Commit Graph

30005 Commits

Author SHA1 Message Date
Nick Mathewson
ba2cc781ef Merge branch 'maint-0.3.4'
"ours" to avoid version bump.
2018-09-10 09:42:50 -04:00
Nick Mathewson
96601a6805 Bump to 0.3.4.8-dev 2018-09-10 09:42:40 -04:00
Nick Mathewson
7a343ecec5 Merge branch 'maint-0.3.3' into maint-0.3.4
"ours" to avoid version bump.
2018-09-10 09:42:22 -04:00
Nick Mathewson
05f5f65006 Bump to 0.3.3.10-dev. 2018-09-10 09:42:12 -04:00
Nick Mathewson
8cfca28be2 Merge branch 'maint-0.3.2' into maint-0.3.3
"ours" to avoid version bump.
2018-09-10 09:41:55 -04:00
Nick Mathewson
8408331b3e Merge branch 'maint-0.2.9' into maint-0.3.2
"ours" to avoid version bump.
2018-09-10 09:41:39 -04:00
Nick Mathewson
ec4a7641f1 Bump to 0.3.2.12-dev 2018-09-10 09:41:34 -04:00
Nick Mathewson
b203dedaf5 Bump to 0.2.9.17-dev 2018-09-10 09:41:22 -04:00
Nick Mathewson
a52d5d5309 Refactor initialization in curve25519_basepoint_spot_check
This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.
2018-09-09 10:21:13 -04:00
Roger Dingledine
776c1a5d1a make ipv6-only config complaint clearer
(a relay operator hit this on #tor-relays and couldn't make sense
of it. i couldn't either until i went to go read the code.)
2018-09-08 17:08:22 -04:00
Nick Mathewson
9f0e8d8c03 Merge branch 'maint-0.3.4' 2018-09-07 15:14:03 -04:00
Nick Mathewson
0d5aaef465 Merge branch 'maint-0.3.3' into maint-0.3.4
"ours" to avoid bump.
2018-09-07 15:12:27 -04:00
Nick Mathewson
cff7cb858b Merge branch 'maint-0.3.2' into maint-0.3.3
"ours" to avoid bump
2018-09-07 15:12:09 -04:00
Nick Mathewson
36885f34f6 Merge branch 'maint-0.2.9' into maint-0.3.2
"ours" to avoid bump
2018-09-07 15:11:49 -04:00
Nick Mathewson
43e400f340 Bump to 0.3.3.10 2018-09-07 15:11:18 -04:00
Nick Mathewson
cdaf9aec8e Bump to 0.3.2.12 2018-09-07 15:11:07 -04:00
Nick Mathewson
da29074fc4 Bump to 0.2.9.17 2018-09-07 15:10:49 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side.
Also update some client auth test vectors that broke...
2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5e1d36c7db bug: Use PATH_SEPARATOR instead of slash
In function get_fname_suffix, previously it uses /, but in fact it
should use PATH_SEPARATOR.
2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
69fb25b0f6 test: HS v3 descriptor decoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fd6bec923c test: HS v3 descriptor encoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
0dab4ac2dd test: HS v3 building a descriptor with client auth
This commit tests that the descriptor building result, when the client
authorization is enabled, includes everything that is needed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:07 -04:00
Nick Mathewson
13d0855a89 Merge remote-tracking branch 'teor/bug27521' 2018-09-07 10:29:45 -04:00
Nick Mathewson
b9103c38c3 Merge branch 'maint-0.3.4'
"ours" to avoid version bump
2018-09-07 09:49:41 -04:00
Nick Mathewson
fa38bbb700 Bump to 0.3.4.8 2018-09-07 09:49:29 -04:00
Nick Mathewson
859d744eb8 in master, remove changes files for already-merged changes 2018-09-07 09:39:54 -04:00
Nick Mathewson
c50a053a95 Copy updated 0.3.4.6-rc changelog to master
Forward-ports fix for 27488.
2018-09-07 09:32:31 -04:00