Commit fa1d4464 authored by Roger Dingledine's avatar Roger Dingledine
Browse files

OPport is gone. So is conn type OP.


svn:r298
parent 2d296afc
......@@ -5,14 +5,14 @@ noinst_PROGRAMS = test
bin_PROGRAMS = or
or_SOURCES = buffers.c circuit.c command.c connection.c \
connection_exit.c connection_ap.c connection_op.c connection_or.c config.c \
connection_exit.c connection_ap.c connection_or.c config.c \
onion.c routers.c directory.c dns.c connection_edge.c \
main.c tor_main.c
or_LDADD = ../common/libor.a -lz
test_SOURCES = buffers.c circuit.c command.c connection.c \
connection_exit.c connection_ap.c connection_op.c connection_or.c config.c \
connection_exit.c connection_ap.c connection_or.c config.c \
onion.c routers.c directory.c dns.c connection_edge.c \
main.c test.c
......
......@@ -683,14 +683,14 @@ int circuit_establish_circuit(void) {
if(!n_conn || n_conn->state != OR_CONN_STATE_OPEN) { /* not currently connected */
circ->n_addr = firsthop->addr;
circ->n_port = firsthop->or_port;
if(options.ORPort) { /* we would be connected if he were up. but he's not. */
if(options.OnionRouter) { /* we would be connected if he were up. but he's not. */
log(LOG_DEBUG,"circuit_establish_circuit(): Route's firsthop isn't connected.");
circuit_close(circ);
return -1;
}
if(!n_conn) { /* launch the connection */
n_conn = connection_or_connect_as_op(firsthop);
n_conn = connection_or_connect(firsthop);
if(!n_conn) { /* connect failed, forget the whole thing */
log(LOG_DEBUG,"circuit_establish_circuit(): connect to firsthop failed. Closing.");
circuit_close(circ);
......
......@@ -182,7 +182,6 @@ void config_assign(or_options_t *options, struct config_line *list) {
/* int options */
config_compare(list, "MaxConn", CONFIG_TYPE_INT, &options->MaxConn) ||
config_compare(list, "APPort", CONFIG_TYPE_INT, &options->APPort) ||
config_compare(list, "OPPort", CONFIG_TYPE_INT, &options->OPPort) ||
config_compare(list, "ORPort", CONFIG_TYPE_INT, &options->ORPort) ||
config_compare(list, "DirPort", CONFIG_TYPE_INT, &options->DirPort) ||
config_compare(list, "DirFetchPeriod", CONFIG_TYPE_INT, &options->DirFetchPeriod) ||
......@@ -190,6 +189,7 @@ void config_assign(or_options_t *options, struct config_line *list) {
config_compare(list, "MaxOnionsPending",CONFIG_TYPE_INT, &options->MaxOnionsPending) ||
config_compare(list, "NewCircuitPeriod",CONFIG_TYPE_INT, &options->NewCircuitPeriod) ||
config_compare(list, "OnionRouter", CONFIG_TYPE_BOOL, &options->OnionRouter) ||
config_compare(list, "Daemon", CONFIG_TYPE_BOOL, &options->Daemon) ||
config_compare(list, "TrafficShaping", CONFIG_TYPE_BOOL, &options->TrafficShaping) ||
config_compare(list, "LinkPadding", CONFIG_TYPE_BOOL, &options->LinkPadding) ||
......@@ -276,8 +276,8 @@ int getconfig(int argc, char **argv, or_options_t *options) {
options->RouterFile ? options->RouterFile : "(undefined)",
options->PrivateKeyFile ? options->PrivateKeyFile : "(undefined)",
options->SigningPrivateKeyFile ? options->SigningPrivateKeyFile : "(undefined)");
printf("ORPort=%d, OPPort=%d, APPort=%d DirPort=%d\n",
options->ORPort,options->OPPort,
printf("ORPort=%d, APPort=%d DirPort=%d\n",
options->ORPort,
options->APPort,options->DirPort);
printf("CoinWeight=%6.4f, MaxConn=%d, TrafficShaping=%d, LinkPadding=%d\n",
options->CoinWeight,
......@@ -321,22 +321,22 @@ int getconfig(int argc, char **argv, or_options_t *options) {
}
if(options->ORPort < 0) {
log(LOG_ERR,"ORPort option required and must be a positive integer value.");
log(LOG_ERR,"ORPort option can't be negative.");
result = -1;
}
if(options->ORPort > 0 && options->PrivateKeyFile == NULL) {
log(LOG_ERR,"PrivateKeyFile option required for OR, but not found.");
if(options->OnionRouter && options->ORPort == 0) {
log(LOG_ERR,"If OnionRouter is set, then ORPort must be positive.");
result = -1;
}
if(options->DirPort > 0 && options->SigningPrivateKeyFile == NULL) {
log(LOG_ERR,"SigningPrivateKeyFile option required for DirServer, but not found.");
if(options->OnionRouter && options->PrivateKeyFile == NULL) {
log(LOG_ERR,"PrivateKeyFile option required for OnionRouter, but not found.");
result = -1;
}
if(options->OPPort < 0) {
log(LOG_ERR,"OPPort option can't be negative.");
if(options->DirPort > 0 && options->SigningPrivateKeyFile == NULL) {
log(LOG_ERR,"SigningPrivateKeyFile option required for DirServer, but not found.");
result = -1;
}
......
......@@ -242,8 +242,7 @@ int connection_handle_listener_read(connection_t *conn, int new_type, int new_st
return 0;
}
int retry_all_connections(uint16_t or_listenport,
uint16_t op_listenport, uint16_t ap_listenport, uint16_t dir_listenport) {
int retry_all_connections(uint16_t or_listenport, uint16_t ap_listenport, uint16_t dir_listenport) {
/* start all connections that should be up but aren't */
......@@ -264,13 +263,6 @@ int retry_all_connections(uint16_t or_listenport,
}
}
if(op_listenport) {
bindaddr.sin_port = htons(op_listenport);
if(!connection_get_by_type(CONN_TYPE_OP_LISTENER)) {
connection_op_create_listener(&bindaddr);
}
}
if(dir_listenport) {
bindaddr.sin_port = htons(dir_listenport);
if(!connection_get_by_type(CONN_TYPE_DIR_LISTENER)) {
......@@ -450,18 +442,8 @@ void connection_increment_receiver_bucket(connection_t *conn) {
}
}
int connection_speaks_cells(connection_t *conn) {
assert(conn);
if(conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_OP)
return 1;
return 0;
}
int connection_is_listener(connection_t *conn) {
if(conn->type == CONN_TYPE_OP_LISTENER ||
conn->type == CONN_TYPE_OR_LISTENER ||
if(conn->type == CONN_TYPE_OR_LISTENER ||
conn->type == CONN_TYPE_AP_LISTENER ||
conn->type == CONN_TYPE_DIR_LISTENER)
return 1;
......@@ -472,7 +454,6 @@ int connection_state_is_open(connection_t *conn) {
assert(conn);
if((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
(conn->type == CONN_TYPE_OP && conn->state == OP_CONN_STATE_OPEN) ||
(conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
(conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN))
return 1;
......@@ -629,8 +610,6 @@ int connection_process_inbuf(connection_t *conn) {
assert(conn);
switch(conn->type) {
case CONN_TYPE_OP:
return connection_op_process_inbuf(conn);
case CONN_TYPE_OR:
return connection_or_process_inbuf(conn);
case CONN_TYPE_EXIT:
......@@ -787,8 +766,6 @@ int connection_finished_flushing(connection_t *conn) {
// log(LOG_DEBUG,"connection_finished_flushing() entered. Socket %u.", conn->s);
switch(conn->type) {
case CONN_TYPE_OP:
return connection_op_finished_flushing(conn);
case CONN_TYPE_OR:
return connection_or_finished_flushing(conn);
case CONN_TYPE_AP:
......
/* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
/* See LICENSE for licensing information */
/* $Id$ */
#include "or.h"
int connection_op_process_inbuf(connection_t *conn) {
assert(conn && conn->type == CONN_TYPE_OP);
if(conn->inbuf_reached_eof) {
/* eof reached, kill it. */
log(LOG_DEBUG,"connection_op_process_inbuf(): conn reached eof. Closing.");
return -1;
}
log(LOG_DEBUG,"connection_op_process_inbuf(): state %d.",conn->state);
switch(conn->state) {
case OP_CONN_STATE_AWAITING_KEYS:
return op_handshake_process_keys(conn);
case OP_CONN_STATE_OPEN:
return connection_process_cell_from_inbuf(conn);
default:
log(LOG_DEBUG,"connection_op_process_inbuf() called in state where I'm writing. Ignoring buf for now.")
;
}
return 0;
}
int op_handshake_process_keys(connection_t *conn) {
int retval;
//int x;
unsigned char iv[16];
/* key exchange message */
unsigned char auth_cipher[128];
unsigned char auth_plain[128];
assert(conn);
log(LOG_DEBUG,"op_handshake_process_keys() entered.");
if(conn->inbuf_datalen < 128) /* entire response available? */
return 0; /* not yet */
if(connection_fetch_from_buf(auth_cipher,128,conn) < 0) {
return -1;
}
log(LOG_DEBUG,"op_handshake_process_keys() : Received auth.");
/* decrypt response */
retval = crypto_pk_private_decrypt(get_privatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Decrypting keys from new OP failed.");
log(LOG_DEBUG,"op_handshake_process_keys() : Reason : %s.",
crypto_perror());
return -1;
}
/* XXXX Check length */
log(LOG_DEBUG,"Successfully decrypted keys from new OP.");
conn->bandwidth = ntohl(*((uint32_t *)auth_plain));
log(LOG_DEBUG,"op_handshake_process_keys(): Bandwidth %d requested.",conn->bandwidth);
crypto_cipher_set_key(conn->b_crypto, auth_plain+4);
crypto_cipher_set_key(conn->f_crypto, auth_plain+20);
#if 0
printf("f_session_key: ");
for(x=0;x<8;x++) {
printf("%d ",conn->f_crypto->key[x]);
}
printf("\nb_session_key: ");
for(x=0;x<8;x++) {
printf("%d ",conn->b_crypto->key[x]);
}
printf("\n");
#endif
memset(iv, 0, 16);
crypto_cipher_set_iv(conn->b_crypto, iv);
crypto_cipher_set_iv(conn->f_crypto, iv);
crypto_cipher_encrypt_init_cipher(conn->b_crypto);
crypto_cipher_decrypt_init_cipher(conn->f_crypto);
conn->state = OP_CONN_STATE_OPEN;
connection_init_timeval(conn);
connection_watch_events(conn, POLLIN);
return connection_process_inbuf(conn); /* in case they sent some cells along with the keys */
}
int connection_op_finished_flushing(connection_t *conn) {
assert(conn && conn->type == CONN_TYPE_OP);
switch(conn->state) {
case OP_CONN_STATE_OPEN:
/* FIXME down the road, we'll clear out circuits that are pending to close */
connection_stop_writing(conn);
return 0;
default:
log(LOG_DEBUG,"Bug: connection_op_finished_flushing() called in unexpected state.");
return 0;
}
return 0;
}
int connection_op_create_listener(struct sockaddr_in *bindaddr) {
log(LOG_DEBUG,"connection_create_op_listener starting");
return connection_create_listener(bindaddr, CONN_TYPE_OP_LISTENER);
}
int connection_op_handle_listener_read(connection_t *conn) {
log(LOG_NOTICE,"OP: Received a connection request. Waiting for keys.");
return connection_handle_listener_read(conn, CONN_TYPE_OP, OP_CONN_STATE_AWAITING_KEYS);
}
/*
Local Variables:
mode:c
indent-tabs-mode:nil
c-basic-offset:2
End:
*/
......@@ -3,8 +3,9 @@
/* $Id$ */
#include "or.h"
extern or_options_t options; /* command-line and config-file options */
/*
/*
*
* these two functions are the main ways 'in' to connection_or
*
......@@ -44,22 +45,6 @@ int connection_or_finished_flushing(connection_t *conn) {
assert(conn && conn->type == CONN_TYPE_OR);
switch(conn->state) {
case OR_CONN_STATE_OP_CONNECTING:
if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, &e, &len) < 0) { /* not yet */
if(errno != EINPROGRESS){
/* yuck. kill it. */
log(LOG_DEBUG,"connection_or_finished_flushing(): in-progress connect failed. Removing.");
return -1;
} else {
return 0; /* no change, see if next time is better */
}
}
/* the connect has finished. */
log(LOG_DEBUG,"connection_or_finished_flushing() : OP connection to router %s:%u established.",
conn->address,conn->port);
return or_handshake_op_send_keys(conn);
case OR_CONN_STATE_OP_SENDING_KEYS:
return or_handshake_op_finished_sending_keys(conn);
case OR_CONN_STATE_CLIENT_CONNECTING:
......@@ -77,7 +62,10 @@ int connection_or_finished_flushing(connection_t *conn) {
log(LOG_DEBUG,"connection_or_finished_flushing() : OR connection to router %s:%u established.",
conn->address,conn->port);
return or_handshake_client_send_auth(conn);
if(options.OnionRouter)
return or_handshake_client_send_auth(conn);
else
return or_handshake_op_send_keys(conn);
case OR_CONN_STATE_CLIENT_SENDING_AUTH:
log(LOG_DEBUG,"connection_or_finished_flushing(): client finished sending auth.");
conn->state = OR_CONN_STATE_CLIENT_AUTH_WAIT;
......@@ -121,38 +109,35 @@ void conn_or_init_crypto(connection_t *conn) {
unsigned char iv[16];
assert(conn);
#if 0
printf("f_session_key: ");
for(x=0;x<8;x++) {
printf("%d ",conn->f_crypto->key[x]);
}
printf("\nb_session_key: ");
for(x=0;x<8;x++) {
printf("%d ",conn->b_crypto->key[x]);
}
printf("\n");
#endif
memset((void *)iv, 0, 16);
crypto_cipher_set_iv(conn->f_crypto, iv);
crypto_cipher_set_iv(conn->b_crypto, iv);
crypto_cipher_encrypt_init_cipher(conn->f_crypto);
crypto_cipher_decrypt_init_cipher(conn->b_crypto);
/* always encrypt with f, always decrypt with b */
}
/* helper function for connection_or_connect_as_or and _as_op.
* returns NULL if the connection fails. If it succeeds, it sets
* *result to 1 if connect() returned before completing, or to 2
* if it completed, and returns the new conn.
*/
connection_t *connection_or_connect(routerinfo_t *router, uint16_t port, int *result) {
connection_t *connection_or_connect(routerinfo_t *router) {
connection_t *conn;
struct sockaddr_in router_addr;
int s;
assert(router);
if(router_is_me(router->addr, router->or_port)) {
/* this is me! don't connect to me. */
log(LOG_DEBUG,"connection_or_connect(): This is me. Skipping.");
return NULL;
}
/* this function should never be called if we're already connected to router, but */
/* check first to be sure */
conn = connection_exact_get_by_addr_port(router->addr,router->or_port);
if(conn)
return conn;
conn = connection_new(CONN_TYPE_OR);
if(!conn) {
return NULL;
......@@ -160,14 +145,13 @@ connection_t *connection_or_connect(routerinfo_t *router, uint16_t port, int *re
/* set up conn so it's got all the data we need to remember */
conn->addr = router->addr;
conn->port = router->or_port; /* NOTE we store or_port here always */
conn->port = router->or_port;
conn->bandwidth = router->bandwidth;
conn->pkey = crypto_pk_dup_key(router->pkey);
conn->address = strdup(router->address);
s=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
if (s < 0)
{
if (s < 0) {
log(LOG_ERR,"Error creating network socket.");
connection_free(conn);
return NULL;
......@@ -176,11 +160,10 @@ connection_t *connection_or_connect(routerinfo_t *router, uint16_t port, int *re
memset((void *)&router_addr,0,sizeof(router_addr));
router_addr.sin_family = AF_INET;
router_addr.sin_port = htons(port);
router_addr.sin_port = htons(router->or_port);
router_addr.sin_addr.s_addr = htonl(router->addr);
log(LOG_DEBUG,"connection_or_connect() : Trying to connect to %s:%u.",router->address,port);
log(LOG_DEBUG,"connection_or_connect() : Trying to connect to %s:%u.",router->address,router->or_port);
if(connect(s,(struct sockaddr *)&router_addr,sizeof(router_addr)) < 0){
if(errno != EINPROGRESS){
/* yuck. kill it. */
......@@ -197,9 +180,8 @@ connection_t *connection_or_connect(routerinfo_t *router, uint16_t port, int *re
log(LOG_DEBUG,"connection_or_connect() : connect in progress.");
connection_watch_events(conn, POLLIN | POLLOUT); /* writable indicates finish, readable indicates broken link */
*result = 1; /* connecting */
conn->state = OR_CONN_STATE_CLIENT_CONNECTING;
return conn;
}
}
......@@ -211,62 +193,21 @@ connection_t *connection_or_connect(routerinfo_t *router, uint16_t port, int *re
return NULL;
}
log(LOG_DEBUG,"connection_or_connect() : Connection to router %s:%u established.",router->address,port);
*result = 2; /* connection finished */
return(conn);
}
/*
*
* handshake for connecting to the op_port of an onion router
*
*/
connection_t *connection_or_connect_as_op(routerinfo_t *router) {
connection_t *conn;
int result=0; /* so connection_or_connect() can tell us what happened */
assert(router);
if(router_is_me(router->addr, router->or_port)) {
/* this is me! don't connect to me. */
log(LOG_WARNING,"connection_or_connect_as_op(): You just asked me to connect to myself.");
return NULL;
}
/* this function should never be called if we're already connected to router, but */
/* check first to be sure */
conn = connection_exact_get_by_addr_port(router->addr,router->or_port);
if(conn)
return conn;
log(LOG_DEBUG,"connection_or_connect() : Connection to router %s:%u established.",
router->address, router->or_port);
conn = connection_or_connect(router, router->op_port, &result);
if(!conn)
return NULL;
if((options.OnionRouter && or_handshake_client_send_auth(conn) >= 0) ||
(!options.OnionRouter && or_handshake_op_send_keys(conn) >= 0))
return conn; /* success! */
assert(result != 0); /* if conn is defined, then it must have set result */
/* now we know it succeeded */
if(result == 1) {
conn->state = OR_CONN_STATE_OP_CONNECTING;
return conn;
}
if(result == 2) {
/* move to the next step in the handshake */
if(or_handshake_op_send_keys(conn) < 0) {
connection_remove(conn);
connection_free(conn);
return NULL;
}
return conn;
}
return NULL; /* shouldn't get here; to keep gcc happy */
/* failure */
connection_remove(conn);
connection_free(conn);
return NULL;
}
int or_handshake_op_send_keys(connection_t *conn) {
unsigned char message[36]; /* bandwidth(32bits), forward key(128bits), backward key(128bits) */
unsigned char message[38]; /* flag(16bits), bandwidth(32bits), forward key(128bits), backward key(128bits) */
unsigned char cipher[128];
int retval;
......@@ -282,24 +223,13 @@ int or_handshake_op_send_keys(connection_t *conn) {
}
log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys.");
/* compose the message */
*(uint32_t *)message = htonl(conn->bandwidth);
memcpy((void *)(message + 4), (void *)conn->f_crypto->key, 16);
memcpy((void *)(message + 20), (void *)conn->b_crypto->key, 16);
#if 0
printf("f_session_key: ");
for(x=0;x<16;x++) {
printf("%d ",conn->f_crypto->key[x]);
}
printf("\nb_session_key: ");
for(x=0;x<16;x++) {
printf("%d ",conn->b_crypto->key[x]);
}
printf("\n");
#endif
*(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
*(uint32_t *)(message+2) = htonl(conn->bandwidth);
memcpy((void *)(message+6), (void *)conn->f_crypto->key, 16);
memcpy((void *)(message+22), (void *)conn->b_crypto->key, 16);
/* encrypt with RSA */
if(crypto_pk_public_encrypt(conn->pkey, message, 36, cipher, RSA_PKCS1_PADDING) < 0) {
if(crypto_pk_public_encrypt(conn->pkey, message, 38, cipher, RSA_PKCS1_PADDING) < 0) {
log(LOG_ERR,"or_handshake_op_send_keys(): Public key encryption failed.");
return -1;
}
......@@ -338,49 +268,9 @@ int or_handshake_op_finished_sending_keys(connection_t *conn) {
return 0;
}
/*
*
* auth handshake, as performed by OR *initiating* the connection
*
*/
connection_t *connection_or_connect_as_or(routerinfo_t *router) {
connection_t *conn;
int result=0; /* so connection_or_connect() can tell us what happened */
assert(router);
if(router_is_me(router->addr, router->or_port)) {
/* this is me! don't connect to me. */
log(LOG_DEBUG,"connection_or_connect_as_or(): This is me. Skipping.");
return NULL;
}
conn = connection_or_connect(router, router->or_port, &result);
if(!conn)
return NULL;
/* now we know it succeeded */
if(result == 1) {
conn->state = OR_CONN_STATE_CLIENT_CONNECTING;
return conn;
}
if(result == 2) {
/* move to the next step in the handshake */
if(or_handshake_client_send_auth(conn) < 0) {
connection_remove(conn);
connection_free(conn);
return NULL;
}
return conn;
}
return NULL; /* shouldn't get here; to keep gcc happy */
}
int or_handshake_client_send_auth(connection_t *conn) {
int retval;
char buf[48];
char buf[50];
char cipher[128];
struct sockaddr_in me; /* my router identity */
......@@ -398,17 +288,18 @@ int or_handshake_client_send_auth(connection_t *conn) {
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated DES keys.");
/* generate first message */
*(uint32_t*)buf = me.sin_addr.s_addr; /* local address, network order */
*(uint16_t*)(buf+4) = me.sin_port; /* local port, network order */
*(uint32_t*)(buf+6) = htonl(conn->addr); /* remote address */
*(uint16_t*)(buf+10) = htons(conn->port); /* remote port */
memcpy(buf+12,conn->f_crypto->key,16); /* keys */
memcpy(buf+28,conn->b_crypto->key,16);
*(uint32_t *)(buf+44) = htonl(conn->bandwidth); /* max link utilisation */
*(uint16_t*)buf = htons(HANDSHAKE_AS_OR);
*(uint32_t*)(buf+2) = me.sin_addr.s_addr; /* local address, network order */
*(uint16_t*)(buf+6) = me.sin_port; /* local port, network order */
*(uint32_t*)(buf+8) = htonl(conn->addr); /* remote address */
*(uint16_t*)(buf+12) = htons(conn->port); /* remote port */
memcpy(buf+14,conn->f_crypto->key,16); /* keys */
memcpy(buf+30,conn->b_crypto->key,16);
*(uint32_t *)(buf+46) = htonl(conn->bandwidth); /* max link utilisation */
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated first authentication message.");
/* encrypt message */
retval = crypto_pk_public_encrypt(conn->pkey, buf, 48, cipher,RSA_PKCS1_PADDING);
retval = crypto_pk_public_encrypt(conn->pkey, buf, 50, cipher,RSA_PKCS1_PADDING);
if (retval == -1) /* error */
{
log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
......@@ -550,9 +441,11 @@ int or_handshake_client_process_auth(connection_t *conn) {
int or_handshake_server_process_auth(connection_t *conn) {
int retval;
char buf[128]; /* only 48 of this is expected to be used */
char buf[128]; /* 50 of this is expected to be used for OR, 38 for OP */
char cipher[128];