nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-24 15:04:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,485 Commits 53 Branches 629 Tags 108 MiB
d67bf8b2f2
Commit Graph

20485 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Mathewson
6dbd451b9f Add benchmarks for ed25519 functions 2014-09-25 15:08:32 -04:00
Nick Mathewson
9b43a4a122 Add comments to ed25519_vectors.inc 2014-09-25 15:08:32 -04:00
Nick Mathewson
6981341764 Cut the time to run the python ed25519 tests by a factor of ~6 
I know it's pointless to optimize them, but I just can't let them
spend all that time in expmod() when native python pow() does the same
thing.
 2014-09-25 15:08:32 -04:00
Nick Mathewson
7ca470e13c Add a reference implementation of our ed25519 modifications 
Also, use it to generate test vectors, and add those test vectors
to test_crypto.c

This is based on ed25519.py from the ed25519 webpage; the kludgy hacks
are my own.
 2014-09-25 15:08:32 -04:00
Nick Mathewson
d10e1bdec4 Add the pure-python ed25519 implementation, for testing. 2014-09-25 15:08:31 -04:00
Nick Mathewson
f0eb7ae79f More documentation for ed25519 stuff. 2014-09-25 15:08:31 -04:00
Nick Mathewson
1d3b33e1ed Fix linux compilation of ed25519_ref10 
Our integer-definition headers apparently suck in a definition for
select(2), which interferes with the select() in ge_scalarmult_base.c
 2014-09-25 15:08:31 -04:00
Nick Mathewson
25b1a32ef8 Draft implementation for ed25519 key blinding, as in prop224 
This implementation allows somebody to add a blinding factor to a
secret key, and a corresponding blinding factor to the public key.

Robert Ransom came up with this idea, I believe.  Nick Hopper proved a
scheme like this secure.  The bugs are my own.
 2014-09-25 15:08:31 -04:00
Nick Mathewson
4caa6fad4c Add curve25519->ed25519 key conversion per proposal 228 
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key.  But how can we sign something with a key that
is only for doing Diffie-Hellman?  By converting it to the
corresponding ed25519 point.

See the ALL-CAPS warning in the documentation.  According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.

(Unit tests included.  What kind of a monster do you take me for?)
 2014-09-25 15:08:31 -04:00
Nick Mathewson
ed48b0fe56 Support for writing ed25519 public/private components to disk. 
This refactors the "== type:tag ==" code from crypto_curve25519.c
 2014-09-25 15:08:31 -04:00
Nick Mathewson
c75e275574 Add encode/decode functions for ed25519 public keys 2014-09-25 15:08:31 -04:00
Nick Mathewson
22760c4899 Restore the operation of extra_strong in ed25519_secret_key_generate 2014-09-25 15:08:31 -04:00
Nick Mathewson
006e6d3b6f Another ed25519 tweak: store secret keys in expanded format 
This will be needed/helpful for the key blinding of prop224, I
believe.
 2014-09-25 15:08:31 -04:00
Nick Mathewson
9e43ee5b4c Fix API for ed25519_ref10_open() 
This is another case where DJB likes sticking the whole signature
prepended to the message, and I don't think that's the hottest idea.

The unit tests still pass.
 2014-09-25 15:08:31 -04:00
Nick Mathewson
e0097a8839 Tweak ed25519 ref10 signing interface to use less space. 
Unit tests still pass.
 2014-09-25 15:08:31 -04:00
Nick Mathewson
e5a1cf9937 Tweak ref10 keygen APIs to be more sane. 2014-09-25 15:08:30 -04:00
Nick Mathewson
87ba033cd5 Add Ed25519 support, wrappers, and tests. 
Taken from earlier ed25519 branch based on floodyberry's
ed25519-donna.  Tweaked so that it applies to ref10 instead.
 2014-09-25 15:08:20 -04:00
Nick Mathewson
50d15e06b3 Use --require-version to prevent running trunnel pre-1.2 
(Also, regenerate trunnel stuff with trunnel 1.2.  This just adds a
few comments to our output.)
 2014-09-25 14:49:00 -04:00
Nick Mathewson
d303d6244e Have the run_trunnel.sh script tell trunnel to update src/ext/trunnel too 2014-09-25 13:16:35 -04:00
Nick Mathewson
1b13139709 Add a script to run trunnel on the trunnel files. 
Also, re-run the latest trunnel.

Closes ticket 13242
 2014-09-25 12:32:08 -04:00
Nick Mathewson
36700ee99e Mention trunnel in LICENSE and src/ext/README 2014-09-25 12:03:46 -04:00
Nick Mathewson
764e008092 Merge branch 'libscrypt_trunnel_squashed' 
Conflicts:
	src/test/test_crypto.c
 2014-09-25 12:03:41 -04:00
Nick Mathewson
c433736734 Add tests for failing cases of crypto_pwbox 2014-09-25 11:58:14 -04:00
Nick Mathewson
3b7d0ed08e Use trunnel for crypto_pwbox encoding/decoding. 
This reduces the likelihood that I have made any exploitable errors
in the encoding/decoding.

This commit also imports the trunnel runtime source into Tor.
 2014-09-25 11:58:14 -04:00
Nick Mathewson
3011149401 Adjust pwbox format: use a random IV each time 
Suggested by yawning
 2014-09-25 11:58:14 -04:00
Nick Mathewson
d0f5d2b662 Test a full array of s2k flags with pwbox test. 
Suggested by yawning.
 2014-09-25 11:58:14 -04:00
Nick Mathewson
05a6439f1f Use preferred key-expansion means for pbkdf2, scrypt. 
Use HKDF for RFC2440 s2k only.
 2014-09-25 11:58:13 -04:00
Nick Mathewson
8d84f3af7b Test vectors for PBKDF2 from RFC6070 2014-09-25 11:58:13 -04:00
Nick Mathewson
b59d0dae14 Test vectors for scrypt from draft-josefsson-scrypt-kdf-00 2014-09-25 11:58:13 -04:00
Nick Mathewson
2b2cab4141 Tweak and expose secret_to_key_compute_key for testing 
Doing this lets me pass in a salt of an unusual length.
 2014-09-25 11:58:13 -04:00
Nick Mathewson
8184839a47 Rudimentary-but-sufficient passphrase-encrypted box code. 
See crypto_pwbox.c for a description of the file format.

There are tests for successful operation, but it still needs
error-case tests.
 2014-09-25 11:58:13 -04:00
Nick Mathewson
e84e1c9745 More generic passphrase hashing code, including scrypt support 
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.

Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
 2014-09-25 11:58:13 -04:00
Nick Mathewson
b0767e85b8 Tell autoconf to make the compiler act as c99 
Apparently some compilers want extra switches.
 2014-09-25 11:36:28 -04:00
Nick Mathewson
0ca8387246 Tweak address.c to use a little c99 syntax 
Since address.c is the first file to get compiled, let's have it use
a little judicious c99 in order to catch broken compilers that
somehow make it past our autoconf tests.
 2014-09-25 11:22:02 -04:00
Nick Mathewson
7f5103ec59 Require two c99 features (midblock decls, designated initializers) 
c99 lets us do neat stuff like:

    {
      int j, k;
      foo(&j, &k);
      int z = j + k;
    }

and also
    struct point { int x; int y; };
    struct point pt = { .x=5, .y=5 };

This commit makes the configure scripts check to make sure your
compiler implements them.  It also disables our longstanding warning
about midblock declarations.

Closes ticket 13233.
 2014-09-25 11:20:04 -04:00
Yawning Angel
fa60a64088 Do not launch pluggable transport plugins when DisableNetwork is set. 
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
 2014-09-24 09:39:15 +00:00
Roger Dingledine
ecab261641 two more typos 2014-09-23 18:30:02 -04:00
Nick Mathewson
6523eff9b3 Send long URLs when requesting ordinary server descriptors too. 2014-09-23 13:04:22 -04:00
Nick Mathewson
055ad9c5fb fixup! Send more descriptor requests per attempt when using tunneled connections 
Limit the number of simultaneous connections to a single router for
server descriptors too.
 2014-09-23 12:57:10 -04:00
Nick Mathewson
0fdfdae7e3 fixup! Refactor initiate_descriptor_downloads() to be safer 
Calculate digest_len correctly.

Also, refactor setting of initial variables to look a little nicer.
 2014-09-23 12:56:16 -04:00
Nick Mathewson
55b21b366c fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_* 
Document n_busy_out, and set it correctly when we goto retry_without_exclude.
 2014-09-23 12:47:39 -04:00
Nick Mathewson
482e3cfa09 fixup! Unit tests for router download functions. 
Fix compilation warnings
 2014-09-23 12:38:43 -04:00
Nick Mathewson
02464694b2 fixup! Send more descriptor requests per attempt when using tunneled connections 
Compilation fixes
 2014-09-23 12:34:51 -04:00
Nick Mathewson
06bda50600 fixup! Download microdescriptors if you're a cache 2014-09-23 12:32:02 -04:00
Nick Mathewson
cae0e7b06b fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_* 
Clean up comments on PDS_NO_EXISTING_*
 2014-09-23 12:30:47 -04:00
Arlo Breault
bb137e23c1 Unit tests for router download functions. 
Also, sort test suites alphabetically.
 2014-09-23 12:23:18 -04:00
Arlo Breault
5ed5ac185b Send more descriptor requests per attempt when using tunneled connections 2014-09-23 12:22:28 -04:00
Arlo Breault
21d5dbd474 Refactor initiate_descriptor_downloads() to be safer 
(It's smarter to use asprintf and join than character pointers and a
long buffer.)
 2014-09-23 12:21:08 -04:00
Arlo Breault
29f15a97ed Make router_pick_directory_server respect PDS_NO_EXISTING_* 2014-09-23 12:19:15 -04:00
Arlo Breault
f752093e16 Re-enable last resort attempt to get via tor. 
This looks like a bug introduced in
af658b7828.
 2014-09-23 12:15:10 -04:00