1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401
//! Implementation for parsing and encoding relay cells
use std::num::NonZeroU16;
use crate::chancell::{BoxedCellBody, CELL_DATA_LEN};
use tor_bytes::{EncodeError, EncodeResult, Error, Result};
use tor_bytes::{Reader, Writer};
use tor_error::internal;
use caret::caret_int;
use rand::{CryptoRng, Rng};
pub mod extend;
#[cfg(feature = "hs")]
pub mod hs;
pub mod msg;
#[cfg(feature = "experimental-udp")]
pub mod udp;
caret_int! {
/// A command that identifies the type of a relay cell
pub struct RelayCmd(u8) {
/// Start a new stream
BEGIN = 1,
/// Data on a stream
DATA = 2,
/// Close a stream
END = 3,
/// Acknowledge a BEGIN; stream is open
CONNECTED = 4,
/// Used for flow control
SENDME = 5,
/// Extend a circuit to a new hop; deprecated
EXTEND = 6,
/// Reply to EXTEND handshake; deprecated
EXTENDED = 7,
/// Partially close a circuit
TRUNCATE = 8,
/// Circuit has been partially closed
TRUNCATED = 9,
/// Padding cell
DROP = 10,
/// Start a DNS lookup
RESOLVE = 11,
/// Reply to a DNS lookup
RESOLVED = 12,
/// Start a directory stream
BEGIN_DIR = 13,
/// Extend a circuit to a new hop
EXTEND2 = 14,
/// Reply to an EXTEND2 cell.
EXTENDED2 = 15,
/// NOTE: UDP command are reserved but only used with experimental-udp feature
/// UDP: Start of a stream
CONNECT_UDP = 16,
/// UDP: Acknowledge a CONNECT_UDP. Stream is open.
CONNECTED_UDP = 17,
/// UDP: Data on a UDP stream.
DATAGRAM = 18,
/// HS: establish an introduction point.
ESTABLISH_INTRO = 32,
/// HS: establish a rendezvous point.
ESTABLISH_RENDEZVOUS = 33,
/// HS: send introduction (client to introduction point)
INTRODUCE1 = 34,
/// HS: send introduction (introduction point to service)
INTRODUCE2 = 35,
/// HS: connect rendezvous point (service to rendezvous point)
RENDEZVOUS1 = 36,
/// HS: connect rendezvous point (rendezvous point to client)
RENDEZVOUS2 = 37,
/// HS: Response to ESTABLISH_INTRO
INTRO_ESTABLISHED = 38,
/// HS: Response to ESTABLISH_RENDEZVOUS
RENDEZVOUS_ESTABLISHED = 39,
/// HS: Response to INTRODUCE1 from introduction point to client
INTRODUCE_ACK = 40,
/// Padding: declare what kind of padding we want
PADDING_NEGOTIATE = 41,
/// Padding: reply to a PADDING_NEGOTIATE
PADDING_NEGOTIATED = 42,
}
}
/// Possible requirements on stream IDs for a relay command.
enum StreamIdReq {
/// Can only be used with a stream ID of 0
WantNone,
/// Can only be used with a stream ID that isn't 0
WantSome,
/// Can be used with any stream ID
Any,
}
impl RelayCmd {
/// Check whether this command requires a certain kind of
/// StreamId, and return a corresponding StreamIdReq.
fn expects_streamid(self) -> StreamIdReq {
match self {
RelayCmd::BEGIN
| RelayCmd::DATA
| RelayCmd::END
| RelayCmd::CONNECTED
| RelayCmd::RESOLVE
| RelayCmd::RESOLVED
| RelayCmd::BEGIN_DIR => StreamIdReq::WantSome,
#[cfg(feature = "experimental-udp")]
RelayCmd::CONNECT_UDP | RelayCmd::CONNECTED_UDP | RelayCmd::DATAGRAM => {
StreamIdReq::WantSome
}
RelayCmd::EXTEND
| RelayCmd::EXTENDED
| RelayCmd::TRUNCATE
| RelayCmd::TRUNCATED
| RelayCmd::DROP
| RelayCmd::EXTEND2
| RelayCmd::EXTENDED2
| RelayCmd::ESTABLISH_INTRO
| RelayCmd::ESTABLISH_RENDEZVOUS
| RelayCmd::INTRODUCE1
| RelayCmd::INTRODUCE2
| RelayCmd::RENDEZVOUS1
| RelayCmd::RENDEZVOUS2
| RelayCmd::INTRO_ESTABLISHED
| RelayCmd::RENDEZVOUS_ESTABLISHED
| RelayCmd::INTRODUCE_ACK => StreamIdReq::WantNone,
RelayCmd::SENDME => StreamIdReq::Any,
_ => StreamIdReq::Any,
}
}
/// Return true if this command is one that accepts the particular
/// stream ID `id`
pub fn accepts_streamid_val(self, id: Option<StreamId>) -> bool {
match self.expects_streamid() {
StreamIdReq::WantNone => id.is_none(),
StreamIdReq::WantSome => id.is_some(),
StreamIdReq::Any => true,
}
}
}
/// Identify a single stream on a circuit.
///
/// These identifiers are local to each hop on a circuit.
/// This can't be zero; if you need something that can be zero in the protocol,
/// use `Option<StreamId>`.
#[derive(Copy, Clone, PartialEq, Eq, Debug, Hash)]
pub struct StreamId(NonZeroU16);
impl From<NonZeroU16> for StreamId {
fn from(id: NonZeroU16) -> Self {
Self(id)
}
}
impl From<StreamId> for NonZeroU16 {
fn from(id: StreamId) -> NonZeroU16 {
id.0
}
}
impl From<StreamId> for u16 {
fn from(id: StreamId) -> u16 {
id.0.get()
}
}
impl std::fmt::Display for StreamId {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
self.0.fmt(f)
}
}
impl StreamId {
/// Creates a `StreamId` for non-zero `stream_id`.
///
/// Returns `None` when `stream_id` is zero. Messages with a zero/None stream ID
/// apply to the circuit as a whole instead of a particular stream.
pub fn new(stream_id: u16) -> Option<Self> {
NonZeroU16::new(stream_id).map(Self)
}
/// Convenience function to convert to a `u16`; `None` is mapped to 0.
pub fn get_or_zero(stream_id: Option<Self>) -> u16 {
match stream_id {
Some(stream_id) => stream_id.0.get(),
None => 0,
}
}
}
/// A relay cell that has not yet been fully parsed, but where we have access to
/// the command and stream ID, for dispatching purposes.
//
// TODO prop340: Settle on some names here. I would prefer "UnparsedRelayMsg" here so
// it can eventually be compatible with proposal 340. But that would make our
// RelayCell and RelayMsg types below kind of illogical. Perhaps we should rename...
// this -> UnparsedRelayMsg
// RelayCell -> ParsedRelayMsg
// RelayMsg -> RelayMsgBody?
// Ideas appreciated -NM
#[derive(Clone, Debug)]
pub struct UnparsedRelayCell {
/// The body of the cell.
body: BoxedCellBody,
// NOTE: we could also have a separate command and stream ID field here, but
// we expect to be working with a TON of these, so we will be mildly
// over-optimized and just peek into the body.
//
// It *is* a bit ugly to have to encode so much knowledge about the format in
// different functions here, but that information shouldn't leak out of this module.
}
/// Position of the stream ID within the cell body.
const STREAM_ID_OFFSET: usize = 3;
impl UnparsedRelayCell {
/// Wrap a BoxedCellBody as an UnparsedRelayCell.
pub fn from_body(body: BoxedCellBody) -> Self {
Self { body }
}
/// Return the command for this cell.
pub fn cmd(&self) -> RelayCmd {
/// Position of the command within the cell body.
const CMD_OFFSET: usize = 0;
self.body[CMD_OFFSET].into()
}
/// Return the stream ID for the stream that this cell corresponds to, if any.
pub fn stream_id(&self) -> Option<StreamId> {
StreamId::new(u16::from_be_bytes(
self.body[STREAM_ID_OFFSET..STREAM_ID_OFFSET + 2]
.try_into()
.expect("two-byte slice was not two bytes long!?"),
))
}
/// Decode this unparsed cell into a given cell type.
pub fn decode<M: RelayMsg>(self) -> Result<RelayCell<M>> {
RelayCell::decode(self.body)
}
}
/// A decoded and parsed relay cell of unrestricted type.
pub type AnyRelayCell = RelayCell<msg::AnyRelayMsg>;
/// Trait implemented by anything that can serve as a relay message.
///
/// Typically, this will be [`RelayMsg`] (to represent an unrestricted relay
/// message), or a restricted subset of `RelayMsg`.
pub trait RelayMsg {
/// Return the stream command associated with this message.
fn cmd(&self) -> RelayCmd;
/// Encode the body of this message, not including command or length
fn encode_onto<W: tor_bytes::Writer + ?Sized>(self, w: &mut W) -> tor_bytes::EncodeResult<()>;
/// Extract the body of a message with command `cmd` from reader `r`.
fn decode_from_reader(cmd: RelayCmd, r: &mut Reader<'_>) -> Result<Self>
where
Self: Sized;
}
/// A decoded and parsed relay cell.
///
/// Each relay cell represents a message that can be sent along a
/// circuit, along with the ID for an associated stream that the
/// message is meant for.
#[derive(Debug)]
pub struct RelayCell<M> {
/// The stream ID for the stream that this cell corresponds to.
streamid: Option<StreamId>,
/// The relay message for this cell.
msg: M,
}
impl<M: RelayMsg> RelayCell<M> {
/// Construct a new relay cell.
pub fn new(streamid: Option<StreamId>, msg: M) -> Self {
RelayCell { streamid, msg }
}
/// Consume this cell and return its components.
pub fn into_streamid_and_msg(self) -> (Option<StreamId>, M) {
(self.streamid, self.msg)
}
/// Return the command for this cell.
pub fn cmd(&self) -> RelayCmd {
self.msg.cmd()
}
/// Return the stream ID for the stream that this cell corresponds to.
pub fn stream_id(&self) -> Option<StreamId> {
self.streamid
}
/// Return the underlying message for this cell.
pub fn msg(&self) -> &M {
&self.msg
}
/// Consume this cell and return the underlying message.
pub fn into_msg(self) -> M {
self.msg
}
/// Consume this relay message and encode it as a 509-byte padded cell
/// body.
pub fn encode<R: Rng + CryptoRng>(self, rng: &mut R) -> crate::Result<BoxedCellBody> {
/// We skip this much space before adding any random padding to the
/// end of the cell
const MIN_SPACE_BEFORE_PADDING: usize = 4;
let (mut body, enc_len) = self.encode_to_cell()?;
debug_assert!(enc_len <= CELL_DATA_LEN);
if enc_len < CELL_DATA_LEN - MIN_SPACE_BEFORE_PADDING {
rng.fill_bytes(&mut body[enc_len + MIN_SPACE_BEFORE_PADDING..]);
}
Ok(body)
}
/// Consume a relay cell and return its contents, encoded for use
/// in a RELAY or RELAY_EARLY cell.
fn encode_to_cell(self) -> EncodeResult<(BoxedCellBody, usize)> {
// NOTE: This implementation is a bit optimized, since it happens to
// literally every relay cell that we produce.
// TODO -NM: Add a specialized implementation for making a DATA cell from
// a body?
/// Wrap a BoxedCellBody and implement AsMut<[u8]>
struct BodyWrapper(BoxedCellBody);
impl AsMut<[u8]> for BodyWrapper {
fn as_mut(&mut self) -> &mut [u8] {
self.0.as_mut()
}
}
/// The position of the length field within a relay cell.
const LEN_POS: usize = 9;
/// The position of the body a relay cell.
const BODY_POS: usize = 11;
let body = BodyWrapper(Box::new([0_u8; 509]));
let mut w = crate::slicewriter::SliceWriter::new(body);
w.write_u8(self.msg.cmd().into());
w.write_u16(0); // "Recognized"
debug_assert_eq!(
w.offset().expect("Overflowed a cell with just the header!"),
STREAM_ID_OFFSET
);
w.write_u16(StreamId::get_or_zero(self.streamid));
w.write_u32(0); // Digest
// (It would be simpler to use NestedWriter at this point, but it uses an internal Vec that we are trying to avoid.)
debug_assert_eq!(
w.offset().expect("Overflowed a cell with just the header!"),
LEN_POS
);
w.write_u16(0); // Length.
debug_assert_eq!(
w.offset().expect("Overflowed a cell with just the header!"),
BODY_POS
);
self.msg.encode_onto(&mut w)?; // body
let (mut body, written) = w.try_unwrap().map_err(|_| {
EncodeError::Bug(internal!(
"Encoding of relay message was too long to fit into a cell!"
))
})?;
let payload_len = written - BODY_POS;
debug_assert!(payload_len < std::u16::MAX as usize);
*(<&mut [u8; 2]>::try_from(&mut body.0[LEN_POS..LEN_POS + 2])
.expect("Two-byte slice was not two bytes long!?")) =
(payload_len as u16).to_be_bytes();
Ok((body.0, written))
}
/// Parse a RELAY or RELAY_EARLY cell body into a RelayCell.
///
/// Requires that the cryptographic checks on the message have already been
/// performed
#[allow(clippy::needless_pass_by_value)] // TODO this will go away soon.
pub fn decode(body: BoxedCellBody) -> Result<Self> {
let mut reader = Reader::from_slice(body.as_ref());
Self::decode_from_reader(&mut reader)
}
/// Parse a RELAY or RELAY_EARLY cell body into a RelayCell from a reader.
///
/// Requires that the cryptographic checks on the message have already been
/// performed
pub fn decode_from_reader(r: &mut Reader<'_>) -> Result<Self> {
let cmd = r.take_u8()?.into();
r.advance(2)?; // "recognized"
let streamid = StreamId::new(r.take_u16()?);
r.advance(4)?; // digest
let len = r.take_u16()? as usize;
if r.remaining() < len {
return Err(Error::InvalidMessage(
"Insufficient data in relay cell".into(),
));
}
r.truncate(len);
let msg = M::decode_from_reader(cmd, r)?;
Ok(Self { streamid, msg })
}
}