Header file for routerparse.c. More...
Go to the source code of this file.
Macros | |
| #define | DIROBJ_MAX_SIG_LEN 256 |
| #define | ED_DESC_SIGNATURE_PREFIX "Tor router descriptor signature v1" |
Functions | |
| int | router_get_router_hash (const char *s, size_t s_len, char *digest) |
| int | router_get_dir_hash (const char *s, char *digest) |
| int | router_get_networkstatus_v3_hashes (const char *s, common_digests_t *digests) |
| int | router_get_networkstatus_v3_signed_boundaries (const char *s, const char **start_out, const char **end_out) |
| int | router_get_networkstatus_v3_sha3_as_signed (uint8_t *digest_out, const char *s) |
| int | router_get_extrainfo_hash (const char *s, size_t s_len, char *digest) |
| char * | router_get_dirobj_signature (const char *digest, size_t digest_len, const crypto_pk_t *private_key) |
| int | router_append_dirobj_signature (char *buf, size_t buf_len, const char *digest, size_t digest_len, crypto_pk_t *private_key) |
| int | router_parse_list_from_string (const char **s, const char *eos, smartlist_t *dest, saved_location_t saved_location, int is_extrainfo, int allow_annotations, const char *prepend_annotations, smartlist_t *invalid_digests_out) |
| routerinfo_t * | router_parse_entry_from_string (const char *s, const char *end, int cache_copy, int allow_annotations, const char *prepend_annotations, int *can_dl_again_out) |
| extrainfo_t * | extrainfo_parse_entry_from_string (const char *s, const char *end, int cache_copy, struct digest_ri_map_t *routermap, int *can_dl_again_out) |
| MOCK_DECL (addr_policy_t *, router_parse_addr_policy_item_from_string,(const char *s, int assume_action, int *malformed_list)) | |
| version_status_t | tor_version_is_obsolete (const char *myversion, const char *versionlist) |
| int | tor_version_parse_platform (const char *platform, tor_version_t *version_out, int strict) |
| int | tor_version_as_new_as (const char *platform, const char *cutoff) |
| int | tor_version_parse (const char *s, tor_version_t *out) |
| int | tor_version_compare (tor_version_t *a, tor_version_t *b) |
| int | tor_version_same_series (tor_version_t *a, tor_version_t *b) |
| void | sort_version_list (smartlist_t *lst, int remove_duplicates) |
| void | assert_addr_policy_ok (smartlist_t *t) |
| void | dump_distinct_digest_count (int severity) |
| int | compare_vote_routerstatus_entries (const void **_a, const void **_b) |
| int | networkstatus_verify_bw_weights (networkstatus_t *ns, int) |
| networkstatus_t * | networkstatus_parse_vote_from_string (const char *s, const char **eos_out, networkstatus_type_t ns_type) |
| ns_detached_signatures_t * | networkstatus_parse_detached_signatures (const char *s, const char *eos) |
| smartlist_t * | microdescs_parse_from_string (const char *s, const char *eos, int allow_annotations, saved_location_t where, smartlist_t *invalid_digests_out) |
| authority_cert_t * | authority_cert_parse_from_string (const char *s, const char **end_of_string) |
| int | rend_parse_v2_service_descriptor (rend_service_descriptor_t **parsed_out, char *desc_id_out, char **intro_points_encrypted_out, size_t *intro_points_encrypted_size_out, size_t *encoded_size_out, const char **next_out, const char *desc, int as_hsdir) |
| int | rend_decrypt_introduction_points (char **ipos_decrypted, size_t *ipos_decrypted_size, const char *descriptor_cookie, const char *ipos_encrypted, size_t ipos_encrypted_size) |
| int | rend_parse_introduction_points (rend_service_descriptor_t *parsed, const char *intro_points_encoded, size_t intro_points_encoded_size) |
| int | rend_parse_client_keys (strmap_t *parsed_clients, const char *str) |
| void | routerparse_init (void) |
| void | routerparse_free_all (void) |
Detailed Description
Header file for routerparse.c.
Function Documentation
◆ assert_addr_policy_ok()
| void assert_addr_policy_ok | ( | smartlist_t * | lst | ) |
Log and exit if t is malformed
◆ authority_cert_parse_from_string()
| authority_cert_t* authority_cert_parse_from_string | ( | const char * | s, |
| const char ** | end_of_string | ||
| ) |
Parse a key certificate from s; point end-of-string to the first character after the certificate.
Reject any certificate at least this big; it is probably an overflow, an attack, a bug, or some other nonsense.
◆ dump_distinct_digest_count()
| void dump_distinct_digest_count | ( | int | severity | ) |
Log the total count of the number of distinct router digests we've ever verified. When compared to the number of times we've verified routerdesc signatures in toto, this will tell us if we're doing too much multiple-verification.
◆ extrainfo_parse_entry_from_string()
| extrainfo_t* extrainfo_parse_entry_from_string | ( | const char * | s, |
| const char * | end, | ||
| int | cache_copy, | ||
| struct digest_ri_map_t * | routermap, | ||
| int * | can_dl_again_out | ||
| ) |
Parse a single extrainfo entry from the string s, ending at end. (If end is NULL, parse up to the end of s.) If cache_copy is true, make a copy of the extra-info document in the cache_info fields of the result. If routermap is provided, use it as a map from router identity to routerinfo_t when looking up signing keys.
If can_dl_again_out is provided, set *can_dl_again_out to 1 if it's okay to try to download an extrainfo with this same digest again, and 0 if it isn't. (It might not be okay to download it again if part of the part covered by the digest is invalid.)
◆ microdescs_parse_from_string()
| smartlist_t* microdescs_parse_from_string | ( | const char * | s, |
| const char * | eos, | ||
| int | allow_annotations, | ||
| saved_location_t | where, | ||
| smartlist_t * | invalid_digests_out | ||
| ) |
Parse as many microdescriptors as are found from the string starting at s and ending at eos. If allow_annotations is set, read any annotations we recognize and ignore ones we don't.
If saved_location isn't SAVED_IN_CACHE, make a local copy of each descriptor in the body field of each microdesc_t.
Return all newly parsed microdescriptors in a newly allocated smartlist_t. If invalid_disgests_out is provided, add a SHA256 microdesc digest to it for every microdesc that we found to be badly formed. (This may cause duplicates)
◆ networkstatus_parse_detached_signatures()
| ns_detached_signatures_t* networkstatus_parse_detached_signatures | ( | const char * | s, |
| const char * | eos | ||
| ) |
Parse a detached v3 networkstatus signature document between s and eos and return the result. Return -1 on failure.
◆ networkstatus_parse_vote_from_string()
| networkstatus_t* networkstatus_parse_vote_from_string | ( | const char * | s, |
| const char ** | eos_out, | ||
| networkstatus_type_t | ns_type | ||
| ) |
Parse a v3 networkstatus vote, opinion, or consensus (depending on ns_type), from s, and return the result. Return NULL on failure.
◆ networkstatus_verify_bw_weights()
| int networkstatus_verify_bw_weights | ( | networkstatus_t * | ns, |
| int | consensus_method | ||
| ) |
Verify the bandwidth weights of a network status document
◆ rend_decrypt_introduction_points()
| int rend_decrypt_introduction_points | ( | char ** | ipos_decrypted, |
| size_t * | ipos_decrypted_size, | ||
| const char * | descriptor_cookie, | ||
| const char * | ipos_encrypted, | ||
| size_t | ipos_encrypted_size | ||
| ) |
Decrypt the encrypted introduction points in ipos_encrypted of length ipos_encrypted_size using descriptor_cookie and write the result to a newly allocated string that is pointed to by ipos_decrypted and its length to ipos_decrypted_size. Return 0 if decryption was successful and -1 otherwise.
◆ rend_parse_client_keys()
| int rend_parse_client_keys | ( | strmap_t * | parsed_clients, |
| const char * | ckstr | ||
| ) |
Parse the content of a client_key file in ckstr and add rend_authorized_client_t's for each parsed client to parsed_clients. Return the number of parsed clients as result or -1 for failure.
◆ rend_parse_introduction_points()
| int rend_parse_introduction_points | ( | rend_service_descriptor_t * | parsed, |
| const char * | intro_points_encoded, | ||
| size_t | intro_points_encoded_size | ||
| ) |
Parse the encoded introduction points in intro_points_encoded of length intro_points_encoded_size and write the result to the descriptor in parsed; return the number of successfully parsed introduction points or -1 in case of a failure.
Function may only be invoked once.
◆ rend_parse_v2_service_descriptor()
| int rend_parse_v2_service_descriptor | ( | rend_service_descriptor_t ** | parsed_out, |
| char * | desc_id_out, | ||
| char ** | intro_points_encrypted_out, | ||
| size_t * | intro_points_encrypted_size_out, | ||
| size_t * | encoded_size_out, | ||
| const char ** | next_out, | ||
| const char * | desc, | ||
| int | as_hsdir | ||
| ) |
Parse and validate the ASCII-encoded v2 descriptor in desc, write the parsed descriptor to the newly allocated *parsed_out, the binary descriptor ID of length DIGEST_LEN to desc_id_out, the encrypted introduction points to the newly allocated *intro_points_encrypted_out, their encrypted size to *intro_points_encrypted_size_out, the size of the encoded descriptor to *encoded_size_out, and a pointer to the possibly next descriptor to *next_out; return 0 for success (including validation) and -1 for failure.
If as_hsdir is 1, we're parsing this as an HSDir, and we should be strict about time formats.
◆ router_append_dirobj_signature()
| int router_append_dirobj_signature | ( | char * | buf, |
| size_t | buf_len, | ||
| const char * | digest, | ||
| size_t | digest_len, | ||
| crypto_pk_t * | private_key | ||
| ) |
Helper: used to generate signatures for routers, directories and network-status objects. Given a digest in digest and a secret private_key, generate a PKCS1-padded signature, BASE64-encode it, surround it with --—BEGIN/END--— pairs, and write it to the buf_len-byte buffer at buf. Return 0 on success, -1 on failure.
◆ router_get_dir_hash()
| int router_get_dir_hash | ( | const char * | s, |
| char * | digest | ||
| ) |
Set digest to the SHA-1 digest of the hash of the directory in s. Return 0 on success, -1 on failure.
◆ router_get_dirobj_signature()
| char* router_get_dirobj_signature | ( | const char * | digest, |
| size_t | digest_len, | ||
| const crypto_pk_t * | private_key | ||
| ) |
Helper: used to generate signatures for routers, directories and network-status objects. Given a digest_len-byte digest in digest and a secret private_key, generate an PKCS1-padded signature, BASE64-encode it, surround it with --—BEGIN/END--— pairs, and return the new signature on success or NULL on failure.
◆ router_get_extrainfo_hash()
| int router_get_extrainfo_hash | ( | const char * | s, |
| size_t | s_len, | ||
| char * | digest | ||
| ) |
Set digest to the SHA-1 digest of the hash of the s_len-byte extrainfo string at s. Return 0 on success, -1 on failure.
◆ router_get_networkstatus_v3_hashes()
| int router_get_networkstatus_v3_hashes | ( | const char * | s, |
| common_digests_t * | digests | ||
| ) |
Set digests to all the digests of the consensus document in s
◆ router_get_networkstatus_v3_sha3_as_signed()
| int router_get_networkstatus_v3_sha3_as_signed | ( | uint8_t * | digest_out, |
| const char * | s | ||
| ) |
Set digest_out to the SHA3-256 digest of the signed portion of the networkstatus vote in s – or of the entirety of s if no signed portion can be identified. Return 0 on success, -1 on failure.
◆ router_get_networkstatus_v3_signed_boundaries()
| int router_get_networkstatus_v3_signed_boundaries | ( | const char * | s, |
| const char ** | start_out, | ||
| const char ** | end_out | ||
| ) |
Try to find the start and end of the signed portion of a networkstatus document in s. On success, set start_out to the first character of the document, and end_out to a position one after the final character of the signed document, and return 0. On failure, return -1.
◆ router_get_router_hash()
| int router_get_router_hash | ( | const char * | s, |
| size_t | s_len, | ||
| char * | digest | ||
| ) |
Set digest to the SHA-1 digest of the hash of the first router in s. Return 0 on success, -1 on failure.
◆ router_parse_entry_from_string()
| routerinfo_t* router_parse_entry_from_string | ( | const char * | s, |
| const char * | end, | ||
| int | cache_copy, | ||
| int | allow_annotations, | ||
| const char * | prepend_annotations, | ||
| int * | can_dl_again_out | ||
| ) |
Helper function: reads a single router entry from *s ... *end. Mallocs a new router and returns it if all goes well, else returns NULL. If cache_copy is true, duplicate the contents of s through end into the signed_descriptor_body of the resulting routerinfo_t.
If end is NULL, s must be properly NUL-terminated.
If allow_annotations, it's okay to encounter annotations in s before the router; if it's false, reject the router if it's annotated. If prepend_annotations is set, it should contain some annotations: append them to the front of the router before parsing it, and keep them around when caching the router.
Only one of allow_annotations and prepend_annotations may be set.
If can_dl_again_out is provided, set *can_dl_again_out to 1 if it's okay to try to download a descriptor with this same digest again, and 0 if it isn't. (It might not be okay to download it again if part of the part covered by the digest is invalid.)
◆ router_parse_list_from_string()
| int router_parse_list_from_string | ( | const char ** | s, |
| const char * | eos, | ||
| smartlist_t * | dest, | ||
| saved_location_t | saved_location, | ||
| int | want_extrainfo, | ||
| int | allow_annotations, | ||
| const char * | prepend_annotations, | ||
| smartlist_t * | invalid_digests_out | ||
| ) |
Given a string *s containing a concatenated sequence of router descriptors (or extra-info documents if is_extrainfo is set), parses them and stores the result in dest. All routers are marked running and valid. Advances *s to a point immediately following the last router entry. Ignore any trailing router entries that are not complete.
If saved_location isn't SAVED_IN_CACHE, make a local copy of each descriptor in the signed_descriptor_body field of each routerinfo_t. If it isn't SAVED_NOWHERE, remember the offset of each descriptor.
Returns 0 on success and -1 on failure. Adds a digest to invalid_digests_out for every entry that was unparseable or invalid. (This may cause duplicate entries.)
◆ routerparse_free_all()
| void routerparse_free_all | ( | void | ) |
Clean up all data structures used by routerparse.c at exit
◆ routerparse_init()
| void routerparse_init | ( | void | ) |
Called on startup; right now we just handle scanning the unparseable descriptor dumps, but hang anything else we might need to do in the future here as well.
◆ sort_version_list()
| void sort_version_list | ( | smartlist_t * | versions, |
| int | remove_duplicates | ||
| ) |
Sort a list of string-representations of versions in ascending order.
◆ tor_version_as_new_as()
| int tor_version_as_new_as | ( | const char * | platform, |
| const char * | cutoff | ||
| ) |
Parse the Tor version of the platform string platform, and compare it to the version in cutoff. Return 1 if the router is at least as new as the cutoff, else return 0.
◆ tor_version_compare()
| int tor_version_compare | ( | tor_version_t * | a, |
| tor_version_t * | b | ||
| ) |
Compare two tor versions; Return <0 if a < b; 0 if a ==b, >0 if a > b.
◆ tor_version_is_obsolete()
| version_status_t tor_version_is_obsolete | ( | const char * | myversion, |
| const char * | versionlist | ||
| ) |
Return VS_RECOMMENDED if myversion is contained in versionlist. Else, return VS_EMPTY if versionlist has no entries. Else, return VS_OLD if every member of versionlist is newer than myversion. Else, return VS_NEW_IN_SERIES if there is at least one member of versionlist in the same series (major.minor.micro) as myversion, but no such member is newer than myversion.. Else, return VS_NEW if every member of versionlist is older than myversion. Else, return VS_UNRECOMMENDED.
(versionlist is a comma-separated list of version strings, optionally prefixed with "Tor". Versions that can't be parsed are ignored.)
◆ tor_version_parse()
| int tor_version_parse | ( | const char * | s, |
| tor_version_t * | out | ||
| ) |
Parse a tor version from s, and store the result in out. Return 0 on success, -1 on failure.
◆ tor_version_parse_platform()
| int tor_version_parse_platform | ( | const char * | platform, |
| tor_version_t * | router_version, | ||
| int | strict | ||
| ) |
Extract a Tor version from a platform line from a router descriptor, and place the result in router_version.
Return 1 on success, -1 on parsing failure, and 0 if the platform line does not indicate some version of Tor.
If strict is non-zero, finding any weird version components (like negative numbers) counts as a parsing failure.
◆ tor_version_same_series()
| int tor_version_same_series | ( | tor_version_t * | a, |
| tor_version_t * | b | ||
| ) |
Return true iff versions a and b belong to the same series.
