn " + "state %s [%d], channel state %s [%d] with link protocol %d; " + "ignoring it.", + (int)(var_cell->command), + conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state), + (int)(TO_CONN(conn)->state), + channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state), + (int)(TLS_CHAN_TO_BASE(chan)->state), + (int)(conn->link_proto)); + return; + } + break; + default: + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received var-length cell with command %d in unexpected " + "orconn state \"%s\" [%d], channel state \"%s\" [%d]; " + "ignoring it.", + (int)(var_cell->command), + conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state), + (int)(TO_CONN(conn)->state), + channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state), + (int)(TLS_CHAN_TO_BASE(chan)->state)); + return; + } + + /* We note that we're on the internet whenever we read a cell. This is + * a fast operation. */ + entry_guards_note_internet_connectivity(get_guard_selection_info()); + + /* Now handle the cell */ + + switch (var_cell->command) { + case CELL_VERSIONS: + ++stats_n_versions_cells_processed; + PROCESS_CELL(versions, var_cell, chan); + break; + case CELL_VPADDING: + ++stats_n_vpadding_cells_processed; + /* Do nothing */ + break; + case CELL_CERTS: + ++stats_n_certs_cells_processed; + PROCESS_CELL(certs, var_cell, chan); + break; + case CELL_AUTH_CHALLENGE: + ++stats_n_auth_challenge_cells_processed; + PROCESS_CELL(auth_challenge, var_cell, chan); + break; + case CELL_AUTHENTICATE: + ++stats_n_authenticate_cells_processed; + PROCESS_CELL(authenticate, var_cell, chan); + break; + case CELL_AUTHORIZE: + ++stats_n_authorize_cells_processed; + /* Ignored so far. */ + break; + default: + log_fn(LOG_INFO, LD_PROTOCOL, + "Variable-length cell of unknown type (%d) received.", + (int)(var_cell->command)); + break; + } + } + + /** + * Update channel marks after connection_or.c has changed an address. + * + * This is called from connection_or_init_conn_from_address() after the + * connection's _base.addr or real_addr fields have potentially been changed + * so we can recalculate the local mark. Notably, this happens when incoming + * connections are reverse-proxied and we only learn the real address of the + * remote router by looking it up in the consensus after we finish the + * handshake and know an authenticated identity digest. + */ + void + channel_tls_update_marks(or_connection_t *conn) + { + channel_t *chan = NULL; + + tor_assert(conn); + tor_assert(conn->chan); + + chan = TLS_CHAN_TO_BASE(conn->chan); + + if (is_local_addr(&(TO_CONN(conn)->addr))) { + if (!channel_is_local(chan)) { + log_debug(LD_CHANNEL, + "Marking channel %"PRIu64 " at %p as local", + (chan->global_identifier), chan); + channel_mark_local(chan); + } + } else { + if (channel_is_local(chan)) { + log_debug(LD_CHANNEL, + "Marking channel %"PRIu64 " at %p as remote", + (chan->global_identifier), chan); + channel_mark_remote(chan); + } + } + } + + /** + * Check if this cell type is allowed before the handshake is finished. + * + * Return true if <b>command</b> is a cell command that's allowed to start a + * V3 handshake. + */ + static int + command_allowed_before_handshake(uint8_t command) + { + switch (command) { + case CELL_VERSIONS: + case CELL_VPADDING: + case CELL_AUTHORIZE: + return 1; + default: + return 0; + } + } + + /** + * Start a V3 handshake on an incoming connection. + * + * Called when we as a server receive an appropriate cell while waiting + * either for a cell or a TLS handshake. Set the connection's state to + * "handshaking_v3', initializes the or_handshake_state field as needed, + * and add the cell to the hash of incoming cells.) + */ + static int + enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan) + { + int started_here = 0; + + tor_assert(cell); + tor_assert(chan); + tor_assert(chan->conn); + + started_here = connection_or_nonopen_was_started_here(chan->conn); + + tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING || + TO_CONN(chan->conn)->state == + OR_CONN_STATE_TLS_SERVER_RENEGOTIATING); + + if (started_here) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Received a cell while TLS-handshaking, not in " + "OR_HANDSHAKING_V3, on a connection we originated."); + } + connection_or_block_renegotiation(chan->conn); + chan->conn->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; + if (connection_init_or_handshake_state(chan->conn, started_here) < 0) { + connection_or_close_for_error(chan->conn, 0); + return -1; + } + or_handshake_state_record_var_cell(chan->conn, + chan->conn->handshake_state, cell, 1); + return 0; + } + + /** + * Process a 'versions' cell. + * + * This function is called to handle an incoming VERSIONS cell; the current + * link protocol version must be 0 to indicate that no version has yet been + * negotiated. We compare the versions in the cell to the list of versions + * we support, pick the highest version we have in common, and continue the + * negotiation from there. + */ + static void + channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan) + { + int highest_supported_version = 0; + int started_here = 0; + + tor_assert(cell); + tor_assert(chan); + tor_assert(chan->conn); + + if ((cell->payload_len % 2) == 1) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Received a VERSION cell with odd payload length %d; " + "closing connection.",cell->payload_len); + connection_or_close_for_error(chan->conn, 0); + return; + } + + started_here = connection_or_nonopen_was_started_here(chan->conn); + + if (chan->conn->link_proto != 0 || + (chan->conn->handshake_state && + chan->conn->handshake_state->received_versions)) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Received a VERSIONS cell on a connection with its version " + "already set to %d; dropping", + (int)(chan->conn->link_proto)); + return; + } + switch (chan->conn->base_.state) + { + case OR_CONN_STATE_OR_HANDSHAKING_V2: + case OR_CONN_STATE_OR_HANDSHAKING_V3: + break; + case OR_CONN_STATE_TLS_HANDSHAKING: + case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING: + default: + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "VERSIONS cell while in unexpected state"); + return; + } + + tor_assert(chan->conn->handshake_state); + + { + int i; + const uint8_t *cp = cell->payload; + for (i = 0; i < cell->payload_len / 2; ++i, cp += 2) { + uint16_t v = ntohs(get_uint16(cp)); + if (is_or_protocol_version_known(v) && v > highest_supported_version) + highest_supported_version = v; + } + } + if (!highest_supported_version) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Couldn't find a version in common between my version list and the " + "list in the VERSIONS cell; closing connection."); + connection_or_close_for_error(chan->conn, 0); + return; + } else if (highest_supported_version == 1) { + /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS + * cells. */ + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Used version negotiation protocol to negotiate a v1 connection. " + "That's crazily non-compliant. Closing connection."); + connection_or_close_for_error(chan->conn, 0); + return; + } else if (highest_supported_version < 3 && + chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Negotiated link protocol 2 or lower after doing a v3 TLS " + "handshake. Closing connection."); + connection_or_close_for_error(chan->conn, 0); + return; + } else if (highest_supported_version != 2 && + chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) { + /* XXXX This should eventually be a log_protocol_warn */ + log_fn(LOG_WARN, LD_OR, + "Negotiated link with non-2 protocol after doing a v2 TLS " + "handshake with %s. Closing connection.", + fmt_addr(&chan->conn->base_.addr)); + connection_or_close_for_error(chan->conn, 0); + return; + } + + rep_hist_note_negotiated_link_proto(highest_supported_version, started_here); + + chan->conn->link_proto = highest_supported_version; + chan->conn->handshake_state->received_versions = 1; + + if (chan->conn->link_proto == 2) { + log_info(LD_OR, + "Negotiated version %d with %s:%d; sending NETINFO.", + highest_supported_version, + safe_str_client(chan->conn->base_.address), + chan->conn->base_.port); + + if (connection_or_send_netinfo(chan->conn) < 0) { + connection_or_close_for_error(chan->conn, 0); + return; + } + } else { + const int send_versions = !started_here; + /* If we want to authenticate, send a CERTS cell */ + const int send_certs = !started_here || public_server_mode(get_options()); + /* If we're a host that got a connection, ask for authentication. */ + const int send_chall = !started_here; + /* If our certs cell will authenticate us, we can send a netinfo cell + * right now. */ + const int send_netinfo = !started_here; + const int send_any = + send_versions || send_certs || send_chall || send_netinfo; + tor_assert(chan->conn->link_proto >= 3); + + log_info(LD_OR, + "Negotiated version %d with %s:%d; %s%s%s%s%s", + highest_supported_version, + safe_str_client(chan->conn->base_.address), + chan->conn->base_.port, + send_any ? "Sending cells:" : "Waiting for CERTS cell", + send_versions ? " VERSIONS" : "", + send_certs ? " CERTS" : "", + send_chall ? " AUTH_CHALLENGE" : "", + send_netinfo ? " NETINFO" : ""); + + #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE + if (1) { + connection_or_close_normally(chan->conn, 1); + return; + } + #endif /* defined(DISABLE_V3_LINKPROTO_SERVERSIDE) */ + + if (send_versions) { + if (connection_or_send_versions(chan->conn, 1) < 0) { + log_warn(LD_OR, "Couldn't send versions cell"); + connection_or_close_for_error(chan->conn, 0); + return; + } + } + + /* We set this after sending the versions cell. */ + /*XXXXX symbolic const.*/ + TLS_CHAN_TO_BASE(chan)->wide_circ_ids = + chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS; + chan->conn->wide_circ_ids = TLS_CHAN_TO_BASE(chan)->wide_circ_ids; + + TLS_CHAN_TO_BASE(chan)->padding_enabled = + chan->conn->link_proto >= MIN_LINK_PROTO_FOR_CHANNEL_PADDING; + + if (send_certs) { + if (connection_or_send_certs_cell(chan->conn) < 0) { + log_warn(LD_OR, "Couldn't send certs cell"); + connection_or_close_for_error(chan->conn, 0); + return; + } + } + if (send_chall) { + if (connection_or_send_auth_challenge_cell(chan->conn) < 0) { + log_warn(LD_OR, "Couldn't send auth_challenge cell"); + connection_or_close_for_error(chan->conn, 0); + return; + } + } + if (send_netinfo) { + if (connection_or_send_netinfo(chan->conn) < 0) { + log_warn(LD_OR, "Couldn't send netinfo cell"); + connection_or_close_for_error(chan->conn, 0); + return; + } + } + } + } + + /** + * Process a 'padding_negotiate' cell. + * + * This function is called to handle an incoming PADDING_NEGOTIATE cell; + * enable or disable padding accordingly, and read and act on its timeout + * value contents. + */ + static void + channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan) + { + channelpadding_negotiate_t *negotiation; + tor_assert(cell); + tor_assert(chan); + tor_assert(chan->conn); + + if (chan->conn->link_proto < MIN_LINK_PROTO_FOR_CHANNEL_PADDING) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Received a PADDING_NEGOTIATE cell on v%d connection; dropping.", + chan->conn->link_proto); + return; + } + + if (channelpadding_negotiate_parse(&negotiation, cell->payload, + CELL_PAYLOAD_SIZE) < 0) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Received malformed PADDING_NEGOTIATE cell on v%d connection; " + "dropping.", chan->conn->link_proto); + + return; + } + + channelpadding_update_padding_for_channel(TLS_CHAN_TO_BASE(chan), + negotiation); + + channelpadding_negotiate_free(negotiation); + } + + /** + * Helper: compute the absolute value of a time_t. + * + * (we need this because labs() doesn't always work for time_t, since + * long can be shorter than time_t.) + */ + static inline time_t + time_abs(time_t val) + { + return (val < 0) ? -val : val; + } + + /** + * Process a 'netinfo' cell + * + * This function is called to handle an incoming NETINFO cell; read and act + * on its contents, and set the connection state to "open". + */ + static void + channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) + { + time_t timestamp; + uint8_t my_addr_type; + uint8_t my_addr_len; + const uint8_t *my_addr_ptr; + const uint8_t *cp, *end; + uint8_t n_other_addrs; + time_t now = time(NULL); + const routerinfo_t *me = router_get_my_routerinfo(); + + time_t apparent_skew = 0; + tor_addr_t my_apparent_addr = TOR_ADDR_NULL; + int started_here = 0; + const char *identity_digest = NULL; + + tor_assert(cell); + tor_assert(chan); + tor_assert(chan->conn); + + if (chan->conn->link_proto < 2) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Received a NETINFO cell on %s connection; dropping.", + chan->conn->link_proto == 0 ? "non-versioned" : "a v1"); + return; + } + if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V2 && + chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Received a NETINFO cell on non-handshaking connection; dropping."); + return; + } + tor_assert(chan->conn->handshake_state && + chan->conn->handshake_state->received_versions); + started_here = connection_or_nonopen_was_started_here(chan->conn); + identity_digest = chan->conn->identity_digest; + + if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) { + tor_assert(chan->conn->link_proto >= 3); + if (started_here) { + if (!(chan->conn->handshake_state->authenticated)) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Got a NETINFO cell from server, " + "but no authentication. Closing the connection."); + connection_or_close_for_error(chan->conn, 0); + return; + } + } else { + /* we're the server. If the client never authenticated, we have + some housekeeping to do.*/ + if (!(chan->conn->handshake_state->authenticated)) { + tor_assert(tor_digest_is_zero( + (const char*)(chan->conn->handshake_state-> + authenticated_rsa_peer_id))); + tor_assert(tor_mem_is_zero( + (const char*)(chan->conn->handshake_state-> + authenticated_ed25519_peer_id.pubkey), 32)); + /* If the client never authenticated, it's a tor client or bridge + * relay, and we must not use it for EXTEND requests (nor could we, as + * there are no authenticated peer IDs) */ + channel_mark_client(TLS_CHAN_TO_BASE(chan)); + channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL, + chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS); + + connection_or_init_conn_from_address(chan->conn, + &(chan->conn->base_.addr), + chan->conn->base_.port, + /* zero, checked above */ + (const char*)(chan->conn->handshake_state-> + authenticated_rsa_peer_id), + NULL, /* Ed25519 ID: Also checked as zero */ + 0); + } + } + } + + /* Decode the cell. */ + timestamp = ntohl(get_uint32(cell->payload)); + const time_t sent_versions_at = + chan->conn->handshake_state->sent_versions_at; + if (now > sent_versions_at && (now - sent_versions_at) < 180) { + /* If we have gotten the NETINFO cell reasonably soon after having + * sent our VERSIONS cell, maybe we can learn skew information from it. */ + apparent_skew = now - timestamp; + } + + my_addr_type = (uint8_t) cell->payload[4]; + my_addr_len = (uint8_t) cell->payload[5]; + my_addr_ptr = (uint8_t*) cell->payload + 6; + end = cell->payload + CELL_PAYLOAD_SIZE; + cp = cell->payload + 6 + my_addr_len; + + /* We used to check: + * if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) { + * + * This is actually never going to happen, since my_addr_len is at most 255, + * and CELL_PAYLOAD_LEN - 6 is 503. So we know that cp is < end. */ + + if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) { + tor_addr_from_ipv4n(&my_apparent_addr, get_uint32(my_addr_ptr)); + + if (!get_options()->BridgeRelay && me && + get_uint32(my_addr_ptr) == htonl(me->addr)) { + TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1; + } + + } else if (my_addr_type == RESOLVED_TYPE_IPV6 && my_addr_len == 16) { + tor_addr_from_ipv6_bytes(&my_apparent_addr, (const char *) my_addr_ptr); + + if (!get_options()->BridgeRelay && me && + !tor_addr_is_null(&me->ipv6_addr) && + tor_addr_eq(&my_apparent_addr, &me->ipv6_addr)) { + TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1; + } + } + + n_other_addrs = (uint8_t) *cp++; + while (n_other_addrs && cp < end-2) { + /* Consider all the other addresses; if any matches, this connection is + * "canonical." */ + tor_addr_t addr; + const uint8_t *next = + decode_address_from_payload(&addr, cp, (int)(end-cp)); + if (next == NULL) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Bad address in netinfo cell; closing connection."); + connection_or_close_for_error(chan->conn, 0); + return; + } + /* A relay can connect from anywhere and be canonical, so + * long as it tells you from where it came. This may sound a bit + * concerning... but that's what "canonical" means: that the + * address is one that the relay itself has claimed. The relay + * might be doing something funny, but nobody else is doing a MITM + * on the relay's TCP. + */ + if (tor_addr_eq(&addr, &(chan->conn->real_addr))) { + connection_or_set_canonical(chan->conn, 1); + break; + } + cp = next; + --n_other_addrs; + } + + if (me && !TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer && + channel_is_canonical(TLS_CHAN_TO_BASE(chan))) { + const char *descr = + TLS_CHAN_TO_BASE(chan)->get_remote_descr(TLS_CHAN_TO_BASE(chan), 0); + log_info(LD_OR, + "We made a connection to a relay at %s (fp=%s) but we think " + "they will not consider this connection canonical. They " + "think we are at %s, but we think its %s.", + safe_str(descr), + safe_str(hex_str(identity_digest, DIGEST_LEN)), + safe_str(tor_addr_is_null(&my_apparent_addr) ? + "<none>" : fmt_and_decorate_addr(&my_apparent_addr)), + safe_str(fmt_addr32(me->addr))); + } + + /* Act on apparent skew. */ + /** Warn when we get a netinfo skew with at least this value. */ + #define NETINFO_NOTICE_SKEW 3600 + if (time_abs(apparent_skew) > NETINFO_NOTICE_SKEW && + (started_here || + connection_or_digest_is_known_relay(chan->conn->identity_digest))) { + int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest); + clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL, + "NETINFO cell", "OR"); + } + + /* XXX maybe act on my_apparent_addr, if the source is sufficiently + * trustworthy. */ + + if (! chan->conn->handshake_state->sent_netinfo) { + /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE + * cell, then we would not previously have sent a NETINFO cell. Do so + * now. */ + if (connection_or_send_netinfo(chan->conn) < 0) { + connection_or_close_for_error(chan->conn, 0); + return; + } + } + + if (connection_or_set_state_open(chan->conn) < 0) { + log_fn(LOG_PROTOCOL_WARN, LD_OR, + "Got good NETINFO cell from %s:%d; but " + "was unable to make the OR connection become open.", + safe_str_client(chan->conn->base_.address), + chan->conn->base_.port); + connection_or_close_for_error(chan->conn, 0); + } else { + log_info(LD_OR, + "Got good NETINFO cell from %s:%d; OR connection is now " + "open, using protocol version %d. Its ID digest is %s. " + "Our address is apparently %s.", + safe_str_client(chan->conn->base_.address), + chan->conn->base_.port, + (int)(chan->conn->link_proto), + hex_str(identity_digest, DIGEST_LEN), + tor_addr_is_null(&my_apparent_addr) ? + "<none>" : + safe_str_client(fmt_and_decorate_addr(&my_apparent_addr))); + } + assert_connection_ok(TO_CONN(chan->conn),time(NULL)); + } + + /** Types of certificates that we know how to parse from CERTS cells. Each + * type corresponds to a different encoding format. */ + typedef enum cert_encoding_t { + CERT_ENCODING_UNKNOWN, /**< We don't recognize this. */ + CERT_ENCODING_X509, /**< It's an RSA key, signed with RSA, encoded in x509. + * (Actually, it might not be RSA. We test that later.) */ + CERT_ENCODING_ED25519, /**< It's something signed with an Ed25519 key, + * encoded asa a tor_cert_t.*/ + CERT_ENCODING_RSA_CROSSCERT, /**< It's an Ed key signed with an RSA key. */ + } cert_encoding_t; + + /** + * Given one of the certificate type codes used in a CERTS cell, + * return the corresponding cert_encoding_t that we should use to parse + * the certificate. + */ + static cert_encoding_t + certs_cell_typenum_to_cert_type(int typenum) + { + switch (typenum) { + case CERTTYPE_RSA1024_ID_LINK: + case CERTTYPE_RSA1024_ID_ID: + case CERTTYPE_RSA1024_ID_AUTH: + return CERT_ENCODING_X509; + case CERTTYPE_ED_ID_SIGN: + case CERTTYPE_ED_SIGN_LINK: + case CERTTYPE_ED_SIGN_AUTH: + return CERT_ENCODING_ED25519; + case CERTTYPE_RSA1024_ID_EDID: + return CERT_ENCODING_RSA_CROSSCERT; + default: + return CERT_ENCODING_UNKNOWN; + } + } + + /** + * Process a CERTS cell from a channel. + * + * This function is called to process an incoming CERTS cell on a + * channel_tls_t: + * + * If the other side should not have sent us a CERTS cell, or the cell is + * malformed, or it is supposed to authenticate the TLS key but it doesn't, + * then mark the connection. + * + * If the cell has a good cert chain and we're doing a v3 handshake, then + * store the certificates in or_handshake_state. If this is the client side + * of the connection, we then authenticate the server or mark the connection. + * If it's the server side, wait for an AUTHENTICATE cell. + */ + STATIC void + channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) + { + #define MAX_CERT_TYPE_WANTED CERTTYPE_RSA1024_ID_EDID + /* These arrays will be sparse, since a cert type can be at most one + * of ed/x509 */ + tor_x509_cert_t *x509_certs[MAX_CERT_TYPE_WANTED + 1]; + tor_cert_t *ed_certs[MAX_CERT_TYPE_WANTED + 1]; + uint8_t *rsa_ed_cc_cert = NULL; + size_t rsa_ed_cc_cert_len = 0; + + int n_certs, i; + certs_cell_t *cc = NULL; + + int send_netinfo = 0, started_here = 0; + + memset(x509_certs, 0, sizeof(x509_certs)); + memset(ed_certs, 0, sizeof(ed_certs)); + tor_assert(cell); + tor_assert(chan); + tor_assert(chan->conn); + + #define ERR(s) \ + do { \ + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \ + "Received a bad CERTS cell from %s:%d: %s", \ + safe_str(chan->conn->base_.address), \ + chan->conn->base_.port, (s)); \ + connection_or_close_for_error(chan->conn, 0); \ + goto err; \ + } while (0) + + /* Can't use connection_or_nonopen_was_started_here(); its conn->tls + * check looks like it breaks + * test_link_handshake_recv_certs_ok_server(). */ + started_here = chan->conn->handshake_state->started_here; + + if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) + ERR("We're not doing a v3 handshake!"); + if (chan->conn->link_proto < 3) + ERR("We're not using link protocol >= 3"); + if (chan->conn->handshake_state->received_certs_cell) + ERR("We already got one"); + if (chan->conn->handshake_state->authenticated) { + /* Should be unreachable, but let's make sure. */ + ERR("We're already authenticated!"); + } + if (cell->payload_len < 1) + ERR("It had no body"); + if (cell->circ_id) + ERR("It had a nonzero circuit ID"); + + if (certs_cell_parse(&cc, cell->payload, cell->payload_len) < 0) + ERR("It couldn't be parsed."); + + n_certs = cc->n_certs; + + for (i = 0; i < n_certs; ++i) { + certs_cell_cert_t *c = certs_cell_get_certs(cc, i); + + uint16_t cert_type = c->cert_type; + uint16_t cert_len = c->cert_len; + uint8_t *cert_body = certs_cell_cert_getarray_body(c); + + if (cert_type > MAX_CERT_TYPE_WANTED) + continue; + const cert_encoding_t ct = certs_cell_typenum_to_cert_type(cert_type); + switch (ct) { + default: + case CERT_ENCODING_UNKNOWN: + break; + case CERT_ENCODING_X509: { + tor_x509_cert_t *x509_cert = tor_x509_cert_decode(cert_body, cert_len); + if (!x509_cert) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received undecodable certificate in CERTS cell from %s:%d", + safe_str(chan->conn->base_.address), + chan->conn->base_.port); + } else { + if (x509_certs[cert_type]) { + tor_x509_cert_free(x509_cert); + ERR("Duplicate x509 certificate"); + } else { + x509_certs[cert_type] = x509_cert; + } + } + break; + } + case CERT_ENCODING_ED25519: { + tor_cert_t *ed_cert = tor_cert_parse(cert_body, cert_len); + if (!ed_cert) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received undecodable Ed certificate " + "in CERTS cell from %s:%d", + safe_str(chan->conn->base_.address), + chan->conn->base_.port); + } else { + if (ed_certs[cert_type]) { + tor_cert_free(ed_cert); + ERR("Duplicate Ed25519 certificate"); + } else { + ed_certs[cert_type] = ed_cert; + } + } + break; + } + + case CERT_ENCODING_RSA_CROSSCERT: { + if (rsa_ed_cc_cert) { + ERR("Duplicate RSA->Ed25519 crosscert"); + } else { + rsa_ed_cc_cert = tor_memdup(cert_body, cert_len); + rsa_ed_cc_cert_len = cert_len; + } + break; + } + } + } + + /* Move the certificates we (might) want into the handshake_state->certs + * structure. */ + tor_x509_cert_t *id_cert = x509_certs[CERTTYPE_RSA1024_ID_ID]; + tor_x509_cert_t *auth_cert = x509_certs[CERTTYPE_RSA1024_ID_AUTH]; + tor_x509_cert_t *link_cert = x509_certs[CERTTYPE_RSA1024_ID_LINK]; + chan->conn->handshake_state->certs->auth_cert = auth_cert; + chan->conn->handshake_state->certs->link_cert = link_cert; + chan->conn->handshake_state->certs->id_cert = id_cert; + x509_certs[CERTTYPE_RSA1024_ID_ID] = + x509_certs[CERTTYPE_RSA1024_ID_AUTH] = + x509_certs[CERTTYPE_RSA1024_ID_LINK] = NULL; + + tor_cert_t *ed_id_sign = ed_certs[CERTTYPE_ED_ID_SIGN]; + tor_cert_t *ed_sign_link = ed_certs[CERTTYPE_ED_SIGN_LINK]; + tor_cert_t *ed_sign_auth = ed_certs[CERTTYPE_ED_SIGN_AUTH]; + chan->conn->handshake_state->certs->ed_id_sign = ed_id_sign; + chan->conn->handshake_state->certs->ed_sign_link = ed_sign_link; + chan->conn->handshake_state->certs->ed_sign_auth = ed_sign_auth; + ed_certs[CERTTYPE_ED_ID_SIGN] = + ed_certs[CERTTYPE_ED_SIGN_LINK] = + ed_certs[CERTTYPE_ED_SIGN_AUTH] = NULL; + + chan->conn->handshake_state->certs->ed_rsa_crosscert = rsa_ed_cc_cert; + chan->conn->handshake_state->certs->ed_rsa_crosscert_len = + rsa_ed_cc_cert_len; + rsa_ed_cc_cert = NULL; + + int severity; + /* Note that this warns more loudly about time and validity if we were + * _trying_ to connect to an authority, not necessarily if we _did_ connect + * to one. */ + if (started_here && + router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest)) + severity = LOG_WARN; + else + severity = LOG_PROTOCOL_WARN; + + const ed25519_public_key_t *checked_ed_id = NULL; + const common_digests_t *checked_rsa_id = NULL; + or_handshake_certs_check_both(severity, + chan->conn->handshake_state->certs, + chan->conn->tls, + time(NULL), + &checked_ed_id, + &checked_rsa_id); + + if (!checked_rsa_id) + ERR("Invalid certificate chain!"); + + if (started_here) { + /* No more information is needed. */ + + chan->conn->handshake_state->authenticated = 1; + chan->conn->handshake_state->authenticated_rsa = 1; + { + const common_digests_t *id_digests = checked_rsa_id; + crypto_pk_t *identity_rcvd; + if (!id_digests) + ERR("Couldn't compute digests for key in ID cert"); + + identity_rcvd = tor_tls_cert_get_key(id_cert); + if (!identity_rcvd) { + ERR("Couldn't get RSA key from ID cert."); + } + memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id, + id_digests->d[DIGEST_SHA1], DIGEST_LEN); + channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd, + chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS); + crypto_pk_free(identity_rcvd); + } + + if (checked_ed_id) { + chan->conn->handshake_state->authenticated_ed25519 = 1; + memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id, + checked_ed_id, sizeof(ed25519_public_key_t)); + } + + log_debug(LD_HANDSHAKE, "calling client_learned_peer_id from " + "process_certs_cell"); + + if (connection_or_client_learned_peer_id(chan->conn, + chan->conn->handshake_state->authenticated_rsa_peer_id, + checked_ed_id) < 0) + ERR("Problem setting or checking peer id"); + + log_info(LD_HANDSHAKE, + "Got some good certificates from %s:%d: Authenticated it with " + "RSA%s", + safe_str(chan->conn->base_.address), chan->conn->base_.port, + checked_ed_id ? " and Ed25519" : ""); + + if (!public_server_mode(get_options())) { + /* If we initiated the connection and we are not a public server, we + * aren't planning to authenticate at all. At this point we know who we + * are talking to, so we can just send a netinfo now. */ + send_netinfo = 1; + } + } else { + /* We can't call it authenticated till we see an AUTHENTICATE cell. */ + log_info(LD_OR, + "Got some good RSA%s certificates from %s:%d. " + "Waiting for AUTHENTICATE.", + checked_ed_id ? " and Ed25519" : "", + safe_str(chan->conn->base_.address), + chan->conn->base_.port); + /* XXXX check more stuff? */ + } + + chan->conn->handshake_state->received_certs_cell = 1; + + if (send_netinfo) { + if (connection_or_send_netinfo(chan->conn) < 0) { + log_warn(LD_OR, "Couldn't send netinfo cell"); + connection_or_close_for_error(chan->conn, 0); + goto err; + } + } + + err: + for (unsigned u = 0; u < ARRAY_LENGTH(x509_certs); ++u) { + tor_x509_cert_free(x509_certs[u]); + } + for (unsigned u = 0; u < ARRAY_LENGTH(ed_certs); ++u) { + tor_cert_free(ed_certs[u]); + } + tor_free(rsa_ed_cc_cert); + certs_cell_free(cc); + #undef ERR + } + + /** + * Process an AUTH_CHALLENGE cell from a channel_tls_t. + * + * This function is called to handle an incoming AUTH_CHALLENGE cell on a + * channel_tls_t; if we weren't supposed to get one (for example, because we're + * not the originator of the channel), or it's ill-formed, or we aren't doing + * a v3 handshake, mark the channel. If the cell is well-formed but we don't + * want to authenticate, just drop it. If the cell is well-formed *and* we + * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell. + */ + STATIC void + channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan) + { + int n_types, i, use_type = -1; + auth_challenge_cell_t *ac = NULL; + + tor_assert(cell); + tor_assert(chan); + tor_assert(chan->conn); + + #define ERR(s) \ + do { \ + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \ + "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \ + safe_str(chan->conn->base_.address), \ + chan->conn->base_.port, (s)); \ + connection_or_close_for_error(chan->conn, 0); \ + goto done; \ + } while (0) + + if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) + ERR("We're not currently doing a v3 handshake"); + if (chan->conn->link_proto < 3) + ERR("We're not using link protocol >= 3"); + if (!(chan->conn->handshake_state->started_here)) + ERR("We didn't originate this connection"); + if (chan->conn->handshake_state->received_auth_challenge) + ERR("We already received one"); + if (!(chan->conn->handshake_state->received_certs_cell)) + ERR("We haven't gotten a CERTS cell yet"); + if (cell->circ_id) + ERR("It had a nonzero circuit ID"); + + if (auth_challenge_cell_parse(&ac, cell->payload, cell->payload_len) < 0) + ERR("It was not well-formed."); + + n_types = ac->n_methods; + + /* Now see if there is an authentication type we can use */ + for (i = 0; i < n_types; ++i) { + uint16_t authtype = auth_challenge_cell_get_methods(ac, i); + if (authchallenge_type_is_supported(authtype)) { + if (use_type == -1 || + authchallenge_type_is_better(authtype, use_type)) { + use_type = authtype; + } + } + } + + chan->conn->handshake_state->received_auth_challenge = 1; + + if (! public_server_mode(get_options())) { + /* If we're not a public server then we don't want to authenticate on a + connection we originated, and we already sent a NETINFO cell when we + got the CERTS cell. We have nothing more to do. */ + goto done; + } + + if (use_type >= 0) { + log_info(LD_OR, + "Got an AUTH_CHALLENGE cell from %s:%d: Sending " + "authentication type %d", + safe_str(chan->conn->base_.address), + chan->conn->base_.port, + use_type); + + if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) { + log_warn(LD_OR, + "Couldn't send authenticate cell"); + connection_or_close_for_error(chan->conn, 0); + goto done; + } + } else { + log_info(LD_OR, + "Got an AUTH_CHALLENGE cell from %s:%d, but we don't " + "know any of its authentication types. Not authenticating.", + safe_str(chan->conn->base_.address), + chan->conn->base_.port); + } + + if (connection_or_send_netinfo(chan->conn) < 0) { + log_warn(LD_OR, "Couldn't send netinfo cell"); + connection_or_close_for_error(chan->conn, 0); + goto done; + } + + done: + auth_challenge_cell_free(ac); + + #undef ERR + } + + /** + * Process an AUTHENTICATE cell from a channel_tls_t. + * + * If it's ill-formed or we weren't supposed to get one or we're not doing a + * v3 handshake, then mark the connection. If it does not authenticate the + * other side of the connection successfully (because it isn't signed right, + * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept + * the identity of the router on the other side of the connection. + */ + STATIC void + channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) + { + var_cell_t *expected_cell = NULL; + const uint8_t *auth; + int authlen; + int authtype; + int bodylen; + + tor_assert(cell); + tor_assert(chan); + tor_assert(chan->conn); + + #define ERR(s) \ + do { \ + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \ + "Received a bad AUTHENTICATE cell from %s:%d: %s", \ + safe_str(chan->conn->base_.address), \ + chan->conn->base_.port, (s)); \ + connection_or_close_for_error(chan->conn, 0); \ + var_cell_free(expected_cell); \ + return; \ + } while (0) + + if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) + ERR("We're not doing a v3 handshake"); + if (chan->conn->link_proto < 3) + ERR("We're not using link protocol >= 3"); + if (chan->conn->handshake_state->started_here) + ERR("We originated this connection"); + if (chan->conn->handshake_state->received_authenticate) + ERR("We already got one!"); + if (chan->conn->handshake_state->authenticated) { + /* Should be impossible given other checks */ + ERR("The peer is already authenticated"); + } + if (!(chan->conn->handshake_state->received_certs_cell)) + ERR("We never got a certs cell"); + if (chan->conn->handshake_state->certs->id_cert == NULL) + ERR("We never got an identity certificate"); + if (cell->payload_len < 4) + ERR("Cell was way too short"); + + auth = cell->payload; + { + uint16_t type = ntohs(get_uint16(auth)); + uint16_t len = ntohs(get_uint16(auth+2)); + if (4 + len > cell->payload_len) + ERR("Authenticator was truncated"); + + if (! authchallenge_type_is_supported(type)) + ERR("Authenticator type was not recognized"); + authtype = type; + + auth += 4; + authlen = len; + } + + if (authlen < V3_AUTH_BODY_LEN + 1) + ERR("Authenticator was too short"); + + expected_cell = connection_or_compute_authenticate_cell_body( + chan->conn, authtype, NULL, NULL, 1); + if (! expected_cell) + ERR("Couldn't compute expected AUTHENTICATE cell body"); + + int sig_is_rsa; + if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET || + authtype == AUTHTYPE_RSA_SHA256_RFC5705) { + bodylen = V3_AUTH_BODY_LEN; + sig_is_rsa = 1; + } else { + tor_assert(authtype == AUTHTYPE_ED25519_SHA256_RFC5705); + /* Our earlier check had better have made sure we had room + * for an ed25519 sig (inadvertently) */ + tor_assert(V3_AUTH_BODY_LEN > ED25519_SIG_LEN); + bodylen = authlen - ED25519_SIG_LEN; + sig_is_rsa = 0; + } + if (expected_cell->payload_len != bodylen+4) { + ERR("Expected AUTHENTICATE cell body len not as expected."); + } + + /* Length of random part. */ + if (BUG(bodylen < 24)) { + // LCOV_EXCL_START + ERR("Bodylen is somehow less than 24, which should really be impossible"); + // LCOV_EXCL_STOP + } + + if (tor_memneq(expected_cell->payload+4, auth, bodylen-24)) + ERR("Some field in the AUTHENTICATE cell body was not as expected"); + + if (sig_is_rsa) { + if (chan->conn->handshake_state->certs->ed_id_sign != NULL) + ERR("RSA-signed AUTHENTICATE response provided with an ED25519 cert"); + + if (chan->conn->handshake_state->certs->auth_cert == NULL) + ERR("We never got an RSA authentication certificate"); + + crypto_pk_t *pk = tor_tls_cert_get_key( + chan->conn->handshake_state->certs->auth_cert); + char d[DIGEST256_LEN]; + char *signed_data; + size_t keysize; + int signed_len; + + if (! pk) { + ERR("Couldn't get RSA key from AUTH cert."); + } + crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256); + + keysize = crypto_pk_keysize(pk); + signed_data = tor_malloc(keysize); + signed_len = crypto_pk_public_checksig(pk, signed_data, keysize, + (char*)auth + V3_AUTH_BODY_LEN, + authlen - V3_AUTH_BODY_LEN); + crypto_pk_free(pk); + if (signed_len < 0) { + tor_free(signed_data); + ERR("RSA signature wasn't valid"); + } + if (signed_len < DIGEST256_LEN) { + tor_free(signed_data); + ERR("Not enough data was signed"); + } + /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here, + * in case they're later used to hold a SHA3 digest or something. */ + if (tor_memneq(signed_data, d, DIGEST256_LEN)) { + tor_free(signed_data); + ERR("Signature did not match data to be signed."); + } + tor_free(signed_data); + } else { + if (chan->conn->handshake_state->certs->ed_id_sign == NULL) + ERR("We never got an Ed25519 identity certificate."); + if (chan->conn->handshake_state->certs->ed_sign_auth == NULL) + ERR("We never got an Ed25519 authentication certificate."); + + const ed25519_public_key_t *authkey = + &chan->conn->handshake_state->certs->ed_sign_auth->signed_key; + ed25519_signature_t sig; + tor_assert(authlen > ED25519_SIG_LEN); + memcpy(&sig.sig, auth + authlen - ED25519_SIG_LEN, ED25519_SIG_LEN); + if (ed25519_checksig(&sig, auth, authlen - ED25519_SIG_LEN, authkey)<0) { + ERR("Ed25519 signature wasn't valid."); + } + } + + /* Okay, we are authenticated. */ + chan->conn->handshake_state->received_authenticate = 1; + chan->conn->handshake_state->authenticated = 1; + chan->conn->handshake_state->authenticated_rsa = 1; + chan->conn->handshake_state->digest_received_data = 0; + { + tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert; + crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(id_cert); + const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert); + const ed25519_public_key_t *ed_identity_received = NULL; + + if (! sig_is_rsa) { + chan->conn->handshake_state->authenticated_ed25519 = 1; + ed_identity_received = + &chan->conn->handshake_state->certs->ed_id_sign->signing_key; + memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id, + ed_identity_received, sizeof(ed25519_public_key_t)); + } + + /* This must exist; we checked key type when reading the cert. */ + tor_assert(id_digests); + + memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id, + id_digests->d[DIGEST_SHA1], DIGEST_LEN); + + channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd, + chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS); + crypto_pk_free(identity_rcvd); + + log_debug(LD_HANDSHAKE, + "Calling connection_or_init_conn_from_address for %s " + " from %s, with%s ed25519 id.", + safe_str(chan->conn->base_.address), + __func__, + ed_identity_received ? "" : "out"); + + connection_or_init_conn_from_address(chan->conn, + &(chan->conn->base_.addr), + chan->conn->base_.port, + (const char*)(chan->conn->handshake_state-> + authenticated_rsa_peer_id), + ed_identity_received, + 0); + + log_debug(LD_HANDSHAKE, + "Got an AUTHENTICATE cell from %s:%d, type %d: Looks good.", + safe_str(chan->conn->base_.address), + chan->conn->base_.port, + authtype); + } + + var_cell_free(expected_cell); + + #undef ERR + }