Nick Mathewson
1d3b33e1ed
Fix linux compilation of ed25519_ref10
...
Our integer-definition headers apparently suck in a definition for
select(2), which interferes with the select() in ge_scalarmult_base.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
25b1a32ef8
Draft implementation for ed25519 key blinding, as in prop224
...
This implementation allows somebody to add a blinding factor to a
secret key, and a corresponding blinding factor to the public key.
Robert Ransom came up with this idea, I believe. Nick Hopper proved a
scheme like this secure. The bugs are my own.
2014-09-25 15:08:31 -04:00
Nick Mathewson
4caa6fad4c
Add curve25519->ed25519 key conversion per proposal 228
...
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key. But how can we sign something with a key that
is only for doing Diffie-Hellman? By converting it to the
corresponding ed25519 point.
See the ALL-CAPS warning in the documentation. According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.
(Unit tests included. What kind of a monster do you take me for?)
2014-09-25 15:08:31 -04:00
Nick Mathewson
ed48b0fe56
Support for writing ed25519 public/private components to disk.
...
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
c75e275574
Add encode/decode functions for ed25519 public keys
2014-09-25 15:08:31 -04:00
Nick Mathewson
22760c4899
Restore the operation of extra_strong in ed25519_secret_key_generate
2014-09-25 15:08:31 -04:00
Nick Mathewson
006e6d3b6f
Another ed25519 tweak: store secret keys in expanded format
...
This will be needed/helpful for the key blinding of prop224, I
believe.
2014-09-25 15:08:31 -04:00
Nick Mathewson
9e43ee5b4c
Fix API for ed25519_ref10_open()
...
This is another case where DJB likes sticking the whole signature
prepended to the message, and I don't think that's the hottest idea.
The unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e0097a8839
Tweak ed25519 ref10 signing interface to use less space.
...
Unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e5a1cf9937
Tweak ref10 keygen APIs to be more sane.
2014-09-25 15:08:30 -04:00
Nick Mathewson
87ba033cd5
Add Ed25519 support, wrappers, and tests.
...
Taken from earlier ed25519 branch based on floodyberry's
ed25519-donna. Tweaked so that it applies to ref10 instead.
2014-09-25 15:08:20 -04:00
Nick Mathewson
50d15e06b3
Use --require-version to prevent running trunnel pre-1.2
...
(Also, regenerate trunnel stuff with trunnel 1.2. This just adds a
few comments to our output.)
2014-09-25 14:49:00 -04:00
Nick Mathewson
d303d6244e
Have the run_trunnel.sh script tell trunnel to update src/ext/trunnel too
2014-09-25 13:16:35 -04:00
Nick Mathewson
1b13139709
Add a script to run trunnel on the trunnel files.
...
Also, re-run the latest trunnel.
Closes ticket 13242
2014-09-25 12:32:08 -04:00
Nick Mathewson
36700ee99e
Mention trunnel in LICENSE and src/ext/README
2014-09-25 12:03:46 -04:00
Nick Mathewson
764e008092
Merge branch 'libscrypt_trunnel_squashed'
...
Conflicts:
src/test/test_crypto.c
2014-09-25 12:03:41 -04:00
Nick Mathewson
c433736734
Add tests for failing cases of crypto_pwbox
2014-09-25 11:58:14 -04:00
Nick Mathewson
3b7d0ed08e
Use trunnel for crypto_pwbox encoding/decoding.
...
This reduces the likelihood that I have made any exploitable errors
in the encoding/decoding.
This commit also imports the trunnel runtime source into Tor.
2014-09-25 11:58:14 -04:00
Nick Mathewson
3011149401
Adjust pwbox format: use a random IV each time
...
Suggested by yawning
2014-09-25 11:58:14 -04:00
Nick Mathewson
d0f5d2b662
Test a full array of s2k flags with pwbox test.
...
Suggested by yawning.
2014-09-25 11:58:14 -04:00
Nick Mathewson
05a6439f1f
Use preferred key-expansion means for pbkdf2, scrypt.
...
Use HKDF for RFC2440 s2k only.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8d84f3af7b
Test vectors for PBKDF2 from RFC6070
2014-09-25 11:58:13 -04:00
Nick Mathewson
b59d0dae14
Test vectors for scrypt from draft-josefsson-scrypt-kdf-00
2014-09-25 11:58:13 -04:00
Nick Mathewson
2b2cab4141
Tweak and expose secret_to_key_compute_key for testing
...
Doing this lets me pass in a salt of an unusual length.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8184839a47
Rudimentary-but-sufficient passphrase-encrypted box code.
...
See crypto_pwbox.c for a description of the file format.
There are tests for successful operation, but it still needs
error-case tests.
2014-09-25 11:58:13 -04:00
Nick Mathewson
e84e1c9745
More generic passphrase hashing code, including scrypt support
...
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.
Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Nick Mathewson
b0767e85b8
Tell autoconf to make the compiler act as c99
...
Apparently some compilers want extra switches.
2014-09-25 11:36:28 -04:00
Nick Mathewson
0ca8387246
Tweak address.c to use a little c99 syntax
...
Since address.c is the first file to get compiled, let's have it use
a little judicious c99 in order to catch broken compilers that
somehow make it past our autoconf tests.
2014-09-25 11:22:02 -04:00
Nick Mathewson
7f5103ec59
Require two c99 features (midblock decls, designated initializers)
...
c99 lets us do neat stuff like:
{
int j, k;
foo(&j, &k);
int z = j + k;
}
and also
struct point { int x; int y; };
struct point pt = { .x=5, .y=5 };
This commit makes the configure scripts check to make sure your
compiler implements them. It also disables our longstanding warning
about midblock declarations.
Closes ticket 13233.
2014-09-25 11:20:04 -04:00
Yawning Angel
fa60a64088
Do not launch pluggable transport plugins when DisableNetwork is set.
...
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
2014-09-24 09:39:15 +00:00
Roger Dingledine
ecab261641
two more typos
2014-09-23 18:30:02 -04:00
Nick Mathewson
6523eff9b3
Send long URLs when requesting ordinary server descriptors too.
2014-09-23 13:04:22 -04:00
Nick Mathewson
055ad9c5fb
fixup! Send more descriptor requests per attempt when using tunneled connections
...
Limit the number of simultaneous connections to a single router for
server descriptors too.
2014-09-23 12:57:10 -04:00
Nick Mathewson
0fdfdae7e3
fixup! Refactor initiate_descriptor_downloads() to be safer
...
Calculate digest_len correctly.
Also, refactor setting of initial variables to look a little nicer.
2014-09-23 12:56:16 -04:00
Nick Mathewson
55b21b366c
fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
...
Document n_busy_out, and set it correctly when we goto retry_without_exclude.
2014-09-23 12:47:39 -04:00
Nick Mathewson
482e3cfa09
fixup! Unit tests for router download functions.
...
Fix compilation warnings
2014-09-23 12:38:43 -04:00
Nick Mathewson
02464694b2
fixup! Send more descriptor requests per attempt when using tunneled connections
...
Compilation fixes
2014-09-23 12:34:51 -04:00
Nick Mathewson
06bda50600
fixup! Download microdescriptors if you're a cache
2014-09-23 12:32:02 -04:00
Nick Mathewson
cae0e7b06b
fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
...
Clean up comments on PDS_NO_EXISTING_*
2014-09-23 12:30:47 -04:00
Arlo Breault
bb137e23c1
Unit tests for router download functions.
...
Also, sort test suites alphabetically.
2014-09-23 12:23:18 -04:00
Arlo Breault
5ed5ac185b
Send more descriptor requests per attempt when using tunneled connections
2014-09-23 12:22:28 -04:00
Arlo Breault
21d5dbd474
Refactor initiate_descriptor_downloads() to be safer
...
(It's smarter to use asprintf and join than character pointers and a
long buffer.)
2014-09-23 12:21:08 -04:00
Arlo Breault
29f15a97ed
Make router_pick_directory_server respect PDS_NO_EXISTING_*
2014-09-23 12:19:15 -04:00
Arlo Breault
f752093e16
Re-enable last resort attempt to get via tor.
...
This looks like a bug introduced in
af658b7828
.
2014-09-23 12:15:10 -04:00
Arlo Breault
f591a4d94c
Remove a needless if (1)
2014-09-23 12:14:41 -04:00
Arlo Breault
c00b397992
Split dirinfo_type_t computation into a new function
2014-09-23 12:12:57 -04:00
Arlo Breault
2e16856665
Fix a comment typo.
2014-09-23 12:11:06 -04:00
Roger Dingledine
1987157d0c
+ is not how we say concatenate
2014-09-22 20:09:03 -04:00
Nick Mathewson
e6150c7fc0
Merge remote-tracking branch 'public/bug12693_025'
2014-09-22 14:45:38 -04:00
Nick Mathewson
2b3822d2da
Merge branch 'master' of git-rw.torproject.org:/tor
2014-09-22 14:35:14 -04:00