Tor 0.4.9.0-alpha-dev
Macros | Functions | Variables
ext_orport.c File Reference

Code implementing the Extended ORPort. More...

#include "core/or/or.h"
#include "core/mainloop/connection.h"
#include "core/or/connection_or.h"
#include "feature/control/control_events.h"
#include "app/config/config.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "feature/relay/ext_orport.h"
#include "core/mainloop/mainloop.h"
#include "core/proto/proto_ext_or.h"
#include "core/or/or_connection_st.h"

Go to the source code of this file.

Macros

#define EXT_ORPORT_PRIVATE
 
#define EXT_OR_PORT_AUTH_COOKIE_LEN   32
 
#define EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN   32
 
#define EXT_OR_PORT_AUTH_COOKIE_HEADER   "! Extended ORPort Auth Cookie !\x0a"
 
#define EXT_OR_PORT_AUTH_HASH_LEN   DIGEST256_LEN
 
#define EXT_OR_PORT_AUTH_NONCE_LEN   32
 
#define EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST    "ExtORPort authentication server-to-client hash"
 
#define EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST    "ExtORPort authentication client-to-server hash"
 
#define EXT_OR_AUTHTYPE_SAFECOOKIE   0x01
 
#define connection_ext_or_auth_send_result_success(c)    connection_ext_or_auth_send_result(c, 1)
 
#define connection_ext_or_auth_send_result_fail(c)    connection_ext_or_auth_send_result(c, 0)
 
#define EXT_OR_CMD_TB_DONE   0x0000
 
#define EXT_OR_CMD_TB_USERADDR   0x0001
 
#define EXT_OR_CMD_TB_TRANSPORT   0x0002
 
#define EXT_OR_CMD_BT_OKAY   0x1000
 
#define EXT_OR_CMD_BT_DENY   0x1001
 
#define EXT_OR_CMD_BT_CONTROL   0x1002
 
#define EXT_OR_CONN_STATE_IS_AUTHENTICATING(st)    ((st) <= EXT_OR_CONN_STATE_AUTH_MAX)
 

Functions

ext_or_cmd_text_or_cmd_new (uint16_t len)
 
void ext_or_cmd_free_ (ext_or_cmd_t *cmd)
 
static int connection_fetch_ext_or_cmd_from_buf (connection_t *conn, ext_or_cmd_t **out)
 
STATIC int connection_write_ext_or_command (connection_t *conn, uint16_t command, const char *body, size_t bodylen)
 
static void connection_ext_or_transition (or_connection_t *conn)
 
char * get_ext_or_auth_cookie_file_name (void)
 
int init_ext_or_cookie_authentication (int is_enabled)
 
static int connection_ext_or_auth_neg_auth_type (connection_t *conn)
 
STATIC int handle_client_auth_nonce (const char *client_nonce, size_t client_nonce_len, char **client_hash_out, char **reply_out, size_t *reply_len_out)
 
static int connection_ext_or_auth_handle_client_nonce (connection_t *conn)
 
static void connection_ext_or_auth_send_result (connection_t *conn, int success)
 
static int connection_ext_or_auth_handle_client_hash (connection_t *conn)
 
static int connection_ext_or_auth_process_inbuf (or_connection_t *or_conn)
 
static int connection_ext_or_handle_cmd_useraddr (connection_t *conn, const char *payload, uint16_t len)
 
static int connection_ext_or_handle_cmd_transport (or_connection_t *conn, const char *payload, uint16_t len)
 
int connection_ext_or_process_inbuf (or_connection_t *or_conn)
 
int connection_ext_or_finished_flushing (or_connection_t *conn)
 
int connection_ext_or_start_auth (or_connection_t *or_conn)
 
void ext_orport_free_all (void)
 

Variables

STATIC int ext_or_auth_cookie_is_set = 0
 
STATIC uint8_t * ext_or_auth_cookie = NULL
 

Detailed Description

Code implementing the Extended ORPort.

The Extended ORPort interface is used by pluggable transports to communicate additional information to a Tor bridge, including address information. For more information on this interface, see pt-spec.txt in torspec.git.

There is no separate structure for extended ORPort connections; they use or_connection_t objects, and share most of their implementation with connection_or.c. Once the handshake is done, an extended ORPort connection turns into a regular OR connection, using connection_ext_or_transition().

Definition in file ext_orport.c.

Macro Definition Documentation

◆ connection_ext_or_auth_send_result_fail

#define connection_ext_or_auth_send_result_fail (   c)     connection_ext_or_auth_send_result(c, 0)

Definition at line 345 of file ext_orport.c.

◆ connection_ext_or_auth_send_result_success

#define connection_ext_or_auth_send_result_success (   c)     connection_ext_or_auth_send_result(c, 1)

Definition at line 343 of file ext_orport.c.

◆ EXT_OR_AUTHTYPE_SAFECOOKIE

#define EXT_OR_AUTHTYPE_SAFECOOKIE   0x01

Definition at line 114 of file ext_orport.c.

◆ EXT_OR_CMD_BT_CONTROL

#define EXT_OR_CMD_BT_CONTROL   0x1002

Definition at line 436 of file ext_orport.c.

◆ EXT_OR_CMD_BT_DENY

#define EXT_OR_CMD_BT_DENY   0x1001

Definition at line 435 of file ext_orport.c.

◆ EXT_OR_CMD_BT_OKAY

#define EXT_OR_CMD_BT_OKAY   0x1000

Extended ORPort commands (Bridge-to-Transport)

Definition at line 434 of file ext_orport.c.

◆ EXT_OR_CMD_TB_DONE

#define EXT_OR_CMD_TB_DONE   0x0000

Extended ORPort commands (Transport-to-Bridge)

Definition at line 429 of file ext_orport.c.

◆ EXT_OR_CMD_TB_TRANSPORT

#define EXT_OR_CMD_TB_TRANSPORT   0x0002

Definition at line 431 of file ext_orport.c.

◆ EXT_OR_CMD_TB_USERADDR

#define EXT_OR_CMD_TB_USERADDR   0x0001

Definition at line 430 of file ext_orport.c.

◆ EXT_OR_CONN_STATE_IS_AUTHENTICATING

#define EXT_OR_CONN_STATE_IS_AUTHENTICATING (   st)     ((st) <= EXT_OR_CONN_STATE_AUTH_MAX)

Definition at line 539 of file ext_orport.c.

◆ EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST

#define EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST    "ExtORPort authentication client-to-server hash"

Definition at line 110 of file ext_orport.c.

◆ EXT_OR_PORT_AUTH_COOKIE_HEADER

#define EXT_OR_PORT_AUTH_COOKIE_HEADER   "! Extended ORPort Auth Cookie !\x0a"

Static cookie file header.

Definition at line 102 of file ext_orport.c.

◆ EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN

#define EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN   32

Length of the header of the cookie file.

Definition at line 100 of file ext_orport.c.

◆ EXT_OR_PORT_AUTH_COOKIE_LEN

#define EXT_OR_PORT_AUTH_COOKIE_LEN   32

Length of authentication cookie.

Definition at line 98 of file ext_orport.c.

◆ EXT_OR_PORT_AUTH_HASH_LEN

#define EXT_OR_PORT_AUTH_HASH_LEN   DIGEST256_LEN

Length of safe-cookie protocol hashes.

Definition at line 104 of file ext_orport.c.

◆ EXT_OR_PORT_AUTH_NONCE_LEN

#define EXT_OR_PORT_AUTH_NONCE_LEN   32

Length of safe-cookie protocol nonces.

Definition at line 106 of file ext_orport.c.

◆ EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST

#define EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST    "ExtORPort authentication server-to-client hash"

Safe-cookie protocol constants.

Definition at line 108 of file ext_orport.c.

◆ EXT_ORPORT_PRIVATE

#define EXT_ORPORT_PRIVATE

Definition at line 19 of file ext_orport.c.

Function Documentation

◆ connection_ext_or_auth_handle_client_hash()

static int connection_ext_or_auth_handle_client_hash ( connection_t conn)
static

Receive the client's hash from conn, validate that it's correct, and then send the authentication results to the client.

Return -1 if there was an error during validation; return 0 if we need more data in conn, and return 1 if we successfully validated the client's hash and sent a happy authentication result.

Definition at line 367 of file ext_orport.c.

Referenced by connection_ext_or_auth_process_inbuf().

◆ connection_ext_or_auth_handle_client_nonce()

static int connection_ext_or_auth_handle_client_nonce ( connection_t conn)
static

Read the client's nonce out of conn, setup the safe-cookie crypto, and then send our own hash and nonce to the client

Return -1 if there was an error; return 0 if we need more data in conn, and return 1 if we successfully retrieved the client's nonce and sent our own.

Definition at line 301 of file ext_orport.c.

Referenced by connection_ext_or_auth_process_inbuf().

◆ connection_ext_or_auth_neg_auth_type()

static int connection_ext_or_auth_neg_auth_type ( connection_t conn)
static

Read data from conn and see if the client sent us the authentication type that they prefer to use in this session.

Return -1 if we received corrupted data or if we don't support the authentication type. Return 0 if we need more data in conn. Return 1 if the authentication type negotiation was successful.

Definition at line 170 of file ext_orport.c.

Referenced by connection_ext_or_auth_process_inbuf().

◆ connection_ext_or_auth_process_inbuf()

static int connection_ext_or_auth_process_inbuf ( or_connection_t or_conn)
static

Handle data from or_conn received on Extended ORPort. Return -1 on error. 0 on insufficient data. 1 on correct.

Definition at line 396 of file ext_orport.c.

◆ connection_ext_or_auth_send_result()

static void connection_ext_or_auth_send_result ( connection_t conn,
int  success 
)
static

Send authentication results to conn. Successful results if success is set; failure results otherwise.

Definition at line 351 of file ext_orport.c.

◆ connection_ext_or_finished_flushing()

int connection_ext_or_finished_flushing ( or_connection_t conn)

conn finished flushing Extended ORPort messages to the network, and is now ready to accept OR traffic. This function does the transition.

Definition at line 628 of file ext_orport.c.

Referenced by connection_finished_flushing().

◆ connection_ext_or_handle_cmd_transport()

static int connection_ext_or_handle_cmd_transport ( or_connection_t conn,
const char *  payload,
uint16_t  len 
)
static

Process a TRANSPORT command from the Extended ORPort. payload is a payload of size len.

If the TRANSPORT command was well formed, register the name of the transport on conn.

Return 0 on success and -1 on error.

Definition at line 512 of file ext_orport.c.

◆ connection_ext_or_handle_cmd_useraddr()

static int connection_ext_or_handle_cmd_useraddr ( connection_t conn,
const char *  payload,
uint16_t  len 
)
static

Process a USERADDR command from the Extended ORPort. payload is a payload of size len.

If the USERADDR command was well formed, change the address of conn to the address on the USERADDR command.

Return 0 on success and -1 on error.

Definition at line 446 of file ext_orport.c.

◆ connection_ext_or_process_inbuf()

int connection_ext_or_process_inbuf ( or_connection_t or_conn)

Process Extended ORPort messages from or_conn.

Definition at line 544 of file ext_orport.c.

Referenced by connection_process_inbuf().

◆ connection_ext_or_start_auth()

int connection_ext_or_start_auth ( or_connection_t or_conn)

Initiate Extended ORPort authentication, by sending the list of supported authentication types to the client.

Definition at line 640 of file ext_orport.c.

Referenced by connection_init_accepted_conn().

◆ connection_ext_or_transition()

static void connection_ext_or_transition ( or_connection_t conn)
static

Transition from an Extended ORPort which accepts Extended ORPort messages, to an Extended ORport which accepts OR traffic.

Definition at line 87 of file ext_orport.c.

Referenced by connection_ext_or_finished_flushing().

◆ connection_fetch_ext_or_cmd_from_buf()

static int connection_fetch_ext_or_cmd_from_buf ( connection_t conn,
ext_or_cmd_t **  out 
)
static

Get an Extended ORPort message from conn, and place it in out. Return -1 on fail, 0 if we need more data, and 1 if we successfully extracted an Extended ORPort command from the buffer.

Definition at line 56 of file ext_orport.c.

◆ connection_write_ext_or_command()

STATIC int connection_write_ext_or_command ( connection_t conn,
uint16_t  command,
const char *  body,
size_t  bodylen 
)

Write an Extended ORPort message to conn. Use command as the command type, bodylen as the body length, and body, if it's present, as the body of the message.

Definition at line 66 of file ext_orport.c.

◆ ext_or_cmd_free_()

void ext_or_cmd_free_ ( ext_or_cmd_t cmd)

Deallocate the Extended ORPort message in cmd.

Definition at line 46 of file ext_orport.c.

◆ ext_or_cmd_new()

ext_or_cmd_t * ext_or_cmd_new ( uint16_t  len)

Allocate and return a structure capable of holding an Extended ORPort message of body length len.

Definition at line 36 of file ext_orport.c.

Referenced by fetch_ext_or_command_from_buf().

◆ ext_orport_free_all()

void ext_orport_free_all ( void  )

Free any leftover allocated memory of the ext_orport.c subsystem.

Definition at line 661 of file ext_orport.c.

◆ get_ext_or_auth_cookie_file_name()

char * get_ext_or_auth_cookie_file_name ( void  )

Helper: Return a newly allocated string containing a path to the file where we store our authentication cookie.

Definition at line 127 of file ext_orport.c.

Referenced by tor_cleanup().

◆ handle_client_auth_nonce()

STATIC int handle_client_auth_nonce ( const char *  client_nonce,
size_t  client_nonce_len,
char **  client_hash_out,
char **  reply_out,
size_t *  reply_len_out 
)

Definition at line 192 of file ext_orport.c.

◆ init_ext_or_cookie_authentication()

int init_ext_or_cookie_authentication ( int  is_enabled)

Definition at line 142 of file ext_orport.c.

Variable Documentation

◆ ext_or_auth_cookie

STATIC uint8_t* ext_or_auth_cookie = NULL

If ext_or_auth_cookie_is_set, a secret cookie that we've stored to disk and which we're using to authenticate controllers. (If the controller can read it off disk, it has permission to connect.)

Definition at line 122 of file ext_orport.c.

Referenced by ext_orport_free_all().

◆ ext_or_auth_cookie_is_set

STATIC int ext_or_auth_cookie_is_set = 0

If true, we've set ext_or_auth_cookie to a secret code and stored it to disk.

Definition at line 118 of file ext_orport.c.

Referenced by connection_ext_or_auth_handle_client_nonce().

Generated by doxygen 1.9.4