Commit Graph

404 Commits

Author SHA1 Message Date
Nick Mathewson
a77b2e984e Remove router_get_dir_hash as unused. 2018-10-01 00:09:00 -05:00
Nick Mathewson
82f4d3ca75 Move v2 hs parsing into feature/rend 2018-10-01 00:09:00 -05:00
Nick Mathewson
430ca38f70 Split the authority-cert and signature/hash code from routerparse 2018-10-01 00:09:00 -05:00
Nick Mathewson
2f5dc48699 Extract the version-managing code from routerparse.c
Leave the versions.h include in routerparse.h for now; I'll remove
it later.
2018-10-01 00:04:58 -05:00
Nick Mathewson
fec3b3bb93 Extract logic for dumping unparseable junk from routerparse.c 2018-10-01 00:04:58 -05:00
Nick Mathewson
6785aa4010 Move routerparse and parsecommon to their own module. 2018-10-01 00:04:06 -05:00
Nick Mathewson
b058f64cc0 Detect an unlikely integer overflow. 2018-09-27 16:30:02 -04:00
Nick Mathewson
8812f562a0 Fix a memory leak in --dump-config
When freeing a configuration object from confparse.c in
dump_config(), we need to call the appropriate higher-level free
function (like or_options_free()) and not just config_free().

This only happens with options (since they're the one where
options_validate allocates extra stuff) and only when running
--dump-config with something other than minimal (since
OPTIONS_DUMP_MINIMAL doesn't hit this code).

Fixes bug 27893; bugfix on 0.3.2.1-alpha.
2018-09-27 13:05:19 -04:00
Nick Mathewson
316453065d Mark a variable static. 2018-09-27 11:59:39 -04:00
Nick Mathewson
c8f2a6d2fe Extract the non-stats part of geoip into a new src/lib/geoip. 2018-09-27 10:26:01 -04:00
Nick Mathewson
fa32574bdb Remove excess dependencies from geoip.c 2018-09-27 10:15:39 -04:00
Nick Mathewson
f403af2207 Split geoip from geoip-related stats.
This commit just moves the code to two separate files. The geoip
code still has a few needless dependencies on core/* and features/*.
2018-09-27 09:36:52 -04:00
Nick Mathewson
79208ee852 Move the n_v3_ns_requests field out of geoip_country_t
This is preparation for splitting geoip.c into stats and non-stats
portions.
2018-09-27 09:04:08 -04:00
Nick Mathewson
241c1505cc Move the predicted ports code out of rephist.c
It differs from the rest of the rephist code in that it's actually
necessary for Tor to operate, so it should probably go somewhere
else.  I'm not sure where yet, so I'll leave it in the same
directory, but give it its own file.
2018-09-27 08:21:17 -04:00
Nick Mathewson
de0b07c634 Merge branch 'router_split' 2018-09-26 09:47:59 -04:00
Nick Mathewson
5e5e019b31 Merge remote-tracking branch 'dgoulet/bug27550_035_01' 2018-09-26 08:36:09 -04:00
Nick Mathewson
5fe05de4fe Remove extra includes from router.c 2018-09-25 18:33:13 -04:00
Nick Mathewson
4f0bc0c8f5 Revise things that had included router.h before
Make them only include the headers that they needed, and sort their
headers while we're at it.
2018-09-25 17:57:58 -04:00
Nick Mathewson
3ff58e47d2 Move the "is the network disabled?" functions out of router.c
Since this is completely core functionality, I'm putting it in
core/mainloop, even though it depends on feature/hibernate. We'll
have to sort that out in the future.
2018-09-25 17:22:14 -04:00
Nick Mathewson
b8df2318e9 Move routerinfo_t functions out of router.c
(It turns out that some of the functions in router.h didn't even
exist any more, so I just got to delete their declarations completely.)
2018-09-25 16:48:00 -04:00
Nick Mathewson
efa978124f Extract nickname-checking functions from router.c 2018-09-25 16:22:11 -04:00
Nick Mathewson
5c86f3c297 Move the various _describe() functions out of router.c
Note that I haven't separated the headers yet (there's still an
2018-09-25 16:13:47 -04:00
Nick Mathewson
fcd0f76134 Extract all the "am I a server" functions from router.c 2018-09-25 16:00:50 -04:00
Nick Mathewson
70539e3d5e Move all authdir_mode_*() functions into authmode.h 2018-09-25 15:39:24 -04:00
Nick Mathewson
9385b7ec5f Rename dirauth/mode.h to dirauth/authmode.h
This is preparation for having a routermode.h as well
2018-09-25 15:18:21 -04:00
Nick Mathewson
8a350e088b Move self-test functionality into its own file. 2018-09-25 15:14:57 -04:00
Nick Mathewson
934859cf80 Move key-loading and crosscert-checking out of feature/relay
This is also used by onion services, so it needs to go in another
module.
2018-09-25 15:14:57 -04:00
Nick Mathewson
78295904f7 Merge branch 'ticket26744' 2018-09-24 10:56:50 -04:00
Nick Mathewson
7ed7fe230b Add an include to get --disable-module-dirauth happy again 2018-09-21 15:03:42 -04:00
Nick Mathewson
b7bd162af7 Merge remote-tracking branch 'dgoulet/ticket27774_035_03' 2018-09-21 13:02:12 -04:00
Nick Mathewson
194acfb51d Split directory.c code into several modules
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
2018-09-21 12:57:22 -04:00
Nick Mathewson
0e4c42a912 Merge remote-tracking branch 'ahf-github/asn/bugs4700_2' 2018-09-21 09:40:16 -04:00
Nick Mathewson
9399c579e5 Merge branch 'split_mainloop_onion' 2018-09-21 09:37:23 -04:00
Nick Mathewson
96d1f2e6d0 Merge remote-tracking branch 'dgoulet/ticket27797_035_01' 2018-09-21 09:33:03 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
David Goulet
49e4bda50b fixup! hs-v3: Silence some logging for client authorization 2018-09-21 08:52:47 -04:00
David Goulet
79265a6fb6 hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.

Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.

Fixes #27774

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-21 08:44:12 -04:00
Nick Mathewson
63219eda8a Put dirlist_free_all back in routerlist_free_all for unit tests 2018-09-21 08:10:39 -04:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
2ed0d240e8 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' 2018-09-20 16:22:02 -04:00
Alexander Færøy
8ecaf41003 Support 'none' in torrc for HiddenServiceExportCircuitID.
See: https://bugs.torproject.org/4700
2018-09-20 20:59:42 +02:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
David Goulet
e3713f17fb node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 08:50:27 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
David Goulet
f4f809fe3d hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
620108ea77 Assert that we aren't returning a pointer to a local variable.
GCC got confused here with LTO enabled.

Fixes part of #27772.
2018-09-18 14:34:49 -04:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Alexander Færøy
9b511dc5d6 Change HiddenServiceExportCircuitID to take a string parameter: the protocol.
This patch changes HiddenServiceExportCircuitID so instead of being a
boolean it takes a string, which is the protocol. Currently only the
'haproxy' protocol is defined.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
George Kadianakis
6069185bcc Save original virtual port in edge conn HS ident. 2018-09-15 16:32:24 +03:00
George Kadianakis
27d7491f5a Introduce per-service HiddenServiceExportCircuitID torrc option.
Moves code to a function, better viewed with --color-moved.
2018-09-15 16:31:22 +03:00
Nick Mathewson
4bdba5fa4b Merge branch 'maint-0.3.4' 2018-09-14 12:56:31 -04:00
David Goulet
33c99cf565 hs-v2: Demote log warning to info when we don't have a consensus
Fixes #27040

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:04:01 -04:00
Nick Mathewson
bb012d7941 Merge remote-tracking branch 'tor-github/pr/329' 2018-09-14 09:22:23 -04:00
Nick Mathewson
b67f3b751a Merge branch 'ticket27247' 2018-09-14 09:14:12 -04:00
Nick Mathewson
88c9730817 Re-order includes to expose intptr_t to tor_api_internal.h 2018-09-14 07:11:37 -04:00
Nick Mathewson
83b8a76f0c Fix a shadowed-global warning in geoip.c
Bugfix on 5ab2110eb6b4ae9082430081cb2800018cf0dcd6; bug not in any
released Tor.
2018-09-13 17:48:33 -04:00
Nick Mathewson
b943721b2a Merge branch 'bug27224_take2_squashed' 2018-09-13 16:43:06 -04:00
rl1987
1e77376e1a Avoid calling node_get_all_orports() from node_is_a_configured_bridge()
All node_get_all_orports() does is allocate and return a smartlist
with at most two tor_addr_port_t members that match ORPort's of
node configuration. This is harmful for memory efficiency, as it
allocates the same stuff every time it is called. However,
node_is_a_configured_bridge() does not need to call it, as it
already has all the information to check if there is configured
bridge for a given node.

The new code is arranged in a way that hopefully makes each succeeding
linear search through bridge_list less likely.
2018-09-13 16:38:33 -04:00
Mike Perry
80ffedd3ca Control port call to emit a CIRC_BW event for a single circuit.
This commit only moves code. No functionality has been changed.
2018-09-13 17:44:56 +00:00
Nick Mathewson
787da5185c Merge remote-tracking branch 'onionk/strcmpstart1' 2018-09-13 13:30:53 -04:00
Nick Mathewson
b4f20ec8a6 Merge remote-tracking branch 'tor-github/pr/280' 2018-09-12 16:13:23 -04:00
Nick Mathewson
bfc847255a Merge remote-tracking branch 'dgoulet/ticket27545_035_01' 2018-09-12 10:18:11 -04:00
cypherpunks
cb9fa3b04c nodelist: fix docs for networkstatus_read_cached_consensus_impl
Fix on c12d2cb2dc.
2018-09-12 14:13:03 +00:00
cypherpunks
ab91302fd0 nodelist: use strcmpstart() instead of strncmp()
in rend_parse_v2_service_descriptor.
Fix on c58675ca72
2018-09-12 14:03:06 +00:00
Nick Mathewson
19dbc385d5 Merge remote-tracking branch 'tor-github/pr/298' 2018-09-12 09:38:52 -04:00
Nick Mathewson
5a2374b074 Merge remote-tracking branch 'tor-github/pr/315' 2018-09-11 15:55:30 -04:00
Nick Mathewson
04bb70199b Followup: Make authority_cert_parse_from_string() take length too 2018-09-11 11:43:26 -04:00
Nick Mathewson
7e3005af30 Replace "read consensus from disk" with "map consensus from disk".
Implements 27244, and should save a bunch of RAM on clients.
2018-09-11 11:43:26 -04:00
Nick Mathewson
abaca3fc8c Revise networkstatus parsing code to use lengths
This way the networkstatus can be parsed without being
NUL-terminated, so we can implement 27244 and mmap our consensus objects.
2018-09-11 11:43:26 -04:00
Suphanat Chunhapanya
57c82b74b4 hs-v3: Shuffle the list of authorized clients
This commit makes it that the authorized clients in the descriptor are in
random order instead of ordered by how they were read on disk.

Fixes #27545

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-11 11:23:49 -04:00
Nick Mathewson
e014b72b73 Stop memcpy'ing uncompressed consensuses when making diffs 2018-09-11 11:16:50 -04:00
Nick Mathewson
5595b21227 Consdiff: use lengths on inputs so they don't need NUL at the end
This is part of #27244, so that we can safely mmap consensus
documents.
2018-09-11 11:16:50 -04:00
Taylor Yu
617160895c Defer reporting directory bootstrap progress
Existing cached directory information can cause misleadingly high
bootstrap percentages.  To improve user experience, defer reporting of
directory information progress until at least one connection has
succeeded to a relay or bridge.

Closes ticket 27169.
2018-09-10 15:20:50 -05:00
David Goulet
672620901b hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 15:04:22 -04:00
Taylor Yu
687bf3ea64 Track bootstrap phase independently of progress
Track bootstrap phase (enumerated by bootstrap_status_t) independently
from the bootstrap progress (which can represent intermediate
progress).  This allows control_event_bootstrap_problem() to avoid
doing a linear search through the bootstrap progress space to find the
current bootstrap phase.
2018-09-10 13:18:32 -05:00
Taylor Yu
5733d3f71f Refactor control_event_bootstrap_core() more
Eliminate a few conditional expressions in
control_event_bootstrap_core() by overwriting the status parameter.
2018-09-10 13:18:32 -05:00
Taylor Yu
15c24d669f Refactor control_event_bootstrap() somewhat
Move the mostly-invariant part of control_event_boostrap() into a
helper control_event_bootstrap_core().  The helper doesn't modify any
state beyond doing logging and control port notifications.
2018-09-10 13:18:32 -05:00
Taylor Yu
e2988e044d Deindent much of control_event_bootstrap 2018-09-10 13:18:32 -05:00
Taylor Yu
eee62e13d9 Make control_event_bootstrap() return void
Simplify control_event_bootstrap() by making it return void again.  It
is currently a fairly complicated function, and it's made more
complicated by returning an int to signal whether it logged at NOTICE
or INFO.

The callers conditionally log messages at level NOTICE based on this
return value.  Change the callers to unconditionally log their verbose
human-readable messages at level INFO to keep NOTICE logs less
cluttered.

This partially reverts the changes of #14950.
2018-09-10 13:18:32 -05:00
George Kadianakis
34a2cbb249 Address coverity warnings (CID 1439133/1439132).
>>>>    CID 1439133:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.

>>>>    CID 1439132:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.
2018-09-10 16:54:19 +03:00
Nick Mathewson
33a0c619a8 Do not store cached_dir_t for consensus in RAM if not a dircache.
There are three reasons we use a cached_dir_t to hold a consensus:
  1. to serve that consensus to a client
  2. to apply a consensus diff to an existing consensus
  3. to send the consensus to a controller.

But case 1 is dircache-only.  Case 2 and case 3 both fall back to
networkstatus_read_cached_consensus().  So there's no reason for us
to store this as a client.  Avoiding this saves about 23% of our RAM
usage, according to our experiments last month.

This is, semantically, a partial revert of e5c608e535.

Fixes bug 27247; bugfix on 0.3.0.1-alpha.
2018-09-07 19:48:56 -04:00
Nick Mathewson
95060eacae Use networkstatus_read_cached_consensus() for GETINFO
We already had fallback code for "dir/status-vote/current/consensus"
to read from disk if we didn't have a cached_dir_t available.  But
there's a function in networkstatus_t that does it for us, so let's
do that.
2018-09-07 19:48:56 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side.
Also update some client auth test vectors that broke...
2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:07 -04:00
Nick Mathewson
7e91eb83d8 Merge branch 'maint-0.3.4' 2018-09-07 08:45:10 -04:00
Nick Mathewson
8815960c46 Merge remote-tracking branch 'tor-github/pr/294' 2018-09-06 09:47:32 -04:00
Nick Mathewson
e95b13f8ce Merge remote-tracking branch 'ageis/control-getinfo-uptime' 2018-09-06 09:30:55 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
1e71e2c104 c99 style in loop 2018-09-04 11:04:55 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
Nick Mathewson
94b04d6c64 Merge branch 'bug24104_029_squashed' 2018-09-04 10:44:36 -04:00
Neel Chauhan
1c62adb65b Change mention of is_extrainfo router_parse_list_from_string() to want_extrainfo 2018-08-29 21:05:24 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
Nick Mathewson
6c0c08bbb5 Expand the comments on ASN.1-encoded TAP keys 2018-08-29 15:04:54 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Nick Mathewson
48632455a5 Merge branch 'bug26367_035_01' 2018-08-28 16:02:04 -04:00
David Goulet
8f13c3d3ed hs: Remove rend_client_non_anonymous_mode_enabled
The removal of Tor2Web made this function useless.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
f661d856fd hs: Remove rend_client_allow_non_anonymous_connection
By removing Tor2Web, there is no way a client can be non anonymous so we
remove that function and the callsites.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
4976eca826 hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html

Close #26367

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
3b960df4f9 Merge branch 'bug26896_034' 2018-08-28 12:35:50 -04:00
rl1987
3890ad2578 Stricter HiddenServicePort parsing 2018-08-28 18:32:31 +03:00
David Goulet
d9bfc9e2e3 fixup! hs: Learn service version by trying to load the keys 2018-08-28 08:36:28 -04:00
Nick Mathewson
7217bdacb5 Merge remote-tracking branch 'tor-github/pr/289' 2018-08-24 12:57:18 -04:00
Nick Mathewson
622231ce2e Merge remote-tracking branch 'teor/bug27237' 2018-08-24 12:44:46 -04:00
Nick Mathewson
b1d0fa04fb Merge branch 'maint-0.3.4' 2018-08-24 12:35:26 -04:00
Nick Mathewson
08a1619e7f Merge branch 'maint-0.3.4' 2018-08-24 12:05:39 -04:00
Nick Mathewson
f36b3faa75 Merge branch 'maint-0.3.4' 2018-08-24 08:32:33 -04:00
teor
7a5896d5d4
Bootstrap: try harder to get descriptors in non-exit test networks
Use the mid weight for the third hop when there are no exits.

Fixes bug 27237; bugfix on 0.2.6.2-alpha.
2018-08-24 12:49:05 +10:00
Nick Mathewson
2ae92ab973 Merge branch 'maint-0.3.4' 2018-08-23 14:26:04 -04:00
David Goulet
e8557ba00d hs: Change default version from 2 to 3
Closes #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:42:23 -04:00
David Goulet
61ad81c36e hs: Learn service version by trying to load the keys
In order to switch the default HS version from 2 to 3, we need tor to be smart
and be able to decide on the version by trying to load the service keys during
configuration validation.

Part of #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:38:28 -04:00
David Goulet
cb466ee7d6 key: Make ed_key_init_from_file() take an or_options_t
Part of #27215, we need to call the ed_key_init_from_file function during
option_validate() which is before the global_options variable is set.

This commit make ed_key_init_from_file() stop using get_options() and instead
now has a or_options_t parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:32:57 -04:00
George Kadianakis
5febea0d54 Fix revision counter bugs caused by bad SRV start time computation.
Bug description: For each descriptor, its revision counter is the OPE
ciphertext of the number of seconds since the start time of its SRV value.
This bug caused us to confuse the SRV start time in the middle of the lifetime
of a descriptor in some edge-cases, which caused descriptor rejects.

Bug cause: The bug occurs when we fetch a 23:00 consensus after
midnight (e.g. at 00:08 when not all dirauths have fetched the latest 00:00
consensus). In that case, the voting schedule (which was used for SRV start
time calculation) would return a valid-after past-midnight, whereas our
consensus would be pre-midnight, and that would confuse the SRV start time
computation which is used by HS revision counters (because we would reset the
start time of SRV, without rotating descriptors).

Bug fix: We now use our local consensus time to calculate the SRV start time,
instead of the voting schedule. The voting schedule does not work as originally
envisioned in this case, because it was created for voting by dirauths and not
for scheduling stuff on clients.
2018-08-22 18:09:47 +03:00
Nick Mathewson
9a4f05b05c Split X509 code out of tortls.c 2018-08-21 12:25:33 -04:00
Nick Mathewson
0f971d7c91 Rename functions that encode/decode private keys
It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
2018-08-21 12:24:08 -04:00
Neel Chauhan
aab6aea197 Fix typo in comment for getinfo_helper_current_time() 2018-08-20 11:49:35 -04:00
rl1987
5ab2110eb6 Rework predicted_ports_prediction_time_remaining() to fix CID 1438153 2018-08-19 21:03:01 +03:00
Neel Chauhan
64d9ea1413
In addrs_in_same_network_family(), choose IP subnet size based on IP type 2018-08-17 13:37:51 +10:00
Nick Mathewson
7e50d43f07 Merge branch 'maint-0.3.4' 2018-08-16 08:37:11 -04:00
Nick Mathewson
61d5bcc1a2 Merge remote-tracking branch 'tor-github/pr/268' 2018-08-11 10:04:04 -04:00
Nick Mathewson
b7ed61167f Merge remote-tracking branch 'tor-github/pr/239' 2018-08-10 12:35:06 -04:00
Nick Mathewson
df444e482b Provide examples of tor_api_get_provider_version() output
At the same time, sternly warn any person thinking about relying on
any particular format too strictly.  If you do this, and your
program breaks, it is your bug, not mine.
2018-08-08 18:10:28 -04:00
Nick Mathewson
159141a8c6 Merge branch 'ticket26947' 2018-08-08 18:07:32 -04:00
rl1987
7a1007861f Print stacktrace when crypto_pk_get_digest() fails in router_build_fresh_descriptor() 2018-08-08 18:56:27 +03:00
rl1987
9c242e950b Consider all routerinfo errors other than "not a server" transient 2018-08-08 18:47:43 +03:00
Neel Chauhan
3a2b5a5bcb Fix typo in control_event_hs_descriptor_content() 2018-08-08 00:12:00 -04:00
Nick Mathewson
c77fe82155 Add API for creating an owning controller FD and passing it to tor_main 2018-08-01 11:01:52 -04:00
Nick Mathewson
9a89450b6d tor_api: Extend tor_api code so it can pass extra arguments to main.
We need this so that the tor_api user can specify some arguments,
while the tor_api implementation adds others.

This implementation detail should not be visible to tor_api users.
2018-08-01 11:01:52 -04:00
Nick Mathewson
fdaa483098 Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged 2018-07-31 19:56:23 -04:00
Nick Mathewson
772106c6bc Add a new function, tor_api_get_provider_version()
Closes ticket 26947.
2018-07-31 09:18:54 -04:00
Roger Dingledine
fe9f585143 fix wrong word in comment 2018-07-30 22:35:33 -04:00
Nick Mathewson
3a6bd21440 Merge remote-tracking branch 'teor/bug26627_033_merged_master' 2018-07-30 09:01:55 -04:00
Nick Mathewson
13393b2d91 Merge remote-tracking branch 'rl1987/ticket21349_4' 2018-07-30 08:49:49 -04:00
Nick Mathewson
ac9d08f66a Merge remote-tracking branch 'juga/ticket3723_03_squashed_rebased' 2018-07-30 08:33:59 -04:00
rl1987
ffdfd39d4f Early bailout from log_addr_has_changed() if running as client 2018-07-26 17:49:27 +03:00
teor
fc4d08e260 Merge branch 'bug26627_033' into bug26627_033_merged_master 2018-07-25 09:17:17 +10:00
rl1987
042d22c8d1 Split select_entry_guard_for_circuit() 2018-07-21 18:38:33 +03:00
rl1987
e6c51a056c Make entry_guards_update_primary() shorter 2018-07-21 18:38:33 +03:00
rl1987
86549c0d9e Split sampled_guards_update_from_consensus() into subfunctions 2018-07-21 18:38:33 +03:00
Nick Mathewson
9ae3597540 Tweak assertion in get_time_period_length() for coverity
This is another attempt to fix 1437668.  The assertion here should
be safe, since the rules of networkstatus_get_param() keep the value
it returns in range.
2018-07-20 11:02:07 -04:00
Nick Mathewson
583df33e20 Merge branch 'maint-0.3.4' 2018-07-20 10:42:29 -04:00
Nick Mathewson
c1092e9aab Merge remote-tracking branch 'ahf-github/bugs/26780' 2018-07-19 12:22:39 -04:00
Nick Mathewson
23811052fe Add some missing includes and struct declarations. 2018-07-18 15:12:18 -04:00
Nick Mathewson
61e080e24a Merge branch 'maint-0.3.4' 2018-07-18 15:09:28 -04:00
Nick Mathewson
e2b744ce38 Merge branch 'bug25552_ope_squashed' 2018-07-17 16:19:32 -04:00
Neel Chauhan
32db806dfa Teach the OOM handler about the DNS cache 2018-07-17 09:19:27 -04:00
Kevin Gallagher
4ba26f95d5 control: Add new 'uptime' message to GETINFO
Sends the Tor controller the uptime in seconds.
Highly useful for monitoring purposes.
2018-07-16 19:19:10 -07:00
Neel Chauhan
d807ca1b01 Add and use dns_cache_total_allocation() 2018-07-16 17:19:53 -04:00
teor
79f249e786 dirauth: Handle V3BandwidthsFile failure modes according to the new spec
If an authority is not configured with a V3BandwidthsFile, this line
SHOULD NOT appear in its vote.

If an authority is configured with a V3BandwidthsFile, but parsing
fails, this line SHOULD appear in its vote, but without any headers.

Part of 3723, implements the spec in 26799.
2018-07-16 14:43:49 +00:00
juga0
9773311b20 Add keyval header, that was moved to other file 2018-07-16 14:43:49 +00:00
juga0
8164534f46 Ensure that bw_file_headers is not bigger than max 2018-07-16 14:43:49 +00:00
juga0
87fc409a70 Replace bwlist by bw_file and terminator condition
If bandwidth file terminator is found, set end of headers flag
and do not store the line.
If it is not, parse a relay line and check whether it is a header
line.
2018-07-16 14:43:49 +00:00
juga0
f906d9be11 Replace bwlist by bw_file
and add bw file terminator constant
2018-07-16 14:43:49 +00:00
juga0
d79c65772b Rename bwlist to bw_file and banwidth to
bandwidth-file
2018-07-16 14:43:49 +00:00
juga0
6d8bc12583 Free bw_list_headers in networstatus_t 2018-07-16 14:43:49 +00:00
juga0
106eb08d27 Add bw_file_headers to networkstatus_t 2018-07-16 14:43:49 +00:00
juga0
f0a4a5f726 Check that the header is key_value
to avoid interpreting as headers extra lines that are not key_values
2018-07-16 14:43:49 +00:00
juga0
086060e138 Do not add bw file line to the vote
when there are not bw file headers lines.
2018-07-16 14:43:49 +00:00
juga0
e5dd46beab Add the Bandwidth List file headers to votes
* add bwlist_headers argument to dirserv_read_measured_bandwidth
  in order to store all the headers found when parsing the file
* add bwlist_headers to networkstatus_t in order to store the
  the headers found by the previous function
* include the bandwidth headers as string in vote documents
* add test to check that dirserv_read_measured_bandwidth generates
  the bwlist_headers
2018-07-16 14:43:48 +00:00
Alexander Færøy
c9de65f966 Add checks in get_net_param_from_list() for valid output domain.
This patch adds two assertions in get_net_param_from_list() to ensure
that the `res` value is correctly within the range of the output domain.

Hopefully fixes Coverity CID #1415721, #1415722, and #1415723.

See: https://bugs.torproject.org/26780
2018-07-13 12:43:57 +02:00
Nick Mathewson
f45107e7de Rename crypto.c to crypto_cipher.c (since that's all it still has.) 2018-07-11 14:12:36 -04:00
Nick Mathewson
12a1ada158 Move the initialization and cleanup parts of crypto.c
These are now part of crypto_init.c.  The openssl-only parts now
live in crypto_openssl_mgt.c.

I recommend reviewing this patch with -b and --color-moved.
2018-07-11 13:45:49 -04:00
Nick Mathewson
537092cdbb Merge branch 'ticket26223' 2018-07-10 20:18:28 -04:00
Nick Mathewson
391ef5e42c Explain why we use raw_free with getdelim result. 2018-07-10 20:16:37 -04:00
Nick Mathewson
e7f5f48d68 Rename torlog.[ch] to log.[ch]
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file.  But now that we always
include "lib/log/log.h", we should be fine.
2018-07-10 15:20:30 -04:00
Nick Mathewson
a2c44a7a7e Isolate resolve.h usage in the modules that really need it.
(Almost none of Tor should actually need to touch the platform resolver.)
2018-07-10 13:36:45 -04:00
Nick Mathewson
951d59d706 Use tor_getline() in dirserv.c to remove its upper line limit.
Closes ticket 26223.
2018-07-10 10:36:49 -04:00
Nick Mathewson
6574d4bd27 Refactor dirserv_read_measured_bandwidths to have a single exit point 2018-07-10 10:36:49 -04:00
Nick Mathewson
19f2057d49 Fix some lingering windows compilation issues from Jenkins.
These were caused by the recent refactoring.
2018-07-09 12:54:40 -04:00
Nick Mathewson
e7463be39b Merge branch 'maint-0.3.4' 2018-07-09 10:16:51 -04:00
Nick Mathewson
83de46eb25 Changes file and comment for 25928. 2018-07-09 10:16:48 -04:00
Nick Mathewson
7746b071d8 Merge remote-tracking branch 'gsomlo/gls-single-da' 2018-07-09 09:59:46 -04:00
Nick Mathewson
667a6e8fe9 Whoops. Protover.[ch] belong in src/core/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
ef486e3c02 Fix every include path changed in the previous commit (automated)
I am very glad to have written this script.
2018-07-05 17:15:50 -04:00
Nick Mathewson
63b4ea22af Move literally everything out of src/or
This commit won't build yet -- it just puts everything in a slightly
more logical place.

The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature".  The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.

This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all.  That
will have to come in the future.

We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.
2018-07-05 17:15:50 -04:00