July 2016 - tor-commits - lists.torproject.org

[tor/master] test: Fix shared random buffer overrun
by nickm＠torproject.org 05 Jul '16

05 Jul '16

commit 7d04638a608a150b80442198df401b8be5ea8a3a Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Jul 4 11:40:06 2016 -0400 test: Fix shared random buffer overrun Encoded commit has an extra byte at the end for the NUL terminated byte and the test was overrunning the payload buffer by one byte. Found by Coverity issue 1362984. Fixes #19567 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/test/test_shared_random.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index d001785..2bdce7d 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -932,13 +932,14 @@ test_utils(void *arg) /* Testing commitments_are_the_same(). Currently, the check is to test the * value of the encoded commit so let's make sure that actually works. */ { - /* Payload of 55 bytes that is the length of - * sr_commit_t->encoded_commit. */ + /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit. + * 56 bytes of payload and a NUL terminated byte at the end ('\x00') + * which comes down to SR_COMMIT_BASE64_LEN + 1. */ const char *payload = "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30" "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f" "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18" - "\xc7\xaf\x72\xb6\x7c\x9b\x52"; + "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00"; sr_commit_t commit1, commit2; memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit)); memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));

1 0

[tor/master] Merge remote-tracking branch 'dgoulet/bug19567_029_01'
by nickm＠torproject.org 05 Jul '16

05 Jul '16

commit 87758dbebc7ab624ba7b8802478ae2dc980d90c0 Merge: e889da1 cc34929 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 5 12:14:04 2016 -0400 Merge remote-tracking branch 'dgoulet/bug19567_029_01' src/or/shared_random.h | 6 +++--- src/or/shared_random_state.c | 6 ++---- src/test/test_shared_random.c | 7 ++++--- 3 files changed, 9 insertions(+), 10 deletions(-)

1 0

[tor/master] sr: Fix comment in shared_random.h
by nickm＠torproject.org 05 Jul '16

05 Jul '16

commit cc34929abc3a5423372d1e12d47710ed366d43b4 Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Jul 4 11:44:10 2016 -0400 sr: Fix comment in shared_random.h Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/shared_random.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/or/shared_random.h b/src/or/shared_random.h index 51f3b55..0a2ec63 100644 --- a/src/or/shared_random.h +++ b/src/or/shared_random.h @@ -34,11 +34,11 @@ #define SR_SRV_MSG_LEN \ (SR_SRV_TOKEN_LEN + sizeof(uint64_t) + sizeof(uint32_t) + DIGEST256_LEN) -/* Length of base64 encoded commit NOT including the NULL terminated byte. - * Formula is taken from base64_encode_size. */ +/* Length of base64 encoded commit NOT including the NUL terminated byte. + * Formula is taken from base64_encode_size. This adds up to 56 bytes. */ #define SR_COMMIT_BASE64_LEN \ (((SR_COMMIT_LEN - 1) / 3) * 4 + 4) -/* Length of base64 encoded reveal NOT including the NULL terminated byte. +/* Length of base64 encoded reveal NOT including the NUL terminated byte. * Formula is taken from base64_encode_size. This adds up to 56 bytes. */ #define SR_REVEAL_BASE64_LEN \ (((SR_REVEAL_LEN - 1) / 3) * 4 + 4)

1 0

[tor/master] Merge remote-tracking branch 'asn/bug19551'
by nickm＠torproject.org 05 Jul '16

05 Jul '16

commit e889da1d7f34632dce24ab590b1df99d11b5c91c Merge: 8ba4ba0 43d317f Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 5 12:12:09 2016 -0400 Merge remote-tracking branch 'asn/bug19551' src/test/test_shared_random.c | 1 + 1 file changed, 1 insertion(+)

1 0

[tor/master] Fix edge case fail of shared random unittest.
by nickm＠torproject.org 05 Jul '16

05 Jul '16

commit 43d317f99c7f30ecf1066b3887d5ef83b75fdb49 Author: George Kadianakis <desnacked(a)riseup.net> Date: Sat Jul 2 02:49:59 2016 +0300 Fix edge case fail of shared random unittest. The test_state_update() test would fail if you run it between 23:30 and 00:00UTC in the following line because n_protocol_runs was 2: tt_u64_op(state->n_protocol_runs, ==, 1); The problem is that when you launch the test at 23:30UTC (reveal phase), sr_state_update() gets called from sr_state_init() and it will prepare the state for the voting round at 00:00UTC (commit phase). Since we transition from reveal to commit phase, this would trigger a phase transition and increment the n_protocol_runs counter. The solution is to initialize the n_protocol_runs to 0 explicitly in the beginning of the test, as we do for n_reveal_rounds, n_commit_rounds etc. --- src/test/test_shared_random.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index d001785..91a4c39 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -1193,6 +1193,7 @@ test_state_update(void *arg) state->valid_after = 0; state->n_reveal_rounds = 0; state->n_commit_rounds = 0; + state->n_protocol_runs = 0; } /* We need to mock for the state update function call. */

1 0

[tor/master] sr: add the base16 RSA identity digest to commit
by nickm＠torproject.org 05 Jul '16

05 Jul '16

commit 267e16ea616b3466652bfee81fec507ea45d96a6 Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Jul 4 12:05:48 2016 -0400 sr: add the base16 RSA identity digest to commit Keep the base16 representation of the RSA identity digest in the commit object so we can use it without using hex_str() or dynamically encoding it everytime we need it. It's used extensively in the logs for instance. Fixes #19561 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/shared_random.c | 2 ++ src/or/shared_random.h | 7 ++++--- src/test/test_shared_random.c | 12 ++++++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/or/shared_random.c b/src/or/shared_random.c index e9e6cbc..612e1c6 100644 --- a/src/or/shared_random.c +++ b/src/or/shared_random.c @@ -140,6 +140,8 @@ commit_new(const char *rsa_identity) commit = tor_malloc_zero(sizeof(*commit)); commit->alg = SR_DIGEST_ALG; memcpy(commit->rsa_identity, rsa_identity, sizeof(commit->rsa_identity)); + base16_encode(commit->rsa_identity_hex, sizeof(commit->rsa_identity_hex), + commit->rsa_identity, sizeof(commit->rsa_identity)); return commit; } diff --git a/src/or/shared_random.h b/src/or/shared_random.h index 51f3b55..7c0a3e7 100644 --- a/src/or/shared_random.h +++ b/src/or/shared_random.h @@ -76,8 +76,10 @@ typedef struct sr_commit_t { /* Commit owner info */ - /* The RSA identity key of the authority. */ + /* The RSA identity key of the authority and it's base16 representation + * which includes the NUL terminated byte. */ char rsa_identity[DIGEST_LEN]; + char rsa_identity_hex[HEX_DIGEST_LEN + 1]; /* Commitment information */ @@ -121,8 +123,7 @@ void sr_srv_encode(char *dst, size_t dst_len, const sr_srv_t *srv); static inline const char *sr_commit_get_rsa_fpr(const sr_commit_t *commit) { - return hex_str((const char *) commit->rsa_identity, - sizeof(commit->rsa_identity)); + return commit->rsa_identity_hex; } void sr_compute_srv(void); diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index d001785..270cd81 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -702,6 +702,9 @@ test_sr_setup_commits(void) /* Do some surgery on the commit */ memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity)); + base16_encode(commit_a->rsa_identity_hex, + sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity, + sizeof(commit_a->rsa_identity)); strlcpy(commit_a->encoded_reveal, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(commit_a->encoded_reveal)); @@ -716,6 +719,9 @@ test_sr_setup_commits(void) /* Do some surgery on the commit */ memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity)); + base16_encode(commit_b->rsa_identity_hex, + sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity, + sizeof(commit_b->rsa_identity)); strlcpy(commit_b->encoded_reveal, "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", sizeof(commit_b->encoded_reveal)); @@ -730,6 +736,9 @@ test_sr_setup_commits(void) /* Do some surgery on the commit */ memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity)); + base16_encode(commit_c->rsa_identity_hex, + sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity, + sizeof(commit_c->rsa_identity)); strlcpy(commit_c->encoded_reveal, "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC", sizeof(commit_c->encoded_reveal)); @@ -744,6 +753,9 @@ test_sr_setup_commits(void) /* Do some surgery on the commit */ memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity)); + base16_encode(commit_d->rsa_identity_hex, + sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity, + sizeof(commit_d->rsa_identity)); strlcpy(commit_d->encoded_reveal, "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD", sizeof(commit_d->encoded_reveal));

1 0

[tor/master] Grammar.
by nickm＠torproject.org 05 Jul '16

05 Jul '16

commit 8ba4ba0a7492e158640200cb26717abfcc6617b7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 5 12:10:12 2016 -0400 Grammar. I grepped and hand-inspected the "it's" instances, to see if any were supposed to be possessive. While doing that, I found a "the the", so I grepped to see if there were any more. --- src/common/sandbox.c | 2 +- src/common/workqueue.h | 2 +- src/or/keypin.c | 2 +- src/or/policies.c | 10 ++++++---- src/or/shared_random.h | 2 +- src/or/transports.c | 2 +- 6 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 94b2fc6..838b267 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1239,7 +1239,7 @@ prot_strings(scmp_filter_ctx ctx, sandbox_cfg_t* cfg) /** * Auxiliary function used in order to allocate a sandbox_cfg_t element and set - * it's values according the the parameter list. All elements are initialised + * its values according the parameter list. All elements are initialised * with the 'prot' field set to false, as the pointer is not protected at this * point. */ diff --git a/src/common/workqueue.h b/src/common/workqueue.h index 89282e6..5427676 100644 --- a/src/common/workqueue.h +++ b/src/common/workqueue.h @@ -7,7 +7,7 @@ #include "compat.h" /** A replyqueue is used to tell the main thread about the outcome of - * work that we queued for the the workers. */ + * work that we queued for the workers. */ typedef struct replyqueue_s replyqueue_t; /** A thread-pool manages starting threads and passing work to them. */ typedef struct threadpool_s threadpool_t; diff --git a/src/or/keypin.c b/src/or/keypin.c index 749bc61..335c793 100644 --- a/src/or/keypin.c +++ b/src/or/keypin.c @@ -479,7 +479,7 @@ keypin_clear(void) HT_CLEAR(rsamap,&the_rsa_map); if (bad_entries) { - log_warn(LD_BUG, "Found %d discrepencies in the the keypin database.", + log_warn(LD_BUG, "Found %d discrepencies in the keypin database.", bad_entries); } } diff --git a/src/or/policies.c b/src/or/policies.c index 2703d7e..7ddebd6 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -2345,11 +2345,13 @@ policy_summary_reject(smartlist_t *summary, } /** Add a single exit policy item to our summary: - * If it is an accept ignore it unless it is for all IP addresses - * ("*"), i.e. it's prefixlen/maskbits is 0, else call + * + * If it is an accept, ignore it unless it is for all IP addresses + * ("*", i.e. its prefixlen/maskbits is 0). Otherwise call * policy_summary_accept(). - * If it's a reject ignore it if it is about one of the private - * networks, else call policy_summary_reject(). + * + * If it is a reject, ignore it if it is about one of the private + * networks. Otherwise call policy_summary_reject(). */ static void policy_summary_add_item(smartlist_t *summary, addr_policy_t *p) diff --git a/src/or/shared_random.h b/src/or/shared_random.h index 7c0a3e7..d1ba99d 100644 --- a/src/or/shared_random.h +++ b/src/or/shared_random.h @@ -76,7 +76,7 @@ typedef struct sr_commit_t { /* Commit owner info */ - /* The RSA identity key of the authority and it's base16 representation + /* The RSA identity key of the authority and its base16 representation, * which includes the NUL terminated byte. */ char rsa_identity[DIGEST_LEN]; char rsa_identity_hex[HEX_DIGEST_LEN + 1]; diff --git a/src/or/transports.c b/src/or/transports.c index 92539b1..c99ff17 100644 --- a/src/or/transports.c +++ b/src/or/transports.c @@ -1270,7 +1270,7 @@ get_transport_options_for_server_proxy(const managed_proxy_t *mp) /** Return the string that tor should place in TOR_PT_SERVER_BINDADDR * while configuring the server managed proxy in mp. The - * string is stored in the heap, and it's the the responsibility of + * string is stored in the heap, and it's the responsibility of * the caller to deallocate it after its use. */ static char * get_bindaddr_for_server_proxy(const managed_proxy_t *mp)

1 0

[metrics-lib/master] Parse "tunnelled-dir-server" lines in server descriptors.
by karsten＠torproject.org 05 Jul '16

05 Jul '16

commit a7a2dc54f27a0c26f2b9eea5d30d56444617377a Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Tue Jul 5 10:10:36 2016 +0200 Parse "tunnelled-dir-server" lines in server descriptors. Implements #19284. --- CHANGELOG.md | 1 + .../torproject/descriptor/ServerDescriptor.java | 8 ++++ .../descriptor/impl/ServerDescriptorImpl.java | 22 +++++++++- .../descriptor/impl/ServerDescriptorImplTest.java | 47 ++++++++++++++++++++++ 4 files changed, 76 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 160d405..08ad726 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ same identity key digest but different algorithms. - Be more lenient about digest lengths in directory signatures which may be longer or shorter than 20 bytes. + - Parse "tunnelled-dir-server" lines in server descriptors. # Changes in version 1.2.0 - 2016-05-31 diff --git a/src/org/torproject/descriptor/ServerDescriptor.java b/src/org/torproject/descriptor/ServerDescriptor.java index 17c7e82..d1af421 100644 --- a/src/org/torproject/descriptor/ServerDescriptor.java +++ b/src/org/torproject/descriptor/ServerDescriptor.java @@ -423,5 +423,13 @@ public interface ServerDescriptor extends Descriptor { * @since 1.1.0 */ public int getNtorOnionKeyCrosscertSign(); + + /** + * Return whether the server accepts "tunneled" directory requests using + * a BEGIN_DIR cell over the server's OR port. + * + * @since 1.3.0 + */ + public boolean getTunnelledDirServer(); } diff --git a/src/org/torproject/descriptor/impl/ServerDescriptorImpl.java b/src/org/torproject/descriptor/impl/ServerDescriptorImpl.java index aa9cc02..1805dca 100644 --- a/src/org/torproject/descriptor/impl/ServerDescriptorImpl.java +++ b/src/org/torproject/descriptor/impl/ServerDescriptorImpl.java @@ -38,8 +38,9 @@ public abstract class ServerDescriptorImpl extends DescriptorImpl + "eventdns,caches-extra-info,extra-info-digest," + "hidden-service-dir,protocols,allow-single-hop-exits,onion-key," + "signing-key,ipv6-policy,ntor-onion-key,onion-key-crosscert," - + "ntor-onion-key-crosscert,router-sig-ed25519,router-signature," - + "router-digest-sha256,router-digest").split(","))); + + "ntor-onion-key-crosscert,tunnelled-dir-server," + + "router-sig-ed25519,router-signature,router-digest-sha256," + + "router-digest").split(","))); this.checkAtMostOnceKeywords(atMostOnceKeywords); this.checkFirstKeyword("router"); if (this.getKeywordCount("accept") == 0 && @@ -171,6 +172,9 @@ public abstract class ServerDescriptorImpl extends DescriptorImpl this.parseNtorOnionKeyCrosscert(line, lineNoOpt, partsNoOpt); nextCrypto = "ntor-onion-key-crosscert"; break; + case "tunnelled-dir-server": + this.parseTunnelledDirServerLine(line, lineNoOpt, partsNoOpt); + break; case "-----BEGIN": cryptoLines = new ArrayList<>(); cryptoLines.add(line); @@ -607,6 +611,14 @@ public abstract class ServerDescriptorImpl extends DescriptorImpl } } + private void parseTunnelledDirServerLine(String line, String lineNoOpt, + String[] partsNoOpt) throws DescriptorParseException { + if (!lineNoOpt.equals("tunnelled-dir-server")) { + throw new DescriptorParseException("Illegal line '" + line + "'."); + } + this.tunnelledDirServer = true; + } + private void parseIdentityEd25519CryptoBlock(String cryptoString) throws DescriptorParseException { String masterKeyEd25519FromIdentityEd25519 = @@ -963,5 +975,11 @@ public abstract class ServerDescriptorImpl extends DescriptorImpl public int getNtorOnionKeyCrosscertSign() { return ntorOnionKeyCrosscertSign; } + + private boolean tunnelledDirServer; + @Override + public boolean getTunnelledDirServer() { + return this.tunnelledDirServer; + } } diff --git a/test/org/torproject/descriptor/impl/ServerDescriptorImplTest.java b/test/org/torproject/descriptor/impl/ServerDescriptorImplTest.java index 292afce..cd3f1a5 100644 --- a/test/org/torproject/descriptor/impl/ServerDescriptorImplTest.java +++ b/test/org/torproject/descriptor/impl/ServerDescriptorImplTest.java @@ -212,6 +212,13 @@ public class ServerDescriptorImplTest { db.ntorOnionKeyLine = line; return new RelayServerDescriptorImpl(db.buildDescriptor(), true); } + private String tunnelledDirServerLine = null; + private static ServerDescriptor createWithTunnelledDirServerLine( + String line) throws DescriptorParseException { + DescriptorBuilder db = new DescriptorBuilder(); + db.tunnelledDirServerLine = line; + return new RelayServerDescriptorImpl(db.buildDescriptor(), true); + } private String routerSignatureLines = "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "o4j+kH8UQfjBwepUnr99v0ebN8RpzHJ/lqYsTojXHy9kMr1RNI9IDeSzA7PSqT" @@ -333,6 +340,9 @@ public class ServerDescriptorImplTest { if (this.ntorOnionKeyLine != null) { sb.append(this.ntorOnionKeyLine).append("\n"); } + if (this.tunnelledDirServerLine != null) { + sb.append(this.tunnelledDirServerLine).append("\n"); + } if (this.unrecognizedLine != null) { sb.append(this.unrecognizedLine).append("\n"); } @@ -1345,6 +1355,43 @@ public class ServerDescriptorImplTest { + "Y/XgaHcPIJVa4D55kir9QLH8rEYAaLXuv3c3sm8jYhY\n"); } + @Test() + public void testTunnelledDirServerTrue() + throws DescriptorParseException { + ServerDescriptor descriptor = DescriptorBuilder + .createWithTunnelledDirServerLine("tunnelled-dir-server"); + assertTrue(descriptor.getTunnelledDirServer()); + } + + @Test() + public void testTunnelledDirServerFalse() + throws DescriptorParseException { + ServerDescriptor descriptor = DescriptorBuilder + .createWithTunnelledDirServerLine(null); + assertFalse(descriptor.getTunnelledDirServer()); + } + + @Test(expected = DescriptorParseException.class) + public void testTunnelledDirServerTypo() + throws DescriptorParseException { + DescriptorBuilder.createWithTunnelledDirServerLine( + "tunneled-dir-server"); + } + + @Test(expected = DescriptorParseException.class) + public void testTunnelledDirServerTwice() + throws DescriptorParseException { + DescriptorBuilder.createWithTunnelledDirServerLine( + "tunnelled-dir-server\ntunnelled-dir-server"); + } + + @Test(expected = DescriptorParseException.class) + public void testTunnelledDirServerArgs() + throws DescriptorParseException { + DescriptorBuilder.createWithTunnelledDirServerLine( + "tunnelled-dir-server 1"); + } + @Test(expected = DescriptorParseException.class) public void testUnrecognizedLineFail() throws DescriptorParseException {

1 0

[metrics-lib/master] Support other algorithms for directory signatures than sha1.
by karsten＠torproject.org 05 Jul '16

05 Jul '16

commit 90d61b700454df4f418ec497191cfb435e55ee10 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Tue Jun 14 10:10:24 2016 +0200 Support other algorithms for directory signatures than sha1. - Support more than one "directory-signature" line in a vote, which may become relevant when authorities start signing votes using more than one algorithm. - Provide directory signatures in consensuses and votes in a list rather than a map to support multiple signatures made using the same identity key digest but different algorithms. - Be more lenient about digest lengths in directory signatures which may be longer or shorter than 20 bytes. Implements #18875. While implementing this, make "sha1" constant and deprecate RelayNetworkStatusVote.getSigningKeyDigest(), because it's remissible and ambiguous. Suggested or based on discussions with iwakeh. --- CHANGELOG.md | 8 +++ .../descriptor/RelayNetworkStatusConsensus.java | 11 ++++ .../descriptor/RelayNetworkStatusVote.java | 19 ++++++ .../descriptor/impl/DirectorySignatureImpl.java | 10 ++-- .../descriptor/impl/NetworkStatusImpl.java | 22 +++++-- .../torproject/descriptor/impl/ParseHelper.java | 17 +++++- .../impl/RelayNetworkStatusVoteImpl.java | 17 ++++-- .../impl/RelayNetworkStatusConsensusImplTest.java | 35 ++++++++--- .../impl/RelayNetworkStatusVoteImplTest.java | 69 ++++++++++++++++++++++ 9 files changed, 184 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c243d8..160d405 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ * Medium changes - Parse "package" lines in consensuses and votes. + - Support more than one "directory-signature" line in a vote, which + may become relevant when authorities start signing votes using + more than one algorithm. + - Provide directory signatures in consensuses and votes in a list + rather than a map to support multiple signatures made using the + same identity key digest but different algorithms. + - Be more lenient about digest lengths in directory signatures + which may be longer or shorter than 20 bytes. # Changes in version 1.2.0 - 2016-05-31 diff --git a/src/org/torproject/descriptor/RelayNetworkStatusConsensus.java b/src/org/torproject/descriptor/RelayNetworkStatusConsensus.java index 90f96d7..15fdaca 100644 --- a/src/org/torproject/descriptor/RelayNetworkStatusConsensus.java +++ b/src/org/torproject/descriptor/RelayNetworkStatusConsensus.java @@ -186,11 +186,22 @@ public interface RelayNetworkStatusConsensus extends Descriptor { * SHA-1 digests of the authorities' identity keys in the version 3 * directory protocol, encoded as 40 upper-case hexadecimal characters. * + * @deprecated Replaced by {@link #getSignatures()} which permits an + * arbitrary number of signatures made by an authority using the same + * identity key digest and different algorithms. + * * @since 1.0.0 */ public SortedMap<String, DirectorySignature> getDirectorySignatures(); /** + * Return the list of signatures contained in this consensus. + * + * @since 1.3.0 + */ + public List<DirectorySignature> getSignatures(); + + /** * Return optional weights to be applied to router bandwidths during * path selection with map keys being case-sensitive weight identifiers * and map values being weight values, or null if the consensus doesn't diff --git a/src/org/torproject/descriptor/RelayNetworkStatusVote.java b/src/org/torproject/descriptor/RelayNetworkStatusVote.java index 6e7e1b7..1f77db6 100644 --- a/src/org/torproject/descriptor/RelayNetworkStatusVote.java +++ b/src/org/torproject/descriptor/RelayNetworkStatusVote.java @@ -325,6 +325,12 @@ public interface RelayNetworkStatusVote extends Descriptor { * 40 upper-case hexadecimal characters, or null if this digest cannot * be obtained from the directory signature. * + * @deprecated Removed in order to be more explicit that authorities may + * use different digest algorithms than "sha1"; see + * {@link #getSignatures()} and + * {@link DirectorySignature#getSigningKeyDigest()} for + * alternatives. + * * @since 1.0.0 */ public String getSigningKeyDigest(); @@ -382,8 +388,21 @@ public interface RelayNetworkStatusVote extends Descriptor { * 3 directory protocol, encoded as 40 upper-case hexadecimal * characters. * + * @deprecated Replaced by {@link #getSignatures()} which permits an + * arbitrary number of signatures made by the authority using the same + * identity key digest and different algorithms. + * * @since 1.0.0 */ public SortedMap<String, DirectorySignature> getDirectorySignatures(); + + /** + * Return a list of signatures contained in this vote, which is + * typically a single signature made by the authority but which may also + * be more than one signature made with different keys or algorithms. + * + * @since 1.3.0 + */ + public List<DirectorySignature> getSignatures(); } diff --git a/src/org/torproject/descriptor/impl/DirectorySignatureImpl.java b/src/org/torproject/descriptor/impl/DirectorySignatureImpl.java index 597ccce..a955f62 100644 --- a/src/org/torproject/descriptor/impl/DirectorySignatureImpl.java +++ b/src/org/torproject/descriptor/impl/DirectorySignatureImpl.java @@ -53,9 +53,9 @@ public class DirectorySignatureImpl implements DirectorySignature { throw new DescriptorParseException("Illegal line '" + line + "'."); } - this.identity = ParseHelper.parseTwentyByteHexString(line, + this.identity = ParseHelper.parseHexString(line, parts[1 + algorithmOffset]); - this.signingKeyDigest = ParseHelper.parseTwentyByteHexString( + this.signingKeyDigest = ParseHelper.parseHexString( line, parts[2 + algorithmOffset]); break; case "-----BEGIN": @@ -86,10 +86,12 @@ public class DirectorySignatureImpl implements DirectorySignature { } } - private String algorithm = "sha1"; + static final String DEFAULT_ALGORITHM = "sha1"; + + private String algorithm; @Override public String getAlgorithm() { - return this.algorithm; + return this.algorithm == null ? DEFAULT_ALGORITHM : this.algorithm; } private String identity; diff --git a/src/org/torproject/descriptor/impl/NetworkStatusImpl.java b/src/org/torproject/descriptor/impl/NetworkStatusImpl.java index 9a950cf..5fa22c7 100644 --- a/src/org/torproject/descriptor/impl/NetworkStatusImpl.java +++ b/src/org/torproject/descriptor/impl/NetworkStatusImpl.java @@ -217,12 +217,12 @@ public abstract class NetworkStatusImpl extends DescriptorImpl { protected void parseDirectorySignature(byte[] directorySignatureBytes) throws DescriptorParseException { - if (this.directorySignatures == null) { - this.directorySignatures = new TreeMap<>(); + if (this.signatures == null) { + this.signatures = new ArrayList<>(); } DirectorySignatureImpl signature = new DirectorySignatureImpl( directorySignatureBytes, failUnrecognizedDescriptorLines); - this.directorySignatures.put(signature.getIdentity(), signature); + this.signatures.add(signature); List<String> unrecognizedStatusEntryLines = signature. getAndClearUnrecognizedLines(); if (unrecognizedStatusEntryLines != null) { @@ -251,10 +251,20 @@ public abstract class NetworkStatusImpl extends DescriptorImpl { return this.statusEntries.get(fingerprint); } - protected SortedMap<String, DirectorySignature> directorySignatures; + protected List<DirectorySignature> signatures; + public List<DirectorySignature> getSignatures() { + return this.signatures == null ? null + : new ArrayList<>(this.signatures); + } public SortedMap<String, DirectorySignature> getDirectorySignatures() { - return this.directorySignatures == null ? null : - new TreeMap<>(this.directorySignatures); + SortedMap<String, DirectorySignature> directorySignatures = null; + if (this.signatures != null) { + directorySignatures = new TreeMap<>(); + for (DirectorySignature signature : this.signatures) { + directorySignatures.put(signature.getIdentity(), signature); + } + } + return directorySignatures; } } diff --git a/src/org/torproject/descriptor/impl/ParseHelper.java b/src/org/torproject/descriptor/impl/ParseHelper.java index 1d349b4..82c0813 100644 --- a/src/org/torproject/descriptor/impl/ParseHelper.java +++ b/src/org/torproject/descriptor/impl/ParseHelper.java @@ -207,11 +207,22 @@ public class ParseHelper { return result; } - private static Pattern twentyByteHexPattern = - Pattern.compile("^[0-9a-fA-F]{40}$"); protected static String parseTwentyByteHexString(String line, String hexString) throws DescriptorParseException { - if (!twentyByteHexPattern.matcher(hexString).matches()) { + return parseHexString(line, hexString, 40); + } + + protected static String parseHexString(String line, String hexString) + throws DescriptorParseException { + return parseHexString(line, hexString, -1); + } + + private static Pattern hexPattern = Pattern.compile("^[0-9a-fA-F]*$"); + private static String parseHexString(String line, String hexString, + int expectedLength) throws DescriptorParseException { + if (!hexPattern.matcher(hexString).matches() || + hexString.length() % 2 != 0 || + (expectedLength >= 0 && hexString.length() != expectedLength)) { throw new DescriptorParseException("Illegal hex string in line '" + line + "'."); } diff --git a/src/org/torproject/descriptor/impl/RelayNetworkStatusVoteImpl.java b/src/org/torproject/descriptor/impl/RelayNetworkStatusVoteImpl.java index d9bdd3c..384ad1f 100644 --- a/src/org/torproject/descriptor/impl/RelayNetworkStatusVoteImpl.java +++ b/src/org/torproject/descriptor/impl/RelayNetworkStatusVoteImpl.java @@ -3,6 +3,7 @@ package org.torproject.descriptor.impl; import org.torproject.descriptor.DescriptorParseException; +import org.torproject.descriptor.DirectorySignature; import java.util.ArrayList; import java.util.Arrays; @@ -47,7 +48,7 @@ public class RelayNetworkStatusVoteImpl extends NetworkStatusImpl + "valid-until,voting-delay,known-flags,dir-source," + "dir-key-certificate-version,fingerprint,dir-key-published," + "dir-key-expires,dir-identity-key,dir-signing-key," - + "dir-key-certification,directory-signature").split(","))); + + "dir-key-certification").split(","))); this.checkExactlyOnceKeywords(exactlyOnceKeywords); Set<String> atMostOnceKeywords = new HashSet<>(Arrays.asList(( "consensus-methods,client-versions,server-versions," @@ -55,6 +56,9 @@ public class RelayNetworkStatusVoteImpl extends NetworkStatusImpl + "legacy-key,dir-key-crosscert,dir-address,directory-footer"). split(","))); this.checkAtMostOnceKeywords(atMostOnceKeywords); + Set<String> atLeastOnceKeywords = new HashSet<>(Arrays.asList( + "directory-signature")); + this.checkAtLeastOnceKeywords(atLeastOnceKeywords); this.checkFirstKeyword("network-status-version"); this.clearParsedKeywords(); } @@ -605,9 +609,14 @@ public class RelayNetworkStatusVoteImpl extends NetworkStatusImpl @Override public String getSigningKeyDigest() { String signingKeyDigest = null; - if (!this.directorySignatures.isEmpty()) { - signingKeyDigest = this.directorySignatures.get( - this.directorySignatures.firstKey()).getSigningKeyDigest(); + if (this.signatures != null && !this.signatures.isEmpty()) { + for (DirectorySignature signature : this.signatures) { + if (DirectorySignatureImpl.DEFAULT_ALGORITHM.equals( + signature.getAlgorithm())) { + signingKeyDigest = signature.getSigningKeyDigest(); + break; + } + } } return signingKeyDigest; } diff --git a/test/org/torproject/descriptor/impl/RelayNetworkStatusConsensusImplTest.java b/test/org/torproject/descriptor/impl/RelayNetworkStatusConsensusImplTest.java index 86e4e78..d864337 100644 --- a/test/org/torproject/descriptor/impl/RelayNetworkStatusConsensusImplTest.java +++ b/test/org/torproject/descriptor/impl/RelayNetworkStatusConsensusImplTest.java @@ -3,6 +3,8 @@ package org.torproject.descriptor.impl; import org.torproject.descriptor.DescriptorParseException; +import org.torproject.descriptor.DirectorySignature; + import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -308,10 +310,13 @@ public class RelayNetworkStatusConsensusImplTest { "00795A6E8D91C270FC23B30F388A495553E01894")); assertEquals("188.177.149.216", consensus.getStatusEntry( "00795A6E8D91C270FC23B30F388A495553E01894").getAddress()); - assertEquals("3509BA5A624403A905C74DA5C8A0CEC9E0D3AF86", - consensus.getDirectorySignatures().get( - "14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4"). - getSigningKeyDigest()); + for (DirectorySignature signature : consensus.getSignatures()) { + if ("14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4".equals( + signature.getIdentity())) { + assertEquals("3509BA5A624403A905C74DA5C8A0CEC9E0D3AF86", + signature.getSigningKeyDigest()); + } + } assertEquals(285, (int) consensus.getBandwidthWeights().get("Wbd")); assertTrue(consensus.getUnrecognizedLines().isEmpty()); } @@ -1114,22 +1119,38 @@ public class RelayNetworkStatusConsensusImplTest { DirectorySignatureBuilder.createWithIdentity("ED03BB616EB2F60"); } - @Test(expected = DescriptorParseException.class) + @Test() public void testDirectorySignatureIdentityTooLong() throws DescriptorParseException { + /* This hex string has an unusual length of 58 hex characters, but + * dir-spec.txt only requires a hex string, and we can't know all hex + * string lengths for all future digest algorithms, so let's just + * accept this. */ DirectorySignatureBuilder.createWithIdentity( "ED03BB616EB2F60BEC80151114BB25CEF515B226ED03BB616EB2F60BEC"); } - @Test(expected = DescriptorParseException.class) + @Test() public void testDirectorySignatureSigningKeyTooShort() throws DescriptorParseException { - DirectorySignatureBuilder.createWithSigningKey("845CF1D0B370CA4"); + /* See above, we accept this hex string even though it's unusually + * short. */ + DirectorySignatureBuilder.createWithSigningKey("845CF1D0B370CA"); } @Test(expected = DescriptorParseException.class) + public void testDirectorySignatureSigningKeyTooShortOddNumber() + throws DescriptorParseException { + /* We don't accept this hex string, because it contains an odd number + * of hex characters. */ + DirectorySignatureBuilder.createWithSigningKey("845"); + } + + @Test() public void testDirectorySignatureSigningKeyTooLong() throws DescriptorParseException { + /* See above, we accept this hex string even though it's unusually + * long. */ DirectorySignatureBuilder.createWithSigningKey( "845CF1D0B370CA443A8579D18E7987E7E532F639845CF1D0B370CA443A"); } diff --git a/test/org/torproject/descriptor/impl/RelayNetworkStatusVoteImplTest.java b/test/org/torproject/descriptor/impl/RelayNetworkStatusVoteImplTest.java index f7ddd8c..1c840f5 100644 --- a/test/org/torproject/descriptor/impl/RelayNetworkStatusVoteImplTest.java +++ b/test/org/torproject/descriptor/impl/RelayNetworkStatusVoteImplTest.java @@ -3,6 +3,8 @@ package org.torproject.descriptor.impl; import org.torproject.descriptor.DescriptorParseException; +import org.torproject.descriptor.DirectorySignature; + import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; @@ -532,6 +534,18 @@ public class RelayNetworkStatusVoteImplTest { vote.getDirKeyCrosscert().split("\n")[0]); assertEquals("-----BEGIN SIGNATURE-----", vote.getDirKeyCertification().split("\n")[0]); + assertEquals(1, vote.getSignatures().size()); + DirectorySignature signature = vote.getSignatures().get(0); + assertEquals("sha1", signature.getAlgorithm()); + assertEquals("80550987E1D626E3EBA5E5E75A458DE0626D088C", + signature.getIdentity()); + assertEquals("EEB9299D295C1C815E289FBF2F2BBEA5F52FDD19", + signature.getSigningKeyDigest()); + assertEquals("-----BEGIN SIGNATURE-----\n" + + "iHEU3Iidya5RIrjyYgv8tlU0R+rF56/3/MmaaZi0a67e7ZkISfQ4dghScHxn" + + "F3Yh\nrXVaaoP07r6Ta+s0g1Zijm3lms50Nk/4tV2p8Y63c3F4Q3DAnK40Oi" + + "kfOIwEj+Ny\n+zBRQssP3hPhTPOj/A7o3mZZwtL6x1sxpeu/nME1l5E=\n" + + "-----END SIGNATURE-----\n", signature.getSignature()); assertTrue(vote.getUnrecognizedLines().isEmpty()); } @@ -1204,6 +1218,61 @@ public class RelayNetworkStatusVoteImplTest { VoteBuilder.createWithDirectorySignatureLines(null); } + @Test() + public void testDirectorySignaturesLinesTwoAlgorithms() + throws DescriptorParseException { + String identitySha256 = "32519E5CB7254AB5A94CC9925EC7676E53D5D52EEAB7" + + "914BD3ED751E537CAFCC"; + String signingKeyDigestSha256 = "5A59D99C17831B9254422B6C5AA10CC59381" + + "6CAA5241E22ECAE8BBB4E8E9D1FC"; + String signatureSha256 = "-----BEGIN SIGNATURE-----\n" + + "x57Alc424/zHS73SHokghGtNBVrBjtUz+gSL5w9AHGKUQcMyfw4Z9aDlKpTbFc" + + "5W\nnyIvFmM9C2OAH0S1+a647HHIxhE0zKf4+yKSwzqSyL6sbKQygVlJsRHNRr" + + "cFg8lp\nqBxEwvxQoA4xEDqnerR92pbK9l42nNLiKOcoReUqbbQ=\n" + + "-----END SIGNATURE-----"; + String identitySha1 = "80550987E1D626E3EBA5E5E75A458DE0626D088C"; + String signingKeyDigestSha1 = + "EEB9299D295C1C815E289FBF2F2BBEA5F52FDD19"; + String signatureSha1 = "-----BEGIN SIGNATURE-----\n" + + "iHEU3Iidya5RIrjyYgv8tlU0R+rF56/3/MmaaZi0a67e7ZkISfQ4dghScHxnF3" + + "Yh\nrXVaaoP07r6Ta+s0g1Zijm3lms50Nk/4tV2p8Y63c3F4Q3DAnK40OikfOI" + + "wEj+Ny\n+zBRQssP3hPhTPOj/A7o3mZZwtL6x1sxpeu/nME1l5E=\n" + + "-----END SIGNATURE-----"; + String signaturesLines = String.format( + "directory-signature sha256 %s %s\n%s\n" + + "directory-signature %s %s\n%s", identitySha256, + signingKeyDigestSha256, signatureSha256, identitySha1, + signingKeyDigestSha1, signatureSha1); + RelayNetworkStatusVote vote = + VoteBuilder.createWithDirectorySignatureLines(signaturesLines); + assertEquals(2, vote.getSignatures().size()); + DirectorySignature firstSignature = vote.getSignatures().get(0); + assertEquals("sha256", firstSignature.getAlgorithm()); + assertEquals(identitySha256, firstSignature.getIdentity()); + assertEquals(signingKeyDigestSha256, + firstSignature.getSigningKeyDigest()); + assertEquals(signatureSha256 + "\n", firstSignature.getSignature()); + DirectorySignature secondSignature = vote.getSignatures().get(1); + assertEquals("sha1", secondSignature.getAlgorithm()); + assertEquals(identitySha1, secondSignature.getIdentity()); + assertEquals(signingKeyDigestSha1, + secondSignature.getSigningKeyDigest()); + assertEquals(signatureSha1 + "\n", secondSignature.getSignature()); + assertEquals(signingKeyDigestSha1, vote.getSigningKeyDigest()); + } + + @Test() + public void testDirectorySignaturesLinesTwoAlgorithmsSameDigests() + throws DescriptorParseException { + String signaturesLines = "directory-signature 00 00\n" + + "-----BEGIN SIGNATURE-----\n00\n-----END SIGNATURE-----\n" + + "directory-signature sha256 00 00\n" + + "-----BEGIN SIGNATURE-----\n00\n-----END SIGNATURE-----"; + RelayNetworkStatusVote vote = + VoteBuilder.createWithDirectorySignatureLines(signaturesLines); + assertEquals(2, vote.getSignatures().size()); + } + @Test(expected = DescriptorParseException.class) public void testUnrecognizedHeaderLineFail() throws DescriptorParseException {

1 0

[webwml/master] Various changes on Pluggable Transports page:
by sebastian＠torproject.org 05 Jul '16

05 Jul '16

commit b5234779299ce73d88a1c71951d7ed7167635b7b Author: Nima Fatemi <nima(a)torproject.org> Date: Fri Jul 1 23:09:59 2016 +0000 Various changes on Pluggable Transports page: - Broken the lists in three different sections: 'deployed', 'deprecated' and 'undeployed' with a plan to move the last two sections to wiki. - Style fixes: It's either 'Pluggable Transports' or 'PT' or 'PTs'. - Added todo notes for later. - Style fix: it's 'meek' not 'Meek'. - Removed download section. It's either included in TB or not. - Removed 'status'. - Commented out 'obfsclient' since its status is unknown. --- docs/en/pluggable-transports.wml | 171 ++++++++++++++++++++------------------- 1 file changed, 89 insertions(+), 82 deletions(-) diff --git a/docs/en/pluggable-transports.wml b/docs/en/pluggable-transports.wml index 45c07d9..d2847f4 100644 --- a/docs/en/pluggable-transports.wml +++ b/docs/en/pluggable-transports.wml @@ -23,7 +23,7 @@ - Pluggable transports transform the Tor traffic flow between the client + Pluggable Transports (PT) transform the Tor traffic flow between the client and the bridge. This way, censors who monitor traffic between the client and the bridge will see innocent-looking transformed traffic instead of the actual Tor traffic. @@ -34,82 +34,101 @@ transport API</a>, to make it easier to build interoperable programs. <hr> + <h3>Currently deployed PTs</h3> + + These Pluggable Transports are currently deployed in Tor Browser, and you can start using them by <a href="<page download/download-easy>">downloading and using Tor Browser</a>. + +  + + <ul> + + <li><a href="https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt">obfs4</a> + is a transport with the same features as <a href="http://www.cs.kau.se/philwint/scramblesuit/">ScrambleSuit</a> + but utilizing Dan Bernstein's <a href="http://elligator.cr.yp.to/elligator-20130828.pdf">elligator2</a> + technique for public key obfuscation, and the + <a href="https://gitweb.torproject.org/torspec.git/tree/proposals/216-ntor-handshake…">ntor protocol</a> + for one-way authentication. This results in a faster protocol. Written in Go. + Maintained by Yawning Angel. + </li> +  + + <li><a href="https://trac.torproject.org/projects/tor/wiki/doc/meek">meek</a> + is a transport that uses HTTP for carrying bytes and TLS for + obfuscation. Traffic is relayed through a third-party server + (Google App Engine). It uses a trick to talk to the third party so + that it looks like it is talking to an unblocked server. + Maintained by David Fifield. + </li> +  + + <li><a href="https://fteproxy.org/">Format-Transforming + Encryption</a> (FTE) transforms Tor traffic to arbitrary + formats using their language descriptions. See the <a + href="https://kpdyer.com/publications/ccs2013-fte.pdf">research + paper</a>.</li> + + <li><a href="http://www.cs.kau.se/philwint/scramblesuit/">ScrambleSuit</a> + is a pluggable transport that protects + against follow-up probing attacks and is also capable of changing + its network fingerprint (packet length distribution, + inter-arrival times, etc.). It's part of the Obfsproxy framework. + Maintained by Philipp Winter. + </li> + +  +  + + </ul> + + <hr> + + <h3>Deprecated PTs; Removed from Tor Browser</h3> + + <ul> +  + <li><a href="<page projects/obfsproxy>">Obfsproxy</a> is a Python framework for implementing new + pluggable transports. It uses Twisted for its networking needs, and + <a href="https://gitweb.torproject.org/pluggable-transports/pyptlib.git/tree/README.…">pyptlib</a> + for some pluggable transport-related features. It supports the + <a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/o…">obfs2</a> + and + <a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/o…">obfs3</a> + pluggable transports. Maintained by asn. + </li> + + <li><a href="https://crypto.stanford.edu/flashproxy/">Flashproxy</a> turns ordinary web browsers into bridges using + websockets, and has a little python stub to hook Tor clients to the + websocket connection. See its + <a href="https://gitweb.torproject.org/flashproxy.git">git repository</a>, + and + <a href="https://crypto.stanford.edu/flashproxy/flashproxy.pdf">design paper</a>. + Maintained by David Fifield. +  + </li> + + </ul> + + <hr> + + <h3>Undeployed PTs</h3> +  +  <ul> - <li><a href="<page projects/obfsproxy>">Obfsproxy</a> is a Python framework for implementing new - pluggable transports. It uses Twisted for its networking needs, and - <a href="https://gitweb.torproject.org/pluggable-transports/pyptlib.git/tree/README.…">pyptlib</a> - for some pluggable transport-related features. It supports the - <a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/o…">obfs2</a> - and - <a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/o…">obfs3</a> - pluggable transports. Maintained by asn. - Status: <a href="#download">Deployed</a> - </li> - - <li><a href="https://crypto.stanford.edu/flashproxy/">Flashproxy</a> turns ordinary web browsers into bridges using - websockets, and has a little python stub to hook Tor clients to the - websocket connection. See its - <a href="https://gitweb.torproject.org/flashproxy.git">git repository</a>, - and - <a href="https://crypto.stanford.edu/flashproxy/flashproxy.pdf">design paper</a>. - Maintained by David Fifield. - # <iframe src="//crypto.stanford.edu/flashproxy/embed.html" width="80" height="15" frameborder="0" scrolling="no"></iframe> - - Status: <a href="#download">Deployed</a> - </li> - - <li><a href="https://fteproxy.org/">Format-Transforming - Encryption</a> (FTE) transforms Tor traffic to arbitrary - formats using their language descriptions. See the <a - href="https://kpdyer.com/publications/ccs2013-fte.pdf">research - paper</a>. Status: <a href="#download">Deployed</a> </li> - - <li><a href="http://www.cs.kau.se/philwint/scramblesuit/">ScrambleSuit</a> - is a pluggable transport that protects - against follow-up probing attacks and is also capable of changing - its network fingerprint (packet length distribution, - inter-arrival times, etc.). It's part of the Obfsproxy framework. - Maintained by Philipp Winter. - Status: To be deployed - </li> - - <li><a href="https://trac.torproject.org/projects/tor/wiki/doc/meek">Meek</a> - is a transport that uses HTTP for carrying bytes and TLS for - obfuscation. Traffic is relayed through a third-party server - (Google App Engine). It uses a trick to talk to the third party so - that it looks like it is talking to an unblocked server. - Maintained by David Fifield. - Status: <e>Coming soon - </li> - - <li><a href="https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt">obfs4</a> - is a transport with the same features as <a href="http://www.cs.kau.se/philwint/scramblesuit/">ScrambleSuit</a> - but utilizing Dan Bernstein's <a href="http://elligator.cr.yp.to/elligator-20130828.pdf">elligator2</a> - technique for public key obfuscation, and the - <a href="https://gitweb.torproject.org/torspec.git/tree/proposals/216-ntor-handshake…">ntor protocol</a> - for one-way authentication. This results in a faster protocol. Written in Go. - Maintained by Yawning Angel. - Status: <e>Coming soon - </li> - - <li><a href="https://github.com/yawning/obfsclient">obfsclient</a> - is a multi-transport pluggable transport proxy (like obfsproxy), - written in C++ that implements the client-side of obfs2, - obfs3 and scramblesuit. It's used by - <a href="https://guardianproject.info/apps/orbot/">Orbot</a> on - Android because of the difficulties of using Python applications. - Maintained by Yawning Angel. - Status: <a href="https://guardianproject.info/apps/orbot/">Deployed</a> - </li> - <li>StegoTorus is an Obfsproxy fork that extends it to a) split Tor streams across multiple connections to avoid packet size signatures, and b) embed the traffic flows in traces that look like html, javascript, or pdf. See its <a href="https://gitweb.torproject.org/stegotorus.git">git repository</a>. Maintained by Zack Weinberg. - Status: Undeployed </li> <li>SkypeMorph transforms Tor traffic flows so they look like @@ -118,14 +137,12 @@ transport API</a>, to make it easier to build interoperable programs. and <a href="http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf">design paper</a>. Maintained by Ian Goldberg. - Status: Undeployed </li> <li>Dust aims to provide a packet-based (rather than connection-based) DPI-resistant protocol. See its <a href="https://github.com/blanu/Dust">git repository</a>. Maintained by Brandon Wiley. - Status: Undeployed </li> </ul> @@ -137,22 +154,13 @@ transport API</a>, to make it easier to build interoperable programs. <hr> - Our goal is to have a wide variety of pluggable transport designs. + Our goal is to have a wide variety of Pluggable Transport designs. Many are at the research phase now, so it's a perfect time to play with them or suggest new designs. Please let us know if you find or start other projects that could be useful for making Tor's traffic flows more DPI-resistant! - <hr> - <a id="download"></a> - <h2><a href="<page download/download-easy>">Download the Pluggable Transports Tor Browser</a></h2> - - As of Tor Browser 3.6-beta-1, pluggable transports are now included in the -<a href="<page download/download-easy>">official -Tor Browser packages</a>. - - </div>  <div id = "sidecol"> @@ -163,4 +171,3 @@ Tor Browser packages</a>. </div>  #include <foot.wmi> -

1 0