rendmid.c 13.1 KB
Newer Older
1
/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2
 * Copyright (c) 2007-2020, The Tor Project, Inc. */
3
4
/* See LICENSE for licensing information */

Roger Dingledine's avatar
Roger Dingledine committed
5
6
7
8
/**
 * \file rendmid.c
 * \brief Implement introductions points and rendezvous points.
 **/
9

10
11
12
13
14
#include "core/or/or.h"
#include "core/or/channel.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
#include "app/config/config.h"
15
#include "lib/crypt_ops/crypto_cipher.h"
16
17
18
19
20
#include "core/or/dos.h"
#include "core/or/relay.h"
#include "feature/rend/rendmid.h"
#include "feature/stats/rephist.h"
#include "feature/hs/hs_circuitmap.h"
21
#include "feature/hs/hs_dos.h"
22
#include "feature/hs/hs_intropoint.h"
23

24
#include "core/or/or_circuit_st.h"
25

Roger Dingledine's avatar
Roger Dingledine committed
26
/** Respond to an ESTABLISH_INTRO cell by checking the signed data and
27
 * setting the circuit's purpose and service pk digest.
28
 */
29
int
30
31
rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request,
                                size_t request_len)
32
{
33
  crypto_pk_t *pk = NULL;
34
35
36
  char buf[DIGEST_LEN+9];
  char expected_digest[DIGEST_LEN];
  char pk_digest[DIGEST_LEN];
37
  size_t asn1len;
38
  or_circuit_t *c;
39
  char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
40
  int reason = END_CIRC_REASON_INTERNAL;
41

42
  log_info(LD_REND,
43
           "Received a legacy ESTABLISH_INTRO request on circuit %u",
44
           (unsigned) circ->p_circ_id);
45

46
  if (!hs_intro_circuit_is_suitable_for_establish_intro(circ)) {
47
    reason = END_CIRC_REASON_TORPROTOCOL;
48
49
    goto err;
  }
50

51
  if (request_len < 2+DIGEST_LEN)
52
53
    goto truncated;
  /* First 2 bytes: length of asn1-encoded key. */
54
  asn1len = ntohs(get_uint16(request));
55
56

  /* Next asn1len bytes: asn1-encoded key. */
57
  if (request_len < 2+DIGEST_LEN+asn1len)
58
    goto truncated;
Nick Mathewson's avatar
Nick Mathewson committed
59
  pk = crypto_pk_asn1_decode((char*)(request+2), asn1len);
60
  if (!pk) {
61
    reason = END_CIRC_REASON_TORPROTOCOL;
62
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Couldn't decode public key.");
63
64
65
    goto err;
  }

66
67
  /* Next 20 bytes: Hash of rend_circ_nonce | "INTRODUCE" */
  memcpy(buf, circ->rend_circ_nonce, DIGEST_LEN);
68
  memcpy(buf+DIGEST_LEN, "INTRODUCE", 9);
69
  if (crypto_digest(expected_digest, buf, DIGEST_LEN+9) < 0) {
70
    log_warn(LD_BUG, "Internal error computing digest.");
71
72
    goto err;
  }
73
  if (tor_memneq(expected_digest, request+2+asn1len, DIGEST_LEN)) {
74
75
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Hash of session info was not as expected.");
76
    reason = END_CIRC_REASON_TORPROTOCOL;
77
78
79
    goto err;
  }
  /* Rest of body: signature of previous data */
Nick Mathewson's avatar
Nick Mathewson committed
80
81
  if (crypto_pk_public_checksig_digest(pk,
                                       (char*)request, 2+asn1len+DIGEST_LEN,
Nick Mathewson's avatar
Nick Mathewson committed
82
                                       (char*)(request+2+DIGEST_LEN+asn1len),
83
                                       request_len-(2+DIGEST_LEN+asn1len))<0) {
84
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
85
             "Incorrect signature on ESTABLISH_INTRO cell; rejecting.");
86
    reason = END_CIRC_REASON_TORPROTOCOL;
87
88
89
    goto err;
  }

90
  /* The request is valid.  First, compute the hash of the service's PK.*/
91
  if (crypto_pk_get_digest(pk, pk_digest)<0) {
92
    log_warn(LD_BUG, "Internal error: couldn't hash public key.");
93
94
95
    goto err;
  }

96
  crypto_pk_free(pk); /* don't need it anymore */
97
98
  pk = NULL; /* so we don't free it again if err */

99
100
  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
                pk_digest, REND_SERVICE_ID_LEN);
101

102
103
  /* Close any other intro circuits with the same pk. */
  c = NULL;
104
105
  while ((c = hs_circuitmap_get_intro_circ_v2_relay_side(
                                                (const uint8_t *)pk_digest))) {
106
107
    log_info(LD_REND, "Replacing old circuit for service %s",
             safe_str(serviceid));
108
    circuit_mark_for_close(TO_CIRCUIT(c), END_CIRC_REASON_FINISHED);
109
    /* Now it's marked, and it won't be returned next time. */
110
111
  }

112
  /* Acknowledge the request. */
113
  if (hs_intro_send_intro_established_cell(circ) < 0) {
114
    log_info(LD_GENERAL, "Couldn't send INTRO_ESTABLISHED cell.");
115
    goto err_no_close;
Nick Mathewson's avatar
Nick Mathewson committed
116
117
  }

118
  /* Now, set up this circuit. */
119
  circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT);
120
  hs_circuitmap_register_intro_circ_v2_relay_side(circ, (uint8_t *)pk_digest);
121
  hs_dos_setup_default_intro2_defenses(circ);
122

123
  log_info(LD_REND,
124
125
           "Established introduction point on circuit %u for service %s",
           (unsigned) circ->p_circ_id, safe_str(serviceid));
126

127
  return 0;
128
 truncated:
129
  log_warn(LD_PROTOCOL, "Rejecting truncated ESTABLISH_INTRO cell.");
130
  reason = END_CIRC_REASON_TORPROTOCOL;
131
 err:
132
  circuit_mark_for_close(TO_CIRCUIT(circ), reason);
133
134
 err_no_close:
  if (pk) crypto_pk_free(pk);
135
  return -1;
136
137
}

Roger Dingledine's avatar
Roger Dingledine committed
138
/** Process an INTRODUCE1 cell by finding the corresponding introduction
139
140
141
 * circuit, and relaying the body of the INTRODUCE1 cell inside an
 * INTRODUCE2 cell.
 */
142
int
143
144
rend_mid_introduce_legacy(or_circuit_t *circ, const uint8_t *request,
                          size_t request_len)
145
{
146
  or_circuit_t *intro_circ;
147
  char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
148
  char nak_body[1];
Nick Mathewson's avatar
Nick Mathewson committed
149

150
151
  log_info(LD_REND, "Received an INTRODUCE1 request on circuit %u",
           (unsigned)circ->p_circ_id);
152

153
154
155
156
  /* At this point, we know that the circuit is valid for an INTRODUCE1
   * because the validation has been made before calling this function. */
  tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_OR);
  tor_assert(!circ->base_.n_chan);
157

158
159
160
161
  /* We could change this to MAX_HEX_NICKNAME_LEN now that 0.0.9.x is
   * obsolete; however, there isn't much reason to do so, and we're going
   * to revise this protocol anyway.
   */
162
  if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
163
164
                     DH1024_KEY_LEN+CIPHER_KEY_LEN+
                     PKCS1_OAEP_PADDING_OVERHEAD)) {
165
166
167
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Impossibly short INTRODUCE1 cell on circuit %u; "
           "responding with nack.", (unsigned)circ->p_circ_id);
168
169
170
    goto err;
  }

171
  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
Nick Mathewson's avatar
Nick Mathewson committed
172
                (char*)request, REND_SERVICE_ID_LEN);
173

174
175
  /* The first 20 bytes are all we look at: they have a hash of the service's
   * PK. */
176
177
  intro_circ = hs_circuitmap_get_intro_circ_v2_relay_side(
                                                      (const uint8_t*)request);
178
  if (!intro_circ) {
179
    log_info(LD_REND,
180
             "No intro circ found for INTRODUCE1 cell (%s) from circuit %u; "
181
             "responding with nack.",
182
             safe_str(serviceid), (unsigned)circ->p_circ_id);
183
184
185
    goto err;
  }

186
187
188
189
190
191
192
193
  /* Before sending, lets make sure this cell can be sent on the service
   * circuit asking the DoS defenses. */
  if (!hs_dos_can_send_intro2(intro_circ)) {
    log_info(LD_PROTOCOL, "Can't relay INTRODUCE1 v2 cell due to DoS "
                          "limitations. Sending NACK to client.");
    goto err;
  }

194
195
  log_info(LD_REND,
           "Sending introduction request for service %s "
196
197
198
           "from circ %u to circ %u",
           safe_str(serviceid), (unsigned)circ->p_circ_id,
           (unsigned)intro_circ->p_circ_id);
Nick Mathewson's avatar
Nick Mathewson committed
199

200
  /* Great.  Now we just relay the cell down the circuit. */
201
  if (relay_send_command_from_edge(0, TO_CIRCUIT(intro_circ),
202
                                   RELAY_COMMAND_INTRODUCE2,
Nick Mathewson's avatar
Nick Mathewson committed
203
                                   (char*)request, request_len, NULL)) {
204
205
    log_warn(LD_GENERAL,
             "Unable to send INTRODUCE2 cell to Tor client.");
206
207
    /* Stop right now, the circuit has been closed. */
    return -1;
208
  }
209
  /* And send an ack down the client's circuit.  Empty body means succeeded. */
210
  if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
211
                                   RELAY_COMMAND_INTRODUCE_ACK,
212
                                   NULL,0,NULL)) {
213
    log_warn(LD_GENERAL, "Unable to send INTRODUCE_ACK cell to Tor client.");
214
    /* Stop right now, the circuit has been closed. */
215
216
    return -1;
  }
217

218
  return 0;
219
 err:
Roger Dingledine's avatar
Roger Dingledine committed
220
  /* Send the client a NACK */
221
  nak_body[0] = 1;
222
  if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
223
                                   RELAY_COMMAND_INTRODUCE_ACK,
224
                                   nak_body, 1, NULL)) {
225
    log_warn(LD_GENERAL, "Unable to send NAK to Tor client.");
226
  }
227
  return -1;
228
229
}

Roger Dingledine's avatar
Roger Dingledine committed
230
/** Process an ESTABLISH_RENDEZVOUS cell by setting the circuit's purpose and
231
232
 * rendezvous cookie.
 */
233
int
Nick Mathewson's avatar
Nick Mathewson committed
234
rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
235
                              size_t request_len)
236
{
Nick Mathewson's avatar
Nick Mathewson committed
237
  char hexid[9];
238
  int reason = END_CIRC_REASON_TORPROTOCOL;
Nick Mathewson's avatar
Nick Mathewson committed
239

240
241
  log_info(LD_REND, "Received an ESTABLISH_RENDEZVOUS request on circuit %u",
           (unsigned)circ->p_circ_id);
242

243
  if (circ->base_.purpose != CIRCUIT_PURPOSE_OR) {
244
245
246
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Tried to establish rendezvous on non-OR circuit with purpose %s",
           circuit_purpose_to_string(circ->base_.purpose));
247
248
249
    goto err;
  }

Roger Dingledine's avatar
Roger Dingledine committed
250
251
  /* Check if we are configured to defend ourselves from clients that
   * attempt to establish rendezvous points directly to us. */
252
253
254
255
256
257
258
259
  if (channel_is_client(circ->p_chan) &&
      dos_should_refuse_single_hop_client()) {
    /* Note it down for the heartbeat log purposes. */
    dos_note_refuse_single_hop_client();
    /* Silent drop so the client has to time out before moving on. */
    return 0;
  }

260
  if (circ->base_.n_chan) {
261
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
262
             "Tried to establish rendezvous on non-edge circuit");
263
264
265
266
    goto err;
  }

  if (request_len != REND_COOKIE_LEN) {
267
268
    log_fn(LOG_PROTOCOL_WARN,
           LD_PROTOCOL, "Invalid length on ESTABLISH_RENDEZVOUS.");
269
270
271
    goto err;
  }

272
  if (hs_circuitmap_get_rend_circ_relay_side(request)) {
273
274
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.");
275
276
277
    goto err;
  }

278
  /* Acknowledge the request. */
279
  if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
Nick Mathewson's avatar
Nick Mathewson committed
280
                                   RELAY_COMMAND_RENDEZVOUS_ESTABLISHED,
281
                                   "", 0, NULL)<0) {
282
    log_warn(LD_PROTOCOL, "Couldn't send RENDEZVOUS_ESTABLISHED cell.");
283
    /* Stop right now, the circuit has been closed. */
284
    return -1;
Nick Mathewson's avatar
Nick Mathewson committed
285
286
  }

287
  circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_REND_POINT_WAITING);
288
  hs_circuitmap_register_rend_circ_relay_side(circ, request);
289

Nick Mathewson's avatar
Nick Mathewson committed
290
  base16_encode(hexid,9,(char*)request,4);
291

292
  log_info(LD_REND,
293
294
           "Established rendezvous point on circuit %u for cookie %s",
           (unsigned)circ->p_circ_id, hexid);
Nick Mathewson's avatar
Nick Mathewson committed
295

296
  return 0;
297
 err:
298
  circuit_mark_for_close(TO_CIRCUIT(circ), reason);
299
  return -1;
300
301
}

Roger Dingledine's avatar
Roger Dingledine committed
302
/** Process a RENDEZVOUS1 cell by looking up the correct rendezvous
303
304
 * circuit by its relaying the cell's body in a RENDEZVOUS2 cell, and
 * connecting the two circuits.
305
 */
306
int
Nick Mathewson's avatar
Nick Mathewson committed
307
rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
308
                    size_t request_len)
309
{
310
  const or_options_t *options = get_options();
311
  or_circuit_t *rend_circ;
Nick Mathewson's avatar
Nick Mathewson committed
312
  char hexid[9];
313
  int reason = END_CIRC_REASON_INTERNAL;
314

315
  if (circ->base_.purpose != CIRCUIT_PURPOSE_OR || circ->base_.n_chan) {
316
317
318
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Tried to complete rendezvous on non-OR or non-edge circuit %u.",
           (unsigned)circ->p_circ_id);
319
    reason = END_CIRC_REASON_TORPROTOCOL;
320
321
322
    goto err;
  }

323
  if (request_len < REND_COOKIE_LEN) {
324
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
325
326
         "Rejecting RENDEZVOUS1 cell with bad length (%d) on circuit %u.",
         (int)request_len, (unsigned)circ->p_circ_id);
327
    reason = END_CIRC_REASON_TORPROTOCOL;
328
329
330
    goto err;
  }

331
  base16_encode(hexid, sizeof(hexid), (const char*)request, 4);
332
333

  log_info(LD_REND,
334
335
           "Got request for rendezvous from circuit %u to cookie %s.",
           (unsigned)circ->p_circ_id, hexid);
336

337
  rend_circ = hs_circuitmap_get_rend_circ_relay_side(request);
338
  if (!rend_circ) {
339
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
340
341
         "Rejecting RENDEZVOUS1 cell with unrecognized rendezvous cookie %s.",
         hexid);
342
    reason = END_CIRC_REASON_TORPROTOCOL;
343
344
345
    goto err;
  }

346
  /* Statistics: Mark circuits as RP circuits */
347
  if (options->HiddenServiceStatistics) {
348
    /* `circ` is the RP <-> service circuit */
349
    circ->circuit_carries_hs_traffic_stats = 1;
350
351
    /* `rend_circ` is the client <-> RP circuit */
    rend_circ->circuit_carries_hs_traffic_stats = 1;
352
353
  }

354
  /* Send the RENDEZVOUS2 cell to the client. */
355
  if (relay_send_command_from_edge(0, TO_CIRCUIT(rend_circ),
356
                                   RELAY_COMMAND_RENDEZVOUS2,
Nick Mathewson's avatar
Nick Mathewson committed
357
                                   (char*)(request+REND_COOKIE_LEN),
358
                                   request_len-REND_COOKIE_LEN, NULL)) {
359
    log_warn(LD_GENERAL,
360
361
             "Unable to send RENDEZVOUS2 cell to client on circuit %u.",
             (unsigned)rend_circ->p_circ_id);
362
363
    /* Stop right now, the circuit has been closed. */
    return -1;
364
365
366
  }

  /* Join the circuits. */
367
  log_info(LD_REND,
368
369
           "Completing rendezvous: circuit %u joins circuit %u (cookie %s)",
           (unsigned)circ->p_circ_id, (unsigned)rend_circ->p_circ_id, hexid);
Nick Mathewson's avatar
Nick Mathewson committed
370

371
372
373
  circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_REND_ESTABLISHED);
  circuit_change_purpose(TO_CIRCUIT(rend_circ),
                         CIRCUIT_PURPOSE_REND_ESTABLISHED);
374
  hs_circuitmap_remove_circuit(TO_CIRCUIT(circ));
375
376
377
378

  rend_circ->rend_splice = circ;
  circ->rend_splice = rend_circ;

379
  return 0;
380
 err:
381
  circuit_mark_for_close(TO_CIRCUIT(circ), reason);
382
  return -1;
383
}