December 2017 - tor-commits - lists.torproject.org

[translation/torcheck_completed] Update translations for torcheck_completed
by translation＠torproject.org 06 Dec '17

06 Dec '17

commit a99f0ec5917b3858bef30a8964addbff6603c059 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Dec 6 00:45:23 2017 +0000 Update translations for torcheck_completed --- ms_MY/torcheck.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ms_MY/torcheck.po b/ms_MY/torcheck.po index 2f8e5b08e..9b97c1a27 100644 --- a/ms_MY/torcheck.po +++ b/ms_MY/torcheck.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "POT-Creation-Date: 2012-02-16 20:28+PDT\n" -"PO-Revision-Date: 2017-12-03 10:56+0000\n" +"PO-Revision-Date: 2017-12-06 00:42+0000\n" "Last-Translator: abuyop <abuyop(a)gmail.com>\n" "Language-Team: Malay (Malaysia) (http://www.transifex.com/otf/torproject/language/ms_MY/)\n" "MIME-Version: 1.0\n" @@ -21,7 +21,7 @@ msgstr "" "Plural-Forms: nplurals=1; plural=0;\n" msgid "Congratulations. This browser is configured to use Tor." -msgstr "Tahniah. Pelayar ini dikonfigurasikan untuk menggunakan Tor." +msgstr "Tahniah. Pelayar ini telah dikonfigurasi untuk menggunakan Tor." msgid "" "Please refer to the <a href=\"https://www.torproject.org/\">Tor website</a> " @@ -30,7 +30,7 @@ msgid "" msgstr "Sila rujuk kepada laman sesawang <a href=\"https://www.torproject.org/\">Tor</a> untuk maklumat lanjut mengenai penggunaan Tor dengan selamat. Anda kini bebas untuk melayari internet secara awanama." msgid "There is a security update available for Tor Browser." -msgstr "Terdapat kemaskini keselamatan yang tersedia untuk Pelayar Tor." +msgstr "Terdapat kemaskini keselamatan telah tersedia untuk Pelayar Tor." msgid "" "<a href=\"https://www.torproject.org/download/download-easy.html\">Click " @@ -48,12 +48,12 @@ msgid "" msgstr "Jika anda cuba menggunakan klien Tor, sila rujuk <a href=\"https://www.torproject.org/\">laman sesawang Tor</a> dan terutamanya <a href=\"https://www.torproject.org/docs/faq#DoesntWork\">arahan untuk mengkonfigurasi klien Tor anda</a>." msgid "Sorry, your query failed or an unexpected response was received." -msgstr "Maaf, pertanyaan anda gagal atau respons yang tidak dijangka telah diterima." +msgstr "Maaf, pertanyaan anda gagal atau tindak balas tidak dijangka diterima." msgid "" "A temporary service outage prevents us from determining if your source IP " "address is a <a href=\"https://www.torproject.org/\">Tor</a> node." -msgstr "Gangguan perkhidmatan sementara menghalang kami daripada menentukan jika alamat IP sumber anda adalah <a href=\"https://www.torproject.org/\"> nod Tor </ a>" +msgstr "Gangguan perkhidmatan sementara menghalang kami menentukan sama ada alamat IP sumber anda dari nod <a href=\"https://www.torproject.org/\"> nod Tor</a>." msgid "Your IP address appears to be: " msgstr "Alamat IP anda:"

1 0

[translation/torcheck] Update translations for torcheck
by translation＠torproject.org 06 Dec '17

06 Dec '17

commit 7e68e839411f1d5073cc314b0f2eee9de0708c45 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Dec 6 00:45:17 2017 +0000 Update translations for torcheck --- ms_MY/torcheck.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ms_MY/torcheck.po b/ms_MY/torcheck.po index 2f8e5b08e..9b97c1a27 100644 --- a/ms_MY/torcheck.po +++ b/ms_MY/torcheck.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "POT-Creation-Date: 2012-02-16 20:28+PDT\n" -"PO-Revision-Date: 2017-12-03 10:56+0000\n" +"PO-Revision-Date: 2017-12-06 00:42+0000\n" "Last-Translator: abuyop <abuyop(a)gmail.com>\n" "Language-Team: Malay (Malaysia) (http://www.transifex.com/otf/torproject/language/ms_MY/)\n" "MIME-Version: 1.0\n" @@ -21,7 +21,7 @@ msgstr "" "Plural-Forms: nplurals=1; plural=0;\n" msgid "Congratulations. This browser is configured to use Tor." -msgstr "Tahniah. Pelayar ini dikonfigurasikan untuk menggunakan Tor." +msgstr "Tahniah. Pelayar ini telah dikonfigurasi untuk menggunakan Tor." msgid "" "Please refer to the <a href=\"https://www.torproject.org/\">Tor website</a> " @@ -30,7 +30,7 @@ msgid "" msgstr "Sila rujuk kepada laman sesawang <a href=\"https://www.torproject.org/\">Tor</a> untuk maklumat lanjut mengenai penggunaan Tor dengan selamat. Anda kini bebas untuk melayari internet secara awanama." msgid "There is a security update available for Tor Browser." -msgstr "Terdapat kemaskini keselamatan yang tersedia untuk Pelayar Tor." +msgstr "Terdapat kemaskini keselamatan telah tersedia untuk Pelayar Tor." msgid "" "<a href=\"https://www.torproject.org/download/download-easy.html\">Click " @@ -48,12 +48,12 @@ msgid "" msgstr "Jika anda cuba menggunakan klien Tor, sila rujuk <a href=\"https://www.torproject.org/\">laman sesawang Tor</a> dan terutamanya <a href=\"https://www.torproject.org/docs/faq#DoesntWork\">arahan untuk mengkonfigurasi klien Tor anda</a>." msgid "Sorry, your query failed or an unexpected response was received." -msgstr "Maaf, pertanyaan anda gagal atau respons yang tidak dijangka telah diterima." +msgstr "Maaf, pertanyaan anda gagal atau tindak balas tidak dijangka diterima." msgid "" "A temporary service outage prevents us from determining if your source IP " "address is a <a href=\"https://www.torproject.org/\">Tor</a> node." -msgstr "Gangguan perkhidmatan sementara menghalang kami daripada menentukan jika alamat IP sumber anda adalah <a href=\"https://www.torproject.org/\"> nod Tor </ a>" +msgstr "Gangguan perkhidmatan sementara menghalang kami menentukan sama ada alamat IP sumber anda dari nod <a href=\"https://www.torproject.org/\"> nod Tor</a>." msgid "Your IP address appears to be: " msgstr "Alamat IP anda:"

1 0

[translation/bridgedb] Update translations for bridgedb
by translation＠torproject.org 06 Dec '17

06 Dec '17

commit f80a834af114bcf522ad02c5a6b235726ee3fa75 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Dec 6 00:45:05 2017 +0000 Update translations for bridgedb --- ms_MY/LC_MESSAGES/bridgedb.po | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ms_MY/LC_MESSAGES/bridgedb.po b/ms_MY/LC_MESSAGES/bridgedb.po index 91ae832e0..d055391c8 100644 --- a/ms_MY/LC_MESSAGES/bridgedb.po +++ b/ms_MY/LC_MESSAGES/bridgedb.po @@ -3,6 +3,7 @@ # This file is distributed under the same license as the BridgeDB project. # # Translators: +# abuyop <abuyop(a)gmail.com>, 2017 # Celine Yap Suet Ling <celine.sodawine(a)gmail.com>, 2017 # danial abd talib <muhammaddanialabdtalib(a)gmail.com>, 2014 # kz_gtr <kz_gtr(a)yahoo.com>, 2014 @@ -14,8 +15,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" "POT-Creation-Date: 2015-07-25 03:40+0000\n" -"PO-Revision-Date: 2017-10-05 13:52+0000\n" -"Last-Translator: Celine Yap Suet Ling <celine.sodawine(a)gmail.com>\n" +"PO-Revision-Date: 2017-12-06 00:34+0000\n" +"Last-Translator: abuyop <abuyop(a)gmail.com>\n" "Language-Team: Malay (Malaysia) (http://www.transifex.com/otf/torproject/language/ms_MY/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -61,7 +62,7 @@ msgstr "Pilih Semua" #: bridgedb/https/templates/bridges.html:40 msgid "Show QRCode" -msgstr "Tunjukkan Kod QR" +msgstr "Tunjuk Kod QR" #: bridgedb/https/templates/bridges.html:52 msgid "QRCode for your bridge lines"

1 0

[tor/master] hs-v3: Add an encoded descriptor client cache lookup function
by nickm＠torproject.org 06 Dec '17

06 Dec '17

commit 05766eae3099ff1542b1dc4715b824d206b7c84f Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Nov 7 15:38:02 2017 -0500 hs-v3: Add an encoded descriptor client cache lookup function This commit adds hs_cache_lookup_encoded_as_client() function that returns the encoded descriptor for a given service public key. This will be needed by the "GETINFO hs/client/desc/id/<ADDR>" control port command. Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/hs_cache.c | 18 ++++++++++++++++++ src/or/hs_cache.h | 2 ++ 2 files changed, 20 insertions(+) diff --git a/src/or/hs_cache.c b/src/or/hs_cache.c index 3ebe13fb4..b864a0f71 100644 --- a/src/or/hs_cache.c +++ b/src/or/hs_cache.c @@ -706,6 +706,24 @@ cache_clean_v3_as_client(time_t now) } /** Public API: Given the HS ed25519 identity public key in <b>key</b>, return + * its HS encoded descriptor if it's stored in our cache, or NULL if not. */ +const char * +hs_cache_lookup_encoded_as_client(const ed25519_public_key_t *key) +{ + hs_cache_client_descriptor_t *cached_desc = NULL; + + tor_assert(key); + + cached_desc = lookup_v3_desc_as_client(key->pubkey); + if (cached_desc) { + tor_assert(cached_desc->encoded_desc); + return cached_desc->encoded_desc; + } + + return NULL; +} + +/** Public API: Given the HS ed25519 identity public key in <b>key</b>, return * its HS descriptor if it's stored in our cache, or NULL if not. */ const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key) diff --git a/src/or/hs_cache.h b/src/or/hs_cache.h index 2dcc518a7..a141634cc 100644 --- a/src/or/hs_cache.h +++ b/src/or/hs_cache.h @@ -81,6 +81,8 @@ int hs_cache_lookup_as_dir(uint32_t version, const char *query, const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key); +const char * +hs_cache_lookup_encoded_as_client(const ed25519_public_key_t *key); int hs_cache_store_as_client(const char *desc_str, const ed25519_public_key_t *identity_pk); void hs_cache_clean_as_client(time_t now);

1 0

[tor/master] control: Implement GETINFO hs/client/desc/id/<ADDR> for HSv3
by nickm＠torproject.org 06 Dec '17

06 Dec '17

commit e1d8e611c8fa1a3a1d3c2beb72c416c71f9cdf15 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Nov 7 15:42:38 2017 -0500 control: Implement GETINFO hs/client/desc/id/<ADDR> for HSv3 Part of #20699 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/control.c | 41 ++++++++++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index 0d462b2d7..193a65fac 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -58,6 +58,7 @@ #include "entrynodes.h" #include "geoip.h" #include "hibernate.h" +#include "hs_cache.h" #include "hs_common.h" #include "main.h" #include "microdesc.h" @@ -2014,20 +2015,46 @@ getinfo_helper_dir(control_connection_t *control_conn, SMARTLIST_FOREACH(sl, char *, c, tor_free(c)); smartlist_free(sl); } else if (!strcmpstart(question, "hs/client/desc/id/")) { - rend_cache_entry_t *e = NULL; + hostname_type_t addr_type; question += strlen("hs/client/desc/id/"); - if (strlen(question) != REND_SERVICE_ID_LEN_BASE32) { + if (rend_valid_v2_service_id(question)) { + addr_type = ONION_V2_HOSTNAME; + } else if (hs_address_is_valid(question)) { + addr_type = ONION_V3_HOSTNAME; + } else { *errmsg = "Invalid address"; return -1; } - if (!rend_cache_lookup_entry(question, -1, &e)) { - /* Descriptor found in cache */ - *answer = tor_strdup(e->desc); + if (addr_type == ONION_V2_HOSTNAME) { + rend_cache_entry_t *e = NULL; + if (!rend_cache_lookup_entry(question, -1, &e)) { + /* Descriptor found in cache */ + *answer = tor_strdup(e->desc); + } else { + *errmsg = "Not found in cache"; + return -1; + } } else { - *errmsg = "Not found in cache"; - return -1; + ed25519_public_key_t service_pk; + const char *desc; + + /* The check before this if/else makes sure of this. */ + tor_assert(addr_type == ONION_V3_HOSTNAME); + + if (hs_parse_address(question, &service_pk, NULL, NULL) < 0) { + *errmsg = "Invalid v3 address"; + return -1; + } + + desc = hs_cache_lookup_encoded_as_client(&service_pk); + if (desc) { + *answer = tor_strdup(desc); + } else { + *errmsg = "Not found in cache"; + return -1; + } } } else if (!strcmpstart(question, "hs/service/desc/id/")) { rend_cache_entry_t *e = NULL;

1 0

[tor/master] hs: Rename rend_service_add_ephemeral_status_t
by nickm＠torproject.org 06 Dec '17

06 Dec '17

commit 5d180309ea907711a98da82f07a48646699d03b1 Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Nov 9 12:26:10 2017 -0500 hs: Rename rend_service_add_ephemeral_status_t Move it to hs_common.h and rename it "hs_service_add_ephemeral_status_t". It will be shared between v2 and v3 services. Part of #20699 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/control.c | 4 ++-- src/or/hs_common.h | 11 +++++++++++ src/or/rendservice.c | 4 ++-- src/or/rendservice.h | 11 +---------- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index ef1e0edcd..19527acb3 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -4433,13 +4433,13 @@ handle_control_hspost(control_connection_t *conn, * On success (RSAE_OKAY), the address_out points to a newly allocated string * containing the onion address without the .onion part. On error, address_out * is untouched. */ -static rend_service_add_ephemeral_status_t +static hs_service_add_ephemeral_status_t add_onion_helper_add_service(int hs_version, void *pk, smartlist_t *port_cfgs, int max_streams, int max_streams_close_circuit, int auth_type, smartlist_t *auth_clients, char **address_out) { - rend_service_add_ephemeral_status_t ret; + hs_service_add_ephemeral_status_t ret; tor_assert(pk); tor_assert(port_cfgs); diff --git a/src/or/hs_common.h b/src/or/hs_common.h index c95e59a6f..58fcd1b93 100644 --- a/src/or/hs_common.h +++ b/src/or/hs_common.h @@ -130,6 +130,17 @@ typedef enum { HS_AUTH_KEY_TYPE_ED25519 = 2, } hs_auth_key_type_t; +/* Return value when adding an ephemeral service through the ADD_ONION + * control port command. Both v2 and v3 share these. */ +typedef enum { + RSAE_BADAUTH = -5, /**< Invalid auth_type/auth_clients */ + RSAE_BADVIRTPORT = -4, /**< Invalid VIRTPORT/TARGET(s) */ + RSAE_ADDREXISTS = -3, /**< Onion address collision */ + RSAE_BADPRIVKEY = -2, /**< Invalid public key */ + RSAE_INTERNAL = -1, /**< Internal error */ + RSAE_OKAY = 0 /**< Service added as expected */ +} hs_service_add_ephemeral_status_t; + /* Represents the mapping from a virtual port of a rendezvous service to a * real port on some IP. */ typedef struct rend_service_port_config_t { diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 60234a5c1..8eb533490 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -847,9 +847,9 @@ rend_config_service(const config_line_t *line_, * after calling this routine, and may assume that correct cleanup has * been done on failure. * - * Return an appropriate rend_service_add_ephemeral_status_t. + * Return an appropriate hs_service_add_ephemeral_status_t. */ -rend_service_add_ephemeral_status_t +hs_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk, smartlist_t *ports, int max_streams_per_circuit, diff --git a/src/or/rendservice.h b/src/or/rendservice.h index 5946e3186..15badce6a 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -187,16 +187,7 @@ void rend_service_port_config_free(rend_service_port_config_t *p); void rend_authorized_client_free(rend_authorized_client_t *client); -/** Return value from rend_service_add_ephemeral. */ -typedef enum { - RSAE_BADAUTH = -5, /**< Invalid auth_type/auth_clients */ - RSAE_BADVIRTPORT = -4, /**< Invalid VIRTPORT/TARGET(s) */ - RSAE_ADDREXISTS = -3, /**< Onion address collision */ - RSAE_BADPRIVKEY = -2, /**< Invalid public key */ - RSAE_INTERNAL = -1, /**< Internal error */ - RSAE_OKAY = 0 /**< Service added as expected */ -} rend_service_add_ephemeral_status_t; -rend_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk, +hs_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk, smartlist_t *ports, int max_streams_per_circuit, int max_streams_close_circuit,

1 0

[tor/master] control: Support HSv3 interface for ADD_ONION
by nickm＠torproject.org 06 Dec '17

06 Dec '17

commit 49f21b6ba30a07369ff3282615465d0f3ad40e5b Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Nov 9 12:20:29 2017 -0500 control: Support HSv3 interface for ADD_ONION At this commit, the key handling and generation is supported for a v3 service (ED25519-V3). However, the service creation is not yet implemented. This only adds the interface and code to deal with the new ED25519-V3 key type. Tests have been updated for RSA key type but nothing yet for ED25519-v3. Part of #20699 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/control.c | 126 ++++++++++++++++++++++++++++++++++++++------- src/or/control.h | 9 ++-- src/test/test_controller.c | 74 +++++++++++++++----------- 3 files changed, 158 insertions(+), 51 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index 405c0c935..ef1e0edcd 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -4424,6 +4424,49 @@ handle_control_hspost(control_connection_t *conn, return 0; } +/* Helper function for ADD_ONION that adds an ephemeral service depending on + * the given hs_version. The pk's type defers depending on the version so the + * caller should make sure those two matches. Both port_cfgs and auth_clients + * are now owned by the hidden service subsystem so the caller must stop + * accessing them. + * + * On success (RSAE_OKAY), the address_out points to a newly allocated string + * containing the onion address without the .onion part. On error, address_out + * is untouched. */ +static rend_service_add_ephemeral_status_t +add_onion_helper_add_service(int hs_version, void *pk, smartlist_t *port_cfgs, + int max_streams, int max_streams_close_circuit, + int auth_type, smartlist_t *auth_clients, + char **address_out) +{ + rend_service_add_ephemeral_status_t ret; + + tor_assert(pk); + tor_assert(port_cfgs); + tor_assert(address_out); + + switch (hs_version) { + case HS_VERSION_TWO: + { + ret = rend_service_add_ephemeral(pk, port_cfgs, max_streams, + max_streams_close_circuit, auth_type, + auth_clients, address_out); + break; + } + case HS_VERSION_THREE: + { + /* XXX: Not implemented yet. */ + *address_out = tor_strdup("this is a v3 address"); + ret = RSAE_OKAY; + break; + } + default: + tor_assert_unreached(); + } + + return ret; +} + /** Called when we get a ADD_ONION command; parse the body, and set up * the new ephemeral Onion Service. */ static int @@ -4605,15 +4648,15 @@ handle_control_add_onion(control_connection_t *conn, } /* Parse the "keytype:keyblob" argument. */ - crypto_pk_t *pk = NULL; + int hs_version = 0; + void *pk = NULL; const char *key_new_alg = NULL; char *key_new_blob = NULL; char *err_msg = NULL; - pk = add_onion_helper_keyarg(smartlist_get(args, 0), discard_pk, - &key_new_alg, &key_new_blob, - &err_msg); - if (!pk) { + if (add_onion_helper_keyarg(smartlist_get(args, 0), discard_pk, + &key_new_alg, &key_new_blob, &pk, &hs_version, + &err_msg) < 0) { if (err_msg) { connection_write_str_to_buf(err_msg, conn); tor_free(err_msg); @@ -4622,16 +4665,23 @@ handle_control_add_onion(control_connection_t *conn, } tor_assert(!err_msg); + /* Hidden service version 3 don't have client authentication support so if + * ClientAuth was given, send back an error. */ + if (hs_version == HS_VERSION_THREE && auth_clients) { + connection_printf_to_buf(conn, "513 ClientAuth not supported\r\n"); + goto out; + } + /* Create the HS, using private key pk, client authentication auth_type, * the list of auth_clients, and port config port_cfg. * rend_service_add_ephemeral() will take ownership of pk and port_cfg, * regardless of success/failure. */ char *service_id = NULL; - int ret = rend_service_add_ephemeral(pk, port_cfgs, max_streams, - max_streams_close_circuit, - auth_type, auth_clients, - &service_id); + int ret = add_onion_helper_add_service(hs_version, pk, port_cfgs, + max_streams, + max_streams_close_circuit, auth_type, + auth_clients, &service_id); port_cfgs = NULL; /* port_cfgs is now owned by the rendservice code. */ auth_clients = NULL; /* so is auth_clients */ switch (ret) { @@ -4724,9 +4774,10 @@ handle_control_add_onion(control_connection_t *conn, * Note: The error messages returned are deliberately vague to avoid echoing * key material. */ -STATIC crypto_pk_t * +STATIC int add_onion_helper_keyarg(const char *arg, int discard_pk, const char **key_new_alg_out, char **key_new_blob_out, + void **decoded_key, int *hs_version, char **err_msg_out) { smartlist_t *key_args = smartlist_new(); @@ -4734,7 +4785,9 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, const char *key_new_alg = NULL; char *key_new_blob = NULL; char *err_msg = NULL; - int ok = 0; + int ret = -1; + + *decoded_key = NULL; smartlist_split_string(key_args, arg, ":", SPLIT_IGNORE_BLANK, 0); if (smartlist_len(key_args) != 2) { @@ -4746,6 +4799,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, static const char *key_type_new = "NEW"; static const char *key_type_best = "BEST"; static const char *key_type_rsa1024 = "RSA1024"; + static const char *key_type_ed25519_v3 = "ED25519-V3"; const char *key_type = smartlist_get(key_args, 0); const char *key_blob = smartlist_get(key_args, 1); @@ -4758,9 +4812,23 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, goto err; } if (crypto_pk_num_bits(pk) != PK_BYTES*8) { + crypto_pk_free(pk); err_msg = tor_strdup("512 Invalid RSA key size\r\n"); goto err; } + *decoded_key = pk; + *hs_version = HS_VERSION_TWO; + } else if (!strcasecmp(key_type_ed25519_v3, key_type)) { + /* "ED25519-V3:<Base64 Blob>" - Loading a pre-existing ed25519 key. */ + ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk)); + if (base64_decode((char *) sk->seckey, sizeof(sk->seckey), key_blob, + strlen(key_blob)) != sizeof(sk->seckey)) { + tor_free(sk); + err_msg = tor_strdup("512 Failed to decode ED25519-V3 key\r\n"); + goto err; + } + *decoded_key = sk; + *hs_version = HS_VERSION_THREE; } else if (!strcasecmp(key_type_new, key_type)) { /* "NEW:<Algorithm>" - Generating a new key, blob as algorithm. */ if (!strcasecmp(key_type_rsa1024, key_blob) || @@ -4774,12 +4842,38 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, } if (!discard_pk) { if (crypto_pk_base64_encode(pk, &key_new_blob)) { + crypto_pk_free(pk); tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n", key_type_rsa1024); goto err; } key_new_alg = key_type_rsa1024; } + *decoded_key = pk; + *hs_version = HS_VERSION_TWO; + } else if (!strcasecmp(key_type_ed25519_v3, key_blob)) { + ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk)); + if (ed25519_secret_key_generate(sk, 1) < 0) { + tor_free(sk); + tor_asprintf(&err_msg, "551 Failed to generate %s key\r\n", + key_type_ed25519_v3); + goto err; + } + if (!discard_pk) { + ssize_t len = base64_encode_size(sizeof(sk->seckey), 0) + 1; + key_new_blob = tor_malloc_zero(len); + if (base64_encode(key_new_blob, len, (const char *) sk->seckey, + sizeof(sk->seckey), 0) != (len - 1)) { + tor_free(sk); + tor_free(key_new_blob); + tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n", + key_type_ed25519_v3); + goto err; + } + key_new_alg = key_type_ed25519_v3; + } + *decoded_key = sk; + *hs_version = HS_VERSION_THREE; } else { err_msg = tor_strdup("513 Invalid key type\r\n"); goto err; @@ -4790,8 +4884,8 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, } /* Succeded in loading or generating a private key. */ - tor_assert(pk); - ok = 1; + tor_assert(*decoded_key); + ret = 0; err: SMARTLIST_FOREACH(key_args, char *, cp, { @@ -4800,10 +4894,6 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, }); smartlist_free(key_args); - if (!ok) { - crypto_pk_free(pk); - pk = NULL; - } if (err_msg_out) { *err_msg_out = err_msg; } else { @@ -4812,7 +4902,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, *key_new_alg_out = key_new_alg; *key_new_blob_out = key_new_blob; - return pk; + return ret; } /** Helper function to handle parsing a ClientAuth argument to the diff --git a/src/or/control.h b/src/or/control.h index 7ec182cb7..74601b978 100644 --- a/src/or/control.h +++ b/src/or/control.h @@ -256,10 +256,11 @@ void format_cell_stats(char **event_string, circuit_t *circ, cell_stats_t *cell_stats); STATIC char *get_bw_samples(void); -STATIC crypto_pk_t *add_onion_helper_keyarg(const char *arg, int discard_pk, - const char **key_new_alg_out, - char **key_new_blob_out, - char **err_msg_out); +STATIC int add_onion_helper_keyarg(const char *arg, int discard_pk, + const char **key_new_alg_out, + char **key_new_blob_out, void **decoded_key, + int *hs_version, char **err_msg_out); + STATIC rend_authorized_client_t * add_onion_helper_clientauth(const char *arg, int *created, char **err_msg_out); diff --git a/src/test/test_controller.c b/src/test/test_controller.c index 472fcb8c5..056d9333f 100644 --- a/src/test/test_controller.c +++ b/src/test/test_controller.c @@ -6,6 +6,7 @@ #include "bridges.h" #include "control.h" #include "entrynodes.h" +#include "hs_common.h" #include "networkstatus.h" #include "rendservice.h" #include "routerlist.h" @@ -15,8 +16,9 @@ static void test_add_onion_helper_keyarg(void *arg) { + int ret, hs_version; + void *pk_ptr = NULL; crypto_pk_t *pk = NULL; - crypto_pk_t *pk2 = NULL; const char *key_new_alg = NULL; char *key_new_blob = NULL; char *err_msg = NULL; @@ -26,38 +28,46 @@ test_add_onion_helper_keyarg(void *arg) (void) arg; /* Test explicit RSA1024 key generation. */ - pk = add_onion_helper_keyarg("NEW:RSA1024", 0, &key_new_alg, &key_new_blob, - &err_msg); - tt_assert(pk); + ret = add_onion_helper_keyarg("NEW:RSA1024", 0, &key_new_alg, &key_new_blob, + &pk_ptr, &hs_version, &err_msg); + tt_int_op(ret, OP_EQ, 0); + tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); + tt_assert(pk_ptr); tt_str_op(key_new_alg, OP_EQ, "RSA1024"); tt_assert(key_new_blob); tt_ptr_op(err_msg, OP_EQ, NULL); /* Test "BEST" key generation (Assumes BEST = RSA1024). */ - crypto_pk_free(pk); + crypto_pk_free(pk_ptr); pk_ptr = NULL; tor_free(key_new_blob); - pk = add_onion_helper_keyarg("NEW:BEST", 0, &key_new_alg, &key_new_blob, - &err_msg); - tt_assert(pk); + ret = add_onion_helper_keyarg("NEW:BEST", 0, &key_new_alg, &key_new_blob, + &pk_ptr, &hs_version, &err_msg); + tt_int_op(ret, OP_EQ, 0); + tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); + tt_assert(pk_ptr); tt_str_op(key_new_alg, OP_EQ, "RSA1024"); tt_assert(key_new_blob); tt_ptr_op(err_msg, OP_EQ, NULL); /* Test discarding the private key. */ - crypto_pk_free(pk); + crypto_pk_free(pk_ptr); pk_ptr = NULL; tor_free(key_new_blob); - pk = add_onion_helper_keyarg("NEW:BEST", 1, &key_new_alg, &key_new_blob, - &err_msg); - tt_assert(pk); + ret = add_onion_helper_keyarg("NEW:BEST", 1, &key_new_alg, &key_new_blob, + &pk_ptr, &hs_version, &err_msg); + tt_int_op(ret, OP_EQ, 0); + tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); + tt_assert(pk_ptr); tt_ptr_op(key_new_alg, OP_EQ, NULL); tt_ptr_op(key_new_blob, OP_EQ, NULL); tt_ptr_op(err_msg, OP_EQ, NULL); /* Test generating a invalid key type. */ - crypto_pk_free(pk); - pk = add_onion_helper_keyarg("NEW:RSA512", 0, &key_new_alg, &key_new_blob, - &err_msg); - tt_ptr_op(pk, OP_EQ, NULL); + crypto_pk_free(pk_ptr); pk_ptr = NULL; + ret = add_onion_helper_keyarg("NEW:RSA512", 0, &key_new_alg, &key_new_blob, + &pk_ptr, &hs_version, &err_msg); + tt_int_op(ret, OP_EQ, -1); + tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); + tt_ptr_op(pk_ptr, OP_EQ, NULL); tt_ptr_op(key_new_alg, OP_EQ, NULL); tt_ptr_op(key_new_blob, OP_EQ, NULL); tt_assert(err_msg); @@ -67,41 +77,47 @@ test_add_onion_helper_keyarg(void *arg) pk = pk_generate(0); tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk, &encoded)); tor_asprintf(&arg_str, "RSA1024:%s", encoded); - pk2 = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, - &err_msg); - tt_assert(pk2); + ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, + &pk_ptr, &hs_version, &err_msg); + tt_int_op(ret, OP_EQ, 0); + tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); + tt_assert(pk_ptr); tt_ptr_op(key_new_alg, OP_EQ, NULL); tt_ptr_op(key_new_blob, OP_EQ, NULL); tt_ptr_op(err_msg, OP_EQ, NULL); - tt_int_op(crypto_pk_cmp_keys(pk, pk2), OP_EQ, 0); + tt_int_op(crypto_pk_cmp_keys(pk, pk_ptr), OP_EQ, 0); /* Test loading a invalid key type. */ tor_free(arg_str); crypto_pk_free(pk); pk = NULL; + crypto_pk_free(pk_ptr); pk_ptr = NULL; tor_asprintf(&arg_str, "RSA512:%s", encoded); - pk = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, - &err_msg); - tt_ptr_op(pk, OP_EQ, NULL); + ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, + &pk_ptr, &hs_version, &err_msg); + tt_int_op(ret, OP_EQ, -1); + tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); + tt_ptr_op(pk_ptr, OP_EQ, NULL); tt_ptr_op(key_new_alg, OP_EQ, NULL); tt_ptr_op(key_new_blob, OP_EQ, NULL); tt_assert(err_msg); /* Test loading a invalid key. */ tor_free(arg_str); - crypto_pk_free(pk); pk = NULL; + crypto_pk_free(pk_ptr); pk_ptr = NULL; tor_free(err_msg); encoded[strlen(encoded)/2] = '\0'; tor_asprintf(&arg_str, "RSA1024:%s", encoded); - pk = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, - &err_msg); - tt_ptr_op(pk, OP_EQ, NULL); + ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, + &pk_ptr, &hs_version, &err_msg); + tt_int_op(ret, OP_EQ, -1); + tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); + tt_ptr_op(pk_ptr, OP_EQ, NULL); tt_ptr_op(key_new_alg, OP_EQ, NULL); tt_ptr_op(key_new_blob, OP_EQ, NULL); tt_assert(err_msg); done: - crypto_pk_free(pk); - crypto_pk_free(pk2); + crypto_pk_free(pk_ptr); tor_free(key_new_blob); tor_free(err_msg); tor_free(encoded);

1 0

[tor/master] hs-v3: Add a lookup service current descriptor function
by nickm＠torproject.org 06 Dec '17

06 Dec '17

commit 0a3b2954487480114201758e02b3560e46ea1cca Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Nov 7 16:00:40 2017 -0500 hs-v3: Add a lookup service current descriptor function This will be used by the control port command "GETINFO hs/service/desc/id/<ADDR>" which returns the encoded current descriptor for the given onion address. Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/hs_service.c | 25 +++++++++++++++++++++++++ src/or/hs_service.h | 2 ++ 2 files changed, 27 insertions(+) diff --git a/src/or/hs_service.c b/src/or/hs_service.c index 8e2f52dcf..349aa265d 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -2900,6 +2900,31 @@ service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list) /* Public API */ /* ========== */ +/* Using the ed25519 public key pk, find a service for that key and return the + * current encoded descriptor as a newly allocated string or NULL if not + * found. This is used by the control port subsystem. */ +char * +hs_service_lookup_current_desc(const ed25519_public_key_t *pk) +{ + const hs_service_t *service; + + tor_assert(pk); + + service = find_service(hs_service_map, pk); + if (service && service->desc_current) { + char *encoded_desc = NULL; + /* No matter what is the result (which should never be a failure), return + * the encoded variable, if success it will contain the right thing else + * it will be NULL. */ + hs_desc_encode_descriptor(service->desc_current->desc, + &service->desc_current->signing_kp, + &encoded_desc); + return encoded_desc; + } + + return NULL; +} + /* Return the number of service we have configured and usable. */ unsigned int hs_service_get_num_services(void) diff --git a/src/or/hs_service.h b/src/or/hs_service.h index ed1053d85..e78cc4c2b 100644 --- a/src/or/hs_service.h +++ b/src/or/hs_service.h @@ -271,6 +271,8 @@ int hs_service_receive_introduce2(origin_circuit_t *circ, void hs_service_intro_circ_has_closed(origin_circuit_t *circ); +char *hs_service_lookup_current_desc(const ed25519_public_key_t *pk); + #ifdef HS_SERVICE_PRIVATE #ifdef TOR_UNIT_TESTS

1 0

[tor/master] control: Implement GETINFO hs/service/desc/id/<ADDR> for HSv3
by nickm＠torproject.org 06 Dec '17

06 Dec '17

commit 660de600a036d0048fa6ba52bc2562f5a5ca6895 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Nov 7 16:02:00 2017 -0500 control: Implement GETINFO hs/service/desc/id/<ADDR> for HSv3 Part of #20699 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/control.c | 41 ++++++++++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index 193a65fac..405c0c935 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2057,20 +2057,47 @@ getinfo_helper_dir(control_connection_t *control_conn, } } } else if (!strcmpstart(question, "hs/service/desc/id/")) { - rend_cache_entry_t *e = NULL; + hostname_type_t addr_type; question += strlen("hs/service/desc/id/"); - if (strlen(question) != REND_SERVICE_ID_LEN_BASE32) { + if (rend_valid_v2_service_id(question)) { + addr_type = ONION_V2_HOSTNAME; + } else if (hs_address_is_valid(question)) { + addr_type = ONION_V3_HOSTNAME; + } else { *errmsg = "Invalid address"; return -1; } + rend_cache_entry_t *e = NULL; - if (!rend_cache_lookup_v2_desc_as_service(question, &e)) { - /* Descriptor found in cache */ - *answer = tor_strdup(e->desc); + if (addr_type == ONION_V2_HOSTNAME) { + if (!rend_cache_lookup_v2_desc_as_service(question, &e)) { + /* Descriptor found in cache */ + *answer = tor_strdup(e->desc); + } else { + *errmsg = "Not found in cache"; + return -1; + } } else { - *errmsg = "Not found in cache"; - return -1; + ed25519_public_key_t service_pk; + char *desc; + + /* The check before this if/else makes sure of this. */ + tor_assert(addr_type == ONION_V3_HOSTNAME); + + if (hs_parse_address(question, &service_pk, NULL, NULL) < 0) { + *errmsg = "Invalid v3 address"; + return -1; + } + + desc = hs_service_lookup_current_desc(&service_pk); + if (desc) { + /* Newly allocated string, we have ownership. */ + *answer = desc; + } else { + *errmsg = "Not found in cache"; + return -1; + } } } else if (!strcmpstart(question, "md/id/")) { const node_t *node = node_get_by_hex_id(question+strlen("md/id/"), 0);

1 0

[tor/master] hs-v3: Implement HS_DESC UPLOAD event
by nickm＠torproject.org 06 Dec '17

06 Dec '17

commit c7050eaa16ca8c46c2cea81cc2f4d405ccf15968 Author: David Goulet <dgoulet(a)torproject.org> Date: Fri Nov 10 14:48:52 2017 -0500 hs-v3: Implement HS_DESC UPLOAD event Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/control.c | 15 ++++++++++++--- src/or/control.h | 3 ++- src/or/hs_control.c | 29 +++++++++++++++++++++++++++++ src/or/hs_control.h | 6 ++++++ src/or/hs_service.c | 5 ++++- src/or/rendservice.c | 4 ++-- 6 files changed, 55 insertions(+), 7 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index 15edc1f24..0e41aab5e 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -7286,17 +7286,26 @@ control_event_hs_descriptor_created(const char *onion_address, void control_event_hs_descriptor_upload(const char *onion_address, const char *id_digest, - const char *desc_id) + const char *desc_id, + const char *hsdir_index) { + char *hsdir_index_field = NULL; + if (BUG(!onion_address || !id_digest || !desc_id)) { return; } + if (hsdir_index) { + tor_asprintf(&hsdir_index_field, " HSDIR_INDEX=%s", hsdir_index); + } + send_control_event(EVENT_HS_DESC, - "650 HS_DESC UPLOAD %s UNKNOWN %s %s\r\n", + "650 HS_DESC UPLOAD %s UNKNOWN %s %s%s\r\n", onion_address, node_describe_longname_by_id(id_digest), - desc_id); + desc_id, + hsdir_index_field ? hsdir_index_field : ""); + tor_free(hsdir_index_field); } /** send HS_DESC event after got response from hs directory. diff --git a/src/or/control.h b/src/or/control.h index c11f6a07b..23f6eed8e 100644 --- a/src/or/control.h +++ b/src/or/control.h @@ -125,7 +125,8 @@ void control_event_hs_descriptor_created(const char *onion_address, int replica); void control_event_hs_descriptor_upload(const char *onion_address, const char *desc_id, - const char *hs_dir); + const char *hs_dir, + const char *hsdir_index); void control_event_hs_descriptor_upload_end(const char *action, const char *onion_address, const char *hs_dir, diff --git a/src/or/hs_control.c b/src/or/hs_control.c index ea010605b..09dbbeba4 100644 --- a/src/or/hs_control.c +++ b/src/or/hs_control.c @@ -125,3 +125,32 @@ hs_control_desc_event_created(const char *onion_address, control_event_hs_descriptor_created(onion_address, base64_blinded_pk, -1); } +/* Send on the control port the "HS_DESC UPLOAD [...]" event. + * + * Using the onion address of the descriptor's service, the HSDir identity + * digest, the blinded public key of the descriptor as a descriptor ID and the + * HSDir index for this particular request. None can be NULL. */ +void +hs_control_desc_event_upload(const char *onion_address, + const char *hsdir_id_digest, + const ed25519_public_key_t *blinded_pk, + const uint8_t *hsdir_index) +{ + char base64_blinded_pk[ED25519_BASE64_LEN + 1]; + + tor_assert(onion_address); + tor_assert(hsdir_id_digest); + tor_assert(blinded_pk); + tor_assert(hsdir_index); + + /* Build base64 encoded blinded key. */ + IF_BUG_ONCE(ed25519_public_to_base64(base64_blinded_pk, blinded_pk) < 0) { + return; + } + + control_event_hs_descriptor_upload(onion_address, hsdir_id_digest, + base64_blinded_pk, + hex_str((const char *) hsdir_index, + DIGEST256_LEN)); +} + diff --git a/src/or/hs_control.h b/src/or/hs_control.h index 3b117f19c..e10a300d7 100644 --- a/src/or/hs_control.h +++ b/src/or/hs_control.h @@ -29,5 +29,11 @@ void hs_control_desc_event_received(const hs_ident_dir_conn_t *ident, void hs_control_desc_event_created(const char *onion_address, const ed25519_public_key_t *blinded_pk); +/* Event "HS_DESC UPLOAD [...]" */ +void hs_control_desc_event_upload(const char *onion_address, + const char *hsdir_id_digest, + const ed25519_public_key_t *blinded_pk, + const uint8_t *hsdir_index); + #endif /* !defined(TOR_HS_CONTROL_H) */ diff --git a/src/or/hs_service.c b/src/or/hs_service.c index 65df5b269..4f0465da4 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -2267,9 +2267,12 @@ upload_descriptor_to_hsdir(const hs_service_t *service, desc->desc->plaintext_data.revision_counter, safe_str_client(node_describe(hsdir)), safe_str_client(hex_str((const char *) index, 32))); + + /* Fire a UPLOAD control port event. */ + hs_control_desc_event_upload(service->onion_address, hsdir->identity, + &desc->blinded_kp.pubkey, index); } - /* XXX: Inform control port of the upload event (#20699). */ end: tor_free(encoded_desc); return; diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 8eb533490..1e745d0fd 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -3574,7 +3574,7 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc, "directories to post descriptors to."); control_event_hs_descriptor_upload(service_id, "UNKNOWN", - "UNKNOWN"); + "UNKNOWN", NULL); goto done; } } @@ -3629,7 +3629,7 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc, hs_dir->or_port); control_event_hs_descriptor_upload(service_id, hs_dir->identity_digest, - desc_id_base32); + desc_id_base32, NULL); tor_free(hs_dir_ip); /* Remember successful upload to this router for next time. */ if (!smartlist_contains_digest(successful_uploads,

1 0