Commit Graph

407 Commits

Author SHA1 Message Date
Nick Mathewson
0bc1241494 Make sure that we send at least some random data in RELAY_DATA cells
Proposal 289 prevents SENDME-flooding by requiring the other side to
authenticate the data it has received.  But this data won't actually
be random if they are downloading a known resource.  "No problem",
we said, "let's fell the empty parts of our cells with some
randomness!" and we did that in #26871.

Unfortunately, if the relay data payloads are all completely full,
there won't be any empty parts for us to randomize.

Therefore, we now pick random "randomness windows" between
CIRCWINDOW_INCREMENT/2 and CIRCWINDOW_INCREMENT. We remember whether we have
sent a cell containing at least 16 bytes of randomness in that window.  If we
haven't, then when the window is exhausted, we send one.  (This window approach
is designed to lower the number of rng checks we have to do.  The number 16 is
pulled out of a hat to change the attacker's guessing difficulty to
"impossible".)

Implements 28646.
2019-05-27 14:20:07 +03:00
Nick Mathewson
e6b862e6a8 Merge branch 'ticket30428_041_02_squashed' 2019-05-22 11:48:43 -04:00
David Goulet
3835a3acf5 sendme: Properly record SENDMEs on both edges
Turns out that we were only recording the "b_digest" but to have
bidirectionnal authenticated SENDMEs, we need to use the "f_digest" in the
forward cell situation.

Because of the cpath refactoring, this commit plays with the crypt_path_ and
relay_crypto_t API a little bit in order to respect the abstractions.

Previously, we would record the cell digest as the SENDME digest in the
decrypt cell function but to avoid code duplication (both directions needs to
record), we now do that right after iff the cell is recognized (at the edge).
It is now done in circuit_receive_relay_cell() instead.

We now also record the cell digest as the SENDME digest in both relay cell
encryption functions since they are split depending on the direction.
relay_encrypt_cell_outbound() and relay_encrypt_cell_inbound() need to
consider recording the cell digest depending on their direction (f vs b
digest).

Fixes #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
59b9eecc19 sendme: Record cell digest on both client and exit
It turns out that only the exit side is validating the authenticated SENDME v1
logic and never the client side. Which means that if a client ever uploaded
data towards an exit, the authenticated SENDME logic wouldn't apply.

For this to work, we have to record the cell digest client side as well which
introduced a new function that supports both type of edges.

This also removes a test that is not valid anymore which was that we didn't
allow cell recording on an origin circuit (client).

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
Nick Mathewson
66eb0a5a32 updateCopyright: look at the current year. 2019-05-20 12:02:20 -04:00
Nick Mathewson
2f31c8146f rectify_include_paths: warn instead of aborting on duplicate headers
We have two sendme.h files at the moment; we should fix that, but
not in this branch.
2019-05-20 11:52:45 -04:00
Mike Perry
84274000d8 Yes, these functions really do have to be this long. 2019-05-16 20:29:09 +00:00
David Goulet
39a14421b1 Merge branch 'tor-github/pr/1021'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-15 15:35:22 -04:00
George Kadianakis
d71fa707dd Merge branch 'bug28780-squashed3-rebased' into bug28780_rebase 2019-05-15 16:46:51 +03:00
Mike Perry
ff2a980935 The practracker beatings will continue until the files get smaller. 2019-05-15 16:44:59 +03:00
Mike Perry
5f47d582d5 Practracker beatings are even more fun when they get caused mid-PR due to a github auto-rebase of a PR
Because github PRs choose the most recent origin/master at the time of the PR
(and for any fixups pushed to a PR later to send to CI), there are tons of
conflicts and unexpected practracker issues.

This means CI can suddenly fail after fixups to a branch that pass locally.

Then CI fails and we have to close and re-open the PR.
2019-05-15 15:10:48 +03:00
Nick Mathewson
b9f50a2d77 update practracker for tor_init 2019-05-14 19:56:20 -04:00
Nick Mathewson
dd537ba35f Update practracker for 30452 2019-05-14 19:22:35 -04:00
Nick Mathewson
43d4119454 Merge remote-tracking branch 'tor-github/pr/1004' 2019-05-14 11:43:10 -04:00
Nick Mathewson
9ad2eb8f73 Merge branch 'bug28683_30173_29203_squashed' 2019-05-13 14:33:31 -04:00
Mike Perry
507df74b31 The practracker beatings will continue until the functions get smaller. 2019-05-13 14:30:35 -04:00
Nick Mathewson
c6523a6398 Merge remote-tracking branch 'tor-github/pr/998' 2019-05-13 14:25:54 -04:00
George Kadianakis
501d1ae0bd Merge branch 'tor-github/pr/973' 2019-05-10 12:49:01 +03:00
Neel Chauhan
3cafdeb8c0 Only call tor_addr_parse() in circuit_is_acceptable() when needed 2019-05-07 11:52:56 -04:00
George Kadianakis
7f2cd6545c Hiding crypt_path_t: Hide 'crypto' usage in sendme.c 2019-05-03 18:29:51 +03:00
George Kadianakis
593b7726e9 Hiding crypt_path_t: Trivial changes to satisfy check-local. 2019-05-03 18:15:26 +03:00
David Goulet
b3492d53c3 Merge branch 'tor-github/pr/984'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-03 10:56:12 -04:00
George Kadianakis
b2c2cb9287 Merge branch 'tor-github/pr/986' 2019-05-02 18:12:52 +03:00
Nick Mathewson
0f365e2f46 practracker updates. 2019-05-02 09:22:13 -04:00
Mike Perry
e1771aeb51 The practracker beatings will continue until our files get smaller. 2019-05-01 21:04:40 +00:00
Taylor Yu
8e7316bae4 Split reply formatting out of control_fmt.c
Split the core reply formatting code out of control_fmt.c into
control_proto.c.  The remaining code in control_format.c deals with
specific subsystems and will eventually move to join those subsystems.
2019-04-30 13:18:46 -05:00
George Kadianakis
9084a90b00 Merge branch 'tor-github/pr/936' 2019-04-30 19:21:15 +03:00
George Kadianakis
a44aca5453 Merge branch 'tor-github/pr/993' 2019-04-30 19:13:57 +03:00
George Kadianakis
86f8dfe419 Merge branch 'tor-github/pr/983' 2019-04-30 19:13:30 +03:00
David Goulet
43c119fedb Merge branch 'tor-github/pr/980'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-30 11:50:36 -04:00
Nick Mathewson
b5a62b1ef5 Move dirauth periodic events into dirauth module.
Closes ticket 30294.
2019-04-30 11:14:59 -04:00
David Goulet
535ba0d7c5 practracker: Update exceptions for #26288
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:27:53 -04:00
Nick Mathewson
1d44ac9acd Make nodelist_get_list() return a const pointer. 2019-04-26 10:36:49 -04:00
Nick Mathewson
01b07c548b Use parsing code for the simpler controller commands.
(This should be all of the command that work nicely with positional
arguments only.)

Some of these commands should probably treat extra arguments as
incorrect, but for now I'm trying to be careful not to break
any existing users.
2019-04-25 14:13:03 -04:00
Nick Mathewson
dbfe1a14e4 When parsing a multiline controller command, be careful with linebreaks
The first line break in particular was mishandled: it was discarded
if no arguments came before it, which made it impossible to
distinguish arguments from the first line of the body.

To solve this, we need to allocate a copy of the command rather than
using NUL to separate it, since we might have "COMMAND\n" as our input.

Fixes ticket 29984.
2019-04-25 14:13:03 -04:00
Nick Mathewson
d0a0f3e8cd Allow do_resolve() to be longer. 2019-04-24 14:15:18 -04:00
teor
de91b83849
practracker: Accept ~80 extra lines in src/core/or/policies.c
Part of 23588.
2019-04-24 17:31:02 +10:00
Nick Mathewson
15d4238383 Merge remote-tracking branch 'tor-github/pr/944' 2019-04-23 15:39:23 -04:00
Nick Mathewson
a7599c5be2 Merge remote-tracking branch 'tor-github/pr/962' 2019-04-23 12:48:37 -04:00
teor
bffba9d26f
practracker: accept more lines in microdescs_parse_from_string()
Part of 28223.
2019-04-19 10:34:16 +10:00
teor
f12b990bbf
practracker: accept the extra 25 line string from 27821 2019-04-17 18:44:26 +10:00
Neel Chauhan
f643020e64 Update practracker exceptions.txt for policies.c 2019-04-16 09:16:52 -04:00
Neel Chauhan
d4f980d29a Update exceptions.txt for Bug #29613 2019-04-14 14:27:29 -04:00
Nick Mathewson
7332346002 Changes file and practracker updates for 30149. 2019-04-11 18:58:44 -04:00
Nick Mathewson
e39b53ef7d changes file and practracker updates for 30147. 2019-04-11 17:59:21 -04:00
teor
60c46c6cd0
practracker: accept 4 extra lines due to 30041 2019-04-10 18:29:11 +10:00
teor
7741b21d0e
practracker: accept 6 extra lines in tortls_nss.c:tor_tls_context_new()
These lines were added to fix bug 29241.
2019-04-06 12:26:30 +10:00
Nick Mathewson
f021ca2d52 practracker: allow config.c to be a touch larger. 2019-04-05 09:59:45 -04:00
Nick Mathewson
ee6f54ff3f Merge remote-tracking branch 'tor-github/pr/860' 2019-04-03 08:33:40 -04:00
Nick Mathewson
f0e39df5ce allow circuituse.c to get even longer. 2019-03-29 14:30:33 -04:00
teor
a10d4adc25
Stop assuming that /usr/bin/python3 exists
For scripts that work with python2, use /usr/bin/python.
Otherwise, use /usr/bin/env python3.

Fixes bug 29913; bugfix on 0.2.5.3-alpha.
2019-03-27 11:07:55 +10:00
Nick Mathewson
7b9732063c practracker updates from messaging_v3 merge
(main.c is a bit better, but shutdown.c is ugly)
2019-03-26 20:14:21 -04:00
teor
beceb079e1
practracker: regen in master, for bug28925 merged to 0.4.0 and later
python3 scripts/maint/practracker/practracker.py --regen
2019-03-27 09:40:03 +10:00
Nick Mathewson
7502e5467b Regenerate practracker file from scratch.
Closes ticket 29912.

Since this is the first time that practracker has had a stable
output order, this diff will be larger than usual.
2019-03-26 19:28:35 -04:00
Nick Mathewson
300e7d8c99 Merge branch 'practracker_regen' 2019-03-26 19:27:54 -04:00
George Kadianakis
989b6325d6 Merge branch 'tor-github/pr/842' 2019-03-26 16:41:07 +02:00
Nick Mathewson
e028ec6bb7 Add new exceptions.txt entries 2019-03-26 09:43:46 -04:00
Nick Mathewson
39e4494344 practracker: update usage note in docstring 2019-03-26 08:42:14 -04:00
teor
ec736f8729
Merge remote-tracking branch 'tor-github/pr/833' 2019-03-26 13:02:37 +10:00
George Kadianakis
473decb246 Merge branch 'tor-github/pr/839' 2019-03-26 01:17:58 +02:00
Nick Mathewson
c2643842a9 practracker: add ability to regenerate exceptions file.
Also add a useful argument parser.
2019-03-25 16:09:11 -04:00
Nick Mathewson
0260e0f6fc practracker: pass sys.argv to main() as an argument 2019-03-25 16:09:11 -04:00
Nick Mathewson
301e3f22ef Practracker: add a string explaining the excptions file. 2019-03-25 16:09:11 -04:00
Nick Mathewson
c81b2b09ea Merge branch 'practracker_comments' 2019-03-25 15:18:36 -04:00
Nick Mathewson
61cebb2035 Minimize the includes in control.c 2019-03-25 14:14:56 -04:00
Nick Mathewson
2917ecaa97 Split command-handling and authentication from control.c 2019-03-25 14:06:56 -04:00
Nick Mathewson
4754e9058b Split getinfo handling into a new control_getinfo.c 2019-03-25 12:49:24 -04:00
Nick Mathewson
a49f506e05 Split all controller events code into a new control_events.c
Also, split the formatting code shared by control.c and
control_events.c into controller_fmt.c.
2019-03-25 12:11:59 -04:00
Nick Mathewson
135b51c9d3 practracker: allow comments in exceptions file
Also, distinguish between empty lines (which we should ignore)
and incorrect lines (which we should warn about).
2019-03-25 09:28:24 -04:00
Nick Mathewson
a20a2025a5 practracker: sort filenames and directories.
This helps ensure that we'll get output in a stable order.

Closes ticket 29882.
2019-03-25 09:08:04 -04:00
teor
d4d541c53c
Merge remote-tracking branch 'tor-github/pr/785' 2019-03-25 14:01:20 +10:00
Taylor Yu
307c156fbe Set file encoding in practracker.py
Explicitly set the file encoding to UTF-8 in practracker.py, to avoid
problems in some CI environments.  Fixes bug 29789; bug not in any
released Tor.
2019-03-22 17:51:55 -05:00
George Kadianakis
0aaeec19e7 Satisfy practracker broken by #29665 and #28656. 2019-03-15 17:13:06 +02:00
Nick Mathewson
2d76945052 practracker: Create an exception for an as-yet-nonexistent file.
We need a better way to do this.
2019-03-14 09:35:23 -04:00
George Kadianakis
a55c89c475 practracker: Be compatible with python2 which is used by travis/jenkins. 2019-03-14 02:15:32 +02:00
George Kadianakis
26b0d95397 Merge branch 'tor-github/pr/780' 2019-03-13 16:07:19 +02:00
Nick Mathewson
17ff69a268 Merge branch 'bug29221_more_squashed' 2019-03-13 09:30:02 -04:00
George Kadianakis
3e38efdf16 practracker: Fix duplicate exceptions and handle them more "gracefully". 2019-03-13 09:27:29 -04:00
Nick Mathewson
21c6e295ca grandfather in two more functions 2019-03-13 09:27:29 -04:00
Nick Mathewson
e2512950b6 Improve failure message from check-best-practices 2019-03-13 09:27:29 -04:00
Nick Mathewson
f0302d51ab practracker: Be more careful about excluding "confusing terms"
Previously we excluded any line containing one of these terms from
consideration as the start or end of a function.  Now we're more
careful, and we only ignore these terms when they appear to be
starting a function definition.
2019-03-13 09:27:29 -04:00
George Kadianakis
ec8c5b3fea practracker: Improvements based on last Nick's review. 2019-03-13 09:27:29 -04:00
George Kadianakis
157f7ba93e practracker: Update exceptions file :) 2019-03-13 09:27:29 -04:00
George Kadianakis
8c9835c6e5 practracker: Normalize filesystem paths across Windows and Posix.
This was causing issues because the exceptions file is written using Posix
paths, whereas practracker in Windows was trying to match Windows paths ("\"
instead of "/").
2019-03-13 09:27:29 -04:00
George Kadianakis
8bacc1dad1 practracker: Improve documentation in problem.py . 2019-03-13 09:27:29 -04:00
George Kadianakis
4795f2d3a0 Fold in an initial practracker exceptions file. 2019-03-13 09:27:29 -04:00
George Kadianakis
58de565988 Call practracker as part of check-local.
- Introduce 'make check-best-practices'.
- Fix up Tor topdir etc to work with the way 'make check-local' gets called.
- Make practracker less likely to print useless stuff.
2019-03-13 09:27:24 -04:00
Nick Mathewson
95209be861 Make checkSpace.pl check guard macros:
- every .h file needs an #ifndef/#define pair.
  - They must refer to the same macro.
  - The guard macros that they refer to must be unique across all headers.
2019-03-12 15:19:28 -04:00
Nick Mathewson
a6dd893e76 Fix shellcheck warnings in pull-all/merge-all scripts
This appears at first glance to be a shellcheck bug.

Closes 29747.  Bugfix not in any released Tor.
2019-03-12 10:50:54 -04:00
rl1987
888bb9508b Move all git maintenance scripts to separate directory 2019-03-10 18:28:06 +02:00
rl1987
7b5f31f2d6 Mention what file has changed 2019-03-10 18:28:06 +02:00
rl1987
88633fad5b Write a comment for post-merge.git-hook 2019-03-10 18:28:06 +02:00
rl1987
bb8b2f47d0 Also print changes in git helper scripts, if any 2019-03-10 18:28:06 +02:00
rl1987
2d3ef34dce Add post-merge git hook to warn about git hooks being updated in the repo 2019-03-10 18:28:06 +02:00
Nick Mathewson
8fd20df455 Merge remote-tracking branch 'tor-github/pr/743' 2019-03-08 10:07:25 -05:00
David Goulet
db2e916afe Merge branch 'tor-github/pr/717' 2019-03-05 14:26:59 -05:00
rl1987
7f0516022b Also disallow pushing to/from upstream branch when branch names do not match 2019-03-05 14:26:09 -05:00
rl1987
0deea98d02 Improve pre-push.git-hook description 2019-03-05 14:26:09 -05:00
rl1987
f3eac74ed9 In pre-push hook script, actually check local and remote refs 2019-03-05 14:26:09 -05:00
rl1987
ae5a0f39cd Update git pre-push hook so that only upstream branches can get pushed to origin 2019-03-05 14:26:09 -05:00