Commit Graph

14469 Commits

Author SHA1 Message Date
Nick Mathewson
ab166fe68f Try to improve the keypinning-failure message even more 2017-08-28 11:35:30 -04:00
Nick Mathewson
4b4b3afb56 Merge branch 'bug22802_squashed' 2017-08-28 10:23:05 -04:00
Nick Mathewson
e37c1df9cd Don't use "0" as a "base" argument to tor_parse_*().
Telling these functions to autodetect the numeric base has lead to
trouble in the past.

Fixes bug 22469. Bugfix on 0.2.2.various.
2017-08-28 10:21:29 -04:00
Nick Mathewson
8de4a80125 Fix unlikely memory leak introduced in 418f3d6298
This is CID 1416880; bug not in any released Tor.
2017-08-28 10:08:52 -04:00
Nick Mathewson
b27c029266 Merge remote-tracking branch 'asn/bug23335' 2017-08-28 10:05:21 -04:00
George Kadianakis
93a0a4a422 prop224: Fix length check when purging hidserv requests.
That check was wrong:

a) We should be making sure that the size of `key` is big enough before
   proceeding, since that's the buffer that we would overread with the
   tor_memeq() below.

   The old check used to check that `req_key_str` is big enough which is
   not right, since we won't read deep into that buffer.

   The new check makes sure that `key` has enough size to survive the
   tor_memeq(), and if not it moves to the next element of the strmap.

b) That check shouldn't be a BUG since that strmap contains
   variable-sized elements and we should not be bugging out if we happen
   to compare a small sized element (v2) to a bigger one (v3).
2017-08-28 16:34:16 +03:00
George Kadianakis
b1cb16867e Fix compilation warning on old clangs. 2017-08-28 15:00:09 +03:00
George Kadianakis
ad56a342b4 Silence some leftover warnings. 2017-08-28 14:54:36 +03:00
David Goulet
e8c584176b hs: Note the connection attempt if descriptor is unusable
This way, we can clear off the directory requests from our cache and thus
allow the next client to query those HSDir again at the next SOCKS connection.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-25 13:39:40 -04:00
David Goulet
11443bb74c hs: Implement note_connection_attempt_succeeded()
v3 client now cleans up the HSDir request cache when a connection to a service
was successful.

Closes #23308

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-25 13:23:55 -04:00
Nick Mathewson
96aed28f14 New GETINFO target to check if geoip is loaded
Closes ticket 23237.
2017-08-25 12:25:05 -04:00
Nick Mathewson
b91dce9454 Merge branch 'maint-0.3.1' 2017-08-25 11:39:38 -04:00
Nick Mathewson
6069c829f9 Merge branch 'bug19418_029' into maint-0.3.1 2017-08-25 11:38:24 -04:00
Nick Mathewson
0de3147bf1 fix wide lines 2017-08-25 11:34:42 -04:00
Nick Mathewson
82b581f3fc Merge remote-tracking branch 'asn/bug23309_v2' 2017-08-25 11:31:53 -04:00
George Kadianakis
6d48e75685 prop224: Better missing hsdir index logs.
Seems like hsdir index bugs are around to haunt us. Let's improve the
log messages to make debugging easier.
2017-08-25 17:18:05 +03:00
George Kadianakis
ea5af8f442 prop224: When HUPing, move HS state from old to new service.
We used to not copy the state which means that after HUP we would forget
if we are in overlap mode or not. That caused bugs where the service
would enter overlap mode twice, and rotate its descs twice, causing all
sorts of bugs.
2017-08-25 17:18:05 +03:00
George Kadianakis
409ecbec52 prop224: Be more careful to not overwrite descriptors in HUP. 2017-08-25 17:18:05 +03:00
George Kadianakis
17fd2c8a51 prop224: Move function move_descriptors() around.
We want to use some static functions so move it below them.
2017-08-25 17:18:05 +03:00
David Goulet
a9fb97e91a prop224: Don't move intro points but rather descriptors
Apart from the fact that a newly allocated service doesn't have descriptors
thus the move condition can never be true, the service needs the descriptor
signing key to cross-certify the authentication key of each intro point so we
need to move the descriptors between services and not only the intro points.

Fixes #23056

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-25 17:18:05 +03:00
David Goulet
2549b3e923 sandbox: Fix double free when initializing HSv3 filenames
Don't free a reference that has been stolen.

Fixes #23329

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-25 09:28:10 -04:00
George Kadianakis
e07b677bd9 prop224: Move service_desc_hsdirs_changed() and make it static.
That function could be static but needed to be moved to the top.
2017-08-25 14:41:06 +03:00
George Kadianakis
c980be9511 prop224: Refactor descriptor reupload logic.
We refactor the descriptor reupload logic to be similar to the v2 logic
where we update a global 'consider_republishing_rend_descriptors' flag
and then we use that to check for hash ring changes during the global
hidden service callbacks.

This fixes bugs where we would inspect the hash ring immediately as we
receive new dirinfo (e.g. consensus) but before running the hidden
service housekeeping events. That was leaving us in an inconsistent
state wrt hsdir indices and causing bugs all around.
2017-08-25 14:41:06 +03:00
George Kadianakis
8b8e39e04b prop224: Refactor descriptor rotation logic.
The problem was that when we went from overlap mode to non-overlap mode,
we were not wiping the 'desc_next' descriptor and instead we left it on
the service. This meant that all functions that iterated service
descriptors were also inspecting the useless 'desc_next' descriptor that
should have been deleted.

This commit refactors rotate_all_descriptors() so that it rotates
descriptor both when entering overlap mode and also when leaving it.
2017-08-25 14:41:06 +03:00
Nick Mathewson
408ed52e3d Remove the AUTHDIR_NEWDESCS feature: nobody is using it any more
If somebody asks for it, log a warning.

Closes ticket 22377.
2017-08-24 16:53:35 -04:00
David Goulet
dfaa5c65f9 test: Fix memory leak in hs_descriptor/decode_bad_signature
Fixes #23319

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 16:21:44 -04:00
Nick Mathewson
067a4422fe Apply ahf's ceil_div.cocci patch. 2017-08-24 15:33:27 -04:00
Nick Mathewson
91c6bc160b Merge remote-tracking branch 'dgoulet/ticket17242_032_03-squashed' 2017-08-24 15:12:16 -04:00
George Kadianakis
dc0264f659 Silence some spammy log messages. 2017-08-24 13:03:29 -04:00
David Goulet
e546ac6b32 circuit: Consider v3 hidden service circuit in circuit_expire_building()
For a ready v3 rendezvous circuit, consider it so we don't expire.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:29 -04:00
David Goulet
a112562544 hs: Update intro circuit timestamp when re-extending
A client can re-extend up to 3 intro points on the same circuit. This happens
when we get NACKed by the intro point for which we choose a new intro and
re-extend the circuit to it.

That process can be arbitrarly long so reset the dirty timestamp of the
circuit everytime we choose to re-extend so we get a bit more time to actually
do our introduction.

This is a client circuit so it is short live once opened thus giving us a bit
more time to complete the introduction is ok.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:29 -04:00
David Goulet
1077e9894c circuit: Avoid needless log info in circuit_get_best()
When looking for an introduction circuit in circuit_get_best(), we log an info
message if we are about to launch a new intro circuit in parallel. However,
the condition was considering marked for close circuit leading to the function
triggering the log info even though there is actually no valid intro circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:29 -04:00
David Goulet
dca105d588 prop224: Register RP circuit when it opens
Only register the RP circuit when it opens and not when we send the INTRODUCE1
cell else, when re-extending to a new IP, we would register the same RP
circuit with the same cookie twice leading to the circuit being closed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:29 -04:00
David Goulet
954f663831 prop224: Try to recover from a bad intro circuit
Changed the assert_intro_circ_ok() to an almost non fatal function so tor can
recover properly. We keep the anonymity assert because if that is not right,
we have much deeper problems and client should stop sending bytes to the
network immediately.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
5f94c4a0f1 prop224: Refactor how we use connection_ap_handle_onion
Simply directly return its returned value.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
98efb646fc hs: Remove unused rend_client_rendezvous_acked()
This function has been replaced by hs_client_receive_rendezvous_acked(() doing
the same exact thing for both v2 and v3 service.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
a16627db1f prop224: Add a function to find an intro point by legacy ID
The client needs to find the right intro point object from the circuit
identity digest it is opened to. This new function does that.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
7c543412fc prop224: Add a function to clear INTRO data
New function named hs_cell_introduce1_data_clear() is introduced to clear off
an hs_cell_introduce1_data_t object.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
cb462b95b7 prop224: Rename hs_desc_encode_lspec()
Give it a name that shows the transition from a descriptor link spec to a
trunnel link spec.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
61009d40d1 hs: Stub link_specifier_t in hs_descriptor.h
Avoid including a huge trunnel interface everytime we include hs_descriptor.h

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
e046e6fb48 prop224: Update OOM counters when storing a client descriptor cache object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
68887fdc5d prop224: Update OOM counters when freeing a client descriptor cache object
When we free a client descriptor cache object, tell the OOM handler.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
47672ec1c7 prop224: Check decoded descriptor matches the expected blinded key
When a client decodes a descriptor, make sure it matches the expected blinded
key which is derived from the hidden service identity key.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
31da3898e7 prop224: Add directory_request_fetch_set_hs_ident()
Needed by the client when fetching a descriptor. This function checks the
directory purpose and hard assert if it is not for fetching.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
a64ef7d6c5 prop224: Implement hs_client_any_intro_points_usable()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
14b858c4ce prop224: Use the intro point state cache
This commit makes the client use the intro point state cache. It notes down
when we get a NACK from the intro point and then uses that cache to decide if
it should either close the circuits or re-extend to a new intro point.

This also introduces a very useful function that checks if an intro point is
usable that is query the state cache and checks a series of requirement.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
2671399e67 prop224: Add a client intro point state cache
This cache keeps track of the state of intro points which is needed when we
have failures when using them. It is similar to the failure cache of the
legacy system.

At this commit, it is unused but initialized, cleanup and freed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
88b843608a prop224: Move and refactor rend_client_reextend_intro_circuit()
This moves it to hs_client.c so it can be used by both system (legacy and
prop224). For now, only the legacy system uses it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
88f64eee68 hs: Update the IP failure cache only if legacy
Don't assert() on rend_data when closing circuits to report an IP failure. The
prop224 code doesn't have yet the support for this.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
379ad6f6eb prop224: Use the client-side circuitmap in hs_client.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
3152c583af prop224: Add client-side rend circuit support to HS circuitmap
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
e67f8623f9 hs: Only note a connection attempt with a valid rend_data
For now, prop224 doesn't have a mechanism to note down connection attempts so
we only do it for legacy system using rend_data.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
9af3116306 prop224: Handle RENDEZVOUS2 cell
The client can now handle RENDEZVOUS2 cell when they arrive. This consolidate
both hidden service version in one function.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
ee15c16742 prop224: Parse RENDEZVOUS2 cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
fca2f64e2f prop224: Handle INTRODUCE_ACK cell
The client is now able to handle an INTRODUCE_ACK cell and do the appropriate
actions.

An intro point failure cache is missing and a way to close all intro point
that were launched in parallel. Some notes are in the comment for that.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
cb336a7062 prop224: Parse INTRODUCE_ACK cell
Add a function to parse an INTRODUCE_ACK cell in hs_cell.c. Furthermore, add
an enum that lists all possible expected status code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
e7c06e6947 prop224: Make client send INTRODUCE1 cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
abb840bf64 prop224: Client function to pick intro point
From an edge connection object, add a function that randomly pick an
introduction point for the requested service.

This follows the code design of rend_client_get_random_intro() and returns an
extend_info_t object ready to be used to extend to.

At this commit, it is not used yet.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
c38144bb0f prop224: Client callback when descriptor has arrived
When a descriptor fetch has completed and it has been successfully stored in
the client cache, this callback will take appropriate actions to attach
streams and/or launch neede circuits to connect to the service.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
89eb96c19a prop224: Handle client RENDEZVOUS_ESTABLISHED cell
Client now handles a RENDEZVOUS_ESTABLISHED cell when it arrives on the
rendezvous circuit. This new function applies for both the legacy system and
prop224.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
b91693f7c3 prop224: Build ESTABLISH_RENDEZVOUS cell and logic
Add a function to build the cell.

Add a the logic to send the cell when the rendezvous circuit opens.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
6eb125d14b prop224: Client has opened circuit logic
Make a single entry point for the entire HS subsystem when a client circuit
opens (every HS version).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
d599325b5e prop224: Build INTRODUCE1 cell and send logic
Add a function in hs_cell.{c|h} for a client to build an INTRODUCE1 cell using
an object that contains all the needed keys to do so.

Add an entry point in hs_client.c that allows a tor client to send an
INTRODUCE1 cell on a given introduction circuit.

It includes the building of the cell, sending it and the setup of the
rendezvous circuit with the circuit identifier.

The entry point function is still unused at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
8a552bf49b prop224: Make lspecs to extend info public
The hs circuit file had this function that takes a list of link specifiers and
return a newly allocated extend info object. Make it public so the client side
can also use it to be able to extend to introduction point.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
8e2854372d prop224: Helper function to assert on invalid client intro circuit
Put all the possible assert() we can do on a client introduction circuit in
one helper function to make sure it is valid and usable.

It is disabled for now so gcc doesn't complain that we have a unused function.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
b13ee8e4ae hs: Move link specifier encoding to a function
This commit only moves code into a function. The client code will need a way
to take a bunch of descriptor link specifier object and encode them into link
specifiers objects.

Make this a public function so it can be used outside of hs_descriptor.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
6222eae8ca conn: Add a function to return a list of connection by state
This will be useful to the hidden service subsystem that needs to go over all
connections of a certain state to attach them to a hidden service circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
6eb9de1b8c test: Add tests for fetching descs and handling SOCKS conns.
- Add tests that ensure that SOCKS requests for v2/v3 addresses get
  intercepted and handled.

- Add test that stores and lookups an HS descriptor in the client-side cache.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
79ff2e014f hs: Fix comment of the get max size descriptor function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
b2a820958e prop224: Rename hs_client_note_connection_attempt_succeeded()
This is a static function so don't polute the hs_client_ namespace.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
343af1a9cf prop224: Add the dir purpose HAS_FETCHED
Once a descriptor has been successfully downloaded from an HSDir, we flag the
directory connection to "has fetched descriptor" so the connection subsystem
doesn't trigger a new fetch on success.

Same has DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 but for prop224.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
f93b77a18c prop224: Add client code to handle fetched HS descriptors.
This code handles received HS descriptors by storing them in the
client-side HS cache.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
ebacf4dd6e prop224: Introduce v2/v3 HS desc fetch retry functionality.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
776e796d96 prop224: Connect to v3 services in connection_ap_handle_onion().
Recognize and handle v3 addresses.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
c754864cfd prop224: Add code that launches v3 HS desc fetches.
Entry point is hs_client_refetch_v3_renddesc().

Will be used in subsequent commits.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
0f6633abb2 prop224: Refactor pick_hsdir() to be used by both v2 and v3.
Also refactor rendclient.c to use the new hs_pick_hdsir() func.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
5c9cd912ee prop224: Refactor rendclient.c to use the new hsdir_req code.
- Also add tests for the hidserv_req subsystem.
- Introduce purge_v2_hidserv_req() wrapper to simplify v2 code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
15c9b7e891 prop224: Fix hidserv request code to work for both v2 and v3.
See documentation of `last_hid_serv_requests_` for how it works. strmaps are
cool!

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
912c11761c prop224: Move some rendclient.c code to hs_common.c
Specifically move the pick_hsdir() function and all the HSDir request tracking
code. We plan to use all that code both for v2 and v3.

This commit only moves code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:27 -04:00
George Kadianakis
7aef3ec0fd prop224: Add client-side HS descriptor cache.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:27 -04:00
Nick Mathewson
b5c5086aba Merge branch 'bug23106_032' 2017-08-24 09:45:03 -04:00
Nick Mathewson
35a29e81ae Merge branch 'bug19281_025' 2017-08-24 09:27:26 -04:00
Nick Mathewson
d37e8b407a Merge branch 'feature22976_squashed' 2017-08-24 09:23:43 -04:00
Nick Mathewson
a0bb1ff6ab Also disable spawning on Sandbox.
This isn't a functional change, but it makes our logic more clear,
and catches bugs earlier.
2017-08-24 09:23:32 -04:00
Nick Mathewson
f4f828640f Merge branch 'bug22779_031' 2017-08-24 09:18:39 -04:00
Nick Mathewson
18f3f1ffa3 add parenthesis to make cast work right. 2017-08-23 13:12:58 -04:00
Nick Mathewson
86ee35ad5b Don't do expensive consensus stuff when not a cache.
This includes generating and storing compressed consensuses, and
consensus diffs.  Fixes bug 23275; bugfix on 0.3.1.1-alpha.
2017-08-23 10:22:51 -04:00
Nick Mathewson
80d3887360 Refactor node lookup APIs to take flags
Right now there's a single warn_if_unnamed flag for
router_get_consensus_status_by_nickname() and
node_get_by_nickname(), that is nearly always 1.  I've turned it
into an 'unsigned' bitfield, and inverted its sense.  I've added the
flags argument to node_get_by_hex_id() too, though it does nothing
there right now.

I've removed the router_get_consensus_status_by_nickname() function,
since it was only used in once place.

This patch changes the warning behavior of GETINFO ns/name/<name>,
since all other name lookups from the controller currently warn.

Later I'm going to add more flags, for ed25519 support.
2017-08-22 19:13:40 -04:00
Nick Mathewson
d7a3e336ee Remove some support for nickname-based hexdigests
We once used $X=N to mean "A relay with RSA ID digest X with the
Named flag and the nickname N."  But authorities no longer assign
the Named flag.
2017-08-22 18:47:57 -04:00
Ties Stuij
2e99f839e9 22839: Build tor with rust enabled on win
- make tor_util static library name configurable
- fix Rust libary dependency order for Windows
2017-08-21 15:08:24 -04:00
Nick Mathewson
6f3208670a Merge branch 'maint-0.3.1' 2017-08-21 14:20:38 -04:00
George Kadianakis
1491c0d024 Fix triggerable BUG() when decoding hsv3 descriptors.
Also improve the unittest to make sure it catches the right error.
2017-08-21 19:16:45 +03:00
George Kadianakis
45732a1a13 Add unittest for #23233.
This will fail currently since the bug is not fixed yet.
2017-08-21 19:16:30 +03:00
George Kadianakis
5d89ea1e6c prop224: Decouple the HS part of connection_ap_handshake_rewrite_and_attach().
We will need to edit this function, and it's already pretty huge. Let's make
it a bit smaller.

This commit moves code, fixes a 80 char line and add two lines at the start to
make it compile. Trivial change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-19 16:42:26 +03:00
George Kadianakis
bce18a7642 prop224: Refactor parse_extended_hostname() to parse v3 addrs.
We need this func so that we recognize SOCKS conns to v3 addresses.

- Also rename rend_valid_service_id() to rend_valid_v2_service_id()

- Also move parse_extended_hostname() tests to their own unittest, and
  add a v3 address to the test as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-19 16:42:26 +03:00
George Kadianakis
3e593f09ad prop224: Recompute all HSDir indices when we enter overlap mode.
When we enter overlap mode we start using the next hsdir index of
relays. However, we only compute the next hsdir index of relays when we
receive a consensus or their descriptor. This means that there is a
window of time between entering the overlap period and fetching the
consensus where relays have their next hsdir index uninitialized. This
patch fixes this by recomputing all hsdir indices when we first enter
the overlap period.
2017-08-19 16:29:23 +03:00
George Kadianakis
7823c98a38 prop224: Improve descriptor reupload logic.
We want to reupload our descriptor if its set of responsible HSDirs
changed to minimize reachability issues.

This patch adds a callback everytime we get new dirinfo which checks if
the hash ring changed and reuploads descriptor if needed.
2017-08-19 16:28:48 +03:00
George Kadianakis
1f7b8012ae prop224: Only upload descriptor if we have good hash ring and SRV.
Make sure we have a live consensus (for SRV) and enough descriptors (for
hash ring).

Also fix unittests that broke.
2017-08-19 16:28:47 +03:00
George Kadianakis
43343ec019 prop224: Improve our checks for unset HSDir index.
We used to not check next hsdir index.
2017-08-19 16:28:43 +03:00
David Goulet
5750f18bc7 sr: Log voting schedule at debug level
Because the HS subsystem calls it every second, change the log level to debug
so it doesn't spam the info log.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-19 16:20:07 +03:00
Suphanat Chunhapanya
c860282fc0 Mock rsa_ed25519_crosscert_check
This commit just mocks the rsa_ed25519_crosscert_check to be used later
in the fuzzer.
2017-08-13 16:15:40 +07:00
David Goulet
257f50b22f Make Windows happy for time_t printf format
Our Windows compiler treats "time_t" as long long int but Linux likes it
long int so cast those to make Windows happy.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-11 15:08:45 -04:00
Nick Mathewson
efbd4a33f4 Raise MIN_DL_PER_REQUEST to 32
This change should improve overhead for downloading small numbers of
descriptors and microdescriptors by improving compression
performance and lowering directory request overhead.

Closes ticket 23220.
2017-08-11 13:54:01 -04:00
Nick Mathewson
a368cadf95 Merge branch 'bug18982' 2017-08-11 12:11:42 -04:00
Nick Mathewson
c3a0cdeaab Add # to "hop N" messages to disambiguate from old messages. 2017-08-11 12:11:27 -04:00
Nick Mathewson
133e1e870b Merge remote-tracking branch 'dgoulet/bug23091_032_01' 2017-08-11 09:39:57 -04:00
Nick Mathewson
92b1dfd50e In node_get_ed25519_id, detect and warn on inconsistent IDs.
This shouldn't actually be possible, but it's worth checking for.
2017-08-09 15:00:32 -04:00
Nick Mathewson
fed3a08d8c Support the ed25519 map in nodelist_assert_ok() 2017-08-09 14:00:30 -04:00
Nick Mathewson
3cddd6570c Add a hashtable mapping to nodes from ed25519 ids 2017-08-09 13:45:03 -04:00
Nick Mathewson
5fa8d05bfa Block managed proxies at a higher point 2017-08-09 10:58:07 -04:00
Nick Mathewson
801aa5d03b Block the port-forwarding helper at a higher point 2017-08-09 10:58:07 -04:00
Nick Mathewson
eb43401bfb Add a 'NoExec' option that causes tor_spawn_background() to fail
Core of an implementation for 22976.
2017-08-09 10:45:48 -04:00
Nick Mathewson
418f3d6298 Make sure we always wind up checking i2d_*'s output.
The biggest offender here was sometimes not checking the output of
crypto_pk_get_digest.

Fixes bug 19418.  Reported by Guido Vranken.
2017-08-09 09:24:16 -04:00
Nick Mathewson
6f7d548bc4 Make write_escaped_data more robust to large inputs.
The old implementation would fail with super-long inputs. We never
gave it any, but still, it's nicer to dtrt here.

Reported by Guido Vranken. Fixes bug 19281.
2017-08-09 09:02:12 -04:00
Nick Mathewson
a3685ba0c5 Fix a warning on 32-bit clang 2017-08-09 08:31:44 -04:00
George Kadianakis
21e5146529 prop224: Fix coverity warnings from #20657 merge.
- Fix various ssize_t/size_t confusions in the tests.

- Fix a weird memset argument:
  "bad_memset: Argument -16 in memset loses precision in
  memset(&desc_two->blinded_kp.pubkey.pubkey, -16, 32UL)."

- Fix check_after_deref instance in check_state_line_for_service_rev_counter():
  "check_after_deref: Null-checking items suggests that it may be null,
  but it has already been dereferenced on all paths leading to the
  check."
2017-08-09 13:49:12 +03:00
Nick Mathewson
34e4122025 Merge branch 'ticket20657_nickm_bugfixes_squashed' 2017-08-08 20:31:57 -04:00
George Kadianakis
5c4f4acedb prop224: Function to inc/decrement num rendezvous stream
Add a common function for both legacy and prop224 hidden service to increment
and decrement the rendezvous stream counter on an origin circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:35 -04:00
David Goulet
400ba2f636 prop224: Always note down the use of internal circuit
Also, this removes all the callsite of this rephist in the hs subsystem

Fixes #23097

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:35 -04:00
George Kadianakis
0a0bbfe96f Add note about handling INTRODUCE2 cells.
Also fix a check-spaces instance.
2017-08-08 20:29:35 -04:00
George Kadianakis
ff249ee4a6 Start caching disaster SRV values.
Also add some unittests.
2017-08-08 20:29:35 -04:00
George Kadianakis
101ce6da01 Fix the build_hs_index() function.
Also add a unittest for hs_get_responsible_hsdirs() which was used to
find and fix the bug.
2017-08-08 20:29:35 -04:00
George Kadianakis
8bac50d755 prop224: Improve comments and tests for ed25519 keys in IPs/RPs.
Also make sure we are not gonna advertise the ed25519 key of an intro
point that doesn't support it.
2017-08-08 20:29:35 -04:00
George Kadianakis
273638288d Improve docs on rendezvous circ relaunch. 2017-08-08 20:29:35 -04:00
George Kadianakis
827bd0e882 Increase HS desc cert lifetime.
We used to have a small HS desc cert lifetime but those certs can stick
around for 36 hours if they get initialized in the beginning of overlap
period.

[warn] Bug: Non-fatal assertion !(hs_desc_encode_descriptor(desc->desc, &desc->signing_kp, &encoded_desc) < 0) failed in
upload_descriptor_to_hsdir at src/or/hs_service.c:1886. Stack trace: (on Tor 0.3.2.0-alpha-dev b4a14555597fb9b3)
2017-08-08 20:29:35 -04:00
George Kadianakis
e70341deb7 prop224 tests: Better HS address tests. 2017-08-08 20:29:35 -04:00
George Kadianakis
4a1b57e9b0 prop224 tests: Improve SRV protocol tests. 2017-08-08 20:29:35 -04:00
George Kadianakis
0bf8587858 Do more type checking when setting HS idents.
I repurposed the old directory_request_set_hs_ident() into a new
directory_request_upload_set_hs_ident() which is only used for the
upload purpose and so it can assert on the dir_purpose.

When coding the client-side we can make a second function for fetch.
2017-08-08 20:29:35 -04:00
George Kadianakis
471489ca03 Extract intro point onion key even with multiple types. 2017-08-08 20:29:34 -04:00
George Kadianakis
c62da5cf95 Improve code based on Nick review:
- Fix some more crazy ternary ops.
- Fix the order of disaster SRV computation.
- Whitespace fixes.
- Remove a redundant warn.
- Better docs.
2017-08-08 20:29:34 -04:00
George Kadianakis
4ad4467fa1 Don't double hash the ed25519 blind key parameter.
We used to do:
   h = H(BLIND_STRING | H(A | s | B | N )
when we should be doing:
   h = H(BLIND_STRING | A | s | B | N)

Change the logic so that hs_common.c does the hashing, and our ed25519
libraries just receive the hashed parameter ready-made. That's easier
than doing the hashing on the ed25519 libraries, since that means we
would have to pass them a variable-length param (depending on whether
's' is set or not).

Also fix the ed25519 test vectors since they were also double hashing.
2017-08-08 20:29:34 -04:00
George Kadianakis
b89d2fa1db Don't set HSDir index if we don't have a live consensus.
We also had to alter the SRV functions to take a consensus as optional
input, since we might be setting our HSDir index using a consensus that
is currently being processed and won't be returned by the
networkstatus_get_live_consensus() function.

This change has two results:

a) It makes sure we are using a fresh consensus with the right SRV value
   when we are calculating the HSDir hash ring.

b) It ensures that we will not use the sr_get_current/previous()
   functions when we don't have a consensus which would have falsely
   triggered the disaster SRV logic.
2017-08-08 20:29:34 -04:00
George Kadianakis
440eaa9b22 Correctly assign HSDir flags based on protocol list
In Nick's words:

"We want to always return false if the platform is a Tor version, and it
is not as new as 0.3.0.8 -- but if the platform is not a Tor version, or
if the version is as new as 0.3.0.8, then we want to obey the protocol
list.

That way, other implementations of our protocol won't have to claim any
particular Tor version, and future versions of Tor will have the freedom
to drop this protocol in the distant future."
2017-08-08 20:29:34 -04:00
George Kadianakis
a561a10da7 Fix small easy bugs all around
- Fix log message format string.
- Do extra circuit purpose check.
- wipe memory in a clear function
- Make sure we don't double add intro points in our list
- Make sure we don't double close intro circuits.
- s/tt_u64_op/tt_i64_op/
2017-08-08 20:29:34 -04:00
George Kadianakis
2c6f2e9be9 Constify functions that can be constified. 2017-08-08 20:29:34 -04:00
George Kadianakis
5ca9b830ea Improve documentation all around the codebase. 2017-08-08 20:29:34 -04:00
George Kadianakis
f106af3c41 Make ed25519 id keys optional for IPs and RPs. 2017-08-08 20:29:34 -04:00
George Kadianakis
d88984a137 Improve setting hsdir index procedure.
- Fix memleak.
2017-08-08 20:29:34 -04:00
George Kadianakis
706392e6b5 Make HidServRevCounter be a LINELIST as it should. 2017-08-08 20:29:34 -04:00
George Kadianakis
3ce69a58ce Rename some free() functions that are actually clear(). 2017-08-08 20:29:34 -04:00
George Kadianakis
3bc52dae89 Validate intro point limits to avoid asserts. 2017-08-08 20:29:34 -04:00
George Kadianakis
7c507a1f7f Relax assertions: turn them to BUGs and non-fatal asserts. 2017-08-08 20:29:34 -04:00
George Kadianakis
e42c55626a prop224: Don't use nodes as HSDirs if they don't have an HSDir index. 2017-08-08 20:29:34 -04:00
George Kadianakis
74981d1f13 memwipe interesting unused memory 2017-08-08 20:29:34 -04:00
George Kadianakis
29b3dd1c05 Fix 32-bit bug when writing address to descriptor.
We used to sizeof() a pointer. Let's just use asprintf to avoid having
to be smart.
2017-08-08 20:29:34 -04:00
George Kadianakis
434112df4b Fix ternary operator abuse. 2017-08-08 20:29:34 -04:00
George Kadianakis
1397ac11d6 Use htonll() when INT_8 is used.
Also prepend period_length to any period_num, as specified by the spec.
2017-08-08 20:29:34 -04:00
David Goulet
708789025d prop224: Remove INTRODUCE2 legacy handling
Turns out that introduction points don't care about the INTRODUCE2 cell
format as long as the top field is LEGACY_KEY_ID as expected. So let's
use a single INTRODUCE format regardless of the introduction point being
legacy or not.

This also removes the polymorphic void* situation.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
b47139d758 test: Unit tests for the revision counter state file codethe
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
6f046b2191 prop224: Use state file to save/load revision counters
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
2e5a2d64bd prop224: Refactor the overlap function to not use absolute time.
We consider to be in overlap mode when we are in the period of time between a
fresh SRV and the beginning of the new time period (in the normal network this
is between 00:00 and 12:00 UTC). This commit edits that function to use the
above semantic logic instead of absolute times.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
6c00bd1f10 prop224: Make prop224 time periods smaller in testnets.
It used to be that time periods were 24 hours long even on chutney,
which made testing harder. With this commit, time periods have the same
length as a full SRV protocol run, which means that they will change
every 4 minutes in a 10-second voting interval chutney network!
2017-08-08 20:29:34 -04:00
George Kadianakis
cf58451a8b prop224: Refactor hs_get_time_period_num() to not use absolute time.
Instead use the SRV protocol duration to calculate the rotation offset
that was previously hardcoded to 12 hours.
2017-08-08 20:29:34 -04:00
George Kadianakis
2cd5f9a2fc prop224: Compute start time of next time period. 2017-08-08 20:29:34 -04:00
George Kadianakis
0b22b7fce3 SR: Calculate current SRV phase/run duration.
This is also needed to make the HS desc overlap mode function
independent of absolute hours.
2017-08-08 20:29:34 -04:00
George Kadianakis
2af254096f SR: Compute the start time of the current protocol run.
This function will be used to make the HS desc overlap function be
independent of absolute times.
2017-08-08 20:29:34 -04:00
David Goulet
85c80adf4a prop224: HSDir v3 support is >= 0.3.0.8
Because of bug #22447, we have to select nodes that are at least this version.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
2cae4f4100 prop224: Move get_intro_circuit() to hs_circuit.c
Make this function public so we can use it both in hs_circuit.c and
hs_service.c to avoid code duplication.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
6c3d525c36 prop224: Make circuit prediction aware of v3 services
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
713eb08bc9 prop224: Add service rendezvous circuit relaunch
This introduces a callback to relaunch a service rendezvous circuit when a
previous one failed to build or expired.

It unifies the legacy function rend_service_relaunch_rendezvous() with one for
specific to prop224. There is now only one entry point for that which is
hs_circ_retry_service_rendezvous_point() supporting both legacy and prop224
circuits.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
1b403a8382 prop224: Different intro point timings with TestingNetwork
Change the timing for intro point's lifetime and maximum amount of circuit we
are allowed to launch in a TestingNetwork. This is particurlarly useful for
chutney testing to test intro point rotation.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
15864a1b70 prop224: Add a circuit has closed callback
When the circuit is about to be freed which has been marked close before, for
introduction circuit we now call this has_closed() callback so we can cleanup
any introduction point that have retried to many times or at least flag them
that their circuit is not established anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
4a8cf17897 hs: Rename num_rend_services()
Renamed to rend_num_services() so it is consistent with the legacy naming.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
a6b6227b21 test: Fix prop224 HS descriptor to use subcredential
We used to use NULL subcredential which is a terrible terrible idea.  Refactor
HS unittests to use subcredentials.

Also add some non-fatal asserts to make sure that we always use subcredentials
when decoding/encoding descs.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
b547c54239 test: Add unit test coverage of hs_service.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
559ffd7179 test: Refactor HS tests to use the new ESTABLISH_INTRO cell code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
30b5c6a95e prop224: Link rendezvous circuit to edge connection
This commit refactors the handle_hs_exit_conn() function introduced at a prior
commit that connects the rendezvous circuit to the edge connection used to
connect to the service virtual port requested in a BEGIN cell.

The refactor adds the support for prop224 adding the
hs_service_set_conn_addr_port() function that has the same purpose has
rend_service_set_connection_addr_port() from the legacy code.

The rend_service_set_connection_addr_port() has also been a bit refactored so
the common code can be shared between the two HS subsystems (legacy and
prop224).

In terms of functionallity, nothing has changed, we still close the circuits
in case of failure for the same reasons as the legacy system currently does.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
7163ce7f62 hs: Refactor the service exit connection code
This commit simply moves the code from the if condition of a rendezvous
circuit to a function to handle such a connection. No code was modified
_except_ the use or rh.stream_id changed to n_stream->stream_id so we don't
have to pass the cell header to the function.

This is groundwork for prop224 support which will break down the
handle_hs_exit_conn() depending on the version of hidden service the circuit
and edge connection is for.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
5d2506d70c prop224: Sandbox support for service
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
848e701f55 prop224: Make the number of extra intro point a consensus param
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
f0e02e3a14 prop224: Make intro point min/max lifetime a consensus param
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
670cecaf66 prop224: Make INTRODUCE2 min/max a consensus param
Introduction point are rotated either if we get X amounts of INTRODUCE2 cells
on it or a time based expiration. This commit adds two consensus parameters
which are the min and max value bounding the random value X.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
feed375f19 prop224: Implement a service intro point failure cache
Imagine a Tor network where you have only 8 nodes available due to some
reasons. And your hidden service wants 8 introduction points. Everything is
fine but then a node goes down bringing the network to 7. The service will
retry 3 times that node and then give up but keep it in a failure cache for 5
minutes (INTRO_CIRC_RETRY_PERIOD) so it doesn't retry it non stop and exhaust
the maximum number of circuit retry.

In the real public network today, this is unlikely to happen unless the
ExcludeNodes list is extremely restrictive.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
ac848777f9 prop224: Upload service descriptors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
bce0c6caad prop224: Directory function to upload descriptor
This commit adds a directory command function to make an upload directory
request for a service descriptor.

It is not used yet, just the groundwork.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
0bcc9ad58d prop224: Add a responsible HSDir function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
06909cafef prop224: Add hsdir consensus parameters
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
267bc7bc3b prop224: Build hsdir index for node_t
This hsdir index value is used to give an index value to all node_t (relays)
that supports HSDir v3. An index value is then computed using the blinded key
to know where to fetch/upload the service descriptor from/to.

To avoid computing that index value everytime the client/service needs it, we
do that everytime we get a new consensus which then doesn't change until the
next one. The downside is that we need to sort them once we need to compute
the set of responsible HSDir.

Finally, the "hs_index" function is also added but not used. It will be used
in later commits to compute which node_t is a responsible HSDir for the
service we want to fetch/upload the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
77b279c35c prop224: Add service replay cache
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
27dd1a716c prop224: Support INTRODUCE2 cell replay cache
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
100386e659 prop224: Support legacy INTRODUCE2 cell
Also rename some function to follow a bit more the naming convention in that
file.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
dfa6301aed prop224: Handle service RENDEZVOUS1 cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
acc7c4ee95 prop224: Establish rendezvous circuit for service
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
5e710368b3 prop224: Handle service INTRODUCE2 cell
At this commit, launching rendezvous circuit is not implemented, only a
placeholder.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
faadbafba3 prop224: Add helper function to lookup HS objects
Add this helper function that can lookup and return all the needed object from
a circuit identifier. It is a pattern we do often so make it nicer and avoid
duplicating it everywhere.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
79e8d113d5 prop224: Handle service INTRO_ESTABLISHED cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
d765cf30b5 prop224: Circuit has opened and ESTABLISH_INTRO cell
Add the entry point from the circuit subsystem of "circuit has opened" which
is for all type of hidden service circuits. For the introduction point, this
commit actually adds the support for handling those circuits when opened and
sending ESTABLISH_INTRO on a circuit.

Rendevzou point circuit aren't supported yet at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
6a21ac7f98 prop224: Introduction circuit creation
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
00a02a3a59 prop224: Service v3 descriptor creation and logic
This commit adds the functionality for a service to build its descriptor.
Also, a global call to build all descriptors for all services is added to the
service scheduled events.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
c4ba4d4cc8 prop224: Implement subcredential creation
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
George Kadianakis
f53b72baf7 prop224: Add descriptor overlap mode function
The function has been added but not used except for the unit tests.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
0f104ddce5 prop224: Scheduled events for service
Add the main loop entry point to the HS service subsystem. It is run every
second and make sure that all services are in their quiescent state after that
which means valid descriptors, all needed circuits opened and latest
descriptors have been uploaded.

For now, only v2 is supported and placeholders for v3 actions for that main
loop callback.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
9052530bdd prop224: API for the creation of blinded keys
Add a function for both the client and service side that is building a blinded
key from a keypair (service) and from a public key (client). Those two
functions uses the current time period information to build the key.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
44e3255c4d hs: Implement constructor for hs_desc_intro_point_t
Add a new and free function for hs_desc_intro_point_t so the service can use
them to setup those objects properly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
Nick Mathewson
b08a2dc954 Merge branch 'maint-0.3.1' 2017-08-08 19:29:10 -04:00
Nick Mathewson
3af4aafbcb Fix a memory leak in consdiffmgr.c
Fixes bug 23139; bugfix on 0.3.1.1-alpha.
2017-08-08 09:13:45 -04:00
Nick Mathewson
3b646bf887 Fix ntohs() that should have been htons()
Fixes bug 23106; bugfix on 0.2.4.8-alpha.

Fortunately, we only support big-endian and little-endian platforms,
and on both of those, hton*() and ntoh*() behave the same.  And if
we did start to support middle endian systems (haha, no), most of
_those_ have hton*(x) == ntoh*(x) too.
2017-08-04 12:17:53 -04:00
Nick Mathewson
32b4fd5be9 Handle CMD_KEY_EXPIRATION in ntmain.c switch statement
This fixes a compilation warning on windows.

Bug not in any released Tor.
2017-08-04 12:00:51 -04:00
Isis Lovecruft
b2a7e8df90
routerkeys: Add cmdline option for learning signing key expiration.
* CLOSES #17639.
 * ADDS new --key-expiration commandline option which prints when the
   signing key expires.
2017-08-03 22:20:02 +00:00
Nick Mathewson
96cf608b2e Merge branch 'bug22885_squashed' 2017-08-03 09:33:40 -04:00
Nick Mathewson
7f32920648 Don't send missing X-Desc-Gen-Reason on startup
Since we start with desc_clean_since = 0, we should have been
starting with non-null desc_dirty_reason.

Fixes bug 22884; bugfix on 0.2.3.4-alpha when X-Desc-Gen-Reason was
added.
2017-08-03 09:33:33 -04:00
Nick Mathewson
1168e21b45 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-03 09:14:12 -04:00
Nick Mathewson
40c7871f46 Merge branch 'maint-0.3.1' 2017-08-03 09:14:12 -04:00
Nick Mathewson
17073d7234 Merge branch 'maint-0.3.1' 2017-08-03 09:11:03 -04:00
Nick Mathewson
b13bf65062 Merge branch 'bug23081_025' into maint-0.3.1 2017-08-03 09:10:58 -04:00
Nick Mathewson
3e68db02c4 In ntmain, call set_main_thread() before running the loop.
Patch from Vort; fixes bug 23081; bugfix on fd992deeea in
0.2.1.16-rc when set_main_thread() was introduced.

See the changes file for a list of all the symptoms this bug has
been causing when running Tor as a Windows Service.
2017-08-03 09:09:08 -04:00
Neel Chauhan
5ee6ca8da2 Switch to offsetof() 2017-08-03 08:56:35 -04:00
David Goulet
5b03c7ba6d Fix check_expired_networkstatus_callback() if condition
The condition was always true meaning that we would reconsider updating our
directory information every 2 minutes.

If valid_until is 6am today, then now - 24h == 1pm yesterday which means that
"valid_until < (now - 24h)" is false. But at 6:01am tomorrow, "valid_until <
(now - 24h)" becomes true which is that point that we shouldn't trust the
consensus anymore.

Fixes #23091

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-02 13:28:45 -04:00
David Goulet
ff9c529667 hs: Cleanup logging statement in hs_intropoint.c
One log statement was a warning and has been forgotten. It is triggered for a
successful attempt at introducting from a client.

It has been reported here:
https://lists.torproject.org/pipermail/tor-relays/2017-August/012689.html

Three other log_warn() statement changed to protocol warning because they are
errors that basically can come from the network and thus triggered by anyone.

Fixes #23078.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-01 14:15:47 -04:00
Nick Mathewson
58e1c6dd86 Merge remote-tracking branch 'public/bug19769_19025_029' into maint-0.2.9 2017-08-01 11:30:29 -04:00
Nick Mathewson
8500f0e4e1 Merge remote-tracking branch 'public/bug20059_024_v2' into maint-0.2.9 2017-08-01 11:28:36 -04:00
Nick Mathewson
84c4a2bc3f Merge remote-tracking branch 'public/bug20270_029' into maint-0.3.0 2017-08-01 11:24:02 -04:00
Nick Mathewson
7c68b2f1a5 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:23:00 -04:00
Nick Mathewson
2b94b0ea72 Merge remote-tracking branch 'public/bug22245_024' into maint-0.2.9 2017-08-01 11:22:42 -04:00
Nick Mathewson
1d48712c28 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:21:19 -04:00
Nick Mathewson
f6ecda8400 Merge remote-tracking branch 'public/bug18100_029' into maint-0.2.9 2017-08-01 11:21:14 -04:00
Nick Mathewson
ec99f038fa Improve the keypin failure message
Closes the human-factors part of ticket 22348.
2017-07-31 20:40:23 -04:00
Nick Mathewson
df3bdc6bde Clean up choose_good_entry_server() doc; add assertion
We used to allow state==NULL here, but we no longer do.

Fixes bug 22779.
2017-07-31 20:35:58 -04:00
Nick Mathewson
769a94d9ce Bug 23055: cast, then multiply when doing u32*u32->u64.
No backport, since this bug won't trigger until people make
certificates expiring after the Y2106 deadline.

CID 1415728
2017-07-28 10:33:51 -04:00
Nick Mathewson
decb927685 Add an assertion to try to please coverity.
Coverity, for some reason, thought that weight_scale might be 0,
leading to a divide-by-zero error.
2017-07-28 10:17:57 -04:00
Nick Mathewson
6252e04a37 Merge branch 'maint-0.3.1' 2017-07-28 09:50:26 -04:00
Nick Mathewson
911e2dc530 Merge branch 'bug23053_029' into maint-0.3.1 2017-07-28 09:50:16 -04:00
Nick Mathewson
9a0f38a349 Fix a small memory leak when parsing unix: ports twice
Fixes bug 23053; CID 1415725.
2017-07-28 09:49:42 -04:00
Nick Mathewson
15ed1c0c83 Merge branch 'maint-0.3.1' 2017-07-27 16:30:52 -04:00
Nick Mathewson
ba334c00da Merge branch 'multi-priority_squashed' into maint-0.3.1 2017-07-27 16:29:34 -04:00
Nick Mathewson
fdd8156ea3 Fix the cpuworker.c documentation to mention all the kinds of work 2017-07-27 16:28:59 -04:00
Nick Mathewson
250c88014d Always start with one additional worker thread
Now that half the threads are permissive and half are strict, we
need to make sure we have at least two threads, so that we'll
have at least one of each kind.
2017-07-27 16:28:59 -04:00
Nick Mathewson
0ae0b5aa41 Queue consensus diffs at LOW priority.
Fixes bug 22883.
2017-07-27 16:28:59 -04:00
David Goulet
c9927ce4d5 prop224: Add onion key to service descriptor intro point
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
78e2bc4000 prop224: Add the introduction point onion key to descriptor
A prop224 descriptor was missing the onion key for an introduction point which
is needed to extend to it by the client.

Closes #22979

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
b8ceab9bb3 prop224: Helper to dup a link_specifier_t object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
2b9575a9c0 prop224: Update hs identifier circuit
Remove the legacy intro point key because both service and client only uses
the ed25519 key even though the intro point chosen is a legacy one.

This also adds the CLIENT_PK key that is needed for the ntor handshake.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
Roger Dingledine
bb66a48541 fix wordo in comment 2017-07-25 11:14:39 -04:00
Nick Mathewson
6c8c973191 Rename the hybrid_encrypt/decrypt functions; label them as dangerous
We need to keep these around for TAP and old-style hidden services,
but they're obsolete, and we shouldn't encourage anyone to use them.
So I've added "obsolete" to their names, and a comment explaining
what the problem is.

Closes ticket 23026.
2017-07-24 14:34:53 -04:00
Nick Mathewson
9a1338d9df Fix 32-bit warnings in hs_common.c 2017-07-14 11:33:12 -04:00
Nick Mathewson
ef4ea864ea Merge remote-tracking branch 'dgoulet/ticket21979_032_04' 2017-07-13 17:23:37 -04:00
David Goulet
965e3a6628 prop224: Fix clang warnings
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 17:18:11 -04:00
Nick Mathewson
62d241ad22 Merge remote-tracking branch 'isis/bug19476' 2017-07-13 16:58:45 -04:00
Nick Mathewson
66a564fad8 Merge branch 'maint-0.3.1' 2017-07-13 16:55:06 -04:00
David Goulet
5d64ceb12d prop224: Move service version into config object
It makes more sense to have the version in the configuration object of the
service because it is afterall a torrc option (HiddenServiceVersion).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
3eeebd1b0c prop224: Use the service config object when configuring
Both configuration function now takes the service config object instead of the
service itself.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
f64689f3f0 prop224: Don't use char * for binary data
It turns out that some char * sneaked in our hs_common.c code. Replace those
by uint8_t *.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
1b048fbfaa prop224: Add a clear configuration function
The added function frees any allocated pointers in a service configuration
object and reset all values to 0.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
750c684fff prop224: Don't use an array of config handlers
As per nickm suggestion, an array of config handlers will not play well with
our callgraph tool.

Instead, we'll go with a switch case on the version which has a good side
effect of allowing us to control what we pass to the function intead of a fix
set of parameters.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
e9dd4ed16d prop224: Detect duplicate configuration options
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
cfa6f8358b prop224: Use a common function to parse uint64_t
Add a helper function to parse uint64_t and also does logging so we can reduce
the amount of duplicate code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
28f6431399 Revert "fixup! prop224: Add hs_config.{c|h} with a refactoring"
This reverts commit e2497e2ba038133026a475f0f93c9054187b2a1d.
2017-07-13 16:50:09 -04:00
David Goulet
09b12c4094 test: Add v3 service load keys and accessors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
418059dd96 test: Add v3 service config and registration test
This tests our hs_config.c API to properly load v3 services and register them
to the global map. It does NOT test the service object validity, that will be
the hs service unit test later on.

At this commit, we have 100% code coverage of hs_config.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
87f6f96f47 hs: Add rend_service_init()
Initialize both the global and staging service lists.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
f76f873199 prop224: Add a function to check for invalid opts
Every hidden service option don't apply to every version so this new function
makes sure we don't have for instance an option that is only for v2 in a v3
configured service.

This works using an exclude lists for a specific version. Right now, there is
only one option that is not allowed in v3. The rest is common.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:08 -04:00
David Goulet
138e03c488 prop224: Load and/or generate v3 service keys
Try to load or/and generate service keys for v3. This write both the public
and private key file to disk along with the hostname file containing the onion
address.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
f3899acdbf prop224: Service address creation/validation
This also adds unit test and a small python script generating a deterministic
test vector that a unit test tries to match.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
c086a59ea1 prop224: Configure v3 service from options
This commit adds the support in the HS subsystem for loading a service from a
set of or_options_t and put them in a staging list.

To achieve this, service accessors have been created and a global hash map
containing service object indexed by master public key. However, this is not
used for now. It's ground work for registration process.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
74193b9321 hs: Use v3 maximum intro points value when decoding v3
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
765ed5dac1 prop224: Add a init/free_all function for the whole subsystem
Introduces hs_init() located in hs_common.c which initialize the entire HS v3
subsystem. This is done _prior_ to the options being loaded because we need to
allocate global data structure before we load the configuration.

The hs_free_all() is added to release everything from tor_free_all().

Note that both functions do NOT handle v2 service subsystem but does handle
the common interface that both v2 and v3 needs such as the cache and
circuitmap.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
02e2edeb33 prop224: Add hs_config.{c|h} with a refactoring
Add the hs_config.{c|h} files contains everything that the HS subsystem needs
to load and configure services. Ultimately, it should also contain client
functions such as client authorization.

This comes with a big refactoring of rend_config_services() which has now
changed to only configure a single service and it is stripped down of the
common directives which are now part of the generic handler.

This is ground work for prop224 of course but only touches version 2 services
and add XXX note for version 3.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
b03853b65f prop224: Initial import of hs_service_t
This object is the foundation of proposal 224 service work. It will change
and be adapted as it's being used more and more in the codebase. So, this
version is just a basic skeleton one that *will* change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:07 -04:00
Isis Lovecruft
c59ba01550
rephist: Remove unused crypto_pk statistics.
These statistics were largely ununsed, and kept track of statistical information
on things like how many time we had done TLS or how many signatures we had
verified.  This information is largely not useful, and would only be logged
after receiving a SIGUSR1 signal (but only if the logging severity level was
less than LOG_INFO).

 * FIXES #19871.
 * REMOVES note_crypto_pk_op(), dump_pk_op(), and pk_op_counts from
   src/or/rephist.c.
 * REMOVES every external call to these functions.
2017-07-13 20:24:48 +00:00
Nick Mathewson
abb9a5bdda New configuration option MaxConsensusAgeForDiffs
Relay operators (especially bridge operators) can use this to lower
or raise the number of consensuses that they're willing to hold for
diff generation purposes.

This enables a workaround for bug 22883.
2017-07-12 13:15:16 -04:00
Nick Mathewson
3aba8490ba Merge branch 'maint-0.3.1' 2017-07-12 10:16:06 -04:00
Nick Mathewson
5636b160d4 Merge branch 'bug22349_029' into maint-0.3.1 2017-07-12 10:15:49 -04:00
Isis Lovecruft
9de12397cf
If writing a heartbeat message fails, retry after MIN_HEARTBEAT_PERIOD.
* FIXES #19476.
2017-07-12 03:08:04 +00:00
cypherpunks
f516c9ca99
Use the return value for choosing intervals 2017-07-12 03:08:02 +00:00
Nick Mathewson
db71d42868 Avoid double-typedef errors on freebsd. 2017-07-10 09:28:50 -04:00
David Goulet
b50f39fb6f prop224: Add common intropoint object
Groundwork for more prop224 service and client code. This object contains
common data that both client and service uses.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 15:38:20 -04:00
Nick Mathewson
948158df33 Merge branch 'bug17750_029_squashed' 2017-07-07 13:28:22 -04:00
teor
527c0735f1 Comment that failure schedules always use exponential backoff 2017-07-07 13:18:04 -04:00
teor
32f0cbc0f6 Refactor exponential backoff multipliers into macros
There are only so many times you can type "4".
2017-07-07 13:18:04 -04:00
teor
344f5a71c5 Use download_status_get_next_attempt_at() more often
This guards against future occurrences of 17750.
2017-07-07 13:18:04 -04:00
teor
f813b05202 Give correct bounds in next_random_exponential_delay() comment 2017-07-07 13:18:04 -04:00
teor
c21cfd28f4 Make clients try fallbacks before authorities
Make clients wait for 6 seconds before trying to download their
consensus from an authority.

Fixes bug 17750, bugfix on 0.2.8.1-alpha.
2017-07-07 13:18:04 -04:00
Nick Mathewson
eb01f35149 Merge branch 'bug21495' 2017-07-07 13:03:36 -04:00
Nick Mathewson
c7d2a67274 Fix a couple of clang warnings 2017-07-07 11:32:15 -04:00
Nick Mathewson
c387cc5022 Merge branch 'ticket21859_032_01_squashed' 2017-07-07 11:17:53 -04:00
Nick Mathewson
6a64563b1d Fix wide lines 2017-07-07 11:15:27 -04:00
Nick Mathewson
ec3e046986 Use LD_BUG, not LOG_PROTOCOL_WARN, for bad-purpose cases. 2017-07-07 11:14:47 -04:00
George Kadianakis
70d08f764d Explicit length checks in create_rend_cpath().
Had to also edit hs_ntor_circuit_key_expansion() to make it happen.
2017-07-07 11:12:27 -04:00
George Kadianakis
c4d17faf81 Explicit length checks in circuit_init_cpath_crypto(). 2017-07-07 11:12:27 -04:00
George Kadianakis
2432499705 Rename get_rend_cpath() to create_rend_cpath().
based on Nick's review.
2017-07-07 11:12:27 -04:00
George Kadianakis
b490ae68c7 Rename rend_circuit_validate_purpose() based on Nick's review. 2017-07-07 11:12:27 -04:00
George Kadianakis
fee95dabcf Turn some warnings into bugs and non-fatal asserts. 2017-07-07 11:12:26 -04:00
George Kadianakis
91da032e9c Improve docs based on Nick's review. 2017-07-07 11:12:26 -04:00
George Kadianakis
43a73f6eb6 test: Crypto groundwork for e2e circuit unittests.
- Move some crypto structures so that they are visible by tests.

- Introduce a func to count number of hops in cpath which will be used
  by the tests.

- Mark a function as mockable.
2017-07-07 11:12:26 -04:00
George Kadianakis
9ff5613a34 test: Introduce hs_client_note_connection_attempt_succeeded().
This commit paves the way for the e2e circuit unittests.

Add a stub for the prop224 equivalent of rend_client_note_connection_attempt_ended().

That function was needed for tests, since the legacy function would get
called when we attach streams and our client-side tests would crash with
assert failures on rend_data.

This also introduces hs_client.[ch] to the codebase.
2017-07-07 11:12:26 -04:00
David Goulet
0cb66fc900 prop224: Introduce e2e rendezvous circuit code.
This commit adds most of the work of #21859. It introduces hs_circuit.c
functions that can handle the setup of e2e circuits for prop224 hidden
services, and also for legacy hidden service clients. Entry points are:

		prop224 circuits: hs_circuit_setup_e2e_rend_circ()
		legacy client-side circuits: hs_circuit_setup_e2e_rend_circ_legacy_client()

This commit swaps the old rendclient code to use the new API.

I didn't try to accomodate the legacy service-side code in this API, since
that's too tangled up and it would mess up the new API considerably IMO (all
this service_pending_final_cpath_ref stuff is complicated and I didn't want to
change it).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
George Kadianakis
0b2018a4d0 Refactor legacy code to support hs_ident along with rend_data.
The legacy HS circuit code uses rend_data to match between circuits and
streams. We refactor some of that code so that it understands hs_ident
as well which is used for prop224.
2017-07-07 11:12:26 -04:00
George Kadianakis
83249015c2 Refactor circuit_init_cpath_crypto() to do prop224 rend circuits.
circuit_init_cpath_crypto() is responsible for creating the cpath of legacy
SHA1/AES128 circuits currently. We want to use it for prop224 circuits, so we
refactor it to create circuits with SHA3-256 and AES256 as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
George Kadianakis
ba928e1ac8 Refactor the HS ntor key expansion to fit the e2e circuit API.
We want to use the circuit_init_cpath_crypto() function to setup our
cpath, and that function accepts a key array as input. So let's make our
HS ntor key expansion function also return a key array as output,
instead of a struct.

Also, we actually don't need KH from the key expansion, so the key
expansion output can be one DIGEST256_LEN shorter. See here for more
info: https://trac.torproject.org/projects/tor/ticket/22052#comment:3
2017-07-07 11:12:26 -04:00
David Goulet
f8dc1164ba prop224: Add connection and circuit identifier object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
Nick Mathewson
67b6ba6f2f Avoid a scan_build warning in dirvote_get_intermediate_param_value
Fixes bug 21495.
2017-07-07 11:08:28 -04:00
Nick Mathewson
86eb63deb4 Merge remote-tracking branch 'public/bug19648' 2017-07-06 09:32:22 -04:00
Nick Mathewson
139799cdce Merge branch 'bug20488_029_squashed' 2017-07-06 09:29:03 -04:00
Nick Mathewson
41fe94ef15 Improve warning message to stop implying nickname reg is a thing.
Closing ticket 20488.
2017-07-06 09:28:31 -04:00
Nick Mathewson
68a2c75ab7 Merge branch 'maint-0.3.1' 2017-07-05 17:37:14 -04:00
Nick Mathewson
9919638e98 Fix a wide line from 22207 2017-07-05 17:37:06 -04:00
Nick Mathewson
93bd60e5b0 Merge branch 'maint-0.3.1' 2017-07-05 17:00:46 -04:00
Nick Mathewson
2251667ff2 Merge remote-tracking branch 'karsten/task-22207' into maint-0.3.1 2017-07-05 17:00:43 -04:00
Nick Mathewson
a85ee62e74 Make the strings from #1667 static. 2017-07-05 15:59:17 -04:00
Donncha O'Cearbhaill
2be4f793e6 Add a timestamp field to the CIRC_BW and STREAM_BW events
Closes ticket 19254.
2017-07-05 11:14:56 -04:00
Nick Mathewson
cd77ea782e Merge branch 'neena-fix-1667' 2017-07-05 11:01:36 -04:00
Nick Mathewson
03b6cfd591 Extract "not an HTTP proxy" messages. 2017-07-05 11:01:17 -04:00
Nick Mathewson
46e83477c1 Merge branch 'bug15554_032_01_squashed' 2017-07-05 10:15:24 -04:00
George Kadianakis
17bd118b4c Add test that parses a hardcoded v2 descriptor. 2017-07-05 10:14:26 -04:00
Nick Mathewson
13ccca69f1 Merge branch 'onionskin_refactor_2' 2017-07-05 10:01:48 -04:00
Nick Mathewson
3402b14089 Merge remote-tracking branch 'asn/ticket22727_032_02' 2017-07-05 09:49:12 -04:00
Nick Mathewson
b6c8530fc3 Merge remote-tracking branch 'dgoulet/ticket22726_032_02' 2017-07-05 09:36:31 -04:00
Roger Dingledine
943d284752 CREATE_FAST is for when you don't know the onion key
it isn't (anymore) for when you think you can get away with saving some
crypto operations.
2017-07-03 17:20:52 -04:00
Roger Dingledine
69fba1f2cd better comments and mild refactoring 2017-07-03 17:13:08 -04:00
Nick Mathewson
9b44e2e50e Document the new functions from the refactor 2017-07-03 16:54:41 -04:00
Nick Mathewson
2814b86875 Reindent the functions split from circuit_send_next_onion_skin().
This is a whitespace change only.
2017-07-03 16:54:41 -04:00
Nick Mathewson
935f84bd40 Split circuit_send_next_onion_skin() into its three main cases.
This commit is designed to have a very small diff.  Therefore,
the indentation is wrong.  The next commit will fix that.
2017-07-03 16:54:41 -04:00
Roger Dingledine
0fe7c42e0e general formatting / whitespace / typo fixes 2017-07-01 17:56:06 -04:00
Nick Mathewson
71b9f4f0bb Merge branch 'maint-0.3.1' 2017-06-29 15:57:49 -04:00
Nick Mathewson
1712dc98b0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-29 15:57:48 -04:00
Nick Mathewson
52c4440c48 Merge branch 'trove-2017-006' into maint-0.3.0 2017-06-29 15:57:42 -04:00
Nick Mathewson
3781678a3c Merge branch 'maint-0.3.1' 2017-06-29 11:38:06 -04:00
Nick Mathewson
31a08ba26f Merge remote-tracking branch 'public/bug22670_031' into maint-0.3.1 2017-06-29 11:34:06 -04:00
Nick Mathewson
2c718c1a12 Merge branch 'maint-0.3.1' 2017-06-29 10:43:50 -04:00
Nick Mathewson
bb5968cae1 Merge branch 'ticket22684' 2017-06-29 10:16:15 -04:00
Nick Mathewson
665baf5ed5 Consider the exit family when applying guard restrictions.
When the new path selection logic went into place, I accidentally
dropped the code that considered the _family_ of the exit node when
deciding if the guard was usable, and we didn't catch that during
code review.

This patch makes the guard_restriction_t code consider the exit
family as well, and adds some (hopefully redundant) checks for the
case where we lack a node_t for a guard but we have a bridge_info_t
for it.

Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006
and CVE-2017-0377.
2017-06-29 09:57:00 -04:00
Nick Mathewson
de5f0d8ba7 Replace crash on missing handle in consdiffmgr with nonfatal assert
Attempts to mitigate 22752.
2017-06-28 14:21:21 -04:00
Nick Mathewson
4c21d4ef7a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-28 14:03:23 -04:00
Nick Mathewson
ec9c6d7723 Merge remote-tracking branch 'teor/bug21507-029' into maint-0.2.9 2017-06-28 14:03:20 -04:00
Nick Mathewson
4060253749 Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.2.9 2017-06-28 13:57:54 -04:00
Nick Mathewson
75c6fdd286 whitespace fix 2017-06-28 13:53:52 -04:00
Nick Mathewson
e84127d99e Merge remote-tracking branch 'asn/bug21969_bridges_030' into maint-0.3.0 2017-06-28 13:48:52 -04:00
George Kadianakis
551ad20c43 nodelist: Make HSv3 protover magic numbers a bit more readable. 2017-06-28 18:32:32 +03:00
Nick Mathewson
559195ea82 Merge branch 'maint-0.3.1' 2017-06-27 18:28:38 -04:00
Alexander Færøy
0a4af86335 Return "304 not modified" if a client already have the most recent consensus.
This makes our directory code check if a client is trying to fetch a
document that matches a digest from our latest consensus document.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Alexander Færøy
07f2940b45 Set published_out for consensus cache entries in spooled_resource_estimate_size().
This patch ensures that the published_out output parameter is set to the
current consensus cache entry's "valid after" field.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Nick Mathewson
7fff6cfead Merge branch 'asn_bug22006_final_squashed' 2017-06-27 17:19:08 -04:00
George Kadianakis
a155035d20 ed25519: Dirauths validate router ed25519 pubkeys before pinning. 2017-06-27 17:17:58 -04:00
Nick Mathewson
f367453cb5 Mark descriptors as undownloadable when dirserv_add_() rejects them
As of ac2f6b608a in 0.2.1.19-alpha,
Sebastian fixed bug 888 by marking descriptors as "impossible" by
digest if they got rejected during the
router_load_routers_from_string() phase. This fix stopped clients
and relays from downloading the same thing over and over.

But we never made the same change for descriptors rejected during
dirserv_add_{descriptor,extrainfo}.  Instead, we tried to notice in
advance that we'd reject them with dirserv_would_reject().

This notice-in-advance check stopped working once we added
key-pinning and didn't make a corresponding key-pinning change to
dirserv_would_reject() [since a routerstatus_t doesn't include an
ed25519 key].

So as a fix, let's make the dirserv_add_*() functions mark digests
as undownloadable when they are rejected.

Fixes bug 22349; I am calling this a fix on 0.2.1.19-alpha, though
you could also argue for it being a fix on 0.2.7.2-alpha.
2017-06-27 12:01:46 -04:00
Nick Mathewson
3483f7c003 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-27 11:04:44 -04:00
Nick Mathewson
ccae991662 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-27 11:04:44 -04:00
Nick Mathewson
a242d194c7 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-27 11:04:44 -04:00
Nick Mathewson
711160a46f Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-27 11:04:44 -04:00
Nick Mathewson
32eba3d6aa Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-27 11:04:44 -04:00
Nick Mathewson
0576f9f433 Merge branch 'maint-0.3.1' 2017-06-27 11:04:44 -04:00
Nick Mathewson
9a0fd2dbb1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-27 11:04:44 -04:00
Nick Mathewson
3de27618e6 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-27 11:04:44 -04:00
Nick Mathewson
8d2978b13c Fix an errant memset() into the middle of a struct in cell_pack().
This mistake causes two possible bugs. I believe they are both
harmless IRL.

BUG 1: memory stomping

When we call the memset, we are overwriting two 0 bytes past the end
of packed_cell_t.body. But I think that's harmless in practice,
because the definition of packed_cell_t is:

// ...
typedef struct packed_cell_t {
  TOR_SIMPLEQ_ENTRY(packed_cell_t) next;
  char body[CELL_MAX_NETWORK_SIZE];
  uint32_t inserted_time;
} packed_cell_t;

So we will overwrite either two bytes of inserted_time, or two bytes
of padding, depending on how the platform handles alignment.

If we're overwriting padding, that's safe.

If we are overwriting the inserted_time field, that's also safe: In
every case where we call cell_pack() from connection_or.c, we ignore
the inserted_time field. When we call cell_pack() from relay.c, we
don't set or use inserted_time until right after we have called
cell_pack(). SO I believe we're safe in that case too.

BUG 2: memory exposure

The original reason for this memset was to avoid the possibility of
accidentally leaking uninitialized ram to the network. Now
remember, if wide_circ_ids is false on a connection, we shouldn't
actually be sending more than 512 bytes of packed_cell_t.body, so
these two bytes can only leak to the network if there is another bug
somewhere else in the code that sends more data than is correct.

Fortunately, in relay.c, where we allocate packed_cell_t in
packed_cell_new() , we allocate it with tor_malloc_zero(), which
clears the RAM, right before we call cell_pack. So those
packed_cell_t.body bytes can't leak any information.

That leaves the two calls to cell_pack() in connection_or.c, which
use stack-alocated packed_cell_t instances.

In or_handshake_state_record_cell(), we pass the cell's contents to
crypto_digest_add_bytes(). When we do so, we get the number of
bytes to pass using the same setting of wide_circ_ids as we passed
to cell_pack(). So I believe that's safe.

In connection_or_write_cell_to_buf(), we also use the same setting
of wide_circ_ids in both calls. So I believe that's safe too.

I introduced this bug with 1c0e87f6d8
back in 0.2.4.11-alpha; it is bug 22737 and CID 1401591
2017-06-27 10:47:20 -04:00
Nick Mathewson
22f441d4ee Merge branch 'maint-0.3.1' 2017-06-27 10:32:50 -04:00
Nick Mathewson
fd16dd2608 Merge branch 'bug22719_031' into maint-0.3.1 2017-06-27 10:31:33 -04:00
David Goulet
c17a04376d nodelist: Add functions to check for HS v3 support
This introduces node_supports_v3_hsdir() and node_supports_ed25519_hs_intro()
that checks the routerstatus_t of a node and if not present, checks the
routerinfo_t.

This is groundwork for proposal 224 service implementation in #20657.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-27 10:24:15 -04:00
David Goulet
82dee76740 hs: Ignore unparseable v3 introduction point
It is possible that at some point in time a client will encounter unknown or
new fields for an introduction point in a descriptor so let them ignore it for
forward compatibility.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-27 10:19:57 -04:00
Nick Mathewson
c29a559e7b Merge branch 'maint-0.3.1' 2017-06-26 14:15:21 -04:00
Nick Mathewson
d72cfb259d Patch for 22720 from huyvq: exit(1) more often
See changes file for full details.
2017-06-26 14:14:56 -04:00
Nick Mathewson
06414b9922 Merge branch 'maint-0.3.1' 2017-06-26 11:39:43 -04:00
Nick Mathewson
8f59661dba Merge branch 'bug22212_squashed' into maint-0.3.1 2017-06-26 11:27:09 -04:00
Mike Perry
0592ee45fc Demote a log message due to libevent delays.
This is a side-effect of being single-threaded. The worst cases of this are
actually Bug #16585.
2017-06-26 11:26:59 -04:00
Nick Mathewson
b546d8bc2b Try a little harder to make sure we never call tor_compress_process wrong. 2017-06-26 09:39:59 -04:00
Mike Perry
79e2e4d3cb Ticket #17857: Padding off-switch for single hop connections
This doesn't apply to currently active connections.. yet...
2017-06-23 16:53:39 -04:00
Nick Mathewson
89d0261eb5 Merge remote-tracking branch 'isis/bug4019' 2017-06-23 14:38:20 -04:00
Nick Mathewson
80360ed9fa Merge branch 'bug3056_squashed' 2017-06-23 09:28:27 -04:00
Nick Mathewson
96fab4aaa6 Improve clarity, safety, and rate of dns spoofing log msg
Closes ticket 3056.
2017-06-23 09:28:17 -04:00
Nick Mathewson
90046a09dd Merge branch 'maint-0.3.1' 2017-06-22 10:56:08 -04:00
Nick Mathewson
2c49a9852d Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-22 10:56:08 -04:00
Nick Mathewson
bdd267e74d Combine our "don't do this if no consensus" entryguards checks
Suggested by asn on 22400 review.
2017-06-22 09:28:30 -04:00
Nick Mathewson
b9d8c8b126 Merge remote-tracking branch 'rl1987/bug22461' 2017-06-22 08:11:36 -04:00
Nick Mathewson
dc9ec519b5 Merge remote-tracking branch 'public/bug7890' 2017-06-22 08:04:12 -04:00
Isis Lovecruft
28344b74ba
config: Fix duplicate error message for nonlocal SocksPorts.
If `validate_only` is true, then just validate the configuration without warning
about it.  This way, we only emit warnings when the listener is actually opened.
(Otherwise, every time we parse the config we will might re-warn and we would
need to keep state; whereas the listeners are only opened once.)

 * FIXES #4019.
2017-06-22 00:28:31 +00:00
Roger Dingledine
005500e14d make assign_onionskin_to_cpuworker failure case more clear
now it looks like the other time we call it
2017-06-21 17:42:10 -04:00
Nick Mathewson
3a8a92fddd Merge branch 'callgraph_reduction_v2' 2017-06-21 16:47:55 -04:00
Nick Mathewson
5dcc6bef1e Add GETINFO targets to determine whether md/desc fetching is enabled
Closes ticket 22684.
2017-06-21 16:45:31 -04:00
Nick Mathewson
1c0a2335cd Extract channel_do_open_actions() from non-open _change_state cases
This reduces the size of the largest SCC in the callgraph by 30
functions, from 58 to 28.
2017-06-21 14:03:00 -04:00
Nick Mathewson
5d3f484f4a Merge branch 'maint-0.3.1' 2017-06-21 13:54:07 -04:00
Nick Mathewson
784b29a2bf Merge branch 'bug22356_029' into maint-0.3.1 2017-06-21 13:54:02 -04:00
Nick Mathewson
35d6313500 Call it a BUG to use -1 in authdir_mode_handles_descs 2017-06-21 13:49:17 -04:00
huyvq
ad97714f22 Remove obsolete authdir_mode_any_nonhidserv()
- Replace it with authdir_mode()
2017-06-21 13:49:17 -04:00
huyvq
18cd1993ca Convert authdir_mode_handles_descs() to alternative wrappers
-authdir_mode_handles_descs(options, ROUTER_PURPOSE_BRIDGE) to authdir_mode_bridge(options).

- authdir_mode_handles_descs(options, ROUTER_PURPOSE_GENERAL) to authdir_mode_v3(options).
2017-06-21 13:49:17 -04:00
huyvq
d92b999757 Convert authdir_mode_handles_descs(options, -1) with authdir_mode(options) 2017-06-21 13:49:17 -04:00
huyvq
0471c905a1 Remove obsolete authdir_mode_any_main() 2017-06-21 13:49:17 -04:00
Kevin Butler
0a96d11539 Better error message for GETINFO desc/(id|name) whenever microdescriptors are in use. Fixes #5847. 2017-06-21 12:19:01 -04:00
Nick Mathewson
ed4bc55450 Replace peek_buf_startswith() with a safe version
It's not okay to assume that the data in a buf_t is contiguous in
the first chunk.
2017-06-21 11:10:58 -04:00
Nick Mathewson
acf65544bb Fix compilation on 1667 code. 2017-06-21 10:35:35 -04:00
Ravi Chandra Padmala
417d778652 Respond meaningfully to HTTP requests on the control port. Fix #1667
(Squashed with bufferevents portions removed, by nickm)
2017-06-21 10:34:26 -04:00
Nick Mathewson
884c0ffe3b Merge branch 'maint-0.3.1' 2017-06-20 20:29:00 -04:00
Nick Mathewson
5537e1fc45 If we successfully decompress an HTTP body, return immediately.
This prevents us from calling
allowed_anonymous_connection_compression_method() on the unused
guessed method (if any), and rejecting something that was already
safe to use.
2017-06-20 12:08:12 -04:00
Nick Mathewson
d8cd68caf1 If a _guessed_ compression method fails, it is never PROTOCOL_WARN.
Rationale: When use a guessed compression method, we already gave a
PROTOCOL_WARN when our guess differed from the declared method,
AND we gave a PROTOCOL_WARN when the declared method failed.  It is
not a protocol problem that the guessed method failed too; it's just
a recovery attempt that failed.
2017-06-20 12:08:11 -04:00
Nick Mathewson
7b3161f008 It should be a PROTOCOL_WARN when we have an incorrect content-encoding.
Rationale: The server did not obey the protocol, and its
content-encoding got munged. That's what PROTOCOL_WARN is for.
2017-06-20 12:08:11 -04:00
Nick Mathewson
9018da06c7 Short-circuit the no-decompression-needed case, for clarity
This commit is mostly just deindentation.
2017-06-20 11:46:54 -04:00
Nick Mathewson
c0e9698fca Extract "decompress" portion of connection_dir_client_reached_eof() 2017-06-20 11:43:37 -04:00
Nick Mathewson
782eb02b79 Send the correct content-encoding when serving cached_dir_t objects
A cached_dir_t object (for now) is always compressed with
DEFLATE_METHOD, but in handle_get_status_vote() to we were using the
general compression-negotiation code decide what compression to
claim we were using.

This was one of the reasons behind 22502.

Fixes bug 22669; bugfix on 0.3.1.1-alpha
2017-06-20 11:26:51 -04:00
Nick Mathewson
2341368515 Merge branch 'maint-0.3.1' 2017-06-20 10:06:19 -04:00
Nick Mathewson
32e486de97 Don't expand guard sample set unless consensus is "reasonably live"
Fixes what I think is the main root cause of 22400. Bugfix on
0.3.0.1-alpha.
2017-06-19 15:48:47 -04:00
Nick Mathewson
e3efc076c5 Downgrade "assign_to_cpuworker failed" to INFO.
Closes ticket 22356
2017-06-19 15:24:33 -04:00
Nick Mathewson
e01e4e0146 Merge branch 'ticket20575_031_01_squashed' 2017-06-19 14:16:21 -04:00
Nick Mathewson
0379439fe8 refer to the correct version 2017-06-19 14:15:04 -04:00
David Goulet
3f807ec058 config: Deprecate HTTPProxy option
Move the HTTPProxy option to the deprecated list so for now it will only warn
users but feature is still in the code which will be removed in a future
stable version.

Fixes #20575

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-19 14:14:17 -04:00
Nick Mathewson
bf95d678e8 Remove an XXXX RD comment that neither Roger or I understand. Closes 22420 2017-06-19 14:06:07 -04:00
Nick Mathewson
f6946d7a82 Merge remote-tracking branch 'arma/ticket22420' 2017-06-19 14:03:57 -04:00
teor
7d535ea9d3
Add extra logging during compression and decompression
This helps diagnose failures.

Part of #22502.
2017-06-16 09:48:18 +10:00
Karsten Loesing
5b5e20a478 Add "fingerprint" line to bridge network status.
Implements #22207.
2017-06-11 10:21:36 +02:00
Nick Mathewson
d15d09a968 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-08 09:21:15 -04:00
Nick Mathewson
c1646d6e89 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-08 09:21:15 -04:00
Nick Mathewson
40bccc2004 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-08 09:21:15 -04:00
Nick Mathewson
dec7998f5c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-08 09:21:15 -04:00
Nick Mathewson
987c7cae70 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-08 09:21:15 -04:00
Nick Mathewson
53011e3e54 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-08 09:21:15 -04:00
Nick Mathewson
83135d75a3 Merge branch 'maint-0.3.0' 2017-06-08 09:21:15 -04:00
David Goulet
56a7c5bc15 TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell
On an hidden service rendezvous circuit, a BEGIN_DIR could be sent
(maliciously) which would trigger a tor_assert() because
connection_edge_process_relay_cell() thought that the circuit is an
or_circuit_t but is an origin circuit in reality.

Fixes #22494

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:21:10 -04:00
Nick Mathewson
9acca04025 Merge branch 'maint-0.3.0' 2017-06-08 09:17:32 -04:00
David Goulet
79b59a2dfc TROVE-2017-004: Fix assertion failure in relay_send_end_cell_from_edge_
This fixes an assertion failure in relay_send_end_cell_from_edge_() when an
origin circuit and a cpath_layer = NULL were passed.

A service rendezvous circuit could do such a thing when a malformed BEGIN cell
is received but shouldn't in the first place because the service needs to send
an END cell on the circuit for which it can not do without a cpath_layer.

Fixes #22493

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:14:10 -04:00
Nick Mathewson
9ab45d621c Merge branch 'maint-0.3.0' 2017-06-06 11:34:11 -04:00
Nick Mathewson
68c3df69de Repair the unit test behavior of my fix for 22508.
Apparently, the unit tests relied on being able to make ed->x509
link certs even when they hadn't set any server flags in the
options.  So instead of making "client" mean "never generate an
ed->x509 cert", we'll have it mean "it's okay not to generate an
ed->x509 cert".

(Going with a minimal fix here, since this is supposed to be a
stable version.)
2017-06-06 11:32:01 -04:00
Nick Mathewson
14ffcc003d Merge branch 'maint-0.3.0' 2017-06-06 09:32:45 -04:00
Nick Mathewson
4ed0f0d62f Make generate_ed_link_cert() a no-op on clients.
Fixes bug 22508; bug not in any released Tor.
2017-06-06 09:32:11 -04:00
Nick Mathewson
e3b1573be6 Merge branch 'maint-0.3.0' 2017-06-05 15:52:06 -04:00
Nick Mathewson
91f49bc0f0 Fix unit tests to work after own_link_cert assertion
The assert_nonfatal() I had added was triggered by some of the code
that tested the pre-ed case of CERTS cell generation.
2017-06-05 15:51:11 -04:00
Nick Mathewson
d5acdadaef Merge branch 'bug22460_030_01' into maint-0.3.0 2017-06-05 15:44:36 -04:00
Nick Mathewson
d1c1dc229e Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-05 15:44:12 -04:00
Nick Mathewson
9fea00928c Merge branch 'bug22460_case2_029_01_squashed' into maint-0.2.9 2017-06-05 15:28:13 -04:00
Nick Mathewson
50facb40bb On v3 link handshake, send the correct link certificate
Previously we'd send the _current_ link certificate, which would
cause a handshaking failure when the TLS context rotated.
2017-06-05 15:27:33 -04:00
Nick Mathewson
2e5220cb8b Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-05 14:38:54 -04:00
Nick Mathewson
4ee48cb434 Fix C89 warning (since Tor 0.2.4-5 still care about that.) 2017-06-05 14:38:38 -04:00
Nick Mathewson
db2f18b1f9 Merge branch 'maint-0.3.0' 2017-06-05 12:02:47 -04:00
Nick Mathewson
578a4392e9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-05 12:02:26 -04:00
Nick Mathewson
d75be189df Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-05 12:02:15 -04:00
Nick Mathewson
33fcc0f61d Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-05 12:01:17 -04:00
Nick Mathewson
3f2d1f7f07 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-05 12:00:41 -04:00
Nick Mathewson
9ea3d0877a Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-05 12:00:27 -04:00
Nick Mathewson
1a540b5792 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-05 12:00:08 -04:00
Nick Mathewson
e3ebae4804 Fix undefined behavior in geoip_parse_entry().
Fixes bug 22490; bugfix on 6a241ff3ff in 0.2.4.6-alpha.

Found by teor using clang-5.0's AddressSanitizer stack-use-after-scope.
2017-06-05 10:09:39 -04:00
Nick Mathewson
26d9fffae4 Merge branch 'bug22466_diagnostic_030' 2017-06-05 09:52:09 -04:00
Nick Mathewson
be741d7e63 Merge branch 'maint-0.3.0' 2017-06-05 09:51:57 -04:00
Nick Mathewson
e5bdfd66cf Make code more clear about own_link_cert safety
It's okay to call add_ed25519_cert with a NULL argument: so,
document that.  Also, add a tor_assert_nonfatal() to catch any case
where we have failed to set own_link_cert when conn_in_server_mode.
2017-06-05 09:35:55 -04:00
rl1987
f8c98759e5 Use string_is_valid_hostname in SOCKS4 request parsing codepath 2017-06-04 13:22:45 +02:00
rl1987
7f05f89663 Don't reject SOCKS5 requests that contain IP strings 2017-06-04 13:14:55 +02:00
rl1987
9e2f780923 Refrain from needless SOCKS5 warning 2017-06-03 18:04:47 +02:00
Nick Mathewson
41ed9e978b Regenerate RSA->ed25519 identity crosscertificate as needed 2017-06-01 10:04:52 -04:00
Nick Mathewson
f2068ef862 Use tor_assert_nonfatal() to try to detect #22466 2017-06-01 09:42:32 -04:00
Nick Mathewson
34a6755b94 Fix ed25519 link certificate race on tls context rotation
Whenever we rotate our TLS context, we change our Ed25519
Signing->Link certificate.  But if we've already started a TLS
connection, then we've already sent the old X509 link certificate,
so the new Ed25519 Signing->Link certificate won't match it.

To fix this, we now store a copy of the Signing->Link certificate
when we initialize the handshake state, and send that certificate
as part of our CERTS cell.

Fixes one case of bug22460; bugfix on 0.3.0.1-alpha.
2017-06-01 09:26:24 -04:00
Nick Mathewson
a9be768959 Bugfix: Regenerate more certificates when appropriate
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it.  Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate.  In both cases, the resulting
inconsistency would make other relays reject our link handshakes.

Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
2017-05-31 18:45:35 -04:00
Nick Mathewson
9d59769db7 Improve error message when all permitted Exits are down
The old "No specified non-excluded exit routers seem to be running"
message was somewhat confusing.

Fix for 7890.
2017-05-30 10:59:04 -04:00
David Goulet
5b33d95a3d hs: Correctly validate v3 descriptor encrypted length
The encrypted_data_length_is_valid() function wasn't validating correctly the
length of the encrypted data of a v3 descriptor. The side effect of this is
that an HSDir was rejecting the descriptor and ultimately not storing it.

Fixes #22447

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-30 10:27:42 -04:00
Nick Mathewson
f9615f9d77 Merge remote-tracking branch 'teor/bug22421' 2017-05-30 08:42:20 -04:00
Andreas Stieger
e5f4642db3 Fix GCC 7 -Wimplicit-fallthrough warnings
Add magic comments recognized by default -Wimplicit-fallthrough=3
or break, as required.
2017-05-30 08:33:27 -04:00
Roger Dingledine
d1580ad49b remove obsolete comment
we should have taken out this comment with commit aadff6274
during ticket 16480.
2017-05-30 02:42:32 -04:00
teor
25ea8be9de
Update the client bootstrap comment in config.c for exponential backoff
This brings the description up to date with the exponential backoff
code introduced in 0.2.9.1-alpha.

Fixes bug #22421.
2017-05-28 21:01:08 +10:00
Roger Dingledine
084b64ba2e simplify because relay_crypt_one_payload can't fail 2017-05-28 01:51:22 -04:00
Nick Mathewson
6fcaf83c98 Cleanup MOCK_IMPL (etc) to be findable with etags
A fair number of our mock_impl declarations were messed up so that
even our special AM_ETAGSFLAGS couldn't find them.

This should be a whitespace-only patch.
2017-05-26 14:07:06 -04:00
Nick Mathewson
ab9976b724 Merge remote-tracking branch 'arma/bug22368' 2017-05-25 08:54:51 -04:00
Roger Dingledine
657297a9f8 Merge branch 'maint-0.3.0' 2017-05-25 00:28:11 -04:00
Roger Dingledine
83439e78cc Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-25 00:27:27 -04:00
teor
ec61ae59a5 Stop leaking keypin-rejected routerinfos on directory authorities
When directory authorities reject a router descriptor due to keypinning,
free the router descriptor rather than leaking the memory.

Fixes bug 22370; bugfix on 0.2.7.2-alpha.
2017-05-25 00:09:40 -04:00
Roger Dingledine
5f74749fba get rid of some dead code (leftover from commit fa04fe1) 2017-05-24 23:37:00 -04:00
Roger Dingledine
d22d565331 add copy of MyFamily element to the descriptor, not the element itself
If we add the element itself, we will later free it when we free the
descriptor, and the next time we go to look at MyFamily, things will
go badly.

Fixes the rest of bug 22368; bugfix on 0.3.1.1-alpha.
2017-05-24 23:37:00 -04:00
Roger Dingledine
a7e75ff796 don't free the values in options->MyFamily when we make a descriptor
If we free them here, we will still attempt to access the freed memory
later on, and also we will double-free when we are freeing the config.

Fixes part of bug 22368.
2017-05-24 23:32:32 -04:00
Nick Mathewson
511c900686 Merge branch 'master' of git-rw.torproject.org:/tor 2017-05-24 10:25:00 -04:00
Nick Mathewson
b80a35e683 Improve the message we log on unexpected dirauth status code
It's still not great, but should be less confusing what's wrong
here.

Closes ticket 1121.
2017-05-24 09:08:59 -04:00
Roger Dingledine
cabad0b6c7 remove unused node_get_published_on function
in retrospect, we should have removed this with commit 1289474d
as part of #11742, which was the last caller of it.
2017-05-24 00:43:44 -04:00
Nick Mathewson
994595ae5d Don't say "downloading 1 descriptor, 4 at a time"
Fixes bug 19648, bugfix on 0.1.1.8-alpha.
2017-05-23 09:47:11 -04:00
Roger Dingledine
4e3ea6d5c8 fix minor grammar error in comment 2017-05-22 20:06:38 -04:00
Alexander Færøy
9604980733 Log a warning if we receive a disallowed compression method for an anonymous connection.
See: https://bugs.torproject.org/22305
2017-05-22 15:52:41 +00:00
Nick Mathewson
9a50c73104 Merge remote-tracking branch 'ahf/bugs/22305' 2017-05-22 10:57:26 -04:00
Alexander Færøy
5a0eab68e1 Ensure that only GZip and Zlib compression is handled for anonymous connections.
See: https://bugs.torproject.org/22305
2017-05-22 14:45:12 +00:00
Alexander Færøy
2b26ac1390 Refactor error path handling in connection_dir_client_reached_eof().
This patch lifts the return value, rv, variable to the beginning of the
function, adds a 'done' label for clean-up and function exit and makes
the rest of the function use the rv value + goto done; instead of
cleaning up in multiple places.

See: https://bugs.torproject.org/22305
2017-05-22 14:42:18 +00:00
Nick Mathewson
cfe0a45750 Fix a compilation warning about duplicate typedef 2017-05-22 10:39:43 -04:00
Nick Mathewson
e5a929fef8 Raise common code for creating circuit_guard_state_t
This will help if we ever need to add more fields or change the
semantics of existing fields.
2017-05-22 09:13:18 -04:00
Nick Mathewson
b2e9a107b7 Merge remote-tracking branch 'asn/bug21969_bridges' 2017-05-22 09:09:16 -04:00
George Kadianakis
52498b8183 Set guard state on bridge descriptor fetches.
We used to not set the guard state in launch_direct_bridge_descriptor_fetch().
So when a bridge descriptor fetch failed, the guard subsystem would never
learn about the fail (and hence the guard's reachability state would not
be updated).
2017-05-22 15:57:33 +03:00
George Kadianakis
6009c89165 Set guard state on bridge descriptor fetches.
We used to not set the guard state in launch_direct_bridge_descriptor_fetch().
So when a bridge descriptor fetch failed, the guard subsystem would never
learn about the fail (and hence the guard's reachability state would not
be updated).
2017-05-22 15:56:32 +03:00
George Kadianakis
e102ad60d0 Refactor directory_initiate_command() so that it accepts guard_state. 2017-05-22 15:45:46 +03:00
Alexander Færøy
26795da900 Don't add "Accept-Encoding" header if directory connection is anonymous.
See: https://bugs.torproject.org/22305
2017-05-22 12:36:27 +00:00
Nick Mathewson
90894c87a5 Merge branch 'maint-0.3.0' 2017-05-22 08:32:18 -04:00
Nick Mathewson
5c52d3c2c0 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-22 08:32:07 -04:00
Roger Dingledine
6e5486b11a dir auths reject 0.2.9.x for x<5, due to bug 20499
Directory authorities now reject relays running versions
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
suffer from bug 20499 and don't keep their consensus cache
up-to-date.

Resolves ticket 20509.
2017-05-22 08:31:39 -04:00
Roger Dingledine
a18b41cc77 fix typo in comment 2017-05-19 22:14:56 -04:00
Nick Mathewson
4e6b13a38a Fix uninitialized-variable warning on options_init_from_string(). 2017-05-19 15:18:27 -04:00
Nick Mathewson
69ef94820b Merge branch 'add_rust_squashed' 2017-05-19 08:47:18 -04:00
Sebastian Hahn
f8ef7c65d1 Add some Rust utility functions and print support
This gives an indication in the log that Tor was built with Rust
support, as well as laying some groundwork for further string-returning
APIs to be converted to Rust
2017-05-19 08:47:10 -04:00
Nick Mathewson
92d335b3dc Merge remote-tracking branch 'jigsaw/torrc-dir-fix-1922_squashed2' 2017-05-19 08:46:13 -04:00
Nick Mathewson
d34fa32ece Merge branch 'ticket21953_029' 2017-05-19 06:49:04 -04:00
Nick Mathewson
15cc41e664 Define HeapEnableTerminationOnCorruption if the headers don't.
MSDN says that it's always going to be 1, and they're usually pretty
accurate about that.

Fixes a bug in 21953.
2017-05-19 06:46:49 -04:00
Roger Dingledine
553cd7f0c5 fix typo 2017-05-19 02:06:44 -04:00
Daniel Pinto
ba3a5f82f1 Add support for %include funcionality on torrc #1922
config_get_lines is now split into two functions:
 - config_get_lines which is the same as before we had %include
 - config_get_lines_include which actually processes %include
2017-05-18 23:44:16 +01:00
Nick Mathewson
b214c2c095 Merge branch 'maint-0.3.0' 2017-05-18 10:06:27 -04:00
Nick Mathewson
935cd77f62 Merge branch 'bug22252_029' into maint-0.3.0 2017-05-18 10:06:06 -04:00
Nick Mathewson
2ba58f275c Fix crash when starting with LearnCircuitBuildTimeout 0.
Before we've set our options, we can neither call get_options() nor
networkstatus_get_latest_consensus().

Fixes bug 22252; bugfix on 4d9d2553ba
in 0.2.9.3-alpha.
2017-05-16 11:20:12 -04:00
Nick Mathewson
bbeba2412e Fix resource leak in parse_consensus_request()
We were allocating diff_hash_in_url on some URLs, but not freeing it.

Fixes CID 1409669.  Bug not in any released Tor.
2017-05-16 10:47:41 -04:00
Nick Mathewson
2ca827104d Report deleted consensuses as NOT_FOUND rather than AVAILABLE
This bug happened because of a bogus pointer check in
consdiffmgr_find_consensus(), not in any released Tor.

Fixes CID 1409670.  Good catch, Coverity!
2017-05-16 10:44:24 -04:00
Nick Mathewson
d29f494ec2 Merge branch 'maint-0.3.0' 2017-05-16 08:39:36 -04:00
Nick Mathewson
492f8a7c44 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-16 08:39:22 -04:00
Nick Mathewson
a7bcab2639 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-05-16 08:38:59 -04:00
teor
5b45d73293
Update fallback directory mirrors in May 2017
Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
December 2016 (of which ~126 were still functional), with a list of
151 fallbacks (32 new, 119 existing, 58 removed) generated in May 2017.

Resolves ticket 21564.
2017-05-16 19:02:42 +10:00
Nick Mathewson
a546487287 Merge branch 'maint-0.3.0' 2017-05-15 18:24:38 -04:00
Nick Mathewson
294d80044d remove a variable I missed 2017-05-15 18:16:58 -04:00
Nick Mathewson
d3279d4304 Do not try to uncompress an empty spool 2017-05-15 18:13:38 -04:00
Nick Mathewson
460b923026 fix a memory leak 2017-05-15 18:13:20 -04:00
Nick Mathewson
f9d8ade912 Dircache protocol version 2 adds support for diffs 2017-05-15 17:53:36 -04:00
Nick Mathewson
da6b00443c Try not to mess up caches with the X-Or-Diff-From-Consensus header 2017-05-15 17:53:15 -04:00
Nick Mathewson
4531fdbbff Split consensus-request parsing into a separate function
This ought to make the control flow a tiny bit more readable.
2017-05-15 17:51:53 -04:00
Nick Mathewson
eb3c8d376d Prop140, continued: accept "diff/<HASH>" in URLs, per proposal. 2017-05-15 17:42:17 -04:00
Nick Mathewson
afef059795 Merge remote-tracking branch 'public/prop140_aftermath_cfg' 2017-05-15 17:26:47 -04:00
Nick Mathewson
dae1242532 Merge branch 'ahf_bugs_21667_2_squashed' 2017-05-15 17:22:12 -04:00
Alexander Færøy
9e3f304113 Fix dir_handle_get/... test-cases for prop#278 support.
See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Alexander Færøy
008194035f Handle non-compressed requests gracefully.
This patch makes us use FALLBACK_COMPRESS_METHOD to try to fetch an
object from the consensus diff manager in case no mutually supported
result was found. This object, if found, is then decompressed using the
spooling system to the client.

See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Alexander Færøy
8d730af0f7 Remove old consensus fetching code from handle_get_current_consensus().
This patch removes the calls to spooled_resource_new() when trying to
download the consensus. All calls should now be going through the
consdiff manager.

See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Alexander Færøy
fade313ba3 Fix too wide line from make check-spaces.
See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Alexander Færøy
ae33deb91d Check for best consensus when no consensusdiff was found.
This patch ensures that we use the current consensus in the case where
no consensus diff was found or a consensus diff wasn't requested.

See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Nick Mathewson
7591518d16 Copy valid/fresh-until and signatories values into diffs. 2017-05-15 17:21:55 -04:00
Nick Mathewson
fd1190581d Store fresh/valid-until and signatories values on all consensus objects. 2017-05-15 17:21:55 -04:00
Nick Mathewson
dcc533fb13 Implement functions to expose valid/fresh-until and voters
These still won't do anything till I get the values to be filled in.

Also, I changed the API a little (with corresponding changes in
directory.c) to match things that it's easier to store.
2017-05-15 17:21:55 -04:00
Nick Mathewson
2f06345db3 Move stub accessor functions a level higher, to consdiffmgr 2017-05-15 17:21:55 -04:00
Alexander Færøy
ef2a62b2ff Fetch the current consensus from the conscache subsystem.
This patch changes handle_get_current_consensus() to make it read the
current consensus document from the consensus caching subsystem.

See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Nick Mathewson
3b8888c544 Initialize the HS cache at startup
Failure to do this caused an assertion failure with #22246 . This
assertion failure can be triggered remotely, so we're tracking it as
medium-severity TROVE-2017-002.
2017-05-15 13:49:29 -04:00
Nick Mathewson
71a21256b0 Merge branch 'bug22245_024' 2017-05-15 11:46:55 -04:00
Nick Mathewson
a6514b8a20 Fix a logic error in hibernate.c
Closes bug 22245; bugfix on 0.0.9rc1, when bandwidth accounting was
first introduced.

Found by Andrey Karpov and reported at https://www.viva64.com/en/b/0507/
2017-05-15 11:43:18 -04:00
Nick Mathewson
0e348720fc Fix assertion to actually have a chance of failing
This assertion can only fail if we mess up some of our other code,
but let's try to get it right.

Closes 22244.
2017-05-15 11:27:12 -04:00
Nick Mathewson
1ec45bb546 Merge branch 'bug18100_029' 2017-05-15 11:19:44 -04:00
Nick Mathewson
4473271c66 Fix the TRPOXY typo in connection_edge.c
Also add a get_options() call so it compiles.

Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from "d4fq0fQAgoJ".
2017-05-15 11:16:50 -04:00
Nick Mathewson
d3a39cf8d0 Merge remote-tracking branch 'public/bug20270_029' 2017-05-15 10:45:20 -04:00
Alexander Færøy
363f4b8db5
Add stub functions for querying metadata about the consensus. 2017-05-13 01:05:15 +02:00
Alexander Færøy
64116ab97f
Fix tautological constant out-of-range comparison warnings. 2017-05-12 17:59:29 +02:00
Alexander Færøy
a1e8ef0076
Fix DoubleNL warning from make check-spaces. 2017-05-12 17:57:11 +02:00
Nick Mathewson
077d3085ec
actually enable background compresion for consensuses 2017-05-12 17:45:55 +02:00
Nick Mathewson
db370bb8a8
Test fix: expect old consensuses to be deleted if not deflate-compressed 2017-05-12 17:45:44 +02:00
Nick Mathewson
30dfb36148
consdiffmgr: Reload latest consensus entries on start. 2017-05-12 17:45:33 +02:00
Nick Mathewson
8100305e71
consdiffmgr: expose cached consensuses 2017-05-12 17:45:24 +02:00
Nick Mathewson
7b0dcf5c4a
Cleanup logic: only retain zlib-compressed consensuses
Now that we're making a bunch of these with consdiffmgr, we should
throw out all but one when we get a newer consensus.
2017-05-12 17:45:15 +02:00
Nick Mathewson
151cd121a2
consdiffmgr: compress incoming consensuses in the background
Also, compress them in several ways.

This breaks the unit tests; subsequent commits will make them pass
again.
2017-05-12 17:45:07 +02:00
Nick Mathewson
6da31ec484
consdiffmgr: Extract the code for compressing and storing
We're going to use this for consensuses too.
2017-05-12 17:44:55 +02:00
Alexander Færøy
7a3efe25d9
Use different preferences for compression methods when streaming.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
141f6e3211
Add client_meth_pref array to define client compression preference.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
59d17ca2bb
Fix indentation when using the ternary operator in handle_get_status_vote().
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
ef187bc280
Use compression_method_get_human_name() in connection_dir_client_reached_eof()
This patch refactors connection_dir_client_reached_eof() to use
compression_method_get_human_name() to set description1 and
description2 variables.

See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
f8218b5ada
Use compression_method_get_by_name() instead of explicit checks.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
cf2f7a1bea
Decide compression method in the various handle_* functions().
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
a3a31fa120
Send "Accept-Encoding" to directory servers.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
6305637197
Use tor_compress_supports_method() instead of constants.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
61b6de5906
Handle Zstandard and LZMA in our check for correct guessed compression.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
fbef257c43
Handle x-zstd and x-tor-lzma in parse_http_response().
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
ca632144e5
Use dir_compressed(_len) instead of dir_z(_len).
This patch renames `dir_z` to `dir_compressed` and `dir_z_len` to
`dir_compressed_len`.

See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Nick Mathewson
4410271446 Merge branch 'ticket21953_029' 2017-05-12 08:40:30 -04:00
Nick Mathewson
503f101d2b Enable some windows hardening features
One (HeapEnableTerminationOnCorruption) is on-by-default since win8;
the other (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) supposedly only
affects ATL, which (we think) we don't use.  Still, these are good
hygiene. Closes ticket 21953.
2017-05-11 16:39:02 -04:00
Nick Mathewson
9905659573 Merge remote-tracking branch 'arma/cleanup22213' 2017-05-11 09:20:12 -04:00
Nick Mathewson
6390a0c3b6 Merge branch 'ticket21871_031_03_squashed' 2017-05-11 08:33:32 -04:00
David Goulet
ae1d4cfdad prop224: Change encryption keys descriptor encoding
A descriptor only contains the curve25519 public key in the enc-key field so
the private key should not be in that data structure. The service data
structures will have access to the full keypair (#20657).

Furthermore, ticket #21871 has highlighted an issue in the proposal 224 about
the encryption key and legacy key being mutually exclusive. This is very wrong
and this commit fixes the code to follow the change to the proposal of that
ticket.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-11 08:33:26 -04:00
Roger Dingledine
8f1ddf0cd2 Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value
We already have a way to return a 400 response code along with a
personalized message response for the uploader.

Resolves ticket 22213.
2017-05-10 20:03:07 -04:00
Roger Dingledine
466e27feae simplify functions now that they don't use options param 2017-05-10 17:57:35 -04:00
Roger Dingledine
2330a3713d Merge branch 'maint-0.3.0' 2017-05-10 17:36:34 -04:00
Roger Dingledine
716d48581d resolve now-unused parameter from #21642 fix 2017-05-10 17:35:36 -04:00
Nick Mathewson
1a497dcd1e Merge branch 'maint-0.3.0' 2017-05-10 16:28:07 -04:00
Nick Mathewson
a868b84599 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-10 16:27:15 -04:00
Nick Mathewson
8f5da804da Merge branch 'prop275_minimal_029' into maint-0.2.9 2017-05-10 16:26:45 -04:00
Nick Mathewson
ee3ccd2fac #22211 Fix a comment in routerparse.c 2017-05-10 11:16:07 -04:00
Nick Mathewson
d76cffda60 Merge remote-tracking branch 'public/my-family-list-fix-4498' 2017-05-10 11:12:24 -04:00
Nick Mathewson
8266d193a6 Restore wget behavior when fetching compressed objects
We do this by treating the presence of .z as meaning ZLIB_METHOD,
even if Accept-Encoding does not include deflate.

This fixes bug 22206; bug not in any released tor.
2017-05-10 11:09:52 -04:00
Nick Mathewson
5dab99d6a8 Fix compilation on libevent2-only systems
Patch from rubiate; fixes bug 22219.  Remember, we don't support
libevent1 any more.
2017-05-10 11:08:49 -04:00
Roger Dingledine
0266c4ac81 add an XXX with a minor bug in dirserv_add_multiple_descriptors 2017-05-10 03:11:29 -04:00
Nick Mathewson
9f5b71a7ca Add a check and a cast in rephist.c to fix a warning 2017-05-09 11:13:22 -04:00
Nick Mathewson
b2cb3c33ac Tidy or_options_t by removing obsolete options.
Nothing was setting or inspecting these fields, and they were marked
as OBSOLETE() in config.c -- but somehow we still had them in the
or_options_t structure.  Ouch.
2017-05-09 10:40:24 -04:00
Nick Mathewson
2a1013948d Merge branch 'dgoulet_ticket22060_031_01_squashed' 2017-05-09 10:32:21 -04:00
David Goulet
b867295ffd config: Parse ports at the start of options_validate()
There was a bug that got exposed with the removal of ORListenAddress. Within
server_mode(), we now only check ORPort_set which is set in parse_ports().

However, options_validate() is using server_mode() at the start to check if we
need to look at the uname but then the ORPort_set is unset at that point
because the port parsing was done just after. This commit fixes that.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
7f95ef6e66 config: Remove {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
039e2a24da config: Remove TLSECGroup option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
8aedc589ed config: Remove WarnUnsafeSocks option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
60cf5ac297 config: Remove CloseHSServiceRendCircuitsImmediatelyOnTimeout option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
87e9dc48d1 config: Remove CloseHSClientCircuitsImmediatelyOnTimeout option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
bc34654ba2 config: Remove FastFirstHopPK option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
09bc858dd5 config: Remove ExcludeSingleHopRelays option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
d52a1e2faa config: Remove AllowSingleHopExits option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
fea72571df config: Remove AllowSingleHopCircuits option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
2b9823b310 config: Remove AllowInvalidNodes option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:51 -04:00
Nick Mathewson
ff7e8531ec Report common reasons for rejecting a relay before uncommon ones
"You're running 0.2.2; upgrade!" is more sensible than "You have no
ntor key!"

Closes ticket 20270; bugfix on 0.2.9.3-alpha.
2017-05-09 10:28:51 -04:00
Nick Mathewson
b8abedfeee Split MyFamily into user-specified version and normalized version
This change prevents a no-longer-supported behavior where we change
options that would later be written back to torrc with a SAVECONF.

Also, use the "Pointer to final pointer" trick to build the
normalized list, to avoid special-casing the first element.
2017-05-09 08:19:26 -04:00
Nick Mathewson
7751df61ca Fix a warning about a shadowed global 2017-05-09 07:25:52 -04:00
Nick Mathewson
ef2248d09b Fix a warning about an extraneous semicolon 2017-05-09 07:25:34 -04:00
Nick Mathewson
2e4f3b36bd clang-i386: use house style for public-when-testing variables
This fixes a warning from jenkins.
2017-05-08 15:38:05 -04:00
Nick Mathewson
4d6c79d1de Fix some clang-i386 warnings in master. 2017-05-08 15:34:37 -04:00
Nick Mathewson
fb97f76e71 whitespace fixes 2017-05-08 13:57:08 -04:00
Nick Mathewson
4d30dde156 Merge branch 'netflow_padding-v6-rebased2-squashed' 2017-05-08 13:54:59 -04:00
Mike Perry
02a5835c27 Fix issues from dgoulet's code review.
https://gitlab.com/dgoulet/tor/merge_requests/24
2017-05-08 13:49:23 -04:00
Mike Perry
687a85950a Cache netflow-related consensus parameters.
Checking all of these parameter lists for every single connection every second
seems like it could be an expensive waste.

Updating globally cached versions when there is a new consensus will still
allow us to apply consensus parameter updates to all existing connections
immediately.
2017-05-08 13:49:23 -04:00
Mike Perry
76c9330f9d Bug 17604: Converge on only one long-lived TLS conn between relays.
Accomplished via the following:

1. Use NETINFO cells to determine if both peers will agree on canonical
   status. Prefer connections where they agree to those where they do not.
2. Alter channel_is_better() to prefer older orconns in the case of multiple
   canonical connections, and use the orconn with more circuits on it in case
   of age ties.

Also perform some hourly accounting on how many of these types of connections
there are and log it at info or notice level.
2017-05-08 13:49:22 -04:00
Mike Perry
d5a151a067 Bug 17592: Clean up connection timeout logic.
This unifies CircuitIdleTimeout and PredictedCircsRelevanceTime into a single
option, and randomizes it.

It also gives us control over the default value as well as relay-to-relay
connection lifespan through the consensus.

Conflicts:
	src/or/circuituse.c
	src/or/config.c
	src/or/main.c
	src/test/testing_common.c
2017-05-08 13:49:22 -04:00
Mike Perry
b0e92634d8 Netflow record collapsing defense.
This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.

Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.

The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.

The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.

Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.
2017-05-08 13:49:21 -04:00
Nick Mathewson
9decf86711 Merge remote-tracking branch 'dgoulet/ticket21978_031_02' 2017-05-05 16:32:25 -04:00
Nick Mathewson
c276c10d3b Turn consdiffmgr.cache_max_age_hours into a parameter 2017-05-05 09:11:06 -04:00
Nick Mathewson
c985592874 prop140 clients now only try to get diffs from recent consensuses
Rationale: If it's a year old, the relay won't have a diff to it.

This is as specified in prop140
2017-05-05 09:11:06 -04:00
Alexander Færøy
60e97953ef
Fix memory leak found in CID #1405876. 2017-05-05 11:35:12 +02:00
Nick Mathewson
c6fe65fcaf Grammar fix in a log message 2017-05-04 08:58:06 -04:00
Nick Mathewson
baf489fc08 Fix: our directory.c code expects header constants to end with a : 2017-05-04 08:57:34 -04:00
Nick Mathewson
6beb7028d8 Do not BUG on missing sha3-as-signed field
This can happen if you've been running an earlier alpha on your
relay.  Instead, just ignore the entry.
2017-05-04 08:50:21 -04:00
Nick Mathewson
e1d31f2a2f Update the consdiff directory code based on #22143 fixes
These are mostly just identifier renames, except for one place in
routerparse.c where we switch to using a correct hash.
2017-05-04 08:49:02 -04:00
Nick Mathewson
a8eccb6363 Turn DEFAULT_IF_MODIFIED_SINCE_DELAY into a const 2017-05-04 08:37:41 -04:00
Nick Mathewson
c12d2cb2dc Request (and try to use) consensus diffs. 2017-05-04 08:37:41 -04:00
Nick Mathewson
912b0641e9 Generate X-Or-Diff-From-Consensus headers correctly. 2017-05-04 08:37:41 -04:00
Nick Mathewson
94ae99067f Remove excess indentation from previous commit.
Review this with 'diff -b' to confirm
2017-05-04 08:37:41 -04:00
Nick Mathewson
afa39cef6c Extract the consensus-only part of directory_get_from_dirserver
Right now it just sets an if-modified-since header, but it's about
to get even bigger.

This patch avoids changing indentation; the next patch will be
whitespace fixes.
2017-05-04 08:37:41 -04:00
Nick Mathewson
57710c1587 New function to add additional headers to a directory request 2017-05-04 08:37:41 -04:00
Nick Mathewson
112286338b Store the sha3 of a networkstatus as part of the networkstatus_t
Also store it in the cached_dir_t.
2017-05-04 08:37:41 -04:00
Nick Mathewson
0418357ffd Serve consensus diffs on request. 2017-05-04 08:37:41 -04:00
Nick Mathewson
e5f82969ca Support writing Content-Encoding headers other than deflate
Right now this only sends "deflate" or "identity", but there's more
to come.
2017-05-04 08:37:41 -04:00
Nick Mathewson
e051c47e98 Remove old unused indentation from handle_get_current_consensus
This commit removes a pair of meaningless braces, and changes
whitespace only.
2017-05-04 08:37:41 -04:00
Nick Mathewson
a32083bd03 Add consensus_cache_entry spooling support to spooled_resource_t 2017-05-04 08:37:41 -04:00
Nick Mathewson
3af9704e45 bug#22143/prop#140: in consdiffmgr, store and use digest-as-signed
We need to index diffs by the digest-as-signed of their source
consensus, so that we can find them even from consensuses whose
signatures are encoded differently.
2017-05-04 08:36:50 -04:00
Nick Mathewson
c8baa9b783 bug#22143/prop#140: Use <n>,$d commands in diffs to remove signatures
In this patch I add support for "delete through end of file" in our
ed diff handler, and generate our diffs so that they remove
everything after in the consensus after the signatures begin.
2017-05-04 08:36:50 -04:00