nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-13 14:43:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
30,013 Commits 53 Branches 630 Tags 125 MiB
81a5448c18
Commit Graph

30013 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Mathewson
81a5448c18 Changes file for feature27244 2018-09-11 11:54:37 -04:00
Nick Mathewson
04bb70199b Followup: Make authority_cert_parse_from_string() take length too 2018-09-11 11:43:26 -04:00
Nick Mathewson
7e3005af30 Replace "read consensus from disk" with "map consensus from disk". 
Implements 27244, and should save a bunch of RAM on clients.
 2018-09-11 11:43:26 -04:00
Nick Mathewson
abaca3fc8c Revise networkstatus parsing code to use lengths 
This way the networkstatus can be parsed without being
NUL-terminated, so we can implement 27244 and mmap our consensus objects.
 2018-09-11 11:43:26 -04:00
Nick Mathewson
e014b72b73 Stop memcpy'ing uncompressed consensuses when making diffs 2018-09-11 11:16:50 -04:00
Nick Mathewson
5595b21227 Consdiff: use lengths on inputs so they don't need NUL at the end 
This is part of #27244, so that we can safely mmap consensus
documents.
 2018-09-11 11:16:50 -04:00
Nick Mathewson
e5601f14ed Initialize 't' in ge25519_scalarmult_base_niels() 
OSS-Fuzz's version of memorysanitizer can't tell that this value is
not going to be used unsafely.
 2018-09-11 10:35:18 -04:00
Nick Mathewson
b87a95289b Copy changelogs and releasenotes to master 2018-09-10 10:03:01 -04:00
Nick Mathewson
ba2cc781ef Merge branch 'maint-0.3.4' 
"ours" to avoid version bump.
 2018-09-10 09:42:50 -04:00
Nick Mathewson
96601a6805 Bump to 0.3.4.8-dev 2018-09-10 09:42:40 -04:00
Nick Mathewson
7a343ecec5 Merge branch 'maint-0.3.3' into maint-0.3.4 
"ours" to avoid version bump.
 2018-09-10 09:42:22 -04:00
Nick Mathewson
05f5f65006 Bump to 0.3.3.10-dev. 2018-09-10 09:42:12 -04:00
Nick Mathewson
8cfca28be2 Merge branch 'maint-0.3.2' into maint-0.3.3 
"ours" to avoid version bump.
 2018-09-10 09:41:55 -04:00
Nick Mathewson
8408331b3e Merge branch 'maint-0.2.9' into maint-0.3.2 
"ours" to avoid version bump.
 2018-09-10 09:41:39 -04:00
Nick Mathewson
ec4a7641f1 Bump to 0.3.2.12-dev 2018-09-10 09:41:34 -04:00
Nick Mathewson
b203dedaf5 Bump to 0.2.9.17-dev 2018-09-10 09:41:22 -04:00
Nick Mathewson
a52d5d5309 Refactor initialization in curve25519_basepoint_spot_check 
This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.
 2018-09-09 10:21:13 -04:00
Roger Dingledine
776c1a5d1a make ipv6-only config complaint clearer 
(a relay operator hit this on #tor-relays and couldn't make sense
of it. i couldn't either until i went to go read the code.)
 2018-09-08 17:08:22 -04:00
Nick Mathewson
9f0e8d8c03 Merge branch 'maint-0.3.4' 2018-09-07 15:14:03 -04:00
Nick Mathewson
0d5aaef465 Merge branch 'maint-0.3.3' into maint-0.3.4 
"ours" to avoid bump.
 2018-09-07 15:12:27 -04:00
Nick Mathewson
cff7cb858b Merge branch 'maint-0.3.2' into maint-0.3.3 
"ours" to avoid bump
 2018-09-07 15:12:09 -04:00
Nick Mathewson
36885f34f6 Merge branch 'maint-0.2.9' into maint-0.3.2 
"ours" to avoid bump
 2018-09-07 15:11:49 -04:00
Nick Mathewson
43e400f340 Bump to 0.3.3.10 2018-09-07 15:11:18 -04:00
Nick Mathewson
cdaf9aec8e Bump to 0.3.2.12 2018-09-07 15:11:07 -04:00
Nick Mathewson
da29074fc4 Bump to 0.2.9.17 2018-09-07 15:10:49 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side. 
Also update some client auth test vectors that broke...
 2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object 
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5e1d36c7db bug: Use PATH_SEPARATOR instead of slash 
In function get_fname_suffix, previously it uses /, but in fact it
should use PATH_SEPARATOR.
 2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging 
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes 
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public 
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function 
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
69fb25b0f6 test: HS v3 descriptor decoding with client authorization 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key 
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding 
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic 
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file 
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fd6bec923c test: HS v3 descriptor encoding with client authorization 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie 
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
0dab4ac2dd test: HS v3 building a descriptor with client auth 
This commit tests that the descriptor building result, when the client
authorization is enabled, includes everything that is needed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00