1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * @file circuitbuild_relay.c
9 * @brief Implements the details of exteding circuits (by relaying extend
10 * cells as create cells, and answering create cells).
11 *
12 * On the server side, this module handles the logic of responding to
13 * RELAY_EXTEND requests, using circuit_extend() and onionskin_answer().
14 *
15 * The shared client and server code is in core/or/circuitbuild.c.
16 **/
17
18 #include "orconfig.h"
19 #include "feature/relay/circuitbuild_relay.h"
20
21 #include "lib/crypt_ops/crypto_rand.h"
22
23 #include "core/or/or.h"
24 #include "app/config/config.h"
25
26 #include "core/crypto/relay_crypto.h"
27
28 #include "core/or/cell_st.h"
29 #include "core/or/circuit_st.h"
30 #include "core/or/extend_info_st.h"
31 #include "core/or/or_circuit_st.h"
32
33 #include "core/or/channel.h"
34 #include "core/or/circuitbuild.h"
35 #include "core/or/circuitlist.h"
36 #include "core/or/extendinfo.h"
37 #include "core/or/onion.h"
38 #include "core/or/relay.h"
39
40 #include "feature/nodelist/nodelist.h"
41
42 #include "feature/relay/router.h"
43 #include "feature/relay/routermode.h"
44 #include "feature/relay/selftest.h"
45
46 /* Before replying to an extend cell, check the state of the circuit
47 * <b>circ</b>, and the configured tor mode.
48 *
49 * <b>circ</b> must not be NULL.
50 *
51 * If the state and mode are valid, return 0.
52 * Otherwise, if they are invalid, log a protocol warning, and return -1.
53 */
54 STATIC int
circuit_extend_state_valid_helper(const struct circuit_t * circ)55 circuit_extend_state_valid_helper(const struct circuit_t *circ)
56 {
57 if (!server_mode(get_options())) {
58 circuitbuild_warn_client_extend();
59 return -1;
60 }
61
62 IF_BUG_ONCE(!circ) {
63 return -1;
64 }
65
66 if (circ->n_chan) {
67 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
68 "n_chan already set. Bug/attack. Closing.");
69 return -1;
70 }
71
72 if (circ->n_hop) {
73 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
74 "conn to next hop already launched. Bug/attack. Closing.");
75 return -1;
76 }
77
78 return 0;
79 }
80
81 /* Make sure the extend cell <b>ec</b> has an ed25519 link specifier.
82 *
83 * First, check that the RSA node id is valid.
84 * If the node id is valid, add the ed25519 link specifier (if required),
85 * and return 0.
86 *
87 * Otherwise, if the node id is invalid, log a protocol warning,
88 * and return -1.(And do not modify the extend cell.)
89 *
90 * Must be called before circuit_extend_lspec_valid_helper().
91 */
92 STATIC int
circuit_extend_add_ed25519_helper(struct extend_cell_t * ec)93 circuit_extend_add_ed25519_helper(struct extend_cell_t *ec)
94 {
95 IF_BUG_ONCE(!ec) {
96 return -1;
97 }
98
99 /* Check if they asked us for 0000..0000. We support using
100 * an empty fingerprint for the first hop (e.g. for a bridge relay),
101 * but we don't want to let clients send us extend cells for empty
102 * fingerprints -- a) because it opens the user up to a mitm attack,
103 * and b) because it lets an attacker force the relay to hold open a
104 * new TLS connection for each extend request. */
105 if (tor_digest_is_zero((const char*)ec->node_id)) {
106 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
107 "Client asked me to extend without specifying an id_digest.");
108 return -1;
109 }
110
111 /* Fill in ed_pubkey if it was not provided and we can infer it from
112 * our networkstatus */
113 if (ed25519_public_key_is_zero(&ec->ed_pubkey)) {
114 const node_t *node = node_get_by_id((const char*)ec->node_id);
115 const ed25519_public_key_t *node_ed_id = NULL;
116 if (node &&
117 node_supports_ed25519_link_authentication(node, 1) &&
118 (node_ed_id = node_get_ed25519_id(node))) {
119 ed25519_pubkey_copy(&ec->ed_pubkey, node_ed_id);
120 }
121 }
122
123 return 0;
124 }
125
126 /* Make sure the extend cell <b>ec</b> has an IPv4 address if the relay
127 * supports in, and if not, fill it in. */
128 STATIC int
circuit_extend_add_ipv4_helper(struct extend_cell_t * ec)129 circuit_extend_add_ipv4_helper(struct extend_cell_t *ec)
130 {
131 IF_BUG_ONCE(!ec) {
132 return -1;
133 }
134
135 const node_t *node = node_get_by_id((const char *) ec->node_id);
136 if (node) {
137 tor_addr_port_t node_ipv4;
138 node_get_prim_orport(node, &node_ipv4);
139 if (tor_addr_is_null(&ec->orport_ipv4.addr) &&
140 !tor_addr_is_null(&node_ipv4.addr)) {
141 tor_addr_copy(&ec->orport_ipv4.addr, &node_ipv4.addr);
142 ec->orport_ipv4.port = node_ipv4.port;
143 }
144 }
145
146 return 0;
147 }
148
149 /* Make sure the extend cell <b>ec</b> has an IPv6 address if the relay
150 * supports in, and if not, fill it in. */
151 STATIC int
circuit_extend_add_ipv6_helper(struct extend_cell_t * ec)152 circuit_extend_add_ipv6_helper(struct extend_cell_t *ec)
153 {
154 IF_BUG_ONCE(!ec) {
155 return -1;
156 }
157
158 const node_t *node = node_get_by_id((const char *) ec->node_id);
159 if (node) {
160 tor_addr_port_t node_ipv6;
161 node_get_pref_ipv6_orport(node, &node_ipv6);
162 if (tor_addr_is_null(&ec->orport_ipv6.addr) &&
163 !tor_addr_is_null(&node_ipv6.addr)) {
164 tor_addr_copy(&ec->orport_ipv6.addr, &node_ipv6.addr);
165 ec->orport_ipv6.port = node_ipv6.port;
166 }
167 }
168
169 return 0;
170 }
171
172 /* Check if the address and port in the tor_addr_port_t <b>ap</b> are valid,
173 * and are allowed by the current ExtendAllowPrivateAddresses config.
174 *
175 * If they are valid, return true.
176 * Otherwise, if they are invalid, return false.
177 *
178 * If <b>log_zero_addrs</b> is true, log warnings about zero addresses at
179 * <b>log_level</b>. If <b>log_internal_addrs</b> is true, log warnings about
180 * internal addresses at <b>log_level</b>.
181 */
182 static bool
circuit_extend_addr_port_is_valid(const struct tor_addr_port_t * ap,bool log_zero_addrs,bool log_internal_addrs,int log_level)183 circuit_extend_addr_port_is_valid(const struct tor_addr_port_t *ap,
184 bool log_zero_addrs, bool log_internal_addrs,
185 int log_level)
186 {
187 /* It's safe to print the family. But we don't want to print the address,
188 * unless specifically configured to do so. (Zero addresses aren't sensitive,
189 * But some internal addresses might be.)*/
190
191 if (!tor_addr_port_is_valid_ap(ap, 0)) {
192 if (log_zero_addrs) {
193 log_fn(log_level, LD_PROTOCOL,
194 "Client asked me to extend to a zero destination port or "
195 "%s address '%s'.",
196 fmt_addr_family(&ap->addr), safe_str(fmt_addrport_ap(ap)));
197 }
198 return false;
199 }
200
201 if (tor_addr_is_internal(&ap->addr, 0) &&
202 !get_options()->ExtendAllowPrivateAddresses) {
203 if (log_internal_addrs) {
204 log_fn(log_level, LD_PROTOCOL,
205 "Client asked me to extend to a private %s address '%s'.",
206 fmt_addr_family(&ap->addr),
207 safe_str(fmt_and_decorate_addr(&ap->addr)));
208 }
209 return false;
210 }
211
212 return true;
213 }
214
215 /* Before replying to an extend cell, check the link specifiers in the extend
216 * cell <b>ec</b>, which was received on the circuit <b>circ</b>.
217 *
218 * If they are valid, return 0.
219 * Otherwise, if they are invalid, log a protocol warning, and return -1.
220 *
221 * Must be called after circuit_extend_add_ed25519_helper().
222 */
223 STATIC int
circuit_extend_lspec_valid_helper(const struct extend_cell_t * ec,const struct circuit_t * circ)224 circuit_extend_lspec_valid_helper(const struct extend_cell_t *ec,
225 const struct circuit_t *circ)
226 {
227 IF_BUG_ONCE(!ec) {
228 return -1;
229 }
230
231 IF_BUG_ONCE(!circ) {
232 return -1;
233 }
234
235 /* Check the addresses, without logging */
236 const int ipv4_valid = circuit_extend_addr_port_is_valid(&ec->orport_ipv4,
237 false, false, 0);
238 const int ipv6_valid = circuit_extend_addr_port_is_valid(&ec->orport_ipv6,
239 false, false, 0);
240 /* We need at least one valid address */
241 if (!ipv4_valid && !ipv6_valid) {
242 /* Now, log the invalid addresses at protocol warning level */
243 circuit_extend_addr_port_is_valid(&ec->orport_ipv4,
244 true, true, LOG_PROTOCOL_WARN);
245 circuit_extend_addr_port_is_valid(&ec->orport_ipv6,
246 true, true, LOG_PROTOCOL_WARN);
247 /* And fail */
248 return -1;
249 } else if (!ipv4_valid) {
250 /* Always log unexpected internal addresses, but go on to use the other
251 * valid address */
252 circuit_extend_addr_port_is_valid(&ec->orport_ipv4,
253 false, true, LOG_PROTOCOL_WARN);
254 } else if (!ipv6_valid) {
255 circuit_extend_addr_port_is_valid(&ec->orport_ipv6,
256 false, true, LOG_PROTOCOL_WARN);
257 }
258
259 IF_BUG_ONCE(circ->magic != OR_CIRCUIT_MAGIC) {
260 return -1;
261 }
262
263 const channel_t *p_chan = CONST_TO_OR_CIRCUIT(circ)->p_chan;
264
265 IF_BUG_ONCE(!p_chan) {
266 return -1;
267 }
268
269 /* Next, check if we're being asked to connect to the hop that the
270 * extend cell came from. There isn't any reason for that, and it can
271 * assist circular-path attacks. */
272 if (tor_memeq(ec->node_id, p_chan->identity_digest, DIGEST_LEN)) {
273 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
274 "Client asked me to extend back to the previous hop.");
275 return -1;
276 }
277
278 /* Check the previous hop Ed25519 ID too */
279 if (! ed25519_public_key_is_zero(&ec->ed_pubkey) &&
280 ed25519_pubkey_eq(&ec->ed_pubkey, &p_chan->ed25519_identity)) {
281 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
282 "Client asked me to extend back to the previous hop "
283 "(by Ed25519 ID).");
284 return -1;
285 }
286
287 return 0;
288 }
289
290 /* If possible, return a supported, non-NULL IP address.
291 *
292 * If both addresses are supported and non-NULL, choose one uniformly at
293 * random.
294 *
295 * If we have an IPv6-only extend, but IPv6 is not supported, returns NULL.
296 * If both addresses are NULL, also returns NULL. */
297 STATIC const tor_addr_port_t *
circuit_choose_ip_ap_for_extend(const tor_addr_port_t * ipv4_ap,const tor_addr_port_t * ipv6_ap)298 circuit_choose_ip_ap_for_extend(const tor_addr_port_t *ipv4_ap,
299 const tor_addr_port_t *ipv6_ap)
300 {
301 const bool ipv6_supported = router_can_extend_over_ipv6(get_options());
302
303 /* If IPv6 is not supported, we can't use the IPv6 address. */
304 if (!ipv6_supported) {
305 ipv6_ap = NULL;
306 }
307
308 /* If there is no IPv6 address, IPv4 is always supported.
309 * Until clients include IPv6 ORPorts, and most relays support IPv6,
310 * this is the most common case. */
311 if (!ipv6_ap) {
312 return ipv4_ap;
313 }
314
315 /* If there is no IPv4 address, return the (possibly NULL) IPv6 address. */
316 if (!ipv4_ap) {
317 return ipv6_ap;
318 }
319
320 /* Now we have an IPv4 and an IPv6 address, and IPv6 is supported.
321 * So make an IPv6 connection at random, with probability 1 in N.
322 * 1 means "always IPv6 (and no IPv4)"
323 * 2 means "equal probability of IPv4 or IPv6"
324 * ... (and so on) ...
325 * (UINT_MAX - 1) means "almost always IPv4 (and almost never IPv6)"
326 * To disable IPv6, set ipv6_supported to 0.
327 */
328 #define IPV6_CONNECTION_ONE_IN_N 2
329
330 bool choose_ipv6 = crypto_fast_rng_one_in_n(get_thread_fast_rng(),
331 IPV6_CONNECTION_ONE_IN_N);
332 if (choose_ipv6) {
333 return ipv6_ap;
334 } else {
335 return ipv4_ap;
336 }
337 }
338
339 /* When there is no open channel for an extend cell <b>ec</b>, set up the
340 * circuit <b>circ</b> to wait for a new connection.
341 *
342 * If <b>should_launch</b> is true, open a new connection. (Otherwise, we are
343 * already waiting for a new connection to the same relay.)
344 *
345 * Check if IPv6 extends are supported by our current configuration. If they
346 * are, new connections may be made over IPv4 or IPv6. (IPv4 connections are
347 * always supported.)
348 */
349 STATIC void
circuit_open_connection_for_extend(const struct extend_cell_t * ec,struct circuit_t * circ,int should_launch)350 circuit_open_connection_for_extend(const struct extend_cell_t *ec,
351 struct circuit_t *circ,
352 int should_launch)
353 {
354 /* We have to check circ first, so we can close it on all other failures */
355 IF_BUG_ONCE(!circ) {
356 /* We can't mark a NULL circuit for close. */
357 return;
358 }
359
360 /* Now we know that circ is not NULL */
361 IF_BUG_ONCE(!ec) {
362 circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
363 return;
364 }
365
366 /* Check the addresses, without logging */
367 const int ipv4_valid = circuit_extend_addr_port_is_valid(&ec->orport_ipv4,
368 false, false, 0);
369 const int ipv6_valid = circuit_extend_addr_port_is_valid(&ec->orport_ipv6,
370 false, false, 0);
371
372 IF_BUG_ONCE(!ipv4_valid && !ipv6_valid) {
373 /* circuit_extend_lspec_valid_helper() should have caught this */
374 circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
375 return;
376 }
377
378 const tor_addr_port_t *chosen_ap = circuit_choose_ip_ap_for_extend(
379 ipv4_valid ? &ec->orport_ipv4 : NULL,
380 ipv6_valid ? &ec->orport_ipv6 : NULL);
381 if (!chosen_ap) {
382 /* An IPv6-only extend, but IPv6 is not supported */
383 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
384 "Received IPv6-only extend, but we don't have an IPv6 ORPort.");
385 circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
386 return;
387 }
388
389 circ->n_hop = extend_info_new(NULL /*nickname*/,
390 (const char*)ec->node_id,
391 &ec->ed_pubkey,
392 NULL, /*onion_key*/
393 NULL, /*curve25519_key*/
394 &chosen_ap->addr,
395 chosen_ap->port);
396
397 circ->n_chan_create_cell = tor_memdup(&ec->create_cell,
398 sizeof(ec->create_cell));
399
400 circuit_set_state(circ, CIRCUIT_STATE_CHAN_WAIT);
401
402 if (should_launch) {
403 /* we should try to open a connection */
404 channel_t *n_chan = channel_connect_for_circuit(circ->n_hop);
405 if (!n_chan) {
406 log_info(LD_CIRC,"Launching n_chan failed. Closing circuit.");
407 circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
408 return;
409 }
410 log_debug(LD_CIRC,"connecting in progress (or finished). Good.");
411 }
412 }
413
414 /** Take the 'extend' <b>cell</b>, pull out addr/port plus the onion
415 * skin and identity digest for the next hop. If we're already connected,
416 * pass the onion skin to the next hop using a create cell; otherwise
417 * launch a new OR connection, and <b>circ</b> will notice when the
418 * connection succeeds or fails.
419 *
420 * Return -1 if we want to warn and tear down the circuit, else return 0.
421 */
422 int
circuit_extend(struct cell_t * cell,struct circuit_t * circ)423 circuit_extend(struct cell_t *cell, struct circuit_t *circ)
424 {
425 channel_t *n_chan;
426 relay_header_t rh;
427 extend_cell_t ec;
428 const char *msg = NULL;
429 int should_launch = 0;
430
431 IF_BUG_ONCE(!cell) {
432 return -1;
433 }
434
435 IF_BUG_ONCE(!circ) {
436 return -1;
437 }
438
439 if (circuit_extend_state_valid_helper(circ) < 0)
440 return -1;
441
442 relay_header_unpack(&rh, cell->payload);
443
444 if (extend_cell_parse(&ec, rh.command,
445 cell->payload+RELAY_HEADER_SIZE,
446 rh.length) < 0) {
447 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
448 "Can't parse extend cell. Closing circuit.");
449 return -1;
450 }
451
452 if (circuit_extend_add_ed25519_helper(&ec) < 0)
453 return -1;
454
455 if (circuit_extend_lspec_valid_helper(&ec, circ) < 0)
456 return -1;
457
458 if (circuit_extend_add_ipv4_helper(&ec) < 0)
459 return -1;
460
461 if (circuit_extend_add_ipv6_helper(&ec) < 0)
462 return -1;
463
464 /* Check the addresses, without logging */
465 const int ipv4_valid = circuit_extend_addr_port_is_valid(&ec.orport_ipv4,
466 false, false, 0);
467 const int ipv6_valid = circuit_extend_addr_port_is_valid(&ec.orport_ipv6,
468 false, false, 0);
469 IF_BUG_ONCE(!ipv4_valid && !ipv6_valid) {
470 /* circuit_extend_lspec_valid_helper() should have caught this */
471 return -1;
472 }
473
474 n_chan = channel_get_for_extend((const char*)ec.node_id,
475 &ec.ed_pubkey,
476 ipv4_valid ? &ec.orport_ipv4.addr : NULL,
477 ipv6_valid ? &ec.orport_ipv6.addr : NULL,
478 false,
479 &msg,
480 &should_launch);
481
482 if (!n_chan) {
483 /* We can't use fmt_addr*() twice in the same function call,
484 * because it uses a static buffer. */
485 log_debug(LD_CIRC|LD_OR, "Next router IPv4 (%s): %s.",
486 fmt_addrport_ap(&ec.orport_ipv4),
487 msg ? msg : "????");
488 log_debug(LD_CIRC|LD_OR, "Next router IPv6 (%s).",
489 fmt_addrport_ap(&ec.orport_ipv6));
490
491 circuit_open_connection_for_extend(&ec, circ, should_launch);
492
493 /* return success. The onion/circuit/etc will be taken care of
494 * automatically (may already have been) whenever n_chan reaches
495 * OR_CONN_STATE_OPEN.
496 */
497 return 0;
498 } else {
499 /* Connection is already established.
500 * So we need to extend the circuit to the next hop. */
501 tor_assert(!circ->n_hop);
502 circ->n_chan = n_chan;
503 log_debug(LD_CIRC,
504 "n_chan is %s.",
505 channel_describe_peer(n_chan));
506
507 if (circuit_deliver_create_cell(circ, &ec.create_cell, 1) < 0)
508 return -1;
509
510 return 0;
511 }
512 }
513
514 /** On a relay, accept a create cell, initialise a circuit, and send a
515 * created cell back.
516 *
517 * Given:
518 * - a response payload consisting of:
519 * - the <b>created_cell</b> and
520 * - an optional <b>rend_circ_nonce</b>, and
521 * - <b>keys</b> of length <b>keys_len</b>, which must be
522 * CPATH_KEY_MATERIAL_LEN;
523 * then:
524 * - initialize the circuit <b>circ</b>'s cryptographic material,
525 * - set the circuit's state to open, and
526 * - send a created cell back on that circuit.
527 *
528 * If we haven't found our ORPorts reachable yet, and the channel meets the
529 * necessary conditions, mark the relevant ORPorts as reachable.
530 *
531 * Returns -1 if cell or circuit initialisation fails.
532 */
533 int
onionskin_answer(struct or_circuit_t * circ,const created_cell_t * created_cell,const char * keys,size_t keys_len,const uint8_t * rend_circ_nonce)534 onionskin_answer(struct or_circuit_t *circ,
535 const created_cell_t *created_cell,
536 const char *keys, size_t keys_len,
537 const uint8_t *rend_circ_nonce)
538 {
539 cell_t cell;
540
541 IF_BUG_ONCE(!circ) {
542 return -1;
543 }
544
545 IF_BUG_ONCE(!created_cell) {
546 return -1;
547 }
548
549 IF_BUG_ONCE(!keys) {
550 return -1;
551 }
552
553 IF_BUG_ONCE(!rend_circ_nonce) {
554 return -1;
555 }
556
557 tor_assert(keys_len == CPATH_KEY_MATERIAL_LEN);
558
559 if (created_cell_format(&cell, created_cell) < 0) {
560 log_warn(LD_BUG,"couldn't format created cell (type=%d, len=%d).",
561 (int)created_cell->cell_type, (int)created_cell->handshake_len);
562 return -1;
563 }
564 cell.circ_id = circ->p_circ_id;
565
566 circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OPEN);
567
568 log_debug(LD_CIRC,"init digest forward 0x%.8x, backward 0x%.8x.",
569 (unsigned int)get_uint32(keys),
570 (unsigned int)get_uint32(keys+20));
571 if (relay_crypto_init(&circ->crypto, keys, keys_len, 0, 0)<0) {
572 log_warn(LD_BUG,"Circuit initialization failed.");
573 return -1;
574 }
575
576 memcpy(circ->rend_circ_nonce, rend_circ_nonce, DIGEST_LEN);
577
578 int used_create_fast = (created_cell->cell_type == CELL_CREATED_FAST);
579
580 append_cell_to_circuit_queue(TO_CIRCUIT(circ),
581 circ->p_chan, &cell, CELL_DIRECTION_IN, 0);
582 log_debug(LD_CIRC,"Finished sending '%s' cell.",
583 used_create_fast ? "created_fast" : "created");
584
585 /* Ignore the local bit when ExtendAllowPrivateAddresses is set:
586 * it violates the assumption that private addresses are local.
587 * Also, many test networks run on local addresses, and
588 * TestingTorNetwork sets ExtendAllowPrivateAddresses. */
589 if ((!channel_is_local(circ->p_chan)
590 || get_options()->ExtendAllowPrivateAddresses)
591 && !channel_is_outgoing(circ->p_chan)) {
592 /* Okay, it's a create cell from a non-local connection
593 * that we didn't initiate. Presumably this means that create cells
594 * can reach us too. But what address can they reach us on? */
595 const tor_addr_t *my_supposed_addr = &circ->p_chan->addr_according_to_peer;
596 if (router_addr_is_my_published_addr(my_supposed_addr)) {
597 /* Great, this create cell came on connection where the peer says
598 * that the our address is an address we're actually advertising!
599 * That should mean that we're reachable. But before we finally
600 * declare ourselves reachable, make sure that the address listed
601 * by the peer is the same family as the peer is actually using.
602 */
603 tor_addr_t remote_addr;
604 int family = tor_addr_family(my_supposed_addr);
605 if (channel_get_addr_if_possible(circ->p_chan, &remote_addr) &&
606 tor_addr_family(&remote_addr) == family) {
607 router_orport_found_reachable(family);
608 }
609 }
610 }
611
612 return 0;
613 }
614