July 2015 - tor-commits - lists.torproject.org

[orbot/master] Merge pull request #14 from aelmahmoudy/mipsfix
by n8fr8＠torproject.org 09 Jul '15

09 Jul '15

commit b272fcc224d5d821ee08ae30fd0567e56012594e Merge: f13f7c8 d93017f Author: n8fr8 <nathan(a)freitas.net> Date: Thu Jul 9 17:36:25 2015 -0400 Merge pull request #14 from aelmahmoudy/mipsfix Define __MIPSEL__ to workaround OpenSSL build failure for mips arch. external/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

1 0

[orbot/master] Merge pull request #15 from aelmahmoudy/openssl_update
by n8fr8＠torproject.org 09 Jul '15

09 Jul '15

commit 2459aa51518284a260c3d1718e6f2d2d1d587d6f Merge: b272fcc fd4ef77 Author: n8fr8 <nathan(a)freitas.net> Date: Thu Jul 9 17:37:01 2015 -0400 Merge pull request #15 from aelmahmoudy/openssl_update Update OpenSSL to v1.0.2a to fix build for x86_64 arch. external/openssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

1 0

[tor/master] Fix missing-macro errors
by nickm＠torproject.org 09 Jul '15

09 Jul '15

commit fdf5014d1134c2e06771e1265bca2eddb0e65ada Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jul 9 16:34:51 2015 -0400 Fix missing-macro errors --- src/test/test_crypto_slow.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c index 41b8b97..2bd76f2 100644 --- a/src/test/test_crypto_slow.c +++ b/src/test/test_crypto_slow.c @@ -129,7 +129,7 @@ test_crypto_s2k_general(void *arg) } } -#if defined(HAVE_LIBSCRYPT_H) && HAVE_EVP_PBE_SCRYPT +#if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_EVP_PBE_SCRYPT) static void test_libscrypt_eq_openssl(void *arg) { @@ -502,7 +502,7 @@ struct testcase_t slow_crypto_tests[] = { (void*)"scrypt" }, { "s2k_scrypt_low", test_crypto_s2k_general, 0, &passthrough_setup, (void*)"scrypt-low" }, -#if HAVE_EVP_PBE_SCRYPT +#ifdef HAVE_EVP_PBE_SCRYPT { "libscrypt_eq_openssl", test_libscrypt_eq_openssl, 0, NULL, NULL }, #endif #endif

1 0

[tor/master] Check if OpenSSL includes scrypt.
by nickm＠torproject.org 09 Jul '15

09 Jul '15

commit b74947d070aad7f9f77dc23eedbfc069904808ea Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Mon Jul 6 21:31:01 2015 +0300 Check if OpenSSL includes scrypt. --- configure.ac | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configure.ac b/configure.ac index 0f93e46..2bd075f 100644 --- a/configure.ac +++ b/configure.ac @@ -639,6 +639,10 @@ AC_CHECK_FUNCS([ \ SSL_CIPHER_find \ TLS_method ]) + +dnl Check if OpenSSL has scrypt implementation. +AC_CHECK_FUNCS([ EVP_PBE_scrypt ]) + LIBS="$save_LIBS" LDFLAGS="$save_LDFLAGS" CPPFLAGS="$save_CPPFLAGS"

1 0

[tor/master] Merge branch 'libscrypt_eq_openssl_squashed'
by nickm＠torproject.org 09 Jul '15

09 Jul '15

commit 0ca98c1ee5f81f95fefde984a474391ea8a9842a Merge: 4438b2a a13d0fd Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jul 9 16:31:42 2015 -0400 Merge branch 'libscrypt_eq_openssl_squashed' changes/ticket16189 | 6 +++ configure.ac | 4 ++ src/test/test_crypto_slow.c | 112 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 122 insertions(+)

1 0

[tor/master] Adding changes file for 16189.
by nickm＠torproject.org 09 Jul '15

09 Jul '15

commit a13d0fd342c4f9a997eaa87277fe42e11756a5fe Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Tue Jul 7 20:58:24 2015 +0300 Adding changes file for 16189. --- changes/ticket16189 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/changes/ticket16189 b/changes/ticket16189 new file mode 100644 index 0000000..aec8e13 --- /dev/null +++ b/changes/ticket16189 @@ -0,0 +1,6 @@ + o Features (crypto, testing): + - Now that OpenSSL has its own scrypt implementation, add an unit + test that checks for interoperability between libscrypt_scrypt() + and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt + and rely on EVP_PBE_scrypt() whenever possible. Resolves ticket + 16189.

1 0

[tor/master] Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt().
by nickm＠torproject.org 09 Jul '15

09 Jul '15

commit 5c86708e4d2f9731c5ea1a43ca60d809fcc559b4 Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Tue Jul 7 20:18:45 2015 +0300 Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt(). Add a new and slow unit test that checks if libscrypt_scrypt() and EBP_PBE_scrypt() yield the same keys from test vectors. squash! Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt(). squash! Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt(). squash! Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt(). --- src/test/test_crypto_slow.c | 112 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c index a0f6cdc..41b8b97 100644 --- a/src/test/test_crypto_slow.c +++ b/src/test/test_crypto_slow.c @@ -10,6 +10,12 @@ #include "crypto_s2k.h" #include "crypto_pwbox.h" +#if defined(HAVE_LIBSCRYPT_H) +#include <libscrypt.h> +#endif + +#include <openssl/evp.h> + /** Run unit tests for our secret-to-key passphrase hashing functionality. */ static void test_crypto_s2k_rfc2440(void *arg) @@ -123,6 +129,109 @@ test_crypto_s2k_general(void *arg) } } +#if defined(HAVE_LIBSCRYPT_H) && HAVE_EVP_PBE_SCRYPT +static void +test_libscrypt_eq_openssl(void *arg) +{ + uint8_t buf1[64]; + uint8_t buf2[64]; + + uint64_t N, r, p; + uint64_t maxmem = 0; // --> SCRYPT_MAX_MEM in OpenSSL. + + int libscrypt_retval, openssl_retval; + + size_t dk_len = 64; + + (void)arg; + + memset(buf1,0,64); + memset(buf2,0,64); + + N = 1; + r = 16; + p = 1; + + libscrypt_retval = + libscrypt_scrypt((const uint8_t *)"", 0, (const uint8_t *)"", 0, + r, N, p, buf1, dk_len); + openssl_retval = + EVP_PBE_scrypt((const char *)"", 0, (const unsigned char *)"", 0, + r, N, p, maxmem, buf2, dk_len); + + tt_int_op(libscrypt_retval, ==, 0); + tt_int_op(openssl_retval, ==, 1); + + tt_mem_op(buf1, ==, buf2, 64); + + memset(buf1,0,64); + memset(buf2,0,64); + + N = 8; + r = 1024; + p = 16; + + libscrypt_retval = + libscrypt_scrypt((const uint8_t *)"password", 0, + (const uint8_t *)"NaCl", 0, + r, N, p, buf1, dk_len); + openssl_retval = + EVP_PBE_scrypt((const char *)"password", 0, + (const unsigned char *)"NaCl", 0, + r, N, p, maxmem, buf2, dk_len); + + tt_int_op(libscrypt_retval, ==, 0); + tt_int_op(openssl_retval, ==, 1); + + tt_mem_op(buf1, ==, buf2, 64); + + memset(buf1,0,64); + memset(buf2,0,64); + + N = 8; + r = 16384; + p = 1; + + libscrypt_retval = + libscrypt_scrypt((const uint8_t *)"pleaseletmein", 0, + (const uint8_t *)"SodiumChloride", 0, + N, r, p, buf1, dk_len); + openssl_retval = + EVP_PBE_scrypt((const char *)"pleaseletmein", 0, + (const unsigned char *)"SodiumChloride", 0, + N, r, p, maxmem, buf2, dk_len); + + tt_int_op(libscrypt_retval, ==, 0); + tt_int_op(openssl_retval, ==, 1); + + tt_mem_op(buf1, ==, buf2, 64); + +#if 0 + memset(buf1,0,64); + memset(buf2,0,64); + + r = 1048576; + + libscrypt_retval = + libscrypt_scrypt((const uint8_t *)"pleaseletmein", 0, + (const uint8_t *)"SodiumChloride", 0, + N, r, p, buf1, dk_len); + openssl_retval = + EVP_PBE_scrypt((const char *)"pleaseletmein", 0, + (const unsigned char *)"SodiumChloride", 0, + N, r, p, maxmem, buf2, dk_len); + + tt_int_op(libscrypt_retval, ==, 0); + tt_int_op(openssl_retval, ==, 1); + + tt_mem_op(buf1, ==, buf2, 64); +#endif + + done: + return; +} +#endif + static void test_crypto_s2k_errors(void *arg) { @@ -393,6 +502,9 @@ struct testcase_t slow_crypto_tests[] = { (void*)"scrypt" }, { "s2k_scrypt_low", test_crypto_s2k_general, 0, &passthrough_setup, (void*)"scrypt-low" }, +#if HAVE_EVP_PBE_SCRYPT + { "libscrypt_eq_openssl", test_libscrypt_eq_openssl, 0, NULL, NULL }, +#endif #endif { "s2k_pbkdf2", test_crypto_s2k_general, 0, &passthrough_setup, (void*)"pbkdf2" },

1 0

[torspec/master] Update prop 237 at author's request
by nickm＠torproject.org 09 Jul '15

09 Jul '15

commit 8d01cca80734dbe3a380eccf5b647c8f5965d682 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jul 9 15:21:17 2015 -0400 Update prop 237 at author's request --- proposals/237-directory-servers-for-all.txt | 123 +++++++++++++-------------- 1 file changed, 60 insertions(+), 63 deletions(-) diff --git a/proposals/237-directory-servers-for-all.txt b/proposals/237-directory-servers-for-all.txt index bc5aad2..0ce9296 100644 --- a/proposals/237-directory-servers-for-all.txt +++ b/proposals/237-directory-servers-for-all.txt @@ -3,44 +3,37 @@ Title: All relays are directory servers Author: Matthew Finkel Created: 29-Jul-2014 Status: Open -Target: 0.2.6.x +Target: 0.2.7.x Overview: - This proposal aims at removing part of the distinction between the - relay and the directory server. Currently operators have the options - of being one of: a relay, a directory server, or both. With the - acceptance of this proposal the options will be simplified to being - either only a directory server or a combined relay and directory - server. All relays will serve directory requests. + This proposal aims at simplying how users interact directly with + the Tor network by turning all relays into directory servers (also + known as directory caches), too. Currently an operator has the + options of running a relay, a directory server, or both. With the + acceptance (and implementation) of this proposal the options will be + simplified by having (nearly) all relays cache and serve directory + documents, without additional configuration. Motivation: - Fetching directory documents and descriptors is sometimes a - non-trivial operation for clients. If they do not have a consensus then - they must contact a directory authority (until directory sources are - added or clients are able to use a fallback consensus). If they have a - consensus and have at least one entry guard then the client can query - that guard for documents. If the document isn't available then after a - period of time the client will attempt to retry downloading it. If the - entry guard isn't a directory server, as well, a directory server and/or - directory guard must be chosen (based on the server having an open - DirPort) and queried for the document. At a minimum, this has a - potential performance impact, at worst it's another attack vector that - allows for profiling clients and partitioning users. With the + Fetching directory documents and descriptors is not always a + simple operation for a client. This is especially true and potentially + dangerous when the client would prefer querying its guard but its + guard is not a directory server. When this is the case, the client + must choose and query a distinct directory server. At best this should + not be necessary and at worst, it seems, this adds another position + within the network for profiling and partitioning users. With the orthogonally proposed move to clients using a single guard, the - potential performance bottleneck and ability to profile users could be - exacerbated. If the client selects an entry guard and it is not a - directory server then the client may select a distinct directory guard - which will leak client behavior to a second node. In the case where the - client does not use guards, it is important to have the largest possible - amount of diversity in the set of directory servers. In a network where + resulting benefits could be reduced by clients using distinct + directory servers. In addition, in the case where the client does not + use guards, it is important to have the largest possible amount of + diversity in the set of directory servers. In a network where (almost) every relay is a directory server, the profiling and partitioning - attack vector is reduced to the guard (for clients who use them), which - is already in a privileged position for this. In addition, with the - increased set size relay descriptors and documents are more readily - available and it diversifies the providers. - + attack vector is reduced to the guard (for clients who use them), + which is already in a privileged position for this. In addition, with + the increased set size, relay descriptors and documents are more + readily available and it diversifies the providers. Design: @@ -59,14 +52,15 @@ Design: The presence of this line indicates that the relay accepts tunnelled directory requests. For a relay that implements this proposal, this line MUST be added to its descriptor if it does not - advertise a directory port, and MAY be added if it also advertises an - open directory port. In addition to this, relays will now download and - cache all descriptors and documents listed in the consensus, regardless - of whether they are deemed useful or usable, exactly like the current - directory servers. All relays will also accept directory requests when - they are tunnelled over a connection established with a BEGIN_DIR cell, - the same way these connections are already accepted by bridges and - directory servers with an open DirPort. + advertise a directory port, and the line MAY be added if it also + advertises an open directory port. In addition to this, relays will + now download and cache all descriptors and documents listed in the + consensus, regardless of whether they are deemed useful or usable, + exactly like the current directory server behavior. All relays will + also accept directory requests when they are tunnelled over a + connection established with a BEGIN_DIR cell, the same way these + connections are already accepted by bridges and directory servers with + an open DirPort. Directory Authorities will now assign the V2Dir flag to a server if it supports a version of the directory protocol which is useful to @@ -76,28 +70,23 @@ Design: Clients choose a directory by using the current criteria with the additional criterion that a server only needs the V2Dir status flag - instead of requiring an open DirPort. When the client chooses which - directory server it will query, it checks if the server has an open - directory port and uses begindir if it does not have one. Directory - servers should not be able to determine which version of Tor the client - is using (or a lower-bound on the version), if possible. Continuing to - prefer direct directory connections over begin may help mitigate a - potential partitioning attack. + instead of requiring an open DirPort. Security Considerations and Implications: Currently all directory servers are explicitly configured. This is necessary because they must have a configured and reachable external - port. However, this is a restriction and results in a reduced number of - directory servers on the network. As a result, this could allow an - adversary to control a significant fraction of the servers. By - increasing the number of directory servers on the network the likelihood - of selecting one that is malicious is reduced. Also, with this proposal, - it will be more likely that a client's entry guard is also a directory - server (as alluded to in Proposal 207). However, the reduced anonymity - set caused when the guard does not have, or is unwilling to distribute, - a specific document still exists. With the increased diversity in the - available servers, the impact of this should be reduced. + port. However, within Tor, this requires additional configuration and + results in a reduced number of directory servers in the network. As a + consequence, this could allow an adversary to control a non-negligable + fraction of the servers. By increasing the number of directory servers + in the network the likelihood of selecting one that is malicious is + reduced. Also, with this proposal, it will be more likely that a + client's entry guard is also a directory server (as alluded to in + Proposal 207). However, the reduced anonymity set created when the + guard does not have, or is unwilling to distribute, a specific + document still exists. With the increased diversity in the available + servers, the impact of this should be reduced. Another question that may need further consideration is whether we trust bad directories to be good guards and exits. @@ -113,19 +102,27 @@ Specification: Impact on local resources: Should relays attempt to download documents from another mirror - before asking an authority? All relays will now prefer contacting the - authorities first, but this will not scale well and will partition users - from relays. + before asking an authority? All relays, with minor exceptions, will + now contact the authorities for documents, but this will not scale + well and will partition users from relays. If all relays become directory servers, they will choose to download all documents, regardless of whether they are useful, in case - another client does want them. This will have very little impact on the - "typical" relay, however on memory constrained relays (BeagleBone, + another client does want them. This will have very little impact on + the most relays, however on memory constrained relays (BeagleBone, Raspberry Pi, and similar), every megabyte allocated to directory - documents is not available for new circuits. Should we add a config - option that allows operators to disable being a directory server? Is - it more worthwhile for them to serve these documents or to relay cells? + documents is not available for new circuits. For this reason, a new + configuration option will be introduced within Tor for these systems, + named DirCache, which the operator may choose to set as 0, thus + disabling caching of directory documents and denying client directory + requests. Future Considerations: Should the DirPort be deprecated at some point in the future? + + Write a proposal requiring that a relay must have the V2Dir flag + as a criterion for being a guard. + + Is V2Dir a good name for this? It's the name we currently use, but + that's a silly reason to continue using it.

1 0

[tor/master] More windows header stuff. Will it work this time?
by nickm＠torproject.org 09 Jul '15

09 Jul '15

commit 4438b2a0e3822e464c4b6628944d76757d2237cb Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jul 9 14:58:16 2015 -0400 More windows header stuff. Will it work this time? --- configure.ac | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 6fbd489..e150146 100644 --- a/configure.ac +++ b/configure.ac @@ -335,11 +335,25 @@ bwin32=true; AC_MSG_RESULT([yes]), bwin32=false; AC_MSG_RESULT([no])) fi -if test "$bwin32" = true; then - AC_DEFINE(WIN32_LEAN_AND_MEAN, 1, [Defined to avoid including some windows headers]) - AC_DEFINE(WINVER, 0x0501, [Defined to access windows functions and definitions for >=WinXP]) - AC_DEFINE(_WIN32_WINNT, 0x0501, [Defined to access windows functions and definitions for >=WinXP]) -fi +AH_BOTTOM([ +#ifdef _WIN32 +/* Defined to access windows functions and definitions for >=WinXP */ +# ifndef WINVER +# define WINVER 0x0501 +# endif + +/* Defined to access _other_ windows functions and definitions for >=WinXP */ +# ifndef _WIN32_WINNT +# define _WIN32_WINNT 0x0501 +# endif + +/* Defined to avoid including some windows headers as part of Windows.h */ +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN 1 +# endif +#endif +]) + AM_CONDITIONAL(BUILD_NT_SERVICES, test x$bwin32 = xtrue)

1 0

[tor/master] Fix dumb windows compilation bug in d9052c62
by nickm＠torproject.org 09 Jul '15

09 Jul '15

commit f19a75e19bba48e1a124ef8c73968bab5cbeee13 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jul 9 13:36:27 2015 -0400 Fix dumb windows compilation bug in d9052c62 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0f93e46..6fbd489 100644 --- a/configure.ac +++ b/configure.ac @@ -335,7 +335,7 @@ bwin32=true; AC_MSG_RESULT([yes]), bwin32=false; AC_MSG_RESULT([no])) fi -if test "$bwin32" = yes; then +if test "$bwin32" = true; then AC_DEFINE(WIN32_LEAN_AND_MEAN, 1, [Defined to avoid including some windows headers]) AC_DEFINE(WINVER, 0x0501, [Defined to access windows functions and definitions for >=WinXP]) AC_DEFINE(_WIN32_WINNT, 0x0501, [Defined to access windows functions and definitions for >=WinXP])

1 0