March 2018 - tor-commits - lists.torproject.org

[tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3
by nickm＠torproject.org 27 Mar '18

27 Mar '18

commit d5580d9a2778ac399aa6db44ad602cf02e7c1dbe Merge: 1f3e0f157 46c2b0ca2 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 07:05:15 2018 -0400 Merge branch 'maint-0.3.3' into release-0.3.3 changes/bug25213 | 5 +++++ src/or/circuitbuild.c | 14 ++++++++++++-- src/test/test_hs_service.c | 4 ++++ 3 files changed, 21 insertions(+), 2 deletions(-)

1 0

[tor/master] Merge branch 'bug25213_033' into maint-0.3.3
by nickm＠torproject.org 27 Mar '18

27 Mar '18

commit 46c2b0ca228d2d95666f28d4e42411dce0a59e15 Merge: 841ed9dbb 969a38a37 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 07:04:33 2018 -0400 Merge branch 'bug25213_033' into maint-0.3.3 changes/bug25213 | 5 +++++ src/or/circuitbuild.c | 14 ++++++++++++-- src/test/test_hs_service.c | 4 ++++ 3 files changed, 21 insertions(+), 2 deletions(-)

1 0

[tor/release-0.3.3] Fix a unit test which was broken by the previous commit
by nickm＠torproject.org 27 Mar '18

27 Mar '18

commit 969a38a375f4e71fcb27bb24e36047824d0f3cc9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 26 09:57:39 2018 -0400 Fix a unit test which was broken by the previous commit This test was expecting Tor to find and use routerinfos, but hadn't cleared the UseMicrodescriptors flag. Part of the fix for 25213. --- src/test/test_hs_service.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index d62fcc8ca..2e5280610 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -1237,6 +1237,10 @@ test_build_update_descriptors(void *arg) node->is_running = node->is_valid = node->is_fast = node->is_stable = 1; } + /* We have to set thise, or the lack of microdescriptors for these + * nodes will make them unusable. */ + get_options_mutable()->UseMicrodescriptors = 0; + /* We expect to pick only one intro point from the node above. */ setup_full_capture_of_logs(LOG_INFO); update_all_descriptors(now);

1 0

[tor/release-0.3.3] Merge branch 'bug25213_033' into maint-0.3.3
by nickm＠torproject.org 27 Mar '18

27 Mar '18

commit 46c2b0ca228d2d95666f28d4e42411dce0a59e15 Merge: 841ed9dbb 969a38a37 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 27 07:04:33 2018 -0400 Merge branch 'bug25213_033' into maint-0.3.3 changes/bug25213 | 5 +++++ src/or/circuitbuild.c | 14 ++++++++++++-- src/test/test_hs_service.c | 4 ++++ 3 files changed, 21 insertions(+), 2 deletions(-)

1 0

[metrics-lib/master] Use timeout of one minute for fetching index.
by karsten＠torproject.org 27 Mar '18

27 Mar '18

commit 56c906f4a0d8ddbc3dd5cab08e3ea548384bbd10 Author: iwakeh <iwakeh(a)torproject.org> Date: Mon Mar 19 10:58:38 2018 +0000 Use timeout of one minute for fetching index. This is set for connect as well as read and can be overridden by system properties sun.net.client.default<Connect|Read>Timeout. Implements task-24290. --- .../java/org/torproject/descriptor/index/IndexNode.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/torproject/descriptor/index/IndexNode.java b/src/main/java/org/torproject/descriptor/index/IndexNode.java index 4c4c884..19a5aa4 100644 --- a/src/main/java/org/torproject/descriptor/index/IndexNode.java +++ b/src/main/java/org/torproject/descriptor/index/IndexNode.java @@ -19,6 +19,7 @@ import java.io.InputStreamReader; import java.io.OutputStream; import java.io.Reader; import java.net.URL; +import java.net.URLConnection; import java.nio.file.Files; import java.nio.file.Path; import java.util.SortedMap; @@ -37,6 +38,12 @@ public class IndexNode { private static Logger log = LoggerFactory.getLogger(IndexNode.class); + private static final int READ_TIMEOUT = Integer.parseInt(System + .getProperty("sun.net.client.defaultReadTimeout", "60000")); + + private static final int CONNECT_TIMEOUT = Integer.parseInt(System + .getProperty("sun.net.client.defaultConnectTimeout", "60000")); + /** An empty node, which is not added to JSON output. */ public static final IndexNode emptyNode = new IndexNode("", "", new TreeSet<FileNode>(), new TreeSet<DirectoryNode>()); @@ -97,8 +104,12 @@ public class IndexNode { public static IndexNode fetchIndex(String urlString) throws Exception { String ending = urlString.substring(urlString.lastIndexOf(".") + 1).toUpperCase(); + URLConnection connection = (new URL(urlString)).openConnection(); + connection.setReadTimeout(READ_TIMEOUT); + connection.setConnectTimeout(CONNECT_TIMEOUT); + connection.connect(); try (InputStream is = FileType.valueOf(ending) - .inputStream(new URL(urlString).openStream())) { + .inputStream(connection.getInputStream())) { return fetchIndex(is); } }

1 0

[metrics-lib/master] Add change log entry for #24290.
by karsten＠torproject.org 27 Mar '18

27 Mar '18

commit f826234e8064014487d871838e8074e83a142e42 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Tue Mar 27 09:25:35 2018 +0200 Add change log entry for #24290. --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8576e3..58235e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ * Minor changes. - Override logLines() method from LogDescriptor in WebServerAccessLog. + - Use 1-minute connect and read timeouts for fetching CollecTor's + index.json. # Changes in version 2.2.0 - 2018-02-26

1 0

[tor-browser/tor-browser-52.7.3esr-8.0-1] Revert "Orfox: Fix #1 - Improve build instructions"
by gk＠torproject.org 27 Mar '18

27 Mar '18

commit cc4c7e19e9474e423aebbc00be898824f27d496a Author: Georg Koppen <gk(a)torproject.org> Date: Tue Mar 27 06:25:17 2018 +0000 Revert "Orfox: Fix #1 - Improve build instructions" This reverts commit c981d290167b8547789849194ed12dd763f1f892. --- README.md | 20 -------------------- README.txt | 27 +++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md deleted file mode 100644 index 8cf5ca26625a..000000000000 --- a/README.md +++ /dev/null @@ -1,20 +0,0 @@ -## ORFOX BUILD STEPS: - -1) Move .mozconfig-android to .mozconfig OR run: -``` -export MOZCONFIG="tor-browser/.mozconfig-android" -``` -2) Checks if the all requirements for the build are fine with: -``` -./mach configure -``` -3) Builds the repo with: -``` -./mach build -``` -4) Creates the apk in tor-browser/MOZ_OBJDIR/dist/fennec-38.0.en-US.android-arm.apk -``` -./mach package -``` -### Note: this does not ship the addons, that is managed in a different repo: https://github.com/amoghbl1/orfox-addons. -### Steps to include these addons can be figured out looking at the jenkins script at https://github.com/amoghbl1/Orfox/blob/master/jenkins-build diff --git a/README.txt b/README.txt new file mode 100644 index 000000000000..658c0dce3174 --- /dev/null +++ b/README.txt @@ -0,0 +1,27 @@ +An explanation of the Mozilla Source Code Directory Structure and links to +project pages with documentation can be found at: + + https://developer.mozilla.org/en/Mozilla_Source_Code_Directory_Structure + +For information on how to build Mozilla from the source code, see: + + http://developer.mozilla.org/en/docs/Build_Documentation + +To have your bug fix / feature added to Mozilla, you should create a patch and +submit it to Bugzilla (https://bugzilla.mozilla.org) Instructions are at: + + http://developer.mozilla.org/en/docs/Creating_a_patch + http://developer.mozilla.org/en/docs/Getting_your_patch_in_the_tree + +If you have a question about developing Mozilla, and can't find the solution +on http://developer.mozilla.org, you can try asking your question in a +mozilla.* Usenet group, or on IRC at irc.mozilla.org. [The Mozilla news groups +are accessible on Google Groups, or news.mozilla.org with a NNTP reader.] + +You can download nightly development builds from the Mozilla FTP server. +Keep in mind that nightly builds, which are used by Mozilla developers for +testing, may be buggy. Firefox nightlies, for example, can be found at: + + https://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central/ + - or - + http://nightly.mozilla.org/

1 0

[translation/tails-greeter-2_completed] Update translations for tails-greeter-2_completed
by translation＠torproject.org 27 Mar '18

27 Mar '18

commit c6e5ed78f359853035d9161be596db05edc8c907 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Mar 27 00:19:54 2018 +0000 Update translations for tails-greeter-2_completed --- ru/ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/ru.po b/ru/ru.po index b87ab6c49..b18cf06a3 100644 --- a/ru/ru.po +++ b/ru/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-01-22 14:15+0100\n" +"POT-Creation-Date: 2018-03-01 20:26+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: Yanis Voloshin <y(a)7i4.ru>, 2018\n" "Language-Team: Russian (https://www.transifex.com/otf/teams/1519/ru/)\n"

1 0

[translation/tails-greeter-2] Update translations for tails-greeter-2
by translation＠torproject.org 27 Mar '18

27 Mar '18

commit df0783bbdae477359ed8c77b74c47a99b69f7602 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Mar 27 00:19:49 2018 +0000 Update translations for tails-greeter-2 --- ru/ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/ru.po b/ru/ru.po index b87ab6c49..b18cf06a3 100644 --- a/ru/ru.po +++ b/ru/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-01-22 14:15+0100\n" +"POT-Creation-Date: 2018-03-01 20:26+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: Yanis Voloshin <y(a)7i4.ru>, 2018\n" "Language-Team: Russian (https://www.transifex.com/otf/teams/1519/ru/)\n"

1 0

[tor/master] Merge branch 'bug24658-rm-curve25519-header' into bug24658-merge
by nickm＠torproject.org 27 Mar '18

27 Mar '18

commit 0eed0899cdeadd84dc5323f8ca0a3a13cd3779de Merge: d96dc2060 7759ac8df Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 26 19:52:58 2018 -0400 Merge branch 'bug24658-rm-curve25519-header' into bug24658-merge src/common/container.c | 2 +- src/common/crypto.c | 803 +--------------------------- src/common/crypto.h | 129 ----- src/common/crypto_curve25519.c | 1 + src/common/crypto_curve25519.h | 1 + src/common/crypto_digest.c | 569 ++++++++++++++++++++ src/common/crypto_digest.h | 136 +++++ src/common/crypto_ed25519.c | 1 + src/common/crypto_format.c | 1 + src/common/crypto_pwbox.c | 1 + src/common/crypto_rsa.c | 260 ++++++++- src/common/crypto_rsa.h | 17 +- src/common/crypto_s2k.c | 1 + src/common/include.am | 2 + src/common/tortls.c | 2 +- src/common/tortls.h | 2 +- src/common/util.c | 2 +- src/ext/ed25519/donna/ed25519-hash-custom.h | 2 +- src/ext/ed25519/ref10/crypto_hash_sha512.h | 2 +- src/or/keypin.c | 2 +- src/or/onion_ntor.c | 1 + src/test/test_hs_descriptor.c | 1 + src/tools/tor-gencert.c | 1 + 23 files changed, 999 insertions(+), 940 deletions(-) diff --cc src/common/crypto_digest.c index 000000000,417789341..cdcc1828c mode 000000,100644..100644 --- a/src/common/crypto_digest.c +++ b/src/common/crypto_digest.c @@@ -1,0 -1,546 +1,569 @@@ + /* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2017, The Tor Project, Inc. */ + /* See LICENSE for licensing information */ + + /** + * \file crypto_digest.c + * \brief Block of functions related with digest and xof utilities and + * operations. + **/ + + #include "crypto_digest.h" + + #include "crypto.h" /* common functions */ + #include "crypto_openssl_mgt.h" + + DISABLE_GCC_WARNING(redundant-decls) + + #include <openssl/hmac.h> + #include <openssl/sha.h> + + ENABLE_GCC_WARNING(redundant-decls) + + #include "container.h" + + /* Crypto digest functions */ + + /** Compute the SHA1 digest of the len bytes on data stored in + * m. Write the DIGEST_LEN byte result into digest. + * Return 0 on success, -1 on failure. + */ + int + crypto_digest(char *digest, const char *m, size_t len) + { + tor_assert(m); + tor_assert(digest); + if (SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL) + return -1; + return 0; + } + + /** Compute a 256-bit digest of len bytes in data stored in m, + * using the algorithm algorithm. Write the DIGEST_LEN256-byte result + * into digest. Return 0 on success, -1 on failure. */ + int + crypto_digest256(char *digest, const char *m, size_t len, + digest_algorithm_t algorithm) + { + tor_assert(m); + tor_assert(digest); + tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256); + + int ret = 0; + if (algorithm == DIGEST_SHA256) + ret = (SHA256((const uint8_t*)m,len,(uint8_t*)digest) != NULL); + else + ret = (sha3_256((uint8_t *)digest, DIGEST256_LEN,(const uint8_t *)m, len) + > -1); + + if (!ret) + return -1; + return 0; + } + + /** Compute a 512-bit digest of len bytes in data stored in m, + * using the algorithm algorithm. Write the DIGEST_LEN512-byte result + * into digest. Return 0 on success, -1 on failure. */ + int + crypto_digest512(char *digest, const char *m, size_t len, + digest_algorithm_t algorithm) + { + tor_assert(m); + tor_assert(digest); + tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512); + + int ret = 0; + if (algorithm == DIGEST_SHA512) + ret = (SHA512((const unsigned char*)m,len,(unsigned char*)digest) + != NULL); + else + ret = (sha3_512((uint8_t*)digest, DIGEST512_LEN, (const uint8_t*)m, len) + > -1); + + if (!ret) + return -1; + return 0; + } + + /** Set the common_digests_t in ds_out to contain every digest on the + * len bytes in m that we know how to compute. Return 0 on + * success, -1 on failure. */ + int + crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len) + { + tor_assert(ds_out); + memset(ds_out, 0, sizeof(*ds_out)); + if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0) + return -1; + if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0) + return -1; + + return 0; + } + + /** Return the name of an algorithm, as used in directory documents. */ + const char * + crypto_digest_algorithm_get_name(digest_algorithm_t alg) + { + switch (alg) { + case DIGEST_SHA1: + return "sha1"; + case DIGEST_SHA256: + return "sha256"; + case DIGEST_SHA512: + return "sha512"; + case DIGEST_SHA3_256: + return "sha3-256"; + case DIGEST_SHA3_512: + return "sha3-512"; + // LCOV_EXCL_START + default: + tor_fragile_assert(); + return "??unknown_digest??"; + // LCOV_EXCL_STOP + } + } + + /** Given the name of a digest algorithm, return its integer value, or -1 if + * the name is not recognized. */ + int + crypto_digest_algorithm_parse_name(const char *name) + { + if (!strcmp(name, "sha1")) + return DIGEST_SHA1; + else if (!strcmp(name, "sha256")) + return DIGEST_SHA256; + else if (!strcmp(name, "sha512")) + return DIGEST_SHA512; + else if (!strcmp(name, "sha3-256")) + return DIGEST_SHA3_256; + else if (!strcmp(name, "sha3-512")) + return DIGEST_SHA3_512; + else + return -1; + } + + /** Given an algorithm, return the digest length in bytes. */ + size_t + crypto_digest_algorithm_get_length(digest_algorithm_t alg) + { + switch (alg) { + case DIGEST_SHA1: + return DIGEST_LEN; + case DIGEST_SHA256: + return DIGEST256_LEN; + case DIGEST_SHA512: + return DIGEST512_LEN; + case DIGEST_SHA3_256: + return DIGEST256_LEN; + case DIGEST_SHA3_512: + return DIGEST512_LEN; + default: + tor_assert(0); // LCOV_EXCL_LINE + return 0; /* Unreachable */ // LCOV_EXCL_LINE + } + } + + /** Intermediate information about the digest of a stream of data. */ + struct crypto_digest_t { + digest_algorithm_t algorithm; /**< Which algorithm is in use? */ + /** State for the digest we're using. Only one member of the + * union is usable, depending on the value of algorithm. Note also + * that space for other members might not even be allocated! + */ + union { + SHA_CTX sha1; /**< state for SHA1 */ + SHA256_CTX sha2; /**< state for SHA256 */ + SHA512_CTX sha512; /**< state for SHA512 */ + keccak_state sha3; /**< state for SHA3-[256,512] */ + } d; + }; + + #ifdef TOR_UNIT_TESTS + + digest_algorithm_t + crypto_digest_get_algorithm(crypto_digest_t *digest) + { + tor_assert(digest); + + return digest->algorithm; + } + + #endif /* defined(TOR_UNIT_TESTS) */ + + /** + * Return the number of bytes we need to malloc in order to get a + * crypto_digest_t for alg, or the number of bytes we need to wipe + * when we free one. + */ + static size_t + crypto_digest_alloc_bytes(digest_algorithm_t alg) + { + /* Helper: returns the number of bytes in the 'f' field of 'st' */ + #define STRUCT_FIELD_SIZE(st, f) (sizeof( ((st*)0)->f )) + /* Gives the length of crypto_digest_t through the end of the field 'd' */ + #define END_OF_FIELD(f) (offsetof(crypto_digest_t, f) + \ + STRUCT_FIELD_SIZE(crypto_digest_t, f)) + switch (alg) { + case DIGEST_SHA1: + return END_OF_FIELD(d.sha1); + case DIGEST_SHA256: + return END_OF_FIELD(d.sha2); + case DIGEST_SHA512: + return END_OF_FIELD(d.sha512); + case DIGEST_SHA3_256: + case DIGEST_SHA3_512: + return END_OF_FIELD(d.sha3); + default: + tor_assert(0); // LCOV_EXCL_LINE + return 0; // LCOV_EXCL_LINE + } + #undef END_OF_FIELD + #undef STRUCT_FIELD_SIZE + } + + /** + * Internal function: create and return a new digest object for 'algorithm'. + * Does not typecheck the algorithm. + */ + static crypto_digest_t * + crypto_digest_new_internal(digest_algorithm_t algorithm) + { + crypto_digest_t *r = tor_malloc(crypto_digest_alloc_bytes(algorithm)); + r->algorithm = algorithm; + + switch (algorithm) + { + case DIGEST_SHA1: + SHA1_Init(&r->d.sha1); + break; + case DIGEST_SHA256: + SHA256_Init(&r->d.sha2); + break; + case DIGEST_SHA512: + SHA512_Init(&r->d.sha512); + break; + case DIGEST_SHA3_256: + keccak_digest_init(&r->d.sha3, 256); + break; + case DIGEST_SHA3_512: + keccak_digest_init(&r->d.sha3, 512); + break; + default: + tor_assert_unreached(); + } + + return r; + } + + /** Allocate and return a new digest object to compute SHA1 digests. + */ + crypto_digest_t * + crypto_digest_new(void) + { + return crypto_digest_new_internal(DIGEST_SHA1); + } + + /** Allocate and return a new digest object to compute 256-bit digests + * using algorithm. */ + crypto_digest_t * + crypto_digest256_new(digest_algorithm_t algorithm) + { + tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256); + return crypto_digest_new_internal(algorithm); + } + + /** Allocate and return a new digest object to compute 512-bit digests + * using algorithm. */ + crypto_digest_t * + crypto_digest512_new(digest_algorithm_t algorithm) + { + tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512); + return crypto_digest_new_internal(algorithm); + } + + /** Deallocate a digest object. + */ + void + crypto_digest_free_(crypto_digest_t *digest) + { + if (!digest) + return; + size_t bytes = crypto_digest_alloc_bytes(digest->algorithm); + memwipe(digest, 0, bytes); + tor_free(digest); + } + + /** Add len bytes from data to the digest object. + */ + void + crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, + size_t len) + { + tor_assert(digest); + tor_assert(data); + /* Using the SHA*_*() calls directly means we don't support doing + * SHA in hardware. But so far the delay of getting the question + * to the hardware, and hearing the answer, is likely higher than + * just doing it ourselves. Hashes are fast. + */ + switch (digest->algorithm) { + case DIGEST_SHA1: + SHA1_Update(&digest->d.sha1, (void*)data, len); + break; + case DIGEST_SHA256: + SHA256_Update(&digest->d.sha2, (void*)data, len); + break; + case DIGEST_SHA512: + SHA512_Update(&digest->d.sha512, (void*)data, len); + break; + case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_512: + keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len); + break; + default: + /* LCOV_EXCL_START */ + tor_fragile_assert(); + break; + /* LCOV_EXCL_STOP */ + } + } + + /** Compute the hash of the data that has been passed to the digest + * object; write the first out_len bytes of the result to out. + * out_len must be \<= DIGEST512_LEN. + */ + void + crypto_digest_get_digest(crypto_digest_t *digest, + char *out, size_t out_len) + { + unsigned char r[DIGEST512_LEN]; + crypto_digest_t tmpenv; + tor_assert(digest); + tor_assert(out); + tor_assert(out_len <= crypto_digest_algorithm_get_length(digest->algorithm)); + + /* The SHA-3 code handles copying into a temporary ctx, and also can handle + * short output buffers by truncating appropriately. */ + if (digest->algorithm == DIGEST_SHA3_256 || + digest->algorithm == DIGEST_SHA3_512) { + keccak_digest_sum(&digest->d.sha3, (uint8_t *)out, out_len); + return; + } + + const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm); + /* memcpy into a temporary ctx, since SHA*_Final clears the context */ + memcpy(&tmpenv, digest, alloc_bytes); + switch (digest->algorithm) { + case DIGEST_SHA1: + SHA1_Final(r, &tmpenv.d.sha1); + break; + case DIGEST_SHA256: + SHA256_Final(r, &tmpenv.d.sha2); + break; + case DIGEST_SHA512: + SHA512_Final(r, &tmpenv.d.sha512); + break; + //LCOV_EXCL_START + case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_512: + default: + log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm); + /* This is fatal, because it should never happen. */ + tor_assert_unreached(); + break; + //LCOV_EXCL_STOP + } + memcpy(out, r, out_len); + memwipe(r, 0, sizeof(r)); + } + + /** Allocate and return a new digest object with the same state as + * digest + */ + crypto_digest_t * + crypto_digest_dup(const crypto_digest_t *digest) + { + tor_assert(digest); + const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm); + return tor_memdup(digest, alloc_bytes); + } + ++/** Temporarily save the state of digest in checkpoint. ++ * Asserts that digest is a SHA1 digest object. ++ */ ++void ++crypto_digest_checkpoint(crypto_digest_checkpoint_t *checkpoint, ++ const crypto_digest_t *digest) ++{ ++ const size_t bytes = crypto_digest_alloc_bytes(digest->algorithm); ++ tor_assert(bytes <= sizeof(checkpoint->mem)); ++ memcpy(checkpoint->mem, digest, bytes); ++} ++ ++/** Restore the state of digest from checkpoint. ++ * Asserts that digest is a SHA1 digest object. Requires that the ++ * state was previously stored with crypto_digest_checkpoint() */ ++void ++crypto_digest_restore(crypto_digest_t *digest, ++ const crypto_digest_checkpoint_t *checkpoint) ++{ ++ const size_t bytes = crypto_digest_alloc_bytes(digest->algorithm); ++ memcpy(digest, checkpoint->mem, bytes); ++} ++ + /** Replace the state of the digest object into with the state + * of the digest object from. Requires that 'into' and 'from' + * have the same digest type. + */ + void + crypto_digest_assign(crypto_digest_t *into, + const crypto_digest_t *from) + { + tor_assert(into); + tor_assert(from); + tor_assert(into->algorithm == from->algorithm); + const size_t alloc_bytes = crypto_digest_alloc_bytes(from->algorithm); + memcpy(into,from,alloc_bytes); + } + + /** Given a list of strings in lst, set the len_out-byte digest + * at digest_out to the hash of the concatenation of those strings, + * plus the optional string append, computed with the algorithm + * alg. + * out_len must be \<= DIGEST512_LEN. */ + void + crypto_digest_smartlist(char *digest_out, size_t len_out, + const smartlist_t *lst, + const char *append, + digest_algorithm_t alg) + { + crypto_digest_smartlist_prefix(digest_out, len_out, NULL, lst, append, alg); + } + + /** Given a list of strings in lst, set the len_out-byte digest + * at digest_out to the hash of the concatenation of: the + * optional string prepend, those strings, + * and the optional string append, computed with the algorithm + * alg. + * len_out must be \<= DIGEST512_LEN. */ + void + crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, + const char *prepend, + const smartlist_t *lst, + const char *append, + digest_algorithm_t alg) + { + crypto_digest_t *d = crypto_digest_new_internal(alg); + if (prepend) + crypto_digest_add_bytes(d, prepend, strlen(prepend)); + SMARTLIST_FOREACH(lst, const char *, cp, + crypto_digest_add_bytes(d, cp, strlen(cp))); + if (append) + crypto_digest_add_bytes(d, append, strlen(append)); + crypto_digest_get_digest(d, digest_out, len_out); + crypto_digest_free(d); + } + + /** Compute the HMAC-SHA-256 of the msg_len bytes in msg, using + * the key of length key_len. Store the DIGEST256_LEN-byte + * result in hmac_out. Asserts on failure. + */ + void + crypto_hmac_sha256(char *hmac_out, + const char *key, size_t key_len, + const char *msg, size_t msg_len) + { + unsigned char *rv = NULL; + /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */ + tor_assert(key_len < INT_MAX); + tor_assert(msg_len < INT_MAX); + tor_assert(hmac_out); + rv = HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len, + (unsigned char*)hmac_out, NULL); + tor_assert(rv); + } + + /** Compute a MAC using SHA3-256 of msg_len bytes in msg using a + * key of length key_len and a salt of length + * salt_len. Store the result of len_out bytes in in + * mac_out. This function can't fail. */ + void + crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out, + const uint8_t *key, size_t key_len, + const uint8_t *msg, size_t msg_len) + { + crypto_digest_t *digest; + + const uint64_t key_len_netorder = tor_htonll(key_len); + + tor_assert(mac_out); + tor_assert(key); + tor_assert(msg); + + digest = crypto_digest256_new(DIGEST_SHA3_256); + + /* Order matters here that is any subsystem using this function should + * expect this very precise ordering in the MAC construction. */ + crypto_digest_add_bytes(digest, (const char *) &key_len_netorder, + sizeof(key_len_netorder)); + crypto_digest_add_bytes(digest, (const char *) key, key_len); + crypto_digest_add_bytes(digest, (const char *) msg, msg_len); + crypto_digest_get_digest(digest, (char *) mac_out, len_out); + crypto_digest_free(digest); + } + + /* xof functions */ + + /** Internal state for a eXtendable-Output Function (XOF). */ + struct crypto_xof_t { + keccak_state s; + }; + + /** Allocate a new XOF object backed by SHAKE-256. The security level + * provided is a function of the length of the output used. Read and + * understand FIPS-202 A.2 "Additional Consideration for Extendable-Output + * Functions" before using this construct. + */ + crypto_xof_t * + crypto_xof_new(void) + { + crypto_xof_t *xof; + xof = tor_malloc(sizeof(crypto_xof_t)); + keccak_xof_init(&xof->s, 256); + return xof; + } + + /** Absorb bytes into a XOF object. Must not be called after a call to + * crypto_xof_squeeze_bytes() for the same instance, and will assert + * if attempted. + */ + void + crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len) + { + int i = keccak_xof_absorb(&xof->s, data, len); + tor_assert(i == 0); + } + + /** Squeeze bytes out of a XOF object. Calling this routine will render + * the XOF instance ineligible to absorb further data. + */ + void + crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len) + { + int i = keccak_xof_squeeze(&xof->s, out, len); + tor_assert(i == 0); + } + + /** Cleanse and deallocate a XOF object. */ + void + crypto_xof_free_(crypto_xof_t *xof) + { + if (!xof) + return; + memwipe(xof, 0, sizeof(crypto_xof_t)); + tor_free(xof); + } + diff --cc src/common/crypto_digest.h index 000000000,f8cd44a03..3bd74acdf mode 000000,100644..100644 --- a/src/common/crypto_digest.h +++ b/src/common/crypto_digest.h @@@ -1,0 -1,125 +1,136 @@@ + /* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2017, The Tor Project, Inc. */ + /* See LICENSE for licensing information */ + + /** + * \file crypto_digest.h + * + * \brief Headers for crypto_digest.c + **/ + + #ifndef TOR_CRYPTO_DIGEST_H + #define TOR_CRYPTO_DIGEST_H + + #include <stdio.h> + + #include "container.h" + #include "torint.h" + + /** Length of the output of our message digest. */ + #define DIGEST_LEN 20 + /** Length of the output of our second (improved) message digests. (For now + * this is just sha256, but it could be any other 256-bit digest.) */ + #define DIGEST256_LEN 32 + /** Length of the output of our 64-bit optimized message digests (SHA512). */ + #define DIGEST512_LEN 64 + + /** Length of a sha1 message digest when encoded in base32 with trailing = + * signs removed. */ + #define BASE32_DIGEST_LEN 32 + /** Length of a sha1 message digest when encoded in base64 with trailing = + * signs removed. */ + #define BASE64_DIGEST_LEN 27 + /** Length of a sha256 message digest when encoded in base64 with trailing = + * signs removed. */ + #define BASE64_DIGEST256_LEN 43 + /** Length of a sha512 message digest when encoded in base64 with trailing = + * signs removed. */ + #define BASE64_DIGEST512_LEN 86 + + /** Length of hex encoding of SHA1 digest, not including final NUL. */ + #define HEX_DIGEST_LEN 40 + /** Length of hex encoding of SHA256 digest, not including final NUL. */ + #define HEX_DIGEST256_LEN 64 + /** Length of hex encoding of SHA512 digest, not including final NUL. */ + #define HEX_DIGEST512_LEN 128 + + typedef enum { + DIGEST_SHA1 = 0, + DIGEST_SHA256 = 1, + DIGEST_SHA512 = 2, + DIGEST_SHA3_256 = 3, + DIGEST_SHA3_512 = 4, + } digest_algorithm_t; + #define N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1) + #define N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1) + ++#define DIGEST_CHECKPOINT_BYTES (SIZEOF_VOID_P + 512) ++/** Structure used to temporarily save the a digest object. Only implemented ++ * for SHA1 digest for now. */ ++typedef struct crypto_digest_checkpoint_t { ++ uint8_t mem[DIGEST_CHECKPOINT_BYTES]; ++} crypto_digest_checkpoint_t; ++ + /** A set of all the digests we commonly compute, taken on a single + * string. Any digests that are shorter than 512 bits are right-padded + * with 0 bits. + * + * Note that this representation wastes 44 bytes for the SHA1 case, so + * don't use it for anything where we need to allocate a whole bunch at + * once. + **/ + typedef struct { + char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]; + } common_digests_t; + + typedef struct crypto_digest_t crypto_digest_t; + typedef struct crypto_xof_t crypto_xof_t; + + /* SHA-1 and other digests */ + int crypto_digest(char *digest, const char *m, size_t len); + int crypto_digest256(char *digest, const char *m, size_t len, + digest_algorithm_t algorithm); + int crypto_digest512(char *digest, const char *m, size_t len, + digest_algorithm_t algorithm); + int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len); + void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, + const char *prepend, + const struct smartlist_t *lst, + const char *append, + digest_algorithm_t alg); + void crypto_digest_smartlist(char *digest_out, size_t len_out, + const struct smartlist_t *lst, const char *append, + digest_algorithm_t alg); + const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg); + size_t crypto_digest_algorithm_get_length(digest_algorithm_t alg); + int crypto_digest_algorithm_parse_name(const char *name); + crypto_digest_t *crypto_digest_new(void); + crypto_digest_t *crypto_digest256_new(digest_algorithm_t algorithm); + crypto_digest_t *crypto_digest512_new(digest_algorithm_t algorithm); + void crypto_digest_free_(crypto_digest_t *digest); + #define crypto_digest_free(d) \ + FREE_AND_NULL(crypto_digest_t, crypto_digest_free_, (d)) + void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, + size_t len); + void crypto_digest_get_digest(crypto_digest_t *digest, + char *out, size_t out_len); + crypto_digest_t *crypto_digest_dup(const crypto_digest_t *digest); ++void crypto_digest_checkpoint(crypto_digest_checkpoint_t *checkpoint, ++ const crypto_digest_t *digest); ++void crypto_digest_restore(crypto_digest_t *digest, ++ const crypto_digest_checkpoint_t *checkpoint); + void crypto_digest_assign(crypto_digest_t *into, + const crypto_digest_t *from); + void crypto_hmac_sha256(char *hmac_out, + const char *key, size_t key_len, + const char *msg, size_t msg_len); + void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out, + const uint8_t *key, size_t key_len, + const uint8_t *msg, size_t msg_len); + + /* xof functions*/ + crypto_xof_t *crypto_xof_new(void); + void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len); + void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len); + void crypto_xof_free_(crypto_xof_t *xof); + #define crypto_xof_free(xof) \ + FREE_AND_NULL(crypto_xof_t, crypto_xof_free_, (xof)) + + #ifdef TOR_UNIT_TESTS + digest_algorithm_t crypto_digest_get_algorithm(crypto_digest_t *digest); + #endif + + #endif /* !defined(TOR_CRYPTO_DIGEST_H) */ +

1 0