Commit Graph

19124 Commits

Author SHA1 Message Date
Nick Mathewson
9455f45ae3 Add missing ed25519_ref10 headers to NOINST_HEADERS. 2014-09-29 10:10:08 -04:00
Nick Mathewson
18f2bfb8c3 Note when 13290 was introduced. 2014-09-29 09:50:27 -04:00
Nick Mathewson
2b1b1def46 Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero' 2014-09-29 09:48:02 -04:00
Nick Mathewson
ba7b6246b7 Note when 13291 was introduced. 2014-09-29 09:40:33 -04:00
Nick Mathewson
15b0bf0aad Whitespace fixes on 13291 fix 2014-09-29 09:39:21 -04:00
Nick Mathewson
0a985af072 Parenthesize macro arguments for 13291 fix 2014-09-29 09:38:50 -04:00
teor
b827a08284 Stop spawn test failures due to a race condition with SIGCHLD on process exit
When a spawned process forks, fails, then exits very quickly, (this
typically occurs when exec fails), there is a race condition between the
SIGCHLD handler updating the process_handle's fields, and checking the
process status in those fields. The update can occur before or after the
spawn tests check the process status.

We check whether the process is running or not running (rather than just
checking if it is running) to avoid this issue.
2014-09-29 09:37:53 -04:00
Nick Mathewson
11ebbf5e88 Merge branch 'bug12971_take2_squashed' 2014-09-29 09:18:03 -04:00
Nick Mathewson
fcebc8da95 Rename socks5 error code setting function again
I'd prefer not to use the name "send" for any function that doesn't
really send things.
2014-09-29 09:17:29 -04:00
rl1987
c5ad890904 Respond with 'Command not supported' SOCKS5 reply message upon reception of unsupported request. 2014-09-29 09:14:42 -04:00
Nick Mathewson
5e8cc766e6 Merge branch 'ticket961_squashed' 2014-09-29 09:05:18 -04:00
Nick Mathewson
f15e5aedbc Changes file for ticket 961 2014-09-29 09:05:11 -04:00
Nick Mathewson
4903ab1caa Avoid frequent strcmp() calls for AccountingRule
Generally, we don't like to parse the same thing over and over; it's
best IMO to do it once at the start of the code.
2014-09-29 09:05:11 -04:00
Nick Mathewson
8527a29966 Add an "AccountingRule" feature to permit limiting bw usage by read+write
Patch from "chobe".  Closes ticket 961.
2014-09-29 09:05:11 -04:00
Nick Mathewson
dc019b0654 Merge remote-tracking branch 'yawning/bug13213' 2014-09-29 08:57:19 -04:00
Nick Mathewson
56f92ca02d Merge remote-tracking branch 'rl1987/bug13228' 2014-09-29 08:55:17 -04:00
Nick Mathewson
b45bfba2ce Whitespace fixes 2014-09-29 08:48:22 -04:00
teor
4d0ad34a92 Avoid division by zero in circuitstats pareto
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing
by zero in the pareto calculations.

If either the alpha or p parameters are 0, we would divide by zero, yielding
an infinite result; which would be clamped to INT32_MAX anyway. So rather
than dividing by zero, we just skip the offending calculation(s), and
use INT32_MAX for the result.

Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-29 20:49:24 +10:00
teor
ffd92e8ef8 Stop test & bench build failures with --disable-curve25519
Ensure test & bench code that references curve25519 is disabled by the
appropriate macros. tor now builds with and without --disable-curve25519.
2014-09-29 12:19:04 +10:00
Nick Mathewson
47fab50cba Merge branch 'bug13280' 2014-09-28 21:01:14 -04:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
teor
b7eab94a90 Stop ed25519 8-bit signed left shift overflowing
Standardise usage in ge_scalarmult_base.c for 1 new fix.
2014-09-28 20:44:00 -04:00
Nick Mathewson
6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values
This helps us avoid undefined behavior. It's based on a patch from teor,
except that I wrote a perl script to regenerate the patch:

  #!/usr/bin/perl -p -w -i

  BEGIN { %vartypes = (); }

  if (/^[{}]/) {
      %vartypes = ();
  }

  if (/^ *crypto_int(\d+) +([a-zA-Z_][_a-zA-Z0-9]*)/) {
      $vartypes{$2} = $1;
  } elsif (/^ *(?:signed +)char +([a-zA-Z_][_a-zA-Z0-9]*)/) {
      $vartypes{$1} = '8';
  }

  # This fixes at most one shift per line. But that's all the code does.
  if (/([a-zA-Z_][a-zA-Z_0-9]*) *<< *(\d+)/) {
      $v = $1;
      if (exists $vartypes{$v}) {
  	s/$v *<< *(\d+)/SHL$vartypes{$v}($v,$1)/;
      }
  }

  # remove extra parenthesis
  s/\(SHL64\((.*)\)\)/SHL64\($1\)/;
  s/\(SHL32\((.*)\)\)/SHL32\($1\)/;
  s/\(SHL8\((.*)\)\)/SHL8\($1\)/;
2014-09-28 20:41:05 -04:00
teor
6b155dc1a6 Stop signed left shifts overflowing in ed25519: Macros
The macros let us use unsigned types for potentially overflowing left
shifts. Create SHL32() and SHL64() and SHL8() macros for convenience.
2014-09-28 20:38:12 -04:00
rl1987
f20c72f456 Improving error message. 2014-09-28 18:09:25 +03:00
Nick Mathewson
5190ec0bc4 Merge remote-tracking branch 'public/require_some_c99' 2014-09-26 11:06:41 -04:00
Nick Mathewson
6e7cbfc465 Avoid a "constant variable guards dead code" warning from coverity
Fixes CID 752028
2014-09-26 09:40:30 -04:00
Nick Mathewson
9fd6fbec28 Regenerate pwbox.c with the latest trunnel
This one should no longer generate dead-code warnings with coverity.
Fingers crossed?  This was CID 1241498
2014-09-26 09:33:24 -04:00
Nick Mathewson
27bd1ef100 Comment-out dead code in ed25519/ref10
There are some loops of the form

       for (i=1;i<1;++i) ...

And of course, if the loop index is initialized to 1, it will never
be less than 1, and the loop body will never be executed.  This
upsets coverity.

Patch fixes CID 1221543 and 1221542
2014-09-26 09:07:44 -04:00
Nick Mathewson
7c52a0555a Check key_len in secret_to_key_new()
This bug shouldn't be reachable so long as secret_to_key_len and
secret_to_key_make_specifier stay in sync, but we might screw up
someday.

Found by coverity; this is CID 1241500
2014-09-26 09:06:36 -04:00
Nick Mathewson
801f4d4384 Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.

[Yes, I used this commit message before, in 58e813d0fc.
Turns out, that fix wasn't right, since I didn't look up a
screen. :P ]
2014-09-26 08:58:15 -04:00
Nick Mathewson
4e87b97872 Fix on that last fix. 2014-09-25 17:59:10 -04:00
Nick Mathewson
9190468246 Fix warnings on 32-bit builds.
When size_t is the most memory you can have, make sure that things
referring to real parts of memory are size_t, not uint64_t or off_t.

But not on any released Tor.
2014-09-25 17:50:13 -04:00
Nick Mathewson
1c5d680b3d Merge branch 'ed25519_ref10_squashed'
Conflicts:
	src/common/include.am
	src/ext/README
2014-09-25 15:11:34 -04:00
Nick Mathewson
46cda485bc Comments and tweaks based on review by asn
Add some documentation

Rename "derive" -> "blind"

Check for failure on randombytes().
2014-09-25 15:08:32 -04:00
Nick Mathewson
6dbd451b9f Add benchmarks for ed25519 functions 2014-09-25 15:08:32 -04:00
Nick Mathewson
9b43a4a122 Add comments to ed25519_vectors.inc 2014-09-25 15:08:32 -04:00
Nick Mathewson
6981341764 Cut the time to run the python ed25519 tests by a factor of ~6
I know it's pointless to optimize them, but I just can't let them
spend all that time in expmod() when native python pow() does the same
thing.
2014-09-25 15:08:32 -04:00
Nick Mathewson
7ca470e13c Add a reference implementation of our ed25519 modifications
Also, use it to generate test vectors, and add those test vectors
to test_crypto.c

This is based on ed25519.py from the ed25519 webpage; the kludgy hacks
are my own.
2014-09-25 15:08:32 -04:00
Nick Mathewson
d10e1bdec4 Add the pure-python ed25519 implementation, for testing. 2014-09-25 15:08:31 -04:00
Nick Mathewson
f0eb7ae79f More documentation for ed25519 stuff. 2014-09-25 15:08:31 -04:00
Nick Mathewson
1d3b33e1ed Fix linux compilation of ed25519_ref10
Our integer-definition headers apparently suck in a definition for
select(2), which interferes with the select() in ge_scalarmult_base.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
25b1a32ef8 Draft implementation for ed25519 key blinding, as in prop224
This implementation allows somebody to add a blinding factor to a
secret key, and a corresponding blinding factor to the public key.

Robert Ransom came up with this idea, I believe.  Nick Hopper proved a
scheme like this secure.  The bugs are my own.
2014-09-25 15:08:31 -04:00
Nick Mathewson
4caa6fad4c Add curve25519->ed25519 key conversion per proposal 228
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key.  But how can we sign something with a key that
is only for doing Diffie-Hellman?  By converting it to the
corresponding ed25519 point.

See the ALL-CAPS warning in the documentation.  According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.

(Unit tests included.  What kind of a monster do you take me for?)
2014-09-25 15:08:31 -04:00
Nick Mathewson
ed48b0fe56 Support for writing ed25519 public/private components to disk.
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
c75e275574 Add encode/decode functions for ed25519 public keys 2014-09-25 15:08:31 -04:00
Nick Mathewson
22760c4899 Restore the operation of extra_strong in ed25519_secret_key_generate 2014-09-25 15:08:31 -04:00
Nick Mathewson
006e6d3b6f Another ed25519 tweak: store secret keys in expanded format
This will be needed/helpful for the key blinding of prop224, I
believe.
2014-09-25 15:08:31 -04:00
Nick Mathewson
9e43ee5b4c Fix API for ed25519_ref10_open()
This is another case where DJB likes sticking the whole signature
prepended to the message, and I don't think that's the hottest idea.

The unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e0097a8839 Tweak ed25519 ref10 signing interface to use less space.
Unit tests still pass.
2014-09-25 15:08:31 -04:00