Commit Graph

696 Commits

Author SHA1 Message Date
Nick Mathewson
bb091da1e7 Merge branch 'ticket28839_v2_squashed' 2018-12-18 18:59:05 -05:00
Nick Mathewson
7113a339dc Avoid a needless decode/re-encode step in assigning onion keys
Previously we had decoded the asn.1 to get a public key, and then
discarded the asn.1 so that we had to re-encode the key to store it
in the onion_pkey field of a microdesc_t or routerinfo_t.

Now we can just do a tor_memdup() instead, which should be loads
faster.
2018-12-18 18:58:08 -05:00
Nick Mathewson
0556942284 Use a single path for all PEM-like objects in get_next_token()
Previously, we would decode the PEM wrapper for keys twice: once in
get_next_token, and once later in PEM decode.  Now we just do all of
the wrapper and base64 stuff in get_next_token, and store the
base64-decoded part in the token object for keys and non-keys alike.

This change should speed up parsing slightly by letting us skip a
bunch of stuff in crypto_pk_read_*from_string(), including the tag
detection parts of pem_decode(), and an extra key allocation and
deallocation pair.

Retaining the base64-decoded part in the token object will allow us
to speed up our microdesc parsing, since it is the asn1 portion that
we actually want to retain.
2018-12-18 18:58:08 -05:00
Nick Mathewson
c61cd5775c Revert "Log bootstrap tag names"
This reverts commit 1b855af5e3.
2018-12-18 08:09:43 -05:00
Nick Mathewson
e969d9c6b4 Merge branch 'ticket28179_squashed' into ticket28179_squashed_merged 2018-12-17 16:41:01 -05:00
Alexander Færøy
651cdd05b7 Add an additional space when we check for the PROTO_LOG handler.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
cacdd29087 Use const char * instead of char * for line parameter for process callbacks.
This patch changes the type definition of the process callbacks to use
`const char *` instead of `char *`.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ec2ae3ed8b Change EVENT_TRANSPORT_LOG to EVENT_PT_LOG.
This patch changes our EVENT_TRANSPORT_LOG event to be EVENT_PT_LOG. The
new message includes the path to the PT executable instead of the
transport name, since one PT binary can include multiple transport they
sometimes might need to log messages that are not specific to a given
transport.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
5585cbd08f Change the Process exit_callback to return bool.
This patch changes our process_t's exit_callback to return a boolean
value.  If the returned value is true, the process subsystem will call
process_free() on the given process_t.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ccc1963890 Move remaining code from subprocess.{h,c} to more appropriate places.
This patch moves the remaining code from subprocess.{h,c} to more
appropriate places in the process.c and process_win32.c module.

We also delete the now empty subprocess module files.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
f7d13425fc Delete old process_handle_t code.
This patch removes the old process_handle_t code. Everything should by
now be using the process_t interface.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
e3ceaebba2 Add support for logging messages from pluggable transports.
This patch adds support for the "LOG" protocol message from a pluggable
transport. This allows pluggable transport developers to relay log
messages from their binary to Tor, which will both emit them as log
messages from the Tor process itself, but also pass them on via the
control port.

See: https://bugs.torproject.org/28180
See: https://bugs.torproject.org/28181
See: https://bugs.torproject.org/28182
2018-12-17 16:39:28 -05:00
Alexander Færøy
bfb94dd2ca Use process_t for managed proxies.
This patch makes the managed proxy subsystem use the process_t data
structure such that we can get events from the PT process while Tor is
running and not just when the PT process is being configured.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Nick Mathewson
16199a54a2 Check hostname before using it in send_resolved_hostname_cell()
Also, turn an absent hostname into a BUG(), not a crash.

Found by scan-build.

Closes ticket 28879; bugfix on 0.1.2.7-alpha
2018-12-17 09:15:37 -05:00
Nick Mathewson
a0fad3981e Replace use of strcmp_len() with new mem_eq_token().
The strcmp_len() function was somewhat misconceived, since we're
only using it to test whether a length+extent string is equal to a
NUL-terminated string or not.  By simplifying it and making it
inlined, we should be able to make it a little faster.

(It *does* show up in profiles.)

Closes ticket 28856.
2018-12-17 09:03:04 -05:00
Nick Mathewson
9dc53bc68f Remove a needless memset() in get_token_arguments()
I believe we originally added this for "just in case" safety, but it
isn't actually needed -- we never copy uninitialized stack here.
What's more, this one memset is showing up on our startup profiles,
so we ought to remove it.

Closes ticket 28852.
2018-12-14 14:48:12 -05:00
Nick Mathewson
6dc90d290d Use 25% less RAM for base64-encoded directory objects
We were allocating N bytes to decode an N-byte base64 encoding,
when 3N/4 would have been enough.
2018-12-14 13:51:51 -05:00
Nick Mathewson
4bc3983f64 Add a DROPOWNERSHIP controller command to undo TAKEOWNERSHIP.
Closes ticket 28843.
2018-12-13 19:35:02 -05:00
Nick Mathewson
f8dac5c900 Merge branch 'maint-0.3.5' 2018-12-13 19:01:29 -05:00
Nick Mathewson
94a7998158 Merge remote-tracking branch 'tlyu-github/ticket28731-035' into maint-0.3.5 2018-12-13 18:57:00 -05:00
Nick Mathewson
b915b6cd21 Merge remote-tracking branch 'github/prop297' 2018-12-11 09:44:57 -05:00
Nick Mathewson
ce501a529f Merge remote-tracking branch 'catalyst-github/ticket27402' 2018-12-11 09:37:41 -05:00
Taylor Yu
1b855af5e3 Log bootstrap tag names
Add the bootstrap tag name to the log messages, so people
troubleshooting connection problems can look up a symbol instead of a
number.  Closes ticket 28731.
2018-12-10 17:22:28 -06:00
Nick Mathewson
46a321fbdd Merge branch 'maint-0.3.5' 2018-12-05 10:25:12 -05:00
Nick Mathewson
967efc0d28 Merge remote-tracking branch 'tor-github/pr/546' into maint-0.3.5 2018-12-05 10:23:28 -05:00
Nick Mathewson
1eb3719a62 Merge remote-tracking branch 'public/prop298' 2018-12-05 09:43:03 -05:00
Nick Mathewson
1f95e80351 Merge branch 'prop293_squashed' 2018-12-05 09:24:51 -05:00
Nick Mathewson
a2f81b644b Write tests for mark_my_descriptor_dirty_if_too_old() 2018-12-05 09:24:45 -05:00
Nick Mathewson
ca4b86f90a Merge remote-tracking branch 'tor-github/pr/508' 2018-12-05 08:19:02 -05:00
David Goulet
cec616a0c8 hs-v3: Don't BUG() if descriptor is found on SOCKS connection retry
When retrying all SOCKS connection because new directory information just
arrived, do not BUG() if a connection in state AP_CONN_STATE_RENDDESC_WAIT is
found to have a usable descriptor.

There is a rare case when this can happen as detailed in #28669 so the right
thing to do is put that connection back in circuit wait state so the
descriptor can be retried.

Fixes #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:34:04 -05:00
David Goulet
43bd4d7509 hs-v3: Add the helper function mark_conn_as_waiting_for_circuit
This helper function marks an entry connection as pending for a circuit and
changes its state to AP_CONN_STATE_CIRCUIT_WAIT. The timestamps are set to
now() so it can be considered as new.

No behaviour change, this helper function will be used in next commit.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:34:04 -05:00
David Goulet
00b59d9281 conn: Use connection_ap_mark_as_waiting_for_renddesc()
Use the helper function connection_ap_mark_as_waiting_for_renddesc()
introduced in previous commit everywhere in the code where an AP connection
state is transitionned to AP_CONN_STATE_RENDDESC_WAIT.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:10:00 -05:00
Nick Mathewson
417a324a85 Make input argument const in set_routerstatus_from_routerinfo. 2018-12-03 12:34:29 -05:00
Nick Mathewson
32213fa9ad Keep list of dirauth flags in sync between dirvote.c and fuzz_vrs.c
Suggested by Teor on PR
2018-12-03 12:18:45 -05:00
Nick Mathewson
8221b5d587 Merge remote-tracking branch 'tor-github/pr/559' 2018-12-02 19:38:40 -05:00
teor
612b21b8ea
comment: replace cached-routers with cached-descriptors
cached-routers has been gone for a long time
2018-12-03 10:19:34 +10:00
Nick Mathewson
2b2b97484a Merge branch 'ticket27490a_squashed' 2018-12-01 20:32:18 -05:00
Neel Chauhan
822cb93cab Add new option ClientAutoIPv6ORPort to switch between IPv4 and IPv6 OR ports 2018-12-01 14:55:57 -05:00
Nick Mathewson
51d94cea33 Merge branch 'maint-0.3.5' 2018-12-01 11:26:55 -05:00
Nick Mathewson
7e9985b75a Merge remote-tracking branch 'tor-github/pr/536' 2018-12-01 11:24:02 -05:00
Taylor Yu
7685f8ad35 Use table lookup for bootstrap_status_to_string
It also no longer distinguishes the case of internal-only paths, which
was often wrong anyway.  Closes ticket 27402.
2018-11-30 16:54:01 -06:00
Taylor Yu
1fe6507d29 Split bootstrap event reporting out of control.c
Part of ticket 27402.
2018-11-30 16:49:44 -06:00
Neel Chauhan
d18a167ff3 sr: Switch from tor_assert() to BUG()
Closes #19566

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-30 12:16:18 -05:00
teor
7a45bc74a4 Dir: when Tor's clock is behind, use a future consensus to bootstrap
When Tor's clock is behind the clocks on the authorities, allow Tor to
bootstrap successfully.

Fixes bug 28591; bugfix on 0.2.0.9-alpha.
2018-11-29 00:50:24 +10:00
Alexander Færøy
2a3eef4404 Remove unused int pid member of managed_proxy_t.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Nick Mathewson
7d8e0cc9ab Merge branch 'dormant_v2_squashed' 2018-11-26 16:33:31 -05:00
Nick Mathewson
02843c4a4e Test for check_network_participation_callback() 2018-11-26 16:32:40 -05:00
Nick Mathewson
881b85cf32 Treat the StaleDesc flag as making our descriptor dirty.
Relay side of prop293.
2018-11-25 10:12:20 -05:00
Nick Mathewson
36f808c936 Vote on the StaleDesc flag from prop293
The StaleDesc flag tells relays that they need to upload a new
descriptor soon, or they will drop out of the consensus.
2018-11-25 10:05:13 -05:00
Nick Mathewson
7da06e43da No longer exit for missing required protocolversions on an old consensus
Specifically, if the consensus is older than the (estimted or
measured) release date for this version of tor, we assume that the
required versions may have changed in between that consensus and
this release.

Implements ticket 27735 and proposal 297.
2018-11-24 20:44:37 -05:00
Nick Mathewson
05dee063c8 Emit router families in canonical form
This patch has routers use the same canonicalization logic as
authorities when encoding their family lists.  Additionally, they
now warn if any router in their list is given by nickname, since
that's error-prone.

This patch also adds some long-overdue tests for family formatting.
2018-11-24 16:35:58 -05:00
Nick Mathewson
f82eb6269f Extract get_declared_family() into its own function.
This will help as we refactor it.
2018-11-24 12:11:40 -05:00
Nick Mathewson
0a0c612b79 Add a consensus method in which md families get canonicalized.
Implements prop298. Closes ticket 28266.
2018-11-24 12:01:09 -05:00
Nick Mathewson
d29e3a02d5 Add a function to canonicalize nodefamilies per prop298
This is the same as the regular canonical nodefamily format, except
that unrecognized elements are preserved.
2018-11-24 10:53:38 -05:00
Nick Mathewson
0e9a963b6b Revise nodefamily.c to match proposal 298
Prop298 says that family entries should be formatted with
$hexids in uppercase, nicknames in lower case, $hexid~names
truncated, and everything sorted lexically.  These changes implement
that ordering for nodefamily.c.

We don't _strictly speaking_ need to nodefamily.c formatting use
this for prop298 microdesc generation, but it seems silly to have
two separate canonicalization algorithms.
2018-11-24 10:30:15 -05:00
teor
cebc39bcd5
Test: make unit tests use a reasonably live consensus
Cleanup after 24661.
2018-11-22 16:54:46 +10:00
teor
657618ba9b
Entry Nodes: Mark outdated dirservers in reasonably live consensuses
Fixes bug 28569; bugfix on Tor 0.3.2.5-alpha.
2018-11-22 16:54:34 +10:00
teor
d1ac5613fc
Entry Nodes: Use a reasonably live consensus to select guards
Fixes bug 24661; bugfix on 0.3.0.1-alpha.
2018-11-22 16:54:22 +10:00
Nick Mathewson
34cadefe34 Merge branch 'maint-0.3.5' 2018-11-20 09:04:35 -05:00
Taylor Yu
0489288aa2 Update control_free_all() for #27169
Reset the added bootstrap tracking state introduced by ticket 27169.
Fixes bug 28524; bugfix on 0.3.5.1-alpha.
2018-11-19 15:48:08 -06:00
Nick Mathewson
48b08f0592 Merge branch 'ticket27359_v2_squashed' 2018-11-19 08:26:49 -05:00
Nick Mathewson
4f9548f893 Expose more nodelist.c functions to tests 2018-11-19 08:26:10 -05:00
Nick Mathewson
426c9561c5 Use nodefamily_t in microdescriptors.
Closes ticket 27359.
2018-11-19 08:26:10 -05:00
Nick Mathewson
83be4d2bbd Backend for compact node-family representation.
This representation is meant to save memory in microdescriptors --
we can't use it in routerinfo_t yet, since those families need to be
encoded losslessly for directory voting to work.

This representation saves memory in three ways:
   1. It uses only one allocation per family.  (The old way used a
      smartlist (2 allocs) plus one strdup per entry.)
   2. It stores identity digests in binary, not hex.
   3. It keeps families in a canonical format, memoizes, and
      reference-counts them.

Part of #27359.
2018-11-19 08:26:10 -05:00
Nick Mathewson
35558c39dd Merge remote-tracking branch 'dgoulet/ticket27471_035_02' into maint-0.3.5 2018-11-16 08:57:56 -05:00
Nick Mathewson
2c15b65381 Make the NET_PARTICIPANT role dependent on user activity
This patch implements all of 28337, except for the part where we
turn off the role if we've been idle for a long time.
2018-11-15 11:17:22 -05:00
Nick Mathewson
4bf79fa4fa Turn second_elapsed_callback into a normal periodic event. 2018-11-15 11:17:22 -05:00
Nick Mathewson
303e5c70e0 Move the responsibility for delayed shutdown into the mainloop
This is part of 28422, so we don't have to call
consider_hibernation() once per second when we're dormant.

This commit does not remove delayed shutdown from hibernate.c: it
uses it as a backup shutdown mechanism, in case the regular shutdown
timer mechanism fails for some reason.
2018-11-15 11:17:22 -05:00
Nick Mathewson
a0380b705d Move control_per_second_events() into a callback with its own role
Part of making extra-dormant mode work; closes ticket 28421.
2018-11-15 11:17:22 -05:00
Nick Mathewson
f6b8c7da66 Move buffers.c out of lib/containers to resolve a circularity. 2018-11-14 16:07:03 -05:00
Nick Mathewson
cec58ae55c Merge branch 'maint-0.3.5' 2018-11-14 07:56:52 -05:00
Nick Mathewson
a58b19465d Merge remote-tracking branch 'teor/bug28441-035' into maint-0.3.5 2018-11-14 07:56:48 -05:00
Nick Mathewson
586c3a7c90 Merge branch 'maint-0.3.5' 2018-11-14 07:42:56 -05:00
teor
16ca6fdfdb
log: stop talking about the Named flag in log messages
Clients have ignored the Named flag since 0.3.2.

Fixes bug 28441; bugfix on 0.3.2.1-alpha.
2018-11-14 18:16:34 +10:00
teor
a7aa3f76ec
comment: Fix a typo in nodes_in_same_family() 2018-11-14 18:06:05 +10:00
David Goulet
342f2b1873 Merge branch 'tor-github/pr/501' 2018-11-13 10:48:23 -05:00
David Goulet
8fb318860e Merge branch 'maint-0.3.5' 2018-11-13 10:43:03 -05:00
David Goulet
6f2151be9a Merge branch 'tor-github/pr/487' into maint-0.3.5 2018-11-13 10:37:25 -05:00
Neel Chauhan
ec93385cb2 Comment for rend_cache_failure in feature/rend/rendcache.c: "usuable" should be "usable" 2018-11-13 10:33:51 -05:00
Nick Mathewson
bf4f55a13d Merge branch 'subsystems' 2018-11-09 15:01:49 -05:00
Nick Mathewson
8e3bae566a Merge branch 'maint-0.3.5' 2018-11-07 16:27:26 -05:00
Nick Mathewson
212bd9778b Make the hibernate.c changes for systemd compile. 2018-11-07 16:27:20 -05:00
Nick Mathewson
8020d6fb05 Merge remote-tracking branch 'tor-github/pr/464' 2018-11-06 15:33:25 -05:00
Nick Mathewson
ba28704b29 Merge branch 'maint-0.3.5' 2018-11-06 15:22:11 -05:00
Nick Mathewson
c60f3ea607 Merge remote-tracking branch 'tor-github/pr/474' into maint-0.3.5 2018-11-06 15:21:45 -05:00
Nick Mathewson
6e7ff8cba0 Move the code that knows our tor version into a lowest-level lib 2018-11-05 09:22:02 -05:00
Nick Mathewson
674ef53a7e Add a warning if we can't write networkstatus-bridges
Fixes CID 1440818.
2018-11-02 13:32:43 -04:00
Nick Mathewson
18a4eaf5c1 Avoid mmap leak if we get a consensus diff we can't use.
Fixes CID 1440819; bug not in any released Tor.
2018-11-02 13:30:55 -04:00
Nick Mathewson
865514e66e Merge branch 'ticket28100_squashed' 2018-11-02 13:19:24 -04:00
Alex Xu (Hello71)
1b75de85b3 Don't overwrite the Content-Type when compressing 2018-11-02 13:19:14 -04:00
Fernando Fernandez Mancera
f60607ee96 Improve log message in hs_service.c
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-11-01 12:40:52 +02:00
Nick Mathewson
383b44553c Merge branch 'ticket24393_036_01_squashed' 2018-10-31 11:07:15 -04:00
Nick Mathewson
988d4903a3 Merge branch 'networkstatus_mmap' into networkstatus_mmap_merge 2018-10-31 09:04:12 -04:00
Nick Mathewson
a182301152 Fix memory leak (#28257, CID 1440805). 2018-10-31 08:30:48 -04:00
Neel Chauhan
067b16eae2 Check IPv6 subnets as well as IPv4 subnets where possible when choosing client paths 2018-10-30 15:02:43 -04:00
David Goulet
aa1ae1343a Merge branch 'maint-0.3.5' 2018-10-30 11:44:14 -04:00
David Goulet
488969fe9c Merge branch 'tor-github/pr/438' into maint-0.3.5 2018-10-30 11:43:54 -04:00
David Goulet
124c43704c Merge branch 'maint-0.3.5' 2018-10-30 11:37:44 -04:00
David Goulet
95559279e1 Merge branch 'tor-github/pr/415' into maint-0.3.5 2018-10-30 11:36:36 -04:00
David Goulet
cdb065d6b2 Merge branch 'maint-0.3.5' 2018-10-30 10:55:10 -04:00
Neel Chauhan
82b3a02302 Detect the onion service version and then check for invalid options unless we have set HiddenServiceVersion 2018-10-30 10:48:56 -04:00
Nick Mathewson
30d853a906 Merge remote-tracking branch 'tor-github/pr/425' 2018-10-30 09:16:55 -04:00
Nick Mathewson
fda8b5de78 Merge branch 'maint-0.3.5' 2018-10-29 15:57:31 -04:00
George Kadianakis
5c2212c734 HSv3: Correctly memwipe client auth keystream.
Wipe the whole thing, not just the size of the pointer.
2018-10-26 14:55:17 +03:00
rl1987
b7edfcbf6b In configured_nameserver_address, check if tor_addr_from_sockaddr succeeded 2018-10-26 10:26:47 +03:00
Nick Mathewson
e9ff3e7d4a Merge branch 'bug28202_033' into bug28202_035 2018-10-25 09:16:08 -04:00
Nick Mathewson
594140574e Fix remaining cases of using consensus without a len parameter.
(Thanks to cyberpunks for noting two of them!)
2018-10-24 11:06:34 -04:00
George Kadianakis
a614731144 Documentation: Move the hs_service_descriptor_t elements around.
Move the elements around to concentrate mutable and immutable elements
together. This commit changes no code, check with --color-moved.
2018-10-23 16:43:54 +03:00
George Kadianakis
df78fb2451 Documentation: Document which descriptor elements are (im)mutable. 2018-10-23 16:43:54 +03:00
George Kadianakis
29c194e022 Func rename: Make it clear that update_all_descriptors() does intro points.
With the new refresh_service_descriptor() function we had both
refresh_service_descriptor() and update_service_descriptor() which is basically
the same thing.

This commit renames update_service_descriptor() to
update_service_descriptor_intro_points() to make it clear it's not a generic
refresh and it's only about intro points.

Commit changes no code.
2018-10-23 16:43:54 +03:00
cypherpunks
f874ab2640 dircache: make dirauths reject non UTF-8 descriptors and extrainfo
Ticket #27367.
2018-10-23 00:33:51 +00:00
David Goulet
81c466c34a hs-v3: Create desc signing key cert before uploading
Before this commit, we would create the descriptor signing key certificate
when first building the descriptor.

In some extreme cases, it lead to the expiry of the certificate which triggers
a BUG() when encoding the descriptor before uploading.

Ticket #27838 details a possible scenario in which this can happen. It is an
edge case where tor losts internet connectivity, notices it and closes all
circuits. When it came back up, the HS subsystem noticed that it had no
introduction circuits, created them and tried to upload the descriptor.

However, in the meantime, if tor did lack a live consensus because it is
currently seeking to download one, we would consider that we don't need to
rotate the descriptors leading to using the expired signing key certificate.

That being said, this commit does a bit more to make this process cleaner.
There are a series of things that we need to "refresh" before uploading a
descriptor: signing key cert, intro points and revision counter.

A refresh function is added to deal with all mutable descriptor fields. It in
turn simplified a bit the code surrounding the creation of the plaintext data.

We keep creating the cert when building the descriptor in order to accomodate
the unit tests. However, it is replaced every single time the descriptor is
uploaded.

Fixes #27838

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-22 16:34:41 -04:00
Roger Dingledine
7aa9fc1637 clean up a tor2web comment 2018-10-21 23:46:09 -04:00
rl1987
98cef6807e Exclude test and a supporting function when evdns_base_get_nameserver_addr() is not available 2018-10-20 20:34:08 +03:00
rl1987
d827902cb1 Unit test for DNS fallback in configure_nameservers 2018-10-20 20:34:08 +03:00
rl1987
91fa12aedc Fallback to local DNS when no other nameservers are known 2018-10-20 20:34:08 +03:00
Nick Mathewson
62401812c7 Merge remote-tracking branch 'dgoulet/ticket27471_035_02' 2018-10-18 13:01:41 -04:00
David Goulet
9ba16c4d03 hs-v3: Close client intro circuits if the descriptor is replaced
When storing a descriptor in the client cache, if we are about to replace an
existing descriptor, make sure to close every introduction circuits of the old
descriptor so we don't have leftovers lying around.

Ticket 27471 describes a situation where tor is sending an INTRODUCE1 cell on
an introduction circuit for which it doesn't have a matching intro point
object (taken from the descriptor).

The main theory is that, after a new descriptor showed up, the introduction
points changed which led to selecting an introduction circuit not used by the
service anymore thus for which we are unable to find the corresponding
introduction point within the descriptor we just fetched.

Closes #27471.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
56f713b8a4 hs-v3: Always generate the descriptor cookie
It won't be used if there are no authorized client configured. We do that so
we can easily support the addition of a client with a HUP signal which allow
us to avoid more complex code path to generate that cookie if we have at least
one client auth and we had none before.

Fixes #27995

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 11:46:07 -04:00
Nick Mathewson
0a41d17c15 Merge branch 'ticket27549_035_01_squashed' 2018-10-18 10:16:30 -04:00
David Goulet
3a8f32067d hs-v3: Consolidate descriptor cookie computation code
Both client and service had their own code for this. Consolidate into one
place so we avoid duplication.

Closes #27549

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 10:16:07 -04:00
Taylor Yu
7f6c0fce46 Merge branch 'bug27800-034' into bug27800-035 2018-10-17 16:00:11 -05:00
Roger Dingledine
df78a2730c merge in some fixes i found in a sandbox 2018-10-17 13:56:41 -04:00
Neel Chauhan
f93ee8e4c4 Fix typo in comment for hs_cell_parse_introduce2() 2018-10-16 10:59:42 -04:00
Nick Mathewson
11161395af Merge branch 'maint-0.3.4' 2018-10-15 12:52:54 -04:00
Nick Mathewson
23ce9a60fb Merge branch 'maint-0.3.4' 2018-10-15 10:48:35 -04:00
Nick Mathewson
df2b46d18c Remove a double-newline and improve a comment 2018-10-14 15:33:39 -04:00
Nick Mathewson
2dccef0eb4 Merge branch 'bug27772_squashed' 2018-10-14 15:31:52 -04:00
Nick Mathewson
67351f6724 Merge remote-tracking branch 'tor-github/pr/380' 2018-10-12 11:39:37 -04:00
Neel Chauhan
3cc089ce59 Add newline between hs_client_get_random_intro_from_edge() and hs_client_receive_introduce_ack() 2018-10-05 19:54:26 -04:00
Nick Mathewson
43211c3a0c Merge remote-tracking branch 'public/bug27893' 2018-10-01 12:12:33 -05:00
Nick Mathewson
c4e29001c4 Fix a bug where we would crash on --version.
Bug not in any released Tor.

test-stem would have caught this.
2018-10-01 12:01:51 -05:00
Nick Mathewson
886dc8b0a5 Remove routerparse include from files that dont use it 2018-10-01 11:35:11 -05:00
Nick Mathewson
d199348664 Remove versions.h include from routerparse.h 2018-10-01 11:22:47 -05:00
Nick Mathewson
5f9839ee42 Remove unused headers from routerparse.c 2018-10-01 11:17:33 -05:00
Nick Mathewson
35db3f8162 Extract addr-policy parsing code. 2018-10-01 11:17:19 -05:00
Nick Mathewson
95e2eb9083 Move summarize_protover_flags to versions.c 2018-10-01 10:48:55 -05:00
Nick Mathewson
4201203845 extract networkstatus parsing to its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
cd23903427 Pull detached-signatures code into dirauth. 2018-10-01 10:46:00 -05:00
Nick Mathewson
2be35f4d61 Split microdescriptor parser into its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
aff5bf5464 Remove addr_policy_assert_ok() as unused 2018-10-01 00:09:00 -05:00
Nick Mathewson
3100831762 Remove dump_distinct_digest_count()
It was disabled-by-default for ages, and it no longer compiles. I
think it's safe to call it obsolete.
2018-10-01 00:09:00 -05:00
Nick Mathewson
a77b2e984e Remove router_get_dir_hash as unused. 2018-10-01 00:09:00 -05:00
Nick Mathewson
82f4d3ca75 Move v2 hs parsing into feature/rend 2018-10-01 00:09:00 -05:00
Nick Mathewson
430ca38f70 Split the authority-cert and signature/hash code from routerparse 2018-10-01 00:09:00 -05:00
Nick Mathewson
2f5dc48699 Extract the version-managing code from routerparse.c
Leave the versions.h include in routerparse.h for now; I'll remove
it later.
2018-10-01 00:04:58 -05:00
Nick Mathewson
fec3b3bb93 Extract logic for dumping unparseable junk from routerparse.c 2018-10-01 00:04:58 -05:00
Nick Mathewson
6785aa4010 Move routerparse and parsecommon to their own module. 2018-10-01 00:04:06 -05:00
Nick Mathewson
b058f64cc0 Detect an unlikely integer overflow. 2018-09-27 16:30:02 -04:00
Nick Mathewson
8812f562a0 Fix a memory leak in --dump-config
When freeing a configuration object from confparse.c in
dump_config(), we need to call the appropriate higher-level free
function (like or_options_free()) and not just config_free().

This only happens with options (since they're the one where
options_validate allocates extra stuff) and only when running
--dump-config with something other than minimal (since
OPTIONS_DUMP_MINIMAL doesn't hit this code).

Fixes bug 27893; bugfix on 0.3.2.1-alpha.
2018-09-27 13:05:19 -04:00
Nick Mathewson
316453065d Mark a variable static. 2018-09-27 11:59:39 -04:00
Nick Mathewson
c8f2a6d2fe Extract the non-stats part of geoip into a new src/lib/geoip. 2018-09-27 10:26:01 -04:00
Nick Mathewson
fa32574bdb Remove excess dependencies from geoip.c 2018-09-27 10:15:39 -04:00
Nick Mathewson
f403af2207 Split geoip from geoip-related stats.
This commit just moves the code to two separate files. The geoip
code still has a few needless dependencies on core/* and features/*.
2018-09-27 09:36:52 -04:00
Nick Mathewson
79208ee852 Move the n_v3_ns_requests field out of geoip_country_t
This is preparation for splitting geoip.c into stats and non-stats
portions.
2018-09-27 09:04:08 -04:00
Nick Mathewson
241c1505cc Move the predicted ports code out of rephist.c
It differs from the rest of the rephist code in that it's actually
necessary for Tor to operate, so it should probably go somewhere
else.  I'm not sure where yet, so I'll leave it in the same
directory, but give it its own file.
2018-09-27 08:21:17 -04:00
Nick Mathewson
de0b07c634 Merge branch 'router_split' 2018-09-26 09:47:59 -04:00
Nick Mathewson
5e5e019b31 Merge remote-tracking branch 'dgoulet/bug27550_035_01' 2018-09-26 08:36:09 -04:00
Nick Mathewson
5fe05de4fe Remove extra includes from router.c 2018-09-25 18:33:13 -04:00
Nick Mathewson
4f0bc0c8f5 Revise things that had included router.h before
Make them only include the headers that they needed, and sort their
headers while we're at it.
2018-09-25 17:57:58 -04:00
Nick Mathewson
3ff58e47d2 Move the "is the network disabled?" functions out of router.c
Since this is completely core functionality, I'm putting it in
core/mainloop, even though it depends on feature/hibernate. We'll
have to sort that out in the future.
2018-09-25 17:22:14 -04:00
Nick Mathewson
b8df2318e9 Move routerinfo_t functions out of router.c
(It turns out that some of the functions in router.h didn't even
exist any more, so I just got to delete their declarations completely.)
2018-09-25 16:48:00 -04:00
Nick Mathewson
efa978124f Extract nickname-checking functions from router.c 2018-09-25 16:22:11 -04:00
Nick Mathewson
5c86f3c297 Move the various _describe() functions out of router.c
Note that I haven't separated the headers yet (there's still an
2018-09-25 16:13:47 -04:00
Nick Mathewson
fcd0f76134 Extract all the "am I a server" functions from router.c 2018-09-25 16:00:50 -04:00
Nick Mathewson
70539e3d5e Move all authdir_mode_*() functions into authmode.h 2018-09-25 15:39:24 -04:00
Nick Mathewson
9385b7ec5f Rename dirauth/mode.h to dirauth/authmode.h
This is preparation for having a routermode.h as well
2018-09-25 15:18:21 -04:00
Nick Mathewson
8a350e088b Move self-test functionality into its own file. 2018-09-25 15:14:57 -04:00
Nick Mathewson
934859cf80 Move key-loading and crosscert-checking out of feature/relay
This is also used by onion services, so it needs to go in another
module.
2018-09-25 15:14:57 -04:00
Nick Mathewson
78295904f7 Merge branch 'ticket26744' 2018-09-24 10:56:50 -04:00
Nick Mathewson
7ed7fe230b Add an include to get --disable-module-dirauth happy again 2018-09-21 15:03:42 -04:00
Nick Mathewson
b7bd162af7 Merge remote-tracking branch 'dgoulet/ticket27774_035_03' 2018-09-21 13:02:12 -04:00
Nick Mathewson
194acfb51d Split directory.c code into several modules
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
2018-09-21 12:57:22 -04:00
Nick Mathewson
0e4c42a912 Merge remote-tracking branch 'ahf-github/asn/bugs4700_2' 2018-09-21 09:40:16 -04:00
Nick Mathewson
9399c579e5 Merge branch 'split_mainloop_onion' 2018-09-21 09:37:23 -04:00
Nick Mathewson
96d1f2e6d0 Merge remote-tracking branch 'dgoulet/ticket27797_035_01' 2018-09-21 09:33:03 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
David Goulet
49e4bda50b fixup! hs-v3: Silence some logging for client authorization 2018-09-21 08:52:47 -04:00
David Goulet
79265a6fb6 hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.

Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.

Fixes #27774

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-21 08:44:12 -04:00
Nick Mathewson
63219eda8a Put dirlist_free_all back in routerlist_free_all for unit tests 2018-09-21 08:10:39 -04:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
2ed0d240e8 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' 2018-09-20 16:22:02 -04:00
Alexander Færøy
8ecaf41003 Support 'none' in torrc for HiddenServiceExportCircuitID.
See: https://bugs.torproject.org/4700
2018-09-20 20:59:42 +02:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
David Goulet
e3713f17fb node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 08:50:27 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
David Goulet
f4f809fe3d hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
620108ea77 Assert that we aren't returning a pointer to a local variable.
GCC got confused here with LTO enabled.

Fixes part of #27772.
2018-09-18 14:34:49 -04:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Alexander Færøy
9b511dc5d6 Change HiddenServiceExportCircuitID to take a string parameter: the protocol.
This patch changes HiddenServiceExportCircuitID so instead of being a
boolean it takes a string, which is the protocol. Currently only the
'haproxy' protocol is defined.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
George Kadianakis
6069185bcc Save original virtual port in edge conn HS ident. 2018-09-15 16:32:24 +03:00
George Kadianakis
27d7491f5a Introduce per-service HiddenServiceExportCircuitID torrc option.
Moves code to a function, better viewed with --color-moved.
2018-09-15 16:31:22 +03:00
Nick Mathewson
4bdba5fa4b Merge branch 'maint-0.3.4' 2018-09-14 12:56:31 -04:00
David Goulet
33c99cf565 hs-v2: Demote log warning to info when we don't have a consensus
Fixes #27040

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:04:01 -04:00
Nick Mathewson
bb012d7941 Merge remote-tracking branch 'tor-github/pr/329' 2018-09-14 09:22:23 -04:00
Nick Mathewson
b67f3b751a Merge branch 'ticket27247' 2018-09-14 09:14:12 -04:00
Nick Mathewson
88c9730817 Re-order includes to expose intptr_t to tor_api_internal.h 2018-09-14 07:11:37 -04:00
Nick Mathewson
83b8a76f0c Fix a shadowed-global warning in geoip.c
Bugfix on 5ab2110eb6b4ae9082430081cb2800018cf0dcd6; bug not in any
released Tor.
2018-09-13 17:48:33 -04:00
Nick Mathewson
b943721b2a Merge branch 'bug27224_take2_squashed' 2018-09-13 16:43:06 -04:00
rl1987
1e77376e1a Avoid calling node_get_all_orports() from node_is_a_configured_bridge()
All node_get_all_orports() does is allocate and return a smartlist
with at most two tor_addr_port_t members that match ORPort's of
node configuration. This is harmful for memory efficiency, as it
allocates the same stuff every time it is called. However,
node_is_a_configured_bridge() does not need to call it, as it
already has all the information to check if there is configured
bridge for a given node.

The new code is arranged in a way that hopefully makes each succeeding
linear search through bridge_list less likely.
2018-09-13 16:38:33 -04:00
Mike Perry
80ffedd3ca Control port call to emit a CIRC_BW event for a single circuit.
This commit only moves code. No functionality has been changed.
2018-09-13 17:44:56 +00:00
Nick Mathewson
787da5185c Merge remote-tracking branch 'onionk/strcmpstart1' 2018-09-13 13:30:53 -04:00
Nick Mathewson
b4f20ec8a6 Merge remote-tracking branch 'tor-github/pr/280' 2018-09-12 16:13:23 -04:00
Nick Mathewson
bfc847255a Merge remote-tracking branch 'dgoulet/ticket27545_035_01' 2018-09-12 10:18:11 -04:00
cypherpunks
cb9fa3b04c nodelist: fix docs for networkstatus_read_cached_consensus_impl
Fix on c12d2cb2dc.
2018-09-12 14:13:03 +00:00
cypherpunks
ab91302fd0 nodelist: use strcmpstart() instead of strncmp()
in rend_parse_v2_service_descriptor.
Fix on c58675ca72
2018-09-12 14:03:06 +00:00
Nick Mathewson
19dbc385d5 Merge remote-tracking branch 'tor-github/pr/298' 2018-09-12 09:38:52 -04:00
Nick Mathewson
5a2374b074 Merge remote-tracking branch 'tor-github/pr/315' 2018-09-11 15:55:30 -04:00
Nick Mathewson
04bb70199b Followup: Make authority_cert_parse_from_string() take length too 2018-09-11 11:43:26 -04:00
Nick Mathewson
7e3005af30 Replace "read consensus from disk" with "map consensus from disk".
Implements 27244, and should save a bunch of RAM on clients.
2018-09-11 11:43:26 -04:00
Nick Mathewson
abaca3fc8c Revise networkstatus parsing code to use lengths
This way the networkstatus can be parsed without being
NUL-terminated, so we can implement 27244 and mmap our consensus objects.
2018-09-11 11:43:26 -04:00
Suphanat Chunhapanya
57c82b74b4 hs-v3: Shuffle the list of authorized clients
This commit makes it that the authorized clients in the descriptor are in
random order instead of ordered by how they were read on disk.

Fixes #27545

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-11 11:23:49 -04:00
Nick Mathewson
e014b72b73 Stop memcpy'ing uncompressed consensuses when making diffs 2018-09-11 11:16:50 -04:00
Nick Mathewson
5595b21227 Consdiff: use lengths on inputs so they don't need NUL at the end
This is part of #27244, so that we can safely mmap consensus
documents.
2018-09-11 11:16:50 -04:00
Taylor Yu
617160895c Defer reporting directory bootstrap progress
Existing cached directory information can cause misleadingly high
bootstrap percentages.  To improve user experience, defer reporting of
directory information progress until at least one connection has
succeeded to a relay or bridge.

Closes ticket 27169.
2018-09-10 15:20:50 -05:00
David Goulet
672620901b hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 15:04:22 -04:00
Taylor Yu
687bf3ea64 Track bootstrap phase independently of progress
Track bootstrap phase (enumerated by bootstrap_status_t) independently
from the bootstrap progress (which can represent intermediate
progress).  This allows control_event_bootstrap_problem() to avoid
doing a linear search through the bootstrap progress space to find the
current bootstrap phase.
2018-09-10 13:18:32 -05:00
Taylor Yu
5733d3f71f Refactor control_event_bootstrap_core() more
Eliminate a few conditional expressions in
control_event_bootstrap_core() by overwriting the status parameter.
2018-09-10 13:18:32 -05:00
Taylor Yu
15c24d669f Refactor control_event_bootstrap() somewhat
Move the mostly-invariant part of control_event_boostrap() into a
helper control_event_bootstrap_core().  The helper doesn't modify any
state beyond doing logging and control port notifications.
2018-09-10 13:18:32 -05:00
Taylor Yu
e2988e044d Deindent much of control_event_bootstrap 2018-09-10 13:18:32 -05:00
Taylor Yu
eee62e13d9 Make control_event_bootstrap() return void
Simplify control_event_bootstrap() by making it return void again.  It
is currently a fairly complicated function, and it's made more
complicated by returning an int to signal whether it logged at NOTICE
or INFO.

The callers conditionally log messages at level NOTICE based on this
return value.  Change the callers to unconditionally log their verbose
human-readable messages at level INFO to keep NOTICE logs less
cluttered.

This partially reverts the changes of #14950.
2018-09-10 13:18:32 -05:00
George Kadianakis
34a2cbb249 Address coverity warnings (CID 1439133/1439132).
>>>>    CID 1439133:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.

>>>>    CID 1439132:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.
2018-09-10 16:54:19 +03:00
Nick Mathewson
33a0c619a8 Do not store cached_dir_t for consensus in RAM if not a dircache.
There are three reasons we use a cached_dir_t to hold a consensus:
  1. to serve that consensus to a client
  2. to apply a consensus diff to an existing consensus
  3. to send the consensus to a controller.

But case 1 is dircache-only.  Case 2 and case 3 both fall back to
networkstatus_read_cached_consensus().  So there's no reason for us
to store this as a client.  Avoiding this saves about 23% of our RAM
usage, according to our experiments last month.

This is, semantically, a partial revert of e5c608e535.

Fixes bug 27247; bugfix on 0.3.0.1-alpha.
2018-09-07 19:48:56 -04:00
Nick Mathewson
95060eacae Use networkstatus_read_cached_consensus() for GETINFO
We already had fallback code for "dir/status-vote/current/consensus"
to read from disk if we didn't have a cached_dir_t available.  But
there's a function in networkstatus_t that does it for us, so let's
do that.
2018-09-07 19:48:56 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side.
Also update some client auth test vectors that broke...
2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:07 -04:00
Nick Mathewson
7e91eb83d8 Merge branch 'maint-0.3.4' 2018-09-07 08:45:10 -04:00
Nick Mathewson
8815960c46 Merge remote-tracking branch 'tor-github/pr/294' 2018-09-06 09:47:32 -04:00
Nick Mathewson
e95b13f8ce Merge remote-tracking branch 'ageis/control-getinfo-uptime' 2018-09-06 09:30:55 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
1e71e2c104 c99 style in loop 2018-09-04 11:04:55 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
Nick Mathewson
94b04d6c64 Merge branch 'bug24104_029_squashed' 2018-09-04 10:44:36 -04:00
Neel Chauhan
1c62adb65b Change mention of is_extrainfo router_parse_list_from_string() to want_extrainfo 2018-08-29 21:05:24 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
Nick Mathewson
6c0c08bbb5 Expand the comments on ASN.1-encoded TAP keys 2018-08-29 15:04:54 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Nick Mathewson
48632455a5 Merge branch 'bug26367_035_01' 2018-08-28 16:02:04 -04:00
David Goulet
8f13c3d3ed hs: Remove rend_client_non_anonymous_mode_enabled
The removal of Tor2Web made this function useless.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
f661d856fd hs: Remove rend_client_allow_non_anonymous_connection
By removing Tor2Web, there is no way a client can be non anonymous so we
remove that function and the callsites.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
4976eca826 hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html

Close #26367

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
3b960df4f9 Merge branch 'bug26896_034' 2018-08-28 12:35:50 -04:00
rl1987
3890ad2578 Stricter HiddenServicePort parsing 2018-08-28 18:32:31 +03:00
David Goulet
d9bfc9e2e3 fixup! hs: Learn service version by trying to load the keys 2018-08-28 08:36:28 -04:00
Nick Mathewson
7217bdacb5 Merge remote-tracking branch 'tor-github/pr/289' 2018-08-24 12:57:18 -04:00
Nick Mathewson
622231ce2e Merge remote-tracking branch 'teor/bug27237' 2018-08-24 12:44:46 -04:00
Nick Mathewson
b1d0fa04fb Merge branch 'maint-0.3.4' 2018-08-24 12:35:26 -04:00
Nick Mathewson
08a1619e7f Merge branch 'maint-0.3.4' 2018-08-24 12:05:39 -04:00
Nick Mathewson
f36b3faa75 Merge branch 'maint-0.3.4' 2018-08-24 08:32:33 -04:00
teor
7a5896d5d4
Bootstrap: try harder to get descriptors in non-exit test networks
Use the mid weight for the third hop when there are no exits.

Fixes bug 27237; bugfix on 0.2.6.2-alpha.
2018-08-24 12:49:05 +10:00
Nick Mathewson
2ae92ab973 Merge branch 'maint-0.3.4' 2018-08-23 14:26:04 -04:00
David Goulet
e8557ba00d hs: Change default version from 2 to 3
Closes #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:42:23 -04:00
David Goulet
61ad81c36e hs: Learn service version by trying to load the keys
In order to switch the default HS version from 2 to 3, we need tor to be smart
and be able to decide on the version by trying to load the service keys during
configuration validation.

Part of #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:38:28 -04:00
David Goulet
cb466ee7d6 key: Make ed_key_init_from_file() take an or_options_t
Part of #27215, we need to call the ed_key_init_from_file function during
option_validate() which is before the global_options variable is set.

This commit make ed_key_init_from_file() stop using get_options() and instead
now has a or_options_t parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:32:57 -04:00
George Kadianakis
5febea0d54 Fix revision counter bugs caused by bad SRV start time computation.
Bug description: For each descriptor, its revision counter is the OPE
ciphertext of the number of seconds since the start time of its SRV value.
This bug caused us to confuse the SRV start time in the middle of the lifetime
of a descriptor in some edge-cases, which caused descriptor rejects.

Bug cause: The bug occurs when we fetch a 23:00 consensus after
midnight (e.g. at 00:08 when not all dirauths have fetched the latest 00:00
consensus). In that case, the voting schedule (which was used for SRV start
time calculation) would return a valid-after past-midnight, whereas our
consensus would be pre-midnight, and that would confuse the SRV start time
computation which is used by HS revision counters (because we would reset the
start time of SRV, without rotating descriptors).

Bug fix: We now use our local consensus time to calculate the SRV start time,
instead of the voting schedule. The voting schedule does not work as originally
envisioned in this case, because it was created for voting by dirauths and not
for scheduling stuff on clients.
2018-08-22 18:09:47 +03:00
Nick Mathewson
9a4f05b05c Split X509 code out of tortls.c 2018-08-21 12:25:33 -04:00
Nick Mathewson
0f971d7c91 Rename functions that encode/decode private keys
It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
2018-08-21 12:24:08 -04:00
Neel Chauhan
aab6aea197 Fix typo in comment for getinfo_helper_current_time() 2018-08-20 11:49:35 -04:00
rl1987
5ab2110eb6 Rework predicted_ports_prediction_time_remaining() to fix CID 1438153 2018-08-19 21:03:01 +03:00
Neel Chauhan
64d9ea1413
In addrs_in_same_network_family(), choose IP subnet size based on IP type 2018-08-17 13:37:51 +10:00
Nick Mathewson
7e50d43f07 Merge branch 'maint-0.3.4' 2018-08-16 08:37:11 -04:00
Nick Mathewson
61d5bcc1a2 Merge remote-tracking branch 'tor-github/pr/268' 2018-08-11 10:04:04 -04:00
Nick Mathewson
b7ed61167f Merge remote-tracking branch 'tor-github/pr/239' 2018-08-10 12:35:06 -04:00
Nick Mathewson
df444e482b Provide examples of tor_api_get_provider_version() output
At the same time, sternly warn any person thinking about relying on
any particular format too strictly.  If you do this, and your
program breaks, it is your bug, not mine.
2018-08-08 18:10:28 -04:00
Nick Mathewson
159141a8c6 Merge branch 'ticket26947' 2018-08-08 18:07:32 -04:00
rl1987
7a1007861f Print stacktrace when crypto_pk_get_digest() fails in router_build_fresh_descriptor() 2018-08-08 18:56:27 +03:00
rl1987
9c242e950b Consider all routerinfo errors other than "not a server" transient 2018-08-08 18:47:43 +03:00
Neel Chauhan
3a2b5a5bcb Fix typo in control_event_hs_descriptor_content() 2018-08-08 00:12:00 -04:00
Nick Mathewson
c77fe82155 Add API for creating an owning controller FD and passing it to tor_main 2018-08-01 11:01:52 -04:00
Nick Mathewson
9a89450b6d tor_api: Extend tor_api code so it can pass extra arguments to main.
We need this so that the tor_api user can specify some arguments,
while the tor_api implementation adds others.

This implementation detail should not be visible to tor_api users.
2018-08-01 11:01:52 -04:00
Nick Mathewson
fdaa483098 Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged 2018-07-31 19:56:23 -04:00
Nick Mathewson
772106c6bc Add a new function, tor_api_get_provider_version()
Closes ticket 26947.
2018-07-31 09:18:54 -04:00
Roger Dingledine
fe9f585143 fix wrong word in comment 2018-07-30 22:35:33 -04:00
Nick Mathewson
3a6bd21440 Merge remote-tracking branch 'teor/bug26627_033_merged_master' 2018-07-30 09:01:55 -04:00
Nick Mathewson
13393b2d91 Merge remote-tracking branch 'rl1987/ticket21349_4' 2018-07-30 08:49:49 -04:00
Nick Mathewson
ac9d08f66a Merge remote-tracking branch 'juga/ticket3723_03_squashed_rebased' 2018-07-30 08:33:59 -04:00
rl1987
ffdfd39d4f Early bailout from log_addr_has_changed() if running as client 2018-07-26 17:49:27 +03:00
teor
fc4d08e260 Merge branch 'bug26627_033' into bug26627_033_merged_master 2018-07-25 09:17:17 +10:00
rl1987
042d22c8d1 Split select_entry_guard_for_circuit() 2018-07-21 18:38:33 +03:00
rl1987
e6c51a056c Make entry_guards_update_primary() shorter 2018-07-21 18:38:33 +03:00
rl1987
86549c0d9e Split sampled_guards_update_from_consensus() into subfunctions 2018-07-21 18:38:33 +03:00
Nick Mathewson
9ae3597540 Tweak assertion in get_time_period_length() for coverity
This is another attempt to fix 1437668.  The assertion here should
be safe, since the rules of networkstatus_get_param() keep the value
it returns in range.
2018-07-20 11:02:07 -04:00
Nick Mathewson
583df33e20 Merge branch 'maint-0.3.4' 2018-07-20 10:42:29 -04:00
Nick Mathewson
c1092e9aab Merge remote-tracking branch 'ahf-github/bugs/26780' 2018-07-19 12:22:39 -04:00
Nick Mathewson
23811052fe Add some missing includes and struct declarations. 2018-07-18 15:12:18 -04:00
Nick Mathewson
61e080e24a Merge branch 'maint-0.3.4' 2018-07-18 15:09:28 -04:00
Nick Mathewson
e2b744ce38 Merge branch 'bug25552_ope_squashed' 2018-07-17 16:19:32 -04:00
Neel Chauhan
32db806dfa Teach the OOM handler about the DNS cache 2018-07-17 09:19:27 -04:00
Kevin Gallagher
4ba26f95d5 control: Add new 'uptime' message to GETINFO
Sends the Tor controller the uptime in seconds.
Highly useful for monitoring purposes.
2018-07-16 19:19:10 -07:00
Neel Chauhan
d807ca1b01 Add and use dns_cache_total_allocation() 2018-07-16 17:19:53 -04:00
teor
79f249e786 dirauth: Handle V3BandwidthsFile failure modes according to the new spec
If an authority is not configured with a V3BandwidthsFile, this line
SHOULD NOT appear in its vote.

If an authority is configured with a V3BandwidthsFile, but parsing
fails, this line SHOULD appear in its vote, but without any headers.

Part of 3723, implements the spec in 26799.
2018-07-16 14:43:49 +00:00
juga0
9773311b20 Add keyval header, that was moved to other file 2018-07-16 14:43:49 +00:00
juga0
8164534f46 Ensure that bw_file_headers is not bigger than max 2018-07-16 14:43:49 +00:00
juga0
87fc409a70 Replace bwlist by bw_file and terminator condition
If bandwidth file terminator is found, set end of headers flag
and do not store the line.
If it is not, parse a relay line and check whether it is a header
line.
2018-07-16 14:43:49 +00:00
juga0
f906d9be11 Replace bwlist by bw_file
and add bw file terminator constant
2018-07-16 14:43:49 +00:00
juga0
d79c65772b Rename bwlist to bw_file and banwidth to
bandwidth-file
2018-07-16 14:43:49 +00:00
juga0
6d8bc12583 Free bw_list_headers in networstatus_t 2018-07-16 14:43:49 +00:00
juga0
106eb08d27 Add bw_file_headers to networkstatus_t 2018-07-16 14:43:49 +00:00
juga0
f0a4a5f726 Check that the header is key_value
to avoid interpreting as headers extra lines that are not key_values
2018-07-16 14:43:49 +00:00
juga0
086060e138 Do not add bw file line to the vote
when there are not bw file headers lines.
2018-07-16 14:43:49 +00:00
juga0
e5dd46beab Add the Bandwidth List file headers to votes
* add bwlist_headers argument to dirserv_read_measured_bandwidth
  in order to store all the headers found when parsing the file
* add bwlist_headers to networkstatus_t in order to store the
  the headers found by the previous function
* include the bandwidth headers as string in vote documents
* add test to check that dirserv_read_measured_bandwidth generates
  the bwlist_headers
2018-07-16 14:43:48 +00:00
Alexander Færøy
c9de65f966 Add checks in get_net_param_from_list() for valid output domain.
This patch adds two assertions in get_net_param_from_list() to ensure
that the `res` value is correctly within the range of the output domain.

Hopefully fixes Coverity CID #1415721, #1415722, and #1415723.

See: https://bugs.torproject.org/26780
2018-07-13 12:43:57 +02:00
Nick Mathewson
f45107e7de Rename crypto.c to crypto_cipher.c (since that's all it still has.) 2018-07-11 14:12:36 -04:00
Nick Mathewson
12a1ada158 Move the initialization and cleanup parts of crypto.c
These are now part of crypto_init.c.  The openssl-only parts now
live in crypto_openssl_mgt.c.

I recommend reviewing this patch with -b and --color-moved.
2018-07-11 13:45:49 -04:00
Nick Mathewson
537092cdbb Merge branch 'ticket26223' 2018-07-10 20:18:28 -04:00
Nick Mathewson
391ef5e42c Explain why we use raw_free with getdelim result. 2018-07-10 20:16:37 -04:00
Nick Mathewson
e7f5f48d68 Rename torlog.[ch] to log.[ch]
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file.  But now that we always
include "lib/log/log.h", we should be fine.
2018-07-10 15:20:30 -04:00
Nick Mathewson
a2c44a7a7e Isolate resolve.h usage in the modules that really need it.
(Almost none of Tor should actually need to touch the platform resolver.)
2018-07-10 13:36:45 -04:00
Nick Mathewson
951d59d706 Use tor_getline() in dirserv.c to remove its upper line limit.
Closes ticket 26223.
2018-07-10 10:36:49 -04:00
Nick Mathewson
6574d4bd27 Refactor dirserv_read_measured_bandwidths to have a single exit point 2018-07-10 10:36:49 -04:00
Nick Mathewson
19f2057d49 Fix some lingering windows compilation issues from Jenkins.
These were caused by the recent refactoring.
2018-07-09 12:54:40 -04:00
Nick Mathewson
e7463be39b Merge branch 'maint-0.3.4' 2018-07-09 10:16:51 -04:00
Nick Mathewson
83de46eb25 Changes file and comment for 25928. 2018-07-09 10:16:48 -04:00
Nick Mathewson
7746b071d8 Merge remote-tracking branch 'gsomlo/gls-single-da' 2018-07-09 09:59:46 -04:00
Nick Mathewson
667a6e8fe9 Whoops. Protover.[ch] belong in src/core/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
ef486e3c02 Fix every include path changed in the previous commit (automated)
I am very glad to have written this script.
2018-07-05 17:15:50 -04:00
Nick Mathewson
63b4ea22af Move literally everything out of src/or
This commit won't build yet -- it just puts everything in a slightly
more logical place.

The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature".  The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.

This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all.  That
will have to come in the future.

We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.
2018-07-05 17:15:50 -04:00