Commit Graph

29812 Commits

Author SHA1 Message Date
Suphanat Chunhapanya
5e1d36c7db bug: Use PATH_SEPARATOR instead of slash
In function get_fname_suffix, previously it uses /, but in fact it
should use PATH_SEPARATOR.
2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
69fb25b0f6 test: HS v3 descriptor decoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fd6bec923c test: HS v3 descriptor encoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
0dab4ac2dd test: HS v3 building a descriptor with client auth
This commit tests that the descriptor building result, when the client
authorization is enabled, includes everything that is needed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:07 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
Nick Mathewson
6c0c08bbb5 Expand the comments on ASN.1-encoded TAP keys 2018-08-29 15:04:54 -04:00
Nick Mathewson
7f1895c39a Changes for 27246 2018-08-29 15:02:59 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Nick Mathewson
810152b20f Merge branch 'maint-0.3.4' 2018-08-29 11:17:31 -04:00
Nick Mathewson
0ea622aa3a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-29 11:17:31 -04:00
Nick Mathewson
a28c14aad5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-29 11:17:31 -04:00
Nick Mathewson
b40f9967fa Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-29 11:17:31 -04:00
Nick Mathewson
3d7a705d3a Merge remote-tracking branch 'onionk/prototest1' 2018-08-28 21:32:46 -04:00
teor
541b89b061
Test: avoid spurious failures in make test-network-all
Before running make test-network-all, delete old logs and test result
files, to avoid spurious failures.

Fixes bug 27295; bugfix on 0.2.7.3-rc.
2018-08-29 10:47:20 +10:00
teor
3e298633ca
Test: consistently use $(TEST_NETWORK_ALL_LOG_DIR) in Makefile.am
Part of 27295.
2018-08-29 10:47:05 +10:00
Roger Dingledine
721763126e fix man page issue noticed during #26367 review
and fix two other nearby issues while i'm there
2018-08-28 16:28:45 -04:00
Nick Mathewson
b4b8fa4899 Set the file encoding in checkIncludes.py with Python3 2018-08-28 16:25:54 -04:00
Roger Dingledine
6da8c6e9a5 make a comment more right
(from #20874 fix)
2018-08-28 16:13:58 -04:00
Nick Mathewson
76843639e5 Merge remote-tracking branch 'teor/bug22747' 2018-08-28 16:12:01 -04:00
Nick Mathewson
b26db5dddb Merge remote-tracking branch 'onionk/connection-comments1' 2018-08-28 16:07:46 -04:00
Nick Mathewson
48632455a5 Merge branch 'bug26367_035_01' 2018-08-28 16:02:04 -04:00
David Goulet
8f13c3d3ed hs: Remove rend_client_non_anonymous_mode_enabled
The removal of Tor2Web made this function useless.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
f661d856fd hs: Remove rend_client_allow_non_anonymous_connection
By removing Tor2Web, there is no way a client can be non anonymous so we
remove that function and the callsites.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
67cd67611c circ: Remove useless param from cannibalization function
Because we just removed Tor2web support, the need_specific_rp is not needed
anymore when cannibalizing a circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
4976eca826 hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html

Close #26367

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
Nick Mathewson
b1d32a9223 Merge remote-tracking branch 'dgoulet/ticket27215_035_01' 2018-08-28 16:00:45 -04:00
David Goulet
4e2dcda092 fixup! hs: Change default version from 2 to 3 2018-08-28 15:58:28 -04:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
2bc4c55d7d Merge remote-tracking branch 'tor-github/pr/245' 2018-08-28 15:44:06 -04:00
Nick Mathewson
82d758afa8 Merge remote-tracking branch 'tor-github/pr/279' 2018-08-28 15:24:30 -04:00
Nick Mathewson
3b960df4f9 Merge branch 'bug26896_034' 2018-08-28 12:35:50 -04:00