tor-commits April 2017

tor-commits@lists.torproject.org

19 participants
966 discussions

[tor/master] Merge branch 'asn/prop224-ntor-v2-squashed'
by nickm＠torproject.org 13 Apr '17

13 Apr '17

commit 755c88a4746b8b58d1b36486a611abc2d4f44144 Merge: 01fc93f ea5901b Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Apr 13 09:22:34 2017 -0400 Merge branch 'asn/prop224-ntor-v2-squashed' .gitignore | 2 + src/or/hs_ntor.c | 626 +++++++++++++++++++++++++++++++++++++++++++++ src/or/hs_ntor.h | 77 ++++++ src/or/include.am | 2 + src/test/hs_ntor_ref.py | 408 +++++++++++++++++++++++++++++ src/test/include.am | 17 +- src/test/test_hs_ntor.sh | 11 + src/test/test_hs_ntor_cl.c | 255 ++++++++++++++++++ src/test/test_hs_service.c | 97 +++++++ 9 files changed, 1493 insertions(+), 2 deletions(-)

1 0

[tor/master] prop224: Add basic HS ntor unittest.
by nickm＠torproject.org 13 Apr '17

13 Apr '17

commit 18ee145cdafb8de265a506439fd66c80f1b8f70a Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Feb 28 13:50:17 2017 +0200 prop224: Add basic HS ntor unittest. The test checks that introduce1/rendezvous1 key material is generated correctly both for client-side and service-side. --- src/test/test_hs_service.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index 039d727..48542c7 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -17,6 +17,8 @@ #include "hs_service.h" #include "hs_intropoint.h" +#include "hs_ntor.h" + /** We simulate the creation of an outgoing ESTABLISH_INTRO cell, and then we * parse it from the receiver side. */ static void @@ -100,11 +102,106 @@ test_gen_establish_intro_cell_bad(void *arg) UNMOCK(ed25519_sign_prefixed); } +/** Test the HS ntor handshake. Simulate the sending of an encrypted INTRODUCE1 + * cell, and verify the proper derivation of decryption keys on the other end. + * Then simulate the sending of an authenticated RENDEZVOUS1 cell and verify + * the proper verification on the other end. */ +static void +test_hs_ntor(void *arg) +{ + int retval; + + uint8_t subcredential[DIGEST256_LEN]; + + ed25519_keypair_t service_intro_auth_keypair; + curve25519_keypair_t service_intro_enc_keypair; + curve25519_keypair_t service_ephemeral_rend_keypair; + + curve25519_keypair_t client_ephemeral_enc_keypair; + + hs_ntor_intro_cell_keys_t client_hs_ntor_intro_cell_keys; + hs_ntor_intro_cell_keys_t service_hs_ntor_intro_cell_keys; + + hs_ntor_rend_cell_keys_t service_hs_ntor_rend_cell_keys; + hs_ntor_rend_cell_keys_t client_hs_ntor_rend_cell_keys; + + (void) arg; + + /* Generate fake data for this unittest */ + { + /* Generate fake subcredential */ + memset(subcredential, 'Z', DIGEST256_LEN); + + /* service */ + curve25519_keypair_generate(&service_intro_enc_keypair, 0); + ed25519_keypair_generate(&service_intro_auth_keypair, 0); + curve25519_keypair_generate(&service_ephemeral_rend_keypair, 0); + /* client */ + curve25519_keypair_generate(&client_ephemeral_enc_keypair, 0); + } + + /* Client: Simulate the sending of an encrypted INTRODUCE1 cell */ + retval = + hs_ntor_client_get_introduce1_keys(&service_intro_auth_keypair.pubkey, + &service_intro_enc_keypair.pubkey, + &client_ephemeral_enc_keypair, + subcredential, + &client_hs_ntor_intro_cell_keys); + tt_int_op(retval, ==, 0); + + /* Service: Simulate the decryption of the received INTRODUCE1 */ + retval = + hs_ntor_service_get_introduce1_keys(&service_intro_auth_keypair.pubkey, + &service_intro_enc_keypair, + &client_ephemeral_enc_keypair.pubkey, + subcredential, + &service_hs_ntor_intro_cell_keys); + tt_int_op(retval, ==, 0); + + /* Test that the INTRODUCE1 encryption/mac keys match! */ + tt_mem_op(client_hs_ntor_intro_cell_keys.enc_key, OP_EQ, + service_hs_ntor_intro_cell_keys.enc_key, + CIPHER256_KEY_LEN); + tt_mem_op(client_hs_ntor_intro_cell_keys.mac_key, OP_EQ, + service_hs_ntor_intro_cell_keys.mac_key, + DIGEST256_LEN); + + /* Service: Simulate creation of RENDEZVOUS1 key material. */ + retval = + hs_ntor_service_get_rendezvous1_keys(&service_intro_auth_keypair.pubkey, + &service_intro_enc_keypair, + &service_ephemeral_rend_keypair, + &client_ephemeral_enc_keypair.pubkey, + &service_hs_ntor_rend_cell_keys); + tt_int_op(retval, ==, 0); + + /* Client: Simulate the verification of a received RENDEZVOUS1 cell */ + retval = + hs_ntor_client_get_rendezvous1_keys(&service_intro_auth_keypair.pubkey, + &client_ephemeral_enc_keypair, + &service_intro_enc_keypair.pubkey, + &service_ephemeral_rend_keypair.pubkey, + &client_hs_ntor_rend_cell_keys); + tt_int_op(retval, ==, 0); + + /* Test that the RENDEZVOUS1 key material match! */ + tt_mem_op(client_hs_ntor_rend_cell_keys.rend_cell_auth_mac, OP_EQ, + service_hs_ntor_rend_cell_keys.rend_cell_auth_mac, + DIGEST256_LEN); + tt_mem_op(client_hs_ntor_rend_cell_keys.ntor_key_seed, OP_EQ, + service_hs_ntor_rend_cell_keys.ntor_key_seed, + DIGEST256_LEN); + + done: + ; +} + struct testcase_t hs_service_tests[] = { { "gen_establish_intro_cell", test_gen_establish_intro_cell, TT_FORK, NULL, NULL }, { "gen_establish_intro_cell_bad", test_gen_establish_intro_cell_bad, TT_FORK, NULL, NULL }, + { "hs_ntor", test_hs_ntor, TT_FORK, NULL, NULL }, END_OF_TESTCASES };

1 0

[tor/master] prop224: Add Python integration tests for HS ntor.
by nickm＠torproject.org 13 Apr '17

13 Apr '17

commit ea5901bf1c6f201f5618aca21ddbb9c41893f147 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Mar 14 15:06:36 2017 +0200 prop224: Add Python integration tests for HS ntor. This test is identical to the ./src/test/test_ntor.sh integration test. --- .gitignore | 2 + src/test/hs_ntor_ref.py | 408 +++++++++++++++++++++++++++++++++++++++++++++ src/test/include.am | 17 +- src/test/test_hs_ntor.sh | 11 ++ src/test/test_hs_ntor_cl.c | 255 ++++++++++++++++++++++++++++ 5 files changed, 691 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index d33b797..0491638 100644 --- a/.gitignore +++ b/.gitignore @@ -179,6 +179,7 @@ uptime-*.json /src/test/test-child /src/test/test-memwipe /src/test/test-ntor-cl +/src/test/test-hs-ntor-cl /src/test/test-switch-id /src/test/test-timers /src/test/test_workqueue @@ -187,6 +188,7 @@ uptime-*.json /src/test/test-bt-cl.exe /src/test/test-child.exe /src/test/test-ntor-cl.exe +/src/test/test-hs-ntor-cl.exe /src/test/test-memwipe.exe /src/test/test-switch-id.exe /src/test/test-timers.exe diff --git a/src/test/hs_ntor_ref.py b/src/test/hs_ntor_ref.py new file mode 100644 index 0000000..813e797 --- /dev/null +++ b/src/test/hs_ntor_ref.py @@ -0,0 +1,408 @@ +#!/usr/bin/python +# Copyright 2017, The Tor Project, Inc +# See LICENSE for licensing information + +""" +hs_ntor_ref.py + +This module is a reference implementation of the modified ntor protocol +proposed for Tor hidden services in proposal 224 (Next Generation Hidden +Services) in section [NTOR-WITH-EXTRA-DATA]. + +The modified ntor protocol is a single-round protocol, with three steps in total: + + 1: Client generates keys and sends them to service via INTRODUCE cell + + 2: Service computes key material based on client's keys, and sends its own + keys to client via RENDEZVOUS cell + + 3: Client computes key material as well. + +It's meant to be used to validate Tor's HS ntor implementation by conducting +various integration tests. Specifically it conducts the following three tests: + +- Tests our Python implementation by running the whole protocol in Python and + making sure that results are consistent. + +- Tests little-t-tor ntor implementation. We use this Python code to instrument + little-t-tor and carry out the handshake by using little-t-tor code. The + small C wrapper at src/test/test-hs-ntor-cl is used for this Python module to + interface with little-t-tor. + +- Cross-tests Python and little-t-tor implementation by running half of the + protocol in Python code and the other in little-t-tor. This is actually two + tests so that all parts of the protocol are run both by little-t-tor and + Python. + +It requires the curve25519 python module from the curve25519-donna package. + +The whole logic and concept for this test suite was taken from ntor_ref.py. + + *** DO NOT USE THIS IN PRODUCTION. *** +""" + +import struct +import os, sys +import binascii +import subprocess + +try: + import curve25519 + curve25519mod = curve25519.keys +except ImportError: + curve25519 = None + import slownacl_curve25519 + curve25519mod = slownacl_curve25519 + +try: + import sha3 +except ImportError: + # error code 77 tells automake to skip this test + sys.exit(77) + +# Import Nick's ntor reference implementation in Python +# We are gonna use a few of its utilities. +from ntor_ref import hash_nil +from ntor_ref import PrivateKey + +# String constants used in this protocol +PROTOID = "tor-hs-ntor-curve25519-sha3-256-1" +T_HSENC = PROTOID + ":hs_key_extract" +T_HSVERIFY = PROTOID + ":hs_verify" +T_HSMAC = PROTOID + ":hs_mac" +M_HSEXPAND = PROTOID + ":hs_key_expand" + +INTRO_SECRET_LEN = 161 +REND_SECRET_LEN = 225 +AUTH_INPUT_LEN = 199 + +# Implements MAC(k,m) = H(htonll(len(k)) | k | m) +def mac(k,m): + def htonll(num): + return struct.pack('!q', num) + + s = sha3.SHA3256() + s.update(htonll(len(k))) + s.update(k) + s.update(m) + return s.digest() + +###################################################################### + +# Functions that implement the modified HS ntor protocol + +"""As client compute key material for INTRODUCE cell as follows: + + intro_secret_hs_input = EXP(B,x) | AUTH_KEY | X | B | PROTOID + info = m_hsexpand | subcredential + hs_keys = KDF(intro_secret_hs_input | t_hsenc | info, S_KEY_LEN+MAC_LEN) + ENC_KEY = hs_keys[0:S_KEY_LEN] + MAC_KEY = hs_keys[S_KEY_LEN:S_KEY_LEN+MAC_KEY_LEN] +""" +def intro2_ntor_client(intro_auth_pubkey_str, intro_enc_pubkey, + client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, subcredential): + + dh_result = client_ephemeral_enc_privkey.get_shared_key(intro_enc_pubkey, hash_nil) + secret = dh_result + intro_auth_pubkey_str + client_ephemeral_enc_pubkey.serialize() + intro_enc_pubkey.serialize() + PROTOID + assert(len(secret) == INTRO_SECRET_LEN) + info = M_HSEXPAND + subcredential + + kdf = sha3.SHAKE256() + kdf.update(secret + T_HSENC + info) + key_material = kdf.squeeze(64*8) + + enc_key = key_material[0:32] + mac_key = key_material[32:64] + + return enc_key, mac_key + +"""Wrapper over intro2_ntor_client()""" +def client_part1(intro_auth_pubkey_str, intro_enc_pubkey, + client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, subcredential): + enc_key, mac_key = intro2_ntor_client(intro_auth_pubkey_str, intro_enc_pubkey, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, subcredential) + assert(enc_key) + assert(mac_key) + + return enc_key, mac_key + +"""As service compute key material for INTRODUCE cell as follows: + + intro_secret_hs_input = EXP(X,b) | AUTH_KEY | X | B | PROTOID + info = m_hsexpand | subcredential + hs_keys = KDF(intro_secret_hs_input | t_hsenc | info, S_KEY_LEN+MAC_LEN) + HS_DEC_KEY = hs_keys[0:S_KEY_LEN] + HS_MAC_KEY = hs_keys[S_KEY_LEN:S_KEY_LEN+MAC_KEY_LEN] +""" +def intro2_ntor_service(intro_auth_pubkey_str, client_enc_pubkey, service_enc_privkey, service_enc_pubkey, subcredential): + dh_result = service_enc_privkey.get_shared_key(client_enc_pubkey, hash_nil) + secret = dh_result + intro_auth_pubkey_str + client_enc_pubkey.serialize() + service_enc_pubkey.serialize() + PROTOID + assert(len(secret) == INTRO_SECRET_LEN) + info = M_HSEXPAND + subcredential + + kdf = sha3.SHAKE256() + kdf.update(secret + T_HSENC + info) + key_material = kdf.squeeze(64*8) + + enc_key = key_material[0:32] + mac_key = key_material[32:64] + + return enc_key, mac_key + +"""As service compute key material for INTRODUCE and REDNEZVOUS cells. + + Use intro2_ntor_service() to calculate the INTRODUCE key material, and use + the following computations to do the RENDEZVOUS ones: + + rend_secret_hs_input = EXP(X,y) | EXP(X,b) | AUTH_KEY | B | X | Y | PROTOID + NTOR_KEY_SEED = MAC(rend_secret_hs_input, t_hsenc) + verify = MAC(rend_secret_hs_input, t_hsverify) + auth_input = verify | AUTH_KEY | B | Y | X | PROTOID | "Server" + AUTH_INPUT_MAC = MAC(auth_input, t_hsmac) +""" +def service_part1(intro_auth_pubkey_str, client_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential): + intro_enc_key, intro_mac_key = intro2_ntor_service(intro_auth_pubkey_str, client_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential) + assert(intro_enc_key) + assert(intro_mac_key) + + service_ephemeral_privkey = PrivateKey() + service_ephemeral_pubkey = service_ephemeral_privkey.get_public() + + dh_result1 = service_ephemeral_privkey.get_shared_key(client_enc_pubkey, hash_nil) + dh_result2 = intro_enc_privkey.get_shared_key(client_enc_pubkey, hash_nil) + rend_secret_hs_input = dh_result1 + dh_result2 + intro_auth_pubkey_str + intro_enc_pubkey.serialize() + client_enc_pubkey.serialize() + service_ephemeral_pubkey.serialize() + PROTOID + assert(len(rend_secret_hs_input) == REND_SECRET_LEN) + + ntor_key_seed = mac(rend_secret_hs_input, T_HSENC) + verify = mac(rend_secret_hs_input, T_HSVERIFY) + auth_input = verify + intro_auth_pubkey_str + intro_enc_pubkey.serialize() + service_ephemeral_pubkey.serialize() + client_enc_pubkey.serialize() + PROTOID + "Server" + assert(len(auth_input) == AUTH_INPUT_LEN) + auth_input_mac = mac(auth_input, T_HSMAC) + + assert(ntor_key_seed) + assert(auth_input_mac) + assert(service_ephemeral_pubkey) + + return intro_enc_key, intro_mac_key, ntor_key_seed, auth_input_mac, service_ephemeral_pubkey + +"""As client compute key material for rendezvous cells as follows: + + rend_secret_hs_input = EXP(Y,x) | EXP(B,x) | AUTH_KEY | B | X | Y | PROTOID + NTOR_KEY_SEED = MAC(ntor_secret_input, t_hsenc) + verify = MAC(ntor_secret_input, t_hsverify) + auth_input = verify | AUTH_KEY | B | Y | X | PROTOID | "Server" + AUTH_INPUT_MAC = MAC(auth_input, t_hsmac) +""" +def client_part2(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, + intro_enc_pubkey, service_ephemeral_rend_pubkey): + dh_result1 = client_ephemeral_enc_privkey.get_shared_key(service_ephemeral_rend_pubkey, hash_nil) + dh_result2 = client_ephemeral_enc_privkey.get_shared_key(intro_enc_pubkey, hash_nil) + rend_secret_hs_input = dh_result1 + dh_result2 + intro_auth_pubkey_str + intro_enc_pubkey.serialize() + client_ephemeral_enc_pubkey.serialize() + service_ephemeral_rend_pubkey.serialize() + PROTOID + assert(len(rend_secret_hs_input) == REND_SECRET_LEN) + + ntor_key_seed = mac(rend_secret_hs_input, T_HSENC) + verify = mac(rend_secret_hs_input, T_HSVERIFY) + auth_input = verify + intro_auth_pubkey_str + intro_enc_pubkey.serialize() + service_ephemeral_rend_pubkey.serialize() + client_ephemeral_enc_pubkey.serialize() + PROTOID + "Server" + assert(len(auth_input) == AUTH_INPUT_LEN) + auth_input_mac = mac(auth_input, T_HSMAC) + + assert(ntor_key_seed) + assert(auth_input_mac) + + return ntor_key_seed, auth_input_mac + +################################################################################# + +""" +Utilities for communicating with the little-t-tor ntor wrapper to conduct the +integration tests +""" + +PROG = b"./src/test/test-hs-ntor-cl" +enhex=lambda s: binascii.b2a_hex(s) +dehex=lambda s: binascii.a2b_hex(s.strip()) + +def tor_client1(intro_auth_pubkey_str, intro_enc_pubkey, + client_ephemeral_enc_privkey, subcredential): + p = subprocess.Popen([PROG, "client1", + enhex(intro_auth_pubkey_str), + enhex(intro_enc_pubkey.serialize()), + enhex(client_ephemeral_enc_privkey.serialize()), + enhex(subcredential)], + stdout=subprocess.PIPE) + return map(dehex, p.stdout.readlines()) + +def tor_server1(intro_auth_pubkey_str, intro_enc_privkey, + client_ephemeral_enc_pubkey, subcredential): + p = subprocess.Popen([PROG, "server1", + enhex(intro_auth_pubkey_str), + enhex(intro_enc_privkey.serialize()), + enhex(client_ephemeral_enc_pubkey.serialize()), + enhex(subcredential)], + stdout=subprocess.PIPE) + return map(dehex, p.stdout.readlines()) + +def tor_client2(intro_auth_pubkey_str, client_ephemeral_enc_privkey, + intro_enc_pubkey, service_ephemeral_rend_pubkey, subcredential): + p = subprocess.Popen([PROG, "client2", + enhex(intro_auth_pubkey_str), + enhex(client_ephemeral_enc_privkey.serialize()), + enhex(intro_enc_pubkey.serialize()), + enhex(service_ephemeral_rend_pubkey.serialize()), + enhex(subcredential)], + stdout=subprocess.PIPE) + return map(dehex, p.stdout.readlines()) + +################################################################################## + +# Perform a pure python ntor test +def do_pure_python_ntor_test(): + # Initialize all needed key material + client_ephemeral_enc_privkey = PrivateKey() + client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() + intro_enc_privkey = PrivateKey() + intro_enc_pubkey = intro_enc_privkey.get_public() + intro_auth_pubkey_str = os.urandom(32) + subcredential = os.urandom(32) + + client_enc_key, client_mac_key = client_part1(intro_auth_pubkey_str, intro_enc_pubkey, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, subcredential) + + service_enc_key, service_mac_key, service_ntor_key_seed, service_auth_input_mac, service_ephemeral_pubkey = service_part1(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential) + + assert(client_enc_key == service_enc_key) + assert(client_mac_key == service_mac_key) + + client_ntor_key_seed, client_auth_input_mac = client_part2(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, + intro_enc_pubkey, service_ephemeral_pubkey) + + assert(client_ntor_key_seed == service_ntor_key_seed) + assert(client_auth_input_mac == service_auth_input_mac) + + print "DONE: python dance [%s]" % repr(client_auth_input_mac) + +# Perform a pure little-t-tor integration test. +def do_little_t_tor_ntor_test(): + # Initialize all needed key material + subcredential = os.urandom(32) + client_ephemeral_enc_privkey = PrivateKey() + client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() + intro_enc_privkey = PrivateKey() + intro_enc_pubkey = intro_enc_privkey.get_public() # service-side enc key + intro_auth_pubkey_str = os.urandom(32) + + client_enc_key, client_mac_key = tor_client1(intro_auth_pubkey_str, intro_enc_pubkey, + client_ephemeral_enc_privkey, subcredential) + assert(client_enc_key) + assert(client_mac_key) + + service_enc_key, service_mac_key, service_ntor_auth_mac, service_ntor_key_seed, service_eph_pubkey = tor_server1(intro_auth_pubkey_str, + intro_enc_privkey, + client_ephemeral_enc_pubkey, + subcredential) + assert(service_enc_key) + assert(service_mac_key) + assert(service_ntor_auth_mac) + assert(service_ntor_key_seed) + + assert(client_enc_key == service_enc_key) + assert(client_mac_key == service_mac_key) + + # Turn from bytes to key + service_eph_pubkey = curve25519mod.Public(service_eph_pubkey) + + client_ntor_auth_mac, client_ntor_key_seed = tor_client2(intro_auth_pubkey_str, client_ephemeral_enc_privkey, + intro_enc_pubkey, service_eph_pubkey, subcredential) + assert(client_ntor_auth_mac) + assert(client_ntor_key_seed) + + assert(client_ntor_key_seed == service_ntor_key_seed) + assert(client_ntor_auth_mac == service_ntor_auth_mac) + + print "DONE: tor dance [%s]" % repr(client_ntor_auth_mac) + +""" +Do mixed test as follows: + 1. C -> S (python mode) + 2. C <- S (tor mode) + 3. Client computes keys (python mode) +""" +def do_first_mixed_test(): + subcredential = os.urandom(32) + + client_ephemeral_enc_privkey = PrivateKey() + client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() + intro_enc_privkey = PrivateKey() + intro_enc_pubkey = intro_enc_privkey.get_public() # service-side enc key + + intro_auth_pubkey_str = os.urandom(32) + + # Let's do mixed + client_enc_key, client_mac_key = client_part1(intro_auth_pubkey_str, intro_enc_pubkey, + client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, + subcredential) + + service_enc_key, service_mac_key, service_ntor_auth_mac, service_ntor_key_seed, service_eph_pubkey = tor_server1(intro_auth_pubkey_str, + intro_enc_privkey, + client_ephemeral_enc_pubkey, + subcredential) + assert(service_enc_key) + assert(service_mac_key) + assert(service_ntor_auth_mac) + assert(service_ntor_key_seed) + assert(service_eph_pubkey) + + assert(client_enc_key == service_enc_key) + assert(client_mac_key == service_mac_key) + + # Turn from bytes to key + service_eph_pubkey = curve25519mod.Public(service_eph_pubkey) + + client_ntor_key_seed, client_auth_input_mac = client_part2(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, + intro_enc_pubkey, service_eph_pubkey) + + assert(client_auth_input_mac == service_ntor_auth_mac) + assert(client_ntor_key_seed == service_ntor_key_seed) + + print "DONE: 1st mixed dance [%s]" % repr(client_auth_input_mac) + +""" +Do mixed test as follows: + 1. C -> S (tor mode) + 2. C <- S (python mode) + 3. Client computes keys (tor mode) +""" +def do_second_mixed_test(): + subcredential = os.urandom(32) + + client_ephemeral_enc_privkey = PrivateKey() + client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() + intro_enc_privkey = PrivateKey() + intro_enc_pubkey = intro_enc_privkey.get_public() # service-side enc key + + intro_auth_pubkey_str = os.urandom(32) + + # Let's do mixed + client_enc_key, client_mac_key = tor_client1(intro_auth_pubkey_str, intro_enc_pubkey, + client_ephemeral_enc_privkey, subcredential) + assert(client_enc_key) + assert(client_mac_key) + + service_enc_key, service_mac_key, service_ntor_key_seed, service_ntor_auth_mac, service_ephemeral_pubkey = service_part1(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential) + + client_ntor_auth_mac, client_ntor_key_seed = tor_client2(intro_auth_pubkey_str, client_ephemeral_enc_privkey, + intro_enc_pubkey, service_ephemeral_pubkey, subcredential) + assert(client_ntor_auth_mac) + assert(client_ntor_key_seed) + + assert(client_ntor_key_seed == service_ntor_key_seed) + assert(client_ntor_auth_mac == service_ntor_auth_mac) + + print "DONE: 2nd mixed dance [%s]" % repr(client_ntor_auth_mac) + +def do_mixed_tests(): + do_first_mixed_test() + do_second_mixed_test() + +if __name__ == '__main__': + do_pure_python_ntor_test() + do_little_t_tor_ntor_test() + do_mixed_tests() diff --git a/src/test/include.am b/src/test/include.am index 1c0726f..441ce5f 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -20,7 +20,7 @@ TESTSCRIPTS = \ src/test/test_switch_id.sh if USEPYTHON -TESTSCRIPTS += src/test/test_ntor.sh src/test/test_bt.sh +TESTSCRIPTS += src/test/test_ntor.sh src/test/test_hs_ntor.sh src/test/test_bt.sh endif TESTS += src/test/test src/test/test-slow src/test/test-memwipe \ @@ -249,6 +249,7 @@ noinst_HEADERS+= \ src/test/vote_descriptors.inc noinst_PROGRAMS+= src/test/test-ntor-cl +noinst_PROGRAMS+= src/test/test-hs-ntor-cl src_test_test_ntor_cl_SOURCES = src/test/test_ntor_cl.c src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \ @@ -259,6 +260,17 @@ src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \ src_test_test_ntor_cl_AM_CPPFLAGS = \ -I"$(top_srcdir)/src/or" +src_test_test_hs_ntor_cl_SOURCES = src/test/test_hs_ntor_cl.c +src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ +src_test_test_hs_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \ + src/common/libor-ctime.a \ + src/common/libor-crypto.a $(LIBKECCAK_TINY) $(LIBDONNA) \ + @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \ + @TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ +src_test_test_hs_ntor_cl_AM_CPPFLAGS = \ + -I"$(top_srcdir)/src/or" + + noinst_PROGRAMS += src/test/test-bt-cl src_test_test_bt_cl_SOURCES = src/test/test_bt_cl.c src_test_test_bt_cl_LDADD = src/common/libor-testing.a \ @@ -271,12 +283,13 @@ src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS) $(TEST_CPPFLAGS) EXTRA_DIST += \ src/test/bt_test.py \ src/test/ntor_ref.py \ + src/test/hs_ntor_ref.py \ src/test/fuzz_static_testcases.sh \ src/test/slownacl_curve25519.py \ src/test/zero_length_keys.sh \ src/test/test_keygen.sh \ src/test/test_zero_length_keys.sh \ - src/test/test_ntor.sh src/test/test_bt.sh \ + src/test/test_ntor.sh src/test/test_hs_ntor.sh src/test/test_bt.sh \ src/test/test-network.sh \ src/test/test_switch_id.sh \ src/test/test_workqueue_cancel.sh \ diff --git a/src/test/test_hs_ntor.sh b/src/test/test_hs_ntor.sh new file mode 100755 index 0000000..8a0003d --- /dev/null +++ b/src/test/test_hs_ntor.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# Validate Tor's ntor implementation. + +exitcode=0 + +# Run the python integration test sand return the exitcode of the python +# script. The python script might ask the testsuite to skip it if not all +# python dependencies are covered. +"${PYTHON:-python}" "${abs_top_srcdir:-.}/src/test/hs_ntor_ref.py" || exitcode=$? + +exit ${exitcode} diff --git a/src/test/test_hs_ntor_cl.c b/src/test/test_hs_ntor_cl.c new file mode 100644 index 0000000..ed1eda5 --- /dev/null +++ b/src/test/test_hs_ntor_cl.c @@ -0,0 +1,255 @@ +/* Copyright (c) 2017, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** This is a wrapper over the little-t-tor HS ntor functions. The wrapper is + * used by src/test/hs_ntor_ref.py to conduct the HS ntor integration + * tests. + * + * The logic of this wrapper is basically copied from src/test/test_ntor_cl.c + */ + +#include "orconfig.h" +#include <stdio.h> +#include <stdlib.h> + +#define ONION_NTOR_PRIVATE +#include "or.h" +#include "util.h" +#include "compat.h" +#include "crypto.h" +#include "crypto_curve25519.h" +#include "hs_ntor.h" +#include "onion_ntor.h" + +#define N_ARGS(n) STMT_BEGIN { \ + if (argc < (n)) { \ + fprintf(stderr, "%s needs %d arguments.\n",argv[1],n); \ + return 1; \ + } \ + } STMT_END +#define BASE16(idx, var, n) STMT_BEGIN { \ + const char *s = argv[(idx)]; \ + if (base16_decode((char*)var, n, s, strlen(s)) < (int)n ) { \ + fprintf(stderr, "couldn't decode argument %d (%s)\n",idx,s); \ + return 1; \ + } \ + } STMT_END +#define INT(idx, var) STMT_BEGIN { \ + var = atoi(argv[(idx)]); \ + if (var <= 0) { \ + fprintf(stderr, "bad integer argument %d (%s)\n",idx,argv[(idx)]); \ + } \ + } STMT_END + +/** The first part of the HS ntor protocol. The client-side computes all + necessary key material and sends the appropriate message to the service. */ +static int +client1(int argc, char **argv) +{ + int retval; + + /* Inputs */ + curve25519_public_key_t intro_enc_pubkey; + ed25519_public_key_t intro_auth_pubkey; + curve25519_keypair_t client_ephemeral_enc_keypair; + uint8_t subcredential[DIGEST256_LEN]; + + /* Output */ + hs_ntor_intro_cell_keys_t hs_ntor_intro_cell_keys; + + char buf[256]; + + N_ARGS(6); + BASE16(2, intro_auth_pubkey.pubkey, ED25519_PUBKEY_LEN); + BASE16(3, intro_enc_pubkey.public_key, CURVE25519_PUBKEY_LEN); + BASE16(4, client_ephemeral_enc_keypair.seckey.secret_key, + CURVE25519_SECKEY_LEN); + BASE16(5, subcredential, DIGEST256_LEN); + + /* Generate keypair */ + curve25519_public_key_generate(&client_ephemeral_enc_keypair.pubkey, + &client_ephemeral_enc_keypair.seckey); + + retval = hs_ntor_client_get_introduce1_keys(&intro_auth_pubkey, + &intro_enc_pubkey, + &client_ephemeral_enc_keypair, + subcredential, + &hs_ntor_intro_cell_keys); + if (retval < 0) { + goto done; + } + + /* Send ENC_KEY */ + base16_encode(buf, sizeof(buf), + (const char*)hs_ntor_intro_cell_keys.enc_key, + sizeof(hs_ntor_intro_cell_keys.enc_key)); + printf("%s\n", buf); + /* Send MAC_KEY */ + base16_encode(buf, sizeof(buf), + (const char*)hs_ntor_intro_cell_keys.mac_key, + sizeof(hs_ntor_intro_cell_keys.mac_key)); + printf("%s\n", buf); + + done: + return retval; +} + +/** The second part of the HS ntor protocol. The service-side computes all + necessary key material and sends the appropriate message to the client */ +static int +server1(int argc, char **argv) +{ + int retval; + + /* Inputs */ + curve25519_keypair_t intro_enc_keypair; + ed25519_public_key_t intro_auth_pubkey; + curve25519_public_key_t client_ephemeral_enc_pubkey; + uint8_t subcredential[DIGEST256_LEN]; + + /* Output */ + hs_ntor_intro_cell_keys_t hs_ntor_intro_cell_keys; + hs_ntor_rend_cell_keys_t hs_ntor_rend_cell_keys; + curve25519_keypair_t service_ephemeral_rend_keypair; + + char buf[256]; + + N_ARGS(6); + BASE16(2, intro_auth_pubkey.pubkey, ED25519_PUBKEY_LEN); + BASE16(3, intro_enc_keypair.seckey.secret_key, CURVE25519_SECKEY_LEN); + BASE16(4, client_ephemeral_enc_pubkey.public_key, CURVE25519_PUBKEY_LEN); + BASE16(5, subcredential, DIGEST256_LEN); + + /* Generate keypair */ + curve25519_public_key_generate(&intro_enc_keypair.pubkey, + &intro_enc_keypair.seckey); + curve25519_keypair_generate(&service_ephemeral_rend_keypair, 0); + + /* Get INTRODUCE1 keys */ + retval = hs_ntor_service_get_introduce1_keys(&intro_auth_pubkey, + &intro_enc_keypair, + &client_ephemeral_enc_pubkey, + subcredential, + &hs_ntor_intro_cell_keys); + if (retval < 0) { + goto done; + } + + /* Get RENDEZVOUS1 keys */ + retval = hs_ntor_service_get_rendezvous1_keys(&intro_auth_pubkey, + &intro_enc_keypair, + &service_ephemeral_rend_keypair, + &client_ephemeral_enc_pubkey, + &hs_ntor_rend_cell_keys); + if (retval < 0) { + goto done; + } + + /* Send ENC_KEY */ + base16_encode(buf, sizeof(buf), + (const char*)hs_ntor_intro_cell_keys.enc_key, + sizeof(hs_ntor_intro_cell_keys.enc_key)); + printf("%s\n", buf); + /* Send MAC_KEY */ + base16_encode(buf, sizeof(buf), + (const char*)hs_ntor_intro_cell_keys.mac_key, + sizeof(hs_ntor_intro_cell_keys.mac_key)); + printf("%s\n", buf); + /* Send AUTH_MAC */ + base16_encode(buf, sizeof(buf), + (const char*)hs_ntor_rend_cell_keys.rend_cell_auth_mac, + sizeof(hs_ntor_rend_cell_keys.rend_cell_auth_mac)); + printf("%s\n", buf); + /* Send NTOR_KEY_SEED */ + base16_encode(buf, sizeof(buf), + (const char*)hs_ntor_rend_cell_keys.ntor_key_seed, + sizeof(hs_ntor_rend_cell_keys.ntor_key_seed)); + printf("%s\n", buf); + /* Send service ephemeral pubkey (Y) */ + base16_encode(buf, sizeof(buf), + (const char*)service_ephemeral_rend_keypair.pubkey.public_key, + sizeof(service_ephemeral_rend_keypair.pubkey.public_key)); + printf("%s\n", buf); + + done: + return retval; +} + +/** The final step of the ntor protocol, the client computes and returns the + * rendezvous key material. */ +static int +client2(int argc, char **argv) +{ + int retval; + + /* Inputs */ + curve25519_public_key_t intro_enc_pubkey; + ed25519_public_key_t intro_auth_pubkey; + curve25519_keypair_t client_ephemeral_enc_keypair; + curve25519_public_key_t service_ephemeral_rend_pubkey; + uint8_t subcredential[DIGEST256_LEN]; + + /* Output */ + hs_ntor_rend_cell_keys_t hs_ntor_rend_cell_keys; + + char buf[256]; + + N_ARGS(7); + BASE16(2, intro_auth_pubkey.pubkey, ED25519_PUBKEY_LEN); + BASE16(3, client_ephemeral_enc_keypair.seckey.secret_key, + CURVE25519_SECKEY_LEN); + BASE16(4, intro_enc_pubkey.public_key, CURVE25519_PUBKEY_LEN); + BASE16(5, service_ephemeral_rend_pubkey.public_key, CURVE25519_PUBKEY_LEN); + BASE16(6, subcredential, DIGEST256_LEN); + + /* Generate keypair */ + curve25519_public_key_generate(&client_ephemeral_enc_keypair.pubkey, + &client_ephemeral_enc_keypair.seckey); + + /* Get RENDEZVOUS1 keys */ + retval = hs_ntor_client_get_rendezvous1_keys(&intro_auth_pubkey, + &client_ephemeral_enc_keypair, + &intro_enc_pubkey, + &service_ephemeral_rend_pubkey, + &hs_ntor_rend_cell_keys); + if (retval < 0) { + goto done; + } + + /* Send AUTH_MAC */ + base16_encode(buf, sizeof(buf), + (const char*)hs_ntor_rend_cell_keys.rend_cell_auth_mac, + sizeof(hs_ntor_rend_cell_keys.rend_cell_auth_mac)); + printf("%s\n", buf); + /* Send NTOR_KEY_SEED */ + base16_encode(buf, sizeof(buf), + (const char*)hs_ntor_rend_cell_keys.ntor_key_seed, + sizeof(hs_ntor_rend_cell_keys.ntor_key_seed)); + printf("%s\n", buf); + + done: + return 1; +} + +/** Perform a different part of the protocol depdning on the argv used. */ +int +main(int argc, char **argv) +{ + if (argc < 2) { + fprintf(stderr, "I need arguments. Read source for more info.\n"); + return 1; + } + + curve25519_init(); + if (!strcmp(argv[1], "client1")) { + return client1(argc, argv); + } else if (!strcmp(argv[1], "server1")) { + return server1(argc, argv); + } else if (!strcmp(argv[1], "client2")) { + return client2(argc, argv); + } else { + fprintf(stderr, "What's a %s?\n", argv[1]); + return 1; + } +} +

1 0

[tor-browser-bundle/maint-6.5] Fix typo in changelog
by gk＠torproject.org 13 Apr '17

13 Apr '17

commit 7974cac344e5610f4f1cec42b668251e62579ac2 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Apr 13 10:18:38 2017 +0000 Fix typo in changelog --- Bundle-Data/Docs/ChangeLog.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index c8d6fcc..1808047 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -3,7 +3,7 @@ Tor Browser 6.5.2 -- April 19 2017 * Update Firefox to 45.9.0esr * Update HTTPS-Everywhere to 5.2.14 * Update NoScript to 5.0.2 - * Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter) + * Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter) * Bug 21917: Add new obfs4 bridges * Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend * Windows

1 0

[torbutton/master] Bug 21865: Update our JIT preferences in the slider
by gk＠torproject.org 13 Apr '17

13 Apr '17

commit cb73494b177f0dcb595920090a81af5621083f8d Author: Georg Koppen <gk(a)torproject.org> Date: Thu Apr 13 09:24:04 2017 +0000 Bug 21865: Update our JIT preferences in the slider It turns out that the JIT *.content prefs are gone for a while now. This happened in https://bugzilla.mozilla.org/show_bug.cgi?id=939562 and the patch updates the security slider to take this into account. We got the tip to include `javascript.options.native_regexp` as well. `javascript.options.typeinference` is gone with https://bugzilla.mozilla.org/show_bug.cgi?id=972817 and we therefore remove it. And asm.js is disabled globally until we find a good solution for #19417. The tooltip text got updated accordingly. --- src/chrome/locale/en/torbutton.dtd | 2 +- src/modules/security-prefs.js | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/chrome/locale/en/torbutton.dtd b/src/chrome/locale/en/torbutton.dtd index 97a994f..6bc7141 100644 --- a/src/chrome/locale/en/torbutton.dtd +++ b/src/chrome/locale/en/torbutton.dtd @@ -41,7 +41,7 @@ <!ENTITY torbutton.prefs.sec_html5_desc "HTML5 video and audio media become click-to-play via NoScript."> <!ENTITY torbutton.prefs.sec_html5_tooltip "On some sites, you might need to use the NoScript toolbar button to enable these media objects."> <!ENTITY torbutton.prefs.sec_some_jit_desc "Some JavaScript performance optimizations are disabled."> -<!ENTITY torbutton.prefs.sec_jit_desc_tooltip "ION JIT, Type Inference, ASM.JS."> +<!ENTITY torbutton.prefs.sec_jit_desc_tooltip "ION JIT, Native RegExp."> <!ENTITY torbutton.prefs.sec_baseline_jit_desc_tooltip "Baseline JIT."> <!ENTITY torbutton.prefs.sec_jit_slower_desc "Scripts on some sites may run slower."> <!ENTITY torbutton.prefs.sec_mathml_desc "Some mechanisms of displaying math equations are disabled."> diff --git a/src/modules/security-prefs.js b/src/modules/security-prefs.js index 4a39ca8..3d3630b 100644 --- a/src/modules/security-prefs.js +++ b/src/modules/security-prefs.js @@ -19,12 +19,12 @@ let log = (level, msg) => logger.log(level, msg); // corresponding to the old 2-medium-high setting. const kSecuritySettings = { // Preference name : [0, 1-high 2-m 3-m 4-low] - "javascript.options.ion.content" : [, false, false, false, true ], - "javascript.options.typeinference" : [, false, false, false, true ], + "javascript.options.ion" : [, false, false, false, true ], + "javascript.options.baselinejit" : [, false, false, false, true ], + "javascript.options.native_regexp" : [, false, false, false, true ], "noscript.forbidMedia" : [, true, true, true, false], "media.webaudio.enabled" : [, false, false, false, true ], "mathml.disabled" : [, true, true, true, false], - "javascript.options.baselinejit.content" : [, false, false, false, true ], "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], "noscript.global" : [, false, false, false, true ], "noscript.globalHttpsWhitelist" : [, false, true, true, false],

1 0

[tor-browser-build/master] Bug 21887: Fix broken error pages on higher security levels
by boklm＠torproject.org 13 Apr '17

13 Apr '17

commit 08a94190b79720466e092c9e98deaadc77ff39ce Author: Georg Koppen <gk(a)torproject.org> Date: Wed Apr 12 14:05:16 2017 +0000 Bug 21887: Fix broken error pages on higher security levels We need to allow JavaScript on `about:neterror` pages explicitly. Otherwise are those pages on higher security levels. --- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js index 3ccab99..09f3f8e 100644 --- a/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); diff --git a/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js index 3ccab99..09f3f8e 100644 --- a/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); diff --git a/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js index 3ccab99..09f3f8e 100644 --- a/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about:"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false);

1 0

[tor-browser-build/master] Bug 21930: NSS libraries are missing from mar-tools archive
by boklm＠torproject.org 13 Apr '17

13 Apr '17

commit 867176ff839bb0b7067ab2a8e237621a14c98616 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Thu Apr 13 10:30:47 2017 +0200 Bug 21930: NSS libraries are missing from mar-tools archive The Linux sigmar program needs libfreeblpriv3.so and libsoftokn3.so, so include them in the mar-tools archive. tor-browser-bundle.git commit: c2bae45c6a41923712bf176df6fb9bd1f773d887 --- projects/firefox/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/firefox/build b/projects/firefox/build index 3985aec..1cf9be1 100644 --- a/projects/firefox/build +++ b/projects/firefox/build @@ -126,7 +126,7 @@ cp -p obj-*/dist/host/bin/mbsdiff $MARTOOLS/ [% IF c("var/linux") %] cp -p obj-*/modules/libmar/tool/signmar $MARTOOLS/ cp -p obj-*/security/nss/cmd/certutil/certutil $MARTOOLS/ - NSS_LIBS="libmozsqlite3.so libnss3.so libnssdbm3.so libnssutil3.so libsmime3.so libssl3.so" + NSS_LIBS="libfreeblpriv3.so libmozsqlite3.so libnss3.so libnssdbm3.so libnssutil3.so libsmime3.so libsoftokn3.so libssl3.so" NSPR_LIBS="libnspr4.so libplc4.so libplds4.so" for LIB in $NSS_LIBS $NSPR_LIBS; do cp -p obj-*/dist/bin/$LIB $MARTOOLS/

1 0

[sandboxed-tor-browser/master] Bump the version to 0.0.6-dev, so I can do development again.
by yawning＠torproject.org 13 Apr '17

13 Apr '17

commit b6b79057e2791b65d0fec066b4302f5d47a0d83f Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Thu Apr 13 08:08:06 2017 +0000 Bump the version to 0.0.6-dev, so I can do development again. --- ChangeLog | 2 ++ data/version | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fa0fb76..09740c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,5 @@ +Changes in version 0.0.6 - UNRELEASED: + Changes in version 0.0.5 - 2017-04-13: * Bug 21764: Use bubblewrap's `--die-with-parent` when supported. * Fix e10s Web Content crash on systems with grsec kernels. diff --git a/data/version b/data/version index bbdeab6..4575aad 100644 --- a/data/version +++ b/data/version @@ -1 +1 @@ -0.0.5 +0.0.6-dev

1 0

[sandboxed-tor-browser/master] Do the release ritual for sandboxed-tor-browser-0.0.5.
by yawning＠torproject.org 13 Apr '17

13 Apr '17

commit a9671126d4966adb81f4a7eb6c62e580756c5c9a Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Thu Apr 13 08:05:50 2017 +0000 Do the release ritual for sandboxed-tor-browser-0.0.5. --- ChangeLog | 2 +- data/version | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d634264..fa0fb76 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.0.5 - UNRELEASED: +Changes in version 0.0.5 - 2017-04-13: * Bug 21764: Use bubblewrap's `--die-with-parent` when supported. * Fix e10s Web Content crash on systems with grsec kernels. * Add `prlimit64` to the firefox system call whitelist. diff --git a/data/version b/data/version index ccf3e96..bbdeab6 100644 --- a/data/version +++ b/data/version @@ -1 +1 @@ -0.0.5-dev +0.0.5

1 0

[sandboxed-tor-browser/master] Bug 21764: Use bubblewrap's `--die-with-parent` when supported.
by yawning＠torproject.org 13 Apr '17

13 Apr '17

commit 66aaf6fea4293fdb0f9f233ea612e3b53efc4172 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Thu Apr 13 07:58:01 2017 +0000 Bug 21764: Use bubblewrap's `--die-with-parent` when supported. Tor Browser nightly (ESR52, e10s) doesn't exit cleanly when SIGINT is sent to `sandboxed-tor-browser` without this. Unfortunately the option requires bubblewrap >= 0.1.8, but at least exiting firefox normally works fine with older bubblewrap. --- ChangeLog | 1 + .../internal/sandbox/hugbox.go | 86 +++++++++++++--------- 2 files changed, 51 insertions(+), 36 deletions(-) diff --git a/ChangeLog b/ChangeLog index 92ce6c0..d634264 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ Changes in version 0.0.5 - UNRELEASED: + * Bug 21764: Use bubblewrap's `--die-with-parent` when supported. * Fix e10s Web Content crash on systems with grsec kernels. * Add `prlimit64` to the firefox system call whitelist. diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go index 118b7a7..dd2e51a 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go @@ -91,9 +91,10 @@ type hugbox struct { // Internal options, not to be *modified* except via helpers, unless you // know what you are doing. - bwrapPath string - args []string - fileData [][]byte + bwrapPath string + bwrapVersion *bwrapVersion + args []string + fileData [][]byte runtimeDir string // Set at creation time. } @@ -244,6 +245,12 @@ func (h *hugbox) run() (*Process, error) { h.file("/etc/passwd", []byte(passwdBody)) h.file("/etc/group", []byte(groupBody)) + dieWithParent := h.bwrapVersion.atLeast(0, 1, 8) + if dieWithParent { + Debugf("sandbox: bubblewrap supports `--die-with-parent`.") + fdArgs = append(fdArgs, "--die-with-parent") + } + if h.fakeDbus { h.setupDbus() } @@ -421,23 +428,47 @@ func newHugbox() (*hugbox, error) { return nil, fmt.Errorf("sandbox: unable to find bubblewrap binary") } - // Bubblewrap <= 0.1.2-2 (in Debian terms, 0.1.3 for the rest of us), is - // a really bad idea because I'm a retard, and didn't expect bubblewrap - // to be ptrace-able when I contributed support for the hostname. - // - // There is a CVE for it. Sensible people have made 0.1.3 available, - // including jessie-backports. Ubuntu is still shipping an old version. - // Sucks to be them. - if ok, err := bubblewrapAtLeast(h.bwrapPath, 0, 1, 3); err != nil { + // Query and cache the bubblewrap version. + var err error + if h.bwrapVersion, err = getBwrapVersion(h.bwrapPath); err != nil { return nil, err - } else if !ok { - return nil, fmt.Errorf("sandbox: bubblewrap appears to be older than 0.1.3, you MUST upgrade.") + } else { + Debugf("sandbox: bubblewrap '%v' detected.", h.bwrapVersion) + + // Bubblewrap <= 0.1.2-2 (in Debian terms, 0.1.3 for the rest of us), + // is a really bad idea because I'm a retard, and didn't expect + // bubblewrap to be ptrace-able when I contributed support for setting + // the hostname. + if !h.bwrapVersion.atLeast(0, 1, 3) { + return nil, fmt.Errorf("sandbox: bubblewrap appears to be older than 0.1.3, you MUST upgrade.") + } } return h, nil } -func getBubblewrapVersion(f string) (int, int, int, error) { +type bwrapVersion struct { + maj, min, pl int +} + +func (v *bwrapVersion) atLeast(maj, min, pl int) bool { + if v.maj > maj { + return true + } + if v.maj == maj && v.min > min { + return true + } + if v.maj == maj && v.min == min && v.pl >= pl { + return true + } + return false +} + +func (v *bwrapVersion) String() string { + return fmt.Sprintf("%d.%d.%d", v.maj, v.min, v.pl) +} + +func getBwrapVersion(f string) (*bwrapVersion, error) { cmd := &exec.Cmd{ Path: f, Args: []string{f, "--version"}, @@ -448,7 +479,7 @@ func getBubblewrapVersion(f string) (int, int, int, error) { } out, err := cmd.CombinedOutput() if err != nil { - return 0, 0, 0, fmt.Errorf("sandbox: failed to query bubblewrap version: %v", string(out)) + return nil, fmt.Errorf("sandbox: failed to query bubblewrap version: %v", string(out)) } vStr := strings.TrimPrefix(string(out), "bubblewrap ") vStr = strings.TrimSpace(vStr) @@ -456,37 +487,20 @@ func getBubblewrapVersion(f string) (int, int, int, error) { // Split into major/minor/pl. v := strings.Split(vStr, ".") if len(v) < 3 { - return 0, 0, 0, fmt.Errorf("unable to determine bubblewrap version") + return nil, fmt.Errorf("unable to determine bubblewrap version") } + // Parse the version. var iVers [3]int for i := 0; i < 3; i++ { iv, err := strconv.Atoi(v[i]) if err != nil { - return 0, 0, 0, fmt.Errorf("unable to determine bubblewrap version: %v", err) + return nil, fmt.Errorf("unable to parse bubblewrap version: %v", err) } iVers[i] = iv } - return iVers[0], iVers[1], iVers[2], nil -} - -func bubblewrapAtLeast(f string, maj, min, pl int) (bool, error) { - iMaj, iMin, iPl, err := getBubblewrapVersion(f) - if err != nil { - return false, err - } - - if iMaj > maj { - return true, nil - } - if iMaj == maj && iMin > min { - return true, nil - } - if iMaj == maj && iMin == min && iPl >= pl { - return true, nil - } - return false, nil + return &bwrapVersion{maj: iVers[0], min: iVers[1], pl: iVers[2]}, nil } func writeBuffer(w io.WriteCloser, contents []byte) error {

1 0

← Newer
1
...
56
57
58
59
60
61
62
...
97
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits April 2017