From bbf160d31199ffe75fac5b8921da904dbd45e2fb Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 14 Dec 2021 11:38:22 -0500 Subject: [PATCH] cc: Use trunnel extension for ntorv3 circ parameters Signed-off-by: David Goulet --- src/core/crypto/onion_crypto.c | 128 ++----- src/core/or/circuitbuild.c | 31 +- src/core/or/congestion_control_common.c | 287 +++++++++++++++ src/core/or/congestion_control_common.h | 13 + src/trunnel/circ_params.c | 452 ------------------------ src/trunnel/circ_params.h | 147 -------- src/trunnel/circ_params.trunnel | 25 -- src/trunnel/congestion_control.c | 183 ++++++++++ src/trunnel/congestion_control.h | 67 ++++ src/trunnel/congestion_control.trunnel | 22 ++ src/trunnel/include.am | 6 +- 11 files changed, 615 insertions(+), 746 deletions(-) delete mode 100644 src/trunnel/circ_params.c delete mode 100644 src/trunnel/circ_params.h delete mode 100644 src/trunnel/circ_params.trunnel create mode 100644 src/trunnel/congestion_control.c create mode 100644 src/trunnel/congestion_control.h create mode 100644 src/trunnel/congestion_control.trunnel diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c index 4a83a73dab..81e4e1b078 100644 --- a/src/core/crypto/onion_crypto.c +++ b/src/core/crypto/onion_crypto.c @@ -47,7 +47,9 @@ #include "core/or/crypt_path_st.h" #include "core/or/extend_info_st.h" -#include "trunnel/circ_params.h" + +#include "trunnel/congestion_control.h" +#include "trunnel/extension.h" static const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend"; static const size_t NTOR3_CIRC_VERIFICATION_LEN = 14; @@ -230,72 +232,29 @@ negotiate_v3_ntor_server_circ_params(const uint8_t *param_request_msg, uint8_t **resp_msg_out, size_t *resp_msg_len_out) { - circ_params_response_t *resp = NULL; - circ_params_request_t *param_request = NULL; - ssize_t resp_msg_len; + int ret; - if (circ_params_request_parse(¶m_request, param_request_msg, - param_request_len) < 0) { - return -1; + /* Parse request. */ + ret = congestion_control_parse_ext_request(param_request_msg, + param_request_len); + if (ret < 0) { + goto err; } + params_out->cc_enabled = ret && our_ns_params->cc_enabled; - /* CC is enabled if the client wants it, and our consensus paramers - * allow it. If both are true, its on. If either is false, it's off. */ - params_out->cc_enabled = - circ_params_request_get_cc_supported(param_request) && - our_ns_params->cc_enabled; - - resp = circ_params_response_new(); - - if (circ_params_response_set_version(resp, 0) < 0) { - circ_params_request_free(param_request); - circ_params_response_free(resp); - return -1; + /* Build the response. */ + ret = congestion_control_build_ext_response(our_ns_params, params_out, + resp_msg_out, resp_msg_len_out); + if (ret < 0) { + goto err; } - - /* The relay always chooses its sendme_inc, and sends it to the client */ params_out->sendme_inc_cells = our_ns_params->sendme_inc_cells; - if (circ_params_response_set_sendme_inc_cells(resp, - our_ns_params->sendme_inc_cells) < 0) { - circ_params_request_free(param_request); - circ_params_response_free(resp); - return -1; - } + /* Success. */ + ret = 0; - /* Use the negotiated cc_enabled value to respond */ - if (circ_params_response_set_cc_enabled(resp, params_out->cc_enabled) < 0) { - circ_params_request_free(param_request); - circ_params_response_free(resp); - return -1; - } - - resp_msg_len = circ_params_response_encoded_len(resp); - - if (resp_msg_len < 0) { - circ_params_request_free(param_request); - circ_params_response_free(resp); - return -1; - } - - *resp_msg_out = tor_malloc_zero(resp_msg_len); - - resp_msg_len = circ_params_response_encode(*resp_msg_out, resp_msg_len, - resp); - if (resp_msg_len < 0) { - circ_params_request_free(param_request); - circ_params_response_free(resp); - - tor_free(*resp_msg_out); - return -1; - } - - *resp_msg_len_out = (size_t)resp_msg_len; - - circ_params_request_free(param_request); - circ_params_response_free(resp); - - return 0; + err: + return ret; } /* This is the maximum value for keys_out_len passed to @@ -462,46 +421,29 @@ negotiate_v3_ntor_client_circ_params(const uint8_t *param_response_msg, size_t param_response_len, circuit_params_t *params_out) { - circ_params_response_t *param_response = NULL; - bool cc_enabled; - uint8_t sendme_inc_cells; - - if (circ_params_response_parse(¶m_response, param_response_msg, - param_response_len) < 0) { + int ret = congestion_control_parse_ext_response(param_response_msg, + param_response_len, + params_out); + if (ret < 0) { return -1; } - cc_enabled = - circ_params_response_get_cc_enabled(param_response); - /* If congestion control came back enabled, but we didn't ask for it - * because the consensus said no, close the circuit */ - if (cc_enabled && !congestion_control_enabled()) { - circ_params_response_free(param_response); + * because the consensus said no, close the circuit. + * + * This is a fatal error condition for the circuit, because it either + * means that congestion control was disabled by the consensus + * during the handshake, or the exit decided to send us an unsolicited + * congestion control response. + * + * In either case, we cannot proceed on this circuit, and must try a + * new one. + */ + if (ret && !congestion_control_enabled()) { return -1; } - params_out->cc_enabled = cc_enabled; + params_out->cc_enabled = ret; - /* We will only accept this response (and this circuit) if sendme_inc - * is within a factor of 2 of our consensus value. We should not need - * to change cc_sendme_inc much, and if we do, we can spread out those - * changes over smaller increments once every 4 hours. Exits that - * violate this range should just not be used. */ -#define MAX_SENDME_INC_NEGOTIATE_FACTOR 2 - - sendme_inc_cells = - circ_params_response_get_sendme_inc_cells(param_response); - - if (sendme_inc_cells > - MAX_SENDME_INC_NEGOTIATE_FACTOR*congestion_control_sendme_inc() || - sendme_inc_cells < - congestion_control_sendme_inc()/MAX_SENDME_INC_NEGOTIATE_FACTOR) { - circ_params_response_free(param_response); - return -1; - } - params_out->sendme_inc_cells = sendme_inc_cells; - - circ_params_response_free(param_response); return 0; } diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index 61d67c350d..2326dc2a6d 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -81,7 +81,9 @@ #include "feature/nodelist/node_st.h" #include "core/or/or_circuit_st.h" #include "core/or/origin_circuit_st.h" -#include "trunnel/circ_params.h" + +#include "trunnel/extension.h" +#include "trunnel/congestion_control.h" static int circuit_send_first_onion_skin(origin_circuit_t *circ); static int circuit_build_no_more_hops(origin_circuit_t *circ); @@ -2607,33 +2609,10 @@ client_circ_negotiation_message(const extend_info_t *ei, size_t *msg_len_out) { tor_assert(ei && msg_out && msg_len_out); - circ_params_request_t params = {0}; - ssize_t msg_len = 0; - if (! ei->exit_supports_congestion_control) - return -1; - - circ_params_request_set_version(¶ms, 0); - - circ_params_request_set_cc_supported(¶ms, - congestion_control_enabled()); - - msg_len = circ_params_request_encoded_len(¶ms); - - if (msg_len < 0) { + if (!ei->exit_supports_congestion_control) { return -1; } - *msg_out = tor_malloc_zero(msg_len); - - msg_len = circ_params_request_encode(*msg_out, msg_len, ¶ms); - - if (msg_len < 0) { - tor_free(*msg_out); - return -1; - } - - *msg_len_out = (size_t)msg_len; - - return 0; + return congestion_control_build_ext_request(msg_out, msg_len_out); } diff --git a/src/core/or/congestion_control_common.c b/src/core/or/congestion_control_common.c index bd0383e06c..e999f435ed 100644 --- a/src/core/or/congestion_control_common.c +++ b/src/core/or/congestion_control_common.c @@ -28,6 +28,9 @@ #include "feature/nodelist/networkstatus.h" #include "app/config/config.h" +#include "trunnel/congestion_control.h" +#include "trunnel/extension.h" + /* Consensus parameter defaults. * * More details for each of the parameters can be found in proposal 324, @@ -1096,3 +1099,287 @@ congestion_control_dispatch_cc_alg(congestion_control_t *cc, return ret; } + +/** + * Build an extension field request to negotiate congestion control. + * + * If congestion control is enabled, field TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST + * is created in msg_out. It is a single 0-length field that signifies that we + * want to use congestion control. The length of msg_out is provided via + * msg_len_out. + * + * If congestion control is not enabled, a payload with 0 extensions is created + * and returned. + * + * If there is a failure building the request, -1 is returned, else 0. + * + * *msg_out must be freed if the return value is 0. + */ +int +congestion_control_build_ext_request(uint8_t **msg_out, size_t *msg_len_out) +{ + uint8_t *request = NULL; + trn_extension_t *ext = NULL; + trn_extension_field_t *field = NULL; + + ext = trn_extension_new(); + + /* With congestion control enabled, add the request, else it is an empty + * request in the payload. */ + + if (congestion_control_enabled()) { + /* Build the extension field that will hold the CC field. */ + field = trn_extension_field_new(); + trn_extension_field_set_field_type(field, + TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST); + + /* No payload indicating a request to use congestion control. */ + trn_extension_field_set_field_len(field, 0); + + /* Build final extension. */ + trn_extension_add_fields(ext, field); + trn_extension_set_num(ext, 1); + } + + /* Encode extension. */ + ssize_t ret = trn_extension_encoded_len(ext); + if (BUG(ret < 0)) { + goto err; + } + size_t request_len = ret; + request = tor_malloc_zero(request_len); + ret = trn_extension_encode(request, request_len, ext); + if (BUG(ret < 0)) { + tor_free(request); + goto err; + } + *msg_out = request; + *msg_len_out = request_len; + + /* Free everything, we've encoded the request now. */ + ret = 0; + + err: + trn_extension_free(ext); + return (int)ret; +} + +/** + * Parse a congestion control ntorv3 request payload for extensions. + * + * On parsing failure, -1 is returned. + * + * If congestion control request is present, return 1. If it is not present, + * return 0. + * + * WARNING: Called from CPU worker! Must not access any global state. + */ +int +congestion_control_parse_ext_request(const uint8_t *msg, const size_t msg_len) +{ + ssize_t ret = 0; + trn_extension_t *ext = NULL; + size_t num_fields = 0; + + /* Parse extension from payload. */ + ret = trn_extension_parse(&ext, msg, msg_len); + if (ret < 0) { + goto end; + } + + /* No extension implies no support for congestion control. In this case, we + * simply return 0 to indicate CC is disabled. */ + if ((num_fields = trn_extension_get_num(ext)) == 0) { + ret = 0; + goto end; + } + + /* Go over all fields. If any field is TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST, + * then congestion control is enabled. Ignore unknown fields. */ + for (size_t f = 0; f < num_fields; f++) { + const trn_extension_field_t *field = trn_extension_get_fields(ext, f); + if (field == NULL) { + ret = -1; + goto end; + } + + /* For congestion control to be enabled, we only need the field type. */ + if (trn_extension_field_get_field_type(field) == + TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST) { + ret = 1; + break; + } + } + + end: + trn_extension_free(ext); + return (int)ret; +} + +/** + * Given our observed parameters for circuits and congestion control, + * as well as the parameters for the resulting circuit, build a response + * payload using extension fields into *msg_out, with length specified in + * *msg_out_len. + * + * If congestion control will be enabled, the extension field for + * TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE will contain the sendme_inc value. + * + * If congestion control won't be enabled, an extension payload with 0 + * fields will be created. + * + * Return 0 if an extension payload was created in *msg_out, and -1 on + * error. + * + * *msg_out must be freed if the return value is 0. + * + * WARNING: Called from CPU worker! Must not access any global state. + */ +int +congestion_control_build_ext_response(const circuit_params_t *our_params, + const circuit_params_t *circ_params, + uint8_t **msg_out, size_t *msg_len_out) +{ + ssize_t ret; + uint8_t *request = NULL; + trn_extension_t *ext = NULL; + trn_extension_field_t *field = NULL; + trn_extension_field_cc_t *cc_field = NULL; + + tor_assert(our_params); + tor_assert(circ_params); + tor_assert(msg_out); + tor_assert(msg_len_out); + + ext = trn_extension_new(); + + if (circ_params->cc_enabled) { + /* Build the extension field that will hold the CC field. */ + field = trn_extension_field_new(); + trn_extension_field_set_field_type(field, + TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE); + + /* Build the congestion control field response. */ + cc_field = trn_extension_field_cc_new(); + trn_extension_field_cc_set_sendme_inc(cc_field, + our_params->sendme_inc_cells); + + ret = trn_extension_field_cc_encoded_len(cc_field); + if (BUG(ret <= 0)) { + goto err; + } + size_t field_len = ret; + trn_extension_field_set_field_len(field, field_len); + trn_extension_field_setlen_field(field, field_len); + + uint8_t *field_array = trn_extension_field_getarray_field(field); + ret = trn_extension_field_cc_encode(field_array, + trn_extension_field_getlen_field(field), cc_field); + if (BUG(ret <= 0)) { + goto err; + } + + /* Build final extension. */ + trn_extension_add_fields(ext, field); + trn_extension_set_num(ext, 1); + } + + /* Encode extension. */ + ret = trn_extension_encoded_len(ext); + if (BUG(ret < 0)) { + goto err; + } + size_t request_len = ret; + request = tor_malloc_zero(request_len); + ret = trn_extension_encode(request, request_len, ext); + if (BUG(ret < 0)) { + tor_free(request); + goto err; + } + *msg_out = request; + *msg_len_out = request_len; + + /* We've just encoded the extension, clean everything. */ + ret = 0; + + err: + if (ext) { + trn_extension_free(ext); + } else { + trn_extension_field_free(field); + } + trn_extension_field_cc_free(cc_field); + return (int)ret; +} + +/** Return 1 if CC is enabled which also will set the SENDME increment into our + * params_out. Return 0 if CC is disabled. Else, return -1 on error. */ +int +congestion_control_parse_ext_response(const uint8_t *msg, + const size_t msg_len, + circuit_params_t *params_out) +{ + ssize_t ret = 0; + size_t num_fields = 0; + trn_extension_t *ext = NULL; + trn_extension_field_cc_t *cc_field = NULL; + + /* We will only accept this response (and this circuit) if sendme_inc + * is within a factor of 2 of our consensus value. We should not need + * to change cc_sendme_inc much, and if we do, we can spread out those + * changes over smaller increments once every 4 hours. Exits that + * violate this range should just not be used. */ +#define MAX_SENDME_INC_NEGOTIATE_FACTOR 2 + + /* Parse extension from payload. */ + ret = trn_extension_parse(&ext, msg, msg_len); + if (ret < 0) { + goto end; + } + + if ((num_fields = trn_extension_get_num(ext)) == 0) { + ret = 0; + goto end; + } + + /* Go over all fields. If any field is TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE, + * then congestion control is enabled. Ignore unknown fields. */ + for (size_t f = 0; f < num_fields; f++) { + const trn_extension_field_t *field = trn_extension_get_fields(ext, f); + if (field == NULL) { + ret = -1; + goto end; + } + + /* Only examine TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE; ignore other fields */ + if (trn_extension_field_get_field_type(field) == + TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE) { + + /* Parse the field into the congestion control field. */ + ret = trn_extension_field_cc_parse(&cc_field, + trn_extension_field_getconstarray_field(field), + trn_extension_field_getlen_field(field)); + if (ret < 0) { + goto end; + } + + uint8_t sendme_inc_cells = + trn_extension_field_cc_get_sendme_inc(cc_field); + if (!congestion_control_validate_sendme_increment(sendme_inc_cells)) { + ret = -1; + goto end; + } + + /* All good. Get value and break */ + params_out->sendme_inc_cells = sendme_inc_cells; + ret = 1; + break; + } + } + + end: + trn_extension_free(ext); + trn_extension_field_cc_free(cc_field); + + return (int)ret; +} diff --git a/src/core/or/congestion_control_common.h b/src/core/or/congestion_control_common.h index 4fd404a1cc..21291983e0 100644 --- a/src/core/or/congestion_control_common.h +++ b/src/core/or/congestion_control_common.h @@ -9,6 +9,7 @@ #ifndef TOR_CONGESTION_CONTROL_COMMON_H #define TOR_CONGESTION_CONTROL_COMMON_H +#include "core/crypto/onion_crypto.h" #include "core/or/crypt_path_st.h" #include "core/or/circuit_st.h" @@ -47,6 +48,18 @@ void congestion_control_new_consensus_params(const networkstatus_t *ns); bool congestion_control_enabled(void); +int congestion_control_build_ext_request(uint8_t **msg_out, + size_t *msg_len_out); +int congestion_control_parse_ext_request(const uint8_t *msg, + const size_t msg_len); +int congestion_control_build_ext_response(const circuit_params_t *our_params, + const circuit_params_t *circ_params, + uint8_t **msg_out, + size_t *msg_len_out); +int congestion_control_parse_ext_response(const uint8_t *msg, + const size_t msg_len, + circuit_params_t *params_out); + /* Ugh, C.. these are private. Use the getter instead, when * external to the congestion control code. */ extern uint32_t or_conn_highwater; diff --git a/src/trunnel/circ_params.c b/src/trunnel/circ_params.c deleted file mode 100644 index 650b533a0c..0000000000 --- a/src/trunnel/circ_params.c +++ /dev/null @@ -1,452 +0,0 @@ -/* circ_params.c -- generated by Trunnel v1.5.3. - * https://gitweb.torproject.org/trunnel.git - * You probably shouldn't edit this file. - */ -#include -#include "trunnel-impl.h" - -#include "circ_params.h" - -#define TRUNNEL_SET_ERROR_CODE(obj) \ - do { \ - (obj)->trunnel_error_code_ = 1; \ - } while (0) - -#if defined(__COVERITY__) || defined(__clang_analyzer__) -/* If we're running a static analysis tool, we don't want it to complain - * that some of our remaining-bytes checks are dead-code. */ -int circparams_deadcode_dummy__ = 0; -#define OR_DEADCODE_DUMMY || circparams_deadcode_dummy__ -#else -#define OR_DEADCODE_DUMMY -#endif - -#define CHECK_REMAINING(nbytes, label) \ - do { \ - if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \ - goto label; \ - } \ - } while (0) - -circ_params_request_t * -circ_params_request_new(void) -{ - circ_params_request_t *val = trunnel_calloc(1, sizeof(circ_params_request_t)); - if (NULL == val) - return NULL; - return val; -} - -/** Release all storage held inside 'obj', but do not free 'obj'. - */ -static void -circ_params_request_clear(circ_params_request_t *obj) -{ - (void) obj; -} - -void -circ_params_request_free(circ_params_request_t *obj) -{ - if (obj == NULL) - return; - circ_params_request_clear(obj); - trunnel_memwipe(obj, sizeof(circ_params_request_t)); - trunnel_free_(obj); -} - -uint8_t -circ_params_request_get_version(const circ_params_request_t *inp) -{ - return inp->version; -} -int -circ_params_request_set_version(circ_params_request_t *inp, uint8_t val) -{ - if (! ((val == 0))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->version = val; - return 0; -} -uint8_t -circ_params_request_get_cc_supported(const circ_params_request_t *inp) -{ - return inp->cc_supported; -} -int -circ_params_request_set_cc_supported(circ_params_request_t *inp, uint8_t val) -{ - if (! ((val == 0 || val == 1))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->cc_supported = val; - return 0; -} -const char * -circ_params_request_check(const circ_params_request_t *obj) -{ - if (obj == NULL) - return "Object was NULL"; - if (obj->trunnel_error_code_) - return "A set function failed on this object"; - if (! (obj->version == 0)) - return "Integer out of bounds"; - if (! (obj->cc_supported == 0 || obj->cc_supported == 1)) - return "Integer out of bounds"; - return NULL; -} - -ssize_t -circ_params_request_encoded_len(const circ_params_request_t *obj) -{ - ssize_t result = 0; - - if (NULL != circ_params_request_check(obj)) - return -1; - - - /* Length of u8 version IN [0] */ - result += 1; - - /* Length of u8 cc_supported IN [0, 1] */ - result += 1; - return result; -} -int -circ_params_request_clear_errors(circ_params_request_t *obj) -{ - int r = obj->trunnel_error_code_; - obj->trunnel_error_code_ = 0; - return r; -} -ssize_t -circ_params_request_encode(uint8_t *output, const size_t avail, const circ_params_request_t *obj) -{ - ssize_t result = 0; - size_t written = 0; - uint8_t *ptr = output; - const char *msg; -#ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = circ_params_request_encoded_len(obj); -#endif - - if (NULL != (msg = circ_params_request_check(obj))) - goto check_failed; - -#ifdef TRUNNEL_CHECK_ENCODED_LEN - trunnel_assert(encoded_len >= 0); -#endif - - /* Encode u8 version IN [0] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->version)); - written += 1; ptr += 1; - - /* Encode u8 cc_supported IN [0, 1] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->cc_supported)); - written += 1; ptr += 1; - - - trunnel_assert(ptr == output + written); -#ifdef TRUNNEL_CHECK_ENCODED_LEN - { - trunnel_assert(encoded_len >= 0); - trunnel_assert((size_t)encoded_len == written); - } - -#endif - - return written; - - truncated: - result = -2; - goto fail; - check_failed: - (void)msg; - result = -1; - goto fail; - fail: - trunnel_assert(result < 0); - return result; -} - -/** As circ_params_request_parse(), but do not allocate the output - * object. - */ -static ssize_t -circ_params_request_parse_into(circ_params_request_t *obj, const uint8_t *input, const size_t len_in) -{ - const uint8_t *ptr = input; - size_t remaining = len_in; - ssize_t result = 0; - (void)result; - - /* Parse u8 version IN [0] */ - CHECK_REMAINING(1, truncated); - obj->version = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->version == 0)) - goto fail; - - /* Parse u8 cc_supported IN [0, 1] */ - CHECK_REMAINING(1, truncated); - obj->cc_supported = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->cc_supported == 0 || obj->cc_supported == 1)) - goto fail; - trunnel_assert(ptr + remaining == input + len_in); - return len_in - remaining; - - truncated: - return -2; - fail: - result = -1; - return result; -} - -ssize_t -circ_params_request_parse(circ_params_request_t **output, const uint8_t *input, const size_t len_in) -{ - ssize_t result; - *output = circ_params_request_new(); - if (NULL == *output) - return -1; - result = circ_params_request_parse_into(*output, input, len_in); - if (result < 0) { - circ_params_request_free(*output); - *output = NULL; - } - return result; -} -circ_params_response_t * -circ_params_response_new(void) -{ - circ_params_response_t *val = trunnel_calloc(1, sizeof(circ_params_response_t)); - if (NULL == val) - return NULL; - return val; -} - -/** Release all storage held inside 'obj', but do not free 'obj'. - */ -static void -circ_params_response_clear(circ_params_response_t *obj) -{ - (void) obj; -} - -void -circ_params_response_free(circ_params_response_t *obj) -{ - if (obj == NULL) - return; - circ_params_response_clear(obj); - trunnel_memwipe(obj, sizeof(circ_params_response_t)); - trunnel_free_(obj); -} - -uint8_t -circ_params_response_get_version(const circ_params_response_t *inp) -{ - return inp->version; -} -int -circ_params_response_set_version(circ_params_response_t *inp, uint8_t val) -{ - if (! ((val == 0))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->version = val; - return 0; -} -uint8_t -circ_params_response_get_cc_enabled(const circ_params_response_t *inp) -{ - return inp->cc_enabled; -} -int -circ_params_response_set_cc_enabled(circ_params_response_t *inp, uint8_t val) -{ - if (! ((val == 0 || val == 1))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } - inp->cc_enabled = val; - return 0; -} -uint8_t -circ_params_response_get_sendme_inc_cells(const circ_params_response_t *inp) -{ - return inp->sendme_inc_cells; -} -int -circ_params_response_set_sendme_inc_cells(circ_params_response_t *inp, uint8_t val) -{ - inp->sendme_inc_cells = val; - return 0; -} -const char * -circ_params_response_check(const circ_params_response_t *obj) -{ - if (obj == NULL) - return "Object was NULL"; - if (obj->trunnel_error_code_) - return "A set function failed on this object"; - if (! (obj->version == 0)) - return "Integer out of bounds"; - if (! (obj->cc_enabled == 0 || obj->cc_enabled == 1)) - return "Integer out of bounds"; - return NULL; -} - -ssize_t -circ_params_response_encoded_len(const circ_params_response_t *obj) -{ - ssize_t result = 0; - - if (NULL != circ_params_response_check(obj)) - return -1; - - - /* Length of u8 version IN [0] */ - result += 1; - - /* Length of u8 cc_enabled IN [0, 1] */ - result += 1; - - /* Length of u8 sendme_inc_cells */ - result += 1; - return result; -} -int -circ_params_response_clear_errors(circ_params_response_t *obj) -{ - int r = obj->trunnel_error_code_; - obj->trunnel_error_code_ = 0; - return r; -} -ssize_t -circ_params_response_encode(uint8_t *output, const size_t avail, const circ_params_response_t *obj) -{ - ssize_t result = 0; - size_t written = 0; - uint8_t *ptr = output; - const char *msg; -#ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = circ_params_response_encoded_len(obj); -#endif - - if (NULL != (msg = circ_params_response_check(obj))) - goto check_failed; - -#ifdef TRUNNEL_CHECK_ENCODED_LEN - trunnel_assert(encoded_len >= 0); -#endif - - /* Encode u8 version IN [0] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->version)); - written += 1; ptr += 1; - - /* Encode u8 cc_enabled IN [0, 1] */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->cc_enabled)); - written += 1; ptr += 1; - - /* Encode u8 sendme_inc_cells */ - trunnel_assert(written <= avail); - if (avail - written < 1) - goto truncated; - trunnel_set_uint8(ptr, (obj->sendme_inc_cells)); - written += 1; ptr += 1; - - - trunnel_assert(ptr == output + written); -#ifdef TRUNNEL_CHECK_ENCODED_LEN - { - trunnel_assert(encoded_len >= 0); - trunnel_assert((size_t)encoded_len == written); - } - -#endif - - return written; - - truncated: - result = -2; - goto fail; - check_failed: - (void)msg; - result = -1; - goto fail; - fail: - trunnel_assert(result < 0); - return result; -} - -/** As circ_params_response_parse(), but do not allocate the output - * object. - */ -static ssize_t -circ_params_response_parse_into(circ_params_response_t *obj, const uint8_t *input, const size_t len_in) -{ - const uint8_t *ptr = input; - size_t remaining = len_in; - ssize_t result = 0; - (void)result; - - /* Parse u8 version IN [0] */ - CHECK_REMAINING(1, truncated); - obj->version = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->version == 0)) - goto fail; - - /* Parse u8 cc_enabled IN [0, 1] */ - CHECK_REMAINING(1, truncated); - obj->cc_enabled = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - if (! (obj->cc_enabled == 0 || obj->cc_enabled == 1)) - goto fail; - - /* Parse u8 sendme_inc_cells */ - CHECK_REMAINING(1, truncated); - obj->sendme_inc_cells = (trunnel_get_uint8(ptr)); - remaining -= 1; ptr += 1; - trunnel_assert(ptr + remaining == input + len_in); - return len_in - remaining; - - truncated: - return -2; - fail: - result = -1; - return result; -} - -ssize_t -circ_params_response_parse(circ_params_response_t **output, const uint8_t *input, const size_t len_in) -{ - ssize_t result; - *output = circ_params_response_new(); - if (NULL == *output) - return -1; - result = circ_params_response_parse_into(*output, input, len_in); - if (result < 0) { - circ_params_response_free(*output); - *output = NULL; - } - return result; -} diff --git a/src/trunnel/circ_params.h b/src/trunnel/circ_params.h deleted file mode 100644 index f69b0073dc..0000000000 --- a/src/trunnel/circ_params.h +++ /dev/null @@ -1,147 +0,0 @@ -/* circ_params.h -- generated by Trunnel v1.5.3. - * https://gitweb.torproject.org/trunnel.git - * You probably shouldn't edit this file. - */ -#ifndef TRUNNEL_CIRC_PARAMS_H -#define TRUNNEL_CIRC_PARAMS_H - -#include -#include "trunnel.h" - -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_CIRC_PARAMS_REQUEST) -struct circ_params_request_st { - uint8_t version; - uint8_t cc_supported; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct circ_params_request_st circ_params_request_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_CIRC_PARAMS_RESPONSE) -struct circ_params_response_st { - uint8_t version; - uint8_t cc_enabled; - uint8_t sendme_inc_cells; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct circ_params_response_st circ_params_response_t; -/** Return a newly allocated circ_params_request with all elements set - * to zero. - */ -circ_params_request_t *circ_params_request_new(void); -/** Release all storage held by the circ_params_request in 'victim'. - * (Do nothing if 'victim' is NULL.) - */ -void circ_params_request_free(circ_params_request_t *victim); -/** Try to parse a circ_params_request from the buffer in 'input', - * using up to 'len_in' bytes from the input buffer. On success, - * return the number of bytes consumed and set *output to the newly - * allocated circ_params_request_t. On failure, return -2 if the input - * appears truncated, and -1 if the input is otherwise invalid. - */ -ssize_t circ_params_request_parse(circ_params_request_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * circ_params_request in 'obj'. On failure, return a negative value. - * Note that this value may be an overestimate, and can even be an - * underestimate for certain unencodeable objects. - */ -ssize_t circ_params_request_encoded_len(const circ_params_request_t *obj); -/** Try to encode the circ_params_request from 'input' into the buffer - * at 'output', using up to 'avail' bytes of the output buffer. On - * success, return the number of bytes used. On failure, return -2 if - * the buffer was not long enough, and -1 if the input was invalid. - */ -ssize_t circ_params_request_encode(uint8_t *output, size_t avail, const circ_params_request_t *input); -/** Check whether the internal state of the circ_params_request in - * 'obj' is consistent. Return NULL if it is, and a short message if - * it is not. - */ -const char *circ_params_request_check(const circ_params_request_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int circ_params_request_clear_errors(circ_params_request_t *obj); -/** Return the value of the version field of the circ_params_request_t - * in 'inp' - */ -uint8_t circ_params_request_get_version(const circ_params_request_t *inp); -/** Set the value of the version field of the circ_params_request_t in - * 'inp' to 'val'. Return 0 on success; return -1 and set the error - * code on 'inp' on failure. - */ -int circ_params_request_set_version(circ_params_request_t *inp, uint8_t val); -/** Return the value of the cc_supported field of the - * circ_params_request_t in 'inp' - */ -uint8_t circ_params_request_get_cc_supported(const circ_params_request_t *inp); -/** Set the value of the cc_supported field of the - * circ_params_request_t in 'inp' to 'val'. Return 0 on success; - * return -1 and set the error code on 'inp' on failure. - */ -int circ_params_request_set_cc_supported(circ_params_request_t *inp, uint8_t val); -/** Return a newly allocated circ_params_response with all elements - * set to zero. - */ -circ_params_response_t *circ_params_response_new(void); -/** Release all storage held by the circ_params_response in 'victim'. - * (Do nothing if 'victim' is NULL.) - */ -void circ_params_response_free(circ_params_response_t *victim); -/** Try to parse a circ_params_response from the buffer in 'input', - * using up to 'len_in' bytes from the input buffer. On success, - * return the number of bytes consumed and set *output to the newly - * allocated circ_params_response_t. On failure, return -2 if the - * input appears truncated, and -1 if the input is otherwise invalid. - */ -ssize_t circ_params_response_parse(circ_params_response_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * circ_params_response in 'obj'. On failure, return a negative value. - * Note that this value may be an overestimate, and can even be an - * underestimate for certain unencodeable objects. - */ -ssize_t circ_params_response_encoded_len(const circ_params_response_t *obj); -/** Try to encode the circ_params_response from 'input' into the - * buffer at 'output', using up to 'avail' bytes of the output buffer. - * On success, return the number of bytes used. On failure, return -2 - * if the buffer was not long enough, and -1 if the input was invalid. - */ -ssize_t circ_params_response_encode(uint8_t *output, size_t avail, const circ_params_response_t *input); -/** Check whether the internal state of the circ_params_response in - * 'obj' is consistent. Return NULL if it is, and a short message if - * it is not. - */ -const char *circ_params_response_check(const circ_params_response_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int circ_params_response_clear_errors(circ_params_response_t *obj); -/** Return the value of the version field of the - * circ_params_response_t in 'inp' - */ -uint8_t circ_params_response_get_version(const circ_params_response_t *inp); -/** Set the value of the version field of the circ_params_response_t - * in 'inp' to 'val'. Return 0 on success; return -1 and set the error - * code on 'inp' on failure. - */ -int circ_params_response_set_version(circ_params_response_t *inp, uint8_t val); -/** Return the value of the cc_enabled field of the - * circ_params_response_t in 'inp' - */ -uint8_t circ_params_response_get_cc_enabled(const circ_params_response_t *inp); -/** Set the value of the cc_enabled field of the - * circ_params_response_t in 'inp' to 'val'. Return 0 on success; - * return -1 and set the error code on 'inp' on failure. - */ -int circ_params_response_set_cc_enabled(circ_params_response_t *inp, uint8_t val); -/** Return the value of the sendme_inc_cells field of the - * circ_params_response_t in 'inp' - */ -uint8_t circ_params_response_get_sendme_inc_cells(const circ_params_response_t *inp); -/** Set the value of the sendme_inc_cells field of the - * circ_params_response_t in 'inp' to 'val'. Return 0 on success; - * return -1 and set the error code on 'inp' on failure. - */ -int circ_params_response_set_sendme_inc_cells(circ_params_response_t *inp, uint8_t val); - - -#endif diff --git a/src/trunnel/circ_params.trunnel b/src/trunnel/circ_params.trunnel deleted file mode 100644 index 74f84b05ff..0000000000 --- a/src/trunnel/circ_params.trunnel +++ /dev/null @@ -1,25 +0,0 @@ -/* This file contains the definition for the encrypted payload of - * a circuit parameter negotiation request/response portion of the - * ntorv3 onionskin handshake. Currently only supports congestion - * control params. */ - -/* Param definitions */ -struct circ_params_request { - /* Version */ - u8 version IN [0]; - - /* Is cc supported or not? */ - u8 cc_supported IN [0, 1]; -} - -/* Param definitions */ -struct circ_params_response { - /* Version */ - u8 version IN [0]; - - /* Is cc supported or not? */ - u8 cc_enabled IN [0, 1]; - - /* How many cells does a SENDME ack? */ - u8 sendme_inc_cells; -} diff --git a/src/trunnel/congestion_control.c b/src/trunnel/congestion_control.c new file mode 100644 index 0000000000..371612bfe0 --- /dev/null +++ b/src/trunnel/congestion_control.c @@ -0,0 +1,183 @@ +/* congestion_control.c -- generated by Trunnel v1.5.3. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#include +#include "trunnel-impl.h" + +#include "congestion_control.h" + +#define TRUNNEL_SET_ERROR_CODE(obj) \ + do { \ + (obj)->trunnel_error_code_ = 1; \ + } while (0) + +#if defined(__COVERITY__) || defined(__clang_analyzer__) +/* If we're running a static analysis tool, we don't want it to complain + * that some of our remaining-bytes checks are dead-code. */ +int congestioncontrol_deadcode_dummy__ = 0; +#define OR_DEADCODE_DUMMY || congestioncontrol_deadcode_dummy__ +#else +#define OR_DEADCODE_DUMMY +#endif + +#define CHECK_REMAINING(nbytes, label) \ + do { \ + if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \ + goto label; \ + } \ + } while (0) + +trn_extension_field_cc_t * +trn_extension_field_cc_new(void) +{ + trn_extension_field_cc_t *val = trunnel_calloc(1, sizeof(trn_extension_field_cc_t)); + if (NULL == val) + return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +trn_extension_field_cc_clear(trn_extension_field_cc_t *obj) +{ + (void) obj; +} + +void +trn_extension_field_cc_free(trn_extension_field_cc_t *obj) +{ + if (obj == NULL) + return; + trn_extension_field_cc_clear(obj); + trunnel_memwipe(obj, sizeof(trn_extension_field_cc_t)); + trunnel_free_(obj); +} + +uint8_t +trn_extension_field_cc_get_sendme_inc(const trn_extension_field_cc_t *inp) +{ + return inp->sendme_inc; +} +int +trn_extension_field_cc_set_sendme_inc(trn_extension_field_cc_t *inp, uint8_t val) +{ + inp->sendme_inc = val; + return 0; +} +const char * +trn_extension_field_cc_check(const trn_extension_field_cc_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + return NULL; +} + +ssize_t +trn_extension_field_cc_encoded_len(const trn_extension_field_cc_t *obj) +{ + ssize_t result = 0; + + if (NULL != trn_extension_field_cc_check(obj)) + return -1; + + + /* Length of u8 sendme_inc */ + result += 1; + return result; +} +int +trn_extension_field_cc_clear_errors(trn_extension_field_cc_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +trn_extension_field_cc_encode(uint8_t *output, const size_t avail, const trn_extension_field_cc_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = trn_extension_field_cc_encoded_len(obj); +#endif + + if (NULL != (msg = trn_extension_field_cc_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 sendme_inc */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->sendme_inc)); + written += 1; ptr += 1; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As trn_extension_field_cc_parse(), but do not allocate the output + * object. + */ +static ssize_t +trn_extension_field_cc_parse_into(trn_extension_field_cc_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 sendme_inc */ + CHECK_REMAINING(1, truncated); + obj->sendme_inc = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; +} + +ssize_t +trn_extension_field_cc_parse(trn_extension_field_cc_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = trn_extension_field_cc_new(); + if (NULL == *output) + return -1; + result = trn_extension_field_cc_parse_into(*output, input, len_in); + if (result < 0) { + trn_extension_field_cc_free(*output); + *output = NULL; + } + return result; +} diff --git a/src/trunnel/congestion_control.h b/src/trunnel/congestion_control.h new file mode 100644 index 0000000000..0cc21a1db5 --- /dev/null +++ b/src/trunnel/congestion_control.h @@ -0,0 +1,67 @@ +/* congestion_control.h -- generated by Trunnel v1.5.3. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#ifndef TRUNNEL_CONGESTION_CONTROL_H +#define TRUNNEL_CONGESTION_CONTROL_H + +#include +#include "trunnel.h" + +#define TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST 1 +#define TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE 2 +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_EXTENSION_FIELD_CC) +struct trn_extension_field_cc_st { + uint8_t sendme_inc; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct trn_extension_field_cc_st trn_extension_field_cc_t; +/** Return a newly allocated trn_extension_field_cc with all elements + * set to zero. + */ +trn_extension_field_cc_t *trn_extension_field_cc_new(void); +/** Release all storage held by the trn_extension_field_cc in + * 'victim'. (Do nothing if 'victim' is NULL.) + */ +void trn_extension_field_cc_free(trn_extension_field_cc_t *victim); +/** Try to parse a trn_extension_field_cc from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated trn_extension_field_cc_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t trn_extension_field_cc_parse(trn_extension_field_cc_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * trn_extension_field_cc in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t trn_extension_field_cc_encoded_len(const trn_extension_field_cc_t *obj); +/** Try to encode the trn_extension_field_cc from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t trn_extension_field_cc_encode(uint8_t *output, size_t avail, const trn_extension_field_cc_t *input); +/** Check whether the internal state of the trn_extension_field_cc in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *trn_extension_field_cc_check(const trn_extension_field_cc_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int trn_extension_field_cc_clear_errors(trn_extension_field_cc_t *obj); +/** Return the value of the sendme_inc field of the + * trn_extension_field_cc_t in 'inp' + */ +uint8_t trn_extension_field_cc_get_sendme_inc(const trn_extension_field_cc_t *inp); +/** Set the value of the sendme_inc field of the + * trn_extension_field_cc_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int trn_extension_field_cc_set_sendme_inc(trn_extension_field_cc_t *inp, uint8_t val); + + +#endif diff --git a/src/trunnel/congestion_control.trunnel b/src/trunnel/congestion_control.trunnel new file mode 100644 index 0000000000..50697a0cd2 --- /dev/null +++ b/src/trunnel/congestion_control.trunnel @@ -0,0 +1,22 @@ +/* This file contains the definition for the encrypted payload of a circuit + * parameter negotiation request/response portion of the trn_ntorv3 onionskin + * handshake. Currently only supports congestion control params. */ + +/* The following is encoded in the extension format. */ + +/* Field types. */ +const TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST = 0x01; +const TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE = 0x02; + +/* + * "Request" is an empty payload signalling that CC is enabled. + */ + +/* + * "Response" consists of 1 single byte: + * SENDME_INC -- Min: 0, Max: 255 + */ + +struct trn_extension_field_cc { + u8 sendme_inc; +}; diff --git a/src/trunnel/include.am b/src/trunnel/include.am index 43d44d7720..b2aee81da9 100644 --- a/src/trunnel/include.am +++ b/src/trunnel/include.am @@ -14,7 +14,7 @@ TRUNNELINPUTS = \ src/trunnel/channelpadding_negotiation.trunnel \ src/trunnel/sendme_cell.trunnel \ src/trunnel/flow_control_cells.trunnel \ - src/trunnel/circ_params.trunnel \ + src/trunnel/congestion_control.trunnel \ src/trunnel/socks5.trunnel \ src/trunnel/circpad_negotiation.trunnel @@ -30,7 +30,7 @@ TRUNNELSOURCES = \ src/trunnel/channelpadding_negotiation.c \ src/trunnel/sendme_cell.c \ src/trunnel/flow_control_cells.c \ - src/trunnel/circ_params.c \ + src/trunnel/congestion_control.c \ src/trunnel/socks5.c \ src/trunnel/netinfo.c \ src/trunnel/circpad_negotiation.c @@ -49,7 +49,7 @@ TRUNNELHEADERS = \ src/trunnel/channelpadding_negotiation.h \ src/trunnel/sendme_cell.h \ src/trunnel/flow_control_cells.h \ - src/trunnel/circ_params.h \ + src/trunnel/congestion_control.h \ src/trunnel/socks5.h \ src/trunnel/netinfo.h \ src/trunnel/circpad_negotiation.h