Commit 3d4ccb78 authored by Nick Mathewson's avatar Nick Mathewson 🏃
Browse files

Refactor buffers; implement descriptors.

'buf_t' is now an opaque type defined in buffers.c .

Router descriptors now include all keys; routers generate keys as
needed on startup (in a newly defined "data directory"), and generate
their own descriptors.  Descriptors are now self-signed.

Implementation is not complete: descriptors are never published; and
upon receiving a descriptor, the directory doesn't do anything with
it.

At least "routers.or" and orkeygen are now obsolete, BTW.


svn:r483
parent a3bd8b54
......@@ -48,7 +48,7 @@ NICK - instruments ORs to report stats
. integrate rep_ok functions, see what breaks
ARMA - configure log files. separate log file, separate severities.
ARMA - what assumptions break if we fclose(0) when we daemonize?
NICK - make buffer struct elements opaque outside buffers.c
NICK o make buffer struct elements opaque outside buffers.c
ARMA - Go through log messages, reduce confusing error messages.
ARMA - make the logs include more info (fd, etc)
ARMA - add log convention to the HACKING file
......
......@@ -439,12 +439,16 @@ which reveals the downstream node.
(Unless otherwise noted, tokens on the same line are space-separated.)
Router ::= Router-Line Public-Key Signing-Key? Exit-Policy NL
Router ::= Router-Line Onion-Key Link-Key Signing-Key Exit-Policy Router-Signature NL
Router-Line ::= "router" address ORPort APPort DirPort bandwidth NL
Public-key ::= a public key in PEM format NL
Signing-Key ::= "signing-key" NL signing key in PEM format NL
Onion-key ::= "onion-key" NL a public key in PEM format NL
Link-key ::= "link-key" NL a public key in PEM format NL
Signing-Key ::= "signing-key" NL a public key in PEM format NL
Exit-Policy ::= Exit-Line*
Exit-Line ::= ("accept"|"reject") string NL
Router-Signature ::= "router-signature" NL Signature
Signature ::= "-----BEGIN SIGNATURE-----" NL
Base-64-encoded-signature NL "-----END SIGNATURE-----" NL
ORport ::= port where the router listens for routers/proxies (speaking cells)
APPort ::= where the router listens for applications (speaking socks)
......@@ -475,7 +479,8 @@ Directory ::= Directory-Header Directory-Router Router* Signature
Directory-Header ::= "signed-directory" NL Software-Line NL
Software-Line: "recommended-software" comma-separated-version-list
Directory-Router ::= Router
Signature ::= "directory-signature" NL "-----BEGIN SIGNATURE-----" NL
Directory-Signature ::= "directory-signature" NL Signature
Signature ::= "-----BEGIN SIGNATURE-----" NL
Base-64-encoded-signature NL "-----END SIGNATURE-----" NL
Note: The router block for the directory server must appear first.
......
......@@ -349,7 +349,7 @@ int crypto_pk_read_private_key_from_file(crypto_pk_env_t *env, FILE *src)
return 0;
}
int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, unsigned char *keyfile)
int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile)
{
FILE *f_pr;
int retval = 0;
......@@ -618,6 +618,43 @@ int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromle
}
}
int
crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out)
{
unsigned char *buf, *bufp;
unsigned char digest[20];
int len;
int i;
assert(pk->type == CRYPTO_PK_RSA);
len = i2d_RSAPublicKey((RSA*)pk->key, NULL);
if (len < 0)
return -1;
if (len<FINGERPRINT_LEN+1) len = FINGERPRINT_LEN+1;
buf = bufp = tor_malloc(len+1);
len = i2d_RSAPublicKey((RSA*)pk->key, &bufp);
if (len < 0) {
free(buf);
return -1;
}
if (crypto_SHA_digest(buf, len, digest) < 0) {
free(buf);
return -1;
}
bufp = buf;
for (i = 0; i < 20; ++i) {
sprintf(bufp,"%02X",digest[i]);
bufp += 2;
if (i%2 && i != 19) {
*bufp++ = ' ';
}
}
*bufp = '\0';
assert(strlen(buf) == FINGERPRINT_LEN);
strcpy(fp_out, buf);
free(buf);
return 0;
}
/* symmetric crypto */
int crypto_cipher_generate_key(crypto_cipher_env_t *env)
{
......
......@@ -42,7 +42,7 @@ int crypto_pk_read_public_key_from_string(crypto_pk_env_t *env, char *src, int l
int crypto_pk_write_private_key_to_file(crypto_pk_env_t *env, FILE *dest);
int crypto_pk_write_public_key_to_file(crypto_pk_env_t *env, FILE *dest);
int crypto_pk_check_key(crypto_pk_env_t *env);
int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, unsigned char *keyfile);
int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile);
int crypto_pk_set_key(crypto_pk_env_t *env, unsigned char *key);
int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b);
......@@ -53,6 +53,8 @@ int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int from
int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
#define FINGERPRINT_LEN 49
int crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out);
int base64_encode(char *dest, int destlen, char *src, int srclen);
int base64_decode(char *dest, int destlen, char *src, int srclen);
......
......@@ -33,6 +33,9 @@ struct tor_tls_st {
int isServer;
};
static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
const char *nickname);
/* global tls context, keep it here because nobody else needs to touch it */
static tor_tls_context *global_tls_context=NULL;
static int tls_library_is_initialized = 0;
......@@ -111,8 +114,9 @@ static int always_accept_verify_cb(int preverify_ok,
* commonName 'nickname', and write it, PEM-encoded, to the file named
* by 'certfile'. Return 0 on success, -1 for failure.
*/
int
tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
X509 *
tor_tls_create_certificate(crypto_pk_env_t *rsa,
const char *nickname)
{
time_t start_time, end_time;
EVP_PKEY *pkey = NULL;
......@@ -120,15 +124,15 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
X509_NAME *name = NULL;
BIO *out = NULL;
int nid;
int r;
int err;
tor_tls_init();
start_time = time(NULL);
assert(rsa);
assert(rsa && nickname);
if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa)))
return -1;
return NULL;
if (!(x509 = X509_new()))
goto error;
if (!(X509_set_version(x509, 2)))
......@@ -143,7 +147,7 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
"TOR", -1, -1, 0))) goto error;
if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
nickname, -1, -1, 0))) goto error;
(char*)nickname, -1, -1, 0))) goto error;
if (!(X509_set_issuer_name(x509, name)))
goto error;
......@@ -158,25 +162,21 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
goto error;
if (!X509_sign(x509, pkey, EVP_sha1()))
goto error;
if (!(out = BIO_new_file(certfile, "w")))
goto error;
if (!(PEM_write_bio_X509(out, x509)))
goto error;
r = 0;
err = 0;
goto done;
error:
r = -1;
err = 1;
done:
if (out)
BIO_free(out);
if (x509)
if (x509 && err)
X509_free(x509);
if (pkey)
EVP_PKEY_free(pkey);
if (name)
X509_NAME_free(name);
return r;
return x509;
}
......@@ -201,16 +201,24 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
* used for that certificate. Return -1 if failure, else 0.
*/
int
tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer)
tor_tls_context_new(crypto_pk_env_t *rsa,
int isServer, const char *nickname)
{
crypto_dh_env_t *dh = NULL;
EVP_PKEY *pkey = NULL;
tor_tls_context *result;
assert((certfile && rsa) || (!certfile && !rsa));
X509 *cert = NULL;
tor_tls_init();
if (rsa) {
cert = tor_tls_create_certificate(rsa, nickname);
if (!cert) {
log(LOG_ERR, "Error creating certificate");
return NULL;
}
}
result = tor_malloc(sizeof(tor_tls_context));
result->ctx = NULL;
#ifdef EVERYONE_HAS_AES
......@@ -225,8 +233,7 @@ tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer)
#endif
if (!SSL_CTX_set_cipher_list(result->ctx, CIPHER_LIST))
goto error;
if (certfile && !SSL_CTX_use_certificate_file(result->ctx,certfile,
SSL_FILETYPE_PEM))
if (cert && !SSL_CTX_use_certificate(result->ctx,cert))
goto error;
SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
if (rsa) {
......@@ -236,7 +243,7 @@ tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer)
goto error;
EVP_PKEY_free(pkey);
pkey = NULL;
if (certfile) {
if (cert) {
if (!SSL_CTX_check_private_key(result->ctx))
goto error;
}
......
......@@ -16,8 +16,8 @@ typedef struct tor_tls_st tor_tls;
#define TOR_TLS_WANTWRITE -1
#define TOR_TLS_DONE 0
int tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname);
int tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer);
/* X509* tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname); */
int tor_tls_context_new(crypto_pk_env_t *rsa, int isServer, const char *nickname);
tor_tls *tor_tls_new(int sock, int isServer);
void tor_tls_free(tor_tls *tls);
int tor_tls_peer_has_cert(tor_tls *tls);
......
......@@ -8,50 +8,103 @@
extern or_options_t options; /* command-line and config-file options */
/* Create a new buf of size MAX_BUF_SIZE. Write a pointer to it
* into *buf, write MAX_BUF_SIZE into *buflen, and initialize
* *buf_datalen to 0. Return 0.
struct buf_t {
char *buf;
size_t len;
size_t datalen;
};
#define BUF_OK(b) ((b) && (b)->buf && (b)->datalen <= (b)->len)
/* Find the first instance of str on buf. If none exists, return -1.
* Otherwise, return index of the first character in buf _after_ the
* first instance of str.
*/
static int find_str_in_str(const char *str, int str_len,
const char *buf, int buf_len)
{
const char *location;
const char *last_possible = buf + buf_len - str_len;
assert(str && str_len > 0 && buf);
if(buf_len < str_len)
return -1;
for(location = buf; location <= last_possible; location++)
if((*location == *str) && !memcmp(location+1, str+1, str_len-1))
return location-buf+str_len;
return -1;
}
/* Create and return a new buf of size 'size'
*/
int buf_new(char **buf, int *buflen, int *buf_datalen) {
buf_t *buf_new_with_capacity(size_t size) {
buf_t *buf;
buf = (buf_t*)tor_malloc(sizeof(buf_t));
buf->buf = (char *)tor_malloc(size);
buf->len = size;
buf->datalen = 0;
// memset(buf->buf,0,size);
assert(BUF_OK(buf));
return buf;
}
assert(buf && buflen && buf_datalen);
buf_t *buf_new()
{
return buf_new_with_capacity(MAX_BUF_SIZE);
}
*buf = (char *)tor_malloc(MAX_BUF_SIZE);
// memset(*buf,0,MAX_BUF_SIZE);
*buflen = MAX_BUF_SIZE;
*buf_datalen = 0;
return 0;
size_t buf_datalen(const buf_t *buf)
{
return buf->datalen;
}
void buf_free(char *buf) {
size_t buf_capacity(const buf_t *buf)
{
return buf->len;
}
const char *_buf_peek_raw_buffer(const buf_t *buf)
{
return buf->buf;
}
void buf_free(buf_t *buf) {
assert(buf && buf->buf);
free(buf->buf);
free(buf);
}
/* read from socket s, writing onto buf+buf_datalen.
/* read from socket s, writing onto end of buf.
* read at most 'at_most' bytes, and in any case don't read more than will fit based on buflen.
* If read() returns 0, set *reached_eof to 1 and return 0. If you want to tear
* down the connection return -1, else return the number of bytes read.
*/
int read_to_buf(int s, int at_most, char **buf, int *buflen, int *buf_datalen, int *reached_eof) {
int read_to_buf(int s, int at_most, buf_t *buf, int *reached_eof) {
int read_result;
#ifdef MS_WINDOWS
int e;
#endif
assert(buf && *buf && buflen && buf_datalen && reached_eof && (s>=0));
assert(BUF_OK(buf) && reached_eof && (s>=0));
/* this is the point where you would grow the buffer, if you want to */
if(at_most > *buflen - *buf_datalen)
at_most = *buflen - *buf_datalen; /* take the min of the two */
if(at_most > buf->len - buf->datalen)
at_most = buf->len - buf->datalen; /* take the min of the two */
if(at_most == 0)
return 0; /* we shouldn't read anything */
// log_fn(LOG_DEBUG,"reading at most %d bytes.",at_most);
read_result = read(s, *buf+*buf_datalen, at_most);
read_result = read(s, buf->buf+buf->datalen, at_most);
if (read_result < 0) {
if(!ERRNO_EAGAIN(errno)) { /* it's a real error */
return -1;
......@@ -68,31 +121,33 @@ int read_to_buf(int s, int at_most, char **buf, int *buflen, int *buf_datalen, i
*reached_eof = 1;
return 0;
} else { /* we read some bytes */
*buf_datalen += read_result;
log_fn(LOG_DEBUG,"Read %d bytes. %d on inbuf.",read_result, *buf_datalen);
buf->datalen += read_result;
log_fn(LOG_DEBUG,"Read %d bytes. %d on inbuf.",read_result,
(int)buf->datalen);
return read_result;
}
}
int read_to_buf_tls(tor_tls *tls, int at_most, char **buf, int *buflen, int *buf_datalen) {
int read_to_buf_tls(tor_tls *tls, int at_most, buf_t *buf) {
int r;
assert(tls && *buf && buflen && buf_datalen);
assert(tls && BUF_OK(buf));
if (at_most > *buflen - *buf_datalen)
at_most = *buflen - *buf_datalen;
if (at_most > buf->len - buf->datalen)
at_most = buf->len - buf->datalen;
if (at_most == 0)
return 0;
r = tor_tls_read(tls, *buf+*buf_datalen, at_most);
r = tor_tls_read(tls, buf->buf+buf->datalen, at_most);
if (r<0)
return r;
*buf_datalen += r;
log_fn(LOG_DEBUG,"Read %d bytes. %d on inbuf.",r, *buf_datalen);
buf->datalen += r;
log_fn(LOG_DEBUG,"Read %d bytes. %d on inbuf.",r, (int)buf->datalen);
return r;
}
int flush_buf(int s, char **buf, int *buflen, int *buf_flushlen, int *buf_datalen) {
int flush_buf(int s, buf_t *buf, int *buf_flushlen)
{
/* push from buf onto s
* then memmove to front of buf
......@@ -103,14 +158,12 @@ int flush_buf(int s, char **buf, int *buflen, int *buf_flushlen, int *buf_datale
int e;
#endif
assert(buf && *buf && buflen && buf_flushlen && buf_datalen && (s>=0) && (*buf_flushlen <= *buf_datalen));
assert(BUF_OK(buf) && buf_flushlen && (s>=0) && (*buf_flushlen <= buf->datalen));
if(*buf_flushlen == 0) /* nothing to flush */
return 0;
/* this is the point where you would grow the buffer, if you want to */
write_result = write(s, *buf, *buf_flushlen);
write_result = write(s, buf->buf, *buf_flushlen);
if (write_result < 0) {
if(!ERRNO_EAGAIN(errno)) { /* it's a real error */
return -1;
......@@ -124,72 +177,70 @@ int flush_buf(int s, char **buf, int *buflen, int *buf_flushlen, int *buf_datale
log_fn(LOG_DEBUG,"write() would block, returning.");
return 0;
} else {
*buf_datalen -= write_result;
buf->datalen -= write_result;
*buf_flushlen -= write_result;
memmove(*buf, *buf+write_result, *buf_datalen);
memmove(buf->buf, buf->buf+write_result, buf->datalen);
log_fn(LOG_DEBUG,"%d: flushed %d bytes, %d ready to flush, %d remain.",
s,write_result,*buf_flushlen,*buf_datalen);
s,write_result,*buf_flushlen,(int)buf->datalen);
return *buf_flushlen;
/* XXX USE_TLS should change to return write_result like any sane function would */
}
}
int flush_buf_tls(tor_tls *tls, char **buf, int *buflen, int *buf_flushlen, int *buf_datalen)
int flush_buf_tls(tor_tls *tls, buf_t *buf, int *buf_flushlen)
{
int r;
assert(tls && *buf && buflen && buf_datalen);
assert(tls && BUF_OK(buf) && buf_flushlen);
/* we want to let tls write even if flushlen is zero, because it might
* have a partial record pending */
r = tor_tls_write(tls, *buf, *buf_flushlen);
r = tor_tls_write(tls, buf->buf, *buf_flushlen);
if (r < 0) {
return r;
}
*buf_datalen -= r;
buf->datalen -= r;
*buf_flushlen -= r;
memmove(*buf, *buf+r, *buf_datalen);
memmove(buf->buf, buf->buf+r, buf->datalen);
log_fn(LOG_DEBUG,"flushed %d bytes, %d ready to flush, %d remain.",
r,*buf_flushlen,*buf_datalen);
r,*buf_flushlen,(int)buf->datalen);
return r;
}
int write_to_buf(char *string, int string_len,
char **buf, int *buflen, int *buf_datalen) {
int write_to_buf(char *string, int string_len, buf_t *buf) {
/* append string to buf (growing as needed, return -1 if "too big")
* return total number of bytes on the buf
*/
assert(string && buf && *buf && buflen && buf_datalen);
assert(string && BUF_OK(buf));
/* this is the point where you would grow the buffer, if you want to */
if (string_len + *buf_datalen > *buflen) { /* we're out of luck */
if (string_len + buf->datalen > buf->len) { /* we're out of luck */
log_fn(LOG_DEBUG, "buflen too small. Time to implement growing dynamic bufs.");
return -1;
}
memcpy(*buf+*buf_datalen, string, string_len);
*buf_datalen += string_len;
log_fn(LOG_DEBUG,"added %d bytes to buf (now %d total).",string_len, *buf_datalen);
return *buf_datalen;
memcpy(buf->buf+buf->datalen, string, string_len);
buf->datalen += string_len;
log_fn(LOG_DEBUG,"added %d bytes to buf (now %d total).",string_len, (int)buf->datalen);
return buf->datalen;
}
int fetch_from_buf(char *string, int string_len,
char **buf, int *buflen, int *buf_datalen) {
int fetch_from_buf(char *string, int string_len, buf_t *buf) {
/* There must be string_len bytes in buf; write them onto string,
* then memmove buf back (that is, remove them from buf).
*
* Return the number of bytes still on the buffer. */
assert(string && buf && *buf && buflen && buf_datalen);
assert(string_len <= *buf_datalen); /* make sure we don't ask for too much */
assert(string && BUF_OK(buf));
assert(string_len <= buf->datalen); /* make sure we don't ask for too much */
memcpy(string,*buf,string_len);
*buf_datalen -= string_len;
memmove(*buf, *buf+string_len, *buf_datalen);
return *buf_datalen;
memcpy(string,buf->buf,string_len);
buf->datalen -= string_len;
memmove(buf->buf, buf->buf+string_len, buf->datalen);
return buf->datalen;
}
/* There is a (possibly incomplete) http statement on *buf, of the
......@@ -204,24 +255,24 @@ int fetch_from_buf(char *string, int string_len,
*
* Else, change nothing and return 0.
*/
int fetch_from_buf_http(char *buf, int *buf_datalen,
int fetch_from_buf_http(buf_t *buf,
char *headers_out, int max_headerlen,
char *body_out, int max_bodylen) {
char *headers, *body;
int i;
int headerlen, bodylen, contentlen;
assert(buf && buf_datalen);
assert(BUF_OK(buf));
headers = buf;
i = find_on_inbuf("\r\n\r\n", 4, buf, *buf_datalen);
headers = buf->buf;
i = find_on_inbuf("\r\n\r\n", 4, buf);
if(i < 0) {
log_fn(LOG_DEBUG,"headers not all here yet.");
return 0;
}
body = buf+i;
body = buf->buf+i;
headerlen = body-headers; /* includes the CRLFCRLF */
bodylen = *buf_datalen - headerlen;
bodylen = buf->datalen - headerlen;
log_fn(LOG_DEBUG,"headerlen %d, bodylen %d.",headerlen,bodylen);
if(headers_out && max_headerlen <= headerlen) {
......@@ -234,9 +285,11 @@ int fetch_from_buf_http(char *buf, int *buf_datalen,
}
#define CONTENT_LENGTH "\r\nContent-Length: "
i = find_on_inbuf(CONTENT_LENGTH, strlen(CONTENT_LENGTH), headers, headerlen);
i = find_str_in_str(CONTENT_LENGTH, sizeof(CONTENT_LENGTH),
headers, headerlen);
if(i > 0) {
contentlen = atoi(headers+i);
/* XXX What if content-length is malformed? */
if(bodylen < contentlen) {
log_fn(LOG_DEBUG,"body not all here yet.");
return 0; /* not all there yet */
......@@ -246,15 +299,15 @@ int fetch_from_buf_http(char *buf, int *buf_datalen,
}
/* all happy. copy into the appropriate places, and return 1 */
if(headers_out) {
memcpy(headers_out,buf,headerlen);
memcpy(headers_out,buf->buf,headerlen);
headers_out[headerlen] = 0; /* null terminate it */
}
if(body_out) {
memcpy(body_out,buf+headerlen,bodylen);
memcpy(body_out,buf->buf+headerlen,bodylen);
body_out[bodylen] = 0; /* null terminate it */
}
*buf_datalen -= (headerlen+bodylen);
memmove(buf, buf+headerlen+bodylen, *buf_datalen);
buf->datalen -= (headerlen+bodylen);
memmove(buf, buf->buf+headerlen+bodylen, buf->datalen);
return 1;
}
......@@ -269,7 +322,7 @@ int fetch_from_buf_http(char *buf, int *buf_datalen,
* If it's invalid or too big, return -1.
* Else it's not all there yet, change nothing and return 0.
*/
int fetch_from_buf_socks(char *buf, int *buf_datalen,
int fetch_from_buf_socks(buf_t *buf,
char *addr_out, int max_addrlen,
uint16_t *port_out) {
socks4_t socks4_info;
......@@ -278,14 +331,14 @@ int fetch_from_buf_socks(char *buf, int *buf_datalen,
enum {socks4, socks4a } socks_prot = socks4a;
char *next, *startaddr;
if(*buf_datalen < sizeof(socks4_t)) /* basic info available? */
if(buf->datalen < sizeof(socks4_t)) /* basic info available? */
return 0; /* not yet */
/* an inlined socks4_unpack() */
socks4_info.version = *buf;
socks4_info.command = *(buf+1);
socks4_info.destport = ntohs(*(uint16_t*)(buf+2));
socks4_info