October 2011 - tor-commits - lists.torproject.org

[tor/master] Function to get digests of the certs and their keys
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 8c9fdecfe9e6c93e678a5917e302aa18ada8a3b6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Sep 14 14:43:44 2011 -0400 Function to get digests of the certs and their keys --- src/common/tortls.c | 14 ++++++++++++++ src/common/tortls.h | 2 ++ 2 files changed, 16 insertions(+), 0 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 0ba47ba..1435223 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -789,6 +789,20 @@ tor_cert_get_der(const tor_cert_t *cert, *size_out = cert->encoded_len; } +/** Return a set of digests for the public key in cert. */ +const digests_t * +tor_cert_get_id_digests(const tor_cert_t *cert) +{ + return &cert->pkey_digests; +} + +/** Return a set of digests for the public key in cert. */ +const digests_t * +tor_cert_get_cert_digests(const tor_cert_t *cert) +{ + return &cert->cert_digests; +} + /** Remove a reference to ctx, and free it if it has no more * references. */ static void diff --git a/src/common/tortls.h b/src/common/tortls.h index 36309af..40eb830 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -112,6 +112,8 @@ void tor_cert_free(tor_cert_t *cert); tor_cert_t *tor_cert_decode(const uint8_t *certificate, size_t certificate_len); void tor_cert_get_der(const tor_cert_t *cert, const uint8_t **encoded_out, size_t *size_out); +const digests_t *tor_cert_get_id_digests(const tor_cert_t *cert); +const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert); int tor_tls_get_my_certs(int server, const tor_cert_t **link_cert_out, const tor_cert_t **id_cert_out);

1 0

[tor/master] Functions to get a public RSA key from a cert
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 0a4f56277290d4736db3b15dc4c2071000f7883f Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Sep 22 10:18:17 2011 -0400 Functions to get a public RSA key from a cert --- src/common/tortls.c | 34 ++++++++++++++++++++++++++++++++++ src/common/tortls.h | 2 ++ 2 files changed, 36 insertions(+), 0 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 332d784..5d36fd0 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -838,6 +838,40 @@ tor_tls_get_my_certs(int server, return 0; } +/** + * Return the authentication key that we use to authenticate ourselves as a + * client in the V3 in-protocol handshake. + */ +crypto_pk_env_t * +tor_tls_get_my_client_auth_key(void) +{ + if (! client_tls_context) + return NULL; + return client_tls_context->auth_key; +} + +/** + * Return the public key that a cetificate certifies. Return NULL if the + * cert's key is not RSA. + */ +crypto_pk_env_t * +tor_tls_cert_get_key(tor_cert_t *cert) +{ + crypto_pk_env_t *result = NULL; + EVP_PKEY *pkey = X509_get_pubkey(cert->cert); + RSA *rsa; + if (!pkey) + return NULL; + rsa = EVP_PKEY_get1_RSA(pkey); + if (!rsa) { + EVP_PKEY_free(pkey); + return NULL; + } + result = _crypto_new_pk_env_rsa(rsa); + EVP_PKEY_free(pkey); + return result; +} + /** Return true iff a and b represent the same public key. */ static int pkey_eq(EVP_PKEY *a, EVP_PKEY *b) diff --git a/src/common/tortls.h b/src/common/tortls.h index 70d24a5..b522dd1 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -118,6 +118,8 @@ const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert); int tor_tls_get_my_certs(int server, const tor_cert_t **link_cert_out, const tor_cert_t **id_cert_out); +crypto_pk_env_t *tor_tls_get_my_client_auth_key(void); +crypto_pk_env_t *tor_tls_cert_get_key(tor_cert_t *cert); int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert); int tor_tls_cert_is_valid(const tor_cert_t *cert, const tor_cert_t *signing_cert);

1 0

[tor/master] Add AUTH keys as specified in proposal 176
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit a6fc5059cdb3263c0053ac76c39bef43a61269cc Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Sep 16 11:21:30 2011 -0400 Add AUTH keys as specified in proposal 176 Our keys and x.509 certs are proliferating here. Previously we had: An ID cert (using the main ID key), self-signed A link cert (using a shorter-term link key), signed by the ID key Once proposal 176 and 179 are done, we will also have: Optionally, a presentation cert (using the link key), signed by whomever. An authentication cert (using a shorter-term ID key), signed by the ID key. These new keys are managed as part of the tls context infrastructure, since you want to rotate them under exactly the same circumstances, and since they need X509 certificates. --- src/common/tortls.c | 46 ++++++++++++++++++++++++++++++++++------------ 1 files changed, 34 insertions(+), 12 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 5d36fd0..e275307 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -112,9 +112,11 @@ struct tor_cert_t { typedef struct tor_tls_context_t { int refcnt; SSL_CTX *ctx; - tor_cert_t *my_cert; + tor_cert_t *my_link_cert; tor_cert_t *my_id_cert; - crypto_pk_env_t *key; + tor_cert_t *my_auth_cert; + crypto_pk_env_t *link_key; + crypto_pk_env_t *auth_key; } tor_tls_context_t; #define TOR_TLS_MAGIC 0x71571571 @@ -811,9 +813,11 @@ tor_tls_context_decref(tor_tls_context_t *ctx) tor_assert(ctx); if (--ctx->refcnt == 0) { SSL_CTX_free(ctx->ctx); - tor_cert_free(ctx->my_cert); + tor_cert_free(ctx->my_link_cert); tor_cert_free(ctx->my_id_cert); - crypto_free_pk_env(ctx->key); + tor_cert_free(ctx->my_auth_cert); + crypto_free_pk_env(ctx->link_key); + crypto_free_pk_env(ctx->auth_key); tor_free(ctx); } } @@ -832,7 +836,7 @@ tor_tls_get_my_certs(int server, if (! ctx) return -1; if (link_cert_out) - *link_cert_out = ctx->my_cert; + *link_cert_out = server ? ctx->my_link_cert : ctx->my_auth_cert; if (id_cert_out) *id_cert_out = ctx->my_id_cert; return 0; @@ -1050,37 +1054,48 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext, static tor_tls_context_t * tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) { - crypto_pk_env_t *rsa = NULL; + crypto_pk_env_t *rsa = NULL, *rsa_auth = NULL; EVP_PKEY *pkey = NULL; tor_tls_context_t *result = NULL; - X509 *cert = NULL, *idcert = NULL; + X509 *cert = NULL, *idcert = NULL, *authcert = NULL; char *nickname = NULL, *nn2 = NULL; tor_tls_init(); nickname = crypto_random_hostname(8, 20, "www.", ".net"); nn2 = crypto_random_hostname(8, 20, "www.", ".net"); - /* Generate short-term RSA key. */ + /* Generate short-term RSA key for use with TLS. */ if (!(rsa = crypto_new_pk_env())) goto error; if (crypto_pk_generate_key(rsa)<0) goto error; - /* Create certificate signed by identity key. */ + /* Generate short-term RSA key for use in the in-protocol ("v3") + * authentication handshake. */ + if (!(rsa_auth = crypto_new_pk_env())) + goto error; + if (crypto_pk_generate_key(rsa_auth)<0) + goto error; + /* Create a link certificate signed by identity key. */ cert = tor_tls_create_certificate(rsa, identity, nickname, nn2, key_lifetime); /* Create self-signed certificate for identity key. */ idcert = tor_tls_create_certificate(identity, identity, nn2, nn2, IDENTITY_CERT_LIFETIME); - if (!cert || !idcert) { + /* Create an authentication certificate signed by identity key. */ + authcert = tor_tls_create_certificate(rsa_auth, identity, nickname, nn2, + key_lifetime); + if (!cert || !idcert || !authcert) { log(LOG_WARN, LD_CRYPTO, "Error creating certificate"); goto error; } result = tor_malloc_zero(sizeof(tor_tls_context_t)); result->refcnt = 1; - result->my_cert = tor_cert_new(X509_dup(cert)); + result->my_link_cert = tor_cert_new(X509_dup(cert)); result->my_id_cert = tor_cert_new(X509_dup(idcert)); - result->key = crypto_pk_dup_key(rsa); + result->my_auth_cert = tor_cert_new(X509_dup(authcert)); + result->link_key = crypto_pk_dup_key(rsa); + result->auth_key = crypto_pk_dup_key(rsa_auth); #ifdef EVERYONE_HAS_AES /* Tell OpenSSL to only use TLS1 */ @@ -1146,6 +1161,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) if (rsa) crypto_free_pk_env(rsa); + if (rsa_auth) + crypto_free_pk_env(rsa_auth); + X509_free(authcert); tor_free(nickname); tor_free(nn2); return result; @@ -1158,12 +1176,16 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) EVP_PKEY_free(pkey); if (rsa) crypto_free_pk_env(rsa); + if (rsa_auth) + crypto_free_pk_env(rsa_auth); if (result) tor_tls_context_decref(result); if (cert) X509_free(cert); if (idcert) X509_free(idcert); + if (authcert) + X509_free(authcert); return NULL; }

1 0

[tor/master] Update documentation comment for rend_client_reextend_intro_circuit
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 9648f034c07603a7430b08386172e7a9c0759847 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Mon Oct 10 05:33:53 2011 -0700 Update documentation comment for rend_client_reextend_intro_circuit One of its callers assumes a non-zero result indicates a permanent failure (i.e. the current attempt to connect to this HS either has failed or is doomed). The other caller only requires that this function's result never equal -2. Bug reported by Sebastian Hahn. --- src/or/rendclient.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 9c247f5..f84475a 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -80,8 +80,8 @@ rend_client_send_establish_rendezvous(origin_circuit_t *circ) /** Extend the introduction circuit circ to another valid * introduction point for the hidden service it is trying to connect * to, or mark it and launch a new circuit if we can't extend it. - * Return 0 on success. Return -1 and mark the introduction - * circuit on failure. + * Return 0 on success or possible success. Return -1 and mark the + * introduction circuit for close on permanent failure. * * On failure, the caller is responsible for marking the associated * rendezvous circuit for close. */

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit bc2d9357f523d87385229087cb13253874f070f0 Merge: b5edc83 9648f03 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Oct 10 22:50:52 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.2' changes/bug4212 | 13 +++++++++++++ src/or/rendclient.c | 18 ++++++------------ 2 files changed, 19 insertions(+), 12 deletions(-)

1 0

[tor/master] Don't launch a useless circuit in rend_client_reextend_intro_circuit
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 274b25de1258647d00509b4a8e378a2115da066c Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Sun Oct 9 20:24:27 2011 -0700 Don't launch a useless circuit in rend_client_reextend_intro_circuit Fixes bug 4212. Bug reported by katmagic and found by Sebastian. --- changes/bug4212 | 13 +++++++++++++ src/or/rendclient.c | 14 ++++---------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/changes/bug4212 b/changes/bug4212 new file mode 100644 index 0000000..6222a59 --- /dev/null +++ b/changes/bug4212 @@ -0,0 +1,13 @@ + o Major bugfixes: + + - Don't launch a useless circuit after failing to use one of a + hidden service's introduction points. Previously, we would + launch a new introduction circuit, but not set the hidden + service which that circuit was intended to connect to, so it + would never actually be used. A different piece of code would + then create a new introduction circuit correctly, so this bug + was harmless until it caused an assertion in the client-side + part of the #3825 fix to fail. Bug reported by katmagic and + found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug + 4212. + diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 533dfb8..9c247f5 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -106,17 +106,11 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ) result = circuit_extend_to_new_exit(circ, extend_info); } else { log_info(LD_REND, - "Building a new introduction circuit, this time to %s.", - safe_str_client(extend_info_describe(extend_info))); + "Closing intro circ %d (out of RELAY_EARLY cells).", + circ->_base.n_circ_id); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED); - if (!circuit_launch_by_extend_info(CIRCUIT_PURPOSE_C_INTRODUCING, - extend_info, - CIRCLAUNCH_IS_INTERNAL)) { - log_warn(LD_REND, "Building introduction circuit failed."); - result = -1; - } else { - result = 0; - } + /* connection_ap_handshake_attach_circuit will launch a new intro circ. */ + result = 0; } extend_info_free(extend_info); return result;

1 0

[tor/maint-0.2.2] Don't launch a useless circuit in rend_client_reextend_intro_circuit
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 274b25de1258647d00509b4a8e378a2115da066c Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Sun Oct 9 20:24:27 2011 -0700 Don't launch a useless circuit in rend_client_reextend_intro_circuit Fixes bug 4212. Bug reported by katmagic and found by Sebastian. --- changes/bug4212 | 13 +++++++++++++ src/or/rendclient.c | 14 ++++---------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/changes/bug4212 b/changes/bug4212 new file mode 100644 index 0000000..6222a59 --- /dev/null +++ b/changes/bug4212 @@ -0,0 +1,13 @@ + o Major bugfixes: + + - Don't launch a useless circuit after failing to use one of a + hidden service's introduction points. Previously, we would + launch a new introduction circuit, but not set the hidden + service which that circuit was intended to connect to, so it + would never actually be used. A different piece of code would + then create a new introduction circuit correctly, so this bug + was harmless until it caused an assertion in the client-side + part of the #3825 fix to fail. Bug reported by katmagic and + found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug + 4212. + diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 533dfb8..9c247f5 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -106,17 +106,11 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ) result = circuit_extend_to_new_exit(circ, extend_info); } else { log_info(LD_REND, - "Building a new introduction circuit, this time to %s.", - safe_str_client(extend_info_describe(extend_info))); + "Closing intro circ %d (out of RELAY_EARLY cells).", + circ->_base.n_circ_id); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED); - if (!circuit_launch_by_extend_info(CIRCUIT_PURPOSE_C_INTRODUCING, - extend_info, - CIRCLAUNCH_IS_INTERNAL)) { - log_warn(LD_REND, "Building introduction circuit failed."); - result = -1; - } else { - result = 0; - } + /* connection_ap_handshake_attach_circuit will launch a new intro circ. */ + result = 0; } extend_info_free(extend_info); return result;

1 0

[tor/maint-0.2.2] Update documentation comment for rend_client_reextend_intro_circuit
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 9648f034c07603a7430b08386172e7a9c0759847 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Mon Oct 10 05:33:53 2011 -0700 Update documentation comment for rend_client_reextend_intro_circuit One of its callers assumes a non-zero result indicates a permanent failure (i.e. the current attempt to connect to this HS either has failed or is doomed). The other caller only requires that this function's result never equal -2. Bug reported by Sebastian Hahn. --- src/or/rendclient.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 9c247f5..f84475a 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -80,8 +80,8 @@ rend_client_send_establish_rendezvous(origin_circuit_t *circ) /** Extend the introduction circuit circ to another valid * introduction point for the hidden service it is trying to connect * to, or mark it and launch a new circuit if we can't extend it. - * Return 0 on success. Return -1 and mark the introduction - * circuit on failure. + * Return 0 on success or possible success. Return -1 and mark the + * introduction circuit for close on permanent failure. * * On failure, the caller is responsible for marking the associated * rendezvous circuit for close. */

1 0

[tor/master] Fix a compile warning on OS X 10.6 and up
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit cce85c819b4a9c20562f7860cbe2a8020123ebff Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Tue Oct 11 02:25:00 2011 +0200 Fix a compile warning on OS X 10.6 and up --- src/common/util.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/common/util.c b/src/common/util.c index 9df7a50..79e09e4 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -3894,7 +3894,9 @@ get_string_from_pipe(FILE *stream, char *buf_out, size_t count) char *retval; size_t len; - retval = fgets(buf_out, count, stream); + tor_assert(count <= INT_MAX); + + retval = fgets(buf_out, (int)count, stream); if (!retval) { if (feof(stream)) {

1 0

[tor/master] Merge remote-tracking branch 'sebastian/osxcompile'
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit b5edc838f283c50e8de378e3037a999736d9bbf4 Merge: b4bd836 cce85c8 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Oct 10 22:03:20 2011 -0400 Merge remote-tracking branch 'sebastian/osxcompile' src/common/util.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-)

1 0