Commit Graph

12652 Commits

Author SHA1 Message Date
Nick Mathewson
6847b9f6af Fix make check-spaces 2016-11-04 14:00:08 -04:00
Nick Mathewson
09c750cce3 Check the correct key when checking RSA crosscert in hs_descriptor.c
Note that the "signed key" in the signing key certificate is the
signing key.  The "signing key" in the  signing key certificate is
the key that signs the certificate -- that is, the blinded key.
2016-11-04 13:49:05 -04:00
Nick Mathewson
dbd01590cc Fix an assertion failure in hs_cache_free_all().
It's possible for Tor to decide to exit before it's 100% done
initializing.  So, don't assert that the initialization is done.
2016-11-04 13:30:10 -04:00
Nick Mathewson
d88046a80d Fix compilation. 2016-11-04 13:26:56 -04:00
Nick Mathewson
c35c43d7d9 Merge branch 'ticket17238_029_02-resquash'
Conflicts:
	src/or/rendclient.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/test/test_dir.c
	src/trunnel/ed25519_cert.h
2016-11-04 13:26:37 -04:00
Nick Mathewson
c189cb5cc2 Use a better salted-MAC construction in build_mac() 2016-11-04 13:15:28 -04:00
David Goulet
1eed6edf36 prop224: Add a cache free all function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
3f29688bdf prop224: Use a const pointer for the cache lookup entry
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
1263f74a12 prop224: Rename cert type to follow naming convention
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
1517a8a2eb Add EnableOnionServicesV3 consensus parameter
This parameter controls if onion services version 3 (first version of prop224)
is enabled or not. If disabled, the tor daemon will not support the protocol
for all components such as relay, directory, service and client. If the
parameter is not found, it's enabled by default.

Closes #19899

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
d795ed5871 Make check-spaces happy :)
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
a8efd087bd test: Add prop224 directory fetch/upload unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
f59990f24d prop224: Directory support for v3 descriptor fetch
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
45a72356cb prop224: Directory support for v3 descriptor publishing
Closes #19205

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
1aeaba4906 test: Add prop224 directory cache unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
025610612d prop224: Directory cache support
This implements the proposal 224 directory descriptor cache store and lookup
functionalities. Furthermore, it merges the OOM call for the HSDir cache with
current protocol v2 and the new upcoming v3.

Add hs_cache.{c|h} with store/lookup API.

Closes #18572

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:31:35 -04:00
David Goulet
473f99bf7b test: Add prop224 descriptor unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:28 -04:00
David Goulet
cff1fd63f1 prop224: Descriptor decoding implementation
Closes #18571

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:28 -04:00
David Goulet
91b5d0789f prop224: Descriptor encoding implementation
Add hs_descriptor.{c|h} with the needed ABI to represent a descriptor and
needed component.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
02ad553ccd prop224: Add new cert type for hidden service
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
e8c12175fe Move token parsing code to parsecommon.{c|h}
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
David Goulet
8293356ad9 hs: Refactor rend_data_t for multi version support
In order to implement proposal 224, we need the data structure rend_data_t to
be able to accomodate versionning that is the current version of hidden
service (2) and the new version (3) and future version.

For that, we implement a series of accessors and a downcast function to get
the v2 data structure. rend_data_t becomes a top level generic place holder.

The entire rend_data_t API has been moved to hs_common.{c|h} in order to
seperate code that is shared from between HS versions and unshared code (in
rendcommon.c).

Closes #19024

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
Nick Mathewson
00bdd56b18 Only check cert expiry vs TIME_MAX when time_t is less than 64-bit
Fixes issue 20558 / CID 1375988.
2016-11-03 19:29:52 -04:00
Nick Mathewson
bd6aa4f3d1 Split a wide line 2016-11-03 19:12:18 -04:00
Nick Mathewson
e8624b72a8 Merge remote-tracking branch 'dgoulet/bug20526_030_01' 2016-11-03 19:09:42 -04:00
Nick Mathewson
0533d14213 Replace some assert(1)s with nonfatal_unreached_once().
These were probably supposed to be assert(0).
2016-11-03 16:06:53 -04:00
Nick Mathewson
272572c3a2 Merge branch 'maint-0.2.9' 2016-11-03 15:45:16 -04:00
Nick Mathewson
3cd520a52d Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:44:46 -04:00
Nick Mathewson
f0b86e30d0 Add assertion that cpath_layer==NULL on OR circ 2016-11-03 14:36:10 -04:00
Nick Mathewson
40487b0141 Merge remote-tracking branch 'dgoulet/bug20376_030_01' 2016-11-03 14:35:03 -04:00
Nick Mathewson
df2615d43d fix wide lines 2016-11-03 14:29:18 -04:00
Nick Mathewson
16e75587f6 Merge branch 'bug20527_030_01_squashed' 2016-11-03 14:23:47 -04:00
Ivan Markin
2f52faee03 hs: Escape service directories before printing them
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-03 14:23:37 -04:00
Nick Mathewson
b7a1e793e6 Declare a LINKAUTH subprotocol version for #15055 (ed link handshake)
Closes ticket 20552.
2016-11-03 10:01:40 -04:00
Nick Mathewson
32854aef28 whitespace fixes 2016-11-03 08:55:54 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
f156156d56 Audit use of tor_tls_cert_get_key().
This function is allowed to return NULL if the certified key isn't
RSA. But in a couple of places we were treating this as a bug or
internal error, and in one other place we weren't checking for it at
all!

Caught by Isis during code review for #15055.  The serious bug was
only on the 15055 branch, thank goodness.
2016-11-03 08:40:11 -04:00
Nick Mathewson
b978494ed9 Extract the common code in add_*_cert to a helper. 2016-11-03 08:40:11 -04:00
Isis Lovecruft
19abc2eae7 Mark some functions as needing documentation in src/or/routerkeys.c. 2016-11-03 08:40:10 -04:00
Isis Lovecruft
a53059c6a0 Document two additional functions in src/or/routerkeys.c.
Adds docstrings for generate_ed_link_cert() and should_make_new_ed_keys().
2016-11-03 08:40:10 -04:00
Nick Mathewson
805e97a433 Drop support for AUTHTYPE_RSA_SHA256_RFC5705 authentication.
This was a stopgap method, designed on the theory that some routers
might support it before they could support Ed25519.  But it looks
like everybody who supports RFC5705 will also have an Ed25519 key,
so there's not a lot of reason to have this even supported.
2016-11-03 08:40:10 -04:00
Nick Mathewson
5a2f70f86a Clean up comments, mark more branches as BUG. 2016-11-03 08:40:10 -04:00
Nick Mathewson
af2459f09e Unit tests for cert-chain-processing, including failed cases
Check out the coverage!
2016-11-03 08:40:10 -04:00
Nick Mathewson
a90a111a5f Label a few conditions in link authentication code as bugs. 2016-11-03 08:40:09 -04:00
Nick Mathewson
99af260acc For testing: function to construct (but not save) Ed keys and certs 2016-11-03 08:40:09 -04:00
Nick Mathewson
88c2a6b936 Send and receive AUTHENTICATE cells correctly with ED keys.
Includes updated test for authchallenge cells
2016-11-03 08:39:31 -04:00
Nick Mathewson
b4a5c77901 Verify ed25519 link handshake certificates
This code stores the ed certs as appropriate, and tries to check
them. The Ed25519 result is not yet used, and (because of its
behavior) this will break RSA authenticate cells.  That will get
fixed as we go, however.

This should implement 19157, but it needs tests, and it needs
to get wired in.
2016-11-03 08:39:28 -04:00
Nick Mathewson
99b3e54691 Add "Ed ID" arguments to a bunch of connection-ID-related fns.
In particular, these functions are the ones that set the identity of
a given connection or channel, and/or confirm that we have learned
said IDs.

There's a lot of stub code here: we don't actually need to use the
new keys till we start looking up connections/channels by Ed25519
IDs.  Still, we want to start passing the Ed25519 IDs in now, so it
makes sense to add these stubs as part of 15055.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0704fa8a63 Handle u32 overflow in ed25519 cert expiration time.
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.

Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:22 -04:00
Nick Mathewson
fae7060aea Fix a misfeature with the Ed cert expiration API
The batch-verification helper didn't expose the expiration time,
which made it pretty error-prone.

This closes ticket 15087.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0b4221f98d Make the current time an argument to x509 cert-checking functions
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e3c8253721 Add function to check RSA->Ed cross-certifications
Also, adjust signing approach to more closely match the signing
scheme in the proposal.

(The format doesn't quite match the format in the proposal, since
RSA signatures aren't fixed-length.)

Closes 19020.
2016-11-03 08:37:22 -04:00
Nick Mathewson
348b90a915 Refactor RSA certificate checking into its own function. 2016-11-03 08:37:22 -04:00
Nick Mathewson
e94f1b4e0d Free rsa_ed_crosscert at exit.
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
Nick Mathewson
e23389841c Migrate certificates into a sub-structure of or_handshake_state
This will help us do cert-checking in the background in the future,
perhaps.
2016-11-03 08:37:21 -04:00
Nick Mathewson
4ef42e7c52 Refactor ...compute_authenticate_cell_body() to return a var_cell_t.
This means we don't need to precompute the length.

Helps simplify the implementation of 19156.
2016-11-03 08:37:21 -04:00
Nick Mathewson
2bf6553949 Code to send correct authentication data when we are using AUTHTYPE>2
Implements the major part of 19156, except doesn't actually send the
new cell type yet.
2016-11-03 08:37:21 -04:00
Nick Mathewson
b004ff45d7 New authentication types to use RFC5705.
See proposal 244.  This feature lets us stop looking at the internals
of SSL objects, *and* should let us port better to more SSL libraries,
if they have RFC5705 support.

Preparatory for #19156
2016-11-03 08:37:20 -04:00
Nick Mathewson
fdd8f8df67 Send ed25519 certificates in certs cell, when we have them.
Implements 19155 (send CERTS cells correctly for Ed25519)

Also send RSA->Ed crosscert
2016-11-03 08:37:16 -04:00
Nick Mathewson
5205e95275 Refactor connection_or_send_certs_cell() to use trunnel
We no longer generate certs cells by pasting the certs together one
by one. Instead we use trunnel to generate them.

Preliminary work for 19155 (send CERTS cell with ed certs)
2016-11-03 08:35:40 -04:00
Nick Mathewson
986695fb74 When parsing certs cells, allow more certs types
Implements the parsing part of #19157
2016-11-03 08:35:36 -04:00
Ivan Markin
922bc45a56 hs: Added rend_service_is_ephemeral() and made related code use it
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-02 10:01:35 -04:00
teor
0ee9049e94
Use the latest options in rend_service_check_private_dir
Fixup on both:
* Refactor, adding a create argument... and
* Check every hidden service directory's permissions...
2016-11-02 14:55:14 +11:00
teor
1747f28861
Check every hidden service directory's permissions when configuring
Previously, we would only check the last hidden service directory.

Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
2016-11-02 14:32:04 +11:00
teor
2f48693663
Improve comments in check_private_dir and onion poisoning
Comment changes only
2016-11-02 14:11:26 +11:00
teor
a906ff88a3
fixup! Refactor, adding a create argument to rend_service_check_private_dir 2016-11-02 14:10:52 +11:00
teor
6c54181559
Remove redundant group permission code from rend_service_check_private_dir
check_private_dir already does this for existing directories.
2016-11-02 11:20:49 +11:00
teor
c9db775243
Refactor, adding a create argument to rend_service_check_private_dir
It used to be rend_service_check_and_create_private_dir, which always
created the directory.

No behaviour change.
2016-11-02 11:20:19 +11:00
Nick Mathewson
b2f82d45b7 Always call connection_ap_attach_pending() once a second.
Fixes bug 19969; bugfix on b1d56fc58.  We can fix this some more in
later Tors, but for now, this is probably the simplest fix possible.

This is a belt-and-suspenders fix, where the earlier fix ("Ask
event_base_loop to finish when we add a pending stream") aims to respond
to new streams as soon as they arrive, and this one aims to make sure
that we definitely respond to all of the streams.
2016-11-01 20:09:44 -04:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Roger Dingledine
28b755e660 refactor out the tor_event_base_loopexit() call
no actual changes
2016-11-01 19:52:54 -04:00
Nick Mathewson
cb35a7c271 Merge branch 'maint-0.2.9' 2016-11-01 13:05:45 -04:00
Nick Mathewson
733b245283 Merge remote-tracking branch 'teor/bug20472-029-v2' into maint-0.2.9 2016-11-01 13:05:33 -04:00
Nick Mathewson
59a78187cd Merge branch 'maint-0.2.9' 2016-10-31 15:20:45 -04:00
Nick Mathewson
24b7b922ae Actually free the worker_state_t object when we do an update with it
Previously we freed the old "keys" object, but leaked the
worker_state_t that we had taken it from.

Fixes bug 20401; bugfix on 0.2.6.3-alpha.
2016-10-31 15:20:25 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
Nick Mathewson
8841a9e396 Create single-onion-service directory before poisoning it, if needed
(Also, refactor the code to create a hidden service directory into a
separate funcion, so we don't have to duplicate it.)

Fixes bug 20484; bugfix on 0.2.9.3-alpha.
2016-10-31 14:54:20 -04:00
teor
3158777d35
Rename routerstatus_version_supports_ntor to *_supports_extend2_cells
This helps avoid the confusion that caused bug 20472.
Bugfix on commit 10aa913 from #19163 in tor-0.2.9.3-alpha.
2016-10-31 17:02:21 +11:00
teor
d81f2b5d81
Refactor circuit_pick_create_handshake
Make the structure of circuit_pick_create_handshake consistent with
circuit_pick_extend_handshake.

No behaviour change.
2016-10-31 17:01:33 +11:00
teor
26d7a07ad7
In circuit_pick_extend_handshake, assume all hops support EXTEND2 and ntor
This simplifies the function: if we have an ntor key, use ntor/EXTEND2,
otherwise, use TAP/EXTEND.

Bugfix on commit 10aa913 from 19163 in 0.2.9.3-alpha.
2016-10-31 17:01:04 +11:00
Nick Mathewson
ada75d5567 Fix bad warning when checking IP policies.
I had replaced a comment implying that a set of ifs was meant to be
exhaustive with an actual check for exhaustiveness.  It turns out,
they were exhaustive, but not in the way I had assumed. :(

Bug introduced in f3e158edf7, not in any released Tor.
2016-10-28 15:33:12 -04:00
Nick Mathewson
f3e158edf7 Comment the heck out of the stream/circuit attaching process. 2016-10-27 12:04:43 -04:00
David Goulet
70b9e79700 Slightly refactor and fix couple callsites
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-27 10:34:02 -04:00
Nick Mathewson
dc79504e2a Document main.c a lot better 2016-10-27 10:25:26 -04:00
Ivan Markin
23b878b875 Do assert when calling relay_send_command_from_edge() on OR-side circs 2016-10-27 10:19:06 -04:00
Ivan Markin
2d04946960 Do not mark circs for close again after relay_send_command_from_edge() 2016-10-27 10:19:04 -04:00
overcaffeinated
265d5446fa Automated change to use smartlist_add_strdup
Use the following coccinelle script to change uses of
smartlist_add(sl, tor_strdup(str)) to
smartlist_add_strdup(sl, string) (coccinelle script from nickm
via bug 20048):

@@
expression a;
expression b;
@@
- smartlist_add
+ smartlist_add_strdup
   (a,
- tor_strdup(
   b
- )
  )
2016-10-27 10:26:06 +01:00
Nick Mathewson
77d14b5f56 Small refactoring: explain G,M,E,D,T initialization 2016-10-26 16:39:59 -04:00
Matt Traudt
7ba0ae9426 Add consensus weight calculation tests 2016-10-26 16:37:16 -04:00
Matt Traudt
909ee0e55f Fix default bw weights with new consensus method
See #14881
2016-10-26 16:33:54 -04:00
Nick Mathewson
39375db3dc Merge remote-tracking branch 'pastly/ticket20459' 2016-10-26 16:22:06 -04:00
Nick Mathewson
5a1779b7ff Merge branch 'maint-0.2.9' 2016-10-26 14:17:21 -04:00
Nick Mathewson
d288704023 Avoid tor_fragile_assert() failure with DNSPort on RESOLVED_TYPE_ERROR
The tor_fragile_assert() bug has existed here since c8a5e2d588
in tor-0.2.1.7-alpha forever, but tor_fragile_assert() was mostly a
no-op until 0.2.9.1-alpha.

Fixes bug 19869.
2016-10-26 14:16:40 -04:00
Nick Mathewson
8a38d053a0 Continue the module documentation effort with circuitbuild and circuituse 2016-10-26 13:30:23 -04:00
Nick Mathewson
9c8dbcd0d6 More module documentation (circpathbias, circuitlist) 2016-10-26 12:38:50 -04:00
Nick Mathewson
a5f07a6c2a More module-level documentation. 2016-10-26 11:02:57 -04:00
Nick Mathewson
04b8af9dc0 Whitespace fixes 2016-10-26 08:39:04 -04:00
Nick Mathewson
8cc528c750 Allow asking a bridge's own descriptor over one-hop connection
When we refactored purpose_needs_anonymity(), we made it so _all_
bridge requests required anonymity.  But that missed the case
that we are allowed to ask a bridge for its own descriptor.

With this patch, we consider the resource, and allow "authority.z"
("your own descriptor, compressed") for a bridge's server descriptor
to be non-anonymous.

Fix for bug 20410; bug not in any released Tor.
2016-10-26 08:32:48 -04:00
Matt Traudt
c09993fdf6 Fix ewma_cmp_cmux never considering policies different 2016-10-25 10:07:05 -04:00
Nick Mathewson
01482e30ad Merge remote-tracking branch 'pastly/ticket20273' 2016-10-24 12:47:29 -04:00