May 2017 - tor-commits - lists.torproject.org

[tor/master] Merge branch 'ticket22143_squashed'
by nickm＠torproject.org 04 May '17

04 May '17

commit 24ba1864d8caa89ee220f6c790b0dd76b466bf4a Merge: 38a13b9 df2bcae Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 4 08:36:59 2017 -0400 Merge branch 'ticket22143_squashed' src/or/consdiff.c | 107 ++++++++++++++++++++++++++++++++++++++++---- src/or/consdiff.h | 3 ++ src/or/consdiffmgr.c | 35 ++++++++++++--- src/or/routerparse.c | 58 ++++++++++++++++++++---- src/or/routerparse.h | 5 +++ src/test/fuzz/fuzz_diff.c | 2 + src/test/test_consdiff.c | 34 ++++++++++---- src/test/test_consdiffmgr.c | 31 ++++++------- 8 files changed, 227 insertions(+), 48 deletions(-)

1 0

[tor/master] bug#22143/prop#140: in consdiffmgr, store and use digest-as-signed
by nickm＠torproject.org 04 May '17

04 May '17

commit 3af9704e459fab0120694a46924b27460237cb1a Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed May 3 12:56:16 2017 -0400 bug#22143/prop#140: in consdiffmgr, store and use digest-as-signed We need to index diffs by the digest-as-signed of their source consensus, so that we can find them even from consensuses whose signatures are encoded differently. --- src/or/consdiffmgr.c | 35 ++++++++++++++++++++++++++++------- src/test/test_consdiffmgr.c | 23 ++++++++++++++++------- 2 files changed, 44 insertions(+), 14 deletions(-) diff --git a/src/or/consdiffmgr.c b/src/or/consdiffmgr.c index 29807e7..96b0bba 100644 --- a/src/or/consdiffmgr.c +++ b/src/or/consdiffmgr.c @@ -19,6 +19,7 @@ #include "consdiffmgr.h" #include "cpuworker.h" #include "networkstatus.h" +#include "routerparse.h" #include "workqueue.h" /** @@ -35,11 +36,13 @@ #define LABEL_SHA3_DIGEST "sha3-digest" /* A hex encoded SHA3 digest of the object before compression. */ #define LABEL_SHA3_DIGEST_UNCOMPRESSED "sha3-digest-uncompressed" +/* A hex encoded SHA3 digest-as-signed of a consensus */ +#define LABEL_SHA3_DIGEST_AS_SIGNED "sha3-digest-as-signed" /* The flavor of the consensus or consensuses diff */ #define LABEL_FLAVOR "consensus-flavor" -/* Diff only: the SHA3 digest of the source consensus. */ +/* Diff only: the SHA3 digest-as-signed of the source consensus. */ #define LABEL_FROM_SHA3_DIGEST "from-sha3-digest" -/* Diff only: the SHA3 digest of the target consensus. */ +/* Diff only: the SHA3 digest-in-full of the target consensus. */ #define LABEL_TARGET_SHA3_DIGEST "target-sha3-digest" /* Diff only: the valid-after date of the source consensus. */ #define LABEL_FROM_VALID_AFTER "from-valid-after" @@ -466,6 +469,17 @@ consdiffmgr_add_consensus(const char *consensus, cdm_labels_prepend_sha3(&labels, LABEL_SHA3_DIGEST_UNCOMPRESSED, (const uint8_t *)consensus, bodylen); + { + const char *start, *end; + if (router_get_networkstatus_v3_signed_boundaries(consensus, + &start, &end) < 0) { + start = consensus; + end = consensus+bodylen; + } + cdm_labels_prepend_sha3(&labels, LABEL_SHA3_DIGEST_AS_SIGNED, + (const uint8_t *)start, + end - start); + } char *body_compressed = NULL; size_t size_compressed = 0; @@ -845,7 +859,7 @@ consdiffmgr_rescan_flavor_(consensus_flavor_t flavor) uint8_t this_sha3[DIGEST256_LEN]; if (BUG(cdm_entry_get_sha3_value(this_sha3, c, - LABEL_SHA3_DIGEST_UNCOMPRESSED)<0)) + LABEL_SHA3_DIGEST_AS_SIGNED)<0)) continue; // LCOV_EXCL_LINE if (cdm_diff_ht_check_and_note_pending(flavor, this_sha3, most_recent_sha3)) { @@ -1131,7 +1145,7 @@ consensus_diff_worker_threadfn(void *state_, void *work_) consensus_cache_entry_get_value(job->diff_from, LABEL_VALID_AFTER); const char *lv_from_digest = consensus_cache_entry_get_value(job->diff_from, - LABEL_SHA3_DIGEST_UNCOMPRESSED); + LABEL_SHA3_DIGEST_AS_SIGNED); const char *lv_from_flavor = consensus_cache_entry_get_value(job->diff_from, LABEL_FLAVOR); const char *lv_to_flavor = @@ -1140,10 +1154,17 @@ consensus_diff_worker_threadfn(void *state_, void *work_) consensus_cache_entry_get_value(job->diff_to, LABEL_SHA3_DIGEST_UNCOMPRESSED); + if (! lv_from_digest) { + /* This isn't a bug right now, since it can happen if you're migrating + * from an older version of master to a newer one. The older ones didn't + * annotate their stored consensus objects with sha3-digest-as-signed. + */ + return WQ_RPL_REPLY; // LCOV_EXCL_LINE + } + /* All these values are mandatory on the input */ if (BUG(!lv_to_valid_after) || BUG(!lv_from_valid_after) || - BUG(!lv_from_digest) || BUG(!lv_from_flavor) || BUG(!lv_to_flavor)) { return WQ_RPL_REPLY; // LCOV_EXCL_LINE @@ -1267,7 +1288,7 @@ consensus_diff_worker_replyfn(void *work_) const char *lv_from_digest = consensus_cache_entry_get_value(job->diff_from, - LABEL_SHA3_DIGEST_UNCOMPRESSED); + LABEL_SHA3_DIGEST_AS_SIGNED); const char *lv_to_digest = consensus_cache_entry_get_value(job->diff_to, LABEL_SHA3_DIGEST_UNCOMPRESSED); @@ -1283,7 +1304,7 @@ consensus_diff_worker_replyfn(void *work_) int flav = -1; int cache = 1; if (BUG(cdm_entry_get_sha3_value(from_sha3, job->diff_from, - LABEL_SHA3_DIGEST_UNCOMPRESSED) < 0)) + LABEL_SHA3_DIGEST_AS_SIGNED) < 0)) cache = 0; if (BUG(cdm_entry_get_sha3_value(to_sha3, job->diff_to, LABEL_SHA3_DIGEST_UNCOMPRESSED) < 0)) diff --git a/src/test/test_consdiffmgr.c b/src/test/test_consdiffmgr.c index 31ce6ce..0e44ed2 100644 --- a/src/test/test_consdiffmgr.c +++ b/src/test/test_consdiffmgr.c @@ -10,6 +10,7 @@ #include "consdiffmgr.h" #include "cpuworker.h" #include "networkstatus.h" +#include "routerparse.h" #include "workqueue.h" #include "test.h" @@ -66,6 +67,7 @@ fake_ns_body_new(consensus_flavor_t flav, time_t valid_after) format_iso_time(valid_after_string, valid_after); char *random_stuff = crypto_random_hostname(3, 25, "junk ", ""); + char *random_stuff2 = crypto_random_hostname(3, 10, "", ""); char *consensus; tor_asprintf(&consensus, @@ -74,11 +76,15 @@ fake_ns_body_new(consensus_flavor_t flav, time_t valid_after) "valid-after %s\n" "r name ccccccccccccccccc etc\nsample\n" "r name eeeeeeeeeeeeeeeee etc\nbar\n" - "%s\n", + "%s\n" + "directory-signature hello-there\n" + "directory-signature %s\n", flavor_string, valid_after_string, - random_stuff); + random_stuff, + random_stuff2); tor_free(random_stuff); + tor_free(random_stuff2); return consensus; } @@ -139,7 +145,10 @@ lookup_diff_from(consensus_cache_entry_t **out, const char *str1) { uint8_t digest[DIGEST256_LEN]; - crypto_digest256((char*)digest, str1, strlen(str1), DIGEST_SHA3_256); + if (router_get_networkstatus_v3_sha3_as_signed(digest, str1)<0) { + TT_FAIL(("Unable to compute sha3-as-signed")); + return CONSDIFF_NOT_FOUND; + } return consdiffmgr_find_diff_from(out, flav, DIGEST_SHA3_256, digest, sizeof(digest), NO_METHOD); @@ -152,8 +161,9 @@ lookup_apply_and_verify_diff(consensus_flavor_t flav, { consensus_cache_entry_t *ent = NULL; consdiff_status_t status = lookup_diff_from(&ent, flav, str1); - if (ent == NULL || status != CONSDIFF_AVAILABLE) + if (ent == NULL || status != CONSDIFF_AVAILABLE) { return -1; + } consensus_cache_entry_incref(ent); size_t size; @@ -299,7 +309,7 @@ test_consdiffmgr_add(void *arg) ns_tmp->valid_after = 86400 * 100; /* A few months into 1970 */ r = consdiffmgr_add_consensus(dummy, ns_tmp); tt_int_op(r, OP_EQ, -1); - expect_single_log_msg_containing("it's too old."); + expect_log_msg_containing("it's too old."); /* Try looking up a consensuses. */ ent = cdm_cache_lookup_consensus(FLAV_NS, now-60); @@ -352,8 +362,7 @@ test_consdiffmgr_make_diffs(void *arg) ns = fake_ns_new(FLAV_MICRODESC, now-3600); md_ns_body = fake_ns_body_new(FLAV_MICRODESC, now-3600); r = consdiffmgr_add_consensus(md_ns_body, ns); - crypto_digest256((char*)md_ns_sha3, md_ns_body, strlen(md_ns_body), - DIGEST_SHA3_256); + router_get_networkstatus_v3_sha3_as_signed(md_ns_sha3, md_ns_body); networkstatus_vote_free(ns); tt_int_op(r, OP_EQ, 0);

1 0

[translation/tor-browser-manual] Update translations for tor-browser-manual
by translation＠torproject.org 04 May '17

04 May '17

commit 744e53ecf5fa9069acf54ddc0bef9b86570d5c4a Author: Translation commit bot <translation(a)torproject.org> Date: Thu May 4 10:18:21 2017 +0000 Update translations for tor-browser-manual --- fa/fa.po | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fa/fa.po b/fa/fa.po index 06c0ad0..0c73453 100644 --- a/fa/fa.po +++ b/fa/fa.po @@ -177,6 +177,8 @@ msgid "" "external ref='media/tor-launcher-custom-bridges_en-US.png' " "md5='93365c2aa3fb4d627497e83f28a39b7e'" msgstr "" +"external ref='media/tor-launcher-custom-bridges_en-US.png' " +"md5='93365c2aa3fb4d627497e83f28a39b7e'" #: bridges.page:65 msgid "" @@ -218,6 +220,8 @@ msgid "" "external ref='media/circumvention/configure.png' " "md5='519d888303eadfe4cb03f178aedd90f5'" msgstr "" +"external ref='media/circumvention/configure.png' " +"md5='519d888303eadfe4cb03f178aedd90f5'" #: circumvention.page:28 msgid ""

1 0

[translation/tails-misc_completed] Update translations for tails-misc_completed
by translation＠torproject.org 04 May '17

04 May '17

commit b633d8da2f0b3cfa13bd5c625a1a8d63af3c551c Author: Translation commit bot <translation(a)torproject.org> Date: Thu May 4 10:16:17 2017 +0000 Update translations for tails-misc_completed --- fa.po | 89 +++++++++++++++++++++---------------------------------------------- 1 file changed, 27 insertions(+), 62 deletions(-) diff --git a/fa.po b/fa.po index e25d328..93de138 100644 --- a/fa.po +++ b/fa.po @@ -11,6 +11,7 @@ # Ehsan Ab <a.ehsan70(a)gmail.com>, 2015 # Farshad Gh <farshad73(a)gmail.com>, 2015 # NoProfile, 2014-2016 +# Goudarz Jafari <goudarz.jafari(a)gmail.com>, 2017 # johnholzer <johnholtzer123(a)gmail.com>, 2014 # jonothan hipkey <j.hipkey4502(a)gmail.com>, 2014 # M. Heydar Elahi <m.heydar.elahi(a)gmail.com>, 2014 @@ -20,9 +21,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2016-09-02 16:02+0200\n" -"PO-Revision-Date: 2016-09-03 08:57+0000\n" -"Last-Translator: carolyn <carolyn(a)anhalt.org>\n" +"POT-Creation-Date: 2017-04-18 12:55+0200\n" +"PO-Revision-Date: 2017-05-04 09:53+0000\n" +"Last-Translator: Goudarz Jafari <goudarz.jafari(a)gmail.com>\n" "Language-Team: Persian (http://www.transifex.com/otf/torproject/language/fa/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -108,6 +109,19 @@ msgstr "شروع دوباره" msgid "Power Off" msgstr "خاموش کردن رایانه" +#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59 +msgid "Warning: Tails 3.0 won't work on this computer!" +msgstr "هشدار Tails 3.0 روی این کامپیوتر کار نمی‌کند!" + +#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60 +msgid "Tails 3.0 will require a 64-bit processor." +msgstr "Tails 3.0 نیاز به پردازنده 64-بیتی دارد." + +#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63 +#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83 +msgid "Learn more" +msgstr "بیشتر بدانید" + #: config/chroot_local-includes/usr/local/bin/tails-about:22 #: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1 msgid "Tails" @@ -165,11 +179,11 @@ msgstr "تور برای درست کار کاردن، مخصوصا برای خد msgid "Failed to synchronize the clock!" msgstr "هم‌زمان‌سازی ساعت موفقیت‌آمیز نبود!" -#: config/chroot_local-includes/usr/local/bin/tails-security-check:146 +#: config/chroot_local-includes/usr/local/bin/tails-security-check:124 msgid "This version of Tails has known security issues:" msgstr "این نسخه از Tails این مشکلات امنیت شناخته شده را دارد:" -#: config/chroot_local-includes/usr/local/bin/tails-security-check:156 +#: config/chroot_local-includes/usr/local/bin/tails-security-check:134 msgid "Known security issues" msgstr "مسائل امنیتی شناخته شده" @@ -219,21 +233,21 @@ msgid "" "See https://tails.boum.org/doc/first_steps/upgrade#manual" msgstr "<b>حافظه رم خالی جهت بررسی برای به روز رسانی موجود نیست.</b>\n\nمطمئن شوید این سیستم حداقل پیش نیازهای لازم برای تیلز را پشتیبانی می کند.\nاین فایل را ببینید: file:///usr/share/doc/tails/website/doc/about/requirements.en.html\n\nتیلز را راه اندازی مجدد کنید و دوباره برای به روز رسانی اقدام کنید.\n\nو یا به صورت دستی به روز رسانی کنید.\nاین فایل را ببینید: https://tails.boum.org/doc/first_steps/upgrade#manual" -#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:67 +#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:71 msgid "Warning: virtual machine detected!" msgstr "هشدار: ماشین مجازی کشف شد!" -#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:69 +#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:73 msgid "" "Both the host operating system and the virtualization software are able to " "monitor what you are doing in Tails." msgstr "هم سیستم میزبان و هم نرم افزار مجازی سازی می توانند هر کاری که در Tails انجام می دهید، مشاهده کنند." -#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:72 +#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:76 msgid "Warning: non-free virtual machine detected!" msgstr "هشدار: ماشین مجازی غیر آزاد شناسایی شد!" -#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:74 +#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:78 msgid "" "Both the host operating system and the virtualization software are able to " "monitor what you are doing in Tails. Only free software can be considered " @@ -241,23 +255,19 @@ msgid "" "software." msgstr "سیستم عامل میزبان و نرم افزار مجازی ساز می توانند آنچه شما در Tails انجام می دهید را مشاهده کنند. تنها نرم افزارهای آزاد می توانند برای سیستم عامل میزبان و نرم افزار مجازی ساز قابل اعتماد باشند." -#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:79 -msgid "Learn more" -msgstr "بیشتر بدانید" - -#: config/chroot_local-includes/usr/local/bin/tor-browser:40 +#: config/chroot_local-includes/usr/local/bin/tor-browser:43 msgid "Tor is not ready" msgstr "تور آماده نیست" -#: config/chroot_local-includes/usr/local/bin/tor-browser:41 +#: config/chroot_local-includes/usr/local/bin/tor-browser:44 msgid "Tor is not ready. Start Tor Browser anyway?" msgstr "تور آماده نیست. مرورگر تور به هر حال اجرا شود؟" -#: config/chroot_local-includes/usr/local/bin/tor-browser:42 +#: config/chroot_local-includes/usr/local/bin/tor-browser:45 msgid "Start Tor Browser" msgstr "اجرای مرورگر تور" -#: config/chroot_local-includes/usr/local/bin/tor-browser:43 +#: config/chroot_local-includes/usr/local/bin/tor-browser:46 msgid "Cancel" msgstr "لغو" @@ -329,43 +339,6 @@ msgstr "پیکربندی مرورگر ناموفق بود." msgid "Failed to run browser." msgstr "اجرای مرورگر ناموفق بود." -#: config/chroot_local-includes/usr/local/sbin/tails-i2p:34 -msgid "I2P failed to start" -msgstr "I2P نتوانست شروع کند" - -#: config/chroot_local-includes/usr/local/sbin/tails-i2p:35 -msgid "" -"Something went wrong when I2P was starting. Check the logs in /var/log/i2p " -"for more information." -msgstr "در زمان شروع به کار I2P اشکالی پیش آمد.برای اطلاعات بیشتر گزارش‌ وقایع را در /var/log/i2p بررسی کنید." - -#: config/chroot_local-includes/usr/local/sbin/tails-i2p:52 -msgid "I2P's router console is ready" -msgstr "صفحه تنظیمات مسیریاب I2P آماده است." - -#: config/chroot_local-includes/usr/local/sbin/tails-i2p:53 -msgid "You can now access I2P's router console in the I2P Browser." -msgstr "شما هم اکنون می توانید دسترسی داشته باشید به کنسول روتر I2P در مرورگر I2P" - -#: config/chroot_local-includes/usr/local/sbin/tails-i2p:58 -msgid "I2P is not ready" -msgstr "I2P آماده نیست." - -#: config/chroot_local-includes/usr/local/sbin/tails-i2p:59 -msgid "" -"Eepsite tunnel not built within six minutes. Check the router console in the" -" I2P Browser or the logs in /var/log/i2p for more information. Reconnect to " -"the network to try again." -msgstr "تونل اپسایت در ۶ دقیقه درست نشد. کنسول روتر را در مرورگر I2P بررسی کنید و یا برای اطلاعات بیش‌تر، گزارش موجود در آدرس /var/log/i2p را بینید. برای تلاش مجدد، دوباره به شبکه‌ی تور متصل شوید." - -#: config/chroot_local-includes/usr/local/sbin/tails-i2p:71 -msgid "I2P is ready" -msgstr "I2P آماده است." - -#: config/chroot_local-includes/usr/local/sbin/tails-i2p:72 -msgid "You can now access services on I2P." -msgstr "حالا شما می توانید به سرویس های روی I2P دسترسی داشته باشید." - #: ../config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop.in.h:1 msgid "Report an error" msgstr "یک خطا را گزارش کنید" @@ -379,14 +352,6 @@ msgstr "مستندات Tails" msgid "Learn how to use Tails" msgstr "آموزش نحوهٔ استفاده از Tails" -#: ../config/chroot_local-includes/usr/share/applications/i2p-browser.desktop.in.h:1 -msgid "Anonymous overlay network browser" -msgstr "مرورگر شبکه با کاربر ناشناس" - -#: ../config/chroot_local-includes/usr/share/applications/i2p-browser.desktop.in.h:2 -msgid "I2P Browser" -msgstr "مرورگر I2P " - #: ../config/chroot_local-includes/usr/share/applications/tails-about.desktop.in.h:2 msgid "Learn more about Tails" msgstr "اطلاعات بیشتر در مورد Tails را یاد بگیرید"

1 0

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 04 May '17

04 May '17

commit 5b50d367bc392dfdd94b27dc8176b3963940dccd Author: Translation commit bot <translation(a)torproject.org> Date: Thu May 4 10:16:12 2017 +0000 Update translations for tails-misc --- fa.po | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/fa.po b/fa.po index 53a5b9a..93de138 100644 --- a/fa.po +++ b/fa.po @@ -11,6 +11,7 @@ # Ehsan Ab <a.ehsan70(a)gmail.com>, 2015 # Farshad Gh <farshad73(a)gmail.com>, 2015 # NoProfile, 2014-2016 +# Goudarz Jafari <goudarz.jafari(a)gmail.com>, 2017 # johnholzer <johnholtzer123(a)gmail.com>, 2014 # jonothan hipkey <j.hipkey4502(a)gmail.com>, 2014 # M. Heydar Elahi <m.heydar.elahi(a)gmail.com>, 2014 @@ -20,9 +21,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2017-04-06 21:07+0200\n" -"PO-Revision-Date: 2017-04-07 10:06+0000\n" -"Last-Translator: carolyn <carolyn(a)anhalt.org>\n" +"POT-Creation-Date: 2017-04-18 12:55+0200\n" +"PO-Revision-Date: 2017-05-04 09:53+0000\n" +"Last-Translator: Goudarz Jafari <goudarz.jafari(a)gmail.com>\n" "Language-Team: Persian (http://www.transifex.com/otf/torproject/language/fa/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -110,11 +111,11 @@ msgstr "خاموش کردن رایانه" #: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59 msgid "Warning: Tails 3.0 won't work on this computer!" -msgstr "" +msgstr "هشدار Tails 3.0 روی این کامپیوتر کار نمی‌کند!" #: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60 msgid "Tails 3.0 will require a 64-bit processor." -msgstr "" +msgstr "Tails 3.0 نیاز به پردازنده 64-بیتی دارد." #: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63 #: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83

1 0

[snowflake/master] Golang implementation of standalone snowflake proxy
by dcf＠torproject.org 04 May '17

04 May '17

commit 4b5794c93580d9a48d7a52c9e8f7e50db73836a7 Author: yinghuocho <yinghuocho(a)gmail.com> Date: Mon Apr 24 16:16:02 2017 -0700 Golang implementation of standalone snowflake proxy --- proxy-go/snowflake.go | 326 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 326 insertions(+) diff --git a/proxy-go/snowflake.go b/proxy-go/snowflake.go new file mode 100644 index 0000000..c7ee24a --- /dev/null +++ b/proxy-go/snowflake.go @@ -0,0 +1,326 @@ +package main + +import ( + "bytes" + "encoding/base64" + "flag" + "fmt" + "io" + "io/ioutil" + "log" + "math/rand" + "net" + "net/http" + "net/url" + "strings" + "sync" + "time" + + "github.com/keroserene/go-webrtc" + "golang.org/x/net/websocket" +) + +type snowflakeOptions struct { + capacity int + broker string + brokerURL *url.URL + stun string + stunURL *url.URL + relay string + relayURL *url.URL +} + +const ( + sessionIDLength = 16 +) + +var ( + tokens chan bool + opt *snowflakeOptions + config *webrtc.Configuration + client http.Client +) + +type webRTCConn struct { + dc *webrtc.DataChannel + pc *webrtc.PeerConnection + pr *io.PipeReader +} + +func (c *webRTCConn) Read(b []byte) (int, error) { + return c.pr.Read(b) +} + +func (c *webRTCConn) Write(b []byte) (int, error) { + // log.Printf("webrtc Write %d %+q", len(b), string(b)) + log.Printf("Write %d bytes --> WebRTC", len(b)) + c.dc.Send(b) + return len(b), nil +} + +func (c *webRTCConn) Close() error { + return c.pc.Close() +} + +func (c *webRTCConn) LocalAddr() net.Addr { + return nil +} + +func (c *webRTCConn) RemoteAddr() net.Addr { + return nil +} + +func (c *webRTCConn) SetDeadline(t time.Time) error { + return fmt.Errorf("SetDeadline not implemented") +} + +func (c *webRTCConn) SetReadDeadline(t time.Time) error { + return fmt.Errorf("SetReadDeadline not implemented") +} + +func (c *webRTCConn) SetWriteDeadline(t time.Time) error { + return fmt.Errorf("SetWriteDeadline not implemented") +} + +func getToken() { + <-tokens +} + +func retToken() { + tokens <- true +} + +func genSessionID() string { + buf := make([]byte, sessionIDLength) + _, err := rand.Read(buf) + if err != nil { + panic(err.Error()) + } + return strings.TrimRight(base64.StdEncoding.EncodeToString(buf), "=") +} + +func pollOffer(sid string, broker *url.URL) *webrtc.SessionDescription { + broker.Path = "/proxy" + for { + req, _ := http.NewRequest("POST", broker.String(), bytes.NewBuffer([]byte(sid))) + req.Header.Set("X-Session-ID", sid) + resp, err := client.Do(req) + if err != nil { + log.Printf("error to poll broker: %s", err) + } else { + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + log.Printf("broker returns: %d", resp.StatusCode) + } else { + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + log.Printf("error to read broker responses: %s", err) + } else { + return webrtc.DeserializeSessionDescription(string(body)) + } + } + } + } +} + +func sendAnswer(sid string, broker *url.URL, pc *webrtc.PeerConnection) error { + broker.Path = "/answer" + body := bytes.NewBuffer([]byte(pc.LocalDescription().Serialize())) + req, _ := http.NewRequest("POST", broker.String(), body) + req.Header.Set("X-Session-ID", sid) + resp, err := client.Do(req) + if err != nil { + return err + } + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("broker returned %d", resp.StatusCode) + } + return nil +} + +type timeoutConn struct { + c net.Conn + t time.Duration +} + +func (tc timeoutConn) Read(buf []byte) (int, error) { + tc.c.SetDeadline(time.Now().Add(tc.t)) + return tc.c.Read(buf) +} + +func (tc timeoutConn) Write(buf []byte) (int, error) { + tc.c.SetDeadline(time.Now().Add(tc.t)) + return tc.c.Write(buf) +} + +func (tc timeoutConn) Close() error { + return tc.c.Close() +} + +func CopyLoopTimeout(c1 net.Conn, c2 net.Conn, timeout time.Duration) { + tc1 := timeoutConn{c: c1, t: timeout} + tc2 := timeoutConn{c: c2, t: timeout} + var wg sync.WaitGroup + copyer := func(dst io.ReadWriteCloser, src io.ReadWriteCloser) { + defer wg.Done() + io.Copy(dst, src) + dst.Close() + src.Close() + } + wg.Add(2) + go copyer(tc1, tc2) + go copyer(tc2, tc1) + wg.Wait() +} + +func datachannelHandler(conn *webRTCConn) { + defer conn.Close() + defer retToken() + + wsConn, err := websocket.Dial(opt.relay, "", opt.relay) + if err != nil { + log.Printf("error to dial relay: %s", err) + return + } + log.Printf("connected to relay") + defer wsConn.Close() + wsConn.PayloadType = websocket.BinaryFrame + CopyLoopTimeout(conn, wsConn, time.Minute) + log.Printf("datachannelHandler ends") +} + +// Create a PeerConnection from an SDP offer. Blocks until the gathering of ICE +// candidates is complete and the answer is available in LocalDescription. +// Installs an OnDataChannel callback that creates a webRTCConn and passes it to +// datachannelHandler. +func makePeerConnectionFromOffer(sdp *webrtc.SessionDescription, config *webrtc.Configuration) (*webrtc.PeerConnection, error) { + errChan := make(chan error) + answerChan := make(chan struct{}) + + pc, err := webrtc.NewPeerConnection(config) + if err != nil { + return nil, fmt.Errorf("accept: NewPeerConnection: %s", err) + } + pc.OnNegotiationNeeded = func() { + panic("OnNegotiationNeeded") + } + pc.OnIceComplete = func() { + answerChan <- struct{}{} + } + pc.OnDataChannel = func(dc *webrtc.DataChannel) { + log.Println("OnDataChannel") + + pr, pw := io.Pipe() + + dc.OnOpen = func() { + log.Println("OnOpen channel") + } + dc.OnClose = func() { + log.Println("OnClose channel") + pw.Close() + } + dc.OnMessage = func(msg []byte) { + log.Printf("OnMessage <--- %d bytes", len(msg)) + n, err := pw.Write(msg) + if err != nil { + pw.CloseWithError(err) + } + if n != len(msg) { + panic("short write") + } + } + conn := &webRTCConn{pc: pc, dc: dc, pr: pr} + go datachannelHandler(conn) + } + + err = pc.SetRemoteDescription(sdp) + if err != nil { + pc.Close() + return nil, fmt.Errorf("accept: SetRemoteDescription: %s", err) + } + log.Println("sdp offer successfully received.") + + go func() { + log.Println("Generating answer...") + answer, err := pc.CreateAnswer() // blocking + if err != nil { + errChan <- err + return + } + err = pc.SetLocalDescription(answer) + if err != nil { + errChan <- err + return + } + }() + + // Wait until answer is ready. + select { + case err = <-errChan: + pc.Close() + return nil, err + case _, ok := <-answerChan: + if !ok { + pc.Close() + return nil, fmt.Errorf("Failed gathering ICE candidates.") + } + } + return pc, nil +} + +func runSession(sid string) { + offer := pollOffer(sid, opt.brokerURL) + if offer == nil { + log.Printf("bad offer from broker") + retToken() + return + } + pc, err := makePeerConnectionFromOffer(offer, config) + if err != nil { + log.Printf("error to make WebRTC connection: %s", err) + retToken() + return + } + err = sendAnswer(sid, opt.brokerURL, pc) + if err != nil { + log.Printf("error to send answer to client through broker: %s", err) + pc.Close() + retToken() + return + } +} + +func main() { + opt = new(snowflakeOptions) + flag.IntVar(&opt.capacity, "capacity", 10, "maximum concurrent clients") + flag.StringVar(&opt.broker, "broker", "https://snowflake-reg.appspot.com/", "broker URL") + flag.StringVar(&opt.relay, "relay", "wss://snowflake.bamsoftware.com/", "websocket relay URL") + flag.StringVar(&opt.stun, "stun", "stun:stun.l.google.com:19302", "stun URL") + flag.Parse() + + var err error + opt.brokerURL, err = url.Parse(opt.broker) + if err != nil { + log.Fatalf("invalid broker url: %s", err) + } + opt.stunURL, err = url.Parse(opt.stun) + if err != nil { + log.Fatalf("invalid stun url: %s", err) + } + opt.relayURL, err = url.Parse(opt.relay) + if err != nil { + log.Fatalf("invalid relay url: %s", err) + } + + config = webrtc.NewConfiguration(webrtc.OptionIceServer(opt.stun)) + tokens = make(chan bool, opt.capacity) + for i := 0; i < opt.capacity; i++ { + tokens <- true + } + + for { + getToken() + sessionID := genSessionID() + runSession(sessionID) + } +}

1 0

[snowflake/master] Minimal README for proxy-go.
by dcf＠torproject.org 04 May '17

04 May '17

commit 62f50b29b26f6e9bd1e377b891d1918b71832be1 Author: David Fifield <david(a)bamsoftware.com> Date: Thu May 4 01:18:19 2017 -0700 Minimal README for proxy-go. --- README.md | 8 ++++++++ proxy-go/README.md | 3 +++ 2 files changed, 11 insertions(+) diff --git a/README.md b/README.md index 79d3e9e..6bc37e9 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,14 @@ abundance of ephemeral and short-lived (and special!) volunteer proxies... ### Appendix +##### -- Testing with Standalone Proxy -- + +``` +cd proxy-go +go build +./proxy-go +``` + ##### -- Testing Copy-Paste Via Browser Proxy -- Open a browser proxy, passing the `manual` parameter; e.g. diff --git a/proxy-go/README.md b/proxy-go/README.md new file mode 100644 index 0000000..264fc4f --- /dev/null +++ b/proxy-go/README.md @@ -0,0 +1,3 @@ +This is a standalone (not browser-based) version of the Snowflake proxy. + +Usage: ./proxy-go

1 0

[support-portal/master] Drop legal question
by colin＠torproject.org 04 May '17

04 May '17

commit cf84782a5f6b393b65df22237b78b9ab7a7f24ee Author: Colin Childs <colin(a)torproject.org> Date: Thu May 4 01:46:10 2017 -0500 Drop legal question --- plain/misc.txt | 3 --- 1 file changed, 3 deletions(-) diff --git a/plain/misc.txt b/plain/misc.txt index a536e63..38e35c3 100644 --- a/plain/misc.txt +++ b/plain/misc.txt @@ -5,9 +5,6 @@ Q. Can I use Tor with bittorrent? A. Using Tor with bittorrent is not recommended or supported. For further details, please see our blog post on the subject at https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea. -Q. Is using Tor illegal? [this question might be too broad to answer -- we don't know about every jurisdiction] -A. - Q. Why did you infect my computer with malware? (CryptoLocker) A. You have been infected with malware. The Tor Project did not create this malware.

1 0

[support-portal/master] Push tormessenger answers
by colin＠torproject.org 04 May '17

04 May '17

commit c004b4974cff99d3380b7ae3a75d1019bf32c274 Author: Colin Childs <colin(a)torproject.org> Date: Thu May 4 01:45:26 2017 -0500 Push tormessenger answers --- plain/tormessenger.txt | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/plain/tormessenger.txt b/plain/tormessenger.txt index 08eb10b..804489e 100644 --- a/plain/tormessenger.txt +++ b/plain/tormessenger.txt @@ -1,17 +1,21 @@ +** UNREVIEWED ** + Q. What is Tor Messenger? -A. +A.Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including XMPP, IRC, Twitter, and others; enables Off-the-Record (OTR) Messaging automatically; has an easy-to-use graphical user interface; and a secure automatic updater. + +See the introductory blog post(https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easi… for more information. Q. What platforms is Tor Messenger available on? -A. +A. Tor Messenger is currently available on Linux, Windows and OSX. Q. Where can I download Tor Messenger? -A. +A. While the Tor Messenger remains in beta, the latest downloads can be found on our wiki at https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger. Q. What is OTR? -A. +A. Off-the-Record (OTR) Messaging allows you to have private conversations over popular instant messaging protocols by providing Encryption, Authentication, Deniability and Forward Secrecy. For more details, please see https://otr.cypherpunks.ca/. Q. Which protocols does Tor Messenger support? -A. +A. Q. When will Tor Messenger be out of beta? A.

1 0

[support-portal/master] Push more torbrowserfaq answers
by colin＠torproject.org 04 May '17

04 May '17

commit 675bac841c93157ef0c418e25e7a35ea44da5fae Author: Colin Childs <colin(a)torproject.org> Date: Thu May 4 01:36:36 2017 -0500 Push more torbrowserfaq answers --- plain/torbrowserfaq.txt | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/plain/torbrowserfaq.txt b/plain/torbrowserfaq.txt index e043479..088a353 100644 --- a/plain/torbrowserfaq.txt +++ b/plain/torbrowserfaq.txt @@ -168,10 +168,10 @@ A. If you cannot reach the onion service you require, make sure that you have en You can also ensure that you're able to access other onion services by connecting to DuckDuckGo's Onion Service (http://3g2upl4pq6kufc4m.onion/) Q. Which platforms is Tor Browser available on? -A. +A. The Tor Browser is currently available on Windows, Linux and OSX. Q. Can I set the Tor Browser as my default browser? -A. +A. There is currently no supported method for setting the Tor Browser as your default browser. Q. Does the Tor Browser use a different circuit for each website? A. @@ -183,11 +183,16 @@ Q. Why do all of my circuits start with the same relay? A. Q. Does running the Tor Browser make me a relay? -A. +A. Running the Tor Browser does not make you act as a relay in the network. This means that your computer will not be used to route traffic for others. Q. Why does the Tor Browser ship with javascript enabled? -A. +A. We configure NoScript to allow JavaScript by default in Tor Browser because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if a website they want to use requires JavaScript, because they would not know how to allow a website to use JavaScript (or that enabling JavaScript might make a website work). + +There's a tradeoff here. On the one hand, we should leave JavaScript enabled by default so websites work the way users expect. On the other hand, we should disable JavaScript by default to better protect against browser vulnerabilities ( not just a theoretical concern!). But there's a third issue: websites can easily determine whether you have allowed JavaScript for them, and if you disable JavaScript by default but then allow a few websites to run scripts (the way most people use NoScript), then your choice of whitelisted websites acts as a sort of cookie that makes you recognizable (and distinguishable), thus harming your anonymity. + +Ultimately, we want the default Tor bundles to use a combination of firewalls (like the iptables rules in Tails) and sandboxes to make JavaScript not so scary. In the shorter term, TBB 3.0 will hopefully allow users to choose their JavaScript settings more easily — but the partitioning concern will remain. + +Until we get there, feel free to leave JavaScript on or off depending on your security, anonymity, and usability priorities. Q. Will my network admin be able to tell im using the Tor Browser? A. -

1 0