2010-07-22 12:09:49 +02:00
|
|
|
/* Copyright (c) 2001 Matej Pfajfar.
|
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2016-02-27 18:48:19 +01:00
|
|
|
* Copyright (c) 2007-2016, The Tor Project, Inc. */
|
2010-07-22 12:09:49 +02:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
|
|
|
/**
|
2011-03-16 19:47:27 +01:00
|
|
|
* \file routerparse.h
|
2010-07-28 17:42:33 +02:00
|
|
|
* \brief Header file for routerparse.c.
|
2010-07-22 12:09:49 +02:00
|
|
|
**/
|
|
|
|
|
2012-10-12 18:13:10 +02:00
|
|
|
#ifndef TOR_ROUTERPARSE_H
|
|
|
|
#define TOR_ROUTERPARSE_H
|
2010-07-22 12:09:49 +02:00
|
|
|
|
|
|
|
int router_get_router_hash(const char *s, size_t s_len, char *digest);
|
|
|
|
int router_get_dir_hash(const char *s, char *digest);
|
2016-02-10 21:35:46 +01:00
|
|
|
int router_get_networkstatus_v3_hashes(const char *s,
|
|
|
|
common_digests_t *digests);
|
2012-05-10 23:27:16 +02:00
|
|
|
int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest);
|
2010-11-17 10:26:34 +01:00
|
|
|
#define DIROBJ_MAX_SIG_LEN 256
|
2013-02-22 18:53:45 +01:00
|
|
|
char *router_get_dirobj_signature(const char *digest,
|
|
|
|
size_t digest_len,
|
2014-10-01 17:54:07 +02:00
|
|
|
const crypto_pk_t *private_key);
|
2010-07-22 12:09:49 +02:00
|
|
|
int router_append_dirobj_signature(char *buf, size_t buf_len,
|
|
|
|
const char *digest,
|
|
|
|
size_t digest_len,
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_t *private_key);
|
2010-07-22 12:09:49 +02:00
|
|
|
int router_parse_list_from_string(const char **s, const char *eos,
|
|
|
|
smartlist_t *dest,
|
|
|
|
saved_location_t saved_location,
|
|
|
|
int is_extrainfo,
|
|
|
|
int allow_annotations,
|
Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum. This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)
This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest. (This excludes RSA signature problems: RSA signatures
aren't included in the digest. This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures. But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)
We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.
Unit tests to follow in another patch.
Closes ticket #11243.
2014-10-03 16:55:50 +02:00
|
|
|
const char *prepend_annotations,
|
|
|
|
smartlist_t *invalid_digests_out);
|
2010-07-22 12:09:49 +02:00
|
|
|
|
|
|
|
routerinfo_t *router_parse_entry_from_string(const char *s, const char *end,
|
|
|
|
int cache_copy,
|
|
|
|
int allow_annotations,
|
Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum. This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)
This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest. (This excludes RSA signature problems: RSA signatures
aren't included in the digest. This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures. But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)
We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.
Unit tests to follow in another patch.
Closes ticket #11243.
2014-10-03 16:55:50 +02:00
|
|
|
const char *prepend_annotations,
|
|
|
|
int *can_dl_again_out);
|
2010-07-22 12:09:49 +02:00
|
|
|
extrainfo_t *extrainfo_parse_entry_from_string(const char *s, const char *end,
|
Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum. This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)
This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest. (This excludes RSA signature problems: RSA signatures
aren't included in the digest. This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures. But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)
We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.
Unit tests to follow in another patch.
Closes ticket #11243.
2014-10-03 16:55:50 +02:00
|
|
|
int cache_copy, struct digest_ri_map_t *routermap,
|
|
|
|
int *can_dl_again_out);
|
2014-08-27 12:41:25 +02:00
|
|
|
MOCK_DECL(addr_policy_t *, router_parse_addr_policy_item_from_string,
|
2015-09-11 07:10:54 +02:00
|
|
|
(const char *s, int assume_action, int *malformed_list));
|
2010-07-22 12:09:49 +02:00
|
|
|
version_status_t tor_version_is_obsolete(const char *myversion,
|
|
|
|
const char *versionlist);
|
|
|
|
int tor_version_as_new_as(const char *platform, const char *cutoff);
|
2012-01-26 00:54:59 +01:00
|
|
|
int tor_version_parse(const char *s, tor_version_t *out);
|
2010-07-22 12:09:49 +02:00
|
|
|
int tor_version_compare(tor_version_t *a, tor_version_t *b);
|
2011-10-25 08:36:57 +02:00
|
|
|
int tor_version_same_series(tor_version_t *a, tor_version_t *b);
|
2010-07-22 12:09:49 +02:00
|
|
|
void sort_version_list(smartlist_t *lst, int remove_duplicates);
|
|
|
|
void assert_addr_policy_ok(smartlist_t *t);
|
|
|
|
void dump_distinct_digest_count(int severity);
|
|
|
|
|
Refactor storing of measured_bw versus Unmeasured=1.
This patch moves the measured_bw field and the has_measured_bw field
into vote_routerstatus_t, since only votes have 'Measured=XX' set on
their weight line.
I also added a new bw_is_unmeasured flag to routerstatus_t to
represent the Unmeasured=1 flag on a w line. Previously, I was using
has_measured_bw for this, which was quite incorrect: has_measured_bw
means that the measured_bw field is set, and it's probably a mistake
to have it serve double duty as meaning that 'baandwidth' represents a
measured value.
While making this change,I also found a harmless but stupid bug in
dirserv_read_measured_bandwidths: It assumes that it's getting a
smartlist of routerstatus_t, when really it's getting a smartlist of
vote_routerstatus_t. C's struct layout rules mean that we could never
actually get an error because of that, but it's still quite incorrect.
I fixed that, and in the process needed to add two more sorting and
searching helpers.
Finally, I made the Unmeasured=1 flag get parsed. We don't use it for
anything yet, but someday we might.
This isn't complete yet -- the new 2286 unit test doesn't build.
2013-02-19 16:39:27 +01:00
|
|
|
int compare_vote_routerstatus_entries(const void **_a, const void **_b);
|
2013-03-26 22:15:58 +01:00
|
|
|
int networkstatus_verify_bw_weights(networkstatus_t *ns, int);
|
2010-07-22 12:09:49 +02:00
|
|
|
networkstatus_t *networkstatus_parse_vote_from_string(const char *s,
|
|
|
|
const char **eos_out,
|
|
|
|
networkstatus_type_t ns_type);
|
|
|
|
ns_detached_signatures_t *networkstatus_parse_detached_signatures(
|
|
|
|
const char *s, const char *eos);
|
|
|
|
|
|
|
|
smartlist_t *microdescs_parse_from_string(const char *s, const char *eos,
|
|
|
|
int allow_annotations,
|
Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum. This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)
This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest. (This excludes RSA signature problems: RSA signatures
aren't included in the digest. This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures. But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)
We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.
Unit tests to follow in another patch.
Closes ticket #11243.
2014-10-03 16:55:50 +02:00
|
|
|
saved_location_t where,
|
|
|
|
smartlist_t *invalid_digests_out);
|
2010-07-22 12:09:49 +02:00
|
|
|
|
|
|
|
authority_cert_t *authority_cert_parse_from_string(const char *s,
|
|
|
|
const char **end_of_string);
|
|
|
|
int rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
|
|
|
|
char *desc_id_out,
|
|
|
|
char **intro_points_encrypted_out,
|
|
|
|
size_t *intro_points_encrypted_size_out,
|
|
|
|
size_t *encoded_size_out,
|
2013-07-19 05:45:40 +02:00
|
|
|
const char **next_out, const char *desc,
|
|
|
|
int as_hsdir);
|
2010-07-22 12:09:49 +02:00
|
|
|
int rend_decrypt_introduction_points(char **ipos_decrypted,
|
|
|
|
size_t *ipos_decrypted_size,
|
|
|
|
const char *descriptor_cookie,
|
|
|
|
const char *ipos_encrypted,
|
|
|
|
size_t ipos_encrypted_size);
|
|
|
|
int rend_parse_introduction_points(rend_service_descriptor_t *parsed,
|
|
|
|
const char *intro_points_encoded,
|
|
|
|
size_t intro_points_encoded_size);
|
|
|
|
int rend_parse_client_keys(strmap_t *parsed_clients, const char *str);
|
|
|
|
|
2016-06-30 02:39:29 +02:00
|
|
|
void routerparse_init(void);
|
2016-06-18 00:35:58 +02:00
|
|
|
void routerparse_free_all(void);
|
|
|
|
|
2015-01-29 15:57:00 +01:00
|
|
|
#ifdef ROUTERPARSE_PRIVATE
|
2016-06-30 08:13:44 +02:00
|
|
|
/*
|
|
|
|
* One entry in the list of dumped descriptors; filename dumped to, length,
|
|
|
|
* SHA-256 and timestamp.
|
|
|
|
*/
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
char *filename;
|
|
|
|
size_t len;
|
|
|
|
uint8_t digest_sha256[DIGEST256_LEN];
|
|
|
|
time_t when;
|
|
|
|
} dumped_desc_t;
|
|
|
|
|
2016-06-30 19:50:16 +02:00
|
|
|
EXTERN(uint64_t, len_descs_dumped)
|
|
|
|
EXTERN(smartlist_t *, descs_dumped)
|
2015-01-29 15:57:00 +01:00
|
|
|
STATIC int routerstatus_parse_guardfraction(const char *guardfraction_str,
|
|
|
|
networkstatus_t *vote,
|
|
|
|
vote_routerstatus_t *vote_rs,
|
|
|
|
routerstatus_t *rs);
|
2016-06-30 08:27:14 +02:00
|
|
|
MOCK_DECL(STATIC dumped_desc_t *, dump_desc_populate_one_file,
|
|
|
|
(const char *dirname, const char *f));
|
2016-06-30 08:59:29 +02:00
|
|
|
STATIC void dump_desc_populate_fifo_from_directory(const char *dirname);
|
2016-06-25 08:26:44 +02:00
|
|
|
STATIC void dump_desc(const char *desc, const char *type);
|
2016-06-25 09:47:53 +02:00
|
|
|
STATIC void dump_desc_fifo_cleanup(void);
|
2015-01-29 15:57:00 +01:00
|
|
|
#endif
|
|
|
|
|
2014-10-01 05:36:47 +02:00
|
|
|
#define ED_DESC_SIGNATURE_PREFIX "Tor router descriptor signature v1"
|
|
|
|
|
2010-07-22 12:09:49 +02:00
|
|
|
#endif
|
2010-07-23 23:23:43 +02:00
|
|
|
|