Commit Graph

36 Commits

Author SHA1 Message Date
rl1987
b7fae0f48c Heed --disable-unittests properly 2018-06-02 12:53:04 +03:00
Isis Lovecruft
fe3aca1491
crypto: Refactor (P)RNG functionality into new crypto_rand module.
* ADD new /src/common/crypto_rand.[ch] module.
 * ADD new /src/common/crypto_util.[ch] module (contains the memwipe()
   function, since all crypto_* modules need this).
 * FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 21:45:28 +00:00
Deepesh Pathak
ca6682f3f8 Fix spelling mistakes corresponding to ticket #23650 2018-02-07 10:41:57 -05:00
Nick Mathewson
a007c02df0 Re-run trunnel. Cosmetic changes only. 2017-08-24 16:13:01 -04:00
David Goulet
2f1b3d647f trunnel: Add RENDEZVOUS2 cell definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
Nick Mathewson
8e84968ffb Re-run trunnel. 2017-08-08 20:34:39 -04:00
Nick Mathewson
2f17743d6f Put comment in the trunnel file, so it wont go away. 2017-08-08 20:31:47 -04:00
George Kadianakis
686891d67e prop224: Add XXX about opaqueness of link_specifier_t. 2017-08-08 20:29:35 -04:00
David Goulet
3e537c6fe4 trunnel: Add prop224 RENDEZVOUS1 cell definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
Nick Mathewson
4d30dde156 Merge branch 'netflow_padding-v6-rebased2-squashed' 2017-05-08 13:54:59 -04:00
Mike Perry
b0e92634d8 Netflow record collapsing defense.
This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.

Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.

The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.

The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.

Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.
2017-05-08 13:49:21 -04:00
David Goulet
6bacc3c7a8 hs: Change trunnel prop224 cell's namespace
One of the goals of this change is to have trunnel API/ABI being more explicit
so we namespace them with "trn_*". Furthermore, we can now create
hs_cells.[ch] without having to confuse it with trunnel which used to be
"hs_cell_*" before that change.

Here are the perl line that were used for this rename:

  perl -i -pe 's/cell_extension/trn_cell_extension/g;' src/*/*.[ch]
  perl -i -pe 's/cell_extension/trn_cell_extension/g;' src/trunnel/hs/*.trunnel
  perl -i -pe 's/hs_cell_/trn_cell_/g;' src/*/*.[ch]
  perl -i -pe 's/hs_cell_/trn_cell_/g;' src/trunnel/hs/*.trunnel

  And then "./scripts/codegen/run_trunnel.sh" with trunnel commit id
  613fb1b98e58504e2b84ef56b1602b6380629043.

Fixes #21919

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-11 13:46:41 -04:00
David Goulet
e043b96887 trunnel: Move ESTABLISH_INTRO cell sig_len after the end_sig_fields
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:21:07 -05:00
Nick Mathewson
bc68eedd79 Update to trunnel 1.5.1 2016-12-08 16:59:25 -05:00
Nick Mathewson
1be671f505 Trunnel-side: start migrating extend/extend2 to trunnel 2016-11-10 09:43:27 -05:00
Nick Mathewson
c35c43d7d9 Merge branch 'ticket17238_029_02-resquash'
Conflicts:
	src/or/rendclient.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/test/test_dir.c
	src/trunnel/ed25519_cert.h
2016-11-04 13:26:37 -04:00
David Goulet
15f3563f1b trunnel: Uncomment link_specifier so we can use it
Also add a trunnel definition for link_specifier_list

Signed-off-by: John Brooks <special@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
Nick Mathewson
1d76d38903 Re-run trunnel. 2016-10-31 16:25:34 -04:00
David Goulet
0fa671843e prop224: Add INTRODUCE1 and INTRODUCE_ACK trunnel definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-31 16:24:30 -04:00
David Goulet
f22eb2730c prop224: Add ESTABLISH_INTRO and INTRO_ESTABLISHED trunnel definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-31 16:03:28 -04:00
Nick Mathewson
206a9726b1 Regenerate trunnel code with trunnel 1.5 2016-10-26 11:06:45 -04:00
Nick Mathewson
25513ae174 Re-run trunnel. 2016-07-28 10:52:43 -04:00
Nick Mathewson
a508119169 Update to trunnel 1.4.4 to fix 18373 2016-02-22 14:19:29 -05:00
Nick Mathewson
49ccb7e7b8 Mention trunnel in CodingStandards; describe how in trunnel/README 2015-10-14 10:40:27 -04:00
Nick Mathewson
62d6a8ef4d Add a README for the trunnel directory 2015-09-29 13:43:12 +02:00
Nick Mathewson
988d208814 Update to latest trunnel 2015-08-18 09:47:36 -04:00
Nick Mathewson
3323615dd2 Re-run trunnel to capture change for msvc. 2015-07-23 12:05:06 -04:00
Nick Mathewson
e045c3e1e8 Update trunnel code.
This gets the minor change in trunnel 1.4.1, which should avoid
deadcode warnings from Coverity.
2015-05-28 12:44:52 -04:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
df05e195ee Add trunnel-generated items for link handshake code.
This includes the link handshake variations for proposal220.

We'll use this for testing first, and then use it to extend our
current code to support prop220.
2015-05-28 10:41:49 -04:00
Nick Mathewson
818e6f939d prop220: Implement certificates and key storage/creation
For prop220, we have a new ed25519 certificate type. This patch
implements the code to create, parse, and validate those, along with
code for routers to maintain their own sets of certificates and
keys.  (Some parts of master identity key encryption are done, but
the implementation of that isn't finished)
2015-05-28 10:40:56 -04:00
Sebastian Hahn
1228dd293b Disable assertions during coverage builds
This removes roughly 5000 branches in my testing. We never want to
trigger assertions even during tests, so this is sane. Implements #15400.
2015-03-21 02:34:44 +01:00
Nick Mathewson
9fd6fbec28 Regenerate pwbox.c with the latest trunnel
This one should no longer generate dead-code warnings with coverity.
Fingers crossed?  This was CID 1241498
2014-09-26 09:33:24 -04:00
Nick Mathewson
50d15e06b3 Use --require-version to prevent running trunnel pre-1.2
(Also, regenerate trunnel stuff with trunnel 1.2.  This just adds a
few comments to our output.)
2014-09-25 14:49:00 -04:00
Nick Mathewson
1b13139709 Add a script to run trunnel on the trunnel files.
Also, re-run the latest trunnel.

Closes ticket 13242
2014-09-25 12:32:08 -04:00
Nick Mathewson
3b7d0ed08e Use trunnel for crypto_pwbox encoding/decoding.
This reduces the likelihood that I have made any exploitable errors
in the encoding/decoding.

This commit also imports the trunnel runtime source into Tor.
2014-09-25 11:58:14 -04:00